package cn.com.syan.jcee.cm.impl;

import cn.com.syan.jcee.cm.cipher.SparkClientKeyCipher;
import cn.com.syan.jcee.cm.cipher.SparkClientKeyException;
import cn.com.syan.jcee.cm.exception.InvalidCertificateStoreException;
import cn.com.syan.jcee.cm.exception.InvalidPinException;
import cn.com.syan.jcee.cm.exception.JCEECMException;
import cn.com.syan.jcee.common.impl.asn1.SM2BCPrivateKey;
import cn.com.syan.jcee.common.impl.key.ECDomainParametersHelper;
import cn.com.syan.jcee.common.impl.key.PKCS5PBES2;
import cn.com.syan.jcee.common.impl.key.SM2BCPublicKey;
import cn.com.syan.jcee.common.impl.pkcs10.PKCS10CertificateRequestBuilder;
import cn.com.syan.jcee.common.impl.pkcs12.PKIKeyStore;
import cn.com.syan.jcee.common.impl.security.ECKeyPairGenerator;
import cn.com.syan.jcee.common.impl.utils.CertificateConverter;
import cn.com.syan.jcee.common.impl.utils.CertificateExtensionUtil;
import cn.com.syan.jcee.common.impl.utils.CertificateStandardizedUtil;
import cn.com.syan.jcee.exception.JCEEException;
import cn.com.syan.jcee.utils.MessageDigestUtil;
import cn.com.syan.jcee.utils.StringConverter;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.io.IOUtils;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.crypto.AsymmetricCipherKeyPair;
import org.spongycastle.crypto.params.ECPrivateKeyParameters;
import org.spongycastle.crypto.params.ECPublicKeyParameters;
import org.spongycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.spongycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.util.encoders.Base64;

/* loaded from: classes.dex */
public class CertificateStore implements ICStore {
    public static final String JCEE = "JCEE";
    private final String dk = "spark-jcee-cm-be6ec243ca";
    private boolean fileOpened;
    private static CertificateStore instance = null;
    private static String certificateStore = null;
    private static CertificateStoreEntity __store = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class QueryAccelerator {
        private static QueryAccelerator instance;

        private QueryAccelerator() {
        }

        static QueryAccelerator getInstance() {
            if (instance == null) {
                instance = new QueryAccelerator();
            }
            return instance;
        }

        void addPrivateKey(PrivateKeyEntity privateKeyEntity) {
            CertificateStore.__store.getPrivatekeys().put(privateKeyEntity.getId(), privateKeyEntity);
        }

        void addX509Certificate(X509CertificateEntity x509CertificateEntity) throws CertificateException {
            CertificateStore.__store.getCertificates().put(x509CertificateEntity.getId(), x509CertificateEntity);
        }

        void addX509CertificateAndPrivateKey(X509CertificateEntity x509CertificateEntity, PrivateKeyEntity privateKeyEntity) throws CertificateException {
            CertificateStore.__store.getCertificates().put(x509CertificateEntity.getId(), x509CertificateEntity);
            CertificateStore.__store.getPrivatekeys().put(x509CertificateEntity.getId(), privateKeyEntity);
        }

        void deleteCertificate(String str) throws JCEECMException {
            X509Certificate certificate = getCertificate(str);
            if (certificate != null) {
                CertificateStore.__store.getCertificates().remove(str);
                if (!certificate.privateKeyAccessible || getPrivateKey(str) == null) {
                    return;
                }
                CertificateStore.__store.getPrivatekeys().remove(str);
            }
        }

        X509Certificate getCertificate(String str) throws JCEECMException {
            X509CertificateEntity x509CertificateEntity = CertificateStore.__store.getCertificates().get(str);
            if (x509CertificateEntity == null) {
                return null;
            }
            return new X509Certificate(x509CertificateEntity, getPrivateKey(str));
        }

        java.security.cert.X509Certificate getJavaX509Certificate(String str) throws JCEECMException, CertificateException {
            X509CertificateEntity x509CertificateEntity = CertificateStore.__store.getCertificates().get(str);
            if (x509CertificateEntity == null) {
                return null;
            }
            return CertificateConverter.fromBase64(x509CertificateEntity.getValue());
        }

        PrivateKeyEntity getPrivateKey(String str) {
            return CertificateStore.__store.getPrivatekeys().get(str);
        }

        public List<ICertificate> getX509Certificates() throws JCEECMException {
            ArrayList arrayList = new ArrayList();
            for (String str : CertificateStore.__store.getCertificates().keySet()) {
                X509CertificateEntity x509CertificateEntity = CertificateStore.__store.getCertificates().get(str);
                if (x509CertificateEntity.getStatus() == 1) {
                    arrayList.add(new X509Certificate(x509CertificateEntity, getPrivateKey(str)));
                }
            }
            return arrayList;
        }

        void init() throws CertificateException {
        }

        void reload() throws CertificateException {
            synchronized (QueryAccelerator.class) {
                instance = new QueryAccelerator();
                instance.init();
            }
        }
    }

    private CertificateStore(String str, String str2) {
        certificateStore = str2;
    }

    private String getCommonName(String str) {
        String str2 = null;
        String[] split = str.split(",");
        for (String str3 : split) {
            if (str3.startsWith("CN=")) {
                str2 = str3.substring(3);
            }
        }
        if (str2 != null && !str2.equals("")) {
            return str2;
        }
        String str4 = split[split.length - 1];
        return str4.substring(str4.indexOf("=") + 1);
    }

    public static CertificateStore getInstance(String str) {
        if (instance == null) {
            synchronized (CertificateStore.class) {
                if (instance == null) {
                    instance = new CertificateStore(JCEE, str);
                }
            }
        } else if (!certificateStore.equals(str)) {
            instance = new CertificateStore(JCEE, str);
        }
        return instance;
    }

    private String readCertificateStore(String str) throws JCEECMException {
        File file = new File(str);
        try {
            if (!file.exists() && !file.createNewFile()) {
                throw new JCEECMException("failed to init certificate store: " + str);
            }
            try {
                return IOUtils.toString(new FileInputStream(file));
            } catch (IOException e) {
                throw new JCEECMException("failed to init certificate store :" + e.getMessage(), e);
            }
        } catch (IOException e2) {
            throw new JCEECMException(e2);
        }
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public void close() {
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public PKCS10CertificationRequest createPKCS10(String str, String str2, X509Certificate x509Certificate) {
        return null;
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public PKCS10CertificationRequest createPKCS10(String str, String str2, String str3) throws JCEECMException {
        return createPKCS10(str, str2, str3, "RSA");
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public PKCS10CertificationRequest createPKCS10(String str, String str2, String str3, String str4) throws JCEECMException {
        return str4.equalsIgnoreCase("SM2") ? createSM2PKCS10(str, str2, str3) : createRSAPKCS10(str, str2, str3);
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public PKCS10CertificationRequest createRSAPKCS10(String str, String str2, String str3) throws JCEECMException {
        return createRSAPKCS10(str, str2, str3, 1024);
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public PKCS10CertificationRequest createRSAPKCS10(String str, String str2, String str3, int i) throws JCEECMException {
        return createRSAPKCS10(str, null, str2, str3, i);
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public PKCS10CertificationRequest createRSAPKCS10(String str, List<Extension> list, String str2, String str3, int i) throws JCEECMException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(i, new SecureRandom());
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            String hexadecimal = StringConverter.toHexadecimal(new PKCS5PBES2().encrypt(genKeyPair.getPrivate().getEncoded(), str2.toCharArray()));
            PKCS10CertificationRequest pKCS10CertificationRequest = new PKCS10CertificationRequest(PKCS10CertificateRequestBuilder.buildCertificationRequest(new X500Name(str), list, genKeyPair.getPublic(), genKeyPair.getPrivate()));
            try {
                String alias = PublicKeyAliasUtil.getAlias(genKeyPair.getPublic());
                String str4 = new String(Base64.encode(genKeyPair.getPublic().getEncoded()));
                if (str3 == null) {
                    str3 = "";
                }
                X509CertificateEntity x509CertificateEntity = new X509CertificateEntity(alias, str3, str4, 0);
                PrivateKeyEntity privateKeyEntity = new PrivateKeyEntity(alias, hexadecimal);
                privateKeyEntity.setLastUpdateTime(DateFormatUtil.format(Calendar.getInstance().getTime()));
                QueryAccelerator.getInstance().addX509CertificateAndPrivateKey(x509CertificateEntity, privateKeyEntity);
                return pKCS10CertificationRequest;
            } catch (Exception e) {
                e = e;
                throw new JCEECMException("failed to create pkcs10 request" + e.getMessage(), e);
            }
        } catch (Exception e2) {
            e = e2;
        }
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public PKCS10CertificationRequest createSM2PKCS10(String str, String str2, String str3) throws JCEECMException {
        return createSM2PKCS10(str, null, str2, str3);
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public PKCS10CertificationRequest createSM2PKCS10(String str, List<Extension> list, String str2, String str3) throws JCEECMException {
        try {
            AsymmetricCipherKeyPair generateKeyPair = ECKeyPairGenerator.generateKeyPair();
            ECPublicKeyParameters eCPublicKeyParameters = (ECPublicKeyParameters) generateKeyPair.getPublic();
            ECPrivateKeyParameters eCPrivateKeyParameters = (ECPrivateKeyParameters) generateKeyPair.getPrivate();
            BCECPublicKey bCECPublicKey = new BCECPublicKey("SM2", eCPublicKeyParameters, BouncyCastleProvider.CONFIGURATION);
            BCECPrivateKey bCECPrivateKey = new BCECPrivateKey("SM2", eCPrivateKeyParameters, bCECPublicKey, ECDomainParametersHelper.getECParameterSpec(), BouncyCastleProvider.CONFIGURATION);
            SM2BCPrivateKey sM2BCPrivateKey = new SM2BCPrivateKey(bCECPrivateKey, bCECPublicKey);
            SM2BCPublicKey sM2BCPublicKey = new SM2BCPublicKey(bCECPublicKey.getQ());
            PKCS10CertificationRequest pKCS10CertificationRequest = new PKCS10CertificationRequest(PKCS10CertificateRequestBuilder.buildCertificationRequest(new X500Name(str), list, bCECPublicKey, bCECPrivateKey));
            try {
                String alias = PublicKeyAliasUtil.getAlias(sM2BCPublicKey);
                String str4 = new String(Base64.encode(sM2BCPublicKey.getEncoded()));
                if (str3 == null) {
                    str3 = "";
                }
                X509CertificateEntity x509CertificateEntity = new X509CertificateEntity(alias, str3, str4, 0);
                PrivateKeyEntity privateKeyEntity = new PrivateKeyEntity(alias, StringConverter.toHexadecimal(new PKCS5PBES2().encrypt(sM2BCPrivateKey.getEncoded(), str2.toCharArray())));
                privateKeyEntity.setLastUpdateTime(DateFormatUtil.format(Calendar.getInstance().getTime()));
                QueryAccelerator.getInstance().addX509CertificateAndPrivateKey(x509CertificateEntity, privateKeyEntity);
                return pKCS10CertificationRequest;
            } catch (Exception e) {
                e = e;
                e.printStackTrace();
                throw new JCEECMException("failed to create pkcs10 request" + e.getMessage(), e);
            }
        } catch (Exception e2) {
            e = e2;
        }
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public void deleteCertificate(AbstractX509Certificate abstractX509Certificate) throws JCEECMException {
        QueryAccelerator.getInstance().deleteCertificate(PublicKeyAliasUtil.getAlias(abstractX509Certificate.getX509Certificate()));
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public void deleteCertificate(String str) throws JCEECMException {
        QueryAccelerator.getInstance().deleteCertificate(str);
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public void deleteCertificate(java.security.cert.X509Certificate x509Certificate) throws JCEECMException {
        QueryAccelerator.getInstance().deleteCertificate(PublicKeyAliasUtil.getAlias(x509Certificate));
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public String exportPrivateKey(String str) throws CertificateException, SparkClientKeyException {
        Map<String, PrivateKeyEntity> privatekeys = __store.getPrivatekeys();
        Map<String, X509CertificateEntity> certificates = __store.getCertificates();
        ArrayList arrayList = new ArrayList();
        PrivateKeyEntity privateKeyEntity = privatekeys.get(str);
        X509CertificateEntity x509CertificateEntity = certificates.get(str);
        if (x509CertificateEntity.getStatus() == 1) {
            arrayList.add(new PrivateKeySerialEntity(privateKeyEntity, CertificateConverter.fromBase64(x509CertificateEntity.getValue()).getSerialNumber().toString(16), privateKeyEntity.getLastUpdateTime()));
        }
        String json = new GsonBuilder().disableHtmlEscaping().create().toJson(arrayList);
        SparkClientKeyCipher sparkClientKeyCipher = new SparkClientKeyCipher();
        sparkClientKeyCipher.initClientKey("spark-jcee-cm-be6ec243ca".getBytes());
        return sparkClientKeyCipher.encrypt(json);
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public String exportPrivateKeys() throws CertificateException, SparkClientKeyException {
        Map<String, PrivateKeyEntity> privatekeys = __store.getPrivatekeys();
        return exportPrivateKeys((String[]) privatekeys.keySet().toArray(new String[privatekeys.keySet().size()]));
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public String exportPrivateKeys(String[] strArr) throws CertificateException, SparkClientKeyException {
        if (strArr == null) {
            return exportPrivateKeys();
        }
        Map<String, PrivateKeyEntity> privatekeys = __store.getPrivatekeys();
        Map<String, X509CertificateEntity> certificates = __store.getCertificates();
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            PrivateKeyEntity privateKeyEntity = privatekeys.get(str);
            X509CertificateEntity x509CertificateEntity = certificates.get(str);
            if (x509CertificateEntity.getStatus() == 1) {
                arrayList.add(new PrivateKeySerialEntity(privateKeyEntity, CertificateConverter.fromBase64(x509CertificateEntity.getValue()).getSerialNumber().toString(16), privateKeyEntity.getLastUpdateTime()));
            }
        }
        String json = new GsonBuilder().disableHtmlEscaping().create().toJson(arrayList);
        SparkClientKeyCipher sparkClientKeyCipher = new SparkClientKeyCipher();
        sparkClientKeyCipher.initClientKey("spark-jcee-cm-be6ec243ca".getBytes());
        return sparkClientKeyCipher.encrypt(json);
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public ICertificate getCertificate(String str) throws JCEECMException {
        return QueryAccelerator.getInstance().getCertificate(str);
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public ICertificate getCertificate(java.security.cert.X509Certificate x509Certificate) throws JCEECMException {
        return QueryAccelerator.getInstance().getCertificate(PublicKeyAliasUtil.getAlias(x509Certificate));
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public List<ICertificate> getCertificate() throws JCEECMException {
        return QueryAccelerator.getInstance().getX509Certificates();
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public ICertificate getIssuerCertificate(String str) throws JCEECMException, CertificateException {
        return getIssuerCertificate(CertificateConverter.fromBase64(str));
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public ICertificate getIssuerCertificate(java.security.cert.X509Certificate x509Certificate) throws JCEECMException {
        try {
            return QueryAccelerator.getInstance().getCertificate(StringConverter.toHexadecimal(CertificateExtensionUtil.getAuthorityKeyIdentifier(x509Certificate)));
        } catch (IOException e) {
            e.printStackTrace();
            return null;
        }
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public void importCertificate(ICertificate iCertificate) throws CertificateException {
        String alias = PublicKeyAliasUtil.getAlias(iCertificate.getX509Certificate());
        String alias2 = iCertificate.getAlias();
        X509CertificateEntity x509CertificateEntity = new X509CertificateEntity(alias, alias2 == null ? iCertificate.getCertificateName() : alias2, iCertificate.toBase64String(), 1);
        if (iCertificate.getExtension() != null) {
            x509CertificateEntity.setExtension(iCertificate.getExtension());
        }
        QueryAccelerator.getInstance().addX509Certificate(x509CertificateEntity);
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public void importCertificate(java.security.cert.X509Certificate x509Certificate) throws CertificateException, JCEECMException {
        String alias = PublicKeyAliasUtil.getAlias(x509Certificate.getPublicKey());
        X509Certificate x509Certificate2 = (X509Certificate) getCertificate(alias);
        String alias2 = x509Certificate2 != null ? x509Certificate2.getAlias() : getCommonName(CertificateStandardizedUtil.getSubject(CertificateConverter.toBase64String(x509Certificate)));
        if (x509Certificate2 != null) {
            alias2 = x509Certificate2.getAlias();
        }
        QueryAccelerator.getInstance().addX509Certificate(new X509CertificateEntity(alias, alias2, CertificateConverter.toBase64String(x509Certificate), 1));
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public void importCertificateAndEnvelopedPrivateKey(java.security.cert.X509Certificate x509Certificate, byte[] bArr, IPrivateKey iPrivateKey, String str, Date date) throws CertificateException, JCEECMException, InvalidPinException {
        System.out.println("==========  debug info begin ==========");
        System.out.println("enveloped key blob =" + new String(Base64.encode(bArr)));
        System.out.println("public key Algo = " + x509Certificate.getPublicKey().getAlgorithm());
        System.out.println("==========  debug info end ==========");
        try {
            byte[] decryptEnvelopedPrivateKey = iPrivateKey.decryptEnvelopedPrivateKey(x509Certificate.getPublicKey().getAlgorithm(), bArr, str);
            System.out.println("decrypt env key ok");
            String hexadecimal = StringConverter.toHexadecimal(new PKCS5PBES2().encrypt(decryptEnvelopedPrivateKey, str.toCharArray()));
            System.out.println("encrypt env encryption key ok");
            importCertificateAndPrivateKey(x509Certificate, hexadecimal, date);
        } catch (JCEEException e) {
            throw new JCEECMException(e);
        } catch (InvalidKeyException e2) {
            throw new JCEECMException(e2);
        }
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public void importCertificateAndPrivateKey(java.security.cert.X509Certificate x509Certificate, String str, String str2, long j) throws CertificateException {
        String alias = PublicKeyAliasUtil.getAlias(x509Certificate.getPublicKey());
        String base64String = CertificateConverter.toBase64String(x509Certificate);
        X509CertificateEntity x509CertificateEntity = new X509CertificateEntity(alias, str != null ? str : getCommonName(CertificateStandardizedUtil.getSubject(base64String)), base64String, 1);
        if (str2 != null && str2.length() > 10) {
            PrivateKeyEntity privateKeyEntity = new PrivateKeyEntity(alias, str2);
            privateKeyEntity.setLastUpdateTime(String.valueOf(j));
            QueryAccelerator.getInstance().addX509CertificateAndPrivateKey(x509CertificateEntity, privateKeyEntity);
            return;
        }
        try {
            X509Certificate certificate = QueryAccelerator.getInstance().getCertificate(alias);
            if (certificate == null || certificate.getExtension() == null) {
                QueryAccelerator.getInstance().addX509Certificate(x509CertificateEntity);
            }
        } catch (JCEECMException e) {
            throw new CertificateException(e);
        }
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public void importCertificateAndPrivateKey(java.security.cert.X509Certificate x509Certificate, String str, String str2, Date date) throws CertificateException {
        importCertificateAndPrivateKey(x509Certificate, str, str2, date.getTime());
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public void importCertificateAndPrivateKey(java.security.cert.X509Certificate x509Certificate, String str, Date date) throws CertificateException {
        importCertificateAndPrivateKey(x509Certificate, (String) null, str, date.getTime());
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public void importPrivateKey(String str, String str2, String str3, boolean z) throws JCEECMException, CertificateException {
        if (str3 == null || str3.length() < 6) {
            throw new JCEECMException("new PIN cannot be null. and length must equal or longer than 6");
        }
        try {
            if (str == null) {
                throw new Exception("pkcs12 cannot be null.");
            }
            if (str2 == null) {
                str2 = "";
            }
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decode(str));
            try {
                PKIKeyStore pKIKeyStore = new PKIKeyStore("PKCS12", BouncyCastleProvider.PROVIDER_NAME);
                pKIKeyStore.loadKeyStore(byteArrayInputStream, str2.toCharArray());
                java.security.cert.X509Certificate certificate = pKIKeyStore.getCertificate();
                java.security.PrivateKey privateKey = pKIKeyStore.getPrivateKey();
                List<java.security.cert.X509Certificate> certificateChain = pKIKeyStore.getCertificateChain();
                try {
                    importCertificateAndPrivateKey(certificate, StringConverter.toHexadecimal(new PKCS5PBES2().encrypt(privateKey.getEncoded(), str3.toCharArray())), new Date());
                    if (!z || certificateChain.size() <= 1) {
                        return;
                    }
                    Iterator<java.security.cert.X509Certificate> it = certificateChain.iterator();
                    while (it.hasNext()) {
                        importCertificate(it.next());
                    }
                } catch (Exception e) {
                    throw new JCEECMException("fail to import pkcs12. Error Message: " + e.getMessage());
                }
            } catch (Exception e2) {
                throw new JCEECMException("fail to load PKCS12 file with pin. Error Message: " + e2.getMessage());
            }
        } catch (Exception e3) {
            throw new JCEECMException("fail to parse pkcs12 file. Error Message: " + e3.getMessage());
        }
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public void open() throws JCEECMException, InvalidCertificateStoreException {
        if (this.fileOpened) {
            return;
        }
        String readCertificateStore = readCertificateStore(certificateStore);
        Gson create = new GsonBuilder().disableHtmlEscaping().create();
        __store = (CertificateStoreEntity) create.fromJson(readCertificateStore, CertificateStoreEntity.class);
        if (__store == null) {
            __store = new CertificateStoreEntity();
        } else {
            Map<String, X509CertificateEntity> certificates = __store.getCertificates();
            Map<String, PrivateKeyEntity> privatekeys = __store.getPrivatekeys();
            String digest = MessageDigestUtil.digest(create.toJson(certificates));
            try {
                if (!__store.getVprvcode().equals(MessageDigestUtil.digest(create.toJson(privatekeys))) || !__store.getVpubcode().equals(digest)) {
                    throw new InvalidCertificateStoreException("the certificate __store was tampered.");
                }
                QueryAccelerator.getInstance().init();
            } catch (CertificateException e) {
                throw new JCEECMException(e);
            }
        }
        this.fileOpened = true;
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public void save() {
        FileOutputStream fileOutputStream;
        FileOutputStream fileOutputStream2 = null;
        try {
            try {
                fileOutputStream = new FileOutputStream(certificateStore);
            } catch (Throwable th) {
                th = th;
            }
        } catch (FileNotFoundException e) {
            e = e;
        } catch (IOException e2) {
            e = e2;
        }
        try {
            Gson create = new GsonBuilder().disableHtmlEscaping().create();
            Map<String, X509CertificateEntity> certificates = __store.getCertificates();
            Map<String, PrivateKeyEntity> privatekeys = __store.getPrivatekeys();
            String json = create.toJson(certificates);
            String json2 = create.toJson(privatekeys);
            __store.setVpubcode(MessageDigestUtil.digest(json));
            __store.setVprvcode(MessageDigestUtil.digest(json2));
            fileOutputStream.write(create.toJson(__store).getBytes());
            fileOutputStream.flush();
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                    fileOutputStream2 = fileOutputStream;
                } catch (IOException e3) {
                    e3.printStackTrace();
                    fileOutputStream2 = fileOutputStream;
                }
            } else {
                fileOutputStream2 = fileOutputStream;
            }
        } catch (FileNotFoundException e4) {
            e = e4;
            fileOutputStream2 = fileOutputStream;
            e.printStackTrace();
            if (fileOutputStream2 != null) {
                try {
                    fileOutputStream2.close();
                } catch (IOException e5) {
                    e5.printStackTrace();
                }
            }
        } catch (IOException e6) {
            e = e6;
            fileOutputStream2 = fileOutputStream;
            e.printStackTrace();
            if (fileOutputStream2 != null) {
                try {
                    fileOutputStream2.close();
                } catch (IOException e7) {
                    e7.printStackTrace();
                }
            }
        } catch (Throwable th2) {
            th = th2;
            fileOutputStream2 = fileOutputStream;
            if (fileOutputStream2 != null) {
                try {
                    fileOutputStream2.close();
                } catch (IOException e8) {
                    e8.printStackTrace();
                }
            }
            throw th;
        }
    }

    @Override // cn.com.syan.jcee.cm.impl.ICStore
    public void updatePrivateKey(IPrivateKey iPrivateKey) throws InvalidKeyException {
        PrivateKey privateKey = (PrivateKey) iPrivateKey;
        if (!privateKey.hasPinUpdated()) {
            throw new InvalidKeyException("invalid private key");
        }
        PrivateKeyEntity privateKeyEntity = new PrivateKeyEntity(privateKey.getKeyID(), privateKey.getPrivateKey());
        privateKeyEntity.setLastUpdateTime(iPrivateKey.getLastUpdateTime());
        QueryAccelerator.getInstance().addPrivateKey(privateKeyEntity);
    }
}
