package com.digiwin.dap.middle.encrypt.util;

import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.collection.ListUtil;
import cn.hutool.core.date.DatePattern;
import cn.hutool.core.date.LocalDateTimeUtil;
import cn.hutool.core.map.MapUtil;
import cn.hutool.core.util.CharsetUtil;
import cn.hutool.core.util.RandomUtil;
import cn.hutool.crypto.SecureUtil;
import com.digiwin.dap.middle.encrypt.contstant.EncryptConstants;
import com.digiwin.dap.middle.encrypt.domain.DapEncryptDTO;
import com.digiwin.dap.middle.encrypt.domain.DapSignInfo;
import com.digiwin.dap.middleware.cache.RedisUtils;
import com.digiwin.dap.middleware.domain.CommonErrorCode;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.util.JsonUtils;
import com.digiwin.dap.middleware.util.SecureUtils;
import java.time.Duration;
import java.time.LocalDateTime;
import java.util.ArrayList;
import java.util.LinkedList;
import java.util.Map;
import java.util.Objects;
import javax.servlet.http.HttpServletRequest;
import org.springframework.util.CollectionUtils;
import org.springframework.util.ObjectUtils;

/* loaded from: input_file:com/digiwin/dap/middle/encrypt/util/EncryptUtil.class */
public class EncryptUtil {
    public static DapEncryptDTO encrypt(String str, Object obj) {
        if (ObjectUtils.isEmpty(str)) {
            throw new BusinessException("appSecret不能为空");
        }
        String encryptBase64 = SecureUtils.encryptBase64(JsonUtils.objToJson(obj), str);
        DapEncryptDTO dapEncryptDTO = new DapEncryptDTO();
        dapEncryptDTO.seteData(encryptBase64);
        return dapEncryptDTO;
    }

    public static <T> T decrypt(String str, DapEncryptDTO dapEncryptDTO, Class<T> cls) {
        if (ObjectUtils.isEmpty(dapEncryptDTO.geteData())) {
            throw new BusinessException("密文eData不能为空");
        }
        return (T) JsonUtils.jsonToObj(SecureUtils.decryptBase64(dapEncryptDTO.geteData(), str), cls);
    }

    public static DapSignInfo sign(String str, Map<String, String> map, DapEncryptDTO dapEncryptDTO) {
        DapSignInfo dapSignInfo = new DapSignInfo();
        dapSignInfo.setTimestamp(LocalDateTimeUtil.format(LocalDateTime.now(), DatePattern.PURE_DATETIME_FORMATTER));
        dapSignInfo.setNonce(RandomUtil.randomString(16));
        String sortJoin = MapUtil.sortJoin(JsonUtils.objToMap(dapSignInfo), EncryptConstants.AND, EncryptConstants.EQUALS_SIGN, true, new String[0]);
        String str2 = null;
        if (!CollectionUtils.isEmpty(map)) {
            str2 = MapUtil.sortJoin(map, EncryptConstants.AND, EncryptConstants.EQUALS_SIGN, true, new String[0]);
        }
        ArrayList list = ListUtil.toList(new String[]{sortJoin, str2, MapUtil.sortJoin(JsonUtils.objToMap(dapEncryptDTO), EncryptConstants.AND, EncryptConstants.EQUALS_SIGN, true, new String[0])});
        CollUtil.removeEmpty(list);
        dapSignInfo.setSign(SecureUtil.hmacSha256(str).digestBase64(CollUtil.join(list, EncryptConstants.AND), CharsetUtil.CHARSET_UTF_8, true));
        return dapSignInfo;
    }

    public static void verify(HttpServletRequest httpServletRequest, String str, DapSignInfo dapSignInfo, String str2, String str3) {
        DapSignInfo.verify(dapSignInfo);
        if (Math.abs(System.currentTimeMillis() - LocalDateTimeUtil.toEpochMilli(LocalDateTimeUtil.parse(dapSignInfo.getTimestamp(), "yyyyMMddHHmmss"))) > EncryptConstants.EXPIRE_TIME) {
            throw new BusinessException(CommonErrorCode.SIGN_TIMESTAMP_EXPIRED, new Object[]{dapSignInfo.getTimestamp()});
        }
        if (!RedisUtils.setIfAbsent(getKey(dapSignInfo.getNonce()), 1, Duration.ofMillis(600000L))) {
            throw new BusinessException(CommonErrorCode.SIGN_DUPLICATE_REQUEST_ERROR, new Object[]{dapSignInfo.getNonce()});
        }
        Map objToMap = JsonUtils.objToMap(dapSignInfo);
        objToMap.remove("sign");
        LinkedList linkedList = ListUtil.toLinkedList(new String[]{MapUtil.sortJoin(objToMap, EncryptConstants.AND, EncryptConstants.EQUALS_SIGN, true, new String[0]), str2, str3});
        CollUtil.removeEmpty(linkedList);
        String digestBase64 = SecureUtil.hmacSha256(str).digestBase64(CollUtil.join(linkedList, EncryptConstants.AND), CharsetUtil.CHARSET_UTF_8, true);
        if (!Objects.equals(digestBase64, dapSignInfo.getSign())) {
            throw new BusinessException(CommonErrorCode.SIGN_INCONSISTENT_SIGNATURES_ERROR, new Object[]{digestBase64});
        }
        httpServletRequest.setAttribute(EncryptConstants.SIGN_STATUS_KEY, true);
        httpServletRequest.setAttribute(EncryptConstants.APP_SECRET_KEY, str);
    }

    private static String getKey(String str) {
        return String.format(EncryptConstants.REDIS_DWPAY_SIGN_NONCE, "dap", str);
    }
}
