package cn.weforward.protocol.auth;

import cn.weforward.common.crypto.Base64;
import cn.weforward.common.crypto.Hex;
import cn.weforward.common.util.StringBuilderPool;
import cn.weforward.common.util.StringUtil;
import cn.weforward.protocol.Header;
import cn.weforward.protocol.auth.AuthEngine;
import cn.weforward.protocol.exception.AuthException;
import cn.weforward.protocol.exception.WeforwardException;
import java.security.MessageDigest;
import java.util.Random;

/* loaded from: input_file:cn/weforward/protocol/auth/Sha2AuthEngine.class */
public class Sha2AuthEngine implements AuthEngine {
    protected Random m_Random = new Random();

    @Override // cn.weforward.protocol.auth.AuthEngine
    public String getType() {
        return Header.AUTH_TYPE_SHA2;
    }

    @Override // cn.weforward.protocol.auth.AuthEngine
    public AuthEngine.Output encode(AuthEngine.Input input) throws AuthException {
        if (StringUtil.isEmpty(input.accessId)) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, "access id值不能为空");
        }
        if (input.accessKey == null || input.accessKey.length == 0) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, "access key值不能为空");
        }
        String str = input.noise;
        if (StringUtil.isEmpty(str)) {
            str = Hex.toHex64((System.currentTimeMillis() << 20) | (this.m_Random.nextInt() & 1048575));
        }
        try {
            StringBuilder poll = StringBuilderPool._8k.poll();
            try {
                poll.append(input.serviceName);
                poll.append(input.accessId);
                poll.append(Base64.encode(input.accessKey));
                poll.append(str);
                if (!StringUtil.isEmpty(input.tag)) {
                    poll.append(input.tag);
                }
                if (!StringUtil.isEmpty(input.channel)) {
                    poll.append(input.channel);
                }
                MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
                if (input.dataLength > 0) {
                    messageDigest.update(input.data, input.dataOffset, input.dataLength);
                }
                String encode = Base64.encode(messageDigest.digest());
                poll.append(encode);
                messageDigest.reset();
                messageDigest.update(poll.toString().getBytes("utf-8"));
                StringBuilderPool._8k.offer(poll);
                String encode2 = Base64.encode(messageDigest.digest());
                AuthEngine.Output output = new AuthEngine.Output();
                output.contentSign = encode;
                output.sign = encode2;
                output.noise = str;
                output.data = input.data;
                output.dataOffset = input.dataOffset;
                output.dataLength = input.dataLength;
                return output;
            } catch (Throwable th) {
                StringBuilderPool._8k.offer(poll);
                throw th;
            }
        } catch (Exception e) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, e);
        }
    }

    @Override // cn.weforward.protocol.auth.AuthEngine
    public AuthEngine.Output decode(AuthEngine.Input input) throws AuthException {
        if (StringUtil.isEmpty(input.accessId)) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, "access id值不能为空");
        }
        if (input.accessKey == null || input.accessKey.length == 0) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, "access key值不能为空");
        }
        if (StringUtil.isEmpty(input.noise)) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, "Noise值不能为空");
        }
        if (StringUtil.isEmpty(input.sign)) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, "Sign值不能为空");
        }
        if (input.sign.length() <= 32 || input.sign.length() > 64) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, "Sign值异常:" + StringUtil.limit(input.sign, 100));
        }
        try {
            StringBuilder poll = StringBuilderPool._8k.poll();
            try {
                poll.append(input.serviceName);
                poll.append(input.accessId);
                Base64.encode(poll, input.accessKey, 0, input.accessKey.length);
                poll.append(input.noise);
                if (!StringUtil.isEmpty(input.tag)) {
                    poll.append(input.tag);
                }
                if (!StringUtil.isEmpty(input.channel)) {
                    poll.append(input.channel);
                }
                if (!StringUtil.isEmpty(input.contentSign)) {
                    poll.append(input.contentSign);
                }
                MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
                messageDigest.update(poll.toString().getBytes("utf-8"));
                StringBuilderPool._8k.offer(poll);
                String encode = Base64.encode(messageDigest.digest());
                if (!encode.equals(input.sign)) {
                    throw new AuthException(WeforwardException.CODE_AUTH_FAIL, "签名不一致：" + encode + " != " + input.sign);
                }
                String str = null;
                if (!StringUtil.isEmpty(input.contentSign)) {
                    try {
                        MessageDigest messageDigest2 = MessageDigest.getInstance("SHA-256");
                        messageDigest2.update(input.data, input.dataOffset, input.dataLength);
                        str = Base64.encode(messageDigest2.digest());
                        if (!str.equals(input.contentSign)) {
                            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, "内容签名不一致：" + str + " != " + input.contentSign);
                        }
                    } catch (Exception e) {
                        throw new AuthException(WeforwardException.CODE_AUTH_FAIL, e);
                    }
                }
                AuthEngine.Output output = new AuthEngine.Output();
                output.sign = encode;
                output.contentSign = str;
                output.noise = input.noise;
                output.data = input.data;
                output.dataOffset = input.dataOffset;
                output.dataLength = input.dataLength;
                return output;
            } catch (Throwable th) {
                StringBuilderPool._8k.offer(poll);
                throw th;
            }
        } catch (Exception e2) {
            throw new AuthException(WeforwardException.CODE_AUTH_FAIL, e2);
        }
    }
}
