package kd.bos.permission.util;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import java.io.IOException;
import java.security.PublicKey;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutorService;
import kd.bos.algo.DataSet;
import kd.bos.algo.Row;
import kd.bos.cache.CacheConfigInfo;
import kd.bos.cache.CacheFactory;
import kd.bos.cache.LocalMemoryCache;
import kd.bos.config.client.Configuration;
import kd.bos.config.client.ConfigurationFactory;
import kd.bos.context.RequestContext;
import kd.bos.crypto.AlgorithmDesc;
import kd.bos.crypto.MultiEncrypters;
import kd.bos.dataentity.entity.DynamicObject;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.dataentity.utils.StringUtils;
import kd.bos.db.DB;
import kd.bos.db.DBRoute;
import kd.bos.db.privacy.model.PrivacyDataModel;
import kd.bos.db.tx.TX;
import kd.bos.db.tx.TXHandle;
import kd.bos.dc.api.model.Account;
import kd.bos.dc.utils.AccountUtils;
import kd.bos.dc.utils.MCDBUtil;
import kd.bos.dc.utils.SQLUtils;
import kd.bos.encrypt.impl.RSAEncrypterUtil;
import kd.bos.entity.cache.CacheKeyUtil;
import kd.bos.exception.BosErrorCode;
import kd.bos.exception.ErrorCode;
import kd.bos.exception.KDException;
import kd.bos.instance.Instance;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.login.utils.ErrorCodeUtils;
import kd.bos.orm.query.QFilter;
import kd.bos.param.ParameterReader;
import kd.bos.permission.cache.model.EncryptionScheme;
import kd.bos.permission.model.perm.SchemeDataProcessingResult;
import kd.bos.permission.task.scheme.DataProcessingTask;
import kd.bos.permission.task.scheme.TaskContext;
import kd.bos.servicehelper.BusinessDataServiceHelper;
import kd.bos.servicehelper.TimeServiceHelper;
import kd.bos.session.SHAUtils;
import kd.bos.threads.ThreadPools;
import kd.bos.util.ExceptionUtils;
import kd.bos.util.HttpClientUtils;
import kd.bos.util.SystemProperties;
import kd.bos.zk.ZKFactory;

/* loaded from: input_file:kd/bos/permission/util/SchemeUtil.class */
public class SchemeUtil {
    private static final Log LOG = LogFactory.getLog(SchemeUtil.class);
    private static final int DEF_THREAD_COUNT = 10;
    private static final int MAX_THREAD_COUNT = 1000;
    private static ExecutorService EXECUTOR_SERVICE = ThreadPools.newCachedExecutorService("EncryptionSchemeDataProcessingPool", DEF_THREAD_COUNT, MAX_THREAD_COUNT);
    private static final String CACHE_KMS_KEY = "kms_key";
    private static final String CACHE_PUBLIC_KEY = "public_key";
    private static final String CACHE_WORK_KEY = "work_key";
    private static final String CACHE_ENCRYPTION_SCHEME = "encryptionScheme";
    private static final String CODE_SUCCESS = "100";
    private static final String KEY_SYSTEM_TYPE = "bos-mservice-permission";

    public static boolean checkSchemeEnable(long j) {
        QFilter qFilter = new QFilter("id", "=", Long.valueOf(j));
        qFilter.and("enable", "=", "1");
        return BusinessDataServiceHelper.loadSingleFromCache("perm_encryptionscheme", "id", qFilter.toArray()) != null;
    }

    public static long addNewScheme(String str, String str2, String str3, String str4) {
        long longValue = ((Long) DB.query(DBRoute.base, "SELECT FID FROM T_PERM_ENCRYPTIONSCHEME WHERE FNUMBER = ?", new Object[]{str}, resultSet -> {
            long j = 0;
            if (resultSet.next()) {
                j = resultSet.getLong("FID");
            }
            return Long.valueOf(j);
        })).longValue();
        if (longValue != 0) {
            return longValue;
        }
        ArrayList arrayList = new ArrayList(9);
        long genLongId = DB.genLongId("T_PERM_ENCRYPTIONSCHEME");
        arrayList.add(Long.valueOf(genLongId));
        arrayList.add(str3);
        arrayList.add(str4);
        arrayList.add(str);
        arrayList.add(str2);
        arrayList.add("1");
        arrayList.add(1);
        arrayList.add(TimeServiceHelper.now());
        arrayList.add("1");
        DB.execute(DBRoute.base, "INSERT INTO T_PERM_ENCRYPTIONSCHEME (FID, FALGORITHM, FLENGTH, FNUMBER, FNAME, FENABLE, FCREATORID, FCREATETIME, FISSYSTEM) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);", arrayList.toArray());
        return genLongId;
    }

    public static void error(JSONObject jSONObject, String str) {
        jSONObject.put("success", false);
        jSONObject.put("description", str);
        jSONObject.put("data", "");
    }

    public static void success(JSONObject jSONObject, String str, Object obj) {
        jSONObject.put("success", true);
        jSONObject.put("description", str);
        jSONObject.put("data", obj);
    }

    public static void error(SchemeDataProcessingResult schemeDataProcessingResult, String str) {
        schemeDataProcessingResult.setSuccess(false);
        schemeDataProcessingResult.setDescription(str);
        schemeDataProcessingResult.setData((Map) null);
    }

    public static void success(SchemeDataProcessingResult schemeDataProcessingResult, String str, Map<String, List<PrivacyDataModel>> map) {
        schemeDataProcessingResult.setSuccess(true);
        schemeDataProcessingResult.setDescription(str);
        schemeDataProcessingResult.setData(map);
    }

    public static List<DynamicObject> getSchemes() {
        QFilter qFilter = new QFilter("enable", "=", "1");
        qFilter.and("number", "!=", "LICENCE-SIGNATURE");
        return new ArrayList(BusinessDataServiceHelper.loadFromCache("perm_encryptionscheme", "id, number, name", qFilter.toArray()).values());
    }

    public static Map<String, List<Integer>> getSupportAlgorithms() {
        HashMap hashMap = new HashMap(0);
        for (AlgorithmDesc algorithmDesc : MultiEncrypters.getAllAlgorithm()) {
            hashMap.put(algorithmDesc.getTransformation(), algorithmDesc.getSupport());
        }
        return hashMap;
    }

    public static EncryptionScheme getEncryptionScheme(long j) {
        LocalMemoryCache localMemoryCache = getLocalMemoryCache(CACHE_ENCRYPTION_SCHEME);
        String valueOf = String.valueOf(j);
        if (localMemoryCache.contains(valueOf)) {
            return (EncryptionScheme) localMemoryCache.get(valueOf);
        }
        DataSet queryDataSet = DB.queryDataSet("getEncryptionSchemeById", DBRoute.base, " select fid, fnumber, fname, falgorithm, flength, fschemekey from t_perm_encryptionscheme where fid = ? ", new Object[]{Long.valueOf(j)});
        Throwable th = null;
        if (queryDataSet != null) {
            try {
                try {
                    if (!queryDataSet.isEmpty()) {
                        Row next = queryDataSet.next();
                        EncryptionScheme encryptionScheme = new EncryptionScheme();
                        encryptionScheme.setPkId(next.getLong("fid").longValue());
                        encryptionScheme.setNumber(next.getString("fnumber"));
                        encryptionScheme.setName(next.getString("fname"));
                        encryptionScheme.setAlgorithm(next.getString("falgorithm"));
                        encryptionScheme.setLength(Integer.parseInt(next.getString("flength")));
                        encryptionScheme.setSchemeKey(next.getString("fschemekey"));
                        localMemoryCache.put(valueOf, encryptionScheme);
                        if (queryDataSet != null) {
                            if (0 != 0) {
                                try {
                                    queryDataSet.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                queryDataSet.close();
                            }
                        }
                        return encryptionScheme;
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (queryDataSet != null) {
                    if (th != null) {
                        try {
                            queryDataSet.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        queryDataSet.close();
                    }
                }
                throw th3;
            }
        }
        if (queryDataSet != null) {
            if (0 != 0) {
                try {
                    queryDataSet.close();
                } catch (Throwable th5) {
                    th.addSuppressed(th5);
                }
            } else {
                queryDataSet.close();
            }
        }
        return null;
    }

    public static EncryptionScheme getEncryptionScheme(String str) {
        LocalMemoryCache localMemoryCache = getLocalMemoryCache(CACHE_ENCRYPTION_SCHEME);
        if (localMemoryCache.contains(str)) {
            return (EncryptionScheme) localMemoryCache.get(str);
        }
        DataSet queryDataSet = DB.queryDataSet("getEncryptionSchemeByNumber", DBRoute.base, " select fid, fnumber, fname, falgorithm, flength, fschemekey from t_perm_encryptionscheme where fnumber = ?", new Object[]{str});
        Throwable th = null;
        try {
            if (queryDataSet != null) {
                if (!queryDataSet.isEmpty()) {
                    Row next = queryDataSet.next();
                    EncryptionScheme encryptionScheme = new EncryptionScheme();
                    encryptionScheme.setPkId(next.getLong("fid").longValue());
                    encryptionScheme.setNumber(next.getString("fnumber"));
                    encryptionScheme.setName(next.getString("fname"));
                    encryptionScheme.setAlgorithm(next.getString("falgorithm"));
                    encryptionScheme.setLength(Integer.parseInt(next.getString("flength")));
                    encryptionScheme.setSchemeKey(next.getString("fschemekey"));
                    localMemoryCache.put(str, encryptionScheme);
                    if (queryDataSet != null) {
                        if (0 != 0) {
                            try {
                                queryDataSet.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            queryDataSet.close();
                        }
                    }
                    return encryptionScheme;
                }
            }
            return null;
        } finally {
            if (queryDataSet != null) {
                if (0 != 0) {
                    try {
                        queryDataSet.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                } else {
                    queryDataSet.close();
                }
            }
        }
    }

    public static void updateSchemeCache(String str, String str2, String str3) {
        LocalMemoryCache localMemoryCache = getLocalMemoryCache(CACHE_ENCRYPTION_SCHEME);
        if (localMemoryCache.contains(str)) {
            EncryptionScheme encryptionScheme = (EncryptionScheme) localMemoryCache.get(str);
            encryptionScheme.setSchemeKey(str3);
            localMemoryCache.put(str, encryptionScheme);
        }
        if (localMemoryCache.contains(str2)) {
            EncryptionScheme encryptionScheme2 = (EncryptionScheme) localMemoryCache.get(str2);
            encryptionScheme2.setSchemeKey(str3);
            localMemoryCache.put(str2, encryptionScheme2);
        }
    }

    public static JSONObject dataProcessing(String str, String str2, int i, String str3, boolean z) {
        String decrypt;
        String loadKDString;
        JSONObject jSONObject = new JSONObject();
        try {
        } catch (Exception e) {
            LOG.warn(z ? "Encrypt error" : "Decrypt error", e);
            error(jSONObject, e.getMessage());
        }
        if (StringUtils.isBlank(str)) {
            error(jSONObject, ResManager.loadKDString("获取工作密钥失败，请检查日志", "SchemeUtil_0", KEY_SYSTEM_TYPE, new Object[0]));
            return jSONObject;
        }
        if (z) {
            decrypt = MultiEncrypters.encrypt(str2, str, i, str3);
            loadKDString = ResManager.loadKDString("加密成功", "SchemeUtil_1", KEY_SYSTEM_TYPE, new Object[0]);
        } else {
            decrypt = MultiEncrypters.decrypt(str2, str, i, str3);
            loadKDString = ResManager.loadKDString("解密成功", "SchemeUtil_2", KEY_SYSTEM_TYPE, new Object[0]);
        }
        success(jSONObject, loadKDString, decrypt);
        return jSONObject;
    }

    public static void dataProcessing(String str, String str2, int i, List<PrivacyDataModel> list, boolean z) {
        if (StringUtils.isBlank(str)) {
            throw new RuntimeException(ResManager.loadKDString("获取工作密钥失败，请检查日志", "SchemeUtil_0", KEY_SYSTEM_TYPE, new Object[0]));
        }
        String loadKDString = z ? ResManager.loadKDString("加密", "SchemeUtil_3", KEY_SYSTEM_TYPE, new Object[0]) : ResManager.loadKDString("解密", "SchemeUtil_4", KEY_SYSTEM_TYPE, new Object[0]);
        TaskContext taskContext = new TaskContext(str2, str, i, z);
        int size = list.size();
        int i2 = (size / DEF_THREAD_COUNT) + 1;
        List synchronizedList = Collections.synchronizedList(list);
        ArrayList arrayList = new ArrayList();
        boolean z2 = false;
        for (int i3 = 0; i3 < DEF_THREAD_COUNT && !z2; i3++) {
            int i4 = i2 * i3;
            int i5 = i2 * (i3 + 1);
            if (i5 == 0 || i5 >= size) {
                i5 = size;
                z2 = true;
            }
            DataProcessingTask dataProcessingTask = new DataProcessingTask(taskContext, synchronizedList, i4, i5);
            dataProcessingTask.setCipher(MultiEncrypters.getCipher(taskContext.getAlgorithm()));
            dataProcessingTask.getClass();
            arrayList.add(CompletableFuture.runAsync(dataProcessingTask::process, EXECUTOR_SERVICE));
        }
        CompletableFuture.allOf((CompletableFuture[]) arrayList.toArray(new CompletableFuture[0])).whenComplete((r9, th) -> {
            if (th != null) {
                LOG.warn("EncryptionSchemeDataProcessing error", th);
                throw new RuntimeException(String.format(ResManager.loadKDString("%s失败，详情请查看日志", "SchemeUtil_5", KEY_SYSTEM_TYPE, new Object[0]), loadKDString));
            }
        }).join();
    }

    public static JSONObject generateSignature(String str, long j) {
        return generateSignature(str, getEncryptionScheme(j));
    }

    public static JSONObject generateSignature(String str, String str2) {
        return generateSignature(str, getEncryptionScheme(str2));
    }

    public static JSONObject generateSignature(String str, String str2, String str3) {
        String publicKeyFromMC = getPublicKeyFromMC(str2, str3);
        if (StringUtils.isBlank(publicKeyFromMC)) {
            throw new KDException(BosErrorCode.findPropertyFailed, new Object[]{ResManager.loadKDString("获取公钥失败。", "SchemeUtil_6", KEY_SYSTEM_TYPE, new Object[0])});
        }
        String correctSchemeKey = getCorrectSchemeKey(str3, str2);
        if (StringUtils.isBlank(correctSchemeKey)) {
            throw new KDException(BosErrorCode.findPropertyFailed, new Object[]{ResManager.loadKDString("获取FSchemeKey失败。", "SchemeUtil_7", KEY_SYSTEM_TYPE, new Object[0])});
        }
        try {
            PublicKey publicKey = RSAEncrypterUtil.getPublicKey(publicKeyFromMC);
            String workKey = getWorkKey(getPropertyFromZk(), RSAEncrypterUtil.decrypt(correctSchemeKey, publicKey), publicKey);
            JSONObject jSONObject = new JSONObject();
            generateSignature(str, jSONObject, workKey);
            return jSONObject;
        } catch (Exception e) {
            LOG.warn(ResManager.loadKDString("获取工作密钥失败", "SchemeUtil_27", KEY_SYSTEM_TYPE, new Object[0]), e);
            throw new KDException(BosErrorCode.findPropertyFailed, new Object[]{ResManager.loadKDString("获取工作密钥失败。", "SchemeUtil_8", KEY_SYSTEM_TYPE, new Object[0])});
        }
    }

    public static JSONObject generateSignature(Map<String, String> map, long j) {
        return generateSignature(map, getEncryptionScheme(j));
    }

    public static JSONObject generateSignature(Map<String, String> map, String str) {
        return generateSignature(map, getEncryptionScheme(str));
    }

    public static JSONObject generateSignature(Map<String, String> map, String str, String str2) {
        String publicKeyFromMC = getPublicKeyFromMC(str, str2);
        if (StringUtils.isBlank(publicKeyFromMC)) {
            throw new KDException(BosErrorCode.findPropertyFailed, new Object[]{ResManager.loadKDString("获取公钥失败。", "SchemeUtil_6", KEY_SYSTEM_TYPE, new Object[0])});
        }
        String correctSchemeKey = getCorrectSchemeKey(str2, str);
        if (StringUtils.isBlank(correctSchemeKey)) {
            throw new KDException(BosErrorCode.findPropertyFailed, new Object[]{ResManager.loadKDString("获取FSchemeKey失败。", "SchemeUtil_7", KEY_SYSTEM_TYPE, new Object[0])});
        }
        try {
            PublicKey publicKey = RSAEncrypterUtil.getPublicKey(publicKeyFromMC);
            String workKey = getWorkKey(getPropertyFromZk(), RSAEncrypterUtil.decrypt(correctSchemeKey, publicKey), publicKey);
            JSONObject jSONObject = new JSONObject();
            generateSignature(map, jSONObject, workKey);
            return jSONObject;
        } catch (Exception e) {
            LOG.warn(ResManager.loadKDString("获取工作密钥失败", "SchemeUtil_27", KEY_SYSTEM_TYPE, new Object[0]), e);
            throw new KDException(BosErrorCode.findPropertyFailed, new Object[]{ResManager.loadKDString("获取工作密钥失败。", "SchemeUtil_8", KEY_SYSTEM_TYPE, new Object[0])});
        }
    }

    public static void updateSchemeKey(long j, String str) {
        TXHandle requiresNew = TX.requiresNew();
        Throwable th = null;
        try {
            try {
                try {
                    DB.execute(DBRoute.base, "update t_perm_encryptionscheme set fschemekey = ? where fid = ?;", new Object[]{str, Long.valueOf(j)});
                } catch (Exception e) {
                    requiresNew.markRollback();
                    LOG.warn(String.format(ResManager.loadKDString("更新加密方案【%1$s】schemeKey失败，原因：%2$s", "SchemeUtil_9", KEY_SYSTEM_TYPE, new Object[0]), Long.valueOf(j), ExceptionUtils.getExceptionStackTraceMessage(e)));
                }
                if (requiresNew != null) {
                    if (0 == 0) {
                        requiresNew.close();
                        return;
                    }
                    try {
                        requiresNew.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (requiresNew != null) {
                if (th != null) {
                    try {
                        requiresNew.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    requiresNew.close();
                }
            }
            throw th4;
        }
    }

    public static String getPublicKey() {
        LocalMemoryCache localMemoryCache = getLocalMemoryCache(CACHE_PUBLIC_KEY);
        if (localMemoryCache.contains(CACHE_PUBLIC_KEY)) {
            String valueOf = String.valueOf(localMemoryCache.get(CACHE_PUBLIC_KEY));
            if (StringUtils.isNotBlank(valueOf)) {
                return valueOf;
            }
        }
        RequestContext requestContext = RequestContext.get();
        String publicKeyFromMC = getPublicKeyFromMC(requestContext.getTenantId(), requestContext.getAccountId());
        if (!StringUtils.isNotBlank(publicKeyFromMC)) {
            return "";
        }
        localMemoryCache.put(CACHE_PUBLIC_KEY, publicKeyFromMC);
        return publicKeyFromMC;
    }

    public static String getPublicKeyFromMC(String str, String str2) {
        JSONObject jSONObject;
        JSONObject postMc = postMc("/kapi/app/mc/generatePublicKey", createPostParams(str, str2), getMcAccessToken());
        return (!postMc.getBoolean("success").booleanValue() || (jSONObject = postMc.getJSONObject("data")) == null) ? "" : jSONObject.getString("publicKey");
    }

    public static JSONObject getSchemeKey(EncryptionScheme encryptionScheme, String str) {
        JSONObject jSONObject = new JSONObject();
        try {
        } catch (Exception e) {
            LOG.warn(ResManager.loadKDString("获取工作密钥加密id失败，原因：", "SchemeUtil_19", KEY_SYSTEM_TYPE, new Object[0]) + ExceptionUtils.getExceptionStackTraceMessage(e));
            error(jSONObject, ResManager.loadKDString("获取工作密钥id失败，请检查日志", "SchemeUtil_11", KEY_SYSTEM_TYPE, new Object[0]));
        }
        if (StringUtils.isBlank(str)) {
            throw new KDException(new ErrorCode("0", ResManager.loadKDString("公钥为空", "SchemeUtil_10", KEY_SYSTEM_TYPE, new Object[0])), new Object[0]);
        }
        JSONObject schemeKey = getSchemeKey(RSAEncrypterUtil.encrypt(String.valueOf(encryptionScheme.getPkId()), RSAEncrypterUtil.getPublicKey(str)), encryptionScheme);
        if (schemeKey.getBoolean("success").booleanValue()) {
            success(jSONObject, "", schemeKey.getJSONObject("data").getString("dataKeyId"));
        } else {
            error(jSONObject, schemeKey.getString("description"));
        }
        return jSONObject;
    }

    public static String getCorrectSchemeKey(String str, String str2) {
        Account correctAccount = AccountUtils.getCorrectAccount(str, str2);
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                connection = MCDBUtil.getConnection(correctAccount, AccountUtils.getTenantDBInfo(correctAccount));
                preparedStatement = connection.prepareStatement("select fschemekey from t_perm_encryptionscheme where fnumber = 'LICENCE-SIGNATURE'");
                resultSet = preparedStatement.executeQuery();
                String string = resultSet.next() ? resultSet.getString("fschemekey") : "";
                SQLUtils.cleanup(resultSet, preparedStatement, connection);
                return string;
            } catch (Exception e) {
                LOG.warn(e);
                throw new KDException(e, BosErrorCode.sQLConnection, new Object[]{ErrorCodeUtils.getDBIntralError() + ErrorCodeUtils.getSlipSignerror() + e.getMessage()});
            }
        } catch (Throwable th) {
            SQLUtils.cleanup(resultSet, preparedStatement, connection);
            throw th;
        }
    }

    public static String getWorkKey(long j, String str, String str2) {
        LocalMemoryCache localMemoryCache = getLocalMemoryCache(CACHE_WORK_KEY);
        String str3 = "work_key_" + j;
        if (localMemoryCache.contains(str3)) {
            String valueOf = String.valueOf(localMemoryCache.get(str3));
            if (StringUtils.isNotBlank(valueOf)) {
                return valueOf;
            }
        }
        try {
            if (StringUtils.isBlank(str)) {
                throw new KDException(new ErrorCode("0", ResManager.loadKDString("公钥为空", "SchemeUtil_10", KEY_SYSTEM_TYPE, new Object[0])), new Object[0]);
            }
            PublicKey publicKey = RSAEncrypterUtil.getPublicKey(str);
            LocalMemoryCache localMemoryCache2 = getLocalMemoryCache(CACHE_KMS_KEY);
            String decrypt = RSAEncrypterUtil.decrypt(str2, publicKey);
            if (localMemoryCache2.contains(CACHE_KMS_KEY)) {
                String workKey = getWorkKey(String.valueOf(localMemoryCache2.get(CACHE_KMS_KEY)), decrypt, publicKey);
                if (StringUtils.isNotBlank(workKey)) {
                    localMemoryCache.put(str3, workKey);
                    return workKey;
                }
            }
            String property = System.getProperty("kms.key");
            if (property != null) {
                localMemoryCache2.put(CACHE_KMS_KEY, property);
                String workKey2 = getWorkKey(property, decrypt, publicKey);
                if (StringUtils.isNotBlank(workKey2)) {
                    localMemoryCache.put(str3, workKey2);
                    return workKey2;
                }
            }
            String propertyFromZk = getPropertyFromZk();
            localMemoryCache2.put(CACHE_KMS_KEY, propertyFromZk);
            String workKey3 = getWorkKey(propertyFromZk, decrypt, publicKey);
            if (StringUtils.isNotBlank(workKey3)) {
                localMemoryCache.put(str3, workKey3);
            }
            return workKey3;
        } catch (Exception e) {
            LOG.warn(ResManager.loadKDString("获取工作密钥失败，原因：", "SchemeUtil_20", KEY_SYSTEM_TYPE, new Object[0]) + ExceptionUtils.getExceptionStackTraceMessage(e));
            return "";
        }
    }

    private static String getWorkKey(String str, String str2, PublicKey publicKey) {
        String str3 = "";
        JSONObject parseObject = JSON.parseObject(str);
        if (parseObject != null && parseObject.containsKey(str2)) {
            String string = parseObject.getString(str2);
            if (StringUtils.isNotBlank(string)) {
                try {
                    str3 = RSAEncrypterUtil.decrypt(string, publicKey);
                } catch (Exception e) {
                    str3 = string;
                }
            }
        }
        return str3;
    }

    private static LocalMemoryCache getLocalMemoryCache(String str) {
        String type = getType(str);
        CacheConfigInfo cacheConfigInfo = new CacheConfigInfo();
        cacheConfigInfo.setTimeout(86400);
        cacheConfigInfo.setMaxItemSize(500);
        return CacheFactory.getCommonCacheFactory().$getOrCreateLocalMemoryCache("perm_encryptionscheme", type, cacheConfigInfo);
    }

    private static JSONObject createPostParams() {
        RequestContext requestContext = RequestContext.get();
        return createPostParams(requestContext.getTenantId(), requestContext.getAccountId());
    }

    private static JSONObject createPostParams(String str, String str2) {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("dcId", str2);
        jSONObject.put("tenantId", str);
        return jSONObject;
    }

    private static JSONObject generateSignature(String str, EncryptionScheme encryptionScheme) {
        JSONObject jSONObject = new JSONObject();
        if (str == null) {
            error(jSONObject, ResManager.loadKDString("请提供正确的数据", "SchemeUtil_12", KEY_SYSTEM_TYPE, new Object[0]));
            return jSONObject;
        }
        String signatureValidate = signatureValidate(encryptionScheme, jSONObject);
        if (StringUtils.isBlank(signatureValidate)) {
            return jSONObject;
        }
        generateSignature(str, jSONObject, signatureValidate);
        return jSONObject;
    }

    private static JSONObject generateSignature(Map<String, String> map, EncryptionScheme encryptionScheme) {
        JSONObject jSONObject = new JSONObject();
        if (map == null || map.isEmpty()) {
            error(jSONObject, ResManager.loadKDString("请提供正确的数据", "SchemeUtil_12", KEY_SYSTEM_TYPE, new Object[0]));
            return jSONObject;
        }
        String signatureValidate = signatureValidate(encryptionScheme, jSONObject);
        if (StringUtils.isBlank(signatureValidate)) {
            return jSONObject;
        }
        generateSignature(map, jSONObject, signatureValidate);
        return jSONObject;
    }

    private static void generateSignature(String str, JSONObject jSONObject, String str2) {
        String sHA256StrJava = SHAUtils.getSHA256StrJava(str + "&key=" + str2);
        if (StringUtils.isNotBlank(sHA256StrJava)) {
            success(jSONObject, ResManager.loadKDString("签名成功", "SchemeUtil_13", KEY_SYSTEM_TYPE, new Object[0]), sHA256StrJava);
        } else {
            error(jSONObject, ResManager.loadKDString("签名失败", "SchemeUtil_14", KEY_SYSTEM_TYPE, new Object[0]));
        }
    }

    private static void generateSignature(Map<String, String> map, JSONObject jSONObject, String str) {
        HashMap hashMap = new HashMap(map.size());
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String key = entry.getKey();
            String value = entry.getValue();
            if (value == null) {
                hashMap.put(key, "");
            } else {
                hashMap.put(key, SHAUtils.getSHA256StrJava("group=" + key + "&value=" + value + "&key=" + str));
            }
        }
        success(jSONObject, ResManager.loadKDString("签名完成", "SchemeUtil_15", KEY_SYSTEM_TYPE, new Object[0]), hashMap);
    }

    private static JSONObject postMc(String str, JSONObject jSONObject, String str2) {
        JSONObject parseObject;
        JSONObject jSONObject2 = new JSONObject();
        try {
            String str3 = System.getProperty("mc.server.url") + str;
            LOG.debug(ResManager.loadKDString("加密方案请求url：", "SchemeUtil_22", KEY_SYSTEM_TYPE, new Object[0]) + str3);
            HashMap hashMap = new HashMap(1);
            hashMap.put("Content-type", "application/json;charset=UTF-8");
            hashMap.put("access_token", str2);
            hashMap.put("api", "true");
            hashMap.put("accessToken", str2);
            String jSONString = JSON.toJSONString(jSONObject);
            LOG.debug(String.format(ResManager.loadKDString("加密方案请求%1$s参数：%2$s", "SchemeUtil_23", KEY_SYSTEM_TYPE, new Object[0]), str, jSONString));
            String postjson = HttpClientUtils.postjson(str3, hashMap, jSONString);
            LOG.debug(String.format(ResManager.loadKDString("加密方案请求%1$s返参：%2$s", "SchemeUtil_24", KEY_SYSTEM_TYPE, new Object[0]), str, postjson));
            if (StringUtils.isNotBlank(postjson) && (parseObject = JSON.parseObject(postjson)) != null) {
                boolean booleanValue = parseObject.getBoolean("success").booleanValue();
                String string = parseObject.getString("errorcode");
                if (booleanValue && StringUtils.equals(string, CODE_SUCCESS)) {
                    success(jSONObject2, "", parseObject.getJSONObject("data"));
                } else {
                    error(jSONObject2, parseObject.getString("description"));
                }
            }
        } catch (IOException e) {
            LOG.warn(String.format(ResManager.loadKDString("加密方案请求%1$s失败，原因：%2$s", "SchemeUtil_21", KEY_SYSTEM_TYPE, new Object[0]), str, e.getMessage()));
        }
        return jSONObject2;
    }

    private static String signatureValidate(EncryptionScheme encryptionScheme, JSONObject jSONObject) {
        if (encryptionScheme == null) {
            error(jSONObject, ResManager.loadKDString("未找到对应的加密方案", "SchemeUtil_16", KEY_SYSTEM_TYPE, new Object[0]));
            return "";
        }
        String publicKey = getPublicKey();
        if (StringUtils.isBlank(publicKey)) {
            error(jSONObject, ResManager.loadKDString("获取公钥失败，请检查日志", "SchemeUtil_17", KEY_SYSTEM_TYPE, new Object[0]));
            return "";
        }
        long pkId = encryptionScheme.getPkId();
        String schemeKey = encryptionScheme.getSchemeKey();
        if (StringUtils.isBlank(schemeKey)) {
            JSONObject schemeKey2 = getSchemeKey(encryptionScheme, publicKey);
            if (!schemeKey2.getBoolean("success").booleanValue()) {
                error(jSONObject, schemeKey2.getString("description"));
                return "";
            }
            schemeKey = schemeKey2.getString("data");
            updateSchemeKey(pkId, schemeKey);
            updateSchemeCache(String.valueOf(pkId), encryptionScheme.getNumber(), schemeKey);
        }
        String workKey = getWorkKey(pkId, publicKey, schemeKey);
        if (!StringUtils.isBlank(workKey)) {
            return workKey;
        }
        error(jSONObject, ResManager.loadKDString("获取工作密钥失败，请检查日志", "SchemeUtil_0", KEY_SYSTEM_TYPE, new Object[0]));
        return "";
    }

    private static String getMcAccessToken() {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("accountId", "");
        jSONObject.put("tenantId", "");
        String property = System.getProperty("mc.server.url");
        try {
            LOG.debug(ResManager.loadKDString("请求token的url：", "SchemeUtil_26", KEY_SYSTEM_TYPE, new Object[0]) + property + "/api/upgradeLogin.do");
            return JSON.parseObject(HttpClientUtils.postjson(property + "/api/upgradeLogin.do", (Map) null, JSON.toJSONString(jSONObject))).getJSONObject("data").getString("access_token");
        } catch (Exception e) {
            LOG.warn(ResManager.loadKDString("获取token失败，原因：", "SchemeUtil_25", KEY_SYSTEM_TYPE, new Object[0]) + e.getMessage());
            return "";
        }
    }

    private static String getPropertyFromZk() {
        Configuration configurationByPath = ConfigurationFactory.getConfigurationByPath(ZKFactory.getZkRootPath(SystemProperties.getWithEnv("configUrl")) + Instance.getClusterName() + "/config/common/prop");
        configurationByPath.keys();
        String property = configurationByPath.getProperty("kms.properties");
        return property.substring(property.indexOf("{"));
    }

    private static JSONObject getSchemeKey(String str, EncryptionScheme encryptionScheme) {
        JSONObject createPostParams = createPostParams();
        createPostParams.put("schemaId", str);
        createPostParams.put("keySize", Integer.valueOf(encryptionScheme.getLength()));
        if (!StringUtils.equals(encryptionScheme.getSource(), "0")) {
            createPostParams.put("isTrust", true);
            createPostParams.put("trustDataKey", encryptionScheme.getTrustDataKey());
        }
        return postMc("/kapi/app/mc/generateDataKey", createPostParams, getMcAccessToken());
    }

    private static String getType(String str) {
        String acctId = CacheKeyUtil.getAcctId();
        if (StringUtils.isBlank(acctId)) {
            throw new RuntimeException(ResManager.loadKDString("当前数据中心为空。", "SchemeUtil_18", KEY_SYSTEM_TYPE, new Object[0]));
        }
        return str + "_result_" + acctId;
    }

    private static int getThreadSize() {
        int i;
        try {
            i = Math.max(ParameterReader.getBillParameter("perm_encryptionscheme").getInt("thread_size"), 5000);
        } catch (Exception e) {
            LOG.warn("SchemeUtil.getThreadSize error", e);
            i = 5000;
        }
        return i;
    }
}
