package com.xdja.safecenter.secret.provider.verify;

import com.xdja.cssp.ums.model.Cert;
import com.xdja.cssp.ums.service.IAccountService;
import com.xdja.platform.rpc.consumer.refer.DefaultServiceRefer;
import com.xdja.safecenter.secret.core.CommonSetting;
import com.xdja.safecenter.secret.core.datasource.AbstractProvider;
import com.xdja.safecenter.secret.core.redis.RedisUtil;
import com.xdja.safecenter.secret.core.verify.ALG_TYPE;
import com.xdja.safecenter.secret.core.verify.CertUtil;
import com.xdja.safecenter.secret.core.verify.SignUtils;
import com.xdja.safecenter.secret.model.TSyncPair;
import com.xdja.safecenter.secret.provider.localkey.exception.CertNotExistException;
import com.xdja.safecenter.secret.provider.verfiy.IVerifyProvider;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.util.encoders.Base64;
import org.nutz.dao.Cnd;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/xdja/safecenter/secret/provider/verify/VerifyProviderImpl.class */
public class VerifyProviderImpl extends AbstractProvider implements IVerifyProvider {
    private static final int CERT_TYPE_RSA = 1;
    private static final int CERT_TYPE_SM2 = 2;
    private static final String CERT_HEAD = "-----BEGIN CERTIFICATE-----";
    private static final String CERT_TAIL = "-----END CERTIFICATE-----";
    protected Logger logger = LoggerFactory.getLogger(getClass());
    private IAccountService certService = (IAccountService) DefaultServiceRefer.getServiceRefer(IAccountService.class);

    public boolean verifyWithSN(String str, String str2, String str3, String str4) {
        if (!CommonSetting.VERIFY_TRIGGER) {
            return true;
        }
        int i = CERT_TYPE_RSA;
        if (ALG_TYPE.sm2.value.equals(str3)) {
            i = CERT_TYPE_SM2;
        }
        try {
            String queryCertBySN = queryCertBySN(str4, i);
            if (StringUtils.isBlank(queryCertBySN)) {
                this.logger.error("查询SN为【{}】，算法类型为【{}】的证书，返回结果为空 ", str4, str3);
                return false;
            }
            X509Certificate certFromStr = CertUtil.getCertFromStr(queryCertBySN);
            if (certFromStr != null) {
                return SignUtils.verifySignByKey(str3, certFromStr.getPublicKey(), str.getBytes(), Base64.decode(str2));
            }
            this.logger.error("解析证书【{}】异常", queryCertBySN);
            return false;
        } catch (CertNotExistException e) {
            this.logger.error("SN为【{}】，算法类型为【{}】的证书不存在", str4, str3);
            return false;
        }
    }

    private String queryCertBySN(String str, int i) throws CertNotExistException {
        String hash = RedisUtil.getHash("Certs", str + "_" + i);
        if (StringUtils.isBlank(hash)) {
            List queryHisCertBySnList = this.certService.queryHisCertBySnList(Arrays.asList(str), i);
            if (queryHisCertBySnList == null || queryHisCertBySnList.isEmpty()) {
                throw new CertNotExistException("未查询到SN:" + str);
            }
            hash = ((Cert) queryHisCertBySnList.get(0)).getCert();
            RedisUtil.setHash("Certs", str + "_" + i, hash.replace(CERT_HEAD, "").replace(CERT_TAIL, "").replaceAll("\\\\n", "").replaceAll("\\\\r", ""));
        }
        return hash;
    }

    public boolean verifyWithSyncPK(String str, String str2, String str3, String str4, String str5, String str6) {
        if (!CommonSetting.VERIFY_TRIGGER) {
            return true;
        }
        if (!str4.contains(str6 + "_")) {
            this.logger.error("使用同步公钥验正签名失败，同步密钥【{}】与设备SN【{}】不匹配", str4, str6);
            return false;
        }
        String str7 = RedisUtil.get("SYNC_" + str4);
        if (StringUtils.isBlank(str7)) {
            TSyncPair tSyncPair = (TSyncPair) this.daoTemplate.fetch(TSyncPair.class, Cnd.where("n_id", "=", str4).and("c_sn", "=", str6));
            if (tSyncPair == null) {
                this.logger.error("使用同步公钥验正签名失败，未查询到SKID【{}】设备SN【{}】对应的同步密钥，", str4, str6);
                return false;
            }
            str7 = tSyncPair.getPublicKey();
            RedisUtil.set("SYNC_" + str4, tSyncPair.getPublicKey());
        }
        return SignUtils.verifySignByKeyData(str3, str7, str.getBytes(), Base64.decode(str2));
    }

    public boolean verifyWithSyncPKData(String str, String str2, String str3, String str4) {
        return !CommonSetting.VERIFY_TRIGGER || SignUtils.verifySignByKeyData(str3, str4, str.getBytes(), Base64.decode(str2));
    }
}
