package com.jxdinfo.hussar.platform.cloud.gateway.filter;

import cn.hutool.core.codec.Base64;
import cn.hutool.core.util.CharsetUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.Mode;
import cn.hutool.crypto.Padding;
import cn.hutool.crypto.symmetric.AES;
import cn.hutool.http.HttpUtil;
import cn.hutool.json.JSONUtil;
import com.jxdinfo.hussar.platform.cloud.common.constant.enums.EncTypeEnum;
import com.jxdinfo.hussar.platform.cloud.common.utils.SecurityUtils;
import com.jxdinfo.hussar.platform.cloud.gateway.config.GatewayConfigProperties;
import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.Map;
import java.util.function.Function;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
import org.springframework.cloud.gateway.filter.factory.rewrite.CachedBodyOutputMessage;
import org.springframework.cloud.gateway.support.BodyInserterContext;
import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.serializer.StringRedisSerializer;
import org.springframework.http.HttpHeaders;
import org.springframework.http.codec.HttpMessageReader;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpRequestDecorator;
import org.springframework.stereotype.Component;
import org.springframework.web.reactive.function.BodyInserter;
import org.springframework.web.reactive.function.BodyInserters;
import org.springframework.web.reactive.function.server.HandlerStrategies;
import org.springframework.web.reactive.function.server.ServerRequest;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

@Component
/* loaded from: input_file:com/jxdinfo/hussar/platform/cloud/gateway/filter/PasswordDecoderFilter.class */
public class PasswordDecoderFilter extends AbstractGatewayFilterFactory {
    private static final Logger log = LoggerFactory.getLogger(PasswordDecoderFilter.class);
    private final List<HttpMessageReader<?>> messageReaders = HandlerStrategies.withDefaults().messageReaders();
    private static final String PASSWORD = "password";
    private static final String KEY_ALGORITHM = "AES";
    private final RedisTemplate redisTemplate;
    private final GatewayConfigProperties gatewayConfig;

    public GatewayFilter apply(Object obj) {
        return (serverWebExchange, gatewayFilterChain) -> {
            ServerHttpRequest request = serverWebExchange.getRequest();
            if (StrUtil.containsAnyIgnoreCase(request.getURI().getPath(), new CharSequence[]{"/oauth/token"}) && !StrUtil.equals("refresh_token", (String) request.getQueryParams().getFirst("grant_type")) && isEncClient(request)) {
                BodyInserter fromPublisher = BodyInserters.fromPublisher(ServerRequest.create(serverWebExchange, this.messageReaders).bodyToMono(String.class).flatMap(decryptAES()), String.class);
                HttpHeaders httpHeaders = new HttpHeaders();
                httpHeaders.putAll(serverWebExchange.getRequest().getHeaders());
                httpHeaders.remove("Content-Length");
                httpHeaders.set("Content-Type", "application/x-www-form-urlencoded");
                CachedBodyOutputMessage cachedBodyOutputMessage = new CachedBodyOutputMessage(serverWebExchange, httpHeaders);
                return fromPublisher.insert(cachedBodyOutputMessage, new BodyInserterContext()).then(Mono.defer(() -> {
                    return gatewayFilterChain.filter(serverWebExchange.mutate().request(decorate(serverWebExchange, httpHeaders, cachedBodyOutputMessage)).build());
                }));
            }
            return gatewayFilterChain.filter(serverWebExchange);
        };
    }

    private boolean isEncClient(ServerHttpRequest serverHttpRequest) {
        String str = (String) SecurityUtils.extractClientId(serverHttpRequest.getHeaders().getFirst("Authorization")).orElse(null);
        String first = serverHttpRequest.getHeaders().getFirst("TENANT-ID");
        Object[] objArr = new Object[3];
        objArr[0] = StrUtil.isBlank(first) ? "0l" : first;
        objArr[1] = "client_config_flag";
        objArr[2] = str;
        String format = String.format("%s:%s:%s", objArr);
        this.redisTemplate.setKeySerializer(new StringRedisSerializer());
        Object obj = this.redisTemplate.opsForValue().get(format);
        if (obj == null) {
            return true;
        }
        return !StrUtil.equals(EncTypeEnum.NO.getType(), JSONUtil.parseObj(obj.toString()).getStr("enc_flag"));
    }

    private Function decryptAES() {
        return obj -> {
            AES aes = new AES(Mode.CBC, Padding.ZeroPadding, new SecretKeySpec(this.gatewayConfig.getEncodeKey().getBytes(), KEY_ALGORITHM), new IvParameterSpec(this.gatewayConfig.getEncodeKey().getBytes()));
            Map decodeParamMap = HttpUtil.decodeParamMap((String) obj, CharsetUtil.CHARSET_UTF_8);
            if (decodeParamMap.containsKey(PASSWORD)) {
                decodeParamMap.put(PASSWORD, new String(aes.decrypt(Base64.decode(((String) decodeParamMap.get(PASSWORD)).getBytes(StandardCharsets.UTF_8))), StandardCharsets.UTF_8).trim());
            } else {
                log.error("非法请求数据:{}", obj);
            }
            return Mono.just(HttpUtil.toParams(decodeParamMap));
        };
    }

    private ServerHttpRequestDecorator decorate(ServerWebExchange serverWebExchange, final HttpHeaders httpHeaders, final CachedBodyOutputMessage cachedBodyOutputMessage) {
        return new ServerHttpRequestDecorator(serverWebExchange.getRequest()) { // from class: com.jxdinfo.hussar.platform.cloud.gateway.filter.PasswordDecoderFilter.1
            public HttpHeaders getHeaders() {
                long contentLength = httpHeaders.getContentLength();
                HttpHeaders httpHeaders2 = new HttpHeaders();
                httpHeaders2.putAll(super.getHeaders());
                if (contentLength > 0) {
                    httpHeaders2.setContentLength(contentLength);
                } else {
                    httpHeaders2.set("Transfer-Encoding", "chunked");
                }
                return httpHeaders2;
            }

            public Flux<DataBuffer> getBody() {
                return cachedBodyOutputMessage.getBody();
            }
        };
    }

    public PasswordDecoderFilter(RedisTemplate redisTemplate, GatewayConfigProperties gatewayConfigProperties) {
        this.redisTemplate = redisTemplate;
        this.gatewayConfig = gatewayConfigProperties;
    }
}
