package com.digiwin.athena.km_deployer_service.spi;

import cn.hutool.core.util.StrUtil;
import cn.hutool.http.HttpUtil;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.digiwin.athena.km_deployer_service.config.ModuleConfig;
import com.digiwin.athena.km_deployer_service.constant.AsaConstant;
import com.digiwin.athena.km_deployer_service.domain.system.BusinessException;
import com.digiwin.athena.km_deployer_service.service.km.TenantService;
import com.digiwin.athena.km_deployer_service.util.RSAUtils;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import lombok.Generated;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.data.redis.cache.RedisCache;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:BOOT-INF/classes/com/digiwin/athena/km_deployer_service/spi/IamService.class */
public class IamService {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) IamService.class);

    @Autowired
    private ModuleConfig moduleConfig;

    @Value("${appToken}")
    private String appToken;

    @Autowired
    private TenantService tenantService;

    @Autowired
    private RestTemplate restTemplate;

    @Autowired
    private RedisCache redisCache;
    private static final String IV_STRING = "ghUb#er57HBh(u%g";
    private static final String CHARSET = "UTF-8";
    private static final String INTEGRATION_ACCOUNT = "integration";

    @Value("${iamIntegrationToken:integration}")
    private String integrationToken;

    public String integrationLogin(String str) {
        String domain = this.moduleConfig.getIam().getDomain();
        String str2 = domain + "/api/iam/v2/identity/login";
        try {
            HashMap<String, String> keyPairMap = getKeyPairMap();
            if (keyPairMap == null) {
                return null;
            }
            String str3 = keyPairMap.get("publicKey");
            String str4 = keyPairMap.get("privateKey");
            String encryptByPublicKey = RSAUtils.encryptByPublicKey(str3, getServerPublicky(domain, this.appToken));
            String aesEncryptByBase64 = aesEncryptByBase64(this.integrationToken, new String(RSAUtils.decryptByPrivateKey(Base64.decodeBase64(getAesPublicky(domain, encryptByPublicKey, this.appToken)), str4)));
            HttpHeaders httpHeaders = new HttpHeaders();
            httpHeaders.setContentType(MediaType.APPLICATION_JSON);
            httpHeaders.add("digi-middleware-auth-app", this.appToken);
            HashMap hashMap = new HashMap(3);
            hashMap.put("identityType", "token");
            hashMap.put("tenantId", str);
            hashMap.put("userId", "integration");
            hashMap.put("passwordHash", aesEncryptByBase64);
            hashMap.put("clientEncryptPublicKey", encryptByPublicKey);
            return String.valueOf(((Map) this.restTemplate.exchange(str2, HttpMethod.POST, new HttpEntity<>(hashMap, httpHeaders), Map.class, new Object[0]).getBody()).get("token"));
        } catch (Exception e) {
            log.error("登录失败：{}", e.getMessage(), e);
            return null;
        }
    }

    public String getIsvCode(String str) {
        String integrationLogin = integrationLogin(str);
        String str2 = this.moduleConfig.getIam().getDomain() + "/api/iam/v2/tenant/current";
        HashMap hashMap = new HashMap();
        hashMap.put("Content-Type", "application/json");
        hashMap.put("digi-middleware-auth-user", integrationLogin);
        return JSON.parseObject(HttpUtil.createPost(str2).addHeaders(hashMap).execute().body()).getJSONObject("tenant").getString("customerId");
    }

    private static String getServerPublicky(String str, String str2) {
        String str3 = str + "/api/iam/v2/identity/publickey";
        try {
            RestTemplate restTemplate = new RestTemplate();
            HttpHeaders httpHeaders = new HttpHeaders();
            httpHeaders.setContentType(MediaType.APPLICATION_JSON);
            httpHeaders.add("digi-middleware-auth-app", str2);
            return String.valueOf(((Map) restTemplate.exchange(str3, HttpMethod.GET, new HttpEntity<>((MultiValueMap<String, String>) httpHeaders), Map.class, new Object[0]).getBody()).get("publicKey"));
        } catch (Exception e) {
            log.error("登录失败：{}", e.getMessage(), e);
            return "";
        }
    }

    private static String getAesPublicky(String str, String str2, String str3) {
        String str4 = str + "/api/iam/v2/identity/aeskey";
        try {
            RestTemplate restTemplate = new RestTemplate();
            HttpHeaders httpHeaders = new HttpHeaders();
            httpHeaders.setContentType(MediaType.APPLICATION_JSON);
            httpHeaders.add("digi-middleware-auth-app", str3);
            HashMap hashMap = new HashMap(1);
            hashMap.put("clientEncryptPublicKey", str2);
            return String.valueOf(((Map) restTemplate.exchange(str4, HttpMethod.POST, new HttpEntity<>(hashMap, httpHeaders), Map.class, new Object[0]).getBody()).get("encryptAesKey"));
        } catch (Exception e) {
            log.error("登录失败：{}", e.getMessage(), e);
            return "";
        }
    }

    public static HashMap<String, String> getKeyPairMap() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSAUtils.KEY_ALGORITHM);
        keyPairGenerator.initialize(1024);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        String str = new String(Base64.encodeBase64(generateKeyPair.getPrivate().getEncoded()));
        String str2 = new String(Base64.encodeBase64(generateKeyPair.getPublic().getEncoded()));
        HashMap<String, String> hashMap = new HashMap<>();
        hashMap.put("privateKey", str);
        hashMap.put("publicKey", str2);
        return hashMap;
    }

    public static String aesEncryptByBase64(String str, String str2) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(str2.getBytes("UTF-8"), "AES");
            IvParameterSpec ivParameterSpec = new IvParameterSpec(IV_STRING.getBytes("UTF-8"));
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, secretKeySpec, ivParameterSpec);
            return java.util.Base64.getEncoder().encodeToString(cipher.doFinal(str.getBytes("UTF-8")));
        } catch (Exception e) {
            log.error("AES加密失败[{}]", str);
            return str;
        }
    }

    public String getVisualToken(String str, String str2) {
        String str3 = "";
        Iterator<Object> it = JSONArray.parseArray(HttpUtil.createGet(this.moduleConfig.getIam().getDomain() + "/api/iam/v2/user/tenant/application").header("Content-Type", "application/json").header("Digi-middleware-auth-user", str2).execute().body()).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            JSONObject jSONObject = (JSONObject) it.next();
            if (str.equals(jSONObject.getString("id"))) {
                str3 = jSONObject.getString("secretKey");
                break;
            }
        }
        String str4 = this.moduleConfig.getIam().getDomain() + "/api/iam/v2/identity/login";
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.parseMediaType("application/json; charset=UTF-8"));
        httpHeaders.add("digi-middleware-auth-app", this.appToken);
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("secretKey", (Object) str3);
        jSONObject2.put("identityType", (Object) "secretKey");
        HttpEntity httpEntity = new HttpEntity(jSONObject2, httpHeaders);
        log.info("getTenantToken request:{}", httpEntity);
        JSONObject jSONObject3 = (JSONObject) this.restTemplate.postForObject(str4, httpEntity, JSONObject.class, new Object[0]);
        log.info("getTenantToken response:{}", jSONObject3);
        return jSONObject3.getString("token");
    }

    public Long getAppSid(String str, String str2) {
        String body = HttpUtil.createGet(this.moduleConfig.getIam().getDomain() + StrUtil.format("/api/iam/v2/dev/app/id/{}", str)).header("digi-middleware-auth-user", integrationLogin(str2)).header("digi-middleware-auth-app", this.appToken).execute().body();
        JSONObject parseObject = JSON.parseObject(body);
        if (parseObject.getBoolean(AsaConstant.DEPLOY_SUCCESS).booleanValue()) {
            return Long.valueOf(Long.parseLong(parseObject.getJSONObject("data").getString("sid")));
        }
        log.error("获取应用sid失败，返回:{}", body);
        throw new BusinessException("获取应用sid失败，创建应用模组失败!");
    }
}
