package com.beiming.nonlitigation.businessgateway.common.advice;

import com.beiming.nonlitigation.businessgateway.common.annotation.RsaSecurity;
import com.beiming.nonlitigation.businessgateway.common.config.SecurityProperties;
import com.beiming.nonlitigation.businessgateway.common.utils.AESUtil;
import com.beiming.nonlitigation.businessgateway.common.utils.RsaUtils;
import com.beiming.nonlitigation.businessgateway.common.utils.WechatUtils;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.lang.reflect.Method;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.Map;
import java.util.Objects;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.MethodParameter;
import org.springframework.http.MediaType;
import org.springframework.http.server.ServerHttpRequest;
import org.springframework.http.server.ServerHttpResponse;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;

@ControllerAdvice
/* loaded from: input_file:com/beiming/nonlitigation/businessgateway/common/advice/EncodeResponseBodyAdvice.class */
public class EncodeResponseBodyAdvice implements ResponseBodyAdvice<Object> {
    private static final Logger LOGGER = LoggerFactory.getLogger(EncodeResponseBodyAdvice.class);
    private static final String PRIVATE_KEY_NAME = "x-s-pk";
    public static final String IF_RSA_DECODED = "x-s-o";
    private final SecurityProperties properties;

    public EncodeResponseBodyAdvice(SecurityProperties securityProperties) {
        this.properties = securityProperties;
    }

    public boolean supports(MethodParameter methodParameter, @NotNull Class cls) {
        return (((Method) Objects.requireNonNull(methodParameter.getMethod())).isAnnotationPresent(RsaSecurity.class) && ((RsaSecurity) Objects.requireNonNull(methodParameter.getMethodAnnotation(RsaSecurity.class))).outEncode()) || (methodParameter.getMethod().getDeclaringClass().isAnnotationPresent(RsaSecurity.class) && ((RsaSecurity) methodParameter.getDeclaringClass().getAnnotation(RsaSecurity.class)).outEncode());
    }

    public Object beforeBodyWrite(Object obj, @NotNull MethodParameter methodParameter, @NotNull MediaType mediaType, @NotNull Class cls, @NotNull ServerHttpRequest serverHttpRequest, @NotNull ServerHttpResponse serverHttpResponse) {
        if ((!this.properties.getResponseForceEncode().booleanValue() && !StringUtils.isNotEmpty(serverHttpRequest.getHeaders().getFirst(IF_RSA_DECODED))) || !StringUtils.isNotEmpty(serverHttpRequest.getHeaders().getFirst(IF_RSA_DECODED)) || !serverHttpRequest.getHeaders().getFirst(IF_RSA_DECODED).equals(RsaUtils.KEY_ALGORITHM)) {
            return ((this.properties.getResponseForceEncode().booleanValue() || StringUtils.isNotEmpty(serverHttpRequest.getHeaders().getFirst(IF_RSA_DECODED))) && StringUtils.isNotEmpty(serverHttpRequest.getHeaders().getFirst(IF_RSA_DECODED)) && serverHttpRequest.getHeaders().getFirst(IF_RSA_DECODED).equals(WechatUtils.KEY_NAME)) ? encodeAES(methodParameter, obj, serverHttpResponse) : obj;
        }
        LOGGER.info("对方法method :【" + ((Method) Objects.requireNonNull(methodParameter.getMethod())).getName() + "】返回数据进行加密");
        return encodeRsa(methodParameter, obj, serverHttpResponse);
    }

    private Object encodeAES(MethodParameter methodParameter, Object obj, ServerHttpResponse serverHttpResponse) {
        ObjectMapper objectMapper = new ObjectMapper();
        try {
            serverHttpResponse.getHeaders().add("Access-Control-Expose-Headers", PRIVATE_KEY_NAME);
            String uuid = getUUID();
            String uuid2 = getUUID();
            serverHttpResponse.getHeaders().add(PRIVATE_KEY_NAME, uuid + ";" + uuid2);
            String writeValueAsString = objectMapper.writeValueAsString(obj);
            System.out.println(writeValueAsString);
            return AESUtil.hexEncrypt(writeValueAsString, uuid, uuid2);
        } catch (Exception e) {
            e.printStackTrace();
            LOGGER.error("对方法method :【" + ((Method) Objects.requireNonNull(methodParameter.getMethod())).getName() + "】返回数据进行加密出现异常：" + e.getMessage());
            return obj;
        }
    }

    private Object encodeRsa(MethodParameter methodParameter, Object obj, ServerHttpResponse serverHttpResponse) {
        ObjectMapper objectMapper = new ObjectMapper();
        try {
            Map<String, Object> genKeyPair = RsaUtils.genKeyPair();
            String privateKey = RsaUtils.getPrivateKey(genKeyPair);
            String publicKey = RsaUtils.getPublicKey(genKeyPair);
            serverHttpResponse.getHeaders().add("Access-Control-Expose-Headers", PRIVATE_KEY_NAME);
            serverHttpResponse.getHeaders().add(PRIVATE_KEY_NAME, privateKey);
            return RsaUtils.encryptedDataOnJava(Base64.getEncoder().encodeToString(objectMapper.writeValueAsString(obj).getBytes("UTF-8")), publicKey);
        } catch (Exception e) {
            e.printStackTrace();
            LOGGER.error("对方法method :【" + ((Method) Objects.requireNonNull(methodParameter.getMethod())).getName() + "】返回数据进行加密出现异常：" + e.getMessage());
            return obj;
        }
    }

    private String getUUID() {
        StringBuilder sb = new StringBuilder();
        SecureRandom secureRandom = new SecureRandom();
        for (int i = 0; i < 16; i++) {
            switch (secureRandom.nextInt(3)) {
                case 0:
                    sb.append(secureRandom.nextInt(10));
                    break;
                case 1:
                    sb.append((char) (secureRandom.nextInt(25) + 65));
                    break;
                case 2:
                    sb.append((char) (secureRandom.nextInt(25) + 97));
                    break;
            }
        }
        return sb.toString();
    }
}
