package com.vortex.cloud.vfs.lite.crypto.qingdaogovcloud;

import com.alibaba.fastjson.JSONObject;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.xml.bind.DatatypeConverter;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.KeyParameter;
import org.springframework.util.Base64Utils;

/* loaded from: input_file:com/vortex/cloud/vfs/lite/crypto/qingdaogovcloud/QingDaoGovCloudClient.class */
public class QingDaoGovCloudClient {
    private static final String VERSION = "1.0";
    private static final String SIGN_ALGO = "HmacSM3";
    private static final String MODE = "CBC";
    private static final String PADDING = "PKCS7Padding";
    private static final int KEK_INDEX = 50;
    private static final int ENC_KEY_PADDING_MODE = 2;
    private static final String AND = "&";
    private static final String EQUAL = "=";
    private final String IP_PORT;
    private final String APP_ID;
    private final String DEVICE_ID;
    private final String SECRET;
    private final String KEY_ID;
    private final String PST_KEY;
    static TrustManager[] trustAllCerts = {new X509TrustManager() { // from class: com.vortex.cloud.vfs.lite.crypto.qingdaogovcloud.QingDaoGovCloudClient.1
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }};

    /* loaded from: input_file:com/vortex/cloud/vfs/lite/crypto/qingdaogovcloud/QingDaoGovCloudClient$NullHostNameVerifier.class */
    public class NullHostNameVerifier implements HostnameVerifier {
        public NullHostNameVerifier() {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }
    }

    public QingDaoGovCloudClient(String str, String str2, String str3, String str4, String str5, String str6) {
        this.IP_PORT = str;
        this.APP_ID = str2;
        this.DEVICE_ID = str3;
        this.SECRET = str4;
        this.KEY_ID = str5;
        this.PST_KEY = str6;
    }

    public String encrypt(String str) {
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("transId", "QD" + System.currentTimeMillis());
            hashMap.put("version", VERSION);
            hashMap.put("signAlgo", SIGN_ALGO);
            hashMap.put("appId", this.APP_ID);
            hashMap.put("keyId", this.KEY_ID);
            hashMap.put("mode", MODE);
            hashMap.put("padding", PADDING);
            hashMap.put("plainText", Base64Utils.encodeToString(str.getBytes()));
            hashMap.put("deviceId", this.DEVICE_ID);
            hashMap.put("signature", generateSignature(hashMap, this.SECRET));
            return JSONObject.parseObject(postConnection(this.IP_PORT + "/cmk/v1/encrypt", hashMap)).getJSONObject("data").getString("cipherTextBlob");
        } catch (Exception e) {
            throw new RuntimeException("加密平台接口调用失败", e);
        }
    }

    public String decrypt(String str) {
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("transId", "QD" + System.currentTimeMillis());
            hashMap.put("version", VERSION);
            hashMap.put("signAlgo", SIGN_ALGO);
            hashMap.put("appId", this.APP_ID);
            hashMap.put("keyId", this.KEY_ID);
            hashMap.put("deviceId", this.DEVICE_ID);
            hashMap.put("encData", str);
            hashMap.put("signature", generateSignature(hashMap, this.SECRET));
            return new String(Base64Utils.decodeFromString(JSONObject.parseObject(postConnection(this.IP_PORT + "/cmk/v1/decrypt", hashMap)).getJSONObject("data").getString("plainText")));
        } catch (Exception e) {
            throw new RuntimeException("加密平台接口调用失败", e);
        }
    }

    public String createHmac(String str) {
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("transId", "QD" + System.currentTimeMillis());
            hashMap.put("version", VERSION);
            hashMap.put("signAlgo", SIGN_ALGO);
            hashMap.put("appId", this.APP_ID);
            hashMap.put("deviceId", this.DEVICE_ID);
            hashMap.put("kekIndex", Integer.valueOf(KEK_INDEX));
            hashMap.put("encKeyPaddingMode", Integer.valueOf(ENC_KEY_PADDING_MODE));
            hashMap.put("pstKey", this.PST_KEY);
            hashMap.put("source", Base64Utils.encodeToString(str.getBytes()));
            hashMap.put("signature", generateSignature(hashMap, this.SECRET));
            return JSONObject.parseObject(postConnection(this.IP_PORT + "/mops-server/sdfexHmacByEncKey", hashMap)).getJSONObject("data").getString("hmac");
        } catch (Exception e) {
            throw new RuntimeException("加密平台接口调用失败", e);
        }
    }

    private String generateSignature(Map<String, Object> map, String str) throws Exception {
        return getHMAC(generateSignString(map).getBytes(), str.getBytes(), map.get("signAlgo").toString());
    }

    private String generateSignString(Map<String, Object> map) {
        StringBuilder sb = new StringBuilder();
        ArrayList arrayList = new ArrayList(map.keySet());
        Collections.sort(arrayList);
        for (int i = 0; i < arrayList.size(); i++) {
            String str = (String) arrayList.get(i);
            Object obj = map.get(str);
            if (obj != null && !"signature".equals(str)) {
                if (i == map.size() - 1) {
                    sb.append(str).append(EQUAL).append(obj);
                } else {
                    sb.append(str).append(EQUAL).append(obj).append(AND);
                }
            }
        }
        return sb.toString();
    }

    private String getHMAC(byte[] bArr, byte[] bArr2, String str) throws Exception {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, str);
        if ("HmacSHA256".equals(str)) {
            Mac mac = Mac.getInstance(str);
            mac.init(secretKeySpec);
            return base64Encode(mac.doFinal(bArr));
        }
        KeyParameter keyParameter = new KeyParameter(bArr2);
        HMac hMac = new HMac(new SM3Digest());
        hMac.init(keyParameter);
        hMac.update(bArr, 0, bArr.length);
        byte[] bArr3 = new byte[0];
        byte[] bArr4 = new byte[hMac.getMacSize()];
        hMac.doFinal(bArr4, 0);
        return Base64Utils.encodeToString(bArr4);
    }

    private String base64Encode(byte[] bArr) {
        return DatatypeConverter.printBase64Binary(bArr);
    }

    private String postConnection(String str, Map<String, Object> map) throws Exception {
        HttpsURLConnection.setDefaultHostnameVerifier(new NullHostNameVerifier());
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, trustAllCerts, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        HttpURLConnection httpURLConnection = null;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
            httpURLConnection.setDoOutput(true);
            httpURLConnection.setRequestMethod("POST");
            httpURLConnection.setRequestProperty("Content-Type", "application/json");
            OutputStream outputStream = httpURLConnection.getOutputStream();
            outputStream.write(JSONObject.toJSONString(map).getBytes("UTF-8"));
            outputStream.flush();
            outputStream.close();
            InputStream inputStream = httpURLConnection.getInputStream();
            byte[] bArr = new byte[1024];
            for (int read = inputStream.read(bArr, 0, 1024); read != -1; read = inputStream.read(bArr, 0, 1024)) {
                byteArrayOutputStream.write(bArr, 0, read);
            }
            String str2 = new String(byteArrayOutputStream.toByteArray(), "UTF-8");
            byteArrayOutputStream.close();
            if (httpURLConnection != null) {
                httpURLConnection.disconnect();
            }
            return str2;
        } catch (Throwable th) {
            byteArrayOutputStream.close();
            if (httpURLConnection != null) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }
}
