package com.xdja.cssp.as.service.impl;

import com.xdja.cssp.as.service.ASConstants;
import com.xdja.cssp.as.service.Constants;
import com.xdja.cssp.as.service.ILoginService;
import com.xdja.cssp.as.service.ITicketService;
import com.xdja.cssp.as.service.impl.bean.LoginCacheBean;
import com.xdja.cssp.as.service.model.AuthBean;
import com.xdja.cssp.as.service.model.Cert;
import com.xdja.cssp.as.service.model.ResultBean;
import com.xdja.cssp.as.service.pn.PushService;
import com.xdja.cssp.as.service.util.CertUtil;
import com.xdja.cssp.as.service.util.RedisUtil;
import com.xdja.cssp.as.service.util.SCNoticeUtil;
import com.xdja.cssp.as.service.util.SignUtils;
import java.text.ParseException;
import java.util.Collections;
import java.util.HashMap;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;

@Service
/* loaded from: input_file:com/xdja/cssp/as/service/impl/TicketServiceImpl.class */
public class TicketServiceImpl implements ITicketService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private ILoginService service;

    public ResultBean verifyTicket(String str) {
        long currentTimeMillis = System.currentTimeMillis();
        this.logger.debug("开始验证ticket");
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException("参数非法，原因：参数为空");
        }
        ResultBean resultBean = new ResultBean();
        resultBean.setResultStatus(1);
        LoginCacheBean ticketInfo = RedisUtil.getTicketInfo(str);
        if (null == ticketInfo) {
            resultBean.setResultStatus(2);
            resultBean.setInfo("登录信息不存在");
            this.logger.debug("验证Ticket失败，原因：登录信息不存在");
            return resultBean;
        }
        if (ticketInfo.getTicketPeriod() >= System.currentTimeMillis()) {
            ticketInfo.setTicketPeriod(Constants.getTicketInvalidTime(ticketInfo.getTicketPeriod()));
            RedisUtil.saveLoginCache(ticketInfo);
            HashMap hashMap = new HashMap();
            hashMap.put("cardNo", ticketInfo.getCardNo());
            hashMap.put("ticketPeriod", Long.valueOf(ticketInfo.getTicketPeriod()));
            resultBean.setInfo(hashMap);
            this.logger.debug("验证ticket成功");
            this.logger.debug("【验证ticket耗时：{} 毫秒】", Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
            return resultBean;
        }
        RedisUtil.removeTicket(ticketInfo.getTicket());
        try {
            SCNoticeUtil.sendTicketInvalid(ticketInfo.getTicket());
            PushService.sendMsg(Constants.PN_MSG_TICKET_INVALID, ticketInfo.getPnCode());
        } catch (Exception e) {
            this.logger.error("发送客户端下线PN消息失败", e);
        }
        resultBean.setResultStatus(2);
        resultBean.setInfo("登录信息超时");
        this.logger.debug("验证Ticket失败，原因：Ticket超时");
        this.logger.debug("【验证ticket耗时：{} 毫秒】", Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
        return resultBean;
    }

    public ResultBean authSignature(AuthBean authBean) {
        this.logger.debug("开始验证客户端签名");
        this.logger.debug("请求参数" + authBean);
        ResultBean resultBean = new ResultBean();
        resultBean.setResultStatus(1);
        validateParame(authBean);
        if (!authBean.getVersion().equals(Constants.API_VERSION)) {
            return resultBean.setResult(2, "API版本号与服务要求不符");
        }
        try {
            if (System.currentTimeMillis() - ASConstants.parseTimestamp(authBean.getTimestamp()).getTime() > Constants.API_TIMEOUT) {
                return resultBean.setResult(3, "请求时间戳超时(可能由于客户端时间不正确导致，请先校准客户端时间)");
            }
            if (!authBean.getSignatureMethod().equals("SHA1WITHRSA") && !authBean.getSignatureMethod().equals("SM3WITHSM2")) {
                return resultBean.setResult(5, "不支持的签名算法");
            }
            int i = 1;
            if (authBean.getSignatureMethod().equals("SM3WITHSM2")) {
                i = 2;
            }
            Cert queryCert = this.service.queryCert(authBean.getSignatureSn(), i);
            if (null == queryCert) {
                return resultBean.setResult(6, "证书不存在");
            }
            this.logger.debug("CardNo==>" + queryCert.getCardNo());
            Collections.sort(authBean.getList());
            try {
                String generateCanonicalizeRequest = ASConstants.generateCanonicalizeRequest(authBean.getMethod(), authBean.getUri(), authBean.getQueryString(), authBean.getList(), new String(authBean.getContent(), "UTF-8"));
                this.logger.debug("重新组装原文==>" + generateCanonicalizeRequest + "end====");
                if (!SignUtils.verifySignature(authBean.getSignatureMethod(), CertUtil.getCertFromStr(queryCert.getCert()).getPublicKey(), generateCanonicalizeRequest.getBytes("UTF-8"), Base64.decodeBase64(authBean.getAuthorization()))) {
                    return resultBean.setResult(8, "验证请求签名不匹配");
                }
                this.logger.debug("验证客户端签名通过");
                return resultBean;
            } catch (Exception e) {
                this.logger.error("验证请求签名异常:" + e.getMessage(), e);
                return resultBean.setResult(7, "验证请求签名异常");
            }
        } catch (ParseException e2) {
            this.logger.error("请求时间戳格式转换异常:" + e2.getMessage(), e2);
            return resultBean.setResult(4, "请求时间戳格式非法");
        }
    }

    private void validateParame(AuthBean authBean) {
        if (authBean == null) {
            throw new IllegalArgumentException("参数不能为空");
        }
        if (StringUtils.isBlank(authBean.getVersion())) {
            throw new IllegalArgumentException("API版本号为空");
        }
        if (ArrayUtils.isEmpty(authBean.getContent())) {
            throw new IllegalArgumentException("请求内容为空");
        }
        if (StringUtils.isBlank(authBean.getSignatureNonce())) {
            throw new IllegalArgumentException("随机数为空");
        }
        if (StringUtils.isBlank(authBean.getSignatureMethod())) {
            throw new IllegalArgumentException("签名方式为空");
        }
        if (StringUtils.isBlank(authBean.getAuthorization())) {
            throw new IllegalArgumentException("签名信息为空");
        }
        if (StringUtils.isBlank(authBean.getSignatureSn())) {
            throw new IllegalArgumentException("签名证书SN为空");
        }
        if (CollectionUtils.isEmpty(authBean.getList())) {
            throw new IllegalArgumentException("签名头信息为空");
        }
    }
}
