package com.chinapay.secss;

import cn.hutool.crypto.KeyUtil;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Properties;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:BOOT-INF/lib/chinapay-secure-1.5.1.jar:com/chinapay/secss/CertUtil.class */
public class CertUtil {
    private KeyStore keyStore;
    private X509Certificate verifyCert;
    private PrivateKey priKey;
    private PublicKey pubKey;
    private String signCertId;
    private SecssConfig secssConfig;

    private CertUtil() {
    }

    public SecssConfig getSecssConfig() {
        return this.secssConfig;
    }

    public static synchronized CertUtil init() throws SecurityException {
        CertUtil certUtil = new CertUtil();
        certUtil.secssConfig = SecssConfig.defaultInit();
        certUtil.initSignCert();
        certUtil.initVerifyCert();
        return certUtil;
    }

    public static synchronized CertUtil init(Properties properties) throws SecurityException {
        CertUtil certUtil = new CertUtil();
        certUtil.secssConfig = SecssConfig.specifyInit(properties);
        certUtil.initSignCert();
        certUtil.initVerifyCert();
        return certUtil;
    }

    public void initSignCert() throws SecurityException {
        try {
            String signFile = this.secssConfig.getSignFile();
            if (SecssUtil.isEmpty(signFile)) {
                throw new SecurityException(SecssConstants.SIGN_CERT_ERROR);
            }
            String signFilePwd = this.secssConfig.getSignFilePwd();
            if (SecssUtil.isEmpty(signFilePwd)) {
                throw new SecurityException(SecssConstants.SIGN_CERT_PWD_ERROR);
            }
            String signCertType = this.secssConfig.getSignCertType();
            if (SecssUtil.isEmpty(signCertType)) {
                throw new SecurityException(SecssConstants.SIGN_CERT_TYPE_ERROR);
            }
            this.keyStore = getKeyStore(signFile, signFilePwd, signCertType);
            initPriKey();
        } catch (SecurityException e) {
            throw e;
        } catch (Exception e2) {
            LogUtil.writeErrorLog("init sign cert error", e2);
            throw new SecurityException(SecssConstants.INIT_SIGN_CERT_ERROR);
        }
    }

    public void initVerifyCert() throws SecurityException {
        String verifyFile = this.secssConfig.getVerifyFile();
        if (SecssUtil.isEmpty(verifyFile)) {
            throw new SecurityException(SecssConstants.VERIFY_CERT_ERROR);
        }
        FileInputStream fileInputStream = null;
        try {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance(KeyUtil.CERT_TYPE_X509);
                fileInputStream = new FileInputStream(verifyFile);
                this.verifyCert = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
                this.pubKey = this.verifyCert.getPublicKey();
                initPubKey();
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                    }
                }
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e2) {
                    }
                }
            } catch (Exception e3) {
                LogUtil.writeErrorLog("初始化验签证书异常", e3);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e4) {
                    }
                }
                throw new SecurityException(SecssConstants.INIT_VERIFY_CERT_ERROR);
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e5) {
                }
            }
            throw th;
        }
    }

    public void reloadSignCert(String str, String str2) throws SecurityException {
        try {
            String signCertType = this.secssConfig.getSignCertType();
            if (SecssUtil.isEmpty(signCertType)) {
                throw new SecurityException(SecssConstants.SIGN_CERT_TYPE_ERROR);
            }
            this.keyStore = getKeyStore(str, str2, signCertType);
        } catch (SecurityException e) {
            throw e;
        } catch (Exception e2) {
            throw new SecurityException(SecssConstants.RELOADSC_GOES_WRONG);
        }
    }

    public KeyStore getKeyStore(String str, String str2, String str3) throws SecurityException, Exception {
        KeyStore keyStore;
        try {
            LogUtil.writeLog(String.format("signFile=%s,signFileType=%s", str, str3));
            if ("JKS".equals(str3)) {
                keyStore = KeyStore.getInstance(str3, "SUN");
            } else {
                if (!"PKCS12".equals(str3)) {
                    throw new SecurityException(SecssConstants.SIGN_CERT_TYPE_ERROR);
                }
                Security.addProvider(new BouncyCastleProvider());
                keyStore = KeyStore.getInstance(str3);
            }
            FileInputStream fileInputStream = new FileInputStream(str);
            keyStore.load(fileInputStream, SecssUtil.isEmpty(str2) ? null : str2.toCharArray());
            fileInputStream.close();
            return keyStore;
        } catch (SecurityException e) {
            throw e;
        } catch (Exception e2) {
            if ((e2 instanceof KeyStoreException) && "PKCS12".equals(str3)) {
                Security.removeProvider("BC");
            }
            throw e2;
        }
    }

    protected void initPriKey() throws SecurityException {
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                LogUtil.writeLog(String.format("keyAlias=%s", nextElement));
                if (nextElement.equals(this.secssConfig.getSignFileAlias())) {
                    return;
                }
                this.priKey = (PrivateKey) this.keyStore.getKey(nextElement, this.secssConfig.getSignFilePwd().toCharArray());
                if (this.priKey != null) {
                    return;
                }
            }
        } catch (Exception e) {
            LogUtil.writeErrorLog("获取私钥异常", e);
            throw new SecurityException(SecssConstants.GET_PRI_KEY_ERROR);
        }
    }

    public String getSignCertId() throws SecurityException {
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            String str = null;
            if (aliases.hasMoreElements()) {
                str = aliases.nextElement();
            }
            this.signCertId = ((X509Certificate) this.keyStore.getCertificate(str)).getSerialNumber().toString();
            return this.signCertId;
        } catch (Exception e) {
            LogUtil.writeErrorLog("获取证书编号异常", e);
            throw new SecurityException(SecssConstants.GET_CERT_ID_ERROR);
        }
    }

    protected void initPubKey() {
        this.pubKey = this.verifyCert.getPublicKey();
    }

    public PrivateKey getPriKey() {
        return this.priKey;
    }

    public PublicKey getPubKey() {
        return this.pubKey;
    }
}
