package kd.ebg.aqap.banks.pab.opa.sign.sign.signcfca;

import com.cfca.util.pki.PKIException;
import com.cfca.util.pki.api.CertUtil;
import com.cfca.util.pki.api.KeyUtil;
import com.cfca.util.pki.cert.X509Cert;
import com.cfca.util.pki.cipher.JCrypto;
import com.cfca.util.pki.cipher.Session;
import com.cfca.util.pki.crl.X509CRL;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.security.Security;
import java.util.Set;
import kd.ebg.aqap.banks.pab.opa.sign.Exception.CodeAndMsgException;
import kd.ebg.aqap.banks.pab.opa.sign.Exception.ErrorInfo;
import kd.ebg.aqap.banks.pab.opa.sign.sign.AbstractSign;
import kd.ebg.aqap.banks.pab.opa.sign.util.StringTool;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:kd/ebg/aqap/banks/pab/opa/sign/sign/signcfca/CfcaSign.class */
public class CfcaSign extends AbstractSign {
    private static final Log log = LogFactory.getLog(CfcaSign.class);
    private Session pkiSession;
    private CertDNVerifer verifyTool;
    private IbpsSigner signerTool;
    private String caCertPath;
    private byte[] caCertData;
    private String crlPath;
    private String pfxPath;
    private byte[] pfxData;
    private String pfxPwd;
    private boolean checkCert = true;
    private Set<String> verifyCertDNs;

    public void init() throws Exception {
        log.info("验(签)名工具初始化...");
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        try {
            JCrypto jCrypto = JCrypto.getInstance();
            jCrypto.initialize("JSOFT_LIB", (Object) null);
            this.pkiSession = jCrypto.openSession("JSOFT_LIB");
            if (this.pfxData != null) {
                X509Cert cert = CertUtil.getCert(this.pfxData, this.pfxPwd);
                this.signerTool = new IbpsSigner(this.pkiSession, KeyUtil.getPriKey(this.pfxData, this.pfxPwd), cert);
                log.info("私有证书: " + cert.getSubject());
            } else {
                log.info("未设置软签名证书");
            }
            this.verifyTool = new CertDNVerifer(this.pkiSession);
            this.verifyTool.setCheckCert(this.checkCert);
            if (this.checkCert) {
                if (this.caCertData != null) {
                    try {
                        X509Cert[] parseP7b = CertUtil.parseP7b(this.caCertData);
                        for (int i = 0; i < parseP7b.length; i++) {
                            log.info("Ca证书[" + (i + 1) + "]: " + parseP7b[i].getSubject());
                        }
                        this.verifyTool.setCaCerts(parseP7b);
                    } catch (Exception e) {
                        log.error("初始化证书链异常:" + StringTool.getErrorStack(e));
                        throw e;
                    }
                } else {
                    log.error("初始化异常:未设置证书链");
                }
                if (this.crlPath != null) {
                    ByteArrayOutputStream byteArrayOutputStream = null;
                    FileInputStream fileInputStream = null;
                    try {
                        try {
                            fileInputStream = new FileInputStream(this.crlPath);
                            byteArrayOutputStream = new ByteArrayOutputStream();
                            byte[] bArr = new byte[8192];
                            while (true) {
                                int read = fileInputStream.read(bArr);
                                if (read == -1) {
                                    break;
                                } else {
                                    byteArrayOutputStream.write(bArr, 0, read);
                                }
                            }
                            this.verifyTool.setCrl(new X509CRL(byteArrayOutputStream.toByteArray()));
                            if (fileInputStream != null) {
                                try {
                                    fileInputStream.close();
                                } catch (Exception e2) {
                                }
                            }
                            if (byteArrayOutputStream != null) {
                                try {
                                    byteArrayOutputStream.close();
                                } catch (Exception e3) {
                                }
                            }
                        } catch (Exception e4) {
                            log.error("初始化吊销列表失败：" + StringTool.getErrorStack(e4));
                            throw e4;
                        }
                    } catch (Throwable th) {
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (Exception e5) {
                            }
                        }
                        if (byteArrayOutputStream != null) {
                            try {
                                byteArrayOutputStream.close();
                            } catch (Exception e6) {
                            }
                        }
                        throw th;
                    }
                } else {
                    log.info("未设置CRL证书.");
                }
                if (this.verifyCertDNs == null || this.verifyCertDNs.size() == 0) {
                    log.info("初始化异常:未设置验签证书DN");
                } else {
                    log.info("授权证书：" + this.verifyCertDNs.toString());
                    this.verifyTool.setDns(this.verifyCertDNs);
                }
            } else {
                log.info("软验签不校验证书");
            }
            log.info("验(签)名工具初始化结束.");
        } catch (PKIException e7) {
            log.error("初始化异常:" + StringTool.getErrorStack(e7));
            throw e7;
        }
    }

    @Override // kd.ebg.aqap.banks.pab.opa.sign.sign.ISign
    public byte[] getCert() throws Exception {
        checkSignInit();
        return this.signerTool.getCert().getEncoded();
    }

    @Override // kd.ebg.aqap.banks.pab.opa.sign.sign.ISign
    public String getSubjectDN() throws Exception {
        checkSignInit();
        return this.signerTool.getCert().getSubject();
    }

    @Override // kd.ebg.aqap.banks.pab.opa.sign.sign.ISign
    public byte[] sign(byte[] bArr) throws Exception {
        checkSignInit();
        return this.signerTool.signMsg(bArr, true);
    }

    @Override // kd.ebg.aqap.banks.pab.opa.sign.sign.ISign
    public boolean verify(byte[] bArr, byte[] bArr2) throws Exception {
        checkVerifyInit();
        return this.verifyTool.verifyMsg(bArr, bArr2, null, true);
    }

    private void checkSignInit() {
        if (this.signerTool == null) {
            log.error("软签名对象未初始化");
            CodeAndMsgException codeAndMsgException = new CodeAndMsgException();
            codeAndMsgException.setErrorCode(ErrorInfo.get("Sign_CODE"));
            codeAndMsgException.setErrorMsg(ErrorInfo.get("Sign_NOINIT"));
            throw codeAndMsgException;
        }
    }

    private void checkVerifyInit() {
        if (this.verifyTool == null) {
            log.error("软验签名对象未初始化");
            CodeAndMsgException codeAndMsgException = new CodeAndMsgException();
            codeAndMsgException.setErrorCode(ErrorInfo.get("Sign_CODE"));
            codeAndMsgException.setErrorMsg(ErrorInfo.get("Sign_NOINIT"));
            throw codeAndMsgException;
        }
    }

    public String getCaCertPath() {
        return this.caCertPath;
    }

    public void setCaCertPath(String str) {
        this.caCertPath = str;
    }

    public String getCrlPath() {
        return this.crlPath;
    }

    public void setCrlPath(String str) {
        this.crlPath = str;
    }

    public String getPfxPath() {
        return this.pfxPath;
    }

    public void setPfxPath(String str) {
        this.pfxPath = str;
    }

    public String getPfxPwd() {
        return this.pfxPwd;
    }

    public void setPfxPwd(String str) {
        this.pfxPwd = str;
    }

    public boolean isCheckCert() {
        return this.checkCert;
    }

    public void setCheckCert(boolean z) {
        this.checkCert = z;
    }

    public Set<String> getVerifyCertDNs() {
        return this.verifyCertDNs;
    }

    public void setVerifyCertDNs(Set<String> set) {
        this.verifyCertDNs = set;
    }

    public byte[] getPfxData() {
        return this.pfxData;
    }

    public void setPfxData(byte[] bArr) {
        this.pfxData = bArr;
    }

    public byte[] getCaCertData() {
        return this.caCertData;
    }

    public void setCaCertData(byte[] bArr) {
        this.caCertData = bArr;
    }
}
