package work.trons.library.weixinpay.core;

import java.io.InputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Comparator;
import java.util.List;
import work.trons.library.weixinpay.api.CommonApi;
import work.trons.library.weixinpay.beans.common.PlatformCertResponse;
import work.trons.library.weixinpay.utils.CollectionUtils;
import work.trons.library.weixinpay.utils.EncryptUtils;
import work.trons.library.weixinpay.utils.RSAUtils;
import work.trons.library.weixinpay.utils.StringUtils;

/* loaded from: input_file:work/trons/library/weixinpay/core/PaySetting.class */
public class PaySetting {
    private String signatureAlgorithm;
    private PrivateKey mchPrivateKey;
    private PublicKey mchPublicKey;
    private String mchId;
    private String mchSerialNo;
    private byte[] aesKey;
    private String platformSerialNo;
    private PublicKey platformPublicKey;

    /* loaded from: input_file:work/trons/library/weixinpay/core/PaySetting$Builder.class */
    public static class Builder {
        private PublicKey publicKey;
        private PrivateKey privateKey;
        private String serialNo;
        private InputStream certStream;
        private String mchId;
        private String aesKey;

        public Builder certificate(InputStream inputStream) {
            this.certStream = inputStream;
            return this;
        }

        public Builder mchId(String str) {
            this.mchId = str;
            return this;
        }

        public Builder aesKey(String str) {
            this.aesKey = str;
            return this;
        }

        public PaySetting build() {
            if (StringUtils.isBlank(this.mchId)) {
                throw new IllegalArgumentException("商户号不能为空");
            }
            if (this.certStream == null) {
                throw new IllegalArgumentException("证书不能为空");
            }
            if (StringUtils.isBlank(this.aesKey)) {
                throw new IllegalArgumentException("APIv3密钥不能为空");
            }
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(this.certStream, this.mchId.toCharArray());
            List list = CollectionUtils.toList(keyStore.aliases());
            if (CollectionUtils.isEmpty(list)) {
                throw new IllegalArgumentException("证书alias为空");
            }
            String str = (String) list.get(0);
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str);
            this.serialNo = x509Certificate.getSerialNumber().toString(16).toUpperCase();
            this.publicKey = x509Certificate.getPublicKey();
            this.privateKey = (PrivateKey) keyStore.getKey(str, this.mchId.toCharArray());
            return new PaySetting(this);
        }
    }

    private PaySetting() {
    }

    private PaySetting(Builder builder) {
        this.mchPublicKey = builder.publicKey;
        this.mchPrivateKey = builder.privateKey;
        this.mchId = builder.mchId;
        this.mchSerialNo = builder.serialNo;
        this.signatureAlgorithm = "SHA256withRSA";
        this.aesKey = builder.aesKey.getBytes();
        this.platformSerialNo = StringUtils.EMPTY;
        this.platformPublicKey = null;
        loadPlatformCert();
    }

    public static Builder newBuilder() {
        return new Builder();
    }

    private void loadPlatformCert() {
        List<PlatformCertResponse.PlatformCert> data = CommonApi.with(this).platformCert().getData();
        data.sort(Comparator.comparing((v0) -> {
            return v0.getExpireTime();
        }));
        PlatformCertResponse.PlatformCert platformCert = data.get(0);
        PlatformCertResponse.EncryptCertificate encryptCertificate = platformCert.getEncryptCertificate();
        Certificate loadCertificate = RSAUtils.loadCertificate(EncryptUtils.aesDecryptToString(this.aesKey, encryptCertificate.getAssociatedData().getBytes(), encryptCertificate.getNonce().getBytes(), encryptCertificate.getCiphertext()));
        this.platformSerialNo = platformCert.getSerialNo();
        this.platformPublicKey = loadCertificate.getPublicKey();
    }

    public String getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    public PrivateKey getMchPrivateKey() {
        return this.mchPrivateKey;
    }

    public PublicKey getMchPublicKey() {
        return this.mchPublicKey;
    }

    public String getMchId() {
        return this.mchId;
    }

    public String getMchSerialNo() {
        return this.mchSerialNo;
    }

    public byte[] getAesKey() {
        return this.aesKey;
    }

    public String getPlatformSerialNo() {
        return this.platformSerialNo;
    }

    public PublicKey getPlatformPublicKey() {
        return this.platformPublicKey;
    }
}
