package com.fr.fs.privilege.auth;

import com.fr.data.DataUtils;
import com.fr.data.core.db.dialect.TypeUtils;
import com.fr.file.CustomConfigManager;
import com.fr.general.FRLogger;
import com.fr.general.http.HttpClient;
import com.fr.general.web.ParameterConsts;
import com.fr.privilege.PrivilegeManager;
import com.fr.privilege.base.PrivilegeFilter;
import com.fr.privilege.base.PrivilegeVote;
import com.fr.privilege.filter.PrivilegeFilterManager;
import com.fr.privilege.filter.core.PrivilegeVoteImpls;
import com.fr.privilege.filter.core.RSAUtils;
import com.fr.stable.Constants;
import com.fr.stable.EncodeConstants;
import com.fr.stable.StringUtils;
import com.fr.stable.xml.XMLPrintWriter;
import com.fr.stable.xml.XMLableReader;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.PublicKey;
import java.util.Timer;
import java.util.TimerTask;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/fr/fs/privilege/auth/DigitalSignPrivilegeFilter.class */
public class DigitalSignPrivilegeFilter extends BasePrivilegeFilter {
    private static final long serialVersionUID = 1;
    private static final String XML_TAG = "PFKEYURL";
    private static final int SUCCESS = 1;
    private static final int TIMEOUT = 0;
    private static final int ERROR = -1;
    private String keyURL;
    private static final String[] CHECK_NAMES = {"reportlet", "reportlets", ParameterConsts.CHARTLET, "formlet", ParameterConsts.RESULTLET};
    public static int TIME_OUT = TypeUtils.JAVA_OBJECT;
    private static PublicKey publicKey = null;
    private static int toGetKeyCount = 0;

    public DigitalSignPrivilegeFilter() {
        this.keyURL = null;
    }

    public DigitalSignPrivilegeFilter(String str) {
        this.keyURL = null;
        this.keyURL = str;
    }

    public String getKeyURL() {
        return this.keyURL;
    }

    public void setKeyURL(String str) {
        this.keyURL = str;
    }

    @Override // com.fr.fs.privilege.auth.BasePrivilegeFilter, com.fr.privilege.base.PrivilegeFilter
    public void init4Server() {
        toGetPublicKey(false);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static synchronized void toGetPublicKey(boolean z) {
        toGetKeyCount++;
        if (z) {
            try {
                getPublicKey();
            } catch (Exception e) {
                FRLogger.getLogger().error(e.getMessage());
            }
        }
        if ((PrivilegeManager.getInstance().getPrivilegeFilter() instanceof DigitalSignPrivilegeFilter) && publicKey == null) {
            PrivilegeFilterManager.PRIVILEGE_FILTER_TIMER = new Timer();
            PrivilegeFilterManager.PRIVILEGE_FILTER_TIMER.schedule(new TimerTask() { // from class: com.fr.fs.privilege.auth.DigitalSignPrivilegeFilter.1
                @Override // java.util.TimerTask, java.lang.Runnable
                public void run() {
                    DigitalSignPrivilegeFilter.toGetPublicKey(true);
                }
            }, toGetKeyCount * toGetKeyCount * TIME_OUT);
        }
    }

    public static synchronized void getPublicKey() throws Exception {
        if (publicKey != null) {
            return;
        }
        PrivilegeFilter privilegeFilter = PrivilegeManager.getInstance().getPrivilegeFilter();
        if (!(privilegeFilter instanceof DigitalSignPrivilegeFilter)) {
            throw new Exception("No DigitalSign Settings Info exists!");
        }
        String keyURL = ((DigitalSignPrivilegeFilter) privilegeFilter).getKeyURL();
        if (StringUtils.isBlank(keyURL)) {
            throw new Exception("Get PublicKey Url is blank");
        }
        HttpClient httpClient = new HttpClient(keyURL);
        int responseCode = httpClient.getResponseCode();
        if (responseCode != 200) {
            throw new Exception("Get PublicKey method failed, status is : " + responseCode);
        }
        generateKey(httpClient);
    }

    private static void generateKey(HttpClient httpClient) throws Exception {
        try {
            String responseText = httpClient.getResponseText();
            if (StringUtils.isBlank(responseText)) {
                throw new Exception("Get PublicKey failed, response is " + responseText);
            }
            String[] split = responseText.split("&");
            if (split == null || split.length != 2) {
                throw new Exception("Get PublicKey failed, response style is wrong");
            }
            try {
                publicKey = RSAUtils.generateRSAPublicKey(new BigInteger(split[0]), new BigInteger(split[1]));
                if (publicKey != null) {
                    FRLogger.getLogger().infoWithServerLevel("Get PF KEY Successfully!");
                }
            } catch (Exception e) {
                throw new Exception("Generate PublicKey failed, response style is wrong, modulus str is " + split[0] + ", exponent str is " + split[1]);
            }
        } finally {
            httpClient.release();
        }
    }

    public static boolean verify(byte[] bArr, byte[] bArr2) {
        if (publicKey == null) {
            try {
                getPublicKey();
            } catch (Exception e) {
                FRLogger.getLogger().error(e.getMessage());
                return false;
            }
        }
        if (publicKey == null) {
            FRLogger.getLogger().error("No publicKey exists, verify failed.");
            return false;
        }
        try {
            return RSAUtils.verify(bArr, bArr2, publicKey);
        } catch (Exception e2) {
            FRLogger.getLogger().error("Privilege Filter Verify Failed " + e2.getMessage(), e2);
            return false;
        }
    }

    @Override // com.fr.fs.privilege.auth.BasePrivilegeFilter, com.fr.privilege.base.PrivilegeFilter
    public PrivilegeVote filter(HttpServletRequest httpServletRequest) {
        int doFilter = doFilter(httpServletRequest);
        return doFilter == 1 ? PrivilegeVoteImpls.SUCCESS : doFilter == 0 ? PrivilegeVoteImpls.MP_AUTH_TIMEOUT : super.isHyperLinkNoCheck(httpServletRequest);
    }

    private int doFilter(HttpServletRequest httpServletRequest) {
        String str = null;
        for (int i = 0; i < CHECK_NAMES.length; i++) {
            str = DataUtils.getHTTPRequestParameter(httpServletRequest, CHECK_NAMES[i]);
            if (StringUtils.isNotBlank(str)) {
                break;
            }
        }
        if (StringUtils.isBlank(str)) {
            return 1;
        }
        String hTTPRequestParameter = DataUtils.getHTTPRequestParameter(httpServletRequest, Constants.PF.FR_DIGITALSIGNATURE_INFO);
        if (StringUtils.isBlank(hTTPRequestParameter)) {
            return -1;
        }
        String hTTPRequestParameter2 = DataUtils.getHTTPRequestParameter(httpServletRequest, Constants.PF.FR_DIGITALSIGNATURE_CURRENT_TIME);
        if (StringUtils.isBlank(hTTPRequestParameter2)) {
            return -1;
        }
        try {
            if (System.currentTimeMillis() - Long.parseLong(hTTPRequestParameter2) > getTimeout()) {
                return 0;
            }
            HttpSession session = httpServletRequest.getSession(false);
            String str2 = session != null ? (String) session.getAttribute("fr_username") : null;
            String hTTPRequestParameter3 = DataUtils.getHTTPRequestParameter(httpServletRequest, ParameterConsts.OP);
            try {
                return verify(new StringBuilder().append(str).append(hTTPRequestParameter3 != null ? new StringBuilder().append("&").append(hTTPRequestParameter3).toString() : StringUtils.EMPTY).append("&").append(hTTPRequestParameter2).append(str2 != null ? new StringBuilder().append("&").append(str2).toString() : StringUtils.EMPTY).toString().getBytes(EncodeConstants.ENCODING_ISO_8859_1), RSAUtils.hexStringToBytes(hTTPRequestParameter)) ? 1 : -1;
            } catch (UnsupportedEncodingException e) {
                FRLogger.getLogger().error(e.getMessage(), e);
                return -1;
            }
        } catch (Exception e2) {
            FRLogger.getLogger().error(e2.getMessage(), e2);
            return -1;
        }
    }

    @Override // com.fr.fs.privilege.auth.BasePrivilegeFilter, com.fr.stable.xml.XMLReadable
    public void readXML(XMLableReader xMLableReader) {
        if (xMLableReader.isChildNode() && XML_TAG.equals(xMLableReader.getTagName())) {
            this.keyURL = xMLableReader.getElementValue();
        }
    }

    @Override // com.fr.fs.privilege.auth.BasePrivilegeFilter, com.fr.stable.xml.XMLWriter
    public void writeXML(XMLPrintWriter xMLPrintWriter) {
        super.writeXML(xMLPrintWriter);
        if (this.keyURL != null) {
            xMLPrintWriter.startTAG(XML_TAG).textNode(this.keyURL).end();
        }
    }

    @Override // com.fr.fs.privilege.auth.BasePrivilegeFilter, com.fr.stable.FCloneable
    public Object clone() throws CloneNotSupportedException {
        DigitalSignPrivilegeFilter digitalSignPrivilegeFilter = (DigitalSignPrivilegeFilter) super.clone();
        digitalSignPrivilegeFilter.keyURL = this.keyURL;
        return digitalSignPrivilegeFilter;
    }

    @Override // com.fr.fs.privilege.auth.BasePrivilegeFilter, com.fr.privilege.base.PrivilegeFilter
    public int getID() {
        return 2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.fr.fs.privilege.auth.BasePrivilegeFilter
    public long getTimeout() {
        return CustomConfigManager.getInstance().getDigitalPrivilegeTimeout();
    }
}
