package com.xdja.pki.gmssl.hsm.init;

import com.xdja.pki.gmssl.core.utils.GMSSLFileUtils;
import com.xdja.pki.gmssl.crypto.init.GMSSLHSMConstants;
import com.xdja.pki.gmssl.crypto.init.GMSSLPkiCryptoInit;
import com.xdja.pki.gmssl.http.GMSSLHttpsClient;
import com.xdja.pki.gmssl.http.bean.GMSSLHttpRequest;
import com.xdja.pki.gmssl.http.bean.GMSSLHttpResponse;
import com.xdja.pki.gmssl.http.bean.GMSSLHttpsClientConfig;
import com.xdja.pki.gmssl.keystore.utils.GMSSLKeyStoreUtils;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/xdja/pki/gmssl/hsm/init/GMSSLHSMInit.class */
public class GMSSLHSMInit {
    private static Logger logger = LoggerFactory.getLogger(GMSSLHSMInit.class);

    public static boolean isHSMOpen() {
        boolean exists = GMSSLHSMConstants.CONFIG_PATH_FILE.exists();
        if (logger.isDebugEnabled()) {
            logger.debug("hsm open {}", Boolean.valueOf(exists));
        }
        return exists;
    }

    public static boolean initConfigFile(String str, String str2, String str3, String str4, FileInputStream fileInputStream, FileInputStream fileInputStream2, FileInputStream fileInputStream3) {
        if (!isHSMOpen()) {
            return false;
        }
        try {
            GMSSLHSMConfig saveConfig = saveConfig(str, str2, str3, str4, fileInputStream, fileInputStream2, fileInputStream3);
            if (logger.isDebugEnabled()) {
                logger.debug("save gmssl hsm config {}", saveConfig);
            }
            getKeystore(saveConfig);
            return true;
        } catch (Exception e) {
            logger.error("init hsm connection error!", e);
            return false;
        }
    }

    public static void updateKeyFile() throws Exception {
        if (isHSMOpen()) {
            getKeystore(GMSSLHSMConfig.parseConfig(GMSSLHSMConstants.CONFIG_FILE_PATH));
        }
    }

    public static boolean testHSMConnect(String str, String str2, String str3, String str4, FileInputStream fileInputStream, FileInputStream fileInputStream2, FileInputStream fileInputStream3) {
        if (!isHSMOpen()) {
            return false;
        }
        try {
            GMSSLHSMConfig generateConfig = generateConfig(str, str2, str3, str4, fileInputStream, fileInputStream2, fileInputStream3);
            boolean z = getKeystoreFromServer(generateConfig) != null;
            if (logger.isDebugEnabled()) {
                logger.debug("test connect config={}, isConnect={}", generateConfig, Boolean.valueOf(z));
            }
            return z;
        } catch (Exception e) {
            logger.error("test hsm connection error!", e);
            return false;
        }
    }

    public static boolean testHSMConnect() throws Exception {
        if (!isHSMOpen()) {
            return false;
        }
        GMSSLHSMConfig parseConfig = GMSSLHSMConfig.parseConfig(GMSSLHSMConstants.CONFIG_FILE_PATH);
        boolean z = getKeystoreFromServer(parseConfig) != null;
        if (logger.isDebugEnabled()) {
            logger.debug("test connect config={}, isConnect={}", parseConfig, Boolean.valueOf(z));
        }
        return z;
    }

    private static GMSSLHSMConfig generateConfig(String str, String str2, String str3, String str4, FileInputStream fileInputStream, FileInputStream fileInputStream2, FileInputStream fileInputStream3) throws IOException {
        GMSSLHSMConfig gMSSLHSMConfig = null;
        if (GMSSLHSMConstants.CONFIG_FILE.exists()) {
            gMSSLHSMConfig = GMSSLHSMConfig.parseConfig(GMSSLHSMConstants.CONFIG_FILE_PATH);
        }
        GMSSLHSMConfig gMSSLHSMConfig2 = new GMSSLHSMConfig();
        gMSSLHSMConfig2.setIp(str);
        gMSSLHSMConfig2.setPort(str2);
        if (fileInputStream != null) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            IOUtils.copy(fileInputStream, byteArrayOutputStream);
            GMSSLFileUtils.writeFile(GMSSLHSMConstants.CONFIG_PATH + "sign.pfx", byteArrayOutputStream.toByteArray());
        }
        gMSSLHSMConfig2.setSignPath("sign.pfx");
        gMSSLHSMConfig2.setSignType("PKCS12");
        gMSSLHSMConfig2.setSignProvider("BC");
        if (str3 != null) {
            gMSSLHSMConfig2.setSignPassword(str3);
        } else if (gMSSLHSMConfig != null) {
            gMSSLHSMConfig2.setSignPassword(gMSSLHSMConfig.getSignPassword());
        } else {
            logger.error("generateConfig signPfxPassword is null");
        }
        if (fileInputStream2 != null) {
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            IOUtils.copy(fileInputStream2, byteArrayOutputStream2);
            GMSSLFileUtils.writeFile(GMSSLHSMConstants.CONFIG_PATH + "enc.pfx", byteArrayOutputStream2.toByteArray());
        }
        gMSSLHSMConfig2.setEncPath("enc.pfx");
        gMSSLHSMConfig2.setEncType("PKCS12");
        gMSSLHSMConfig2.setEncProvider("BC");
        if (str4 != null) {
            gMSSLHSMConfig2.setEncPassword(str4);
        } else if (gMSSLHSMConfig != null) {
            gMSSLHSMConfig2.setEncPassword(gMSSLHSMConfig.getEncPassword());
        } else {
            logger.error("generateConfig encPfxPassword is null");
        }
        if (fileInputStream3 != null) {
            ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
            IOUtils.copy(fileInputStream3, byteArrayOutputStream3);
            GMSSLFileUtils.writeFile(GMSSLHSMConstants.CONFIG_PATH + "trust.p7b", byteArrayOutputStream3.toByteArray());
        }
        gMSSLHSMConfig2.setTrustPath("trust.p7b");
        gMSSLHSMConfig2.setTrustType("PKCS7");
        gMSSLHSMConfig2.setTrustProvider("BC");
        gMSSLHSMConfig2.setTrustPassword("");
        gMSSLHSMConfig2.setKeyStorePassword("xdja1234");
        return gMSSLHSMConfig2;
    }

    private static GMSSLHSMConfig saveConfig(String str, String str2, String str3, String str4, FileInputStream fileInputStream, FileInputStream fileInputStream2, FileInputStream fileInputStream3) throws IOException {
        GMSSLHSMConfig generateConfig = generateConfig(str, str2, str3, str4, fileInputStream, fileInputStream2, fileInputStream3);
        generateConfig.saveConfig(GMSSLHSMConstants.CONFIG_FILE_PATH);
        if (logger.isDebugEnabled()) {
            logger.debug("save gmssl hsm config {}", generateConfig);
        }
        return generateConfig;
    }

    private static void getKeystore(GMSSLHSMConfig gMSSLHSMConfig) throws Exception {
        KeyStore keystoreFromServer = getKeystoreFromServer(gMSSLHSMConfig);
        if (logger.isDebugEnabled()) {
            logger.debug("get gmssl hsm keystore from server keystore isNull {}", Boolean.valueOf(keystoreFromServer == null));
        }
        if (keystoreFromServer == null) {
            keystoreFromServer = getKeystoreFromFile();
            if (logger.isDebugEnabled()) {
                logger.debug("get gmssl hsm keystore from config keystore isNull {}", Boolean.valueOf(keystoreFromServer == null));
            }
            if (keystoreFromServer == null) {
                logger.error("Fail to get keyStore from HSM-SERVER and Can`t find local file. \nNow will be exit.\nYou can You can manually place files under {} and restart application", GMSSLHSMConstants.HSM_KEYSTORE_PATH);
                System.exit(-1);
                return;
            }
        }
        GMSSLPkiCryptoInit.setHsmKeyStore(keystoreFromServer);
        if (logger.isDebugEnabled()) {
            logger.debug("set gmssl hsm keystore success");
        }
    }

    private static KeyStore getKeystoreFromServer(GMSSLHSMConfig gMSSLHSMConfig) throws Exception {
        GMSSLHttpsClientConfig gMSSLHttpsClientConfig = new GMSSLHttpsClientConfig();
        KeyStore keyStore = gMSSLHSMConfig.getKeyStore();
        gMSSLHttpsClientConfig.setTrustStore(gMSSLHSMConfig.getTrustKeyStore());
        gMSSLHttpsClientConfig.setTrustStorePassword(gMSSLHSMConfig.getTrustPassword());
        gMSSLHttpsClientConfig.setTrustStoreType("BKS");
        gMSSLHttpsClientConfig.setSslProtocol("GMSSLv1.1");
        gMSSLHttpsClientConfig.setClientKeyStoreType("BKS");
        gMSSLHttpsClientConfig.setSslEnabled(true);
        gMSSLHttpsClientConfig.setClientKeyStore(keyStore);
        gMSSLHttpsClientConfig.setClientKeyStorePassword("xdja1234");
        GMSSLHttpsClient gMSSLHttpsClient = new GMSSLHttpsClient(gMSSLHttpsClientConfig);
        GMSSLHttpRequest gMSSLHttpRequest = new GMSSLHttpRequest();
        gMSSLHttpRequest.setUrl("https://$IP$:$PORT$/v1/keys".replace("$IP$", gMSSLHSMConfig.getIp()).replace("$PORT$", gMSSLHSMConfig.getPort()));
        GMSSLHttpResponse gMSSLHttpResponse = gMSSLHttpsClient.get(gMSSLHttpRequest);
        byte[] body = gMSSLHttpResponse.getBody();
        if (logger.isDebugEnabled()) {
            logger.debug("get gmssl hsm keystore from server response statusCode={},  statusMessage={}", Integer.valueOf(gMSSLHttpResponse.getStatusCode()), gMSSLHttpResponse.getStatusMessage());
        }
        if (gMSSLHttpResponse.getStatusCode() != 200 || body == null) {
            logger.error("get hsm server keyStore error, now use local keyStore! statusCode={}, body isNull={}", Integer.valueOf(gMSSLHttpResponse.getStatusCode()), Boolean.valueOf(body == null));
            return null;
        }
        KeyStore readKeyStoreFromBytes = GMSSLKeyStoreUtils.readKeyStoreFromBytes("xdja1234".toCharArray(), "BKS", body);
        GMSSLKeyStoreUtils.saveGMSSLKeyStoreFullName(readKeyStoreFromBytes, "xdja1234", GMSSLHSMConstants.HSM_KEYSTORE_PATH);
        return readKeyStoreFromBytes;
    }

    private static KeyStore getKeystoreFromFile() throws Exception {
        if (GMSSLHSMConstants.HSM_KEYSTORE_FILE.exists()) {
            return GMSSLKeyStoreUtils.readKeyStoreFromPath(GMSSLHSMConstants.HSM_KEYSTORE_PATH, "xdja1234".toCharArray());
        }
        return null;
    }
}
