package com.xdja.cssp.as.auth;

import com.xdja.cssp.as.auth.cache.SignatureNonce;
import com.xdja.cssp.as.auth.exception.DuplicateRequestException;
import com.xdja.cssp.as.auth.exception.InvalidApiVersionException;
import com.xdja.cssp.as.auth.exception.InvalidDateException;
import com.xdja.cssp.as.auth.exception.InvalidSnException;
import com.xdja.cssp.as.auth.exception.NotSupportSignAlgoException;
import com.xdja.cssp.as.auth.exception.RequestTimeoutException;
import com.xdja.cssp.as.auth.model.Request;
import com.xdja.cssp.as.service.ILoginService;
import com.xdja.cssp.as.service.model.Cert;
import com.xdja.cssp.restful.exception.BadRequestException;
import com.xdja.platform.rpc.consumer.refer.DefaultServiceRefer;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.text.ParseException;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.springframework.util.ClassUtils;
import org.springframework.web.context.request.RequestContextHolder;

@Aspect
@Component
/* loaded from: input_file:com/xdja/cssp/as/auth/AuthClientAspect.class */
public class AuthClientAspect {
    private Logger logger = LoggerFactory.getLogger(getClass());
    private ILoginService service = (ILoginService) DefaultServiceRefer.getServiceRefer(ILoginService.class);
    private String hostId;
    private String apiVersion;
    private long timeout;

    @Around("@annotation(com.xdja.cssp.as.auth.annotation.AuthClient)")
    public Object authClient(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        this.logger.debug("开始验证客户端身份");
        HttpServletRequest request = RequestContextHolder.getRequestAttributes().getRequest();
        Request request2 = new Request();
        String genRequestId = genRequestId();
        request2.setId(genRequestId);
        getHostId(proceedingJoinPoint);
        getApiVersion(proceedingJoinPoint);
        getTimeout(proceedingJoinPoint);
        String header = request.getHeader(Constants.VERSION_HEADER_NAME);
        commonCheckParams(header, genRequestId);
        if (!header.equals(this.apiVersion)) {
            throw new InvalidApiVersionException(genRequestId, genRequestId, "invalid_api_version", "无效的API版本号");
        }
        String header2 = request.getHeader(Constants.TIMESTAMP_HEADER_NAME);
        commonCheckParams(header2, genRequestId);
        try {
            if (System.currentTimeMillis() - Constants.parseTimestamp(header2).getTime() > this.timeout) {
                throw new RequestTimeoutException(this.hostId, genRequestId, "request_timeout", "请求时间戳超时(可能由于客户端时间不正确导致，请先校准客户端时间)");
            }
            String header3 = request.getHeader(Constants.SIGNATURE_NONCE_HEADER_NAME);
            commonCheckParams(header3, genRequestId);
            if (SignatureNonce.signatureNonce.equals(header3)) {
                throw new DuplicateRequestException(this.hostId, genRequestId, "duplicate_request", "重复的请求");
            }
            SignatureNonce.signatureNonce = header3;
            String header4 = request.getHeader(Constants.SIGNATURE_METHOD_HEADER_NAME);
            commonCheckParams(header4, genRequestId);
            if (!header4.equals(Constants.HTTP_HEADER_SIGN_METHOD_RSA) && !header4.equals(Constants.HTTP_HEADER_SIGN_METHOD_SM2)) {
                throw new NotSupportSignAlgoException(this.hostId, genRequestId, "not_support_sign_algo", "不支持的签名算法");
            }
            request2.setSignatureAlgo(header4);
            String header5 = request.getHeader(Constants.SIGNATURE_SN_HEADER_NAME);
            commonCheckParams(header5, genRequestId);
            try {
                Cert queryCert = this.service.queryCert(header5, header4.equals(Constants.HTTP_HEADER_SIGN_METHOD_SM2) ? 2 : 1);
                if (null == queryCert) {
                    throw new InvalidSnException(this.hostId, genRequestId, "invalid_sn", "无效的证书sn");
                }
                request2.setCardNo(queryCert.getCardNo());
                request2.setSignSn(queryCert.getSn());
                String method = request.getMethod();
                String servletPath = request.getServletPath();
                request2.setMethod(method);
                request2.setUri(servletPath);
                Object[] args = proceedingJoinPoint.getArgs();
                int i = 0;
                while (true) {
                    if (i < args.length) {
                        Object obj = args[i];
                        if (null != obj && obj.getClass() == Request.class) {
                            args[i] = request2;
                            break;
                        }
                        i++;
                    } else {
                        break;
                    }
                }
                this.logger.debug("验证客户端身份通过");
                return proceedingJoinPoint.proceed(args);
            } catch (IllegalArgumentException e) {
                this.logger.error("客户端签名证书SN为空");
                throw new InvalidSnException(this.hostId, genRequestId, "invalid_sn", "无效的证书sn");
            }
        } catch (ParseException e2) {
            this.logger.error("无效的请求时间戳", e2);
            throw new InvalidDateException(this.hostId, genRequestId, "invalid_date", "无效的时间", e2);
        }
    }

    private void getHostId(ProceedingJoinPoint proceedingJoinPoint) {
        this.hostId = "未设置服务标识";
        Method methodIfAvailable = ClassUtils.getMethodIfAvailable(proceedingJoinPoint.getTarget().getClass(), "getHostId", new Class[0]);
        if (null == methodIfAvailable) {
            this.logger.warn("请在{}中添加方法：public String getHostId(){}返回服务标识", proceedingJoinPoint.getTarget().getClass());
            return;
        }
        try {
            Object invoke = methodIfAvailable.invoke(proceedingJoinPoint.getTarget(), new Object[0]);
            if (null != invoke) {
                this.hostId = invoke.toString();
                this.logger.debug("服务器标识：{}", this.hostId);
            } else {
                this.logger.warn("{}中的方法：public String getHostId(){}未返回服务标识", proceedingJoinPoint.getTarget().getClass());
            }
        } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
            this.logger.error("从{}中获取服务标识失败", proceedingJoinPoint.getTarget().getClass(), e);
        }
    }

    private void getTimeout(ProceedingJoinPoint proceedingJoinPoint) {
        Method methodIfAvailable = ClassUtils.getMethodIfAvailable(proceedingJoinPoint.getTarget().getClass(), "getTimeout", new Class[0]);
        if (null == methodIfAvailable) {
            this.logger.warn("请在{}中添加方法：public long getTimeout(){}返回请求最大间隔时间", proceedingJoinPoint.getTarget().getClass());
            return;
        }
        try {
            Object invoke = methodIfAvailable.invoke(proceedingJoinPoint.getTarget(), new Object[0]);
            if (null != invoke) {
                this.timeout = Long.parseLong(invoke.toString());
                this.logger.debug("请求最大间隔时间：{}", Long.valueOf(this.timeout));
            } else {
                this.logger.warn("{}中的方法：public long getTimeout(){}未返回请求最大间隔时间", proceedingJoinPoint.getTarget().getClass());
            }
        } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
            this.logger.error("从{}中获取请求最大间隔时间失败", proceedingJoinPoint.getTarget().getClass(), e);
        }
    }

    private void getApiVersion(ProceedingJoinPoint proceedingJoinPoint) {
        Method methodIfAvailable = ClassUtils.getMethodIfAvailable(proceedingJoinPoint.getTarget().getClass(), "getApiVersion", new Class[0]);
        if (null == methodIfAvailable) {
            this.logger.warn("请在{}中添加方法：public String getApiVersion(){}返回API版本号", proceedingJoinPoint.getTarget().getClass());
            return;
        }
        try {
            Object invoke = methodIfAvailable.invoke(proceedingJoinPoint.getTarget(), new Object[0]);
            if (null != invoke) {
                this.apiVersion = invoke.toString();
                this.logger.debug("API版本号：{}", this.apiVersion);
            } else {
                this.logger.warn("{}中的方法：public String getApiVersion(){}未返回API版本号", proceedingJoinPoint.getTarget().getClass());
            }
        } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
            this.logger.error("从{}中获取API版本号失败", proceedingJoinPoint.getTarget().getClass(), e);
        }
    }

    private void commonCheckParams(String str, String str2) {
        if (StringUtils.isBlank(str)) {
            throw new BadRequestException(this.hostId, str2, "request_params_error", "消息头格式错误");
        }
    }

    private String genRequestId() {
        return UUID.randomUUID().toString();
    }
}
