package com.yeepay.yop.sdk.http.analyzer;

import com.yeepay.shade.org.apache.commons.lang3.BooleanUtils;
import com.yeepay.shade.org.apache.commons.lang3.StringUtils;
import com.yeepay.yop.sdk.YopConstants;
import com.yeepay.yop.sdk.auth.SignOptions;
import com.yeepay.yop.sdk.auth.credentials.YopPlatformCredentials;
import com.yeepay.yop.sdk.exception.YopClientException;
import com.yeepay.yop.sdk.http.HttpResponseAnalyzer;
import com.yeepay.yop.sdk.http.HttpResponseHandleContext;
import com.yeepay.yop.sdk.model.BaseResponse;
import com.yeepay.yop.sdk.model.YopResponseMetadata;
import com.yeepay.yop.sdk.security.CertTypeEnum;
import com.yeepay.yop.sdk.utils.ClientUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yeepay/yop/sdk/http/analyzer/YopSignatureCheckAnalyzer.class */
public class YopSignatureCheckAnalyzer implements HttpResponseAnalyzer {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) YopSignatureCheckAnalyzer.class);
    private static final YopSignatureCheckAnalyzer INSTANCE = new YopSignatureCheckAnalyzer();

    public static YopSignatureCheckAnalyzer getInstance() {
        return INSTANCE;
    }

    private YopSignatureCheckAnalyzer() {
    }

    @Override // com.yeepay.yop.sdk.http.HttpResponseAnalyzer
    public <T extends BaseResponse> boolean analysis(HttpResponseHandleContext httpResponseHandleContext, T t) throws Exception {
        YopResponseMetadata metadata = t.getMetadata();
        if (BooleanUtils.isTrue(httpResponseHandleContext.isSkipVerifySign()) || StringUtils.isBlank(metadata.getYopSign())) {
            return false;
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("response sign verify begin, requestId:{}, sign:{}", metadata.getYopRequestId(), metadata.getYopSign());
        }
        SignOptions signOptions = httpResponseHandleContext.getSignOptions();
        YopPlatformCredentials platformCredential = getPlatformCredential(httpResponseHandleContext.getProvider(), httpResponseHandleContext.getEnv(), signOptions, httpResponseHandleContext.getAppKey(), metadata.getYopCertSerialNo(), httpResponseHandleContext.getOriginRequest().getOriginalRequestObject().getRequestConfig().getServerRoot());
        if (null == platformCredential) {
            throw new YopClientException("ConfigProblem, YopPlatformCredentials NotFound, appKey:" + httpResponseHandleContext.getAppKey() + ", serialNo:" + metadata.getYopCertSerialNo());
        }
        httpResponseHandleContext.getSigner().checkSignature(httpResponseHandleContext.getResponse(), metadata.getYopSign(), platformCredential, new SignOptions().withDigestAlg(signOptions.getDigestAlg()).withProtocolPrefix(signOptions.getProtocolPrefix()).withExpirationInSeconds(signOptions.getExpirationInSeconds()).withUrlSafe(!StringUtils.containsAny(metadata.getYopSign(), '+', '/', '=')));
        if (!LOGGER.isDebugEnabled()) {
            return false;
        }
        LOGGER.debug("response sign verify success, requestId:{}, sign:{}", metadata.getYopRequestId(), metadata.getYopSign());
        return false;
    }

    private YopPlatformCredentials getPlatformCredential(String str, String str2, SignOptions signOptions, String str3, String str4, String str5) {
        if (("YOP-SM2-SM3".equals(signOptions.getProtocolPrefix()) ? CertTypeEnum.SM2 : CertTypeEnum.RSA2048) == CertTypeEnum.RSA2048) {
            if (StringUtils.isNotBlank(str4)) {
                LOGGER.warn("rsa signed request not need serialNo:{}.", str4);
            }
            str4 = YopConstants.YOP_RSA_PLATFORM_CERT_DEFAULT_SERIAL_NO;
        }
        return ClientUtils.getCurrentPlatformCredentialsProvider().getCredentials(str, str2, str3, str4, str5);
    }
}
