package cn.com.yusys.udp.cloud.gateway.filter;

import cn.com.yusys.udp.cloud.gateway.depositories.UcgBodyDecryptDepository;
import cn.com.yusys.udp.cloud.gateway.exception.UcgException;
import cn.com.yusys.udp.cloud.gateway.util.UcgCryptoUtils;
import cn.com.yusys.udp.cloud.gateway.util.UcgUtils;
import cn.hutool.core.util.HexUtil;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.http.HttpStatus;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/* loaded from: input_file:cn/com/yusys/udp/cloud/gateway/filter/UcgBodyDecryptFilter.class */
public class UcgBodyDecryptFilter implements UcgFilter {
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    public static final int ORDER = -2147473648;
    private final UcgBodyDecryptDepository depository;

    public UcgBodyDecryptFilter(UcgBodyDecryptDepository ucgBodyDecryptDepository) {
        this.depository = ucgBodyDecryptDepository;
    }

    public Mono<Void> filter(ServerWebExchange serverWebExchange, GatewayFilterChain gatewayFilterChain) {
        String str;
        if (!this.depository.isEnabled()) {
            return gatewayFilterChain.filter(serverWebExchange);
        }
        this.logger.trace("[udp-cloud-gateway]: UcgBodyDecryptFilter start");
        String obj = serverWebExchange.getRequest().getPath().toString();
        if (!UcgUtils.antMatch(obj, this.depository.getPaths())) {
            this.logger.trace("[udp-cloud-gateway]: [BodyDecrypt] ignored path: {}", obj);
            return gatewayFilterChain.filter(serverWebExchange);
        }
        try {
            byte[] decodeHex = HexUtil.decodeHex(serverWebExchange.getRequest().getHeaders().getFirst(this.depository.getDecryptKeyName()));
            byte[] decodeHex2 = HexUtil.decodeHex(this.depository.getPrivateKeyHex());
            switch (this.depository.getAsymmetricType()) {
                case RSA:
                    str = new String(UcgCryptoUtils.rsaDecode(decodeHex, decodeHex2), StandardCharsets.UTF_8);
                    break;
                default:
                    str = new String(UcgCryptoUtils.sm2Decode(UcgCryptoUtils.sm2DecodeFix(decodeHex), decodeHex2), StandardCharsets.UTF_8);
                    break;
            }
            serverWebExchange.getAttributes().put(UcgUtils.DECRYPT_KEY, str);
            ArrayList<String> arrayList = null;
            if (!this.depository.isKeepDecryptKey()) {
                arrayList = new ArrayList<String>() { // from class: cn.com.yusys.udp.cloud.gateway.filter.UcgBodyDecryptFilter.1
                    {
                        add(UcgBodyDecryptFilter.this.depository.getDecryptKeyName());
                    }
                };
            }
            String str2 = str;
            return UcgUtils.rewriteRequestBody(serverWebExchange, gatewayFilterChain, (serverWebExchange2, str3) -> {
                byte[] sm4Decode;
                if (str3 == null) {
                    return Mono.empty();
                }
                try {
                    byte[] decodeHex3 = HexUtil.decodeHex(str3);
                    byte[] byteFix = UcgCryptoUtils.toByteFix(str2, 16);
                    switch (this.depository.getSymmetricType()) {
                        case AES:
                            sm4Decode = UcgCryptoUtils.aesDecode(decodeHex3, byteFix);
                            break;
                        default:
                            sm4Decode = UcgCryptoUtils.sm4Decode(decodeHex3, byteFix);
                            break;
                    }
                    return Mono.just(new String(sm4Decode, StandardCharsets.UTF_8));
                } catch (Exception e) {
                    this.logger.error("body decode error", e);
                    throw new UcgException(HttpStatus.FORBIDDEN, "body decode error");
                }
            }, arrayList);
        } catch (Exception e) {
            this.logger.error("header key decode error", e);
            throw new UcgException(HttpStatus.FORBIDDEN, "header key decode error");
        }
    }

    public int getOrder() {
        return ORDER;
    }
}
