package kd.bos.mc.upgrade.plugin;

import java.security.PrivateKey;
import java.sql.Connection;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import java.util.stream.Collectors;
import kd.bos.algo.DataSet;
import kd.bos.algo.Row;
import kd.bos.dataentity.utils.StringUtils;
import kd.bos.db.DB;
import kd.bos.db.DBRoute;
import kd.bos.db.SqlBuilder;
import kd.bos.db.tx.TX;
import kd.bos.db.tx.TXHandle;
import kd.bos.encrypt.impl.RSAEncrypterUtil;
import kd.bos.exception.ErrorCode;
import kd.bos.exception.KDException;
import kd.bos.mc.common.log.LoggerBuilder;
import kd.bos.mc.pojo.DbSource;
import kd.bos.mc.pojo.kms.KmsInfo;
import kd.bos.mc.pojo.kms.KmsRecord;
import kd.bos.mc.utils.SqlHelper;
import kd.bos.service.upgrade.IUpgradeService;
import kd.bos.service.upgrade.UpgradeResult;
import kd.bos.servicehelper.TimeServiceHelper;
import org.slf4j.Logger;

/* loaded from: input_file:kd/bos/mc/upgrade/plugin/KmsDataKeyReplenishPlugin.class */
public class KmsDataKeyReplenishPlugin implements IUpgradeService {
    private static final String SCHEME_SQL = "select fid, fschemekey from t_perm_encryptionscheme where fnumber <> 'LICENCE-SIGNATURE' and fenable <> '2'";
    private static final String DK_SQL = "select fid, fnumber, fenable, fcmk, fdatakey, fschemaid, fdcid from t_mc_kms_data_key where fid = ? and fdcid <> 0";
    private static final String INSERT_DK_SQL = "insert into t_mc_kms_data_key (fid,fnumber,fenable,fcreatetime,fcmk,fdatakey,fschemaid,fdcid,fistrust) values (?,?,'1',?,?,?,?,?,'0')";
    private static final String UPDATE_SCHEME_SQL = "update t_perm_encryptionscheme set fschemekey = '%s' where fid = %d ";
    private static final String RECORD_SQL = "insert into t_mc_kms_record(fid,fdcId,fdataKeyId,fsrcDcId,fsrcDataKeyId,fschemeId) values (?,?,?,?,?,?) ";
    private static final Logger LOG = LoggerBuilder.getLogger(KmsDataKeyReplenishPlugin.class);

    public UpgradeResult afterExecuteSqlWithResult(String str, String str2, String str3, String str4) {
        UpgradeResult upgradeResult = new UpgradeResult();
        try {
            complete();
            upgradeResult.setSuccess(true);
            upgradeResult.setLog("多数据中心数据密钥更新成功");
        } catch (Exception e) {
            upgradeResult.setSuccess(false);
            upgradeResult.setLog("多数据中心数据密钥修复异常");
            upgradeResult.setErrorInfo(e.getMessage());
        }
        return upgradeResult;
    }

    public void complete() {
        HashMap hashMap = new HashMap();
        Map<Long, KmsInfo> datacenters = getDatacenters();
        if (datacenters.isEmpty()) {
            return;
        }
        getDbCollection(datacenters);
        getEncryptKeys(datacenters);
        getEncryptionSchemes(datacenters, hashMap);
        getDataKeys(datacenters, hashMap);
        getSqlParams(datacenters, hashMap);
        if (hashMap.isEmpty()) {
            replenish(datacenters);
            return;
        }
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<Long, StringBuilder> entry : hashMap.entrySet()) {
            sb.append(String.format("数据中心“%d”：%s", entry.getKey(), entry.getValue()));
        }
        throw new KDException(new ErrorCode(String.valueOf(630), sb.toString()), new Object[0]);
    }

    private Map<Long, KmsInfo> getDatacenters() {
        DataSet<Row> queryDataSet = DB.queryDataSet("getDatacenters", DBRoute.base, "select ftenantId, fid as fdcid, fenable from t_mc_datacenter ");
        Throwable th = null;
        try {
            if (queryDataSet != null) {
                if (!queryDataSet.isEmpty()) {
                    HashMap hashMap = new HashMap();
                    for (Row row : queryDataSet) {
                        Long l = row.getLong("fdcid");
                        KmsInfo kmsInfo = (KmsInfo) hashMap.computeIfAbsent(l, l2 -> {
                            return new KmsInfo(l);
                        });
                        kmsInfo.setDcId(l);
                        kmsInfo.setTenantId(row.getLong("ftenantId"));
                        kmsInfo.setEnable(row.getString("fenable"));
                    }
                    return hashMap;
                }
            }
            HashMap hashMap2 = new HashMap(0);
            if (queryDataSet != null) {
                if (0 != 0) {
                    try {
                        queryDataSet.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    queryDataSet.close();
                }
            }
            return hashMap2;
        } finally {
            if (queryDataSet != null) {
                if (0 != 0) {
                    try {
                        queryDataSet.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                } else {
                    queryDataSet.close();
                }
            }
        }
    }

    private void getDbCollection(Map<Long, KmsInfo> map) {
        SqlBuilder sqlBuilder = new SqlBuilder();
        sqlBuilder.append("select fdatacenterid, fdbinstance, fdbsource, fdbid from t_mc_dbsource", new Object[0]);
        sqlBuilder.append("where fdbid like ? and ", new Object[]{"%sys%"});
        sqlBuilder.appendIn("fdatacenterid", map.keySet().toArray(new Long[0]));
        DataSet<Row> queryDataSet = DB.queryDataSet("getNormalDbCollection", DBRoute.base, sqlBuilder);
        Throwable th = null;
        if (queryDataSet != null) {
            try {
                try {
                    if (!queryDataSet.isEmpty()) {
                        for (Row row : queryDataSet) {
                            String string = row.getString("fdbid");
                            if (StringUtils.isNotBlank(string) && ((List) Arrays.stream(string.split(",")).collect(Collectors.toList())).contains("sys")) {
                                KmsInfo kmsInfo = map.get(row.getLong("fdatacenterid"));
                                if (kmsInfo != null) {
                                    kmsInfo.setDbSource(new DbSource(row.getLong("fdbsource").longValue(), row.getString("fdbinstance")));
                                }
                            }
                        }
                        if (queryDataSet != null) {
                            if (0 == 0) {
                                queryDataSet.close();
                                return;
                            }
                            try {
                                queryDataSet.close();
                                return;
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                                return;
                            }
                        }
                        return;
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } catch (Throwable th4) {
                if (queryDataSet != null) {
                    if (th != null) {
                        try {
                            queryDataSet.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        queryDataSet.close();
                    }
                }
                throw th4;
            }
        }
        if (queryDataSet != null) {
            if (0 == 0) {
                queryDataSet.close();
                return;
            }
            try {
                queryDataSet.close();
            } catch (Throwable th6) {
                th.addSuppressed(th6);
            }
        }
    }

    private void getEncryptKeys(Map<Long, KmsInfo> map) {
        Iterator<Map.Entry<Long, KmsInfo>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry<Long, KmsInfo> next = it.next();
            Long key = next.getKey();
            KmsInfo value = next.getValue();
            DataSet queryDataSet = DB.queryDataSet("getEncryptKeys", DBRoute.base, "select fpublicKey, fprivateKey from t_mc_kms_encrypt_key where fdcid = ? and ftenantId = ?", new Object[]{key, value.getTenantId()});
            Throwable th = null;
            try {
                try {
                    try {
                        Row next2 = queryDataSet.next();
                        String string = next2.getString("fpublicKey");
                        String string2 = next2.getString("fprivateKey");
                        value.setPublicKey(RSAEncrypterUtil.getPublicKey(string));
                        value.setPrivateKey(RSAEncrypterUtil.getPrivateKey(string2));
                    } catch (Exception e) {
                        LOG.error("dcId:{} getEncryptKey failed", key, e);
                        it.remove();
                    }
                    if (queryDataSet != null) {
                        if (0 != 0) {
                            try {
                                queryDataSet.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            queryDataSet.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (queryDataSet != null) {
                    if (th != null) {
                        try {
                            queryDataSet.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        queryDataSet.close();
                    }
                }
                throw th3;
            }
        }
    }

    private void getEncryptionSchemes(Map<Long, KmsInfo> map, Map<Long, StringBuilder> map2) {
        Iterator<Map.Entry<Long, KmsInfo>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry<Long, KmsInfo> next = it.next();
            Long key = next.getKey();
            KmsInfo value = next.getValue();
            try {
                getEncryptionSchemes(new SqlHelper(value.getDbType(), value.getAddresses(), value.getUsername(), value.getPwd(), value.getInstanceName(), value.getParams()).query(value.getDbInstance(), SCHEME_SQL), value, key);
            } catch (Exception e) {
                boolean equals = StringUtils.equals(value.getEnable(), "0");
                boolean isTbNotExits = SqlHelper.isTbNotExits(e.getMessage(), "t_perm_encryptionscheme");
                if (equals || isTbNotExits) {
                    LOG.info("Datacenter:{},dcNotEnable:{},tableNotExit:{}", new Object[]{key, Boolean.valueOf(equals), Boolean.valueOf(isTbNotExits)});
                    it.remove();
                } else {
                    LOG.error("dcId:{} sqlQuery error", key, e);
                    map2.computeIfAbsent(key, l -> {
                        return new StringBuilder();
                    }).append(String.format("查询系统库加密方案数据异常：%s", e.getMessage())).append("\r\n");
                }
            }
        }
    }

    private void getEncryptionSchemes(List<Map<String, Object>> list, KmsInfo kmsInfo, Long l) {
        Map<String, String> dataKeyIds = kmsInfo.getDataKeyIds();
        for (Map<String, Object> map : list) {
            String valueOf = String.valueOf(Optional.ofNullable(map.get("fid")).orElseGet(() -> {
                return map.get("FID");
            }));
            String decryptSchemeKey = getDecryptSchemeKey(kmsInfo, String.valueOf(Optional.ofNullable(map.get("fschemekey")).orElseGet(() -> {
                return map.get("FSCHEMEKEY");
            })), l, valueOf);
            if (!StringUtils.isBlank(valueOf) && !StringUtils.isBlank(decryptSchemeKey)) {
                dataKeyIds.put(valueOf, decryptSchemeKey);
            }
        }
    }

    private void getDataKeys(Map<Long, KmsInfo> map, Map<Long, StringBuilder> map2) {
        Iterator<Map.Entry<Long, KmsInfo>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry<Long, KmsInfo> next = it.next();
            Long key = next.getKey();
            KmsInfo value = next.getValue();
            Map<String, String> dataKeyIds = value.getDataKeyIds();
            if (dataKeyIds.isEmpty()) {
                LOG.info("Datacenter:{}, dataKeys isNull", key);
                it.remove();
            } else {
                try {
                    value.setRecords(getRecords(map, dataKeyIds, key));
                } catch (Exception e) {
                    map2.computeIfAbsent(key, l -> {
                        return new StringBuilder();
                    }).append(String.format("工作密钥加密失败：%s", e.getMessage())).append("\r\n");
                }
            }
        }
    }

    private void getSqlParams(Map<Long, KmsInfo> map, Map<Long, StringBuilder> map2) {
        Iterator<Map.Entry<Long, KmsInfo>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry<Long, KmsInfo> next = it.next();
            KmsInfo value = next.getValue();
            List<KmsRecord> records = value.getRecords();
            if (records == null || records.isEmpty()) {
                it.remove();
            } else {
                PrivateKey privateKey = value.getPrivateKey();
                Long key = next.getKey();
                List<Object[]> dataKeyParams = value.getDataKeyParams();
                List<Object[]> recordParams = value.getRecordParams();
                List<String> schemeSql = value.getSchemeSql();
                int size = records.size();
                long[] genLongIds = DB.genLongIds("t_mc_kms_data_key", size);
                long[] genLongIds2 = DB.genLongIds("t_mc_kms_record", size);
                int i = 0;
                try {
                    for (KmsRecord kmsRecord : records) {
                        Long cmkId = kmsRecord.getCmkId();
                        Long schemeId = kmsRecord.getSchemeId();
                        Long srcDcId = kmsRecord.getSrcDcId();
                        Long srcDataKeyId = kmsRecord.getSrcDataKeyId();
                        dataKeyParams.add(createDataKeyParams(genLongIds[i], cmkId, key, schemeId, kmsRecord.getDataKey()));
                        recordParams.add(createRecordParams(genLongIds2[i], key, genLongIds[i], srcDcId, srcDataKeyId, schemeId));
                        schemeSql.add(createUpdateSchemeSql(genLongIds[i], schemeId, privateKey));
                        i++;
                    }
                } catch (Exception e) {
                    map2.computeIfAbsent(key, l -> {
                        return new StringBuilder();
                    }).append(String.format("工作密钥Id加密失败：%s", e.getMessage())).append("\r\n");
                }
            }
        }
    }

    private void replenish(Map<Long, KmsInfo> map) {
        for (Map.Entry<Long, KmsInfo> entry : map.entrySet()) {
            Long key = entry.getKey();
            KmsInfo value = entry.getValue();
            SqlHelper sqlHelper = new SqlHelper(value.getDbType(), value.getAddresses(), value.getUsername(), value.getPwd(), value.getInstanceName(), value.getParams());
            try {
                TXHandle requiresNew = TX.requiresNew();
                Throwable th = null;
                try {
                    try {
                        Connection exeSqlBatchTransaction = sqlHelper.exeSqlBatchTransaction(value.getDbInstance(), value.getSchemeSql());
                        try {
                            replenishDataKey(value.getDataKeyParams());
                            replenishRecord(value.getRecordParams());
                            exeSqlBatchTransaction.commit();
                            exeSqlBatchTransaction.close();
                            if (requiresNew != null) {
                                if (0 != 0) {
                                    try {
                                        requiresNew.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    requiresNew.close();
                                }
                            }
                        } catch (SQLException e) {
                            requiresNew.markRollback();
                            exeSqlBatchTransaction.rollback();
                            throw error(key, e);
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (Exception e2) {
                throw error(key, e2);
            }
        }
    }

    private void replenishDataKey(List<Object[]> list) {
        if (list == null || list.isEmpty()) {
            return;
        }
        DB.executeBatch(DBRoute.base, INSERT_DK_SQL, list);
    }

    private void replenishRecord(List<Object[]> list) {
        if (list == null || list.isEmpty()) {
            return;
        }
        DB.executeBatch(DBRoute.base, RECORD_SQL, list);
    }

    private Object[] createDataKeyParams(long j, Long l, Long l2, Long l3, String str) {
        return new Object[]{Long.valueOf(j), UUID.randomUUID().toString(), TimeServiceHelper.now(), l, str, String.valueOf(l3), l2};
    }

    private String createUpdateSchemeSql(long j, Long l, PrivateKey privateKey) throws Exception {
        return String.format(UPDATE_SCHEME_SQL, RSAEncrypterUtil.encrypt(String.valueOf(j), privateKey), l);
    }

    private Object[] createRecordParams(long j, Long l, long j2, Long l2, Long l3, Long l4) {
        return new Object[]{Long.valueOf(j), l, Long.valueOf(j2), l2, l3, l4};
    }

    private KmsRecord getRecord(String str, Long l, Long l2, Long l3, Long l4, Long l5) {
        KmsRecord kmsRecord = new KmsRecord();
        kmsRecord.setDataKey(str);
        kmsRecord.setDcId(l);
        kmsRecord.setSrcDataKeyId(l3);
        kmsRecord.setSrcDcId(l2);
        kmsRecord.setSchemeId(l4);
        kmsRecord.setCmkId(l5);
        return kmsRecord;
    }

    private List<KmsRecord> getRecords(Map<Long, KmsInfo> map, Map<String, String> map2, Long l) throws Exception {
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<String, String> entry : map2.entrySet()) {
            long parseLong = Long.parseLong(entry.getValue());
            long parseLong2 = Long.parseLong(entry.getKey());
            DataSet<Row> queryDataSet = DB.queryDataSet("queryDataKeys", DBRoute.base, DK_SQL, new Object[]{Long.valueOf(parseLong)});
            Throwable th = null;
            if (queryDataSet != null) {
                try {
                    try {
                        if (!queryDataSet.isEmpty()) {
                            for (Row row : queryDataSet) {
                                Long l2 = row.getLong("fdcid");
                                if (!l.equals(l2)) {
                                    String string = row.getString("fdatakey");
                                    if (!StringUtils.isBlank(string)) {
                                        string = encryptDataKey(map, l, string);
                                    }
                                    if (StringUtils.isNotBlank(string)) {
                                        arrayList.add(getRecord(string, l, l2, Long.valueOf(parseLong), Long.valueOf(parseLong2), row.getLong("fcmk")));
                                    }
                                }
                            }
                            if (queryDataSet != null) {
                                if (0 != 0) {
                                    try {
                                        queryDataSet.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    queryDataSet.close();
                                }
                            }
                        }
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (queryDataSet != null) {
                        if (th != null) {
                            try {
                                queryDataSet.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            queryDataSet.close();
                        }
                    }
                    throw th3;
                }
            }
            if (queryDataSet != null) {
                if (0 != 0) {
                    try {
                        queryDataSet.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    queryDataSet.close();
                }
            }
        }
        return arrayList;
    }

    private String encryptDataKey(Map<Long, KmsInfo> map, Long l, String str) throws Exception {
        return RSAEncrypterUtil.encrypt(str, map.get(l).getPrivateKey());
    }

    private String getDecryptSchemeKey(KmsInfo kmsInfo, String str, Long l, String str2) {
        if (StringUtils.isBlank(str)) {
            return "";
        }
        try {
            return RSAEncrypterUtil.decrypt(str, kmsInfo.getPublicKey());
        } catch (Exception e) {
            LOG.error("dcId:{}, schemeId:{}, decryptSchemeKey failed", new Object[]{l, str2, e});
            return "";
        }
    }

    private KDException error(Long l, Exception exc) {
        return new KDException(new ErrorCode(String.valueOf(630), String.format("数据中心“%s”：%s", l, exc.getMessage())), new Object[0]);
    }
}
