package com.nbopen.sdk.aes.service;

import com.alibaba.fastjson.JSONObject;
import com.nbopen.sdk.SDKRequestHead;
import com.nbopen.sdk.aes.exception.SDKException;
import com.nbopen.sdk.aes.exception.SDKExceptionEnums;
import com.nbopen.sdk.aes.param.ApiConfigBean;
import com.nbopen.sdk.aes.param.ConfigFile;
import com.nbopen.sdk.aes.param.Constants;
import com.nbopen.sdk.aes.utils.JsonUtils;
import com.nbopen.sdk.gm.SM2Utils;
import com.nbopen.sdk.gm.SM3Utils;
import com.nbopen.sdk.gm.Utils;
import com.nbopen.sdk.gm.gmnew.SM4Utils;
import com.nbopen.system.logging.LoggerManager;
import java.nio.charset.StandardCharsets;
import java.util.TreeMap;
import javax.crypto.spec.SecretKeySpec;
import nbcb.cfca.sadk.algorithm.common.Mechanism;
import nbcb.cfca.sadk.algorithm.common.MechanismKit;
import nbcb.cfca.sadk.algorithm.common.PKIException;
import nbcb.cfca.sadk.lib.crypto.JCrypto;
import nbcb.cfca.sadk.lib.crypto.Session;
import nbcb.cfca.sadk.util.EncryptUtil;
import nbcb.cfca.sadk.util.HashUtil;
import nbcb.cfca.sadk.util.Signature;

/* loaded from: input_file:sdklib/open-basic-1.7.9.1.jar:com/nbopen/sdk/aes/service/ApproveDevService.class */
public class ApproveDevService {
    static Session session;

    public static byte[] encry(ApiConfigBean apiConfigBean, SDKRequestHead sDKRequestHead, byte[] bArr, byte[] bArr2, byte[] bArr3) throws Exception {
        return (apiConfigBean.isCerted() ? encryString(apiConfigBean, sDKRequestHead, bArr, bArr2, bArr3) : encryStringWhithStr(apiConfigBean, sDKRequestHead, bArr, bArr2, bArr3)).getBytes("UTF-8");
    }

    public static String encryString(ApiConfigBean apiConfigBean, SDKRequestHead sDKRequestHead, byte[] bArr, byte[] bArr2, byte[] bArr3) throws Exception {
        sDKRequestHead.setSgn(Utils.CFCAEncryptByBASE64(new Signature().p1SignMessage(MechanismKit.SM3_SM2, HashUtil.SM3HashDataWithoutZValue((sDKRequestHead.getAPP_Key() + sDKRequestHead.getRndm_Num() + sDKRequestHead.getMAC_Adr() + sDKRequestHead.getIP_Adr()).getBytes(), session), apiConfigBean.getKeyStoreFactory().getmerchantPrivatekey(), session)));
        StringBuilder sb = new StringBuilder("{");
        JsonUtils.appendField(sb, Constants.CNTRSGNWRKSCRTKEY, Utils.CFCAEncryptByBASE64(bArr2), true);
        JsonUtils.appendField(sb, Constants.SYNCWRKSCRTKEY, Utils.encryptByBASE64(bArr3), false);
        String sb2 = sb.toString();
        String objToJSON = JsonUtils.objToJSON(sDKRequestHead);
        StringBuilder sb3 = new StringBuilder("{");
        JsonUtils.appendStruct(sb3, Constants.TRAN_MESSAGE_HEAD_NAME, objToJSON, true);
        JsonUtils.appendStruct(sb3, Constants.TRAN_MESSAGE_DATA_NAME, sb2, false);
        byte[] bytes = sb3.toString().getBytes("UTF-8");
        StringBuilder sb4 = new StringBuilder("{");
        JsonUtils.appendField(sb4, Constants.SCRT_TRAN_MESSAGE_DATA_NAME, Utils.encryptByBASE64(EncryptUtil.encrypt(new Mechanism(Mechanism.SM4_ECB), new SecretKeySpec(bArr, "SM4"), bytes, session)), true);
        JsonUtils.appendField(sb4, Constants.SCRT_TRAN_MESSAGE_KEY_NAME, Utils.CFCAEncryptByBASE64(EncryptUtil.encrypt(new Mechanism("SM2"), apiConfigBean.getKeyStoreFactory().getOpenPublicKey(), bArr, session)), false);
        return sb4.toString();
    }

    public static void decry(ApiConfigBean apiConfigBean, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws Exception {
        if (apiConfigBean.isCerted()) {
            decryString(apiConfigBean, new String(bArr, "UTF-8"), bArr2, bArr3, bArr4);
        } else {
            decryStringWhithStr(apiConfigBean, new String(bArr, "UTF-8"), bArr2, bArr3, bArr4);
        }
    }

    public static String decryString(ApiConfigBean apiConfigBean, String str, byte[] bArr, byte[] bArr2, byte[] bArr3) throws Exception {
        JSONObject jSONObjectWithData = JsonUtils.getJSONObjectWithData(str);
        if (str.contains("RET_MSG")) {
            throw new Exception("验证开发者解密验签失败！网关调用异常。");
        }
        String string = jSONObjectWithData.getString(Constants.SCRT_TRAN_MESSAGE_DATA_NAME);
        String string2 = jSONObjectWithData.getString(Constants.SCRT_TRAN_MESSAGE_SGN_NAME);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "SM4");
        try {
            byte[] decrypt = EncryptUtil.decrypt(new Mechanism(Mechanism.SM4_ECB), secretKeySpec, Utils.CFCADecryptByBASE64(string), session);
            String str2 = new String(decrypt, "UTF-8");
            LoggerManager.nbsdkLogger.debug("approveDev 解密后的明文：" + str2);
            if (!new Signature().p1VerifyMessage(MechanismKit.SM3_SM2, decrypt, Utils.CFCADecryptByBASE64(new String(EncryptUtil.decrypt(new Mechanism(Mechanism.SM4_ECB), secretKeySpec, Utils.CFCADecryptByBASE64(string2), session))), apiConfigBean.getKeyStoreFactory().getOpenPublicKey(), session)) {
                throw new SDKException(SDKExceptionEnums.CHERSA_ERROR);
            }
            JSONObject jSONObject = JsonUtils.getJSONObjectWithData(str2).getJSONObject(Constants.TRAN_MESSAGE_DATA_NAME);
            TreeMap treeMap = new TreeMap();
            if (jSONObject.containsKey(Constants.CNTRSGNWRKSCRTKEY) && jSONObject.containsKey(Constants.SYNCWRKSCRTKEY)) {
                bArr2 = Utils.CFCADecryptByBASE64((String) jSONObject.get(Constants.CNTRSGNWRKSCRTKEY));
                bArr3 = Utils.CFCADecryptByBASE64((String) jSONObject.get(Constants.SYNCWRKSCRTKEY));
            }
            treeMap.put(Constants.CNTRSGNWRKSCRTKEY, bArr2);
            treeMap.put(Constants.SYNCWRKSCRTKEY, bArr3);
            treeMap.put(Constants.APP_Token, jSONObject.get(Constants.APP_Token));
            treeMap.put(Constants.EXPIREIN_FIELD_NAME, jSONObject.get(Constants.EXPIREIN_FIELD_NAME));
            treeMap.put("expires", jSONObject.get("expires"));
            treeMap.put(Constants.STARTTIME_FIELD_NAME, jSONObject.get(Constants.STARTTIME_FIELD_NAME));
            treeMap.put(Constants.UPDATETIME_FIELD_NAME, jSONObject.get(Constants.UPDATETIME_FIELD_NAME));
            ConfigFile.apiConfigBeanMap.get(apiConfigBean.getAppKey()).getKeyStoreFactory().setTokenMap(treeMap);
            return str2;
        } catch (Exception e) {
            LoggerManager.nbsdkLogger.error("approveDev decry_data error : " + e);
            throw new SDKException(SDKExceptionEnums.DECRY_ERROR);
        }
    }

    public static String encryStringWhithStr(ApiConfigBean apiConfigBean, SDKRequestHead sDKRequestHead, byte[] bArr, byte[] bArr2, byte[] bArr3) throws Exception {
        StringBuilder sb = new StringBuilder("{");
        sDKRequestHead.setSgn(Utils.encryptByBASE64(SM2Utils.signByPrivateKey(SM3Utils.hash((sDKRequestHead.getAPP_Key() + sDKRequestHead.getRndm_Num() + sDKRequestHead.getMAC_Adr() + sDKRequestHead.getIP_Adr()).getBytes(StandardCharsets.UTF_8)), apiConfigBean.getKeyStoreFactory().getmerchantPrivatekey())));
        String objToJSON = JsonUtils.objToJSON(sDKRequestHead);
        JsonUtils.appendField(sb, Constants.CNTRSGNWRKSCRTKEY, Utils.encryptByBASE64(bArr2), true);
        JsonUtils.appendField(sb, Constants.SYNCWRKSCRTKEY, Utils.encryptByBASE64(bArr3), false);
        String sb2 = sb.toString();
        StringBuilder sb3 = new StringBuilder("{");
        JsonUtils.appendStruct(sb3, Constants.TRAN_MESSAGE_HEAD_NAME, objToJSON, true);
        JsonUtils.appendStruct(sb3, Constants.TRAN_MESSAGE_DATA_NAME, sb2, false);
        byte[] bytes = sb3.toString().getBytes("UTF-8");
        StringBuilder sb4 = new StringBuilder("{");
        JsonUtils.appendField(sb4, Constants.SCRT_TRAN_MESSAGE_DATA_NAME, Utils.encryptByBASE64(SM4Utils.encryptData_ECB(bArr, bytes)), true);
        JsonUtils.appendField(sb4, Constants.SCRT_TRAN_MESSAGE_KEY_NAME, Utils.encryptByBASE64(SM2Utils.encrypt(bArr, apiConfigBean.getKeyStoreFactory().getOpenPublicKey())), false);
        return sb4.toString();
    }

    public static String decryStringWhithStr(ApiConfigBean apiConfigBean, String str, byte[] bArr, byte[] bArr2, byte[] bArr3) throws Exception {
        JSONObject jSONObjectWithData = JsonUtils.getJSONObjectWithData(str);
        String string = jSONObjectWithData.getString(Constants.SCRT_TRAN_MESSAGE_DATA_NAME);
        String string2 = jSONObjectWithData.getString(Constants.SCRT_TRAN_MESSAGE_SGN_NAME);
        byte[] decryptData_ECB = SM4Utils.decryptData_ECB(bArr, Utils.decryptByBASE64(string));
        String str2 = new String(decryptData_ECB, "UTF-8");
        if (!SM2Utils.verifyByPublicKey(decryptData_ECB, apiConfigBean.getKeyStoreFactory().getOpenPublicKey(), Utils.decryptByBASE64(new String(SM4Utils.decryptData_ECB(bArr, Utils.decryptByBASE64(string2)))))) {
            throw new SDKException(SDKExceptionEnums.CHERSA_ERROR);
        }
        JSONObject jSONObject = JsonUtils.getJSONObjectWithData(str2).getJSONObject(Constants.TRAN_MESSAGE_DATA_NAME);
        TreeMap treeMap = new TreeMap();
        if (jSONObject.containsKey(Constants.CNTRSGNWRKSCRTKEY) && jSONObject.containsKey(Constants.SYNCWRKSCRTKEY)) {
            bArr2 = Utils.decryptByBASE64(jSONObject.getString(Constants.CNTRSGNWRKSCRTKEY));
            bArr3 = Utils.decryptByBASE64(jSONObject.getString(Constants.SYNCWRKSCRTKEY));
        }
        treeMap.put(Constants.CNTRSGNWRKSCRTKEY, bArr2);
        treeMap.put(Constants.SYNCWRKSCRTKEY, bArr3);
        treeMap.put(Constants.APP_Token, jSONObject.get(Constants.APP_Token));
        treeMap.put(Constants.EXPIREIN_FIELD_NAME, jSONObject.get(Constants.EXPIREIN_FIELD_NAME));
        treeMap.put("expires", jSONObject.get("expires"));
        treeMap.put(Constants.STARTTIME_FIELD_NAME, jSONObject.get(Constants.STARTTIME_FIELD_NAME));
        treeMap.put(Constants.UPDATETIME_FIELD_NAME, jSONObject.get(Constants.UPDATETIME_FIELD_NAME));
        ConfigFile.apiConfigBeanMap.get(apiConfigBean.getAppKey()).getKeyStoreFactory().setTokenMap(treeMap);
        return str2;
    }

    static {
        session = null;
        try {
            JCrypto.getInstance().initialize(JCrypto.JSOFT_LIB, null);
            session = JCrypto.getInstance().openSession(JCrypto.JSOFT_LIB);
        } catch (PKIException e) {
            LoggerManager.nbsdkLogger.error("generate cfca session exception:" + e);
        }
    }
}
