package com.bxm.gateway.zuul.filter.impl;

import com.bxm.gateway.constant.GatewayConstant;
import com.bxm.gateway.constant.SecurityConstant;
import com.bxm.gateway.properties.SecurityProperties;
import com.bxm.gateway.utils.ApiVersionUtils;
import com.bxm.gateway.utils.RequestUtils;
import com.bxm.gateway.zuul.filter.AbstractZuulFilter;
import com.bxm.newidea.component.tools.MD5Util;
import com.bxm.newidea.component.tools.StringUtils;
import com.bxm.newidea.component.util.WebUtils;
import com.netflix.zuul.context.RequestContext;
import com.netflix.zuul.exception.ZuulException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.bind.annotation.RequestMethod;

/* loaded from: input_file:com/bxm/gateway/zuul/filter/impl/SignaturePreFilter.class */
public class SignaturePreFilter extends AbstractZuulFilter {
    private static final Logger log = LoggerFactory.getLogger(SignaturePreFilter.class);
    private SecurityProperties securityProperties;
    private AntPathMatcher antPathMatcher = new AntPathMatcher();

    public SignaturePreFilter(SecurityProperties securityProperties) {
        this.securityProperties = securityProperties;
    }

    public String filterType() {
        return "pre";
    }

    public Object run() throws ZuulException {
        if (!this.securityProperties.isEnableSignature()) {
            return null;
        }
        RequestContext currentContext = RequestContext.getCurrentContext();
        HttpServletRequest request = currentContext.getRequest();
        String requestURI = request.getRequestURI();
        try {
            if (matchUrl(requestURI, RequestUtils.getRequestField(currentContext, GatewayConstant.SOURCE_APP))) {
                validSignature(currentContext, request, requestURI);
            }
            return null;
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new ZuulException("非法请求", HttpStatus.BAD_REQUEST.value(), "未知错误");
        } catch (ZuulException e2) {
            throw e2;
        }
    }

    private void validSignature(RequestContext requestContext, HttpServletRequest httpServletRequest, String str) throws ZuulException {
        String signStr = getSignStr(httpServletRequest);
        String parameter = httpServletRequest.getParameter(SecurityConstant.SIGNATURE_PARAM_KEY);
        String secret = getSecret(requestContext, httpServletRequest, str);
        String standardMd5 = MD5Util.standardMd5(signStr + secret);
        if (StringUtils.notEquals(standardMd5, parameter)) {
            log.error("签名错误，expect:[{}],actual:[{}],origin:[{}],secret:[{}]", new Object[]{standardMd5, parameter, signStr, secret});
            logError("签名校验错误", httpServletRequest);
            throw new ZuulException("非法请求", HttpStatus.BAD_REQUEST.value(), "签名校验失败");
        }
    }

    private String getSecret(RequestContext requestContext, HttpServletRequest httpServletRequest, String str) throws ZuulException {
        String requestField = RequestUtils.getRequestField(requestContext, GatewayConstant.SOURCE_APP);
        String requestField2 = RequestUtils.getRequestField(requestContext, GatewayConstant.CLIENT_PLATFORM_KEY);
        String requestField3 = RequestUtils.getRequestField(requestContext, GatewayConstant.NESTED_PLATFORM_KEY);
        if (null == requestField || null == requestField2) {
            log.error("请求[{}]需要进行签名认证，但是未传递srcApp或platform参数，完整参数：{}", str, WebUtils.getRequestParam(httpServletRequest));
            throw new ZuulException("非法请求", HttpStatus.BAD_REQUEST.value(), "请求中不包含应用来源信息和平台参数");
        }
        if (StringUtils.isNotBlank(requestField3) && !"null".equals(requestField3)) {
            return getNestedSecret(requestField, requestField2, requestField3);
        }
        for (SecurityProperties.SignatureConfig signatureConfig : this.securityProperties.getAppSign().values()) {
            if (StringUtils.equals(signatureConfig.getSrcApp(), requestField) && StringUtils.equals(signatureConfig.getPlatform(), requestField2)) {
                return signatureConfig.getSecret();
            }
        }
        log.error("[{}][{}]未配置对应的签名密钥，请进行配置", requestField, requestField2);
        throw new ZuulException("非法请求", HttpStatus.BAD_REQUEST.value(), "请求来源的应用未配置对应的签名密钥");
    }

    private String getNestedSecret(String str, String str2, String str3) throws ZuulException {
        for (SecurityProperties.NestedSignatureConfig nestedSignatureConfig : this.securityProperties.getNestedSign().values()) {
            if (StringUtils.equals(nestedSignatureConfig.getSrcApp(), str) && StringUtils.equals(nestedSignatureConfig.getNestedPlatform(), str3)) {
                return nestedSignatureConfig.getSecret();
            }
        }
        log.error("前端请求,srcApp：[{}]， 平台类型：[{}]，内嵌平台类型: [{}],未配置对应的签名密钥，请进行配置", new Object[]{str, str2, str3});
        throw new ZuulException("非法请求", HttpStatus.BAD_REQUEST.value(), "请求来源的应用h5未配置对应的签名密钥");
    }

    private String getSignStr(HttpServletRequest httpServletRequest) {
        String paramMap;
        if (RequestMethod.POST.name().equals(httpServletRequest.getMethod()) || RequestMethod.PUT.name().equals(httpServletRequest.getMethod()) || RequestMethod.DELETE.name().equals(httpServletRequest.getMethod())) {
            String requestBodyContent = WebUtils.getRequestBodyContent(httpServletRequest);
            paramMap = "".equals(requestBodyContent) ? getParamMap(httpServletRequest) : requestBodyContent;
        } else {
            paramMap = getParamMap(httpServletRequest);
        }
        return paramMap;
    }

    private String getParamMap(HttpServletRequest httpServletRequest) {
        Map parameterMap = httpServletRequest.getParameterMap();
        StringBuilder sb = new StringBuilder();
        String[] strArr = (String[]) parameterMap.keySet().toArray(new String[0]);
        Arrays.sort(strArr);
        for (String str : strArr) {
            if (StringUtils.isNotEmpty(str) && !SecurityConstant.SIGNATURE_PARAM_KEY.equals(str)) {
                for (String str2 : (String[]) parameterMap.get(str)) {
                    sb.append(str).append("=").append(str2);
                }
            }
        }
        return sb.toString();
    }

    private boolean matchUrl(String str, String str2) {
        String replace = ApiVersionUtils.replace(str);
        Iterator<String> it = this.securityProperties.getSkipSignUrls().iterator();
        while (it.hasNext()) {
            if (this.antPathMatcher.match(it.next(), replace)) {
                return false;
            }
        }
        return !this.securityProperties.getSkipSignSrcApp().contains(str2);
    }
}
