package com.xdja.pki.common.util.tomcat;

import com.xdja.pki.common.util.GmUtil;
import java.io.File;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import org.apache.catalina.Globals;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.backoff.ExponentialBackOff;

/* loaded from: input_file:WEB-INF/lib/scms-core-1.0-SNAPSHOT.jar:com/xdja/pki/common/util/tomcat/TomcatUtil.class */
public class TomcatUtil {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) TomcatUtil.class);
    public static final String GMSSLV11 = "GMSSLV1.1";

    public static void openHttpsPortByBC(List<X509Certificate> list, X509Certificate x509Certificate, X509Certificate x509Certificate2, PrivateKey privateKey, PrivateKey privateKey2, int i) throws Exception {
        String property = System.getProperty(Globals.CATALINA_HOME_PROP);
        ServerXmlResolver serverXmlResolver = new ServerXmlResolver();
        saveKeyStore(list, x509Certificate, x509Certificate2, privateKey, privateKey2, property, String.valueOf(i), false);
        serverXmlResolver.addTomcatHttpsPort(property, "GMSSLV1.1", i);
    }

    public static void openHttpsPortByBCWithClientAuth(List<X509Certificate> list, X509Certificate x509Certificate, X509Certificate x509Certificate2, PrivateKey privateKey, PrivateKey privateKey2, String str, int i) throws Exception {
        ServerXmlResolver serverXmlResolver = new ServerXmlResolver();
        saveKeyStore(list, x509Certificate, x509Certificate2, privateKey, privateKey2, str, String.valueOf(i), false);
        serverXmlResolver.addTomcatHttpsPortWithClientAuth(str, "GMSSLV1.1", i);
    }

    public static void openHttpsPortByJKSWithRSA(List<X509Certificate> list, X509Certificate x509Certificate, X509Certificate x509Certificate2, PrivateKey privateKey, PrivateKey privateKey2, String str, int i) throws Exception {
        ServerXmlResolver serverXmlResolver = new ServerXmlResolver();
        saveKeyStore(list, x509Certificate, x509Certificate2, privateKey, privateKey2, str, String.valueOf(i), true);
        serverXmlResolver.addTomcatHttpsPortWithJks(str, i);
    }

    public static void openHttpsPortByJKSWithClientAuth(List<X509Certificate> list, X509Certificate x509Certificate, PrivateKey privateKey, int i) throws Exception {
        String property = System.getProperty(Globals.CATALINA_HOME_PROP);
        saveKeyStore(list, x509Certificate, (X509Certificate) null, privateKey, (PrivateKey) null, property, String.valueOf(i), true);
        new ServerXmlResolver().addTomcatHttpsPortWithClientAuthByJKS(property, "GMSSLV1.1", i);
    }

    public static void restart() {
        String property = System.getProperty(Globals.CATALINA_HOME_PROP);
        new Thread(() -> {
            try {
                Thread.sleep(ExponentialBackOff.DEFAULT_INITIAL_INTERVAL);
                Runtime.getRuntime().exec(property + "/bin/restart.sh");
            } catch (Exception e) {
                logger.error("重启tomcat失败", (Throwable) e);
            }
        }).start();
    }

    private static void saveKeyStore(X509Certificate x509Certificate, X509Certificate x509Certificate2, X509Certificate x509Certificate3, PrivateKey privateKey, PrivateKey privateKey2, String str, String str2, boolean z) throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        saveKeyStore(arrayList, x509Certificate2, x509Certificate3, privateKey, privateKey2, str, str2, z);
    }

    private static void saveKeyStore(List<X509Certificate> list, X509Certificate x509Certificate, X509Certificate x509Certificate2, PrivateKey privateKey, PrivateKey privateKey2, String str, String str2, boolean z) throws Exception {
        String str3 = str + File.separator + "conf" + File.separator + "cert" + File.separator + str2 + File.separator;
        File file = new File(str3);
        if (!file.exists()) {
            file.mkdirs();
        }
        KeyStore generateGMSSLKeyStoreWithJKS = z ? null == x509Certificate2 ? GmUtil.generateGMSSLKeyStoreWithJKS("password", list, "sign", privateKey, x509Certificate) : GmUtil.generateGMSSLKeyStoreWithType("password", list, "sign", privateKey, x509Certificate, "enc", privateKey2, x509Certificate2, "JKS") : GmUtil.generateGMSSLKeyStoreWithType("password", list, "sign", privateKey, x509Certificate, "enc", privateKey2, x509Certificate2, "BKS");
        for (int i = 0; i < list.size(); i++) {
            GmUtil.writeCertificateToPem(str3, "ca_" + i, list.get(i));
            GmUtil.writeObjectToPem(str3, "ca_public_" + i, list.get(i).getPublicKey());
            GmUtil.writeCertificateToCer(str3, "ca_" + i, list.get(i));
        }
        GmUtil.writeCertificateToPem(str3, "sign", x509Certificate);
        GmUtil.writeObjectToPem(str3, "sign_public", x509Certificate.getPublicKey());
        KeyStore generateGMSSLTrustStoreWithJKS = z ? GmUtil.generateGMSSLTrustStoreWithJKS(list) : GmUtil.generateGMSSLTrustStoreWithBKS(list);
        GmUtil.writeObjectToPem(str3, "sign_private", privateKey);
        if (null != x509Certificate2) {
            GmUtil.writeKeyStoreToP12(generateGMSSLKeyStoreWithJKS, "password".toCharArray(), str3, "enc");
            GmUtil.writeObjectToPem(str3, "enc_private", privateKey2);
        }
        GmUtil.printGMSSLKeyStore(generateGMSSLTrustStoreWithJKS, "password");
        GmUtil.writeKeyStoreToP12(generateGMSSLKeyStoreWithJKS, "password".toCharArray(), str3, "sign");
        GmUtil.writeKeyStoreToP12(generateGMSSLTrustStoreWithJKS, "password".toCharArray(), str3 + "/trust");
        if (null != x509Certificate2) {
            GmUtil.writeCertificateToPem(str3, "enc", x509Certificate2);
            GmUtil.writeCertificateToCer(str3, "enc", x509Certificate2);
        }
        GmUtil.writeCertificateToCer(str3, "sign", x509Certificate);
        GmUtil.saveGMSSLKeyStore(generateGMSSLKeyStoreWithJKS, "password", str3, "server");
        GmUtil.saveGMSSLKeyStore(generateGMSSLTrustStoreWithJKS, "password", str3, "trust");
    }
}
