package com.yeshi.fanli.aspect;

import java.io.IOException;
import java.io.PrintWriter;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;

import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.Signature;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import org.yeshi.utils.JsonUtil;

import com.yeshi.fanli.log.LogHelper;
import com.yeshi.fanli.util.StringUtil;
import com.yeshi.fanli.util.annotation.RequestNoSignValidate;

import net.sf.json.JSONObject;

//客户端接口签名验证
@Component
@Aspect
public class H5SignValidateAspect {

	public static final String EDP = "execution(* com.yeshi.fanli.controller.apph5.*.*(..))";

	public static String KEY = "thisWarning";

	@Around(EDP)
	public Object appH5Around(ProceedingJoinPoint joinPoint) throws IOException {

		ServletRequestAttributes servletContainer = (ServletRequestAttributes) RequestContextHolder
				.getRequestAttributes();
		HttpServletRequest request = servletContainer.getRequest();

		Signature signature = joinPoint.getSignature();
		MethodSignature methodSignature = (MethodSignature) signature;
		Method targetMethod = methodSignature.getMethod();
		Method realMethod = null;
		try {
			realMethod = joinPoint.getTarget().getClass().getDeclaredMethod(joinPoint.getSignature().getName(),
					targetMethod.getParameterTypes());
		} catch (NoSuchMethodException e2) {
			e2.printStackTrace();
		} catch (SecurityException e2) {
			e2.printStackTrace();
		}

		Object[] args = joinPoint.getArgs();
		// 判断是否有忽略验证的注解
		if (realMethod != null && realMethod.isAnnotationPresent(RequestNoSignValidate.class)) {
			try {
				return joinPoint.proceed(args);
			} catch (Throwable e) {
				e.printStackTrace();
				try {
					LogHelper.errorDetailInfo(e, getHttpServletParams(request), request.getRequestURI().toString());
				} catch (Exception e1) {
					e1.printStackTrace();
				}
			}
		}

		PrintWriter out = servletContainer.getResponse().getWriter();
		String callback = request.getParameter("callback");

		String sign = request.getParameter("sign");
		Map<String, String> parameterMap = request.getParameterMap();
		// 参数-、sign 均不能为空
		if (parameterMap == null || StringUtil.isNullOrEmpty(sign)) {
			JsonUtil.printMode(out, callback, JsonUtil.loadFalseResult("签名错误"));
			return null;
		}

		boolean isRight = signIsRight(sign, parameterMap);

		// 签名是否正确
		if (isRight) {
			Object obj = null;
			try {
				obj = joinPoint.proceed(args);
			} catch (Throwable e) {
				e.printStackTrace();
				try {
					LogHelper.errorDetailInfo(e, getHttpServletParams(request), request.getRequestURI().toString());
				} catch (Exception e1) {
					e1.printStackTrace();
				}
			}
			return obj;
		} else {
			JsonUtil.printMode(out, callback, JsonUtil.loadFalseResult("签名错误"));
			out.close();
			LogHelper.error("H5签名错误:" + getHttpServletParams(request));
			return null;
		}
	}

	/**
	 * 获取请求参数
	 * 
	 * @param request
	 * @return
	 */
	private String getHttpServletParams(HttpServletRequest request) {
		if (request == null) {
			return "";
		}
		Map map = request.getParameterMap();
		if (map != null) {
			Iterator<String> its = map.keySet().iterator();
			JSONObject json = new JSONObject();
			while (its.hasNext()) {
				String next = its.next();
				if (map.get(next) != null) {
					Object[] objects = (Object[]) map.get(next);
					if (objects != null && objects.length > 0) {
						json.put(next, objects[0].toString());
					}
				}
			}
			return json.toString();
		}
		return "";
	}

	/**
	 * 验证是否正确
	 * 
	 * @param sign
	 * @param parameterMap
	 * @return
	 */
	@SuppressWarnings("unchecked")
	private boolean signIsRight(String sign, Map<String, String> map) {
		int i = 0;

		List<String> list = new ArrayList<>();

		Iterator<String> iterator = map.keySet().iterator();

		while (iterator.hasNext()) {
			String key = iterator.next();

			if ("sign".equalsIgnoreCase(key) || "callback".equalsIgnoreCase(key) || "_".equalsIgnoreCase(key)) {
				continue;
			}

			Object value = map.get(key);
			Object[] values = (Object[]) value;
			list.add(values[0].toString());
		}
		Collections.sort(list);

		StringBuffer sb = new StringBuffer();

		for (String val : list) {
			sb.append(val);
			sb.append("###");
		}

		String md5 = StringUtil.Md5(sb.toString() + KEY);

		if (!md5.equalsIgnoreCase(sign)) {
			return false;
		} else {
			return true;
		}
	}

}