package com.aote.pay.icbc.weinan;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:com/aote/pay/icbc/weinan/CertUtil.class */
public class CertUtil {
    private KeyStore keyStore = null;
    private X509Certificate validateCert = null;
    private KeyStore certKeyStore = null;
    private Map<String, String> attCertMap = new HashMap();
    SDKConfig config;

    public CertUtil(SDKConfig sDKConfig, String str) {
        this.config = sDKConfig;
        if (SDKUtil.isEmpty(str)) {
            initSignCert(sDKConfig);
        } else {
            initValidateCertFromDir(str);
        }
    }

    public void initSignCert(SDKConfig sDKConfig) {
        System.out.println("加载签名证书开始");
        if (null != this.keyStore) {
            this.keyStore = null;
        }
        this.keyStore = getKeyInfo(sDKConfig.getSignCertPath(), sDKConfig.getSignCertPwd(), sDKConfig.getSignCertType());
        System.out.println("[" + sDKConfig.getSignCertPath() + "][serialNumber=" + getSignCertId() + "]");
        System.out.println("加载签名证书结束");
    }

    public void initSignCert(String str, String str2) {
        System.out.println("加载证书文件[" + str + "]和证书密码[" + str2 + "]的签名证书开始.");
        if (!new File(str).exists()) {
            System.out.println("证书文件不存在,初始化签名证书失败.");
            return;
        }
        if (null != this.certKeyStore) {
            this.certKeyStore = null;
        }
        this.certKeyStore = getKeyInfo(str, str2, "PKCS12");
        System.out.println("加载证书文件[" + str + "]和证书密码[" + str2 + "]的签名证书结束.");
    }

    public X509Certificate initValidateCertFromDir(String str) {
        System.out.println("从目录中加载验证签名证书开始.");
        if (null == str || "".equals(str)) {
            System.out.println("验证签名证书路径配置为空.");
            return null;
        }
        FileInputStream fileInputStream = null;
        try {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                File file = new File(str);
                fileInputStream = new FileInputStream(file.getAbsolutePath());
                this.validateCert = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
                System.out.println("[" + file.getAbsolutePath() + "][serialNumber=" + this.validateCert.getSerialNumber().toString() + "]");
                System.out.println("从目录中加载验证签名证书结束.");
                this.attCertMap.put(str, this.validateCert.getSerialNumber().toString());
                X509Certificate x509Certificate = this.validateCert;
                if (null != fileInputStream) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                        LogUtil.writeErrorLog(e.toString());
                    }
                }
                return x509Certificate;
            } catch (Throwable th) {
                if (null != fileInputStream) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e2) {
                        LogUtil.writeErrorLog(e2.toString());
                    }
                }
                throw th;
            }
        } catch (FileNotFoundException e3) {
            LogUtil.writeErrorLog("验证签名证书加载失败,证书文件不存在", e3);
            if (null != fileInputStream) {
                try {
                    fileInputStream.close();
                } catch (IOException e4) {
                    LogUtil.writeErrorLog(e4.toString());
                }
            }
            return null;
        } catch (CertificateException e5) {
            LogUtil.writeErrorLog("验证签名证书加载失败", e5);
            if (null != fileInputStream) {
                try {
                    fileInputStream.close();
                } catch (IOException e6) {
                    LogUtil.writeErrorLog(e6.toString());
                }
            }
            return null;
        }
    }

    public PrivateKey getSignCertPrivateKey() {
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            String str = null;
            if (aliases.hasMoreElements()) {
                str = aliases.nextElement();
            }
            return (PrivateKey) this.keyStore.getKey(str, this.config.getSignCertPwd().toCharArray());
        } catch (Exception e) {
            LogUtil.writeErrorLog("获取签名证书的私钥失败", e);
            return null;
        }
    }

    public PrivateKey getSignCertPrivateKey(String str, String str2) {
        initSignCert(str, str2);
        try {
            Enumeration<String> aliases = this.certKeyStore.aliases();
            String str3 = null;
            if (aliases.hasMoreElements()) {
                str3 = aliases.nextElement();
            }
            return (PrivateKey) this.certKeyStore.getKey(str3, str2.toCharArray());
        } catch (Exception e) {
            LogUtil.writeErrorLog("获取[" + str + "]的签名证书的私钥失败", e);
            return null;
        }
    }

    public PublicKey getValidateKey() {
        try {
            if (null == this.validateCert) {
                return null;
            }
            return this.validateCert.getPublicKey();
        } catch (Exception e) {
            LogUtil.writeErrorLog("获取验证签名证书失败", e);
            return null;
        }
    }

    public PublicKey getValidateKey(String str) {
        return initValidateCertFromDir(str).getPublicKey();
    }

    public String getSignCertId() {
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            String str = null;
            if (aliases.hasMoreElements()) {
                str = aliases.nextElement();
            }
            return ((X509Certificate) this.keyStore.getCertificate(str)).getSerialNumber().toString();
        } catch (Exception e) {
            LogUtil.writeErrorLog("获取签名证书的序列号失败", e);
            if (null != this.keyStore) {
                return "";
            }
            LogUtil.writeErrorLog("keyStore实例化失败,当前为NULL");
            return "";
        }
    }

    public String getAttestionCertId(String str) {
        return this.attCertMap.get(str);
    }

    public PublicKey getSignPublicKey() {
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            String str = null;
            if (aliases.hasMoreElements()) {
                str = aliases.nextElement();
            }
            return this.keyStore.getCertificate(str).getPublicKey();
        } catch (Exception e) {
            LogUtil.writeErrorLog(e.toString());
            return null;
        }
    }

    public KeyStore getKeyInfo(String str, String str2, String str3) {
        try {
            System.out.println("KeyStore Loading Start...");
            KeyStore keyStore = null;
            if ("JKS".equals(str3)) {
                keyStore = KeyStore.getInstance(str3);
            } else if ("PKCS12".equals(str3)) {
                Security.addProvider(new BouncyCastleProvider());
                keyStore = KeyStore.getInstance(str3);
            }
            System.out.println("传入的私钥证书路径为=>[" + str + "],密码=[" + str2 + "]");
            FileInputStream fileInputStream = new FileInputStream(str);
            char[] charArray = (null == str2 || "".equals(str2.trim())) ? null : str2.toCharArray();
            if (null != keyStore) {
                keyStore.load(fileInputStream, charArray);
            }
            fileInputStream.close();
            System.out.println("KeyStore Loading End...");
            return keyStore;
        } catch (Exception e) {
            if (Security.getProvider("BC") == null) {
                System.out.println("BC Provider not installed.");
            }
            LogUtil.writeErrorLog("读取私钥证书失败", e);
            if (!(e instanceof KeyStoreException) || !"PKCS12".equals(str3)) {
                return null;
            }
            Security.removeProvider("BC");
            return null;
        }
    }

    public String getCertIdByCertPath(String str, String str2, String str3) {
        KeyStore keyInfo = getKeyInfo(str, str2, str3);
        if (null == keyInfo) {
            return "";
        }
        try {
            Enumeration<String> aliases = keyInfo.aliases();
            String str4 = null;
            if (aliases.hasMoreElements()) {
                str4 = aliases.nextElement();
            }
            return ((X509Certificate) keyInfo.getCertificate(str4)).getSerialNumber().toString();
        } catch (Exception e) {
            LogUtil.writeErrorLog("获取签名证书的序列号失败", e);
            return "";
        }
    }
}
