package com.zhongan.openapi.client.sign.rsa;

import com.zhongan.openapi.client.exception.OpenApiException;
import com.zhongan.openapi.client.sign.SignAlgorithm;
import com.zhongan.openapi.client.utils.StringUtil;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.Signature;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;

/* loaded from: input_file:com/zhongan/openapi/client/sign/rsa/Sha256withRsaAlgorithm.class */
public class Sha256withRsaAlgorithm implements SignAlgorithm {
    public static final String PADDING = "RSA/ECB/OAEPPadding";
    private static final String ALGORITHM = "RSA";
    private static final String SIGN_ALGORITHM = "SHA256withRSA";
    private static final OAEPParameterSpec OAEP_PARAMETER_SPEC = new OAEPParameterSpec("SHA1", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT);

    @Override // com.zhongan.openapi.client.sign.SignAlgorithm
    public String sign(String str, String str2) throws OpenApiException {
        if (str == null || str.isEmpty()) {
            throw new OpenApiException("Invalid input parameters");
        }
        if (StringUtil.isEmpty(str2)) {
            throw new OpenApiException("privatePem is empty");
        }
        try {
            Signature signature = Signature.getInstance(SIGN_ALGORITHM);
            signature.initSign(KeyFactory.getInstance(ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(getPrivateKeyFromPem(str2)))));
            signature.update(str.getBytes(StandardCharsets.UTF_8));
            return Base64.getEncoder().encodeToString(signature.sign());
        } catch (Exception e) {
            throw new OpenApiException("sign fail", e);
        }
    }

    @Override // com.zhongan.openapi.client.sign.SignAlgorithm
    public boolean verify(String str, String str2, String str3) throws OpenApiException {
        if (str == null || str.isEmpty() || str2 == null || str2.isEmpty()) {
            throw new OpenApiException("Invalid input parameters");
        }
        if (StringUtil.isEmpty(str3)) {
            throw new OpenApiException("publicPem is empty");
        }
        try {
            Signature signature = Signature.getInstance(SIGN_ALGORITHM);
            signature.initVerify(KeyFactory.getInstance(ALGORITHM).generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(getPublicKeyFromPem(str3)))));
            signature.update(str.getBytes(StandardCharsets.UTF_8));
            return signature.verify(Base64.getDecoder().decode(str2));
        } catch (Exception e) {
            throw new OpenApiException("verify sign fail", e);
        }
    }

    @Override // com.zhongan.openapi.client.sign.SignAlgorithm
    public String digEvp(String str, String str2) throws OpenApiException {
        if (str == null || str.isEmpty()) {
            throw new OpenApiException("aesKey is empty");
        }
        if (str2 == null || str2.isEmpty()) {
            throw new OpenApiException("publicPem is empty");
        }
        try {
            Cipher cipher = Cipher.getInstance(PADDING);
            cipher.init(1, KeyFactory.getInstance(ALGORITHM).generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(getPublicKeyFromPem(str2)))), OAEP_PARAMETER_SPEC);
            return Base64.getEncoder().encodeToString(cipher.doFinal(str.getBytes()));
        } catch (Exception e) {
            throw new OpenApiException("生成数字证书(加密的aesKey)失败", e);
        }
    }

    String getPublicKeyFromPem(String str) {
        return str.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "").replaceAll("\\s", "");
    }

    String getPrivateKeyFromPem(String str) {
        return str.replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replaceAll("\\s", "");
    }

    @Override // com.zhongan.openapi.client.sign.SignAlgorithm
    public String unDigEvp(String str, String str2) throws OpenApiException {
        try {
            Cipher cipher = Cipher.getInstance(PADDING);
            cipher.init(2, KeyFactory.getInstance(ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(getPrivateKeyFromPem(str2)))), OAEP_PARAMETER_SPEC);
            return new String(cipher.doFinal(Base64.getDecoder().decode(str)));
        } catch (Exception e) {
            throw new OpenApiException("Failed to decrypt the digital certificate (encrypted aesKey). Procedure", e);
        }
    }
}
