package kd.bos.mc.api.service;

import java.util.Objects;
import kd.bos.dataentity.entity.DynamicObject;
import kd.bos.dataentity.utils.StringUtils;
import kd.bos.encrypt.Encrypters;
import kd.bos.mc.common.log.LoggerBuilder;
import kd.bos.mc.deploy.KmsKeyDeployer;
import kd.bos.mc.deploy.service.McDeploySender;
import kd.bos.mc.service.DataCenterService;
import kd.bos.mc.service.KmsService;
import kd.bos.mc.service.TenantService;
import kd.bos.mc.utils.OpenApiHelper;
import kd.bos.openapi.common.custom.annotation.ApiController;
import kd.bos.openapi.common.custom.annotation.ApiMapping;
import kd.bos.openapi.common.custom.annotation.ApiParam;
import kd.bos.openapi.common.custom.annotation.ApiPostMapping;
import kd.bos.openapi.common.result.CustomApiResult;
import org.slf4j.Logger;

@ApiMapping("/webClient")
@ApiController(value = "dev", desc = "kms服务接口")
/* loaded from: input_file:kd/bos/mc/api/service/KmsApiService.class */
public class KmsApiService {
    private static final Logger LOG = LoggerBuilder.getLogger(KmsApiService.class);

    @ApiPostMapping(value = "/getKmsDataKey", desc = "获取工作密钥")
    public CustomApiResult<String> getKmsDataKey(@ApiParam(value = "租户ID", required = true) String str, @ApiParam(value = "数据中心id", required = true) long j, @ApiParam(value = "加密方案id", required = true) String str2) {
        DynamicObject loadSingle = TenantService.loadSingle(str, "id,billno,signature");
        if (Objects.isNull(loadSingle)) {
            return CustomApiResult.fail(String.valueOf(630), String.format("数据[tenantId=%s]在实体[%s]中不存在", str, "mc_tenants"));
        }
        long j2 = loadSingle.getLong("id");
        if (!DataCenterService.isExistTenant(j, j2)) {
            return CustomApiResult.fail(String.valueOf(630), String.format("数据[dcId=%d]在实体[%s]中不存在。", Long.valueOf(j), "mc_datacenter_entity"));
        }
        DynamicObject dynamicObject = null;
        for (DynamicObject dynamicObject2 : KmsService.getAllKms4Api(Long.valueOf(j2))) {
            dynamicObject = KmsService.getDataKey(dynamicObject2.getLong("id"), j, str2);
            if (Objects.nonNull(dynamicObject)) {
                break;
            }
        }
        if (Objects.isNull(dynamicObject)) {
            return CustomApiResult.fail(String.valueOf(626), String.format("数据[schemeId=%s]关联的工作密钥不存在。", str2));
        }
        try {
            String dataKey = KmsService.getDataKey(dynamicObject, j);
            return StringUtils.isBlank(dataKey) ? CustomApiResult.fail(String.valueOf(626), "获取工作密钥异常，请检查日志。") : CustomApiResult.success(Encrypters.encode(dataKey));
        } catch (Exception e) {
            LOG.error("getDataKey failed", e);
            return CustomApiResult.fail(String.valueOf(626), "获取工作密钥异常，请检查日志。");
        }
    }

    @ApiPostMapping(value = "/deployDataKey", desc = "发布工作密钥")
    public CustomApiResult<String> deployDataKey(@ApiParam(value = "租户ID", required = true) String str, @ApiParam(value = "数据中心id", required = true) long j) {
        DynamicObject loadSingle = TenantService.loadSingle(str, "id,billno,signature");
        if (Objects.isNull(loadSingle)) {
            return CustomApiResult.fail(String.valueOf(630), String.format("数据[tenantId=%s]在实体[%s]中不存在", str, "mc_tenants"));
        }
        if (!OpenApiHelper.checkRights(loadSingle)) {
            return CustomApiResult.fail(String.valueOf(630), String.format("无租户[tenantId=%s]相关访问权限。", str));
        }
        if (!DataCenterService.isExistTenant(j, loadSingle.getLong("id"))) {
            return CustomApiResult.fail(String.valueOf(630), String.format("数据[dcId=%d]在实体[%s]中不存在。", Long.valueOf(j), "mc_datacenter_entity"));
        }
        Long clusterId = TenantService.getClusterId(str);
        if (Objects.isNull(clusterId)) {
            return CustomApiResult.fail(String.valueOf(630), "所属集群不存在，请检查租户参数。");
        }
        try {
            KmsKeyDeployer kmsKeyDeployer = new KmsKeyDeployer(new McDeploySender(clusterId.longValue()));
            kmsKeyDeployer.doDeploy();
            kmsKeyDeployer.getSender().shutdown();
            return CustomApiResult.success("发布密钥成功。");
        } catch (Exception e) {
            LOG.error("deployDataKey failed", e);
            return CustomApiResult.fail(String.valueOf(630), "发布工作密钥失败，请检查日志。");
        }
    }
}
