package com.yeepay.g3.frame.yop.ca.secure;

import com.yeepay.g3.facade.yop.ca.exceptions.DecryptFailedException;
import com.yeepay.g3.facade.yop.ca.exceptions.EncryptFailedException;
import com.yeepay.g3.facade.yop.ca.exceptions.SecretKeyNotFoundException;
import com.yeepay.g3.facade.yop.ca.exceptions.SignFailedException;
import com.yeepay.g3.facade.yop.ca.exceptions.UnsupportedOperationException;
import com.yeepay.g3.facade.yop.ca.exceptions.VerifySignFailedException;
import com.yeepay.g3.frame.yop.ca.utils.Digests;
import com.yeepay.g3.sdk.yop.client.YopConstants;
import com.yeepay.g3.utils.common.CheckUtils;
import com.yeepay.g3.utils.common.encrypt.AES;
import com.yeepay.g3.utils.common.log.Logger;
import com.yeepay.g3.utils.common.log.LoggerFactory;
import java.util.ArrayList;
import java.util.List;

/* loaded from: input_file:com/yeepay/g3/frame/yop/ca/secure/SecureEnvelopeUtils.class */
public class SecureEnvelopeUtils {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SecureEnvelopeUtils.class);

    public static CipherEnvelopeDTO signAndEncrypt(PlainEnvelopeDTO plainEnvelopeDTO, String str) {
        preparePlainRequest(plainEnvelopeDTO);
        plainEnvelopeDTO.getAppKey();
        boolean booleanValue = plainEnvelopeDTO.getDoSignature().booleanValue();
        boolean booleanValue2 = plainEnvelopeDTO.getDoEncryption().booleanValue();
        String signatureAlg = plainEnvelopeDTO.getSignatureAlg();
        CipherEnvelopeDTO cipherEnvelopeDTO = new CipherEnvelopeDTO();
        cipherEnvelopeDTO.setDoEncryption(Boolean.valueOf(booleanValue2));
        cipherEnvelopeDTO.setDoSignature(Boolean.valueOf(booleanValue));
        cipherEnvelopeDTO.setEncryptionAlg(plainEnvelopeDTO.getEncryptionAlg());
        cipherEnvelopeDTO.setSignatureAlg(plainEnvelopeDTO.getSignatureAlg());
        cipherEnvelopeDTO.setAppKey(plainEnvelopeDTO.getAppKey());
        String plainText = plainEnvelopeDTO.getPlainText();
        if (plainEnvelopeDTO.getDoSignature().booleanValue()) {
            try {
                cipherEnvelopeDTO.setSignature(Digests.digest2Hex(str + plainText + str, signatureAlg));
            } catch (Exception e) {
                throw new SignFailedException("sign failed with exception", e, new Object[0]);
            }
        } else {
            cipherEnvelopeDTO.setSignature(null);
        }
        if (plainEnvelopeDTO.getDoEncryption().booleanValue()) {
            try {
                cipherEnvelopeDTO.setEncryption(AES.encryptWithKeyBase64(plainText, str));
            } catch (Exception e2) {
                throw new EncryptFailedException("encrypt failed with exception", e2);
            }
        } else {
            cipherEnvelopeDTO.setEncryption(plainEnvelopeDTO.getPlainText());
        }
        return cipherEnvelopeDTO;
    }

    public static PlainEnvelopeDTO validateAndDecrypt(CipherEnvelopeDTO cipherEnvelopeDTO, List<String> list) throws UnsupportedOperationException, SecretKeyNotFoundException, DecryptFailedException, VerifySignFailedException {
        List<String> list2;
        prepareCipherRequest(cipherEnvelopeDTO);
        PlainEnvelopeDTO plainEnvelopeDTO = new PlainEnvelopeDTO();
        plainEnvelopeDTO.setAppKey(cipherEnvelopeDTO.getAppKey());
        plainEnvelopeDTO.setDoEncryption(cipherEnvelopeDTO.getDoEncryption());
        plainEnvelopeDTO.setDoSignature(cipherEnvelopeDTO.getDoSignature());
        plainEnvelopeDTO.setEncryptionAlg(cipherEnvelopeDTO.getEncryptionAlg());
        plainEnvelopeDTO.setSignatureAlg(cipherEnvelopeDTO.getSignatureAlg());
        boolean z = false;
        if (cipherEnvelopeDTO.getDoEncryption().booleanValue()) {
            for (String str : list) {
                try {
                    plainEnvelopeDTO.setPlainText(AES.decryptWithKeyBase64(cipherEnvelopeDTO.getEncryption(), str));
                    z = true;
                    plainEnvelopeDTO.setMatchedCert(str);
                    break;
                } catch (Exception e) {
                    LOGGER.error("error decrypt cipherText with cert:{}", str);
                }
            }
        } else {
            z = true;
            plainEnvelopeDTO.setPlainText(cipherEnvelopeDTO.getEncryption());
        }
        if (!z) {
            throw new DecryptFailedException("decrypt failed with all certs");
        }
        if (!cipherEnvelopeDTO.getDoSignature().booleanValue()) {
            return plainEnvelopeDTO;
        }
        if (plainEnvelopeDTO.getMatchedCert() != null) {
            list2 = new ArrayList();
            list2.add(plainEnvelopeDTO.getMatchedCert());
        } else {
            list2 = list;
        }
        for (String str2 : list2) {
            try {
            } catch (Exception e2) {
                LOGGER.error("error digest plainText with cert:{}", str2);
            }
            if (Digests.digest2Hex(str2 + plainEnvelopeDTO.getPlainText() + str2, plainEnvelopeDTO.getSignatureAlg()).equals(cipherEnvelopeDTO.getSignature())) {
                plainEnvelopeDTO.setMatchedCert(str2);
                return plainEnvelopeDTO;
            }
            continue;
        }
        throw new VerifySignFailedException("verify signature failed with all certs", new Object[0]);
    }

    private static void preparePlainRequest(PlainEnvelopeDTO plainEnvelopeDTO) {
        CheckUtils.notNull(plainEnvelopeDTO, "PlainEnvelopeDTO");
        CheckUtils.notNull(plainEnvelopeDTO.getAppKey(), YopConstants.APP_KEY);
        CheckUtils.notNull(plainEnvelopeDTO.getPlainText(), "plainText");
        if (plainEnvelopeDTO.getMatchedCert() != null) {
            throw new UnsupportedOperationException("matched cert is not allowed when request!", new Object[0]);
        }
        if (plainEnvelopeDTO.getDoEncryption() == null) {
            plainEnvelopeDTO.setDoEncryption(true);
        }
        if (plainEnvelopeDTO.getDoSignature() == null) {
            plainEnvelopeDTO.setDoSignature(true);
        }
        if (!plainEnvelopeDTO.getDoEncryption().booleanValue() && !plainEnvelopeDTO.getDoSignature().booleanValue()) {
            throw new UnsupportedOperationException("doEncryption and doSignature，at least one should be true!", new Object[0]);
        }
        String encryptionAlg = plainEnvelopeDTO.getEncryptionAlg();
        if (encryptionAlg != null && !encryptionAlg.equalsIgnoreCase("AES")) {
            throw new UnsupportedOperationException("only aes is supported currently!", new Object[0]);
        }
        if (encryptionAlg == null) {
            plainEnvelopeDTO.setEncryptionAlg("AES");
        }
        if (plainEnvelopeDTO.getSignatureAlg() == null) {
            plainEnvelopeDTO.setSignatureAlg("SHA-256");
        }
    }

    private static void prepareCipherRequest(CipherEnvelopeDTO cipherEnvelopeDTO) {
        CheckUtils.notNull(cipherEnvelopeDTO, "CipherEnvelopeDTO");
        CheckUtils.notNull(cipherEnvelopeDTO.getDoEncryption(), "doEncryption");
        CheckUtils.notNull(cipherEnvelopeDTO.getDoSignature(), "doSignature");
        CheckUtils.notEmpty(cipherEnvelopeDTO.getEncryption(), "encryption");
        CheckUtils.notNull(cipherEnvelopeDTO.getEncryptionAlg(), "encryptionAlg");
        CheckUtils.notNull(cipherEnvelopeDTO.getSignatureAlg(), "signatureAlg");
        if (cipherEnvelopeDTO.getDoSignature().booleanValue()) {
            CheckUtils.notEmpty(cipherEnvelopeDTO.getSignature(), "signature");
        }
        if (!cipherEnvelopeDTO.getDoEncryption().booleanValue() && !cipherEnvelopeDTO.getDoSignature().booleanValue()) {
            throw new UnsupportedOperationException("doEncryption and doSignature，at least one should be true!", new Object[0]);
        }
        String encryptionAlg = cipherEnvelopeDTO.getEncryptionAlg();
        if (encryptionAlg != null && !encryptionAlg.equalsIgnoreCase("AES")) {
            throw new UnsupportedOperationException("only aes is supported currently!", new Object[0]);
        }
    }
}
