package com.xdja.cssp.was.at.auth.action;

import com.xdja.cssp.acs.ICertService;
import com.xdja.cssp.acs.bean.cert.Cert;
import com.xdja.cssp.acs.bean.cert.CertStatus;
import com.xdja.cssp.sm2cipher.sm2.cipher.ServiceException;
import com.xdja.cssp.was.at.auth.util.Const;
import com.xdja.cssp.was.ticket.IAuthService;
import com.xdja.cssp.was.ticket.IChallengeService;
import com.xdja.cssp.was.ticket.impl.AuthServiceImpl;
import com.xdja.cssp.was.ticket.impl.ChallengeServiceImpl;
import com.xdja.cssp.was.ticket.model.Challenge;
import com.xdja.cssp.was.utils.CertUtil;
import com.xdja.cssp.was.utils.SM2Utils;
import com.xdja.platform.core.spring.SpringBeanUtil;
import com.xdja.platform.redis.core.RedisClient;
import com.xdja.platform.rpc.consumer.refer.DefaultServiceRefer;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;
import org.springframework.http.HttpHeaders;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller
/* loaded from: input_file:WEB-INF/classes/com/xdja/cssp/was/at/auth/action/AuthAction.class */
public class AuthAction extends BaseAction {
    private IChallengeService challengeService = new ChallengeServiceImpl((RedisClient) SpringBeanUtil.getBean(RedisClient.class));
    private IAuthService authService = new AuthServiceImpl((RedisClient) SpringBeanUtil.getBean(RedisClient.class));
    private ICertService certService = (ICertService) DefaultServiceRefer.getServiceRefer(ICertService.class);

    @RequestMapping(method = {RequestMethod.GET}, value = {"/open/api/v1/ticket/getChallenge"})
    @ResponseBody
    public Object getChallenge(@RequestHeader("cardId") String str, HttpServletResponse httpServletResponse) {
        if (StringUtils.isBlank(str)) {
            return generateChallengeErrorResult(ServiceException.CODE_DB_EXIST_DEVICE);
        }
        try {
            Challenge create = this.challengeService.create(str, Const.CHALLENGE_PERIOD);
            return create == null ? generateChallengeErrorResult(ServiceException.CODE_DB_EXIST_SUB_CA) : generateChallengeSuccessResult(create);
        } catch (Exception e) {
            this.logger.error("获取随机数时出现异常。", (Throwable) e);
            return generateChallengeErrorResult(ServiceException.CODE_DB_EXIST_SUB_CA);
        }
    }

    public Map<String, Object> generateChallengeSuccessResult(Challenge challenge) {
        HashMap hashMap = new HashMap();
        hashMap.put("code", "1");
        hashMap.put("challengeStr", challenge.getChallengeStr());
        hashMap.put(BeanDefinitionParserDelegate.INDEX_ATTRIBUTE, challenge.getIndex());
        hashMap.put("period", Long.valueOf(challenge.getPeriod()));
        return hashMap;
    }

    public Map<String, Object> generateChallengeErrorResult(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put("code", str);
        hashMap.put("challengeStr", "");
        hashMap.put(BeanDefinitionParserDelegate.INDEX_ATTRIBUTE, "");
        hashMap.put("period", 0);
        return hashMap;
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"/open/api/v1/ticket/verifyChallenge"})
    @ResponseBody
    public Object verifySignForAppSecretKey(@RequestHeader HttpHeaders httpHeaders, HttpServletResponse httpServletResponse) {
        if (!StringUtils.isBlank(checkParams(httpHeaders))) {
            return generateErrorResult(ServiceException.CODE_DB_EXIST_DEVICE);
        }
        httpHeaders.getFirst("x-version");
        String first = httpHeaders.getFirst("x-cardId");
        String first2 = httpHeaders.getFirst("x-sn");
        String first3 = httpHeaders.getFirst("x-timestamp");
        String first4 = httpHeaders.getFirst("x-index");
        String first5 = httpHeaders.getFirst("x-signature");
        if (!StringUtils.isBlank(checkCardAndSn(first, first2, 2))) {
            return generateErrorResult(ServiceException.CODE_DB_EXIST_SUB_CA);
        }
        if (StringUtils.isBlank(checkSignValue(first, first5, this.challengeService.get(first, first4) + "|" + first3))) {
            return generateErrorResult(ServiceException.CODE_DB_EXIST_ADMIN);
        }
        HashMap hashMap = new HashMap();
        hashMap.put("cardId", first);
        hashMap.put("sn", first2);
        return generateSuccessResult(first, hashMap);
    }

    private Map<String, Object> generateErrorResult(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put("code", str);
        hashMap.put("ticket", "");
        hashMap.put("period", 0);
        return hashMap;
    }

    private Map<String, Object> generateSuccessResult(String str, Map<String, String> map) {
        HashMap hashMap = new HashMap();
        hashMap.put("code", "1");
        hashMap.put("ticket", this.authService.create(str, Const.TICKET_PERIOD * 1000, map));
        hashMap.put("period", Integer.valueOf(Const.TICKET_PERIOD * 1000));
        return hashMap;
    }

    private String checkCardAndSn(String str, String str2, int i) {
        CertStatus checkCertStatus = this.certService.checkCertStatus(str, str2, i);
        return checkCertStatus.value == 1 ? "" : checkCertStatus.desc;
    }

    private String checkParams(HttpHeaders httpHeaders) {
        return (StringUtils.isBlank(httpHeaders.getFirst("x-version")) || StringUtils.isBlank(httpHeaders.getFirst("x-cardId"))) ? "请求参数中x-version参数值异常。" : StringUtils.isBlank(httpHeaders.getFirst("x-sn")) ? "请求参数中x-cardId参数值异常。" : StringUtils.isBlank(httpHeaders.getFirst("x-timestamp")) ? "请求参数中x-sn参数值异常。" : StringUtils.isBlank(httpHeaders.getFirst("x-index")) ? "请求参数中x-index参数值异常。" : StringUtils.isBlank(httpHeaders.getFirst("x-signature")) ? "请求参数中x-signature参数值异常。" : "";
    }

    private String checkSignValue(String str, String str2, String str3) {
        List<Cert> list;
        ArrayList arrayList = new ArrayList();
        arrayList.add(str);
        Map<String, List<Cert>> queryCertByCardNos = this.certService.queryCertByCardNos(arrayList, 2, 2);
        return (null == queryCertByCardNos || queryCertByCardNos.size() < 1 || null == (list = queryCertByCardNos.get(str)) || list.size() < 1) ? "无法根据卡号查询到公钥信息。" : SM2Utils.verify(CertUtil.getEcPubKey(list.get(0).getCert()), str2.getBytes(), str3.getBytes()) ? "" : "对签名值进行验证失败。";
    }
}
