package com.xdja.safecenter.kdc.service.impl;

import com.xdja.cssp.acs.ICertService;
import com.xdja.cssp.acs.bean.cert.PublicKey;
import com.xdja.cssp.sm2cipher.sm2.cipher.SM2CipherImpl;
import com.xdja.cssp.sm2cipher.sm2.cipher.SM3Digest;
import com.xdja.platform.rpc.consumer.refer.DefaultServiceRefer;
import com.xdja.safecenter.kdc.service.IKdcService;
import com.xdja.safecenter.kdc.service.constants.ALG_TYPE;
import com.xdja.safecenter.kdc.service.constants.KEY_TYPE;
import com.xdja.safecenter.kdc.service.util.Sm4;
import com.xdja.safecenter.oauth.service.IAuthService;
import com.xdja.safecenter.oauth.service.pojo.AppInfo;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/xdja/safecenter/kdc/service/impl/KdcServiceImpl.class */
public class KdcServiceImpl implements IKdcService {
    Logger logger = LoggerFactory.getLogger(KdcServiceImpl.class);
    private IAuthService authService = (IAuthService) DefaultServiceRefer.getServiceRefer(IAuthService.class);
    private ICertService certService = (ICertService) DefaultServiceRefer.getServiceRefer(ICertService.class);

    public KdcServiceImpl() {
        this.logger.info("-------------------------------------------------------");
    }

    public boolean verifySign(String str, String str2, String str3) {
        return this.authService.verifySign(str, str2, str3);
    }

    public int verifyPackage(String str, String str2, String str3) {
        AppInfo appInfo = (AppInfo) this.authService.getAppInfoBatch(new String[]{str}).get(str);
        if (null == appInfo) {
            return -2;
        }
        return (str2.equals(appInfo.getPkgName()) && str3.equals(appInfo.getPkgSign())) ? 0 : -1;
    }

    public Map<String, byte[]> generateKey(int i, int i2, Map<String, String> map) {
        byte[] decryptUserKey;
        byte[] createKey = createKey(i2);
        HashMap hashMap = new HashMap();
        if (i != KEY_TYPE.uKey.value) {
            if (i != KEY_TYPE.sKey.value || null == (decryptUserKey = decryptUserKey(map.get("sn"), map.get("userKey").getBytes()))) {
                return null;
            }
            byte[] sm4_encrypt_ecb = Sm4.sm4_encrypt_ecb(decryptUserKey, createKey);
            byte[] hashBySM3 = hashBySM3(createKey);
            hashMap.put("key", sm4_encrypt_ecb);
            hashMap.put("hash", hashBySM3);
            return hashMap;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(map.get("sn"));
        List queryPublicKeyBySnList = this.certService.queryPublicKeyBySnList(arrayList, ALG_TYPE.sm2.value);
        if (null == queryPublicKeyBySnList || queryPublicKeyBySnList.isEmpty()) {
            return null;
        }
        byte[] encode = Base64.encode(encryptWithSM2(((PublicKey) queryPublicKeyBySnList.get(0)).getPublicKey(), createKey));
        byte[] hashBySM32 = hashBySM3(createKey);
        hashMap.put("key", encode);
        hashMap.put("hash", hashBySM32);
        return hashMap;
    }

    public String decryptUserCode(String str, byte[] bArr, byte[] bArr2) {
        byte[] decryptUserKey = decryptUserKey(str, bArr);
        if (null == decryptUserKey) {
            return null;
        }
        return new String(decrypt(ALG_TYPE.sm4.value, decryptUserKey, bArr2));
    }

    public byte[] encrypt(int i, byte[] bArr, byte[] bArr2) {
        return i == ALG_TYPE.sm4.value ? Sm4.sm4_encrypt_ecb(bArr, bArr2) : i == ALG_TYPE.sm2.value ? encryptWithSM2(new String(bArr), bArr2) : new byte[0];
    }

    public byte[] decrypt(int i, byte[] bArr, byte[] bArr2) {
        return i == ALG_TYPE.sm4.value ? Sm4.sm4_decrypt_ecb(bArr, bArr2) : i == ALG_TYPE.sm2.value ? decryptWithSM2(new String(bArr), bArr2) : new byte[0];
    }

    private byte[] decryptUserKey(String str, byte[] bArr) {
        byte[] decode = Base64.decode(bArr);
        ArrayList arrayList = new ArrayList();
        arrayList.add(str);
        List queryPublicKeyBySnList = this.certService.queryPublicKeyBySnList(arrayList, ALG_TYPE.sm2.value);
        if (null == queryPublicKeyBySnList || queryPublicKeyBySnList.isEmpty()) {
            return null;
        }
        return decryptWithSM2(((PublicKey) queryPublicKeyBySnList.get(0)).getPublicKey(), decode);
    }

    private byte[] encryptWithSM2(String str, byte[] bArr) {
        return new SM2CipherImpl().encrypt(str, bArr);
    }

    private byte[] decryptWithSM2(String str, byte[] bArr) {
        return new SM2CipherImpl().decrypt(str, bArr);
    }

    private byte[] createKey(int i) {
        byte[] bArr = new byte[i];
        try {
            SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
            return bArr;
        } catch (NoSuchAlgorithmException e) {
            return null;
        }
    }

    private byte[] hashBySHA1(byte[] bArr) {
        try {
            return MessageDigest.getInstance("SHA1").digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            return null;
        }
    }

    private byte[] hashBySM3(byte[] bArr) {
        SM3Digest sM3Digest = new SM3Digest();
        sM3Digest.update(bArr);
        return Base64.encode(sM3Digest.doFinal());
    }
}
