package com.egzosn.pay.wx.v3.utils;

import com.egzosn.pay.common.exception.PayErrorException;
import com.egzosn.pay.common.util.sign.encrypt.Base64;
import com.egzosn.pay.wx.bean.WxPayError;
import com.egzosn.pay.wx.v3.bean.CertEnvironment;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:com/egzosn/pay/wx/v3/utils/AntCertificationUtil.class */
public final class AntCertificationUtil {
    private static final Map<String, Certificate> CERTIFICATE_MAP = new ConcurrentHashMap();
    private static final KeyStore PKCS12_KEY_STORE;
    private static final CertificateFactory CERTIFICATE_FACTORY;

    private AntCertificationUtil() {
    }

    public static Certificate loadCertificate(String str, InputStream inputStream) {
        try {
            Certificate generateCertificate = CERTIFICATE_FACTORY.generateCertificate(inputStream);
            CERTIFICATE_MAP.put(str, generateCertificate);
            return generateCertificate;
        } catch (CertificateException e) {
            throw new PayErrorException(new WxPayError("failure", " 在生成微信v3证书时发生错误，原因是" + e.getMessage()), e);
        }
    }

    public static Certificate getCertificate(String str) {
        return CERTIFICATE_MAP.get(str);
    }

    public static CertEnvironment initCertification(InputStream inputStream, String str, String str2) {
        char[] charArray = str2.toCharArray();
        try {
            PKCS12_KEY_STORE.load(inputStream, charArray);
            X509Certificate x509Certificate = (X509Certificate) PKCS12_KEY_STORE.getCertificate(str);
            x509Certificate.checkValidity();
            String upperCase = x509Certificate.getSerialNumber().toString(16).toUpperCase();
            return new CertEnvironment((PrivateKey) PKCS12_KEY_STORE.getKey(str, charArray), x509Certificate.getPublicKey(), upperCase);
        } catch (IOException e) {
            throw new PayErrorException(new WxPayError("failure", "私钥证书流加载失败"), e);
        } catch (GeneralSecurityException e2) {
            throw new PayErrorException(new WxPayError("failure", "获取公私钥失败"), e2);
        }
    }

    public static String decryptToString(String str, String str2, String str3, String str4, String str5) {
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", WxConst.BC_PROVIDER);
            cipher.init(2, new SecretKeySpec(str4.getBytes(Charset.forName(str5)), "AES"), new GCMParameterSpec(128, str2.getBytes(Charset.forName(str5))));
            cipher.updateAAD(str.getBytes(Charset.forName(str5)));
            return new String(cipher.doFinal(Base64.decode(str3)), Charset.forName(str5));
        } catch (GeneralSecurityException e) {
            throw new PayErrorException(new WxPayError("failure", e.getMessage()), e);
        }
    }

    public static String encryptToString(String str, Certificate certificate) {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", WxConst.BC_PROVIDER);
            cipher.init(1, certificate.getPublicKey());
            return Base64.encode(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8)));
        } catch (GeneralSecurityException e) {
            throw new PayErrorException(new WxPayError("failure", e.getMessage()), e);
        }
    }

    static {
        String property = System.getProperty("java.version");
        if (property.contains("1.8") || property.startsWith("8")) {
            Security.setProperty("crypto.policy", "unlimited");
        }
        try {
            if (null == Security.getProvider(WxConst.BC_PROVIDER)) {
                Security.removeProvider("SunEC");
                Security.addProvider(new BouncyCastleProvider());
            }
            PKCS12_KEY_STORE = KeyStore.getInstance("PKCS12");
            try {
                CERTIFICATE_FACTORY = CertificateFactory.getInstance("X509", WxConst.BC_PROVIDER);
            } catch (NoSuchProviderException | CertificateException e) {
                throw new PayErrorException(new WxPayError("failure", " keystore 初始化失败"), e);
            }
        } catch (KeyStoreException e2) {
            throw new PayErrorException(new WxPayError("failure", " keystore 初始化失败"), e2);
        }
    }
}
