package work.gaigeshen.tripartite.ding.openapi.notify;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.RandomStringUtils;
import work.gaigeshen.tripartite.core.client.Clients;
import work.gaigeshen.tripartite.core.notify.AbstractNotifyContentReceiver;
import work.gaigeshen.tripartite.core.notify.DefaultNotifyContent;
import work.gaigeshen.tripartite.core.notify.NotifyContentIncorrectException;
import work.gaigeshen.tripartite.core.util.json.JsonCodec;
import work.gaigeshen.tripartite.ding.openapi.config.DingConfig;

/* loaded from: input_file:work/gaigeshen/tripartite/ding/openapi/notify/DingNotifyContentReceiver.class */
public class DingNotifyContentReceiver extends AbstractNotifyContentReceiver<DefaultNotifyContent> {
    private final Clients<DingConfig> dingClients;

    public DingNotifyContentReceiver(Clients<DingConfig> clients) {
        if (Objects.isNull(clients)) {
            throw new IllegalArgumentException("clients cannot be null");
        }
        this.dingClients = clients;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DefaultNotifyContent validate(DefaultNotifyContent defaultNotifyContent) throws NotifyContentIncorrectException {
        String str = (String) defaultNotifyContent.getValue("app_key");
        if (Objects.isNull(str)) {
            throw new NotifyContentIncorrectException("could not find [app_key] parameter: " + defaultNotifyContent);
        }
        DingConfig dingConfig = (DingConfig) this.dingClients.getConfig(dingConfig2 -> {
            return Objects.equals(dingConfig2.getAppKey(), str);
        });
        defaultNotifyContent.put("ding_config", dingConfig);
        String str2 = (String) defaultNotifyContent.getValue("msg_signature");
        if (Objects.isNull(str2)) {
            throw new NotifyContentIncorrectException("could not find [msg_signature] parameter: " + defaultNotifyContent);
        }
        String str3 = (String) defaultNotifyContent.getValue("timestamp");
        if (Objects.isNull(str3)) {
            throw new NotifyContentIncorrectException("could not find [timestamp] parameter: " + defaultNotifyContent);
        }
        String str4 = (String) defaultNotifyContent.getValue("nonce");
        if (Objects.isNull(str4)) {
            throw new NotifyContentIncorrectException("could not find [nonce] parameter: " + defaultNotifyContent);
        }
        String bodyAsString = defaultNotifyContent.getBodyAsString();
        if (Objects.isNull(bodyAsString)) {
            throw new NotifyContentIncorrectException("could not find request body: " + defaultNotifyContent);
        }
        String str5 = (String) JsonCodec.instance().decodeObject(bodyAsString).get("encrypt");
        if (Objects.isNull(str5)) {
            throw new NotifyContentIncorrectException("could not find [encrypt] field of request body: " + defaultNotifyContent);
        }
        if (!Objects.equals(genSignature(dingConfig, str3, str4, str5), str2)) {
            throw new NotifyContentIncorrectException("invalid signature: " + defaultNotifyContent);
        }
        try {
            defaultNotifyContent.put("decrypted", decrypt(dingConfig, str5));
            return defaultNotifyContent;
        } catch (GeneralSecurityException e) {
            throw new NotifyContentIncorrectException("could not decrypt: " + defaultNotifyContent, e);
        }
    }

    public static String genSignature(DingConfig dingConfig, String str, String str2, String str3) {
        if (Objects.isNull(dingConfig)) {
            throw new IllegalArgumentException("config cannot be null");
        }
        if (Objects.isNull(str) || Objects.isNull(str2) || Objects.isNull(str3)) {
            throw new IllegalArgumentException("timestamp and nonce and encrypted cannot be null");
        }
        String[] strArr = {dingConfig.getToken(), str, str2, str3};
        Arrays.sort(strArr);
        return DigestUtils.sha1Hex(String.join("", strArr));
    }

    public static String encrypt(DingConfig dingConfig, String str) throws GeneralSecurityException {
        if (Objects.isNull(dingConfig)) {
            throw new IllegalArgumentException("config cannot be null");
        }
        if (Objects.isNull(str)) {
            throw new IllegalArgumentException("plain text cannot be null");
        }
        byte[] decodeBase64 = Base64.decodeBase64(dingConfig.getSecretKey() + "=");
        byte[] bytes = RandomStringUtils.randomAscii(16).getBytes();
        byte[] bytes2 = str.getBytes();
        byte[] bArr = {(byte) ((bytes2.length >> 24) & 255), (byte) ((bytes2.length >> 16) & 255), (byte) ((bytes2.length >> 8) & 255), (byte) (bytes2.length & 255)};
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byteArrayOutputStream.write(bytes);
            byteArrayOutputStream.write(bArr);
            byteArrayOutputStream.write(bytes2);
            int size = 32 - (32 % byteArrayOutputStream.size());
            byte b = (byte) (size & 255);
            for (int i = 0; i < size; i++) {
                byteArrayOutputStream.write(b);
            }
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            SecretKeySpec secretKeySpec = new SecretKeySpec(decodeBase64, "AES");
            IvParameterSpec ivParameterSpec = new IvParameterSpec(decodeBase64, 0, 16);
            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
            cipher.init(1, secretKeySpec, ivParameterSpec);
            return Base64.encodeBase64String(cipher.doFinal(byteArray));
        } catch (IOException e) {
            throw new IllegalStateException(e.getMessage(), e);
        }
    }

    public static String decrypt(DingConfig dingConfig, String str) throws GeneralSecurityException {
        if (Objects.isNull(dingConfig)) {
            throw new IllegalArgumentException("config cannot be null");
        }
        if (Objects.isNull(str)) {
            throw new IllegalArgumentException("encrypted text cannot be null");
        }
        byte[] decodeBase64 = Base64.decodeBase64(dingConfig.getSecretKey() + "=");
        SecretKeySpec secretKeySpec = new SecretKeySpec(decodeBase64, "AES");
        IvParameterSpec ivParameterSpec = new IvParameterSpec(decodeBase64, 0, 16);
        Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
        cipher.init(2, secretKeySpec, ivParameterSpec);
        byte[] doFinal = cipher.doFinal(Base64.decodeBase64(str));
        byte[] copyOfRange = Arrays.copyOfRange(doFinal, 0, doFinal.length - doFinal[doFinal.length - 1]);
        byte[] copyOfRange2 = Arrays.copyOfRange(copyOfRange, 16, 20);
        int i = 0;
        for (int i2 = 0; i2 < 4; i2++) {
            i = (i << 8) | (copyOfRange2[i2] & 255);
        }
        return new String(Arrays.copyOfRange(copyOfRange, 20, 20 + i));
    }
}
