package io.github.opensabe.spring.cloud.parent.web.common.handler;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import io.github.opensabe.common.secret.FilterSecretStringResult;
import io.github.opensabe.common.secret.GlobalSecretManager;
import io.github.opensabe.common.utils.json.JsonUtil;
import io.github.opensabe.spring.cloud.parent.web.common.undertow.HttpServletResponseImplUtil;
import io.undertow.servlet.spec.HttpServletResponseImpl;
import java.io.IOException;
import java.lang.reflect.Type;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.http.HttpInputMessage;
import org.springframework.http.HttpOutputMessage;
import org.springframework.http.MediaType;
import org.springframework.http.converter.GenericHttpMessageConverter;
import org.springframework.http.converter.HttpMessageNotReadableException;
import org.springframework.http.converter.HttpMessageNotWritableException;
import org.springframework.http.server.ServletServerHttpResponse;

/* loaded from: input_file:io/github/opensabe/spring/cloud/parent/web/common/handler/GenericHttpMessageConverterSecretCheckPostProcessor.class */
public class GenericHttpMessageConverterSecretCheckPostProcessor implements BeanPostProcessor {
    private static final Logger log = LogManager.getLogger(GenericHttpMessageConverterSecretCheckPostProcessor.class);
    private final GlobalSecretManager globalSecretManager;

    /* loaded from: input_file:io/github/opensabe/spring/cloud/parent/web/common/handler/GenericHttpMessageConverterSecretCheckPostProcessor$GenericConverterSecretCheck.class */
    private static class GenericConverterSecretCheck implements GenericHttpMessageConverter {
        private final GenericHttpMessageConverter delegate;
        private final GlobalSecretManager globalSecretManager;
        private final Cache<String, Boolean> cache = Caffeine.newBuilder().expireAfterWrite(2, TimeUnit.SECONDS).build();

        public GenericConverterSecretCheck(GenericHttpMessageConverter genericHttpMessageConverter, GlobalSecretManager globalSecretManager) {
            this.delegate = genericHttpMessageConverter;
            this.globalSecretManager = globalSecretManager;
        }

        public boolean canRead(Type type, Class cls, MediaType mediaType) {
            return this.delegate.canRead(type, cls, mediaType);
        }

        public Object read(Type type, Class cls, HttpInputMessage httpInputMessage) throws IOException, HttpMessageNotReadableException {
            return this.delegate.read(type, cls, httpInputMessage);
        }

        public boolean canWrite(Type type, Class cls, MediaType mediaType) {
            return this.delegate.canWrite(type, cls, mediaType);
        }

        public void write(Object obj, Type type, MediaType mediaType, HttpOutputMessage httpOutputMessage) throws IOException, HttpMessageNotWritableException {
            checkSecret(obj, mediaType, httpOutputMessage);
            this.delegate.write(obj, type, mediaType, httpOutputMessage);
        }

        public boolean canRead(Class cls, MediaType mediaType) {
            return this.delegate.canRead(cls, mediaType);
        }

        public boolean canWrite(Class cls, MediaType mediaType) {
            return this.delegate.canWrite(cls, mediaType);
        }

        public List<MediaType> getSupportedMediaTypes() {
            return this.delegate.getSupportedMediaTypes();
        }

        public Object read(Class cls, HttpInputMessage httpInputMessage) throws IOException, HttpMessageNotReadableException {
            return this.delegate.read(cls, httpInputMessage);
        }

        public void write(Object obj, MediaType mediaType, HttpOutputMessage httpOutputMessage) throws IOException, HttpMessageNotWritableException {
            checkSecret(obj, mediaType, httpOutputMessage);
            this.delegate.write(obj, mediaType, httpOutputMessage);
        }

        private void checkSecret(Object obj, MediaType mediaType, HttpOutputMessage httpOutputMessage) throws IOException {
            boolean z = false;
            if (httpOutputMessage instanceof ServletServerHttpResponse) {
                HttpServletResponseImpl servletResponse = ((ServletServerHttpResponse) httpOutputMessage).getServletResponse();
                if (servletResponse instanceof HttpServletResponseImpl) {
                    z = true;
                    String requestPath = HttpServletResponseImplUtil.getExchange(servletResponse).getRequestPath();
                    Boolean bool = (Boolean) this.cache.getIfPresent(requestPath);
                    if (bool != null && !bool.booleanValue()) {
                        GenericHttpMessageConverterSecretCheckPostProcessor.log.debug("GenericHttpMessageConverterSecretCheckPostProcessor {} is cached and not check", requestPath);
                        return;
                    }
                    GenericHttpMessageConverterSecretCheckPostProcessor.log.debug("GenericHttpMessageConverterSecretCheckPostProcessor {} is not cached or need check", requestPath);
                    for (String str : servletResponse.getHeaderNames()) {
                        String header = servletResponse.getHeader(str);
                        if (header != null) {
                            FilterSecretStringResult filterSecretStringAndAlarm = this.globalSecretManager.filterSecretStringAndAlarm(str);
                            FilterSecretStringResult filterSecretStringAndAlarm2 = this.globalSecretManager.filterSecretStringAndAlarm(header);
                            if (filterSecretStringAndAlarm.isFoundSensitiveString() || filterSecretStringAndAlarm2.isFoundSensitiveString()) {
                                this.cache.put(requestPath, true);
                                servletResponse.sendError(403, "Sensitive api forbidden");
                            }
                        }
                    }
                    if (mediaType != null) {
                        String mediaType2 = mediaType.toString();
                        if (StringUtils.containsIgnoreCase(mediaType2, "json") || StringUtils.containsIgnoreCase(mediaType2, "xml") || StringUtils.containsIgnoreCase(mediaType2, "text") || StringUtils.containsIgnoreCase(mediaType2, "html") || StringUtils.containsIgnoreCase(mediaType2, "form") || StringUtils.containsIgnoreCase(mediaType2, "urlencoded")) {
                            if (this.globalSecretManager.filterSecretStringAndAlarm(JsonUtil.toJSONString(obj)).isFoundSensitiveString()) {
                                this.cache.put(requestPath, true);
                                servletResponse.sendError(403, "Sensitive api forbidden");
                            }
                        }
                    }
                    this.cache.put(requestPath, false);
                }
            }
            if (z) {
                return;
            }
            GenericHttpMessageConverterSecretCheckPostProcessor.log.error("GenericHttpMessageConverterSecretCheckPostProcessor can not check because type incompatible");
        }
    }

    public GenericHttpMessageConverterSecretCheckPostProcessor(GlobalSecretManager globalSecretManager) {
        this.globalSecretManager = globalSecretManager;
    }

    public Object postProcessAfterInitialization(Object obj, String str) throws BeansException {
        return obj instanceof GenericHttpMessageConverter ? new GenericConverterSecretCheck((GenericHttpMessageConverter) obj, this.globalSecretManager) : obj;
    }
}
