package com.yeepay.yop.sdk.utils;

import com.google.common.base.Charsets;
import com.google.common.collect.Maps;
import com.yeepay.yop.sdk.auth.credentials.CredentialsItem;
import com.yeepay.yop.sdk.auth.credentials.PKICredentialsItem;
import com.yeepay.yop.sdk.auth.credentials.YopPKICredentials;
import com.yeepay.yop.sdk.auth.credentials.YopSymmetricCredentials;
import com.yeepay.yop.sdk.auth.credentials.provider.YopCredentialsProviderRegistry;
import com.yeepay.yop.sdk.auth.credentials.provider.YopPlatformCredentialsProviderRegistry;
import com.yeepay.yop.sdk.base.auth.signer.process.YopSignProcessorFactory;
import com.yeepay.yop.sdk.base.security.encrypt.YopEncryptorFactory;
import com.yeepay.yop.sdk.exception.VerifySignFailedException;
import com.yeepay.yop.sdk.exception.YopClientException;
import com.yeepay.yop.sdk.security.CertTypeEnum;
import com.yeepay.yop.sdk.security.DigestAlgEnum;
import com.yeepay.yop.sdk.security.SymmetricEncryptAlgEnum;
import com.yeepay.yop.sdk.security.encrypt.EncryptOptions;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/yeepay/yop/sdk/utils/DigitalEnvelopeUtils.class */
public class DigitalEnvelopeUtils {
    private static final String SEPARATOR = "$";
    private static final Map<DigestAlgEnum, CertTypeEnum> CERT_TYPE_ENUM_MAP = Maps.newHashMap();
    private static final Map<String, String> ENCRYPTOR_MAP;
    private static final Map<DigestAlgEnum, String> SIGNER_MAP;

    public static String decrypt(String str, PrivateKey privateKey) {
        return decrypt(str, YopCredentialsProviderRegistry.getProvider().getDefaultAppKey(), privateKey);
    }

    public static String decrypt(String str, String str2, PrivateKey privateKey) {
        return decrypt(str, str2, privateKey, null);
    }

    public static String decrypt(String str, String str2, PrivateKey privateKey, String str3) {
        String[] split = str.split("\\$");
        if (split.length != 4) {
            throw new RuntimeException("source invalid : " + str);
        }
        String str4 = split[0];
        String str5 = split[1];
        SymmetricEncryptAlgEnum parse = SymmetricEncryptAlgEnum.parse(split[2]);
        DigestAlgEnum valueOf = DigestAlgEnum.valueOf(split[3]);
        CertTypeEnum certTypeEnum = CERT_TYPE_ENUM_MAP.get(valueOf);
        byte[] decrypt = YopEncryptorFactory.getEncryptor(ENCRYPTOR_MAP.get(valueOf.name())).decrypt(Encodes.decodeBase64(str4), new EncryptOptions(new YopPKICredentials(str2, new PKICredentialsItem(privateKey, certTypeEnum))));
        String str6 = ENCRYPTOR_MAP.get(parse.name());
        String str7 = new String(YopEncryptorFactory.getEncryptor(str6).decrypt(Encodes.decodeBase64(str5), new EncryptOptions(new YopSymmetricCredentials(Encodes.encodeBase64(decrypt)), str6)), Charsets.UTF_8);
        String substringBeforeLast = StringUtils.substringBeforeLast(str7, SEPARATOR);
        if (YopSignProcessorFactory.getSignProcessor(SIGNER_MAP.get(valueOf)).verify(substringBeforeLast, StringUtils.substringAfterLast(str7, SEPARATOR), (CredentialsItem) YopPlatformCredentialsProviderRegistry.getProvider().getLatestCredentials(str2, certTypeEnum.getValue(), str3).getCredential())) {
            return substringBeforeLast;
        }
        throw new YopClientException("verifySign fail!");
    }

    public static String decrypt(String str, String str2) {
        return decrypt(str, YopCredentialsProviderRegistry.getProvider().getDefaultAppKey(), str2);
    }

    public static String decrypt(String str, String str2, String str3) {
        return decrypt(str, str2, YopCredentialsProviderRegistry.getProvider().getCredentials(str2, str3).getCredential().getPrivateKey());
    }

    public static void verify(String str, String str2, PublicKey publicKey) {
        String[] split = str2.split("\\$");
        if (split.length != 2) {
            throw new VerifySignFailedException("Illegal format");
        }
        if (!YopSignProcessorFactory.getSignProcessor(CertTypeEnum.RSA2048.getValue()).verify(str.replaceAll("[ \t\n]", ""), split[0], new PKICredentialsItem(publicKey, CertTypeEnum.RSA2048))) {
            throw new VerifySignFailedException("Unexpected signature");
        }
    }

    static {
        CERT_TYPE_ENUM_MAP.put(DigestAlgEnum.SM3, CertTypeEnum.SM2);
        CERT_TYPE_ENUM_MAP.put(DigestAlgEnum.SHA256, CertTypeEnum.RSA2048);
        ENCRYPTOR_MAP = Maps.newHashMap();
        ENCRYPTOR_MAP.put(DigestAlgEnum.SHA256.name(), "RSA");
        ENCRYPTOR_MAP.put(DigestAlgEnum.SM3.name(), "SM2");
        ENCRYPTOR_MAP.put(SymmetricEncryptAlgEnum.AES.name(), "AES");
        ENCRYPTOR_MAP.put(SymmetricEncryptAlgEnum.SM4.name(), "SM4/CBC/PKCS5Padding");
        SIGNER_MAP = Maps.newHashMap();
        SIGNER_MAP.put(DigestAlgEnum.SHA256, "RSA2048");
        SIGNER_MAP.put(DigestAlgEnum.SM3, "SM2");
    }
}
