package kd.tmc.fbp.service.ebservice.security.utils;

import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.SecretKeySpec;
import javax.security.cert.X509Certificate;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.exception.KDBizException;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.orm.query.QFilter;
import kd.tmc.fbp.common.helper.TmcDataServiceHelper;
import kd.tmc.fbp.service.ebservice.enums.AlgorithmEnum;
import kd.tmc.fbp.webapi.ebentity.api.EBServiceRequest;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:kd/tmc/fbp/service/ebservice/security/utils/AESEncryptUtil.class */
public class AESEncryptUtil {
    private static final Log logger;
    private static final String DEFAULT_CIPHER_ALGORITHM = "AES/GCM/PKCS5Padding";
    private static final String KEY_ALGORITHM = "AES";
    static final /* synthetic */ boolean $assertionsDisabled;

    private static byte[] getCertPublicKey() {
        return XOREncrypter.decode(HufuManager.getCustomerKey(), TmcDataServiceHelper.loadSingle("bei_serviceconfig", "publiccafile_tag", new QFilter[]{new QFilter("isenable2", "=", Boolean.TRUE)}).getString("publiccafile_tag"));
    }

    public static void setEncrypt(EBServiceRequest eBServiceRequest) {
        String data = eBServiceRequest.getData();
        String encryptKey = eBServiceRequest.getEncryptKey();
        logger.info("请求报文加密前 data = {};", data);
        logger.info("请求报文加密前的 version = {};", eBServiceRequest.getVersion());
        try {
            String encrypt = encrypt(data, encryptKey);
            logger.info("请求报文加密后 data = {}", encrypt);
            eBServiceRequest.setData(encrypt);
        } catch (Exception e) {
            logger.error("请求报文进行AES加密异常", e);
        }
    }

    public static String encrypt(String str, String str2) {
        try {
            Cipher cipher = Cipher.getInstance(DEFAULT_CIPHER_ALGORITHM);
            cipher.init(1, getSecretKey(str2));
            byte[] iv = cipher.getIV();
            if (!$assertionsDisabled && iv.length != 12) {
                throw new AssertionError();
            }
            byte[] doFinal = cipher.doFinal(str.getBytes());
            if (!$assertionsDisabled && doFinal.length != str.getBytes().length + 16) {
                throw new AssertionError();
            }
            byte[] bArr = new byte[12 + str.getBytes().length + 16];
            System.arraycopy(iv, 0, bArr, 0, 12);
            System.arraycopy(doFinal, 0, bArr, 12, doFinal.length);
            return Base64.encodeBase64String(bArr);
        } catch (Exception e) {
            logger.error("请求报文进行AES加密异常", e);
            return null;
        }
    }

    private static SecretKeySpec getSecretKey(String str) throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(KEY_ALGORITHM);
        SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
        secureRandom.setSeed(str.getBytes());
        keyGenerator.init(128, secureRandom);
        return new SecretKeySpec(keyGenerator.generateKey().getEncoded(), KEY_ALGORITHM);
    }

    public static void setEncryptSKey(EBServiceRequest eBServiceRequest) {
        try {
            eBServiceRequest.setEncryptKey(encryptSKey(eBServiceRequest.getEncryptKey(), X509Certificate.getInstance(getCertPublicKey()).getPublicKey().getEncoded(), eBServiceRequest.getSignAlgorithm()));
        } catch (Exception e) {
            logger.error("加密异常", e);
            throw new KDBizException(ResManager.loadKDString("系统公钥证书加密异常，请检查公钥证书配置是否正确。", "AESEncryptUtil_0", "tmc-fbp-mservice", new Object[0]));
        }
    }

    public static String encryptSKey(String str, byte[] bArr, String str2) throws Exception {
        RSAPublicKey rSAPublicKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(bArr));
        Cipher cipher = AlgorithmEnum.SHA256withRSA.getAlgorithm().equalsIgnoreCase(str2) ? Cipher.getInstance("RSA/ECB/OAEPWithSHA256AndMGF1Padding") : Cipher.getInstance("RSA/ECB/OAEPWithMD5AndMGF1Padding");
        cipher.init(1, rSAPublicKey);
        return Base64.encodeBase64String(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8)));
    }

    static {
        $assertionsDisabled = !AESEncryptUtil.class.desiredAssertionStatus();
        logger = LogFactory.getLog(AESEncryptUtil.class);
    }
}
