package com.lsy.baselib.crypto.processor;

import com.lsy.baselib.crypto.exception.ECCryptoProcessorException;
import com.lsy.baselib.crypto.exception.PKCS7SignatureException;
import com.lsy.baselib.crypto.exception.TrustManagerException;
import com.lsy.baselib.crypto.manager.TrustManager;
import com.lsy.baselib.crypto.protocol.PKCS7Signature;
import com.lsy.baselib.crypto.util.Base64;
import com.lsy.baselib.crypto.util.CryptUtil;
import com.lsy.baselib.crypto.util.FileUtil;
import java.io.File;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;

/* loaded from: input_file:com/lsy/baselib/crypto/processor/ECCryptoProcessor.class */
public class ECCryptoProcessor {
    public static final String SERVER_PRIVATE_KEY_FILE_NAME = "ecserver.key";
    public static final String SERVER_PRIVATE_KEY_PASSWORD_FILE_NAME = "ecserver.pwd";
    public static final String SERVER_CERTIFICATE_REQUEST_FILE_NAME = "ecserver.csq";
    public static final String SERVER_CERTIFICATE_FILE_NAME = "ecserver.cer";
    public static final String SERVER_CERTIFICATE_PFX_FILE_NAME = "ecserver.pfx";
    public static final String SERVER_PRIVATE_KEY_STORE_PASSWORD = "cncbpwd";
    public static final String SERVER_PRIVATE_KEY_STORE_ALIAS = "ecserver";
    public static final String CLIENT_PRIVATE_KEY_FILE_NAME = "ecclient.key";
    public static final String CLIENT_PRIVATE_KEY_PASSWORD_FILE_NAME = "ecclient.pwd";
    public static final String CLIENT_CERTIFICATE_REQUEST_FILE_NAME = "ecclient.csq";
    public static final String CLIENT_CERTIFICATE_FILE_NAME = "ecclient.cer";
    public static final String CLIENT_CERTIFICATE_PFX_FILE_NAME = "ecclient.pfx";
    public static final String CLIENT_PRIVATE_KEY_STORE_PASSWORD = "cncbpwd";
    public static final String CLIENT_PRIVATE_KEY_STORE_ALIAS = "ecclient";
    public static final String CLIENT_CERTIFICATE_PFX_ENCODE_BASE64 = "BASE64";
    public static final String CLIENT_CERTIFICATE_PFX_ENCODE_DER = "DER";
    private TrustManager manager;
    private PrivateKey signerPrivatekey = null;
    private X509Certificate signerCertificate = null;
    private char[] keyPassword = null;

    public ECCryptoProcessor() {
        this.manager = null;
        this.manager = TrustManager.getInstance();
    }

    public void setSignerPrivatekey(byte[] bArr, String str) throws ECCryptoProcessorException {
        try {
            this.signerPrivatekey = CryptUtil.decryptPrivateKey(Base64.decode(bArr), str.toCharArray());
        } catch (Exception e) {
            throw new ECCryptoProcessorException("设置签名私钥失败", e);
        }
    }

    public void setPrivatekeyPassword(String str) throws ECCryptoProcessorException {
        if (str == null) {
            throw new ECCryptoProcessorException("设置私钥解密密码失败");
        }
        this.keyPassword = str.toCharArray();
    }

    public void setSignerCertificate(byte[] bArr) throws ECCryptoProcessorException {
        try {
            this.signerCertificate = CryptUtil.generateX509Certificate(Base64.decode(bArr));
        } catch (Exception e) {
            throw new ECCryptoProcessorException("设置签名证书失败", e);
        }
    }

    public void addTrustedCertificate(byte[] bArr) throws ECCryptoProcessorException {
        try {
            this.manager.addTrustedCertificate(bArr);
        } catch (TrustManagerException e) {
            throw new ECCryptoProcessorException("添加信任证书失败", e);
        }
    }

    public void setCertificateDirectory(String str) throws ECCryptoProcessorException {
        if (str == null || "".equals(str)) {
            throw new ECCryptoProcessorException("无效的证书目录参数");
        }
        try {
            if (this.keyPassword == null) {
                this.keyPassword = new String(FileUtil.read4file(String.valueOf(str) + File.separator + "ecserver.pwd")).toCharArray();
            }
            this.signerPrivatekey = CryptUtil.decryptPrivateKey(Base64.decode(FileUtil.read4file(String.valueOf(str) + File.separator + "ecserver.key")), this.keyPassword);
            for (int i = 0; i < this.keyPassword.length; i++) {
                this.keyPassword[0] = 0;
            }
        } catch (Exception e) {
            System.err.println("读取签名私钥失败");
            e.printStackTrace();
        }
        try {
            this.signerCertificate = CryptUtil.generateX509Certificate(Base64.decode(FileUtil.read4file(String.valueOf(str) + File.separator + "ecserver.cer")));
        } catch (Exception e2) {
            System.err.println("读取签名证书失败");
            e2.printStackTrace();
        }
        try {
            this.manager.addTrustedDirectory(str);
        } catch (Exception e3) {
            System.err.println("读取信任证书链失败");
            e3.printStackTrace();
        }
    }

    public byte[] sign(byte[] bArr) throws ECCryptoProcessorException {
        try {
            return Base64.encode(PKCS7Signature.sign(bArr, this.signerPrivatekey, this.signerCertificate, new X509Certificate[]{this.signerCertificate}, true));
        } catch (PKCS7SignatureException e) {
            throw new ECCryptoProcessorException("订单签名失败", e);
        }
    }

    public byte[] verify(byte[] bArr) throws ECCryptoProcessorException {
        byte[] bArr2 = (byte[]) null;
        try {
            PKCS7Signature.verifyAttachedSignature(Base64.decode(bArr), null);
            try {
                this.manager.verify(PKCS7Signature.getSingerCertificate(Base64.decode(bArr)));
                return bArr2;
            } catch (Exception e) {
                throw new ECCryptoProcessorException("无效的订单签名证书", e);
            }
        } catch (PKCS7SignatureException e2) {
            throw new ECCryptoProcessorException("无效的订单签名", e2);
        }
    }

    public byte[] getOrderMessage(byte[] bArr) throws ECCryptoProcessorException {
        try {
            return PKCS7Signature.getSourceMessage(Base64.decode(bArr));
        } catch (PKCS7SignatureException e) {
            throw new ECCryptoProcessorException("从订单签名中获取订单原文失败", e);
        }
    }

    public X509Certificate getSignerCertificate(byte[] bArr) throws ECCryptoProcessorException {
        try {
            return PKCS7Signature.getSingerCertificate(Base64.decode(bArr));
        } catch (PKCS7SignatureException e) {
            throw new ECCryptoProcessorException("从订单签名中获取签名证书失败", e);
        }
    }
}
