package com.alipay.v3.util;

import com.alipay.v3.ApiException;
import com.google.common.base.Strings;
import java.io.ByteArrayOutputStream;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:com/alipay/v3/util/AlipayConfigUtil.class */
public class AlipayConfigUtil {
    private String appId;
    private String privateKey;
    private String alipayPublicKey;
    private String rootCertContent;
    private String rootCertSN;
    private String appCertSN;
    private String encryptKey;
    public static final String RSA = "RSA";
    public static final String SHA_256_WITH_RSA = "SHA256WithRSA";
    public static final String ALIPAY_SHA_256_WITH_RSA = "ALIPAY-SHA256withRSA";
    private static final String AES_ALG = "AES";
    private static final String AES_CBC_PCK_ALG = "AES/CBC/PKCS5Padding";
    private static final byte[] AES_IV = initIV();
    private static final int MAX_ENCRYPT_BLOCK_SIZE = 244;
    private static final int MAX_DECRYPT_BLOCK_SIZE = 256;
    private String charset = "utf-8";
    private ConcurrentHashMap<String, String> cachedAlipayPublicKey = new ConcurrentHashMap<>();
    private String encryptType = AES_ALG;

    public void sign(String str, String str2, String str3, Map<String, String> map) throws ApiException {
        if (Strings.isNullOrEmpty(this.privateKey)) {
            throw new ApiException("私钥[privateKey]不可为空");
        }
        String str4 = map.get("alipay-app-auth-token");
        String str5 = "app_id=" + this.appId + (Strings.isNullOrEmpty(this.appCertSN) ? "" : ",app_cert_sn=" + this.appCertSN) + ",nonce=" + UUID.randomUUID().toString() + ",timestamp=" + String.valueOf(System.currentTimeMillis());
        map.put("Authorization", "ALIPAY-SHA256withRSA " + str5 + ",sign=" + generateSign(str5 + "\n" + str + "\n" + str2 + "\n" + (Strings.isNullOrEmpty(str3) ? "" : str3) + "\n" + (Strings.isNullOrEmpty(str4) ? "" : str4 + "\n")));
        if (Strings.isNullOrEmpty(this.rootCertSN)) {
            return;
        }
        map.put("alipay-root-cert-sn", this.rootCertSN);
    }

    public String generateSign(String str) throws ApiException {
        try {
            PrivateKey generatePrivate = KeyFactory.getInstance(RSA).generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(this.privateKey.getBytes())));
            Signature signature = Signature.getInstance(SHA_256_WITH_RSA);
            signature.initSign(generatePrivate);
            signature.update(str.getBytes(this.charset));
            return new String(Base64.encode(signature.sign()));
        } catch (Exception e) {
            throw new ApiException("签名遭遇异常，请检查私钥格式是否正确。content=" + str + " privateKeySize=" + this.privateKey.length() + " reason=" + e.getMessage());
        }
    }

    public boolean verify(String str, String str2, String str3, String str4, String str5) throws ApiException {
        String str6 = this.alipayPublicKey;
        if (!Strings.isNullOrEmpty(this.appCertSN)) {
            str6 = getAlipayPublicKey(str3);
        }
        if (Strings.isNullOrEmpty(str6)) {
            throw new ApiException("公钥不可为空");
        }
        return generateVerify(str4 + "\n" + str5 + "\n" + (str == null ? "" : str) + "\n", str2, str6);
    }

    public boolean generateVerify(String str, String str2, String str3) throws ApiException {
        try {
            PublicKey generatePublic = KeyFactory.getInstance(RSA).generatePublic(new X509EncodedKeySpec(Base64.decode(str3.getBytes())));
            Signature signature = Signature.getInstance(SHA_256_WITH_RSA);
            signature.initVerify(generatePublic);
            signature.update(str.getBytes(this.charset));
            return signature.verify(Base64.decode(str2.getBytes()));
        } catch (Exception e) {
            throw new ApiException("验签遭遇异常，请检查公钥格式或签名是否正确。content=" + str + " sign=" + str2 + " publicKey=" + str3 + " reason=" + e.getMessage());
        }
    }

    private String getAlipayPublicKey(String str) throws ApiException {
        if (Strings.isNullOrEmpty(str)) {
            return this.cachedAlipayPublicKey.values().iterator().next();
        }
        if (this.cachedAlipayPublicKey.containsKey(str)) {
            return this.cachedAlipayPublicKey.get(str);
        }
        throw new ApiException("支付宝公钥证书[" + str + "]已过期，请重新下载最新支付宝公钥证书并替换原证书文件");
    }

    public String encrypt(String str, Map<String, String> map) throws ApiException {
        if (Strings.isNullOrEmpty(this.encryptKey)) {
            return str;
        }
        if (!AES_ALG.equals(this.encryptType)) {
            throw new ApiException("当前不支持该算法类型：encryptType=" + this.encryptType);
        }
        map.put("alipay-encrypt-type", this.encryptType);
        if (!"multipart/form-data".equals(map.get("Content-Type"))) {
            map.put("Content-Type", "text/plain");
        }
        if (Strings.isNullOrEmpty(str)) {
            return null;
        }
        try {
            Cipher cipher = Cipher.getInstance(AES_CBC_PCK_ALG);
            cipher.init(1, new SecretKeySpec(Base64.decode(this.encryptKey.getBytes()), AES_ALG), new IvParameterSpec(AES_IV));
            return new String(Base64.encode(cipher.doFinal(str.getBytes(this.charset))));
        } catch (Exception e) {
            throw new ApiException("AES加密失败，plainText=" + str + "，keySize=" + this.encryptKey.length() + "。" + e.getMessage());
        }
    }

    public String decrypt(String str) throws ApiException {
        if (Strings.isNullOrEmpty(this.encryptKey)) {
            return str;
        }
        if (!AES_ALG.equals(this.encryptType)) {
            throw new ApiException("当前不支持该算法类型：encrypeType=" + this.encryptType);
        }
        if (Strings.isNullOrEmpty(str)) {
            return null;
        }
        try {
            Cipher cipher = Cipher.getInstance(AES_CBC_PCK_ALG);
            cipher.init(2, new SecretKeySpec(Base64.decode(this.encryptKey.getBytes()), AES_ALG), new IvParameterSpec(AES_IV));
            return new String(cipher.doFinal(Base64.decode(str.getBytes())), this.charset);
        } catch (Exception e) {
            throw new ApiException("AES解密失败，cipherText=" + str + "，keySize=" + this.encryptKey.length() + "。" + e.getMessage());
        }
    }

    public String doDecrypt(String str) throws ApiException {
        try {
            PrivateKey generatePrivate = KeyFactory.getInstance(RSA).generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(this.privateKey.getBytes())));
            Cipher cipher = Cipher.getInstance(RSA);
            cipher.init(2, generatePrivate);
            byte[] decode = Base64.decode(str.getBytes(this.charset));
            int length = decode.length;
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            int i = 0;
            int i2 = 0;
            while (length - i > 0) {
                byte[] doFinal = length - i > MAX_DECRYPT_BLOCK_SIZE ? cipher.doFinal(decode, i, MAX_DECRYPT_BLOCK_SIZE) : cipher.doFinal(decode, i, length - i);
                byteArrayOutputStream.write(doFinal, 0, doFinal.length);
                i2++;
                i = i2 * MAX_DECRYPT_BLOCK_SIZE;
            }
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            byteArrayOutputStream.close();
            return new String(byteArray, this.charset);
        } catch (Exception e) {
            throw new ApiException("RSA2非对称解密遭遇异常，请检查私钥格式是否正确。cipherTextBase64=" + str + " privateKeySize=" + this.privateKey.length() + " reason=" + e.getMessage());
        }
    }

    public String doEncrypt(String str) throws ApiException {
        try {
            PublicKey generatePublic = KeyFactory.getInstance(RSA).generatePublic(new X509EncodedKeySpec(Base64.decode(this.alipayPublicKey.getBytes())));
            Cipher cipher = Cipher.getInstance(RSA);
            cipher.init(1, generatePublic);
            byte[] bytes = str.getBytes(this.charset);
            int length = bytes.length;
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            int i = 0;
            int i2 = 0;
            while (length - i > 0) {
                byte[] doFinal = length - i > MAX_ENCRYPT_BLOCK_SIZE ? cipher.doFinal(bytes, i, MAX_ENCRYPT_BLOCK_SIZE) : cipher.doFinal(bytes, i, length - i);
                byteArrayOutputStream.write(doFinal, 0, doFinal.length);
                i2++;
                i = i2 * MAX_ENCRYPT_BLOCK_SIZE;
            }
            byte[] encode = Base64.encode(byteArrayOutputStream.toByteArray());
            byteArrayOutputStream.close();
            return new String(encode, this.charset);
        } catch (Exception e) {
            throw new ApiException("RSA2非对称加密遭遇异常，请检查公钥格式是否正确。plainText=" + str + " publicKey=" + this.alipayPublicKey + " reason=" + e.getMessage());
        }
    }

    private static byte[] initIV() {
        try {
            int blockSize = Cipher.getInstance(AES_CBC_PCK_ALG).getBlockSize();
            byte[] bArr = new byte[blockSize];
            for (int i = 0; i < blockSize; i++) {
                bArr[i] = 0;
            }
            return bArr;
        } catch (Exception e) {
            byte[] bArr2 = new byte[16];
            for (int i2 = 0; i2 < 16; i2++) {
                bArr2[i2] = 0;
            }
            return bArr2;
        }
    }

    public String getAppId() {
        return this.appId;
    }

    public void setAppId(String str) {
        this.appId = str;
    }

    public String getCharset() {
        return this.charset;
    }

    public void setCharset(String str) {
        this.charset = str;
    }

    public String getPrivateKey() {
        return this.privateKey;
    }

    public void setPrivateKey(String str) {
        this.privateKey = str;
    }

    public String getAlipayPublicKey() {
        return this.alipayPublicKey;
    }

    public void setAlipayPublicKey(String str) {
        this.alipayPublicKey = str;
    }

    public String getRootCertContent() {
        return this.rootCertContent;
    }

    public void setRootCertContent(String str) {
        this.rootCertContent = str;
    }

    public String getRootCertSN() {
        return this.rootCertSN;
    }

    public void setRootCertSN(String str) {
        this.rootCertSN = str;
    }

    public String getAppCertSN() {
        return this.appCertSN;
    }

    public void setAppCertSN(String str) {
        this.appCertSN = str;
    }

    public ConcurrentHashMap<String, String> getCachedAlipayPublicKey() {
        return this.cachedAlipayPublicKey;
    }

    public void setCachedAlipayPublicKey(ConcurrentHashMap<String, String> concurrentHashMap) {
        this.cachedAlipayPublicKey = concurrentHashMap;
    }

    public String getEncryptType() {
        return this.encryptType;
    }

    public void setEncryptType(String str) {
        this.encryptType = str;
    }

    public String getEncryptKey() {
        return this.encryptKey;
    }

    public void setEncryptKey(String str) {
        this.encryptKey = str;
    }
}
