package kd.bos.open.res.util;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.TypeReference;
import com.alibaba.fastjson.parser.Feature;
import java.net.SocketTimeoutException;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import kd.bos.crypto.EncryptorFactory;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.db.DB;
import kd.bos.db.DBRoute;
import kd.bos.db.SqlParameter;
import kd.bos.encrypt.EncryptException;
import kd.bos.encrypt.EncrypterFactory;
import kd.bos.encrypt.impl.RSAEncrypterUtil;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.login.utils.SignUtils;
import kd.bos.openapi.common.constant.ApiErrorCode;
import kd.bos.openapi.common.constant.ResSystemType;
import kd.bos.openapi.common.exception.OpenApiException;
import kd.bos.openapi.common.result.CustomApiResult;
import kd.bos.openapi.common.util.DateUtil;
import kd.bos.openapi.common.util.EncryptUtil;
import kd.bos.openapi.common.util.StringUtil;
import kd.bos.openapi.security.model.EncryptInfo;
import kd.bos.openapi.security.model.EncryptionEnum;
import kd.bos.openapi.security.model.RequestSecurityDto;
import kd.bos.openapi.security.model.ResponseSecurityDto;
import kd.bos.openapi.security.model.SignInfoDto;
import kd.bos.util.HttpClientUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.conn.ConnectTimeoutException;

/* loaded from: input_file:kd/bos/open/res/util/OpenApiSecurityUtil.class */
public class OpenApiSecurityUtil {
    private static Log logger = LogFactory.getLog(OpenApiSecurityUtil.class);
    private static int DEFAULT_RANDOM_KEY_LENGTH = 16;
    private static int DEFAULT_ENCRYPT_LENGTH = 128;
    private static Map<String, String> algorithmMap = new HashMap();
    public static final String URL_CREATE_RES_APPLY = "kapi/v2/kdec/kdec_public_resource/thirdapplyserver/createOrUpdate";
    public static final String URL_CHECK_EMAIL_EXITS = "kapi/v2/kdec/kdec_public_resource/thirdapplyserver/checkEmailExits";
    public static final String URL_FIND_APPLY_INFO = "kapi/v2/kdec/kdec_public_resource/thirdapplyserver/findApplyInfo";
    public static final String URL_FIND_THIRD_CODE_EXITS = "kapi/v2/kdec/kdec_public_resource/thirdapplyserver/findThirdCodeExits";
    private static int CONNECTION_TIMEOUT;
    private static int READ_TIMEOUT;

    public static EncryptInfo encrypt(String str, String str2, String str3) throws OpenApiException {
        String randomAlphabetic = RandomStringUtils.randomAlphabetic(DEFAULT_RANDOM_KEY_LENGTH);
        return EncryptInfo.valueOf(encryptOrDecrypt(true, str, str2, randomAlphabetic, DEFAULT_ENCRYPT_LENGTH), StringUtils.isNotEmpty(str3) ? signByPublicKey(randomAlphabetic, str3) : "");
    }

    public static String decrypt(String str, String str2, String str3) throws Exception {
        return encryptOrDecrypt(false, str, str2, str3, DEFAULT_ENCRYPT_LENGTH);
    }

    public static String encryptOrDecrypt(boolean z, String str, String str2, String str3, int i) throws OpenApiException {
        if (StringUtils.isEmpty(str)) {
            return "";
        }
        if (!algorithmMap.containsKey(str2)) {
            throw new OpenApiException(ApiErrorCode.HTTP_INTERNAL_ERROR, "not support algorithm:" + str2, new Object[0]);
        }
        if (StringUtils.isEmpty(str3)) {
            throw new OpenApiException(ApiErrorCode.HTTP_INTERNAL_ERROR, "not support randomKey, the randomKey is null", new Object[0]);
        }
        if (i < DEFAULT_ENCRYPT_LENGTH) {
            throw new OpenApiException(ApiErrorCode.HTTP_INTERNAL_ERROR, "not support encryptLength, the length should not be less 128, encryptLength:" + i, new Object[0]);
        }
        try {
            return z ? EncryptorFactory.getEncryptor(algorithmMap.get(str2)).encrypt(str, str3, i) : EncryptorFactory.getEncryptor(algorithmMap.get(str2)).decrypt(str, str3, i);
        } catch (EncryptException e) {
            throw new OpenApiException(ApiErrorCode.HTTP_INTERNAL_ERROR, "encrypt or decrypt error: " + e.getMessage(), new Object[0]);
        }
    }

    public static String signByPublicKey(String str, String str2) throws OpenApiException {
        try {
            return RSAEncrypterUtil.encrypt(str, RSAEncrypterUtil.getPublicKey(str2));
        } catch (Exception e) {
            throw new OpenApiException(ApiErrorCode.HTTP_INTERNAL_ERROR, "signByPublicKey error:" + e.getMessage(), new Object[]{e});
        }
    }

    public static String unSignByPublicKey(String str, String str2) throws OpenApiException {
        try {
            return RSAEncrypterUtil.decrypt(str, RSAEncrypterUtil.getPublicKey(str2));
        } catch (Exception e) {
            throw new OpenApiException(ApiErrorCode.HTTP_INTERNAL_ERROR, "unSignByPublicKey error:" + e.getMessage(), new Object[]{e});
        }
    }

    private static StringBuilder getSignatureString(String str, String str2, String str3) {
        StringBuilder sb = new StringBuilder();
        sb.append(str3);
        sb.append(str);
        sb.append(str2);
        return sb;
    }

    private static String signing(String str, String str2, String str3, String str4) {
        String str5 = "";
        try {
            str5 = SignUtils.HMACSHA256StrByKey(getSignatureString(str4, str3, str2).toString(), str);
        } catch (Exception e) {
            logger.error("signing error:" + e.getMessage(), e);
        }
        return str5;
    }

    private static String getOpenApiSign(String str, String str2) {
        if (StringUtil.isEmpty(str2)) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "the server accountId is invalid.", new Object[0]);
        }
        if (StringUtil.isEmpty(str)) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "the clientToServer.openApiSign is invalid.", new Object[0]);
        }
        return EncryptUtil.genSignWithAccountId(str, str2);
    }

    public static <T> CustomApiResult<T> doSignApiRequest(String str, String str2, Class<T> cls, String str3, Map<String, String> map) throws OpenApiException {
        String str4 = map.get("resourceClientToServer.appSecret");
        String str5 = map.get("resourceClientToServer.bosPublickBase64Key");
        String str6 = map.get("resourceClientToServer.openApiSign");
        EncryptInfo encrypt = encrypt(str, EncryptionEnum.getEncryption(1L), str5);
        RequestSecurityDto requestSecurityDto = new RequestSecurityDto();
        requestSecurityDto.setEncryptData(encrypt.getEncryptInfo());
        requestSecurityDto.setDgtlEnvlp(encrypt.getDgtlEnvlp());
        String uuid = UUID.randomUUID().toString();
        String convertToStr = DateUtil.convertToStr(SignUtils.SIGNATUR_TIME_FORMAT, new Date());
        requestSecurityDto.setSignatureNonce(uuid);
        requestSecurityDto.setTimestamp(convertToStr);
        String jSONString = JSON.toJSONString(requestSecurityDto);
        SignInfoDto signInfoDto = new SignInfoDto();
        signInfoDto.setContent(jSONString);
        signInfoDto.setSignatureNonce(uuid);
        signInfoDto.setDateTime(convertToStr);
        requestSecurityDto.setSignature(signing(str4, jSONString, uuid, convertToStr));
        String jSONString2 = JSON.toJSONString(requestSecurityDto);
        HashMap hashMap = new HashMap();
        hashMap.put("openApiAuth", "5");
        hashMap.put("Content-Type", "application/json");
        hashMap.put("openApiSign", getOpenApiSign(str6, str3));
        String str7 = "";
        try {
            str7 = HttpClientUtils.postjson(str2, hashMap, jSONString2, CONNECTION_TIMEOUT, READ_TIMEOUT);
            if (str7.contains("login.loginBizException")) {
                logger.error("doSignApiRequest error:" + JSON.parseObject(str7).getString("errorMsg"));
                throw new OpenApiException(ApiErrorCode.HTTP_INTERNAL_ERROR, ResManager.loadKDString("云端地址和云端账套ID不匹配，建议检查云端账套ID是否填写正确。", "OpenApiSecurityUtil_0", ResSystemType.PUB_FORM_PLUGIN.getType(), new Object[0]), new Object[0]);
            }
            if (str7.contains("login.loginWrongAccountException")) {
                throw new OpenApiException(ApiErrorCode.HTTP_INTERNAL_ERROR, ResManager.loadKDString("云端账套ID不存在，请确认后重试。", "ThirdAppApplyFormPlugin_27", ResSystemType.PUB_FORM_PLUGIN.getType(), new Object[0]), new Object[0]);
            }
            if (str7.contains("<TITLE>Error</TITLE>") && str7.contains("Access denied")) {
                logger.error("invalid url:" + str2 + ", the responseString is:" + str7);
                throw new OpenApiException(ApiErrorCode.HTTP_INTERNAL_ERROR, ResManager.loadKDString("云端地址是非法地址，请修改后提交。", "ThirdAppApplyFormPlugin_24", ResSystemType.PUB_FORM_PLUGIN.getType(), new Object[0]), new Object[0]);
            }
            try {
                ResponseSecurityDto responseSecurityDto = (ResponseSecurityDto) JSON.parseObject(str7, new TypeReference<ResponseSecurityDto<CustomApiResult>>() { // from class: kd.bos.open.res.util.OpenApiSecurityUtil.1
                }, new Feature[0]);
                String timestamp = responseSecurityDto.getTimestamp();
                String signatureNonce = responseSecurityDto.getSignatureNonce();
                String signature = responseSecurityDto.getSignature();
                responseSecurityDto.setSignature((String) null);
                String signing = signing(str4, JSON.toJSONString(responseSecurityDto), signatureNonce, timestamp);
                if (!signature.equalsIgnoreCase(signing)) {
                    logger.error("the post of signString:" + signature + " the signing of string:" + signing + ", it's not equal.");
                    throw new OpenApiException(ApiErrorCode.HTTP_INTERNAL_ERROR, "doSignApiRequest the result check sign error.", new Object[0]);
                }
                String dgtlEnvlp = responseSecurityDto.getDgtlEnvlp();
                String encryptData = responseSecurityDto.getEncryptData();
                if (encryptData != null && dgtlEnvlp != null) {
                    String decrypt = decrypt(encryptData, EncryptionEnum.getEncryption(1L), unSignByPublicKey(dgtlEnvlp, str5));
                    if (responseSecurityDto.getData() != null) {
                        CustomApiResult customApiResult = (CustomApiResult) responseSecurityDto.getData();
                        if (cls.getSimpleName().equalsIgnoreCase("String")) {
                            customApiResult.setData(decrypt);
                        } else {
                            customApiResult.setData(JSON.toJavaObject(JSON.parseObject(decrypt), cls));
                        }
                    } else if (cls.getSimpleName().equalsIgnoreCase("String")) {
                        responseSecurityDto.setData(CustomApiResult.success(decrypt));
                    } else {
                        responseSecurityDto.setData(CustomApiResult.success(JSON.toJavaObject(JSON.parseObject(decrypt), cls)));
                    }
                    responseSecurityDto.setEncryptData((String) null);
                    responseSecurityDto.setDgtlEnvlp((String) null);
                }
                return (CustomApiResult) responseSecurityDto.getData();
            } catch (Exception e) {
                throw new OpenApiException(ApiErrorCode.HTTP_INTERNAL_ERROR, "doSignApiRequest receive post error:" + e.getMessage() + " responseString:" + str7, new Object[]{e});
            }
        } catch (SocketTimeoutException | ConnectTimeoutException e2) {
            throw new OpenApiException(ApiErrorCode.HTTP_INTERNAL_ERROR, ResManager.loadKDString("资源云连接超时，请稍后重试。", "OpenApiSecurityUtil_1", ResSystemType.PUB_FORM_PLUGIN.getType(), new Object[0]), new Object[0]);
        } catch (Exception e3) {
            logger.info("request.header:" + JSON.toJSONString(hashMap) + " request.body:" + jSONString2 + " response-=" + str7 + " doSignApiRequest send post error:" + e3.getMessage(), e3);
            throw new OpenApiException(ApiErrorCode.HTTP_INTERNAL_ERROR, ResManager.loadKDString("您填写的云端地址无法连接，请填写正确的云端地址。", "ThirdAppApplyFormPlugin_23", ResSystemType.PUB_FORM_PLUGIN.getType(), new Object[0]), new Object[0]);
        }
    }

    public static <T, E> CustomApiResult<E> sendSignApiRequest(T t, String str, Class<E> cls, String str2) throws OpenApiException {
        return sendSignApiRequest(t, str, cls, str2, getConnectParams(str2));
    }

    public static <T, E> CustomApiResult<E> sendSignApiRequest(T t, String str, Class<E> cls, String str2, Map<String, String> map) throws OpenApiException {
        HashMap hashMap = new HashMap();
        hashMap.put(StringUtil.captureName(t.getClass().getSimpleName()), t);
        return doSignApiRequest(JSON.toJSONString(hashMap), str, cls, str2, map);
    }

    private static Map<String, String> getConnectParams(String str) {
        int i;
        boolean z = -1;
        switch (str.hashCode()) {
            case -2110371946:
                if (str.equals("1335527015687654400")) {
                    z = false;
                    break;
                }
                break;
            case -1891879478:
                if (str.equals("1335512780043717632")) {
                    z = true;
                    break;
                }
                break;
            case -1094462821:
                if (str.equals("1315295202205190910")) {
                    z = 2;
                    break;
                }
                break;
            case 357259517:
                if (str.equals("143244152805884929")) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                i = 2;
                break;
            case true:
                i = 3;
                break;
            case true:
                i = 4;
                break;
            case true:
                i = 5;
                break;
            default:
                i = 2;
                break;
        }
        Map<String, String> map = (Map) DB.query(DBRoute.basedata, "SELECT fcomkey, fcomvalue, fdesc FROM t_openapi_common where ftype=? and fenable='1' ", new SqlParameter[]{new SqlParameter(":ftype", 4, Integer.valueOf(i))}, resultSet -> {
            HashMap hashMap = new HashMap(3);
            while (resultSet.next()) {
                String string = resultSet.getString("fcomvalue");
                if (EncrypterFactory.getEncrypter().isEncrypted(string)) {
                    string = EncrypterFactory.getEncrypter().decode(string);
                }
                hashMap.put(resultSet.getString("fcomkey"), string);
            }
            return hashMap;
        });
        if (map == null || map.isEmpty()) {
            throw new OpenApiException(ApiErrorCode.HTTP_INTERNAL_ERROR, "please check security config. ", new Object[0]);
        }
        return map;
    }

    static {
        algorithmMap.put("AES", "AES/GCM/NoPadding");
        algorithmMap.put("SM4", "SM4/GCM/NoPadding");
        CONNECTION_TIMEOUT = Integer.getInteger("httpclient.connectionTimeout", 5000).intValue();
        READ_TIMEOUT = Integer.getInteger("httpclient.readTimeout", 8000).intValue();
    }
}
