package com.ejianc.business.integration.base.network.cryptor;

import com.alibaba.fastjson.JSON;
import com.ejianc.business.integration.base.exception.BusinessException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.RandomStringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/ejianc/business/integration/base/network/cryptor/ISVRequestCrypto.class */
public class ISVRequestCrypto {
    private static final Logger log = LoggerFactory.getLogger(ISVRequestCrypto.class);
    private static final Charset CHARSET = StandardCharsets.UTF_8;
    private final byte[] aesKey;
    private final String appKey;
    private final String appSecret;

    public ISVRequestCrypto(String str, String str2) {
        String buildAesKeyFromSecret = buildAesKeyFromSecret(str2);
        if (buildAesKeyFromSecret.length() != 43) {
            throw new BusinessException("invalid AES key");
        }
        this.aesKey = Base64.getDecoder().decode(buildAesKeyFromSecret + "=");
        this.appSecret = str2;
        this.appKey = str;
    }

    private byte[] getNetworkBytesOrder(int i) {
        return new byte[]{(byte) ((i >> 24) & 255), (byte) ((i >> 16) & 255), (byte) ((i >> 8) & 255), (byte) (i & 255)};
    }

    private int recoverNetworkBytesOrder(byte[] bArr) {
        int i = 0;
        for (int i2 = 0; i2 < 4; i2++) {
            i = (i << 8) | (bArr[i2] & 255);
        }
        return i;
    }

    public String getRandomStr() {
        return RandomStringUtils.random(16, true, true);
    }

    public String encrypt(String str, String str2) {
        ByteGroup byteGroup = new ByteGroup();
        byte[] bytes = str.getBytes(CHARSET);
        byte[] bytes2 = str2.getBytes(CHARSET);
        byte[] networkBytesOrder = getNetworkBytesOrder(bytes2.length);
        byteGroup.addBytes(bytes).addBytes(networkBytesOrder).addBytes(bytes2).addBytes(this.appKey.getBytes(CHARSET));
        byteGroup.addBytes(PKCS7Encoder.encode(byteGroup.size()));
        return doEncrypt(byteGroup.toBytes());
    }

    private String doEncrypt(byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
            cipher.init(1, new SecretKeySpec(this.aesKey, "AES"), new IvParameterSpec(this.aesKey, 0, 16));
            return Base64.getEncoder().encodeToString(cipher.doFinal(bArr));
        } catch (Exception e) {
            throw new BusinessException("AES encrypt failed", e);
        }
    }

    public String decrypt(String str) {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
            cipher.init(2, new SecretKeySpec(this.aesKey, "AES"), new IvParameterSpec(Arrays.copyOfRange(this.aesKey, 0, 16)));
            try {
                byte[] decode = PKCS7Encoder.decode(cipher.doFinal(Base64.getDecoder().decode(str)));
                int recoverNetworkBytesOrder = recoverNetworkBytesOrder(Arrays.copyOfRange(decode, 16, 20));
                String str2 = new String(Arrays.copyOfRange(decode, 20, 20 + recoverNetworkBytesOrder), CHARSET);
                String str3 = new String(Arrays.copyOfRange(decode, 20 + recoverNetworkBytesOrder, decode.length), CHARSET);
                if (str3.equals(this.appKey)) {
                    return str2;
                }
                log.error("suiteKey 校验失败");
                throw new BusinessException("suiteKey inconsistent exists,  from suite key: " + str3 + ", actual suite key: " + this.appKey);
            } catch (Exception e) {
                log.error("无效的 AES key");
                throw new BusinessException("invalid aes key", e);
            }
        } catch (Exception e2) {
            log.error("AES 解密失败, cause: {}", e2.toString());
            throw new BusinessException("AES decrypt failed", e2);
        }
    }

    public EncryptionHolder encrypt(String str, long j, String str2) {
        String encrypt = encrypt(getRandomStr(), str);
        return new EncryptionHolder(SHA1.getSHA1(this.appSecret, String.valueOf(j), str2, encrypt), j, str2, encrypt);
    }

    public EncryptionHolder encrypt(String str) {
        return encrypt(str, System.currentTimeMillis(), getRandomStr());
    }

    public String decrypt(String str, long j, String str2, String str3) {
        String sha1 = SHA1.getSHA1(this.appSecret, String.valueOf(j), str2, str3);
        if (sha1.equals(str)) {
            return decrypt(str3);
        }
        throw new BusinessException("signature invalid, required: " + sha1 + ", actual: " + sha1);
    }

    public String decryptFromJson(String str) {
        EncryptionHolder jsonToHolder = jsonToHolder(str);
        return decrypt(jsonToHolder.getMsgSignature(), jsonToHolder.getTimestamp(), jsonToHolder.getNonce(), jsonToHolder.getEncrypt());
    }

    public String decrypt(EncryptionHolder encryptionHolder) {
        return decrypt(encryptionHolder.getMsgSignature(), encryptionHolder.getTimestamp(), encryptionHolder.getNonce(), encryptionHolder.getEncrypt());
    }

    public EncryptionHolder jsonToHolder(String str) {
        return (EncryptionHolder) JSON.parseObject(str, EncryptionHolder.class);
    }

    public static String buildAesKeyFromSecret(String str) {
        String replaceAll = str.replaceAll("-", "");
        if (replaceAll.length() == 43) {
            return replaceAll;
        }
        if (replaceAll.length() > 43) {
            return replaceAll.substring(0, 43);
        }
        StringBuilder sb = new StringBuilder(replaceAll);
        while (sb.length() < 43) {
            sb.append("0");
        }
        return sb.toString();
    }
}
