package io.github.aapplet.wechat.util;

import io.github.aapplet.wechat.exception.WeChatException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;

/* loaded from: input_file:io/github/aapplet/wechat/util/WeChatPemUtil.class */
public class WeChatPemUtil {
    public static PrivateKey loadPrivateKey(String str) {
        return getPrivateKey(WeChatFileUtil.readString(str));
    }

    public static PrivateKey getPrivateKey(String str) {
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(str.replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replaceAll("\\s+", ""))));
        } catch (NoSuchAlgorithmException e) {
            throw new WeChatException("当前Java环境不支持RSA", e);
        } catch (InvalidKeySpecException e2) {
            throw new WeChatException("无效的商户私钥", e2);
        }
    }

    public static X509Certificate getCertificate(byte[] bArr) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            throw new WeChatException("无效的平台证书", e);
        }
    }

    public static KeyPair loadPKCS12(String str, String str2) {
        if (str == null || str.isEmpty()) {
            throw new WeChatException("商户号不能为空");
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(WeChatFileUtil.readAllBytes(str2));
        try {
            char[] charArray = str.toCharArray();
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(byteArrayInputStream, charArray);
            String nextElement = keyStore.aliases().nextElement();
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
            x509Certificate.checkValidity();
            return new KeyPair(x509Certificate.getPublicKey(), (PrivateKey) keyStore.getKey(nextElement, charArray));
        } catch (IOException e) {
            throw new WeChatException("商户号与商户证书不匹配", e);
        } catch (KeyStoreException | NoSuchAlgorithmException e2) {
            throw new WeChatException("当前Java环境不支持PKCS12", e2);
        } catch (UnrecoverableKeyException | CertificateException e3) {
            throw new WeChatException("无效的商户证书", e3);
        }
    }
}
