package com.chinapay.secss;

import ch.qos.logback.core.net.ssl.SSL;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Properties;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes.dex */
public class CertUtil {
    private KeyStore keyStore;
    private PrivateKey priKey;
    private PublicKey pubKey;
    private SecssConfig secssConfig;
    private String signCertId;
    private X509Certificate verifyCert;

    private CertUtil() {
    }

    public static synchronized CertUtil init() throws SecurityException {
        CertUtil certUtil;
        synchronized (CertUtil.class) {
            certUtil = new CertUtil();
            certUtil.secssConfig = SecssConfig.defaultInit();
            certUtil.initSignCert();
            certUtil.initVerifyCert();
        }
        return certUtil;
    }

    public static synchronized CertUtil init(Properties properties) throws SecurityException {
        CertUtil certUtil;
        synchronized (CertUtil.class) {
            certUtil = new CertUtil();
            certUtil.secssConfig = SecssConfig.specifyInit(properties);
            certUtil.initSignCert();
            certUtil.initVerifyCert();
        }
        return certUtil;
    }

    public KeyStore getKeyStore(String str, String str2, String str3) throws SecurityException, Exception {
        KeyStore keyStore;
        try {
            LogUtil.writeLog(String.format("signFile=%s,signFileType=%s", str, str3));
            if (SSL.DEFAULT_KEYSTORE_TYPE.equals(str3)) {
                keyStore = KeyStore.getInstance(str3, "SUN");
            } else {
                if (!"PKCS12".equals(str3)) {
                    throw new SecurityException(SecssConstants.SIGN_CERT_TYPE_ERROR);
                }
                Security.addProvider(new BouncyCastleProvider());
                keyStore = KeyStore.getInstance(str3);
            }
            FileInputStream fileInputStream = new FileInputStream(str);
            keyStore.load(fileInputStream, SecssUtil.isEmpty(str2) ? null : str2.toCharArray());
            fileInputStream.close();
            return keyStore;
        } catch (SecurityException e) {
            throw e;
        } catch (Exception e2) {
            if ((e2 instanceof KeyStoreException) && "PKCS12".equals(str3)) {
                Security.removeProvider("BC");
            }
            throw e2;
        }
    }

    public PrivateKey getPriKey() {
        return this.priKey;
    }

    public PublicKey getPubKey() {
        return this.pubKey;
    }

    public SecssConfig getSecssConfig() {
        return this.secssConfig;
    }

    public String getSignCertId() throws SecurityException {
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            this.signCertId = ((X509Certificate) this.keyStore.getCertificate(aliases.hasMoreElements() ? aliases.nextElement() : null)).getSerialNumber().toString();
            return this.signCertId;
        } catch (Exception e) {
            LogUtil.writeErrorLog("获取证书编号异常", e);
            throw new SecurityException(SecssConstants.GET_CERT_ID_ERROR);
        }
    }

    protected void initPriKey() throws SecurityException {
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                LogUtil.writeLog(String.format("keyAlias=%s", nextElement));
                if (nextElement.equals(this.secssConfig.getSignFileAlias())) {
                    return;
                }
                this.priKey = (PrivateKey) this.keyStore.getKey(nextElement, this.secssConfig.getSignFilePwd().toCharArray());
                if (this.priKey != null) {
                    return;
                }
            }
        } catch (Exception e) {
            LogUtil.writeErrorLog("获取私钥异常", e);
            throw new SecurityException(SecssConstants.GET_PRI_KEY_ERROR);
        }
    }

    protected void initPubKey() {
        this.pubKey = this.verifyCert.getPublicKey();
    }

    public void initSignCert() throws SecurityException {
        try {
            String signFile = this.secssConfig.getSignFile();
            if (SecssUtil.isEmpty(signFile)) {
                throw new SecurityException(SecssConstants.SIGN_CERT_ERROR);
            }
            String signFilePwd = this.secssConfig.getSignFilePwd();
            if (SecssUtil.isEmpty(signFilePwd)) {
                throw new SecurityException(SecssConstants.SIGN_CERT_PWD_ERROR);
            }
            String signCertType = this.secssConfig.getSignCertType();
            if (SecssUtil.isEmpty(signCertType)) {
                throw new SecurityException(SecssConstants.SIGN_CERT_TYPE_ERROR);
            }
            this.keyStore = getKeyStore(signFile, signFilePwd, signCertType);
            initPriKey();
        } catch (SecurityException e) {
            throw e;
        } catch (Exception e2) {
            throw new SecurityException(SecssConstants.INIT_SIGN_CERT_ERROR);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:37:0x0055 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Type inference failed for: r1v0, types: [boolean] */
    /* JADX WARN: Type inference failed for: r1v1 */
    /* JADX WARN: Type inference failed for: r1v3, types: [java.io.FileInputStream] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void initVerifyCert() throws com.chinapay.secss.SecurityException {
        /*
            r4 = this;
            com.chinapay.secss.SecssConfig r0 = r4.secssConfig
            java.lang.String r0 = r0.getVerifyFile()
            boolean r1 = com.chinapay.secss.SecssUtil.isEmpty(r0)
            if (r1 == 0) goto L14
            com.chinapay.secss.SecurityException r0 = new com.chinapay.secss.SecurityException
            java.lang.String r1 = com.chinapay.secss.SecssConstants.VERIFY_CERT_ERROR
            r0.<init>(r1)
            throw r0
        L14:
            r2 = 0
            java.lang.String r1 = "X.509"
            java.security.cert.CertificateFactory r3 = java.security.cert.CertificateFactory.getInstance(r1)     // Catch: java.lang.Exception -> L3e java.lang.Throwable -> L61
            java.io.FileInputStream r1 = new java.io.FileInputStream     // Catch: java.lang.Exception -> L3e java.lang.Throwable -> L61
            r1.<init>(r0)     // Catch: java.lang.Exception -> L3e java.lang.Throwable -> L61
            java.security.cert.Certificate r0 = r3.generateCertificate(r1)     // Catch: java.lang.Throwable -> L52 java.lang.Exception -> L64
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0     // Catch: java.lang.Throwable -> L52 java.lang.Exception -> L64
            r4.verifyCert = r0     // Catch: java.lang.Throwable -> L52 java.lang.Exception -> L64
            java.security.cert.X509Certificate r0 = r4.verifyCert     // Catch: java.lang.Throwable -> L52 java.lang.Exception -> L64
            java.security.PublicKey r0 = r0.getPublicKey()     // Catch: java.lang.Throwable -> L52 java.lang.Exception -> L64
            r4.pubKey = r0     // Catch: java.lang.Throwable -> L52 java.lang.Exception -> L64
            r4.initPubKey()     // Catch: java.lang.Throwable -> L52 java.lang.Exception -> L64
            if (r1 == 0) goto L38
            r1.close()     // Catch: java.lang.Throwable -> L52 java.io.IOException -> L59 java.lang.Exception -> L64
        L38:
            if (r1 == 0) goto L3d
            r1.close()     // Catch: java.io.IOException -> L5f
        L3d:
            return
        L3e:
            r0 = move-exception
            r1 = r2
        L40:
            java.lang.String r2 = "初始化验签证书异常"
            com.chinapay.secss.LogUtil.writeErrorLog(r2, r0)     // Catch: java.lang.Throwable -> L52
            if (r1 == 0) goto L4a
            r1.close()     // Catch: java.lang.Throwable -> L52 java.io.IOException -> L5b
        L4a:
            com.chinapay.secss.SecurityException r0 = new com.chinapay.secss.SecurityException     // Catch: java.lang.Throwable -> L52
            java.lang.String r2 = com.chinapay.secss.SecssConstants.INIT_VERIFY_CERT_ERROR     // Catch: java.lang.Throwable -> L52
            r0.<init>(r2)     // Catch: java.lang.Throwable -> L52
            throw r0     // Catch: java.lang.Throwable -> L52
        L52:
            r0 = move-exception
        L53:
            if (r1 == 0) goto L58
            r1.close()     // Catch: java.io.IOException -> L5d
        L58:
            throw r0
        L59:
            r0 = move-exception
            goto L38
        L5b:
            r0 = move-exception
            goto L4a
        L5d:
            r1 = move-exception
            goto L58
        L5f:
            r0 = move-exception
            goto L3d
        L61:
            r0 = move-exception
            r1 = r2
            goto L53
        L64:
            r0 = move-exception
            goto L40
        */
        throw new UnsupportedOperationException("Method not decompiled: com.chinapay.secss.CertUtil.initVerifyCert():void");
    }

    public void reloadSignCert(String str, String str2) throws SecurityException {
        try {
            String signCertType = this.secssConfig.getSignCertType();
            if (SecssUtil.isEmpty(signCertType)) {
                throw new SecurityException(SecssConstants.SIGN_CERT_TYPE_ERROR);
            }
            this.keyStore = getKeyStore(str, str2, signCertType);
        } catch (SecurityException e) {
            throw e;
        } catch (Exception e2) {
            throw new SecurityException(SecssConstants.RELOADSC_GOES_WRONG);
        }
    }
}
