package cn.dev33.satoken.sign;

import cn.dev33.satoken.SaManager;
import cn.dev33.satoken.config.SaSignConfig;
import cn.dev33.satoken.context.model.SaRequest;
import cn.dev33.satoken.error.SaErrorCode;
import cn.dev33.satoken.exception.SaSignException;
import cn.dev33.satoken.secure.SaSecureUtil;
import cn.dev33.satoken.util.SaFoxUtil;
import java.util.Map;
import java.util.TreeMap;
import org.postgresql.jdbc.EscapedFunctions;

/* loaded from: input_file:BOOT-INF/lib/sa-token-core-1.38.0.jar:cn/dev33/satoken/sign/SaSignTemplate.class */
public class SaSignTemplate {
    SaSignConfig signConfig;
    public static String key = "key";
    public static String timestamp = "timestamp";
    public static String nonce = "nonce";
    public static String sign = EscapedFunctions.SIGN;

    public SaSignTemplate() {
    }

    public SaSignTemplate(SaSignConfig saSignConfig) {
        this.signConfig = saSignConfig;
    }

    public SaSignConfig getSignConfig() {
        return this.signConfig;
    }

    public SaSignConfig getSignConfigOrGlobal() {
        return this.signConfig != null ? this.signConfig : SaManager.getConfig().getSign();
    }

    public String getSecretKey() {
        return getSignConfigOrGlobal().getSecretKey();
    }

    public SaSignTemplate setSignConfig(SaSignConfig saSignConfig) {
        this.signConfig = saSignConfig;
        return this;
    }

    public String joinParams(Map<String, ?> map) {
        StringBuilder sb = new StringBuilder();
        for (String str : map.keySet()) {
            Object obj = map.get(str);
            if (!SaFoxUtil.isEmpty(obj)) {
                sb.append(str).append("=").append(obj).append("&");
            }
        }
        if (sb.length() > 0) {
            sb.deleteCharAt(sb.length() - 1);
        }
        return sb.toString();
    }

    public String joinParamsDictSort(Map<String, ?> map) {
        if (!(map instanceof TreeMap)) {
            map = new TreeMap(map);
        }
        return joinParams(map);
    }

    public String createSign(Map<String, ?> map) {
        String secretKey = getSecretKey();
        SaSignException.notEmpty(secretKey, "参与参数签名的秘钥不可为空", SaErrorCode.CODE_12201);
        if (map.containsKey(sign)) {
            map = new TreeMap(map);
            map.remove(sign);
        }
        String str = joinParamsDictSort(map) + "&" + key + "=" + secretKey;
        String abstractStr = abstractStr(str);
        SaManager.log.debug("fullStr：{}", str);
        SaManager.log.debug("signStr：{}", abstractStr);
        return abstractStr;
    }

    public String abstractStr(String str) {
        return SaSecureUtil.md5(str);
    }

    public Map<String, Object> addSignParams(Map<String, Object> map) {
        map.put(timestamp, String.valueOf(System.currentTimeMillis()));
        map.put(nonce, SaFoxUtil.getRandomString(32));
        map.put(sign, createSign(map));
        return map;
    }

    public String addSignParamsAndJoin(Map<String, Object> map) {
        return joinParams(addSignParams(map));
    }

    public boolean isValidTimestamp(long j) {
        long timestampDisparity = getSignConfigOrGlobal().getTimestampDisparity();
        return timestampDisparity == -1 || Math.abs(System.currentTimeMillis() - j) <= timestampDisparity;
    }

    public void checkTimestamp(long j) {
        if (!isValidTimestamp(j)) {
            throw new SaSignException("timestamp 超出允许的范围：" + j).setCode(SaErrorCode.CODE_12203);
        }
    }

    public boolean isValidNonce(String str) {
        if (SaFoxUtil.isEmpty(str)) {
            return false;
        }
        return SaManager.getSaTokenDao().get(splicingNonceSaveKey(str)) == null;
    }

    public void checkNonce(String str) {
        if (SaFoxUtil.isEmpty(str)) {
            throw new SaSignException("nonce 为空，无效");
        }
        String splicingNonceSaveKey = splicingNonceSaveKey(str);
        if (SaManager.getSaTokenDao().get(splicingNonceSaveKey) != null) {
            throw new SaSignException("此 nonce 已被使用过，不可重复使用：" + str);
        }
        SaManager.getSaTokenDao().set(splicingNonceSaveKey, str, (getSignConfigOrGlobal().getSaveNonceExpire() * 2) + 2);
    }

    public boolean isValidSign(Map<String, ?> map, String str) {
        return createSign(map).equals(str);
    }

    public void checkSign(Map<String, ?> map, String str) {
        if (!isValidSign(map, str)) {
            throw new SaSignException("无效签名：" + str).setCode(SaErrorCode.CODE_12202);
        }
    }

    public boolean isValidParamMap(Map<String, String> map) {
        String str = map.get(timestamp);
        String str2 = map.get(nonce);
        String str3 = map.get(sign);
        return !SaFoxUtil.isEmpty(str) && !SaFoxUtil.isEmpty(str3) && isValidTimestamp(Long.parseLong(str)) && isValidNonce(str2) && isValidSign(map, str3);
    }

    public void checkParamMap(Map<String, String> map) {
        String str = map.get(timestamp);
        String str2 = map.get(nonce);
        String str3 = map.get(sign);
        SaSignException.notEmpty(str, "缺少 timestamp 字段");
        SaSignException.notEmpty(str2, "缺少 nonce 字段");
        SaSignException.notEmpty(str3, "缺少 sign 字段");
        checkTimestamp(Long.parseLong(str));
        checkNonce(str2);
        checkSign(map, str3);
    }

    public boolean isValidRequest(SaRequest saRequest, String... strArr) {
        return strArr.length == 0 ? isValidParamMap(saRequest.getParamMap()) : isValidParamMap(takeRequestParam(saRequest, strArr));
    }

    public void checkRequest(SaRequest saRequest, String... strArr) {
        if (strArr.length == 0) {
            checkParamMap(saRequest.getParamMap());
        } else {
            checkParamMap(takeRequestParam(saRequest, strArr));
        }
    }

    public Map<String, String> takeRequestParam(SaRequest saRequest, String[] strArr) {
        TreeMap treeMap = new TreeMap();
        treeMap.put(timestamp, saRequest.getParam(timestamp));
        treeMap.put(nonce, saRequest.getParam(nonce));
        treeMap.put(sign, saRequest.getParam(sign));
        for (String str : strArr) {
            treeMap.put(str, saRequest.getParam(str));
        }
        return treeMap;
    }

    public String splicingNonceSaveKey(String str) {
        return SaManager.getConfig().getTokenName() + ":sign:nonce:" + str;
    }
}
