package com.yeepay.yop.sdk.base.auth.signer;

import com.yeepay.shade.com.google.common.base.Joiner;
import com.yeepay.shade.com.google.common.base.Preconditions;
import com.yeepay.shade.com.google.common.collect.Lists;
import com.yeepay.shade.com.google.common.collect.Maps;
import com.yeepay.shade.com.google.common.collect.Sets;
import com.yeepay.shade.org.apache.commons.lang3.StringUtils;
import com.yeepay.yop.sdk.YopConstants;
import com.yeepay.yop.sdk.auth.SignOptions;
import com.yeepay.yop.sdk.auth.credentials.CertificateCredentials;
import com.yeepay.yop.sdk.auth.credentials.CredentialsItem;
import com.yeepay.yop.sdk.auth.credentials.YopCredentials;
import com.yeepay.yop.sdk.auth.credentials.YopCredentialsWithoutSign;
import com.yeepay.yop.sdk.auth.signer.process.YopSignProcessor;
import com.yeepay.yop.sdk.base.auth.signer.process.YopSignProcessorFactory;
import com.yeepay.yop.sdk.base.security.digest.YopDigesterFactory;
import com.yeepay.yop.sdk.constants.CharacterConstants;
import com.yeepay.yop.sdk.http.Headers;
import com.yeepay.yop.sdk.internal.Request;
import com.yeepay.yop.sdk.internal.RestartableInputStream;
import com.yeepay.yop.sdk.model.BaseRequest;
import com.yeepay.yop.sdk.security.DigestAlgEnum;
import com.yeepay.yop.sdk.security.SignerTypeEnum;
import com.yeepay.yop.sdk.utils.DateUtils;
import com.yeepay.yop.sdk.utils.Encodes;
import com.yeepay.yop.sdk.utils.HttpUtils;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedMap;
import java.util.TreeMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yeepay/yop/sdk/base/auth/signer/YopPKISigner.class */
public class YopPKISigner implements YopSigner {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) YopPKISigner.class);
    private static final Set<String> DEFAULT_HEADERS_TO_SIGN = Sets.newHashSet();
    private static final Joiner HEADER_JOINER = Joiner.on('\n');
    private static final Joiner SIGNED_HEADER_STRING_JOINER = Joiner.on(';');

    @Override // com.yeepay.yop.sdk.base.auth.signer.YopSigner
    public void sign(Request<? extends BaseRequest> request, YopCredentials<?> yopCredentials, SignOptions signOptions) {
        Preconditions.checkNotNull(request, "request should not be null.");
        if (yopCredentials == null || (yopCredentials instanceof YopCredentialsWithoutSign)) {
            return;
        }
        Integer signExpirationInSeconds = request.getOriginalRequestObject().getRequestConfig().getSignExpirationInSeconds();
        if (null != signExpirationInSeconds && signExpirationInSeconds.intValue() > 0) {
            signOptions.setExpirationInSeconds(signExpirationInSeconds.intValue());
        }
        String buildAuthString = buildAuthString(yopCredentials, signOptions);
        LOGGER.debug("authString:{}", buildAuthString);
        additionalHeader(request, signOptions);
        SortedMap<String, String> headersToSign = getHeadersToSign(request.getHeaders(), DEFAULT_HEADERS_TO_SIGN);
        String buildCanonicalRequest = buildCanonicalRequest(request, buildAuthString, headersToSign);
        LOGGER.debug("canonicalRequest:{}", buildCanonicalRequest.replace("\n", "[\\n]"));
        CredentialsItem credentialsItem = (CredentialsItem) yopCredentials.getCredential();
        YopSignProcessor signProcessor = YopSignProcessorFactory.getSignProcessor(credentialsItem.getCertType().name());
        String str = signProcessor.sign(buildCanonicalRequest, credentialsItem) + CharacterConstants.DOLLAR + signProcessor.getDigestAlg();
        LOGGER.debug("signature:{}", str);
        String buildAuthzHeader = buildAuthzHeader(signOptions, buildAuthString, headersToSign, str);
        LOGGER.debug("Authorization:{}", buildAuthzHeader);
        request.addHeader("Authorization", buildAuthzHeader);
        if (yopCredentials instanceof CertificateCredentials) {
            request.addHeader(Headers.YOP_SIGN_CERT_SERIAL_NO, ((CertificateCredentials) yopCredentials).getSerialNo());
        }
    }

    private void additionalHeader(Request<? extends BaseRequest> request, SignOptions signOptions) {
        DigestAlgEnum digestAlg = signOptions.getDigestAlg();
        request.addHeader(getDigestAlgHeaderName(digestAlg), calculateContentHash(request, digestAlg));
    }

    private String buildAuthString(YopCredentials<?> yopCredentials, SignOptions signOptions) {
        return "yop-auth-v3/" + yopCredentials.getAppKey() + "/" + DateUtils.formatAlternateIso8601Date(new Date()) + "/" + signOptions.getExpirationInSeconds();
    }

    private String buildCanonicalRequest(Request<? extends BaseRequest> request, String str, SortedMap<String, String> sortedMap) {
        return str + "\n" + request.getHttpMethod() + "\n" + getCanonicalURIPath(request.getResourcePath()) + "\n" + getCanonicalQueryString(request) + "\n" + getCanonicalHeaders(sortedMap);
    }

    private String buildAuthzHeader(SignOptions signOptions, String str, SortedMap<String, String> sortedMap, String str2) {
        return signOptions.getProtocolPrefix() + " " + str + "/" + SIGNED_HEADER_STRING_JOINER.join(sortedMap.keySet()).trim().toLowerCase() + "/" + str2;
    }

    private String getCanonicalQueryString(Request<? extends BaseRequest> request) {
        return HttpUtils.usePayloadForQueryParameters(request) ? "" : HttpUtils.getCanonicalQueryString(request.getParameters(), true);
    }

    private String getDigestAlgHeaderName(DigestAlgEnum digestAlgEnum) {
        return DigestAlgEnum.SM3 == digestAlgEnum ? Headers.YOP_CONTENT_SM3 : Headers.YOP_CONTENT_SHA256;
    }

    private String calculateContentHash(Request<? extends BaseRequest> request, DigestAlgEnum digestAlgEnum) {
        RestartableInputStream binaryRequestPayloadStream = getBinaryRequestPayloadStream(request);
        String encodeHex = Encodes.encodeHex(YopDigesterFactory.getDigester(digestAlgEnum.name()).digest(binaryRequestPayloadStream, digestAlgEnum.name()));
        binaryRequestPayloadStream.restart();
        return encodeHex;
    }

    private RestartableInputStream getBinaryRequestPayloadStream(Request<? extends BaseRequest> request) {
        if (!HttpUtils.usePayloadForQueryParameters(request)) {
            return getBinaryRequestPayloadStreamWithoutQueryParams(request);
        }
        String canonicalQueryString = HttpUtils.getCanonicalQueryString(request.getParameters(), true);
        return StringUtils.isEmpty(canonicalQueryString) ? RestartableInputStream.wrap(new byte[0]) : RestartableInputStream.wrap(canonicalQueryString.getBytes(YopConstants.DEFAULT_CHARSET));
    }

    private RestartableInputStream getBinaryRequestPayloadStreamWithoutQueryParams(Request<? extends BaseRequest> request) {
        return ((request.getContent() instanceof RestartableInputStream) && HttpUtils.isJsonContentType(request)) ? (RestartableInputStream) request.getContent() : RestartableInputStream.wrap(new byte[0]);
    }

    private String getCanonicalURIPath(String str) {
        return str == null ? "/" : str.startsWith("/") ? HttpUtils.normalizePath(str) : "/" + HttpUtils.normalizePath(str);
    }

    private SortedMap<String, String> getHeadersToSign(Map<String, String> map, Set<String> set) {
        TreeMap newTreeMap = Maps.newTreeMap();
        if (set != null) {
            HashSet newHashSet = Sets.newHashSet();
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                newHashSet.add(it.next().trim().toLowerCase());
            }
            set = newHashSet;
        }
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String key = entry.getKey();
            if (entry.getValue() != null && !entry.getValue().isEmpty() && set != null && set.contains(key.toLowerCase()) && !"Authorization".equalsIgnoreCase(key)) {
                newTreeMap.put(key, entry.getValue());
            }
        }
        return newTreeMap;
    }

    private String getCanonicalHeaders(SortedMap<String, String> sortedMap) {
        if (sortedMap.isEmpty()) {
            return "";
        }
        ArrayList newArrayList = Lists.newArrayList();
        for (Map.Entry<String, String> entry : sortedMap.entrySet()) {
            String key = entry.getKey();
            if (key != null) {
                String value = entry.getValue();
                if (value == null) {
                    value = "";
                }
                newArrayList.add(HttpUtils.normalize(key.trim().toLowerCase()) + ':' + HttpUtils.normalize(value.trim()));
            }
        }
        Collections.sort(newArrayList);
        return HEADER_JOINER.join(newArrayList);
    }

    @Override // com.yeepay.yop.sdk.base.auth.signer.YopSigner
    public List<String> supportSignerAlg() {
        return Lists.newArrayList(SignerTypeEnum.SM2.name(), SignerTypeEnum.RSA.name());
    }

    static {
        DEFAULT_HEADERS_TO_SIGN.add("Content-Length".toLowerCase());
        DEFAULT_HEADERS_TO_SIGN.add("Content-Type".toLowerCase());
        DEFAULT_HEADERS_TO_SIGN.add("Content-MD5".toLowerCase());
        DEFAULT_HEADERS_TO_SIGN.add(Headers.YOP_REQUEST_ID);
        DEFAULT_HEADERS_TO_SIGN.add(Headers.YOP_DATE);
        DEFAULT_HEADERS_TO_SIGN.add("x-yop-appkey");
        DEFAULT_HEADERS_TO_SIGN.add(Headers.YOP_CONTENT_SHA256);
        DEFAULT_HEADERS_TO_SIGN.add(Headers.YOP_HASH_CRC64ECMA);
        DEFAULT_HEADERS_TO_SIGN.add(Headers.YOP_CONTENT_SM3);
        DEFAULT_HEADERS_TO_SIGN.add(Headers.YOP_ENCRYPT);
    }
}
