import requests
import json
from Crypto.Cipher import DES
from Crypto.Util.Padding import pad
import base64

# 全局变量，用于存储从登录响应中获取的 key 和 iv
DYNAMIC_KEY = None
DYNAMIC_IV = None


def get_des_encrypt(data: str, _key: str, _iv: str) -> str:
    """
    使用 DES/CBC/PKCS7 加密字符串。
    """
    key = _key.encode('utf-8')
    iv = _iv.encode('utf-8')

    if len(key) != 8 or len(iv) != 8:
        raise ValueError("DES key and IV must be exactly 8 bytes")

    plaintext = data.encode('utf-8')
    padded_data = pad(plaintext, DES.block_size)
    cipher = DES.new(key, DES.MODE_CBC, iv)
    encrypted_bytes = cipher.encrypt(padded_data)
    return base64.b64encode(encrypted_bytes).decode('utf-8')


def login_and_get_dynamic_key_iv(url, login_data):
    """
    发送未加密登录请求，成功后提取 key 和 iv。
    返回 (token, key, iv) 或 (None, None, None)
    """
    payload = {
        "encType": 0,
        "x_flag": "",
        "data": login_data
    }
    headers = {"Content-Type": "application/json"}
    try:
        response = requests.post(url, headers=headers, json=payload)
        print("🔓 [登录] 状态码:", response.status_code)
        result = response.json()
        print("🔓 [登录] 响应:", json.dumps(result, indent=2, ensure_ascii=False))

        data = result.get("data", {})
        token = data.get("token")
        key = data.get("key")
        iv = data.get("iv")

        if token and key and iv:
            print(f"✅ 登录成功！Token: {token}")
            print(f"🔑 动态 Key: {key}, IV: {iv}")
            return token, key, iv
        else:
            print("❌ 登录成功但缺少 key 或 iv")
            return None, None, None
    except Exception as e:
        print("❌ 登录异常:", e)
        return None, None, None


def send_encrypted_request_with_dynamic_key(url, data, key, iv):
    """
    使用动态 key/iv 加密并发送请求。
    """
    data_str = json.dumps(data, separators=(',', ':'))
    encrypted_data = get_des_encrypt(data_str, key, iv)

    payload = {
        "encType": 0,
        "x_flag": "",
        "data": encrypted_data
    }
    headers = {"Content-Type": "application/json"}
    try:
        response = requests.post(url, headers=headers, json=payload)
        print("🔒 [加密请求] 状态码:", response.status_code)
        print("🔒 [加密请求] 响应:", response.text)

        result = response.json()
        token = result.get("data", {}).get("token")
        if token:
            print("✅ 加密请求成功，Token:", token)
        else:
            print("⚠️ 加密请求完成，但无新 token")
    except Exception as e:
        print("❌ 加密请求异常:", e)


if __name__ == '__main__':
    url = "http://127.0.0.1:8084/c/v1/wellMudLogAndWireLine/system/privateManager/userLoginAggregate/other/login"
    login_data = {
        "userId": "test002",
        "password": "123456"
    }
    token, key, iv = login_and_get_dynamic_key_iv(url, login_data)

    if not (key and iv):
        print("🛑 无法获取动态 key/iv，退出。")
        exit(1)