package com.itrus.util.sign;

import com.itrus.cert.X509Certificate;
import com.itrus.cryptorole.CryptoException;
import com.itrus.cryptorole.NotSupportException;
import com.itrus.cryptorole.Recipient;
import com.itrus.cryptorole.bc.RecipientBcImpl;
import com.itrus.cryptorole.bc.SenderBcImpl;
import com.itrus.svm.SignerAndEncryptedDigest;
import com.itrus.util.DERUtils;
import com.itrus.util.FileUtils;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.cert.CertificateException;
import org.bouncycastle.jce.provider.X509CertificateObject;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:com/itrus/util/sign/RSAWithHardware.class */
public class RSAWithHardware {
    private SenderBcImpl signSenderBc;
    private SenderBcImpl encryptSenderBc;
    private Recipient decryptrecipient;
    private String DINPAY_CN = "E=tsm@ddbill.com, CN=DINPAY001, OU=技术部, O=智付电子支付有限公司";
    private static File versionFile = new File(String.valueOf(RSAWithHardware.class.getClassLoader().getResource("").getPath()) + "/dinpayRSAKeyVersion");
    private static String DINPAY_KEY_VERSION;

    public void initSigner(String str, String str2) throws Exception {
        this.signSenderBc = new SenderBcImpl();
        this.signSenderBc.initCertWithKey(str, str2.toCharArray());
        this.signSenderBc.setSignAlgorithm("SHA1WithRSA");
        if (versionFile.exists()) {
            DINPAY_KEY_VERSION = new BufferedReader(new FileReader(versionFile)).readLine();
        } else {
            versionFile.createNewFile();
        }
    }

    public void initEncrypter(String str) throws IOException, CertificateException {
        X509CertificateObject x509Certificate = X509Certificate.getInstance(new String(Base64.encode(FileUtils.readBytesFromFile(str))).replace("\n", ""));
        this.encryptSenderBc = new SenderBcImpl();
        this.encryptSenderBc.addRecipientCert(x509Certificate);
    }

    public void initDecrypter(String str, String str2) throws NotSupportException, CryptoException {
        this.decryptrecipient = new RecipientBcImpl();
        this.decryptrecipient.initCertWithKey(str, str2.toCharArray());
    }

    public String signByPriKey(String str) {
        try {
            return new String(Base64.encode(this.signSenderBc.signMessage(DERUtils.BytesToHexString(str.getBytes("UTF-8")).getBytes("UTF-8"))));
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public boolean validateSignByPubKey(String str, String str2, String str3) {
        try {
            SignerAndEncryptedDigest verifyAndParsePkcs7 = new RecipientBcImpl().verifyAndParsePkcs7(DERUtils.BytesToHexString(str2.getBytes("UTF-8")).getBytes("UTF-8"), Base64.decode(str3));
            X509Certificate x509Certificate = X509Certificate.getInstance((java.security.cert.X509Certificate) verifyAndParsePkcs7.getSigner());
            DERUtils.HexStringToBytes(new String(verifyAndParsePkcs7.getOriData()));
            String subjectDNString = x509Certificate.getSubjectDNString();
            if (!subjectDNString.startsWith(this.DINPAY_CN)) {
                throw new RuntimeException("validate sign failed:this message is not sended from dinpay.");
            }
            checkDinpayKeyVersion(subjectDNString);
            String name = this.signSenderBc.getSignerCert().getSubjectX500Principal().getName();
            String substring = name.substring(name.indexOf("CN=") + 3);
            if (substring.contains(",")) {
                substring = substring.substring(0, substring.indexOf(","));
            }
            if (str.equals(substring)) {
                return true;
            }
            throw new RuntimeException("validate sign failed:merchant_code is not equal.merchant_code in pfx is " + substring + ",but merchant_code in params is " + str);
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    public String encryptByPubKey(String str) {
        try {
            return new String(Base64.encode(this.encryptSenderBc.encryptMessage(str.getBytes("UTF-8"))), "utf-8");
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public String decryptByPrikey(String str) throws UnsupportedEncodingException, NotSupportException, CryptoException {
        return new String(this.decryptrecipient.decryptMessage(Base64.decode(str.getBytes("utf-8"))));
    }

    private static void checkDinpayKeyVersion(String str) {
        String str2 = null;
        if (str.indexOf("OU=V:") > 0) {
            str2 = str.substring(str.indexOf("OU=V:") + 5);
        }
        if (DINPAY_KEY_VERSION == null || "".equals(DINPAY_KEY_VERSION.trim())) {
            if (str2 == null || "".equals(str2.trim())) {
                return;
            }
            String trim = str2.trim();
            FileWriter fileWriter = null;
            try {
                try {
                    fileWriter = new FileWriter(versionFile);
                    fileWriter.write(trim);
                    fileWriter.flush();
                    if (fileWriter != null) {
                        try {
                            fileWriter.close();
                        } catch (IOException e) {
                            e.printStackTrace();
                        }
                    }
                } catch (Throwable th) {
                    throw th;
                }
            } catch (IOException e2) {
                e2.printStackTrace();
                if (fileWriter != null) {
                    try {
                        fileWriter.close();
                    } catch (IOException e3) {
                        e3.printStackTrace();
                    }
                }
            }
            return;
        }
        if (str2 == null || "".equals(str2.trim())) {
            throw new RuntimeException("dinpayKey version has outdated!");
        }
        String trim2 = str2.trim();
        int compareTo = DINPAY_KEY_VERSION.compareTo(trim2);
        if (compareTo > 0) {
            throw new RuntimeException("dinpayKey version has outdated!");
        }
        if (compareTo < 0) {
            FileWriter fileWriter2 = null;
            try {
                try {
                    fileWriter2 = new FileWriter(versionFile);
                    fileWriter2.write(trim2);
                    fileWriter2.flush();
                    if (fileWriter2 != null) {
                        try {
                            fileWriter2.close();
                        } catch (IOException e4) {
                            e4.printStackTrace();
                        }
                    }
                } catch (IOException e5) {
                    e5.printStackTrace();
                    if (fileWriter2 != null) {
                        try {
                            fileWriter2.close();
                        } catch (IOException e6) {
                            e6.printStackTrace();
                        }
                    }
                }
            } finally {
                if (fileWriter2 != null) {
                    try {
                        fileWriter2.close();
                    } catch (IOException e7) {
                        e7.printStackTrace();
                    }
                }
            }
        }
    }
}
