package cn.felord.callbacks;

import cn.felord.domain.callback.CallbackEventBody;
import cn.felord.domain.callback.CallbackSettings;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Objects;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.Base64Utils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:cn/felord/callbacks/CallbackCrypto.class */
public class CallbackCrypto {
    private static final Logger log = LoggerFactory.getLogger(CallbackCrypto.class);
    private static final String BOM = "\ufeff";
    private static final String MSG = "{\"encrypt\":\"%1$s\",\"msgsignature\":\"%2$s\",\"timestamp\":\"%3$s\",\"nonce\":\"%4$s\"}";
    private final XmlReader xmlReader;
    private final CallbackAsyncConsumer callbackAsyncConsumer;
    private final CallbackSettingsService callbackSettingsService;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CallbackCrypto(XmlReader xmlReader, CallbackSettingsService callbackSettingsService, CallbackAsyncConsumer callbackAsyncConsumer) {
        this.xmlReader = xmlReader;
        this.callbackSettingsService = callbackSettingsService;
        this.callbackAsyncConsumer = callbackAsyncConsumer;
    }

    byte[] getNetworkBytesOrder(int i) {
        return new byte[]{(byte) ((i >> 24) & 255), (byte) ((i >> 16) & 255), (byte) ((i >> 8) & 255), (byte) (i & 255)};
    }

    int recoverNetworkBytesOrder(byte[] bArr) {
        int i = 0;
        for (int i2 = 0; i2 < 4; i2++) {
            i = (i << 8) | (bArr[i2] & 255);
        }
        return i;
    }

    String getRandomStr() {
        Random random = new Random();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < 16; i++) {
            sb.append("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789".charAt(random.nextInt("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789".length())));
        }
        return sb.toString();
    }

    String encrypt(String str, byte[] bArr, String str2, String str3) throws WeComCallbackException {
        ByteGroup byteGroup = new ByteGroup();
        byte[] bytes = str2.getBytes(StandardCharsets.UTF_8);
        byte[] bytes2 = str3.getBytes(StandardCharsets.UTF_8);
        byte[] networkBytesOrder = getNetworkBytesOrder(bytes2.length);
        byte[] bytes3 = str.getBytes(StandardCharsets.UTF_8);
        byteGroup.addBytes(bytes);
        byteGroup.addBytes(networkBytesOrder);
        byteGroup.addBytes(bytes2);
        byteGroup.addBytes(bytes3);
        byteGroup.addBytes(PKCS7Encoder.encode(byteGroup.size()));
        byte[] bytes4 = byteGroup.toBytes();
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
            cipher.init(1, new SecretKeySpec(bArr, "AES"), new IvParameterSpec(bArr, 0, 16));
            return Base64Utils.encodeToString(cipher.doFinal(bytes4));
        } catch (Exception e) {
            throw new WeComCallbackException(WeComCallbackException.EncryptAESError);
        }
    }

    private String decrypt(String str, byte[] bArr, String str2) throws WeComCallbackException {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
            cipher.init(2, new SecretKeySpec(bArr, "AES"), new IvParameterSpec(Arrays.copyOfRange(bArr, 0, 16)));
            try {
                byte[] decode = PKCS7Encoder.decode(cipher.doFinal(Base64.decodeBase64(str2)));
                int recoverNetworkBytesOrder = recoverNetworkBytesOrder(Arrays.copyOfRange(decode, 16, 20));
                String str3 = new String(Arrays.copyOfRange(decode, 20, 20 + recoverNetworkBytesOrder), StandardCharsets.UTF_8);
                if (Objects.equals(str, new String(Arrays.copyOfRange(decode, 20 + recoverNetworkBytesOrder, decode.length), StandardCharsets.UTF_8))) {
                    return str3.startsWith(BOM) ? str3.substring(1) : str3;
                }
                throw new WeComCallbackException(WeComCallbackException.ValidateCorpidError);
            } catch (Exception e) {
                throw new WeComCallbackException(WeComCallbackException.IllegalBuffer);
            }
        } catch (Exception e2) {
            throw new WeComCallbackException(WeComCallbackException.DecryptAESError);
        }
    }

    public String encryptMsg(String str, String str2, String str3, String str4, String str5) throws WeComCallbackException {
        CallbackSettings loadAuthentication = this.callbackSettingsService.loadAuthentication(str, str2);
        String encrypt = encrypt(loadAuthentication.getReceiveid(), loadAuthentication.getAesKey(), getRandomStr(), str3);
        if (!StringUtils.hasText(str4)) {
            str4 = Long.toString(System.currentTimeMillis());
        }
        return String.format(MSG, encrypt, SHA1.sha1Hex(loadAuthentication.getToken(), str4, str5, encrypt), str4, str5);
    }

    public String accept(String str, String str2, String str3, String str4) throws WeComCallbackException {
        CallbackXmlBody callbackXmlBody = (CallbackXmlBody) this.xmlReader.read(str4, CallbackXmlBody.class);
        String encrypt = callbackXmlBody.getEncrypt();
        String agentId = callbackXmlBody.getAgentId();
        CallbackEventBody callbackEventBody = (CallbackEventBody) this.xmlReader.read(decryptMsg(agentId, callbackXmlBody.getToUserName(), str, str2, str3, encrypt), CallbackEventBody.class);
        callbackEventBody.setAgentId(agentId);
        this.callbackAsyncConsumer.asyncAction(callbackEventBody);
        return "success";
    }

    public String decryptMsg(String str, String str2, String str3, String str4, String str5, String str6) throws WeComCallbackException {
        CallbackSettings loadAuthentication = this.callbackSettingsService.loadAuthentication(str, str2);
        String sha1Hex = SHA1.sha1Hex(loadAuthentication.getToken(), str4, str5, str6);
        if (Objects.equals(str3, sha1Hex)) {
            return decrypt(str2, loadAuthentication.getAesKey(), str6);
        }
        log.info("signature not matched: before: {},after : {}", str3, sha1Hex);
        throw new WeComCallbackException(WeComCallbackException.ValidateSignatureError);
    }
}
