package com.chuangjiangx.merchantapi.base.web.advice;

import com.alibaba.fastjson.JSON;
import com.chuangjiangx.commons.exception.BaseException;
import com.chuangjiangx.dream.common.annotation.SignatureVerification;
import com.chuangjiangx.merchantapi.base.feignclient.MerApplicationServiceClient;
import com.chuangjiangx.merchantserver.api.common.MerRedisConst;
import com.chuangjiangx.merchantserver.api.merchant.mvc.service.dto.MerApplicationDTO;
import com.chuangjiangx.microservice.common.ResultUtils;
import com.chuangjiangx.microservice.common.SignatureUtils;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Type;
import java.util.HashMap;
import java.util.Objects;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.MethodParameter;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.http.HttpInputMessage;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.converter.json.MappingJacksonInputMessage;
import org.springframework.web.bind.annotation.RestControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdviceAdapter;

@RestControllerAdvice
/* loaded from: input_file:BOOT-INF/classes/com/chuangjiangx/merchantapi/base/web/advice/SignatureVerificationAdvice.class */
public class SignatureVerificationAdvice extends RequestBodyAdviceAdapter {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SignatureVerificationAdvice.class);

    @Autowired
    private RedisTemplate redisTemplate;

    @Autowired
    private MerApplicationServiceClient merApplicationServiceClient;

    @Override // org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice
    public boolean supports(MethodParameter methodParameter, Type type, Class<? extends HttpMessageConverter<?>> cls) {
        return ((SignatureVerification) methodParameter.getParameterAnnotation(SignatureVerification.class)) != null;
    }

    @Override // org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdviceAdapter, org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice
    public HttpInputMessage beforeBodyRead(HttpInputMessage httpInputMessage, MethodParameter methodParameter, Type type, Class<? extends HttpMessageConverter<?>> cls) throws IOException {
        SignatureVerification signatureVerification = (SignatureVerification) methodParameter.getParameterAnnotation(SignatureVerification.class);
        if (signatureVerification == null) {
            return super.beforeBodyRead(httpInputMessage, methodParameter, type, cls);
        }
        InputStream body = httpInputMessage.getBody();
        byte[] readFully = IOUtils.readFully(body, body.available());
        if (Objects.equals(SignatureVerification.Type.UNIPAY, signatureVerification.type())) {
            String iOUtils = IOUtils.toString(readFully, "utf-8");
            log.info("支付异步回调json:{}", iOUtils);
            HashMap hashMap = (HashMap) JSON.parseObject(iOUtils, HashMap.class);
            String str = (String) hashMap.get("appid");
            if (StringUtils.isBlank(str)) {
                throw new BaseException("", "appid不存在!");
            }
            boolean verifySign = SignatureUtils.verifySign(hashMap, getAppsecret(str), (String) hashMap.get("sign"));
            if (!verifySign) {
                log.info("unipay异步回调签名验证:{}", Boolean.valueOf(verifySign));
            }
        }
        return new MappingJacksonInputMessage(new ByteArrayInputStream(readFully), httpInputMessage.getHeaders(), null);
    }

    private String getAppsecret(String str) {
        MerApplicationDTO merApplicationDTO = (MerApplicationDTO) this.redisTemplate.opsForHash().get(MerRedisConst.MER_APP_HASHKEY, str);
        if (merApplicationDTO != null) {
            return merApplicationDTO.getAppsecret();
        }
        MerApplicationDTO merApplicationDTO2 = (MerApplicationDTO) ResultUtils.extractData(this.merApplicationServiceClient.get(str), String.format("不存在的appid记录,appid=%1$s", str));
        this.redisTemplate.opsForHash().put(MerRedisConst.MER_APP_HASHKEY, merApplicationDTO2.getAppid(), merApplicationDTO2);
        return merApplicationDTO2.getAppsecret();
    }
}
