package com.aote.ccb_ronglian;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import org.apache.commons.lang.StringUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/aote/ccb_ronglian/JsptCertInit.class */
public class JsptCertInit {
    private static final String ENCRYPTCERT = "D:\\jspt_payconf\\cert\\mch10001.p12";
    private static final String SIGNCERTPATH = "D:\\jspt_payconf\\cert\\jspt.cer";
    private static final String PWD = "mch10001";
    protected static Logger logger = LoggerFactory.getLogger(JsptCertInit.class);
    private static KeyStore keyStore = null;
    private static X509Certificate encryptCert = null;

    public static void init() {
        addProvider();
        initSignCert();
        initEncryptCert();
    }

    private static void addProvider() {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
            logger.info("add BC provider");
        } else {
            Security.removeProvider("BC");
            Security.addProvider(new BouncyCastleProvider());
            logger.info("re-add BC provider");
        }
    }

    public static void initSignCert() {
        try {
            keyStore = getKeyInfo(ENCRYPTCERT, PWD, "PKCS12");
            logger.info("InitSignCert Successful. CertId=[" + getSignCertId() + "]");
        } catch (IOException e) {
            logger.error("InitSignCert Error", e);
        }
    }

    public static KeyStore getKeyInfo(String str, String str2, String str3) throws IOException {
        logger.info("加载签名证书==>" + str);
        FileInputStream fileInputStream = null;
        try {
            try {
                KeyStore keyStore2 = KeyStore.getInstance(str3, "BC");
                logger.info("Load RSA CertPath=[" + str + "],Pwd=[" + str2 + "],type=[" + str3 + "]");
                fileInputStream = new FileInputStream(str);
                keyStore2.load(fileInputStream, (null == str2 || "".equals(str2.trim())) ? null : str2.toCharArray());
                if (null != fileInputStream) {
                    fileInputStream.close();
                }
                return keyStore2;
            } catch (Exception e) {
                if (Security.getProvider("BC") == null) {
                    logger.info("BC Provider not installed.");
                }
                logger.error("getKeyInfo Error", e);
                if ((e instanceof KeyStoreException) && "PKCS12".equals(str3)) {
                    Security.removeProvider("BC");
                }
                if (null != fileInputStream) {
                    fileInputStream.close();
                }
                return null;
            }
        } catch (Throwable th) {
            if (null != fileInputStream) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    public static String getSignCertId() {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            String str = null;
            if (aliases.hasMoreElements()) {
                str = aliases.nextElement();
            }
            return ((X509Certificate) keyStore.getCertificate(str)).getSerialNumber().toString();
        } catch (Exception e) {
            logger.error("getSignCertId Error", e);
            return null;
        }
    }

    private static void initEncryptCert() {
        logger.info("加载敏感信息加密证书==>D:\\jspt_payconf\\cert\\jspt.cer");
        if (StringUtils.isEmpty(SIGNCERTPATH)) {
            logger.info("WARN: acpsdk.encryptCert.path is empty");
        } else {
            encryptCert = initCert(SIGNCERTPATH);
            logger.info("LoadEncryptCert Successful");
        }
    }

    private static X509Certificate initCert(String str) {
        X509Certificate x509Certificate = null;
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    try {
                        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
                        fileInputStream = new FileInputStream(str);
                        x509Certificate = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
                        logger.info("[" + str + "][CertId=" + x509Certificate.getSerialNumber().toString() + "]");
                        if (null != fileInputStream) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e) {
                                logger.error(e.toString());
                            }
                        }
                    } catch (Throwable th) {
                        if (null != fileInputStream) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e2) {
                                logger.error(e2.toString());
                            }
                        }
                        throw th;
                    }
                } catch (CertificateException e3) {
                    logger.error("InitCert Error", e3);
                    if (null != fileInputStream) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e4) {
                            logger.error(e4.toString());
                        }
                    }
                }
            } catch (NoSuchProviderException e5) {
                logger.error("LoadVerifyCert Error No BC Provider", e5);
                if (null != fileInputStream) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e6) {
                        logger.error(e6.toString());
                    }
                }
            }
        } catch (FileNotFoundException e7) {
            logger.error("InitCert Error File Not Found", e7);
            if (null != fileInputStream) {
                try {
                    fileInputStream.close();
                } catch (IOException e8) {
                    logger.error(e8.toString());
                }
            }
        }
        return x509Certificate;
    }

    public static PublicKey getEncryptCertPublicKey() {
        if (null != encryptCert) {
            return encryptCert.getPublicKey();
        }
        if (StringUtils.isEmpty(SIGNCERTPATH)) {
            logger.info("ERROR: acpsdk.encryptCert.path is empty");
            return null;
        }
        encryptCert = initCert(SIGNCERTPATH);
        return encryptCert.getPublicKey();
    }

    public static PrivateKey getSignCertPrivateKey() {
        try {
            if (keyStore == null) {
                initSignCert();
            }
            Enumeration<String> aliases = keyStore.aliases();
            String str = null;
            if (aliases.hasMoreElements()) {
                str = aliases.nextElement();
            }
            return (PrivateKey) keyStore.getKey(str, PWD.toCharArray());
        } catch (KeyStoreException e) {
            logger.error("getSignCertPrivateKey Error", e);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            logger.error("getSignCertPrivateKey Error", e2);
            return null;
        } catch (UnrecoverableKeyException e3) {
            logger.error("getSignCertPrivateKey Error", e3);
            return null;
        }
    }

    static {
        init();
    }
}
