package com.xdja.safecenter.secret.controller.v2.region;

import com.xdja.log.analysis.aop.annoation.AopLog;
import com.xdja.platform.common.lite.kit.json.JSONException;
import com.xdja.platform.common.lite.kit.json.JsonMapper;
import com.xdja.safecenter.secret.controller.AbstractController;
import com.xdja.safecenter.secret.controller.HttpError;
import com.xdja.safecenter.secret.provider.backup.bean.ResultBean;
import com.xdja.safecenter.secret.provider.cellgroup.IEntityProvider;
import com.xdja.safecenter.secret.provider.region.IRegionProvider;
import com.xdja.safecenter.secret.provider.region.bean.RegionBean;
import com.xdja.safecenter.secret.provider.region.bean.RestoreResult;
import com.xdja.safecenter.secret.provider.restore.RestoreProvider;
import com.xdja.safecenter.secret.provider.restore.bean.EntityInfo;
import com.xdja.safecenter.secret.provider.restore.bean.UploadRestoreKeyReq;
import com.xdja.safecenter.secret.provider.restore.bean.UploadSecretkeyInfo;
import com.xdja.safecenter.secret.provider.todo.ITodoProvider;
import com.xdja.safecenter.secret.struct.v2.CellGroupStruct;
import com.xdja.safecenter.secret.struct.v2.KekWrapKey;
import com.xdja.safecenter.secret.struct.v2.SyncPubKey;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RestController
/* loaded from: input_file:com/xdja/safecenter/secret/controller/v2/region/RegionController.class */
public class RegionController extends AbstractController {

    @Resource
    private IRegionProvider regionProvider;

    @Resource
    private IEntityProvider entityProvider;

    @Resource
    private RestoreProvider restoreProvider;

    @Resource
    protected ITodoProvider toDoProvider;

    @RequestMapping(value = {"/api/v2/region/report"}, method = {RequestMethod.POST}, consumes = {"application/json"})
    @AopLog
    public void reportRegion(@RequestBody RegionBean regionBean, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.logger.debug("收到上报设备私有域信息请求，[sn={}，Region={}]", getSn(httpServletRequest), regionBean.toString());
        if (null == regionBean || StringUtils.isBlank(getSn(httpServletRequest)) || StringUtils.isBlank(regionBean.getName()) || StringUtils.isBlank(regionBean.getAppName()) || StringUtils.isBlank(regionBean.getPkName()) || StringUtils.isBlank(regionBean.getInterfaceId()) || StringUtils.isBlank(regionBean.getDesc())) {
            renderError(httpServletResponse, HttpError.ILLEGAL_REQUEST_PARAMETER);
        } else {
            this.regionProvider.doReportRegion(regionBean, getSN(httpServletRequest));
            this.logger.info("上报设备私有域信息成功，[sn={}，RegionBean={}]", getSn(httpServletRequest), regionBean.toString());
        }
    }

    @RequestMapping(value = {"/api/v2/region/upload/{chipSn}/{backNo}/kek"}, method = {RequestMethod.POST}, consumes = {"application/json"})
    @AopLog
    public void uploadDeviceEncKek(@PathVariable("chipSn") String str, @PathVariable("backNo") String str2, @RequestBody UploadRestoreKeyReq uploadRestoreKeyReq, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws JSONException {
        this.logger.debug("收到上传恢复设备加密KEK请求");
        if (!checkParams(str, getSn(httpServletRequest), str2, uploadRestoreKeyReq)) {
            renderError(httpServletResponse, HttpError.ILLEGAL_REQUEST_PARAMETER);
            return;
        }
        HashMap hashMap = new HashMap();
        HttpError checSecretKey = checSecretKey(uploadRestoreKeyReq, hashMap);
        if (null != checSecretKey) {
            renderError(httpServletResponse, checSecretKey);
            return;
        }
        if (!lock(hashMap, true)) {
            renderError(httpServletResponse, HttpError.ILLEGAL_SOURCE_DATA_OF_VERSION);
            return;
        }
        try {
            switch (this.regionProvider.doUploadDeviceEncKek(str, str2, getSn(httpServletRequest), getCardId(httpServletRequest), uploadRestoreKeyReq)) {
                case 2:
                    this.logger.error("上传恢复设备加密KEK失败，原因：备份设备与备份卡未绑定, [bSn={},backNo={}]", str, str2);
                    renderError(httpServletResponse, HttpError.BA_DEV_AND_BA_CARD_NOT_BIND);
                    lock(hashMap, false);
                    return;
                case 3:
                    this.logger.error("上传恢复设备加密KEK失败，原因：恢复设备的kek不存在, [rSn={},kekId={}]", getSn(httpServletRequest), uploadRestoreKeyReq.getEncKekId());
                    renderError(httpServletResponse, HttpError.RESTORE_DEV_KEK_NOT_EXIST);
                    lock(hashMap, false);
                    return;
                case 4:
                    this.logger.error("上传恢复设备加密KEK失败，原因：设备与kek不匹配, [rSn={},kekId={}]", getSn(httpServletRequest), uploadRestoreKeyReq.getEncKekId());
                    renderError(httpServletResponse, HttpError.DEV_KEK_NOT_RELATION);
                    lock(hashMap, false);
                    return;
                case 5:
                    this.logger.error("上传恢复设备加密KEK失败，原因：无效的备份卡, [backNo={}]", str2);
                    renderError(httpServletResponse, HttpError.INVALID_BACKUP_CARD);
                    lock(hashMap, false);
                    return;
                case 6:
                    this.logger.error("上传恢复设备加密KEK失败，原因：备份与恢复设备不能一样, [bSn={},rSn={}]", str, getSn(httpServletRequest));
                    renderError(httpServletResponse, HttpError.BA_DEV_AND_RES_DEV_NOT_SAME);
                    lock(hashMap, false);
                    return;
                default:
                    this.logger.info("执行上传恢复设备加密KEK成功 [bSn={},rSn={},backNo={},kekId={}]", new Object[]{str, getSn(httpServletRequest), str2, uploadRestoreKeyReq.getEncKekId()});
                    lock(hashMap, false);
                    return;
            }
        } catch (Throwable th) {
            lock(hashMap, false);
            throw th;
        }
    }

    @RequestMapping(value = {"/api/v2/region/restore/result"}, method = {RequestMethod.POST}, consumes = {"application/json"})
    @AopLog
    public void reportRestoreResult(@RequestBody List<RestoreResult> list, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.logger.debug("收到上报私有域恢复结果请求");
        if (!checkRestoreResultParams(list, getSn(httpServletRequest))) {
            renderError(httpServletResponse, HttpError.ILLEGAL_REQUEST_PARAMETER);
            return;
        }
        switch (this.regionProvider.doReportRestoreResult(list, getSn(httpServletRequest))) {
            case 2:
                this.logger.error("上报私有域恢复结果失败，原因：恢复设备与备份卡无对应关系");
                renderError(httpServletResponse, HttpError.RES_DEV_AND_BA_CARD_NOT_RELATION);
                return;
            case 3:
                this.logger.error("上报私有域恢复结果失败，原因：备份、恢复设备无恢复关系");
                renderError(httpServletResponse, HttpError.BA_RES_DEV_NOT_RESTORE_RELATION);
                return;
            case 4:
                this.logger.error("上报私有域恢复结果失败，原因：私有域不在恢复范围");
                renderError(httpServletResponse, HttpError.REGION_NOT_IN_RESTORE_SCOPE);
                return;
            default:
                this.logger.debug("上报私有域恢复结果成功");
                return;
        }
    }

    @RequestMapping(value = {"/api/v2/region/{backNo}"}, method = {RequestMethod.GET}, consumes = {"application/json"})
    @AopLog
    public Object getStayRestoreRegion(@PathVariable String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.logger.debug("收到获取待恢复私有域列表请求");
        if (StringUtils.isBlank(str) || StringUtils.isBlank(getSn(httpServletRequest))) {
            return HttpError.ILLEGAL_REQUEST_PARAMETER.handle(httpServletResponse);
        }
        ResultBean stayRestoreRegion = this.regionProvider.getStayRestoreRegion(getSn(httpServletRequest), str);
        switch (stayRestoreRegion.getCode()) {
            case 2:
                this.logger.error("获取待恢复私有域列表执行失败，原因：未查询到待恢复私有域，[sn={},backNo={}]", getSn(httpServletRequest), str);
                return HttpError.NOT_QUERY_STAY_RESTORE_REGION.handle(httpServletResponse);
            case 3:
                this.logger.error("获取待恢复私有域列表执行失败，原因：未查询到恢复设备kek加密的备份设备kek，[sn={},backNo={}]", getSn(httpServletRequest), str);
                return HttpError.NOT_QUERY_RES_DEV_ENC_KEK.handle(httpServletResponse);
            default:
                this.logger.info("获取待恢复私有域列表执行成功，[sn={},backNo={}]", getSn(httpServletRequest), str);
                return stayRestoreRegion.getInfo();
        }
    }

    @RequestMapping(value = {"/api/v2/region/records"}, method = {RequestMethod.GET}, consumes = {"application/json"})
    @AopLog
    public Object queryRestoreRecord(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws JSONException {
        this.logger.debug("收到查询设备恢复记录请求  [sn={}]", getSn(httpServletRequest));
        if (StringUtils.isBlank(getSn(httpServletRequest))) {
            return HttpError.ILLEGAL_REQUEST_PARAMETER.handle(httpServletResponse);
        }
        List queryRestorerecord = this.regionProvider.queryRestorerecord(getSn(httpServletRequest));
        this.logger.debug("查询设备恢复记录请求执行完成");
        return queryRestorerecord;
    }

    @RequestMapping(value = {"/api/v2/region/restore/{chipSn}/{backNo}/secretKey"}, method = {RequestMethod.GET}, consumes = {"application/json"})
    @AopLog
    public Object queryRegionSecretKey(@PathVariable("chipSn") String str, @PathVariable("backNo") String str2, @RequestParam int i, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws JSONException {
        List restoreMissionsByDevice;
        this.logger.debug("收到查询私有域设备待恢复密钥请求");
        if (StringUtils.isBlank(str) || StringUtils.isBlank(str2) || StringUtils.isBlank(getSn(httpServletRequest)) || !(i == 0 || i == 1)) {
            return HttpError.ILLEGAL_REQUEST_PARAMETER.handle(httpServletResponse);
        }
        if (this.regionProvider.isRestoreSuccess(getSn(httpServletRequest), str2)) {
            this.logger.error("查询私有域设备待恢复密钥失败，原因：设备上次已恢复成功  [bSn={},rSn={},backNo={}]", new Object[]{str, getSn(httpServletRequest), str2});
            return HttpError.DEV_ALREADY_RESTORE_SUCCESS.handle(httpServletResponse);
        }
        HashMap hashMap = new HashMap();
        hashMap.put("todo", new Object[0]);
        hashMap.put("secretKeys", new Object[0]);
        if (i == 1 && null != (restoreMissionsByDevice = this.toDoProvider.getRestoreMissionsByDevice(str, (String) null, (String) null, (String) null)) && !restoreMissionsByDevice.isEmpty()) {
            hashMap.put("todo", restoreMissionsByDevice);
            return hashMap;
        }
        List querySecretKeys = this.restoreProvider.querySecretKeys(str);
        if (null != querySecretKeys) {
            hashMap.put("secretKeys", querySecretKeys);
        }
        this.logger.debug("查询私有域设备待恢复密钥请求执行完成");
        return hashMap;
    }

    @RequestMapping(value = {"/api/v2/region/restore/{chipSn}/{backNo}/upload/secretKey"}, method = {RequestMethod.POST}, consumes = {"application/json"})
    @AopLog
    public void uploadRegionSecretKey(@PathVariable("chipSn") String str, @PathVariable("backNo") String str2, @RequestBody UploadRestoreKeyReq uploadRestoreKeyReq, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws JSONException {
        this.logger.debug("收到上传私有域已恢复密钥请求");
        if (!checkParams(str, getSn(httpServletRequest), str2, uploadRestoreKeyReq)) {
            renderError(httpServletResponse, HttpError.ILLEGAL_REQUEST_PARAMETER);
            return;
        }
        HashMap hashMap = new HashMap();
        HttpError checSecretKey = checSecretKey(uploadRestoreKeyReq, hashMap);
        if (null != checSecretKey) {
            renderError(httpServletResponse, checSecretKey);
            return;
        }
        if (this.regionProvider.isRestoreSuccess(getSn(httpServletRequest), str2)) {
            this.logger.error("上传私有域已恢复密钥失败，原因：设备上次已恢复成功  [bSn={},rSn={},backNo={}]", new Object[]{str, getSn(httpServletRequest), str2});
            renderError(httpServletResponse, HttpError.DEV_ALREADY_RESTORE_SUCCESS);
            return;
        }
        if (!lock(hashMap, true)) {
            renderError(httpServletResponse, HttpError.ILLEGAL_SOURCE_DATA_OF_VERSION);
            return;
        }
        try {
            switch (this.regionProvider.doUploadRegionSecretKey(str, str2, getSn(httpServletRequest), getCardId(httpServletRequest), uploadRestoreKeyReq)) {
                case 2:
                    this.logger.error("上传私有域已恢复密钥失败，原因：备份与恢复设备不能一样, [bSn={},rSn={}]", str, getSn(httpServletRequest));
                    renderError(httpServletResponse, HttpError.BA_DEV_AND_RES_DEV_NOT_SAME);
                    lock(hashMap, false);
                    return;
                case 3:
                    this.logger.error("上传私有域已恢复密钥失败，原因：恢复设备的kek不存在, [rSn={},kekId={}]", getSn(httpServletRequest), uploadRestoreKeyReq.getEncKekId());
                    renderError(httpServletResponse, HttpError.RESTORE_DEV_KEK_NOT_EXIST);
                    lock(hashMap, false);
                    return;
                case 4:
                    this.logger.error("上传私有域已恢复密钥失败，原因：设备与kek不匹配, [rSn={},kekId={}]", getSn(httpServletRequest), uploadRestoreKeyReq.getEncKekId());
                    renderError(httpServletResponse, HttpError.DEV_KEK_NOT_RELATION);
                    lock(hashMap, false);
                    return;
                default:
                    this.logger.info("执行上传私有域已恢复密钥成功 [bSn={},rSn={},backNo={},kekId={}]", new Object[]{str, getSn(httpServletRequest), str2, uploadRestoreKeyReq.getEncKekId()});
                    lock(hashMap, false);
                    return;
            }
        } catch (Throwable th) {
            lock(hashMap, false);
            throw th;
        }
    }

    @RequestMapping(value = {"/api/v2/region/{chipSn}/{backNo}/info"}, method = {RequestMethod.GET}, consumes = {"application/json"})
    public Object queryBackDevRegions(@PathVariable String str, @PathVariable String str2, HttpServletResponse httpServletResponse) {
        this.logger.debug("收到获取备份设备私有域列表请求");
        if (StringUtils.isBlank(str) || StringUtils.isBlank(str2)) {
            return HttpError.ILLEGAL_REQUEST_PARAMETER.handle(httpServletResponse);
        }
        ResultBean queryBackDevRegions = this.regionProvider.queryBackDevRegions(str, str2);
        switch (queryBackDevRegions.getCode()) {
            case 2:
                this.logger.error("获取备份设备私有域列表失败，原因：无效的备份卡 [chipSn={},backNo={}]", str, str2);
                return HttpError.INVALID_BACKUP_CARD.handle(httpServletResponse);
            case 3:
                this.logger.error("获取备份设备私有域列表失败，原因：备份设备未绑定该备份卡 [chipSn={},backNo={}]", str, str2);
                return HttpError.NOT_BIND_BACKUP_CARD.handle(httpServletResponse);
            default:
                this.logger.debug("获取备份设备私有域列表请求执行成功");
                return queryBackDevRegions.getInfo();
        }
    }

    private boolean checkRestoreResultParams(List<RestoreResult> list, String str) {
        if (null == list || list.isEmpty() || StringUtils.isBlank(str)) {
            return false;
        }
        ArrayList arrayList = new ArrayList();
        for (RestoreResult restoreResult : list) {
            if (null == restoreResult || null == restoreResult.getRegionIds() || restoreResult.getRegionIds().isEmpty() || StringUtils.isBlank(restoreResult.getBackNo()) || StringUtils.isBlank(restoreResult.getBackSn()) || arrayList.contains(restoreResult.getBackNo())) {
                return false;
            }
            arrayList.add(restoreResult.getBackNo());
        }
        return true;
    }

    private boolean lock(Map<String, List<String>> map, boolean z) {
        try {
            HashMap hashMap = new HashMap();
            for (Map.Entry<String, List<String>> entry : map.entrySet()) {
                for (String str : entry.getValue()) {
                    if (!z) {
                        this.entityProvider.unlock(entry.getKey(), str);
                    } else {
                        if (!this.entityProvider.lock(entry.getKey(), str)) {
                            for (Map.Entry entry2 : hashMap.entrySet()) {
                                this.entityProvider.unlock((String) entry2.getKey(), (String) entry2.getValue());
                            }
                            return false;
                        }
                        hashMap.put(entry.getKey(), str);
                    }
                }
            }
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    private HttpError checSecretKey(UploadRestoreKeyReq uploadRestoreKeyReq, Map<String, List<String>> map) throws JSONException {
        for (UploadSecretkeyInfo uploadSecretkeyInfo : uploadRestoreKeyReq.getSecretKeys()) {
            map.put(uploadSecretkeyInfo.getAppId(), new ArrayList());
            for (EntityInfo entityInfo : uploadSecretkeyInfo.getEntities()) {
                if (!verifyWithSN(entityInfo.getCellGroup())) {
                    return HttpError.VERIFY_WITH_CHIP_ERROR;
                }
                if (entityInfo.getIn() == 0) {
                    if (!verifyWithSN(entityInfo.getSyncPubKey())) {
                        return HttpError.VERIFY_WITH_CHIP_ERROR;
                    }
                    if (!verifyWithSyncPubKData(entityInfo.getSyncPriKey(), ((SyncPubKey) JsonMapper.alwaysMapper().fromJson(entityInfo.getSyncPubKey().getInfo(), SyncPubKey.class)).getSkPub())) {
                        return HttpError.VERIFY_WITH_SYNCPUB_ERROR;
                    }
                }
                CellGroupStruct cellGroupStruct = (CellGroupStruct) JsonMapper.alwaysMapper().fromJson(entityInfo.getCellGroup().getInfo(), CellGroupStruct.class);
                if (!this.entityProvider.existEntity(uploadSecretkeyInfo.getAppId(), cellGroupStruct.getCgID())) {
                    return HttpError.ENTITY_NOT_EXIST;
                }
                if (entityInfo.getIn() == 0 && this.entityProvider.checkEntityVersionIllegal(uploadSecretkeyInfo.getAppId(), cellGroupStruct.getCgID(), Long.valueOf(cellGroupStruct.getCgVer()))) {
                    return HttpError.ILLEGAL_SOURCE_DATA_OF_VERSION;
                }
                for (KekWrapKey kekWrapKey : entityInfo.getKekWrapKey()) {
                    if (!cellGroupStruct.getCgID().equals(kekWrapKey.getCgID()) || Long.parseLong(cellGroupStruct.getWkVer()) < Long.parseLong(kekWrapKey.getWkVer())) {
                        return HttpError.URL_PARAM_NOT_MATCH_SOURCE;
                    }
                }
                map.get(uploadSecretkeyInfo.getAppId()).add(cellGroupStruct.getCgID());
            }
        }
        return null;
    }

    private boolean checkParams(String str, String str2, String str3, UploadRestoreKeyReq uploadRestoreKeyReq) {
        if (null == uploadRestoreKeyReq || null == uploadRestoreKeyReq.getSecretKeys() || StringUtils.isBlank(str) || StringUtils.isBlank(str2) || StringUtils.isBlank(str3) || StringUtils.isBlank(uploadRestoreKeyReq.getEncKek()) || StringUtils.isBlank(uploadRestoreKeyReq.getEncKekId())) {
            return false;
        }
        if (uploadRestoreKeyReq.getSecretKeys().isEmpty()) {
            return true;
        }
        for (UploadSecretkeyInfo uploadSecretkeyInfo : uploadRestoreKeyReq.getSecretKeys()) {
            if (null == uploadSecretkeyInfo || StringUtils.isBlank(uploadSecretkeyInfo.getAppId()) || null == uploadSecretkeyInfo.getEntities() || uploadSecretkeyInfo.getEntities().isEmpty()) {
                return false;
            }
            for (EntityInfo entityInfo : uploadSecretkeyInfo.getEntities()) {
                if (null == entityInfo.getCellGroup() || null == entityInfo.getKekWrapKey() || entityInfo.getKekWrapKey().isEmpty()) {
                    return false;
                }
                if (entityInfo.getIn() != 0 && entityInfo.getIn() != 1) {
                    return false;
                }
                if (entityInfo.getIn() == 0 && (null == entityInfo.getSyncPubKey() || null == entityInfo.getSyncPriKey())) {
                    return false;
                }
                Iterator it = entityInfo.getKekWrapKey().iterator();
                while (it.hasNext()) {
                    if (null == ((KekWrapKey) it.next())) {
                        return false;
                    }
                }
            }
        }
        return true;
    }
}
