package kd.swc.hsbp.business.encrypt;

import java.security.Key;
import java.security.SecureRandom;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kd.bos.dataentity.entity.DynamicObject;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.login.utils.TransferUtil;
import kd.bos.orm.query.QFilter;
import kd.swc.hsbp.business.encrypt.util.SecretTableUtil;
import kd.swc.hsbp.business.servicehelper.SWCDataServiceHelper;
import kd.swc.hsbp.common.enums.EncryptLevelEnum;
import kd.swc.hsbp.common.enums.EncryptTypeEnum;
import kd.swc.hsbp.common.util.SWCStringUtils;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:kd/swc/hsbp/business/encrypt/MultiEncryptService.class */
public class MultiEncryptService {
    private final Log log = LogFactory.getLog(MultiEncryptService.class);
    private String KEY;
    private EncryptTypeEnum encryptType;
    private EncryptLevelEnum encryptLevel;
    static final /* synthetic */ boolean $assertionsDisabled;

    public MultiEncryptService(EncryptTypeEnum encryptTypeEnum, EncryptLevelEnum encryptLevelEnum) {
        this.encryptType = encryptTypeEnum;
        this.encryptLevel = encryptLevelEnum;
        initSecretKeyData();
    }

    public String getSecretKey(String str) {
        return SecretTableUtil.getEncryptKey(getHashcode(this.encryptType.getCode(), str).replaceAll("��", ""));
    }

    public String encode(List<String> list, String str) throws Exception {
        String encode = encode(str);
        if (EncryptLevelEnum.ENCRYPT_LEVEL_HIGH == this.encryptLevel) {
            encode = personEncode(list, leaderEncode(encode));
        }
        return encode;
    }

    public String encode(String str) {
        return SystemEncryptHelper.encode(this.encryptType.getCode(), str);
    }

    public String decode(List<String> list, String str) {
        if (list == null) {
            return null;
        }
        try {
            return leaderDecode(personDecode(list, str));
        } catch (Exception e) {
            this.log.error("decode error：" + list.size() + "msg ：" + e);
            return null;
        }
    }

    private String getHashcode(String str, String str2) {
        String str3 = "";
        try {
            if (!str.equals("0")) {
                str3 = TransferUtil.sha1(str2);
            }
            return str3.substring(0, 32);
        } catch (Exception e) {
            return "";
        }
    }

    private Key getAESKeyFromString(String str, int i) throws RuntimeException {
        if (str == null || str.length() < i / 8) {
            throw new RuntimeException("The given AES key is too short.");
        }
        try {
            return new SecretKeySpec(str.substring(0, i / 8).getBytes("UTF-8"), "AES");
        } catch (Exception e) {
            this.log.error("error:", e);
            return null;
        }
    }

    private String leaderEncode(String str) throws Exception {
        return encrypt(str, this.KEY);
    }

    public String encrypt(String str, String str2) throws Exception {
        if (str == null) {
            return null;
        }
        Key aESKeyFromString = getAESKeyFromString(str2, 128);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        byte[] bArr = new byte[12];
        new SecureRandom().nextBytes(bArr);
        cipher.init(1, aESKeyFromString, new GCMParameterSpec(128, bArr));
        byte[] bytes = str.getBytes("UTF-8");
        byte[] doFinal = cipher.doFinal(bytes);
        if (!$assertionsDisabled && doFinal.length != bytes.length + 16) {
            throw new AssertionError();
        }
        byte[] bArr2 = new byte[12 + bytes.length + 16];
        System.arraycopy(bArr, 0, bArr2, 0, 12);
        System.arraycopy(doFinal, 0, bArr2, 12, doFinal.length);
        return Base64.encodeBase64String(bArr2);
    }

    public String decrypt(String str, String str2) throws Exception {
        if (str == null) {
            return null;
        }
        byte[] decodeBase64 = Base64.decodeBase64(str);
        if (decodeBase64.length < 28) {
            throw new IllegalArgumentException();
        }
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, decodeBase64, 0, 12);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, getAESKeyFromString(str2, 128), gCMParameterSpec);
        return new String(cipher.doFinal(decodeBase64, 12, decodeBase64.length - 12), "UTF-8");
    }

    private String leaderDecode(String str) throws Exception {
        initSecretKeyData();
        return decrypt(str, this.KEY);
    }

    private String personEncode(List<String> list, String str) throws Exception {
        return encrypt(str, getPersonSecretKey(list));
    }

    private String personDecode(List<String> list, String str) throws Exception {
        return decrypt(str, getPersonSecretKey(list));
    }

    private String getPersonSecretKey(List<String> list) {
        if (list == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        list.forEach(str -> {
            sb.append(str);
        });
        String hashcode = getHashcode(this.encryptType.getCode(), sb.toString());
        return EncryptTypeEnum.ENCRYPT_TYPE_INTERNATIONAL == this.encryptType ? hashcode.substring(0, 16) : hashcode.substring(0, 32);
    }

    private void initSecretKeyData() {
        DynamicObject queryOne;
        if (EncryptLevelEnum.ENCRYPT_LEVEL_HIGH == this.encryptLevel) {
            if (SWCStringUtils.isEmpty(this.KEY) && (queryOne = new SWCDataServiceHelper("hsas_secretkey").queryOne("secretkey", new QFilter[0])) != null) {
                this.KEY = SecretTableUtil.getDecryptKey(this.encryptType.getCode(), queryOne.getString("secretkey"));
            }
            if (EncryptTypeEnum.ENCRYPT_TYPE_INTERNATIONAL == this.encryptType && SWCStringUtils.isNotEmpty(this.KEY)) {
                this.KEY = this.KEY.substring(0, 16);
            }
        }
    }

    static {
        $assertionsDisabled = !MultiEncryptService.class.desiredAssertionStatus();
    }
}
