package kd.ebg.aqap.banks.gdb.opa.util;

import com.alibaba.fastjson.JSONObject;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import kd.bos.dataentity.resource.ResManager;
import kd.ebg.aqap.banks.gdb.opa.util.security.RSAUtils;
import kd.ebg.aqap.banks.gdb.opa.util.security.SM4Util;
import kd.ebg.aqap.common.framework.bank.meta.template.OPAMetaDataTemplate;
import kd.ebg.aqap.common.model.CertInfo;
import kd.ebg.aqap.common.model.repository.CertRepository;
import kd.ebg.aqap.common.model.repository.UserCertRepository;
import kd.ebg.aqap.common.utils.SpringContextUtil;
import kd.ebg.aqap.common.utils.gdbopa.Hex;
import kd.ebg.aqap.common.utils.gdbopa.SM2Util;
import kd.ebg.egf.common.context.RequestContextUtils;
import kd.ebg.egf.common.exception.EBExceiptionUtil;
import kd.ebg.egf.common.framework.security.manage.CipherInfo;
import kd.ebg.egf.common.log.EBGLogger;
import kd.ebg.egf.common.utils.CipherInfoUtil;
import kd.ebg.egf.common.utils.DesUtil;

/* loaded from: input_file:kd/ebg/aqap/banks/gdb/opa/util/SMUtil.class */
public class SMUtil {
    private static EBGLogger logger = EBGLogger.getInstance().getLogger(SMUtil.class);

    public static Map<String, String> buildSendParam(String str, boolean z, String str2) {
        HashMap hashMap = new HashMap(16);
        try {
            logger.info("请求报文原文：\n" + str);
            String str3 = "";
            if (z) {
                str3 = Hex.encode(SM2Util.sign(Hex.decode(getUserPrivateKey()), str.getBytes()));
                logger.info("企业签名结果：\n" + str3);
                hashMap.put("entSignature", str3);
            }
            String str4 = new String(org.apache.commons.codec.binary.Base64.encodeBase64(RSAUtils.signBySoft(getPlateFormPrivateKey(), RSAUtils.sha1X16(str + str3, str2))));
            logger.info("金蝶签名结果：\n" + str4);
            byte[] generateKey = SM4Util.generateKey(SM4Util.SM4_KEY_128);
            Hex.encode(generateKey);
            String encode = Hex.encode(SM4Util.encryptECB(str.getBytes(), generateKey));
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");
            cipher.init(1, getPublicKey());
            String str5 = new String(org.apache.commons.codec.binary.Base64.encodeBase64(cipher.doFinal(generateKey)), str2);
            hashMap.put("signature", str4);
            hashMap.put("msg", encode);
            hashMap.put("encryptKey", str5);
            return hashMap;
        } catch (Exception e) {
            logger.info("加密或签名失败：", e.getMessage());
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("加密或签名失败:", "SMUtil_0", "ebg-aqap-banks-gdb-opa", new Object[0]), e);
        }
    }

    public static String getReceMsg(String str, String str2, String str3) {
        try {
            if (str.contains("sysRetCode")) {
                Parser.parseHeader(JSONObject.parseObject(str), "");
            }
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");
            cipher.init(2, getPlateFormPrivateKey());
            byte[] doFinal = cipher.doFinal(org.apache.commons.codec.binary.Base64.decodeBase64(str2.getBytes(str3)));
            Hex.encode(doFinal);
            String str4 = new String(SM4Util.decryptECB(Hex.decode(str), doFinal));
            logger.info("响应报文解密结果：\n" + str4);
            return str4;
        } catch (Exception e) {
            logger.info("解密失败：", e.getMessage());
            throw EBExceiptionUtil.serviceException(String.format(ResManager.loadKDString("解密失败:%s", "SMUtil_7", "ebg-aqap-banks-gdb-opa", new Object[0]), e.getMessage()), e);
        }
    }

    public static String getUserPublicKey() {
        CertInfo findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID = ((UserCertRepository) SpringContextUtil.getBean(UserCertRepository.class)).findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID(OPAMetaDataTemplate.PublicKey, RequestContextUtils.getRequestContext().getBankLoginID(), RequestContextUtils.getCustomId());
        if (findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID == null) {
            return "";
        }
        CipherInfo cipherInfo = CipherInfoUtil.getCipherInfo(findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getFileContent());
        return CipherInfoUtil.getKey(DesUtil.decryptProxyCert(cipherInfo.getFileBytes(), findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getCustomID(), cipherInfo.getCipherVersion(), findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getCertID()));
    }

    private static String getUserPrivateKey() {
        CertInfo findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID = ((UserCertRepository) SpringContextUtil.getBean(UserCertRepository.class)).findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID(OPAMetaDataTemplate.PrivateKey, RequestContextUtils.getRequestContext().getBankLoginID(), RequestContextUtils.getCustomId());
        if (findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID == null) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("获取用户私钥证书失败，请先配置用户私钥证书", "SMUtil_2", "ebg-aqap-banks-gdb-opa", new Object[0]));
        }
        CipherInfo cipherInfo = CipherInfoUtil.getCipherInfo(findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getFileContent());
        return CipherInfoUtil.getKey(DesUtil.decryptProxyCert(cipherInfo.getFileBytes(), findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getCustomID(), cipherInfo.getCipherVersion(), findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getCertID()));
    }

    private static PrivateKey getPlateFormPrivateKey() {
        CertInfo findPlateFormCertByBankVersionIDAndBankConfigID = ((CertRepository) SpringContextUtil.getBean(CertRepository.class)).findPlateFormCertByBankVersionIDAndBankConfigID(RequestContextUtils.getRequestContext().getBankVersionID(), "plateForm_private_certInfo");
        if (findPlateFormCertByBankVersionIDAndBankConfigID == null) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("获取用户私钥证书失败，请先配置用户私钥证书", "SMUtil_2", "ebg-aqap-banks-gdb-opa", new Object[0]));
        }
        CipherInfo cipherInfo = CipherInfoUtil.getCipherInfo(findPlateFormCertByBankVersionIDAndBankConfigID.getFileContent());
        try {
            return getPrivateKeyFromBytes(CipherInfoUtil.getKey(DesUtil.decryptProxyCert(cipherInfo.getFileBytes(), findPlateFormCertByBankVersionIDAndBankConfigID.getCustomID(), cipherInfo.getCipherVersion(), findPlateFormCertByBankVersionIDAndBankConfigID.getCertID())), "PKCS");
        } catch (Exception e) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("获取用户私钥证书失败，获取秘钥失败", "SMUtil_3", "ebg-aqap-banks-gdb-opa", new Object[0]));
        }
    }

    private static PublicKey getPublicKey() {
        CertInfo findPlateFormCertByBankVersionIDAndBankConfigID = ((CertRepository) SpringContextUtil.getBean(CertRepository.class)).findPlateFormCertByBankVersionIDAndBankConfigID(RequestContextUtils.getRequestContext().getBankVersionID(), "plateForm_public_certInfo");
        if (findPlateFormCertByBankVersionIDAndBankConfigID == null) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("获取证书失败，联系银企云管理员配置银行公钥证书", "SMUtil_4", "ebg-aqap-banks-gdb-opa", new Object[0]));
        }
        return getPublicKey(findPlateFormCertByBankVersionIDAndBankConfigID.getFileContent(), findPlateFormCertByBankVersionIDAndBankConfigID.getCustomID(), findPlateFormCertByBankVersionIDAndBankConfigID.getCertID());
    }

    public static PrivateKey getPrivateKeyFromBytes(String str, String str2) {
        try {
            byte[] decode = Base64.decode(str);
            return KeyFactory.getInstance("RSA").generatePrivate(str2.equalsIgnoreCase("PKCS") ? new PKCS8EncodedKeySpec(decode) : new X509EncodedKeySpec(decode));
        } catch (Exception e) {
            throw EBExceiptionUtil.serviceException(String.format(ResManager.loadKDString("读取私钥失败%s", "SMUtil_8", "ebg-aqap-banks-gdb-opa", new Object[0]), e.getMessage()));
        }
    }

    public static PublicKey getPublicKey(String str, String str2, String str3) {
        try {
            CipherInfo cipherInfo = CipherInfoUtil.getCipherInfo(str);
            return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(kd.ebg.egf.common.framework.frontProxy.Base64.decode(CipherInfoUtil.getKey(DesUtil.decryptProxyCert(cipherInfo.getFileBytes(), str2, cipherInfo.getCipherVersion(), str3)))));
        } catch (Exception e) {
            throw EBExceiptionUtil.serviceException(String.format(ResManager.loadKDString("获取publicKey失败%s", "SMUtil_9", "ebg-aqap-banks-gdb-opa", new Object[0]), e.getMessage()));
        }
    }
}
