package work.gaigeshen.tripartite.pay.wechat.config;

import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.util.Base64;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.io.IOUtils;

/* loaded from: input_file:work/gaigeshen/tripartite/pay/wechat/config/DefaultWechatSecretKey.class */
public class DefaultWechatSecretKey implements WechatSecretKey {
    private final byte[] secretKey;

    public DefaultWechatSecretKey(byte[] bArr) throws WechatSecretKeyException {
        if (Objects.isNull(bArr)) {
            throw new IllegalArgumentException("secret key cannot be null");
        }
        if (bArr.length != 32) {
            throw new WechatSecretKeyException("secret key length != 32");
        }
        this.secretKey = bArr;
    }

    public static DefaultWechatSecretKey load(String str) throws WechatSecretKeyException {
        if (Objects.isNull(str)) {
            throw new IllegalArgumentException("secret key content cannot be null");
        }
        return new DefaultWechatSecretKey(str.getBytes(StandardCharsets.UTF_8));
    }

    public static DefaultWechatSecretKey loadClasspath(String str) throws WechatSecretKeyException {
        if (Objects.isNull(str)) {
            throw new IllegalArgumentException("secret key classpath cannot be null");
        }
        try {
            InputStream resourceAsStream = DefaultWechatSecretKey.class.getClassLoader().getResourceAsStream(str);
            try {
                if (Objects.isNull(resourceAsStream)) {
                    throw new WechatSecretKeyException("could not read resource: " + str);
                }
                DefaultWechatSecretKey load = load(IOUtils.toString(resourceAsStream, StandardCharsets.UTF_8));
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
                return load;
            } finally {
            }
        } catch (IOException e) {
            throw new WechatSecretKeyException("could not load from classpath: " + str, e);
        }
    }

    public static DefaultWechatSecretKey loadFile(String str) throws WechatSecretKeyException {
        if (Objects.isNull(str)) {
            throw new IllegalArgumentException("filename cannot be null");
        }
        Path path = Paths.get(str, new String[0]);
        if (!Files.isReadable(path)) {
            throw new IllegalArgumentException("file not readable: " + str);
        }
        try {
            return load(new String(Files.readAllBytes(path), StandardCharsets.UTF_8));
        } catch (IOException e) {
            throw new WechatSecretKeyException("could not load from filename: " + str, e);
        }
    }

    @Override // work.gaigeshen.tripartite.pay.wechat.config.WechatSecretKey
    public byte[] decrypt(String str, byte[] bArr, byte[] bArr2) throws WechatSecretKeyException {
        if (Objects.isNull(str)) {
            throw new IllegalArgumentException("cipher text cannot be null");
        }
        if (Objects.isNull(bArr)) {
            throw new IllegalArgumentException("nonce cannot be null");
        }
        if (Objects.isNull(bArr2)) {
            throw new IllegalArgumentException("aad cannot be null");
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(this.secretKey, "AES");
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, bArr);
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, secretKeySpec, gCMParameterSpec);
            cipher.updateAAD(bArr2);
            return cipher.doFinal(Base64.getDecoder().decode(str));
        } catch (InvalidKeyException e) {
            throw new WechatSecretKeyException("secret key is invalid", e);
        } catch (GeneralSecurityException e2) {
            throw new WechatSecretKeyDecryptionException("could not decrypt", e2);
        }
    }
}
