package kd.ebg.aqap.banks.icbc.opa.service.util;

import com.icbc.api.DefaultIcbcClient;
import com.icbc.api.internal.util.codec.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Pattern;
import kd.bos.dataentity.resource.ResManager;
import kd.ebg.aqap.banks.icbc.opa.ICBCOpaMetaDataImpl;
import kd.ebg.aqap.common.model.CertInfo;
import kd.ebg.aqap.common.model.repository.UserCertRepository;
import kd.ebg.aqap.common.utils.SpringContextUtil;
import kd.ebg.egf.common.context.RequestContextUtils;
import kd.ebg.egf.common.exception.EBExceiptionUtil;
import kd.ebg.egf.common.framework.security.manage.AESCipherSecurity;
import kd.ebg.egf.common.framework.security.manage.CipherInfo;
import kd.ebg.egf.common.log.EBGLogger;
import kd.ebg.egf.common.utils.DesUtil;
import kd.ebg.egf.common.utils.string.StringUtils;

/* loaded from: input_file:kd/ebg/aqap/banks/icbc/opa/service/util/GetStore.class */
public class GetStore {
    private static EBGLogger logger = EBGLogger.getInstance().getLogger(GetStore.class);
    private static UserCertRepository userCertRepository = (UserCertRepository) SpringContextUtil.getBean(UserCertRepository.class);

    public static String getPRI() {
        return getUserKey(ICBCOpaMetaDataImpl.private_key, ResManager.loadKDString("应用私钥", "GetStore_0", "ebg-aqap-banks-icbc-opa", new Object[0]));
    }

    public static String getPUB() {
        return getUserKey(ICBCOpaMetaDataImpl.public_key, ResManager.loadKDString("网关公钥", "GetStore_1", "ebg-aqap-banks-icbc-opa", new Object[0]));
    }

    public static String getPUBSM() {
        return getUserKeySM(ICBCOpaMetaDataImpl.public_key, ResManager.loadKDString("网关公钥", "GetStore_1", "ebg-aqap-banks-icbc-opa", new Object[0]));
    }

    public static String getCAPUB() {
        return getCAUserKey(ICBCOpaMetaDataImpl.ca_pub_name, ResManager.loadKDString("CA证书公钥", "GetStore_2", "ebg-aqap-banks-icbc-opa", new Object[0]));
    }

    public static String getCAPUBSM() {
        return getUserKeySM(ICBCOpaMetaDataImpl.ca_pub_sm_name, ResManager.loadKDString("CA证书公钥", "GetStore_2", "ebg-aqap-banks-icbc-opa", new Object[0]));
    }

    public static String getCAPRISM() {
        return getUserKeySM(ICBCOpaMetaDataImpl.ca_pri_sm_name, ResManager.loadKDString("CA证书私钥", "GetStore_3", "ebg-aqap-banks-icbc-opa", new Object[0]));
    }

    public static String getCAPRI() {
        return getCAUserKey(ICBCOpaMetaDataImpl.ca_pri_name, ResManager.loadKDString("CA证书私钥", "GetStore_3", "ebg-aqap-banks-icbc-opa", new Object[0]));
    }

    public static Map<String, String> getCAPRIMap() {
        CertInfo findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID = userCertRepository.findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID(ICBCOpaMetaDataImpl.ca_pri_name, RequestContextUtils.getRequestContext().getBankLoginID(), RequestContextUtils.getCustomId());
        if (findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID == null) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("获取CA证书私钥失败，请先配置应用私钥文件。", "GetStore_4", "ebg-aqap-banks-icbc-opa", new Object[0]));
        }
        CipherInfo cipherInfo = getCipherInfo(findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getFileContent());
        String key = getKey(Base64.encodeBase64(DesUtil.decryptProxyCert(cipherInfo.getFileBytes(), findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getCustomID(), cipherInfo.getCipherVersion(), findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getCertID())));
        HashMap hashMap = new HashMap();
        hashMap.put("key", key);
        hashMap.put("pwd", findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getCertPassword());
        return hashMap;
    }

    public static String getUserKey(String str, String str2) {
        CertInfo findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID = userCertRepository.findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID(str, RequestContextUtils.getRequestContext().getBankLoginID(), RequestContextUtils.getCustomId());
        if (findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID == null) {
            throw EBExceiptionUtil.serviceException(String.format(ResManager.loadKDString("获取%s失败，请先配置应用私钥文件。", "GetStore_10", "ebg-aqap-banks-icbc-opa", new Object[0]), str2));
        }
        CipherInfo cipherInfo = getCipherInfo(findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getFileContent());
        return getKey(DesUtil.decryptProxyCert(cipherInfo.getFileBytes(), findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getCustomID(), cipherInfo.getCipherVersion(), findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getCertID()));
    }

    public static String getUserKeySM(String str, String str2) {
        CertInfo findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID = userCertRepository.findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID(str, RequestContextUtils.getRequestContext().getBankLoginID(), RequestContextUtils.getCustomId());
        if (findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID == null) {
            throw EBExceiptionUtil.serviceException(String.format(ResManager.loadKDString("获取%s失败，请先配置应用私钥文件。", "GetStore_10", "ebg-aqap-banks-icbc-opa", new Object[0]), str2));
        }
        CipherInfo cipherInfo = getCipherInfo(findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getFileContent());
        byte[] decryptProxyCert = DesUtil.decryptProxyCert(cipherInfo.getFileBytes(), findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getCustomID(), cipherInfo.getCipherVersion(), findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getCertID());
        return (findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getFileName().endsWith(".cer") || findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getFileName().endsWith(".key")) ? new String(com.icbc.bcprov.org.bouncycastle.util.encoders.Base64.encode(decryptProxyCert)) : getKey(decryptProxyCert);
    }

    public static String getCAUserKey(String str, String str2) {
        CertInfo findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID = userCertRepository.findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID(str, RequestContextUtils.getRequestContext().getBankLoginID(), RequestContextUtils.getCustomId());
        if (findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID == null) {
            throw EBExceiptionUtil.serviceException(String.format(ResManager.loadKDString("获取%s失败，请先配置应用私钥文件。", "GetStore_10", "ebg-aqap-banks-icbc-opa", new Object[0]), str2));
        }
        CipherInfo cipherInfo = getCipherInfo(findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getFileContent());
        return getKey(Base64.encodeBase64(DesUtil.decryptProxyCert(cipherInfo.getFileBytes(), findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getCustomID(), cipherInfo.getCipherVersion(), findBankLoginCertByBankLoginIDAndBankConfigIDAndCustomID.getCertID())));
    }

    private static String getKey(byte[] bArr) {
        return StringUtils.byteToString(bArr);
    }

    public static String getBaseUrl() {
        String bankParameterValue = RequestContextUtils.getBankParameterValue("ip");
        String bankParameterValue2 = RequestContextUtils.getBankParameterValue("exchangePort");
        if (!StringUtils.isNotEmpty(bankParameterValue2)) {
            return bankParameterValue;
        }
        String bankParameterValue3 = RequestContextUtils.getBankParameterValue("exchangeProtocol");
        return bankParameterValue3 + "://" + bankParameterValue + (("HTTPS".equals(bankParameterValue3) && "443".equals(bankParameterValue2)) ? "" : ("HTTP".equals(bankParameterValue3) && "80".equals(bankParameterValue2)) ? "" : ":" + bankParameterValue2) + RequestContextUtils.getBankParameterValue("exchangeUri") + "/";
    }

    public static DefaultIcbcClient getClient() {
        String bankParameterValue = RequestContextUtils.getBankParameterValue(ICBCOpaMetaDataImpl.signType);
        String bankParameterValue2 = RequestContextUtils.getBankParameterValue(ICBCOpaMetaDataImpl.appId);
        String pub = getPUB();
        if (StringUtils.isEmpty(pub) && !"SM".equals(bankParameterValue)) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("网关公钥文件为空。", "GetStore_7", "ebg-aqap-banks-icbc-opa", new Object[0]));
        }
        String replaceAll = Pattern.compile("\\s*|\t").matcher(pub).replaceAll("");
        if (!"CA".equals(bankParameterValue) && !"SM".equals(bankParameterValue)) {
            String pri = getPRI();
            if (StringUtils.isEmpty(pri)) {
                throw EBExceiptionUtil.serviceException(ResManager.loadKDString("应用私钥文件为空。", "GetStore_8", "ebg-aqap-banks-icbc-opa", new Object[0]));
            }
            return new DefaultIcbcClient(bankParameterValue2, bankParameterValue, pri, replaceAll);
        }
        if ("SM".equals(bankParameterValue)) {
            String capubsm = getCAPUBSM();
            String pubsm = getPUBSM();
            DefaultIcbcClient defaultIcbcClient = new DefaultIcbcClient(bankParameterValue2, "CA-SM-ICBC", getCAPRISM(), "UTF-8", "json", (String) null, (String) null, (String) null, capubsm, (String) null);
            defaultIcbcClient.setIcbc_ca(pubsm);
            return defaultIcbcClient;
        }
        String capub = getCAPUB();
        Map<String, String> cAPRIMap = getCAPRIMap();
        String str = cAPRIMap.get("pwd");
        if (StringUtils.isEmpty(str)) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("证书密码为空", "GetStore_9", "ebg-aqap-banks-icbc-opa", new Object[0]));
        }
        return new DefaultIcbcClient(bankParameterValue2, cAPRIMap.get("key"), replaceAll, capub, str);
    }

    private static CipherInfo getCipherInfo(String str) {
        CipherInfo cipherInfo = ((AESCipherSecurity) SpringContextUtil.getBean(AESCipherSecurity.class)).getCipherInfo(str);
        if (cipherInfo.getCipherVersion() == 0) {
            cipherInfo.setFileBytes(java.util.Base64.getDecoder().decode(cipherInfo.getCipherData()));
        } else {
            cipherInfo.setFileBytes(org.apache.commons.codec.binary.Base64.decodeBase64(cipherInfo.getCipherData()));
        }
        return cipherInfo;
    }
}
