package com.digiwin.dap.middleware.auth.filter;

import com.digiwin.dap.middle.kms.constants.KeyConstant;
import com.digiwin.dap.middleware.auth.AppAuthContextHolder;
import com.digiwin.dap.middleware.auth.domain.RamVersion;
import com.digiwin.dap.middleware.commons.crypto.SignUtils;
import com.digiwin.dap.middleware.commons.util.StrUtils;
import com.digiwin.dap.middleware.constant.DapHttpHeaders;
import com.digiwin.dap.middleware.constant.InternalUrl;
import com.digiwin.dap.middleware.domain.DapEnv;
import com.digiwin.dap.middleware.domain.DapSign;
import com.digiwin.dap.middleware.domain.FilterOrderEnum;
import com.digiwin.dap.middleware.support.DapSecuritySupport;
import com.digiwin.dap.middleware.util.JsonUtils;
import com.digiwin.dap.middleware.util.VerifyUtils;
import java.io.IOException;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.core.Ordered;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:BOOT-INF/lib/dapware-core-2.7.20.jar:com/digiwin/dap/middleware/auth/filter/DapAccessCheckFilter.class */
public class DapAccessCheckFilter extends OncePerRequestFilter implements Ordered {
    private final DapSecuritySupport dapSecuritySupport;
    private final DapEnv dapEnv;

    public DapAccessCheckFilter(DapSecuritySupport dapSecuritySupport) {
        this.dapSecuritySupport = dapSecuritySupport;
        this.dapEnv = dapSecuritySupport.getDapEnv();
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!this.dapEnv.isRamEnabled()) {
            String requestURI = httpServletRequest.getRequestURI();
            if (!InternalUrl.authAllows().containsKey(requestURI) && !isInternal(httpServletRequest)) {
                if (InternalUrl.tokenAnalyzes().containsKey(requestURI)) {
                    if (RamVersion.of(httpServletRequest.getParameter("ramVersion")) == RamVersion.v1) {
                        this.dapSecuritySupport.ramCheckV1(AppAuthContextHolder.getContext().getRequestInfo());
                    }
                } else if (RamVersion.of(this.dapEnv.getRamVersion()) == RamVersion.v2) {
                    this.dapSecuritySupport.ramCheckV2(httpServletRequest);
                }
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private boolean isInternal(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(DapHttpHeaders.AUTH_ARG.getHeader());
        if (!StrUtils.isNotEmpty(header)) {
            return false;
        }
        try {
            DapSign dapSign = DapSign.get(header);
            VerifyUtils.sign(dapSign, () -> {
                return true;
            });
            return SignUtils.verify(JsonUtils.objToMap(dapSign), KeyConstant.OTHER, new Map[0]);
        } catch (Exception e) {
            this.logger.error(e.getMessage(), e);
            return false;
        }
    }

    @Override // org.springframework.core.Ordered
    public int getOrder() {
        return FilterOrderEnum.ACCESS_CHECK.order();
    }
}
