package kd.ebg.egf.common.framework.communication;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.google.common.base.Strings;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.ConnectException;
import java.net.SocketException;
import java.security.KeyStore;
import java.util.Base64;
import java.util.Map;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
import kd.bos.context.RequestContext;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.util.StringUtils;
import kd.ebg.egf.common.constant.PropertiesConstants;
import kd.ebg.egf.common.context.EBContext;
import kd.ebg.egf.common.context.RequestContextUtils;
import kd.ebg.egf.common.entity.api.EntityKey;
import kd.ebg.egf.common.exception.EBExceiptionUtil;
import kd.ebg.egf.common.exception.EBLoginConnection;
import kd.ebg.egf.common.exception.EBSSLConnection;
import kd.ebg.egf.common.framework.communication.bean.OTRequest;
import kd.ebg.egf.common.framework.communication.bean.OTResponse;
import kd.ebg.egf.common.framework.communication.util.CertReader;
import kd.ebg.egf.common.framework.communication.util.IOUtils;
import kd.ebg.egf.common.framework.communication.util.ProxyConstants;
import kd.ebg.egf.common.framework.communication.util.ProxySignature;
import kd.ebg.egf.common.framework.conf.BankLoginConfigUtil;
import kd.ebg.egf.common.license.old.LicenseFileErrorException;
import kd.ebg.egf.common.log.EBGLogger;
import kd.ebg.egf.common.model.proxy.BankLoginProxyConfig;
import kd.ebg.egf.common.utils.DesUtil;
import kd.ebg.egf.common.utils.Sequence;
import kd.ebg.egf.common.utils.string.StrUtil;

/* loaded from: input_file:kd/ebg/egf/common/framework/communication/SSLConnection.class */
public class SSLConnection implements IConnection {
    protected IConnection connection;
    public static final int CFCA_PROXY = 1;
    public static final int SSL_PROXY = 2;
    private String DEFAULT_HOST;
    private int DEFAULT_PORT;
    private String CLIENT_KEY_STORE;
    private String CLIENT_TRUST_KEY_STORE;
    private String CLIENT_KEY_STORE_PASSWORD;
    private String CLIENT_TRUST_KEY_STORE_PASSWORD;
    private String host;
    private String port;
    private String uri;
    private Map<String, String> header;
    private String method;
    private String remoteUrl;
    private String protocol;
    private String charset;
    private String requestSeqID;
    private int proxyType;
    private String response;
    private SSLContext ctx;
    public static final int PACKETSIZE = 65535;
    private SSLSocket sslSocket;
    private BankLoginProxyConfig proxyConfig;
    private int timeout;
    private static final String BANK_MESSAGE_LOG = "aqap_message.";
    private static EBGLogger logger = EBGLogger.getInstance().getLogger(SSLConnection.class);
    public static int CONNECT_TEST_TIME_OUT = 10000;
    private String CLIENT_KEY_STORE_ALIAS = StrUtil.EMPTY;
    private String CLIENT_TRUST_KEY_STORE_ALIAS = StrUtil.EMPTY;
    private String RSA_SIGN_ALGO = "sha256";

    private static void writeLog(String str, String str2) {
        if (StringUtils.isEmpty(EBContext.getContext().getLogBizSeqID())) {
            EBContext.getContext().setLogBizSeqID(Sequence.gen18Sequence());
        }
        EBContext.getContext().setType(str);
        logger.infoFilerLog(str2);
    }

    public SSLConnection(IConnection iConnection, String str, String str2, int i, int i2, Map<String, String> map, Map<String, String> map2, String str3, EBContext eBContext) {
        this.timeout = 3;
        this.connection = iConnection;
        this.host = str2;
        this.port = String.valueOf(i);
        this.header = map2;
        this.protocol = str;
        this.charset = str3;
        this.proxyType = eBContext.getProxyType().intValue();
        this.timeout = i2 > 0 ? i2 : 3;
        this.proxyConfig = eBContext.getProxyConfig();
        if (!this.header.containsKey("Content-Type") && !this.header.containsKey("content-type")) {
            this.header.put("Content-Type", "application/xml");
        }
        if (BankLoginConfigUtil.PROTOCOL_HTTP.equalsIgnoreCase(str) || BankLoginConfigUtil.PROTOCOL_HTTPS.equalsIgnoreCase(str)) {
            this.uri = map.get(ConnectionConfigKey.URI);
            this.method = map2.get("Request Method");
            if (StrUtil.isBlank(this.method)) {
                this.method = "POST";
            } else {
                map2.remove("Request Method");
            }
        } else if (!BankLoginConfigUtil.PROTOCOL_TCP.equalsIgnoreCase(str)) {
            throw EBExceiptionUtil.connectionException(String.format(ResManager.loadKDString("不支持的协议类型 ", "SSLConnection_0", "ebg-egf-common", new Object[0]), str));
        }
        this.remoteUrl = getUrl();
    }

    public void init() throws IOException {
        LoadKeyStoreFromDB();
        signInit();
        createSSLInit();
    }

    private void LoadKeyStoreFromDB() throws IOException {
        this.DEFAULT_HOST = this.proxyConfig.getProxyHost();
        this.DEFAULT_PORT = Integer.parseInt(this.proxyConfig.getProxyPort());
        if (this.proxyConfig.getPrivateKey() == null) {
            throw new IOException(ResManager.loadKDString("前置机代理私钥为空", "SSLConnection_1", "ebg-egf-common", new Object[0]));
        }
        this.CLIENT_KEY_STORE = Base64.getEncoder().encodeToString(DesUtil.decryptProxyCert(this.proxyConfig.getPrivateKey(), RequestContext.get().getTenantId(), this.proxyConfig.getPrivateCertCipherVer(), this.proxyConfig.getPrivateCertID()));
        this.CLIENT_KEY_STORE_PASSWORD = DesUtil.decryptPwd(this.proxyConfig.getPrivateKeySecret(), RequestContext.get().getTenantId(), EntityKey.ENTITY_KEY_PROXY_CONFIG, this.proxyConfig.getProxyID(), "private_key_secret");
        this.CLIENT_KEY_STORE_ALIAS = this.proxyConfig.getPrivateKeyAlias();
        this.CLIENT_TRUST_KEY_STORE_ALIAS = this.proxyConfig.getPublicKeyAlias();
        this.RSA_SIGN_ALGO = this.proxyConfig.getRsaSignAlgo();
        if (StringUtils.isEmpty(this.RSA_SIGN_ALGO)) {
            this.RSA_SIGN_ALGO = "sha256";
        }
        if (this.proxyConfig.getPublicKey() == null) {
            throw new IOException(ResManager.loadKDString("前置机代理公钥为空", "SSLConnection_2", "ebg-egf-common", new Object[0]));
        }
        this.CLIENT_TRUST_KEY_STORE = Base64.getEncoder().encodeToString(DesUtil.decryptProxyCert(this.proxyConfig.getPublicKey(), RequestContext.get().getTenantId(), this.proxyConfig.getPublicCertCipherVer(), this.proxyConfig.getPublicCertID()));
        this.CLIENT_TRUST_KEY_STORE_PASSWORD = DesUtil.decryptPwd(this.proxyConfig.getPublicKeySecret(), RequestContext.get().getTenantId(), EntityKey.ENTITY_KEY_PROXY_CONFIG, this.proxyConfig.getProxyID(), "public_key_secret");
    }

    private void signInit() {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.getDecoder().decode(this.CLIENT_KEY_STORE));
        CertReader.setKeyStoreTypr("JKS");
        CertReader certReader = new CertReader(byteArrayInputStream, this.CLIENT_KEY_STORE_PASSWORD, this.CLIENT_KEY_STORE_ALIAS);
        certReader.setName(CertReader.PRIVATEKEY);
        try {
            certReader.initKeyStore();
            ProxySignature proxySignature = new ProxySignature(certReader.getPublicKey(), certReader.getPrivateKey());
            if (1 == this.proxyType) {
                proxySignature.init(ProxyConstants.SIGN_ALGORITHM);
            } else if (certReader.getPublicKey().getAlgorithm().contains("DSA")) {
                proxySignature.init(ProxyConstants.DSA_TYPE);
            } else if (this.RSA_SIGN_ALGO.equalsIgnoreCase("sha1")) {
                proxySignature.init(ProxyConstants.RSA1_ALGORITHM);
            } else {
                proxySignature.init(ProxyConstants.SIGN_ALGORITHM);
            }
            EBContext.getContext().setSignature(proxySignature);
            if (2 == this.proxyType) {
                ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(Base64.getDecoder().decode(this.CLIENT_TRUST_KEY_STORE));
                CertReader.setKeyStoreTypr("JKS");
                CertReader certReader2 = new CertReader(byteArrayInputStream2, this.CLIENT_TRUST_KEY_STORE_PASSWORD, this.CLIENT_TRUST_KEY_STORE_ALIAS);
                certReader2.setName(CertReader.PUBLICKEY);
                try {
                    certReader2.initKeyStore();
                    ProxySignature proxySignature2 = new ProxySignature(certReader2.getPublicKey(this.CLIENT_TRUST_KEY_STORE_ALIAS));
                    if (certReader2.getPublicKey(this.CLIENT_TRUST_KEY_STORE_ALIAS).getAlgorithm().contains("DSA")) {
                        proxySignature2.init(ProxyConstants.DSA_TYPE);
                    } else if (this.RSA_SIGN_ALGO.equalsIgnoreCase("sha1")) {
                        proxySignature2.init(ProxyConstants.RSA1_ALGORITHM);
                    } else {
                        proxySignature2.init(ProxyConstants.SIGN_ALGORITHM);
                    }
                    EBContext.getContext().setVerifySignature(proxySignature2);
                } catch (Exception e) {
                    throw EBExceiptionUtil.serviceException(String.format(ResManager.loadKDString("银企云初始化验证签名密钥出现异常：%s", "SSLConnection_4", "ebg-egf-common", new Object[0]) + "\n", e.getMessage()), e);
                }
            }
        } catch (Exception e2) {
            throw EBExceiptionUtil.serviceException(String.format(ResManager.loadKDString("银企云初始化签名密钥出现异常：%s", "SSLConnection_3", "ebg-egf-common", new Object[0]) + "\n", e2.getMessage()), e2);
        }
    }

    private void createSSLInit() {
        sslSocketInit();
    }

    private void sslSocketInit() {
        try {
            this.ctx = SSLContext.getInstance("TLS");
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
            KeyStore keyStore = KeyStore.getInstance("JKS");
            KeyStore keyStore2 = KeyStore.getInstance("JKS");
            keyStore.load(new ByteArrayInputStream(Base64.getDecoder().decode(this.CLIENT_KEY_STORE)), this.CLIENT_KEY_STORE_PASSWORD.toCharArray());
            keyStore2.load(new ByteArrayInputStream(Base64.getDecoder().decode(this.CLIENT_TRUST_KEY_STORE)), this.CLIENT_TRUST_KEY_STORE_PASSWORD.toCharArray());
            keyManagerFactory.init(keyStore, this.CLIENT_KEY_STORE_PASSWORD.toCharArray());
            trustManagerFactory.init(keyStore2);
            this.ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
            this.sslSocket = (SSLSocket) this.ctx.getSocketFactory().createSocket(this.DEFAULT_HOST, this.DEFAULT_PORT);
            this.sslSocket.setSoTimeout(this.timeout * 60 * LicenseFileErrorException.INVALID_LICENSE);
            try {
                String runningParam = RequestContextUtils.getRunningParam("timeout");
                if (StringUtils.isNotEmpty(runningParam)) {
                    this.sslSocket.setSoTimeout(Integer.parseInt(runningParam));
                }
            } catch (Exception e) {
            }
        } catch (Exception e2) {
            if (!(e2 instanceof ConnectException)) {
                throw new IllegalStateException(String.format(ResManager.loadKDString("银企云与网络代理通信中断，初始化ssl连接出现异常，%s", "SSLConnection_6", "ebg-egf-common", new Object[0]), e2.getMessage()), e2);
            }
            throw new IllegalStateException(String.format(ResManager.loadKDString("银企云与网络代理建立SSL连接失败，%s", "SSLConnection_5", "ebg-egf-common", new Object[0]), e2.getMessage()), e2);
        }
    }

    public String getResponse(InputStream inputStream) {
        if (1 == this.proxyType) {
            OTResponse oTResponse = (OTResponse) JSON.parseObject(this.response, OTResponse.class);
            if (verifySignedData(oTResponse.getSignature(), oTResponse.getData())) {
                return oTResponse.getData();
            }
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("验证响应报文签名失败。", "SSLConnection_8", "ebg-egf-common", new Object[0]));
        }
        OTResponse oTResponse2 = (OTResponse) JSON.parseObject(IOUtils.readFully(inputStream, "UTF-8"), OTResponse.class);
        if (!verifySignedData(oTResponse2.getSignature(), oTResponse2.getData())) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("验证响应报文签名失败。", "SSLConnection_8", "ebg-egf-common", new Object[0]));
        }
        if (!oTResponse2.isException()) {
            return oTResponse2.getData();
        }
        EBContext.getContext().setType("response");
        logger.infoFilerLog(String.format(ResManager.loadKDString("SSL接收到的响应%1$s %2$s", "SSLConnection_9", "ebg-egf-common", new Object[0]), "\n", oTResponse2.getData()));
        throw EBExceiptionUtil.serviceException(oTResponse2.getData(), oTResponse2.getErrorCode());
    }

    public void sendMsg(OutputStream outputStream, String str) {
        if (Strings.isNullOrEmpty(str)) {
            throw EBExceiptionUtil.serviceException(ResManager.loadKDString("要发送的内容为空", "SSLConnection_10", "ebg-egf-common", new Object[0]));
        }
        try {
            byte[] bytes = getRequest(str).getBytes("UTF-8");
            int i = 0;
            int length = bytes.length;
            int i2 = 0;
            while (length > i2 * PACKETSIZE) {
                int i3 = length - i;
                if (i3 > 65535) {
                    i3 = 65535;
                }
                outputStream.write(bytes, i, i3);
                i2++;
                i = i2 * PACKETSIZE;
            }
        } catch (IOException e) {
            throw EBExceiptionUtil.serviceException(String.format(ResManager.loadKDString("银企云发送数据到网络代理失败,%s", "SSLConnection_11", "ebg-egf-common", new Object[0]), e.getMessage()), e);
        }
    }

    public String getRequest(String str) {
        OTRequest oTRequest = new OTRequest();
        if (str.startsWith("#")) {
            this.protocol = str.split("#")[1];
            str = str.substring(this.protocol.length() + 2, str.length());
        }
        if (BankLoginConfigUtil.PROTOCOL_HTTP.equalsIgnoreCase(this.protocol)) {
            oTRequest.setProxyType(BankLoginConfigUtil.PROTOCOL_HTTP);
        } else if (BankLoginConfigUtil.PROTOCOL_TCP.equalsIgnoreCase(this.protocol)) {
            oTRequest.setProxyType(BankLoginConfigUtil.PROTOCOL_TCP);
        } else if (BankLoginConfigUtil.PROTOCOL_HTTPS.equalsIgnoreCase(this.protocol)) {
            oTRequest.setProxyType(BankLoginConfigUtil.PROTOCOL_HTTPS);
        } else {
            oTRequest.setProxyType(this.protocol);
            if ("ping".equalsIgnoreCase(this.protocol)) {
                setTimeout(CONNECT_TEST_TIME_OUT);
            }
        }
        oTRequest.setRemoteURL(this.remoteUrl);
        oTRequest.setData(str);
        if (StrUtil.isBlank(this.method)) {
            this.method = "POST";
        }
        oTRequest.setHttpMethod(this.method);
        oTRequest.setSignedData(StrUtil.EMPTY);
        oTRequest.setRemoteEncode(this.charset);
        oTRequest.setHttpHeaders(JSONObject.toJSONString(this.header));
        String plainText = oTRequest.getPlainText(this.proxyType);
        oTRequest.setSignPlainText(plainText);
        try {
            oTRequest.setSignedData(EBContext.getContext().getSignature().sign(plainText.getBytes("UTF-8")));
        } catch (Exception e) {
        }
        String jSONString = JSON.toJSONString(oTRequest);
        writeLog("request", String.format(ResManager.loadKDString("SSL发送出的请求：%1$s %2$s", "SSLConnection_12", "ebg-egf-common", new Object[0]), "\n", oTRequest.getData()));
        int i = 0;
        try {
            i = jSONString.getBytes("UTF-8").length;
        } catch (UnsupportedEncodingException e2) {
            logger.error(e2.toString());
        }
        return i + "#" + jSONString;
    }

    public boolean verifySignedData(String str, String str2) {
        try {
            return EBContext.getContext().getVerifySignature().verify(str, str2.getBytes("UTF-8"));
        } catch (Exception e) {
            return false;
        }
    }

    private void setTimeout(int i) {
        try {
            if (this.sslSocket != null) {
                this.sslSocket.setSoTimeout(i);
            }
        } catch (SocketException e) {
            throw EBExceiptionUtil.serviceException("set SSLConnect time out error", e);
        }
    }

    @Override // kd.ebg.egf.common.framework.communication.IConnection
    public void openConnection() throws IOException {
        init();
    }

    @Override // kd.ebg.egf.common.framework.communication.IConnection
    public InputStream getInputStream() throws IOException {
        if (1 == this.proxyType) {
            return null;
        }
        return this.sslSocket.getInputStream();
    }

    @Override // kd.ebg.egf.common.framework.communication.IConnection
    public OutputStream getOutputStream() throws IOException {
        if (1 == this.proxyType) {
            return null;
        }
        return this.sslSocket.getOutputStream();
    }

    @Override // kd.ebg.egf.common.framework.communication.IConnection
    public int getResponseCode() throws IOException {
        return 200;
    }

    @Override // kd.ebg.egf.common.framework.communication.IConnection
    public void closeConnection() {
        try {
            this.sslSocket.close();
        } catch (Exception e) {
            logger.info(e.toString());
        }
    }

    @Override // kd.ebg.egf.common.framework.communication.IConnection
    public String getUrl() {
        return this.connection.getUrl();
    }

    public void connectionTest(SSLSocket sSLSocket, String str, String str2) throws IOException {
        setTimeout(CONNECT_TEST_TIME_OUT);
        if (!(sSLSocket != null && sSLSocket.isConnected())) {
            if (sSLSocket != null) {
                try {
                    sSLSocket.close();
                } catch (IOException e) {
                    throw new EBSSLConnection(String.format(ResManager.loadKDString("测试连接前置机代理不通", "SSLConnection_13", "ebg-egf-common", new Object[0]), e.getMessage()));
                }
            }
            throw new EBSSLConnection(ResManager.loadKDString("测试连接网络代理不通，请检查网络代理运行情况", "SSLConnection_14", "ebg-egf-common", new Object[0]));
        }
        try {
            sendMsg(sSLSocket.getOutputStream(), "#ping#[{\"bankLoginId\":\"test\",\"bankLoginName\":\"Test\",\"bankVersionId\":\"Test\",\"email\":\"test\",\"ip\":\"" + str + "\",\"phoneNum\":\"test\",\"ping\":true,\"port\":" + str2 + "}]");
            if (getResponse(sSLSocket.getInputStream()).contains(PropertiesConstants.getValue("NORMAL_COMMUNICATION"))) {
            } else {
                throw new EBLoginConnection(ResManager.loadKDString("银行前置机连接不通，请检查银行前置机运行情况", "SSLConnection_15", "ebg-egf-common", new Object[0]));
            }
        } catch (IOException e2) {
            if (sSLSocket != null) {
                sSLSocket.close();
            }
            throw new EBSSLConnection(ResManager.loadKDString("测试连接网络代理不通，请检查网络代理运行情况", "SSLConnection_14", "ebg-egf-common", new Object[0]));
        }
    }
}
