package kd.ebg.aqap.banks.boc.opa.services.utils;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import kd.bos.dataentity.resource.ResManager;
import kd.ebg.aqap.banks.boc.opa.BankBussinessConfig;
import kd.ebg.aqap.banks.boc.opa.services.utils.BOCRequest;
import kd.ebg.aqap.common.core.utils.Sequence;
import kd.ebg.aqap.common.model.CertInfo;
import kd.ebg.aqap.common.model.repository.CertRepository;
import kd.ebg.aqap.common.utils.SpringContextUtil;
import kd.ebg.egf.common.context.RequestContextUtils;
import kd.ebg.egf.common.exception.EBExceiptionUtil;
import kd.ebg.egf.common.framework.security.manage.CipherInfo;
import kd.ebg.egf.common.log.EBGLogger;
import kd.ebg.egf.common.utils.CipherInfoUtil;
import kd.ebg.egf.common.utils.DesUtil;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:kd/ebg/aqap/banks/boc/opa/services/utils/BOCUtil.class */
public class BOCUtil {
    public static final String SM4_ECB_PKCS7PADDING = "SM4/ECB/PKCS7Padding";
    protected static byte[] sm4Key;
    public static final String DATE_FORMAT = "yyyyMMdd HH:mm:ss";
    public static final String GAP = "&";
    private static final EBGLogger logger = EBGLogger.getInstance().getLogger(BOCUtil.class);
    private static final Map<String, String> prod = new HashMap(2);

    public static String goRequest(BOCRequest bOCRequest, String str) {
        BOCRequest.MsgHead msgHead = new BOCRequest.MsgHead();
        msgHead.setAppId(BankBussinessConfig.getAppId(str));
        msgHead.setTimestamp(LocalDateTime.now().format(DateTimeFormatter.ofPattern(DATE_FORMAT)));
        msgHead.setRequestId(Sequence.genSequence());
        bOCRequest.setMsgHead(msgHead);
        try {
            msgHead.setSign(sign(bOCRequest.toString()));
            BOCRequest.MsgBody msgBody = bOCRequest.getMsgBody();
            msgBody.setData(encrypt(msgBody.getData()));
            msgHead.setEncryptKey(encryptKeyWithOppPubKey());
            return JSON.toJSONString(bOCRequest);
        } catch (Exception e) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("签名加密过程出现异常", "BOCUtil_0", "ebg-aqap-banks-boc-opa", new Object[0]), e);
        }
    }

    public static JSONObject handleResponse(String str) {
        JSONObject parseObject = JSONObject.parseObject(str);
        JSONObject jSONObject = parseObject.getJSONObject("msgHead");
        JSONObject jSONObject2 = parseObject.getJSONObject("msgBody");
        String string = jSONObject.getString("appId");
        String string2 = jSONObject.getString("requestId");
        String string3 = jSONObject.getString("signId");
        String string4 = jSONObject.getString("signMethod");
        String string5 = jSONObject.getString("encryptType");
        String string6 = jSONObject.getString("timestamp");
        String string7 = jSONObject.getString("sign");
        String string8 = jSONObject.getString("encryptKey");
        String string9 = jSONObject.getString("responseCode");
        String string10 = jSONObject.getString("responseMessage");
        if (!checkCodes(string9, string10)) {
            return responseBody(string9, string10);
        }
        String string11 = jSONObject2.getString("data");
        StringBuilder sb = new StringBuilder();
        try {
            String decrypt = decrypt(string11, string8);
            sb.append(string).append(GAP).append(string2).append(GAP).append(string6).append(GAP).append(string3).append(GAP).append(string4).append(GAP).append(string5).append(GAP).append(decrypt);
            logger.info("银行响应的待验签报文->{}", sb.toString());
            if (verify(string7, sb.toString(), getPlateFormPublicKeyForSign())) {
                return JSON.parseObject(decrypt);
            }
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("验签不通过", "BOCUtil_1", "ebg-aqap-banks-boc-opa", new Object[0]));
        } catch (UnsupportedEncodingException e) {
            throw EBExceiptionUtil.serviceException(e);
        }
    }

    public static JSONObject responseBody(String str, String str2) {
        JSONObject jSONObject = new JSONObject();
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("code", str);
        jSONObject2.put("msg", str2);
        jSONObject.put(Constants.KD_EXT, jSONObject2);
        logger.info("响应错误码{}", jSONObject.toJSONString());
        return jSONObject;
    }

    public static boolean checkCodes(String str, String str2) {
        if ("RT0003".equalsIgnoreCase(str)) {
            return false;
        }
        if ("RT0000".equalsIgnoreCase(str)) {
            return true;
        }
        throw EBExceiptionUtil.serviceException(String.format(ResManager.loadKDString("本次业务请求银行反馈未成功,交易码【%1$s】，响应信息【%2$s】", "BOCUtil_7", "ebg-aqap-banks-boc-opa", new Object[0]), str, str2));
    }

    public static String encrypt(String str) throws UnsupportedEncodingException {
        logger.info("待加密串->" + str);
        sm4Key = GmUtil.generateSM4Key();
        return Base64.toBase64String(GmUtil.sm4Encrypt(sm4Key, Base64.toBase64String(str.getBytes("UTF-8")).getBytes(StandardCharsets.UTF_8), SM4_ECB_PKCS7PADDING));
    }

    public static String decrypt(String str, String str2) throws UnsupportedEncodingException {
        BCECPrivateKey plateFormPrivateKeyForEncryption = getPlateFormPrivateKeyForEncryption();
        byte[] decode = Base64.decode(str2);
        byte[] decode2 = Base64.decode(str);
        byte[] bArr = {4};
        byte[] bArr2 = new byte[decode.length + 1];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        System.arraycopy(decode, 0, bArr2, bArr.length, decode.length);
        return new String(Base64.decode(GmUtil.sm4Decrypt(GmUtil.sm2Decrypt(bArr2, plateFormPrivateKeyForEncryption), decode2, SM4_ECB_PKCS7PADDING)), "UTF-8");
    }

    public static String sign(String str) throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException, NoSuchProviderException, SignatureException {
        logger.info("待签名串->" + str);
        return Base64.toBase64String(GmUtil.signSm3WithSm2Asn1Rs(str.getBytes("UTF-8"), "1234567812345678".getBytes(), getPlateFormPrivateKeyForSign()));
    }

    public static boolean verify(String str, String str2, PublicKey publicKey) throws UnsupportedEncodingException {
        return GmUtil.verifySm3WithSm2Asn1Rs(str2.getBytes("UTF-8"), "1234567812345678".getBytes(), Base64.decode(str), publicKey);
    }

    public static String encryptKeyWithOppPubKey() {
        byte[] sm2Encrypt = GmUtil.sm2Encrypt(sm4Key, getPlateFormPublicKeyForEncryption());
        return Base64.toBase64String(Arrays.copyOfRange(sm2Encrypt, 1, sm2Encrypt.length));
    }

    private static BCECPrivateKey getPlateFormPrivateKeyForSign() {
        CertInfo findPlateFormCertByBankVersionIDAndBankConfigID = ((CertRepository) SpringContextUtil.getBean(CertRepository.class)).findPlateFormCertByBankVersionIDAndBankConfigID(RequestContextUtils.getRequestContext().getBankVersionID(), "plateForm_private_certInfo");
        if (findPlateFormCertByBankVersionIDAndBankConfigID == null) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("获取用户私钥证书失败，请先配置用户私钥证书", "BOCUtil_4", "ebg-aqap-banks-boc-opa", new Object[0]));
        }
        CipherInfo cipherInfo = CipherInfoUtil.getCipherInfo(findPlateFormCertByBankVersionIDAndBankConfigID.getFileContent());
        try {
            return GmUtil.getPrivatekeyFromD(new BigInteger(JSONObject.parseObject(CipherInfoUtil.getKey(DesUtil.decryptProxyCert(cipherInfo.getFileBytes(), findPlateFormCertByBankVersionIDAndBankConfigID.getCustomID(), cipherInfo.getCipherVersion(), findPlateFormCertByBankVersionIDAndBankConfigID.getCertID()))).getString("s"), 16));
        } catch (Exception e) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("获取用户私钥证书失败，获取秘钥失败", "BOCUtil_5", "ebg-aqap-banks-boc-opa", new Object[0]));
        }
    }

    private static BCECPrivateKey getPlateFormPrivateKeyForEncryption() {
        CertInfo findPlateFormCertByBankVersionIDAndBankConfigID = ((CertRepository) SpringContextUtil.getBean(CertRepository.class)).findPlateFormCertByBankVersionIDAndBankConfigID(RequestContextUtils.getRequestContext().getBankVersionID(), "plateForm_private_certInfo");
        if (findPlateFormCertByBankVersionIDAndBankConfigID == null) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("获取用户私钥证书失败，请先配置用户私钥证书", "BOCUtil_4", "ebg-aqap-banks-boc-opa", new Object[0]));
        }
        CipherInfo cipherInfo = CipherInfoUtil.getCipherInfo(findPlateFormCertByBankVersionIDAndBankConfigID.getFileContent());
        try {
            return GmUtil.getPrivatekeyFromD(new BigInteger(JSONObject.parseObject(CipherInfoUtil.getKey(DesUtil.decryptProxyCert(cipherInfo.getFileBytes(), findPlateFormCertByBankVersionIDAndBankConfigID.getCustomID(), cipherInfo.getCipherVersion(), findPlateFormCertByBankVersionIDAndBankConfigID.getCertID()))).getString("e"), 16));
        } catch (Exception e) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("获取用户私钥证书失败，获取秘钥失败", "BOCUtil_5", "ebg-aqap-banks-boc-opa", new Object[0]));
        }
    }

    private static PublicKey getPlateFormPublicKeyForEncryption() {
        CertInfo findPlateFormCertByBankVersionIDAndBankConfigID = ((CertRepository) SpringContextUtil.getBean(CertRepository.class)).findPlateFormCertByBankVersionIDAndBankConfigID(RequestContextUtils.getRequestContext().getBankVersionID(), "plateForm_public_certInfo");
        if (findPlateFormCertByBankVersionIDAndBankConfigID == null) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("获取证书失败，联系银企云管理员配置银行公钥证书", "BOCUtil_6", "ebg-aqap-banks-boc-opa", new Object[0]));
        }
        CipherInfo cipherInfo = CipherInfoUtil.getCipherInfo(findPlateFormCertByBankVersionIDAndBankConfigID.getFileContent());
        String string = JSONObject.parseObject(CipherInfoUtil.getKey(DesUtil.decryptProxyCert(cipherInfo.getFileBytes(), findPlateFormCertByBankVersionIDAndBankConfigID.getCustomID(), cipherInfo.getCipherVersion(), findPlateFormCertByBankVersionIDAndBankConfigID.getCertID()))).getString("e");
        return GmUtil.getPublickeyFromXY(new BigInteger(string.substring(0, 64), 16), new BigInteger(string.substring(64, 128), 16));
    }

    private static PublicKey getPlateFormPublicKeyForSign() {
        CertInfo findPlateFormCertByBankVersionIDAndBankConfigID = ((CertRepository) SpringContextUtil.getBean(CertRepository.class)).findPlateFormCertByBankVersionIDAndBankConfigID(RequestContextUtils.getRequestContext().getBankVersionID(), "plateForm_public_certInfo");
        if (findPlateFormCertByBankVersionIDAndBankConfigID == null) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("获取证书失败，联系银企云管理员配置银行公钥证书", "BOCUtil_6", "ebg-aqap-banks-boc-opa", new Object[0]));
        }
        CipherInfo cipherInfo = CipherInfoUtil.getCipherInfo(findPlateFormCertByBankVersionIDAndBankConfigID.getFileContent());
        String string = JSONObject.parseObject(CipherInfoUtil.getKey(DesUtil.decryptProxyCert(cipherInfo.getFileBytes(), findPlateFormCertByBankVersionIDAndBankConfigID.getCustomID(), cipherInfo.getCipherVersion(), findPlateFormCertByBankVersionIDAndBankConfigID.getCertID()))).getString("s");
        return GmUtil.getPublickeyFromXY(new BigInteger(string.substring(0, 64), 16), new BigInteger(string.substring(64, 128), 16));
    }

    public static String getExclusiveAppID(String str) {
        if (str.startsWith("JDY")) {
            str = "JDY";
        } else if (str.startsWith("YKJ")) {
            str = "YKJ";
        } else if (str.startsWith("PRO")) {
            str = "PRO";
        }
        return "prod".equals(System.getProperty("ebg.server.env")) ? prod.getOrDefault(str, "100301") : "100062";
    }

    static {
        prod.put("JDY", "100301");
        prod.put("YKJ", "100342");
        prod.put("PRO", "100361");
    }
}
