package com.gw.astp;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/gw/astp/GwAstpHttpServletFilter.class */
public class GwAstpHttpServletFilter implements Filter {
    public static String X_Astp_Version = "X-Astp-Version";
    public static String X_Astp_Hand = "X-Astp-Hand";
    public static String X_Astp_Hand_Type = "X-Astp-Hand-Type";
    public static String X_Astp_Rsa_KeyId = "X-Astp-Rsa-KeyId";
    public static String X_Astp_Rsa_Key = "X-Astp-Rsa-Key";
    public static String X_Astp_Dh_KeyId = "X-Astp-Dh-KeyId";
    public static String X_Astp_Dh_Key = "X-Astp-Dh-Key";
    public static String X_Astp_Verify_Key = "X-Astp-Verify-Key";
    public static String X_Astp_Verify_Type = "X-Astp-Verify-Type";
    public static String X_Astp_Aes_Key = "X-Astp-Aes-Key";
    public static String X_Astp_KeyExchange_Type = "X-Astp-KeyExchange-Type";
    public static String X_Astp_Rsa_Algorithm = "X-Astp-Rsa-Algorithm";
    public static String X_Astp_Aes_Algorithm = "X-Astp-Aes-Algorithm";
    public static String X_Astp_Aes_SpecIv = "X-Astp-Aes-SpecIv";
    public static String X_Astp_Crypto_Type = "X-Astp-Crypto-Type";
    public static String X_Astp_Crypto_Parameters = "X-Astp-Crypto-Parameters";

    public GwAstpVerifyTool getAstpVerifyTool() {
        return GwAstpVerifyTool.getTool();
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        byte[] secretKey;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!httpServletRequest.isSecure() && "1.0".equals(httpServletRequest.getHeader(X_Astp_Version))) {
            String header = httpServletRequest.getHeader(X_Astp_Hand);
            if (header != null) {
                String lowerCase = header.toLowerCase();
                String header2 = httpServletRequest.getHeader(X_Astp_Hand_Type);
                if (header2 == null || "".equals(header2)) {
                    header2 = "RSA";
                }
                String upperCase = header2.toUpperCase();
                boolean equals = upperCase.equals("RSA");
                boolean equals2 = upperCase.equals("DH");
                if (lowerCase.equals("get")) {
                    if (equals) {
                        httpServletResponse.setHeader(X_Astp_Rsa_KeyId, GwAstpRsaTool.getRSAPublicKeyId());
                        httpServletResponse.setHeader(X_Astp_Rsa_Key, GwAstpRsaTool.getRSAPublicKeyString());
                    } else if (equals2) {
                        httpServletResponse.setHeader(X_Astp_Dh_KeyId, GwAstpDhTool.getPublicKeyId());
                        httpServletResponse.setHeader(X_Astp_Dh_Key, GwAstpDhTool.getPublicKeyString());
                    }
                } else if (lowerCase.equals("post")) {
                    if (equals) {
                        String header3 = httpServletRequest.getHeader(X_Astp_Rsa_KeyId);
                        httpServletResponse.setHeader(X_Astp_Rsa_KeyId, GwAstpRsaTool.getRSAPublicKeyId());
                        if (!GwAstpRsaTool.getRSAPublicKeyId().equals(header3)) {
                            httpServletResponse.setHeader(X_Astp_Rsa_Key, GwAstpRsaTool.getRSAPublicKeyString());
                        }
                    } else if (equals2) {
                        String header4 = httpServletRequest.getHeader(X_Astp_Dh_KeyId);
                        httpServletResponse.setHeader(X_Astp_Dh_KeyId, GwAstpDhTool.getPublicKeyId());
                        if (!GwAstpDhTool.getPublicKeyId().equals(header4)) {
                            httpServletResponse.setHeader(X_Astp_Dh_Key, GwAstpDhTool.getPublicKeyString());
                        }
                    }
                } else if (lowerCase.equals("head")) {
                    if (equals) {
                        if (GwAstpRsaTool.getRSAPublicKeyId().equals(httpServletRequest.getHeader(X_Astp_Rsa_KeyId))) {
                            httpServletResponse.setHeader(X_Astp_Rsa_KeyId, GwAstpRsaTool.getRSAPublicKeyId());
                        }
                    } else if (equals2) {
                        if (GwAstpDhTool.getPublicKeyId().equals(httpServletRequest.getHeader(X_Astp_Dh_KeyId))) {
                            httpServletResponse.setHeader(X_Astp_Dh_KeyId, GwAstpDhTool.getPublicKeyId());
                        }
                    }
                }
                if (equals) {
                    httpServletResponse.setHeader(X_Astp_Verify_Type, "codebook64");
                    httpServletResponse.setHeader(X_Astp_Verify_Key, getAstpVerifyTool().digestString(GwAstpRsaTool.getRSAPublicKeyString()));
                } else if (equals2) {
                    httpServletResponse.setHeader(X_Astp_Verify_Type, "codebook64");
                    httpServletResponse.setHeader(X_Astp_Verify_Key, getAstpVerifyTool().digestString(GwAstpDhTool.getPublicKeyString()));
                }
                if (!lowerCase.equals("head")) {
                    httpServletResponse.getWriter().write("");
                    httpServletResponse.getWriter().flush();
                    return;
                }
            }
            String header5 = httpServletRequest.getHeader(X_Astp_Crypto_Type);
            if (header5 != null) {
                if (!header5.toUpperCase().equals("AES")) {
                    throw new GwAstpException("目前服务器端只支持AES加密");
                }
                String header6 = httpServletRequest.getHeader(X_Astp_Aes_Key);
                String header7 = httpServletRequest.getHeader(X_Astp_KeyExchange_Type);
                if (header7 == null || "".equals(header7)) {
                    header7 = "RSA";
                }
                if (header7.equals("RSA")) {
                    if (!GwAstpRsaTool.getRSAPublicKeyId().equals(httpServletRequest.getHeader(X_Astp_Rsa_KeyId))) {
                        throw new GwAstpException("公钥信息错误");
                    }
                    try {
                        secretKey = GwAstpRsaTool.decryptByPrivateKey(header6, httpServletRequest.getHeader(X_Astp_Rsa_Algorithm));
                    } catch (Exception e) {
                        throw new GwAstpException("解密aes密钥发生错误", e);
                    }
                } else {
                    if (!header7.equals("DH")) {
                        throw new GwAstpException("错误的密钥交换方式：" + header7);
                    }
                    String header8 = httpServletRequest.getHeader("X-Astp-Dh-Key");
                    if (header8 == null || "".equals(header8)) {
                        throw new GwAstpException("密钥交换模式为DH情况下缺少X-Astp-Dh-Key参数");
                    }
                    secretKey = GwAstpDhTool.getSecretKey(header8, "AES");
                }
                String header9 = httpServletRequest.getHeader(X_Astp_Aes_Algorithm);
                if (header9 == null || "".equals(header9)) {
                    header9 = "AES/CBC/NoPadding";
                }
                try {
                    Cipher cipher = Cipher.getInstance(header9);
                    SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey, "AES");
                    try {
                        String header10 = httpServletRequest.getHeader(X_Astp_Aes_SpecIv);
                        if (header10 != null) {
                            cipher.init(2, secretKeySpec, new IvParameterSpec(header10.getBytes(GwAstpRsaTool.charset)));
                        } else {
                            cipher.init(2, secretKeySpec);
                        }
                        String header11 = httpServletRequest.getHeader(X_Astp_Crypto_Parameters);
                        httpServletRequest = header11 != null ? new GwAstpParameterRequestWrapper(httpServletRequest, cipher, header11.split(",")) : new GwAstpInputStreamRequestWrapper(httpServletRequest, cipher);
                    } catch (InvalidAlgorithmParameterException e2) {
                        throw new GwAstpException("AES偏移量参数有误初始化解密器发生错误", e2);
                    } catch (InvalidKeyException e3) {
                        throw new GwAstpException("AES密钥有误初始化解密器发生错误", e3);
                    }
                } catch (Exception e4) {
                    throw new GwAstpException(String.valueOf(X_Astp_Aes_Algorithm) + " 设置错误:" + header9, e4);
                }
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }
}
