package org.nutz.weixin.util;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.nutz.json.Json;
import org.nutz.lang.Files;
import org.nutz.lang.Streams;
import org.nutz.lang.Strings;
import org.nutz.lang.random.R;
import org.nutz.lang.util.NutMap;
import org.nutz.repo.Base64;
import org.nutz.weixin.bean.WxPay3Response;

/* loaded from: input_file:org/nutz/weixin/util/WxPay3Util.class */
public class WxPay3Util {
    private static final String KEY_ALGORITHM = "RSA";
    private static final int TAG_LENGTH_BIT = 128;
    private static final String OS = System.getProperty("os.name") + "/" + System.getProperty("os.version");
    private static final String VERSION = System.getProperty("java.version");

    public static String createSign(String str, PrivateKey privateKey) throws Exception {
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(privateKey);
        signature.update(str.getBytes(StandardCharsets.UTF_8));
        return Base64.encodeToString(signature.sign(), false);
    }

    public static String createSign(String str, String str2) throws Exception {
        if (Strings.isBlank(str)) {
            return null;
        }
        return encryptByPrivateKey(str, getPrivateKey(str2));
    }

    public static String encryptByPrivateKey(String str, PrivateKey privateKey) throws Exception {
        Signature signature = Signature.getInstance("SHA256WithRSA");
        signature.initSign(privateKey);
        signature.update(str.getBytes(StandardCharsets.UTF_8));
        return Strings.sNull(java.util.Base64.getEncoder().encodeToString(signature.sign()));
    }

    public static PrivateKey getPrivateKey(String str) throws Exception {
        return loadPrivateKey(new String(Files.readBytes(str), StandardCharsets.UTF_8.name()));
    }

    public static String getCertSerialNo(String str) {
        return getCertificate(Streams.fileIn(str)).getSerialNumber().toString(16).toUpperCase();
    }

    public static X509Certificate getCertificate(InputStream inputStream) {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(inputStream);
            x509Certificate.checkValidity();
            return x509Certificate;
        } catch (CertificateExpiredException e) {
            throw new RuntimeException("证书已过期", e);
        } catch (CertificateNotYetValidException e2) {
            throw new RuntimeException("证书尚未生效", e2);
        } catch (CertificateException e3) {
            throw new RuntimeException("无效的证书", e3);
        }
    }

    public static String buildAuthorization(String str, String str2, String str3, String str4, PrivateKey privateKey, String str5, String str6, long j, String str7) throws Exception {
        return getAuthorization(str3, str4, str6, String.valueOf(j), createSign(buildSignMessage(str, str2, j, str6, str5), privateKey), str7);
    }

    public static String buildAuthorization(String str, String str2, String str3, String str4, String str5, String str6, String str7, long j, String str8) throws Exception {
        return getAuthorization(str3, str4, str7, String.valueOf(j), createSign(buildSignMessage(str, str2, j, str7, str6), str5), str8);
    }

    public static String getAuthorization(String str, String str2, String str3, String str4, String str5, String str6) {
        HashMap hashMap = new HashMap(5);
        hashMap.put("mchid", str);
        hashMap.put("serial_no", str2);
        hashMap.put("nonce_str", str3);
        hashMap.put("timestamp", str4);
        hashMap.put("signature", str5);
        return str6.concat(" ").concat(createLinkString(hashMap, ",", false, true));
    }

    public static String createLinkString(Map<String, String> map, String str, boolean z, boolean z2) {
        ArrayList arrayList = new ArrayList(map.keySet());
        Collections.sort(arrayList);
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < arrayList.size(); i++) {
            String str2 = (String) arrayList.get(i);
            String str3 = map.get(str2);
            if (i == arrayList.size() - 1) {
                if (z2) {
                    sb.append(str2).append("=").append('\"').append(z ? getUrlEncode(str3) : str3).append('\"');
                } else {
                    sb.append(str2).append("=").append(z ? getUrlEncode(str3) : str3);
                }
            } else if (z2) {
                sb.append(str2).append("=").append('\"').append(z ? getUrlEncode(str3) : str3).append('\"').append(str);
            } else {
                sb.append(str2).append("=").append(z ? getUrlEncode(str3) : str3).append(str);
            }
        }
        return sb.toString();
    }

    public static String getUrlEncode(String str) {
        try {
            return URLEncoder.encode(str, StandardCharsets.UTF_8.name()).replace("+", "%20");
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
            return null;
        }
    }

    public static String buildSignMessage(String str, String str2, long j, String str3, String str4) {
        return str + "\n" + str2 + "\n" + String.valueOf(j) + "\n" + str3 + "\n" + str4 + "\n";
    }

    public static String buildSignMessage(String str, String str2, String str3) {
        return str + "\n" + str2 + "\n" + str3 + "\n";
    }

    public static NutMap getJsapiSignMessage(String str, String str2, String str3) throws Exception {
        String valueOf = String.valueOf(System.currentTimeMillis() / 1000);
        String upperCase = R.UU32().toUpperCase();
        String createSign = createSign(str + "\n" + valueOf + "\n" + upperCase + "\n" + ("prepay_id=" + str2) + "\n", str3);
        NutMap NEW = NutMap.NEW();
        NEW.put("appId", str);
        NEW.put("timeStamp", valueOf);
        NEW.put("nonceStr", upperCase);
        NEW.put("package", "prepay_id=" + str2);
        NEW.put("signType", KEY_ALGORITHM);
        NEW.put("paySign", createSign);
        return NEW;
    }

    public static PrivateKey loadPrivateKey(String str) throws Exception {
        try {
            return KeyFactory.getInstance(KEY_ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(str.replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replaceAll("\\s+", ""))));
        } catch (NullPointerException e) {
            throw new Exception("私钥数据为空");
        } catch (NoSuchAlgorithmException e2) {
            throw new Exception("无此算法");
        } catch (InvalidKeySpecException e3) {
            throw new Exception("私钥非法");
        }
    }

    public static Map<String, String> getHeaders(String str, String str2) {
        Map<String, String> baseHeaders = getBaseHeaders(str);
        baseHeaders.put("Content-Type", "application/json");
        if (Strings.isNotBlank(str2)) {
            baseHeaders.put("Wechatpay-Serial", str2);
        }
        return baseHeaders;
    }

    public static Map<String, String> getBaseHeaders(String str) {
        Object[] objArr = new Object[3];
        objArr[0] = WxPay3Util.class.getPackage().getImplementationVersion();
        objArr[1] = OS;
        objArr[2] = VERSION == null ? "Unknown" : VERSION;
        String format = String.format("WeChatPay-IJPay-HttpClient/%s (%s) Java/%s", objArr);
        HashMap hashMap = new HashMap(5);
        hashMap.put("Accept", "application/json");
        hashMap.put("Authorization", str);
        hashMap.put("User-Agent", format);
        return hashMap;
    }

    public static boolean verifySignature(WxPay3Response wxPay3Response, String str) throws Exception {
        X509Certificate certificate = getCertificate(new ByteArrayInputStream(str.getBytes()));
        return verifySignature(wxPay3Response.getHeader().get("Wechatpay-Signature"), wxPay3Response.getBody(), wxPay3Response.getHeader().get("Wechatpay-Nonce"), wxPay3Response.getHeader().get("Wechatpay-Timestamp"), certificate.getPublicKey());
    }

    public static String verifyNotify(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws Exception {
        X509Certificate certificate = getCertificate(new ByteArrayInputStream(str7.getBytes()));
        if (!certificate.getSerialNumber().toString(16).toUpperCase().equals(str) || !verifySignature(str3, str2, str4, str5, certificate.getPublicKey())) {
            return null;
        }
        NutMap nutMap = (NutMap) ((NutMap) Json.fromJson(NutMap.class, str2)).getAs("resource", NutMap.class);
        String string = nutMap.getString("ciphertext");
        String string2 = nutMap.getString("nonce");
        return decryptToString(str6.getBytes(StandardCharsets.UTF_8), nutMap.getString("associated_data").getBytes(StandardCharsets.UTF_8), string2.getBytes(StandardCharsets.UTF_8), string);
    }

    public static String decryptToString(byte[] bArr, byte[] bArr2, byte[] bArr3, String str) throws GeneralSecurityException {
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, new SecretKeySpec(bArr, "AES"), new GCMParameterSpec(TAG_LENGTH_BIT, bArr3));
            cipher.updateAAD(bArr2);
            return new String(cipher.doFinal(Base64.decode(str)), StandardCharsets.UTF_8);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e) {
            throw new IllegalArgumentException(e);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e2) {
            throw new IllegalStateException(e2);
        }
    }

    public static boolean verifySignature(String str, String str2, String str3, String str4, PublicKey publicKey) throws Exception {
        return checkByPublicKey(buildSignMessage(str4, str3, str2), str, publicKey);
    }

    public static boolean checkByPublicKey(String str, String str2, PublicKey publicKey) throws Exception {
        Signature signature = Signature.getInstance("SHA256WithRSA");
        signature.initVerify(publicKey);
        signature.update(str.getBytes(StandardCharsets.UTF_8));
        return signature.verify(Base64.decode(str2.getBytes(StandardCharsets.UTF_8)));
    }
}
