package kd.isc.kem.core.event.webhook.encrypt;

import com.google.gson.Gson;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kd.bos.context.RequestContext;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.openapi.servicehelper.DispatchApiServiceHelper;
import kd.bos.openapi.thirdapp.ThirdAppService;
import kd.isc.iscb.platform.core.cache.data.ConnectionConfig;
import kd.isc.kem.api.encrypt.KemEncryptionService;
import kd.isc.kem.common.constants.ConfigConstant;
import kd.isc.kem.common.encrypt.KemEncryptType;
import kd.isc.kem.common.exception.KemCommonError;
import kd.isc.kem.common.exception.KemException;
import kd.isc.kem.common.util.ConfigHelper;
import kd.isc.kem.common.util.StringUtil;
import kd.sdk.annotation.SdkInternal;
import org.apache.commons.lang3.RandomStringUtils;

@SdkInternal
/* loaded from: input_file:kd/isc/kem/core/event/webhook/encrypt/KemEncryptionServiceImpl.class */
public class KemEncryptionServiceImpl implements KemEncryptionService {
    private static final Log log = LogFactory.getLog(KemEncryptionServiceImpl.class);
    private static MessageDigest _mdInst = null;
    private static char[] hexDigits = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};

    public String encrypt(String str, String str2, String str3) {
        if (StringUtil.isEmpty(str)) {
            throw new KemException(KemCommonError.CommonError, new Object[]{"Illegal_plaintext."});
        }
        if (StringUtil.isEmpty(str2)) {
            throw new KemException(KemCommonError.CommonError, new Object[]{"Illegal_corpIdKey."});
        }
        if (StringUtil.isEmpty(str3) || str3.length() != 43) {
            throw new KemException(KemCommonError.CommonError, new Object[]{ResManager.loadKDString("Illegal_AES_KEY, 由英文或数字组成且长度为43位的自定义字符串。", "KemEncryptionServiceImpl_1", "isc-kem-core", new Object[0])});
        }
        String randomStr = getRandomStr();
        byte[] decode = Base64.getDecoder().decode(str3 + "=");
        AesByteGroup aesByteGroup = new AesByteGroup();
        byte[] bytes = randomStr.getBytes(CHARSET);
        byte[] bytes2 = str.getBytes(CHARSET);
        byte[] networkBytesOrder = getNetworkBytesOrder(bytes2.length);
        byte[] bytes3 = str2.getBytes(CHARSET);
        aesByteGroup.addBytes(bytes);
        aesByteGroup.addBytes(networkBytesOrder);
        aesByteGroup.addBytes(bytes2);
        aesByteGroup.addBytes(bytes3);
        aesByteGroup.addBytes(AesPKCS7Encoder.encode(aesByteGroup.size()));
        return encryptAes("AES/CBC/NoPadding", decode, aesByteGroup.toBytes());
    }

    public String decrypt(String str, String str2, String str3) {
        if (StringUtil.isEmpty(str)) {
            throw new KemException(KemCommonError.CommonError, new Object[]{"Illegal_encryptedText."});
        }
        if (StringUtil.isEmpty(str2)) {
            throw new KemException(KemCommonError.CommonError, new Object[]{"Illegal_corpIdKey."});
        }
        if (StringUtil.isEmpty(str3) || str3.length() != 43) {
            throw new KemException(KemCommonError.CommonError, new Object[]{ResManager.loadKDString("Illegal_AES_KEY, 由英文或数字组成且长度为43位的自定义字符串。", "KemEncryptionServiceImpl_1", "isc-kem-core", new Object[0])});
        }
        try {
            byte[] decode = AesPKCS7Encoder.decode(decryptAes("AES/CBC/NoPadding", Base64.getDecoder().decode(str3 + "="), str));
            int recoverNetworkBytesOrder = recoverNetworkBytesOrder(Arrays.copyOfRange(decode, 16, 20));
            String str4 = new String(Arrays.copyOfRange(decode, 20, 20 + recoverNetworkBytesOrder), CHARSET);
            if (new String(Arrays.copyOfRange(decode, 20 + recoverNetworkBytesOrder, decode.length), CHARSET).equals(str2)) {
                return str4;
            }
            throw new KemException(KemCommonError.CommonError, new Object[]{"INVALID_CORPID_KEY"});
        } catch (Exception e) {
            throw new KemException(KemCommonError.CommonError, new Object[]{"INVALID_AES_SYMMETRIC_KEY", e});
        }
    }

    public String aesCbcPkcs5PaddingEncrypt(String str, String str2) {
        try {
            return encryptAes("AES/CBC/PKCS5Padding", Base64.getDecoder().decode(str != null ? str.trim() : ""), str2.getBytes(CHARSET));
        } catch (Exception e) {
            throw new KemException(KemCommonError.CommonError, new Object[]{"aesCbcPkcs5PaddingEncrypt FAILED", e});
        }
    }

    public String aesCbcPkcs5PaddingDecrypt(String str, String str2) {
        String trim;
        if (str != null) {
            try {
                trim = str.trim();
            } catch (Exception e) {
                throw new KemException(KemCommonError.CommonError, new Object[]{"aesCbcPkcs5PaddingDecrypt FAILED", e});
            }
        } else {
            trim = "";
        }
        return new String(decryptAes("AES/CBC/PKCS5Padding", Base64.getDecoder().decode(trim), str2), "utf-8");
    }

    private String encryptAes(String str, byte[] bArr, byte[] bArr2) {
        try {
            Cipher cipher = Cipher.getInstance(str);
            cipher.init(1, new SecretKeySpec(bArr, "AES"), new IvParameterSpec(bArr, 0, 16));
            return Base64.getEncoder().encodeToString(cipher.doFinal(bArr2));
        } catch (Exception e) {
            throw new KemException(KemCommonError.CommonError, new Object[]{"AES_ENCRYPT_FAILED", e});
        }
    }

    private byte[] decryptAes(String str, byte[] bArr, String str2) {
        try {
            Cipher cipher = Cipher.getInstance(str);
            cipher.init(2, new SecretKeySpec(bArr, "AES"), new IvParameterSpec(Arrays.copyOfRange(bArr, 0, 16)));
            return cipher.doFinal(Base64.getDecoder().decode(str2));
        } catch (Exception e) {
            throw new KemException(KemCommonError.CommonError, new Object[]{"AES_DECRYPT_FAILED", e});
        }
    }

    public String getRandomStr() {
        return getRandomString(16);
    }

    public String getRandomAesKey() {
        return getRandomString(43);
    }

    private String getRandomString(int i) {
        if (i < 1) {
            throw new KemException(KemCommonError.CommonError, new Object[]{"INVALID length, should be more than 0."});
        }
        return RandomStringUtils.random(i, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789");
    }

    public String signBySH256(String str, String str2, String str3, String str4) {
        try {
            String[] strArr = {str2, str3, str4};
            StringBuilder sb = new StringBuilder();
            Arrays.sort(strArr);
            for (int i = 0; i < 3; i++) {
                sb.append(strArr[i]);
            }
            String sb2 = sb.toString();
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(str.getBytes(StandardCharsets.UTF_8), "HmacSHA256"));
            return Base64.getEncoder().encodeToString(mac.doFinal(sb2.getBytes(StandardCharsets.UTF_8)));
        } catch (Exception e) {
            throw new KemException(KemCommonError.CommonError, new Object[]{"SHA256_SIGN_FAILED", e});
        }
    }

    public String signBySHA1(String str, String str2, String str3, String str4) {
        try {
            String[] strArr = {str, str2, str3, str4};
            StringBuilder sb = new StringBuilder();
            Arrays.sort(strArr);
            for (int i = 0; i < 4; i++) {
                sb.append(strArr[i]);
            }
            String sb2 = sb.toString();
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update(sb2.getBytes(CHARSET));
            byte[] digest = messageDigest.digest();
            StringBuilder sb3 = new StringBuilder();
            for (byte b : digest) {
                String format = String.format("%02x", Byte.valueOf(b));
                if (format.length() < 2) {
                    sb3.append(0);
                }
                sb3.append(format);
            }
            return sb3.toString();
        } catch (Exception e) {
            throw new KemException(KemCommonError.CommonError, new Object[]{"SHA1_SIGN_FAILED", e});
        }
    }

    public String signByMD5(Map<String, Object> map, String str) {
        Map<String, Object> treeMap;
        if (map instanceof TreeMap) {
            treeMap = map;
        } else {
            treeMap = new TreeMap();
            treeMap.putAll(map);
        }
        StringBuilder sb = new StringBuilder(str);
        Set<Map.Entry<String, Object>> entrySet = treeMap.entrySet();
        Gson gson = new Gson();
        for (Map.Entry<String, Object> entry : entrySet) {
            sb.append(entry.getKey()).append(entry.getValue() instanceof String ? (String) entry.getValue() : gson.toJson(entry.getValue()));
        }
        sb.append(str);
        return encode(sb.toString());
    }

    public String verifyURL(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        if (signBySHA1(str, str3, str4, str5).equals(str2)) {
            return decrypt(str5, str6, str7);
        }
        throw new KemException(KemCommonError.CommonError, new Object[]{"SHA1_SIGN_FAILED"});
    }

    public String getBaseAuthUrl(Long l) {
        String systemParam = ConfigHelper.getSystemParam("kem_webhook_userid", "0");
        String str = "0";
        int indexOf = systemParam.indexOf("id=");
        if (indexOf > 0 && systemParam.indexOf(44) > indexOf + 3) {
            str = systemParam.substring(indexOf + 3, systemParam.indexOf(44));
        }
        if ("0".equals(str)) {
            throw new KemException(KemCommonError.CommonError, new Object[]{ResManager.loadKDString("未配置webhook回调接口的代理用户，请联系管理员前往【基础服务云-公共设置-参数配置-系统参数】页面配置事件网格应用参数。", "KemEncryptionServiceImpl_0", "isc-kem-core", new Object[0])});
        }
        return String.format("%1$skapi/v2/kem/event/push?openapisign=%2$s", RequestContext.get().getClientFullContextPath(), (String) DispatchApiServiceHelper.invokeApiService(ThirdAppService.class.getSimpleName(), "genBasicSignToken", new Object[]{ConfigConstant.KEM_EVENT_THIRD_ID.toString(), str, l + "", ConnectionConfig.getConfig(l.longValue()).getString("number")}));
    }

    private static String encode(String str) {
        try {
            getMdInst().update(str.getBytes("UTF-8"));
            byte[] digest = getMdInst().digest();
            char[] cArr = new char[digest.length * 2];
            int i = 0;
            for (byte b : digest) {
                int i2 = i;
                int i3 = i + 1;
                cArr[i2] = hexDigits[(b >>> 4) & 15];
                i = i3 + 1;
                cArr[i3] = hexDigits[b & 15];
            }
            return new String(cArr);
        } catch (Exception e) {
            throw new KemException(KemCommonError.CommonError, new Object[]{"MD5_ENCODE_FAILED", e});
        }
    }

    private static MessageDigest getMdInst() {
        if (_mdInst == null) {
            try {
                _mdInst = MessageDigest.getInstance("MD5");
            } catch (NoSuchAlgorithmException e) {
                throw new KemException(KemCommonError.CommonError, new Object[]{"MD5_ENCODE_FAILED", e});
            }
        }
        return _mdInst;
    }

    private byte[] getNetworkBytesOrder(int i) {
        return new byte[]{(byte) ((i >> 24) & 255), (byte) ((i >> 16) & 255), (byte) ((i >> 8) & 255), (byte) (i & 255)};
    }

    private int recoverNetworkBytesOrder(byte[] bArr) {
        int i = 0;
        for (int i2 = 0; i2 < 4; i2++) {
            i = (i << 8) | (bArr[i2] & 255);
        }
        return i;
    }

    public String encryptBase64(String str, String str2, String str3, String str4) {
        return (String) KemEncryptType.getEncryptType(str).encryptBase64(str4, str2, str3).getEncrypt();
    }

    public byte[] decryptBase64(String str, String str2, String str3, String str4) {
        return KemEncryptType.getEncryptType(str).decryptBase64(str4, str2, str3);
    }

    public byte[] encrypt(String str, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return (byte[]) KemEncryptType.getEncryptType(str).encrypt(bArr3, bArr, bArr2).getEncrypt();
    }

    public byte[] decrypt(String str, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return KemEncryptType.getEncryptType(str).decrypt(bArr3, bArr, bArr2);
    }
}
