package com.citicbank.baselib.crypto.processor;

import com.citicbank.baselib.crypto.exception.EBCryptoProcessorException;
import com.citicbank.baselib.crypto.exception.PKCS7SignatureException;
import com.citicbank.baselib.crypto.exception.TrustManagerException;
import com.citicbank.baselib.crypto.manager.TrustManager;
import com.citicbank.baselib.crypto.protocol.PKCS7Signature;
import com.citicbank.baselib.crypto.util.Base64;
import com.citicbank.baselib.crypto.util.CryptUtil;
import com.citicbank.baselib.crypto.util.FileUtil;
import java.io.File;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;

/* loaded from: input_file:com/citicbank/baselib/crypto/processor/EBCryptoProcessor.class */
public class EBCryptoProcessor {
    public static final String SERVER_PRIVATE_KEY_FILE_NAME = "ecserver.key";
    public static final String SERVER_PRIVATE_KEY_PASSWORD_FILE_NAME = "ecserver.pwd";
    public static final String SERVER_CERTIFICATE_REQUEST_FILE_NAME = "ecserver.csq";
    public static final String SERVER_CERTIFICATE_FILE_NAME = "ecserver.cer";
    public static final String SERVER_CERTIFICATE_PFX_FILE_NAME = "ecserver.pfx";
    public static final String SERVER_PRIVATE_KEY_STORE_PASSWORD = "cncbpwd";
    public static final String SERVER_PRIVATE_KEY_STORE_ALIAS = "ecserver";
    public static final String CLIENT_PRIVATE_KEY_FILE_NAME = "ecclient.key";
    public static final String CLIENT_PRIVATE_KEY_PASSWORD_FILE_NAME = "ecclient.pwd";
    public static final String CLIENT_CERTIFICATE_REQUEST_FILE_NAME = "ecclient.csq";
    public static final String CLIENT_CERTIFICATE_FILE_NAME = "ecclient.cer";
    public static final String CLIENT_CERTIFICATE_PFX_FILE_NAME = "ecclient.pfx";
    public static final String CLIENT_PRIVATE_KEY_STORE_PASSWORD = "cncbpwd";
    public static final String CLIENT_PRIVATE_KEY_STORE_ALIAS = "ecclient";
    public static final String CLIENT_CERTIFICATE_PFX_ENCODE_BASE64 = "BASE64";
    public static final String CLIENT_CERTIFICATE_PFX_ENCODE_DER = "DER";
    private TrustManager manager;
    private PrivateKey signerPrivatekey = null;
    private X509Certificate signerCertificate = null;
    private char[] keyPassword = null;

    public EBCryptoProcessor() {
        this.manager = null;
        this.manager = TrustManager.getInstance();
    }

    public void setSignerPrivatekey(byte[] bArr, String str) throws EBCryptoProcessorException {
        try {
            this.signerPrivatekey = CryptUtil.decryptPrivateKey(Base64.decode(bArr), str.toCharArray());
        } catch (Exception e) {
            throw new EBCryptoProcessorException("设置签名私钥失败", e);
        }
    }

    public void setPrivatekeyPassword(String str) throws EBCryptoProcessorException {
        if (str == null) {
            throw new EBCryptoProcessorException("设置私钥解密密码失败");
        }
        this.keyPassword = str.toCharArray();
    }

    public void setSignerCertificate(byte[] bArr) throws EBCryptoProcessorException {
        try {
            this.signerCertificate = CryptUtil.generateX509Certificate(Base64.decode(bArr));
        } catch (Exception e) {
            throw new EBCryptoProcessorException("设置签名证书失败", e);
        }
    }

    public void addTrustedCertificate(byte[] bArr) throws EBCryptoProcessorException {
        try {
            this.manager.addTrustedCertificate(bArr);
        } catch (TrustManagerException e) {
            throw new EBCryptoProcessorException("添加信任证书失败", e);
        }
    }

    public void setCertificateDirectory(String str) throws EBCryptoProcessorException {
        if (str == null || "".equals(str)) {
            throw new EBCryptoProcessorException("无效的证书目录参数");
        }
        try {
            if (this.keyPassword == null) {
                this.keyPassword = new String(FileUtil.read4file(str + File.separator + "ecserver.pwd")).toCharArray();
            }
            this.signerPrivatekey = CryptUtil.decryptPrivateKey(Base64.decode(FileUtil.read4file(str + File.separator + "ecserver.key")), this.keyPassword);
            for (int i = 0; i < this.keyPassword.length; i++) {
                this.keyPassword[0] = 0;
            }
        } catch (Exception e) {
            System.err.println("读取签名私钥失败");
            e.printStackTrace();
        }
        try {
            this.signerCertificate = CryptUtil.generateX509Certificate(Base64.decode(FileUtil.read4file(str + File.separator + "ecserver.cer")));
        } catch (Exception e2) {
            System.err.println("读取签名证书失败");
            e2.printStackTrace();
        }
        try {
            this.manager.addTrustedDirectory(str);
        } catch (Exception e3) {
            System.err.println("读取信任证书链失败");
            e3.printStackTrace();
        }
    }

    public byte[] sign(byte[] bArr, boolean z, boolean z2) throws EBCryptoProcessorException {
        try {
            return Base64.encode(z ? z2 ? PKCS7Signature.sign(bArr, this.signerPrivatekey, this.signerCertificate, new X509Certificate[]{this.signerCertificate}, true) : PKCS7Signature.sign(bArr, this.signerPrivatekey, this.signerCertificate, new X509Certificate[]{this.signerCertificate}, false) : z2 ? PKCS7Signature.sign(bArr, this.signerPrivatekey, this.signerCertificate, null, true) : PKCS7Signature.sign(bArr, this.signerPrivatekey, this.signerCertificate, null, false));
        } catch (PKCS7SignatureException e) {
            throw new EBCryptoProcessorException("订单签名失败", e);
        }
    }

    public byte[] verify(byte[] bArr, byte[] bArr2, byte[] bArr3) throws EBCryptoProcessorException {
        PublicKey publicKey = null;
        if (bArr3 != null) {
            try {
                publicKey = CryptUtil.generateX509Certificate(Base64.decode(bArr3)).getPublicKey();
            } catch (Exception e) {
                throw new EBCryptoProcessorException("无效的验证证书", e);
            }
        }
        try {
            if (bArr2 == null) {
                if (bArr3 == null) {
                    PKCS7Signature.verifyAttachedSignature(Base64.decode(bArr), null);
                } else {
                    PKCS7Signature.verifyAttachedSignature(Base64.decode(bArr), publicKey);
                }
            } else if (bArr3 == null) {
                PKCS7Signature.verifyDetachedSignature(bArr2, Base64.decode(bArr), (byte[]) null);
            } else {
                PKCS7Signature.verifyDetachedSignature(bArr2, Base64.decode(bArr), publicKey);
            }
            if (bArr3 == null) {
                try {
                    this.manager.verify(PKCS7Signature.getSingerCertificate(Base64.decode(bArr)));
                } catch (Exception e2) {
                    throw new EBCryptoProcessorException("无效的订单签名证书", e2);
                }
            }
            return null;
        } catch (Exception e3) {
            throw new EBCryptoProcessorException("无效的订单签名", e3);
        }
    }

    public byte[] getOrderMessage(byte[] bArr) throws EBCryptoProcessorException {
        try {
            return PKCS7Signature.getSourceMessage(Base64.decode(bArr));
        } catch (PKCS7SignatureException e) {
            throw new EBCryptoProcessorException("从订单签名中获取订单原文失败", e);
        }
    }

    public X509Certificate getSignerCertificate(byte[] bArr) throws EBCryptoProcessorException {
        try {
            return PKCS7Signature.getSingerCertificate(Base64.decode(bArr));
        } catch (PKCS7SignatureException e) {
            throw new EBCryptoProcessorException("从订单签名中获取签名证书失败", e);
        }
    }

    public static void main(String[] strArr) throws Exception {
        try {
            Date date = new Date();
            EBCryptoProcessor eBCryptoProcessor = new EBCryptoProcessor();
            System.out.println("【" + new Date(new Date().getTime() - date.getTime()).getTime() + " ms】");
            eBCryptoProcessor.setSignerCertificate("MIIDrDCCAxWgAwIBAgIQE/tf6esqTcS2jfVMlOzz4DANBgkqhkiG9w0BAQUFADAkMQswCQYDVQQGEwJDTjEVMBMGA1UEChMMQ0ZDQSBURVNUIENBMB4XDTA5MDUyMTAwMjIwMVoXDTEwMDUyMTAwMjIwMVowfTELMAkGA1UEBhMCQ04xFTATBgNVBAoTDENGQ0EgVEVTVCBDQTENMAsGA1UECxMEdGNjYjEUMBIGA1UECxMLRW50ZXJwcmlzZXMxMjAwBgNVBAMUKTA0MUAwMzUwNTgyMTk3OTA1MzEyMDExQGVjY2xpZW50QDAwMDAwMDE4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDNlCOg097j3E/V7LHqtkKhs2FH8EHTz2mZPLw+wJnhg+DudOyermP9yeqe29uXwfLQgkT8NSNf82AnXEUGQP/nYvIXj8hbtIhtjB+XLdaoRwZoCQxyFFxiueTztx0JQFKiLFCMv3YuHaep6ymwawNC3nfZpUSebGAdUt5UwC6sQIDAQABo4IBhDCCAYAwHwYDVR0jBBgwFoAURnLcJXKfAk5Vg7WA+Qvb6ZOz9EUwHQYDVR0OBBYEFP8Lm9Whc3ALnXIyuJZqmSYWAVkDMAsGA1UdDwQEAwIFoDAMBgNVHRMEBTADAQEAMDsGA1UdJQQ0MDIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCDCB5QYDVR0fBIHdMIHaME6gTKBKpEgwRjELMAkGA1UEBhMCQ04xFTATBgNVBAoTDENGQ0EgVEVTVCBDQTEMMAoGA1UECxMDQ1JMMRIwEAYDVQQDEwljcmwxMjdfNDEwgYeggYSggYGGf2xkYXA6Ly8yMTAuNzQuNDEuODc6Mzg5L0NOPWNybDEyN180MSxPVT1DUkwsTz1DRkNBIFRFU1QgQ0EsQz1DTj9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Y2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwDQYJKoZIhvcNAQEFBQADgYEAb3W+O3FA9tckuzcLSX6vJTN7rYlPWB/nOkR0Svs56GaU4YaW2MQzIMCiwS0SCR3dyRMtVAMMa39n8IiJYCW34j5oPtk0Gh6kXslcNu/OCMR/+o7M9YDCw95IMm2nNa+/6q2otL51CNZzuurx878trIZGMOWZ3fovn1SAf4I4dV8=".getBytes());
            eBCryptoProcessor.setSignerPrivatekey("A1JTQY0y/p3ns1bYN0lYRhs3SJfwvzljJRMy0RxGmJup05Rimy/ijMZ8GahHF/a0pZaG/PcfONODA836mAbLqg1AjrlTOHucoOzFXvQ3m11yvJ9+v17P45w8sMBeaatBdBqJ6x12+X+Nk9Vqi5hPBsup+Qdaz886SkprdeknvqR+MsBVp8tE65okUnGG9fB2b7exd/hVFNQSPA1a4tS5GPCdR/leITpA8W1ojlSWgU9blJWnHMZ4snHRyC1qowMJg8c+4twRKsSPXmwsqkJ6vTUPixdYFYKZ28rrMFVtFGt2lC3FDPo93A5SkdS3JszyK4B90VVRi0FJmLB/XzCMwn2UImdSlG3SaRHEmFm++3RSTkfpllG+OmNxFoih5phcf0XLHn2QdwqTYtVXjJNH3X4RlcMrWPBNS7UVQVv6EZhXd5xOrNvmAW3BC/7R13SKPUY0TzJcg4OeU2Lba0gzivKodA8my1/NXCeM6avmPFdf72SwwpG0/v5FiTxsJ81vPQ5jXOg4fkiMBrPGd/EPqCUf7/CMDVJwIzH3v9AzEhSbJCCxFAgTEFmE98iDsz7J7LbzRPvdr7VkOdipzGYD+tIrzSwzsKpbGNa9yOypv3VNhb0VaB8I0XHAyKBlqWAIEAw3t2s+BZcwzRp3ZdlnJLOi5N6ezt33Va0xqWqOBjNjTEDf61CFkOWeuUX2QdEYIhv9W81Pl7Dq+25s674FgWLNOO2abvXo3fKgn0M5XPq1T2RxFYeHCYhMh4j+UIci7FBz5ZhXN+EG2AFz/GL45OIFXYPgsmMxP0O+CU48tVokaD/x0P9/dxQQ2Fn6tWEpRGO207C2ZA4M3W7DCZ1Tlerc47ONVARi6AU19g==".getBytes(), "jsfhfP7");
            System.out.println("【" + new Date(new Date().getTime() - date.getTime()).getTime() + " ms】");
            System.out.println("hello, 世界!");
            byte[] sign = eBCryptoProcessor.sign("hello, 世界!".getBytes(), false, true);
            System.out.println("【" + new Date(new Date().getTime() - date.getTime()).getTime() + " ms】");
            System.out.println("signed messge size:" + sign.length);
            System.out.println("signed messge:\n" + new String(sign));
            eBCryptoProcessor.addTrustedCertificate("MIICezCCAeSgAwIBAgIEPPyMXjANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJDTjERMA8GA1UEChMIQ0ZDQSBSQ0EwHhcNMDQwODEwMDgzNjM3WhcNMTQwNzI1MTYwMDAwWjAkMQswCQYDVQQGEwJDTjEVMBMGA1UEChMMQ0ZDQSBURVNUIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYrs50M7hq8y0LzFjfN3UPQzGiBg1kLinPqJcSx7oRXey15WpLLMLthcfp9Gn/7uXmtNL6athr91YXzrB3Rcp53U3zqScGE9h2ktFQ3SNdZP6c/VSQ+27pAVxWRUC+F6pmUsno+jd1mftYjhKRV8yvCRpSV6HDzhLK83xbkoCfiQIDAQABo4G9MIG6MEIGA1UdHwQ7MDkwN6A1oDOkMTAvMQswCQYDVQQGEwJDTjERMA8GA1UEChMIQ0ZDQSBSQ0ExDTALBgNVBAMTBENSTDEwCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFACaNPJR+VMUYXRucqEG3seBcBu8MB0GA1UdDgQWBBRGctwlcp8CTlWDtYD5C9vpk7P0RTAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY2LjADAgSQMA0GCSqGSIb3DQEBBQUAA4GBAJ69l0Y1K+ayEvojzBHfzozMf0a0aQMaEbiil+RJQ8lvwWHZOeaRTcJOxyiPoQ5DZqhEusXavFPX4J/mE3H5PCnV5tF7tSO7vEguhs8m2IXxrOZCpKmCJVevNdV9x0m9eD629NVJGf683raMx39Ft4HQFaLT+EXbnSAWvYemPyOW".getBytes());
            eBCryptoProcessor.verify(sign, null, "MIIDrDCCAxWgAwIBAgIQE/tf6esqTcS2jfVMlOzz4DANBgkqhkiG9w0BAQUFADAkMQswCQYDVQQGEwJDTjEVMBMGA1UEChMMQ0ZDQSBURVNUIENBMB4XDTA5MDUyMTAwMjIwMVoXDTEwMDUyMTAwMjIwMVowfTELMAkGA1UEBhMCQ04xFTATBgNVBAoTDENGQ0EgVEVTVCBDQTENMAsGA1UECxMEdGNjYjEUMBIGA1UECxMLRW50ZXJwcmlzZXMxMjAwBgNVBAMUKTA0MUAwMzUwNTgyMTk3OTA1MzEyMDExQGVjY2xpZW50QDAwMDAwMDE4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDNlCOg097j3E/V7LHqtkKhs2FH8EHTz2mZPLw+wJnhg+DudOyermP9yeqe29uXwfLQgkT8NSNf82AnXEUGQP/nYvIXj8hbtIhtjB+XLdaoRwZoCQxyFFxiueTztx0JQFKiLFCMv3YuHaep6ymwawNC3nfZpUSebGAdUt5UwC6sQIDAQABo4IBhDCCAYAwHwYDVR0jBBgwFoAURnLcJXKfAk5Vg7WA+Qvb6ZOz9EUwHQYDVR0OBBYEFP8Lm9Whc3ALnXIyuJZqmSYWAVkDMAsGA1UdDwQEAwIFoDAMBgNVHRMEBTADAQEAMDsGA1UdJQQ0MDIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCDCB5QYDVR0fBIHdMIHaME6gTKBKpEgwRjELMAkGA1UEBhMCQ04xFTATBgNVBAoTDENGQ0EgVEVTVCBDQTEMMAoGA1UECxMDQ1JMMRIwEAYDVQQDEwljcmwxMjdfNDEwgYeggYSggYGGf2xkYXA6Ly8yMTAuNzQuNDEuODc6Mzg5L0NOPWNybDEyN180MSxPVT1DUkwsTz1DRkNBIFRFU1QgQ0EsQz1DTj9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Y2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwDQYJKoZIhvcNAQEFBQADgYEAb3W+O3FA9tckuzcLSX6vJTN7rYlPWB/nOkR0Svs56GaU4YaW2MQzIMCiwS0SCR3dyRMtVAMMa39n8IiJYCW34j5oPtk0Gh6kXslcNu/OCMR/+o7M9YDCw95IMm2nNa+/6q2otL51CNZzuurx878trIZGMOWZ3fovn1SAf4I4dV8=".getBytes());
            System.out.println("verify signed messge ok");
            System.out.println("source messge:\n" + new String(eBCryptoProcessor.getOrderMessage(sign)));
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}
