package io.esastack.restlight.ext.interceptor.signature;

import esa.commons.Checks;
import esa.commons.StringUtils;
import io.esastack.commons.net.http.HttpMethod;
import io.esastack.commons.net.http.HttpStatus;
import io.esastack.commons.net.http.MediaType;
import io.esastack.restlight.core.context.HttpRequest;
import io.esastack.restlight.core.context.RequestContext;
import io.esastack.restlight.core.exception.WebServerException;
import io.esastack.restlight.core.interceptor.InternalInterceptor;
import io.esastack.restlight.core.util.Futures;
import io.esastack.restlight.ext.interceptor.config.SignatureOptions;
import io.netty.util.internal.InternalThreadLocalMap;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.CompletionStage;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:io/esastack/restlight/ext/interceptor/signature/AbstractSignatureInterceptor.class */
public abstract class AbstractSignatureInterceptor implements InternalInterceptor {
    protected static final int MILLISECOND = 1000;
    protected final SecretProvider distributor;
    private final SignatureOptions options;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/esastack/restlight/ext/interceptor/signature/AbstractSignatureInterceptor$ParamValues.class */
    public static class ParamValues implements Comparable<ParamValues> {
        private final String name;
        private final List<String> values;

        private ParamValues(String str, List<String> list) {
            this.name = str;
            this.values = list;
        }

        @Override // java.lang.Comparable
        public int compareTo(ParamValues paramValues) {
            return this.name.compareTo(paramValues.name);
        }
    }

    public AbstractSignatureInterceptor(SignatureOptions signatureOptions, SecretProvider secretProvider) {
        Checks.checkNotNull(signatureOptions, "options");
        Checks.checkNotNull(secretProvider, "secretProvider");
        if (StringUtils.isEmpty(signatureOptions.getAppId()) || StringUtils.isEmpty(signatureOptions.getSecretVersion()) || StringUtils.isEmpty(signatureOptions.getTimestamp()) || StringUtils.isEmpty(signatureOptions.getSignature())) {
            throw new IllegalArgumentException("[appId, secretVersion, timestamp, signature]'s name must not be empty!");
        }
        this.options = signatureOptions;
        this.distributor = secretProvider;
    }

    public CompletionStage<Boolean> preHandle(RequestContext requestContext, Object obj) {
        HttpRequest request = requestContext.request();
        if ((request.paramsMap() == null || request.paramsMap().isEmpty()) && request.contentLength() == 0) {
            return Futures.completedFuture(Boolean.TRUE);
        }
        String trim = StringUtils.trim(getSignature(request));
        if (StringUtils.isEmpty(trim)) {
            return Futures.completedExceptionally(WebServerException.badRequest("Missing required value: " + signatureName()));
        }
        String trim2 = StringUtils.trim(getTimestamp(request));
        if (this.options.getExpireSeconds() > 0 && System.currentTimeMillis() - Long.parseLong(trim2) > this.options.getExpireSeconds() * 1000) {
            return Futures.completedExceptionally(WebServerException.badRequest("Signature has expired"));
        }
        String trim3 = StringUtils.trim(this.distributor.get(StringUtils.trim(getAppId(request)), StringUtils.trim(getSecretVersion(request)), trim2));
        if (StringUtils.isEmpty(trim3)) {
            return Futures.completedExceptionally(WebServerException.badRequest("Missing required value: " + secretVersionName()));
        }
        byte[] buildData = buildData(request);
        return (buildData == null || buildData.length == 0 || validate(buildData, trim, trim3)) ? Futures.completedFuture(Boolean.TRUE) : Futures.completedExceptionally(new WebServerException(HttpStatus.UNAUTHORIZED, "Unmatched secret"));
    }

    protected byte[] buildData(HttpRequest httpRequest) {
        MediaType contentType;
        byte[] bArr = new byte[0];
        Map paramsMap = httpRequest.paramsMap();
        if (paramsMap != null && paramsMap.size() > 0) {
            ArrayList<ParamValues> arrayList = InternalThreadLocalMap.get().arrayList(paramsMap.size());
            for (Map.Entry entry : paramsMap.entrySet()) {
                if (!this.options.getSignature().equals(StringUtils.trim((String) entry.getKey()))) {
                    LinkedList linkedList = new LinkedList();
                    ((List) entry.getValue()).forEach(str -> {
                        linkedList.add(StringUtils.trim(str));
                    });
                    arrayList.add(new ParamValues(StringUtils.trim((String) entry.getKey()), linkedList));
                }
            }
            Collections.sort(arrayList);
            StringBuilder stringBuilder = InternalThreadLocalMap.get().stringBuilder();
            for (ParamValues paramValues : arrayList) {
                Collections.sort(paramValues.values);
                Iterator it = paramValues.values.iterator();
                while (it.hasNext()) {
                    stringBuilder.append(paramValues.name).append("=").append((String) it.next()).append("&");
                }
            }
            bArr = stringBuilder.substring(0, Math.max(0, stringBuilder.length() - 1)).getBytes(StandardCharsets.UTF_8);
        }
        if (HttpMethod.POST.equals(httpRequest.method()) && (contentType = httpRequest.contentType()) != null && MediaType.APPLICATION_FORM_URLENCODED.isCompatibleWith(contentType)) {
            return bArr;
        }
        byte[] bytes = httpRequest.body().getBytes();
        if (bytes == null || bytes.length <= 0) {
            return bArr;
        }
        byte[] bArr2 = new byte[bArr.length + bytes.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        System.arraycopy(bytes, 0, bArr2, bArr.length, bytes.length);
        return bArr2;
    }

    protected abstract boolean validate(byte[] bArr, String str, String str2);

    protected String getAppId(HttpRequest httpRequest) {
        return getValue(httpRequest, this.options.getAppId());
    }

    protected String getSecretVersion(HttpRequest httpRequest) {
        return getValue(httpRequest, this.options.getSecretVersion());
    }

    protected String getTimestamp(HttpRequest httpRequest) {
        return getValue(httpRequest, this.options.getTimestamp());
    }

    protected String getSignature(HttpRequest httpRequest) {
        return getValue(httpRequest, this.options.getSignature());
    }

    private String getValue(HttpRequest httpRequest, String str) {
        String param = httpRequest.getParam(str);
        return param != null ? param : httpRequest.headers().get(str);
    }

    protected String appIdName() {
        return this.options.getAppId();
    }

    protected String secretVersionName() {
        return this.options.getSecretVersion();
    }

    protected String timestampName() {
        return this.options.getTimestamp();
    }

    protected String signatureName() {
        return this.options.getSignature();
    }

    protected int expireSeconds() {
        return this.options.getExpireSeconds();
    }

    public int getOrder() {
        return Integer.MIN_VALUE;
    }
}
