package cfca.sadk.timestamp.client.socket;

import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.timestamp.client.conf.TscLayeredConf;
import cfca.sadk.timestamp.client.logging.TscLogging;
import cfca.sadk.timestamp.client.utils.TscStrings;
import cfca.sadk.timestamp.exception.TSAException;
import cfca.sadk.x509.certificate.X509Cert;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Enumeration;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.util.Args;

/* loaded from: input_file:cfca/sadk/timestamp/client/socket/TscSSLContextManager.class */
public final class TscSSLContextManager {
    private final String keystoreType;
    private final boolean isGMSSL;
    private X509Cert sslClientCert = null;
    private final TscSSLContext context = new TscSSLContext();

    public TscSSLContextManager(boolean z) {
        this.keystoreType = z ? "BKS" : "JKS";
        this.isGMSSL = z;
    }

    private final void initSSLKeyManager(TscLayeredConf tscLayeredConf) throws TSAException {
        TscLogging.SYSTEM_LOGGER.info("TscSSLContextManager@initSSLKeyManager starting {}", tscLayeredConf);
        Args.notNull(tscLayeredConf, "TscSSLContextManager@initSSLKeyManager tscLayeredConf");
        String str = (String) Args.notNull(tscLayeredConf.getJksKeyStoreFilePath(), "TscSSLContextManager@initSSLKeyManager jksKeyStoreFilePath");
        String str2 = (String) Args.notNull(tscLayeredConf.getJksKeyStoreFilePassword(), "TscSSLContextManager@initSSLKeyManager jksKeyStoreFilePassword");
        String keyManagerAlgorithmType = tscLayeredConf.getKeyManagerAlgorithmType(this.isGMSSL);
        TscLogging.SYSTEM_LOGGER.info("TscSSLContextManager@initSSLKeyManager AlgorithmType={}, keystoreType={}", keyManagerAlgorithmType, this.keystoreType);
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    try {
                        try {
                            char[] charArray = str2.toCharArray();
                            fileInputStream = new FileInputStream(str);
                            KeyStore keyStore = KeyStore.getInstance(this.keystoreType);
                            keyStore.load(fileInputStream, charArray);
                            this.sslClientCert = readSSLClientCert(keyStore, charArray);
                            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(keyManagerAlgorithmType);
                            keyManagerFactory.init(keyStore, charArray);
                            this.context.setKeyManager(keyManagerFactory);
                            TscLogging.SYSTEM_LOGGER.info("TscSSLContextManager@initSSLKeyManager successulluy");
                            for (int i = 0; i < charArray.length; i++) {
                                charArray[i] = 0;
                            }
                            if (fileInputStream != null) {
                                try {
                                    fileInputStream.close();
                                } catch (IOException e) {
                                    TscLogging.ERROR_LOGGER.warn("TscSSLContextManager@initSSLKeyManager not closed successfully! {}", str, e);
                                }
                            }
                        } catch (KeyStoreException e2) {
                            throw new TSAException("KeyStoreFailed jksKeyFilePath: " + str, e2);
                        }
                    } catch (NoSuchAlgorithmException e3) {
                        throw new TSAException("NoSuchAlgorithm jksKeyFilePath: " + str, e3);
                    } catch (Exception e4) {
                        throw new TSAException("ExceptionFailed jksKeyFilePath: " + str, e4);
                    }
                } catch (FileNotFoundException e5) {
                    throw new TSAException("jksKeyFilePath not found: " + str, e5);
                } catch (CertificateException e6) {
                    throw new TSAException("CertificateFailed jksKeyFilePath: " + str, e6);
                }
            } catch (IOException e7) {
                throw new TSAException("IOFailed jksKeyFilePath: " + str, e7);
            } catch (UnrecoverableKeyException e8) {
                throw new TSAException("jksFilePassword invalid: " + str2, e8);
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e9) {
                    TscLogging.ERROR_LOGGER.warn("TscSSLContextManager@initSSLKeyManager not closed successfully! {}", str, e9);
                }
            }
            throw th;
        }
    }

    final void initSSLTrustManager(TscLayeredConf tscLayeredConf) throws TSAException {
        TscLogging.SYSTEM_LOGGER.info("TscSSLContextManager@initSSLTrustManager starting {}", tscLayeredConf);
        Args.notNull(tscLayeredConf, "TscSSLContextManager@initSSLKeyManager layeredConf");
        String str = (String) Args.notNull(tscLayeredConf.getJksTrustFilePath(), "TscSSLContextManager@initSSLKeyManager JksTrustFilePath");
        String str2 = (String) Args.notNull(tscLayeredConf.getJksTrustFilePassword(), "TscSSLContextManager@initSSLKeyManager JksTrustFilePassword");
        String trustManagerAlgorithmType = tscLayeredConf.getTrustManagerAlgorithmType(this.isGMSSL);
        TscLogging.SYSTEM_LOGGER.info("TscSSLContextManager@initSSLTrustManager AlgorithmType={}, keystoreType={}", trustManagerAlgorithmType, this.keystoreType);
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    try {
                        try {
                            try {
                                try {
                                    KeyStore keyStore = KeyStore.getInstance(this.keystoreType);
                                    fileInputStream = new FileInputStream(str);
                                    keyStore.load(fileInputStream, str2.toCharArray());
                                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(trustManagerAlgorithmType);
                                    trustManagerFactory.init(keyStore);
                                    this.context.setTrustManager(trustManagerFactory);
                                    TscLogging.SYSTEM_LOGGER.info("TscSSLContextManager@initSSLTrustManager successulluy");
                                    if (fileInputStream != null) {
                                        try {
                                            fileInputStream.close();
                                        } catch (IOException e) {
                                            TscLogging.ERROR_LOGGER.warn("TscSSLContextManager@initSSLTrustManager not closed successfully! {}", str, e);
                                        }
                                    }
                                } catch (Throwable th) {
                                    if (fileInputStream != null) {
                                        try {
                                            fileInputStream.close();
                                        } catch (IOException e2) {
                                            TscLogging.ERROR_LOGGER.warn("TscSSLContextManager@initSSLTrustManager not closed successfully! {}", str, e2);
                                        }
                                    }
                                    throw th;
                                }
                            } catch (IOException e3) {
                                throw new TSAException("IOFailed jksTrustFilePath: " + str, e3);
                            }
                        } catch (KeyStoreException e4) {
                            throw new TSAException("KeyStoreFailed jksTrustFilePath: " + str, e4);
                        }
                    } catch (NoSuchAlgorithmException e5) {
                        throw new TSAException("NoSuchAlgorithm jksTrustFilePath: " + str, e5);
                    }
                } catch (FileNotFoundException e6) {
                    throw new TSAException("jksTrustFilePath not found: " + str, e6);
                }
            } catch (Exception e7) {
                throw new TSAException("ExceptionFailed jksTrustFilePath: " + str, e7);
            }
        } catch (CertificateException e8) {
            throw new TSAException("CertificateFailed jksTrustFilePath: " + str, e8);
        }
    }

    final void initSSLContext(String str) throws TSAException {
        this.context.initContext(str);
    }

    public static final TscSSLContextManager buildTscSSLContextManager(TscLayeredConf tscLayeredConf) throws TSAException {
        Args.notNull(tscLayeredConf, "TscSSLContextManager@buildTscSSLContextManager layeredConf");
        TscSSLContextManager tscSSLContextManager = new TscSSLContextManager(tscLayeredConf.isGMSSL());
        if (!TscStrings.isEmpty(tscLayeredConf.getJksTrustFilePath())) {
            TscLogging.SYSTEM_LOGGER.info("TscSSLContextManager@buildTscSSLContextManager running");
            tscSSLContextManager.initSSLTrustManager(tscLayeredConf);
            if (!TscStrings.isEmpty(tscLayeredConf.getJksKeyStoreFilePath())) {
                tscSSLContextManager.initSSLKeyManager(tscLayeredConf);
            }
            tscSSLContextManager.initSSLContext(tscLayeredConf.getSslProtocol());
            TscLogging.SYSTEM_LOGGER.info("TscSSLContextManager@buildTscSSLContextManager successulluy");
        }
        return tscSSLContextManager;
    }

    public final SSLContext sslContextWithNotExpiredCert() throws TSAException {
        verifyCertExpiredDate(this.sslClientCert);
        return this.context.getContext();
    }

    private final X509Cert readSSLClientCert(KeyStore keyStore, char[] cArr) throws TSAException {
        X509Cert x509Cert = null;
        if (keyStore != null) {
            try {
                Enumeration<String> aliases = keyStore.aliases();
                Certificate certificate = null;
                boolean z = false;
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (keyStore.getKey(nextElement, cArr) != null) {
                        if (!this.isGMSSL && z) {
                            throw new TSAException("more than one cert for rsa-dual-ssl");
                        }
                        certificate = keyStore.getCertificate(nextElement);
                        z = true;
                    }
                }
                if (certificate == null) {
                    throw new TSAException("less than one cert for dual-ssl");
                }
                x509Cert = verifyCertExpiredDate(new X509Cert(certificate.getEncoded()));
            } catch (KeyStoreException e) {
                throw new TSAException("readSSLClientCert failed", e);
            } catch (NoSuchAlgorithmException e2) {
                throw new TSAException("readSSLClientCert failed", e2);
            } catch (UnrecoverableKeyException e3) {
                throw new TSAException("readSSLClientCert failed", e3);
            } catch (CertificateEncodingException e4) {
                throw new TSAException("readSSLClientCert failed", e4);
            } catch (PKIException e5) {
                throw new TSAException("readSSLClientCert failed", (Throwable) e5);
            }
        }
        return x509Cert;
    }

    private final X509Cert verifyCertExpiredDate(X509Cert x509Cert) throws TSAException {
        if (x509Cert == null || !new Date().after(x509Cert.getNotAfter())) {
            return x509Cert;
        }
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ssZ");
        throw new TSAException(String.format("cert-%s has expired,<%s, %s>: %s", x509Cert.getStringSerialNumber(), simpleDateFormat.format(x509Cert.getNotBefore()), simpleDateFormat.format(x509Cert.getNotAfter()), x509Cert.getSubject()));
    }
}
