package io.github.opensabe.spring.cloud.parent.web.common.handler;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import io.github.opensabe.common.secret.FilterSecretStringResult;
import io.github.opensabe.common.secret.GlobalSecretManager;
import io.github.opensabe.common.utils.json.JsonUtil;
import io.github.opensabe.spring.cloud.parent.web.common.undertow.HttpServletResponseImplUtil;
import io.undertow.servlet.spec.HttpServletResponseImpl;
import java.time.Duration;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.core.MethodParameter;
import org.springframework.http.MediaType;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.server.ServerHttpRequest;
import org.springframework.http.server.ServerHttpResponse;
import org.springframework.http.server.ServletServerHttpResponse;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;

@ControllerAdvice
/* loaded from: input_file:io/github/opensabe/spring/cloud/parent/web/common/handler/SecretCheckResponseAdvice.class */
public class SecretCheckResponseAdvice implements ResponseBodyAdvice<Object> {
    private static final Logger log = LogManager.getLogger(SecretCheckResponseAdvice.class);
    private final GlobalSecretManager globalSecretManager;
    private final Cache<String, Boolean> cache = Caffeine.newBuilder().expireAfterWrite(Duration.ofSeconds(1)).build();

    public SecretCheckResponseAdvice(GlobalSecretManager globalSecretManager) {
        this.globalSecretManager = globalSecretManager;
    }

    public boolean supports(MethodParameter methodParameter, Class<? extends HttpMessageConverter<?>> cls) {
        return true;
    }

    public Object beforeBodyWrite(Object obj, MethodParameter methodParameter, MediaType mediaType, Class<? extends HttpMessageConverter<?>> cls, ServerHttpRequest serverHttpRequest, ServerHttpResponse serverHttpResponse) {
        String path = serverHttpRequest.getURI().getPath();
        Boolean bool = (Boolean) this.cache.getIfPresent(path);
        if (bool != null && !bool.booleanValue()) {
            log.debug("Path: {} cached skip current beforeBodyWrite", path);
            return obj;
        }
        log.debug("Path: {} is not cached", path);
        if (serverHttpResponse instanceof ServletServerHttpResponse) {
            HttpServletResponseImpl servletResponse = ((ServletServerHttpResponse) serverHttpResponse).getServletResponse();
            for (String str : servletResponse.getHeaderNames()) {
                String header = servletResponse.getHeader(str);
                if (header != null) {
                    FilterSecretStringResult filterSecretStringAndAlarm = this.globalSecretManager.filterSecretStringAndAlarm(str);
                    FilterSecretStringResult filterSecretStringAndAlarm2 = this.globalSecretManager.filterSecretStringAndAlarm(header);
                    if (filterSecretStringAndAlarm.isFoundSensitiveString() || filterSecretStringAndAlarm2.isFoundSensitiveString()) {
                        this.cache.put(path, true);
                        if (servletResponse instanceof HttpServletResponseImpl) {
                            HttpServletResponseImplUtil.getExchange(servletResponse).getResponseHeaders().clear();
                        } else {
                            log.error("servletResponse is not HttpServletResponseImpl, servletResponse: {}", servletResponse);
                        }
                    }
                }
            }
        } else {
            log.error("response is not ServletServerHttpResponse, response: {}", serverHttpResponse);
        }
        FilterSecretStringResult filterSecretStringAndAlarm3 = this.globalSecretManager.filterSecretStringAndAlarm(JsonUtil.toJSONString(obj));
        this.cache.put(path, Boolean.valueOf(filterSecretStringAndAlarm3.isFoundSensitiveString()));
        return filterSecretStringAndAlarm3.isFoundSensitiveString() ? JsonUtil.parseObject(filterSecretStringAndAlarm3.getFilteredContent(), obj.getClass()) : obj;
    }
}
