package kd.bos.openapi.base.security.auth.impl;

import com.alibaba.fastjson.JSON;
import java.util.Date;
import java.util.UUID;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.openapi.base.security.api.impl.ApiSecurityFactory;
import kd.bos.openapi.base.security.auth.ResultHandleService;
import kd.bos.openapi.base.util.ShaSignUtils;
import kd.bos.openapi.base.util.ThirdAppSecurityUtil;
import kd.bos.openapi.common.constant.ApiErrorCode;
import kd.bos.openapi.common.exception.OpenApiException;
import kd.bos.openapi.common.result.OpenApiResult;
import kd.bos.openapi.common.util.DateUtil;
import kd.bos.openapi.common.util.EncryptUtil;
import kd.bos.openapi.common.util.StringUtil;
import kd.bos.openapi.form.plugin.thirdapp.entity.StrategyTypeCodeEnum;
import kd.bos.openapi.security.ApiSecurityService;
import kd.bos.openapi.security.CertKeyUtil;
import kd.bos.openapi.security.model.CertificateInfo;
import kd.bos.openapi.security.model.EncryptInfo;
import kd.bos.openapi.security.model.EncryptionEnum;
import kd.bos.openapi.security.model.Open3rdappsDto;
import kd.bos.openapi.security.model.ResponseSecurityDto;

/* loaded from: input_file:kd/bos/openapi/base/security/auth/impl/SignResultHandleServiceImpl.class */
public class SignResultHandleServiceImpl implements ResultHandleService {
    private static final Log log = LogFactory.getLog(SignResultHandleServiceImpl.class);

    @Override // kd.bos.openapi.base.security.auth.ResultHandleService
    public <T> Object doResultHandle(ResponseSecurityDto<T> responseSecurityDto) {
        Open3rdappsDto thirdByAccountAndThirdId = ThirdAppSecurityUtil.getThirdByAccountAndThirdId(responseSecurityDto.getAccountId(), responseSecurityDto.getThirdId());
        if (!thirdByAccountAndThirdId.isSignAuthEnable()) {
            log.info("thirdApp signAuthEnable is false");
            return responseSecurityDto.getData();
        }
        if ((!thirdByAccountAndThirdId.isEncryptAllApi() && thirdByAccountAndThirdId.getEncryptApiMap().isEmpty()) || (!thirdByAccountAndThirdId.isEncryptAllApi() && !thirdByAccountAndThirdId.isEncryptApi(responseSecurityDto.getUrl()))) {
            log.info("thirdApp encrypt api list is null");
            return responseSecurityDto.getData();
        }
        String str = "";
        if (responseSecurityDto.getData() != null) {
            if (responseSecurityDto.getData() instanceof OpenApiResult) {
                OpenApiResult openApiResult = (OpenApiResult) responseSecurityDto.getData();
                if (openApiResult.getData() != null) {
                    str = JSON.toJSONString(openApiResult.getData());
                    openApiResult.setData((Object) null);
                }
            } else {
                str = JSON.toJSONString(responseSecurityDto.getData());
                responseSecurityDto.setData((Object) null);
            }
        }
        String sense = responseSecurityDto.getSense();
        boolean equals = StrategyTypeCodeEnum.ACCESS_TOKEN_CODE.equals(sense);
        if (ApiSecurityFactory.isSecurityLogOpen()) {
            log.info("doResultHandle---------sense:" + sense + " thirdId:" + responseSecurityDto.getThirdId());
        }
        ApiSecurityService apiSecurityService = ApiSecurityFactory.getApiSecurityService();
        try {
            CertificateInfo certificateInfo = (CertificateInfo) thirdByAccountAndThirdId.getCertMaps().get(CertKeyUtil.getCertKey(StrategyTypeCodeEnum.SIGN_AUTH_CODE, "0"));
            CertificateInfo certificateInfo2 = (CertificateInfo) thirdByAccountAndThirdId.getCertMaps().get(CertKeyUtil.getCertKey(StrategyTypeCodeEnum.SIGN_AUTH_CODE, StrategyTypeCodeEnum.ACCESS_TOKEN_CODE));
            if (!StringUtil.isEmpty(str)) {
                EncryptInfo encryptInfo = null;
                switch (thirdByAccountAndThirdId.getSignType().intValue()) {
                    case 1:
                        encryptInfo = apiSecurityService.encrypt(str, EncryptionEnum.getEncryption(thirdByAccountAndThirdId.getEncryption()), (String) null, certificateInfo.getPrivateKeyBase64());
                        break;
                    case 2:
                        if (!equals) {
                            encryptInfo = apiSecurityService.encrypt(str, EncryptionEnum.getEncryption(thirdByAccountAndThirdId.getEncryption()), certificateInfo.getPublicKeyBase64(), (String) null);
                            break;
                        } else {
                            encryptInfo = apiSecurityService.encrypt(str, EncryptionEnum.getEncryption(thirdByAccountAndThirdId.getEncryption()), certificateInfo2.getPublicKeyBase64(), (String) null);
                            break;
                        }
                }
                if (encryptInfo != null) {
                    responseSecurityDto.setEncryptData(encryptInfo.getEncryptInfo());
                    responseSecurityDto.setDgtlEnvlp(encryptInfo.getDgtlEnvlp());
                }
            }
            switch (thirdByAccountAndThirdId.getSignType().intValue()) {
                case 1:
                    String decode = EncryptUtil.decode(thirdByAccountAndThirdId.getSignShaKey());
                    String uuid = UUID.randomUUID().toString();
                    String convertToStr = DateUtil.convertToStr("yyyy-MM-dd HH:mm:ss", new Date());
                    responseSecurityDto.setSignatureNonce(uuid);
                    responseSecurityDto.setTimestamp(convertToStr);
                    responseSecurityDto.setSignature(ApiSecurityFactory.getSignService().signBySha256(ShaSignUtils.getSignatureString(convertToStr, uuid, JSON.toJSONString(responseSecurityDto)).toString(), decode));
                    break;
                case 2:
                    String jSONString = JSON.toJSONString(responseSecurityDto);
                    responseSecurityDto.setSignature(equals ? apiSecurityService.signByPrivateKey(jSONString, certificateInfo.getPrivateKeyBase64()) : apiSecurityService.signByPrivateKey(jSONString, certificateInfo2.getPrivateKeyBase64()));
                    break;
            }
            return responseSecurityDto;
        } catch (Exception e) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "doResultHandle  error:" + e.getMessage(), new Object[0]);
        }
    }
}
