package com.supwisdom.insititute.token.server.security.domain.securitykey.filter;

import com.alipay.api.AlipayConstants;
import com.supwisdom.insititute.token.server.core.utils.RSAUtils;
import com.supwisdom.insititute.token.server.security.domain.core.userdetails.TokenUser;
import com.supwisdom.insititute.token.server.security.domain.securitykey.service.SecurityKeyService;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.TreeSet;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:BOOT-INF/lib/token-server-security-domain-1.5.6-SNAPSHOT.jar:com/supwisdom/insititute/token/server/security/domain/securitykey/filter/SecurityVerifySignFilter.class */
public class SecurityVerifySignFilter extends OncePerRequestFilter {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SecurityVerifySignFilter.class);
    private final SecurityKeyService securityKeyService;

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        Authentication authentication;
        String parameter = httpServletRequest.getParameter("username");
        String parameter2 = httpServletRequest.getParameter("deviceId");
        String parameter3 = httpServletRequest.getParameter(AlipayConstants.SIGN);
        log.debug("sign is {}", parameter3);
        String parameter4 = httpServletRequest.getParameter("timestamp");
        log.debug("timestamp is {}", parameter4);
        String convertToSignData = convertToSignData(httpServletRequest);
        long currentTimeMillis = System.currentTimeMillis();
        if ((parameter == null || parameter.trim().length() == 0) && (authentication = SecurityContextHolder.getContext().getAuthentication()) != null && authentication.isAuthenticated() && (authentication.getPrincipal() instanceof TokenUser)) {
            parameter = ((TokenUser) authentication.getPrincipal()).getUsername();
        }
        if (parameter == null || parameter.trim().length() == 0) {
            httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), "exception.security.verify.sign.load.key.error, username is empty");
            return;
        }
        String loadPublicKeyPem = this.securityKeyService.loadPublicKeyPem(parameter, parameter2);
        log.debug("loadPublicKeyPem is {}", loadPublicKeyPem);
        if (loadPublicKeyPem == null) {
            httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), "exception.security.verify.sign.load.key.error, not exist");
            return;
        }
        try {
            if (!RSAUtils.verify(parameter3, convertToSignData, RSAUtils.getPublicKey(loadPublicKeyPem))) {
                httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), "exception.security.verify.sign.not.verify");
            } else if (Math.abs(Long.valueOf(parameter4).longValue() - currentTimeMillis) > 300000) {
                httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), "exception.security.verify.sign.timestamp.expired");
            } else {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), "exception.security.verify.sign.unknown.error");
        } catch (InvalidKeySpecException e2) {
            e2.printStackTrace();
            httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), "exception.security.verify.sign.unknown.error");
        }
    }

    private String convertToSignData(HttpServletRequest httpServletRequest) {
        TreeSet treeSet = new TreeSet();
        Enumeration<String> parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String nextElement = parameterNames.nextElement();
            if (!AlipayConstants.SIGN.equalsIgnoreCase(nextElement)) {
                for (String str : httpServletRequest.getParameterValues(nextElement)) {
                    String format = String.format("%s=%s", nextElement, str);
                    log.debug("parameterNameValue is {}", format);
                    treeSet.add(format);
                }
            }
        }
        StringBuffer stringBuffer = new StringBuffer();
        Iterator it = treeSet.iterator();
        while (it.hasNext()) {
            stringBuffer.append(it.next());
            if (it.hasNext()) {
                stringBuffer.append(BeanFactory.FACTORY_BEAN_PREFIX);
            }
        }
        String stringBuffer2 = stringBuffer.toString();
        if (log.isDebugEnabled()) {
            log.debug("signData.length is {}", Integer.valueOf(stringBuffer2.length()));
        }
        return stringBuffer2;
    }

    public SecurityVerifySignFilter(SecurityKeyService securityKeyService) {
        this.securityKeyService = securityKeyService;
    }
}
