package cn.weforward.protocol.auth;

import cn.weforward.common.crypto.Base64;
import cn.weforward.common.crypto.Hex;
import cn.weforward.common.io.BytesOutputStream;
import cn.weforward.common.io.OutputStreamStay;
import cn.weforward.common.util.SimpleUtf8Encoder;
import cn.weforward.common.util.StringUtil;
import cn.weforward.protocol.Access;
import cn.weforward.protocol.Header;
import cn.weforward.protocol.exception.AuthException;
import cn.weforward.protocol.exception.WeforwardException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.ByteBuffer;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Random;

/* loaded from: input_file:cn/weforward/protocol/auth/Sha2OutputStream.class */
public class Sha2OutputStream extends AutherOutputStream {
    protected static final Random RANDOM = new Random();
    protected String m_ContentSign;
    protected MessageDigest m_ContentDigest;

    @Override // cn.weforward.protocol.auth.AutherOutputStream
    protected Header authHeader(Header header) throws AuthException {
        if (2 == this.m_Mode) {
            decodeHeader(header);
        } else {
            encodeHeader(header);
        }
        return header;
    }

    void decodeHeader(Header header) throws AuthException {
        String contentSign = header.getContentSign();
        if (StringUtil.isEmpty(contentSign) && !this.m_IgnoreContent) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, "缺少'content sign'");
        }
        String service = header.getService();
        if (StringUtil.isEmpty(service)) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, "缺少'service'");
        }
        String accessId = header.getAccessId();
        if (StringUtil.isEmpty(accessId)) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, "缺少'access id'");
        }
        String noise = header.getNoise();
        if (StringUtil.isEmpty(noise)) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, "缺少'noise'");
        }
        String sign = header.getSign();
        if (StringUtil.isEmpty(sign)) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, "缺少'sign'");
        }
        if (sign.length() <= 32 || sign.length() > 64) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, "'sign'值异常:" + StringUtil.limit(sign, 100));
        }
        Access validAccess = this.m_AccessLoader.getValidAccess(accessId);
        if (validAccess == null) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, "'access id'无效:" + accessId);
        }
        try {
            final MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            SimpleUtf8Encoder simpleUtf8Encoder = new SimpleUtf8Encoder(new OutputStream() { // from class: cn.weforward.protocol.auth.Sha2OutputStream.1
                @Override // java.io.OutputStream
                public void write(int i) throws IOException {
                    messageDigest.update((byte) i);
                }
            });
            simpleUtf8Encoder.encode(service);
            simpleUtf8Encoder.encode(accessId);
            simpleUtf8Encoder.encode(validAccess.getAccessKeyBase64());
            simpleUtf8Encoder.encode(noise);
            if (!StringUtil.isEmpty(header.getTag())) {
                simpleUtf8Encoder.encode(header.getTag());
            }
            if (!StringUtil.isEmpty(header.getChannel())) {
                simpleUtf8Encoder.encode(header.getChannel());
            }
            if (!StringUtil.isEmpty(contentSign)) {
                simpleUtf8Encoder.encode(contentSign);
            }
            String encode = Base64.encode(messageDigest.digest());
            if (!encode.equals(sign)) {
                throw new AuthException(WeforwardException.CODE_AUTH_FAIL, "签名不一致：" + encode + " != " + sign);
            }
            if (isIgnoreContent()) {
                return;
            }
            this.m_ContentSign = contentSign;
            this.m_ContentDigest = openMessageDigest();
        } catch (Exception e) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, e);
        }
    }

    MessageDigest openMessageDigest() throws AuthException {
        try {
            return MessageDigest.getInstance("SHA-256");
        } catch (NoSuchAlgorithmException e) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, e);
        }
    }

    void encodeHeader(Header header) throws AuthException {
        if (StringUtil.isEmpty(header.getService())) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, "缺少'service'");
        }
        if (StringUtil.isEmpty(header.getAccessId())) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, "缺少'access id'");
        }
        if (StringUtil.isEmpty(header.getNoise())) {
            header.setNoise(Hex.toHex64((System.currentTimeMillis() << 20) | (RANDOM.nextInt() & 1048575)));
        }
        if (isIgnoreContent()) {
            header.setSign(genSign(header));
        } else {
            this.m_ContentDigest = openMessageDigest();
        }
    }

    protected String genSign(Header header) throws AuthException {
        Access validAccess = this.m_AccessLoader.getValidAccess(header.getAccessId());
        if (validAccess == null) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, "'access id'无效");
        }
        try {
            final MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            SimpleUtf8Encoder simpleUtf8Encoder = new SimpleUtf8Encoder(new OutputStream() { // from class: cn.weforward.protocol.auth.Sha2OutputStream.2
                @Override // java.io.OutputStream
                public void write(int i) throws IOException {
                    messageDigest.update((byte) i);
                }
            });
            simpleUtf8Encoder.encode(header.getService());
            simpleUtf8Encoder.encode(validAccess.getAccessId());
            simpleUtf8Encoder.encode(Base64.encode(validAccess.getAccessKey()));
            simpleUtf8Encoder.encode(header.getNoise());
            if (!StringUtil.isEmpty(header.getTag())) {
                simpleUtf8Encoder.encode(header.getTag());
            }
            if (!StringUtil.isEmpty(header.getChannel())) {
                simpleUtf8Encoder.encode(header.getChannel());
            }
            if (!StringUtil.isEmpty(header.getContentSign())) {
                simpleUtf8Encoder.encode(header.getContentSign());
            }
            return Base64.encode(messageDigest.digest());
        } catch (Exception e) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, e);
        }
    }

    @Override // cn.weforward.protocol.auth.AutherOutputStream
    public void setTransferTo(Header.HeaderOutput headerOutput, OutputStream outputStream) throws IOException {
        if (isMode(1)) {
            OutputStream wrap = OutputStreamStay.Wrap.wrap(outputStream);
            ((OutputStreamStay) wrap).stay();
            outputStream = wrap;
        }
        super.setTransferTo(headerOutput, outputStream);
    }

    @Override // cn.weforward.protocol.auth.AutherOutputStream
    protected void doFinal() throws AuthException, IOException {
        if (isMode(2)) {
            String encode = Base64.encode(this.m_ContentDigest.digest());
            if (!encode.equals(this.m_ContentSign)) {
                throw new AuthException(WeforwardException.CODE_AUTH_FAIL, "内容签名不一致：" + encode + " != " + this.m_ContentSign);
            }
            return;
        }
        this.m_Header.setContentSign(Base64.encode(this.m_ContentDigest.digest()));
        this.m_Header.setSign(genSign(this.m_Header));
        writeHeader();
        if (this.m_Forward != null) {
            this.m_Forward.flush();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // cn.weforward.protocol.auth.AutherOutputStream
    public void writeHeader() throws IOException {
        if (isMode(1) && StringUtil.isEmpty(this.m_Header.getSign())) {
            return;
        }
        super.writeHeader();
    }

    @Override // cn.weforward.protocol.auth.AutherOutputStream
    protected int update(ByteBuffer byteBuffer) throws IOException, AuthException {
        if (this.m_ContentDigest != null) {
            int position = byteBuffer.position();
            this.m_ContentDigest.update(byteBuffer);
            byteBuffer.position(position);
        }
        return forward(byteBuffer);
    }

    @Override // cn.weforward.protocol.auth.AutherOutputStream
    protected void update(int i) throws AuthException, IOException {
        if (this.m_ContentDigest != null) {
            this.m_ContentDigest.update((byte) i);
        }
        forward(i);
    }

    @Override // cn.weforward.protocol.auth.AutherOutputStream
    protected void update(byte[] bArr, int i, int i2) throws AuthException, IOException {
        if (this.m_ContentDigest != null) {
            this.m_ContentDigest.update(bArr, i, i2);
        }
        forward(bArr, i, i2);
    }

    @Override // cn.weforward.protocol.auth.AutherOutputStream
    protected int update(InputStream inputStream, int i) throws IOException, AuthException {
        return BytesOutputStream.transfer(inputStream, this, i);
    }
}
