package com.github.songxchn.wxpay.util;

import com.github.songxchn.common.exception.WxErrorException;
import com.github.songxchn.common.exception.WxErrorExceptionFactor;
import com.github.songxchn.wxpay.constant.WxPayConstants;
import com.github.songxchn.wxpay.v2.bean.cert.WxPayCertificate;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.Base64Utils;

/* loaded from: input_file:com/github/songxchn/wxpay/util/CertKeyUtils.class */
public class CertKeyUtils {
    private static final Logger log = LoggerFactory.getLogger(CertKeyUtils.class);
    private static final int TAG_LENGTH_BIT = 128;
    private static final String CIPHER_PROVIDER = "SunJCE";
    private static final String TRANSFORMATION_NoPadding = "AES/GCM/NoPadding";
    private static final String ALGORITHM = "AES";

    public static WxPayCertificate decryptCertificate(String str, WxPayCertificate wxPayCertificate) throws WxErrorException {
        try {
            WxPayCertificate.EncryptCertificate encryptCertificate = wxPayCertificate.getEncryptCertificate();
            Cipher cipher = Cipher.getInstance(TRANSFORMATION_NoPadding, CIPHER_PROVIDER);
            cipher.init(2, new SecretKeySpec(str.getBytes(), ALGORITHM), new GCMParameterSpec(TAG_LENGTH_BIT, encryptCertificate.getNonce().getBytes()));
            cipher.updateAAD(encryptCertificate.getAssociatedData().getBytes());
            wxPayCertificate.setCertificateStr(new String(cipher.doFinal(Base64Utils.decodeFromString(encryptCertificate.getCipherText()))));
            return wxPayCertificate;
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new WxErrorException(WxErrorExceptionFactor.DECRYPT_CERTIFICATE_ERROR);
        }
    }

    public static PrivateKey loadPrivateKey(InputStream inputStream) throws WxErrorException {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[1024];
            while (true) {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    return loadPrivateKey(byteArrayOutputStream.toString(WxPayConstants.DEFAULT_CHARSET));
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
        } catch (IOException e) {
            log.error(e.getMessage(), e);
            throw new WxErrorException(WxErrorExceptionFactor.KEY_ERROR_ERROR);
        }
    }

    public static PrivateKey loadPrivateKey(String str) throws WxErrorException {
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64Utils.decodeFromString(str.replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replaceAll("\\s+", ""))));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            log.error(e.getMessage(), e);
            throw new WxErrorException(WxErrorExceptionFactor.KEY_ERROR_ERROR);
        }
    }

    public static X509Certificate loadCertificate(InputStream inputStream) throws WxErrorException {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(inputStream);
            x509Certificate.checkValidity();
            return x509Certificate;
        } catch (CertificateException e) {
            log.error(e.getMessage(), e);
            throw new WxErrorException(WxErrorExceptionFactor.KEY_FILE_ERROR);
        }
    }

    public static X509Certificate loadCertificate(String str) throws WxErrorException {
        return loadCertificate(new ByteArrayInputStream(str.getBytes()));
    }

    public static InputStream loadInputStream(String str) throws WxErrorException {
        InputStream openStream;
        if (str.startsWith("http://") || str.startsWith("https://")) {
            try {
                openStream = new URL(str).openStream();
                if (openStream == null) {
                    throw new WxErrorException(WxErrorExceptionFactor.KEY_FILE_NOT_EXIST);
                }
            } catch (IOException e) {
                throw new WxErrorException(WxErrorExceptionFactor.KEY_FILE_NOT_EXIST);
            }
        } else {
            File file = new File(str);
            if (!file.exists()) {
                throw new WxErrorException(WxErrorExceptionFactor.KEY_FILE_NOT_EXIST);
            }
            try {
                openStream = new FileInputStream(file);
            } catch (FileNotFoundException e2) {
                throw new WxErrorException(WxErrorExceptionFactor.KEY_FILE_NOT_EXIST);
            }
        }
        return openStream;
    }
}
