package com.webank.weid.suite.encode;

import com.webank.weid.constant.DataDriverConstant;
import com.webank.weid.constant.ErrorCode;
import com.webank.weid.constant.ParamKeyConstant;
import com.webank.weid.exception.DataTypeCastException;
import com.webank.weid.exception.EncodeSuiteException;
import com.webank.weid.protocol.amop.GetEncryptKeyArgs;
import com.webank.weid.protocol.response.GetEncryptKeyResponse;
import com.webank.weid.protocol.response.ResponseData;
import com.webank.weid.rpc.AmopService;
import com.webank.weid.service.BaseService;
import com.webank.weid.service.impl.AmopServiceImpl;
import com.webank.weid.suite.api.crypto.CryptoServiceFactory;
import com.webank.weid.suite.api.crypto.params.CryptoType;
import com.webank.weid.suite.api.crypto.params.KeyGenerator;
import com.webank.weid.suite.api.persistence.Persistence;
import com.webank.weid.suite.entity.EncodeData;
import com.webank.weid.suite.persistence.sql.driver.MysqlDriver;
import com.webank.weid.util.DataToolUtils;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/webank/weid/suite/encode/CipherEncodeProcessor.class */
public class CipherEncodeProcessor extends BaseService implements EncodeProcessor {
    private static final Logger logger = LoggerFactory.getLogger(CipherEncodeProcessor.class);
    private Persistence dataDriver;
    protected AmopService amopService = new AmopServiceImpl();

    private Persistence getDataDriver() {
        if (this.dataDriver == null) {
            this.dataDriver = new MysqlDriver();
        }
        return this.dataDriver;
    }

    @Override // com.webank.weid.suite.encode.EncodeProcessor
    public String encode(EncodeData encodeData) throws EncodeSuiteException {
        logger.info("[encode] cipher encode process, encryption with AES.");
        try {
            String key = KeyGenerator.getKey();
            HashMap hashMap = new HashMap();
            hashMap.put(ParamKeyConstant.KEY_DATA, key);
            hashMap.put(ParamKeyConstant.KEY_VERIFIERS, encodeData.getVerifiers());
            String serialize = DataToolUtils.serialize(hashMap);
            String encrypt = CryptoServiceFactory.getCryptoService(CryptoType.AES).encrypt(encodeData.getData(), key);
            ResponseData<Integer> save = getDataDriver().save(DataDriverConstant.DOMAIN_ENCRYPTKEY, encodeData.getId(), serialize);
            if (save.getErrorCode().intValue() != ErrorCode.SUCCESS.getCode()) {
                throw new EncodeSuiteException(ErrorCode.getTypeByErrorCode(save.getErrorCode().intValue()));
            }
            logger.info("[encode] cipher encode process finished.");
            return encrypt;
        } catch (EncodeSuiteException e) {
            logger.error("[encode] encode processor has some error.", e);
            throw e;
        } catch (Exception e2) {
            logger.error("[encode] encode processor has unknow error.", e2);
            throw new EncodeSuiteException(e2);
        }
    }

    @Override // com.webank.weid.suite.encode.EncodeProcessor
    public String decode(EncodeData encodeData) throws EncodeSuiteException {
        logger.info("[decode] cipher decode process, decryption with AES.");
        try {
            String decrypt = CryptoServiceFactory.getCryptoService(CryptoType.AES).decrypt(encodeData.getData(), getEntryptKey(encodeData));
            logger.info("[decode] cipher decode process finished.");
            return decrypt;
        } catch (EncodeSuiteException e) {
            logger.error("[decode] decode processor has some error.", e);
            throw e;
        } catch (Exception e2) {
            logger.error("[decode] decode processor has unknow error.", e2);
            throw new EncodeSuiteException(e2);
        }
    }

    private String getEntryptKey(EncodeData encodeData) {
        if (!fiscoConfig.getCurrentOrgId().equals(encodeData.getOrgId())) {
            logger.info("get Encrypt Key By AMOP.");
            return requestEncryptKeyByAmop(encodeData);
        }
        logger.info("get Encrypt Key from DB.");
        ResponseData<String> responseData = getDataDriver().get(DataDriverConstant.DOMAIN_ENCRYPTKEY, encodeData.getId());
        if (responseData.getErrorCode().intValue() != ErrorCode.SUCCESS.getCode()) {
            throw new EncodeSuiteException(ErrorCode.getTypeByErrorCode(responseData.getErrorCode().intValue()));
        }
        return getEncryptKey(encodeData, responseData.getResult());
    }

    private String getEncryptKey(EncodeData encodeData, String str) {
        if (encodeData.getWeIdAuthentication() == null) {
            logger.info("[getEncryptKey] the weid Authentication is null.");
            throw new EncodeSuiteException(ErrorCode.ENCRYPT_KEY_NO_PERMISSION);
        }
        try {
            Map map = (Map) DataToolUtils.deserialize(str, new HashMap().getClass());
            String weId = encodeData.getWeIdAuthentication().getWeId();
            ArrayList arrayList = (ArrayList) map.get(ParamKeyConstant.KEY_VERIFIERS);
            if (!CollectionUtils.isEmpty(arrayList) && !StringUtils.isBlank(weId) && arrayList.contains(weId)) {
                return (String) map.get(ParamKeyConstant.KEY_DATA);
            }
            logger.error("[getEncryptKey] no access to get the data, this weid is {}.", weId);
            throw new EncodeSuiteException(ErrorCode.ENCRYPT_KEY_NO_PERMISSION);
        } catch (DataTypeCastException e) {
            logger.error("[getEncryptKey] deserialize the data error, you should upgrade SDK.", e);
            throw new EncodeSuiteException(ErrorCode.ENCRYPT_KEY_INVALID);
        }
    }

    private String requestEncryptKeyByAmop(EncodeData encodeData) {
        GetEncryptKeyArgs getEncryptKeyArgs = new GetEncryptKeyArgs();
        getEncryptKeyArgs.setKeyId(encodeData.getId());
        getEncryptKeyArgs.setMessageId(DataToolUtils.getUuId32());
        getEncryptKeyArgs.setToOrgId(encodeData.getOrgId());
        getEncryptKeyArgs.setFromOrgId(fiscoConfig.getCurrentOrgId());
        if (encodeData.getWeIdAuthentication() != null) {
            getEncryptKeyArgs.setSignValue(DataToolUtils.secp256k1Sign(encodeData.getId(), new BigInteger(encodeData.getWeIdAuthentication().getWeIdPrivateKey().getPrivateKey())));
            getEncryptKeyArgs.setWeId(encodeData.getWeIdAuthentication().getWeId());
        }
        ResponseData<GetEncryptKeyResponse> encryptKey = this.amopService.getEncryptKey(encodeData.getOrgId(), getEncryptKeyArgs);
        if (encryptKey.getErrorCode().intValue() != ErrorCode.SUCCESS.getCode()) {
            logger.error("[requestEncryptKeyByAmop] AMOP response fail, dataId={}, errorCode={}, errorMessage={}", new Object[]{encodeData.getId(), encryptKey.getErrorCode(), encryptKey.getErrorMessage()});
            throw new EncodeSuiteException(ErrorCode.getTypeByErrorCode(encryptKey.getErrorCode().intValue()));
        }
        GetEncryptKeyResponse result = encryptKey.getResult();
        ErrorCode typeByErrorCode = ErrorCode.getTypeByErrorCode(result.getErrorCode().intValue());
        if (typeByErrorCode.getCode() == ErrorCode.SUCCESS.getCode()) {
            return result.getEncryptKey();
        }
        logger.error("[requestEncryptKeyByAmop] requestEncryptKey error, dataId={}, errorCode={}, errorMessage={}", new Object[]{encodeData.getId(), result.getErrorCode(), result.getErrorMessage()});
        throw new EncodeSuiteException(typeByErrorCode);
    }
}
