package com.chinapay.secss;

import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Properties;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes.dex */
public class CertUtil {
    private static KeyStore keyStore;
    private static PrivateKey priKey;
    private static PublicKey pubKey;
    private static String signCertId;
    private static X509Certificate verifyCert;

    public static KeyStore getKeyStore(String str, String str2, String str3) throws SecurityException, Exception {
        KeyStore keyStore2;
        try {
            if ("JKS".equals(str3)) {
                keyStore2 = KeyStore.getInstance(str3, "SUN");
            } else {
                if (!"PKCS12".equals(str3)) {
                    throw new SecurityException(SecssConstants.SIGN_CERT_TYPE_ERROR);
                }
                Security.addProvider(new BouncyCastleProvider());
                keyStore2 = KeyStore.getInstance(str3);
            }
            FileInputStream fileInputStream = new FileInputStream(str);
            keyStore2.load(fileInputStream, SecssUtil.isEmpty(str2) ? null : str2.toCharArray());
            fileInputStream.close();
            return keyStore2;
        } catch (SecurityException e) {
            throw e;
        } catch (Exception e2) {
            e2.printStackTrace();
            if ((e2 instanceof KeyStoreException) && "PKCS12".equals(str3)) {
                Security.removeProvider("BC");
            }
            throw e2;
        }
    }

    public static PrivateKey getPriKey() throws SecurityException {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            priKey = (PrivateKey) keyStore.getKey(aliases.hasMoreElements() ? aliases.nextElement() : null, SecssConfig.getConfig().getSignFilePwd().toCharArray());
            return priKey;
        } catch (Exception e) {
            e.printStackTrace();
            throw new SecurityException(SecssConstants.GET_PRI_KEY_ERROR);
        }
    }

    public static PublicKey getPubKey() {
        if (pubKey != null) {
            return pubKey;
        }
        if (verifyCert == null) {
            return null;
        }
        pubKey = verifyCert.getPublicKey();
        return pubKey;
    }

    public static String getSignCertId() throws SecurityException {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            signCertId = ((X509Certificate) keyStore.getCertificate(aliases.hasMoreElements() ? aliases.nextElement() : null)).getSerialNumber().toString();
            return signCertId;
        } catch (Exception e) {
            e.printStackTrace();
            throw new SecurityException(SecssConstants.GET_CERT_ID_ERROR);
        }
    }

    public static void init() throws SecurityException {
        SecssConfig.defaultInit();
        initSignCert();
        initVerifyCert();
    }

    public static void init(Properties properties) throws SecurityException {
        SecssConfig.specifyInit(properties);
        initSignCert();
        initVerifyCert();
    }

    public static void initSignCert() throws SecurityException {
        try {
            String signFile = SecssConfig.getConfig().getSignFile();
            if (SecssUtil.isEmpty(signFile)) {
                throw new SecurityException(SecssConstants.SIGN_CERT_ERROR);
            }
            String signFilePwd = SecssConfig.getConfig().getSignFilePwd();
            if (SecssUtil.isEmpty(signFilePwd)) {
                throw new SecurityException(SecssConstants.SIGN_CERT_PWD_ERROR);
            }
            String signCertType = SecssConfig.getConfig().getSignCertType();
            if (SecssUtil.isEmpty(signCertType)) {
                throw new SecurityException(SecssConstants.SIGN_CERT_TYPE_ERROR);
            }
            keyStore = getKeyStore(signFile, signFilePwd, signCertType);
        } catch (SecurityException e) {
            throw e;
        } catch (Exception e2) {
            throw new SecurityException(SecssConstants.INIT_SIGN_CERT_ERROR);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:44:0x0050 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void initVerifyCert() throws com.chinapay.secss.SecurityException {
        /*
            com.chinapay.secss.SecssConfig r6 = com.chinapay.secss.SecssConfig.getConfig()
            java.lang.String r5 = r6.getVerifyFile()
            boolean r6 = com.chinapay.secss.SecssUtil.isEmpty(r5)
            if (r6 == 0) goto L16
            com.chinapay.secss.SecurityException r6 = new com.chinapay.secss.SecurityException
            java.lang.String r7 = com.chinapay.secss.SecssConstants.VERIFY_CERT_ERROR
            r6.<init>(r7)
            throw r6
        L16:
            r0 = 0
            r3 = 0
            java.lang.String r6 = "X.509"
            java.security.cert.CertificateFactory r0 = java.security.cert.CertificateFactory.getInstance(r6)     // Catch: java.lang.Throwable -> L4d java.lang.Exception -> L66
            java.io.FileInputStream r4 = new java.io.FileInputStream     // Catch: java.lang.Throwable -> L4d java.lang.Exception -> L66
            r4.<init>(r5)     // Catch: java.lang.Throwable -> L4d java.lang.Exception -> L66
            java.security.cert.Certificate r6 = r0.generateCertificate(r4)     // Catch: java.lang.Exception -> L3b java.lang.Throwable -> L63
            java.security.cert.X509Certificate r6 = (java.security.cert.X509Certificate) r6     // Catch: java.lang.Exception -> L3b java.lang.Throwable -> L63
            com.chinapay.secss.CertUtil.verifyCert = r6     // Catch: java.lang.Exception -> L3b java.lang.Throwable -> L63
            if (r4 == 0) goto L30
            r4.close()     // Catch: java.io.IOException -> L36 java.lang.Exception -> L3b java.lang.Throwable -> L63
        L30:
            if (r4 == 0) goto L35
            r4.close()     // Catch: java.io.IOException -> L5e
        L35:
            return
        L36:
            r1 = move-exception
            r1.printStackTrace()     // Catch: java.lang.Exception -> L3b java.lang.Throwable -> L63
            goto L30
        L3b:
            r1 = move-exception
            r3 = r4
        L3d:
            r1.printStackTrace()     // Catch: java.lang.Throwable -> L4d
            if (r3 == 0) goto L45
            r3.close()     // Catch: java.lang.Throwable -> L4d java.io.IOException -> L54
        L45:
            com.chinapay.secss.SecurityException r6 = new com.chinapay.secss.SecurityException     // Catch: java.lang.Throwable -> L4d
            java.lang.String r7 = com.chinapay.secss.SecssConstants.INIT_VERIFY_CERT_ERROR     // Catch: java.lang.Throwable -> L4d
            r6.<init>(r7)     // Catch: java.lang.Throwable -> L4d
            throw r6     // Catch: java.lang.Throwable -> L4d
        L4d:
            r6 = move-exception
        L4e:
            if (r3 == 0) goto L53
            r3.close()     // Catch: java.io.IOException -> L59
        L53:
            throw r6
        L54:
            r2 = move-exception
            r2.printStackTrace()     // Catch: java.lang.Throwable -> L4d
            goto L45
        L59:
            r1 = move-exception
            r1.printStackTrace()
            goto L53
        L5e:
            r1 = move-exception
            r1.printStackTrace()
            goto L35
        L63:
            r6 = move-exception
            r3 = r4
            goto L4e
        L66:
            r1 = move-exception
            goto L3d
        */
        throw new UnsupportedOperationException("Method not decompiled: com.chinapay.secss.CertUtil.initVerifyCert():void");
    }

    public static void reloadSignCert(String str, String str2) throws SecurityException {
        try {
            String signCertType = SecssConfig.getConfig().getSignCertType();
            if (SecssUtil.isEmpty(signCertType)) {
                throw new SecurityException(SecssConstants.SIGN_CERT_TYPE_ERROR);
            }
            keyStore = getKeyStore(str, str2, signCertType);
        } catch (SecurityException e) {
            throw e;
        } catch (Exception e2) {
            throw new SecurityException(SecssConstants.RELOADSC_GOES_WRONG);
        }
    }
}
