package com.fbank.openapi.sdk.util;

import com.fbank.openapi.sdk.config.Configuration;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sun.security.pkcs.ContentInfo;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.PKCS9Attributes;
import sun.security.pkcs.SignerInfo;
import sun.security.util.DerValue;
import sun.security.x509.AlgorithmId;

/* loaded from: input_file:com/fbank/openapi/sdk/util/RSAUtils.class */
public class RSAUtils {
    private static final Logger LOGGER = LoggerFactory.getLogger(RSAUtils.class);
    private static final String SHA256_WITH_RSA = "SHA256withRSA";
    private static final String SHA256 = "SHA256";

    public static String signature(String str, String str2) throws Exception {
        Signature signature = Signature.getInstance(SHA256_WITH_RSA);
        signature.initSign(CertFileUtils.toPrivateKey(str2));
        signature.update(str.getBytes());
        return Base64.encodeBase64String(signature.sign());
    }

    public static boolean verifySignature(String str, String str2, String str3) throws Exception {
        PublicKey publicKey = CertFileUtils.toPublicKey(str3);
        Signature signature = Signature.getInstance(SHA256_WITH_RSA);
        signature.initVerify(publicKey);
        signature.update(str.getBytes(StandardCharsets.UTF_8));
        return signature.verify(Base64.decodeBase64(str2));
    }

    public static String detachSign(byte[] bArr, Configuration configuration) throws Exception {
        Signature signature = Signature.getInstance(SHA256_WITH_RSA);
        signature.initSign(CertFileUtils.toPrivateKey(configuration.privateKey()));
        signature.update(bArr, 0, bArr.length);
        return base64Encode(createPKCS7(configuration, signature.sign()));
    }

    private static byte[] createPKCS7(Configuration configuration, byte[] bArr) throws NoSuchAlgorithmException, IOException {
        AlgorithmId[] algorithmIdArr = {AlgorithmId.get(SHA256)};
        ContentInfo contentInfo = new ContentInfo(ContentInfo.DATA_OID, (DerValue) null);
        X509Certificate signCert = getSignCert(configuration.pfxFileName(), configuration.pfxPassword());
        if (signCert == null) {
            throw new IllegalArgumentException("something wrong with cert file, pls check it!");
        }
        PKCS7 pkcs7 = new PKCS7(algorithmIdArr, contentInfo, new X509Certificate[]{signCert}, new SignerInfo[]{new SignerInfo(signCert.getIssuerDN(), signCert.getSerialNumber(), AlgorithmId.get(SHA256), (PKCS9Attributes) null, new AlgorithmId(AlgorithmId.RSAEncryption_oid), bArr, (PKCS9Attributes) null)});
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Throwable th = null;
        try {
            pkcs7.encodeSignedData(byteArrayOutputStream);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            if (byteArrayOutputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    byteArrayOutputStream.close();
                }
            }
            return byteArray;
        } catch (Throwable th3) {
            if (byteArrayOutputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    byteArrayOutputStream.close();
                }
            }
            throw th3;
        }
    }

    private static X509Certificate getSignCert(String str, String str2) {
        try {
            KeyStore keyStore = CertFileUtils.getKeyStore(str, str2);
            return (X509Certificate) keyStore.getCertificate(CertFileUtils.getKeyAlias(keyStore));
        } catch (Exception e) {
            LOGGER.error("get sign cert error ", e);
            return null;
        }
    }

    private static String base64Encode(byte[] bArr) {
        return Base64.encodeBase64String(bArr).replaceAll("\r\n", "").replaceAll("\n", "").replaceAll(" ", "").replaceAll("\t", "");
    }

    public static boolean detachVerify(byte[] bArr, String str) throws NoSuchAlgorithmException, SignatureException, IOException {
        if (str == null) {
            throw new IllegalArgumentException("signedData can't be null");
        }
        PKCS7 pkcs7 = new PKCS7(Base64.decodeBase64(str));
        SignerInfo[] verify = bArr == null ? pkcs7.verify() : pkcs7.verify(bArr);
        if (verify != null) {
            return pkcs7.getCertificates()[0].getSerialNumber().equals(verify[0].getCertificateSerialNumber());
        }
        return false;
    }
}
