package com.zxkxc.cloud.extension.encrypt.transfer.filter;

import com.alibaba.fastjson2.JSONObject;
import com.alibaba.fastjson2.JSONWriter;
import com.zxkxc.cloud.common.enums.ResultCode;
import com.zxkxc.cloud.common.model.ReqResult;
import com.zxkxc.cloud.common.utils.CryptoUtil;
import com.zxkxc.cloud.common.utils.ServletUtil;
import com.zxkxc.cloud.extension.encrypt.transfer.dto.RequestDataDto;
import com.zxkxc.cloud.extension.encrypt.transfer.wrapper.RefactorHttpServletRequestWrapper;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

@Component
@Order(20)
/* loaded from: input_file:com/zxkxc/cloud/extension/encrypt/transfer/filter/RequestDataEncryptFilter.class */
public class RequestDataEncryptFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger(RequestDataEncryptFilter.class);

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!Boolean.TRUE.equals(Boolean.valueOf(httpServletRequest.getHeader("encrypt")))) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        RequestDataDto requestDataDto = (RequestDataDto) JSONObject.parseObject(getRequestBody(new RefactorHttpServletRequestWrapper(httpServletRequest)), RequestDataDto.class);
        if (!CryptoUtil.hashValue(requestDataDto.data() + requestDataDto.extra() + requestDataDto.salt() + requestDataDto.timestamp()).equals(requestDataDto.signature())) {
            ServletUtil.renderString(httpServletResponse, JSONObject.toJSONString(ReqResult.failure(ResultCode.PARAM_IS_INVALID, "参数有误，内容可能被篡改！"), new JSONWriter.Feature[0]));
            return;
        }
        String sm2Decrypt = CryptoUtil.sm2Decrypt(requestDataDto.extra());
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(JSONObject.parseObject(CryptoUtil.sm4CbcDecrypt(requestDataDto.data(), sm2Decrypt.substring(0, 32), sm2Decrypt.substring(32))).getString("body").getBytes());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        IOUtils.copy(byteArrayInputStream, byteArrayOutputStream);
        filterChain.doFilter(new RefactorHttpServletRequestWrapper(httpServletRequest, byteArrayOutputStream), httpServletResponse);
    }

    private String getRequestBody(HttpServletRequest httpServletRequest) {
        try {
            BufferedReader reader = httpServletRequest.getReader();
            StringBuilder sb = new StringBuilder();
            while (true) {
                String readLine = reader.readLine();
                if (readLine == null) {
                    return sb.toString();
                }
                sb.append(readLine);
            }
        } catch (IOException e) {
            log.error("请求体读取失败:{}", e.getMessage());
            return "";
        }
    }
}
