# -*- coding: utf-8 -*-
"""Verify DemoAdmin stored password against candidates via SM2 decrypt."""
from __future__ import annotations
import sys
import pymysql
from gmssl import sm2

sys.stdout.reconfigure(encoding='utf-8')

CONN = dict(
    host='123.60.180.165', port=3306,
    user='aidopremote', password='1234567890aiDOP#',
    database='aidopdev', charset='utf8mb4', autocommit=True,
)

PUBLIC_KEY = "0484C7466D950E120E5ECE5DD85D0C90EAA85081A3A2BD7C57AE6DC822EFCCBD66620C67B0103FC8DD280E36C3B282977B722AAEC3C56518EDCEBAFB72C5A05312"
PRIVATE_KEY = "8EDB615B1D48B8BE188FC0F18EC08A41DF50EA731FA28BF409E6552809E3A111"

CANDIDATES = ["1234567890dop", "Admin.NET++010101"]


def try_decrypt(cipher_hex: str):
    """Try several permutations for Admin.NET / BouncyCastle SM2 ciphertext."""
    results = []
    # Strip possible 04 prefix (SEC1 uncompressed marker)
    variants = [cipher_hex]
    if cipher_hex.lower().startswith("04"):
        variants.append(cipher_hex[2:])

    for mode_name, mode_val in [("C1C3C2", 1), ("C1C2C3", 0)]:
        sm2_crypt = sm2.CryptSM2(public_key=PUBLIC_KEY, private_key=PRIVATE_KEY, mode=mode_val)
        for v in variants:
            try:
                plain = sm2_crypt.decrypt(bytes.fromhex(v))
                if plain:
                    txt = plain.decode('utf-8', errors='replace')
                    results.append((mode_name, v is variants[0] and "with-04" or "no-04", txt))
            except Exception as ex:
                results.append((mode_name, "err", str(ex)))
    return results


def main() -> None:
    conn = pymysql.connect(**CONN)
    with conn.cursor(pymysql.cursors.DictCursor) as cur:
        cur.execute(
            "SELECT Id, Account, Password, TenantId FROM SysUser WHERE Account='DemoAdmin' LIMIT 1"
        )
        row = cur.fetchone()
        if not row:
            print("DemoAdmin not found")
            return
        print(f"Account : {row['Account']}")
        print(f"TenantId: {row['TenantId']}")
        print(f"Ciphertext head (first 64 chars): {row['Password'][:64]}...")
        print(f"Ciphertext length              : {len(row['Password'])}")

        print("\n=== 尝试多种 SM2 解密组合 ===")
        plains = try_decrypt(row['Password'])
        for m, v, p in plains:
            print(f"  [{m} | {v}] => {p!r}")

        print("\n=== 比对候选密码 ===")
        for c in CANDIDATES:
            hits = [x for x in plains if x[2] == c]
            print(f"  {c!r:<30} => {'MATCH: ' + str([(h[0], h[1]) for h in hits]) if hits else 'no match'}")

    conn.close()


if __name__ == "__main__":
    main()