package kd.bos.permission.util;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import kd.bos.cache.CacheConfigInfo;
import kd.bos.cache.CacheFactory;
import kd.bos.cache.LocalMemoryCache;
import kd.bos.context.RequestContext;
import kd.bos.crypto.AlgorithmDesc;
import kd.bos.crypto.MultiEncrypters;
import kd.bos.dataentity.entity.DynamicObject;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.dataentity.utils.StringUtils;
import kd.bos.db.DB;
import kd.bos.db.DBRoute;
import kd.bos.encrypt.impl.RSAEncrypterUtil;
import kd.bos.entity.cache.CacheKeyUtil;
import kd.bos.instance.Instance;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.login.utils.ZKUtils;
import kd.bos.orm.query.QFilter;
import kd.bos.servicehelper.BusinessDataServiceHelper;
import kd.bos.servicehelper.QueryServiceHelper;
import kd.bos.servicehelper.TimeServiceHelper;
import kd.bos.servicehelper.operation.SaveServiceHelper;
import kd.bos.session.SHAUtils;
import kd.bos.util.ExceptionUtils;
import kd.bos.util.HttpClientUtils;
import kd.bos.util.SystemProperties;
import kd.bos.zk.ZKFactory;

/* loaded from: input_file:kd/bos/permission/util/SchemeUtil.class */
public class SchemeUtil {
    private static final String CACHE_PUBLIC_KEY = "public_key";
    private static final String CACHE_WORK_KEY = "work_key";
    private static final String CACHE_KMS_KEY = "kms_key";
    private static final String CODE_SUCCESS = "100";
    private static final String KEY_SYSTEM_TYPE = "bos-mservice-permission";
    private static final Log LOG = LogFactory.getLog(SchemeUtil.class);

    public static List<DynamicObject> getSchemes() {
        return new ArrayList(BusinessDataServiceHelper.loadFromCache("perm_encryptionscheme", "id, number, name", new QFilter("enable", "=", "1").toArray()).values());
    }

    public static boolean checkSchemeEnable(long j) {
        QFilter qFilter = new QFilter("id", "=", Long.valueOf(j));
        qFilter.and("enable", "=", "1");
        return QueryServiceHelper.exists("perm_encryptionscheme", qFilter.toArray());
    }

    public static JSONObject decrypt(long j, String str) {
        String string;
        String string2;
        String workKey;
        JSONObject jSONObject = new JSONObject();
        try {
            DynamicObject scheme = getScheme(j);
            String string3 = scheme.getString("scheme_key");
            string = scheme.getString("algorithm");
            string2 = scheme.getString("length");
            workKey = getWorkKey(j, string3);
        } catch (Exception e) {
            error(jSONObject, e.getMessage());
        }
        if (StringUtils.isBlank(workKey)) {
            error(jSONObject, "获取工作密钥失败，请检查日志");
            return jSONObject;
        }
        success(jSONObject, "解密成功", MultiEncrypters.decrypt(string, workKey, Integer.parseInt(string2), str));
        return jSONObject;
    }

    public static JSONObject encrypt(long j, String str) {
        DynamicObject scheme = getScheme(j);
        return encrypt(j, scheme.getString("algorithm"), scheme.getString("scheme_key"), scheme.getString("length"), str);
    }

    public static JSONObject encrypt(long j, String str, String str2, String str3, String str4) {
        String workKey;
        JSONObject jSONObject = new JSONObject();
        try {
            workKey = getWorkKey(j, str2);
        } catch (Exception e) {
            error(jSONObject, e.getMessage());
        }
        if (StringUtils.isBlank(workKey)) {
            error(jSONObject, "获取工作密钥失败，请检查日志");
            return jSONObject;
        }
        success(jSONObject, "加密成功", MultiEncrypters.encrypt(str, workKey, Integer.parseInt(str3), str4));
        return jSONObject;
    }

    public static JSONObject generateSignature(String str, long j) {
        return generateSignature(str, getScheme(j));
    }

    public static JSONObject generateSignature(String str, String str2) {
        return generateSignature(str, getScheme(str2));
    }

    public static JSONObject generateSignature(Map<String, String> map, long j) {
        return generateSignature(map, getScheme(j));
    }

    public static JSONObject generateSignature(Map<String, String> map, String str) {
        return generateSignature(map, getScheme(str));
    }

    private static JSONObject generateSignature(String str, DynamicObject dynamicObject) {
        JSONObject jSONObject = new JSONObject();
        if (str == null) {
            error(jSONObject, "请提供正确的数据");
            return jSONObject;
        }
        String signatureValidate = signatureValidate(dynamicObject, jSONObject);
        if (StringUtils.isBlank(signatureValidate)) {
            return jSONObject;
        }
        String sHA256StrJava = SHAUtils.getSHA256StrJava(str + "&key=" + signatureValidate);
        if (StringUtils.isNotBlank(sHA256StrJava)) {
            success(jSONObject, "签名成功", sHA256StrJava);
        } else {
            error(jSONObject, "签名失败");
        }
        return jSONObject;
    }

    private static JSONObject generateSignature(Map<String, String> map, DynamicObject dynamicObject) {
        JSONObject jSONObject = new JSONObject();
        if (map == null || map.isEmpty()) {
            error(jSONObject, "请提供正确的数据");
            return jSONObject;
        }
        String signatureValidate = signatureValidate(dynamicObject, jSONObject);
        if (StringUtils.isBlank(signatureValidate)) {
            return jSONObject;
        }
        HashMap hashMap = new HashMap(map.size());
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String key = entry.getKey();
            String value = entry.getValue();
            if (value == null) {
                hashMap.put(key, "");
            } else {
                hashMap.put(key, SHAUtils.getSHA256StrJava("group=" + key + "&value=" + value + "&key=" + signatureValidate));
            }
        }
        success(jSONObject, "签名完成", hashMap);
        return jSONObject;
    }

    private static String signatureValidate(DynamicObject dynamicObject, JSONObject jSONObject) {
        if (dynamicObject == null) {
            error(jSONObject, "未找到对应的加密方案");
            return "";
        }
        String publicKey = getPublicKey();
        if (StringUtils.isBlank(publicKey)) {
            error(jSONObject, "获取公钥失败，请检查日志");
            return "";
        }
        String string = dynamicObject.getString("scheme_key");
        if (StringUtils.isBlank(string)) {
            JSONObject schemeKey = getSchemeKey(dynamicObject, publicKey);
            if (!schemeKey.getBoolean("success").booleanValue()) {
                error(jSONObject, schemeKey.getString("description"));
                return "";
            }
            string = schemeKey.getString("data");
            dynamicObject.set("scheme_key", string);
            SaveServiceHelper.save(new DynamicObject[]{dynamicObject});
        }
        String workKey = getWorkKey(dynamicObject.getLong("id"), string);
        if (!StringUtils.isBlank(workKey)) {
            return workKey;
        }
        error(jSONObject, "获取工作密钥失败，请检查日志");
        return "";
    }

    public static Map<String, List<Integer>> getSupportAlgorithms() {
        HashMap hashMap = new HashMap(0);
        for (AlgorithmDesc algorithmDesc : MultiEncrypters.getAllAlgorithm()) {
            hashMap.put(algorithmDesc.getTransformation(), algorithmDesc.getSupport());
        }
        return hashMap;
    }

    public static long addNewScheme(String str, String str2, String str3, String str4) {
        long longValue = ((Long) DB.query(DBRoute.base, "SELECT FID FROM T_PERM_ENCRYPTIONSCHEME WHERE FNUMBER = ?", new Object[]{str}, resultSet -> {
            long j = 0;
            if (resultSet.next()) {
                j = resultSet.getLong("FID");
            }
            return Long.valueOf(j);
        })).longValue();
        if (longValue != 0) {
            return longValue;
        }
        ArrayList arrayList = new ArrayList(9);
        long genLongId = DB.genLongId("T_PERM_ENCRYPTIONSCHEME");
        arrayList.add(Long.valueOf(genLongId));
        arrayList.add(str3);
        arrayList.add(str4);
        arrayList.add(str);
        arrayList.add(str2);
        arrayList.add("1");
        arrayList.add(1);
        arrayList.add(TimeServiceHelper.now());
        arrayList.add("1");
        DB.execute(DBRoute.base, "INSERT INTO T_PERM_ENCRYPTIONSCHEME (FID, FALGORITHM, FLENGTH, FNUMBER, FNAME, FENABLE, FCREATORID, FCREATETIME, FISSYSTEM) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);", arrayList.toArray());
        return genLongId;
    }

    public static JSONObject postMc(String str, JSONObject jSONObject, String str2) {
        JSONObject parseObject;
        JSONObject jSONObject2 = new JSONObject();
        try {
            String str3 = System.getProperty("mc.server.url") + str;
            LOG.debug("加密方案请求url：" + str3);
            HashMap hashMap = new HashMap(1);
            hashMap.put("Content-type", "application/json;charset=UTF-8");
            hashMap.put("access_token", str2);
            hashMap.put("api", "true");
            hashMap.put("accessToken", str2);
            String jSONString = JSON.toJSONString(jSONObject);
            LOG.debug(String.format("加密方案请求%s参数：%s", str, jSONString));
            String postjson = HttpClientUtils.postjson(str3, hashMap, jSONString);
            LOG.debug(String.format("加密方案请求%s返参：%s", str, postjson));
            if (StringUtils.isNotBlank(postjson) && (parseObject = JSON.parseObject(postjson)) != null) {
                boolean booleanValue = parseObject.getBoolean("success").booleanValue();
                String string = parseObject.getString("errorcode");
                if (booleanValue && StringUtils.equals(string, CODE_SUCCESS)) {
                    success(jSONObject2, "", parseObject.getJSONObject("data"));
                } else {
                    error(jSONObject2, parseObject.getString("description"));
                }
            }
        } catch (IOException e) {
            LOG.error(String.format("加密方案请求%s失败，原因：%s", str, e.getMessage()));
        }
        return jSONObject2;
    }

    public static String getMcAccessToken() {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("accountId", "");
        jSONObject.put("tenantId", "");
        String property = System.getProperty("mc.server.url");
        try {
            LOG.debug("请求token的url：" + property + "/api/upgradeLogin.do");
            return JSON.parseObject(HttpClientUtils.postjson(property + "/api/upgradeLogin.do", (Map) null, JSON.toJSONString(jSONObject))).getJSONObject("data").getString("access_token");
        } catch (Exception e) {
            LOG.error("获取token失败，原因：" + e.getMessage());
            return "";
        }
    }

    public static String getPublicKey() {
        JSONObject jSONObject;
        LocalMemoryCache localMemoryCache = getLocalMemoryCache(CACHE_PUBLIC_KEY);
        if (localMemoryCache.contains(CACHE_PUBLIC_KEY)) {
            String valueOf = String.valueOf(localMemoryCache.get(CACHE_PUBLIC_KEY));
            if (StringUtils.isNotBlank(valueOf)) {
                return valueOf;
            }
        }
        JSONObject postMc = postMc("/kapi/app/mc/generatePublicKey", createPostParams(), getMcAccessToken());
        if (!postMc.getBoolean("success").booleanValue() || (jSONObject = postMc.getJSONObject("data")) == null) {
            return "";
        }
        String string = jSONObject.getString("publicKey");
        if (!StringUtils.isNotBlank(string)) {
            return "";
        }
        localMemoryCache.put(CACHE_PUBLIC_KEY, string);
        return string;
    }

    public static JSONObject getSchemeKey(DynamicObject dynamicObject, String str) {
        JSONObject jSONObject = new JSONObject();
        try {
            JSONObject schemeKey = getSchemeKey(RSAEncrypterUtil.encrypt(dynamicObject.getString("id"), RSAEncrypterUtil.getPublicKey(str)), dynamicObject.getString("length"));
            if (schemeKey.getBoolean("success").booleanValue()) {
                success(jSONObject, "", schemeKey.getJSONObject("data").getString("dataKeyId"));
            } else {
                error(jSONObject, schemeKey.getString("description"));
            }
        } catch (Exception e) {
            LOG.error("获取工作密钥加密id失败，原因：" + ExceptionUtils.getExceptionStackTraceMessage(e));
            error(jSONObject, "获取工作密钥id失败，请检查日志");
        }
        return jSONObject;
    }

    public static JSONObject getSchemeKey(String str, String str2) {
        JSONObject createPostParams = createPostParams();
        String mcAccessToken = getMcAccessToken();
        createPostParams.put("schemaId", str);
        createPostParams.put("keySize", str2);
        return postMc("/kapi/app/mc/generateDataKey", createPostParams, mcAccessToken);
    }

    public static DynamicObject getScheme(long j) {
        DynamicObject loadSingleFromCache = BusinessDataServiceHelper.loadSingleFromCache(Long.valueOf(j), "perm_encryptionscheme");
        if (loadSingleFromCache == null) {
            loadSingleFromCache = BusinessDataServiceHelper.loadSingle(Long.valueOf(j), "perm_encryptionscheme");
        }
        return loadSingleFromCache;
    }

    public static DynamicObject getScheme(String str) {
        QFilter qFilter = new QFilter("number", "=", str);
        DynamicObject loadSingleFromCache = BusinessDataServiceHelper.loadSingleFromCache("perm_encryptionscheme", qFilter.toArray());
        if (loadSingleFromCache == null) {
            loadSingleFromCache = BusinessDataServiceHelper.loadSingle("perm_encryptionscheme", qFilter.toArray());
        }
        return loadSingleFromCache;
    }

    private static JSONObject createPostParams() {
        JSONObject jSONObject = new JSONObject();
        RequestContext requestContext = RequestContext.get();
        jSONObject.put("dcId", requestContext.getAccountId());
        jSONObject.put("tenantId", requestContext.getTenantId());
        return jSONObject;
    }

    private static String getWorkKey(long j, String str) {
        JSONObject parseObject;
        LocalMemoryCache localMemoryCache = getLocalMemoryCache(CACHE_WORK_KEY);
        String str2 = "work_key_" + j;
        if (localMemoryCache.contains(str2)) {
            String valueOf = String.valueOf(localMemoryCache.get(str2));
            if (StringUtils.isNotBlank(valueOf)) {
                return valueOf;
            }
        }
        String publicKey = getPublicKey();
        try {
            LocalMemoryCache localMemoryCache2 = getLocalMemoryCache(CACHE_KMS_KEY);
            String decrypt = RSAEncrypterUtil.decrypt(str, RSAEncrypterUtil.getPublicKey(publicKey));
            String str3 = "";
            if (localMemoryCache2.contains(CACHE_KMS_KEY) && (parseObject = JSON.parseObject(String.valueOf(localMemoryCache2.get(CACHE_KMS_KEY)))) != null && parseObject.containsKey(decrypt)) {
                str3 = parseObject.getString(decrypt);
                if (StringUtils.isNotBlank(str3)) {
                    return str3;
                }
            }
            String property = System.getProperty("kms.key");
            localMemoryCache2.put(CACHE_KMS_KEY, property);
            JSONObject parseObject2 = JSON.parseObject(property);
            if (parseObject2 != null && parseObject2.containsKey(decrypt)) {
                str3 = parseObject2.getString(decrypt);
                if (StringUtils.isNotBlank(str3)) {
                    localMemoryCache.put(str2, str3);
                    return str3;
                }
            }
            String propertyFromZk = getPropertyFromZk();
            localMemoryCache2.put(CACHE_KMS_KEY, propertyFromZk);
            JSONObject parseObject3 = JSON.parseObject(propertyFromZk);
            if (parseObject3 != null && parseObject3.containsKey(decrypt)) {
                str3 = parseObject3.getString(decrypt);
                localMemoryCache.put(str2, str3);
            }
            return str3;
        } catch (Exception e) {
            LOG.error("获取工作密钥失败，原因：" + ExceptionUtils.getExceptionStackTraceMessage(e));
            return "";
        }
    }

    private static String getType(String str) {
        String acctId = CacheKeyUtil.getAcctId();
        if (StringUtils.isBlank(acctId)) {
            throw new RuntimeException(ResManager.loadKDString("当前数据中心为空。", "SchemeUtil_0", KEY_SYSTEM_TYPE, new Object[0]));
        }
        return str + "_result_" + acctId;
    }

    private static LocalMemoryCache getLocalMemoryCache(String str) {
        String type = getType(str);
        CacheConfigInfo cacheConfigInfo = new CacheConfigInfo();
        cacheConfigInfo.setTimeout(86400);
        cacheConfigInfo.setMaxItemSize(500);
        return CacheFactory.getCommonCacheFactory().$getOrCreateLocalMemoryCache("perm_encryptionscheme", type, cacheConfigInfo);
    }

    private static String getPropertyFromZk() {
        String withEnv = SystemProperties.getWithEnv("configUrl");
        String zkData = ZKUtils.getZkData(withEnv, ZKFactory.getZkRootPath(withEnv) + Instance.getClusterName() + "/config/common/prop/kms.properties");
        return zkData.substring(zkData.indexOf("{"));
    }

    private static void error(JSONObject jSONObject, String str) {
        jSONObject.put("success", false);
        jSONObject.put("description", str);
        jSONObject.put("data", "");
    }

    private static void success(JSONObject jSONObject, String str, Object obj) {
        jSONObject.put("success", true);
        jSONObject.put("description", str);
        jSONObject.put("data", obj);
    }
}
