package com.xdja.pki.gmssl.sdf.yunhsm.utils;

import com.amazonaws.cloudhsm.jce.jni.exception.AuthenticationException;
import com.amazonaws.cloudhsm.jce.jni.exception.AuthenticationExceptionCause;
import com.amazonaws.cloudhsm.jce.jni.exception.ProviderInitializationException;
import com.amazonaws.cloudhsm.jce.provider.CloudHsmProvider;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyAttribute;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyAttributesMap;
import com.xdja.pki.gmssl.crypto.init.GMSSLPkiCryptoInit;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRandomUtils;
import com.xdja.pki.gmssl.x509.utils.bean.YunHsmExceptionEnum;
import java.io.File;
import java.io.IOException;
import java.security.Security;
import javax.crypto.KeyGenerator;
import javax.security.auth.login.LoginException;
import org.bouncycastle.util.encoders.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/gmssl-pki-utils-2.0.2-SNAPSHOT.jar:com/xdja/pki/gmssl/sdf/yunhsm/utils/GMSSLAmazonHsmUtils.class */
public class GMSSLAmazonHsmUtils {
    private static Logger logger = LoggerFactory.getLogger((Class<?>) GMSSLAmazonHsmUtils.class);
    private static final String CONFIG_PATH = File.separator + "conf";
    private static final String CONFIG_TEST_PATH = File.separator + "confTest";
    private static final String HSM_CONFIG_PATH = File.separator + "conf" + File.separator + "hsm";
    private static String CONFIG_INI_NAME = "DJHsmAPI.ini";

    public static YunHsmExceptionEnum initAmazonHsmConfigAndTestConnect(String str, String str2, String str3) throws IOException, InterruptedException, ProviderInitializationException, LoginException {
        YunHsmExceptionEnum testConnect = testConnect(str, str2, str3);
        if (testConnect != YunHsmExceptionEnum.NORMAL) {
            return testConnect;
        }
        logger.info("初始化密码机");
        String str4 = "sudo /opt/cloudhsm/bin/configure-jce -a " + str;
        logger.info("执行命令连接密码机{}", str4);
        Runtime.getRuntime().exec(str4).waitFor();
        logger.info("执行命令连接密码机完毕");
        System.setProperty("HSM_USER", str2);
        System.setProperty("HSM_PASSWORD", str3);
        GMSSLPkiCryptoInit.getAmazonHsmInstance(str2, str3);
        return YunHsmExceptionEnum.NORMAL;
    }

    public static YunHsmExceptionEnum testConnect(String str, String str2, String str3) throws IOException, InterruptedException {
        String property = System.getProperty("HSM_USER", "");
        String property2 = System.getProperty("HSM_PASSWORD", "");
        try {
            try {
                logger.info("备份密码机信息{}", "sudo cp /opt/cloudhsm/etc/cloudhsm-jce.cfg /opt/cloudhsm/etc/cloudhsm-jce.cfg.bak");
                Runtime.getRuntime().exec("sudo cp /opt/cloudhsm/etc/cloudhsm-jce.cfg /opt/cloudhsm/etc/cloudhsm-jce.cfg.bak").waitFor();
                logger.info("备份密码机信息完毕");
                String str4 = "sudo /opt/cloudhsm/bin/confi-gure-jce -a " + str;
                logger.info("执行命令连接密码机{}", str4);
                Runtime.getRuntime().exec(str4).waitFor();
                logger.info("执行命令连接密码机完毕");
                System.setProperty("HSM_USER", str2);
                System.setProperty("HSM_PASSWORD", str3);
                if (Security.getProvider("CloudHSM") == null) {
                    Security.addProvider(new CloudHsmProvider());
                }
                try {
                    KeyAttributesMap keyAttributesMap = new KeyAttributesMap();
                    keyAttributesMap.put(KeyAttribute.LABEL, "Implicit Java Properties Login Key");
                    keyAttributesMap.put(KeyAttribute.SIZE, 256);
                    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "CloudHSM");
                    keyGenerator.init(keyAttributesMap);
                    if (keyGenerator.generateKey() != null) {
                        logger.info("Login successful!");
                        YunHsmExceptionEnum yunHsmExceptionEnum = YunHsmExceptionEnum.NORMAL;
                        logger.info("开始恢复密码机环境变量");
                        resetConfig(property, property2);
                        logger.info("恢复密码机环境变量完毕");
                        return yunHsmExceptionEnum;
                    }
                    logger.error("配置密码机测试连通性失败");
                    YunHsmExceptionEnum yunHsmExceptionEnum2 = YunHsmExceptionEnum.CONNECT_HSM_ERROR;
                    logger.info("开始恢复密码机环境变量");
                    resetConfig(property, property2);
                    logger.info("恢复密码机环境变量完毕");
                    return yunHsmExceptionEnum2;
                } catch (AuthenticationException e) {
                    if (e.getCloudHsmExceptionCause() == AuthenticationExceptionCause.UNAUTHENTICATED) {
                        logger.error("Provider is not authenticated");
                    }
                    logger.error("test connect failed", (Throwable) e);
                    YunHsmExceptionEnum yunHsmExceptionEnum3 = YunHsmExceptionEnum.CONNECT_HSM_ERROR;
                    logger.info("开始恢复密码机环境变量");
                    resetConfig(property, property2);
                    logger.info("恢复密码机环境变量完毕");
                    return yunHsmExceptionEnum3;
                }
            } catch (Exception e2) {
                logger.error("配置密码机测试连通性失败", (Throwable) e2);
                YunHsmExceptionEnum yunHsmExceptionEnum4 = YunHsmExceptionEnum.CONNECT_HSM_ERROR;
                logger.info("开始恢复密码机环境变量");
                resetConfig(property, property2);
                logger.info("恢复密码机环境变量完毕");
                return yunHsmExceptionEnum4;
            }
        } catch (Throwable th) {
            logger.info("开始恢复密码机环境变量");
            resetConfig(property, property2);
            logger.info("恢复密码机环境变量完毕");
            throw th;
        }
    }

    public static void resetConfig(String str, String str2) throws IOException, InterruptedException {
        logger.info("恢复备份密码机信息{}", "sudo mv /opt/cloudhsm/etc/cloudhsm-jce.cfg.bak /opt/cloudhsm/etc/cloudhsm-jce.cfg");
        Runtime.getRuntime().exec("sudo mv /opt/cloudhsm/etc/cloudhsm-jce.cfg.bak /opt/cloudhsm/etc/cloudhsm-jce.cfg").waitFor();
        logger.info("恢复备份密码机信息完毕");
        System.setProperty("HSM_USER", str);
        System.setProperty("HSM_PASSWORD", str2);
        logger.info("恢复备份密码机环境变量完毕");
    }

    public static YunHsmExceptionEnum testConnect() {
        try {
            byte[] generateRandom = GMSSLRandomUtils.generateRandom(16);
            logger.info("通过密码机生成随机来测试密码机连通性：{}", Hex.toHexString(generateRandom));
            if (generateRandom.length == 16) {
                return YunHsmExceptionEnum.NORMAL;
            }
            logger.info("通过密码机生成随机数失败");
            return YunHsmExceptionEnum.CONNECT_HSM_ERROR;
        } catch (Exception e) {
            logger.error("测试连通性失败：", (Throwable) e);
            return YunHsmExceptionEnum.CONNECT_HSM_ERROR;
        }
    }
}
