package kd.bos.openapi.base.security.api.impl;

import kd.bos.encrypt.EncrypterFactory;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.openapi.base.security.auth.impl.AuthHandleServiceFactory;
import kd.bos.openapi.base.util.ThirdAppSecurityUtil;
import kd.bos.openapi.common.constant.ApiErrorCode;
import kd.bos.openapi.common.exception.OpenApiException;
import kd.bos.openapi.common.util.StringUtil;
import kd.bos.openapi.security.ApiSecurityService;
import kd.bos.openapi.security.CertKeyUtil;
import kd.bos.openapi.security.model.CertificateInfo;
import kd.bos.openapi.security.model.EncryptInfo;
import kd.bos.openapi.security.model.Open3rdappsDto;
import kd.bos.openapi.security.model.ResponseSecurityDto;
import kd.bos.openapi.security.model.SignInfoDto;
import org.apache.commons.lang3.RandomStringUtils;

/* loaded from: input_file:kd/bos/openapi/base/security/api/impl/ApiSecurityServiceImpl.class */
public class ApiSecurityServiceImpl implements ApiSecurityService {
    private static final String CACHE_KEY_RSA = "RSA_PAIR_KEY";
    private static final Log log = LogFactory.getLog(ApiSecurityServiceImpl.class);
    private static int DEFAULT_RANDOM_KEY_LENGTH = 16;

    public EncryptInfo encrypt(String str, String str2, String str3, String str4) {
        String signByPrivateKey;
        String randomAlphabetic = RandomStringUtils.randomAlphabetic(DEFAULT_RANDOM_KEY_LENGTH);
        String encrypt = ApiSecurityFactory.getEncryptService().encrypt(str, str2, randomAlphabetic);
        if (StringUtil.isNotEmpty(str3) && StringUtil.isEmpty(str4)) {
            signByPrivateKey = signByPublicKey(randomAlphabetic, str3);
        } else {
            if (!StringUtil.isEmpty(str3) || !StringUtil.isNotEmpty(str4)) {
                throw new OpenApiException(ApiErrorCode.HTTP_INTERNAL_ERROR, "only support one of key(publicKeyBase64,privateKeyBase64), please set null for other key", new Object[0]);
            }
            signByPrivateKey = signByPrivateKey(randomAlphabetic, str4);
        }
        return EncryptInfo.valueOf(encrypt, signByPrivateKey);
    }

    public String decrypt(String str, String str2, String str3) {
        return ApiSecurityFactory.getEncryptService().decrypt(str, str2, str3);
    }

    public String signByPublicKey(String str, String str2) {
        return ApiSecurityFactory.getSignService().signByPublicKey(str, deCodeKey(str2));
    }

    public String signByPrivateKey(String str, String str2) {
        return ApiSecurityFactory.getSignService().signByPrivateKey(str, deCodeKey(str2));
    }

    public String unSignByPublicKey(String str, String str2) {
        return ApiSecurityFactory.getSignService().unSignByPublicKey(str, deCodeKey(str2));
    }

    public String unSignByPrivateKey(String str, String str2) {
        return ApiSecurityFactory.getSignService().unSignByPrivateKey(str, deCodeKey(str2));
    }

    private String deCodeKey(String str) {
        String str2 = str;
        if (EncrypterFactory.getEncrypter().isEncrypted(str)) {
            str2 = EncrypterFactory.getEncrypter().decode(str);
        }
        return str2;
    }

    public CertificateInfo getRsaKey(String str, Long l, String str2, String str3) {
        if (StringUtil.isEmpty(str)) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "the accountId is null", new Object[0]);
        }
        if (StringUtil.isEmpty(str)) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "the thirdId is null", new Object[0]);
        }
        if (StringUtil.isEmpty(str2)) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "the authType is null", new Object[0]);
        }
        if (StringUtil.isEmpty(str3)) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "the certType is null", new Object[0]);
        }
        Open3rdappsDto thirdByAccountAndThirdId = ThirdAppSecurityUtil.getThirdByAccountAndThirdId(str, l);
        if (thirdByAccountAndThirdId == null) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "getRsaKey the open3rdappsDto is null", new Object[0]);
        }
        try {
            return (CertificateInfo) thirdByAccountAndThirdId.getCertMaps().get(CertKeyUtil.getCertKey(str2, str3));
        } catch (Exception e) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "getRsaKey the open3rdappsDto is null", new Object[0]);
        }
    }

    public Open3rdappsDto getOpen3rdappsDtoBy(String str, Long l) {
        if (StringUtil.isEmpty(str)) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "the accountId is null", new Object[0]);
        }
        if (StringUtil.isEmpty(str)) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "the thirdId is null", new Object[0]);
        }
        return ThirdAppSecurityUtil.getOpen3rdAppsById(str, l);
    }

    private String signBySha256(String str, String str2) {
        if (StringUtil.isEmpty(str)) {
            return "";
        }
        if (StringUtil.isEmpty(str2)) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "the key is invalid", new Object[0]);
        }
        return ApiSecurityFactory.getSignService().signBySha256(str, deCodeKey(str2));
    }

    public <T> Object resultHandle(ResponseSecurityDto<T> responseSecurityDto) {
        if (StringUtil.isEmpty(responseSecurityDto.getAuthType()) || "4".equalsIgnoreCase(responseSecurityDto.getAuthType()) || "3".equalsIgnoreCase(responseSecurityDto.getAuthType()) || "1".equalsIgnoreCase(responseSecurityDto.getAuthType())) {
            return responseSecurityDto.getData();
        }
        if (responseSecurityDto.getThirdId() == null) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "ThirdAppId is null", new Object[0]);
        }
        return AuthHandleServiceFactory.getResultHandleServiceInstance(responseSecurityDto.getAuthType()).doResultHandle(responseSecurityDto);
    }

    public String signing(SignInfoDto signInfoDto) {
        return ApiSecurityFactory.getSignService().signing(signInfoDto);
    }

    public String signingBySha256(String str, SignInfoDto signInfoDto) {
        return ApiSecurityFactory.getSignService().signingBySha256(str, signInfoDto);
    }
}
