package cn.com.yusys.udp.cloud.gateway.openapi;

import cn.com.yusys.udp.cloud.commons.util.UcCryptoUtils;
import cn.com.yusys.udp.cloud.gateway.config.UcgOpenApiConfig;
import cn.com.yusys.udp.cloud.gateway.context.UcgContext;
import cn.com.yusys.udp.cloud.gateway.depositories.UcgOpenApiDepository;
import cn.com.yusys.udp.cloud.gateway.exception.UcgException;
import cn.com.yusys.udp.cloud.gateway.util.UcgUtils;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.boot.web.client.RestTemplateCustomizer;
import org.springframework.cloud.client.ServiceInstance;
import org.springframework.cloud.client.loadbalancer.DefaultRequest;
import org.springframework.cloud.client.loadbalancer.LoadBalancerClient;
import org.springframework.cloud.client.loadbalancer.RequestData;
import org.springframework.cloud.client.loadbalancer.RequestDataContext;
import org.springframework.cloud.gateway.support.DelegatingServiceInstance;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.http.server.RequestPath;
import org.springframework.web.client.DefaultResponseErrorHandler;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.server.ServerWebExchange;

/* loaded from: input_file:cn/com/yusys/udp/cloud/gateway/openapi/UcgOpenApiHttpAuthChecker.class */
public class UcgOpenApiHttpAuthChecker implements UcgOpenApiAuthChecker {
    private static final String LB_SCHEME = "lb";
    protected final UcgOpenApiDepository depository;
    protected final LoadBalancerClient loadBalancer;
    protected RestTemplate restTemplate;
    private final Logger logger = LoggerFactory.getLogger(getClass());
    protected ObjectMapper objectMapper = new ObjectMapper();

    /* loaded from: input_file:cn/com/yusys/udp/cloud/gateway/openapi/UcgOpenApiHttpAuthChecker$NoOpResponseErrorHandler.class */
    static class NoOpResponseErrorHandler extends DefaultResponseErrorHandler {
        NoOpResponseErrorHandler() {
        }

        public void handleError(ClientHttpResponse clientHttpResponse) throws IOException {
        }
    }

    public UcgOpenApiHttpAuthChecker(UcgOpenApiDepository ucgOpenApiDepository, LoadBalancerClient loadBalancerClient) {
        this.depository = ucgOpenApiDepository;
        this.loadBalancer = loadBalancerClient;
        long httpAuthTimeout = ucgOpenApiDepository.getHttpAuthTimeout();
        this.restTemplate = new RestTemplateBuilder(new RestTemplateCustomizer[0]).setConnectTimeout(Duration.ofMillis(httpAuthTimeout)).setReadTimeout(Duration.ofMillis(httpAuthTimeout)).build();
        this.restTemplate.setErrorHandler(new NoOpResponseErrorHandler());
        this.objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
    }

    @Override // cn.com.yusys.udp.cloud.gateway.openapi.UcgOpenApiAuthChecker
    public Map<String, String> check(UcgOpenApiConfig.Client client, UcgOpenApiConfig.Path path, String str, String str2, ServerWebExchange serverWebExchange) {
        if (!client.getClientSecret().equals(str)) {
            throw new UcgException(HttpStatus.UNAUTHORIZED, "[udp-cloud-gateway]: [OpenAPI] （" + client.getClientId() + "） secret not match");
        }
        URI checkUrl = getCheckUrl(client, serverWebExchange);
        this.logger.trace("[udp-cloud-gateway]: [OpenAPI] http check url {}", checkUrl);
        RequestPath requestPath = (RequestPath) serverWebExchange.getAttribute(UcgUtils.REQUEST_ORIGIN_PATH_ATTR);
        HttpAuthPostInfo httpAuthPostInfo = new HttpAuthPostInfo(client.getClientId(), str2, requestPath == null ? null : requestPath.toString(), (HttpMethod) serverWebExchange.getAttribute(UcgUtils.REQUEST_ORIGIN_METHOD_ATTR));
        long currentTimeMillis = System.currentTimeMillis();
        String postHttpValid = postHttpValid(checkUrl, httpAuthPostInfo);
        Map<String, Object> parseUserInfo = parseUserInfo(postHttpValid);
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("[udp-cloud-gateway]: [OpenAPI] http check cost {}ms, response {}", Long.valueOf(System.currentTimeMillis() - currentTimeMillis), parseUserInfo.toString());
        }
        HashMap hashMap = new HashMap(4);
        hashMap.put("Baggage-Session-Context", UcgUtils.buildBaggageSessionContext(parseUserInfo, this.depository.getSessionContextClass()));
        hashMap.put("Session-Context", UcCryptoUtils.toHexString(postHttpValid.getBytes(StandardCharsets.UTF_8)));
        return hashMap;
    }

    protected String postHttpValid(URI uri, HttpAuthPostInfo httpAuthPostInfo) {
        try {
            String writeValueAsString = this.objectMapper.writeValueAsString(httpAuthPostInfo);
            HttpHeaders httpHeaders = new HttpHeaders();
            httpHeaders.set("Content-Type", "application/json;charset=UTF-8");
            ResponseEntity exchange = this.restTemplate.exchange(uri, HttpMethod.POST, new HttpEntity(writeValueAsString, httpHeaders), String.class);
            if (exchange.getStatusCode() != HttpStatus.OK) {
                throw new UcgException(HttpStatus.UNAUTHORIZED, "[udp-cloud-gateway]: [OpenAPI] " + httpAuthPostInfo.getClientId() + " http valid fail, StatusCode=" + exchange.getStatusCode());
            }
            return (String) exchange.getBody();
        } catch (UcgException e) {
            throw e;
        } catch (Exception e2) {
            this.logger.error("[udp-cloud-gateway]: [OpenAPI]", e2);
            throw new UcgException(HttpStatus.UNAUTHORIZED, "[udp-cloud-gateway]: [OpenAPI] " + httpAuthPostInfo.getClientId() + " request error");
        }
    }

    protected Map<String, Object> parseUserInfo(String str) {
        try {
            return (Map) this.objectMapper.readValue(str, Map.class);
        } catch (JsonProcessingException e) {
            this.logger.error("[udp-cloud-gateway]: [OpenAPI] response parse error: {}", str);
            return new HashMap(4);
        }
    }

    protected URI getCheckUrl(UcgOpenApiConfig.Client client, ServerWebExchange serverWebExchange) {
        URI httpAuthUrl = this.depository.getHttpAuthUrl();
        if (httpAuthUrl != null) {
            try {
                if (LB_SCHEME.equals(httpAuthUrl.getScheme())) {
                    if (this.loadBalancer == null) {
                        throw new UcgException(HttpStatus.INTERNAL_SERVER_ERROR, "[udp-cloud-gateway]: [OpenAPI] " + client.getClientId() + " http check not support lb scheme," + httpAuthUrl);
                    }
                    DefaultRequest defaultRequest = new DefaultRequest(new RequestDataContext(new RequestData(HttpMethod.POST, httpAuthUrl, new HttpHeaders(), new HttpHeaders(), new HashMap(4))));
                    ServiceInstance serviceInstance = (ServiceInstance) CompletableFuture.supplyAsync(() -> {
                        UcgContext.setExchange(serverWebExchange);
                        ServiceInstance choose = this.loadBalancer.choose(httpAuthUrl.getHost(), defaultRequest);
                        UcgContext.clear();
                        return choose;
                    }).get();
                    if (serviceInstance == null) {
                        throw new UcgException(HttpStatus.INTERNAL_SERVER_ERROR, "[udp-cloud-gateway]: [OpenAPI] " + client.getClientId() + " http check lb instance not foud," + httpAuthUrl.getHost());
                    }
                    httpAuthUrl = this.loadBalancer.reconstructURI(new DelegatingServiceInstance(serviceInstance, serviceInstance.isSecure() ? "https" : UcgUtils.OPEN_API_AUTH_TYPE_HTTP), httpAuthUrl);
                }
            } catch (Exception e) {
                this.logger.error("[udp-cloud-gateway]: [OpenAPI]", e);
                throw new UcgException(HttpStatus.INTERNAL_SERVER_ERROR, "[udp-cloud-gateway]: [OpenAPI] " + client.getClientId() + " http check lb instance not foud," + httpAuthUrl.getHost());
            }
        }
        return httpAuthUrl;
    }

    @Override // cn.com.yusys.udp.cloud.gateway.openapi.UcgOpenApiAuthChecker
    public boolean match(UcgOpenApiConfig.Client client) {
        return client != null && UcgUtils.OPEN_API_AUTH_TYPE_HTTP.equalsIgnoreCase(client.getAuthType());
    }
}
