package com.ajaxjs.util.cryptography;

import com.ajaxjs.util.EncodeTools;
import com.ajaxjs.util.io.Resources;
import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.nio.charset.StandardCharsets;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Base64;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: input_file:com/ajaxjs/util/cryptography/WeiXinCrypto.class */
public class WeiXinCrypto {
    private static final String TRANSFORMATION = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";

    public static String aesDecryptToString(byte[] bArr, byte[] bArr2, byte[] bArr3, String str) {
        if (bArr.length != 32) {
            throw new IllegalArgumentException("无效的 ApiV3Key，长度必须为32个字节");
        }
        return CommonUtil.doCipher("AES/GCM/NoPadding", 2, bArr, new GCMParameterSpec(128, bArr3), str, bArr2);
    }

    public static String aesDecryptPhone(String str, String str2, String str3) {
        return CommonUtil.doCipher("AES/CBC/PKCS5Padding", 2, EncodeTools.base64Decode(str3), new IvParameterSpec(EncodeTools.base64Decode(str)), str2, null);
    }

    public static String encryptOAEP(String str, X509Certificate x509Certificate) {
        return EncodeTools.base64EncodeToString(CommonUtil.doCipher(TRANSFORMATION, 1, x509Certificate.getPublicKey(), str.getBytes(StandardCharsets.UTF_8)));
    }

    public static String decryptOAEP(String str, PrivateKey privateKey) {
        return new String(CommonUtil.doCipher(TRANSFORMATION, 2, privateKey, Base64.getDecoder().decode(str)), StandardCharsets.UTF_8);
    }

    public static String rsaEncrypt(String str, String str2) {
        try {
            InputStream resource = Resources.getResource(str2);
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(resource);
                x509Certificate.checkValidity();
                String encryptOAEP = encryptOAEP(str, x509Certificate);
                if (resource != null) {
                    resource.close();
                }
                return encryptOAEP;
            } catch (Throwable th) {
                if (resource != null) {
                    try {
                        resource.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (IOException e) {
            throw new UncheckedIOException("IC 错误", e);
        } catch (CertificateExpiredException e2) {
            throw new RuntimeException("证书已过期", e2);
        } catch (CertificateNotYetValidException e3) {
            throw new RuntimeException("证书尚未生效", e3);
        } catch (CertificateException e4) {
            throw new RuntimeException("无效的证书", e4);
        }
    }

    public static String rsaSign(PrivateKey privateKey, byte[] bArr) {
        return EncodeTools.base64EncodeToString(RsaCrypto.sign("SHA256withRSA", privateKey, bArr));
    }
}
