package kd.ebg.aqap.banks.huifu.dc.service;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.TreeMap;
import kd.bos.dataentity.resource.ResManager;
import kd.ebg.aqap.common.model.CertInfo;
import kd.ebg.aqap.common.model.repository.CertRepository;
import kd.ebg.aqap.common.utils.SpringContextUtil;
import kd.ebg.egf.common.context.RequestContextUtils;
import kd.ebg.egf.common.exception.EBExceiptionUtil;
import kd.ebg.egf.common.framework.security.manage.AESCipherSecurity;
import kd.ebg.egf.common.framework.security.manage.CipherInfo;
import kd.ebg.egf.common.log.EBGLogger;
import kd.ebg.egf.common.utils.DesUtil;
import kd.ebg.egf.common.utils.string.StringUtils;

/* loaded from: input_file:kd/ebg/aqap/banks/huifu/dc/service/Crypto.class */
public class Crypto {
    private static final EBGLogger logger = EBGLogger.getInstance().getLogger(Crypto.class);

    public static String sign(JSONObject jSONObject) {
        String jSONString = JSON.toJSONString(JSONObject.parseObject(jSONObject.toJSONString(), TreeMap.class));
        try {
            PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(getPlatformPri())));
            Signature signature = Signature.getInstance("SHA256WithRSA");
            signature.initSign(generatePrivate);
            signature.update(jSONString.getBytes(StandardCharsets.UTF_8));
            return Base64.getEncoder().encodeToString(signature.sign());
        } catch (Exception e) {
            logger.error("Exception", e);
            throw EBExceiptionUtil.serviceException(e);
        }
    }

    public static JSONObject verify(String str) {
        JSONObject parseObject = JSONObject.parseObject(str);
        String string = parseObject.getString("sign");
        try {
            PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(getPlatformPub())));
            Signature signature = Signature.getInstance("SHA256WithRSA");
            signature.initVerify(generatePublic);
            signature.update(string.getBytes(StandardCharsets.UTF_8));
            if (!signature.verify(Base64.getDecoder().decode(string))) {
                throw EBExceiptionUtil.serviceException(ResManager.loadKDString("验签失败", "Crypto_0", "ebg-aqap-banks-huifu-dc", new Object[0]));
            }
            String string2 = parseObject.getString("resp_code");
            String string3 = parseObject.getString("resp_desc");
            if ("00000000".equalsIgnoreCase(string2)) {
                return parseObject;
            }
            throw EBExceiptionUtil.serviceException(String.format(ResManager.loadKDString("响应异常,返回码%1$s,响应信息%2$s", "Crypto_2", "ebg-aqap-banks-huifu-dc", new Object[0]), string2, string3));
        } catch (Exception e) {
            logger.error("验签过程出现异常", e);
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("验签过程出现异常。", "Crypto_1", "ebg-aqap-banks-huifu-dc", new Object[0]), e);
        }
    }

    public static String getPlatformPub() {
        CertInfo findPlateFormCertByBankVersionIDAndBankConfigID = ((CertRepository) SpringContextUtil.getBean(CertRepository.class)).findPlateFormCertByBankVersionIDAndBankConfigID(RequestContextUtils.getRequestContext().getBankVersionID(), "plateForm_public_certInfo");
        if (findPlateFormCertByBankVersionIDAndBankConfigID == null) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("获取证书失败，联系银企云管理员配置银行公钥证书。", "Crypto_3", "ebg-aqap-banks-huifu-dc", new Object[0]));
        }
        CipherInfo cipherInfo = getCipherInfo(findPlateFormCertByBankVersionIDAndBankConfigID.getFileContent());
        return getKey(DesUtil.decryptProxyCert(cipherInfo.getFileBytes(), findPlateFormCertByBankVersionIDAndBankConfigID.getCustomID(), cipherInfo.getCipherVersion(), findPlateFormCertByBankVersionIDAndBankConfigID.getCertID()));
    }

    public static String getPlatformPri() {
        CertInfo findPlateFormCertByBankVersionIDAndBankConfigID = ((CertRepository) SpringContextUtil.getBean(CertRepository.class)).findPlateFormCertByBankVersionIDAndBankConfigID(RequestContextUtils.getRequestContext().getBankVersionID(), "plateForm_private_certInfo");
        if (findPlateFormCertByBankVersionIDAndBankConfigID == null) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("获取证书失败，联系银企云管理员配置平台级RSA私钥证书。", "Crypto_4", "ebg-aqap-banks-huifu-dc", new Object[0]));
        }
        CipherInfo cipherInfo = getCipherInfo(findPlateFormCertByBankVersionIDAndBankConfigID.getFileContent());
        return getKey(DesUtil.decryptProxyCert(cipherInfo.getFileBytes(), findPlateFormCertByBankVersionIDAndBankConfigID.getCustomID(), cipherInfo.getCipherVersion(), findPlateFormCertByBankVersionIDAndBankConfigID.getCertID()));
    }

    private static CipherInfo getCipherInfo(String str) {
        CipherInfo cipherInfo = ((AESCipherSecurity) SpringContextUtil.getBean(AESCipherSecurity.class)).getCipherInfo(str);
        if (cipherInfo.getCipherVersion() == 0) {
            cipherInfo.setFileBytes(Base64.getDecoder().decode(cipherInfo.getCipherData()));
        } else {
            cipherInfo.setFileBytes(org.apache.commons.codec.binary.Base64.decodeBase64(cipherInfo.getCipherData()));
        }
        return cipherInfo;
    }

    private static String getKey(byte[] bArr) {
        return StringUtils.byteToString(bArr);
    }
}
