package com.huawei.trip.sdk.auth;

import com.google.common.io.ByteStreams;
import com.huawei.trip.sdk.SdkUtil;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.message.AuthException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: input_file:com/huawei/trip/sdk/auth/CipherUtil.class */
public class CipherUtil {
    private static final String AES_GCM_NO_PADDING = "AES/GCM/NoPadding";
    private static final int GCM_TAG_LENGTH = 16;
    private static final int GCM_IV_LENGTH = 12;
    private static final char IV_SEP = ':';

    public static boolean verify(String str, String str2, PublicKey publicKey) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA/PSS");
            signature.initVerify(publicKey);
            signature.update(str.getBytes(StandardCharsets.UTF_8));
            return signature.verify(Hex.decode(str2));
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            SdkUtil.logError("verify signature fail", e);
            return false;
        }
    }

    public static String sign(String str, PrivateKey privateKey) throws AuthException {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA/PSS");
            signature.initSign(privateKey);
            signature.update(str.getBytes(StandardCharsets.UTF_8));
            return Hex.toHexString(signature.sign());
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            SdkUtil.logError("signature fail", e);
            throw new AuthException("sign fail");
        }
    }

    public static String decrypt(String str, String str2) throws AuthException {
        int indexOf = str.indexOf(IV_SEP);
        byte[] decode = Hex.decode(str.substring(0, indexOf));
        byte[] decode2 = Hex.decode(str.substring(indexOf + 1));
        SecretKeySpec secretKeySpec = new SecretKeySpec(str2.getBytes(StandardCharsets.UTF_8), "AES");
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, decode);
        try {
            Cipher cipher = Cipher.getInstance(AES_GCM_NO_PADDING);
            cipher.init(2, secretKeySpec, gCMParameterSpec);
            return new String(cipher.doFinal(decode2, 0, decode2.length), StandardCharsets.UTF_8);
        } catch (Exception e) {
            SdkUtil.logError("decrypt fail", e);
            throw new AuthException("decrypt body fail");
        }
    }

    public static String encrypt(String str, String str2) throws AuthException {
        byte[] bArr = new byte[GCM_IV_LENGTH];
        new SecureRandom().nextBytes(bArr);
        SecretKeySpec secretKeySpec = new SecretKeySpec(str2.getBytes(StandardCharsets.UTF_8), "AES");
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, bArr);
        try {
            Cipher cipher = Cipher.getInstance(AES_GCM_NO_PADDING);
            cipher.init(1, secretKeySpec, gCMParameterSpec);
            return Hex.toHexString(bArr) + ':' + Hex.toHexString(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8)));
        } catch (Exception e) {
            SdkUtil.logError("encrypt fail", e);
            throw new AuthException("encrypt fail");
        }
    }

    public static X509Certificate loadCER(InputStream inputStream) throws Exception {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
    }

    public static PrivateKey loadPrivateKey(InputStream inputStream, String str, String str2) throws Exception {
        if (str.equals("pem")) {
            return loadPem(inputStream, str2);
        }
        if (!str.equals("der")) {
            throw new IllegalArgumentException("invalid private type " + str);
        }
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(ByteStreams.toByteArray(inputStream)));
    }

    private static PrivateKey loadPem(InputStream inputStream, String str) throws Exception {
        Object readObject = new PEMParser(new InputStreamReader(inputStream, StandardCharsets.UTF_8)).readObject();
        JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider("BC");
        return readObject instanceof PEMEncryptedKeyPair ? provider.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(str.toCharArray()))).getPrivate() : readObject instanceof PKCS8EncryptedPrivateKeyInfo ? provider.getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) readObject).decryptPrivateKeyInfo(new JcePKCSPBEInputDecryptorProviderBuilder().setProvider("BC").build(str.toCharArray()))) : provider.getKeyPair((PEMKeyPair) readObject).getPrivate();
    }

    public static KeyPair loadKeyStore(InputStream inputStream, String str, String str2, String str3, String str4) {
        String defaultType;
        if (str2 == null) {
            try {
                defaultType = KeyStore.getDefaultType();
            } catch (Exception e) {
                SdkUtil.logError(e.getMessage(), e);
                throw new IllegalStateException(e.getMessage());
            }
        } else {
            defaultType = str2;
        }
        KeyStore keyStore = KeyStore.getInstance(defaultType);
        keyStore.load(inputStream, str3.toCharArray());
        return new KeyPair(keyStore.getCertificate(str).getPublicKey(), (PrivateKey) keyStore.getKey(str, str4.toCharArray()));
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
