package com.csii.payment.client.key;

import com.csii.payment.client.constant.Constants;
import com.csii.payment.client.entity.CebMerchantProperties;
import com.csii.payment.client.entity.CertificateInfo;
import com.csii.payment.client.entity.MerchantKeyInfo;
import com.csii.payment.client.util.Log;
import com.csii.payment.client.util.Util;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:com/csii/payment/client/key/KeyManager.class */
public class KeyManager {
    private static Log log = new Log(KeyManager.class);
    private static Map merchentKeyInfoMapKeyIsCN = new HashMap();
    private static Map certificateInfoMapKeyIsCN = new HashMap();
    private static Map merchantKeyInfoMapKeyIsAlias = new HashMap();
    private static Map certificateInfoMapKeyIsAlias = new HashMap();
    private static javax.net.ssl.KeyManager[] keyManagers = new javax.net.ssl.KeyManager[0];
    private static TrustManager[] trustManagers = new TrustManager[0];
    private static TrustManager[] trustManagersWithoutVerify = {new MyX509TrustManagerWithoutVerify()};

    static {
        try {
            if (CebMerchantProperties.isNewMerchantPropertiesFile()) {
                initJKSInfoUseNewMerchantProperties();
            } else {
                initJKSInfoUseOldMerchantProperties();
            }
            if (Constants.ALGORITHMPROVIDER_BC.equals(CebMerchantProperties.getProvider())) {
                Security.addProvider(new BouncyCastleProvider());
            }
        } catch (Exception e) {
            log.error("加载容器失败！\r\n", e);
            throw new RuntimeException(e);
        }
    }

    private static void initJKSInfoUseNewMerchantProperties() throws Exception {
        initMerchantJKS();
        initTrustKeyStoreJKS();
    }

    private static void initTrustKeyStoreJKS() throws Exception {
        KeyStore keyStore = getKeyStore(CebMerchantProperties.getTrustKeyStore());
        initMerchantKeyORCertificateInfoMap(keyStore);
        setTrustManager(keyStore);
    }

    private static void initMerchantJKS() throws Exception {
        for (String str : CebMerchantProperties.getCafiles()) {
            initMerchantKeyORCertificateInfoMap(getKeyStore(str));
        }
    }

    private static KeyStore getKeyStore(String str) throws Exception {
        String[] split = str.trim().split(Constants.SPLITSYMBOL);
        String str2 = split[0];
        String str3 = split[1];
        String str4 = split[2];
        if (str2.startsWith(Constants.CLASSPATHPREFIX)) {
            str2 = String.valueOf(Util.getClassPath()) + "/" + str2.substring(Constants.CLASSPATHPREFIX.length());
        }
        return Util.getKeyStore(str4, str2, str3);
    }

    private static void initJKSInfoUseOldMerchantProperties() throws Exception {
        KeyStore keyStore = Util.getKeyStore(Constants.CONTAINTYPE_JKS, CebMerchantProperties.getCafile().trim(), CebMerchantProperties.getStorePassword());
        initMerchantKeyORCertificateInfoMap(keyStore);
        setTrustManager(keyStore);
    }

    private static void initMerchantKeyORCertificateInfoMap(KeyStore keyStore) throws Exception {
        Map cNNameAndPasswordMap = CebMerchantProperties.getCNNameAndPasswordMap();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isKeyEntry(nextElement)) {
                MerchantKeyInfo merchantKeyInfo = (MerchantKeyInfo) getCertificateInfo(keyStore, nextElement);
                merchantKeyInfo.setCertificateChain(keyStore.getCertificateChain(nextElement));
                merchantKeyInfo.setKeyType(1);
                if (CebMerchantProperties.isNewMerchantPropertiesFile()) {
                    String str = (String) cNNameAndPasswordMap.get(merchantKeyInfo.getCNName());
                    if (Util.isNullOrEmpty(str)) {
                        log.warn(new StringBuffer("CN为：【").append(merchantKeyInfo.getCNName()).append("】的密钥没有在商户配置文件中维护").toString());
                    } else {
                        merchantKeyInfo.setPrivateKey(innerGetPrivateKey(keyStore, nextElement, str));
                        setKeyManager(keyStore, str);
                    }
                } else {
                    merchantKeyInfo.setPrivateKey(innerGetPrivateKey(keyStore, nextElement, CebMerchantProperties.getKeyPassword()));
                    setKeyManager(keyStore, CebMerchantProperties.getKeyPassword());
                }
                putMerchantKeyInfoToMap(merchantKeyInfo);
            } else if (keyStore.isCertificateEntry(nextElement)) {
                CertificateInfo certificateInfo = getCertificateInfo(keyStore, nextElement);
                certificateInfo.setKeyType(2);
                putCertificateInfoToMap(certificateInfo);
            }
        }
    }

    private static void putMerchantKeyInfoToMap(MerchantKeyInfo merchantKeyInfo) {
        String cNName = merchantKeyInfo.getCNName();
        String alias = merchantKeyInfo.getAlias();
        if (merchentKeyInfoMapKeyIsCN.get(cNName) == null) {
            merchentKeyInfoMapKeyIsCN.put(cNName, merchantKeyInfo);
        } else {
            try {
                ((X509Certificate) merchantKeyInfo.getCertificate()).checkValidity();
                log.warn(new StringBuffer().append("容器中存在同CN的私钥，CN为：【").append(cNName).append("】，进行覆盖操作！"));
                merchentKeyInfoMapKeyIsCN.put(cNName, merchantKeyInfo);
            } catch (Exception e) {
                log.error(new StringBuffer().append("容器中存在同CN的私钥，CN为：【").append(cNName).append("】，待覆盖私钥不是有效的，不进行覆盖操作！"));
            }
        }
        if (merchantKeyInfoMapKeyIsAlias.get(alias) == null) {
            merchantKeyInfoMapKeyIsAlias.put(alias, merchantKeyInfo);
            return;
        }
        try {
            ((X509Certificate) merchantKeyInfo.getCertificate()).checkValidity();
            log.warn(new StringBuffer().append("容器中存在同别名的私钥，别名为：【").append(alias).append("】，进行覆盖操作！"));
            merchantKeyInfoMapKeyIsAlias.put(alias, merchantKeyInfo);
        } catch (Exception e2) {
            log.error(new StringBuffer().append("容器中存在同别名的私钥，别名为：【").append(alias).append("】，待覆盖私钥不是有效的，不进行覆盖操作！"));
        }
    }

    private static void putCertificateInfoToMap(CertificateInfo certificateInfo) {
        String cNName = certificateInfo.getCNName();
        String alias = certificateInfo.getAlias();
        if (certificateInfoMapKeyIsCN.get(cNName) == null) {
            certificateInfoMapKeyIsCN.put(cNName, certificateInfo);
        } else {
            try {
                ((X509Certificate) certificateInfo.getCertificate()).checkValidity();
                log.warn(new StringBuffer().append("容器中存在同CN的公钥，CN为：【").append(cNName).append("】，进行覆盖操作！"));
                certificateInfoMapKeyIsCN.put(cNName, certificateInfo);
            } catch (Exception e) {
                log.error(new StringBuffer().append("容器中存在同CN的公钥，CN为：【").append(cNName).append("】，待覆盖公钥不是有效的，不进行覆盖操作！"));
            }
        }
        if (certificateInfoMapKeyIsAlias.get(alias) == null) {
            certificateInfoMapKeyIsAlias.put(alias, certificateInfo);
            return;
        }
        try {
            ((X509Certificate) certificateInfo.getCertificate()).checkValidity();
            log.warn(new StringBuffer().append("容器中存在同别名的公钥，别名为：【").append(alias).append("】，进行覆盖操作！"));
            certificateInfoMapKeyIsAlias.put(alias, certificateInfo);
        } catch (Exception e2) {
            log.error(new StringBuffer().append("容器中存在同别名的公钥，别名为：【").append(alias).append("】，待覆盖公钥不是有效的，不进行覆盖操作！"));
        }
    }

    private static PrivateKey innerGetPrivateKey(KeyStore keyStore, String str, String str2) {
        try {
            return (PrivateKey) keyStore.getKey(str, str2.toCharArray());
        } catch (Exception e) {
            log.error("", e);
            return null;
        }
    }

    private static void setKeyManager(KeyStore keyStore, String str) throws Exception {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, str.toCharArray());
        javax.net.ssl.KeyManager[] keyManagers2 = keyManagerFactory.getKeyManagers();
        javax.net.ssl.KeyManager[] keyManagerArr = new javax.net.ssl.KeyManager[keyManagers2.length + keyManagers.length];
        System.arraycopy(keyManagers, 0, keyManagerArr, 0, keyManagers.length);
        System.arraycopy(keyManagers2, 0, keyManagerArr, keyManagers.length, keyManagers2.length);
        keyManagers = keyManagerArr;
    }

    private static void setTrustManager(KeyStore keyStore) throws Exception {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        trustManagers = trustManagerFactory.getTrustManagers();
    }

    private static CertificateInfo getCertificateInfo(KeyStore keyStore, String str) throws Exception {
        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str);
        MerchantKeyInfo merchantKeyInfo = new MerchantKeyInfo();
        merchantKeyInfo.setAlias(str);
        merchantKeyInfo.setCertificate(x509Certificate);
        merchantKeyInfo.setPublicKey(x509Certificate.getPublicKey());
        merchantKeyInfo.setSubject(x509Certificate.getSubjectX500Principal().toString());
        merchantKeyInfo.setCNName(Util.getCNFromCertificate(x509Certificate));
        log.debug(new StringBuffer().append("别名为：【").append(str).append("】，CN为：【").append(merchantKeyInfo.getCNName()).append("】"));
        return merchantKeyInfo;
    }

    public static SSLSocketFactory getSSLSocketFactory(boolean z, String str) throws Exception {
        SSLContext sSLContext = SSLContext.getInstance(str);
        if (z) {
            checkCertValidation(merchantKeyInfoMapKeyIsAlias);
            checkCertValidation(certificateInfoMapKeyIsAlias);
            sSLContext.init(keyManagers, trustManagers, null);
        } else {
            sSLContext.init(null, trustManagersWithoutVerify, null);
        }
        return sSLContext.getSocketFactory();
    }

    private static void checkCertValidation(Map map) {
        if (Util.isNullOrEmpty(map)) {
            return;
        }
        for (String str : map.keySet()) {
            if (map.get(str) instanceof CertificateInfo) {
                CertificateInfo certificateInfo = (CertificateInfo) map.get(str);
                X509Certificate x509Certificate = (X509Certificate) certificateInfo.getCertificate();
                try {
                    x509Certificate.checkValidity();
                } catch (Exception e) {
                    log.warn(new StringBuffer().append("Cert_Error_Info 【").append(e.getMessage()).append("】").append(",证书无效(过期或未生效)，证书别名为：【").append(str).append("】").append(",证书CN为【").append(certificateInfo.getCNName()).append("】").append(",证书开始日期【").append(Util.formatDate(x509Certificate.getNotBefore(), Constants.DATEFORMAT)).append("】").append(",证书结束日期【").append(Util.formatDate(x509Certificate.getNotAfter(), Constants.DATEFORMAT)).append("】").append("\r\n"));
                }
            }
        }
    }

    public static HostnameVerifier getHostnameVerifier(boolean z, String str, String str2) {
        return new MyHostnameVerifier(z, str, str2);
    }

    public static PrivateKey getPrivateKey(String... strArr) throws Exception {
        switch (strArr.length) {
            case 0:
                return getPrivateKeyByAlias(CebMerchantProperties.getKeyAlias());
            case 1:
                return !CebMerchantProperties.isNewMerchantPropertiesFile() ? getPrivateKeyByAlias(CebMerchantProperties.getKeyAlias()) : getPrivateKeyByMerchantId(strArr[0]);
            default:
                log.error("该方法只能接受一个参数，你传入的参数为：" + Arrays.toString(strArr));
                throw new Exception("该方法只能接受一个参数");
        }
    }

    public static PublicKey getPublicKey() {
        return CebMerchantProperties.isNewMerchantPropertiesFile() ? getPublicKeyByCNName(CebMerchantProperties.getPaygatePublicKeyCNName()) : getPublicKeyByAlias(CebMerchantProperties.getPaygateAlias());
    }

    private static PrivateKey getPrivateKeyByMerchantId(String str) throws Exception {
        String str2 = (String) CebMerchantProperties.getMerchantIdAndCNNameMap().get(str);
        if (Util.isNullOrEmpty(str2)) {
            throw new Exception(new StringBuffer("商户【").append(str).append("】对应的私钥的CN没有配置，请检查商户配置文件(检查项为：merchantIdCNName)！").toString());
        }
        log.info(new StringBuffer().append("根据商户号获取商户私钥,商户号【").append(str).append("】").append(",").append("对应配置中的CNName【").append(str2).append("】\r\n"));
        return getPrivateKeyByCNName(str2);
    }

    private static PrivateKey getPrivateKeyByCNName(String str) throws Exception {
        PrivateKey privateKey = ((MerchantKeyInfo) merchentKeyInfoMapKeyIsCN.get(str)).getPrivateKey();
        if (privateKey == null) {
            throw new Exception(new StringBuffer("商户私钥CN为【").append(str).append("】对应的私钥与密码的映射没有配置或者密码错误等，请检查商户配置文件(检查项为：merchantPrivateKeyCNName)！").toString());
        }
        return privateKey;
    }

    private static PrivateKey getPrivateKeyByAlias(String str) throws Exception {
        MerchantKeyInfo merchantKeyInfo = (MerchantKeyInfo) merchantKeyInfoMapKeyIsAlias.get(str);
        PrivateKey privateKey = merchantKeyInfo.getPrivateKey();
        if (privateKey == null) {
            throw new Exception(new StringBuffer().append("商户私钥别名为【").append(str).append("】,").append("CNName为【").append(merchantKeyInfo.getCNName()).append("】").append("对应的私钥与密码的映射没有配置或者密码错误等，请检查商户配置文件(检查项为：merchantPrivateKeyCNName)！").toString());
        }
        return privateKey;
    }

    private static PublicKey getPublicKeyByCNName(String str) {
        return ((CertificateInfo) certificateInfoMapKeyIsCN.get(str)).getPublicKey();
    }

    private static PublicKey getPublicKeyByAlias(String str) {
        return ((CertificateInfo) certificateInfoMapKeyIsAlias.get(str)).getPublicKey();
    }
}
