package com.xiaomi.iauth.java.sdk.service.interceptors;

import com.xiaomi.iauth.java.sdk.configuration.IAuthConfiguration;
import com.xiaomi.iauth.java.sdk.constants.IAuthConstants;
import com.xiaomi.iauth.java.sdk.cookie.CookieManager;
import com.xiaomi.iauth.java.sdk.exception.ErrorCode;
import com.xiaomi.iauth.java.sdk.json.JsonResult;
import com.xiaomi.iauth.java.sdk.security.UrlSignature;
import com.xiaomi.iauth.java.sdk.service.annotation.IAuth;
import com.xiaomi.iauth.java.sdk.service.utils.IAuthScopeJudger;
import com.xiaomi.iauth.java.sdk.utils.IpUtil;
import com.xiaomi.iauth.java.sdk.utils.ScopeHelper;
import java.util.HashMap;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apache.log4j.spi.LocationInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: classes3.dex */
public class IAuthSpringInterceptor extends HandlerInterceptorAdapter {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) IAuthSpringInterceptor.class);

    private boolean isExpandUrlVerity() {
        return IAuthConfiguration.getInstance().isExpandUrlVerity();
    }

    private boolean verify(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, long j, String str, List<Integer> list) {
        HashMap hashMap = new HashMap(4);
        hashMap.put("ip", IpUtil.getIp(httpServletRequest));
        Logger logger = LOGGER;
        logger.info("[getRemoteAddr] {}", IpUtil.getIp(httpServletRequest));
        IAuthScopeJudger iAuthScopeJudger = new IAuthScopeJudger(str, j, list, hashMap);
        iAuthScopeJudger.judge();
        if (iAuthScopeJudger.getErrorCode() != ErrorCode.SUCCESS) {
            JsonResult jsonResult = new JsonResult(false);
            jsonResult.setErrorCode(iAuthScopeJudger.getErrorCode());
            httpServletResponse.setStatus(iAuthScopeJudger.getStatusCode());
            logger.error("{}", jsonResult);
            return false;
        }
        if (!isExpandUrlVerity()) {
            httpServletRequest.setAttribute(IAuthConstants.IAUTH_TOKEN, iAuthScopeJudger.getIauthToken());
            httpServletRequest.setAttribute("appId", Long.valueOf(j));
            logger.info("leaving iauth interceptor");
            return true;
        }
        logger.debug("start check signedUrl");
        String parameter = httpServletRequest.getParameter(IAuthConstants.IAUTH_URL_SIGN);
        if (parameter == null) {
            JsonResult jsonResult2 = new JsonResult(false);
            jsonResult2.setErrorCode(ErrorCode.PL_UNKNOW);
            logger.error("check signedUrl fail, no url sign found, {}", jsonResult2);
            return false;
        }
        String security = iAuthScopeJudger.getIauthToken().getSecurity();
        String stringBuffer = httpServletRequest.getRequestURL().append(LocationInfo.NA).append(httpServletRequest.getQueryString()).toString();
        String genUrlSign = UrlSignature.genUrlSign(StringUtils.substring(stringBuffer, 0, stringBuffer.indexOf(IAuthConstants.IAUTH_URL_SIGN) - 1), security);
        if (genUrlSign.equals(parameter)) {
            httpServletRequest.setAttribute(IAuthConstants.IAUTH_TOKEN, iAuthScopeJudger.getIauthToken());
            httpServletRequest.setAttribute("appId", Long.valueOf(j));
            logger.info("check signedUrl success, leaving iauth interceptor");
            return true;
        }
        logger.error("check signedUrl fail, input sign is [{}], real sign is [{}]", parameter, genUrlSign);
        JsonResult jsonResult3 = new JsonResult(false);
        jsonResult3.setErrorCode(ErrorCode.PL_HAS_BEEN_REJECTED);
        logger.error("{}", jsonResult3);
        return false;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) {
        Logger logger = LOGGER;
        logger.debug("enter iauth interceptor");
        if (!IAuthConfiguration.getInstance().isServiceMode()) {
            logger.error("iauth.sdk.service.mode is not set");
            return true;
        }
        String parameter = httpServletRequest.getParameter("token");
        if (!StringUtils.isNotBlank(parameter)) {
            parameter = CookieManager.getCookie(httpServletRequest, "token");
        }
        String str = parameter;
        long j = NumberUtils.toLong(httpServletRequest.getParameter("appId"), -1L);
        if (StringUtils.isEmpty(str) && IAuthConfiguration.getInstance().isAllowNoToken()) {
            httpServletRequest.setAttribute("appId", Long.valueOf(j));
            logger.info("allowed no token, leaving iauth interceptor");
            return true;
        }
        if (!obj.getClass().isAssignableFrom(HandlerMethod.class)) {
            logger.warn("iauth dont support this type: {}", obj.getClass());
            return true;
        }
        IAuth iAuth = (IAuth) ((HandlerMethod) obj).getMethod().getAnnotation(IAuth.class);
        if (iAuth == null) {
            logger.warn("cant find @IAuth for this uri: {}", httpServletRequest.getRequestURI());
            return true;
        }
        List<Integer> scopeStringToList = ScopeHelper.scopeStringToList(iAuth.scopeList());
        logger.info("iauth interceptor appId: [{}], token:[{}], scopeList:[{}]", Long.valueOf(j), str, scopeStringToList);
        return verify(httpServletRequest, httpServletResponse, j, str, scopeStringToList);
    }
}
