package com.abasecode.opencode.pay.plugin.wechatpay.util;

import com.abasecode.opencode.pay.plugin.wechatpay.constant.WechatConstant;
import com.abasecode.opencode.pay.plugin.wechatpay.constant.WechatMessage;
import com.abasecode.opencode.pay.plugin.wechatpay.entity.WechatCertificate;
import com.abasecode.opencode.pay.plugin.wechatpay.entity.WechatEncryptCertificate;
import com.abasecode.opencode.pay.util.BaseUtils;
import com.alibaba.fastjson2.JSON;
import com.alibaba.fastjson2.JSONObject;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.Base64;
import java.util.Date;
import java.util.Enumeration;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/abasecode/opencode/pay/plugin/wechatpay/util/WechatUtils.class */
public class WechatUtils {
    public static String getSerialNumber() throws Exception {
        return getCertificate().getSerialNumber().toString(16).toUpperCase();
    }

    public static PrivateKey getPrivateKey() throws Exception {
        return (PrivateKey) getKeyStore().getKey(WechatConstant.KEY_ALIAS, WechatConstant.wechatMchid.toCharArray());
    }

    private static KeyStore getKeyStore() throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
        BufferedInputStream bufferedInputStream = new BufferedInputStream(BaseUtils.getStream(WechatConstant.wechatCertUrl));
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(bufferedInputStream, WechatConstant.wechatMchid.toCharArray());
        return keyStore;
    }

    private static String getKeyAlias() throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
        BufferedInputStream bufferedInputStream = new BufferedInputStream(BaseUtils.getStream(WechatConstant.wechatCertUrl));
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(bufferedInputStream, WechatConstant.wechatMchid.toCharArray());
        String str = null;
        Enumeration<String> aliases = keyStore.aliases();
        if (aliases.hasMoreElements()) {
            str = aliases.nextElement();
        }
        return str;
    }

    public static X509Certificate getCertificate() throws Exception {
        return (X509Certificate) getKeyStore().getCertificate(WechatConstant.KEY_ALIAS);
    }

    public static PrivateKey getPrivateKey(String str) throws IOException {
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(new String(BaseUtils.getBytes(str), StandardCharsets.UTF_8).replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replaceAll("\\s+", ""))));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(WechatMessage.WECHAT_EXCEPTION_RSA_ERROR, e);
        } catch (InvalidKeySpecException e2) {
            throw new RuntimeException(WechatMessage.WECHAT_EXCEPTION_KEY_SPEC_ERROR);
        }
    }

    public static Map<String, X509Certificate> refreshCertificate() throws Exception {
        WechatCertificate wechatCertificate = null;
        Date date = null;
        for (WechatCertificate wechatCertificate2 : JSON.parseArray(((JSONObject) WechatHttp.httpGet(WechatConstant.URL_CERTIFICATES, "", JSONObject.class)).getString("data"), WechatCertificate.class)) {
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat(WechatConstant.DATE_FORMAT_WITH_3339);
            if (date == null) {
                wechatCertificate = wechatCertificate2;
                date = simpleDateFormat.parse(wechatCertificate2.getEffectiveTime());
            } else if (simpleDateFormat.parse(wechatCertificate2.getEffectiveTime()).getTime() > date.getTime()) {
                wechatCertificate = wechatCertificate2;
            }
        }
        WechatEncryptCertificate wechatEncryptCertificate = wechatCertificate.getWechatEncryptCertificate();
        X509Certificate x509Certificate = null;
        try {
            x509Certificate = (X509Certificate) CertificateFactory.getInstance(WechatConstant.CERTIFICATE_TYPE).generateCertificate(new ByteArrayInputStream(decryptToString(wechatEncryptCertificate.getAssociatedData(), wechatEncryptCertificate.getNonce(), wechatEncryptCertificate.getCiphertext()).getBytes(StandardCharsets.UTF_8)));
        } catch (CertificateException e) {
            e.printStackTrace();
        }
        ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
        concurrentHashMap.clear();
        concurrentHashMap.put(wechatCertificate.getSerialNo(), x509Certificate);
        return concurrentHashMap;
    }

    public static String decryptToString(String str, String str2, String str3) throws Exception {
        try {
            byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
            byte[] bytes2 = str2.getBytes(StandardCharsets.UTF_8);
            SecretKeySpec secretKeySpec = new SecretKeySpec(WechatConstant.wechatV3key.getBytes(StandardCharsets.UTF_8), WechatConstant.AES_NAME);
            GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(WechatConstant.GCM_LENGTH, bytes2);
            Cipher cipher = Cipher.getInstance(WechatConstant.AES_SETTING);
            cipher.init(2, secretKeySpec, gCMParameterSpec);
            cipher.updateAAD(bytes);
            return new String(cipher.doFinal(Base64.getDecoder().decode(str3)), StandardCharsets.UTF_8);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e) {
            throw new IllegalArgumentException(e);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e2) {
            throw new IllegalStateException(e2);
        } catch (Exception e3) {
            throw new Exception(WechatMessage.WECHAT_EXCEPTION_AES_FAIL);
        }
    }
}
