package com.github.songxchn.wxpay.util;

import cn.hutool.core.util.HexUtil;
import cn.hutool.crypto.digest.DigestUtil;
import com.github.songxchn.common.annotation.SignExclude;
import com.github.songxchn.common.exception.WxErrorException;
import com.github.songxchn.common.exception.WxErrorExceptionFactor;
import com.github.songxchn.wxpay.constant.WxPayConstants;
import com.github.songxchn.wxpay.v2.bean.request.BaseWxPayRequest;
import com.github.songxchn.wxpay.v2.bean.result.BaseWxPayResult;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.thoughtworks.xstream.annotations.XStreamAlias;
import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.Base64Utils;

/* loaded from: input_file:com/github/songxchn/wxpay/util/SignUtils.class */
public class SignUtils {
    private static final Logger log = LoggerFactory.getLogger(SignUtils.class);
    private static List<String> NO_SIGN_PARAMS = Lists.newArrayList(new String[]{"sign", "key", "xmlString", "xmlDoc", "couponList"});

    public static String createSign(Object obj, String str, String str2, String[] strArr) throws WxErrorException {
        Map<String, String> map = null;
        if (XmlConfig.fastMode && (obj instanceof BaseWxPayRequest)) {
            map = ((BaseWxPayRequest) obj).getSignParams();
        }
        if (map == null) {
            map = xmlBean2Map(obj);
        }
        return createSign(map, str, str2, strArr);
    }

    public static String createSign(Map<String, String> map, String str, String str2, String[] strArr) throws WxErrorException {
        TreeMap treeMap = new TreeMap(map);
        StringBuilder sb = new StringBuilder();
        for (String str3 : treeMap.keySet()) {
            String str4 = map.get(str3);
            boolean z = false;
            if (StringUtils.isNotEmpty(str4) && !ArrayUtils.contains(strArr, str3) && !NO_SIGN_PARAMS.contains(str3)) {
                z = true;
            }
            if (z) {
                sb.append(str3).append("=").append(str4).append("&");
            }
        }
        sb.append("key=").append(str2);
        return WxPayConstants.SignType.HMAC_SHA256.equals(str) ? createHmacSha256Sign(sb.toString(), str2) : DigestUtil.md5Hex(sb.toString()).toUpperCase();
    }

    public static boolean checkSign(Object obj, String str, String str2) throws WxErrorException {
        return checkSign(xmlBean2Map(obj), str, str2);
    }

    public static boolean checkSign(Map<String, String> map, String str, String str2) throws WxErrorException {
        return createSign(map, str, str2, new String[0]).equals(map.get("sign"));
    }

    public static Map<String, String> xmlBean2Map(Object obj) {
        HashMap newHashMap = Maps.newHashMap();
        ArrayList<Field> arrayList = new ArrayList(Arrays.asList(obj.getClass().getDeclaredFields()));
        arrayList.addAll(Arrays.asList(obj.getClass().getSuperclass().getDeclaredFields()));
        if (obj.getClass().getSuperclass().getSuperclass() == BaseWxPayRequest.class) {
            arrayList.addAll(Arrays.asList(BaseWxPayRequest.class.getDeclaredFields()));
        }
        if (obj.getClass().getSuperclass().getSuperclass() == BaseWxPayResult.class) {
            arrayList.addAll(Arrays.asList(BaseWxPayResult.class.getDeclaredFields()));
        }
        for (Field field : arrayList) {
            try {
                boolean isAccessible = field.isAccessible();
                field.setAccessible(true);
                if (field.get(obj) == null) {
                    field.setAccessible(isAccessible);
                } else {
                    if (field.isAnnotationPresent(XStreamAlias.class)) {
                        newHashMap.put(field.getAnnotation(XStreamAlias.class).value(), field.get(obj).toString());
                    } else if (!Modifier.isStatic(field.getModifiers()) && !field.isAnnotationPresent(SignExclude.class)) {
                        newHashMap.put(field.getName(), field.get(obj).toString());
                    }
                    field.setAccessible(isAccessible);
                }
            } catch (IllegalAccessException | IllegalArgumentException | SecurityException e) {
                log.error(e.getMessage(), e);
            }
        }
        return newHashMap;
    }

    public static String createHmacSha256Sign(String str, String str2) throws WxErrorException {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(str2.getBytes(StandardCharsets.UTF_8), "HmacSHA256"));
            return HexUtil.encodeHexStr(mac.doFinal(str.getBytes(StandardCharsets.UTF_8))).toUpperCase();
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            log.error(e.getMessage(), e);
            throw new WxErrorException(WxErrorExceptionFactor.SIGN_ERROR_ERROR);
        }
    }

    public static String createSHA256withRSASign(String str, PrivateKey privateKey) throws WxErrorException {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(privateKey);
            signature.update(str.getBytes(StandardCharsets.UTF_8));
            return Base64Utils.encodeToString(signature.sign());
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            log.error(e.getMessage(), e);
            throw new WxErrorException(WxErrorExceptionFactor.SIGN_ERROR_ERROR);
        }
    }

    public static boolean checkSHA256withRSASign(X509Certificate x509Certificate, String str, String str2) throws WxErrorException {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initVerify(x509Certificate);
            signature.update(str.getBytes(StandardCharsets.UTF_8));
            return signature.verify(Base64Utils.decodeFromString(str2));
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            log.error(e.getMessage(), e);
            throw new WxErrorException(WxErrorExceptionFactor.SIGN_ERROR_ERROR);
        }
    }
}
