package cn.webank.ob.sdk.service;

import cn.webank.ob.sdk.common.constant.message.RespConstant;
import cn.webank.ob.sdk.common.exception.custom_exception.OBException;
import cn.webank.ob.sdk.common.exception.enums.OBBizErrorEnum;
import cn.webank.ob.sdk.common.exception.enums.OBGeneralErrorEnum;
import cn.webank.ob.sdk.common.util.Sm2Util;
import cn.webank.ob.sdk.model.SecretKeyInfo;
import cn.webank.ob.sdk.model.msg.ResponseMsg;
import com.alibaba.fastjson2.JSON;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.Random;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;

/* loaded from: input_file:cn/webank/ob/sdk/service/SignOpenApiService.class */
public class SignOpenApiService extends BaseOpenApiService {
    private static final String CALL_SIGN = "WBOB-SM3-SM2,nonceStr=\"%s\",sign=\"%s\",timestamp=\"%s\",certSerialNo=\"%s\"";
    private static final Logger LOGGER = LoggerFactory.getLogger(SignOpenApiService.class);
    private static final Random SECURE_RANDOM = new SecureRandom();

    public SignOpenApiService(String str) {
        super(str);
    }

    public String createAccessTokenAuthStr(String str, String str2, SecretKeyInfo secretKeyInfo) {
        return getOauthStr("", HttpMethod.GET.name(), str, str2, secretKeyInfo);
    }

    public String getOauthStr(String str, String str2, String str3, SecretKeyInfo secretKeyInfo) {
        return getOauthStr(str, str2, str3, null, secretKeyInfo);
    }

    private String getOauthStr(String str, String str2, String str3, String str4, SecretKeyInfo secretKeyInfo) {
        String genRandomStringOfLen32 = genRandomStringOfLen32();
        String valueOf = String.valueOf(System.currentTimeMillis());
        String str5 = str2 + str3 + valueOf + genRandomStringOfLen32 + str;
        if (StringUtils.isNotBlank(str4)) {
            str5 = str5 + str4;
        }
        LOGGER.info("签名串加密前数据为：{}", str5);
        try {
            String format = String.format(CALL_SIGN, genRandomStringOfLen32, Sm2Util.getSignBase64(str5, secretKeyInfo.getPrivateKeyBase64()), valueOf, secretKeyInfo.getCertSerialNo());
            LOGGER.info("最终得到的签名为：{}", format);
            return format;
        } catch (Exception e) {
            throw new OBException(OBBizErrorEnum.SIGN_ERROR.getCode(), String.format(OBBizErrorEnum.SIGN_ERROR.getDescription(), str5), (Throwable) e);
        }
    }

    public String getFileSignStr(String str, String str2) {
        try {
            return Base64.getEncoder().encodeToString(Sm2Util.signFile(str, Base64.getDecoder().decode(str2), ""));
        } catch (Exception e) {
            throw new OBException(OBBizErrorEnum.SIGN_ERROR.getCode(), String.format(OBBizErrorEnum.SIGN_ERROR.getDescription(), str), (Throwable) e);
        }
    }

    public String genRandomStringOfLen32() {
        byte[] bArr = new byte[32];
        SECURE_RANDOM.nextBytes(bArr);
        try {
            return new String(Hex.encodeHex(MessageDigest.getInstance("SHA-256").digest(bArr)), 0, 32);
        } catch (NoSuchAlgorithmException e) {
            throw new OBException(OBGeneralErrorEnum.SYSTEM_ERROR.getCode(), String.format(OBGeneralErrorEnum.SYSTEM_ERROR.getDescription(), "生成随机数异常"), (Throwable) e);
        }
    }

    public void verifySignature(HttpHeaders httpHeaders, String str, String str2) {
        String first = httpHeaders.getFirst(RespConstant.SIGN);
        String first2 = httpHeaders.getFirst(RespConstant.TIMESTAMP);
        String first3 = httpHeaders.getFirst(RespConstant.NONCE_STR);
        String str3 = first2 + first3 + str;
        if (StringUtils.isBlank(first2) || StringUtils.isBlank(first3)) {
            ResponseMsg responseMsg = (ResponseMsg) JSON.parseObject(str, ResponseMsg.class);
            LOGGER.error("响应报文为：{}", responseMsg);
            throw new OBException(responseMsg.getResCode(), responseMsg.getResMsg());
        }
        LOGGER.info("response auth String：{}", str3);
        if (Sm2Util.verifySignBase64(str3, first, str2)) {
            LOGGER.info("验签通过");
        } else {
            LOGGER.info("验签失败");
            throw new OBException(OBBizErrorEnum.VERIFY_SIGNATURE_ERROR.getCode(), String.format(OBBizErrorEnum.VERIFY_SIGNATURE_ERROR.getDescription(), str3));
        }
    }

    public void fileVerifySign(HttpHeaders httpHeaders, String str, String str2) throws IOException {
        if (Sm2Util.verifyFile(str, Base64.getDecoder().decode(str2), null, Base64.getDecoder().decode(httpHeaders.getFirst(RespConstant.SIGN)))) {
            LOGGER.info("文件验签通过");
        } else {
            LOGGER.info("文件验签失败");
            throw new OBException(OBBizErrorEnum.VERIFY_SIGNATURE_ERROR.getCode(), String.format(OBBizErrorEnum.VERIFY_SIGNATURE_ERROR.getDescription(), str));
        }
    }
}
