package cn.kinyun.pay.business.service.config;

import cn.kinyun.pay.business.dto.request.BaseRequest;
import cn.kinyun.pay.business.dto.response.BaseResponse;
import cn.kinyun.pay.business.service.impl.PayInnerCertServiceImpl;
import cn.kinyun.pay.common.enums.PayAppType;
import cn.kinyun.pay.common.utils.BaseResultUtil;
import cn.kinyun.pay.common.utils.DigitalSignatureUtil;
import cn.kinyun.pay.dao.entity.PayApp;
import cn.kinyun.pay.dao.mapper.PayAppMapper;
import cn.kinyun.pay.error.ServiceErrorCode;
import com.alibaba.fastjson.JSON;
import com.google.common.base.Preconditions;
import java.util.Objects;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

@Aspect
@Component
@Order(1)
/* loaded from: input_file:cn/kinyun/pay/business/service/config/RequestAuthorizationAspect.class */
public class RequestAuthorizationAspect extends RequestBaseAspect {
    private static final Logger log = LoggerFactory.getLogger(RequestAuthorizationAspect.class);

    @Autowired
    private PayAppMapper payAppMapper;

    @Autowired
    private PayInnerCertServiceImpl certService;

    @Around("@annotation(cn.kinyun.pay.business.service.annotation.AuthorizationPointCut)")
    public Object payServiceAdvice(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        try {
            Object[] args = proceedingJoinPoint.getArgs();
            Preconditions.checkArgument(ArrayUtils.isNotEmpty(args), "请求参数为空");
            Preconditions.checkArgument(args[0] instanceof BaseRequest, "请求参数未继承BaseRequest类");
            BaseRequest baseRequest = (BaseRequest) args[0];
            log.info("receive request:{}", JSON.toJSONString(baseRequest));
            validate(baseRequest);
            return proceedingJoinPoint.proceed();
        } catch (RuntimeException e) {
            log.error("业务线验签失败，{}", e.getMessage());
            BaseResponse buildBaseResponse = BaseResultUtil.buildBaseResponse(proceedingJoinPoint);
            buildBaseResponse.setSuccess(false);
            buildBaseResponse.setCode(ServiceErrorCode.SIGN_FAILED.getCode());
            buildBaseResponse.setMsg(ServiceErrorCode.SIGN_FAILED.getMsg());
            return buildBaseResponse;
        } catch (Exception e2) {
            log.error("业务线校验失败，{}", e2.getMessage());
            BaseResponse buildBaseResponse2 = BaseResultUtil.buildBaseResponse(proceedingJoinPoint);
            buildBaseResponse2.setSuccess(false);
            buildBaseResponse2.setCode(ServiceErrorCode.INVALID_APP_ID_SECRET.getCode());
            buildBaseResponse2.setMsg(ServiceErrorCode.INVALID_APP_ID_SECRET.getMsg());
            return buildBaseResponse2;
        }
    }

    private void validate(BaseRequest baseRequest) {
        String appId = baseRequest.getAppId();
        String secret = baseRequest.getSecret();
        String sign = baseRequest.getSign();
        Preconditions.checkArgument(StringUtils.isNotBlank(appId), "业务线id为空");
        Preconditions.checkArgument(!StringUtils.isAllBlank(new CharSequence[]{sign, secret}), "密钥和签名不能同时为空");
        PayApp queryByAppId = this.payAppMapper.queryByAppId(appId);
        Preconditions.checkArgument(queryByAppId != null && queryByAppId.getIsDeleted().longValue() == 0, appId + "对应的业务线不存在");
        Preconditions.checkArgument(queryByAppId.getEnable().booleanValue(), appId + "对应的业务线已禁用");
        if (!StringUtils.isNotBlank(sign)) {
            Preconditions.checkState(StringUtils.equals(queryByAppId.getSecret(), secret), "业务线秘钥错误");
            return;
        }
        baseRequest.setSign((String) null);
        log.info("request is {}, sign is {}", baseRequest, sign);
        if (!DigitalSignatureUtil.verifyFromSha1WithRSA(baseRequest, sign, Objects.equals(queryByAppId.getType(), PayAppType.INNER.getType()) ? this.certService.getPublicKey() : queryByAppId.getPublicKey())) {
            throw new RuntimeException(String.format("验签失败, appId:%s", appId));
        }
        baseRequest.setSign(sign);
    }
}
