package kd.ebg.aqap.banks.gdb.opb.util.security;

import com.alibaba.fastjson.JSONObject;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.security.cert.X509Certificate;
import kd.bos.dataentity.resource.ResManager;
import kd.ebg.aqap.banks.gdb.opb.GdbOpbMetaDataImpl;
import kd.ebg.aqap.banks.gdb.opb.util.Parser;
import kd.ebg.aqap.common.model.CertInfo;
import kd.ebg.aqap.common.model.repository.CertRepository;
import kd.ebg.aqap.common.model.repository.UserCertRepository;
import kd.ebg.aqap.common.utils.SpringContextUtil;
import kd.ebg.egf.common.context.RequestContextUtils;
import kd.ebg.egf.common.exception.EBExceiptionUtil;
import kd.ebg.egf.common.framework.security.manage.AESCipherSecurity;
import kd.ebg.egf.common.framework.security.manage.CipherInfo;
import kd.ebg.egf.common.log.EBGLogger;
import kd.ebg.egf.common.utils.DesUtil;
import kd.ebg.egf.common.utils.string.StringUtils;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:kd/ebg/aqap/banks/gdb/opb/util/security/SecurityUtil.class */
public class SecurityUtil {
    private static EBGLogger logger = EBGLogger.getInstance().getLogger(SecurityUtil.class);

    public static String bytesToHexString(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            sb.append(String.format("%02X", Byte.valueOf(b)));
        }
        return sb.toString();
    }

    public static String signPwd(String str) {
        String str2;
        String userPublicKey = getUserPublicKey();
        int length = str.length();
        if (length < 10) {
            str2 = "0" + length + str;
        } else {
            if (length >= 100) {
                return "888";
            }
            str2 = length + str;
        }
        try {
            return "====================" + bytesToHexString(SM2Util.encrypt(Hex.decode(userPublicKey), str2.getBytes()));
        } catch (Exception e) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("操作员密码加密失败。", "SecurityUtil_0", "ebg-aqap-banks-gdb-opb", new Object[0]), e);
        }
    }

    public static Map<String, String> buildSendParam(String str, boolean z, String str2) {
        HashMap hashMap = new HashMap(16);
        try {
            logger.info("请求报文原文：\n" + str);
            if (z) {
            }
            String str3 = new String(Base64.encodeBase64(RSAUtils.signBySoft(getUserPrivateKey(), RSAUtils.sha1X16(str + "", str2))));
            logger.info("金蝶签名结果：\n" + str3);
            byte[] generateKey = SM4Util.generateKey(SM4Util.SM4_KEY_128);
            Hex.encode(generateKey);
            String encode = Hex.encode(SM4Util.encryptECB(str.getBytes(), generateKey));
            logger.info("请求报文加密结果：\n" + encode);
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");
            cipher.init(1, getPublicKey());
            String str4 = new String(Base64.encodeBase64(cipher.doFinal(generateKey)), str2);
            hashMap.put("signature", str3);
            hashMap.put("msg", encode);
            hashMap.put("etKey", str4);
            return hashMap;
        } catch (Exception e) {
            logger.info("加密或签名失败：", e.getMessage());
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("加密或签名失败:", "SecurityUtil_1", "ebg-aqap-banks-gdb-opb", new Object[0]), e);
        }
    }

    public static String getReceMsg(String str, String str2, String str3) {
        try {
            if (str.contains("sysRetCode")) {
                Parser.parseHeader(JSONObject.parseObject(str), "");
            }
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");
            cipher.init(2, getUserPrivateKey());
            String str4 = new String(SM4Util.decryptECB(Hex.decode(str), cipher.doFinal(Base64.decodeBase64(str2.getBytes(str3)))));
            logger.info("响应报文：\n" + str4);
            return str4;
        } catch (Exception e) {
            logger.info("解密失败：", e.getMessage());
            throw EBExceiptionUtil.serviceException(String.format(ResManager.loadKDString("解密失败:%s。", "SecurityUtil_9", "ebg-aqap-banks-gdb-opb", new Object[0]), e.getMessage()), e);
        }
    }

    private static String getUserPublicKey() {
        CertInfo findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID = ((UserCertRepository) SpringContextUtil.getBean(UserCertRepository.class)).findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID(GdbOpbMetaDataImpl.publicKey, RequestContextUtils.getRequestContext().getBankLoginID(), RequestContextUtils.getCustomId());
        if (findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID == null) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("获取银行公钥文件失败，请先配置银行公钥。", "SecurityUtil_3", "ebg-aqap-banks-gdb-opb", new Object[0]));
        }
        CipherInfo cipherInfo = getCipherInfo(findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getFileContent());
        return getKey(DesUtil.decryptProxyCert(cipherInfo.getFileBytes(), findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getCustomID(), cipherInfo.getCipherVersion(), findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getCertID()));
    }

    private static PrivateKey getUserPrivateKey() {
        CertInfo findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID = ((UserCertRepository) SpringContextUtil.getBean(UserCertRepository.class)).findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID(GdbOpbMetaDataImpl.privateKey, RequestContextUtils.getRequestContext().getBankLoginID(), RequestContextUtils.getCustomId());
        if (findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID == null) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("获取用户私钥证书失败，请先配置用户私钥证书。", "SecurityUtil_4", "ebg-aqap-banks-gdb-opb", new Object[0]));
        }
        CipherInfo cipherInfo = getCipherInfo(findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getFileContent());
        byte[] decryptProxyCert = DesUtil.decryptProxyCert(cipherInfo.getFileBytes(), findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getCustomID(), cipherInfo.getCipherVersion(), findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getCertID());
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("JKS");
                byteArrayInputStream = new ByteArrayInputStream(decryptProxyCert);
                keyStore.load(byteArrayInputStream, findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getCertPassword().toCharArray());
                PrivateKey privateKey = (PrivateKey) keyStore.getKey(getAlias(keyStore.aliases()), findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getCertPassword().toCharArray());
                if (byteArrayInputStream != null) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e) {
                    }
                }
                return privateKey;
            } catch (Exception e2) {
                throw EBExceiptionUtil.serviceException(ResManager.loadKDString("获取用户私钥证书失败，请确认用户私钥证书是否正确。", "SecurityUtil_5", "ebg-aqap-banks-gdb-opb", new Object[0]));
            }
        } catch (Throwable th) {
            if (byteArrayInputStream != null) {
                try {
                    byteArrayInputStream.close();
                } catch (Exception e3) {
                    throw th;
                }
            }
            throw th;
        }
    }

    private static PublicKey getPublicKey() {
        CertInfo findPlateFormCertByBankVersionIDAndBankConfigID = ((CertRepository) SpringContextUtil.getBean(CertRepository.class)).findPlateFormCertByBankVersionIDAndBankConfigID(RequestContextUtils.getRequestContext().getBankVersionID(), "plateForm_public_certInfo");
        if (findPlateFormCertByBankVersionIDAndBankConfigID == null) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("获取银行公钥证书失败，联系银企云管理员配置银行公钥证书。", "SecurityUtil_6", "ebg-aqap-banks-gdb-opb", new Object[0]));
        }
        return getPublicKey(findPlateFormCertByBankVersionIDAndBankConfigID.getFileContent(), findPlateFormCertByBankVersionIDAndBankConfigID.getCustomID(), findPlateFormCertByBankVersionIDAndBankConfigID.getCertID());
    }

    public static PublicKey getPublicKey(String str, String str2, String str3) {
        try {
            CipherInfo cipherInfo = getCipherInfo(str);
            byte[] decryptProxyCert = DesUtil.decryptProxyCert(cipherInfo.getFileBytes(), str2, cipherInfo.getCipherVersion(), str3);
            InputStream inputStream = null;
            try {
                try {
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decryptProxyCert);
                    PublicKey publicKey = X509Certificate.getInstance(byteArrayInputStream).getPublicKey();
                    if (byteArrayInputStream != null) {
                        byteArrayInputStream.close();
                    }
                    return publicKey;
                } catch (Throwable th) {
                    if (0 != 0) {
                        inputStream.close();
                    }
                    throw th;
                }
            } catch (Exception e) {
                throw EBExceiptionUtil.serviceException(ResManager.loadKDString("获取银行公钥证书失败，请确认银行公钥证书是否正确。", "SecurityUtil_7", "ebg-aqap-banks-gdb-opb", new Object[0]));
            }
        } catch (Exception e2) {
            throw EBExceiptionUtil.serviceException(String.format(ResManager.loadKDString("获取publicKey失败%s。", "SecurityUtil_10", "ebg-aqap-banks-gdb-opb", new Object[0]), e2.getMessage()), e2);
        }
    }

    private static CipherInfo getCipherInfo(String str) {
        CipherInfo cipherInfo = ((AESCipherSecurity) SpringContextUtil.getBean(AESCipherSecurity.class)).getCipherInfo(str);
        if (cipherInfo.getCipherVersion() == 0) {
            cipherInfo.setFileBytes(java.util.Base64.getDecoder().decode(cipherInfo.getCipherData()));
        } else {
            cipherInfo.setFileBytes(Base64.decodeBase64(cipherInfo.getCipherData()));
        }
        return cipherInfo;
    }

    private static String getKey(byte[] bArr) {
        return StringUtils.byteToString(bArr);
    }

    public static String getAlias(Enumeration<String> enumeration) {
        if (enumeration.hasMoreElements()) {
            return enumeration.nextElement();
        }
        return null;
    }
}
