package com.chuangjiangx.merchant.base.web.aspect;

import com.alibaba.fastjson.JSON;
import com.chuangjiangx.commons.exception.BaseException;
import com.chuangjiangx.merchant.base.web.aspect.exception.CheckSignException;
import com.chuangjiangx.merchant.base.web.response.Response;
import com.chuangjiangx.merchant.weixinmp.mvc.service.exception.ParameterException;
import com.chuangjiangx.partner.platform.dao.InMerchantApplicationMapper;
import com.chuangjiangx.partner.platform.dao.InOpenApplicationMapper;
import com.chuangjiangx.partner.platform.model.InMerchantApplication;
import com.chuangjiangx.partner.platform.model.InMerchantApplicationExample;
import com.chuangjiangx.partner.platform.model.InOpenApplication;
import com.chuangjiangx.partner.platform.model.InOpenApplicationExample;
import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.TreeMap;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

@Aspect
@Component
/* loaded from: input_file:WEB-INF/classes/com/chuangjiangx/merchant/base/web/aspect/CheckSignAspect.class */
public class CheckSignAspect {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CheckSignAspect.class);

    @Autowired
    private InMerchantApplicationMapper inMerchantApplicationMapper;

    @Autowired
    private InOpenApplicationMapper inOpenApplicationMapper;
    private String whitLists = "com.chuangjiangx.merchant.base.web.aspect.CheckSignAspect,com.chuangjiangx.merchant.base.web.aspect.CheckSignAspect,com.chuangjiangx.merchant.qrcodepay.pay.web.controller.Oauth2Controller,com.chuangjiangx.merchant.invoice.web.controller.InvoiceApiCallbackController";

    @Around("execution(* com.chuangjiangx.merchant.business.web.controller..*.*(..)) ||execution(* com.chuangjiangx.merchant.invoice.web.controller..*.*(..)) ||execution(* com.chuangjiangx.merchant.qrcodepay.pay.web.controller..*.*(..)) ||execution(* com.chuangjiangx.merchant.weixinmp.web.controller..*.*(..))")
    @ResponseBody
    public Object doAround(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        String str = null;
        String str2 = null;
        String name = proceedingJoinPoint.getTarget().getClass().getName();
        boolean booleanValue = filterClass(name).booleanValue();
        log.info("api签名验证：{}，{}", name, booleanValue ? "进入签名验证：" : "免签");
        if (booleanValue) {
            try {
                Map<String, String[]> parameterMap = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest().getParameterMap();
                if (parameterMap == null) {
                    throw new ParameterException("参数异常");
                }
                str2 = parameterMap.get("appid") == null ? null : parameterMap.get("appid")[0];
                if (StringUtils.isBlank(str2)) {
                    throw new CheckSignException("200", "未被授权，appid有误或者请检查是否审核通过");
                }
                String str3 = parameterMap.get("org_id") == null ? null : parameterMap.get("org_id")[0];
                String str4 = parameterMap.get("sign") == null ? null : parameterMap.get("sign")[0];
                if (StringUtils.isBlank(str4)) {
                    throw new ParameterException("签名不能为空");
                }
                str = responsAppsecret(str2, str3);
                requestCheckSign(parameterMap, str, str4);
            } catch (BaseException e) {
                e.printStackTrace();
                Response response = new Response();
                response.setCode(e.getErrCode());
                response.setErr_msg(e.getErrMessage());
                return getResponseSisn(response, null, null);
            } catch (Exception e2) {
                e2.printStackTrace();
                Response response2 = new Response();
                response2.setCode("100");
                response2.setErr_msg("系统错误");
                return getResponseSisn(response2, null, null);
            }
        }
        Object proceed = proceedingJoinPoint.proceed();
        if (booleanValue) {
            responseAddSign(proceed, str, str2);
        }
        return proceed;
    }

    private Response getResponseSisn(Response response, String str, String str2) {
        if (!StringUtils.isNotBlank(str) || !StringUtils.isNotBlank(str2)) {
            response.setOpen_sign(checkNullReturnEmptyString(""));
            response.setOpen_appid(checkNullReturnEmptyString(str));
            return response;
        }
        TreeMap treeMap = new TreeMap();
        treeMap.put("code", response.getCode());
        treeMap.put("err_msg", response.getErr_msg());
        treeMap.put("open_appid", str);
        String sign = sign(treeMap, str2);
        response.setOpen_appid(str);
        response.setOpen_sign(sign);
        return response;
    }

    private Boolean filterClass(String str) {
        if (StringUtils.isBlank(str)) {
            return true;
        }
        for (String str2 : this.whitLists.split(",")) {
            if (str2.equals(str)) {
                return false;
            }
        }
        return true;
    }

    private String checkNullReturnEmptyString(String str) {
        return str == null ? "" : str;
    }

    private void requestCheckSign(Map<String, String[]> map, String str, String str2) {
        log.info("进行签名验证：{}，appsecret：{}", JSON.toJSONString(map), str);
        TreeMap treeMap = new TreeMap();
        for (String str3 : map.keySet()) {
            String str4 = map.get(str3) == null ? null : map.get(str3)[0];
            if (str4 != null && !"sign".equals(str3) && !"fromDiversionModule".equals(str3)) {
                treeMap.put(str3, str4);
            }
            if (str4 != null && "".equals(str4)) {
                throw new ParameterException(str3 + "不能为空字符串");
            }
        }
        String sign = sign(treeMap, str);
        log.info("请求签名:" + str2 + "----系统签名:" + sign);
        if (!sign.equals(str2)) {
            throw new CheckSignException("201", "签名不正确");
        }
    }

    private String sign(Map<String, String> map, String str) {
        List<Map.Entry<String, String>> sequence = getSequence(map);
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, String> entry : sequence) {
            if (entry.getKey() != null && !"sign".equals(entry.getKey()) && !"open_sign".equals(entry.getKey())) {
                sb.append(entry.getKey());
                sb.append("=");
                CharSequence value = entry.getValue();
                if (value instanceof String) {
                    sb.append((String) value);
                    sb.append(BeanFactory.FACTORY_BEAN_PREFIX);
                } else if (value instanceof Integer) {
                    sb.append(String.valueOf(value));
                    sb.append(BeanFactory.FACTORY_BEAN_PREFIX);
                } else if (value instanceof List) {
                    sb.append(getListJson((List) value));
                    sb.append(BeanFactory.FACTORY_BEAN_PREFIX);
                }
            }
        }
        sb.append("appsecret=");
        sb.append(str);
        return DigestUtils.md5Hex(sb.toString()).toUpperCase();
    }

    private void responseAddSign(Object obj, String str, String str2) {
        int i = 0;
        TreeMap treeMap = new TreeMap();
        Class<?> cls = obj.getClass();
        Field field = null;
        Field field2 = null;
        while (cls != null) {
            for (Field field3 : cls.getDeclaredFields()) {
                field3.setAccessible(true);
                try {
                    Object obj2 = field3.get(obj);
                    if (obj2 != null && !"sign".equals(field3.getName()) && !"open_sign".equals(field3.getName())) {
                        if (obj2 instanceof String) {
                            treeMap.put(field3.getName(), (String) obj2);
                        } else if (obj2 instanceof Integer) {
                            treeMap.put(field3.getName(), String.valueOf(obj2));
                        } else if (obj2 instanceof List) {
                            treeMap.put(field3.getName(), getListJson((List) obj2));
                        }
                    }
                    if (obj2 != null && "open_sign".equals(field3.getName())) {
                        field = cls.getDeclaredField("open_sign");
                    } else if (obj2 != null && "open_appid".equals(field3.getName())) {
                        field2 = cls.getDeclaredField("open_appid");
                    }
                } catch (IllegalAccessException | NoSuchFieldException e) {
                    e.printStackTrace();
                }
            }
            cls = cls.getSuperclass();
            if (i >= 3) {
                break;
            } else {
                i++;
            }
        }
        treeMap.put("open_appid", str2);
        String sign = sign(treeMap, str);
        log.info("返回值添加签名：{},签名：{},appsecret：{}", treeMap, sign, str);
        if (field != null) {
            try {
                field.setAccessible(true);
                field.set(obj, sign);
            } catch (IllegalAccessException e2) {
                e2.printStackTrace();
                return;
            }
        }
        if (field2 != null) {
            field2.setAccessible(true);
            field2.set(obj, str2);
        }
    }

    private String getListJson(List list) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < list.size(); i++) {
            List<Map.Entry<String, String>> sequence = getSequence((Map) JSON.parseObject(JSON.toJSONString(list.get(i)), Map.class));
            TreeMap treeMap = new TreeMap();
            for (Map.Entry<String, String> entry : sequence) {
                treeMap.put(entry.getKey(), entry.getValue());
            }
            arrayList.add(treeMap);
        }
        return JSON.toJSONString(arrayList);
    }

    private static List<Map.Entry<String, String>> getSequence(Map<String, String> map) {
        ArrayList arrayList = new ArrayList(map.entrySet());
        arrayList.sort(new Comparator<Map.Entry<String, String>>() { // from class: com.chuangjiangx.merchant.base.web.aspect.CheckSignAspect.1
            @Override // java.util.Comparator
            public int compare(Map.Entry<String, String> entry, Map.Entry<String, String> entry2) {
                return entry.getKey().compareTo(entry2.getKey());
            }
        });
        return arrayList;
    }

    private String responsAppsecret(String str, String str2) {
        if (Objects.isNull(str2)) {
            InMerchantApplicationExample inMerchantApplicationExample = new InMerchantApplicationExample();
            inMerchantApplicationExample.createCriteria().andAppidEqualTo(str);
            List<InMerchantApplication> selectByExample = this.inMerchantApplicationMapper.selectByExample(inMerchantApplicationExample);
            if (selectByExample == null || selectByExample.size() <= 0) {
                throw new CheckSignException("200", "未被授权，appid有误或者请检查是否审核通过");
            }
            return selectByExample.get(0).getAppsecret();
        }
        InOpenApplicationExample inOpenApplicationExample = new InOpenApplicationExample();
        inOpenApplicationExample.createCriteria().andAppIdEqualTo(str);
        List<InOpenApplication> selectByExample2 = this.inOpenApplicationMapper.selectByExample(inOpenApplicationExample);
        if (selectByExample2 == null || selectByExample2.size() <= 0) {
            throw new CheckSignException("200", "未被授权，appid有误或者请检查是否审核通过");
        }
        return selectByExample2.get(0).getKey();
    }
}
