package cn.com.yusys.udp.cloud.gateway.filter;

import cn.com.yusys.udp.cloud.commons.util.UcCryptoUtils;
import cn.com.yusys.udp.cloud.gateway.depositories.UcgRepeatRequestDepository;
import cn.com.yusys.udp.cloud.gateway.repeatrequest.UcgRepeatRequestNonceChecker;
import cn.com.yusys.udp.cloud.gateway.util.UcgUtils;
import java.util.Iterator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.util.StringUtils;
import org.springframework.web.server.ResponseStatusException;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/* loaded from: input_file:cn/com/yusys/udp/cloud/gateway/filter/UcgRepeatRequestFilter.class */
public class UcgRepeatRequestFilter implements UcgFilter {
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    public static final int ORDER = -2147483638;
    private final UcgRepeatRequestDepository depository;
    private final UcgRepeatRequestNonceChecker nonceChecker;

    public UcgRepeatRequestFilter(UcgRepeatRequestDepository ucgRepeatRequestDepository, UcgRepeatRequestNonceChecker ucgRepeatRequestNonceChecker) {
        this.depository = ucgRepeatRequestDepository;
        this.nonceChecker = ucgRepeatRequestNonceChecker;
    }

    public Mono<Void> filter(ServerWebExchange serverWebExchange, GatewayFilterChain gatewayFilterChain) {
        if (!this.depository.isEnabled()) {
            return gatewayFilterChain.filter(serverWebExchange);
        }
        this.logger.trace("[udp-cloud-gateway]: UcgRepeatRequestFilter start");
        String obj = serverWebExchange.getRequest().getPath().toString();
        if (!UcgUtils.antMatch(obj, this.depository.getPaths())) {
            this.logger.trace("[udp-cloud-gateway]: [RepeatRequest] ignored path: {}", obj);
            return gatewayFilterChain.filter(serverWebExchange);
        }
        HttpMethod method = serverWebExchange.getRequest().getMethod();
        boolean z = false;
        Iterator<HttpMethod> it = this.depository.getMethods().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (it.next() == method) {
                z = true;
                break;
            }
        }
        if (!z) {
            this.logger.trace("[udp-cloud-gateway]: [RepeatRequest] ignored method: {}", method);
            return gatewayFilterChain.filter(serverWebExchange);
        }
        String first = serverWebExchange.getRequest().getHeaders().getFirst(this.depository.getTimestampName());
        String first2 = serverWebExchange.getRequest().getHeaders().getFirst(this.depository.getNonceName());
        String first3 = serverWebExchange.getRequest().getHeaders().getFirst(this.depository.getSignName());
        if (StringUtils.isEmpty(first) || StringUtils.isEmpty(first2) || StringUtils.isEmpty(first3)) {
            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "nonce sign param check fail");
        }
        try {
            if (Math.abs(System.currentTimeMillis() - Long.parseLong(first)) > this.depository.getCacheTimeMs()) {
                throw new ResponseStatusException(HttpStatus.FORBIDDEN, "repeat request check fail: expired request - " + this.depository.getCacheTimeMs());
            }
            String hexString = UcCryptoUtils.toHexString(UcCryptoUtils.md5(this.depository.getSignKey() + first + first2));
            if (hexString == null || !hexString.equalsIgnoreCase(first3)) {
                throw new ResponseStatusException(HttpStatus.FORBIDDEN, "repeat request check fail: sign check fail");
            }
            if (this.nonceChecker.check(first2)) {
                return gatewayFilterChain.filter(serverWebExchange);
            }
            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "repeat request check fail: repeated request");
        } catch (Exception e) {
            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "repeat request param check fail: " + this.depository.getSignName());
        }
    }

    public int getOrder() {
        return ORDER;
    }
}
