package com.taobao.session.safe.impl;

import ch.qos.logback.classic.spi.CallerData;
import com.taobao.session.SessionKeyConstants;
import com.taobao.session.TaobaoSession;
import com.taobao.session.comm.ResponseStatus;
import com.taobao.session.comm.SessionRequest;
import com.taobao.session.except.TairReadFailureException;
import com.taobao.session.interceptor.common.ActionType;
import com.taobao.session.metadata.SafeType;
import com.taobao.session.metadata.util.MetaDataUtils;
import com.taobao.session.safe.ProtocolContent;
import com.taobao.session.safe.SafeCheckResult;
import com.taobao.session.util.CommonUtils;
import com.taobao.session.util.GrayControllerHelper;
import com.taobao.session.util.MD5Utils;
import com.taobao.session.util.PolicyUtils;
import com.taobao.session.util.RequestUtils;
import com.taobao.session.util.SafeUtils;
import com.taobao.session.util.SessionUtils;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:lib/tbsession-3.1.4.7.jar:com/taobao/session/safe/impl/ClientProtocolChecker.class */
public class ClientProtocolChecker extends AbstractSafeCheck {
    private static final String RULE_ID = "C_P_L";

    @Override // com.taobao.session.safe.impl.AbstractSafeCheck
    public SafeCheckResult checkIsValidate(SessionRequest sessionRequest, TaobaoSession taobaoSession, boolean z) throws TairReadFailureException {
        SafeCheckResult safeCheckResult = new SafeCheckResult();
        if (!CommonUtils.getTaobaoSessionConfig(taobaoSession).isClientProtocolCheck() || CommonUtils.getTaobaoSessionConfig(taobaoSession).getClientProtocolBlockUrl() == null) {
            safeCheckResult.setValid(true);
            return safeCheckResult;
        }
        if (!MetaDataUtils.isMetaDataLogin(taobaoSession)) {
            safeCheckResult.setValid(true);
            return safeCheckResult;
        }
        String str = (String) taobaoSession.getAttribute(SessionKeyConstants.ATTRIBUTE_CLIENT_PROTOCOL_KEY);
        if (StringUtils.isBlank(str)) {
            safeCheckResult.setValid(true);
            return safeCheckResult;
        }
        if (GrayControllerHelper.grayHit(taobaoSession, GrayControllerHelper.GrayType.PROTOCOL)) {
            return checkProtocolSign(sessionRequest, taobaoSession, str);
        }
        safeCheckResult.setValid(true);
        return safeCheckResult;
    }

    private SafeCheckResult checkProtocolSign(SessionRequest sessionRequest, TaobaoSession taobaoSession, String str) {
        SafeCheckResult safeCheckResult = new SafeCheckResult();
        ProtocolContent decodeProtocolCookie = SafeUtils.decodeProtocolCookie(taobaoSession);
        if (decodeProtocolCookie == null || !decodeProtocolCookie.vaidate()) {
            safeCheckResult.setValid(false);
            fillResult(taobaoSession, safeCheckResult, sessionRequest, "invalidate_session_request_pct");
            return safeCheckResult;
        }
        String str2 = (String) taobaoSession.getAttribute(SessionKeyConstants.ATTRIBUTE_SESSION_WIRELESS_APPKEY);
        if (StringUtils.isBlank(str2)) {
            str2 = (String) taobaoSession.getAttribute(SessionKeyConstants.ATTRIBUTE_SESSION_SDK_APPKEY);
        }
        String id = taobaoSession.getId();
        long timestamp = decodeProtocolCookie.getTimestamp();
        if (StringUtils.isBlank(str2)) {
            safeCheckResult.setValid(true);
            return safeCheckResult;
        }
        if (!signEquals(id, timestamp, str, decodeProtocolCookie.getSign())) {
            safeCheckResult.setValid(false);
            fillResult(taobaoSession, safeCheckResult, sessionRequest, "invalidate_session_request_nq");
            return safeCheckResult;
        }
        long currentTimeMillis = (System.currentTimeMillis() / 1000) - timestamp;
        String str3 = (String) taobaoSession.getAttribute(SessionKeyConstants.ATTRIBUTE_CLIRNT_PROTOCOL_TIME_GAP);
        if (StringUtils.isBlank(str3)) {
            taobaoSession.setAttribute(SessionKeyConstants.ATTRIBUTE_CLIRNT_PROTOCOL_TIME_GAP, Long.valueOf(currentTimeMillis));
            safeCheckResult.setValid(true);
            return safeCheckResult;
        }
        long longValue = currentTimeMillis - Long.valueOf(str3).longValue();
        if (!(longValue > ((long) (CommonUtils.getTaobaoSessionConfig(taobaoSession).getClientProtocolMaxExpiredAllow() + CommonUtils.getTaobaoSessionConfig(taobaoSession).getClientSignInterval()))) && (longValue >= 0 || Math.abs(longValue) <= CommonUtils.getTaobaoSessionConfig(taobaoSession).getClientProtocolMaxExpiredAllow())) {
            safeCheckResult.setValid(true);
            return safeCheckResult;
        }
        safeCheckResult.setValid(false);
        fillResult(taobaoSession, safeCheckResult, sessionRequest, "invalidate_session_request_to");
        return safeCheckResult;
    }

    private boolean signEquals(String str, long j, String str2, String str3) {
        StringBuilder sb = new StringBuilder();
        sb.append(str).append(j).append(str2);
        return MD5Utils.md5(sb.toString()).equals(str3);
    }

    private String formatRedirectUrl(TaobaoSession taobaoSession, SessionRequest sessionRequest) {
        String clientProtocolBlockUrl = CommonUtils.getTaobaoSessionConfig(taobaoSession).getClientProtocolBlockUrl();
        StringBuilder sb = new StringBuilder(CommonUtils.getTaobaoSessionConfig(taobaoSession).getClientProtocolBlockUrl());
        if (clientProtocolBlockUrl.indexOf(63) > 0) {
            sb.append("&");
        } else {
            sb.append(CallerData.NA);
        }
        long currentTimeMillis = System.currentTimeMillis();
        String generateInterceptJumpSign = SafeUtils.generateInterceptJumpSign(ActionType.CLIENT_PRC.getType(), RULE_ID, currentTimeMillis, taobaoSession);
        sb.append("ac=").append(ActionType.CLIENT_PRC.getType()).append("&ruleId=").append(RULE_ID);
        sb.append("&s_t=").append(currentTimeMillis).append("&s_g=").append(generateInterceptJumpSign);
        return RequestUtils.getRedirectURL(sessionRequest, sb.toString());
    }

    private void fillResult(TaobaoSession taobaoSession, SafeCheckResult safeCheckResult, SessionRequest sessionRequest, String str) {
        String formatRedirectUrl = formatRedirectUrl(taobaoSession, sessionRequest);
        if (!SessionUtils.isAjaxRequest(sessionRequest)) {
            safeCheckResult.setStauts(ResponseStatus.S_302);
            safeCheckResult.setResponseData(formatRedirectUrl);
        } else {
            safeCheckResult.setStauts(ResponseStatus.S_JSON);
            safeCheckResult.setContentType("application/json");
            safeCheckResult.setResponseData(PolicyUtils.buildJsonResponse(str, formatRedirectUrl));
        }
    }

    @Override // com.taobao.session.safe.SafeChecker
    public SafeType getSafeType() {
        return SafeType.CLIENT_PROTOCOL;
    }
}
