package com.yeepay.yop.sdk.security;

import com.google.common.collect.ImmutableMap;
import com.yeepay.yop.sdk.YopConstants;
import com.yeepay.yop.sdk.auth.credentials.PKICredentialsItem;
import com.yeepay.yop.sdk.auth.credentials.YopPKICredentials;
import com.yeepay.yop.sdk.auth.credentials.YopPlatformCredentials;
import com.yeepay.yop.sdk.auth.credentials.provider.YopCredentialsProviderRegistry;
import com.yeepay.yop.sdk.auth.credentials.provider.YopPlatformCredentialsProviderRegistry;
import com.yeepay.yop.sdk.auth.signer.process.YopSignProcessor;
import com.yeepay.yop.sdk.auth.signer.process.YopSignProcessorFactory;
import com.yeepay.yop.sdk.exception.YopClientException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/yeepay/yop/sdk/security/YopSignUtils.class */
public class YopSignUtils {
    private static final String SPLIT_CHAR = "$";
    private static Map<String, CertTypeEnum> digestAlgANdCertTypeMap = new ImmutableMap.Builder().put("SHA256", CertTypeEnum.RSA2048).put("SM3", CertTypeEnum.SM2).build();

    public static void verify(String str, String str2, String str3) {
        validSignature(str2);
        String[] split = StringUtils.split(str2, "$");
        CertTypeEnum certTypeEnum = digestAlgANdCertTypeMap.get(split[1]);
        YopPlatformCredentials yopPlatformCredentials = YopPlatformCredentialsProviderRegistry.getProvider().getYopPlatformCredentials(str3, split.length == 4 ? split[3] : CertTypeEnum.SM2.equals(certTypeEnum) ? YopConstants.YOP_SM_PLATFORM_CERT_DEFAULT_SERIAL_NO : YopConstants.YOP_RSA_PLATFORM_CERT_DEFAULT_SERIAL_NO);
        if (null == yopPlatformCredentials) {
            throw new YopClientException("can not load platform cert");
        }
        verify(str, str2, yopPlatformCredentials.getPublicKey(certTypeEnum));
    }

    public static void verify(String str, String str2, PublicKey publicKey) {
        validSignature(str2);
        String[] split = str2.split("\\$");
        YopSignProcessor yopSignProcess = YopSignProcessorFactory.getYopSignProcess(digestAlgANdCertTypeMap.get(split[1]).getValue());
        if (null == yopSignProcess) {
            throw new YopClientException("unsupported certType");
        }
        if (!yopSignProcess.verify(str, split[0], new PKICredentialsItem(null, publicKey, digestAlgANdCertTypeMap.get(split[1])))) {
            throw new YopClientException("verify fail!");
        }
    }

    public static String sign(String str, String str2, String str3) {
        return sign(str, str2, ((YopPKICredentials) YopCredentialsProviderRegistry.getProvider().getCredentials(str3, str2)).getCredential().getPrivateKey());
    }

    public static String sign(String str, String str2, PrivateKey privateKey) {
        YopSignProcessor yopSignProcess = YopSignProcessorFactory.getYopSignProcess(str2);
        if (null == yopSignProcess) {
            throw new YopClientException("unsupported certType");
        }
        return yopSignProcess.sign(str, new PKICredentialsItem(privateKey, null, CertTypeEnum.parse(str2))) + "$" + yopSignProcess.getDigestAlg().getValue();
    }

    private static void validSignature(String str) {
        String[] split = str.split("\\$");
        if (split.length != 2 && split.length != 4) {
            throw new YopClientException("illegal signature");
        }
        if (digestAlgANdCertTypeMap.get(split[1]) == null) {
            throw new YopClientException("illegal signature");
        }
    }
}
