package kd.bos.mc.api.service.impl;

import java.security.KeyPair;
import java.security.PrivateKey;
import java.util.Date;
import java.util.HashMap;
import java.util.Objects;
import java.util.UUID;
import kd.bos.context.RequestContext;
import kd.bos.dataentity.entity.DynamicObject;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.dataentity.utils.StringUtils;
import kd.bos.db.DB;
import kd.bos.encrypt.impl.RSAEncrypterUtil;
import kd.bos.entity.api.ApiResult;
import kd.bos.mc.api.McApiService;
import kd.bos.mc.api.service.gray.GenerateAppGroup;
import kd.bos.mc.api.service.inf.IGenerateKey;
import kd.bos.mc.common.entity.pojo.DataKeyDTO;
import kd.bos.mc.deploy.KmsKeyApiDeployer;
import kd.bos.mc.deploy.service.McDeploySender;
import kd.bos.mc.kms.KmsCmkStatus;
import kd.bos.mc.kms.KmsHelper;
import kd.bos.mc.kms.save.KmsDataKeySaveService;
import kd.bos.mc.service.DataCenterService;
import kd.bos.mc.service.KmsService;
import kd.bos.mc.service.TenantService;
import kd.bos.mc.utils.DateUtils;
import kd.bos.mc.utils.Tools;
import kd.bos.servicehelper.BusinessDataServiceHelper;
import kd.bos.servicehelper.TimeServiceHelper;
import kd.bos.servicehelper.operation.SaveServiceHelper;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:kd/bos/mc/api/service/impl/DefGenerateKeyImpl.class */
public class DefGenerateKeyImpl implements IGenerateKey {
    @Override // kd.bos.mc.api.service.inf.IGenerateKey
    public ApiResult generatePublicKey(String str, long j) {
        long tenantIdByNumber = TenantService.getTenantIdByNumber(str);
        if (!DataCenterService.isExistTenant(j, tenantIdByNumber)) {
            return error(String.format(ResManager.loadKDString("租户[%1$s]下不存在该数据中心[%2$s]，请检查参数", "DefGenerateKeyImpl_0", "bos-mc-webapi", new Object[0]), str, Long.valueOf(j)));
        }
        try {
            String generateEncryptKey = generateEncryptKey(tenantIdByNumber, j);
            HashMap hashMap = new HashMap(2);
            hashMap.put("publicKey", generateEncryptKey);
            hashMap.put("requestId", RequestContext.get().getRequestId());
            Tools.addLog("mc_kms_encrypt_key", ResManager.loadKDString("获取公钥", "DefGenerateKeyImpl_1", "bos-mc-webapi", new Object[0]), String.format(ResManager.loadKDString("数据中心[%s]获取公钥成功", "DefGenerateKeyImpl_2", "bos-mc-webapi", new Object[0]), Long.valueOf(j)));
            return success(ResManager.loadKDString("获取公钥成功。", "DefGenerateKeyImpl_3", "bos-mc-webapi", new Object[0]), hashMap);
        } catch (Exception e) {
            return error(ResManager.loadKDString("获取公钥失败：", "DefGenerateKeyImpl_4", "bos-mc-webapi", new Object[0]) + e.getMessage());
        }
    }

    @Override // kd.bos.mc.api.service.inf.IGenerateKey
    public ApiResult generateDataKey(DataKeyDTO dataKeyDTO) {
        String tenantNumber = dataKeyDTO.getTenantNumber();
        long tenantIdByNumber = TenantService.getTenantIdByNumber(tenantNumber);
        long dcId = dataKeyDTO.getDcId();
        if (!DataCenterService.isExistTenant(dcId, tenantIdByNumber)) {
            return error(String.format(ResManager.loadKDString("租户[%1$s]下不存在该数据中心[%2$s]，请检查参数", "DefGenerateKeyImpl_0", "bos-mc-webapi", new Object[0]), tenantNumber, Long.valueOf(dcId)));
        }
        Long clusterId = TenantService.getClusterId(tenantIdByNumber);
        if (Objects.isNull(clusterId)) {
            return error(ResManager.loadKDString("所属集群不存在，请检查租户参数。", "DefGenerateKeyImpl_5", "bos-mc-webapi", new Object[0]));
        }
        try {
            PrivateKey privateKey = KmsService.getPrivateKey(dcId);
            if (Objects.isNull(privateKey)) {
                return error(ResManager.loadKDString("该数据中心未生成公私钥，请确认。", "DefGenerateKeyImpl_6", "bos-mc-webapi", new Object[0]));
            }
            String decryptedSchemaId = KmsHelper.getDecryptedSchemaId(privateKey, dataKeyDTO.getEncryptedSchemaId());
            if (StringUtils.isEmpty(decryptedSchemaId)) {
                return error(ResManager.loadKDString("无法获取加密方案ID，请检查参数。", "DefGenerateKeyImpl_8", "bos-mc-webapi", new Object[0]));
            }
            DynamicObject[] kms4Api = KmsService.getKms4Api(Long.valueOf(tenantIdByNumber));
            if (kms4Api.length > 1) {
                return error(ResManager.loadKDString("该数据中心存在多个启用的主密钥，请检查苍穹密钥管理配置。", "DefGenerateKeyImpl_9", "bos-mc-webapi", new Object[0]));
            }
            if (kms4Api.length == 0) {
                kms4Api = new DynamicObject[]{generateKms(tenantNumber, tenantIdByNumber)};
            }
            long j = kms4Api[0].getLong("id");
            DynamicObject dataKey = KmsService.getDataKey(j, dcId, decryptedSchemaId);
            if (Objects.isNull(dataKey)) {
                try {
                    dataKey = generateDataKey(j, dcId, decryptedSchemaId, privateKey, dataKeyDTO);
                } catch (Exception e) {
                    return error(ResManager.loadKDString("保存工作密钥失败：", "DefGenerateKeyImpl_10", "bos-mc-webapi", new Object[0]) + e.getMessage());
                }
            }
            String string = dataKey.getString("id");
            try {
                KmsKeyApiDeployer kmsKeyApiDeployer = new KmsKeyApiDeployer(new McDeploySender(clusterId.longValue()));
                kmsKeyApiDeployer.setDataKeyId(string);
                kmsKeyApiDeployer.setDataKey(KmsDataKeySaveService.getEncrypted(dataKey, privateKey));
                kmsKeyApiDeployer.doDeploy();
                try {
                    HashMap hashMap = new HashMap(2);
                    hashMap.put("dataKeyId", RSAEncrypterUtil.encrypt(string, privateKey));
                    hashMap.put("requestId", RequestContext.get().getRequestId());
                    Tools.addLog("mc_kms_data_key", ResManager.loadKDString("获取工作密钥", "DefGenerateKeyImpl_12", "bos-mc-webapi", new Object[0]), String.format(ResManager.loadKDString("数据中心[%s]获取工作密钥成功", "DefGenerateKeyImpl_13", "bos-mc-webapi", new Object[0]), Long.valueOf(dcId)));
                    return success(ResManager.loadKDString("获取工作密钥成功。", "DefGenerateKeyImpl_14", "bos-mc-webapi", new Object[0]), hashMap);
                } catch (Exception e2) {
                    return error(ResManager.loadKDString("获取工作密钥失败：", "DefGenerateKeyImpl_15", "bos-mc-webapi", new Object[0]) + e2.getMessage());
                }
            } catch (Exception e3) {
                return error(ResManager.loadKDString("发布工作密钥失败：", "DefGenerateKeyImpl_11", "bos-mc-webapi", new Object[0]) + e3.getMessage());
            }
        } catch (Exception e4) {
            return error(String.format(ResManager.loadKDString("获取私钥失败：%s", "DefGenerateKeyImpl_7", "bos-mc-webapi", new Object[0]), e4.getMessage()));
        }
    }

    private String generateEncryptKey(long j, long j2) throws Exception {
        DynamicObject encryptKey = KmsService.getEncryptKey(Long.valueOf(j2));
        if (encryptKey == null) {
            KeyPair generateEncryptKey = KmsHelper.generateEncryptKey(j2);
            if (Objects.isNull(generateEncryptKey)) {
                throw new Exception(ResManager.loadKDString("生成公钥失败，请查看MC日志。", "DefGenerateKeyImpl_16", "bos-mc-webapi", new Object[0]));
            }
            String encodeBase64String = Base64.encodeBase64String(generateEncryptKey.getPublic().getEncoded());
            String encodeBase64String2 = Base64.encodeBase64String(generateEncryptKey.getPrivate().getEncoded());
            encryptKey = BusinessDataServiceHelper.newDynamicObject("mc_kms_encrypt_key");
            encryptKey.set("number", UUID.randomUUID());
            encryptKey.set("createtime", Long.valueOf(System.currentTimeMillis()));
            encryptKey.set("tenant", Long.valueOf(j));
            encryptKey.set("dc", Long.valueOf(j2));
            encryptKey.set("enable", GenerateAppGroup.MODE_GRAYING);
            encryptKey.set("publicKey", encodeBase64String);
            encryptKey.set("privateKey", encodeBase64String2);
            SaveServiceHelper.save(new DynamicObject[]{encryptKey});
        }
        return encryptKey.getString("publicKey");
    }

    private DynamicObject generateDataKey(long j, long j2, String str, PrivateKey privateKey, DataKeyDTO dataKeyDTO) throws Exception {
        boolean isTrust = dataKeyDTO.isTrust();
        String decrypt = isTrust ? RSAEncrypterUtil.decrypt(dataKeyDTO.getTrustDataKey(), privateKey) : KmsHelper.generateDataKey(j, j2, str, dataKeyDTO.getKeySize());
        if (decrypt == null || StringUtils.isEmpty(decrypt)) {
            String loadKDString = ResManager.loadKDString("生成工作密钥失败，请检查MC日志。", "DefGenerateKeyImpl_17", "bos-mc-webapi", new Object[0]);
            if (isTrust) {
                loadKDString = ResManager.loadKDString("无法获取托管密钥，请检查参数。", "DefGenerateKeyImpl_18", "bos-mc-webapi", new Object[0]);
            }
            throw new Exception(loadKDString);
        }
        DynamicObject newDynamicObject = BusinessDataServiceHelper.newDynamicObject("mc_kms_data_key");
        newDynamicObject.set("id", Long.valueOf(DB.genLongId("T_MC_KMS_DATA_KEY")));
        newDynamicObject.set("number", UUID.randomUUID());
        newDynamicObject.set("createtime", Long.valueOf(System.currentTimeMillis()));
        newDynamicObject.set("cmk", Long.valueOf(j));
        newDynamicObject.set("dcid", Long.valueOf(j2));
        newDynamicObject.set("schema", str);
        newDynamicObject.set("enable", GenerateAppGroup.MODE_GRAYING);
        newDynamicObject.set("datakey", RSAEncrypterUtil.encrypt(decrypt, privateKey));
        newDynamicObject.set("istrust", Boolean.valueOf(isTrust));
        KmsDataKeySaveService.setEncrypted(newDynamicObject, decrypt);
        SaveServiceHelper.save(new DynamicObject[]{newDynamicObject});
        return newDynamicObject;
    }

    private DynamicObject generateKms(String str, long j) {
        Date now = TimeServiceHelper.now();
        String format = String.format("%s_%s", str, DateUtils.formatDate(now, new Object[]{"yyyyMMddHHmmsssss"}));
        DynamicObject newDynamicObject = BusinessDataServiceHelper.newDynamicObject("mc_kms_entity");
        newDynamicObject.set("name", format);
        newDynamicObject.set("cluster", TenantService.getClusterId(j));
        newDynamicObject.set("number", UUID.randomUUID().toString().substring(0, 30));
        newDynamicObject.set("createtime", now);
        newDynamicObject.set("modifytime", now);
        newDynamicObject.set("description", ResManager.loadKDString("通过接口创建", "DefGenerateKeyImpl_19", "bos-mc-webapi", new Object[0]));
        newDynamicObject.set("type", GenerateAppGroup.MODE_GRAYING);
        newDynamicObject.set("enable", GenerateAppGroup.MODE_GRAYING);
        newDynamicObject.set("keystatus", Integer.valueOf(KmsCmkStatus.ENABLED.getStatus()));
        newDynamicObject.set("encrypt", "aes256");
        newDynamicObject.set("mode", 3);
        newDynamicObject.getDynamicObjectCollection("tenant").addNew().set("fbasedataid", Long.valueOf(j));
        SaveServiceHelper.save(new DynamicObject[]{newDynamicObject});
        return newDynamicObject;
    }

    private ApiResult error(String str) {
        return McApiService.error(str);
    }

    private ApiResult success(String str, Object obj) {
        return McApiService.success(str, obj);
    }
}
