package com.tydic.payment.pay.sdk.unionpay;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FilenameFilter;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.spec.RSAPublicKeySpec;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:com/tydic/payment/pay/sdk/unionpay/CertUtil.class */
public class CertUtil {
    private static KeyStore keyStore = null;
    private static X509Certificate encryptCert = null;
    private static PublicKey encryptTrackKey = null;
    private static X509Certificate validateCert = null;
    private static X509Certificate middleCert = null;
    private static X509Certificate rootCert = null;
    private static Map<String, X509Certificate> certMap = new HashMap();
    private static final Map<String, KeyStore> KEY_STORE_MAP = new ConcurrentHashMap(16);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/tydic/payment/pay/sdk/unionpay/CertUtil$CerFilter.class */
    public static class CerFilter implements FilenameFilter {
        CerFilter() {
        }

        public boolean isCer(String str) {
            return str.toLowerCase().endsWith(".cer");
        }

        @Override // java.io.FilenameFilter
        public boolean accept(File file, String str) {
            return isCer(str);
        }
    }

    private static void init() {
        try {
            addProvider();
            initSignCert();
            initMiddleCert();
            initRootCert();
            initEncryptCert();
            initTrackKey();
            initValidateCertFromDir();
        } catch (Exception e) {
            LogUtil.writeErrorLog("init失败。（如果是用对称密钥签名的可无视此异常。）", e);
        }
    }

    private static void addProvider() {
        if (Security.getProvider("BC") == null) {
            LogUtil.writeLog("add BC provider");
            Security.addProvider(new BouncyCastleProvider());
        } else {
            Security.removeProvider("BC");
            Security.addProvider(new BouncyCastleProvider());
            LogUtil.writeLog("re-add BC provider");
        }
        printSysInfo();
    }

    private static void initSignCert() {
        if (!"01".equals(SdkConfig.getConfig().getSignMethod())) {
            LogUtil.writeLog("非rsa签名方式，不加载签名证书。");
            return;
        }
        if (SdkConfig.getConfig().getSignCertPath() == null || SdkConfig.getConfig().getSignCertPwd() == null || SdkConfig.getConfig().getSignCertType() == null) {
            LogUtil.writeErrorLog("WARN: acpsdk.signCert.path或acpsdk.signCert.pwd或acpsdk.signCert.type为空。 停止加载签名证书。");
            return;
        }
        if (null != keyStore) {
            keyStore = null;
        }
        try {
            keyStore = getKeyInfo(SdkConfig.getConfig().getSignCertPath(), SdkConfig.getConfig().getSignCertPwd(), SdkConfig.getConfig().getSignCertType());
            LogUtil.writeLog("InitSignCert Successful. CertId=[" + getSignCertId() + "]");
        } catch (IOException e) {
            LogUtil.writeErrorLog("InitSignCert Error", e);
        }
    }

    private static void initMiddleCert() {
        LogUtil.writeLog("加载中级证书==>" + SdkConfig.getConfig().getMiddleCertPath());
        if (SdkUtil.isEmpty(SdkConfig.getConfig().getMiddleCertPath())) {
            LogUtil.writeLog("WARN: acpsdk.middle.path is empty");
        } else {
            middleCert = initCert(SdkConfig.getConfig().getMiddleCertPath());
            LogUtil.writeLog("Load MiddleCert Successful");
        }
    }

    private static void initRootCert() {
        LogUtil.writeLog("加载根证书==>" + SdkConfig.getConfig().getRootCertPath());
        if (SdkUtil.isEmpty(SdkConfig.getConfig().getRootCertPath())) {
            LogUtil.writeLog("WARN: acpsdk.rootCert.path is empty");
        } else {
            rootCert = initCert(SdkConfig.getConfig().getRootCertPath());
            LogUtil.writeLog("Load RootCert Successful");
        }
    }

    private static void initEncryptCert() {
        LogUtil.writeLog("加载敏感信息加密证书==>" + SdkConfig.getConfig().getEncryptCertPath());
        if (SdkUtil.isEmpty(SdkConfig.getConfig().getEncryptCertPath())) {
            LogUtil.writeLog("WARN: acpsdk.encryptCert.path is empty");
        } else {
            encryptCert = initCert(SdkConfig.getConfig().getEncryptCertPath());
            LogUtil.writeLog("Load EncryptCert Successful");
        }
    }

    private static void initTrackKey() {
        if (SdkUtil.isEmpty(SdkConfig.getConfig().getEncryptTrackKeyModulus()) || SdkUtil.isEmpty(SdkConfig.getConfig().getEncryptTrackKeyExponent())) {
            LogUtil.writeLog("WARN: acpsdk.encryptTrackKey.modulus or acpsdk.encryptTrackKey.exponent is empty");
        } else {
            encryptTrackKey = getPublicKey(SdkConfig.getConfig().getEncryptTrackKeyModulus(), SdkConfig.getConfig().getEncryptTrackKeyExponent());
            LogUtil.writeLog("LoadEncryptTrackKey Successful");
        }
    }

    private static void initValidateCertFromDir() {
        if (!"01".equals(SdkConfig.getConfig().getSignMethod())) {
            LogUtil.writeLog("非rsa签名方式，不加载验签证书。");
            return;
        }
        certMap.clear();
        String validateCertDir = SdkConfig.getConfig().getValidateCertDir();
        LogUtil.writeLog("加载验证签名证书目录==>" + validateCertDir + " 注：如果请求报文中version=5.1.0那么此验签证书目录使用不到，可以不需要设置（version=5.0.0必须设置）。");
        if (SdkUtil.isEmpty(validateCertDir)) {
            LogUtil.writeErrorLog("WARN: acpsdk.validateCert.dir is empty");
            return;
        }
        FileInputStream fileInputStream = null;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
            for (File file : new File(validateCertDir).listFiles(new CerFilter())) {
                try {
                    try {
                        fileInputStream = new FileInputStream(file.getAbsolutePath());
                        validateCert = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
                        if (validateCert == null) {
                            LogUtil.writeErrorLog("Load verify cert error, " + file.getAbsolutePath() + " has error cert content.");
                            if (null != fileInputStream) {
                                try {
                                    fileInputStream.close();
                                } catch (IOException e) {
                                    LogUtil.writeErrorLog(e.toString());
                                }
                            }
                        } else {
                            certMap.put(validateCert.getSerialNumber().toString(), validateCert);
                            LogUtil.writeLog("[" + file.getAbsolutePath() + "][CertId=" + validateCert.getSerialNumber().toString() + "]");
                            if (null != fileInputStream) {
                                try {
                                    fileInputStream.close();
                                } catch (IOException e2) {
                                    LogUtil.writeErrorLog(e2.toString());
                                }
                            }
                        }
                    } catch (Throwable th) {
                        if (null != fileInputStream) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e3) {
                                LogUtil.writeErrorLog(e3.toString());
                            }
                        }
                        throw th;
                    }
                } catch (FileNotFoundException e4) {
                    LogUtil.writeErrorLog("LoadVerifyCert Error File Not Found", e4);
                    if (null != fileInputStream) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e5) {
                            LogUtil.writeErrorLog(e5.toString());
                        }
                    }
                } catch (CertificateException e6) {
                    LogUtil.writeErrorLog("LoadVerifyCert Error", e6);
                    if (null != fileInputStream) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e7) {
                            LogUtil.writeErrorLog(e7.toString());
                        }
                    }
                }
            }
            LogUtil.writeLog("LoadVerifyCert Finish");
        } catch (NoSuchProviderException e8) {
            LogUtil.writeErrorLog("LoadVerifyCert Error: No BC Provider", e8);
        } catch (CertificateException e9) {
            LogUtil.writeErrorLog("LoadVerifyCert Error", e9);
        }
    }

    private static void loadSignCert(String str, String str2) {
        try {
            KEY_STORE_MAP.put(str, getKeyInfo(str, str2, "PKCS12"));
            LogUtil.writeLog("LoadRsaCert Successful");
        } catch (IOException e) {
            LogUtil.writeErrorLog("LoadRsaCert Error", e);
        }
    }

    private static X509Certificate initCert(String str) {
        X509Certificate x509Certificate = null;
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
                    fileInputStream = new FileInputStream(str);
                    x509Certificate = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
                    LogUtil.writeLog("[" + str + "][CertId=" + x509Certificate.getSerialNumber().toString() + "]");
                    if (null != fileInputStream) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e) {
                            LogUtil.writeErrorLog(e.toString());
                        }
                    }
                } catch (Throwable th) {
                    if (null != fileInputStream) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e2) {
                            LogUtil.writeErrorLog(e2.toString());
                        }
                    }
                    throw th;
                }
            } catch (CertificateException e3) {
                LogUtil.writeErrorLog("InitCert Error", e3);
                throw new IllegalArgumentException("CertificateException");
            }
        } catch (FileNotFoundException e4) {
            LogUtil.writeErrorLog("InitCert Error File Not Found", e4);
            if (null != fileInputStream) {
                try {
                    fileInputStream.close();
                } catch (IOException e5) {
                    LogUtil.writeErrorLog(e5.toString());
                }
            }
        } catch (NoSuchProviderException e6) {
            LogUtil.writeErrorLog("LoadVerifyCert Error No BC Provider", e6);
            if (null != fileInputStream) {
                try {
                    fileInputStream.close();
                } catch (IOException e7) {
                    LogUtil.writeErrorLog(e7.toString());
                }
            }
        }
        return x509Certificate;
    }

    public static PrivateKey getSignCertPrivateKey() {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            String str = null;
            if (aliases.hasMoreElements()) {
                str = aliases.nextElement();
            }
            return (PrivateKey) keyStore.getKey(str, SdkConfig.getConfig().getSignCertPwd().toCharArray());
        } catch (KeyStoreException e) {
            LogUtil.writeErrorLog("getSignCertPrivateKey Error", e);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            LogUtil.writeErrorLog("getSignCertPrivateKey Error", e2);
            return null;
        } catch (UnrecoverableKeyException e3) {
            LogUtil.writeErrorLog("getSignCertPrivateKey Error", e3);
            return null;
        }
    }

    public static PrivateKey getSignCertPrivateKeyByStoreMap(String str, String str2) {
        if (!KEY_STORE_MAP.containsKey(str)) {
            loadSignCert(str, str2);
        }
        try {
            Enumeration<String> aliases = KEY_STORE_MAP.get(str).aliases();
            String str3 = null;
            if (aliases.hasMoreElements()) {
                str3 = aliases.nextElement();
            }
            return (PrivateKey) KEY_STORE_MAP.get(str).getKey(str3, str2.toCharArray());
        } catch (KeyStoreException e) {
            LogUtil.writeErrorLog("getSignCertPrivateKeyByStoreMap Error", e);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            LogUtil.writeErrorLog("getSignCertPrivateKeyByStoreMap Error", e2);
            return null;
        } catch (UnrecoverableKeyException e3) {
            LogUtil.writeErrorLog("getSignCertPrivateKeyByStoreMap Error", e3);
            return null;
        }
    }

    public static PublicKey getEncryptCertPublicKey() {
        if (null != encryptCert) {
            return encryptCert.getPublicKey();
        }
        String encryptCertPath = SdkConfig.getConfig().getEncryptCertPath();
        if (SdkUtil.isEmpty(encryptCertPath)) {
            LogUtil.writeErrorLog("acpsdk.encryptCert.path is empty");
            return null;
        }
        encryptCert = initCert(encryptCertPath);
        if (encryptCert != null) {
            return encryptCert.getPublicKey();
        }
        throw new NullPointerException("initCert 返回对象为空");
    }

    public static void resetEncryptCertPublicKey() {
        encryptCert = null;
    }

    public static PublicKey getEncryptTrackPublicKey() {
        if (null == encryptTrackKey) {
            initTrackKey();
        }
        return encryptTrackKey;
    }

    public static PublicKey getValidatePublicKey(String str) {
        if (certMap.containsKey(str)) {
            return certMap.get(str).getPublicKey();
        }
        initValidateCertFromDir();
        if (certMap.containsKey(str)) {
            return certMap.get(str).getPublicKey();
        }
        LogUtil.writeErrorLog("缺少certId=[" + str + "]对应的验签证书.");
        return null;
    }

    public static String getSignCertId() {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            String str = null;
            if (aliases.hasMoreElements()) {
                str = aliases.nextElement();
            }
            return ((X509Certificate) keyStore.getCertificate(str)).getSerialNumber().toString();
        } catch (Exception e) {
            LogUtil.writeErrorLog("getSignCertId Error", e);
            return null;
        }
    }

    public static String getEncryptCertId() {
        if (null != encryptCert) {
            return encryptCert.getSerialNumber().toString();
        }
        String encryptCertPath = SdkConfig.getConfig().getEncryptCertPath();
        if (SdkUtil.isEmpty(encryptCertPath)) {
            LogUtil.writeErrorLog("acpsdk.encryptCert.path is empty");
            return null;
        }
        encryptCert = initCert(encryptCertPath);
        if (encryptCert != null) {
            return encryptCert.getSerialNumber().toString();
        }
        throw new NullPointerException("initCert 返回对象为空");
    }

    private static KeyStore getKeyInfo(String str, String str2, String str3) throws IOException {
        LogUtil.writeLog("加载签名证书==>" + str);
        FileInputStream fileInputStream = null;
        try {
            try {
                KeyStore keyStore2 = KeyStore.getInstance(str3, "BC");
                LogUtil.writeLog("Load RSA CertPath=[" + str + "],Pwd=[" + str2 + "],type=[" + str3 + "]");
                fileInputStream = new FileInputStream(str);
                char[] charArray = (null == str2 || SdkConstants.BLANK.equals(str2.trim())) ? null : str2.toCharArray();
                if (null != keyStore2) {
                    keyStore2.load(fileInputStream, charArray);
                }
                if (null != fileInputStream) {
                    fileInputStream.close();
                }
                return keyStore2;
            } catch (Exception e) {
                LogUtil.writeErrorLog("getKeyInfo Error", e);
                if (null != fileInputStream) {
                    fileInputStream.close();
                }
                return null;
            }
        } catch (Throwable th) {
            if (null != fileInputStream) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    public static String getCertIdByKeyStoreMap(String str, String str2) {
        if (!KEY_STORE_MAP.containsKey(str)) {
            loadSignCert(str, str2);
        }
        return getCertIdIdByStore(KEY_STORE_MAP.get(str));
    }

    private static String getCertIdIdByStore(KeyStore keyStore2) {
        try {
            Enumeration<String> aliases = keyStore2.aliases();
            String str = null;
            if (aliases.hasMoreElements()) {
                str = aliases.nextElement();
            }
            return ((X509Certificate) keyStore2.getCertificate(str)).getSerialNumber().toString();
        } catch (KeyStoreException e) {
            LogUtil.writeErrorLog("getCertIdIdByStore Error", e);
            return null;
        }
    }

    private static PublicKey getPublicKey(String str, String str2) {
        try {
            return KeyFactory.getInstance("RSA", "BC").generatePublic(new RSAPublicKeySpec(new BigInteger(str), new BigInteger(str2)));
        } catch (Exception e) {
            LogUtil.writeErrorLog("构造RSA公钥失败：" + e);
            return null;
        }
    }

    public static X509Certificate genCertificateByStr(String str) {
        X509Certificate x509Certificate = null;
        try {
            x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(str.getBytes("ISO-8859-1")));
        } catch (Exception e) {
            LogUtil.writeErrorLog("gen certificate error", e);
        }
        return x509Certificate;
    }

    public static X509Certificate getMiddleCert() {
        if (null == middleCert) {
            if (SdkUtil.isEmpty(SdkConfig.getConfig().getMiddleCertPath())) {
                LogUtil.writeErrorLog("acpsdk.middleCert.path not set in acp_sdk.properties");
                return null;
            }
            initMiddleCert();
        }
        return middleCert;
    }

    public static X509Certificate getRootCert() {
        if (null == rootCert) {
            if (SdkUtil.isEmpty(SdkConfig.getConfig().getRootCertPath())) {
                LogUtil.writeErrorLog("acpsdk.rootCert.path not set in acp_sdk.properties");
                return null;
            }
            initRootCert();
        }
        return rootCert;
    }

    private static String getIdentitiesFromCertficate(X509Certificate x509Certificate) {
        String[] split;
        String principal = x509Certificate.getSubjectDN().toString();
        String str = SdkConstants.BLANK;
        if (principal != null && (split = principal.substring(principal.indexOf("CN=")).split(SdkConstants.MAIL)) != null && split.length > 2 && split[2] != null) {
            str = split[2];
        }
        return str;
    }

    private static boolean verifyCertificateChain(X509Certificate x509Certificate) {
        if (null == x509Certificate) {
            LogUtil.writeErrorLog("cert must Not null");
            return false;
        }
        X509Certificate middleCert2 = getMiddleCert();
        if (null == middleCert2) {
            LogUtil.writeErrorLog("middleCert must Not null");
            return false;
        }
        X509Certificate rootCert2 = getRootCert();
        if (null == rootCert2) {
            LogUtil.writeErrorLog("rootCert or cert must Not null");
            return false;
        }
        try {
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate(x509Certificate);
            HashSet hashSet = new HashSet();
            hashSet.add(new TrustAnchor(rootCert2, null));
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, x509CertSelector);
            HashSet hashSet2 = new HashSet();
            hashSet2.add(rootCert2);
            hashSet2.add(middleCert2);
            hashSet2.add(x509Certificate);
            pKIXBuilderParameters.setRevocationEnabled(false);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(hashSet2), "BC"));
            LogUtil.writeLog("verify certificate chain succeed.");
            return true;
        } catch (CertPathBuilderException e) {
            LogUtil.writeErrorLog("verify certificate chain fail.", e);
            return false;
        } catch (Exception e2) {
            LogUtil.writeErrorLog("verify certificate chain exception: ", e2);
            return false;
        }
    }

    public static boolean verifyCertificate(X509Certificate x509Certificate) {
        if (null == x509Certificate) {
            LogUtil.writeErrorLog("cert must Not null");
            return false;
        }
        try {
            x509Certificate.checkValidity();
            if (!verifyCertificateChain(x509Certificate)) {
                return false;
            }
            if (SdkConfig.getConfig().isIfValidateCNName()) {
                if (SdkConstants.UNIONPAY_CNNAME.equals(getIdentitiesFromCertficate(x509Certificate))) {
                    return true;
                }
                LogUtil.writeErrorLog("cer owner is not CUP:" + getIdentitiesFromCertficate(x509Certificate));
                return false;
            }
            if (SdkConstants.UNIONPAY_CNNAME.equals(getIdentitiesFromCertficate(x509Certificate)) || "00040000:SIGN".equals(getIdentitiesFromCertficate(x509Certificate))) {
                return true;
            }
            LogUtil.writeErrorLog("cer owner is not CUP:" + getIdentitiesFromCertficate(x509Certificate));
            return false;
        } catch (Exception e) {
            LogUtil.writeErrorLog("verifyCertificate fail", e);
            return false;
        }
    }

    private static void printSysInfo() {
        LogUtil.writeLog("================= SYS INFO begin====================");
        LogUtil.writeLog("os_name:" + System.getProperty("os.name"));
        LogUtil.writeLog("os_arch:" + System.getProperty("os.arch"));
        LogUtil.writeLog("os_version:" + System.getProperty("os.version"));
        LogUtil.writeLog("java_vm_specification_version:" + System.getProperty("java.vm.specification.version"));
        LogUtil.writeLog("java_vm_specification_vendor:" + System.getProperty("java.vm.specification.vendor"));
        LogUtil.writeLog("java_vm_specification_name:" + System.getProperty("java.vm.specification.name"));
        LogUtil.writeLog("java_vm_version:" + System.getProperty("java.vm.version"));
        LogUtil.writeLog("java_vm_name:" + System.getProperty("java.vm.name"));
        LogUtil.writeLog("java.version:" + System.getProperty("java.version"));
        LogUtil.writeLog("java.vm.vendor=[" + System.getProperty("java.vm.vendor") + "]");
        LogUtil.writeLog("java.version=[" + System.getProperty("java.version") + "]");
        printProviders();
        LogUtil.writeLog("================= SYS INFO end=====================");
    }

    private static void printProviders() {
        LogUtil.writeLog("Providers List:");
        Provider[] providers = Security.getProviders();
        for (int i = 0; i < providers.length; i++) {
            LogUtil.writeLog((i + 1) + SdkConstants.POINT + providers[i].getName());
        }
    }

    static {
        init();
    }
}
