package com.tenpay.business.entpay.mse.sdk.util;

import com.tenpay.business.entpay.mse.sdk.exception.ApiException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Base64;
import java.util.HashMap;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/tenpay/business/entpay/mse/sdk/util/EntpaySign.class */
public class EntpaySign {
    private static final Logger log = LoggerFactory.getLogger(EntpaySign.class);

    public static byte[] sign(String str, String str2, String str3, String str4, String str5, PrivateKey privateKey) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        return sign(buildMessage(str, str2, str5, str4, str3).getBytes(StandardCharsets.UTF_8), privateKey);
    }

    private static byte[] sign(byte[] bArr, PrivateKey privateKey) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(privateKey);
        signature.update(bArr);
        return signature.sign();
    }

    public static String getAuthorization(String str, String str2, String str3, String str4, String str5, String str6) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        return "platform_id=\"" + str4 + "\"," + (str5 != null ? "svr_platform_id=\"" + str5 + "\"," : "") + "nonce=\"" + str2 + "\",timestamp=\"" + str3 + "\",platform_serial_number=\"" + str6 + "\",signature=\"" + str + "\",signature_algorithm=\"SHA256withRSA\"";
    }

    public static String getEnterpriseAuthorization(byte[] bArr, String str, PrivateKey privateKey, String str2) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        return "ent_id=\"" + str + "\",signature=\"" + Base64.getEncoder().encodeToString(sign(bArr, privateKey)) + "\",enterprise_serial_number=\"" + str2 + "\",signature_algorithm=\"SHA256withRSA\"";
    }

    public static boolean validateSignature(String str, String str2, PublicKey publicKey) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, ApiException {
        if (StringUtils.isBlank(str2)) {
            log.error("签名Header不存在，请检查接口返回信息body={},authorization={}", str, str2);
            throw new ApiException(-1, str);
        }
        HashMap hashMap = new HashMap();
        for (String str3 : str2.split(",\\s*")) {
            String[] split = str3.split("=", 2);
            if (split.length == 2) {
                hashMap.put(split[0], split[1].replaceFirst("^\"", "").replaceFirst("\"$", ""));
            }
        }
        String str4 = (String) hashMap.get("nonce");
        String str5 = (String) hashMap.get("signature");
        String str6 = (String) hashMap.get("timestamp");
        if (!StringUtils.isAnyBlank(new CharSequence[]{str4, str5, str6})) {
            return verify(Base64.getDecoder().decode(str5), (str6 + "\n" + str4 + "\n" + str + "\n").getBytes(StandardCharsets.UTF_8), publicKey);
        }
        log.error("签名Header不全，请检查接口返回信息body={},nonce={},timestamp={},signature={}", new Object[]{str, str4, str6, str5});
        throw new ApiException(403, str);
    }

    private static boolean verify(byte[] bArr, byte[] bArr2, PublicKey publicKey) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initVerify(publicKey);
        signature.update(bArr2);
        return signature.verify(bArr);
    }

    private static String buildMessage(String str, String str2, String str3, String str4, String str5) {
        return str + "\n" + str2 + "\n" + str3 + "\n" + str4 + "\n" + str5 + "\n";
    }
}
