package kd.ebg.aqap.business.cert;

import com.google.common.base.Preconditions;
import java.net.MalformedURLException;
import java.time.LocalDateTime;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import kd.bos.dataentity.entity.DynamicObject;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.servicehelper.operation.SaveServiceHelper;
import kd.ebg.aqap.business.cert.utils.SMUtil;
import kd.ebg.aqap.common.entity.biz.cert.CertKeyValueInfo;
import kd.ebg.aqap.common.entity.biz.cert.CertRequest;
import kd.ebg.aqap.common.entity.biz.cert.CertResponse;
import kd.ebg.aqap.common.entity.biz.cert.CertResponseBody;
import kd.ebg.aqap.common.framework.bank.meta.template.OPAMetaDataTemplate;
import kd.ebg.aqap.common.model.CertInfo;
import kd.ebg.aqap.common.model.constant.CertSource;
import kd.ebg.aqap.common.model.constant.CertTypeEnum;
import kd.ebg.aqap.common.model.repository.CertRepository;
import kd.ebg.aqap.common.model.repository.UserCertRepository;
import kd.ebg.aqap.common.utils.SpringContextUtil;
import kd.ebg.aqap.common.utils.gdbopa.GDBOpaSMUtil;
import kd.ebg.egf.common.context.EBContext;
import kd.ebg.egf.common.exception.EBExceiptionUtil;
import kd.ebg.egf.common.framework.biz.EBServiceMethod;
import kd.ebg.egf.common.framework.security.manage.AESCipherSecurity;
import kd.ebg.egf.common.framework.security.manage.CipherInfo;
import kd.ebg.egf.common.log.EBGLogger;
import kd.ebg.egf.common.repository.bank.login.BankLoginConfigRepository;
import kd.ebg.egf.common.repository.bank.login.BankLoginRepository;
import kd.ebg.egf.common.utils.CipherInfoUtil;
import kd.ebg.egf.common.utils.DesUtil;
import kd.ebg.egf.common.utils.string.StringUtils;

/* loaded from: input_file:kd/ebg/aqap/business/cert/CertMethod.class */
public class CertMethod implements EBServiceMethod<CertRequest, CertResponse> {
    private static EBGLogger logger = EBGLogger.getInstance().getLogger(CertMethod.class);
    private BankLoginRepository bankLoginRepository = (BankLoginRepository) SpringContextUtil.getBean(BankLoginRepository.class);
    private BankLoginConfigRepository bankLoginConfigRepository = (BankLoginConfigRepository) SpringContextUtil.getBean(BankLoginConfigRepository.class);
    private CertRepository certRepository = (CertRepository) SpringContextUtil.getBean(CertRepository.class);
    private UserCertRepository userCertRepository = (UserCertRepository) SpringContextUtil.getBean(UserCertRepository.class);
    private String cmb_rsa_key = "rsa_key";
    private String cmb_aes_key = "aes_key";

    public CertResponse executeClientRequest(CertRequest certRequest, EBContext eBContext) throws MalformedURLException {
        String bankLoginID = certRequest.getBody().getBankLoginID();
        String customID = eBContext.getCustomID();
        Preconditions.checkArgument(!StringUtils.isEmpty(bankLoginID), ResManager.loadKDString("前置机编号不能为空。", "CertMethod_0", "ebg-aqap-business", new Object[0]));
        String str = bankLoginID.split("-")[0];
        if (!"CMB_OPA".equalsIgnoreCase(str) && !"GDB_OPA".equalsIgnoreCase(str) && !"CMB_ECNY".equalsIgnoreCase(str)) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("当前银行版本不支持生成证书。", "CertMethod_1", "ebg-aqap-business", new Object[0]));
        }
        if (this.bankLoginRepository.findById(bankLoginID, customID) == null) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("当前前置机不存在或者不属于当前租户！", "CertMethod_2", "ebg-aqap-business", new Object[0]));
        }
        DynamicObject[] bankLoginCerDatas = this.userCertRepository.getBankLoginCerDatas(bankLoginID, customID);
        List<CertKeyValueInfo> cMBOPACert = ("CMB_OPA".equalsIgnoreCase(str) || "CMB_ECNY".equalsIgnoreCase(str)) ? getCMBOPACert(certRequest, bankLoginCerDatas, str, bankLoginID, customID) : getGDBOPACert(certRequest, bankLoginCerDatas, str, bankLoginID, customID);
        CertResponse certResponse = new CertResponse();
        CertResponseBody certResponseBody = new CertResponseBody();
        certResponseBody.setCertList(cMBOPACert);
        certResponse.setBody(certResponseBody);
        return certResponse;
    }

    List<CertKeyValueInfo> getGDBOPACert(CertRequest certRequest, DynamicObject[] dynamicObjectArr, String str, String str2, String str3) {
        ArrayList arrayList = new ArrayList(16);
        if (dynamicObjectArr == null || dynamicObjectArr.length <= 0) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("流程异常，请先签约再获取秘钥。", "CertMethod_10", "ebg-aqap-business", new Object[0]));
        }
        if (certRequest.getBody().isCompelled()) {
            Map sMKey = GDBOpaSMUtil.getSMKey();
            String str4 = (String) sMKey.get("publicKey");
            GDBOpaSMUtil.saveBankLoginCert(str4, (String) sMKey.get("privateKey"), str, str2, str3);
            arrayList.add(new CertKeyValueInfo(OPAMetaDataTemplate.PublicKey, str4));
        } else {
            for (DynamicObject dynamicObject : dynamicObjectArr) {
                if (OPAMetaDataTemplate.PublicKey.equalsIgnoreCase(dynamicObject.getString("bank_config_id"))) {
                    arrayList.add(new CertKeyValueInfo(OPAMetaDataTemplate.PublicKey, decryptCert(dynamicObject.getString("bank_config_value_tag"), dynamicObject.getString("custom_id"))));
                }
            }
        }
        return arrayList;
    }

    List<CertKeyValueInfo> getCMBOPACert(CertRequest certRequest, DynamicObject[] dynamicObjectArr, String str, String str2, String str3) {
        DynamicObject dynamicObject = null;
        DynamicObject dynamicObject2 = null;
        if (dynamicObjectArr != null && dynamicObjectArr.length > 0) {
            if (!certRequest.getBody().isCompelled()) {
                throw EBExceiptionUtil.serviceException(ResManager.loadKDString("当前已经生成过证书。", "CertMethod_3", "ebg-aqap-business", new Object[0]));
            }
            for (DynamicObject dynamicObject3 : dynamicObjectArr) {
                if ("aes_key".equalsIgnoreCase(dynamicObject3.getString("bank_config_id"))) {
                    dynamicObject = dynamicObject3;
                } else if (this.cmb_rsa_key.equalsIgnoreCase(dynamicObject3.getString("bank_config_id"))) {
                    dynamicObject2 = dynamicObject3;
                }
            }
        }
        String gen16SM4Key = SMUtil.gen16SM4Key();
        CertInfo findPlateFormCertByBankVersionIDAndBankConfigID = this.certRepository.findPlateFormCertByBankVersionIDAndBankConfigID(str, "plateForm_public_certInfo");
        if (findPlateFormCertByBankVersionIDAndBankConfigID == null) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("获取银行公钥失败，联系银企云管理员配置银行公钥证书。", "CertMethod_4", "ebg-aqap-business", new Object[0]));
        }
        String genSM4EncryptKey = SMUtil.genSM4EncryptKey(gen16SM4Key, StringUtils.byteToString(DesUtil.decryptProxyCert(decode(findPlateFormCertByBankVersionIDAndBankConfigID.getFileContent()), findPlateFormCertByBankVersionIDAndBankConfigID.getCustomID(), getVersion(findPlateFormCertByBankVersionIDAndBankConfigID.getFileContent()), findPlateFormCertByBankVersionIDAndBankConfigID.getCertID())));
        try {
            Map CMBSM2KeyGen = SMUtil.CMBSM2KeyGen();
            byte[] bArr = (byte[]) CMBSM2KeyGen.get("publickey");
            byte[] bArr2 = (byte[]) CMBSM2KeyGen.get("privatekey");
            String encodeToString = Base64.getEncoder().encodeToString(bArr);
            String encodeToString2 = Base64.getEncoder().encodeToString(bArr2);
            String str4 = CertSource.SYSTEM.getSource() + "";
            String str5 = CertTypeEnum.PLATEFORM.getType() + "";
            LocalDateTime.of(2099, 12, 30, 23, 59, 59);
            if (dynamicObject == null) {
                this.userCertRepository.addBankLoginCert(this.cmb_aes_key, ResManager.loadKDString("加密密钥", "CertMethod_6", "ebg-aqap-business", new Object[0]), str, str2, str3, encryptCert(gen16SM4Key, str3), "", str4, str5);
            } else {
                this.userCertRepository.updateBankLoginCert(dynamicObject, this.cmb_aes_key, ResManager.loadKDString("加密密钥", "CertMethod_6", "ebg-aqap-business", new Object[0]), str, str2, str3, encryptCert(gen16SM4Key, str3), "", str4, str5);
            }
            if (dynamicObject2 == null) {
                this.userCertRepository.addBankLoginCert(this.cmb_rsa_key, ResManager.loadKDString("签名私钥", "CertMethod_7", "ebg-aqap-business", new Object[0]), str, str2, str3, encryptCert(encodeToString2, str3), "", str4, str5);
            } else {
                this.userCertRepository.updateBankLoginCert(dynamicObject2, this.cmb_rsa_key, ResManager.loadKDString("签名私钥", "CertMethod_7", "ebg-aqap-business", new Object[0]), str, str2, str3, encryptCert(encodeToString2, str3), "", str4, str5);
            }
            updateSignType(str2, str3, str);
            ArrayList arrayList = new ArrayList(2);
            arrayList.add(new CertKeyValueInfo(this.cmb_aes_key, genSM4EncryptKey));
            arrayList.add(new CertKeyValueInfo(this.cmb_rsa_key, encodeToString));
            return arrayList;
        } catch (Exception e) {
            logger.error("生成国密SM公私钥异常：{}", new Object[]{e.getMessage()});
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("国密SM秘钥获取失败。", "CertMethod_5", "ebg-aqap-business", new Object[0]));
        }
    }

    void updateSignType(String str, String str2, String str3) {
        DynamicObject loadByBankLoginIDAndCustomIDAndBankConfigID = this.bankLoginConfigRepository.loadByBankLoginIDAndCustomIDAndBankConfigID(str, str2, "sign_type");
        if (loadByBankLoginIDAndCustomIDAndBankConfigID == null) {
            this.bankLoginConfigRepository.save("sign_type", ResManager.loadKDString("加解密算法", "CertMethod_8", "ebg-aqap-business", new Object[0]), false, false, str, str3, "SM", str2, "ebg");
        } else {
            loadByBankLoginIDAndCustomIDAndBankConfigID.set("bank_config_value", "SM");
            SaveServiceHelper.save(new DynamicObject[]{loadByBankLoginIDAndCustomIDAndBankConfigID});
        }
    }

    static String encryptCert(String str, String str2) {
        try {
            return ((AESCipherSecurity) SpringContextUtil.getBean(AESCipherSecurity.class)).encrypt(str.getBytes());
        } catch (Exception e) {
            logger.error("密钥加密存库异常：{}", new Object[]{e.getMessage()});
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("密钥加密存库异常。", "CertMethod_9", "ebg-aqap-business", new Object[0]));
        }
    }

    static String decryptCert(String str, String str2) {
        try {
            CipherInfo cipherInfo = CipherInfoUtil.getCipherInfo(str);
            return CipherInfoUtil.getKey(DesUtil.decryptProxyCert(cipherInfo.getFileBytes(), str2, cipherInfo.getCipherVersion(), ""));
        } catch (Exception e) {
            logger.error("密钥解密异常：{}", new Object[]{e.getMessage()});
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("密钥解密异常。", "CertMethod_11", "ebg-aqap-business", new Object[0]));
        }
    }

    byte[] decode(String str) {
        return getVersion(str) == 0 ? Base64.getDecoder().decode(str) : org.apache.commons.codec.binary.Base64.decodeBase64(str.split("\\|")[0]);
    }

    int getVersion(String str) {
        int i = 0;
        String[] split = str.split("\\|");
        try {
            if (split.length == 2) {
                i = Integer.parseInt(split[1]);
            }
        } catch (Exception e) {
        }
        return i;
    }

    public boolean needCheckAccNo() {
        return false;
    }

    public String bizName() {
        return "cert";
    }
}
