<?php

namespace Extend\Ca;

use App\Constants\HttpEnumCode;
use App\Exception\BusinessException;
use GuzzleHttp\Client;
use GuzzleHttp\Exception\GuzzleException;
use Hyperf\Di\Annotation\Inject;
use Hyperf\Snowflake\IdGeneratorInterface;
use Hyperf\Utils\ApplicationContext;
use Psr\Container\ContainerInterface;

/**
 * 四川ca云证书+电子签章
 */
class Ca
{
    #[Inject]
    protected ContainerInterface $container;

    #[Inject]
    protected Client $client;

    public function __construct(){
        $this->container = ApplicationContext::getContainer();
        $this->client = $this->container->get(Client::class);
    }

    /**
     * 获取云证书
     * @param array $data
     * @return mixed
     */
    public function getCloudCert(array $data): mixed
    {
        $option = [
            'form_params' => [
                'entityId' => $data['user_id'], // 用户唯一标识，由业务系统定义
                'entityType' => "Personal",// 用户类型，可选值[Personal/Organizational]
                'pin' => $data['user_id'], // 证书PIN码
                'cardNumber' => $data['card_num'], // 证件号码(个人身份证;企业统一社会信用代码)
            ]
        ];

        try {
            $response = $this->httpRequest(config("ca.api_url") . '/cloud-certificate-service' . '/api/cloudCert/open/v2/cert/offlineAuthCertEnroll', $option);
            if (empty($response)){
                // 返回值为空
                throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR));
            }
            return $response;
        } catch (GuzzleException $e) {
            throw new BusinessException($e->getMessage());
        }
    }

    /**
     * 获取云证书签名
     * @param string $user_id
     * @param string $pin
     * @param array $data
     * @return mixed
     */
    public function getCertSign(string $user_id,string $pin,array $data): mixed
    {
        $option = [
            'form_params' => [
                'entityId' => $user_id, // 用户唯一标识，由业务系统定义
                'toSign' => hash_hmac("sha1",json_encode($data,JSON_UNESCAPED_UNICODE),config("ca.secret")), // 签名原文
                'pin' => $pin, // 证书PIN码
            ]
        ];

        try {
            $response = $this->httpRequest(
                config("ca.api_url") . '/cloud-certificate-service' . '/api/cloudCert/open/cert/sign',
                $option
            );
            if (empty($response)){
                // 返回值为空
                throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR));
            }
            return $response;
        } catch (GuzzleException $e) {
            throw new BusinessException($e->getMessage());
        }
    }

    // PKCS7签名验证接口
    // 对客户端签名信息进行验证，返回证书信息，同时可以配置回调服务，在验证成功后回调业务系统
    public function verifyPkcs7(string $sign_p7,array $data){
        $generator = $this->container->get(IdGeneratorInterface::class);

        $option = [
            'form_params' => [
                'opType' => "签名验证",
                'requestId' => $generator->generate(),// 业务流水号，唯一
                'signedData' => $sign_p7, // 签名值：签名接口返回的signP7
                'toSign' => hash_hmac("sha1",json_encode($data,JSON_UNESCAPED_UNICODE),config("ca.secret")), // 签名原文
            ]
        ];

        try {
            $response = $this->httpRequest(
                config("ca.api_url") . '/signgw-service/api/signature/verifyPkcs7',
                $option
            );
            if (empty($response)){
                // 返回值为空
                throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR));
            }
            return $response;
        } catch (GuzzleException $e) {
            throw new BusinessException($e->getMessage());
        }
    }

    /**
     * 添加签章配置
     * @param string $user_id 用户id
     * @param string $card_num 身份证号
     * @param array $data
     * @return mixed
     */
    public function addUserSignConfig(string $user_id,string $card_num,array $data): mixed
    {
        $option = [
            'form_params' => [
                'userId' => $user_id,//用户标识信息（为云证书entityId）
                'configKey' => $user_id, // 签章配置唯一标识，一张云证书配置一个
                'keypairType' => "3", // 秘钥类型(3云证书)
                'certSn' => $card_num, // 证书序列号，使用医生身份证号即可
                'signType' => "4", // 签章方式(签章类型; 4客户端坐标签章;5客户端关键字签章;)
                'signParam' => $data['sign_param'], // 签章配置,JSON
                'sealImg' => $data['seal_img'], // 签章图片，base64格式
                'sealType' => "4",
                'signTemplate' => "1",
            ]
        ];

        try {
            $response = $this->httpRequest(
                config("ca.api_url") . '/signature-server/api/open/signature/userSignConfig',
                $option
            );
            if (empty($response)){
                // 返回值为空
                throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR));
            }
            return $response;
        } catch (GuzzleException $e) {
            throw new BusinessException($e->getMessage());
        }
    }

    /**
     * 获取用户签章图片
     * @param string $user_id
     * @return mixed
     */
    public function getFetchUserSeal(string $user_id): mixed
    {
        $option = [
            'form_params' => [
                'userId' => $user_id,//用户标识信息（为云证书entityId）
            ]
        ];

        try {
            $response = $this->httpRequest(
                config("ca.api_url") . '/signature-server/api/open/signature/fetchUserSeal',
                $option
            );
            if (empty($response)){
                // 返回值为空
                throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR));
            }
            return $response;
        } catch (GuzzleException $e) {
            throw new BusinessException($e->getMessage());
        }
    }

    /**
     * 获取请求签名
     * @param array $data
     * @return string
     */
    protected function getRequestSign(array $data): string
    {
        ksort($data['form_params']);

        $data = implode('&',$data['form_params']);
        return hash_hmac("sha1",$data,config("ca.secret"));
    }

    /**
     * 封装公共请求
     * @param string $path
     * @param array $arg
     * @return mixed
     * @throws GuzzleException
     */
    protected function httpRequest(string $path,array $arg = []): mixed
    {

        $option = [
            "headers" => [
                "app_id" => config("ca.app_id"),
                "signature" => $this->getRequestSign($arg)
            ],
        ];

        $arg = array_merge($arg,$option);

        //        dump(json_encode($arg,JSON_UNESCAPED_UNICODE));

        $response = $this->client->post($path, $arg);
        if ($response->getStatusCode() != '200'){
            // 请求失败
            throw new BusinessException($response->getBody()->getContents());
        }
        $body = json_decode($response->getBody(),true);
        dump($body);
        if (empty($body)){
            // 返回值为空
            throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR));
        }

        if ($body['result_code'] != 0){
            // 请求失败
            if (!empty($body['result_msg'])){
                throw new BusinessException($body['result_msg']);
            }
            throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR));
        }

        return $body['body'];
    }
}