package com.xdja.pki.apache.client.utils;

import ch.qos.logback.core.joran.util.beans.BeanUtil;
import ch.qos.logback.core.net.ssl.SSL;
import com.xdja.pki.apache.client.core.ApacheHttpException;
import com.xdja.pki.apache.client.core.ClientKeyStoreConfig;
import com.xdja.pki.apache.client.core.KeyStroeConvertException;
import com.xdja.pki.gmssl.GMSSLContext;
import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import com.xdja.pki.gmssl.http.bean.GMSSLProtocol;
import com.xdja.pki.ldap.CryptoTypeStr;
import java.io.File;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.LinkedList;
import java.util.Map;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HeaderElement;
import org.apache.http.HttpResponse;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.ConnectionKeepAliveStrategy;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.entity.ByteArrayEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.message.BasicHeaderElementIterator;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.protocol.HTTP;
import org.apache.http.protocol.HttpContext;
import org.apache.shiro.web.filter.authz.SslFilter;
import org.apache.tomcat.util.net.Constants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:WEB-INF/lib/pki-apache-client-0.0.1-20210115.093939-97.jar:com/xdja/pki/apache/client/utils/ApacheClientHttpUtils.class */
public class ApacheClientHttpUtils {
    protected static final transient Logger logger = LoggerFactory.getLogger((Class<?>) ApacheClientHttpUtils.class);
    public static volatile CloseableHttpClient client = null;
    private static HttpContext localContext = new BasicHttpContext();
    private static HttpClientContext context = HttpClientContext.adapt(localContext);
    private static RequestConfig requestConfig = null;

    public static CloseableHttpResponse sendApacheClientRequest(byte[] bArr, Map<String, String> map, Map<String, String> map2, String str, String str2, String str3, boolean z, String str4, ClientKeyStoreConfig clientKeyStoreConfig) throws ApacheHttpException {
        return exeHttpsRequest(str, bArr, map, map2, str2, str3, z, str4, false, clientKeyStoreConfig);
    }

    public static CloseableHttpResponse sendApacheClientRequest(byte[] bArr, Map<String, String> map, Map<String, String> map2, String str, String str2, String str3, boolean z, String str4, boolean z2, ClientKeyStoreConfig clientKeyStoreConfig) throws ApacheHttpException {
        return exeHttpsRequest(str, bArr, map, map2, str2, str3, z, str4, z2, clientKeyStoreConfig);
    }

    public static CloseableHttpResponse exeHttpsRequest(String str, byte[] bArr, Map<String, String> map, Map<String, String> map2, String str2, String str3, boolean z, String str4, boolean z2, ClientKeyStoreConfig clientKeyStoreConfig) throws ApacheHttpException {
        getClient(z, str3, z2, clientKeyStoreConfig);
        try {
            URIBuilder uRIBuilder = z ? new URIBuilder("https://" + str) : new URIBuilder("http://" + str);
            logger.info("当前请求的url==========================" + uRIBuilder.toString());
            HttpUriRequest httpUriRequest = null;
            if ("post".equalsIgnoreCase(str4)) {
                httpUriRequest = new HttpPost(uRIBuilder.build());
                ((HttpPost) httpUriRequest).setEntity(new ByteArrayEntity(bArr));
            } else {
                if (null != map && map.size() != 0) {
                    LinkedList linkedList = new LinkedList();
                    for (Map.Entry<String, String> entry : map.entrySet()) {
                        linkedList.add(new BasicNameValuePair(entry.getKey(), entry.getValue()));
                    }
                    uRIBuilder.setParameters(linkedList);
                }
                if (BeanUtil.PREFIX_GETTER_GET.equalsIgnoreCase(str4)) {
                    httpUriRequest = new HttpGet(uRIBuilder.build());
                    ((HttpGet) httpUriRequest).setConfig(requestConfig);
                } else if ("put".equalsIgnoreCase(str4)) {
                    httpUriRequest = new HttpPut(uRIBuilder.build());
                    ((HttpPut) httpUriRequest).setEntity(new ByteArrayEntity(bArr));
                    ((HttpPut) httpUriRequest).setConfig(requestConfig);
                } else if ("delete".equalsIgnoreCase(str4)) {
                    httpUriRequest = new HttpDelete(uRIBuilder.build());
                    ((HttpDelete) httpUriRequest).setConfig(requestConfig);
                }
            }
            if (StringUtils.isNotBlank(str2)) {
                httpUriRequest.setHeader("content-type", str2);
            }
            httpUriRequest.setHeader("timestamp", String.valueOf(System.currentTimeMillis()));
            if (!CollectionUtils.isEmpty(map2)) {
                for (Map.Entry<String, String> entry2 : map2.entrySet()) {
                    httpUriRequest.setHeader(entry2.getKey(), entry2.getValue());
                }
            }
            return client.execute(httpUriRequest);
        } catch (Exception e) {
            logger.error("apache发送client请求异常:", (Throwable) e);
            throw new ApacheHttpException("apache发送client请求异常");
        }
    }

    private static SSLContext createVerifySSL(String str, boolean z, ClientKeyStoreConfig clientKeyStoreConfig) throws ApacheHttpException {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        String value = "SM3withSM2".equalsIgnoreCase(str) ? z ? GMSSLProtocol.GMSSLSDFYUNHSMv11.getValue() : GMSSLProtocol.GMSSLv11.getValue() : GMSSLProtocol.TLSV12.getValue();
        KeyStore keyStore = null;
        KeyStore keyStore2 = null;
        try {
            if (clientKeyStoreConfig == null) {
                SSLContext sslContext = "SM3withSM2".equalsIgnoreCase(str) ? GMSSLContext.getClientInstance("GMSSLv1.1").getSslContext() : GMSSLContext.getClientInstance(Constants.SSL_PROTO_TLSv1_2).getSslContext();
                sslContext.init(null, new TrustManager[]{new X509TrustManager() { // from class: com.xdja.pki.apache.client.utils.ApacheClientHttpUtils.1
                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                        if (x509CertificateArr == null || x509CertificateArr.length < 1 || str2 == null || str2.length() < 1) {
                            throw new IllegalArgumentException();
                        }
                        ApacheClientHttpUtils.logger.info("Auto-trusted server certificate chain for: " + x509CertificateArr[0].getSubjectX500Principal().getName());
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return new X509Certificate[0];
                    }
                }}, null);
                return sslContext;
            }
            if (!StringUtils.isNotBlank(clientKeyStoreConfig.getTrustKeyStorePath()) || !StringUtils.isNotBlank(clientKeyStoreConfig.getTrustKeyStorePwd())) {
                return null;
            }
            if (new File(clientKeyStoreConfig.getTrustKeyStorePath()).exists()) {
                try {
                    keyStore2 = getKeyStore(clientKeyStoreConfig.getTrustKeyStorePath(), clientKeyStoreConfig.getTrustKeyStorePwd().toCharArray());
                } catch (Exception e) {
                    logger.error("ApacheClientHttpUtils.getKeyStore==========", (Throwable) e);
                    throw new KeyStroeConvertException("keyStore转换失败！");
                }
            }
            if (StringUtils.isAnyBlank(clientKeyStoreConfig.getClientKeyStorePath(), clientKeyStoreConfig.getClientKeyStorePwd())) {
                return GMSSLContext.getClientInstance((KeyStore) null, (char[]) null, keyStore2, value).getSslContext();
            }
            if (new File(clientKeyStoreConfig.getClientKeyStorePath()).exists()) {
                try {
                    keyStore = getKeyStore(clientKeyStoreConfig.getClientKeyStorePath(), clientKeyStoreConfig.getClientKeyStorePwd().toCharArray());
                } catch (Exception e2) {
                    logger.error("ApacheClientHttpUtils.getKeyStore==========", (Throwable) e2);
                    throw new KeyStroeConvertException("keyStore转换失败！");
                }
            }
            return GMSSLContext.getClientInstance(keyStore, clientKeyStoreConfig.getClientKeyStorePwd().toCharArray(), keyStore2, value).getSslContext();
        } catch (Exception e3) {
            logger.error("ApacheClientHttpUtils.createVerifySSL==========", (Throwable) e3);
            throw new ApacheHttpException("构造SSLContext异常");
        }
    }

    public static CloseableHttpClient getClient(boolean z, String str, boolean z2, ClientKeyStoreConfig clientKeyStoreConfig) throws ApacheHttpException {
        Registry build;
        if (client == null) {
            if (z) {
                build = RegistryBuilder.create().register(SslFilter.HTTPS_SCHEME, new SSLConnectionSocketFactory(createVerifySSL(str, z2, clientKeyStoreConfig), SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)).build();
            } else {
                build = RegistryBuilder.create().register("http", PlainConnectionSocketFactory.INSTANCE).build();
            }
            PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager((Registry<ConnectionSocketFactory>) build);
            poolingHttpClientConnectionManager.setMaxTotal(500);
            poolingHttpClientConnectionManager.setDefaultMaxPerRoute(500);
            client = HttpClients.custom().setKeepAliveStrategy(new ConnectionKeepAliveStrategy() { // from class: com.xdja.pki.apache.client.utils.ApacheClientHttpUtils.2
                @Override // org.apache.http.conn.ConnectionKeepAliveStrategy
                public long getKeepAliveDuration(HttpResponse httpResponse, HttpContext httpContext) {
                    BasicHeaderElementIterator basicHeaderElementIterator = new BasicHeaderElementIterator(httpResponse.headerIterator(HTTP.CONN_KEEP_ALIVE));
                    while (basicHeaderElementIterator.hasNext()) {
                        HeaderElement nextElement = basicHeaderElementIterator.nextElement();
                        String name = nextElement.getName();
                        String value = nextElement.getValue();
                        if (value != null && name.equalsIgnoreCase("timeout")) {
                            try {
                                return Long.parseLong(value) * 1000;
                            } catch (NumberFormatException e) {
                            }
                        }
                    }
                    return 30000L;
                }
            }).setConnectionManager(poolingHttpClientConnectionManager).build();
            requestConfig = RequestConfig.custom().setConnectionRequestTimeout(6000).setSocketTimeout(20000).setConnectTimeout(6000).build();
        }
        return client;
    }

    private static KeyStore getKeyStore(String str, char[] cArr) throws Exception {
        try {
            InputStream readInputStreamFromPath = GMSSLX509Utils.readInputStreamFromPath(str);
            KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
            keyStore.load(readInputStreamFromPath, cArr);
            return keyStore;
        } catch (Exception e) {
            try {
                InputStream readInputStreamFromPath2 = GMSSLX509Utils.readInputStreamFromPath(str);
                KeyStore keyStore2 = KeyStore.getInstance("BKS", CryptoTypeStr.BC);
                keyStore2.load(readInputStreamFromPath2, cArr);
                return keyStore2;
            } catch (Exception e2) {
                InputStream readInputStreamFromPath3 = GMSSLX509Utils.readInputStreamFromPath(str);
                KeyStore keyStore3 = KeyStore.getInstance("pkcs12", CryptoTypeStr.BC);
                keyStore3.load(readInputStreamFromPath3, cArr);
                return keyStore3;
            }
        }
    }
}
