package kd.tmc.fbp.service.ebservice.security.utils;

import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import kd.bos.context.RequestContext;
import kd.bos.dataentity.entity.DynamicObject;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.exception.BosErrorCode;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.orm.query.QFilter;
import kd.tmc.fbp.common.helper.TmcDataServiceHelper;
import kd.tmc.fbp.common.util.EmptyUtil;
import kd.tmc.fbp.service.ebservice.enums.AlgorithmEnum;
import kd.tmc.fbp.service.ebservice.errorcode.BeErrorCode;
import kd.tmc.fbp.service.ebservice.exception.BESecurityException;
import kd.tmc.fbp.service.ebservice.exception.EBBizNCException;
import kd.tmc.fbp.service.ebservice.security.atomic.ISignature;
import kd.tmc.fbp.service.ebservice.security.impl.EBSecurityFactory;

/* loaded from: input_file:kd/tmc/fbp/service/ebservice/security/utils/DefaultSignature.class */
public class DefaultSignature {
    private static Log logger = LogFactory.getLog(DefaultSignature.class);
    private ISignature signature = null;

    public DefaultSignature() {
    }

    @Deprecated
    public DefaultSignature(DynamicObject dynamicObject) {
        init(dynamicObject);
    }

    @Deprecated
    public static DefaultSignature getInstance() {
        DynamicObject[] load = TmcDataServiceHelper.load("bei_serviceconfig", "id, cafile_tag, customerprivatekey", new QFilter[]{new QFilter("isenable", "=", Boolean.TRUE)});
        if (EmptyUtil.isEmpty(load) || load.length <= 0) {
            throw new EBBizNCException(new BeErrorCode().BE5000());
        }
        return new DefaultSignature(load[0]);
    }

    public final void init(DynamicObject dynamicObject) {
        String str = RequestContext.get().getTenantId() + RequestContext.get().getAccountId();
        String str2 = dynamicObject.getString("cafile_tag") + HufuManager.getValue();
        if (str2 == null || str2.equals("")) {
            throw new BESecurityException(BosErrorCode.registerPasswordNotSame, new Object[]{ResManager.loadKDString("没有进行银企服务器设置，请先进行设置后才能调用银企服务！", "DefaultSignature_0", "tmc-bei-common", new Object[0])});
        }
        String string = dynamicObject.getString("customerprivatekey");
        String str3 = new String(XOREncrypter.decode(str, string));
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(new ByteArrayInputStream(XOREncrypter.decode(str, str2)), str3.toCharArray());
            this.signature = EBSecurityFactory.INSTANCE.getEBSignature(AlgorithmEnum.SHA1withRAS.getAlgorithm(), ((PrivateKey) keyStore.getKey(keyStore.aliases().nextElement(), str3.toCharArray())).getEncoded(), keyStore.getCertificate(keyStore.aliases().nextElement()).getPublicKey().getEncoded());
        } catch (Exception e) {
            logger.error("银企证书错误或者密码不正确，请到银企服务器配置中进行测试！", e);
            logger.error("key = " + str + "; passwordEnc = " + string + "p12password = " + str3 + "p12String = " + str2);
            throw new BESecurityException(BosErrorCode.registerPasswordNotSame, new Object[]{ResManager.loadKDString("银企证书错误或者密码不正确，请到银企服务器配置中进行测试！", "DefaultSignature_1", "tmc-bei-common", new Object[0])});
        }
    }

    public String sign(String str) {
        try {
            return this.signature.sign(str.getBytes("UTF-8"));
        } catch (Exception e) {
            logger.error("sign err:" + e.getMessage(), e);
            String message = e.getMessage();
            if (message == null) {
                message = e.getCause() != null ? e.getCause().getMessage() : e.toString();
            }
            throw new BESecurityException(e, BosErrorCode.otherUnknow, message);
        }
    }

    public boolean verify(String str, String str2) {
        try {
            return this.signature.verify(str, str2.getBytes("UTF-8"));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
