package org.rcisoft.core.aop;

import cn.hutool.json.JSONObject;
import cn.hutool.json.JSONUtil;
import java.util.Arrays;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.rcisoft.core.anno.CySaveHtml;
import org.rcisoft.core.controller.CyPaginationController;
import org.rcisoft.core.model.CyPageInfo;
import org.rcisoft.core.security.decrypt.CySM4Util;
import org.rcisoft.core.util.CyEscapeUtil;
import org.rcisoft.core.util.CyRandomUtil;
import org.rcisoft.core.util.CyStrUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.web.context.request.RequestContextHolder;

@Aspect
@Order(90)
/* loaded from: input_file:org/rcisoft/core/aop/CyDecryptSm4ParamAspect.class */
public class CyDecryptSm4ParamAspect {
    private static final Logger log = LoggerFactory.getLogger(CyDecryptSm4ParamAspect.class);

    @Autowired
    private CySM4Util cySM4Util;

    @Around("@annotation(org.rcisoft.core.anno.CyDecryptSm4EnAbled)")
    public Object decryptParameter(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        return dealWithParameterDecrypted(proceedingJoinPoint);
    }

    private Object dealWithParameterDecrypted(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        boolean z = ((CySaveHtml) proceedingJoinPoint.getSignature().getMethod().getAnnotation(CySaveHtml.class)) != null;
        HttpServletRequest request = RequestContextHolder.getRequestAttributes().getRequest();
        boolean matches = HttpMethod.GET.matches(request.getMethod());
        String parameter = request.getParameter("sign");
        if (StringUtils.isAnyEmpty(new CharSequence[]{parameter})) {
            return proceedingJoinPoint.proceed();
        }
        log.debug("sm4 sign:-------" + parameter);
        String decryptData_ECB = this.cySM4Util.decryptData_ECB(parameter);
        log.debug("sm4 content:-------" + decryptData_ECB);
        JSONObject parseObj = JSONUtil.parseObj(decryptData_ECB);
        if (null != parseObj && parseObj.containsKey("rows") && parseObj.containsKey("page")) {
            CyPageInfo cyPageInfo = new CyPageInfo();
            cyPageInfo.setCurrent(parseObj.getInt("page").intValue());
            cyPageInfo.setSize(parseObj.getInt("rows").intValue());
            request.setAttribute(CyPaginationController.PAGINATIONKEY, cyPageInfo);
        }
        Object[] args = proceedingJoinPoint.getArgs();
        if (null == parseObj) {
            return proceedingJoinPoint.proceed(args);
        }
        if (0 == args.length) {
            return proceedingJoinPoint.proceed();
        }
        if (1 != args.length) {
            int i = 0;
            while (true) {
                if (i < args.length) {
                    if (!(args[i] instanceof String) && !(args[i] instanceof Integer)) {
                        args[i] = JSONUtil.toBean(decryptData_ECB, args[i].getClass());
                        xssDefense(args[i], z, matches);
                        log.debug("sm4 arg:-------" + args[i].toString());
                        break;
                    }
                    i++;
                } else {
                    break;
                }
            }
        } else {
            if (args[0] instanceof String) {
                return proceedingJoinPoint.proceed();
            }
            args[0] = JSONUtil.toBean(decryptData_ECB, args[0].getClass());
            xssDefense(args[0], z, matches);
            log.debug("sm4 arg:-------" + args[0].toString());
        }
        return proceedingJoinPoint.proceed(args);
    }

    private void xssDefense(Object obj, boolean z, boolean z2) {
        if (z) {
            return;
        }
        Arrays.stream(obj.getClass().getDeclaredFields()).forEach(field -> {
            if (String.class == field.getType()) {
                try {
                    field.setAccessible(true);
                    String trim = field.get(obj) == null ? null : CyEscapeUtil.clean(field.get(obj).toString()).trim();
                    log.debug("transform html" + trim);
                    if (z2 && !CyStrUtil.searchExcludeIllegal(trim)) {
                        trim = CyRandomUtil.randomStr(10);
                    }
                    log.debug("transform %_" + trim);
                    field.set(obj, trim);
                } catch (IllegalAccessException e) {
                    log.error(e.getMessage());
                }
            }
        });
    }
}
