package kd.ebg.aqap.common.security.utils;

import java.io.ByteArrayInputStream;
import java.nio.charset.Charset;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import kd.bos.dataentity.entity.DynamicObject;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.orm.query.QFilter;
import kd.bos.servicehelper.BusinessDataServiceHelper;
import kd.ebg.aqap.common.security.constants.SignConstants;
import kd.ebg.aqap.common.security.proxy.ProxyException;
import kd.ebg.aqap.common.security.proxy.ProxySignature;
import kd.ebg.aqap.common.utils.SpringContextUtil;
import kd.ebg.egf.common.framework.security.manage.AESCipherSecurity;

/* loaded from: input_file:kd/ebg/aqap/common/security/utils/PaySignature.class */
public class PaySignature {
    private static final PaySignature instance = new PaySignature();
    private boolean isInit;
    private ProxySignature signature;
    private ProxySignature verifySignature;

    public static PaySignature getInstance() {
        return instance;
    }

    public void setSignature(ProxySignature proxySignature) {
        this.signature = proxySignature;
    }

    public ProxySignature getSignature() {
        return this.signature;
    }

    public void setVerifySignature(ProxySignature proxySignature) {
        this.verifySignature = proxySignature;
    }

    public ProxySignature getVerifySignature() {
        return this.verifySignature;
    }

    private static Map<String, String> getPaySignKey(boolean z) {
        HashMap hashMap = new HashMap(2);
        DynamicObject loadSingleFromCache = BusinessDataServiceHelper.loadSingleFromCache("aqap_bd_cert", "bank_config_value, bank_config_value_tag", (z ? QFilter.of("file_name=? and bank_config_id=?", new Object[]{"pay_sign.jks", "private_key"}) : QFilter.of("file_name=? and bank_config_id=?", new Object[]{"pay_unsign.jks", "public_key"})).toArray());
        if (loadSingleFromCache != null) {
            AESCipherSecurity aESCipherSecurity = (AESCipherSecurity) SpringContextUtil.getBean(AESCipherSecurity.class);
            String decrypt = aESCipherSecurity.decrypt(loadSingleFromCache.getString("bank_config_value"));
            hashMap.put("key", aESCipherSecurity.decrypt(loadSingleFromCache.getString("bank_config_value_tag")));
            hashMap.put(SignConstants.CIPHER_PD, decrypt);
        }
        return hashMap;
    }

    public static void signInit() {
        if (getInstance().getSignature() == null) {
            Map<String, String> paySignKey = getPaySignKey(true);
            if (paySignKey.size() > 0) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.getDecoder().decode(paySignKey.get("key")));
                CertReader.setKeyStoreType(CertReader.JKS);
                CertReader certReader = new CertReader(byteArrayInputStream, paySignKey.get(SignConstants.CIPHER_PD), SignConstants.ALIAS);
                try {
                    certReader.initKeyStore();
                    ProxySignature proxySignature = new ProxySignature(certReader.getPublicKey(), certReader.getPrivateKey());
                    proxySignature.init();
                    getInstance().setSignature(proxySignature);
                } catch (Exception e) {
                    throw new ProxyException(ResManager.loadKDString("初始化签名密钥出错：。", "PaySignature_2", "ebg-aqap-common", new Object[0]) + "\n", e);
                }
            }
        }
        if (getInstance().getVerifySignature() == null) {
            Map<String, String> paySignKey2 = getPaySignKey(false);
            if (paySignKey2.size() > 0) {
                ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(Base64.getDecoder().decode(paySignKey2.get("key")));
                CertReader.setKeyStoreType(CertReader.JKS);
                CertReader certReader2 = new CertReader(byteArrayInputStream2, paySignKey2.get(SignConstants.CIPHER_PD), "");
                try {
                    certReader2.initKeyStore();
                    ProxySignature proxySignature2 = new ProxySignature(certReader2.getPublicKey());
                    proxySignature2.init();
                    getInstance().setVerifySignature(proxySignature2);
                } catch (Exception e2) {
                    throw new ProxyException(ResManager.loadKDString("初始化验签密钥出错：。", "PaySignature_3", "ebg-aqap-common", new Object[0]) + "\n", e2);
                }
            }
        }
        getInstance().isInit = true;
    }

    public String sign(String str) {
        if (!this.isInit) {
            signInit();
        }
        ProxySignature signature = getInstance().getSignature();
        if (signature != null) {
            return signature.sign(str.getBytes(Charset.forName("UTF-8")));
        }
        return null;
    }

    public boolean verify(String str, String str2) {
        if (!this.isInit) {
            signInit();
        }
        ProxySignature verifySignature = getInstance().getVerifySignature();
        if (verifySignature != null) {
            return verifySignature.verify(str, str2.getBytes(Charset.forName("UTF-8")));
        }
        return false;
    }
}
