package com.unionpay.mpi;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FilenameFilter;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:com/unionpay/mpi/CertUtil.class */
public class CertUtil {
    private static KeyStore keyStore = null;
    private static X509Certificate encryptCert = null;
    private static X509Certificate validateCert = null;
    private static Map<String, X509Certificate> certMap = new HashMap();
    private static KeyStore certKeyStore = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/unionpay/mpi/CertUtil$CerFilter.class */
    public static class CerFilter implements FilenameFilter {
        CerFilter() {
        }

        public boolean isCer(String str) {
            return str.toLowerCase().endsWith(".cer");
        }

        @Override // java.io.FilenameFilter
        public boolean accept(File file, String str) {
            return isCer(str);
        }
    }

    public static void init() {
        initSignCert();
        initEncryptCert();
        initValidateCertFromDir();
    }

    public static void initSignCert() {
        LogUtil.writeLog("加载签名证书开始");
        if (null != keyStore) {
            keyStore = null;
        }
        keyStore = getKeyInfo(MpiConfig.getConfig().getSignCertPath(), MpiConfig.getConfig().getSignCertPwd(), MpiConfig.getConfig().getSignCertType());
        LogUtil.writeLog("[" + MpiConfig.getConfig().getSignCertPath() + "][serialNumber=" + getSignCertId() + "]");
        LogUtil.writeLog("加载签名证书结束");
    }

    public static void initSignCert(String str, String str2) {
        LogUtil.writeLog("加载证书文件[" + str + "]和证书密码[" + str2 + "]的签名证书开始.");
        if (!new File(str).exists()) {
            LogUtil.writeLog("证书文件不存在,初始化签名证书失败.");
            return;
        }
        if (null != certKeyStore) {
            certKeyStore = null;
        }
        certKeyStore = getKeyInfo(str, str2, "PKCS12");
        LogUtil.writeLog("加载证书文件[" + str + "]和证书密码[" + str2 + "]的签名证书结束.");
    }

    public static void initEncryptCert() {
        LogUtil.writeLog("加载密码加密证书开始");
        String encryptCertPath = MpiConfig.getConfig().getEncryptCertPath();
        if (null == encryptCertPath || MpiConstants.BLANK.equals(encryptCertPath)) {
            LogUtil.writeLog("加载密码加密证书路径是空");
            return;
        }
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    fileInputStream = new FileInputStream(MpiConfig.getConfig().getEncryptCertPath());
                    encryptCert = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
                    LogUtil.writeLog("[" + MpiConfig.getConfig().getEncryptCertPath() + "][serialNumber=" + getEncryptCertId() + "]");
                    if (null != fileInputStream) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e) {
                            LogUtil.writeErrorLog(e.toString());
                        }
                    }
                } catch (Throwable th) {
                    if (null != fileInputStream) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e2) {
                            LogUtil.writeErrorLog(e2.toString());
                        }
                    }
                    throw th;
                }
            } catch (FileNotFoundException e3) {
                LogUtil.writeErrorLog("证书加载失败,文件不存在", e3);
                if (null != fileInputStream) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e4) {
                        LogUtil.writeErrorLog(e4.toString());
                    }
                }
            }
        } catch (CertificateException e5) {
            LogUtil.writeErrorLog("证书加载失败", e5);
            if (null != fileInputStream) {
                try {
                    fileInputStream.close();
                } catch (IOException e6) {
                    LogUtil.writeErrorLog(e6.toString());
                }
            }
        }
        LogUtil.writeLog("加载密码加密证书结束");
    }

    public static void initValidateCert() {
        LogUtil.writeLog("加载验证签名证书");
        String validateCertPath = MpiConfig.getConfig().getValidateCertPath();
        if (null == validateCertPath || MpiConstants.BLANK.equals(validateCertPath)) {
            LogUtil.writeLog("验证签名证书路径为空");
            return;
        }
        FileInputStream fileInputStream = null;
        try {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                fileInputStream = new FileInputStream(MpiConfig.getConfig().getValidateCertPath());
                validateCert = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
                if (null != fileInputStream) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                        LogUtil.writeErrorLog(e.toString());
                    }
                }
            } catch (Throwable th) {
                if (null != fileInputStream) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e2) {
                        LogUtil.writeErrorLog(e2.toString());
                    }
                }
                throw th;
            }
        } catch (FileNotFoundException e3) {
            LogUtil.writeErrorLog("验证签名证书加载失败,证书文件不存在", e3);
            if (null != fileInputStream) {
                try {
                    fileInputStream.close();
                } catch (IOException e4) {
                    LogUtil.writeErrorLog(e4.toString());
                }
            }
        } catch (CertificateException e5) {
            LogUtil.writeErrorLog("验证签名证书加载失败", e5);
            if (null != fileInputStream) {
                try {
                    fileInputStream.close();
                } catch (IOException e6) {
                    LogUtil.writeErrorLog(e6.toString());
                }
            }
        }
        LogUtil.writeLog("加载验证签名证书结束 ");
    }

    public static void initValidateCertFromDir() {
        LogUtil.writeLog("从目录中加载验证签名证书开始.");
        certMap.clear();
        String validateCertDir = MpiConfig.getConfig().getValidateCertDir();
        if (null == validateCertDir || MpiConstants.BLANK.equals(validateCertDir)) {
            LogUtil.writeLog("验证签名证书路径配置为空.");
            return;
        }
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    for (File file : new File(validateCertDir).listFiles(new CerFilter())) {
                        fileInputStream = new FileInputStream(file.getAbsolutePath());
                        validateCert = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
                        certMap.put(validateCert.getSerialNumber().toString(), validateCert);
                        LogUtil.writeLog("[" + file.getAbsolutePath() + "][serialNumber=" + validateCert.getSerialNumber().toString() + "]");
                    }
                    if (null != fileInputStream) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e) {
                            LogUtil.writeErrorLog(e.toString());
                        }
                    }
                } catch (Throwable th) {
                    if (null != fileInputStream) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e2) {
                            LogUtil.writeErrorLog(e2.toString());
                        }
                    }
                    throw th;
                }
            } catch (FileNotFoundException e3) {
                LogUtil.writeErrorLog("验证签名证书加载失败,证书文件不存在", e3);
                if (null != fileInputStream) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e4) {
                        LogUtil.writeErrorLog(e4.toString());
                    }
                }
            }
        } catch (CertificateException e5) {
            LogUtil.writeErrorLog("验证签名证书加载失败", e5);
            if (null != fileInputStream) {
                try {
                    fileInputStream.close();
                } catch (IOException e6) {
                    LogUtil.writeErrorLog(e6.toString());
                }
            }
        }
        LogUtil.writeLog("从目录中加载验证签名证书结束.");
    }

    public static PrivateKey getSignCertPrivateKey() {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            String str = null;
            if (aliases.hasMoreElements()) {
                str = aliases.nextElement();
            }
            return (PrivateKey) keyStore.getKey(str, MpiConfig.getConfig().getSignCertPwd().toCharArray());
        } catch (Exception e) {
            LogUtil.writeErrorLog("获取签名证书的私钥失败", e);
            return null;
        }
    }

    public static PrivateKey getSignCertPrivateKey(String str, String str2) {
        initSignCert(str, str2);
        try {
            Enumeration<String> aliases = certKeyStore.aliases();
            String str3 = null;
            if (aliases.hasMoreElements()) {
                str3 = aliases.nextElement();
            }
            return (PrivateKey) certKeyStore.getKey(str3, str2.toCharArray());
        } catch (Exception e) {
            LogUtil.writeErrorLog("获取[" + str + "]的签名证书的私钥失败", e);
            return null;
        }
    }

    public static PublicKey getEncryptCertPublicKey() {
        try {
            if (null == encryptCert) {
                initEncryptCert();
            }
            return encryptCert.getPublicKey();
        } catch (Exception e) {
            LogUtil.writeErrorLog("获取加密证书失败", e);
            return null;
        }
    }

    public static PublicKey getValidateKey() {
        try {
            if (null == validateCert) {
                return null;
            }
            return validateCert.getPublicKey();
        } catch (Exception e) {
            LogUtil.writeErrorLog("获取验证签名证书失败", e);
            return null;
        }
    }

    public static PublicKey getValidateKey(String str) {
        if (certMap.containsKey(str)) {
            return certMap.get(str).getPublicKey();
        }
        initValidateCertFromDir();
        if (certMap.containsKey(str)) {
            return certMap.get(str).getPublicKey();
        }
        LogUtil.writeErrorLog("没有certId=[" + str + "]对应的证书文件,返回NULL.");
        return null;
    }

    public static String getSignCertId() {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            String str = null;
            if (aliases.hasMoreElements()) {
                str = aliases.nextElement();
            }
            return ((X509Certificate) keyStore.getCertificate(str)).getSerialNumber().toString();
        } catch (Exception e) {
            LogUtil.writeErrorLog("获取签名证书的序列号失败", e);
            return MpiConstants.BLANK;
        }
    }

    public static String getEncryptCertId() {
        if (null == encryptCert) {
            initEncryptCert();
        }
        return encryptCert.getSerialNumber().toString();
    }

    public static PublicKey getSignPublicKey() {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            String str = null;
            if (aliases.hasMoreElements()) {
                str = aliases.nextElement();
            }
            return keyStore.getCertificate(str).getPublicKey();
        } catch (Exception e) {
            LogUtil.writeErrorLog(e.toString());
            return null;
        }
    }

    public static KeyStore getKeyInfo(String str, String str2, String str3) {
        try {
            KeyStore keyStore2 = null;
            if ("JKS".equals(str3)) {
                keyStore2 = KeyStore.getInstance(str3);
            } else if ("PKCS12".equals(str3)) {
                Security.addProvider(new BouncyCastleProvider());
                keyStore2 = KeyStore.getInstance(str3, "BC");
            }
            FileInputStream fileInputStream = new FileInputStream(str);
            keyStore2.load(fileInputStream, (null == str2 || MpiConstants.BLANK.equals(str2.trim())) ? null : str2.toCharArray());
            fileInputStream.close();
            return keyStore2;
        } catch (Exception e) {
            if (!(e instanceof KeyStoreException) || !"PKCS12".equals(str3)) {
                return null;
            }
            Security.removeProvider("BC");
            return null;
        }
    }

    public static String getCertIdByCertPath(String str, String str2, String str3) {
        KeyStore keyInfo = getKeyInfo(str, str2, str3);
        if (null == keyInfo) {
            return MpiConstants.BLANK;
        }
        try {
            Enumeration<String> aliases = keyInfo.aliases();
            String str4 = null;
            if (aliases.hasMoreElements()) {
                str4 = aliases.nextElement();
            }
            return ((X509Certificate) keyInfo.getCertificate(str4)).getSerialNumber().toString();
        } catch (Exception e) {
            LogUtil.writeErrorLog("获取签名证书的序列号失败", e);
            return MpiConstants.BLANK;
        }
    }

    public static Map<String, X509Certificate> getCertMap() {
        return certMap;
    }

    public static void setCertMap(Map<String, X509Certificate> map) {
        certMap = map;
    }

    public static void main(String[] strArr) {
        System.out.println(getCertIdByCertPath("c://106660149170027_000000.pfx", "000000", "PKCS12"));
    }

    static {
        init();
    }
}
