package com.xiaomi.iauth.java.sdk.service.interceptors;

import com.xiaomi.iauth.java.sdk.configuration.IAuthConfiguration;
import com.xiaomi.iauth.java.sdk.constants.IAuthConstants;
import com.xiaomi.iauth.java.sdk.cookie.CookieManager;
import com.xiaomi.iauth.java.sdk.exception.ErrorCode;
import com.xiaomi.iauth.java.sdk.json.JsonResult;
import com.xiaomi.iauth.java.sdk.security.UrlSignature;
import com.xiaomi.iauth.java.sdk.service.annotation.IAuth;
import com.xiaomi.iauth.java.sdk.service.utils.IAuthScopeJudger;
import com.xiaomi.iauth.java.sdk.utils.IpUtil;
import com.xiaomi.iauth.java.sdk.utils.ScopeHelper;
import java.lang.annotation.Annotation;
import java.util.HashMap;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import net.paoding.rose.web.ControllerInterceptorAdapter;
import net.paoding.rose.web.Invocation;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apache.log4j.spi.LocationInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes3.dex */
public class IAuthInterceptor extends ControllerInterceptorAdapter {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) IAuthInterceptor.class);

    private static boolean isExpandUrlVerity() {
        return IAuthConfiguration.getInstance().isExpandUrlVerity();
    }

    private JsonResult verify(Invocation invocation, long j, String str, List<Integer> list) {
        HttpServletRequest request = invocation.getRequest();
        HashMap hashMap = new HashMap(4);
        hashMap.put("ip", IpUtil.getIp(request));
        Logger logger = LOG;
        logger.info("[getRemoteAddr] {}", IpUtil.getIp(request));
        IAuthScopeJudger iAuthScopeJudger = new IAuthScopeJudger(str, j, list, hashMap);
        iAuthScopeJudger.judge();
        if (iAuthScopeJudger.getErrorCode() != ErrorCode.SUCCESS) {
            JsonResult jsonResult = new JsonResult(false);
            jsonResult.setErrorCode(iAuthScopeJudger.getErrorCode());
            invocation.getResponse().setStatus(iAuthScopeJudger.getStatusCode());
            logger.error(" verify token failed. {}", jsonResult);
            return jsonResult;
        }
        if (!isExpandUrlVerity()) {
            invocation.setAttribute(IAuthConstants.IAUTH_TOKEN, iAuthScopeJudger.getIauthToken());
            invocation.setAttribute("appId", Long.valueOf(j));
            logger.info("leaving iauth interceptor");
            return null;
        }
        logger.debug("start check signedUrl");
        String parameter = request.getParameter(IAuthConstants.IAUTH_URL_SIGN);
        if (parameter == null) {
            JsonResult jsonResult2 = new JsonResult(false);
            jsonResult2.setErrorCode(ErrorCode.PL_UNKNOW);
            logger.error("check signedUrl fail, no url sign found, {}", jsonResult2);
            return jsonResult2;
        }
        String genUrlSign = UrlSignature.genUrlSign(StringUtils.substring(request.getRequestURL().append(LocationInfo.NA).append(request.getQueryString()).toString(), 0, r0.indexOf(IAuthConstants.IAUTH_URL_SIGN) - 1), iAuthScopeJudger.getIauthToken().getSecurity());
        if (genUrlSign.equals(parameter)) {
            invocation.setAttribute(IAuthConstants.IAUTH_TOKEN, iAuthScopeJudger.getIauthToken());
            invocation.setAttribute("appId", Long.valueOf(j));
            logger.info("check signedUrl success, leaving iauth interceptor");
            return null;
        }
        logger.error("check signedUrl fail, input sign is [{}], real sign is [{}]", parameter, genUrlSign);
        JsonResult jsonResult3 = new JsonResult(false);
        jsonResult3.setErrorCode(ErrorCode.PL_HAS_BEEN_REJECTED);
        logger.error("{}", jsonResult3);
        return jsonResult3;
    }

    public Object before(Invocation invocation) {
        if (!IAuthConfiguration.getInstance().isServiceMode()) {
            LOG.error("iauth.sdk.service.mode is not set");
            return true;
        }
        Logger logger = LOG;
        logger.debug("enter iauth interceptor");
        HttpServletRequest request = invocation.getRequest();
        String parameter = request.getParameter("token");
        if (!StringUtils.isNotBlank(parameter)) {
            parameter = CookieManager.getCookie(request, "token");
        }
        String str = parameter;
        long j = NumberUtils.toLong(request.getParameter("appId"), -1L);
        if (StringUtils.isEmpty(str) && IAuthConfiguration.getInstance().isAllowNoToken()) {
            invocation.setAttribute("appId", Long.valueOf(j));
            logger.info("allowed no token, leaving iauth interceptor");
            return true;
        }
        List<Integer> scopeStringToList = ScopeHelper.scopeStringToList(((IAuth) invocation.getAnnotation(IAuth.class)).scopeList());
        logger.info("iauth interceptor appId: [{}], token:[{}], scopeList:[{}]", Long.valueOf(j), str, scopeStringToList);
        JsonResult verify = verify(invocation, j, str, scopeStringToList);
        if (verify == null) {
            return true;
        }
        return verify.toString();
    }

    public int getPriority() {
        return IAuthConstants.INTERCEPTOR_PRIVORITY_LEVEL;
    }

    public Class<? extends Annotation> getRequiredAnnotationClass() {
        return IAuth.class;
    }
}
