package com.xdja.pki.gmssl.sdf.yunhsm.utils;

import com.alibaba.fastjson.JSONObject;
import com.xdja.pki.gmssl.core.utils.GMSSLFileUtils;
import com.xdja.pki.gmssl.core.utils.GMSSLHttpUtils;
import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import com.xdja.pki.gmssl.keystore.utils.GMSSLKeyStoreUtils;
import com.xdja.pki.gmssl.sdf.SdfSDKException;
import com.xdja.pki.gmssl.sdf.yunhsm.YunhsmSdfSDK;
import com.xdja.pki.gmssl.sdf.yunhsm.pool.HsmConnectionProviderImpl;
import com.xdja.pki.gmssl.x509.utils.GMSSLX500NameUtils;
import com.xdja.pki.gmssl.x509.utils.bean.YunHsmExceptionEnum;
import com.xdja.pki.gmssl.x509.utils.bean.YunHsmInfoEntry;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/xdja/pki/gmssl/sdf/yunhsm/utils/GMSSLYunHsmUtils.class */
public class GMSSLYunHsmUtils {
    private static Logger logger = LoggerFactory.getLogger(GMSSLYunHsmUtils.class);

    public static YunHsmExceptionEnum initYunHsmConfigAndTestConnect(String str, int i, String str2, String str3, String str4, String str5, String str6) throws Exception {
        return initYunHsmConfigAndTestConnect(getYunHsmPath(), str, i, str2, str3, str4, str5, str6);
    }

    public static YunHsmExceptionEnum initYunHsmConfigAndTestConnect(String str, String str2, int i, String str3, String str4, String str5, String str6, String str7) throws Exception {
        return initYunHsmConfigAndTestConnect(str, str2, i, str3, str4, new FileInputStream(new File(str5)), new FileInputStream(new File(str6)), new FileInputStream(new File(str7)));
    }

    public static YunHsmExceptionEnum initYunHsmConfigAndTestConnect(String str, int i, String str2, String str3, FileInputStream fileInputStream, FileInputStream fileInputStream2, FileInputStream fileInputStream3) throws Exception {
        return initYunHsmConfigAndTestConnect(getYunHsmPath(), str, i, str2, str3, fileInputStream, fileInputStream2, fileInputStream3);
    }

    public static YunHsmExceptionEnum initYunHsmConfigAndTestConnect(String str, String str2, int i, String str3, String str4, FileInputStream fileInputStream, FileInputStream fileInputStream2, FileInputStream fileInputStream3) throws Exception {
        ByteArrayInputStream byteArrayInputStream = null;
        ByteArrayInputStream byteArrayInputStream2 = null;
        ByteArrayInputStream byteArrayInputStream3 = null;
        if (fileInputStream != null) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            IOUtils.copy(fileInputStream, byteArrayOutputStream);
            byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
        }
        if (fileInputStream2 != null) {
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            IOUtils.copy(fileInputStream2, byteArrayOutputStream2);
            byteArrayInputStream2 = new ByteArrayInputStream(byteArrayOutputStream2.toByteArray());
        }
        if (fileInputStream3 != null) {
            ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
            IOUtils.copy(fileInputStream3, byteArrayOutputStream3);
            byteArrayInputStream3 = new ByteArrayInputStream(byteArrayOutputStream3.toByteArray());
        }
        YunHsmExceptionEnum testConnect = testConnect(str, str2, i, str3, str4, byteArrayInputStream, byteArrayInputStream2, byteArrayInputStream3, false);
        if (!YunHsmExceptionEnum.NORMAL.equals(testConnect)) {
            return testConnect;
        }
        HsmConnectionProviderImpl.getInstance().reopen();
        logger.info("初始化配置文件成功");
        return testConnect;
    }

    public static YunHsmExceptionEnum testConnect(String str, int i, String str2, String str3, FileInputStream fileInputStream, FileInputStream fileInputStream2, FileInputStream fileInputStream3) throws Exception {
        return testConnect(getYunHsmPath(), str, i, str2, str3, fileInputStream, fileInputStream2, fileInputStream3);
    }

    public static YunHsmExceptionEnum testConnect(String str, int i, String str2, String str3, String str4, String str5, String str6) throws Exception {
        return testConnect(getYunHsmPath(), str, i, str2, str3, str4, str5, str6);
    }

    public static YunHsmExceptionEnum testConnect(String str, String str2, int i, String str3, String str4, String str5, String str6, String str7) throws Exception {
        return testConnect(str, str2, i, str3, str4, new FileInputStream(new File(str5)), new FileInputStream(new File(str6)), new FileInputStream(new File(str7)));
    }

    public static YunHsmExceptionEnum testConnect(String str, String str2, int i, String str3, String str4, InputStream inputStream, InputStream inputStream2, InputStream inputStream3) throws Exception {
        return testConnect(str, str2, i, str3, str4, inputStream, inputStream2, inputStream3, true);
    }

    private static YunHsmExceptionEnum testConnect(String str, String str2, int i, String str3, String str4, InputStream inputStream, InputStream inputStream2, InputStream inputStream3, boolean z) throws Exception {
        String str5 = str + File.separator + "conf" + File.separator;
        writeConf(str, str2, i, str3, str4, str5);
        YunHsmExceptionEnum storeCert = storeCert(str3, str4, inputStream, inputStream2, inputStream3, str, str5);
        if (!YunHsmExceptionEnum.NORMAL.equals(storeCert)) {
            logger.info("配置文件校验失败 {}", storeCert);
            resetYunHsm(str);
            return storeCert;
        }
        YunHsmExceptionEnum testConnectWithConf = testConnectWithConf(str2, i, str5);
        if (!YunHsmExceptionEnum.NORMAL.equals(testConnectWithConf)) {
            resetYunHsm(str);
            return testConnectWithConf;
        }
        if (z) {
            resetYunHsm();
        }
        return testConnectWithConf;
    }

    public static YunHsmExceptionEnum testConnect(String str, int i) {
        try {
            logger.debug("开始测试链接 配置文件路径 host={} port={}", str, Integer.valueOf(i));
            if (!GMSSLHttpUtils.isHostConnectivity(str, i)) {
                return YunHsmExceptionEnum.TELNET_PORT_FAILURE;
            }
            YunhsmSdfSDK yunhsmSdfSDK = new YunhsmSdfSDK();
            yunhsmSdfSDK.init();
            yunhsmSdfSDK.testConnect();
            yunhsmSdfSDK.release();
            logger.info("测试链接成功 host={} port={}", str, Integer.valueOf(i));
            return YunHsmExceptionEnum.NORMAL;
        } catch (SdfSDKException e) {
            logger.error("测试链接失败，打开设备失败", e);
            return YunHsmExceptionEnum.OPEN_DEVICE_IS_FAILURE;
        }
    }

    public static YunHsmExceptionEnum testConnectWithConf(String str, int i, String str2) {
        if (!str2.endsWith(File.separator)) {
            str2 = str2 + File.separator;
        }
        String str3 = str2 + "yunhsmsdk.conf";
        try {
            logger.debug("开始测试链接 配置文件路径 host={} port={} confPath={}", new Object[]{str, Integer.valueOf(i), str3});
            if (!GMSSLHttpUtils.isHostConnectivity(str, i)) {
                return YunHsmExceptionEnum.TELNET_PORT_FAILURE;
            }
            YunhsmSdfSDK yunhsmSdfSDK = new YunhsmSdfSDK();
            yunhsmSdfSDK.init();
            yunhsmSdfSDK.testConnect(str3);
            yunhsmSdfSDK.release();
            logger.info("测试链接成功 host={} port={} confPath={}", new Object[]{str, Integer.valueOf(i), str3});
            return YunHsmExceptionEnum.NORMAL;
        } catch (SdfSDKException e) {
            logger.error("测试链接失败，打开设备失败，host={} port={} confPath={}", new Object[]{str, Integer.valueOf(i), str3, e});
            return YunHsmExceptionEnum.OPEN_DEVICE_IS_FAILURE;
        }
    }

    public static boolean testConnect() {
        try {
            YunhsmSdfSDK yunhsmSdfSDK = new YunhsmSdfSDK();
            yunhsmSdfSDK.init();
            yunhsmSdfSDK.testConnect();
            yunhsmSdfSDK.release();
            logger.info("测试链接成功");
            return true;
        } catch (SdfSDKException e) {
            logger.error("测试链接失败，打开设备失败", e);
            return false;
        }
    }

    public static void resetYunHsm() throws IOException {
        resetYunHsm(getYunHsmPath());
    }

    public static void resetYunHsm(String str) throws IOException {
        String str2 = str + File.separator + "confBak" + File.separator;
        String str3 = str + File.separator + "conf" + File.separator;
        if (!new File(str2).exists()) {
            logger.info("密码机未进行任何配置，无需初始化");
            return;
        }
        GMSSLFileUtils.deleteDirectory(str3);
        new File(str3).mkdir();
        GMSSLFileUtils.copyDir(str2, str3);
        GMSSLFileUtils.deleteDirectory(str2);
        logger.info("密码机初始化成功");
    }

    public static YunHsmInfoEntry getYunHsmInfo() throws IOException {
        return getYunHsmInfo(getYunHsmPath());
    }

    public static YunHsmInfoEntry getYunHsmInfo(String str) throws IOException {
        String str2 = str + File.separator + "conf" + File.separator + "yunhsmsdk.conf";
        YunHsmInfoEntry yunHsmInfoEntry = new YunHsmInfoEntry();
        JSONObject parseObject = JSONObject.parseObject(FileUtils.readFileToString(new File(str2), "UTF-8"));
        JSONObject jSONObject = parseObject.getJSONObject("Certificate").getJSONObject("SoftCert");
        JSONObject jSONObject2 = jSONObject.getJSONObject("SignatureCertificate");
        yunHsmInfoEntry.setSignCertPassword(jSONObject2.getString("pin"));
        String string = jSONObject2.getString("file");
        yunHsmInfoEntry.setSignCertName(string.substring(string.indexOf("sign")));
        JSONObject jSONObject3 = jSONObject.getJSONObject("EncryptCertificate");
        yunHsmInfoEntry.setEncCertPassword(jSONObject3.getString("pin"));
        String string2 = jSONObject3.getString("file");
        yunHsmInfoEntry.setEncCertName(string2.substring(string2.indexOf("enc")));
        JSONObject jSONObject4 = parseObject.getJSONObject("hsm");
        yunHsmInfoEntry.setServerIp(jSONObject4.getString("ip"));
        yunHsmInfoEntry.setServerPort(Integer.valueOf(jSONObject4.getString("port")).intValue());
        String string3 = parseObject.getJSONObject("ssl").getString("CertificatePath");
        yunHsmInfoEntry.setCaCertName(string3.substring(string3.indexOf("trust")));
        yunHsmInfoEntry.setYunHsmType("信大捷安服务器密码机");
        return yunHsmInfoEntry;
    }

    private static void deleteConDir(String str) {
        File file = new File(str + File.separator + "conf");
        if (file.exists()) {
            GMSSLFileUtils.deleteDirectory(str + File.separator + "conf");
        }
        file.mkdir();
    }

    private static String getYunHsmPath() {
        String str;
        if (System.getProperty("os.name").startsWith("Windows")) {
            str = "C:\\Program Files (x86)\\yunhsmsdk";
            if (!new File(str).exists()) {
                str = "C:\\Program Files\\yunhsmsdk";
            }
        } else {
            str = "/usr/local/yunhsmsdk";
        }
        return str;
    }

    private static void backUpConf(String str) throws IOException {
        String str2 = str + File.separator + "confBak" + File.separator;
        String str3 = str + File.separator + "conf" + File.separator;
        logger.info("confFile 备份成功");
        GMSSLFileUtils.copyDir(str3, str2);
        logger.info("备份成功");
    }

    private static YunHsmExceptionEnum storeCert(String str, String str2, InputStream inputStream, InputStream inputStream2, InputStream inputStream3, String str3, String str4) throws Exception {
        YunHsmInfoEntry yunHsmInfo = getYunHsmInfo(str3);
        if (inputStream == null) {
            inputStream = new FileInputStream(new File(str3 + File.separator + "conf" + File.separator + yunHsmInfo.getSignCertName()));
        }
        if (inputStream2 == null) {
            inputStream2 = new FileInputStream(new File(str3 + File.separator + "conf" + File.separator + yunHsmInfo.getEncCertName()));
        }
        if (inputStream3 == null) {
            inputStream3 = new FileInputStream(new File(str3 + File.separator + "conf" + File.separator + yunHsmInfo.getCaCertName()));
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        IOUtils.copy(inputStream, byteArrayOutputStream);
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        IOUtils.copy(inputStream2, byteArrayOutputStream2);
        ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
        IOUtils.copy(inputStream3, byteArrayOutputStream3);
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
            KeyStore keyStore = KeyStore.getInstance("pkcs12", "BC");
            keyStore.load(byteArrayInputStream, str.toCharArray());
            logger.info("签名PFX 解析成功");
            try {
                ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(byteArrayOutputStream2.toByteArray());
                KeyStore keyStore2 = KeyStore.getInstance("pkcs12", "BC");
                keyStore2.load(byteArrayInputStream2, str2.toCharArray());
                logger.info("加密PFX 解析成功");
                try {
                    List certsByCertChain = GMSSLX509Utils.getCertsByCertChain(new ByteArrayInputStream(byteArrayOutputStream3.toByteArray()));
                    List readCertificatesFromP12 = GMSSLX509Utils.readCertificatesFromP12(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), str.toCharArray());
                    for (int i = 0; i < readCertificatesFromP12.size(); i++) {
                        X509Certificate x509Certificate = (X509Certificate) readCertificatesFromP12.get(i);
                        boolean[] zArr = {true, true, false, false, false, false, false, false, false};
                        boolean[] keyUsage = x509Certificate.getKeyUsage();
                        if (!Arrays.equals(zArr, keyUsage)) {
                            logger.error("签名证书密钥用途错误，应为 {}, 配置文件为 {}", zArr, keyUsage);
                            return YunHsmExceptionEnum.SIGN_CERT_KEY_USAGE_IS_ERROR;
                        }
                        if (!GMSSLX509Utils.verifyCert(x509Certificate, certsByCertChain)) {
                            logger.error("第 {} 个签名证书 {} 验签失败", Integer.valueOf(i), GMSSLX500NameUtils.getRFCStyleSubjectDN(x509Certificate));
                            return YunHsmExceptionEnum.SIGN_CERT_VERIFY_IS_ERROR;
                        }
                    }
                    logger.info("签名证书验签全部通过");
                    List readCertificatesFromP122 = GMSSLX509Utils.readCertificatesFromP12(new ByteArrayInputStream(byteArrayOutputStream2.toByteArray()), str2.toCharArray());
                    for (int i2 = 0; i2 < readCertificatesFromP122.size(); i2++) {
                        X509Certificate x509Certificate2 = (X509Certificate) readCertificatesFromP122.get(i2);
                        boolean[] zArr2 = {false, false, true, true, true, false, false, false, false};
                        boolean[] keyUsage2 = x509Certificate2.getKeyUsage();
                        if (!Arrays.equals(zArr2, keyUsage2)) {
                            logger.error("加密证书密钥用途错误，应为 {}, 配置文件为 {}", zArr2, keyUsage2);
                            return YunHsmExceptionEnum.ENC_CERT_KEY_USAGE_IS_ERROR;
                        }
                        if (!GMSSLX509Utils.verifyCert((X509Certificate) readCertificatesFromP122.get(i2), certsByCertChain)) {
                            logger.error("第 {} 个加密证书 {} 验签失败", Integer.valueOf(i2), GMSSLX500NameUtils.getRFCStyleSubjectDN(x509Certificate2));
                            return YunHsmExceptionEnum.ENC_CERT_VERIFY_IS_ERROR;
                        }
                    }
                    logger.info("加密证书验签全部通过");
                    File file = new File(str4);
                    if (!file.exists()) {
                        file.mkdirs();
                    }
                    String str5 = "sign_" + str;
                    String str6 = "enc_" + str2;
                    GMSSLKeyStoreUtils.saveGMSSLPfx(keyStore, str, str4, str5);
                    GMSSLKeyStoreUtils.saveGMSSLPfx(keyStore2, str2, str4, str6);
                    GMSSLFileUtils.copyFile(new ByteArrayInputStream(byteArrayOutputStream3.toByteArray()), str4 + File.separator + "trust_chain.p7b");
                    logger.info("签名PFX {}、加密PFX {}、信任证书链 {} 写入 {} 成功", new Object[]{str5, str6, "trust_chain.p7b", str4});
                    return YunHsmExceptionEnum.NORMAL;
                } catch (Exception e) {
                    logger.error("解析密码机CA证书链失败", e);
                    return YunHsmExceptionEnum.OPEN_TRAIN_CERT_P7b_IS_ERROR;
                }
            } catch (Exception e2) {
                logger.error("加密证书保护口令不能打开加密证书", e2);
                return YunHsmExceptionEnum.ENC_PASSWORD_IS_ERROR;
            }
        } catch (Exception e3) {
            logger.error("签名证书保护口令不能打开加密证书", e3);
            return YunHsmExceptionEnum.SIGN_PASSWORD_IS_ERROR;
        }
    }

    private static void writeConf(String str, String str2, int i, String str3, String str4, String str5) throws IOException {
        backUpConf(str);
        String property = System.getProperty("os.name");
        String str6 = str + File.separator + "confBak" + File.separator + "yunhsmsdk.conf";
        String str7 = str5 + File.separator + "yunhsmsdk.conf";
        BufferedReader bufferedReader = new BufferedReader(new FileReader(str6));
        JSONObject parseObject = JSONObject.parseObject(FileUtils.readFileToString(new File(str6), "UTF-8"));
        JSONObject jSONObject = parseObject.getJSONObject("Certificate").getJSONObject("SoftCert");
        JSONObject jSONObject2 = jSONObject.getJSONObject("SignatureCertificate");
        jSONObject2.put("pin", str3);
        JSONObject jSONObject3 = jSONObject.getJSONObject("EncryptCertificate");
        jSONObject3.put("pin", str4);
        JSONObject jSONObject4 = parseObject.getJSONObject("hsm");
        jSONObject4.put("ip", str2);
        jSONObject4.put("port", Integer.valueOf(i));
        JSONObject jSONObject5 = parseObject.getJSONObject("ssl");
        if (property.startsWith("Windows")) {
            jSONObject2.put("file", str5 + "\\sign_" + str3 + ".pfx");
            jSONObject3.put("file", str5 + "\\enc_" + str4 + ".pfx");
            jSONObject5.put("CertificatePath", str5 + "\\trust_chain.p7b");
        } else {
            jSONObject2.put("file", str5 + "/sign_" + str3 + ".pfx");
            jSONObject3.put("file", str5 + "/enc_" + str4 + ".pfx");
            jSONObject5.put("CertificatePath", str5 + "/trust_chain.p7b");
        }
        String jSONObject6 = parseObject.toString();
        BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(str7));
        bufferedWriter.write(formatJson(jSONObject6));
        bufferedWriter.flush();
        bufferedReader.close();
        bufferedWriter.close();
        logger.info("配置文件写入 {} 成功", str5);
    }

    public static String formatJson(String str) {
        if (null == str || "".equals(str)) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        char c = 0;
        int i = 0;
        for (int i2 = 0; i2 < str.length(); i2++) {
            char c2 = c;
            c = str.charAt(i2);
            switch (c) {
                case ',':
                    sb.append(c);
                    if (c2 != '\\') {
                        sb.append('\n');
                        addIndentBlank(sb, i);
                        break;
                    } else {
                        break;
                    }
                case '[':
                case '{':
                    sb.append(c);
                    sb.append('\n');
                    i++;
                    addIndentBlank(sb, i);
                    break;
                case ']':
                case '}':
                    sb.append('\n');
                    i--;
                    addIndentBlank(sb, i);
                    sb.append(c);
                    break;
                default:
                    sb.append(c);
                    break;
            }
        }
        return sb.toString();
    }

    private static void addIndentBlank(StringBuilder sb, int i) {
        for (int i2 = 0; i2 < i; i2++) {
            sb.append('\t');
        }
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
