package com.github.songxchn.wxpay.util;

import com.github.songxchn.common.annotation.SensitiveEncrypt;
import com.github.songxchn.common.exception.WxErrorException;
import com.github.songxchn.common.exception.WxErrorExceptionFactor;
import com.github.songxchn.wxpay.constant.WxPayConstants;
import com.google.common.collect.Lists;
import java.lang.reflect.Field;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.crypto.Cipher;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.Base64Utils;

/* loaded from: input_file:com/github/songxchn/wxpay/util/SensitiveUtils.class */
public class SensitiveUtils {
    private static final Logger log = LoggerFactory.getLogger(SensitiveUtils.class);
    private static final String JAVA_LANG_STRING = "java.lang.String";
    private static final String CIPHER_PROVIDER = "SunJCE";
    private static final String TRANSFORMATION_PKCS1PADDING = "RSA/ECB/PKCS1Padding";
    private static final String TRANSFORMATION_1ANDMGF1PADDING = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";

    public static String rsaEncrypt(String str, X509Certificate x509Certificate) throws WxErrorException {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        try {
            Cipher cipher = Cipher.getInstance(TRANSFORMATION_PKCS1PADDING, CIPHER_PROVIDER);
            cipher.init(1, x509Certificate.getPublicKey());
            return Base64Utils.encodeToString(cipher.doFinal(str.getBytes(WxPayConstants.DEFAULT_CHARSET)));
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new WxErrorException(WxErrorExceptionFactor.SENSITIVE_ENCRYPT_ERROR);
        }
    }

    public static void encryptFieldsV3(Object obj, X509Certificate x509Certificate) throws WxErrorException {
        try {
            encryptField(obj, x509Certificate);
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new WxErrorException(WxErrorExceptionFactor.SENSITIVE_ENCRYPT_ERROR);
        }
    }

    private static void encryptField(Object obj, X509Certificate x509Certificate) throws WxErrorException, IllegalAccessException {
        for (Field field : Lists.newArrayList(Arrays.asList(obj.getClass().getDeclaredFields()))) {
            boolean isAccessible = field.isAccessible();
            field.setAccessible(true);
            if (field.isAnnotationPresent(SensitiveEncrypt.class) && field.get(obj) != null) {
                Object obj2 = field.get(obj);
                if (obj2 instanceof String) {
                    field.set(obj, rsaEncryptOAEPV3(obj2.toString(), x509Certificate));
                } else {
                    encryptField(obj2, x509Certificate);
                }
            }
            field.setAccessible(isAccessible);
        }
    }

    public static String rsaEncryptOAEPV3(String str, X509Certificate x509Certificate) throws WxErrorException {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        try {
            Cipher cipher = Cipher.getInstance(TRANSFORMATION_1ANDMGF1PADDING);
            cipher.init(1, x509Certificate.getPublicKey());
            return Base64Utils.encodeToString(cipher.doFinal(str.getBytes(WxPayConstants.DEFAULT_CHARSET)));
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new WxErrorException(WxErrorExceptionFactor.SENSITIVE_ENCRYPT_ERROR);
        }
    }

    public static void decryptFieldsV3(Object obj, PrivateKey privateKey) throws WxErrorException {
        try {
            decryptField(obj, privateKey);
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new WxErrorException(WxErrorExceptionFactor.SENSITIVE_ENCRYPT_ERROR);
        }
    }

    private static void decryptField(Object obj, PrivateKey privateKey) throws WxErrorException, IllegalAccessException {
        for (Field field : Lists.newArrayList(Arrays.asList(obj.getClass().getDeclaredFields()))) {
            boolean isAccessible = field.isAccessible();
            field.setAccessible(true);
            if (field.isAnnotationPresent(SensitiveEncrypt.class) && field.get(obj) != null) {
                Object obj2 = field.get(obj);
                if (obj2 instanceof String) {
                    field.set(obj, rsaDecryptOAEPV3(obj2.toString(), privateKey));
                } else {
                    decryptField(obj2, privateKey);
                }
            }
            field.setAccessible(isAccessible);
        }
    }

    public static String rsaDecryptOAEPV3(String str, PrivateKey privateKey) throws WxErrorException {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        try {
            Cipher cipher = Cipher.getInstance(TRANSFORMATION_1ANDMGF1PADDING);
            cipher.init(2, privateKey);
            return new String(cipher.doFinal(Base64Utils.decodeFromString(str)), WxPayConstants.DEFAULT_CHARSET);
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new WxErrorException(WxErrorExceptionFactor.SENSITIVE_ENCRYPT_ERROR);
        }
    }
}
