package com.labbol.core.security;

import com.labbol.core.utils.security.rsa.RSAUtils;
import java.io.IOException;
import java.util.Arrays;
import java.util.Comparator;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.yelong.support.security.sm3.SM3Utils;
import org.yelong.support.security.sm4.SM4Utils;
import org.yelong.support.servlet.filter.security.AbstractSecurityFilter;
import org.yelong.support.servlet.filter.security.IntegrityValidationException;
import org.yelong.support.servlet.filter.security.SecurityException;
import org.yelong.support.servlet.filter.security.SecurityHttpServletRequestWrapper;

/* loaded from: input_file:com/labbol/core/security/SecurityFilter.class */
public class SecurityFilter extends AbstractSecurityFilter {
    private static final String SM4_KEY = "A1B2C3D4E5F6H7G8";
    private static final String RESPONSE_SM4_KEY = "f1fcafc938e0b5f637f66705597ec460";
    public static final String PARAM_DECRYPT_MODE = "PARAM_DECRYPT_MODE";
    public static final String BODY_DECRYPT_MODE = "BODY_DECRYPT_MODE";
    public static final String INTEGRITY_VALIDATION_MODE = "INTEGRITY_VALIDATION_MODE";
    public static final String OPER_DATA_SIGN = "OPER_DATA_SIGN";
    public static final String BODY_ENCRYPT_MODE = "BODY_ENCRYPT_MODE";
    public static final String SM4_ENCODE_KEY = "SM4_ENCODE_KEY";
    private static final List<String> NOT_DECRYPT_PARAM_KEY = Arrays.asList(PARAM_DECRYPT_MODE, BODY_DECRYPT_MODE, INTEGRITY_VALIDATION_MODE, OPER_DATA_SIGN, BODY_ENCRYPT_MODE, SM4_ENCODE_KEY);
    private static final Logger LOGGER = LoggerFactory.getLogger(Logger.class);

    public boolean isParamDecrypt(HttpServletRequest httpServletRequest) {
        return Boolean.valueOf(httpServletRequest.getHeader(PARAM_DECRYPT_MODE)).booleanValue() || Boolean.valueOf(httpServletRequest.getParameter(PARAM_DECRYPT_MODE)).booleanValue();
    }

    public boolean isBodyDecrypt(HttpServletRequest httpServletRequest) {
        return Boolean.valueOf(httpServletRequest.getHeader(BODY_DECRYPT_MODE)).booleanValue() || Boolean.valueOf(httpServletRequest.getParameter(BODY_DECRYPT_MODE)).booleanValue();
    }

    public boolean isIntegrityValidation(HttpServletRequest httpServletRequest) {
        return Boolean.valueOf(httpServletRequest.getHeader(INTEGRITY_VALIDATION_MODE)).booleanValue() || Boolean.valueOf(httpServletRequest.getParameter(INTEGRITY_VALIDATION_MODE)).booleanValue();
    }

    public byte[] decryptBody(HttpServletRequest httpServletRequest, byte[] bArr) throws SecurityException {
        try {
            return SM4Utils.decodeByHexStr(new String(bArr), SM4_KEY).getBytes();
        } catch (IOException e) {
            throw new SecurityException(e);
        }
    }

    public boolean integrityValidation(SecurityHttpServletRequestWrapper securityHttpServletRequestWrapper) throws IntegrityValidationException {
        Enumeration sourceParameterNames = securityHttpServletRequestWrapper.getSourceParameterNames();
        String str = "";
        while (sourceParameterNames.hasMoreElements()) {
            String str2 = (String) sourceParameterNames.nextElement();
            String sourceParameter = securityHttpServletRequestWrapper.getSourceParameter(str2);
            if (!OPER_DATA_SIGN.equals(str2) && !PARAM_DECRYPT_MODE.equals(str2) && !INTEGRITY_VALIDATION_MODE.equals(str2) && !"OPER_USER".equals(str2)) {
                str = str + str2 + "=" + sourceParameter + "&";
            }
        }
        if (!StringUtils.isNotBlank(str)) {
            return true;
        }
        String[] split = str.substring(0, str.length() - 1).split("&");
        Arrays.sort(split, new Comparator<String>() { // from class: com.labbol.core.security.SecurityFilter.1
            @Override // java.util.Comparator
            public int compare(String str3, String str4) {
                return str3.split("=")[0].toLowerCase().compareTo(str4.split("=")[0].toLowerCase());
            }
        });
        String str3 = "";
        for (String str4 : split) {
            if (!str4.contains(OPER_DATA_SIGN)) {
                str3 = str3 + str4 + "&";
            }
        }
        return SM3Utils.verify(str3.substring(0, str3.length() - 1), securityHttpServletRequestWrapper.getParameter(OPER_DATA_SIGN));
    }

    public void integrityValidationExceptionProcessor(IntegrityValidationException integrityValidationException, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setStatus(HttpStatus.OK.value());
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.getWriter().write("{    \"msg\": \"数据在传输过程中被篡改，操作终止！如有问题，请与客服联系！\",    \"success\": false}");
        LOGGER.error("", integrityValidationException);
    }

    public Map<String, String[]> decryptParam(HttpServletRequest httpServletRequest, Map<String, String[]> map) throws SecurityException {
        try {
            String sm4Key = getSm4Key(httpServletRequest);
            HashMap hashMap = new HashMap(map.size());
            try {
                for (Map.Entry<String, String[]> entry : map.entrySet()) {
                    String key = entry.getKey();
                    String[] value = entry.getValue();
                    if (NOT_DECRYPT_PARAM_KEY.contains(key)) {
                        hashMap.put(key, map.get(key));
                    } else {
                        String[] strArr = new String[value.length];
                        if (null != value && value.length >= 0) {
                            for (int i = 0; i < value.length; i++) {
                                String str = value[i];
                                if (StringUtils.isNotEmpty(str)) {
                                    strArr[i] = SM4Utils.decodeByHexStr(str, sm4Key);
                                } else {
                                    strArr[i] = str;
                                }
                            }
                        }
                        hashMap.put(key, strArr);
                    }
                }
                return hashMap;
            } catch (IOException e) {
                throw new SecurityException(e);
            }
        } catch (Exception e2) {
            throw new SecurityException(e2);
        }
    }

    public void decryptExceptionProcessor(SecurityException securityException, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setContentType("text/html;charset=UTF-8");
        httpServletResponse.getWriter().write("解密参数异常");
    }

    public boolean isResponseEncrypt(HttpServletRequest httpServletRequest) {
        return Boolean.valueOf(httpServletRequest.getHeader(BODY_ENCRYPT_MODE)).booleanValue();
    }

    public byte[] responseEncrypt(byte[] bArr) throws IOException {
        String encodeByHexStr = SM4Utils.encodeByHexStr(new String(bArr), RESPONSE_SM4_KEY);
        return (encodeByHexStr + SM3Utils.encrypt(RESPONSE_SM4_KEY + encodeByHexStr) + RESPONSE_SM4_KEY).getBytes();
    }

    private String getSm4Key(HttpServletRequest httpServletRequest) throws Exception {
        Object parameter = httpServletRequest.getParameter(SM4_ENCODE_KEY);
        String valueOf = parameter instanceof Object[] ? String.valueOf(((Object[]) parameter)[0]) : (String) parameter;
        return StringUtils.isEmpty(valueOf) ? SM4_KEY : RSAUtils.decodeJsValue(valueOf);
    }
}
