package com.xdja.pki.ra.openapi.aop;

import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.commonenum.ReqAttributeEnum;
import com.xdja.pki.ra.core.util.SignUtils;
import com.xdja.pki.ra.core.util.cert.CertUtils;
import com.xdja.pki.ra.core.util.params.CheckUtils;
import com.xdja.pki.ra.manager.dao.CustomerDao;
import com.xdja.pki.ra.openapi.bean.SystemFlagBean;
import com.xdja.pki.ra.service.manager.certapply.bean.ErrorMsg;
import java.io.IOException;
import java.io.Reader;
import java.io.StringWriter;
import java.net.URLDecoder;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import org.springframework.web.util.ContentCachingRequestWrapper;

@Aspect
@Component
/* loaded from: input_file:WEB-INF/lib/ra-openapi-normal-0.0.1-SNAPSHOT.jar:com/xdja/pki/ra/openapi/aop/RaSdkInterceptAspect.class */
public class RaSdkInterceptAspect {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private CustomerDao customerDao;

    @Value("${ra-openapi.response.overtime}")
    private String OverTime;

    @Pointcut("@annotation(SignIntercep)")
    public void pointcut() {
    }

    @Around("pointcut()")
    public Object signIntercept(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        this.logger.debug("a-openapi-normal---------------------开始拦截到RA-SDK的请求");
        ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
        HttpServletRequestWrapper request = servletRequestAttributes.getRequest();
        HttpServletResponse response = servletRequestAttributes.getResponse();
        HttpServletRequestWrapper httpServletRequestWrapper = request;
        String str = new String((!(httpServletRequestWrapper instanceof ContentCachingRequestWrapper) ? (ContentCachingRequestWrapper) httpServletRequestWrapper.getRequest() : (ContentCachingRequestWrapper) httpServletRequestWrapper).getContentAsByteArray());
        String header = request.getHeader(ReqAttributeEnum.SYSTEM_FLAG.name);
        String header2 = request.getHeader(ReqAttributeEnum.SING_VALUE.name);
        String header3 = request.getHeader(ReqAttributeEnum.TIMESTAMP.name);
        String header4 = request.getHeader(ReqAttributeEnum.SIGN_ALG.name);
        String header5 = request.getHeader(ReqAttributeEnum.SIGN_SN.name);
        String decode = URLDecoder.decode(request.getRequestURI(), "UTF-8");
        this.logger.debug("请求地址,url:[{}]", decode);
        this.logger.debug("验签参数，systemFlag:[{}],sign:[{}],timestamp:[{}],signAlg:[{}],signSn:[{}]", header, header2, header3, header4, header5);
        this.logger.debug("请求body:[{}]", str);
        if (!CheckUtils.checkParamsNotNull(header, header2, header3)) {
            this.logger.error("缺少必要参数");
            response.setStatus(400);
            return getErrorResult(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
        }
        if (checkOverTime(request.getHeader(ReqAttributeEnum.TIMESTAMP.name))) {
            this.logger.error("sdk响应超时");
            response.setStatus(400);
            return getErrorResult(ErrorEnum.RA_SDK_REQUEST_TIMEOUT);
        }
        String str2 = decode.replace("/ra-web", "") + str;
        try {
            if (!SignUtils.verify(header4, CertUtils.getCertFromStr(this.customerDao.getSysCertBySystemFlagAndSn(header, header5)).getPublicKey(), str2, header2)) {
                this.logger.error("sdk请求验签失败");
                this.logger.debug("signSn:[{}]", header5);
                this.logger.debug("source:[{}]", str2);
                this.logger.debug("sign:[{}]", header2);
                response.setStatus(400);
                return getErrorResult(ErrorEnum.REQUEST_BODY_AND_SIGN_BODY_DISACCORD);
            }
            SystemFlagBean systemFlagBean = new SystemFlagBean();
            systemFlagBean.setSystemFlag(header);
            Object[] args = proceedingJoinPoint.getArgs();
            for (int i = 0; i < args.length; i++) {
                if (null != args[i] && args[i].getClass() == SystemFlagBean.class) {
                    args[i] = systemFlagBean;
                }
            }
            return proceedingJoinPoint.proceed(args);
        } catch (Exception e) {
            this.logger.error("正常状态的该系统证书不存在：systemFlag:[{}],signSn:[{}]", header, header5);
            response.setStatus(400);
            return getErrorResult(ErrorEnum.NORMAL_CERT_IS_NOT_EXIST);
        }
    }

    public static void main(String[] strArr) throws Exception {
        System.out.println(SignUtils.verify("1.2.156.10197.1.501", CertUtils.getCertFromStr("-----BEGIN CERTIFICATE-----\nMIIDFTCCArqgAwIBAgIEEAAAVzAKBggqgRzPVQGDdTA2MQswCQYDVQQGEwJDTjEXMBUGA1UECgwOQ2FzY29UZXN0U3ViQ2ExDjAMBgNVBAMMBXN1YkNhMB4XDTE5MTIyNzA4NTIwMVoXDTQ5MTIwOTA4NTIwMVowRzELMAkGA1UEBhMCQ04xFzAVBgNVBAoMDkNhc2NvVGVzdFN1YkNhMRAwDgYDVQQDDAdjYXNjb1JhMQ0wCwYDVQQDDAR0ZXN0MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEpQbDwI+iNJTDhy4m+avytsJuWDREOrgT3B3bcU7CGr1MZaNW+O1bEQR8jFvBHx6rMSMEXxG76TvtcrG7CMyzVaOCAaMwggGfMA4GA1UdDwEB/wQEAwIDODCBgAYDVR0uBHkwdzB1oHOgcYZvbGRhcDovLzExLjEyLjEwNy4xMDA6Mzg5L089Q2FzY29UZXN0Q0EsQz1DTi9jbj1jcmwwLG89c3ViQ2FDUkwsTz1DYXNjb1Rlc3RTdWJDYSxDPUNOP2RlbHRhUmV2b2NhdGlvbkxpc3Q7YmluYXJ5MGIGA1UdIwRbMFmAFDm5j5xeORqC9a8JXnE9PgGg4T3coTukOTA3MQswCQYDVQQGEwJDTjEUMBIGA1UECgwLQ2FzY29UZXN0Q0ExEjAQBgNVBAMMCWNhc2NvUm9vdIIEEAAADTCBhgYDVR0fBH8wfTB7oHmgd4Z1bGRhcDovLzExLjEyLjEwNy4xMDA6Mzg5L089Q2FzY29UZXN0Q0EsQz1DTi9jbj1jcmwwLG89c3ViQ2FDUkwsTz1DYXNjb1Rlc3RTdWJDYSxDPUNOP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q7YmluYXJ5MB0GA1UdDgQWBBSmbACtC8srsgw6myJAJbzWVsPJyDAKBggqgRzPVQGDdQNJADBGAiEA1ZSIxxNZNPwGGYmLuprYgYQEpsSsf9+j7Bo7l2Qs4qsCIQD6TNQjRFiaqVnMONGRL+zO+eG9OWhei9fiDku9Q1yrOg==\n-----END CERTIFICATE-----").getPublicKey(), "/v1/ra-openapi/user/1{\"personUser\":{\"licenseNumber\":\"TldTest\",\"licenseType\":1,\"personName\":\"jiekouTest\",\"sex\":1,\"status\":0}}", "MEYCIQDNef3Y4lvs6/OFOp+DY0/Z2W/mXEf7O3ud6BfVTTiL8gIhAIm6BlEoIwEkGyBgF6ci7M+LGZRZRRtFKV2sz5PpOJKr"));
    }

    private boolean checkOverTime(String str) {
        return System.currentTimeMillis() - Long.parseLong(str) > ((long) ((Integer.parseInt(this.OverTime) * 60) * 1000));
    }

    private String read(Reader reader) {
        try {
            StringWriter stringWriter = new StringWriter();
            char[] cArr = new char[4096];
            while (true) {
                int read = reader.read(cArr);
                if (-1 == read) {
                    return stringWriter.toString();
                }
                stringWriter.write(cArr, 0, read);
            }
        } catch (IOException e) {
            throw new IllegalStateException("获取body字符串失败", e);
        }
    }

    private Object getErrorResult(ErrorEnum errorEnum) {
        ErrorMsg errorMsg = new ErrorMsg();
        errorMsg.setErrorCode(Integer.valueOf(errorEnum.code));
        errorMsg.setErrorMsg(errorEnum.desc);
        return errorMsg;
    }
}
