package com.taobao.api.internal.spi;

import com.huawei.hms.framework.common.ContainerUtils;
import com.taobao.api.Constants;
import com.taobao.api.internal.util.StringUtils;
import com.taobao.api.internal.util.TaobaoUtils;
import com.taobao.api.internal.util.WebUtils;
import java.io.IOException;
import java.io.InputStream;
import java.net.URLDecoder;
import java.util.Arrays;
import java.util.Calendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: classes2.dex */
public class SpiUtils {
    private static final String TOP_SIGN_LIST = "top-sign-list";
    private static final Log log = LogFactory.getLog(SpiUtils.class);
    private static final String[] HEADER_FIELDS_IP = {"X-Real-IP", "X-Forwarded-For", "Proxy-Client-IP", "WL-Proxy-Client-IP", "HTTP_CLIENT_IP", "HTTP_X_FORWARDED_FOR"};

    public static boolean checkRemoteIp(HttpServletRequest httpServletRequest, List<String> list) {
        String remoteAddr = httpServletRequest.getRemoteAddr();
        String[] strArr = HEADER_FIELDS_IP;
        int length = strArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            String header = httpServletRequest.getHeader(strArr[i]);
            if (!StringUtils.isEmpty(header) && !"unknown".equalsIgnoreCase(header)) {
                remoteAddr = header;
                break;
            }
            i++;
        }
        if (list != null) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                if (StringUtils.isIpInRange(remoteAddr, it.next())) {
                    return true;
                }
            }
        }
        return false;
    }

    public static CheckResult checkSign(HttpServletRequest httpServletRequest, String str) throws IOException {
        CheckResult checkResult = new CheckResult();
        String contentType = httpServletRequest.getContentType();
        String responseCharset = WebUtils.getResponseCharset(contentType);
        if ("GET".equals(httpServletRequest.getMethod())) {
            checkResult.setSuccess(checkSignInternal(httpServletRequest, null, null, str, responseCharset));
        } else if (contentType.startsWith(Constants.CTYPE_APP_JSON) || contentType.startsWith(Constants.CTYPE_TEXT_XML) || contentType.startsWith(Constants.CTYPE_APPLICATION_XML) || contentType.startsWith(Constants.CTYPE_TEXT_PLAIN)) {
            String streamAsString = WebUtils.getStreamAsString(httpServletRequest.getInputStream(), responseCharset);
            checkResult.setSuccess(checkSignInternal(httpServletRequest, null, streamAsString, str, responseCharset));
            checkResult.setRequestBody(streamAsString);
        } else {
            if (!contentType.startsWith(Constants.CTYPE_FORM_DATA)) {
                throw new RuntimeException("Unspported SPI request");
            }
            checkResult.setSuccess(checkSignInternal(httpServletRequest, null, null, str, responseCharset));
        }
        return checkResult;
    }

    public static boolean checkSign4FileRequest(HttpServletRequest httpServletRequest, Map<String, String> map, String str) throws IOException {
        return checkSignInternal(httpServletRequest, map, null, str, WebUtils.getResponseCharset(httpServletRequest.getContentType()));
    }

    public static boolean checkSign4FormRequest(HttpServletRequest httpServletRequest, String str) throws IOException {
        return checkSignInternal(httpServletRequest, null, null, str, WebUtils.getResponseCharset(httpServletRequest.getContentType()));
    }

    public static boolean checkSign4TextRequest(HttpServletRequest httpServletRequest, String str, String str2) throws IOException {
        return checkSignInternal(httpServletRequest, null, str, str2, WebUtils.getResponseCharset(httpServletRequest.getContentType()));
    }

    private static boolean checkSignInternal(HttpServletRequest httpServletRequest, Map<String, String> map, String str, String str2, String str3) throws IOException {
        HashMap hashMap = new HashMap();
        hashMap.putAll(getHeaderMap(httpServletRequest, str3));
        Map<String, String> queryMap = getQueryMap(httpServletRequest, str3);
        hashMap.putAll(queryMap);
        if (map == null && str == null) {
            hashMap.putAll(getFormMap(httpServletRequest, queryMap));
        } else if (map != null) {
            hashMap.putAll(map);
        }
        String str4 = queryMap.get("sign");
        String sign = sign(hashMap, str, str2, str3);
        if (sign.equals(str4)) {
            return true;
        }
        String paramStrFromMap = getParamStrFromMap(hashMap);
        log.error("checkTopSign error^_^remoteSign=" + str4 + "^_^localSign=" + sign + "^_^paramStr=" + paramStrFromMap + "^_^body=" + str);
        return false;
    }

    public static boolean checkTimestamp(HttpServletRequest httpServletRequest, int i) {
        String parameter = httpServletRequest.getParameter(Constants.TIMESTAMP);
        if (parameter != null) {
            return Calendar.getInstance().getTime().getTime() - StringUtils.parseDateTime(parameter).getTime() <= ((long) (i * 60)) * 1000;
        }
        return false;
    }

    public static Map<String, String> getFormMap(HttpServletRequest httpServletRequest, Map<String, String> map) throws IOException {
        HashMap hashMap = new HashMap();
        Iterator it = httpServletRequest.getParameterMap().keySet().iterator();
        while (it.hasNext()) {
            String valueOf = String.valueOf(it.next());
            if (!map.containsKey(valueOf)) {
                String parameter = httpServletRequest.getParameter(valueOf);
                if (StringUtils.isEmpty(parameter)) {
                    hashMap.put(valueOf, "");
                } else {
                    hashMap.put(valueOf, parameter);
                }
            }
        }
        return hashMap;
    }

    public static Map<String, String> getHeaderMap(HttpServletRequest httpServletRequest, String str) throws IOException {
        HashMap hashMap = new HashMap();
        String header = httpServletRequest.getHeader(TOP_SIGN_LIST);
        if (!StringUtils.isEmpty(header)) {
            for (String str2 : header.split(com.xiaomi.mipush.sdk.Constants.ACCEPT_TIME_SEPARATOR_SP)) {
                String header2 = httpServletRequest.getHeader(str2);
                if (StringUtils.isEmpty(header2)) {
                    hashMap.put(str2, "");
                } else {
                    hashMap.put(str2, URLDecoder.decode(header2, str));
                }
            }
        }
        return hashMap;
    }

    private static String getParamStrFromMap(Map<String, String> map) {
        StringBuilder sb = new StringBuilder();
        if (map != null && !map.isEmpty()) {
            String[] strArr = (String[]) map.keySet().toArray(new String[0]);
            Arrays.sort(strArr);
            for (String str : strArr) {
                if (!"sign".equals(str)) {
                    sb.append(str);
                    sb.append(map.get(str));
                }
            }
        }
        return sb.toString();
    }

    public static Map<String, String> getQueryMap(HttpServletRequest httpServletRequest, String str) throws IOException {
        HashMap hashMap = new HashMap();
        for (String str2 : httpServletRequest.getQueryString().split(ContainerUtils.FIELD_DELIMITER)) {
            String[] split = str2.split(ContainerUtils.KEY_VALUE_DELIMITER);
            if (split.length == 2) {
                hashMap.put(URLDecoder.decode(split[0], str), URLDecoder.decode(split[1], str));
            } else if (split.length == 1) {
                hashMap.put(URLDecoder.decode(split[0], str), "");
            }
        }
        return hashMap;
    }

    public static String getStreamAsString(InputStream inputStream, String str) throws IOException {
        return WebUtils.getStreamAsString(inputStream, str);
    }

    private static String sign(Map<String, String> map, String str, String str2, String str3) throws IOException {
        StringBuilder sb = new StringBuilder(str2);
        sb.append(getParamStrFromMap(map));
        if (str != null) {
            sb.append(str);
        }
        sb.append(str2);
        return TaobaoUtils.byte2hex(TaobaoUtils.encryptMD5(sb.toString().getBytes(str3)));
    }
}
