package cn.felord.payment.wechat.v3.crypto;

import cn.felord.payment.PayException;
import cn.felord.payment.wechat.v3.retrofit.HttpHeaders;
import cn.felord.utils.AlternativeJdkIdGenerator;
import cn.felord.utils.Base64Utils;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.time.Instant;
import java.util.Arrays;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import okhttp3.Headers;

/* loaded from: input_file:cn/felord/payment/wechat/v3/crypto/WechatPaySigner.class */
public final class WechatPaySigner {
    private static final String TOKEN_PATTERN = "mchid=\"%s\",nonce_str=\"%s\",timestamp=\"%d\",serial_no=\"%s\",signature=\"%s\"";
    private static final AlternativeJdkIdGenerator ID_GENERATOR = new AlternativeJdkIdGenerator();

    private WechatPaySigner() {
    }

    public static String sign(AppMerchant appMerchant, URI uri, String str, String str2) {
        String str3 = (String) Optional.ofNullable(uri.getRawQuery()).map(str4 -> {
            return uri.getRawPath().concat("?").concat(str4);
        }).orElse(uri.getRawPath());
        String generate32 = ID_GENERATOR.generate32();
        long epochSecond = Instant.now().getEpochSecond();
        String buildSignMessage = buildSignMessage(str, str3, String.valueOf(epochSecond), generate32, str2);
        AuthType authType = appMerchant.authType();
        Signature signature = Signature.getInstance(authType.alg());
        signature.initSign(appMerchant.privateKey());
        signature.update(buildSignMessage.getBytes(StandardCharsets.UTF_8));
        return authType.toAuthHeader(String.format(TOKEN_PATTERN, appMerchant.merchantId(), generate32, Long.valueOf(epochSecond), appMerchant.serialNumber(), Base64Utils.encodeToString(signature.sign())));
    }

    public static String sign(AppMerchant appMerchant, String... strArr) {
        String buildSignMessage = buildSignMessage(strArr);
        Signature signature = Signature.getInstance(appMerchant.authType().alg());
        signature.initSign(appMerchant.privateKey());
        signature.update(buildSignMessage.getBytes(StandardCharsets.UTF_8));
        return Base64Utils.encodeToString(signature.sign());
    }

    public static boolean verify(Headers headers, String str, TenpayKey tenpayKey) {
        String str2 = (String) Objects.requireNonNull(headers.get(HttpHeaders.WECHAT_PAY_SIGNATURE.headerName()));
        String str3 = headers.get(HttpHeaders.WECHAT_PAY_SIGNATURE_TYPE.headerName());
        String buildSignMessage = buildSignMessage(headers.get(HttpHeaders.WECHAT_PAY_TIMESTAMP.headerName()), headers.get(HttpHeaders.WECHAT_PAY_NONCE.headerName()), str);
        try {
            Signature signature = Signature.getInstance(AuthType.fromSignType(str3).alg());
            signature.initVerify(tenpayKey.toPublicKey());
            signature.update(buildSignMessage.getBytes(StandardCharsets.UTF_8));
            return signature.verify(Base64Utils.decodeFromString(str2));
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new PayException("Signature verification failed", e);
        }
    }

    private static String buildSignMessage(String... strArr) {
        return (String) Arrays.stream(strArr).collect(Collectors.joining("\n", "", "\n"));
    }
}
