package io.github.icodegarden.commons.gateway.spi.impl;

import io.github.icodegarden.commons.gateway.core.security.signature.App;
import io.github.icodegarden.commons.gateway.spi.OpenApiRequestValidator;
import io.github.icodegarden.commons.gateway.util.CommonsGatewayUtils;
import io.github.icodegarden.commons.lang.spec.response.ClientParameterInvalidErrorCodeException;
import io.github.icodegarden.commons.lang.spec.response.ClientParameterMissingErrorCodeException;
import io.github.icodegarden.commons.lang.spec.response.ClientPermissionErrorCodeException;
import io.github.icodegarden.commons.lang.spec.sign.OpenApiRequestBody;
import io.github.icodegarden.commons.lang.util.LogUtils;
import io.github.icodegarden.commons.lang.util.SystemUtils;
import io.github.icodegarden.commons.springboot.exception.ErrorCodeAuthenticationException;
import java.lang.ref.ReferenceQueue;
import java.lang.ref.SoftReference;
import java.time.LocalDateTime;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;

/* loaded from: input_file:io/github/icodegarden/commons/gateway/spi/impl/DefaultOpenApiRequestValidator.class */
public class DefaultOpenApiRequestValidator implements OpenApiRequestValidator {
    private static final Logger log = LoggerFactory.getLogger(DefaultOpenApiRequestValidator.class);
    public static long REJECT_SECONDS_BEFORE = 300;
    public static long REJECT_SECONDS_AFTER = 10;
    public static Pattern DATETIME_PATTERN = Pattern.compile("^[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}$");
    public static Function<String, LocalDateTime> TIMESTAMP_PARSER = str -> {
        return LocalDateTime.parse(str, SystemUtils.STANDARD_DATETIME_FORMATTER);
    };
    private GeneralValidator generalValidator = new GeneralValidator();
    private RequestIdValidator requestIdValidator = new RequestIdValidator();

    /* loaded from: input_file:io/github/icodegarden/commons/gateway/spi/impl/DefaultOpenApiRequestValidator$GeneralValidator.class */
    public static class GeneralValidator {
        public void validate(String str, OpenApiRequestBody openApiRequestBody, App app) {
            if (!StringUtils.hasText(openApiRequestBody.getMethod())) {
                throw new ErrorCodeAuthenticationException(new ClientParameterMissingErrorCodeException(ClientParameterMissingErrorCodeException.SubPair.MISSING_METHOD));
            }
            if (!StringUtils.hasText(openApiRequestBody.getSign())) {
                throw new ErrorCodeAuthenticationException(new ClientParameterMissingErrorCodeException(ClientParameterMissingErrorCodeException.SubPair.MISSING_SIGNATURE));
            }
            if (!StringUtils.hasText(openApiRequestBody.getSign_type())) {
                throw new ErrorCodeAuthenticationException(new ClientParameterMissingErrorCodeException(ClientParameterMissingErrorCodeException.SubPair.MISSING_SIGNATURE_TYPE));
            }
            if (!StringUtils.hasText(openApiRequestBody.getApp_id())) {
                throw new ErrorCodeAuthenticationException(new ClientParameterMissingErrorCodeException(ClientParameterMissingErrorCodeException.SubPair.MISSING_APP_ID));
            }
            if (!StringUtils.hasText(openApiRequestBody.getTimestamp())) {
                throw new ErrorCodeAuthenticationException(new ClientParameterMissingErrorCodeException(ClientParameterMissingErrorCodeException.SubPair.MISSING_TIMESTAMP));
            }
            if (!StringUtils.hasText(openApiRequestBody.getVersion())) {
                throw new ErrorCodeAuthenticationException(new ClientParameterMissingErrorCodeException(ClientParameterMissingErrorCodeException.SubPair.MISSING_VERSION));
            }
            if (!StringUtils.hasText(openApiRequestBody.getRequest_id())) {
                throw new ErrorCodeAuthenticationException(new ClientParameterMissingErrorCodeException(ClientParameterMissingErrorCodeException.SubPair.MISSING_REQUEST_ID));
            }
            if (openApiRequestBody.getApp_id().length() > 32) {
                throw new ErrorCodeAuthenticationException(new ClientParameterInvalidErrorCodeException(ClientParameterInvalidErrorCodeException.SubPair.INVALID_APP_ID));
            }
            if (!"JSON".equalsIgnoreCase(openApiRequestBody.getFormat())) {
                LogUtils.infoIfEnabled(DefaultOpenApiRequestValidator.log, () -> {
                    DefaultOpenApiRequestValidator.log.info("app:{}.{} of rquest path:{} INVALID_FORMAT:{}", new Object[]{app.getAppName(), app.getAppId(), str, openApiRequestBody.getFormat()});
                });
                throw new ErrorCodeAuthenticationException(new ClientParameterInvalidErrorCodeException(ClientParameterInvalidErrorCodeException.SubPair.INVALID_FORMAT));
            }
            if (!CommonsGatewayUtils.supportsSignType(openApiRequestBody.getSign_type())) {
                LogUtils.infoIfEnabled(DefaultOpenApiRequestValidator.log, () -> {
                    DefaultOpenApiRequestValidator.log.info("app:{}.{} of rquest path:{} INVALID_SIGNATURE_TYPE:{}", new Object[]{app.getAppName(), app.getAppId(), str, openApiRequestBody.getSign_type()});
                });
                throw new ErrorCodeAuthenticationException(new ClientParameterInvalidErrorCodeException(ClientParameterInvalidErrorCodeException.SubPair.INVALID_SIGNATURE_TYPE));
            }
            if (!DefaultOpenApiRequestValidator.DATETIME_PATTERN.matcher(openApiRequestBody.getTimestamp()).matches()) {
                LogUtils.infoIfEnabled(DefaultOpenApiRequestValidator.log, () -> {
                    DefaultOpenApiRequestValidator.log.info("app:{}.{} of rquest path:{} INVALID_TIMESTAMP:{}", new Object[]{app.getAppName(), app.getAppId(), str, openApiRequestBody.getTimestamp()});
                });
                throw new ErrorCodeAuthenticationException(new ClientParameterInvalidErrorCodeException(ClientParameterInvalidErrorCodeException.SubPair.INVALID_TIMESTAMP));
            }
            LocalDateTime apply = DefaultOpenApiRequestValidator.TIMESTAMP_PARSER.apply(openApiRequestBody.getTimestamp());
            if (apply.plusSeconds(DefaultOpenApiRequestValidator.REJECT_SECONDS_BEFORE).isBefore(SystemUtils.now()) || apply.minusSeconds(DefaultOpenApiRequestValidator.REJECT_SECONDS_AFTER).isAfter(SystemUtils.now())) {
                LogUtils.infoIfEnabled(DefaultOpenApiRequestValidator.log, () -> {
                    DefaultOpenApiRequestValidator.log.info("app:{}.{} of rquest path:{} INVALID_TIMESTAMP:{}", new Object[]{app.getAppName(), app.getAppId(), str, openApiRequestBody.getTimestamp()});
                });
                throw new ErrorCodeAuthenticationException(new ClientParameterInvalidErrorCodeException(ClientParameterInvalidErrorCodeException.SubPair.INVALID_TIMESTAMP));
            }
            if (!StringUtils.hasText(openApiRequestBody.getCharset()) || !"UTF-8".equalsIgnoreCase(openApiRequestBody.getCharset())) {
                LogUtils.infoIfEnabled(DefaultOpenApiRequestValidator.log, () -> {
                    DefaultOpenApiRequestValidator.log.info("app:{}.{} of rquest path:{} INVALID_CHARSET:{}", new Object[]{app.getAppName(), app.getAppId(), str, openApiRequestBody.getCharset()});
                });
                throw new ErrorCodeAuthenticationException(new ClientParameterInvalidErrorCodeException(ClientParameterInvalidErrorCodeException.SubPair.INVALID_CHARSET));
            }
            if (openApiRequestBody.getRequest_id().length() > 32) {
                LogUtils.infoIfEnabled(DefaultOpenApiRequestValidator.log, () -> {
                    DefaultOpenApiRequestValidator.log.info("app:{}.{} of rquest path:{} INVALID_REQUEST_ID:{}", new Object[]{app.getAppName(), app.getAppId(), str, openApiRequestBody.getRequest_id()});
                });
                throw new ErrorCodeAuthenticationException(new ClientParameterInvalidErrorCodeException(ClientParameterInvalidErrorCodeException.SubPair.INVALID_REQUEST_ID));
            }
            if (!CommonsGatewayUtils.validateSign(openApiRequestBody, app.getAppKey())) {
                LogUtils.infoIfEnabled(DefaultOpenApiRequestValidator.log, () -> {
                    DefaultOpenApiRequestValidator.log.info("app:{}.{} of rquest path:{} INVALID_SIGNATURE:{}", new Object[]{app.getAppName(), app.getAppId(), str, openApiRequestBody.getSign()});
                });
                throw new ErrorCodeAuthenticationException(new ClientParameterInvalidErrorCodeException(ClientParameterInvalidErrorCodeException.SubPair.INVALID_SIGNATURE));
            }
            if (app.getMethods().isEmpty() || app.getMethods().contains(openApiRequestBody.getMethod())) {
                return;
            }
            LogUtils.infoIfEnabled(DefaultOpenApiRequestValidator.log, () -> {
                DefaultOpenApiRequestValidator.log.info("app:{}.{} of rquest path:{} INSUFFICIENT_PERMISSIONS:{}", new Object[]{app.getAppName(), app.getAppId(), str, openApiRequestBody.getMethod()});
            });
            throw new ErrorCodeAuthenticationException(new ClientPermissionErrorCodeException(ClientPermissionErrorCodeException.SubPair.INSUFFICIENT_PERMISSIONS));
        }
    }

    /* loaded from: input_file:io/github/icodegarden/commons/gateway/spi/impl/DefaultOpenApiRequestValidator$LocalDuplicateRequestIdValidator.class */
    public static class LocalDuplicateRequestIdValidator {
        private static final Logger log = LoggerFactory.getLogger(LocalDuplicateRequestIdValidator.class);
        private ReferenceQueue<Object> referenceQueue = new ReferenceQueue<>();
        private Object object = new Object();
        private Map<String, Map<RequestIdSoftReference, Object>> appRequestIds = new HashMap(64);

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:io/github/icodegarden/commons/gateway/spi/impl/DefaultOpenApiRequestValidator$LocalDuplicateRequestIdValidator$RequestIdSoftReference.class */
        public static class RequestIdSoftReference extends SoftReference<String> {
            private final String app_id;
            private final int request_id_hash;

            public RequestIdSoftReference(String str, String str2, ReferenceQueue<? super String> referenceQueue) {
                super(str2, referenceQueue);
                this.app_id = str;
                this.request_id_hash = str2.hashCode();
            }

            public int hashCode() {
                return this.request_id_hash;
            }

            public boolean equals(Object obj) {
                return this.request_id_hash == ((RequestIdSoftReference) obj).request_id_hash;
            }

            public String toString() {
                return this.app_id + Integer.toString(this.request_id_hash);
            }
        }

        /* JADX WARN: Type inference failed for: r0v4, types: [io.github.icodegarden.commons.gateway.spi.impl.DefaultOpenApiRequestValidator$LocalDuplicateRequestIdValidator$1] */
        public LocalDuplicateRequestIdValidator() {
            new Thread(LocalDuplicateRequestIdValidator.class.getSimpleName()) { // from class: io.github.icodegarden.commons.gateway.spi.impl.DefaultOpenApiRequestValidator.LocalDuplicateRequestIdValidator.1
                @Override // java.lang.Thread, java.lang.Runnable
                public void run() {
                    while (true) {
                        try {
                            RequestIdSoftReference requestIdSoftReference = (RequestIdSoftReference) LocalDuplicateRequestIdValidator.this.referenceQueue.remove();
                            ((Map) LocalDuplicateRequestIdValidator.this.appRequestIds.get(requestIdSoftReference.app_id)).remove(requestIdSoftReference);
                        } catch (InterruptedException e) {
                        }
                    }
                }
            }.start();
        }

        public boolean validate(OpenApiRequestBody openApiRequestBody) {
            if (this.appRequestIds.computeIfAbsent(openApiRequestBody.getApp_id(), str -> {
                return new HashMap(10240);
            }).put(new RequestIdSoftReference(openApiRequestBody.getApp_id(), openApiRequestBody.getRequest_id(), this.referenceQueue), this.object) == null) {
                return true;
            }
            LogUtils.infoIfEnabled(log, () -> {
                log.info("openapi request reject by duplicate, request_id:{}, app_id:{}", openApiRequestBody.getRequest_id(), openApiRequestBody.getApp_id());
            });
            return false;
        }

        public int getAppExistRequestIdSize(String str) {
            return this.appRequestIds.getOrDefault(str, Collections.emptyMap()).size();
        }
    }

    /* loaded from: input_file:io/github/icodegarden/commons/gateway/spi/impl/DefaultOpenApiRequestValidator$RequestIdValidator.class */
    public static class RequestIdValidator {
        private LocalDuplicateRequestIdValidator localDuplicateRequestIdValidator = new LocalDuplicateRequestIdValidator();

        public void validate(String str, OpenApiRequestBody openApiRequestBody, App app) {
            if (this.localDuplicateRequestIdValidator.validate(openApiRequestBody)) {
                return;
            }
            LogUtils.infoIfEnabled(DefaultOpenApiRequestValidator.log, () -> {
                DefaultOpenApiRequestValidator.log.info("app:{}.{} of rquest path:{} INVALID_REQUEST_ID:{}", new Object[]{app.getAppName(), app.getAppId(), str, openApiRequestBody.getRequest_id()});
            });
            throw new ErrorCodeAuthenticationException(new ClientParameterInvalidErrorCodeException(ClientParameterInvalidErrorCodeException.SubPair.INVALID_REQUEST_ID.getSub_code(), "Duplicate Request"));
        }
    }

    @Override // io.github.icodegarden.commons.gateway.spi.OpenApiRequestValidator
    public void validate(String str, OpenApiRequestBody openApiRequestBody, App app) {
        if (log.isDebugEnabled()) {
            log.debug("Validate OpenApi request body:{}", openApiRequestBody.toStringExcludeBizContent());
        }
        this.generalValidator.validate(str, openApiRequestBody, app);
        this.requestIdValidator.validate(str, openApiRequestBody, app);
    }
}
