package kd.ebg.egf.common.framework.security.util;

import java.io.UnsupportedEncodingException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.time.LocalDateTime;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import kd.bos.dataentity.resource.ResManager;
import kd.ebg.egf.common.entity.service.EBBaseRequest;
import kd.ebg.egf.common.entity.service.EBServiceRequest;
import kd.ebg.egf.common.entity.service.EBServiceResponse;
import kd.ebg.egf.common.exception.EBSecurityException;
import kd.ebg.egf.common.exception.message.EBExceptionMsgEnum;
import kd.ebg.egf.common.framework.security.EBSecuritySuit;
import kd.ebg.egf.common.framework.security.api.IEBSecurityProvider;
import kd.ebg.egf.common.framework.security.factory.DataBaseCustomerInfoProvider;
import kd.ebg.egf.common.framework.security.factory.EBKeyProvider;
import kd.ebg.egf.common.framework.security.factory.EBSecurityProviderFactory;
import kd.ebg.egf.common.framework.security.manage.AESCipherSecurity;
import kd.ebg.egf.common.framework.security.provider.CachedCustomerEcnryptKeyProvider;
import kd.ebg.egf.common.framework.security.provider.CachedCustomerEncryptKeyStorage;
import kd.ebg.egf.common.framework.security.sign.other.AlgorithmEnum;
import kd.ebg.egf.common.framework.service.tenant.TenantService;
import kd.ebg.egf.common.log.EBGLogger;
import kd.ebg.egf.common.model.tenant.CustomerInfo;
import kd.ebg.egf.common.model.tenant.TenantAuth;
import kd.ebg.egf.common.repository.tenant.TenantAuthRepository;
import kd.ebg.egf.common.utils.string.StrUtil;
import kd.ebg.egf.common.utils.string.StringUtils;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:kd/ebg/egf/common/framework/security/util/EBFrontUtil.class */
public class EBFrontUtil {
    private static final String ebPrefix = "eb_cert_";
    static final EBGLogger logger = EBGLogger.getInstance().getLogger(EBFrontUtil.class);
    private static final EBFrontUtil instance = new EBFrontUtil();

    public static EBFrontUtil getInstance() {
        return instance;
    }

    public static void decryptReqeust(EBBaseRequest eBBaseRequest) {
        if (StringUtils.isEmpty(eBBaseRequest.getEncryptKey())) {
            return;
        }
        eBBaseRequest.setData(StringUtils.byte2String(EBSecurityProviderFactory.getInstance().getProvider(eBBaseRequest).getEncrypt(eBBaseRequest).decrypt(eBBaseRequest.getData())));
    }

    public static boolean verifyRequest(EBServiceRequest eBServiceRequest) {
        String plainText = PlainTextUtil.getPlainText(eBServiceRequest);
        try {
            boolean verify = new EBSecuritySuit(getVerifyPubKey(eBServiceRequest.getCustomerID()), EBKeyProvider.getInstance().getPrivateKey().getEncoded(), eBServiceRequest.getSignAlgorithm()).verify(eBServiceRequest.getSignData(), plainText.getBytes("UTF-8"));
            if (!verify) {
                logger.error("验证签名失败，签名值：" + eBServiceRequest.getSignData());
                logger.error("验证签名失败，待验值：" + plainText);
            }
            return verify;
        } catch (UnsupportedEncodingException e) {
            throw new EBSecurityException(e);
        }
    }

    private static byte[] getVerifyPubKey(String str) {
        CustomerInfo customerInfo = new CustomerInfo();
        TenantAuthRepository tenantAuthRepository = TenantAuthRepository.getInstance();
        List<TenantAuth> findAll = isJDY(str) ? tenantAuthRepository.findAll() : tenantAuthRepository.findByCustomID(str);
        if (findAll.size() <= 0) {
            throw new EBSecurityException(EBExceptionMsgEnum.CA_CERT_EMPTY.getErrorMsg());
        }
        TenantAuth tenantAuth = findAll.get(0);
        if (tenantAuth.getExpireTime().isBefore(LocalDateTime.now())) {
            throw new EBSecurityException(EBExceptionMsgEnum.CA_CERT_EXPIRED.getErrorMsg());
        }
        customerInfo.setCustomerID(str);
        customerInfo.setPublicKey(Base64.decode(tenantAuth.getPublicKey()));
        customerInfo.setExpireDate(tenantAuth.getExpireTime());
        customerInfo.setCommonName(tenantAuth.getCommonName());
        customerInfo.setOrganizationalUnit(tenantAuth.getOrganization());
        return customerInfo.getPublicKey();
    }

    private static boolean isJDY(String str) {
        return TenantService.getInstance().isJDY(str) || str.startsWith("JDY") || str.startsWith("YKJ") || str.startsWith("PRO");
    }

    public static boolean verifyRequest(EBServiceRequest eBServiceRequest, String str) {
        IEBSecurityProvider provider = EBSecurityProviderFactory.getInstance().getProvider(eBServiceRequest);
        try {
            byte[] bytes = PlainTextUtil.getPlainText(eBServiceRequest).getBytes("UTF-8");
            String customerID = eBServiceRequest.getCustomerID();
            eBServiceRequest.setCustomerID(str);
            boolean verify = provider.getSignature(eBServiceRequest).verify(eBServiceRequest.getSignData(), bytes);
            eBServiceRequest.setCustomerID(customerID);
            return verify;
        } catch (UnsupportedEncodingException e) {
            throw new EBSecurityException(e);
        }
    }

    public static void signRequest(EBServiceRequest eBServiceRequest) {
        IEBSecurityProvider provider = EBSecurityProviderFactory.getInstance().getProvider(eBServiceRequest);
        try {
            eBServiceRequest.setSignData(provider.getSignature(eBServiceRequest).sign(PlainTextUtil.getPlainText(eBServiceRequest).getBytes("UTF-8")));
        } catch (UnsupportedEncodingException e) {
            throw new EBSecurityException(e);
        }
    }

    public static void signResponse(EBServiceResponse eBServiceResponse, EBBaseRequest eBBaseRequest) {
        IEBSecurityProvider provider = EBSecurityProviderFactory.getInstance().getProvider(eBBaseRequest);
        try {
            try {
                eBServiceResponse.setSignData(provider.getResponseSignature(eBBaseRequest).sign(PlainTextUtil.getPlainText(eBServiceResponse).getBytes("UTF-8")));
            } catch (Exception e) {
                eBServiceResponse.setSignData(StrUtil.EMPTY);
            }
        } catch (UnsupportedEncodingException e2) {
            throw new EBSecurityException(e2);
        }
    }

    public static void encryptRequest(EBBaseRequest eBBaseRequest) {
        IEBSecurityProvider provider = EBSecurityProviderFactory.getInstance().getProvider(eBBaseRequest);
        try {
            eBBaseRequest.setData(provider.getEncrypt(eBBaseRequest).encrypt(eBBaseRequest.getData().getBytes("UTF-8")));
        } catch (UnsupportedEncodingException e) {
            throw new EBSecurityException(e);
        }
    }

    public static void encryptKey(EBBaseRequest eBBaseRequest) {
        eBBaseRequest.setEncryptKey(EBSecurityProviderFactory.getInstance().getCustomerPublicKeyEncrypt(eBBaseRequest.getCustomerID()).encrypt(eBBaseRequest.getEncryptKey().getBytes()));
    }

    public static void decryptKey(EBBaseRequest eBBaseRequest) {
        if (StringUtils.isEmpty(eBBaseRequest.getEncryptKey())) {
            eBBaseRequest.setEncryptKey(Base64.toBase64String(CachedCustomerEncryptKeyStorage.getInstance().getDecryptKey(eBBaseRequest.getToken())));
        } else {
            eBBaseRequest.setEncryptKey(Base64.toBase64String(CachedCustomerEcnryptKeyProvider.getInstance().getEncryptKey(eBBaseRequest.getEncryptKey())));
        }
    }

    public static boolean decryptAndVerifyEBSecurityRequest(EBServiceRequest eBServiceRequest) {
        if (StringUtils.isEmpty(eBServiceRequest.getSignData())) {
            return true;
        }
        if (!verifyRequest(eBServiceRequest)) {
            return false;
        }
        if (StringUtils.isEmpty(eBServiceRequest.getEncryptAlgorithm()) || !"AES".equalsIgnoreCase(eBServiceRequest.getEncryptAlgorithm())) {
            return true;
        }
        getDecryptSkey(eBServiceRequest);
        getAESDecrypt(eBServiceRequest);
        return true;
    }

    public static void encryptResponse(EBServiceRequest eBServiceRequest, EBServiceResponse eBServiceResponse) {
        if (StringUtils.isEmpty(eBServiceRequest.getEncryptAlgorithm()) || !"AES".equalsIgnoreCase(eBServiceRequest.getEncryptAlgorithm())) {
            return;
        }
        byte[] publicKey = new DataBaseCustomerInfoProvider().getCustomerInfoByCustomID(eBServiceRequest.getCustomerID()).getPublicKey();
        if (publicKey == null || StringUtils.isEmpty(eBServiceRequest.getEncryptKey())) {
            eBServiceResponse.setEncryptKey(null);
            return;
        }
        eBServiceResponse.setEncryptKey(eBServiceRequest.getEncryptKey());
        setAESEncrypt(eBServiceResponse);
        setEncryptSKey(eBServiceResponse, eBServiceRequest.getSignAlgorithm(), publicKey);
    }

    public static boolean decryptAndVerifyEBSecurityRequest(EBServiceRequest eBServiceRequest, String str) {
        if (!StringUtils.isEmpty(eBServiceRequest.getEncryptAlgorithm())) {
            decryptKey(eBServiceRequest);
            decryptReqeust(eBServiceRequest);
        }
        return verifyRequest(eBServiceRequest, str);
    }

    public static void encryptKey(EBServiceResponse eBServiceResponse, String str) {
        eBServiceResponse.setEncryptKey(EBSecurityProviderFactory.getInstance().getCustomerPublicKeyEncrypt(str).encrypt(eBServiceResponse.getEncryptKey().getBytes()));
    }

    public static void setAESEncrypt(EBServiceResponse eBServiceResponse) {
        String data = eBServiceResponse.getData();
        String encryptKey = eBServiceResponse.getEncryptKey();
        if (encryptKey == null) {
            logger.error("AES密钥为空");
            return;
        }
        if (!StringUtils.isEmpty(eBServiceResponse.getVersion())) {
            eBServiceResponse.setData(AESCipherSecurity.getInstance().encryptAES(data, encryptKey));
            return;
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
            secureRandom.setSeed(encryptKey.getBytes());
            keyGenerator.init(secureRandom);
            SecretKeySpec secretKeySpec = new SecretKeySpec(keyGenerator.generateKey().getEncoded(), "AES");
            Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
            cipher.init(1, secretKeySpec);
            eBServiceResponse.setData(org.apache.commons.codec.binary.Base64.encodeBase64String(cipher.doFinal(data.getBytes())));
        } catch (Exception e) {
        }
    }

    public static void setEncryptSKey(EBServiceResponse eBServiceResponse, String str, byte[] bArr) {
        String encryptKey = eBServiceResponse.getEncryptKey();
        try {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(bArr));
            Cipher cipher = getCipher(eBServiceResponse.getVersion(), str);
            cipher.init(1, rSAPublicKey);
            eBServiceResponse.setEncryptKey(org.apache.commons.codec.binary.Base64.encodeBase64String(cipher.doFinal(encryptKey.getBytes("UTF-8"))));
        } catch (Exception e) {
        }
    }

    public static void getDecryptSkey(EBBaseRequest eBBaseRequest) {
        try {
            byte[] decodeBase64 = org.apache.commons.codec.binary.Base64.decodeBase64(eBBaseRequest.getEncryptKey().getBytes("UTF-8"));
            RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(EBKeyProvider.getInstance().getPrivateKey().getEncoded()));
            Cipher cipher = getCipher(eBBaseRequest.getVersion(), eBBaseRequest.getSignAlgorithm());
            cipher.init(2, rSAPrivateKey);
            eBBaseRequest.setEncryptKey(new String(cipher.doFinal(decodeBase64)));
        } catch (Exception e) {
            logger.error("获取AES解密秘钥异常", e);
            throw new EBSecurityException(ResManager.loadKDString("获取AES解密秘钥异常", "EBFrontUtil_2", "ebg-egf-common", new Object[0]), e);
        }
    }

    private static Cipher getCipher(String str, String str2) throws NoSuchPaddingException, NoSuchAlgorithmException {
        return StringUtils.isEmpty(str) ? Cipher.getInstance("RSA") : AlgorithmEnum.SHA256withRAS.getAlgorithm().equalsIgnoreCase(str2) ? Cipher.getInstance("RSA/ECB/OAEPWithSHA256AndMGF1Padding") : Cipher.getInstance("RSA/ECB/OAEPWithMD5AndMGF1Padding");
    }

    public static void getAESDecrypt(EBBaseRequest eBBaseRequest) {
        String data = eBBaseRequest.getData();
        String encryptKey = eBBaseRequest.getEncryptKey();
        if (!StringUtils.isEmpty(eBBaseRequest.getVersion())) {
            eBBaseRequest.setData(AESCipherSecurity.getInstance().decryptAES(data, encryptKey));
            return;
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
            secureRandom.setSeed(encryptKey.getBytes());
            keyGenerator.init(secureRandom);
            SecretKeySpec secretKeySpec = new SecretKeySpec(keyGenerator.generateKey().getEncoded(), "AES");
            Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
            cipher.init(2, secretKeySpec);
            String str = new String(cipher.doFinal(org.apache.commons.codec.binary.Base64.decodeBase64(data.getBytes("UTF-8"))));
            logger.info("解密后：" + str);
            eBBaseRequest.setData(str);
        } catch (Exception e) {
            logger.error("解密异常", e);
            throw new EBSecurityException(ResManager.loadKDString("AES解密异常", "EBFrontUtil_3", "ebg-egf-common", new Object[0]), e);
        }
    }
}
