package com.xdja.pki.gmssl.sdf.yunhsm.utils;

import com.alibaba.fastjson.JSONObject;
import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import com.xdja.pki.gmssl.keystore.utils.GMSSLKeyStoreUtils;
import com.xdja.pki.gmssl.sdf.SdfSDKException;
import com.xdja.pki.gmssl.sdf.yunhsm.YunhsmSdfSDK;
import com.xdja.pki.gmssl.x509.utils.bean.YunHsmExceptionEnum;
import com.xdja.pki.gmssl.x509.utils.bean.YunHsmInfoEntry;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.List;
import org.apache.commons.io.FileUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/xdja/pki/gmssl/sdf/yunhsm/utils/GMSSLYunHsmUtils.class */
public class GMSSLYunHsmUtils {
    private static Logger logger = LoggerFactory.getLogger(GMSSLYunHsmUtils.class);

    public static void resetYunHsm() throws IOException {
        resetYunHsm(getYunHsmPath());
    }

    public static void resetYunHsm(String str) throws IOException {
        String str2 = str + File.separator + "confBak" + File.separator;
        String str3 = str + File.separator + "conf" + File.separator;
        if (!new File(str2).exists()) {
            logger.info("密码机未进行任何配置，无需初始化");
            return;
        }
        GMSSLX509Utils.deleteDirectory(str3);
        new File(str3).mkdir();
        GMSSLX509Utils.copyDir(str2, str3);
        GMSSLX509Utils.deleteDirectory(str2);
        logger.info("密码机初始化成功");
    }

    public static YunHsmInfoEntry getYunHsmInfo() throws IOException {
        return getYunHsmInfo(getYunHsmPath());
    }

    public static YunHsmInfoEntry getYunHsmInfo(String str) throws IOException {
        String str2 = str + File.separator + "conf" + File.separator + "yunhsmsdk.conf";
        YunHsmInfoEntry yunHsmInfoEntry = new YunHsmInfoEntry();
        JSONObject parseObject = JSONObject.parseObject(FileUtils.readFileToString(new File(str2), "UTF-8"));
        JSONObject jSONObject = parseObject.getJSONObject("Certificate").getJSONObject("SoftCert");
        JSONObject jSONObject2 = jSONObject.getJSONObject("SignatureCertificate");
        yunHsmInfoEntry.setSignCertPassword(jSONObject2.getString("pin"));
        String string = jSONObject2.getString("file");
        yunHsmInfoEntry.setSignCertName(string.substring(string.indexOf("sign")));
        JSONObject jSONObject3 = jSONObject.getJSONObject("EncryptCertificate");
        yunHsmInfoEntry.setEncCertPassword(jSONObject3.getString("pin"));
        String string2 = jSONObject3.getString("file");
        yunHsmInfoEntry.setEncCertName(string2.substring(string2.indexOf("enc")));
        JSONObject jSONObject4 = parseObject.getJSONObject("hsm");
        yunHsmInfoEntry.setServerIp(jSONObject4.getString("ip"));
        yunHsmInfoEntry.setServerPort(Integer.valueOf(jSONObject4.getString("port")).intValue());
        String string3 = parseObject.getJSONObject("ssl").getString("CertificatePath");
        yunHsmInfoEntry.setCaCertName(string3.substring(string3.indexOf("trust")));
        yunHsmInfoEntry.setYunHsmType("信大捷安服务器密码机");
        return yunHsmInfoEntry;
    }

    public static YunHsmExceptionEnum initYunHsmConfigAndTestConnect(String str, int i, String str2, String str3, String str4, String str5, String str6) throws Exception {
        return initYunHsmConfigAndTestConnect(getYunHsmPath(), str, i, str2, str3, str4, str5, str6);
    }

    public static YunHsmExceptionEnum initYunHsmConfigAndTestConnect(String str, int i, String str2, String str3, FileInputStream fileInputStream, FileInputStream fileInputStream2, FileInputStream fileInputStream3) throws Exception {
        return initYunHsmConfigAndTestConnect(getYunHsmPath(), str, i, str2, str3, fileInputStream, fileInputStream2, fileInputStream3);
    }

    public static YunHsmExceptionEnum initYunHsmConfigAndTestConnect(String str, String str2, int i, String str3, String str4, String str5, String str6, String str7) throws Exception {
        backUpConf(str);
        YunHsmExceptionEnum storeCert = storeCert(str3, str4, str5, str6, str7, str);
        if (storeCert.id != YunHsmExceptionEnum.NORMAL.id) {
            return storeCert;
        }
        writeConf(str, str2, i, str3, str4);
        YunHsmExceptionEnum testConnect = testConnect(str2, i);
        return testConnect.id != YunHsmExceptionEnum.NORMAL.id ? testConnect : YunHsmExceptionEnum.NORMAL;
    }

    public static YunHsmExceptionEnum initYunHsmConfigAndTestConnect(String str, String str2, int i, String str3, String str4, FileInputStream fileInputStream, FileInputStream fileInputStream2, FileInputStream fileInputStream3) throws Exception {
        backUpConf(str);
        YunHsmExceptionEnum storeCert = storeCert(str3, str4, fileInputStream, fileInputStream2, fileInputStream3, str);
        if (storeCert.id != YunHsmExceptionEnum.NORMAL.id) {
            return storeCert;
        }
        writeConf(str, str2, i, str3, str4);
        YunHsmExceptionEnum testConnect = testConnect(str2, i);
        return testConnect.id != YunHsmExceptionEnum.NORMAL.id ? testConnect : YunHsmExceptionEnum.NORMAL;
    }

    private static void deleteConDir(String str) {
        File file = new File(str + File.separator + "conf");
        if (file.exists()) {
            GMSSLX509Utils.deleteDirectory(str + File.separator + "conf");
        }
        file.mkdir();
    }

    private static String getYunHsmPath() {
        return System.getProperty("os.name").startsWith("Windows") ? "C:\\Program Files (x86)\\yunhsmsdk" : "/usr/local/yunhsmsdk";
    }

    private static void backUpConf(String str) throws IOException {
        String str2 = str + File.separator + "confBak" + File.separator;
        File file = new File(str2);
        if (file.exists() && file.isDirectory()) {
            return;
        }
        GMSSLX509Utils.copyDir(str + File.separator + "conf" + File.separator, str2);
        logger.info("备份成功");
    }

    private static YunHsmExceptionEnum storeCert(String str, String str2, FileInputStream fileInputStream, FileInputStream fileInputStream2, FileInputStream fileInputStream3, String str3) throws Exception {
        try {
            KeyStore keyStore = KeyStore.getInstance("pkcs12", "BC");
            keyStore.load(fileInputStream, str.toCharArray());
            logger.info("签名PFX证书解析成功");
            try {
                KeyStore keyStore2 = KeyStore.getInstance("pkcs12", "BC");
                keyStore2.load(fileInputStream2, str2.toCharArray());
                logger.info("加密PFX证书解析成功");
                String str4 = str3 + File.separator + "confDebug" + File.separator;
                new File(str4).mkdir();
                GMSSLKeyStoreUtils.saveGMSSLPfx(keyStore, str, str4, "sign_" + str);
                GMSSLKeyStoreUtils.saveGMSSLPfx(keyStore2, str2, str4, "enc_" + str2);
                GMSSLX509Utils.copyFile(fileInputStream3, str4 + "trust_chain.p7b");
                try {
                    List certsByCertChain = GMSSLX509Utils.getCertsByCertChain(new FileInputStream(new File(str4 + "trust_chain.p7b")));
                    List readCertificatesFromP12 = GMSSLX509Utils.readCertificatesFromP12(str4 + "sign_" + str + ".pfx", str.toCharArray());
                    List readCertificatesFromP122 = GMSSLX509Utils.readCertificatesFromP12(str4 + "enc_" + str2 + ".pfx", str2.toCharArray());
                    for (int i = 0; i < readCertificatesFromP12.size(); i++) {
                        if (!GMSSLX509Utils.verifyCert((X509Certificate) readCertificatesFromP12.get(i), certsByCertChain)) {
                            GMSSLX509Utils.deleteDirectory(str4);
                            logger.error("第 " + (i + 1) + "个签名证书验签失败");
                            return YunHsmExceptionEnum.SIGN_CERT_VERIFY_IS_ERROR;
                        }
                    }
                    logger.info("签名证书验签全部通过");
                    for (int i2 = 0; i2 < readCertificatesFromP122.size(); i2++) {
                        if (!GMSSLX509Utils.verifyCert((X509Certificate) readCertificatesFromP122.get(i2), certsByCertChain)) {
                            GMSSLX509Utils.deleteDirectory(str4);
                            logger.error("第" + (i2 + 1) + "个加密证书验签失败");
                            return YunHsmExceptionEnum.ENC_CERT_VERIFY_IS_ERROR;
                        }
                    }
                    logger.info("加密证书验签全部通过");
                    String str5 = str3 + File.separator + "conf" + File.separator;
                    deleteConDir(str3);
                    GMSSLX509Utils.copyDir(str4, str5);
                    GMSSLX509Utils.deleteDirectory(str4);
                    logger.debug("调试文件夹删除成功");
                    logger.info("证书替换成功");
                    return YunHsmExceptionEnum.NORMAL;
                } catch (Exception e) {
                    logger.error("解析密码机CA证书链失败");
                    return YunHsmExceptionEnum.OPEN_TRAIN_CERT_P7b_IS_ERROR;
                }
            } catch (Exception e2) {
                logger.error("加密证书保护口令不能打开加密证书");
                return YunHsmExceptionEnum.ENC_PASSWORD_IS_ERROR;
            }
        } catch (Exception e3) {
            logger.error("签名证书保护口令不能打开加密证书");
            return YunHsmExceptionEnum.SIGN_PASSWORD_IS_ERROR;
        }
    }

    private static YunHsmExceptionEnum storeCert(String str, String str2, String str3, String str4, String str5, String str6) throws Exception {
        return storeCert(str, str2, new FileInputStream(new File(str3)), new FileInputStream(new File(str4)), new FileInputStream(new File(str5)), str6);
    }

    private static void writeConf(String str, String str2, int i, String str3, String str4) throws IOException {
        String property = System.getProperty("os.name");
        String str5 = str + File.separator + "confBak" + File.separator + "yunhsmsdk.conf";
        String str6 = str + File.separator + "conf" + File.separator + "yunhsmsdk.conf";
        BufferedReader bufferedReader = new BufferedReader(new FileReader(str5));
        JSONObject parseObject = JSONObject.parseObject(FileUtils.readFileToString(new File(str5), "UTF-8"));
        JSONObject jSONObject = parseObject.getJSONObject("Certificate").getJSONObject("SoftCert");
        JSONObject jSONObject2 = jSONObject.getJSONObject("SignatureCertificate");
        jSONObject2.put("pin", str3);
        JSONObject jSONObject3 = jSONObject.getJSONObject("EncryptCertificate");
        jSONObject3.put("pin", str4);
        JSONObject jSONObject4 = parseObject.getJSONObject("hsm");
        jSONObject4.put("ip", str2);
        jSONObject4.put("port", Integer.valueOf(i));
        JSONObject jSONObject5 = parseObject.getJSONObject("ssl");
        if (property.startsWith("Windows")) {
            jSONObject2.put("file", str + "\\conf\\sign_" + str3 + ".pfx");
            jSONObject3.put("file", str + "\\conf\\enc_" + str4 + ".pfx");
            jSONObject5.put("CertificatePath", str + "\\conf\\trust_chain.p7b");
        } else {
            jSONObject2.put("file", str + "/conf/sign_" + str3 + ".pfx");
            jSONObject3.put("file", str + "/conf/enc_" + str4 + ".pfx");
            jSONObject5.put("CertificatePath", str + "/conf/trust_chain.p7b");
        }
        String jSONObject6 = parseObject.toString();
        BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(str6));
        bufferedWriter.write(formatJson(jSONObject6));
        bufferedWriter.flush();
        bufferedReader.close();
        bufferedWriter.close();
        logger.info("配置文件改写成功");
    }

    public static YunHsmExceptionEnum testConnect(String str, int i) {
        try {
            if (!isHostConnectable(str, i)) {
                return YunHsmExceptionEnum.TELNET_PORT_FAILURE;
            }
            YunhsmSdfSDK yunhsmSdfSDK = new YunhsmSdfSDK();
            yunhsmSdfSDK.init();
            yunhsmSdfSDK.getDeviceInfo();
            yunhsmSdfSDK.release();
            logger.info("connect yunhsm is successful");
            return YunHsmExceptionEnum.NORMAL;
        } catch (SdfSDKException e) {
            logger.error("open device is failure");
            return YunHsmExceptionEnum.OPEN_DEVICE_IS_FAILURE;
        }
    }

    public static boolean testConnect() {
        YunhsmSdfSDK yunhsmSdfSDK = new YunhsmSdfSDK();
        try {
            yunhsmSdfSDK.init();
            yunhsmSdfSDK.getDeviceInfo();
            yunhsmSdfSDK.release();
            logger.info("connect yunhsm is successful");
            return true;
        } catch (SdfSDKException e) {
            logger.error("open device is failure");
            return false;
        }
    }

    private static boolean isHostConnectable(String str, int i) {
        Socket socket = new Socket();
        try {
            socket.connect(new InetSocketAddress(str, i));
            try {
                socket.close();
                return true;
            } catch (IOException e) {
                return true;
            }
        } catch (IOException e2) {
            try {
                socket.close();
            } catch (IOException e3) {
            }
            return false;
        } catch (Throwable th) {
            try {
                socket.close();
            } catch (IOException e4) {
            }
            throw th;
        }
    }

    private static String formatJson(String str) {
        if (null == str || "".equals(str)) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        char c = 0;
        int i = 0;
        for (int i2 = 0; i2 < str.length(); i2++) {
            char c2 = c;
            c = str.charAt(i2);
            switch (c) {
                case ',':
                    sb.append(c);
                    if (c2 != '\\') {
                        sb.append('\n');
                        addIndentBlank(sb, i);
                        break;
                    } else {
                        break;
                    }
                case '[':
                case '{':
                    sb.append(c);
                    sb.append('\n');
                    i++;
                    addIndentBlank(sb, i);
                    break;
                case ']':
                case '}':
                    sb.append('\n');
                    i--;
                    addIndentBlank(sb, i);
                    sb.append(c);
                    break;
                default:
                    sb.append(c);
                    break;
            }
        }
        return sb.toString();
    }

    private static void addIndentBlank(StringBuilder sb, int i) {
        for (int i2 = 0; i2 < i; i2++) {
            sb.append('\t');
        }
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
