package com.unionpay.uas.sdk.gm;

import com.unionpay.uas.sdk.CertUtil;
import com.unionpay.uas.sdk.SDKConstants;
import com.unionpay.uas.sdk.SDKUtil;
import com.unionpay.uas.sdk.gm.GmUtil;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FilenameFilter;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.log4j.Logger;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:com/unionpay/uas/sdk/gm/GmCertUtil.class */
public class GmCertUtil {
    private static final Logger logger = Logger.getLogger(GmCertUtil.class);
    private static ConcurrentHashMap<String, Key> verifyCertsSnMap = new ConcurrentHashMap<>();
    private static ConcurrentHashMap<String, Key> signCertsPathMap = new ConcurrentHashMap<>();
    private static ConcurrentHashMap<String, Key> signCertsSnMap = new ConcurrentHashMap<>();
    private static Key encryptCert = null;
    private static Key pinEncryptCert = null;
    private static ConcurrentHashMap<String, X509Certificate> verifyCerts510 = new ConcurrentHashMap<>();
    private static X509Certificate middleCert = null;
    private static X509Certificate rootCert = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/unionpay/uas/sdk/gm/GmCertUtil$CerFilter.class */
    public static class CerFilter implements FilenameFilter {
        CerFilter() {
        }

        public boolean isCer(String str) {
            return str.toLowerCase().endsWith(".cer");
        }

        @Override // java.io.FilenameFilter
        public boolean accept(File file, String str) {
            return isCer(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/unionpay/uas/sdk/gm/GmCertUtil$Key.class */
    public static class Key {
        private String certId;
        private PublicKey pubKey;
        private PrivateKey priKey;

        Key() {
        }

        public String getCertId() {
            return this.certId;
        }

        public PublicKey getPubKey() {
            return this.pubKey;
        }

        public PrivateKey getPriKey() {
            return this.priKey;
        }

        public void setCertId(String str) {
            this.certId = str;
        }

        public void setPubKey(PublicKey publicKey) {
            this.pubKey = publicKey;
        }

        public void setPriKey(PrivateKey privateKey) {
            this.priKey = privateKey;
        }

        public String toString() {
            return "key: certId=" + this.certId;
        }
    }

    private static void addProvider() {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        } else {
            Security.removeProvider("BC");
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    public static void init() {
        verifyCertsSnMap.clear();
        signCertsPathMap.clear();
        signCertsSnMap.clear();
        getSignKey();
        initVerifySignCerts();
        initEncryptCert();
    }

    private static void initMiddleCert() {
        String middleCertPath = GmSDKConfig.getConfig().getMiddleCertPath();
        if (SDKUtil.isEmpty(middleCertPath)) {
            logger.warn("uassdk.sm2.middleCert.path is empty");
        } else {
            middleCert = CertUtil.readX509Cert(middleCertPath);
            logger.info("加载中级证书==>" + middleCertPath + (middleCert != null ? "成功" : "失败"));
        }
    }

    private static void initRootCert() {
        String rootCertPath = GmSDKConfig.getConfig().getRootCertPath();
        if (SDKUtil.isEmpty(rootCertPath)) {
            logger.warn("uassdk.sm2.rootCert.path is empty");
        } else {
            rootCert = CertUtil.readX509Cert(rootCertPath);
            logger.info("加载根证书==>" + rootCertPath + (rootCert != null ? "成功" : "失败"));
        }
    }

    private static void initVerifySignCerts() {
        String validateCertDir = GmSDKConfig.getConfig().getValidateCertDir();
        ConcurrentHashMap<String, Key> concurrentHashMap = new ConcurrentHashMap<>();
        logger.info("加载验证签名证书目录==>" + validateCertDir);
        if (validateCertDir == null || validateCertDir.trim().length() == 0) {
            logger.error("WARN: uassdk.validateCert.dir is empty");
            return;
        }
        FileInputStream fileInputStream = null;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
            for (File file : new File(validateCertDir).listFiles(new CerFilter())) {
                try {
                    try {
                        try {
                            try {
                                fileInputStream = new FileInputStream(file.getAbsolutePath());
                                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
                                if (x509Certificate == null) {
                                    logger.error("Load verify cert error, " + file.getAbsolutePath() + " has error cert content.");
                                    if (null != fileInputStream) {
                                        try {
                                            fileInputStream.close();
                                        } catch (IOException e) {
                                            logger.error(e.toString());
                                        }
                                    }
                                } else {
                                    Key key = new Key();
                                    key.setCertId(x509Certificate.getSerialNumber().toString(10));
                                    key.setPubKey(x509Certificate.getPublicKey());
                                    concurrentHashMap.put(key.getCertId(), key);
                                    logger.info("[" + file.getAbsolutePath() + "][CertId=" + key.getCertId() + "]");
                                    if (null != fileInputStream) {
                                        try {
                                            fileInputStream.close();
                                        } catch (IOException e2) {
                                            logger.error(e2.toString());
                                        }
                                    }
                                }
                            } catch (FileNotFoundException e3) {
                                logger.error("LoadVerifyCert Error File Not Found", e3);
                                if (null != fileInputStream) {
                                    try {
                                        fileInputStream.close();
                                    } catch (IOException e4) {
                                        logger.error(e4.toString());
                                    }
                                }
                            }
                        } catch (Throwable th) {
                            if (null != fileInputStream) {
                                try {
                                    fileInputStream.close();
                                } catch (IOException e5) {
                                    logger.error(e5.toString());
                                }
                            }
                            throw th;
                        }
                    } catch (CertificateException e6) {
                        logger.error("LoadVerifyCert Error CertificateException", e6);
                        if (null != fileInputStream) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e7) {
                                logger.error(e7.toString());
                            }
                        }
                    }
                } catch (Exception e8) {
                    logger.error("LoadVerifyCert Error", e8);
                    if (null != fileInputStream) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e9) {
                            logger.error(e9.toString());
                        }
                    }
                }
            }
            if (concurrentHashMap == null || concurrentHashMap.size() <= 0) {
                return;
            }
            verifyCertsSnMap = concurrentHashMap;
        } catch (Exception e10) {
            logger.error("LoadVerifyCert Error", e10);
        }
    }

    private static Key getVerifySignKey(String str) {
        if (str == null) {
            throw new IllegalArgumentException("null argument");
        }
        if (!verifyCertsSnMap.containsKey(str)) {
            initVerifySignCerts();
        }
        if (verifyCertsSnMap.containsKey(str)) {
            return verifyCertsSnMap.get(str);
        }
        logger.error("cannot find this cert: " + str);
        return null;
    }

    public static PublicKey getValidatePublicKey(String str) {
        return getVerifySignKey(str).getPubKey();
    }

    private static void initEncryptCert() {
        String encryptCertPath = GmSDKConfig.getConfig().getEncryptCertPath();
        if (SDKUtil.isEmpty(encryptCertPath)) {
            logger.warn("uassdk.sm2.encryptCert.path is empty");
        } else {
            encryptCert = readGmPubCert(encryptCertPath);
            logger.info("加载加密证书==>" + encryptCertPath + (encryptCert != null ? "成功" : "失败") + "\n");
        }
    }

    private static void initPinEncryptCert() {
        String pinEncryptCertPath = GmSDKConfig.getConfig().getPinEncryptCertPath();
        if (SDKUtil.isEmpty(pinEncryptCertPath)) {
            logger.warn("uassdk.sm2.pinEncryptCert.path is empty");
        } else {
            pinEncryptCert = readGmPubCert(pinEncryptCertPath);
            logger.info("加载6.0统一支付产品pin加密证书==>" + pinEncryptCertPath + (pinEncryptCert != null ? "成功" : "失败"));
        }
    }

    public static Key getEncryptCert() {
        if (encryptCert == null) {
            initEncryptCert();
        }
        return encryptCert;
    }

    public static Key getPinEncryptCert() {
        if (pinEncryptCert == null) {
            initPinEncryptCert();
        }
        return pinEncryptCert;
    }

    private static Key getSignKeyByPath(String str, String str2) {
        Key readGmPriCert;
        if (str == null || str2 == null) {
            throw new IllegalArgumentException("null argument");
        }
        if (!signCertsPathMap.containsKey(str) && (readGmPriCert = readGmPriCert(str, str2)) != null) {
            logger.info("从 [" + str + "] 读取签名私钥成功 [" + readGmPriCert.getCertId() + "]");
            signCertsPathMap.put(str, readGmPriCert);
            signCertsSnMap.put(readGmPriCert.getCertId(), readGmPriCert);
        }
        return signCertsPathMap.get(str);
    }

    private static Key getSignKey() {
        String signCertPath = GmSDKConfig.getConfig().getSignCertPath();
        String signCertPwd = GmSDKConfig.getConfig().getSignCertPwd();
        if (signCertPath != null && signCertPwd != null) {
            return getSignKeyByPath(signCertPath, signCertPwd);
        }
        logger.error("没有找到默认签名证书默认配置。");
        return null;
    }

    public static String getSignCertId() {
        return getSignKey().getCertId();
    }

    public static PrivateKey getSignCertPrivateKey() {
        return getSignKey().getPriKey();
    }

    public static String getCertIdByKeyStoreMap(String str, String str2) {
        return getSignKeyByPath(str, str2).getCertId();
    }

    public static PrivateKey getSignCertPrivateKey(String str, String str2) {
        return getSignKeyByPath(str, str2).getPriKey();
    }

    private static Key readGmPriCert(String str, String str2) {
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(str);
                GmUtil.Sm2Cert readSm2File = GmUtil.readSm2File(Base64.decodeBase64(IOUtils.toByteArray(fileInputStream)), str2);
                Key key = new Key();
                key.setCertId(new BigInteger(readSm2File.getCertId(), 10).toString(10));
                key.setPriKey(readSm2File.getPrivateKey());
                if (null != fileInputStream) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                        e.printStackTrace();
                    }
                }
                return key;
            } catch (Throwable th) {
                if (null != fileInputStream) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e2) {
                        e2.printStackTrace();
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            logger.error("getKeyInfo Error [" + str + "]", e3);
            if (null != fileInputStream) {
                try {
                    fileInputStream.close();
                } catch (IOException e4) {
                    e4.printStackTrace();
                }
            }
            return null;
        }
    }

    private static Key readGmPubCert(String str) {
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    FileInputStream fileInputStream2 = new FileInputStream(str);
                    X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(fileInputStream2);
                    if (x509Certificate == null) {
                        logger.error("Load verify cert error, " + str + " has error cert content.");
                        if (null != fileInputStream2) {
                            try {
                                fileInputStream2.close();
                            } catch (IOException e) {
                                logger.error(e.toString());
                            }
                        }
                        return null;
                    }
                    Key key = new Key();
                    key.setCertId(x509Certificate.getSerialNumber().toString(10));
                    key.setPubKey(x509Certificate.getPublicKey());
                    if (null != fileInputStream2) {
                        try {
                            fileInputStream2.close();
                        } catch (IOException e2) {
                            logger.error(e2.toString());
                        }
                    }
                    return key;
                } catch (Exception e3) {
                    logger.error("LoadVerifyCert Error", e3);
                    if (0 == 0) {
                        return null;
                    }
                    try {
                        fileInputStream.close();
                        return null;
                    } catch (IOException e4) {
                        logger.error(e4.toString());
                        return null;
                    }
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e5) {
                        logger.error(e5.toString());
                    }
                }
                throw th;
            }
        } catch (FileNotFoundException e6) {
            logger.error("LoadVerifyCert Error File Not Found", e6);
            if (0 == 0) {
                return null;
            }
            try {
                fileInputStream.close();
                return null;
            } catch (IOException e7) {
                logger.error(e7.toString());
                return null;
            }
        } catch (CertificateException e8) {
            logger.error("LoadVerifyCert Error CertificateException", e8);
            if (0 == 0) {
                return null;
            }
            try {
                fileInputStream.close();
                return null;
            } catch (IOException e9) {
                logger.error(e9.toString());
                return null;
            }
        }
    }

    public static X509Certificate verifyAndGetVerifyPubKey(String str) {
        if (SDKUtil.isEmpty(str)) {
            logger.error("验签公钥证书传了空。");
            return null;
        }
        if (verifyCerts510.containsKey(str)) {
            return verifyCerts510.get(str);
        }
        logger.debug("验签公钥证书：[" + str + "]");
        X509Certificate genCertificateByStr = CertUtil.genCertificateByStr(str);
        if (genCertificateByStr == null) {
            logger.error("convert signPubKeyCert failed");
            return null;
        }
        if (!verifyCertificate(genCertificateByStr)) {
            logger.error("验证公钥证书失败，证书信息：[" + str + "]");
            return null;
        }
        logger.info("验证公钥验证成功：[" + genCertificateByStr.getSerialNumber().toString(10) + "]");
        verifyCerts510.put(str, genCertificateByStr);
        return genCertificateByStr;
    }

    private static boolean verifyCertificate(X509Certificate x509Certificate) {
        if (null == x509Certificate) {
            logger.error("cert must Not null");
            return false;
        }
        try {
            x509Certificate.checkValidity();
            if (!CertUtil.verifyCertificateChain(x509Certificate, middleCert, rootCert)) {
                return false;
            }
            if (GmSDKConfig.getConfig().isIfValidateCNName()) {
                if (SDKConstants.UNIONPAY_CNNAME.equals(CertUtil.getIdentitiesFromCertficate(x509Certificate))) {
                    return true;
                }
                logger.error("cer owner is not CUP:" + CertUtil.getIdentitiesFromCertficate(x509Certificate));
                return false;
            }
            if (SDKConstants.UNIONPAY_CNNAME.equals(CertUtil.getIdentitiesFromCertficate(x509Certificate)) || "ZunionpayTest".equals(CertUtil.getIdentitiesFromCertficate(x509Certificate))) {
                return true;
            }
            logger.error("cer owner is not CUP:" + CertUtil.getIdentitiesFromCertficate(x509Certificate));
            return false;
        } catch (Exception e) {
            logger.error("verifyCertificate fail", e);
            return false;
        }
    }

    public static int resetEncryptCertPublicKey(String str) {
        if (SDKUtil.isEmpty(str)) {
            logger.error("传入证书信息为空。");
            return -1;
        }
        if (getEncryptCert().certId.equals(CertUtil.genCertificateByStr(str).getSerialNumber().toString(10))) {
            logger.info("返回证书和原证书一样，不用更新。");
            return 0;
        }
        String encryptCertPath = GmSDKConfig.getConfig().getEncryptCertPath();
        if (SDKUtil.isEmpty(encryptCertPath)) {
            logger.error("未配置加密证书路径，无法执行此方法。");
            return -1;
        }
        File file = new File(encryptCertPath);
        if (file.exists()) {
            int lastIndexOf = encryptCertPath.lastIndexOf(SDKConstants.POINT);
            try {
                FileUtils.copyFile(file, new File(encryptCertPath.substring(0, lastIndexOf) + "_backup" + SDKConstants.POINT + encryptCertPath.substring(lastIndexOf + 1)));
                logger.info("原加密证书备份成功。");
            } catch (IOException e) {
                logger.error("原加密证书备份失败，停止改证书。", e);
                return -1;
            }
        } else {
            logger.warn("原加密证书不存在：" + encryptCertPath);
        }
        try {
            FileUtils.writeByteArrayToFile(file, str.getBytes(), false);
            logger.info("加密证书更新成功。");
            initEncryptCert();
            return 1;
        } catch (IOException e2) {
            logger.error("加密证书更新失败。", e2);
            return -1;
        }
    }

    public static int resetPinEncryptCertPublicKey(String str) {
        if (SDKUtil.isEmpty(str)) {
            logger.error("传入证书信息为空。");
            return -1;
        }
        if (getPinEncryptCert().certId.equals(CertUtil.genCertificateByStr(str).getSerialNumber().toString(10))) {
            logger.info("返回证书和原证书一样，不用更新。");
            return 0;
        }
        String pinEncryptCertPath = GmSDKConfig.getConfig().getPinEncryptCertPath();
        if (SDKUtil.isEmpty(pinEncryptCertPath)) {
            logger.error("未配置加密证书路径，无法执行此方法。");
            return -1;
        }
        File file = new File(pinEncryptCertPath);
        if (file.exists()) {
            int lastIndexOf = pinEncryptCertPath.lastIndexOf(SDKConstants.POINT);
            try {
                FileUtils.copyFile(file, new File(pinEncryptCertPath.substring(0, lastIndexOf) + "_backup" + SDKConstants.POINT + pinEncryptCertPath.substring(lastIndexOf + 1)));
                logger.info("原加密证书备份成功。");
            } catch (IOException e) {
                logger.error("原加密证书备份失败，停止改证书。", e);
                return -1;
            }
        } else {
            logger.warn("原加密证书不存在：" + pinEncryptCertPath);
        }
        try {
            FileUtils.writeByteArrayToFile(file, str.getBytes(), false);
            logger.info("加密证书更新成功。");
            initPinEncryptCert();
            return 1;
        } catch (IOException e2) {
            logger.error("加密证书更新失败。", e2);
            return -1;
        }
    }

    static {
        addProvider();
        init();
    }
}
