package kd.bos.auth.filter.impl;

import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import kd.bos.auth.filter.AuthFilter;
import kd.bos.auth.filter.HandleResult;
import kd.bos.context.RequestContext;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.dataentity.utils.StringUtils;
import kd.bos.dc.api.model.Account;
import kd.bos.dc.utils.AccountUtils;
import kd.bos.kcf.ServiceContext;
import kd.bos.kcf.message.KMessage;
import kd.bos.krpc.common.URL;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.openapi.common.constant.ApiErrorCode;
import kd.bos.openapi.common.constant.ResSystemType;
import kd.bos.openapi.common.exception.OpenApiException;
import kd.bos.openapi.common.util.ApiDataUtil;
import kd.bos.openapi.common.util.CollectionUtil;
import kd.bos.openapi.common.util.EncryptUtil;
import kd.bos.openapi.common.util.McConfigUtil;
import kd.bos.openapi.common.util.StringUtil;
import kd.bos.openapi.kcf.context.OpenApiAuthContext;
import kd.bos.openapi.kcf.result.ResultProcessUtil;
import kd.bos.openapi.kcf.spi.OpenApiServiceManager;
import kd.bos.openapi.kcf.utils.ApiAuthLogUtil;
import kd.bos.openapi.kcf.utils.OpenApiExceptionUtil;
import kd.bos.service.authorize.model.ApiCommonResult;
import kd.bos.service.authorize.model.AuthInfo;
import kd.bos.service.authorize.model.AuthResult;
import kd.bos.service.authorize.model.AuthTypeEnum;
import kd.bos.service.authorize.model.SignInfo;

/* loaded from: input_file:kd/bos/auth/filter/impl/DigestAuthFilter.class */
public class DigestAuthFilter extends AbstractCommonFilter implements AuthFilter {
    private static final Log log = LogFactory.getLog(DigestAuthFilter.class);

    @Override // kd.bos.auth.filter.AuthFilter
    public HandleResult<ApiCommonResult> doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        AuthInfo of;
        long currentTimeMillis = System.currentTimeMillis();
        String apiUrl = ApiDataUtil.getApiUrl(httpServletRequest);
        try {
            try {
                String authType = OpenApiAuthContext.getContext().getAuthType();
                if (StringUtil.isNotEmpty(authType) && !"2".equalsIgnoreCase(authType)) {
                    HandleResult<ApiCommonResult> handleResult = HandleResult.getHandleResult(null);
                    handleResult.setHandled(false);
                    int currentTimeMillis2 = (int) (System.currentTimeMillis() - currentTimeMillis);
                    if (OpenApiAuthContext.getContext().isParamErrorCode()) {
                        ApiAuthLogUtil.writeAuthApiLog(apiUrl, currentTimeMillis2);
                    }
                    return handleResult;
                }
                String method = httpServletRequest.getMethod();
                String requestURI = httpServletRequest.getRequestURI();
                String str = OpenApiAuthContext.getContext().getHeaders().get(ServiceContext.KEY_APPID);
                String str2 = OpenApiAuthContext.getContext().getHeaders().get("signature");
                String str3 = OpenApiAuthContext.getContext().getQueryMap().get("signature");
                String str4 = OpenApiAuthContext.getContext().getHeaders().get("timestamp");
                String str5 = OpenApiAuthContext.getContext().getHeaders().get("signaturenonce");
                boolean z = false;
                String str6 = "";
                String tenantId = OpenApiAuthContext.getContext().getCurrentCenter().getTenantId();
                Account currentCenter = OpenApiAuthContext.getContext().getCurrentCenter();
                if ("2".equalsIgnoreCase(authType)) {
                    String basicAuthParamsByRequest = getBasicAuthParamsByRequest(requestURI, "openapisign");
                    if (!EncryptUtil.isBase64(basicAuthParamsByRequest)) {
                        throw new OpenApiException(ApiErrorCode.LOGIN_BIZ_ERROR, String.format(ResManager.loadKDString("认证信息不正确，认证不通过：%1$s", "DigestFilter_2", ResSystemType.KCF.getType(), new Object[0]), "accessKey is invalid"), new Object[0]);
                    }
                    Map<String, String> accountIdAndSignCode = getAccountIdAndSignCode(basicAuthParamsByRequest);
                    String str7 = accountIdAndSignCode.get("signCode");
                    currentCenter = AccountUtils.getAccountById(accountIdAndSignCode.get("accountId"));
                    if (currentCenter == null) {
                        throw new OpenApiException(ApiErrorCode.HTTP_BAD_REQUEST, ResManager.loadKDString("获取数据中心错误。", "DigestFilter_1", ResSystemType.KCF.getType(), new Object[0]), new Object[0]);
                    }
                    if (!EncryptUtil.isBase64(str7)) {
                        throw new OpenApiException(ApiErrorCode.LOGIN_BIZ_ERROR, String.format(ResManager.loadKDString("认证信息不正确，认证不通过。%1$s", "DigestFilter_2", ResSystemType.KCF.getType(), new Object[0]), "signCode is invalid"), new Object[0]);
                    }
                    of = AuthInfo.of(authType, str7, currentCenter.getAccountId());
                    of.setUrl(requestURI.substring(httpServletRequest.getContextPath().length()));
                    of.setCommonAuth(true);
                    if ("POST".equalsIgnoreCase(method)) {
                        if (!KMessage.JSON.equalsIgnoreCase(httpServletRequest.getContentType())) {
                            throw new OpenApiException(ApiErrorCode.HTTP_UNAUTHORIZED, ResManager.loadKDString("请求header的ContentType需要设置为application/json。", "DigestFilter_0", ResSystemType.KCF.getType(), new Object[0]), new Object[0]);
                        }
                        str6 = OpenApiAuthContext.getContext().getBody().trim();
                        z = true;
                    } else if ("GET".equalsIgnoreCase(method) && StringUtils.isNotEmpty(str3)) {
                        str4 = URL.decode(OpenApiAuthContext.getContext().getQueryMap().get("timestamp"));
                        str5 = OpenApiAuthContext.getContext().getQueryMap().get("signaturenonce");
                        String str8 = OpenApiAuthContext.getContext().getQueryMap().get("parameters");
                        str2 = str3;
                        if (StringUtils.isEmpty(str8)) {
                            throw new OpenApiException(ApiErrorCode.HTTP_BAD_REQUEST, ResManager.loadKDString("参数错误:缺少parameters参数。", "DigestFilter_3", ResSystemType.KCF.getType(), new Object[0]), new Object[0]);
                        }
                        str6 = getRequestGetParams(str8, httpServletRequest);
                        z = true;
                    }
                } else {
                    of = AuthInfo.of(AuthTypeEnum.AUTH_DIGEST.getId(), "", currentCenter.getAccountId());
                    of.setCommonAuth(false);
                    if ("POST".equalsIgnoreCase(method) && StringUtil.isNotEmpty(str2) && StringUtil.isNotEmpty(str)) {
                        if (!KMessage.JSON.equalsIgnoreCase(httpServletRequest.getContentType())) {
                            throw new OpenApiException(ApiErrorCode.HTTP_UNAUTHORIZED, ResManager.loadKDString("请求header的ContentType需要设置为application/json。", "DigestFilter_0", ResSystemType.KCF.getType(), new Object[0]), new Object[0]);
                        }
                        if (StringUtil.isEmpty(OpenApiAuthContext.getContext().getHeaders().get("user"))) {
                            throw new OpenApiException(ApiErrorCode.LOGIN_BIZ_ERROR, ResManager.loadKDString("您的账号在系统中不存在。", "DigestFilter_8", ResSystemType.KCF.getType(), new Object[0]), new Object[0]);
                        }
                        String str9 = OpenApiAuthContext.getContext().getHeaders().get("usertype");
                        of.setUser(OpenApiAuthContext.getContext().getHeaders().get("user"));
                        of.setUserType(str9);
                        str6 = OpenApiAuthContext.getContext().getBody();
                        String lang = OpenApiAuthContext.getContext().getLang() != null ? OpenApiAuthContext.getContext().getLang().toString() : "";
                        if (StringUtil.isEmpty(lang)) {
                            lang = OpenApiAuthContext.getContext().getContextMap().get("language") != null ? (String) OpenApiAuthContext.getContext().getContextMap().get("language") : "";
                        }
                        of.setLanguage(lang);
                        z = true;
                    } else if ("GET".equalsIgnoreCase(method) && StringUtils.isNotEmpty(str3)) {
                        str = OpenApiAuthContext.getContext().getQueryMap().get(ServiceContext.KEY_APPID);
                        if (StringUtils.isEmpty(str)) {
                            throw new OpenApiException(ApiErrorCode.HTTP_UNAUTHORIZED, ResManager.loadKDString("未经授权的访问。", "DigestFilter_11", ResSystemType.KCF.getType(), new Object[0]), new Object[0]);
                        }
                        str4 = URL.decode(OpenApiAuthContext.getContext().getQueryMap().get("timestamp"));
                        str5 = OpenApiAuthContext.getContext().getQueryMap().get("signaturenonce");
                        String str10 = OpenApiAuthContext.getContext().getQueryMap().get("parameters");
                        str2 = str3;
                        if (StringUtils.isEmpty(str10)) {
                            throw new OpenApiException(ApiErrorCode.HTTP_BAD_REQUEST, ResManager.loadKDString("摘要认证缺少参数:%1$s。", "DigestFilter_4", ResSystemType.KCF.getType(), new Object[0]), new Object[]{"parameters"});
                        }
                        if (StringUtil.isEmpty(OpenApiAuthContext.getContext().getQueryMap().get("user"))) {
                            throw new OpenApiException(ApiErrorCode.LOGIN_BIZ_ERROR, ResManager.loadKDString("您的账号在系统中不存在。", "DigestFilter_8", ResSystemType.KCF.getType(), new Object[0]), new Object[0]);
                        }
                        String str11 = OpenApiAuthContext.getContext().getQueryMap().get("usertype");
                        of.setUser(OpenApiAuthContext.getContext().getQueryMap().get("user"));
                        of.setUserType(str11);
                        String lang2 = OpenApiAuthContext.getContext().getLang() != null ? OpenApiAuthContext.getContext().getLang().toString() : "";
                        if (StringUtil.isEmpty(lang2)) {
                            lang2 = OpenApiAuthContext.getContext().getQueryMap().get("language");
                        }
                        of.setLanguage(lang2);
                        z = true;
                        str6 = getRequestGetParams(str10, httpServletRequest);
                    }
                }
                if (!z) {
                    HandleResult<ApiCommonResult> handleResult2 = HandleResult.getHandleResult(null);
                    handleResult2.setHandled(false);
                    int currentTimeMillis3 = (int) (System.currentTimeMillis() - currentTimeMillis);
                    if (OpenApiAuthContext.getContext().isParamErrorCode()) {
                        ApiAuthLogUtil.writeAuthApiLog(apiUrl, currentTimeMillis3);
                    }
                    return handleResult2;
                }
                of.setThirdAppNumber(str);
                SignInfo of2 = SignInfo.of(str, currentCenter.getAccountId(), tenantId);
                of2.setDateTime(str4);
                of2.setContent(str6);
                of2.setSignatureNonce(str5);
                of2.setSignature(str2);
                of2.setAuthType(AuthTypeEnum.AUTH_DIGEST.getId());
                of.setAuthType(AuthTypeEnum.AUTH_DIGEST.getId());
                of.setSignInfo(of2);
                AuthResult auth = OpenApiServiceManager.getOpenApiAuthService().auth(of);
                if (!auth.isStatus()) {
                    if ("invalidAppId".equalsIgnoreCase(auth.getMessage())) {
                        throw new OpenApiException(ApiErrorCode.HTTP_BAD_REQUEST, ResManager.loadKDString("不正确的第三方appId或后台key没有配置。", "DigestFilter_5", ResSystemType.KCF.getType(), new Object[0]), new Object[0]);
                    }
                    throw new OpenApiException(ApiErrorCode.HTTP_BAD_REQUEST, String.format(ResManager.loadKDString("认证信息不正确，认证不通过:%1$s", "DigestFilter_2", ResSystemType.KCF.getType(), new Object[0]), auth.getMessage()), new Object[0]);
                }
                ApiCommonResult successResult = ApiCommonResult.getSuccessResult("0", ResManager.loadKDString("摘要认证通过。", "DigestFilter_7", ResSystemType.KCF.getType(), new Object[0]));
                successResult.setData(auth);
                ((AuthResult) successResult.getData()).setAccountId(currentCenter.getAccountId());
                if (McConfigUtil.isSecurityLogOpen(RequestContext.get().getTenantId())) {
                    log.info("DigestAuth pass.");
                }
                HandleResult<ApiCommonResult> handleResult3 = HandleResult.getHandleResult(successResult);
                int currentTimeMillis4 = (int) (System.currentTimeMillis() - currentTimeMillis);
                if (OpenApiAuthContext.getContext().isParamErrorCode()) {
                    ApiAuthLogUtil.writeAuthApiLog(apiUrl, currentTimeMillis4);
                }
                return handleResult3;
            } catch (Throwable th) {
                th = th;
                String str12 = "----DigestAuth OpenApi Auth Failed. error:" + th.getMessage();
                log.error(str12, th);
                if ((th instanceof OpenApiException) && ApiErrorCode.Data_Invalid.getStatusCode().equals(((OpenApiException) th).getCode())) {
                    th = new OpenApiException(th, ApiErrorCode.HTTP_BAD_REQUEST, th.getMessage(), new Object[0]);
                }
                ApiCommonResult failResult = ApiCommonResult.getFailResult(ApiErrorCode.HTTP_BAD_REQUEST.getStatusCode(), str12);
                OpenApiExceptionUtil.handleAuthException(th, httpServletResponse, failResult);
                ResultProcessUtil.processAuthResult(httpServletRequest, httpServletResponse, failResult, true);
                HandleResult<ApiCommonResult> handleResult4 = HandleResult.getHandleResult(failResult);
                int currentTimeMillis5 = (int) (System.currentTimeMillis() - currentTimeMillis);
                if (OpenApiAuthContext.getContext().isParamErrorCode()) {
                    ApiAuthLogUtil.writeAuthApiLog(apiUrl, currentTimeMillis5);
                }
                return handleResult4;
            }
        } catch (Throwable th2) {
            int currentTimeMillis6 = (int) (System.currentTimeMillis() - currentTimeMillis);
            if (OpenApiAuthContext.getContext().isParamErrorCode()) {
                ApiAuthLogUtil.writeAuthApiLog(apiUrl, currentTimeMillis6);
            }
            throw th2;
        }
    }

    private String getRequestGetParams(String str, HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("parameters");
        if (StringUtil.isEmpty(parameter)) {
            parameter = "";
        }
        String[] split = parameter.split(",");
        StringBuilder sb = new StringBuilder();
        int i = 0;
        int i2 = 0;
        while (i < split.length) {
            String[] parameterValues = httpServletRequest.getParameterValues(split[i]);
            if (CollectionUtil.isNotEmpty(parameterValues)) {
                for (String str2 : parameterValues) {
                    String stringValue = StringUtil.getStringValue(str2);
                    if (i2 == 0) {
                        sb.append(split[i]).append("=").append(stringValue);
                    } else {
                        sb.append("&").append(split[i]).append("=").append(stringValue);
                    }
                    i2++;
                }
            }
            i++;
            i2++;
        }
        return sb.toString();
    }
}
