package com.zzcsykt.activity.yingTong.a;

import android.content.Context;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FilenameFilter;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.spec.RSAPublicKeySpec;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* compiled from: CertUtil.java */
/* loaded from: classes2.dex */
public class c {

    /* renamed from: a, reason: collision with root package name */
    private static InputStream f8647a;

    /* renamed from: b, reason: collision with root package name */
    private static InputStream f8648b;

    /* renamed from: c, reason: collision with root package name */
    private static InputStream f8649c;

    /* renamed from: d, reason: collision with root package name */
    private static InputStream f8650d;
    private static KeyStore e;
    private static X509Certificate f;
    private static PublicKey g;
    private static X509Certificate h;
    private static X509Certificate i;
    private static X509Certificate j;
    private static Map<String, X509Certificate> k = new HashMap();
    private static final Map<String, KeyStore> l = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: CertUtil.java */
    /* loaded from: classes2.dex */
    public static class a implements FilenameFilter {
        a() {
        }

        public boolean a(String str) {
            return str.toLowerCase().endsWith(".cer");
        }

        @Override // java.io.FilenameFilter
        public boolean accept(File file, String str) {
            return a(str);
        }
    }

    public static String a(String str, String str2) {
        if (!l.containsKey(str)) {
            d(str, str2);
        }
        return a(l.get(str));
    }

    private static String a(KeyStore keyStore) {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            return ((X509Certificate) keyStore.getCertificate(aliases.hasMoreElements() ? aliases.nextElement() : null)).getSerialNumber().toString();
        } catch (KeyStoreException e2) {
            e.a("getCertIdIdByStore Error", e2);
            return null;
        }
    }

    private static String a(X509Certificate x509Certificate) {
        String[] split;
        String principal = x509Certificate.getSubjectDN().toString();
        return (principal == null || (split = principal.substring(principal.indexOf("CN=")).split(g.E)) == null || split.length <= 2 || split[2] == null) ? "" : split[2];
    }

    /* JADX WARN: Removed duplicated region for block: B:10:0x006b A[Catch: all -> 0x0074, Exception -> 0x0076, TRY_LEAVE, TryCatch #1 {Exception -> 0x0076, blocks: (B:3:0x001d, B:5:0x0056, B:8:0x0063, B:10:0x006b), top: B:2:0x001d, outer: #0 }] */
    /* JADX WARN: Removed duplicated region for block: B:13:0x0070  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.security.KeyStore a(java.io.InputStream r4, java.lang.String r5, java.lang.String r6) throws java.io.IOException {
        /*
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            r0.<init>()
            java.lang.String r1 = "加载签名证书==>"
            r0.append(r1)
            com.zzcsykt.activity.yingTong.a.f r1 = com.zzcsykt.activity.yingTong.a.f.S()
            java.lang.String r1 = r1.C()
            r0.append(r1)
            java.lang.String r0 = r0.toString()
            com.zzcsykt.activity.yingTong.a.e.d(r0)
            r0 = 0
            java.lang.String r1 = "BC"
            java.security.KeyStore r1 = java.security.KeyStore.getInstance(r6, r1)     // Catch: java.lang.Throwable -> L74 java.lang.Exception -> L76
            java.lang.StringBuilder r2 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L74 java.lang.Exception -> L76
            r2.<init>()     // Catch: java.lang.Throwable -> L74 java.lang.Exception -> L76
            java.lang.String r3 = "Load RSA CertPath=["
            r2.append(r3)     // Catch: java.lang.Throwable -> L74 java.lang.Exception -> L76
            com.zzcsykt.activity.yingTong.a.f r3 = com.zzcsykt.activity.yingTong.a.f.S()     // Catch: java.lang.Throwable -> L74 java.lang.Exception -> L76
            java.lang.String r3 = r3.C()     // Catch: java.lang.Throwable -> L74 java.lang.Exception -> L76
            r2.append(r3)     // Catch: java.lang.Throwable -> L74 java.lang.Exception -> L76
            java.lang.String r3 = "],Pwd=["
            r2.append(r3)     // Catch: java.lang.Throwable -> L74 java.lang.Exception -> L76
            r2.append(r5)     // Catch: java.lang.Throwable -> L74 java.lang.Exception -> L76
            java.lang.String r3 = "],type=["
            r2.append(r3)     // Catch: java.lang.Throwable -> L74 java.lang.Exception -> L76
            r2.append(r6)     // Catch: java.lang.Throwable -> L74 java.lang.Exception -> L76
            java.lang.String r6 = "]"
            r2.append(r6)     // Catch: java.lang.Throwable -> L74 java.lang.Exception -> L76
            java.lang.String r6 = r2.toString()     // Catch: java.lang.Throwable -> L74 java.lang.Exception -> L76
            com.zzcsykt.activity.yingTong.a.e.d(r6)     // Catch: java.lang.Throwable -> L74 java.lang.Exception -> L76
            if (r5 == 0) goto L68
            java.lang.String r6 = ""
            java.lang.String r2 = r5.trim()     // Catch: java.lang.Throwable -> L74 java.lang.Exception -> L76
            boolean r6 = r6.equals(r2)     // Catch: java.lang.Throwable -> L74 java.lang.Exception -> L76
            if (r6 == 0) goto L63
            goto L68
        L63:
            char[] r5 = r5.toCharArray()     // Catch: java.lang.Throwable -> L74 java.lang.Exception -> L76
            goto L69
        L68:
            r5 = r0
        L69:
            if (r1 == 0) goto L6e
            r1.load(r4, r5)     // Catch: java.lang.Throwable -> L74 java.lang.Exception -> L76
        L6e:
            if (r4 == 0) goto L73
            r4.close()
        L73:
            return r1
        L74:
            r5 = move-exception
            goto L82
        L76:
            r5 = move-exception
            java.lang.String r6 = "getKeyInfo Error"
            com.zzcsykt.activity.yingTong.a.e.a(r6, r5)     // Catch: java.lang.Throwable -> L74
            if (r4 == 0) goto L81
            r4.close()
        L81:
            return r0
        L82:
            if (r4 == 0) goto L87
            r4.close()
        L87:
            throw r5
        */
        throw new UnsupportedOperationException("Method not decompiled: com.zzcsykt.activity.yingTong.a.c.a(java.io.InputStream, java.lang.String, java.lang.String):java.security.KeyStore");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:38:0x0037 -> B:10:0x0062). Please report as a decompilation issue!!! */
    private static X509Certificate a(InputStream inputStream) {
        X509Certificate x509Certificate;
        CertificateException e2;
        NoSuchProviderException e3;
        try {
            try {
                try {
                    x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME).generateCertificate(inputStream);
                } catch (Throwable th) {
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e4) {
                            e.c(e4.toString());
                        }
                    }
                    throw th;
                }
            } catch (NoSuchProviderException e5) {
                x509Certificate = null;
                e3 = e5;
            } catch (CertificateException e6) {
                x509Certificate = null;
                e2 = e6;
            }
        } catch (IOException e7) {
            String iOException = e7.toString();
            e.c(iOException);
            inputStream = iOException;
        }
        try {
            e.d("[][CertId=" + x509Certificate.getSerialNumber().toString() + "]");
            inputStream = inputStream;
            if (inputStream != null) {
                inputStream.close();
                inputStream = inputStream;
            }
        } catch (NoSuchProviderException e8) {
            e3 = e8;
            e.a("LoadVerifyCert Error No BC Provider", e3);
            inputStream = inputStream;
            if (inputStream != null) {
                inputStream.close();
                inputStream = inputStream;
            }
            return x509Certificate;
        } catch (CertificateException e9) {
            e2 = e9;
            e.a("InitCert Error", e2);
            inputStream = inputStream;
            if (inputStream != null) {
                inputStream.close();
                inputStream = inputStream;
            }
            return x509Certificate;
        }
        return x509Certificate;
    }

    public static X509Certificate a(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME).generateCertificate(new ByteArrayInputStream(str.getBytes("ISO-8859-1")));
        } catch (Exception e2) {
            e.a("gen certificate error", e2);
            return null;
        }
    }

    private static void a() {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            e.d("add BC provider");
            Security.addProvider(new BouncyCastleProvider());
        } else {
            Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
            Security.addProvider(new BouncyCastleProvider());
            e.d("re-add BC provider");
        }
        p();
    }

    public static void a(Context context) {
        try {
            f8647a = context.getAssets().open(f.S().C());
            f8648b = context.getAssets().open(f.S().t());
            f8649c = context.getAssets().open(f.S().z());
            f8650d = context.getAssets().open(f.S().g());
            a();
            l();
            j();
            k();
            i();
            m();
            n();
        } catch (Exception e2) {
            e.a("init失败。（如果是用对称密钥签名的可无视此异常。）", e2);
        }
    }

    public static InputStream b(String str) {
        if (str.equals(f.S().C())) {
            return f8647a;
        }
        if (str.equals(f.S().t())) {
            return f8648b;
        }
        if (str.equals(f.S().z())) {
            return f8649c;
        }
        if (str.equals(f.S().g())) {
            return f8650d;
        }
        return null;
    }

    public static String b() {
        X509Certificate x509Certificate = f;
        if (x509Certificate != null) {
            return x509Certificate.getSerialNumber().toString();
        }
        if (h.d(f.S().g())) {
            e.c("acpsdk.encryptCert.path is empty");
            return null;
        }
        f = a(f8650d);
        return f.getSerialNumber().toString();
    }

    private static PublicKey b(String str, String str2) {
        try {
            return KeyFactory.getInstance(c.b.a.b0.d.f367a, BouncyCastleProvider.PROVIDER_NAME).generatePublic(new RSAPublicKeySpec(new BigInteger(str), new BigInteger(str2)));
        } catch (Exception e2) {
            e.c("构造RSA公钥失败：" + e2);
            return null;
        }
    }

    public static boolean b(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            e.c("cert must Not null");
            return false;
        }
        try {
            x509Certificate.checkValidity();
            if (!c(x509Certificate)) {
                return false;
            }
            if (f.S().Q()) {
                if (g.a0.equals(a(x509Certificate))) {
                    return true;
                }
                e.c("cer owner is not CUP:" + a(x509Certificate));
                return false;
            }
            if (g.a0.equals(a(x509Certificate)) || "00040000:SIGN".equals(a(x509Certificate))) {
                return true;
            }
            e.c("cer owner is not CUP:" + a(x509Certificate));
            return false;
        } catch (Exception e2) {
            e.a("verifyCertificate fail", e2);
            return false;
        }
    }

    public static PrivateKey c(String str, String str2) {
        if (!l.containsKey(str)) {
            d(str, str2);
        }
        try {
            Enumeration<String> aliases = l.get(str).aliases();
            return (PrivateKey) l.get(str).getKey(aliases.hasMoreElements() ? aliases.nextElement() : null, str2.toCharArray());
        } catch (KeyStoreException e2) {
            e.a("getSignCertPrivateKeyByStoreMap Error", e2);
            return null;
        } catch (NoSuchAlgorithmException e3) {
            e.a("getSignCertPrivateKeyByStoreMap Error", e3);
            return null;
        } catch (UnrecoverableKeyException e4) {
            e.a("getSignCertPrivateKeyByStoreMap Error", e4);
            return null;
        }
    }

    public static PublicKey c() {
        X509Certificate x509Certificate = f;
        if (x509Certificate != null) {
            return x509Certificate.getPublicKey();
        }
        if (h.d(f.S().g())) {
            e.c("acpsdk.encryptCert.path is empty");
            return null;
        }
        f = a(f8650d);
        return f.getPublicKey();
    }

    public static PublicKey c(String str) {
        if (k.containsKey(str)) {
            return k.get(str).getPublicKey();
        }
        n();
        if (k.containsKey(str)) {
            return k.get(str).getPublicKey();
        }
        e.c("缺少certId=[" + str + "]对应的验签证书.");
        return null;
    }

    private static boolean c(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            e.c("cert must Not null");
            return false;
        }
        X509Certificate e2 = e();
        if (e2 == null) {
            e.c("middleCert must Not null");
            return false;
        }
        X509Certificate f2 = f();
        if (f2 == null) {
            e.c("rootCert or cert must Not null");
            return false;
        }
        try {
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate(x509Certificate);
            HashSet hashSet = new HashSet();
            hashSet.add(new TrustAnchor(f2, null));
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, x509CertSelector);
            HashSet hashSet2 = new HashSet();
            hashSet2.add(f2);
            hashSet2.add(e2);
            hashSet2.add(x509Certificate);
            pKIXBuilderParameters.setRevocationEnabled(false);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(hashSet2), BouncyCastleProvider.PROVIDER_NAME));
            e.d("verify certificate chain succeed.");
            return true;
        } catch (CertPathBuilderException e3) {
            e.a("verify certificate chain fail.", e3);
            return false;
        } catch (Exception e4) {
            e.a("verify certificate chain exception: ", e4);
            return false;
        }
    }

    public static PublicKey d() {
        if (g == null) {
            m();
        }
        return g;
    }

    private static void d(String str, String str2) {
        try {
            l.put(str, a(b(str), str2, "PKCS12"));
            e.d("LoadRsaCert Successful");
        } catch (IOException e2) {
            e.a("LoadRsaCert Error", e2);
        }
    }

    public static X509Certificate e() {
        if (i == null) {
            if (h.d(f.S().t())) {
                e.c("acpsdk.middleCert.path not set in acp_sdk.properties");
                return null;
            }
            j();
        }
        return i;
    }

    public static X509Certificate f() {
        if (j == null) {
            if (h.d(f.S().z())) {
                e.c("acpsdk.rootCert.path not set in acp_sdk.properties");
                return null;
            }
            k();
        }
        return j;
    }

    public static String g() {
        try {
            Enumeration<String> aliases = e.aliases();
            return ((X509Certificate) e.getCertificate(aliases.hasMoreElements() ? aliases.nextElement() : null)).getSerialNumber().toString();
        } catch (Exception e2) {
            e.a("getSignCertId Error", e2);
            return null;
        }
    }

    public static PrivateKey h() {
        try {
            Enumeration<String> aliases = e.aliases();
            return (PrivateKey) e.getKey(aliases.hasMoreElements() ? aliases.nextElement() : null, f.S().D().toCharArray());
        } catch (KeyStoreException e2) {
            e.a("getSignCertPrivateKey Error", e2);
            return null;
        } catch (NoSuchAlgorithmException e3) {
            e.a("getSignCertPrivateKey Error", e3);
            return null;
        } catch (UnrecoverableKeyException e4) {
            e.a("getSignCertPrivateKey Error", e4);
            return null;
        }
    }

    private static void i() {
        e.d("加载敏感信息加密证书==>" + f.S().g());
        if (h.d(f.S().g())) {
            e.d("WARN: acpsdk.encryptCert.path is empty");
        } else {
            f = a(f8650d);
            e.d("Load EncryptCert Successful");
        }
    }

    private static void j() {
        e.d("加载中级证书==>" + f.S().t());
        if (h.d(f.S().t())) {
            e.d("WARN: acpsdk.middle.path is empty");
        } else {
            i = a(f8648b);
            e.d("Load MiddleCert Successful");
        }
    }

    private static void k() {
        e.d("加载根证书==>" + f.S().z());
        if (h.d(f.S().z())) {
            e.d("WARN: acpsdk.rootCert.path is empty");
        } else {
            j = a(f8649c);
            e.d("Load RootCert Successful");
        }
    }

    private static void l() {
        if (!"01".equals(f.S().F())) {
            e.d("非rsa签名方式，不加载签名证书。");
            return;
        }
        if (f.S().C() == null || f.S().D() == null || f.S().E() == null) {
            e.c("WARN: acpsdk.signCert.path或acpsdk.signCert.pwd或acpsdk.signCert.type为空。 停止加载签名证书。");
            return;
        }
        if (e != null) {
            e = null;
        }
        try {
            e = a(f8647a, f.S().D(), f.S().E());
            e.d("InitSignCert Successful. CertId=[" + g() + "]");
        } catch (IOException e2) {
            e.a("InitSignCert Error", e2);
        }
    }

    private static void m() {
        if (h.d(f.S().j()) || h.d(f.S().i())) {
            e.d("WARN: acpsdk.encryptTrackKey.modulus or acpsdk.encryptTrackKey.exponent is empty");
        } else {
            g = b(f.S().j(), f.S().i());
            e.d("LoadEncryptTrackKey Successful");
        }
    }

    private static void n() {
        FileInputStream fileInputStream;
        CertificateException e2;
        FileNotFoundException e3;
        if (!"01".equals(f.S().F())) {
            e.d("非rsa签名方式，不加载验签证书。");
            return;
        }
        k.clear();
        String I = f.S().I();
        e.d("加载验证签名证书目录==>" + I + " 注：如果请求报文中version=5.1.0那么此验签证书目录使用不到，可以不需要设置（version=5.0.0必须设置）。");
        if (h.d(I)) {
            e.c("WARN: acpsdk.validateCert.dir is empty");
            return;
        }
        FileInputStream fileInputStream2 = null;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
            for (File file : new File(I).listFiles(new a())) {
                try {
                    fileInputStream = new FileInputStream(file.getAbsolutePath());
                    try {
                        try {
                            h = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
                            if (h == null) {
                                e.c("Load verify cert error, " + file.getAbsolutePath() + " has error cert content.");
                                try {
                                    fileInputStream.close();
                                } catch (IOException e4) {
                                    e = e4;
                                    e.c(e.toString());
                                    fileInputStream2 = fileInputStream;
                                }
                            } else {
                                k.put(h.getSerialNumber().toString(), h);
                                e.d("[" + file.getAbsolutePath() + "][CertId=" + h.getSerialNumber().toString() + "]");
                                fileInputStream.close();
                            }
                        } catch (Throwable th) {
                            th = th;
                            if (fileInputStream != null) {
                                try {
                                    fileInputStream.close();
                                } catch (IOException e5) {
                                    e.c(e5.toString());
                                }
                            }
                            throw th;
                        }
                    } catch (FileNotFoundException e6) {
                        e3 = e6;
                        e.a("LoadVerifyCert Error File Not Found", e3);
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e7) {
                                e = e7;
                                e.c(e.toString());
                                fileInputStream2 = fileInputStream;
                            }
                        }
                        fileInputStream2 = fileInputStream;
                    } catch (CertificateException e8) {
                        e2 = e8;
                        e.a("LoadVerifyCert Error", e2);
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e9) {
                                e = e9;
                                e.c(e.toString());
                                fileInputStream2 = fileInputStream;
                            }
                        }
                        fileInputStream2 = fileInputStream;
                    }
                } catch (FileNotFoundException e10) {
                    fileInputStream = fileInputStream2;
                    e3 = e10;
                } catch (CertificateException e11) {
                    fileInputStream = fileInputStream2;
                    e2 = e11;
                } catch (Throwable th2) {
                    th = th2;
                    fileInputStream = fileInputStream2;
                }
                fileInputStream2 = fileInputStream;
            }
            e.d("LoadVerifyCert Finish");
        } catch (NoSuchProviderException e12) {
            e.a("LoadVerifyCert Error: No BC Provider", e12);
        } catch (CertificateException e13) {
            e.a("LoadVerifyCert Error", e13);
        }
    }

    private static void o() {
        e.d("Providers List:");
        Provider[] providers = Security.getProviders();
        int i2 = 0;
        while (i2 < providers.length) {
            StringBuilder sb = new StringBuilder();
            int i3 = i2 + 1;
            sb.append(i3);
            sb.append(g.j);
            sb.append(providers[i2].getName());
            e.d(sb.toString());
            i2 = i3;
        }
    }

    private static void p() {
        e.d("================= SYS INFO begin====================");
        e.d("os_name:" + System.getProperty("os.name"));
        e.d("os_arch:" + System.getProperty("os.arch"));
        e.d("os_version:" + System.getProperty("os.version"));
        e.d("java_vm_specification_version:" + System.getProperty("java.vm.specification.version"));
        e.d("java_vm_specification_vendor:" + System.getProperty("java.vm.specification.vendor"));
        e.d("java_vm_specification_name:" + System.getProperty("java.vm.specification.name"));
        e.d("java_vm_version:" + System.getProperty("java.vm.version"));
        e.d("java_vm_name:" + System.getProperty("java.vm.name"));
        e.d("java.version:" + System.getProperty("java.version"));
        e.d("java.vm.vendor=[" + System.getProperty("java.vm.vendor") + "]");
        e.d("java.version=[" + System.getProperty("java.version") + "]");
        o();
        e.d("================= SYS INFO end=====================");
    }

    public static void q() {
        f = null;
    }
}
