package kd.bos.openapi.base.util;

import com.alibaba.fastjson.JSON;
import java.sql.Connection;
import java.sql.Date;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.HashMap;
import java.util.Properties;
import kd.bos.context.RequestContext;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.dataentity.resource.SubSystemType;
import kd.bos.dc.api.model.Account;
import kd.bos.dc.utils.AccountUtils;
import kd.bos.dc.utils.MCDBUtil;
import kd.bos.dc.utils.SQLUtils;
import kd.bos.exception.BosErrorCode;
import kd.bos.exception.KDException;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.openapi.base.security.api.impl.ApiSecurityFactory;
import kd.bos.openapi.common.constant.ApiErrorCode;
import kd.bos.openapi.common.constant.ResSystemType;
import kd.bos.openapi.common.exception.OpenApiException;
import kd.bos.openapi.common.util.StringUtil;
import kd.bos.openapi.security.CertKeyUtil;
import kd.bos.openapi.security.model.BaseAuthInfoDto;
import kd.bos.openapi.security.model.CertificateInfo;
import kd.bos.openapi.security.model.Open3rdappsDto;

/* loaded from: input_file:kd/bos/openapi/base/util/ThirdAppSecurityUtil.class */
public class ThirdAppSecurityUtil {
    private static final Log log = LogFactory.getLog(ThirdAppSecurityUtil.class);
    private static final String ENABLE = "1";
    public static final String COSMIC_LOCAL_THIRDAPP = "cosmic_local_thirdapp";
    public static final String SPLIT = "-";
    private static final String FIND_THIRD_SQL = "select t.fid, t.fnumber,t.fstatus,t.fcreatorid,t.fmodifierid,t.fenable,t.fcreatetime,t.fmodifytime,t.fmasterid,t.fsyspwd, t.flastenabletime,t.flaststoptime,t.fpublickey,t.fwhitelist, t.fisbasicauth, t.fissignauth,t.fisresultsign, t.fisdigestauth, t.fisjwtauth, t.fjwtsigntype, t.fjwtshakey, t.fsigntype, t.fsignshakey, t.fisencryptallapi, t.fisallowalluser, t.fencryption, t.fisencryptallapi   from t_open_3rdapps t where  t.fenable='1' ";
    public static final String COSMIC_LOCAL_BASICAUTH = "cosmic_local_basicauth";
    private static final String AUTH_SQL = "select t.fid,fnumber,t.fagentuserid,t.fbasesigncode,p.fisbasicauth from t_open_3rdapps_basicauth t left join t_open_3rdapps p on t.fid=p.fid where t.fstatus='1' and  p.fenable='1' and t.fbasesigncode = ? ";
    private static final String BASE_SIGN_CODE = "fbasesigncode";
    private static final String THIRD_NUMBER = "fnumber";
    private static final String FID = "fid";
    private static final String AGENT_USER_ID = "fagentuserid";

    public static Open3rdappsDto getOpen3rdApps(String str, String str2) {
        return getOpen3rdAppsBy(str, null, str2);
    }

    public static Open3rdappsDto getOpen3rdAppsById(String str, Long l) {
        return getOpen3rdAppsBy(str, l, null);
    }

    private static Open3rdappsDto getOpen3rdAppsBy(String str, Long l, String str2) {
        if (StringUtil.isEmpty(str)) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "getOpen3rdAppsBy failed: accountId is null", new Object[0]);
        }
        if (l == null && StringUtil.isEmpty(str2)) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "getOpen3rdAppsBy failed: thirdId/appId is null", new Object[0]);
        }
        Account accountById = AccountUtils.getAccountById(str);
        Properties tenantDBInfo = AccountUtils.getTenantDBInfo(accountById);
        if (tenantDBInfo == null) {
            String loadKDString = ResManager.loadKDString("无法获取租户数据库连接!", "ThirdAppSecurityUtil_1", ResSystemType.BASE.getType(), new Object[0]);
            log.error(loadKDString);
            throw new KDException(BosErrorCode.configNotFound, new Object[]{loadKDString});
        }
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        Open3rdappsDto open3rdappsDto = null;
        try {
            try {
                connection = MCDBUtil.getConnection(accountById, tenantDBInfo);
                String str3 = FIND_THIRD_SQL;
                if (l != null) {
                    str3 = str3 + " and t.fid=? ";
                } else if (StringUtil.isNotEmpty(str2)) {
                    str3 = str3 + " and t.fnumber=? ";
                }
                preparedStatement = connection.prepareStatement(str3);
                if (l != null) {
                    preparedStatement.setLong(1, l.longValue());
                } else if (StringUtil.isNotEmpty(str2)) {
                    preparedStatement.setString(1, str2);
                }
                resultSet = preparedStatement.executeQuery();
                if (resultSet.next()) {
                    open3rdappsDto = new Open3rdappsDto();
                    open3rdappsDto.setEnable(true);
                    open3rdappsDto.setFid(Long.valueOf(resultSet.getLong(FID)));
                    open3rdappsDto.setNumber(resultSet.getString(THIRD_NUMBER));
                    open3rdappsDto.setWhiteList(resultSet.getString("fwhitelist"));
                    open3rdappsDto.setDigestAuthEnable(ENABLE.equalsIgnoreCase(resultSet.getString("fisdigestauth")));
                    open3rdappsDto.setDigestSignType(1L);
                    open3rdappsDto.setDigestSignKey(resultSet.getString("fpublickey"));
                    open3rdappsDto.setBasicAuthEnable(ENABLE.equalsIgnoreCase(resultSet.getString("fisbasicauth")));
                    open3rdappsDto.setJwtAuthEnable(ENABLE.equalsIgnoreCase(resultSet.getString("fisjwtauth")));
                    open3rdappsDto.setJwtSignType(Long.valueOf(resultSet.getLong("fjwtsigntype")));
                    open3rdappsDto.setJwtShaKey(resultSet.getString("fjwtshakey"));
                    open3rdappsDto.setSignAuthEnable(ENABLE.equalsIgnoreCase(resultSet.getString("fissignauth")));
                    open3rdappsDto.setSignType(Long.valueOf(resultSet.getLong("fsigntype")));
                    open3rdappsDto.setSignShaKey(resultSet.getString("fsignshakey"));
                    open3rdappsDto.setEncryption(Long.valueOf(resultSet.getLong("fencryption")));
                    open3rdappsDto.setEncryptAllApi(ENABLE.equalsIgnoreCase(resultSet.getString("fisencryptallapi")));
                    open3rdappsDto.setResultSignHandle(ENABLE.equalsIgnoreCase(resultSet.getString("fisresultsign")));
                }
                if (open3rdappsDto != null) {
                    loadCertMap(open3rdappsDto, connection);
                }
                if (open3rdappsDto != null) {
                    loadEncryptApi(open3rdappsDto, connection);
                }
                SQLUtils.cleanup(resultSet, preparedStatement, connection);
                return open3rdappsDto;
            } catch (SQLException e) {
                log.error(e);
                throw new KDException(e, BosErrorCode.sQLConnection, new Object[]{ResManager.loadKDString("数据库配置或表结构不正确，请联系系统管理员。", "ThirdAppSecurityUtil_0", SubSystemType.BASE, new Object[0]) + e.getMessage()});
            } catch (Exception e2) {
                log.error(e2);
                throw new KDException(e2, BosErrorCode.sQLConnection, new Object[]{ResManager.loadKDString("数据库配置或表结构不正确，请联系系统管理员。", "ThirdAppSecurityUtil_0", SubSystemType.BASE, new Object[0]) + e2.getMessage()});
            }
        } catch (Throwable th) {
            SQLUtils.cleanup(resultSet, preparedStatement, connection);
            throw th;
        }
    }

    private static void loadCertMap(Open3rdappsDto open3rdappsDto, Connection connection) {
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                preparedStatement = connection.prepareStatement("select a.fnumber,a.fstarttime,a.fendtime, c.fpublickey,c.fprivatekey,c.fcertificatetype  from T_OPEN_CERTIFICATE_USE u  left join T_OPEN_CERT_AUTHORIZ a on u.fcaid=a.fid  left join T_OPEN_CERTIFICATE c on u.fcertificateid=c.fid  where a.fstatus='A' and c.fstatus='A' and u.fstatus='A' and u.fthirdid=? ");
                preparedStatement.setLong(1, open3rdappsDto.getFid().longValue());
                HashMap hashMap = new HashMap(1);
                resultSet = preparedStatement.executeQuery();
                while (resultSet.next()) {
                    String string = resultSet.getString("fpublickey");
                    String string2 = resultSet.getString("fprivatekey");
                    String string3 = resultSet.getString("fcertificatetype");
                    Date date = resultSet.getDate("fstarttime");
                    Date date2 = resultSet.getDate("fendtime");
                    if (open3rdappsDto.isJwtAuthEnable() && "0".equalsIgnoreCase(string3)) {
                        hashMap.put(CertKeyUtil.getCertKey("3", string3), new CertificateInfo(string2, string, string3, date, date2, "A"));
                    }
                    if (open3rdappsDto.isSignAuthEnable()) {
                        hashMap.put(CertKeyUtil.getCertKey("5", string3), new CertificateInfo(string2, string, string3, date, date2, "A"));
                    }
                }
                open3rdappsDto.setCertMaps(hashMap);
                SQLUtils.cleanup(resultSet, preparedStatement, (Connection) null);
            } catch (SQLException e) {
                log.error(e);
                throw new KDException(e, BosErrorCode.sQLConnection, new Object[]{ResManager.loadKDString("数据库配置或表结构不正确，请联系系统管理员。", "ThirdAppSecurityUtil_0", SubSystemType.BASE, new Object[0]) + e.getMessage()});
            } catch (Exception e2) {
                log.error(e2);
                throw new KDException(e2, BosErrorCode.sQLConnection, new Object[]{ResManager.loadKDString("数据库配置或表结构不正确，请联系系统管理员。", "ThirdAppSecurityUtil_0", SubSystemType.BASE, new Object[0]) + e2.getMessage()});
            }
        } catch (Throwable th) {
            SQLUtils.cleanup(resultSet, preparedStatement, (Connection) null);
            throw th;
        }
    }

    private static void loadEncryptApi(Open3rdappsDto open3rdappsDto, Connection connection) {
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                try {
                    preparedStatement = connection.prepareStatement("select t.FAPIID,i.furlformat from T_OPEN_3RDAPPS_ENCRYPTAPI t left join t_open_apiservice i on t.fapiid=i.fid  where t.fid = ? and i.fversion ='2' and fhttpmethod='1' ");
                    preparedStatement.setLong(1, open3rdappsDto.getFid().longValue());
                    HashMap hashMap = new HashMap(1);
                    resultSet = preparedStatement.executeQuery();
                    while (resultSet.next()) {
                        hashMap.put(resultSet.getString("furlformat"), ENABLE);
                    }
                    open3rdappsDto.setEncryptApiMap(hashMap);
                    SQLUtils.cleanup(resultSet, preparedStatement, (Connection) null);
                } catch (SQLException e) {
                    log.error(e);
                    throw new KDException(e, BosErrorCode.sQLConnection, new Object[]{ResManager.loadKDString("数据库配置或表结构不正确，请联系系统管理员。", "ThirdAppSecurityUtil_0", SubSystemType.BASE, new Object[0]) + e.getMessage()});
                }
            } catch (Exception e2) {
                log.error(e2);
                throw new KDException(e2, BosErrorCode.sQLConnection, new Object[]{ResManager.loadKDString("数据库配置或表结构不正确，请联系系统管理员。", "ThirdAppSecurityUtil_0", SubSystemType.BASE, new Object[0]) + e2.getMessage()});
            }
        } catch (Throwable th) {
            SQLUtils.cleanup(resultSet, preparedStatement, (Connection) null);
            throw th;
        }
    }

    private static Long findThirdIdByNumber(String str, String str2) {
        if (StringUtil.isEmpty(str)) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "getOpen3rdAppsBy failed: accountId is null", new Object[0]);
        }
        if (StringUtil.isEmpty(str2) || "null".equalsIgnoreCase(str2)) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "getOpen3rdAppsBy failed: appId is null", new Object[0]);
        }
        Account accountById = AccountUtils.getAccountById(str);
        Properties tenantDBInfo = AccountUtils.getTenantDBInfo(accountById);
        if (tenantDBInfo == null) {
            String loadKDString = ResManager.loadKDString("无法获取租户数据库连接!", "ThirdAppSecurityUtil_1", ResSystemType.BASE.getType(), new Object[0]);
            log.error(loadKDString);
            throw new KDException(BosErrorCode.configNotFound, new Object[]{loadKDString});
        }
        Long l = null;
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                connection = MCDBUtil.getConnection(accountById, tenantDBInfo);
                preparedStatement = connection.prepareStatement("select t.fid from t_open_3rdapps t where t.fnumber=?  ");
                preparedStatement.setString(1, str2);
                resultSet = preparedStatement.executeQuery();
                if (resultSet.next()) {
                    l = Long.valueOf(resultSet.getLong(FID));
                }
                Long l2 = l;
                SQLUtils.cleanup(resultSet, preparedStatement, connection);
                return l2;
            } catch (SQLException e) {
                log.error(e);
                throw new KDException(e, BosErrorCode.sQLConnection, new Object[]{ResManager.loadKDString("数据库配置或表结构不正确，请联系系统管理员。", "ThirdAppSecurityUtil_0", SubSystemType.BASE, new Object[0]) + e.getMessage()});
            } catch (Exception e2) {
                log.error(e2);
                throw new KDException(e2, BosErrorCode.sQLConnection, new Object[]{ResManager.loadKDString("数据库配置或表结构不正确，请联系系统管理员。", "ThirdAppSecurityUtil_0", SubSystemType.BASE, new Object[0]) + e2.getMessage()});
            }
        } catch (Throwable th) {
            SQLUtils.cleanup(resultSet, preparedStatement, connection);
            throw th;
        }
    }

    public static Open3rdappsDto getThirdByAccountAndAppId(String str, String str2) {
        return getThirdByAccountAndThirdId(str, findThirdIdByNumber(str, str2));
    }

    public static Open3rdappsDto getThirdByAccountAndThirdId(String str, Long l) {
        if (StringUtil.isEmpty(str)) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "getOpen3rdAppsBy failed: accountId is null", new Object[0]);
        }
        if (l == null) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "getOpen3rdAppsBy failed: thirdId is null", new Object[0]);
        }
        Open3rdappsDto open3rdappsDto = null;
        String concat = COSMIC_LOCAL_THIRDAPP.concat(SPLIT).concat(str).concat(SPLIT).concat(l.toString());
        if (str != null) {
            Object obj = LocalCacheUtils.get(concat);
            if (obj == null) {
                open3rdappsDto = getOpen3rdAppsById(str, l);
                LocalCacheUtils.put(concat, open3rdappsDto);
            } else {
                open3rdappsDto = (Open3rdappsDto) obj;
            }
        }
        return open3rdappsDto;
    }

    public static BaseAuthInfoDto getBaseAuthInfoBySign(String str, String str2) {
        BaseAuthInfoDto baseAuthInfoDto;
        if (ApiSecurityFactory.isSecurityLogOpen()) {
            log.info("--------getBaseAuthInfoBySign traceId:" + RequestContext.get().getTraceId() + " accountId:" + str + " sign:" + str2);
        }
        if (StringUtil.isEmpty(str)) {
            return BaseAuthInfoDto.fail("invalid account is null");
        }
        String str3 = "cosmic_local_basicauth-" + str + SPLIT + str2;
        Object obj = LocalCacheUtils.get(str3);
        if (obj == null) {
            baseAuthInfoDto = getBasicAuthInfo(str, str2);
            if (baseAuthInfoDto != null) {
                LocalCacheUtils.put(str3, baseAuthInfoDto);
            }
        } else {
            baseAuthInfoDto = (BaseAuthInfoDto) obj;
        }
        if (ApiSecurityFactory.isSecurityLogOpen() && baseAuthInfoDto != null) {
            log.info("--------getBaseAuthInfoBySign traceId:" + RequestContext.get().getTraceId() + " baseAuthInfo:" + JSON.toJSONString(baseAuthInfoDto));
        }
        return baseAuthInfoDto;
    }

    public static BaseAuthInfoDto getBasicAuthInfo(String str, String str2) {
        Account accountById = AccountUtils.getAccountById(str);
        Properties tenantDBInfo = AccountUtils.getTenantDBInfo(accountById);
        BaseAuthInfoDto baseAuthInfoDto = new BaseAuthInfoDto();
        if (StringUtil.isEmpty(str2)) {
            return BaseAuthInfoDto.fail("failed");
        }
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                connection = MCDBUtil.getConnection(accountById, tenantDBInfo);
                preparedStatement = connection.prepareStatement(AUTH_SQL);
                preparedStatement.setString(1, str2);
                resultSet = preparedStatement.executeQuery();
                while (resultSet.next()) {
                    baseAuthInfoDto.setAgentUserId(resultSet.getLong(AGENT_USER_ID) != 0 ? Long.valueOf(resultSet.getLong(AGENT_USER_ID)) : null);
                    baseAuthInfoDto.setThirdId(Long.valueOf(resultSet.getLong(FID)));
                    baseAuthInfoDto.setThirdNumber(resultSet.getString(THIRD_NUMBER));
                    baseAuthInfoDto.setStatus(true);
                    baseAuthInfoDto.setBasicAuth(ENABLE.equals(resultSet.getString("fisbasicauth")));
                    if (ApiSecurityFactory.isSecurityLogOpen()) {
                        log.info("--------getBasicAuthInfo traceId:" + RequestContext.get().getTraceId() + " baseAuthInfo:" + JSON.toJSONString(baseAuthInfoDto));
                    }
                }
                SQLUtils.cleanup(resultSet, preparedStatement, connection);
                return baseAuthInfoDto;
            } catch (Exception e) {
                throw new KDException(e, BosErrorCode.sQLConnection, new Object[]{e.getMessage()});
            }
        } catch (Throwable th) {
            SQLUtils.cleanup(resultSet, preparedStatement, connection);
            throw th;
        }
    }
}
