package com.yeepay.yop.sdk.utils;

import com.google.common.collect.ImmutableMap;
import com.yeepay.yop.sdk.YopConstants;
import com.yeepay.yop.sdk.auth.credentials.CredentialsItem;
import com.yeepay.yop.sdk.auth.credentials.PKICredentialsItem;
import com.yeepay.yop.sdk.auth.credentials.YopPlatformCredentials;
import com.yeepay.yop.sdk.auth.credentials.provider.YopCredentialsProviderRegistry;
import com.yeepay.yop.sdk.auth.credentials.provider.YopPlatformCredentialsProviderRegistry;
import com.yeepay.yop.sdk.auth.signer.process.YopSignProcessor;
import com.yeepay.yop.sdk.base.auth.signer.process.YopSignProcessorFactory;
import com.yeepay.yop.sdk.exception.YopClientException;
import com.yeepay.yop.sdk.security.CertTypeEnum;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/yeepay/yop/sdk/utils/YopSignUtils.class */
public class YopSignUtils {
    private static final String SPLIT_CHAR = "$";
    private static Map<String, CertTypeEnum> digestAlgANdCertTypeMap = new ImmutableMap.Builder().put("SHA256", CertTypeEnum.RSA2048).put("SM3", CertTypeEnum.SM2).build();

    public static void verify(String str, String str2, String str3) {
        verify(str, str2, str3, null);
    }

    public static void verify(String str, String str2, String str3, String str4) {
        verify(str, str2, str3, str4, "", "");
    }

    public static void verify(String str, String str2, String str3, String str4, String str5) {
        verify(str, str2, str3, "", str4, str5);
    }

    public static void verify(String str, String str2, String str3, String str4, String str5, String str6) {
        validSignature(str2);
        String[] split = StringUtils.split(str2, SPLIT_CHAR);
        YopPlatformCredentials credentials = YopPlatformCredentialsProviderRegistry.getProvider().getCredentials(str5, str6, str3, split.length == 4 ? split[3] : CertTypeEnum.SM2.equals(digestAlgANdCertTypeMap.get(split[1])) ? YopConstants.YOP_SM_PLATFORM_CERT_DEFAULT_SERIAL_NO : YopConstants.YOP_RSA_PLATFORM_CERT_DEFAULT_SERIAL_NO, str4);
        if (null == credentials) {
            throw new YopClientException("can not load platform cert");
        }
        verify(str, str2, (CredentialsItem) credentials.getCredential());
    }

    public static void verify(String str, String str2, PublicKey publicKey) {
        validSignature(str2);
        verify(str, str2, (CredentialsItem) new PKICredentialsItem(publicKey, digestAlgANdCertTypeMap.get(str2.split("\\$")[1])));
    }

    public static void verify(String str, String str2, CredentialsItem credentialsItem) {
        validSignature(str2);
        YopSignProcessor signProcessor = YopSignProcessorFactory.getSignProcessor(credentialsItem.getCertType().name());
        if (null == signProcessor) {
            throw new YopClientException("unsupported certType");
        }
        if (!signProcessor.verify(str, str2.split("\\$")[0], credentialsItem)) {
            throw new YopClientException("verify fail!");
        }
    }

    public static String sign(String str, String str2, String str3) {
        return sign(str, str2, str3, "", "");
    }

    public static String sign(String str, String str2, String str3, String str4, String str5) {
        return sign(str, str2, YopCredentialsProviderRegistry.getProvider().getCredentials(str4, str5, str3, str2).getCredential().getPrivateKey());
    }

    public static String sign(String str, String str2, PrivateKey privateKey) {
        YopSignProcessor signProcessor = YopSignProcessorFactory.getSignProcessor(str2);
        if (null == signProcessor) {
            throw new YopClientException("unsupported certType");
        }
        return signProcessor.sign(str, new PKICredentialsItem(privateKey, CertTypeEnum.parse(str2))) + SPLIT_CHAR + signProcessor.getDigestAlg();
    }

    private static void validSignature(String str) {
        String[] split = str.split("\\$");
        if (split.length != 2 && split.length != 4) {
            throw new YopClientException("illegal signature");
        }
        if (digestAlgANdCertTypeMap.get(split[1]) == null) {
            throw new YopClientException("illegal signature");
        }
    }
}
