package com.tydic.payment.pay.bestpay.util;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.parser.Feature;
import com.alibaba.fastjson.serializer.SerializerFeature;
import com.sinovatech.unicom.util.sign.exception.CryptException;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.util.Map;
import java.util.TreeMap;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/tydic/payment/pay/bestpay/util/BestPaySign.class */
public class BestPaySign {
    private static final String SIGNATURE_ALGORITHM = "SHA256withRSA";
    private static final String VERIFY_SIGNATURE_ALGORITHM = "SHA1withRSA";

    public static String sortDataMap(Map<String, String> map) {
        StringBuilder sb = new StringBuilder();
        for (Map.Entry entry : new TreeMap(map).entrySet()) {
            String str = (String) entry.getKey();
            if (!"sign".equals(str)) {
                sb.append(str).append('=').append((String) entry.getValue()).append('&');
            }
        }
        if (sb.length() > 0) {
            sb.setLength(sb.length() - 1);
        }
        return sb.toString();
    }

    public static String getSign(Map<String, String> map, InputStream inputStream, String str) {
        String sortDataMap = sortDataMap(map);
        System.out.println("排序后的待签数据：" + sortDataMap);
        return sign(getPriKey(inputStream, str), sortDataMap);
    }

    private static String sign(RSAPrivateCrtKey rSAPrivateCrtKey, String str) throws CryptException {
        try {
            Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
            signature.initSign(rSAPrivateCrtKey);
            signature.update(str.getBytes(StandardCharsets.UTF_8));
            return Base64.encodeAsString(signature.sign());
        } catch (Exception e) {
            throw new CryptException("签名失败", e);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:9:0x0038, code lost:
    
        r8 = (java.security.interfaces.RSAPrivateCrtKey) r0.getKey(r0, r6.toCharArray());
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.security.interfaces.RSAPrivateCrtKey getPriKey(java.io.InputStream r5, java.lang.String r6) throws com.sinovatech.unicom.util.sign.exception.CryptException {
        /*
            r0 = 0
            r8 = r0
            java.lang.String r0 = "PKCS12"
            java.security.KeyStore r0 = java.security.KeyStore.getInstance(r0)     // Catch: java.lang.Exception -> L4c
            r9 = r0
            r0 = r9
            r1 = r5
            r2 = r6
            char[] r2 = r2.toCharArray()     // Catch: java.lang.Exception -> L4c
            r0.load(r1, r2)     // Catch: java.lang.Exception -> L4c
            r0 = r9
            java.util.Enumeration r0 = r0.aliases()     // Catch: java.lang.Exception -> L4c
            r10 = r0
        L1a:
            r0 = r10
            boolean r0 = r0.hasMoreElements()     // Catch: java.lang.Exception -> L4c
            if (r0 == 0) goto L49
            r0 = r10
            java.lang.Object r0 = r0.nextElement()     // Catch: java.lang.Exception -> L4c
            java.lang.String r0 = (java.lang.String) r0     // Catch: java.lang.Exception -> L4c
            r7 = r0
            r0 = r9
            r1 = r7
            boolean r0 = r0.isKeyEntry(r1)     // Catch: java.lang.Exception -> L4c
            if (r0 == 0) goto L1a
            r0 = r9
            r1 = r7
            r2 = r6
            char[] r2 = r2.toCharArray()     // Catch: java.lang.Exception -> L4c
            java.security.Key r0 = r0.getKey(r1, r2)     // Catch: java.lang.Exception -> L4c
            java.security.interfaces.RSAPrivateCrtKey r0 = (java.security.interfaces.RSAPrivateCrtKey) r0     // Catch: java.lang.Exception -> L4c
            r8 = r0
            goto L49
        L49:
            goto L73
        L4c:
            r9 = move-exception
            r0 = r5
            if (r0 == 0) goto L67
            r0 = r5
            r0.close()     // Catch: java.io.IOException -> L59
            goto L67
        L59:
            r10 = move-exception
            com.sinovatech.unicom.util.sign.exception.CryptException r0 = new com.sinovatech.unicom.util.sign.exception.CryptException
            r1 = r0
            java.lang.String r2 = "流关闭异常"
            r3 = r10
            r1.<init>(r2, r3)
            throw r0
        L67:
            com.sinovatech.unicom.util.sign.exception.CryptException r0 = new com.sinovatech.unicom.util.sign.exception.CryptException
            r1 = r0
            java.lang.String r2 = "加载私钥失败"
            r3 = r9
            r1.<init>(r2, r3)
            throw r0
        L73:
            r0 = r8
            if (r0 != 0) goto L81
            com.sinovatech.unicom.util.sign.exception.CryptException r0 = new com.sinovatech.unicom.util.sign.exception.CryptException
            r1 = r0
            java.lang.String r2 = "私钥不存在"
            r1.<init>(r2)
            throw r0
        L81:
            r0 = r8
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.tydic.payment.pay.bestpay.util.BestPaySign.getPriKey(java.io.InputStream, java.lang.String):java.security.interfaces.RSAPrivateCrtKey");
    }

    public static boolean validateSign(String str, InputStream inputStream) throws Exception {
        if (StringUtils.isEmpty(str)) {
            System.out.println("待验签参数不能为空");
            return false;
        }
        JSONObject parseObject = JSON.parseObject(str.replace(":null", ":\"null\""), new Feature[]{Feature.OrderedField});
        Map<String, Object> translateResultData = translateResultData(parseObject);
        String valueOf = String.valueOf(parseObject.get("sign"));
        if (StringUtils.isEmpty(valueOf) || "null".equals(valueOf)) {
            System.out.println("验签时，未获取到sign");
            return false;
        }
        String replace = assembelSignaturingData(translateResultData).replace(":\"null\"", ":null");
        System.out.println("checkContent:" + replace);
        return verifySign(valueOf, replace, inputStream);
    }

    private static Map<String, Object> translateResultData(Map<String, Object> map) {
        TreeMap treeMap = new TreeMap();
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            String key = entry.getKey();
            Object value = entry.getValue();
            if ((value instanceof String[]) || (value instanceof Map)) {
                treeMap.put(key, JSON.toJSONString(value, new SerializerFeature[]{SerializerFeature.WriteMapNullValue, SerializerFeature.UseISO8601DateFormat}));
            } else {
                treeMap.put(key, value);
            }
        }
        return treeMap;
    }

    private static String assembelSignaturingData(Map<String, Object> map) {
        StringBuilder sb = new StringBuilder();
        for (Map.Entry entry : new TreeMap(map).entrySet()) {
            String str = (String) entry.getKey();
            if (!"sign".equals(str)) {
                sb.append(str).append('=').append(entry.getValue()).append('&');
            }
        }
        if (sb.length() > 0) {
            sb.setLength(sb.length() - 1);
        }
        return sb.toString();
    }

    private static boolean verifySign(String str, String str2, InputStream inputStream) {
        X509Certificate publicKey = getPublicKey(inputStream);
        try {
            Signature signature = Signature.getInstance(VERIFY_SIGNATURE_ALGORITHM);
            signature.initVerify(publicKey);
            signature.update(str2.getBytes(StandardCharsets.UTF_8));
            return signature.verify(Base64.decode(str));
        } catch (Exception e) {
            throw new CryptException("验签失败", e);
        }
    }

    private static X509Certificate getPublicKey(InputStream inputStream) throws CryptException {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
        } catch (CertificateException e) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e2) {
                    throw new CryptException("文件流关闭异常", e2);
                }
            }
            throw new CryptException("初始化公钥异常", e);
        }
    }
}
