package kd.hr.hbp.bussiness.cert;

import com.google.common.collect.Sets;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Base64;
import java.util.Map;
import java.util.Set;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.exception.KDBizException;
import kd.bos.license.service.cache.LicenseCache;
import kd.bos.license.util.LicenseGroupUtil;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.hr.hbp.common.util.HRStringUtils;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:kd/hr/hbp/bussiness/cert/HRCertUtils.class */
public final class HRCertUtils {
    private static final String KEY_CERT = "abJbVXGG+aRYu3OnbMm6ZA==";
    private static final String KEY_CODE_TYPE = "AES";
    private static final int GCM_IV_LENGTH = 12;
    private static final int GCM_TAG_LENGTH = 16;
    private static final String KEY_INSTANCE_TYPE = "AES/GCM/NoPadding";
    private static final String SIGN_ALGORITHMS = "SHA256WithRSA";
    private static final String KEY_SIGN_PUBLIC = "";
    private static final String KEY_PRIVATE = "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALkxYP+j9CIZ7RrqU92meHIPJRXWuQ9+n+2gN+uWJSWhZCjERLXFDuBW3WD7RvZ4/lMDyXI8VHXRmL4g96kut4Ywok3Bt4HSjUnu30jDUZKKnkoD5eJbTzW68ENK6YBPCJKhXSeCNwHBDXA5wbveGKt+mkQp4D31OC5GHQ9HWdvRAgMBAAECgYEAtIzVuqaH369TIMiQFyqzhtAJIe+D4P1cwnlPy5lIghWE5tHjAywpwsItdt3EY4u2uAybG4qB9ZPwzHyrt//Z34qAvW0finyI6xZuDitIF1cs3odluqbw37g7KC6yrA7S9YvuqS4TNlN4PxogyU3AzHMRBUAxZaxqYl3O0XtxiJkCQQDpI0dlHLjqBdh8AHtZGCD1yfRRzkDIfg8gQdzBMG0k8e/KEkXaWRCiUbAUe4fJwKP3qRelT0o7nehJX1i3QSeXAkEAy1p8D6xgIGA+ZhWmngmDiLZoB2qmAI1536wI85lQs0mfgP8q6P0/hOiI0gpzY+IY5oKvhZ8SbLLzfWfKJ37E1wJAXAOqiAPAD81i1f4ysMVPLPMaVLc85mSqf6a/BBii2zQJ2g1AOJ9yaz4mas8elshLbtH0HTCgMctvBJZ3I0y53QJBALPm4hiPnB8oZiuz/cqUihxZmyDsld2pS+e4b9bqjP2AJa9ejxy+ZwJzIhAIFNuJvBO6DAQ/nXIywrzwJGTaftMCQQC8WR1K6UJp3kQxmjuCZSQF0Q9DJC2ZZfe0xEzFlhjzHFJCyr3LuB+z9L/G7GGnu2yxfaIqd7d9Dlzx0I4YQjj0";
    private static final Log logger = LogFactory.getLog(HRCertUtils.class);
    private static final Set<String> allowedClassNameSet = Sets.newHashSet(new String[]{"kd.hr.hbp.bussiness.cert.HRCertManager", "kd.hr.hbp.bussiness.cert.HRCertCommonHelper", "kd.hr.hbp.bussiness.cert.HRUsedCertNumWarnDataSource", "kd.hr.hbp.bussiness.cert.HRBizCertSignHelper", "kd.hr.hbp.bussiness.cert.HRCertCalClassLoader"});

    HRCertUtils() {
    }

    static String encode(String str, String str2, String str3) {
        try {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(str2)));
            Cipher rSACipher = getRSACipher();
            if (rSACipher == null) {
                return null;
            }
            rSACipher.init(1, rSAPublicKey, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT));
            return Base64.getEncoder().encodeToString(process(rSACipher.doFinal(str.getBytes(StandardCharsets.UTF_8)), str3));
        } catch (Exception e) {
            return null;
        }
    }

    private static Cipher getRSACipher() {
        Cipher cipher = null;
        try {
            cipher = Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING");
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            logger.error("this should never happen", e);
        }
        return cipher;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String decode(String str, String str2) {
        isAllowedClassName(allowedClassNameSet);
        return decode(str, str2, KEY_PRIVATE);
    }

    static String decode(String str, String str2, String str3) {
        isAllowedClassName(allowedClassNameSet);
        try {
            byte[] process = process(Base64.getDecoder().decode(str.getBytes(StandardCharsets.UTF_8)), str2);
            RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(str3)));
            Cipher rSACipher = getRSACipher();
            if (rSACipher == null) {
                return null;
            }
            rSACipher.init(2, rSAPrivateKey, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT));
            return new String(rSACipher.doFinal(process));
        } catch (Exception e) {
            return null;
        }
    }

    static boolean checkSign(String str, String str2) {
        if (null == str || null == str2 || KEY_SIGN_PUBLIC.equals(str) || KEY_SIGN_PUBLIC.equals(str2)) {
            return false;
        }
        try {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(KEY_SIGN_PUBLIC)));
            byte[] decode = Base64.getDecoder().decode(str2);
            Signature signature = Signature.getInstance(SIGN_ALGORITHMS);
            signature.initVerify(rSAPublicKey);
            signature.update(str.getBytes());
            return signature.verify(decode);
        } catch (Exception e) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getGroupName(String str) {
        Map licenseGroup = LicenseGroupUtil.getLicenseGroup((String) null);
        Map licenseGroupV4 = LicenseGroupUtil.getLicenseGroupV4((String) null);
        String str2 = (String) licenseGroup.get(str);
        String str3 = HRStringUtils.isEmpty(str2) ? (String) licenseGroupV4.get(str) : str2;
        if (HRStringUtils.isEmpty(str3)) {
            str3 = LicenseCache.getGroupByID(Long.valueOf(str)).getString("name");
        }
        return str3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String encode4Cache(String str) {
        if (str == null || KEY_SIGN_PUBLIC.equals(str)) {
            return KEY_SIGN_PUBLIC;
        }
        String encodeToString = Base64.getEncoder().encodeToString(encode(str.getBytes(StandardCharsets.UTF_8)));
        return HRStringUtils.isEmpty(encodeToString) ? KEY_SIGN_PUBLIC : encodeToString;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String convertStringToHex(String str) {
        StringBuilder sb = new StringBuilder();
        for (char c : str.toCharArray()) {
            sb.append(Integer.toHexString(c));
        }
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String decode4Cache(String str) {
        if (HRStringUtils.isEmpty(str)) {
            return null;
        }
        byte[] decrypt = decrypt(Base64.getMimeDecoder().decode(str));
        String str2 = null;
        if (decrypt != null) {
            Charset forName = Charset.forName(StandardCharsets.UTF_8.name());
            ByteBuffer allocate = ByteBuffer.allocate(decrypt.length);
            allocate.put(decrypt).flip();
            str2 = new String(forName.decode(allocate).array());
            Arrays.fill(decrypt, (byte) 32);
        }
        return str2;
    }

    private static byte[] encode(byte[] bArr) {
        isAllowedClassName(allowedClassNameSet);
        try {
            byte[] bArr2 = new byte[GCM_IV_LENGTH];
            new SecureRandom().nextBytes(bArr2);
            Cipher cipher = Cipher.getInstance(KEY_INSTANCE_TYPE);
            cipher.init(1, getPrivateKey(), new GCMParameterSpec(128, bArr2));
            byte[] doFinal = cipher.doFinal(bArr);
            byte[] bArr3 = new byte[bArr2.length + doFinal.length];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            System.arraycopy(doFinal, 0, bArr3, bArr2.length, doFinal.length);
            return bArr3;
        } catch (Exception e) {
            return null;
        }
    }

    private static byte[] decrypt(byte[] bArr) {
        isAllowedClassName(allowedClassNameSet);
        try {
            byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, GCM_IV_LENGTH);
            Cipher cipher = Cipher.getInstance(KEY_INSTANCE_TYPE);
            cipher.init(2, getPrivateKey(), new GCMParameterSpec(128, copyOfRange));
            return cipher.doFinal(bArr, GCM_IV_LENGTH, bArr.length - GCM_IV_LENGTH);
        } catch (Exception e) {
            logger.error("kd.hr.hbp.bussiness.cert.HRCertManager.decrypt error! may be the data is invalid.");
            return null;
        }
    }

    private static SecretKeySpec getPrivateKey() {
        return new SecretKeySpec(Base64.getDecoder().decode(KEY_CERT), KEY_CODE_TYPE);
    }

    private static byte[] process(byte[] bArr, String str) {
        if (str == null || KEY_SIGN_PUBLIC.equals(str.trim())) {
            return bArr;
        }
        int length = bArr.length;
        byte[] bArr2 = new byte[length];
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        int i = 0;
        while (i < length) {
            bArr2[i] = i < bytes.length ? (byte) (bArr[i] ^ bytes[i]) : bArr[i];
            i++;
        }
        return bArr2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void isAllowedClassName(Set<String> set) {
        if (!Arrays.stream(Thread.currentThread().getStackTrace()).limit(10L).anyMatch(stackTraceElement -> {
            return set.contains(stackTraceElement.getClassName());
        })) {
            throw new KDBizException("HRLicenseManage error: current call is not allowed.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getSignData(String str, String str2) throws KDBizException {
        String str3 = str + str2;
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(str3.getBytes(StandardCharsets.UTF_8));
            str3 = new BigInteger(1, messageDigest.digest()).toString(GCM_TAG_LENGTH);
            return str3;
        } catch (Exception e) {
            logger.error(str3);
            logger.error(e.getMessage());
            throw new KDBizException("create sign data error:" + e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getGroupIdByBizObjID(String str, String str2) {
        if (str == null || str2 == null) {
            throw new KDBizException(String.format(ResManager.loadKDString("当前业务对象（%s）没有匹配的许可分组", "HRCertUtils_0", "hrmp-hbp-certmanager", new Object[0]), str2));
        }
        Set groups = LicenseCache.getGroups(str, str2);
        logger.info("HRCertUtils.getGroupIdByBizObjID:bizAppID:{},bizObjID:{}", str, str2);
        if (groups.size() <= 0) {
            throw new KDBizException(String.format(ResManager.loadKDString("当前业务对象（%s）没有匹配的许可分组", "HRCertUtils_0", "hrmp-hbp-certmanager", new Object[0]), str2));
        }
        Long l = (Long) groups.iterator().next();
        logger.info("HRCertUtils.getGroupIdByBizObjID,groupIdSet.size:{},bizAppID:{},bizObjID:{},groupId:{}", new Object[]{Integer.valueOf(groups.size()), str, str2, l});
        return String.valueOf(l);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Set<Long> getGroupIdSetByBizObjID(String str, String str2) {
        if (str == null || str2 == null) {
            throw new KDBizException(String.format(ResManager.loadKDString("当前业务对象（%s）没有匹配的许可分组", "HRCertUtils_0", "hrmp-hbp-certmanager", new Object[0]), str2));
        }
        logger.info("HRCertUtils.getGroupIdSetByBizObjID:bizAppID:{},bizObjID:{}", str, str2);
        return LicenseCache.getGroups(str, str2);
    }
}
