package com.qianwen.core.secure.interceptor; import java.time.Duration; import java.util.Date; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.qianwen.core.secure.props.SignSecure; import com.qianwen.core.secure.provider.HttpMethod; import com.qianwen.core.secure.provider.ResponseProvider; import com.qianwen.core.tool.jackson.JsonUtil; import com.qianwen.core.tool.utils.DateUtil; import com.qianwen.core.tool.utils.DigestUtil; import com.qianwen.core.tool.utils.Func; import com.qianwen.core.tool.utils.WebUtil; import org.springframework.lang.NonNull; import org.springframework.util.AntPathMatcher; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; /* loaded from: blade-core-secure-9.3.0.0-SNAPSHOT.jar:org/springblade/core/secure/interceptor/SignInterceptor.class */ public class SignInterceptor extends HandlerInterceptorAdapter { private final List signSecures; private static final String TIMESTAMP = "timestamp"; private static final String NONCE = "nonce"; private static final String SIGNATURE = "signature"; private static final String SHA1 = "sha1"; private static final String MD5 = "md5"; private static final Logger log = LoggerFactory.getLogger(SignInterceptor.class); private static final AntPathMatcher ANT_PATH_MATCHER = new AntPathMatcher(); private static final Integer SECOND_MIN = 0; private static final Integer SECOND_MAX = 10; public SignInterceptor(final List signSecures) { this.signSecures = signSecures; } public boolean preHandle(@NonNull HttpServletRequest request, @NonNull HttpServletResponse response, @NonNull Object handler) { boolean check = ((Boolean) this.signSecures.stream().filter(signSecure -> { return checkAuth(request, signSecure); }).findFirst().map(authSecure -> { return Boolean.valueOf(checkSign(authSecure.getCrypto())); }).orElse(Boolean.TRUE)).booleanValue(); if (!check) { log.warn("授权认证失败,请求接口:{},请求IP:{},请求参数:{}", new Object[]{request.getRequestURI(), WebUtil.getIP(request), JsonUtil.toJson(request.getParameterMap())}); ResponseProvider.write(response); return false; } return true; } private boolean checkAuth(HttpServletRequest request, SignSecure signSecure) { return checkMethod(request, signSecure.getMethod()) && checkPath(request, signSecure.getPattern()); } private boolean checkMethod(HttpServletRequest request, HttpMethod method) { return method == HttpMethod.ALL || (method != null && method == HttpMethod.of(request.getMethod())); } private boolean checkPath(HttpServletRequest request, String pattern) { String servletPath = request.getServletPath(); String pathInfo = request.getPathInfo(); if (pathInfo != null && pathInfo.length() > 0) { servletPath = servletPath + pathInfo; } return ANT_PATH_MATCHER.match(pattern, servletPath); } private boolean checkSign(String crypto) { String sign; try { HttpServletRequest request = WebUtil.getRequest(); if (request == null) { return false; } String timestamp = request.getHeader(TIMESTAMP); long seconds = Duration.between(new Date(Func.toLong(timestamp)).toInstant(), DateUtil.now().toInstant()).getSeconds(); if (seconds < SECOND_MIN.intValue() || seconds > SECOND_MAX.intValue()) { log.warn("授权认证失败,错误信息:{}", "请求时间戳非法"); return false; } String nonce = request.getHeader(NONCE); String signature = request.getHeader(SIGNATURE); if (crypto.equals(MD5)) { sign = DigestUtil.md5Hex(timestamp + nonce); } else if (crypto.equals(SHA1)) { sign = DigestUtil.sha1Hex(timestamp + nonce); } else { sign = DigestUtil.sha1Hex(timestamp + nonce); } return sign.equalsIgnoreCase(signature); } catch (Exception e) { log.warn("授权认证失败,错误信息:{}", e.getMessage()); return false; } } }