package kd.tmc.fbp.service.ebservice.token;

import com.alibaba.fastjson.JSON;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import kd.bos.cache.CacheFactory;
import kd.bos.cache.DistributeSessionlessCache;
import kd.bos.context.RequestContext;
import kd.bos.dataentity.entity.DynamicObject;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.orm.query.QFilter;
import kd.tmc.fbp.common.helper.TmcDataServiceHelper;
import kd.tmc.fbp.common.util.EmptyUtil;
import kd.tmc.fbp.service.ebservice.enums.AlgorithmEnum;
import kd.tmc.fbp.service.ebservice.errorcode.BeErrorCode;
import kd.tmc.fbp.service.ebservice.errorcode.EBAuthErrorCode;
import kd.tmc.fbp.service.ebservice.errorcode.EBErrorCode;
import kd.tmc.fbp.service.ebservice.exception.BESecurityException;
import kd.tmc.fbp.service.ebservice.exception.EBAuthException;
import kd.tmc.fbp.service.ebservice.exception.EBSignException;
import kd.tmc.fbp.service.ebservice.http.HttpHelper;
import kd.tmc.fbp.service.ebservice.security.utils.DefaultSignature;
import kd.tmc.fbp.webapi.ebentity.api.EBServiceResponse;
import kd.tmc.fbp.webapi.ebentity.auth.AuthRequest;

/* loaded from: input_file:kd/tmc/fbp/service/ebservice/token/TokenManager.class */
public class TokenManager {
    private static Log logger = LogFactory.getLog(TokenManager.class);
    private static DistributeSessionlessCache cache = CacheFactory.getCommonCacheFactory().getDistributeSessionlessCache();
    private static final int TOKEN_TIMEOUT_MINUTES = 10;

    public static String getToken() {
        String cachedToken = getCachedToken();
        if (cachedToken != null && !isTokenExpired()) {
            return cachedToken;
        }
        String remoteToken = getRemoteToken();
        cacheToken(remoteToken);
        return remoteToken;
    }

    private static String getRemoteToken() {
        DynamicObject[] load = TmcDataServiceHelper.load("bei_serviceconfig", "id, customerid, cafile_tag, customerprivatekey, serveraddress, mcup", new QFilter[]{new QFilter("isenable", "=", Boolean.TRUE)});
        if (EmptyUtil.isEmpty(load) || load.length <= 0) {
            throw new BESecurityException(new BeErrorCode().BE5000());
        }
        DynamicObject dynamicObject = load[0];
        String string = dynamicObject.getString("customerid");
        String string2 = dynamicObject.getString("serveraddress");
        DefaultSignature defaultSignature = new DefaultSignature();
        defaultSignature.init(dynamicObject);
        return getHttpToken(string, string2, defaultSignature);
    }

    private static String getCachedToken() {
        return (String) cache.get(getRedisKey());
    }

    private static void cacheToken(String str) {
        cache.put(getRedisKey(), str, TOKEN_TIMEOUT_MINUTES, TimeUnit.MINUTES);
        cache.put(getRedisTimeKey(), new Date().getTime() + "");
    }

    private static boolean isTokenExpired() {
        String str = (String) cache.get(getRedisTimeKey());
        if (str == null) {
            return true;
        }
        try {
            return ((new Date().getTime() - Long.parseLong(str)) / 1000) / 60 >= 10;
        } catch (Exception e) {
            return true;
        }
    }

    private static String getRedisKey() {
        return RequestContext.get().getTenantId() + RequestContext.get().getAccountId() + ".eb.token";
    }

    private static String getRedisTimeKey() {
        return RequestContext.get().getTenantId() + RequestContext.get().getAccountId() + ".eb.token.time";
    }

    private static String getHttpToken(String str, String str2, DefaultSignature defaultSignature) {
        AuthRequest authRequest = new AuthRequest();
        authRequest.setCustomerID(str);
        authRequest.setSignAlgorithm(AlgorithmEnum.SHA1withRAS.getAlgorithm());
        authRequest.setTimestamp(Long.valueOf(System.currentTimeMillis()));
        authRequest.setData("auth request");
        signRequest(authRequest, defaultSignature);
        String str3 = str2 + "/services/auth?customerID=" + str;
        logger.info("getHttp: url = " + str3);
        HttpHelper httpHelper = new HttpHelper();
        logger.info("getHttp: authRequest = " + JSON.toJSONString(authRequest));
        String post = httpHelper.post(str3, JSON.toJSONString(authRequest), 10000);
        logger.info("getHttp: response = " + post);
        EBServiceResponse eBServiceResponse = (EBServiceResponse) JSON.parseObject(post, EBServiceResponse.class);
        if (eBServiceResponse == null) {
            throw new EBAuthException(new EBAuthErrorCode().RESPONSE_ISNULL());
        }
        if (!"success".equals(eBServiceResponse.getResponseCode())) {
            throw new EBAuthException(new EBAuthErrorCode().RESPONSE(), new Object[]{eBServiceResponse.getResponseMsg()});
        }
        logger.info("getHttp:" + eBServiceResponse.getData());
        return eBServiceResponse.getData();
    }

    private static void signRequest(AuthRequest authRequest, DefaultSignature defaultSignature) {
        try {
            authRequest.setSignData(defaultSignature.sign(getPlainText(authRequest)));
        } catch (Exception e) {
            throw new EBSignException(e, new EBErrorCode().SIGN(), e.getMessage());
        }
    }

    private static String getPlainText(AuthRequest authRequest) {
        StringBuilder sb = new StringBuilder();
        sb.append(authRequest.getCustomerID()).append(authRequest.getTimestamp()).append(authRequest.getEncryptAlgorithm()).append(authRequest.getEncryptKey()).append(authRequest.getSignAlgorithm()).append(authRequest.getExtData());
        return sb.toString();
    }
}
