package com.taobao.session.safe.impl;

import com.taobao.session.ConfigEntry;
import com.taobao.session.SessionKeyConstants;
import com.taobao.session.TaobaoSession;
import com.taobao.session.TaobaoSessionVisitor;
import com.taobao.session.comm.SessionRequest;
import com.taobao.session.except.TairReadFailureException;
import com.taobao.session.metadata.SafeType;
import com.taobao.session.mng.Constant;
import com.taobao.session.mng.monitor.CookieMonitor;
import com.taobao.session.safe.SafeCheckResult;
import com.taobao.session.util.CommonUtils;
import com.taobao.session.util.SessionExceptionStatus;
import com.taobao.session.util.SessionUtils;
import com.taobao.session.util.UserCheckUtil;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:lib/tbsession-3.1.4.7.jar:com/taobao/session/safe/impl/TaobaoSignChecker.class */
public class TaobaoSignChecker extends AbstractSafeCheck {
    @Override // com.taobao.session.safe.impl.AbstractSafeCheck
    public SafeCheckResult checkIsValidate(SessionRequest sessionRequest, TaobaoSession taobaoSession, boolean z) throws TairReadFailureException {
        return (CommonUtils.getTaobaoSessionConfig(taobaoSession).isHighVistApp() || taobaoSession.isDisaster() || taobaoSession.isClientModel() || taobaoSession.isThirdSession()) ? new SafeCheckResult(true) : sessionSignatureCheck(sessionRequest, taobaoSession, z);
    }

    private static SafeCheckResult sessionSignatureCheck(SessionRequest sessionRequest, TaobaoSession taobaoSession, boolean z) throws TairReadFailureException {
        if (SessionUtils.isLogin(taobaoSession) || SessionUtils.isSubUserLogin(taobaoSession)) {
            int clientVersion = taobaoSession.getClientVersion();
            ConfigEntry configEntry = taobaoSession.getConfig().getConfigEntry(SessionKeyConstants.ATTRIBUTE_SIGNATURE, clientVersion);
            String str = (String) TaobaoSessionVisitor.getCookieStore(taobaoSession).getAttribute(configEntry, taobaoSession.getConfig().getProperties(clientVersion));
            if (StringUtils.isBlank(str)) {
                if ((!z || SessionUtils.isSubUserLogin(taobaoSession)) && !CommonUtils.getTaobaoSessionConfig(taobaoSession).isNewSessionSGCheck()) {
                    return new SafeCheckResult(true);
                }
                taobaoSession.getStatus().setStatus(SessionExceptionStatus.Status.STATUS_VALIDATE_FAILED).setErrorMessage("sign failed,cookie sg is null");
                taobaoSession.invalidate();
                return new SafeCheckResult(false);
            }
            if (str.length() == 3 && z && !CommonUtils.getTaobaoSessionConfig(taobaoSession).isNewSessionSGCheck()) {
                return signatureCheck(sessionRequest, taobaoSession, str);
            }
            if (str.length() != 3 || CommonUtils.getTaobaoSessionConfig(taobaoSession).isNewSessionSGCheck()) {
                String str2 = (String) TaobaoSessionVisitor.getTairStore(taobaoSession).getAttribute(configEntry, taobaoSession.getConfig().getProperties(clientVersion));
                if (StringUtils.isBlank(str2)) {
                    taobaoSession.invalidate();
                    taobaoSession.getStatus().setStatus(SessionExceptionStatus.Status.STATUS_VALIDATE_FAILED).setErrorMessage("sign failed,tair sg is null");
                    return new SafeCheckResult(false);
                }
                if (!str.equals(str2)) {
                    taobaoSession.invalidate();
                    taobaoSession.getStatus().setStatus(SessionExceptionStatus.Status.STATUS_VALIDATE_FAILED).setErrorMessage("sign failed,not equals!");
                    return new SafeCheckResult(false);
                }
            }
        }
        return new SafeCheckResult(true);
    }

    public static SafeCheckResult signatureCheck(SessionRequest sessionRequest, TaobaoSession taobaoSession, String str) {
        CookieMonitor.log(CommonUtils.getTaobaoSessionConfig(taobaoSession), Constant.RECORD_SGN);
        String generatesecuritySignature = UserCheckUtil.generatesecuritySignature(taobaoSession);
        if (StringUtils.equals(str, generatesecuritySignature)) {
            return new SafeCheckResult(true);
        }
        CookieMonitor.getCookieLogger().error("signature failure: sid=" + taobaoSession.getId() + " ip=" + sessionRequest.getRemoteAddr() + " nick=" + taobaoSession.getAttribute(SessionKeyConstants.ATTRIBUTE_NICK) + " uidn=" + taobaoSession.getAttribute(SessionKeyConstants.ATTRIBUTE_USER_ID_NUM) + " uid=" + taobaoSession.getAttribute(SessionKeyConstants.ATTRIBUTE_USER_ID) + " signature=" + taobaoSession.getAttribute(SessionKeyConstants.ATTRIBUTE_SIGNATURE) + " request=" + sessionRequest.getRequestURL() + " referer=" + sessionRequest.getHeader("Referer"));
        CookieMonitor.log(CommonUtils.getTaobaoSessionConfig(taobaoSession), "sgn", "F");
        if (null != taobaoSession.getAttribute(SessionKeyConstants.ATTRIBUTE_USER_ID) || null == taobaoSession.getAttribute(SessionKeyConstants.ATTRIBUTE_SIGNATURE)) {
            CookieMonitor.log(CommonUtils.getTaobaoSessionConfig(taobaoSession), "sgn", "FC");
        } else {
            CookieMonitor.log(CommonUtils.getTaobaoSessionConfig(taobaoSession), "sgn", "FT");
        }
        taobaoSession.getStatus().setStatus(SessionExceptionStatus.Status.STATUS_VALIDATE_FAILED).setErrorMessage("sign failed,serverSg=" + str + ",nsg=" + generatesecuritySignature);
        taobaoSession.invalidate();
        return new SafeCheckResult(false);
    }

    @Override // com.taobao.session.safe.SafeChecker
    public SafeType getSafeType() {
        return SafeType.TAOBAO_SIGN;
    }
}
