package org.miaixz.bus.pay;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.miaixz.bus.core.codec.binary.Base64;
import org.miaixz.bus.core.io.resource.ClassPathResource;
import org.miaixz.bus.core.lang.Charset;
import org.miaixz.bus.core.lang.Normal;
import org.miaixz.bus.core.lang.Regex;
import org.miaixz.bus.core.lang.Symbol;
import org.miaixz.bus.core.xyz.CompareKit;
import org.miaixz.bus.core.xyz.DateKit;
import org.miaixz.bus.core.xyz.IoKit;
import org.miaixz.bus.core.xyz.StringKit;
import org.miaixz.bus.crypto.Keeper;
import org.miaixz.bus.crypto.builtin.Certificate;
import org.miaixz.bus.pay.metric.wechat.AuthType;
import org.miaixz.bus.pay.metric.wechat.WechatPayBuilder;

/* loaded from: input_file:org/miaixz/bus/pay/Builder.class */
public class Builder {
    public static PrivateKey getSmPrivateKey(String str) throws Exception {
        return getSmPrivateKey(Base64.decode(str));
    }

    public static PublicKey getSmPublicKey(String str) throws Exception {
        return getSmPublicKey(Base64.decode(str));
    }

    public static PrivateKey getSmPrivateKey(byte[] bArr) throws Exception {
        return KeyFactory.getInstance("EC", (java.security.Provider) new BouncyCastleProvider()).generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    public static PublicKey getSmPublicKey(byte[] bArr) throws Exception {
        return KeyFactory.getInstance("EC", (java.security.Provider) new BouncyCastleProvider()).generatePublic(new X509EncodedKeySpec(bArr));
    }

    public static String sm2SignWithSm3(String str, String str2) throws Exception {
        return sm2SignWithSm3(getSmPrivateKey(str), str2);
    }

    public static String sm2SignWithSm3(PrivateKey privateKey, String str) throws Exception {
        Signature signature = Signature.getInstance(GMObjectIdentifiers.sm2sign_with_sm3.toString(), (java.security.Provider) new BouncyCastleProvider());
        signature.initSign(privateKey);
        signature.update(str.getBytes(StandardCharsets.UTF_8));
        return Base64.encode(signature.sign());
    }

    public static byte[] sm3Hash(String str) throws Exception {
        return Arrays.copyOf(MessageDigest.getInstance("SM3", (java.security.Provider) new BouncyCastleProvider()).digest(str.getBytes(StandardCharsets.UTF_8)), 16);
    }

    public static String sm4DecryptToString(String str, String str2, String str3, String str4) throws Exception {
        Cipher cipher = Cipher.getInstance("SM4/GCM/NoPadding", (java.security.Provider) new BouncyCastleProvider());
        cipher.init(2, new SecretKeySpec(sm3Hash(str), "SM4"), new GCMParameterSpec(128, str3.getBytes(StandardCharsets.UTF_8)));
        cipher.updateAAD(str4.getBytes(StandardCharsets.UTF_8));
        return new String(cipher.doFinal(Base64.decode(str2)), StandardCharsets.UTF_8);
    }

    public static boolean sm4Verify(String str, String str2, String str3) throws Exception {
        return sm4Verify(getSmPublicKey(str), str2, str3);
    }

    public static boolean sm4Verify(PublicKey publicKey, String str, String str2) throws Exception {
        Signature signature = Signature.getInstance(GMObjectIdentifiers.sm2sign_with_sm3.toString(), (java.security.Provider) new BouncyCastleProvider());
        signature.initVerify(publicKey);
        signature.update(str.getBytes(StandardCharsets.UTF_8));
        return signature.verify(Base64.decode(str2.getBytes(StandardCharsets.UTF_8)));
    }

    public static String decryptData(String str, String str2) {
        return org.miaixz.bus.crypto.Builder.aes(org.miaixz.bus.crypto.Builder.md5(str2).toLowerCase().getBytes()).decryptString(str);
    }

    public static String encryptData(String str, String str2) {
        return org.miaixz.bus.crypto.Builder.aes(org.miaixz.bus.crypto.Builder.md5(str2).toLowerCase().getBytes()).encryptBase64(str.getBytes());
    }

    public static String createLinkString(Map<String, String> map) {
        return createLinkString(map, false);
    }

    public static String createLinkString(Map<String, String> map, boolean z) {
        return createLinkString(map, Symbol.AND, z);
    }

    public static String createLinkString(Map<String, String> map, String str, boolean z) {
        return createLinkString(map, str, z, false);
    }

    public static String createLinkString(Map<String, String> map, String str, boolean z, boolean z2) {
        ArrayList arrayList = new ArrayList(map.keySet());
        Collections.sort(arrayList);
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < arrayList.size(); i++) {
            String str2 = (String) arrayList.get(i);
            String str3 = map.get(str2);
            if (!StringKit.isBlank(str3)) {
                if (i == arrayList.size() - 1) {
                    if (z2) {
                        sb.append(str2).append(Symbol.EQUAL).append('\"').append(z ? urlEncode(str3) : str3).append('\"');
                    } else {
                        sb.append(str2).append(Symbol.EQUAL).append(z ? urlEncode(str3) : str3);
                    }
                } else if (z2) {
                    sb.append(str2).append(Symbol.EQUAL).append('\"').append(z ? urlEncode(str3) : str3).append('\"').append(str);
                } else {
                    sb.append(str2).append(Symbol.EQUAL).append(z ? urlEncode(str3) : str3).append(str);
                }
            }
        }
        return sb.toString();
    }

    public static String urlEncode(String str) {
        try {
            return URLEncoder.encode(str, Charset.DEFAULT_UTF_8).replace(Symbol.PLUS, "%20");
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
            return null;
        }
    }

    public static StringBuffer forEachMap(Map<String, String> map, String str, String str2) {
        StringBuffer stringBuffer = new StringBuffer();
        if (StringKit.isNotEmpty(str)) {
            stringBuffer.append(str);
        }
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String key = entry.getKey();
            if (!StringKit.isEmpty(entry.getValue())) {
                stringBuffer.append(Symbol.LT).append(key).append(Symbol.GT);
                stringBuffer.append(entry.getValue());
                stringBuffer.append("</").append(key).append(Symbol.GT);
            }
        }
        if (StringKit.isNotEmpty(str2)) {
            stringBuffer.append(str2);
        }
        return stringBuffer;
    }

    public static String buildSignMessage(String str, String str2, long j, String str3, String str4) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(str);
        arrayList.add(str2);
        arrayList.add(String.valueOf(j));
        arrayList.add(str3);
        arrayList.add(str4);
        return buildSignMessage(arrayList);
    }

    public static String buildSignMessage(String str, String str2, String str3) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(str);
        arrayList.add(str2);
        arrayList.add(str3);
        return buildSignMessage(arrayList);
    }

    public static String buildSignMessage(ArrayList<String> arrayList) {
        if (arrayList == null || arrayList.size() == 0) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = arrayList.iterator();
        while (it.hasNext()) {
            sb.append(it.next()).append(Symbol.LF);
        }
        return sb.toString();
    }

    public static String createSign(ArrayList<String> arrayList, String str, String str2) throws Exception {
        return createSign(buildSignMessage(arrayList), str, str2);
    }

    public static String createSign(ArrayList<String> arrayList, PrivateKey privateKey) throws Exception {
        return createSign(buildSignMessage(arrayList), privateKey);
    }

    public static String createSign(String str, String str2, String str3) throws Exception {
        if (StringKit.isEmpty(str)) {
            return null;
        }
        PrivateKey privateKey = getPrivateKey(str2, str3);
        return StringKit.equals(str3, AuthType.SM2.getCode()) ? sm2SignWithSm3(privateKey, str) : WechatPayBuilder.encryptByPrivateKey(str, privateKey);
    }

    public static String createSign(String str, PrivateKey privateKey) throws Exception {
        if (StringKit.isEmpty(str)) {
            return null;
        }
        return WechatPayBuilder.encryptByPrivateKey(str, privateKey);
    }

    public static String getAuthorization(String str, String str2, String str3, String str4, String str5, String str6) {
        HashMap hashMap = new HashMap(5);
        hashMap.put("mchid", str);
        hashMap.put("serial_no", str2);
        hashMap.put("nonce_str", str3);
        hashMap.put("timestamp", str4);
        hashMap.put("signature", str5);
        return str6.concat(Symbol.SPACE).concat(createLinkString(hashMap, ",", false, true));
    }

    public static PrivateKey getPrivateKey(String str, String str2) throws Exception {
        String certFileContent = getCertFileContent(str);
        if (StringKit.isEmpty(certFileContent)) {
            throw new RuntimeException("商户私钥证书获取失败");
        }
        return getPrivateKeyByKeyContent(certFileContent, str2);
    }

    public static PrivateKey getPrivateKeyByKeyContent(String str, String str2) throws Exception {
        String privateKeyByContent = getPrivateKeyByContent(str);
        return StringKit.equals(str2, AuthType.SM2.getCode()) ? getSmPrivateKey(privateKeyByContent) : WechatPayBuilder.loadPrivateKey(privateKeyByContent);
    }

    public static String getPrivateKeyByContent(String str) {
        return str.replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replaceAll(Regex.SPACES, "");
    }

    public static String getPublicKeyByContent(String str) {
        return str.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "").replaceAll(Regex.SPACES, "");
    }

    public static X509Certificate getCertificate(InputStream inputStream) {
        try {
            Security.addProvider(new BouncyCastleProvider());
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(Keeper.TYPE_X509, (java.security.Provider) new BouncyCastleProvider()).generateCertificate(inputStream);
            x509Certificate.checkValidity();
            return x509Certificate;
        } catch (CertificateExpiredException e) {
            throw new RuntimeException("证书已过期", e);
        } catch (CertificateNotYetValidException e2) {
            throw new RuntimeException("证书尚未生效", e2);
        } catch (CertificateException e3) {
            throw new RuntimeException("无效的证书", e3);
        }
    }

    public static X509Certificate getCertificate(String str) {
        if (StringKit.isEmpty(str)) {
            return null;
        }
        try {
            return getCertificate(getCertFileInputStream(str));
        } catch (IOException e) {
            throw new RuntimeException("请检查证书路径是否正确", e);
        }
    }

    /* JADX WARN: Type inference failed for: r0v2, types: [org.miaixz.bus.crypto.builtin.Certificate$CertificateBuilder] */
    public static Certificate getCertificateInfo(X509Certificate x509Certificate) {
        if (null == x509Certificate) {
            return null;
        }
        return Certificate.builder().self(x509Certificate).issuer(x509Certificate.getIssuerDN()).subject(x509Certificate.getSubjectDN()).version(String.valueOf(x509Certificate.getVersion())).notBefore(x509Certificate.getNotBefore()).notAfter(x509Certificate.getNotAfter()).serial(x509Certificate.getSerialNumber().toString(16)).build();
    }

    public static Certificate getCertificateInfo(String str) {
        return getCertificateInfo(getCertificate(str));
    }

    public static boolean checkCertificateIsValid(Certificate certificate, String str, int i) {
        Date notAfter;
        Principal subject;
        if (null == certificate || null == (notAfter = certificate.getNotAfter())) {
            return false;
        }
        if (StringKit.isNotEmpty(str) && (null == (subject = certificate.getSubject()) || !subject.getName().contains("CN=".concat(str.trim())))) {
            return false;
        }
        String serial = certificate.getSerial();
        return !StringKit.isEmpty(serial) && serial.length() == 40 && CompareKit.compare(DateKit.offsetDay(notAfter, i), DateKit.date(new Date())) >= 0;
    }

    public static boolean checkCertificateIsValid(X509Certificate x509Certificate, String str, int i) {
        if (null == x509Certificate) {
            return false;
        }
        return checkCertificateIsValid(getCertificateInfo(x509Certificate), str, i);
    }

    public static boolean checkCertificateIsValid(String str, String str2, int i) {
        return checkCertificateIsValid(getCertificateInfo(str), str2, i);
    }

    public static String rsaEncryptOAEP(String str, X509Certificate x509Certificate) throws Exception {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
            cipher.init(1, x509Certificate.getPublicKey());
            return Base64.encode(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8)));
        } catch (InvalidKeyException e) {
            throw new IllegalArgumentException("无效的证书", e);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e2) {
            throw new RuntimeException("当前Java环境不支持RSA v1.5/OAEP", e2);
        } catch (BadPaddingException | IllegalBlockSizeException e3) {
            throw new IllegalBlockSizeException("加密原串的长度不能超过214字节");
        }
    }

    public static String rsaDecryptOAEP(String str, PrivateKey privateKey) throws Exception {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
            cipher.init(2, privateKey);
            return new String(cipher.doFinal(Base64.decode(str)), StandardCharsets.UTF_8);
        } catch (InvalidKeyException e) {
            throw new IllegalArgumentException("无效的私钥", e);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e2) {
            throw new RuntimeException("当前Java环境不支持RSA v1.5/OAEP", e2);
        } catch (BadPaddingException | IllegalBlockSizeException e3) {
            throw new BadPaddingException("解密失败");
        }
    }

    public static InputStream getFileToStream(String str) {
        return new ClassPathResource(str).getStream();
    }

    public static String getAbsolutePath(String str) {
        return new ClassPathResource(str).getAbsolutePath();
    }

    public static InputStream getCertFileInputStream(String str) throws IOException {
        if (StringKit.isBlank(str)) {
            return null;
        }
        File file = new File(str);
        return file.exists() ? Files.newInputStream(file.toPath(), new OpenOption[0]) : getFileToStream(str);
    }

    public static String getCertFileContent(String str) throws IOException {
        return IoKit.read(getCertFileInputStream(str), StandardCharsets.UTF_8);
    }

    public static String getFilePath(String str) {
        return StringKit.startWith(str, Normal.CLASSPATH) ? getAbsolutePath(str) : str;
    }
}
