package com.nbopen.callback;

import com.alibaba.fastjson.JSONObject;
import com.nbopen.sdk.aes.exception.SDKException;
import com.nbopen.sdk.aes.exception.SDKExceptionEnums;
import com.nbopen.sdk.aes.param.ApiConfigBean;
import com.nbopen.sdk.aes.param.Constants;
import com.nbopen.sdk.aes.utils.JsonUtils;
import com.nbopen.sdk.gm.SM2Utils;
import com.nbopen.sdk.gm.SM3Utils;
import com.nbopen.sdk.gm.Utils;
import com.nbopen.sdk.gm.gmnew.SM4Utils;
import com.nbopen.system.logging.LoggerManager;
import java.nio.charset.StandardCharsets;
import javax.crypto.spec.SecretKeySpec;
import nbcb.cfca.sadk.algorithm.common.Mechanism;
import nbcb.cfca.sadk.algorithm.common.PKIException;
import nbcb.cfca.sadk.lib.crypto.JCrypto;
import nbcb.cfca.sadk.lib.crypto.Session;
import nbcb.cfca.sadk.util.EncryptUtil;
import nbcb.cfca.sadk.util.HashUtil;

/* loaded from: input_file:sdklib/open-basic-1.7.9.1.jar:com/nbopen/callback/CommonSecurityServiceMerchant.class */
public class CommonSecurityServiceMerchant {
    static Session session;

    public static String encryService(ApiConfigBean apiConfigBean, String str, byte[] bArr) throws SDKException {
        try {
            StringBuilder sb = new StringBuilder("{");
            JsonUtils.appendField(sb, Constants.SCRT_TRAN_MESSAGE_SGN_NAME, Utils.CFCAEncryptByBASE64(EncryptUtil.encrypt(new Mechanism(Mechanism.SM4_ECB), new SecretKeySpec(bArr, "SM4"), HashUtil.SM3HashDataWithoutZValue(str.getBytes("UTF-8"), session), session)), true);
            JsonUtils.appendField(sb, Constants.SCRT_TRAN_MESSAGE_DATA_NAME, Utils.CFCAEncryptByBASE64(EncryptUtil.encrypt(new Mechanism(Mechanism.SM4_ECB), new SecretKeySpec(bArr, "SM4"), str.getBytes("UTF-8"), session)), true);
            JsonUtils.appendField(sb, Constants.SCRT_TRAN_MESSAGE_KEY_NAME, Utils.encryptByBASE64(EncryptUtil.encrypt(new Mechanism("SM2"), apiConfigBean.getKeyStoreFactory().getOpenPublicKey(), bArr, session)), false);
            return sb.toString();
        } catch (Exception e) {
            throw new SDKException(e.getMessage());
        }
    }

    public static String decryService(ApiConfigBean apiConfigBean, String str) throws Exception {
        JSONObject jSONObjectWithData = JsonUtils.getJSONObjectWithData(str);
        String string = jSONObjectWithData.getString(Constants.SCRT_TRAN_MESSAGE_DATA_NAME);
        String string2 = jSONObjectWithData.getString(Constants.SCRT_TRAN_MESSAGE_SGN_NAME);
        try {
            byte[] decrypt = EncryptUtil.decrypt(new Mechanism("SM2"), apiConfigBean.getKeyStoreFactory().getmerchantPrivatekey(), Utils.CFCADecryptByBASE64(jSONObjectWithData.getString(Constants.SCRT_TRAN_MESSAGE_KEY_NAME)), session);
            byte[] decrypt2 = EncryptUtil.decrypt(new Mechanism(Mechanism.SM4_ECB), new SecretKeySpec(decrypt, "SM4"), Utils.CFCADecryptByBASE64(string), session);
            if (Utils.CFCAEncryptByBASE64(EncryptUtil.encrypt(new Mechanism(Mechanism.SM4_ECB), new SecretKeySpec(decrypt, "SM4"), HashUtil.SM3HashDataWithoutZValue(decrypt2, session), session)).equals(string2)) {
                return new String(decrypt2, "UTF-8");
            }
            throw new Exception("签名比对失败!");
        } catch (Exception e) {
            LoggerManager.nbsdkLogger.error("解密失败", (Throwable) e);
            throw new SDKException(SDKExceptionEnums.DECRY_ERROR);
        }
    }

    public static String decryServiceWithStr(ApiConfigBean apiConfigBean, byte[] bArr) throws Exception {
        return decryStringWithStr(apiConfigBean, new String(bArr, "UTF-8"));
    }

    public static String decryStringWithStr(ApiConfigBean apiConfigBean, String str) throws SDKException {
        LoggerManager.nbsdkLogger.debug("解密验签开始！");
        JSONObject jSONObjectWithData = JsonUtils.getJSONObjectWithData(str);
        String string = jSONObjectWithData.getString(Constants.SCRT_TRAN_MESSAGE_DATA_NAME);
        String string2 = jSONObjectWithData.getString(Constants.SCRT_TRAN_MESSAGE_SGN_NAME);
        try {
            byte[] decrypt = SM2Utils.decrypt(Utils.decryptByBASE64(jSONObjectWithData.getString(Constants.SCRT_TRAN_MESSAGE_KEY_NAME)), apiConfigBean.getKeyStoreFactory().getmerchantPrivatekey());
            byte[] decryptData_ECB = SM4Utils.decryptData_ECB(decrypt, Utils.decryptByBASE64(string));
            String str2 = new String(decryptData_ECB, StandardCharsets.UTF_8);
            if (Utils.encryptByBASE64(SM4Utils.encryptData_ECB(decrypt, SM3Utils.hash(decryptData_ECB))).equals(string2)) {
                LoggerManager.nbsdkLogger.debug("解密验签结束！");
                return str2;
            }
            LoggerManager.nbsdkLogger.debug("验签失败！");
            throw new SDKException(SDKExceptionEnums.CHERSA_ERROR);
        } catch (Exception e) {
            LoggerManager.nbsdkLogger.error("解密失败", (Throwable) e);
            throw new SDKException(SDKExceptionEnums.DECRY_ERROR);
        }
    }

    public static byte[] encryServiceWithStr(ApiConfigBean apiConfigBean, String str, byte[] bArr) throws SDKException {
        LoggerManager.nbsdkLogger.debug("加密加签开始！");
        try {
            return encryStringWithStr(apiConfigBean, str.getBytes("UTF-8"), bArr).toString().getBytes("UTF-8");
        } catch (Exception e) {
            LoggerManager.nbsdkLogger.error("执行安全策略异常", (Throwable) e);
            throw new SDKException(SDKExceptionEnums.SECURITY_ERROR);
        }
    }

    public static String encryStringWithStr(ApiConfigBean apiConfigBean, byte[] bArr, byte[] bArr2) {
        StringBuilder sb = new StringBuilder("{");
        byte[] bArr3 = new byte[0];
        try {
            JsonUtils.appendField(sb, Constants.SCRT_TRAN_MESSAGE_SGN_NAME, Utils.encryptByBASE64(SM4Utils.encryptData_ECB(bArr2, SM3Utils.hash(bArr))), true);
            JsonUtils.appendField(sb, Constants.SCRT_TRAN_MESSAGE_DATA_NAME, Utils.encryptByBASE64(SM4Utils.encryptData_ECB(bArr2, bArr)), true);
            JsonUtils.appendField(sb, Constants.SCRT_TRAN_MESSAGE_KEY_NAME, Utils.encryptByBASE64(SM2Utils.encrypt(bArr2, apiConfigBean.getKeyStoreFactory().getOpenPublicKey())), false);
            LoggerManager.nbsdkLogger.debug("加密加签结束！");
        } catch (Exception e) {
            e.printStackTrace();
            LoggerManager.nbsdkLogger.error("加密加签失败！");
        }
        return sb.toString();
    }

    static {
        session = null;
        try {
            JCrypto.getInstance().initialize(JCrypto.JSOFT_LIB, null);
            session = JCrypto.getInstance().openSession(JCrypto.JSOFT_LIB);
        } catch (PKIException e) {
            LoggerManager.nbsdkLogger.error("generate cfca session exception:" + e);
        }
    }
}
