package com.yeepay.yop.sdk.service.common.callback.protocol;

import com.yeepay.shade.com.google.common.base.Joiner;
import com.yeepay.shade.com.google.common.base.Splitter;
import com.yeepay.shade.com.google.common.collect.Lists;
import com.yeepay.shade.com.google.common.collect.Sets;
import com.yeepay.shade.org.apache.commons.lang3.StringUtils;
import com.yeepay.yop.sdk.auth.credentials.YopCredentials;
import com.yeepay.yop.sdk.auth.credentials.YopSymmetricCredentials;
import com.yeepay.yop.sdk.auth.credentials.provider.YopCredentialsProviderRegistry;
import com.yeepay.yop.sdk.auth.credentials.provider.YopPlatformCredentialsProviderRegistry;
import com.yeepay.yop.sdk.base.auth.signer.process.YopSignProcessorFactory;
import com.yeepay.yop.sdk.base.security.encrypt.YopEncryptProtocol;
import com.yeepay.yop.sdk.base.security.encrypt.YopEncryptorFactory;
import com.yeepay.yop.sdk.constants.CharacterConstants;
import com.yeepay.yop.sdk.exception.YopClientException;
import com.yeepay.yop.sdk.http.Headers;
import com.yeepay.yop.sdk.protocol.AuthenticateProtocolVersion;
import com.yeepay.yop.sdk.security.CertTypeEnum;
import com.yeepay.yop.sdk.security.DigestAlgEnum;
import com.yeepay.yop.sdk.security.encrypt.EncryptOptions;
import com.yeepay.yop.sdk.service.common.callback.YopCallback;
import com.yeepay.yop.sdk.service.common.callback.YopCallbackRequest;
import com.yeepay.yop.sdk.utils.HttpUtils;
import com.yeepay.yop.sdk.utils.X509CertUtils;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yeepay/yop/sdk/service/common/callback/protocol/YopSm2CallbackProtocol.class */
public class YopSm2CallbackProtocol extends AbstractYopCallbackProtocol {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) YopSm2CallbackProtocol.class);
    private static final Splitter SIGNED_HEADER_STRING_SPLITTER = Splitter.on(CharacterConstants.SEMICOLON);
    private static final Joiner HEADER_JOINER = Joiner.on("\n");
    private String yopRequestId;
    private CertTypeEnum certType;
    private DigestAlgEnum digestAlgEnum;
    private AuthenticateProtocolVersion protocolVersion;
    private String appKey;
    private String timestamp;
    private long expirationInSeconds;
    private String signedHeaders;
    private String signature;
    private String platformSerialNo;
    private String platformServerRoot;
    private String yopEncrypt;

    public YopSm2CallbackProtocol(YopCallbackRequest yopCallbackRequest) {
        initialize(yopCallbackRequest);
        this.originRequest = yopCallbackRequest;
    }

    @Override // com.yeepay.yop.sdk.service.common.callback.protocol.YopCallbackProtocol
    public YopCallback parse() {
        verifySign(this.platformServerRoot);
        return YopCallback.builder().withId(this.yopRequestId).withAppKey(this.appKey).withType(this.originRequest.getHttpPath()).withCreateTime(new Date()).withBizData(decryptBizContent()).withMetaInfo("headers", this.originRequest.getHeaders()).build();
    }

    private void verifySign(String str) {
        String[] split = this.signature.split("\\$");
        YopSignProcessorFactory.getSignProcessor(this.certType.getValue()).verify(preparePlainText(), split[0], YopPlatformCredentialsProviderRegistry.getProvider().getCredentials(this.appKey, this.platformSerialNo, str).getCredential());
    }

    private String decryptBizContent() {
        YopCredentials<?> credentials = YopCredentialsProviderRegistry.getProvider().getCredentials(this.appKey, this.certType.getValue());
        EncryptOptions encryptOptions = new EncryptOptions();
        encryptOptions.setCredentials(new YopSymmetricCredentials(this.appKey, ""));
        encryptOptions.setCredentialsAlg(this.certType.getValue());
        YopEncryptProtocol.Inst parseEncryptProtocol = parseEncryptProtocol(this.yopEncrypt, credentials, encryptOptions);
        if (null == parseEncryptProtocol) {
            throw new YopClientException("illegal YopSm2CallbackProtocol, request:" + this.originRequest);
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("YopSm2CallbackProtocol to be Decrypted, requestId:{}, headers:{}, params:{}", this.yopRequestId, parseEncryptProtocol.getEncryptHeaders(), parseEncryptProtocol.getEncryptParams());
        }
        EncryptOptions encryptOptions2 = parseEncryptProtocol.getEncryptOptions();
        return null == this.originRequest.getContent() ? "" : YopEncryptorFactory.getEncryptor(encryptOptions2.getAlg()).decryptFromBase64((String) this.originRequest.getContent(), encryptOptions2);
    }

    private void initialize(YopCallbackRequest yopCallbackRequest) {
        try {
            Map<String, String> canonicalHeaders = yopCallbackRequest.getCanonicalHeaders();
            String[] split = canonicalHeaders.get("Authorization".toLowerCase()).split(" ");
            String str = split[0];
            String str2 = split[1];
            String[] split2 = str.split(CharacterConstants.DASH_LINE);
            this.certType = CertTypeEnum.parse(split2[1]);
            this.digestAlgEnum = DigestAlgEnum.valueOf(split2[2]);
            String[] split3 = StringUtils.split(str2, "/");
            this.protocolVersion = AuthenticateProtocolVersion.parse(split3[0]);
            this.appKey = split3[1];
            this.timestamp = split3[2];
            this.expirationInSeconds = Long.parseLong(split3[3]);
            this.signedHeaders = split3[4].toLowerCase();
            this.signature = split3[5];
            this.platformSerialNo = canonicalHeaders.get(Headers.YOP_SIGN_CERT_SERIAL_NO);
            if (StringUtils.isBlank(this.platformSerialNo)) {
                this.platformSerialNo = canonicalHeaders.get(Headers.YOP_CERT_SERIAL_NO);
            }
            this.platformSerialNo = X509CertUtils.parseToHex(this.platformSerialNo);
            this.platformServerRoot = yopCallbackRequest.getPlatformServerRoot();
            this.yopEncrypt = canonicalHeaders.get(Headers.YOP_ENCRYPT);
            this.yopRequestId = canonicalHeaders.get(Headers.YOP_REQUEST_ID);
        } catch (Exception e) {
            throw new YopClientException("error initialize YopSm2CallbackProtocol, ex:", e);
        }
    }

    private String preparePlainText() {
        YopCallbackRequest yopCallbackRequest = this.originRequest;
        return (this.protocolVersion.stringFormat() + "/" + this.appKey + "/" + this.timestamp + "/" + this.expirationInSeconds) + "\n" + yopCallbackRequest.getHttpPath() + "\n" + HttpUtils.getCanonicalURIPath(yopCallbackRequest.getHttpPath()) + "\n" + getCanonicalQueryString() + "\n" + getCanonicalHeaders();
    }

    private String getCanonicalQueryString() {
        return HttpUtils.useEmptyAsCanonicalQueryString(this.originRequest.getHttpMethod(), this.originRequest.getContentType()) ? "" : HttpUtils.getCanonicalQueryString(this.originRequest.getParams(), true);
    }

    private String getCanonicalHeaders() {
        YopCallbackRequest yopCallbackRequest = this.originRequest;
        HashSet newHashSet = Sets.newHashSet(SIGNED_HEADER_STRING_SPLITTER.split(this.signedHeaders));
        ArrayList newArrayList = Lists.newArrayList();
        Iterator it = newHashSet.iterator();
        while (it.hasNext()) {
            String lowerCase = ((String) it.next()).trim().toLowerCase();
            String str = yopCallbackRequest.getCanonicalHeaders().get(lowerCase);
            if (!StringUtils.isBlank(str)) {
                newArrayList.add(HttpUtils.normalize(lowerCase + ":" + HttpUtils.normalize(str.trim())));
            }
        }
        Collections.sort(newArrayList);
        return HEADER_JOINER.join(newArrayList);
    }

    private YopEncryptProtocol.Inst parseEncryptProtocol(String str, YopCredentials<?> yopCredentials, EncryptOptions encryptOptions) {
        if (StringUtils.isNotBlank(str)) {
            return YopEncryptProtocol.fromProtocol(str).parse(new YopEncryptProtocol.ParseParams(str, yopCredentials, encryptOptions));
        }
        return null;
    }
}
