package work.gaigeshen.tripartite.pay.wechat.config;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.Collection;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.Cipher;

/* loaded from: input_file:work/gaigeshen/tripartite/pay/wechat/config/DefaultWechatCertificates.class */
public class DefaultWechatCertificates implements WechatCertificates {
    private final Map<BigInteger, X509Certificate> certificates = new ConcurrentHashMap();

    public DefaultWechatCertificates() {
    }

    public DefaultWechatCertificates(Collection<X509Certificate> collection) {
        if (Objects.isNull(collection)) {
            throw new IllegalArgumentException("certificates cannot be null");
        }
        for (X509Certificate x509Certificate : collection) {
            this.certificates.put(x509Certificate.getSerialNumber(), x509Certificate);
        }
    }

    public static DefaultWechatCertificates load(String str) throws WechatCertificateException {
        if (Objects.isNull(str)) {
            throw new IllegalArgumentException("certificate content cannot be null");
        }
        return load(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)));
    }

    public static DefaultWechatCertificates load(InputStream inputStream) throws WechatCertificateException {
        if (Objects.isNull(inputStream)) {
            throw new IllegalArgumentException("certificate input stream cannot be null");
        }
        DefaultWechatCertificates defaultWechatCertificates = new DefaultWechatCertificates();
        defaultWechatCertificates.loadCertificate(inputStream);
        return defaultWechatCertificates;
    }

    public static DefaultWechatCertificates loadClasspath(String str) throws WechatCertificateException {
        if (Objects.isNull(str)) {
            throw new IllegalArgumentException("classpath cannot be null");
        }
        try {
            InputStream resourceAsStream = DefaultWechatCertificates.class.getClassLoader().getResourceAsStream(str);
            Throwable th = null;
            try {
                if (Objects.isNull(resourceAsStream)) {
                    throw new WechatCertificateException("could not read resource: " + str);
                }
                DefaultWechatCertificates load = load(resourceAsStream);
                if (resourceAsStream != null) {
                    if (0 != 0) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
                return load;
            } finally {
            }
        } catch (IOException e) {
            throw new WechatCertificateException("could not load from classpath: " + str, e);
        }
    }

    public static DefaultWechatCertificates loadFile(String str) throws WechatCertificateException {
        if (Objects.isNull(str)) {
            throw new IllegalArgumentException("filename cannot be null");
        }
        Path path = Paths.get(str, new String[0]);
        if (!Files.isReadable(path)) {
            throw new IllegalArgumentException("file not readable: " + str);
        }
        try {
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            Throwable th = null;
            try {
                try {
                    DefaultWechatCertificates load = load(newInputStream);
                    if (newInputStream != null) {
                        if (0 != 0) {
                            try {
                                newInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newInputStream.close();
                        }
                    }
                    return load;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new WechatCertificateException("could not load from file: " + str, e);
        }
    }

    @Override // work.gaigeshen.tripartite.pay.wechat.config.WechatCertificates
    public boolean verify(String str, String str2, byte[] bArr) throws WechatCertificateException {
        if (Objects.isNull(str)) {
            throw new IllegalArgumentException("serial number cannot be null");
        }
        if (Objects.isNull(str2) || Objects.isNull(bArr)) {
            throw new IllegalArgumentException("sign and content cannot be null");
        }
        X509Certificate x509Certificate = this.certificates.get(new BigInteger(str, 16));
        return Objects.nonNull(x509Certificate) && verify(x509Certificate, str2, bArr);
    }

    @Override // work.gaigeshen.tripartite.pay.wechat.config.WechatCertificates
    public boolean verify(X509Certificate x509Certificate, String str, byte[] bArr) throws WechatCertificateException {
        if (Objects.isNull(x509Certificate)) {
            throw new IllegalArgumentException("certificate cannot be null");
        }
        if (Objects.isNull(str) || Objects.isNull(bArr)) {
            throw new IllegalArgumentException("sign and content cannot be null");
        }
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initVerify(x509Certificate);
            signature.update(bArr);
            return signature.verify(Base64.getDecoder().decode(str));
        } catch (GeneralSecurityException e) {
            throw new WechatCertificateException("could not verify", e);
        }
    }

    @Override // work.gaigeshen.tripartite.pay.wechat.config.WechatCertificates
    public X509Certificate getValidCertificate() throws WechatCertificateException {
        for (X509Certificate x509Certificate : this.certificates.values()) {
            try {
                x509Certificate.checkValidity();
                return x509Certificate;
            } catch (GeneralSecurityException e) {
            }
        }
        throw new WechatCertificateException("no valid certificate");
    }

    @Override // work.gaigeshen.tripartite.pay.wechat.config.WechatCertificates
    public String encrypt(X509Certificate x509Certificate, byte[] bArr) throws WechatCertificateEncryptionException {
        if (Objects.isNull(x509Certificate)) {
            throw new IllegalArgumentException("certificate cannot be null");
        }
        if (Objects.isNull(bArr)) {
            throw new IllegalArgumentException("content cannot be null");
        }
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
            cipher.init(1, x509Certificate.getPublicKey());
            return Base64.getEncoder().encodeToString(cipher.doFinal(bArr));
        } catch (GeneralSecurityException e) {
            throw new WechatCertificateEncryptionException("could not encrypt", e);
        }
    }

    @Override // work.gaigeshen.tripartite.pay.wechat.config.WechatCertificates
    public X509Certificate loadCertificate(X509Certificate x509Certificate) {
        if (Objects.isNull(x509Certificate)) {
            throw new IllegalArgumentException("certificate cannot be null");
        }
        this.certificates.put(x509Certificate.getSerialNumber(), x509Certificate);
        return x509Certificate;
    }

    @Override // work.gaigeshen.tripartite.pay.wechat.config.WechatCertificates
    public X509Certificate loadCertificate(InputStream inputStream) throws WechatCertificateException {
        if (Objects.isNull(inputStream)) {
            throw new IllegalArgumentException("certificate input stream cannot be null");
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(inputStream);
            x509Certificate.checkValidity();
            loadCertificate(x509Certificate);
            return x509Certificate;
        } catch (CertificateException e) {
            throw new WechatCertificateException("could not read certificate", e);
        }
    }
}
