package com.xdja.safecenter.secret.controller.v2.restore;

import com.xdja.log.analysis.aop.annoation.AopLog;
import com.xdja.platform.common.lite.kit.json.JSONException;
import com.xdja.platform.common.lite.kit.json.JsonMapper;
import com.xdja.safecenter.secret.controller.AbstractController;
import com.xdja.safecenter.secret.controller.HttpError;
import com.xdja.safecenter.secret.provider.backup.BackupProvider;
import com.xdja.safecenter.secret.provider.backup.bean.ResultBean;
import com.xdja.safecenter.secret.provider.cellgroup.IEntityProvider;
import com.xdja.safecenter.secret.provider.kek.IKekProvider;
import com.xdja.safecenter.secret.provider.restore.RestoreProvider;
import com.xdja.safecenter.secret.provider.restore.bean.EntityInfo;
import com.xdja.safecenter.secret.provider.restore.bean.UploadRestoreKeyReq;
import com.xdja.safecenter.secret.provider.restore.bean.UploadSecretkeyInfo;
import com.xdja.safecenter.secret.provider.todo.ITodoProvider;
import com.xdja.safecenter.secret.struct.SourceDataStruct;
import com.xdja.safecenter.secret.struct.v2.CellGroupStruct;
import com.xdja.safecenter.secret.struct.v2.Kek;
import com.xdja.safecenter.secret.struct.v2.KekWrapKey;
import com.xdja.safecenter.secret.struct.v2.SyncPubKey;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RestController
/* loaded from: input_file:com/xdja/safecenter/secret/controller/v2/restore/RestoreController.class */
public class RestoreController extends AbstractController {

    @Autowired
    private RestoreProvider restoreProvider;

    @Resource
    protected ITodoProvider toDoProvider;

    @Resource
    private BackupProvider backupProvider;

    @Resource
    private IKekProvider kekProvider;

    @Resource
    private IEntityProvider entityProvider;

    @RequestMapping(value = {"/api/v2/restore/check/{bSn}/{rCode}"}, consumes = {"application/json"}, method = {RequestMethod.GET})
    @AopLog
    public Object checkBackupCardCode(@PathVariable("bSn") String str, @PathVariable("rCode") String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws JSONException {
        this.logger.debug("收到验证备份卡校验码请求");
        String sn = getSn(httpServletRequest);
        if (StringUtils.isBlank(sn)) {
            return HttpError.MISSING_REQUIRED_PARAMETERS.handle(httpServletResponse);
        }
        if (StringUtils.isBlank(str) || StringUtils.isBlank(str2)) {
            return HttpError.ILLEGAL_REQUEST_PARAMETER.handle(httpServletResponse);
        }
        ResultBean checkBackupCardCode = this.restoreProvider.checkBackupCardCode(sn, str, str2);
        switch (checkBackupCardCode.getCode()) {
            case 2:
                this.logger.debug("验证备份卡校验码结果：备份卡不存在");
                return HttpError.BACKUP_CARD_NOT_EXIST.handle(httpServletResponse);
            case 3:
                this.logger.debug("验证备份卡校验码结果：无效的备份卡");
                return HttpError.INVALID_BACKUP_CARD.handle(httpServletResponse);
            case 4:
            case 7:
            default:
                this.logger.debug("验证备份卡校验码请求执行完成");
                return checkBackupCardCode.getInfo();
            case 5:
                this.logger.debug("验证备份卡校验码结果：校验码不一致");
                return HttpError.CHECK_CODE_DISACCORD.handle(httpServletResponse);
            case 6:
                this.logger.debug("验证备份卡校验码结果：备份卡未使用");
                return HttpError.BACKUP_CARD_NOT_USE.handle(httpServletResponse);
            case 8:
                this.logger.debug("验证备份卡校验码结果：备份设备与恢复设备不能一样");
                return HttpError.BA_DEV_AND_RES_DEV_NOT_SAME.handle(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/api/v2/restore/{chipSn}/secretKey"}, consumes = {"application/json"}, method = {RequestMethod.GET})
    @AopLog
    public Object querySecretKey(@PathVariable String str, @RequestParam int i, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws JSONException {
        List restoreMissionsByDevice;
        this.logger.debug("收到查询设备待恢复秘钥请求");
        if (StringUtils.isBlank(str) || !(i == 0 || i == 1)) {
            return HttpError.ILLEGAL_REQUEST_PARAMETER.handle(httpServletResponse);
        }
        HashMap hashMap = new HashMap();
        hashMap.put("todo", new Object[0]);
        hashMap.put("secretKeys", new Object[0]);
        if (i == 1 && null != (restoreMissionsByDevice = this.toDoProvider.getRestoreMissionsByDevice(str, (String) null, (String) null, (String) null)) && !restoreMissionsByDevice.isEmpty()) {
            hashMap.put("todo", restoreMissionsByDevice);
            return hashMap;
        }
        List querySecretKeys = this.restoreProvider.querySecretKeys(str);
        if (null != querySecretKeys) {
            hashMap.put("secretKeys", querySecretKeys);
        }
        this.logger.debug("查询设备待恢复秘钥请求执行完成");
        return hashMap;
    }

    @RequestMapping(value = {"/api/v2/restore/{chipSn}/upload/secretKey"}, consumes = {"application/json"}, method = {RequestMethod.POST})
    @AopLog
    public void uploadSecretKey(@PathVariable String str, @RequestBody UploadRestoreKeyReq uploadRestoreKeyReq, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws JSONException {
        this.logger.debug("收到上传已恢复密钥请求");
        if (getSn(httpServletRequest).equals(str)) {
            this.logger.error("上传恢复密钥失败，备份设备不能与恢复设备相同", str);
            renderError(httpServletResponse, HttpError.BA_DEV_AND_RES_DEV_NOT_SAME);
        } else if (!checkDeviceBindBCard(str)) {
            this.logger.error("上传恢复密钥失败，备份设备SN【{}】未绑定备份卡", str);
            renderError(httpServletResponse, HttpError.NOT_BIND_BACKUP_CARD);
        } else if (checkAndSaveSecretKey(getCardId(httpServletRequest), getSn(httpServletRequest), str, uploadRestoreKeyReq, httpServletResponse)) {
            this.logger.debug("上传已恢复密钥请求执行完成");
        }
    }

    @RequestMapping(value = {"/api/v2/restore/records"}, consumes = {"application/json"}, method = {RequestMethod.GET})
    @AopLog
    public Object queryRestoreRecord(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws JSONException {
        this.logger.debug("收到查询设备恢复记录请求");
        List restoreRecords = this.restoreProvider.getRestoreRecords(getSn(httpServletRequest));
        this.logger.debug("查询设备恢复记录请求执行完成");
        return restoreRecords;
    }

    @RequestMapping(value = {"/api/v2/restore/{chipSn}/suits"}, consumes = {"application/json"}, method = {RequestMethod.GET})
    @AopLog
    public Object queryAppSuits(@PathVariable String str, HttpServletResponse httpServletResponse) throws JSONException {
        this.logger.debug("收到查询备份设备应用套件请求");
        if (StringUtils.isBlank(str)) {
            return HttpError.ILLEGAL_REQUEST_PARAMETER.handle(httpServletResponse);
        }
        Map queryAppSuits = this.restoreProvider.queryAppSuits(str);
        this.logger.debug("查询备份设备应用套件请求执行完成");
        return queryAppSuits;
    }

    @RequestMapping(value = {"/api/v2/restore/{bKeySn}/backup"}, consumes = {"application/json"}, method = {RequestMethod.GET})
    @AopLog
    public Object getBackupKey(@PathVariable("bKeySn") String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws JSONException {
        this.logger.debug("收到获取备份KEY备份密钥请求");
        String sn = getSn(httpServletRequest);
        if (StringUtils.isBlank(sn)) {
            return HttpError.MISSING_REQUIRED_PARAMETERS.handle(httpServletResponse);
        }
        if (StringUtils.isBlank(str)) {
            return HttpError.ILLEGAL_REQUEST_PARAMETER.handle(httpServletResponse);
        }
        ResultBean backupKey = this.restoreProvider.getBackupKey(sn, str);
        switch (backupKey.getCode()) {
            case 2:
                this.logger.debug("获取备份KEY备份密钥结果：备份KEY不存在");
                return HttpError.BACKUP_KEY_NOT_EXIST.handle(httpServletResponse);
            case 3:
                this.logger.debug("获取备份KEY备份密钥结果：无效的备份KEY");
                return HttpError.INVALID_BACKUP_KEY.handle(httpServletResponse);
            case 4:
            case 5:
            case 7:
            default:
                this.logger.debug("获取备份KEY备份密钥执行完成");
                return backupKey.getInfo();
            case 6:
                this.logger.debug("获取备份KEY备份密钥结果：备份KEY未使用");
                return HttpError.BACKUP_KEY_NOT_USE.handle(httpServletResponse);
            case 8:
                this.logger.debug("获取备份KEY备份密钥结果：备份设备与恢复设备不能一样");
                return HttpError.BA_DEV_AND_RES_DEV_NOT_SAME.handle(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/api/v2/restore/upload/{bKeySn}/secretKey"}, consumes = {"application/json"}, method = {RequestMethod.POST})
    @AopLog
    public void uploadBackupSecretKey(@PathVariable String str, @RequestBody UploadRestoreKeyReq uploadRestoreKeyReq, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws JSONException {
        this.logger.debug("收到上传备份设备已恢复密钥请求");
        String cardId = getCardId(httpServletRequest);
        String sn = getSn(httpServletRequest);
        if (StringUtils.isBlank(sn) || StringUtils.isBlank(cardId)) {
            renderError(httpServletResponse, HttpError.MISSING_REQUIRED_PARAMETERS);
            return;
        }
        if (StringUtils.isBlank(str)) {
            renderError(httpServletResponse, HttpError.ILLEGAL_REQUEST_PARAMETER);
            return;
        }
        ResultBean checkBackupKey = this.restoreProvider.checkBackupKey(str, sn);
        switch (checkBackupKey.getCode()) {
            case 2:
                this.logger.debug("获取备份KEY备份密钥结果：备份KEY不存在");
                renderError(httpServletResponse, HttpError.BACKUP_KEY_NOT_EXIST);
                return;
            case 3:
                this.logger.debug("获取备份KEY备份密钥结果：无效的备份KEY");
                renderError(httpServletResponse, HttpError.INVALID_BACKUP_KEY);
                return;
            case 4:
            case 5:
            case 7:
            default:
                if (checkAndSaveSecretKey(cardId, sn, String.valueOf(checkBackupKey.getInfo()), uploadRestoreKeyReq, httpServletResponse)) {
                    this.logger.debug("上传备份设备已恢复密钥请求执行完成");
                    return;
                }
                return;
            case 6:
                this.logger.debug("获取备份KEY备份密钥结果：备份KEY未使用");
                renderError(httpServletResponse, HttpError.BACKUP_KEY_NOT_USE);
                return;
            case 8:
                this.logger.debug("获取备份KEY备份密钥结果：备份设备与恢复设备不能一样");
                renderError(httpServletResponse, HttpError.BA_DEV_AND_RES_DEV_NOT_SAME);
                return;
        }
    }

    private boolean checkAndSaveSecretKey(String str, String str2, String str3, UploadRestoreKeyReq uploadRestoreKeyReq, HttpServletResponse httpServletResponse) throws JSONException {
        SourceDataStruct kekBySn = this.kekProvider.getKekBySn(str2);
        if (kekBySn == null) {
            this.logger.error("上传备份设备已恢复密钥失败，恢复设备SN【{}】kek不存在", str2);
            renderError(httpServletResponse, HttpError.RES_DEV_KEK_NOT_EXIST);
            return false;
        }
        Kek kek = (Kek) JsonMapper.alwaysMapper().fromJson(kekBySn.getInfo(), Kek.class);
        if (!kek.getKekID().equals(uploadRestoreKeyReq.getEncKekId())) {
            this.logger.error("上传备份设备已恢复密钥失败，恢复设备SN【{}】与kekID【{}】不匹配", str2, kek.getKekID());
            renderError(httpServletResponse, HttpError.DEV_KEK_NOT_MATCH);
            return false;
        }
        HashMap hashMap = new HashMap();
        for (UploadSecretkeyInfo uploadSecretkeyInfo : uploadRestoreKeyReq.getSecretKeys()) {
            hashMap.put(uploadSecretkeyInfo.getAppId(), new ArrayList());
            for (EntityInfo entityInfo : uploadSecretkeyInfo.getEntities()) {
                if (!verifyWithSN(entityInfo.getCellGroup())) {
                    renderError(httpServletResponse, HttpError.VERIFY_WITH_CHIP_ERROR);
                    return false;
                }
                if (entityInfo.getIn() == 0) {
                    if (!verifyWithSN(entityInfo.getSyncPubKey())) {
                        renderError(httpServletResponse, HttpError.VERIFY_WITH_CHIP_ERROR);
                        return false;
                    }
                    if (!verifyWithSyncPubKData(entityInfo.getSyncPriKey(), ((SyncPubKey) JsonMapper.alwaysMapper().fromJson(entityInfo.getSyncPubKey().getInfo(), SyncPubKey.class)).getSkPub())) {
                        renderError(httpServletResponse, HttpError.VERIFY_WITH_SYNCPUB_ERROR);
                        return false;
                    }
                }
                CellGroupStruct cellGroupStruct = (CellGroupStruct) JsonMapper.alwaysMapper().fromJson(entityInfo.getCellGroup().getInfo(), CellGroupStruct.class);
                if (!this.entityProvider.existEntity(uploadSecretkeyInfo.getAppId(), cellGroupStruct.getCgID())) {
                    renderError(httpServletResponse, HttpError.ENTITY_NOT_EXIST);
                    return false;
                }
                if (entityInfo.getIn() == 0 && this.entityProvider.checkEntityVersionIllegal(uploadSecretkeyInfo.getAppId(), cellGroupStruct.getCgID(), Long.valueOf(cellGroupStruct.getCgVer()))) {
                    renderError(httpServletResponse, HttpError.ILLEGAL_SOURCE_DATA_OF_VERSION);
                    return false;
                }
                for (KekWrapKey kekWrapKey : entityInfo.getKekWrapKey()) {
                    if (!cellGroupStruct.getCgID().equals(kekWrapKey.getCgID()) || Long.parseLong(cellGroupStruct.getWkVer()) < Long.parseLong(kekWrapKey.getWkVer())) {
                        renderError(httpServletResponse, HttpError.URL_PARAM_NOT_MATCH_SOURCE);
                        return false;
                    }
                }
                ((List) hashMap.get(uploadSecretkeyInfo.getAppId())).add(cellGroupStruct.getCgID());
            }
        }
        Set<String> keySet = hashMap.keySet();
        for (String str4 : keySet) {
            Iterator it = ((List) hashMap.get(str4)).iterator();
            while (it.hasNext()) {
                if (!this.entityProvider.lock(str4, (String) it.next())) {
                    renderError(httpServletResponse, HttpError.ILLEGAL_SOURCE_DATA_OF_VERSION);
                    return false;
                }
            }
        }
        try {
            this.restoreProvider.doUploadRestoreSecretKey(str3, str2, str, uploadRestoreKeyReq);
            for (String str5 : keySet) {
                Iterator it2 = ((List) hashMap.get(str5)).iterator();
                while (it2.hasNext()) {
                    this.entityProvider.unlock(str5, (String) it2.next());
                }
            }
            return true;
        } catch (Throwable th) {
            for (String str6 : keySet) {
                Iterator it3 = ((List) hashMap.get(str6)).iterator();
                while (it3.hasNext()) {
                    this.entityProvider.unlock(str6, (String) it3.next());
                }
            }
            throw th;
        }
    }

    private boolean checkDeviceBindBCard(String str) {
        return StringUtils.isNotBlank(this.backupProvider.querySnByChipSn(str));
    }
}
