package top.codewood.wx.pay.v3.api;

import com.google.gson.Gson;
import com.google.gson.JsonObject;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import top.codewood.wx.pay.v3.bean.error.WxPayError;
import top.codewood.wx.pay.v3.bean.error.WxPayErrorException;
import top.codewood.wx.pay.v3.cert.CertificateItem;
import top.codewood.wx.pay.v3.cert.CertificateList;
import top.codewood.wx.pay.v3.common.WxPayConstants;
import top.codewood.wx.pay.v3.common.WxPayHttpClient;
import top.codewood.wx.pay.v3.util.crypt.PemUtils;
import top.codewood.wx.pay.v3.util.crypt.WxPayV3CryptUtils;
import top.codewood.wx.pay.v3.util.json.WxGsonBuilder;

/* loaded from: input_file:top/codewood/wx/pay/v3/api/WxPayV3Api.class */
public class WxPayV3Api {
    public static final String EMPTY_STR = "";
    private static final Map<String, PrivateKey> PRIVATE_KEY_MAP;
    private static final Map<String, Certificate> CERTIFICATE_MAP;
    private static final Gson GSON;
    static final /* synthetic */ boolean $assertionsDisabled;

    public static String getToken(String str, String str2, String str3, String str4, String str5) {
        try {
            long currentTimeMillis = System.currentTimeMillis() / 1000;
            String replace = UUID.randomUUID().toString().replace("-", EMPTY_STR);
            return String.format("WECHATPAY2-SHA256-RSA2048 mchid=\"%s\",nonce_str=\"%s\",timestamp=\"%s\",signature=\"%s\",serial_no=\"%s\"", str, replace, Long.valueOf(currentTimeMillis), sign(str, buildMessage(str3, str4, currentTimeMillis, replace, str5).getBytes(StandardCharsets.UTF_8)), str2);
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage());
        }
    }

    public static String buildMessage(String str, String str2, long j, String str3, String str4) throws MalformedURLException {
        URL url = new URL(str2);
        String path = url.getPath();
        if ("get".equalsIgnoreCase(str) && url.getQuery() != null) {
            path = path + "?" + url.getQuery();
        }
        return str + "\n" + path + "\n" + j + "\n" + str3 + "\n" + str4 + "\n";
    }

    public static String sign(String str, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        PrivateKey privateKey = PRIVATE_KEY_MAP.get(str);
        if (privateKey == null) {
            throw new RuntimeException("私钥未初始化");
        }
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(privateKey);
        signature.update(bArr);
        return Base64.getEncoder().encodeToString(signature.sign());
    }

    public static List<CertificateItem> certificates(String str, String str2) {
        try {
            return ((CertificateList) WxGsonBuilder.create().fromJson(new WxPayHttpClient().get(WxPayConstants.V3PayUrl.CERTIFICATE_LIST_URL, getToken(str, str2, WxPayConstants.HttpMethod.GET, WxPayConstants.V3PayUrl.CERTIFICATE_LIST_URL, EMPTY_STR)), CertificateList.class)).getCerts();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public static Map<String, CertificateItem> certificateListToMap(List<CertificateItem> list) {
        HashMap hashMap = new HashMap();
        list.stream().forEach(certificateItem -> {
        });
        return hashMap;
    }

    public static PrivateKey loadPrivateKey(String str, InputStream inputStream) {
        PrivateKey loadPrivateKey = PemUtils.loadPrivateKey(inputStream);
        PRIVATE_KEY_MAP.put(str, loadPrivateKey);
        return loadPrivateKey;
    }

    public static void loadCertificates(String str, List<CertificateItem> list) {
        if (!$assertionsDisabled && list == null) {
            throw new AssertionError();
        }
        if (list.size() > 0) {
            WxPayV3CryptUtils wxPayV3CryptUtils = new WxPayV3CryptUtils(str.getBytes(StandardCharsets.UTF_8));
            list.stream().forEach(certificateItem -> {
                try {
                    CERTIFICATE_MAP.put(certificateItem.getSerialNo(), PemUtils.loadCertificate(new ByteArrayInputStream(wxPayV3CryptUtils.decrypt(certificateItem.getEncryptCertificateItem().getAssociatedData().getBytes(StandardCharsets.UTF_8), certificateItem.getEncryptCertificateItem().getNonce().getBytes(StandardCharsets.UTF_8), certificateItem.getEncryptCertificateItem().getCipherText()).getBytes(StandardCharsets.UTF_8))));
                } catch (IOException e) {
                    e.printStackTrace();
                } catch (GeneralSecurityException e2) {
                    e2.printStackTrace();
                }
            });
        }
    }

    public static boolean verify(String str, String str2, String str3, String str4, String str5) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        if (!CERTIFICATE_MAP.containsKey(str)) {
            throw new RuntimeException(String.format("serialNo: %s 证书未配置!", str));
        }
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initVerify(CERTIFICATE_MAP.get(str));
        signature.update((str2 + "\n" + str3 + "\n" + str4 + "\n").getBytes(StandardCharsets.UTF_8));
        return signature.verify(Base64.getDecoder().decode(str5));
    }

    private static String errorFilterResponse(int i, String str) {
        JsonObject jsonObject = (JsonObject) GSON.fromJson(str, JsonObject.class);
        if (jsonObject.has("code") && jsonObject.has("message")) {
            WxPayError wxPayError = (WxPayError) WxGsonBuilder.create().fromJson(str, WxPayError.class);
            if (wxPayError.getCode() != null) {
                wxPayError.setStatus(i);
                throw new WxPayErrorException(wxPayError);
            }
        }
        return str;
    }

    static {
        $assertionsDisabled = !WxPayV3Api.class.desiredAssertionStatus();
        PRIVATE_KEY_MAP = new HashMap();
        CERTIFICATE_MAP = new HashMap();
        GSON = WxGsonBuilder.create();
    }
}
