package com.csii.payment.client.core;

import com.csii.payment.client.constant.AlgorithmConstants;
import com.csii.payment.client.constant.Constants;
import com.csii.payment.client.entity.CebMerchantProperties;
import com.csii.payment.client.entity.SignParameterObject;
import com.csii.payment.client.entity.VerifyParameterObject;
import com.csii.payment.client.key.KeyManager;
import com.csii.payment.client.util.Log;
import com.csii.payment.client.util.Util;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.charset.Charset;
import java.nio.charset.UnsupportedCharsetException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.util.Collections;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.xml.security.Init;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.utils.XMLUtils;
import org.apache.xpath.XPathAPI;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:com/csii/payment/client/core/MerchantSignTool.class */
public class MerchantSignTool {
    private static Log log = new Log(MerchantSignTool.class);

    static {
        Init.init();
        CebMerchantProperties.getCafile();
    }

    public static String sign(SignParameterObject signParameterObject) throws Exception {
        String signURL;
        try {
            String convertAlgorithm = convertAlgorithm(signParameterObject.getType(), signParameterObject.getAlgorithm());
            String stringBuffer = new StringBuffer("【").append(Util.getUUID()).append("】   ").toString();
            log.info(new StringBuffer(stringBuffer).append("商户上送数据：").append("\r\n").append("【--------签名--------】").append("\r\n").append(signParameterObject).append("xml报文算法转换：").append(convertAlgorithm).append("\r\n"));
            checkSignParam(signParameterObject, stringBuffer);
            signParameterObject.setAlgorithm(convertAlgorithm);
            switch (signParameterObject.getType()) {
                case 0:
                    signURL = Util.byteToHex(innerSign(signParameterObject, stringBuffer));
                    break;
                case 1:
                    signURL = new String(signXMLUseJDK(signParameterObject, stringBuffer), signParameterObject.getCharset());
                    break;
                case 2:
                    signURL = new String(signXMLUseApache(signParameterObject, stringBuffer), signParameterObject.getCharset());
                    break;
                case Constants.SIGNTYPE_FILE /* 3 */:
                    signURL = Util.byteToHex(signFile(signParameterObject, stringBuffer));
                    break;
                case Constants.SIGNTYPE_URL /* 4 */:
                    signURL = signURL(signParameterObject, stringBuffer);
                    break;
                default:
                    throw new Exception("不存在的签名类型！上送的类型为：" + signParameterObject.getType());
            }
            log.info(new StringBuffer(stringBuffer).append("签名结果为：\r\n").append(signURL).append("\r\n"));
            if (signParameterObject.getType() == 1 || signParameterObject.getType() == 2) {
                log.info(new StringBuffer(stringBuffer).append("对XML签名串进行格式化输出：\r\n").append(Util.formatXML(signURL, signParameterObject.getCharset(), 0)).append("\r\n"));
            }
            return signURL;
        } catch (Exception e) {
            log.error("", e);
            throw e;
        }
    }

    public static boolean verify(VerifyParameterObject verifyParameterObject) throws Exception {
        boolean z;
        try {
            String stringBuffer = new StringBuffer("【").append(Util.getUUID()).append("】   ").toString();
            log.info(new StringBuffer(stringBuffer).append("商户上送数据：").append("\r\n").append("【--------验签--------】").append("\r\n").append(verifyParameterObject).append("\r\n"));
            checkVerifyParam(verifyParameterObject, stringBuffer);
            switch (verifyParameterObject.getType()) {
                case 0:
                    z = verifyCommon(verifyParameterObject);
                    break;
                case 1:
                    z = verifyXMLUseJDK(verifyParameterObject);
                    break;
                case 2:
                    z = verifyXMLUseApache(verifyParameterObject);
                    break;
                case Constants.SIGNTYPE_FILE /* 3 */:
                    z = verifyFile(verifyParameterObject);
                    break;
                case Constants.SIGNTYPE_URL /* 4 */:
                    z = verifyURL(verifyParameterObject, stringBuffer);
                    break;
                default:
                    z = false;
                    break;
            }
            log.info(new StringBuffer(stringBuffer).append("验签结果：【").append(z).append("】\r\n"));
            return z;
        } catch (Exception e) {
            log.error("", e);
            throw e;
        }
    }

    private static boolean verifyURL(VerifyParameterObject verifyParameterObject, String str) throws Exception {
        String decode = URLDecoder.decode(verifyParameterObject.getSign(), verifyParameterObject.getSignCharset());
        log.info(new StringBuffer(str).append("URL解码后：").append(decode).append("\r\n"));
        return innerVerify(verifyParameterObject.getPlain().getBytes(verifyParameterObject.getPlainCharset()), Base64.decodeBase64(decode.getBytes(verifyParameterObject.getSignCharset())), KeyManager.getPublicKey(), verifyParameterObject.getAlgorithm());
    }

    private static byte[] innerSign(SignParameterObject signParameterObject, String str) throws Exception {
        return innerSign(signParameterObject.getPlain().getBytes(signParameterObject.getCharset()), KeyManager.getPrivateKey(signParameterObject.getMerchantId()), signParameterObject.getAlgorithm());
    }

    private static byte[] signXMLUseJDK(SignParameterObject signParameterObject, String str) throws Exception {
        signParameterObject.setPlain(Util.formatXML(signParameterObject.getPlain(), signParameterObject.getCharset(), 1));
        log.info(new StringBuffer(str).append("转换为紧凑型XML进行签名：").append("\r\n").append(signParameterObject.getPlain()).append("\r\n"));
        PrivateKey privateKey = KeyManager.getPrivateKey(signParameterObject.getMerchantId());
        String algorithm = signParameterObject.getAlgorithm();
        XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
        XMLSignature newXMLSignature = xMLSignatureFactory.newXMLSignature(xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (C14NMethodParameterSpec) null), xMLSignatureFactory.newSignatureMethod(algorithm, (SignatureMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newReference("#" + signParameterObject.getTransId(), xMLSignatureFactory.newDigestMethod(Constants.DEGISTMETHOD, (DigestMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newTransform(Constants.ENVELOPTYPE, (TransformParameterSpec) null)), (String) null, (String) null))), (KeyInfo) null);
        Document parseDom = Util.parseDom(signParameterObject.getPlain(), signParameterObject.getCharset());
        Element element = (Element) parseDom.getElementsByTagName(Constants.PLAINELEMENTNAME).item(0);
        element.setIdAttributeNode(element.getAttributeNode(Constants.PLAINELEMENTATTRNAME), true);
        newXMLSignature.sign(new DOMSignContext(privateKey, parseDom.getDocumentElement()));
        return Util.domConvertToXML(parseDom).getBytes(signParameterObject.getCharset());
    }

    private static byte[] signXMLUseApache(SignParameterObject signParameterObject, String str) throws Exception {
        signParameterObject.setPlain(Util.formatXML(signParameterObject.getPlain(), signParameterObject.getCharset(), 1));
        log.info(new StringBuffer(str).append("转换为紧凑型XML进行签名：").append("\r\n").append(signParameterObject.getPlain()).append("\r\n"));
        PrivateKey privateKey = KeyManager.getPrivateKey(signParameterObject.getMerchantId());
        Document parseDom = Util.parseDom(signParameterObject.getPlain(), signParameterObject.getCharset());
        Element element = (Element) parseDom.getElementsByTagName(Constants.PLAINELEMENTNAME).item(0);
        element.setIdAttributeNode(element.getAttributeNode(Constants.PLAINELEMENTATTRNAME), true);
        org.apache.xml.security.signature.XMLSignature xMLSignature = new org.apache.xml.security.signature.XMLSignature(parseDom, "", signParameterObject.getAlgorithm());
        xMLSignature.getSignedInfo().addResourceResolver(new OfflineResolver());
        Node item = parseDom.getElementsByTagName("Message").item(0);
        Transforms transforms = new Transforms(parseDom);
        transforms.addTransform(Constants.ENVELOPTYPE);
        xMLSignature.addDocument("#" + signParameterObject.getTransId(), transforms, Constants.DEGISTMETHOD);
        xMLSignature.sign(privateKey);
        item.appendChild(xMLSignature.getElement());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            XMLUtils.outputDOM(parseDom, byteArrayOutputStream);
            return byteArrayOutputStream.toByteArray();
        } finally {
            Util.closeStream(byteArrayOutputStream);
        }
    }

    private static byte[] signFile(SignParameterObject signParameterObject, String str) throws Exception {
        PrivateKey privateKey = KeyManager.getPrivateKey(signParameterObject.getMerchantId());
        FileInputStream fileInputStream = new FileInputStream(signParameterObject.getCheckFilePath());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            try {
                Util.copyInputStreamToOutStream(fileInputStream, byteArrayOutputStream);
                return innerSign(byteArrayOutputStream.toByteArray(), privateKey, signParameterObject.getAlgorithm());
            } catch (Exception e) {
                throw e;
            }
        } finally {
            Util.closeStream(fileInputStream);
            Util.closeStream(byteArrayOutputStream);
        }
    }

    private static String signURL(SignParameterObject signParameterObject, String str) throws Exception {
        return URLEncoder.encode(new String(Base64.encodeBase64(innerSign(signParameterObject, str), false), signParameterObject.getCharset()), signParameterObject.getCharset());
    }

    private static boolean verifyCommon(VerifyParameterObject verifyParameterObject) throws Exception {
        String plain = verifyParameterObject.getPlain();
        String plainCharset = verifyParameterObject.getPlainCharset();
        String sign = verifyParameterObject.getSign();
        return innerVerify(plain.getBytes(plainCharset), Util.hexToByte(sign), KeyManager.getPublicKey(), verifyParameterObject.getAlgorithm());
    }

    private static boolean verifyXMLUseJDK(VerifyParameterObject verifyParameterObject) throws Exception {
        Document parseDom = Util.parseDom(verifyParameterObject.getSign(), "UTF-8");
        Element element = (Element) parseDom.getElementsByTagName(Constants.PLAINELEMENTNAME).item(0);
        element.setIdAttributeNode(element.getAttributeNode(Constants.PLAINELEMENTATTRNAME), true);
        NodeList elementsByTagNameNS = parseDom.getElementsByTagNameNS(Constants.NAMESPACE, verifyParameterObject.getSignatureLable());
        if (elementsByTagNameNS.getLength() == 0) {
            log.error("待验签的签名串中不含有签名信息！\r\n");
            throw new Exception("待验签的签名串中不含有签名信息！");
        }
        DOMValidateContext dOMValidateContext = new DOMValidateContext(KeyManager.getPublicKey(), elementsByTagNameNS.item(0));
        return XMLSignatureFactory.getInstance("DOM").unmarshalXMLSignature(dOMValidateContext).validate(dOMValidateContext);
    }

    private static boolean verifyXMLUseApache(VerifyParameterObject verifyParameterObject) throws Exception {
        Document parseDom = Util.parseDom(verifyParameterObject.getSign(), "UTF-8");
        Element element = (Element) parseDom.getElementsByTagName(Constants.PLAINELEMENTNAME).item(0);
        element.setIdAttributeNode(element.getAttributeNode(Constants.PLAINELEMENTATTRNAME), true);
        Element element2 = (Element) XPathAPI.selectSingleNode(parseDom, "//" + verifyParameterObject.getSignatureLable() + "[1]", XMLUtils.createDSctx(parseDom, Constants.NAMESPACEXMLNS, Constants.NAMESPACE));
        if (element2 == null) {
            return false;
        }
        return new org.apache.xml.security.signature.XMLSignature(element2, "").checkSignatureValue(KeyManager.getPublicKey());
    }

    private static boolean verifyFile(VerifyParameterObject verifyParameterObject) throws Exception {
        FileInputStream fileInputStream = null;
        ByteArrayOutputStream byteArrayOutputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(verifyParameterObject.getCheckFilePath());
                byteArrayOutputStream = new ByteArrayOutputStream();
                Util.copyInputStreamToOutStream(fileInputStream, byteArrayOutputStream);
                boolean innerVerify = innerVerify(byteArrayOutputStream.toByteArray(), Util.hexToByte(verifyParameterObject.getSign()), KeyManager.getPublicKey(), verifyParameterObject.getAlgorithm());
                Util.closeStream(fileInputStream);
                Util.closeStream(byteArrayOutputStream);
                return innerVerify;
            } catch (Exception e) {
                throw e;
            }
        } catch (Throwable th) {
            Util.closeStream(fileInputStream);
            Util.closeStream(byteArrayOutputStream);
            throw th;
        }
    }

    private static byte[] innerSign(byte[] bArr, PrivateKey privateKey, String str) throws Exception {
        Signature signature = Util.isNullOrEmpty(CebMerchantProperties.getProvider()) ? Signature.getInstance(str) : Signature.getInstance(str, CebMerchantProperties.getProvider());
        signature.initSign(privateKey);
        signature.update(bArr);
        return signature.sign();
    }

    private static boolean innerVerify(byte[] bArr, byte[] bArr2, PublicKey publicKey, String str) throws Exception {
        Signature signature = Util.isNullOrEmpty(CebMerchantProperties.getProvider()) ? Signature.getInstance(str) : Signature.getInstance(str, CebMerchantProperties.getProvider());
        signature.initVerify(publicKey);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    private static void checkSignParam(SignParameterObject signParameterObject, String str) throws Exception {
        if (CebMerchantProperties.isNewMerchantPropertiesFile()) {
            if (Util.isNullOrEmpty(signParameterObject.getMerchantId())) {
                log.error(new StringBuffer(str).append("商户号不能为空").append("\r\n"));
                throw new Exception("商户号不能为空");
            }
            if (KeyManager.getPrivateKey(signParameterObject.getMerchantId()) == null) {
                log.error(new StringBuffer(str).append("该商户号【").append(signParameterObject.getMerchantId()).append("】在配置文件中没有维护私钥").append("\r\n"));
                throw new Exception("该商户号在配置文件中没有维护私钥，商户号为：" + signParameterObject.getMerchantId());
            }
        }
        if (Util.isNullOrEmpty(signParameterObject.getAlgorithm())) {
            log.error(new StringBuffer(str).append("算法不能为空").append("\r\n"));
            throw new Exception("算法不能为空");
        }
        switch (signParameterObject.getType()) {
            case 0:
                checkSignParamCommon(signParameterObject, str);
                return;
            case 1:
                checkSignParamXML(signParameterObject, str);
                return;
            case 2:
                checkSignParamXML(signParameterObject, str);
                return;
            case Constants.SIGNTYPE_FILE /* 3 */:
                checkSignParamFile(signParameterObject, str);
                return;
            case Constants.SIGNTYPE_URL /* 4 */:
                checkSignParamURL(signParameterObject, str);
                return;
            default:
                throw new Exception("不存在的签名类型！上送的类型为：" + signParameterObject.getType());
        }
    }

    private static void checkSignParamURL(SignParameterObject signParameterObject, String str) throws Exception {
        if (Util.isNullOrEmpty(signParameterObject.getPlain())) {
            log.error(new StringBuffer(str).append("明文不能为空").append("\r\n"));
            throw new Exception("明文不能为空");
        }
        if (Util.isNullOrEmpty(signParameterObject.getCharset())) {
            log.error(new StringBuffer(str).append("字符集不能为空").append("\r\n"));
            throw new Exception("字符集不能为空");
        }
        try {
            Charset.forName(signParameterObject.getCharset());
        } catch (UnsupportedCharsetException e) {
            log.error(new StringBuffer(str).append("不支持的字符集").append("\r\n"));
            throw e;
        }
    }

    private static void checkSignParamCommon(SignParameterObject signParameterObject, String str) throws Exception {
        checkSignParamURL(signParameterObject, str);
        if (CebMerchantProperties.isNewMerchantPropertiesFile() && signParameterObject.isVerifyMerchantId() && signParameterObject.getPlain().indexOf(signParameterObject.getMerchantId()) < 0) {
            log.error(new StringBuffer().append("请求数据中的商户号与签名对象中的商户号不一致,签名对象中使用的商户号为：【").append(signParameterObject.getMerchantId()).append("】\r\n"));
            throw new Exception("请求数据中的商户号与签名对象中设置的商户号不一致");
        }
    }

    private static void checkSignParamXML(SignParameterObject signParameterObject, String str) throws Exception {
        checkSignParamCommon(signParameterObject, str);
        if (Util.isNullOrEmpty(signParameterObject.getTransId())) {
            log.error(new StringBuffer(str).append("交易码不能为空").append("\r\n"));
            throw new Exception("交易码不能为空");
        }
        try {
            log.info(new StringBuffer(str).append("商户上送XML报文进行格式化输出：\r\n").append(Util.formatXML(signParameterObject.getPlain(), signParameterObject.getCharset(), 0)).append("\r\n"));
        } catch (Exception e) {
            log.error(new StringBuffer(str).append("上送XML报文格式不正确，请检查！").append("\r\n"), e);
            throw new Exception("上送XML报文格式不正确，请检查！");
        }
    }

    private static void checkSignParamFile(SignParameterObject signParameterObject, String str) throws Exception {
        if (Util.isNullOrEmpty(signParameterObject.getCheckFilePath())) {
            log.error(new StringBuffer(str).append("文件路径不能为空").append("\r\n"));
            throw new Exception("文件路径不能为空");
        }
        if (new File(signParameterObject.getCheckFilePath()).exists()) {
            return;
        }
        log.error(new StringBuffer(str).append("文件不存在，文件路径为：").append(signParameterObject.getCheckFilePath()).append("\r\n"));
        throw new Exception("文件不存在！" + signParameterObject.getCheckFilePath());
    }

    private static void checkVerifyParam(VerifyParameterObject verifyParameterObject, String str) throws Exception {
        if (Util.isNullOrEmpty(verifyParameterObject.getSign())) {
            log.error(new StringBuffer(str).append("签名串不能为空").append("\r\n"));
            throw new Exception("签名串不能为空");
        }
        switch (verifyParameterObject.getType()) {
            case 0:
                checkVerifyParamCommon(verifyParameterObject, str);
                return;
            case 1:
                checkVerifyParamXML(verifyParameterObject, str);
                return;
            case 2:
                checkVerifyParamXML(verifyParameterObject, str);
                return;
            case Constants.SIGNTYPE_FILE /* 3 */:
                checkVerifyParamFile(verifyParameterObject, str);
                return;
            case Constants.SIGNTYPE_URL /* 4 */:
                checkVerifyParamURL(verifyParameterObject, str);
                return;
            default:
                throw new Exception("不存在的签名类型！上送的类型为：" + verifyParameterObject.getType());
        }
    }

    private static void checkVerifyParamCommon(VerifyParameterObject verifyParameterObject, String str) throws Exception {
        if (Util.isNullOrEmpty(verifyParameterObject.getPlain())) {
            log.error(new StringBuffer(str).append("明文为空！").append("\r\n"));
            throw new Exception("明文为空！");
        }
        if (Util.isNullOrEmpty(verifyParameterObject.getPlainCharset())) {
            log.error(new StringBuffer(str).append("明文所使用字符集为空").append("\r\n"));
            throw new Exception("明文所使用字符集为空");
        }
        try {
            Charset.forName(verifyParameterObject.getPlainCharset());
            if (Util.isNullOrEmpty(verifyParameterObject.getAlgorithm())) {
                log.error(new StringBuffer(str).append("算法不能为空").append("\r\n"));
                throw new Exception("算法不能为空");
            }
        } catch (Exception e) {
            log.error(new StringBuffer(str).append("明文所使用字符集(").append(verifyParameterObject.getPlainCharset()).append(") 不支持！").append("\r\n"), e);
            throw new Exception("明文所使用字符集(" + verifyParameterObject.getPlainCharset() + ") 不支持！");
        }
    }

    private static void checkVerifyParamXML(VerifyParameterObject verifyParameterObject, String str) throws Exception {
        if (Util.isNullOrEmpty(verifyParameterObject.getSignatureLable())) {
            log.error(new StringBuffer(str).append("XML签名串的签名标签不能为空").append("\r\n"));
            throw new Exception("XML签名串的签名标签不能为空");
        }
    }

    private static void checkVerifyParamFile(VerifyParameterObject verifyParameterObject, String str) throws Exception {
        if (Util.isNullOrEmpty(verifyParameterObject.getCheckFilePath())) {
            log.error(new StringBuffer(str).append("文件路径不能为空").append("\r\n"));
            throw new Exception("文件路径不能为空");
        }
        if (!new File(verifyParameterObject.getCheckFilePath()).exists()) {
            log.error(new StringBuffer(str).append("文件不存在，文件路径为：").append(verifyParameterObject.getCheckFilePath()).append("\r\n"));
            throw new Exception("文件不存在");
        }
        if (Util.isNullOrEmpty(verifyParameterObject.getAlgorithm())) {
            log.error(new StringBuffer(str).append("签名算法不能为空").append("\r\n"));
            throw new Exception("签名算法不能为空");
        }
    }

    private static void checkVerifyParamURL(VerifyParameterObject verifyParameterObject, String str) throws Exception {
        checkVerifyParamCommon(verifyParameterObject, str);
        if (Util.isNullOrEmpty(verifyParameterObject.getSignCharset())) {
            log.error(new StringBuffer(str).append("签名串使用的字符集不能为空").append("\r\n"));
            throw new Exception("签名串使用的字符集不能为空");
        }
    }

    private static String convertAlgorithm(int i, String str) {
        if (i == 1 || i == 2) {
            if (AlgorithmConstants.DSAwithSHA1.equals(str)) {
                return "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
            }
            if (AlgorithmConstants.RSAwithSHA1.equals(str)) {
                return "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
            }
            if (AlgorithmConstants.HMACSHA1.equals(str)) {
                return "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
            }
        }
        return str;
    }
}
