package io.github.icodegarden.commons.lang.spec.sign;

import io.github.icodegarden.commons.lang.spec.response.OpenApiResponse;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/github/icodegarden/commons/lang/spec/sign/RSASignUtils.class */
public class RSASignUtils extends BaseSignUtils {
    private static final Logger log = LoggerFactory.getLogger(RSASignUtils.class);
    private static final String SIGN_ALGORITHMS = "SHA1WithRSA";
    private static final String SIGN_SHA256RSA_ALGORITHMS = "SHA256WithRSA";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/github/icodegarden/commons/lang/spec/sign/RSASignUtils$SignType.class */
    public enum SignType {
        RSA,
        RSA2
    }

    public static boolean supports(String str) {
        try {
            SignType.valueOf(str);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public static String requestSign(OpenApiRequestBody openApiRequestBody, String str) {
        String buildRequestSignParams = buildRequestSignParams(openApiRequestBody, null);
        if (log.isDebugEnabled()) {
            log.debug("request params to sign:{}", buildRequestSignParams);
        }
        try {
            return doSign(str, buildRequestSignParams, openApiRequestBody.getSign_type(), openApiRequestBody.getCharset());
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    public static boolean validateRequestSign(OpenApiRequestBody openApiRequestBody, String str) {
        try {
            return doValidate(str, buildRequestSignParams(openApiRequestBody, null), openApiRequestBody.getSign_type(), openApiRequestBody.getCharset(), openApiRequestBody.getSign());
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    public static String responseSign(OpenApiResponse openApiResponse, String str, String str2) {
        return responseSign(openApiResponse, str, "UTF-8", str2);
    }

    public static String responseSign(OpenApiResponse openApiResponse, String str, String str2, String str3) {
        String buildResponseSignParams = buildResponseSignParams(openApiResponse);
        if (log.isDebugEnabled()) {
            log.debug("response params to sign:{}", buildResponseSignParams);
        }
        try {
            return doSign(str3, buildResponseSignParams, str, str2);
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    public static boolean validateResponseSign(OpenApiResponse openApiResponse, String str, String str2, String str3) {
        try {
            return doValidate(str3, buildResponseSignParams(openApiResponse), str, str2, openApiResponse.getSign());
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    private static String doSign(String str, String str2, String str3, String str4) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, UnsupportedEncodingException, InvalidKeySpecException {
        PrivateKey privateKeyFromPKCS8;
        Signature signature;
        if (SignType.RSA.name().equals(str3)) {
            privateKeyFromPKCS8 = getPrivateKeyFromPKCS8(SignType.RSA.name(), str);
            signature = Signature.getInstance(SIGN_ALGORITHMS);
        } else {
            if (!SignType.RSA2.name().equals(str3)) {
                throw new IllegalArgumentException("不是支持的签名类型 : : signType=" + str3);
            }
            privateKeyFromPKCS8 = getPrivateKeyFromPKCS8(SignType.RSA.name(), str);
            signature = Signature.getInstance(SIGN_SHA256RSA_ALGORITHMS);
        }
        signature.initSign(privateKeyFromPKCS8);
        if (hasText(str4)) {
            signature.update(str2.getBytes(str4));
        } else {
            signature.update(str2.getBytes());
        }
        return new String(Base64.getEncoder().encode(signature.sign()));
    }

    private static boolean doValidate(String str, String str2, String str3, String str4, String str5) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, UnsupportedEncodingException, InvalidKeySpecException {
        Signature signature;
        PublicKey publicKeyFromX509 = getPublicKeyFromX509("RSA", str);
        if (SignType.RSA.name().equals(str3)) {
            signature = Signature.getInstance(SIGN_ALGORITHMS);
        } else {
            if (!SignType.RSA2.name().equals(str3)) {
                throw new IllegalArgumentException("不是支持的签名类型 : signType=" + str3);
            }
            signature = Signature.getInstance(SIGN_SHA256RSA_ALGORITHMS);
        }
        signature.initVerify(publicKeyFromX509);
        if (hasText(str4)) {
            signature.update(str2.getBytes(str4));
        } else {
            signature.update(str2.getBytes());
        }
        return signature.verify(Base64.getDecoder().decode(str5.getBytes()));
    }

    private static String buildResponseSignParams(OpenApiResponse openApiResponse) {
        return "biz_content=" + openApiResponse.getBiz_content();
    }

    private static PrivateKey getPrivateKeyFromPKCS8(String str, String str2) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance(str).generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(str2.getBytes())));
    }

    private static PublicKey getPublicKeyFromX509(String str, String str2) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance(str).generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(str2.getBytes())));
    }
}
