package com.citic.openbank.sdk;

import com.citic.combpre.util.AESUtil;
import com.citic.openbank.configuration.OpenBankSdkConfiguration;
import com.citicbank.cbframework.common.exception.CBException;
import com.citicbank.cbframework.common.security.CBRSA;
import com.lsy.baselib.crypto.util.Base64;
import com.lsy.baselib.crypto.util.CryptUtil;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAKey;
import java.security.interfaces.RSAPrivateKey;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.Map;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.message.BasicHeader;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.EntityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/citic/openbank/sdk/CiticSdk.class */
public class CiticSdk implements CiticSdkInterface {
    private PrivateKey privateKeyDecrypt;
    private PrivateKey privateKeySignature;
    private PublicKey publicKeyEncrypt;
    private PublicKey publicKeyValidateSignature;
    private OpenBankSdkConfiguration configuration = new OpenBankSdkConfiguration();
    private static String ENCODING = "utf8";
    private static Logger logger = LoggerFactory.getLogger(CiticSdk.class);
    private static HttpClient httpClient = null;

    public static CiticSdkInterface getInstance() {
        return new CiticSdk();
    }

    private void checkConfiguration() {
        if (this.configuration.getOpenBusiType() == null || "".equals(this.configuration.getOpenBusiType())) {
            throw new IllegalArgumentException("未设置 open_busi_type 变量");
        }
        if (this.configuration.getOpenVer() == null || "".equals(this.configuration.getOpenVer())) {
            throw new IllegalArgumentException("未设置 open_ver 变量");
        }
        if (this.configuration.getOpenMerCode() == null || "".equals(this.configuration.getOpenMerCode())) {
            throw new IllegalArgumentException("未设置 open_mer_code 变量");
        }
        if (this.configuration.getOpenMerName() == null || "".equals(this.configuration.getOpenMerName())) {
            throw new IllegalArgumentException("未设置 open_mer_name 变量");
        }
        if (this.configuration.getPublicUrl() == null || "".equals(this.configuration.getPublicUrl())) {
            throw new IllegalArgumentException("未设置 public_url 变量");
        }
        if (this.configuration.getTransferEncode() == null || "".equals(this.configuration.getTransferEncode())) {
            throw new IllegalArgumentException("未设置 transfer_encode 变量");
        }
        if (this.configuration.getConnectionTimeout() == -1) {
            throw new IllegalArgumentException("未设置 open_mer_name 变量");
        }
    }

    public PrivateKey getPrivateKeyDecrypt() {
        return this.privateKeyDecrypt;
    }

    @Override // com.citic.openbank.sdk.CiticSdkInterface
    public void setOpenVer(String str) {
        this.configuration.setOpenVer(str);
    }

    @Override // com.citic.openbank.sdk.CiticSdkInterface
    public void setOpenMerCode(String str) {
        this.configuration.setOpenMerCode(str);
    }

    @Override // com.citic.openbank.sdk.CiticSdkInterface
    public void setOpenMerName(String str) {
        this.configuration.setOpenMerName(str);
    }

    @Override // com.citic.openbank.sdk.CiticSdkInterface
    public void setOpenBusiType(String str) {
        this.configuration.setOpenBusiType(str);
    }

    @Override // com.citic.openbank.sdk.CiticSdkInterface
    public void setConnectionTimeout(int i) {
        this.configuration.setConnectionTimeout(i);
    }

    @Override // com.citic.openbank.sdk.CiticSdkInterface
    public void setPublicUrl(String str) {
        this.configuration.setPublicUrl(str);
    }

    @Override // com.citic.openbank.sdk.CiticSdkInterface
    public void setTransferEncode(String str) {
        this.configuration.setTransferEncode(str);
    }

    private PrivateKey generatePrivKeyFromBytes(byte[] bArr, byte[] bArr2) {
        char[] cArr = null;
        try {
            cArr = new String(bArr2, "UTF-8").toCharArray();
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
        PrivateKey privateKey = null;
        try {
            privateKey = CryptUtil.decryptPrivateKey(bArr, cArr);
        } catch (AppException e2) {
            e2.printStackTrace();
        }
        return privateKey;
    }

    @Override // com.citic.openbank.sdk.CiticSdkInterface
    public void setPrivateKeyDecryptWithPwd(byte[] bArr, byte[] bArr2) {
        PrivateKey generatePrivKeyFromBytes = generatePrivKeyFromBytes(bArr, bArr2);
        if (generatePrivKeyFromBytes == null) {
            logger.error("设置 privateKeyDecrypt 失败, 手工修改密钥文件可能导致这种失败");
            throw new RuntimeException("设置 privateKeyDecrypt 失败");
        }
        this.privateKeyDecrypt = generatePrivKeyFromBytes;
    }

    public PrivateKey getPrivateKeySignature() {
        return this.privateKeySignature;
    }

    @Override // com.citic.openbank.sdk.CiticSdkInterface
    public void setPrivateKeySignatureWithPwd(byte[] bArr, byte[] bArr2) {
        PrivateKey generatePrivKeyFromBytes = generatePrivKeyFromBytes(bArr, bArr2);
        if (generatePrivKeyFromBytes == null) {
            logger.error("设置 privateKeySignature 失败, 手工修改密钥文件可能导致这种失败");
            throw new RuntimeException("设置 privateKeySignature 失败");
        }
        this.privateKeySignature = generatePrivKeyFromBytes;
    }

    @Override // com.citic.openbank.sdk.CiticSdkInterface
    public void setPrivateKeyDecryptWithPwdUseStr(String str, String str2) {
        try {
            setPrivateKeyDecryptWithPwd(Base64.decode(str.getBytes("UTF-8")), str2.getBytes("UTF-8"));
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
    }

    @Override // com.citic.openbank.sdk.CiticSdkInterface
    public void setPrivateKeySignatureWithPwdUseStr(String str, String str2) {
        try {
            setPrivateKeySignatureWithPwd(Base64.decode(str.getBytes("UTF-8")), str2.getBytes("UTF-8"));
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
    }

    public PublicKey getPublicKeyEncrypt() {
        return this.publicKeyEncrypt;
    }

    @Override // com.citic.openbank.sdk.CiticSdkInterface
    public void setPublicKeyEncrypt(byte[] bArr) {
        PublicKey generatePubKeyFromBytes = generatePubKeyFromBytes(bArr);
        if (generatePubKeyFromBytes == null) {
            logger.error("设置 publicKeyEncrypt 失败, 手工修改密钥文件可能导致这种失败");
            throw new RuntimeException("设置 publicKeyEncrypt 失败");
        }
        this.publicKeyEncrypt = generatePubKeyFromBytes;
    }

    public PublicKey getPublicKeyValidateSignature() {
        return this.publicKeyValidateSignature;
    }

    @Override // com.citic.openbank.sdk.CiticSdkInterface
    public void setPublicKeyValidateSignature(byte[] bArr) {
        PublicKey generatePubKeyFromBytes = generatePubKeyFromBytes(bArr);
        if (generatePubKeyFromBytes == null) {
            logger.error("设置 publicKeyValidateSignature 失败, 手工修改密钥文件可能导致这种失败");
            throw new RuntimeException("设置 publicKeyValidateSignature 失败");
        }
        this.publicKeyValidateSignature = generatePubKeyFromBytes;
    }

    @Override // com.citic.openbank.sdk.CiticSdkInterface
    public void setPublicKeyEncryptUseStr(String str) {
        try {
            setPublicKeyEncrypt(Base64.decode(str.getBytes("UTF-8")));
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
    }

    @Override // com.citic.openbank.sdk.CiticSdkInterface
    public void setPublicKeyValidateSignatureUseStr(String str) {
        try {
            setPublicKeyValidateSignature(Base64.decode(str.getBytes("UTF-8")));
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
    }

    private PublicKey generatePubKeyFromBytes(byte[] bArr) {
        X509Certificate x509Certificate = null;
        try {
            x509Certificate = CryptUtil.generateX509Certificate(bArr);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return x509Certificate.getPublicKey();
    }

    protected static HttpClient getHttpClient() throws KeyManagementException, NoSuchAlgorithmException {
        if (httpClient != null) {
            return httpClient;
        }
        SSLContext build = SSLContexts.custom().build();
        build.init(null, new TrustManager[]{new X509TrustManager() { // from class: com.citic.openbank.sdk.CiticSdk.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        }}, null);
        httpClient = HttpClients.custom().setConnectionManager(new PoolingHttpClientConnectionManager(RegistryBuilder.create().register("http", PlainConnectionSocketFactory.INSTANCE).register("https", new SSLConnectionSocketFactory(build, NoopHostnameVerifier.INSTANCE)).build())).build();
        return httpClient;
    }

    protected String buildReqJson(RequestHeader requestHeader, String str) throws Exception {
        if (requestHeader.getOpenMerFlowId() == null || "".equals(requestHeader.getOpenMerFlowId())) {
            throw new IllegalArgumentException("商户流水号不得为空");
        }
        if (requestHeader.getOpenTransCode() == null || "".equals(requestHeader.getOpenTransCode())) {
            throw new IllegalArgumentException("交易码不得为空");
        }
        if (str == null || "".equals(str.trim()) || "{}".equals(str.trim())) {
            str = "{\"__blank_body__\": \"\"}";
        }
        String substring = str.substring(str.indexOf(123) + 1, str.lastIndexOf(125));
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMdd");
        SimpleDateFormat simpleDateFormat2 = new SimpleDateFormat("HHmmss");
        Object[] objArr = new Object[10];
        objArr[0] = requestHeader.getOpenVer() == null ? this.configuration.getOpenVer() : requestHeader.getOpenVer();
        objArr[1] = requestHeader.getOpenTransCode();
        objArr[2] = requestHeader.getOpenMerCode() == null ? this.configuration.getOpenMerCode() : requestHeader.getOpenMerCode();
        objArr[3] = requestHeader.getOpenMerName() == null ? this.configuration.getOpenMerName() : requestHeader.getOpenMerName();
        objArr[4] = requestHeader.getOpenBusiType() == null ? this.configuration.getOpenBusiType() : requestHeader.getOpenBusiType();
        objArr[5] = requestHeader.getOpenLaunchDate() == null ? simpleDateFormat.format(new Date()) : requestHeader.getOpenLaunchDate();
        objArr[6] = requestHeader.getOpenLaunchTime() == null ? simpleDateFormat2.format(new Date()) : requestHeader.getOpenLaunchTime();
        objArr[7] = requestHeader.getOpenMerFlowId();
        objArr[8] = requestHeader.getOpenTransCode();
        objArr[9] = substring;
        String format = String.format("{\n \"OPENVER\": \"%s\",\n \"OPENTRANSCODE\": \"%s\",\n \"OPENMERCODE\": \"%s\",\n \"OPENMERNAME\": \"%s\",\n \"OPENBUSITYPE\": \"%s\",\n \"OPENLAUNCHDATE\": \"%s\",\n \"OPENLAUNCHTIME\": \"%s\",\n \"OPENMERFLOWID\": \"%s\",\n \"txCode\": \"%s\",\n %s\n}\n", objArr);
        logger.debug("请求报文明文: " + format);
        String signature = signature(format);
        String encryptBusiness = encryptBusiness(format);
        JSONObject fromObject = JSONObject.fromObject("{}");
        fromObject.put("encryptBody", encryptBusiness);
        fromObject.put("sign", signature);
        return fromObject.toString();
    }

    private Boolean verifySign1(byte[] bArr, String str) throws Exception {
        PublicKey publicKeyValidateSignature = getPublicKeyValidateSignature();
        if (publicKeyValidateSignature == null) {
            logger.error("验签公钥为空");
            return false;
        }
        Signature signature = Signature.getInstance("SHA1WithRSA");
        signature.initVerify(publicKeyValidateSignature);
        signature.update(bArr);
        return Boolean.valueOf(signature.verify(Base64.decode(str.getBytes("utf8"))));
    }

    protected String verifySignBusiness(String str, String str2) throws AppException {
        JSONObject fromObject = JSONObject.fromObject(str);
        String str3 = ("".equals(str2) || str2 == null) ? (String) fromObject.remove("signData") : str2;
        if (str3 == null) {
            logger.error("signData is null");
            throw new AppException("IF01036");
        }
        String replace = str3.replace("\r|\n", "");
        String replaceAll = formaturlMap(fromObject).toString().replaceAll("\\}\\{", "\\},\\{").replaceAll("\r|\n", "");
        try {
            if (verifySign1(replaceAll.getBytes(this.configuration.getTransferEncode()), replace).booleanValue()) {
                return replaceAll;
            }
            throw new AppException("IF01001");
        } catch (Exception e) {
            logger.error("验签异常", e);
            throw new AppException("IF01001", e);
        }
    }

    protected static StringBuffer formaturlMap(JSONObject jSONObject) {
        if (jSONObject == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        ArrayList<Map.Entry> arrayList = new ArrayList(jSONObject.entrySet());
        Collections.sort(arrayList, new Comparator<Map.Entry<String, Object>>() { // from class: com.citic.openbank.sdk.CiticSdk.2
            @Override // java.util.Comparator
            public int compare(Map.Entry<String, Object> entry, Map.Entry<String, Object> entry2) {
                return entry.getKey().compareTo(entry2.getKey());
            }
        });
        stringBuffer.append("{");
        for (Map.Entry entry : arrayList) {
            String str = (String) entry.getKey();
            if (!"commonDataList".equalsIgnoreCase(str)) {
                stringBuffer.append("\"" + str + "\"");
                stringBuffer.append(":");
                Object value = entry.getValue();
                if (value instanceof JSONObject) {
                    stringBuffer.append(formaturlMap((JSONObject) value));
                } else if (value instanceof String) {
                    stringBuffer.append("\"" + value + "\"");
                } else if (value instanceof JSONArray) {
                    stringBuffer.append("[");
                    JSONArray jSONArray = (JSONArray) value;
                    for (int i = 0; i < jSONArray.size(); i++) {
                        StringBuffer stringBuffer2 = new StringBuffer();
                        Object obj = jSONArray.get(i);
                        if (obj instanceof JSONObject) {
                            stringBuffer2 = formaturlMap((JSONObject) obj);
                        }
                        stringBuffer.append(stringBuffer2);
                    }
                    stringBuffer.append("]");
                }
                stringBuffer.append(",");
            }
        }
        stringBuffer.delete(stringBuffer.length() - 1, stringBuffer.length());
        if (stringBuffer.length() > 0) {
            stringBuffer.append("}");
        }
        return stringBuffer;
    }

    @Override // com.citic.openbank.sdk.CiticSdkInterface
    public String signature(String str) throws AppException {
        try {
            byte[] bytes = formaturlMap(JSONObject.fromObject(str.replace("\r|\n", ""))).toString().replaceAll("\\}\\{", "\\},\\{").getBytes(ENCODING);
            PrivateKey privateKeySignature = getPrivateKeySignature();
            Signature signature = Signature.getInstance("SHA1WithRSA");
            signature.initSign(privateKeySignature);
            signature.update(bytes);
            return new String(Base64.encode(signature.sign()), ENCODING).replace("\r|\n", "");
        } catch (Exception e) {
            logger.error("签名失败: " + e.getStackTrace(), e);
            throw new AppException("IF01002", e);
        }
    }

    @Override // com.citic.openbank.sdk.CiticSdkInterface
    public String decryptDataFromBusiness(String str) throws AppException {
        String[] split = str.split("@@");
        try {
            return new String(AESUtil.decrypt(Base64.decode(split[0].getBytes("UTF-8")), new String(CBRSA.decrypt((RSAPrivateKey) getPrivateKeyDecrypt(), Base64.decode(split[1].getBytes("UTF-8"))), "UTF-8")), ENCODING);
        } catch (Exception e) {
            logger.error("解密报文异常", e);
            throw new AppException("IF01017", e);
        }
    }

    @Override // com.citic.openbank.sdk.CiticSdkInterface
    public String remoteCall(RequestHeader requestHeader, String str) throws AppException {
        checkConfiguration();
        String transferEncode = this.configuration.getTransferEncode();
        try {
            String buildReqJson = buildReqJson(requestHeader, str);
            logger.debug("请求报文密文: " + buildReqJson);
            try {
                HttpClient httpClient2 = getHttpClient();
                HttpPost httpPost = new HttpPost(this.configuration.getPublicUrl());
                try {
                    StringEntity stringEntity = new StringEntity(buildReqJson);
                    stringEntity.setContentType("text/json");
                    stringEntity.setContentEncoding(new BasicHeader("Content-Type", "application/json"));
                    httpPost.setEntity(stringEntity);
                    try {
                        try {
                            String entityUtils = EntityUtils.toString(httpClient2.execute(httpPost).getEntity(), transferEncode);
                            logger.debug("响应报文密文: " + entityUtils);
                            String validateSignature = validateSignature(entityUtils);
                            if (validateSignature == null) {
                                logger.error("验签失败!!");
                                return null;
                            }
                            logger.debug("响应报文明文: " + validateSignature);
                            return validateSignature;
                        } catch (IOException e) {
                            logger.error("encoding response error  ", e);
                            throw new AppException("IF01006", e);
                        }
                    } catch (IOException e2) {
                        logger.error("httpclient execute error ", e2);
                        throw new AppException("IF01005", e2);
                    }
                } catch (UnsupportedEncodingException e3) {
                    logger.error("unsupport encoding ", e3);
                    throw new AppException("IF01004", e3);
                }
            } catch (KeyManagementException e4) {
                logger.error("get httpclient error", e4);
                throw new AppException("IF01002", e4);
            } catch (NoSuchAlgorithmException e5) {
                logger.error("get httpclient error", e5);
                throw new AppException("IF01003", e5);
            }
        } catch (Exception e6) {
            logger.error("build ReqJson error", e6);
            throw new AppException("IF01001", e6);
        }
    }

    @Override // com.citic.openbank.sdk.CiticSdkInterface
    public String validateSignature(String str) throws AppException {
        JSONObject fromObject = JSONObject.fromObject(str);
        String string = fromObject.getString("encryptBody");
        if (string == null || "".equals(string)) {
            return null;
        }
        try {
            try {
                return verifySignBusiness(decryptDataFromBusiness(string), fromObject.getString("sign"));
            } catch (AppException e) {
                logger.error("验证签名异常", e);
                throw e;
            } catch (Exception e2) {
                logger.error("验签失败: ", e2);
                throw new AppException("IF01007", e2);
            }
        } catch (AppException e3) {
            e3.printStackTrace();
            return null;
        }
    }

    @Override // com.citic.openbank.sdk.CiticSdkInterface
    public String encryptBusiness(String str) throws AppException {
        String str2;
        String randomAESKey = AESUtil.getRandomAESKey();
        try {
            String str3 = new String(Base64.encode(AESUtil.encrypt(str, randomAESKey)), "UTF-8");
            PublicKey publicKeyEncrypt = getPublicKeyEncrypt();
            if (publicKeyEncrypt == null) {
                str2 = str;
            } else {
                byte[] bArr = new byte[0];
                try {
                    try {
                        str2 = str3 + "@@" + new String(Base64.encode(CBRSA.encrypt((RSAKey) publicKeyEncrypt, randomAESKey.getBytes("UTF-8"))), "UTF-8");
                    } catch (UnsupportedEncodingException e) {
                        throw new IllegalArgumentException();
                    }
                } catch (CBException e2) {
                    logger.error("CBException", e2);
                    throw new AppException("IF01008", (Exception) e2);
                } catch (UnsupportedEncodingException e3) {
                    logger.error("UnsupportedEncodingException", e3);
                    throw new IllegalArgumentException();
                }
            }
            return str2;
        } catch (UnsupportedEncodingException e4) {
            throw new IllegalArgumentException();
        }
    }
}
