package com.yeepay.g3.sdk.yop.client;

import com.yeepay.g3.sdk.yop.config.AppSDKConfig;
import com.yeepay.g3.sdk.yop.encrypt.CertTypeEnum;
import com.yeepay.g3.sdk.yop.encrypt.DigestAlgEnum;
import com.yeepay.g3.sdk.yop.encrypt.DigitalSignatureDTO;
import com.yeepay.g3.sdk.yop.exception.YopClientException;
import com.yeepay.g3.sdk.yop.http.Headers;
import com.yeepay.g3.sdk.yop.http.HttpUtils;
import com.yeepay.g3.sdk.yop.unmarshaller.JacksonJsonMarshaller;
import com.yeepay.g3.sdk.yop.utils.DateUtils;
import com.yeepay.g3.sdk.yop.utils.DigitalEnvelopeUtils;
import com.yeepay.g3.sdk.yop.utils.Exceptions;
import com.yeepay.g3.sdk.yop.utils.RSAKeyUtils;
import com.yeepay.shade.com.google.common.base.Joiner;
import com.yeepay.shade.com.google.common.collect.Lists;
import com.yeepay.shade.com.google.common.collect.Maps;
import com.yeepay.shade.com.google.common.collect.Sets;
import com.yeepay.shade.org.apache.commons.lang3.StringUtils;
import com.yeepay.shade.org.apache.http.client.methods.RequestBuilder;
import com.yeepay.shade.org.apache.http.entity.ContentType;
import com.yeepay.shade.org.apache.http.entity.mime.MultipartEntityBuilder;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.SortedMap;
import java.util.TreeMap;
import java.util.UUID;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/yeepay/g3/sdk/yop/client/YopClient3.class */
public class YopClient3 extends AbstractClient {
    protected static final Logger LOGGER = Logger.getLogger(YopClient3.class);
    private static final Set<String> defaultHeadersToSign = Sets.newHashSet();
    private static final Joiner headerJoiner = Joiner.on('\n');
    private static final Joiner signedHeaderStringJoiner = Joiner.on(';');
    private static final String EXPIRED_SECONDS = "1800";

    public static YopResponse postRsa(String str, YopRequest yopRequest) throws IOException {
        String richRequest = richRequest(str, yopRequest);
        sign(str, yopRequest);
        RequestBuilder uri = RequestBuilder.post().setUri(richRequest);
        for (Map.Entry<String, String> entry : yopRequest.getHeaders().entrySet()) {
            uri.addHeader(entry.getKey(), entry.getValue());
        }
        for (Map.Entry<String, String> entry2 : yopRequest.getParams().entries()) {
            uri.addParameter(entry2.getKey(), entry2.getValue());
        }
        YopResponse fetchContentByApacheHttpClient = fetchContentByApacheHttpClient(uri.build());
        handleRsaResult(fetchContentByApacheHttpClient, yopRequest.getAppSDKConfig());
        return fetchContentByApacheHttpClient;
    }

    public static YopResponse uploadRsa(String str, YopRequest yopRequest) throws IOException {
        String richRequest = richRequest(str, yopRequest);
        sign(str, yopRequest);
        RequestBuilder uri = RequestBuilder.post().setUri(richRequest);
        for (Map.Entry<String, String> entry : yopRequest.getHeaders().entrySet()) {
            uri.addHeader(entry.getKey(), entry.getValue());
        }
        if (yopRequest.hasFiles()) {
            MultipartEntityBuilder create = MultipartEntityBuilder.create();
            for (Map.Entry<String, Object> entry2 : yopRequest.getMultiportFiles().entries()) {
                String key = entry2.getKey();
                Object value = entry2.getValue();
                if (value instanceof String) {
                    create.addBinaryBody(key, new File((String) value));
                } else if (value instanceof File) {
                    create.addBinaryBody(key, (File) value);
                } else {
                    create.addBinaryBody(key, (InputStream) value, ContentType.DEFAULT_BINARY, generateFileName());
                }
            }
            for (Map.Entry<String, String> entry3 : yopRequest.getParams().entries()) {
                create.addTextBody(entry3.getKey(), entry3.getValue());
            }
            uri.setEntity(create.build());
        } else {
            for (Map.Entry<String, String> entry4 : yopRequest.getParams().entries()) {
                uri.addParameter(entry4.getKey(), entry4.getValue());
            }
        }
        YopResponse fetchContentByApacheHttpClient = fetchContentByApacheHttpClient(uri.build());
        handleRsaResult(fetchContentByApacheHttpClient, yopRequest.getAppSDKConfig());
        return fetchContentByApacheHttpClient;
    }

    private static void sign(String str, YopRequest yopRequest) {
        PrivateKey string2PrivateKey;
        String appKey = yopRequest.getAppSDKConfig().getAppKey();
        String formatCompressedIso8601Timestamp = DateUtils.formatCompressedIso8601Timestamp(System.currentTimeMillis());
        Map<String, String> headers = yopRequest.getHeaders();
        if (!headers.containsKey(Headers.YOP_REQUEST_ID)) {
            headers.put(Headers.YOP_REQUEST_ID, UUID.randomUUID().toString());
        }
        headers.put(Headers.YOP_DATE, formatCompressedIso8601Timestamp);
        String str2 = "yop-auth-v2/" + appKey + "/" + formatCompressedIso8601Timestamp + "/" + EXPIRED_SECONDS;
        HashSet hashSet = new HashSet();
        hashSet.add(Headers.YOP_REQUEST_ID);
        hashSet.add(Headers.YOP_DATE);
        headers.put(Headers.YOP_APP_KEY, appKey);
        hashSet.add(Headers.YOP_APP_KEY);
        String canonicalURIPath = HttpUtils.getCanonicalURIPath(str);
        String canonicalQueryString = HttpUtils.getCanonicalQueryString(yopRequest.getParams(), true);
        SortedMap<String, String> headersToSign = getHeadersToSign(headers, hashSet);
        String canonicalHeaders = getCanonicalHeaders(headersToSign);
        String lowerCase = hashSet != null ? signedHeaderStringJoiner.join(headersToSign.keySet()).trim().toLowerCase() : "";
        String str3 = str2 + "\nPOST\n" + canonicalURIPath + StringUtils.LF + canonicalQueryString + StringUtils.LF + canonicalHeaders;
        if (StringUtils.length(yopRequest.getSecretKey()) > 128) {
            try {
                string2PrivateKey = RSAKeyUtils.string2PrivateKey(yopRequest.getSecretKey());
            } catch (NoSuchAlgorithmException e) {
                throw Exceptions.unchecked(e);
            } catch (InvalidKeySpecException e2) {
                throw Exceptions.unchecked(e2);
            }
        } else {
            string2PrivateKey = yopRequest.getAppSDKConfig().getIsvPrivateKey();
        }
        if (null == string2PrivateKey) {
            throw new YopClientException("Can't init ISV private key!");
        }
        DigitalSignatureDTO digitalSignatureDTO = new DigitalSignatureDTO();
        digitalSignatureDTO.setPlainText(str3);
        digitalSignatureDTO.setCertType(CertTypeEnum.RSA2048);
        digitalSignatureDTO.setDigestAlg(DigestAlgEnum.SHA256);
        DigitalSignatureDTO sign = DigitalEnvelopeUtils.sign(digitalSignatureDTO, string2PrivateKey);
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("canonicalRequest:" + str3);
            LOGGER.debug("signature:" + sign.getSignature());
        }
        headers.put(Headers.AUTHORIZATION, "YOP-RSA2048-SHA256 yop-auth-v2/" + appKey + "/" + formatCompressedIso8601Timestamp + "/" + EXPIRED_SECONDS + "/" + lowerCase + "/" + sign.getSignature());
    }

    private static void handleRsaResult(YopResponse yopResponse, AppSDKConfig appSDKConfig) {
        String stringResult = yopResponse.getStringResult();
        if (StringUtils.isNotBlank(stringResult)) {
            yopResponse.setResult(JacksonJsonMarshaller.unmarshal(stringResult, Object.class));
        }
        String sign = yopResponse.getSign();
        if (StringUtils.isNotBlank(sign)) {
            yopResponse.setValidSign(verifySignature(stringResult, sign, appSDKConfig));
        }
    }

    public static boolean verifySignature(String str, String str2, AppSDKConfig appSDKConfig) {
        String replaceAll = str.replaceAll("[ \t\n]", "");
        DigitalSignatureDTO digitalSignatureDTO = new DigitalSignatureDTO();
        digitalSignatureDTO.setCertType(CertTypeEnum.RSA2048);
        digitalSignatureDTO.setSignature(str2);
        digitalSignatureDTO.setPlainText(StringUtils.trimToEmpty(replaceAll));
        try {
            DigitalEnvelopeUtils.verify(digitalSignatureDTO, appSDKConfig.getYopPublicKey());
            return true;
        } catch (Exception e) {
            LOGGER.error("error verify sign", e);
            return false;
        }
    }

    private static String getCanonicalHeaders(SortedMap<String, String> sortedMap) {
        if (sortedMap.isEmpty()) {
            return "";
        }
        ArrayList newArrayList = Lists.newArrayList();
        for (Map.Entry<String, String> entry : sortedMap.entrySet()) {
            String key = entry.getKey();
            if (key != null) {
                String value = entry.getValue();
                if (value == null) {
                    value = "";
                }
                newArrayList.add(HttpUtils.normalize(key.trim().toLowerCase()) + ':' + HttpUtils.normalize(value.trim()));
            }
        }
        Collections.sort(newArrayList);
        return headerJoiner.join(newArrayList);
    }

    private static SortedMap<String, String> getHeadersToSign(Map<String, String> map, Set<String> set) {
        TreeMap newTreeMap = Maps.newTreeMap();
        if (set != null) {
            HashSet newHashSet = Sets.newHashSet();
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                newHashSet.add(it.next().trim().toLowerCase());
            }
            set = newHashSet;
        }
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String key = entry.getKey();
            if (entry.getValue() != null && !entry.getValue().isEmpty() && ((set == null && isDefaultHeaderToSign(key)) || (set != null && set.contains(key.toLowerCase()) && !Headers.AUTHORIZATION.equalsIgnoreCase(key)))) {
                newTreeMap.put(key, entry.getValue());
            }
        }
        return newTreeMap;
    }

    private static boolean isDefaultHeaderToSign(String str) {
        String lowerCase = str.trim().toLowerCase();
        return lowerCase.startsWith(Headers.YOP_PREFIX) || defaultHeadersToSign.contains(lowerCase);
    }

    static {
        defaultHeadersToSign.add("Host".toLowerCase());
        defaultHeadersToSign.add("Content-Length".toLowerCase());
        defaultHeadersToSign.add("Content-Type".toLowerCase());
        defaultHeadersToSign.add(Headers.CONTENT_MD5.toLowerCase());
    }
}
