package cn.felord.callbacks;

import cn.felord.WeComException;
import cn.felord.domain.callback.CallbackEventBody;
import cn.felord.utils.Algorithms;
import cn.felord.utils.Base64Utils;
import cn.felord.utils.StringUtils;
import cn.felord.xml.XmlReader;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.time.Instant;
import java.util.Arrays;
import java.util.Objects;
import java.util.Random;
import java.util.stream.IntStream;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:cn/felord/callbacks/CallbackCrypto.class */
public class CallbackCrypto {
    private static final String BOM = "\ufeff";
    private static final String BASE_ = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
    private static final String MSG = "{\"encrypt\":\"%1$s\",\"msgsignature\":\"%2$s\",\"timestamp\":\"%3$s\",\"nonce\":\"%4$s\"}";
    private static final Random RANDOM = new SecureRandom();
    private final XmlReader xmlReader;
    private final CallbackAsyncConsumer callbackAsyncConsumer;
    private final CallbackSettingsService callbackSettingsService;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CallbackCrypto(XmlReader xmlReader, CallbackSettingsService callbackSettingsService, CallbackAsyncConsumer callbackAsyncConsumer) {
        this.xmlReader = xmlReader;
        this.callbackSettingsService = callbackSettingsService;
        this.callbackAsyncConsumer = callbackAsyncConsumer;
    }

    byte[] getNetworkBytesOrder(int i) {
        return new byte[]{(byte) ((i >> 24) & 255), (byte) ((i >> 16) & 255), (byte) ((i >> 8) & 255), (byte) (i & 255)};
    }

    int recoverNetworkBytesOrder(byte[] bArr) {
        int i = 0;
        for (int i2 = 0; i2 < 4; i2++) {
            i = (i << 8) | (bArr[i2] & 255);
        }
        return i;
    }

    String randomStr() {
        IntStream ints = RANDOM.ints(16L, 0, BASE_.length());
        String str = BASE_;
        return ((StringBuffer) ints.mapToObj(str::charAt).collect(StringBuffer::new, (v0, v1) -> {
            v0.append(v1);
        }, (v0, v1) -> {
            v0.append(v1);
        })).toString();
    }

    String encrypt(String str, byte[] bArr, String str2, String str3) throws WeComException {
        byte[] bytes = str2.getBytes(StandardCharsets.UTF_8);
        byte[] bytes2 = str3.getBytes(StandardCharsets.UTF_8);
        byte[] networkBytesOrder = getNetworkBytesOrder(bytes2.length);
        byte[] bytes3 = str.getBytes(StandardCharsets.UTF_8);
        byte[] bytes4 = new ByteCollector().addBytes(bytes).addBytes(networkBytesOrder).addBytes(bytes2).addBytes(bytes3).addBytes(PKCS7Encoder.encode(bytes3.length + bytes2.length + networkBytesOrder.length + bytes3.length)).toBytes();
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
            cipher.init(1, new SecretKeySpec(bArr, "AES"), new IvParameterSpec(bArr, 0, 16));
            return Base64Utils.encodeToString(cipher.doFinal(bytes4));
        } catch (Exception e) {
            throw new WeComException("error when encrypt with AES");
        }
    }

    private String decrypt(String str, byte[] bArr, String str2) throws WeComException {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
            cipher.init(2, new SecretKeySpec(bArr, "AES"), new IvParameterSpec(Arrays.copyOfRange(bArr, 0, 16)));
            try {
                byte[] decode = PKCS7Encoder.decode(cipher.doFinal(Base64Utils.decodeFromString(str2)));
                int recoverNetworkBytesOrder = recoverNetworkBytesOrder(Arrays.copyOfRange(decode, 16, 20));
                String str3 = new String(Arrays.copyOfRange(decode, 20, 20 + recoverNetworkBytesOrder), StandardCharsets.UTF_8);
                if (Objects.equals(str, new String(Arrays.copyOfRange(decode, 20 + recoverNetworkBytesOrder, decode.length), StandardCharsets.UTF_8))) {
                    return str3.startsWith(BOM) ? str3.substring(1) : str3;
                }
                throw new WeComException(" invalid corpid");
            } catch (Exception e) {
                throw new WeComException("invalid buffer when callback decrypted");
            }
        } catch (Exception e2) {
            throw new WeComException("error when decrypt with AES");
        }
    }

    public String encryptJsonMsg(String str, String str2, String str3, String str4, String str5) throws WeComException {
        CallbackSettings loadAuthentication = this.callbackSettingsService.loadAuthentication(str, str2);
        String encrypt = encrypt(loadAuthentication.getReceiveid(), loadAuthentication.getAesKey(), randomStr(), str3);
        if (!StringUtils.hasText(str4)) {
            str4 = Long.toString(System.currentTimeMillis());
        }
        return String.format(MSG, encrypt, Algorithms.sha1Signature(loadAuthentication.getToken(), str4, str5, encrypt), str4, str5);
    }

    public String encryptXmlMsg(String str, String str2, String str3, String str4, String str5) throws WeComException {
        CallbackSettings loadAuthentication = this.callbackSettingsService.loadAuthentication(str, str2);
        String encrypt = encrypt(loadAuthentication.getReceiveid(), loadAuthentication.getAesKey(), randomStr(), str3);
        if (!StringUtils.hasText(str4)) {
            str4 = Long.toString(Instant.now().toEpochMilli());
        }
        return this.xmlReader.write(new CallbackXmlResponse(encrypt, Algorithms.sha1Signature(loadAuthentication.getToken(), str4, str5, encrypt), str4, str5));
    }

    public <R> R accept(String str, String str2, String str3, String str4, String str5, String str6, R r) {
        return (R) doAccept(str, str2, str3, str4, str5, str6, r);
    }

    public String accept(String str, String str2, String str3, String str4, String str5, String str6) {
        return (String) doAccept(str, str2, str3, str4, str5, str6, "success");
    }

    private <T> T doAccept(String str, String str2, String str3, String str4, String str5, String str6, T t) {
        CallbackXmlBody callbackXmlBody = (CallbackXmlBody) this.xmlReader.read(str6, CallbackXmlBody.class);
        String encrypt = callbackXmlBody.getEncrypt();
        String decryptMsg = decryptMsg(str, str2, str3, str4, str5, encrypt);
        CallbackEventBody callbackEventBody = (CallbackEventBody) this.xmlReader.read(decryptMsg, CallbackEventBody.class);
        callbackEventBody.setAgentId(str);
        callbackEventBody.setMsgSignature(str3);
        callbackEventBody.setTimeStamp(str4);
        callbackEventBody.setNonce(str5);
        callbackEventBody.setEncrypt(encrypt);
        callbackEventBody.setXmlAgentId(callbackXmlBody.getAgentId());
        callbackEventBody.setOriginalXml(decryptMsg);
        this.callbackAsyncConsumer.asyncAction(callbackEventBody);
        return t;
    }

    public String decryptMsg(String str, String str2, String str3, String str4, String str5, String str6) {
        CallbackSettings loadAuthentication = this.callbackSettingsService.loadAuthentication(str, str2);
        if (Objects.equals(str3, Algorithms.sha1Signature(loadAuthentication.getToken(), str4, str5, str6))) {
            return decrypt(str2, loadAuthentication.getAesKey(), str6);
        }
        throw new WeComException("callback signature not matched");
    }
}
