package com.crawler.uc.support;

import com.crawler.client.http.SecurityHttpClient;
import com.crawler.uc.authens.BaseUserInfo;
import com.crawler.uc.authens.UserRole;
import com.crawler.uc.exception.AuthenticationException;
import com.crawler.uc.security.MacTokenAuthentication;
import com.crawler.uc.utils.UcSimulator;
import com.crawler.waf.config.WafProperties;
import com.crawler.waf.security.authens.OauthAccessToken;
import com.crawler.waf.support.Constants;
import com.crawler.waf.utils.Assert;
import com.crawler.waf.utils.StringUtil;
import com.crawler.waqf.common.utils.RequestUtils;
import com.crawler.waqf.common.utils.StringUtils;
import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.codec.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/crawler/uc/support/WafContext.class */
public final class WafContext {
    private static final Logger logger = LoggerFactory.getLogger(WafContext.class);

    public static MacTokenAuthentication getAuthentication() {
        HttpServletRequest request = RequestUtils.getRequest();
        String header = request.getHeader(SecurityHttpClient.AUTHORIZATION);
        if (header == null || !header.startsWith(Constants.AUTHORIZATION_TYPE_MAC)) {
            return null;
        }
        return getMacTokenAuthentication(request, header.replaceAll("^MAC", "").trim());
    }

    public static MacTokenAuthentication getMacTokenAuthentication(HttpServletRequest httpServletRequest, String str) {
        String header = httpServletRequest.getHeader("Host");
        if (StringUtils.isNullOrEmpty(header)) {
            try {
                header = InetAddress.getLocalHost().getHostAddress();
            } catch (UnknownHostException e) {
                throw new AuthenticationException("Host缺失");
            }
        }
        String uri = StringUtil.getURI(header, Integer.valueOf(httpServletRequest.getServerPort()), StringUtil.urlHandler(httpServletRequest));
        String[] split = str.split(",");
        if (split.length < 3) {
            throw new AuthenticationException("Authorization 异常");
        }
        return new MacTokenAuthentication(split[0].substring(split[0].indexOf("=") + 1).replace("\"", "").trim(), split[2].substring(split[2].indexOf("=") + 1).replace("\"", "").trim(), split[1].substring(split[1].indexOf("=") + 1).replace("\"", "").trim(), httpServletRequest.getMethod(), uri, header);
    }

    public static String getUserId() {
        OauthAccessToken currentToken = getCurrentToken();
        if (currentToken == null) {
            return null;
        }
        return currentToken.getUserId();
    }

    public static OauthAccessToken getCurrentToken() {
        OauthAccessToken oauthAccessToken;
        MacTokenAuthentication authentication = getAuthentication();
        if (authentication == null || (oauthAccessToken = UcSimulator.get(Constants.AUTHORIZATION_TYPE_MAC, authentication.getId())) == null) {
            return null;
        }
        checkMac(oauthAccessToken, authentication);
        return oauthAccessToken;
    }

    public static BaseUserInfo getCurrertUserInfo() {
        return UcSimulator.getUserInfo(getUserId());
    }

    public static List<UserRole> getCurrentUserRoles() {
        return UcSimulator.getRoleList(getUserId());
    }

    public static OauthAccessToken checkMac(OauthAccessToken oauthAccessToken, MacTokenAuthentication macTokenAuthentication) {
        Assert.notNull(oauthAccessToken, "ucCheckToken");
        Assert.notNull(macTokenAuthentication, "authRequest");
        StringBuilder sb = new StringBuilder();
        sb.append(macTokenAuthentication.getNonce());
        sb.append("\n");
        sb.append(macTokenAuthentication.getHttpMethod().toUpperCase());
        sb.append("\n");
        sb.append(macTokenAuthentication.getRequestUri());
        sb.append("\n");
        sb.append(macTokenAuthentication.getHost());
        sb.append("\n");
        String encryptHMac256 = encryptHMac256(sb.toString(), oauthAccessToken.getMacKey());
        String md5 = md5(sb.toString(), oauthAccessToken.getMacKey());
        String mac = macTokenAuthentication.getMac();
        String property = WafProperties.getProperty("token.algorithm");
        boolean z = true;
        if ("md5".equalsIgnoreCase(property) && !mac.equalsIgnoreCase(md5)) {
            z = false;
        } else if ("hmac256".equalsIgnoreCase(property) && !mac.equalsIgnoreCase(encryptHMac256)) {
            z = false;
        } else if (!mac.equalsIgnoreCase(encryptHMac256) && !mac.equalsIgnoreCase(md5)) {
            z = false;
        }
        if (z) {
            return oauthAccessToken;
        }
        logger.error(macTokenAuthentication.getMac() + ":" + sb.toString());
        throw new AuthenticationException("授权校验失败");
    }

    public static String encryptHMac256(String str, String str2) {
        Assert.notNull(str, "content");
        Assert.notNull(str2, "key");
        SecretKeySpec secretKeySpec = new SecretKeySpec(str2.getBytes(), "HmacSHA256");
        try {
            Mac mac = Mac.getInstance(secretKeySpec.getAlgorithm());
            mac.init(secretKeySpec);
            return new String(Base64.encode(mac.doFinal(str.getBytes())));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static String md5(String str, String str2) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            if (str2 != null && !"".equals(str2)) {
                str = str + "{" + str2.toString() + "}";
            }
            return new String(Hex.encode(messageDigest.digest(str.getBytes("utf-8"))));
        } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) {
            logger.error(e.getMessage(), e);
            return null;
        }
    }
}
