package com.xdja.cssp.ams.api.util;

import com.xdja.cssp.ams.assetmanager.entity.Cert;
import com.xdja.cssp.ams.assetmanager.service.ICertService;
import com.xdja.cssp.as.auth.sort.ComparatorHeader;
import com.xdja.cssp.as.auth.util.ByteUtils;
import com.xdja.cssp.as.auth.util.CertUtil;
import com.xdja.cssp.as.auth.util.SignUtils;
import com.xdja.platform.rpc.consumer.refer.DefaultServiceRefer;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.message.BasicHeader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/classes/com/xdja/cssp/ams/api/util/VerifySignUtil.class */
public class VerifySignUtil {
    private static Logger logger = LoggerFactory.getLogger(VerifySignUtil.class);
    private static ICertService service = (ICertService) DefaultServiceRefer.getServiceRefer(ICertService.class);

    public static boolean verifySign(HttpServletRequest httpServletRequest) throws UnsupportedEncodingException {
        boolean z = false;
        logger.debug("开始验证客户端身份");
        String header = httpServletRequest.getHeader("x-at-signature-method");
        if (StringUtils.isBlank(header)) {
            logger.warn("客户端验签失败，签名方式为空.");
            return false;
        }
        if (!header.equals("SHA1WITHRSA") && !header.equals("SM3WITHSM2")) {
            logger.warn("客户端验签失败，不支持的签名算法【{}】.", header);
            return false;
        }
        String header2 = httpServletRequest.getHeader(Constants.AUTHORIZATION_HEADER_NAME);
        if (StringUtils.isBlank(header2)) {
            logger.warn("客户端验签失败，签名信息为空.");
            return false;
        }
        String header3 = httpServletRequest.getHeader("x-at-signature-sn");
        if (StringUtils.isBlank(header3)) {
            logger.warn("客户端验签失败，终端签名证书SN为空.");
            return false;
        }
        int i = header.equals("SM3WITHSM2") ? 2 : 1;
        ArrayList arrayList = new ArrayList();
        arrayList.add(header3);
        List<Cert> queryCertBySnList = service.queryCertBySnList(arrayList, i);
        if (null == queryCertBySnList || queryCertBySnList.size() == 0) {
            logger.warn("客户端验签失败，证书不存在.");
            return false;
        }
        String decode = URLDecoder.decode(httpServletRequest.getQueryString(), "UTF-8");
        String method = httpServletRequest.getMethod();
        String servletPath = httpServletRequest.getServletPath();
        ArrayList arrayList2 = new ArrayList();
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            if (str.startsWith("x-at-")) {
                arrayList2.add(new BasicHeader(str, httpServletRequest.getHeader(str)));
            }
        }
        Collections.sort(arrayList2, new ComparatorHeader());
        try {
            String generateCanonicalizeRequest = Constants.generateCanonicalizeRequest(method, servletPath, decode, arrayList2, new String(ByteUtils.inputStreamToBytes(httpServletRequest.getInputStream()), "UTF-8"));
            logger.debug("====>>验签原文：\r\n{}", generateCanonicalizeRequest);
            logger.debug("====>>验签签名：\r\n{}", header2);
            z = SignUtils.verifySignature(header, CertUtil.getCertFromStr(queryCertBySnList.get(0).getCert()).getPublicKey(), generateCanonicalizeRequest.getBytes("UTF-8"), Base64.decodeBase64(header2));
            logger.debug("验证客户端身份完成，结果为【{}】", z ? "验签通过" : "验签不通过");
            return z;
        } catch (Exception e) {
            logger.error("验证请求签名异常", (Throwable) e);
            return z;
        }
    }
}
