package com.xdja.pki.gmssl.tomcat.plugin;

import com.xdja.pki.gmssl.GMSSLContext;
import com.xdja.pki.gmssl.crypto.init.GMSSLHSMConstants;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.file.ConfigFileLoader;
import org.apache.tomcat.util.net.SSLContext;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.SSLUtil;
import org.apache.tomcat.util.res.StringManager;
import org.bouncycastle.jsse.provider.XDJAJsseProvider;

/* loaded from: input_file:BOOT-INF/lib/gmssl-tomcat-plugin-v8.5.34-1.3.0-SNAPSHOT.jar:com/xdja/pki/gmssl/tomcat/plugin/XDJAJSSEUtil.class */
public class XDJAJSSEUtil implements SSLUtil {
    private static final Log log = LogFactory.getLog((Class<?>) XDJAJSSEUtil.class);
    private static final StringManager sm = StringManager.getManager((Class<?>) XDJAJSSEUtil.class);
    private final SSLHostConfigCertificate certificate;
    private final SSLHostConfig sslHostConfig;

    public XDJAJSSEUtil(SSLHostConfigCertificate sSLHostConfigCertificate) {
        this.certificate = sSLHostConfigCertificate;
        this.sslHostConfig = sSLHostConfigCertificate.getSSLHostConfig();
    }

    @Override // org.apache.tomcat.util.net.SSLUtil
    public SSLContext createSSLContext(List<String> list) throws NoSuchAlgorithmException, NoSuchProviderException {
        return new XDJAJSSEGMSSLContext(this.sslHostConfig.getSslProtocol());
    }

    @Override // org.apache.tomcat.util.net.SSLUtil
    public KeyManager[] getKeyManagers() throws Exception {
        String certificateKeystorePassword = this.sslHostConfig.getCertificateKeystorePassword();
        KeyStore keystore = GMSSLContext.getKeystore(this.certificate.getCertificateKeystoreFile(), this.certificate.getCertificateKeystoreType(), this.certificate.getCertificateKeystoreProvider(), certificateKeystorePassword);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(XDJAJsseProvider.KEY_MANAGER_FACTORY_NAME, XDJAJsseProvider.PROVIDER_NAME);
        keyManagerFactory.init(keystore, certificateKeystorePassword.toCharArray());
        return keyManagerFactory.getKeyManagers();
    }

    @Override // org.apache.tomcat.util.net.SSLUtil
    public TrustManager[] getTrustManagers() throws Exception {
        KeyStore trustStore = GMSSLContext.getTrustStore(this.sslHostConfig.getTruststoreFile(), this.sslHostConfig.getTruststoreType(), this.sslHostConfig.getTruststoreProvider(), this.sslHostConfig.getTruststorePassword());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(XDJAJsseProvider.KEY_MANAGER_FACTORY_NAME, XDJAJsseProvider.PROVIDER_NAME);
        trustManagerFactory.init(trustStore);
        return trustManagerFactory.getTrustManagers();
    }

    private KeyStore getStore(String str, String str2, String str3, String str4) throws IOException {
        InputStream inputStream = null;
        try {
            try {
                try {
                    KeyStore keyStore = str2 == null ? KeyStore.getInstance(str) : KeyStore.getInstance(str, str2);
                    inputStream = ConfigFileLoader.getInputStream(str3);
                    char[] cArr = null;
                    if (str4 != null && !"".equals(str4)) {
                        cArr = str4.toCharArray();
                    }
                    keyStore.load(inputStream, cArr);
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e) {
                        }
                    }
                    return keyStore;
                } catch (Exception e2) {
                    String string = sm.getString("jsse.keystore_load_failed", str, str3, e2.getMessage());
                    log.error(string, e2);
                    throw new IOException(string);
                }
            } catch (FileNotFoundException e3) {
                log.error(sm.getString("jsse.keystore_load_failed", str, str3, e3.getMessage()), e3);
                throw e3;
            } catch (IOException e4) {
                throw e4;
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e5) {
                }
            }
            throw th;
        }
    }

    @Override // org.apache.tomcat.util.net.SSLUtil
    public void configureSessionContext(SSLSessionContext sSLSessionContext) {
        sSLSessionContext.setSessionCacheSize(this.sslHostConfig.getSessionCacheSize());
        sSLSessionContext.setSessionTimeout(this.sslHostConfig.getSessionTimeout());
    }

    @Override // org.apache.tomcat.util.net.SSLUtil
    public String[] getEnabledProtocols() throws IllegalArgumentException {
        return new String[]{GMSSLHSMConstants.SSL_PROTOCOL};
    }

    @Override // org.apache.tomcat.util.net.SSLUtil
    public String[] getEnabledCiphers() throws IllegalArgumentException {
        return new String[]{"GMSSL_ECC_SM4_SM3"};
    }
}
