package com.bokesoft.scm.eapp.utils.auxiliary;

import com.bokesoft.scm.eapp.exception.CommonException;
import com.bokesoft.scm.eapp.utils.reflect.ClassUtils;
import com.bokesoft.scm.eapp.utils.reflect.Resource;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/bokesoft/scm/eapp/utils/auxiliary/SslUtils.class */
public class SslUtils {
    private static final Logger logger = LoggerFactory.getLogger(SslUtils.class);

    private static SslKeyStoreType getKeyStoreType(String str) throws CommonException {
        if (str.toLowerCase().endsWith(".p12")) {
            return SslKeyStoreType.PKCS12;
        }
        throw new CommonException("密鈅存储文件'" + str + "'的类型未知");
    }

    public static KeyStore createKeyStore(String str, String str2) throws CommonException {
        if (org.apache.commons.lang3.StringUtils.isBlank(str)) {
            throw new CommonException("密钥库地址不能为空");
        }
        SslKeyStoreType keyStoreType = getKeyStoreType(str);
        Resource resource = ClassUtils.getClassResourceLoader().getResource(str);
        URL url = null;
        if (null != resource) {
            url = resource.getURL();
        }
        if (url == null) {
            url = FileUtils.getFileURL(str);
        }
        if (url == null) {
            throw new CommonException("密钥库地址'" + str + "'不存在");
        }
        logger.debug("初始化密钥库");
        try {
            KeyStore keyStore = KeyStore.getInstance(keyStoreType.toString());
            InputStream inputStream = null;
            try {
                try {
                    try {
                        try {
                            inputStream = url.openStream();
                            keyStore.load(inputStream, org.apache.commons.lang3.StringUtils.isNotBlank(str2) ? str2.toCharArray() : null);
                            if (inputStream != null) {
                                try {
                                    inputStream.close();
                                } catch (IOException e) {
                                }
                            }
                            return keyStore;
                        } catch (NoSuchAlgorithmException e2) {
                            throw CommonException.wrap(e2);
                        }
                    } catch (CertificateException e3) {
                        throw CommonException.wrap(e3);
                    }
                } catch (IOException e4) {
                    throw CommonException.wrap(e4);
                }
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e5) {
                    }
                }
                throw th;
            }
        } catch (KeyStoreException e6) {
            throw CommonException.wrap(e6);
        }
    }

    public static SSLContext createSSLContext(KeyStore keyStore, String str, String str2, KeyStore keyStore2) throws CommonException {
        KeyManager[] keyManagerArr = null;
        TrustManager[] trustManagerArr = null;
        if (keyStore != null) {
            try {
                if (logger.isDebugEnabled()) {
                    Enumeration<String> aliases = keyStore.aliases();
                    while (aliases.hasMoreElements()) {
                        String nextElement = aliases.nextElement();
                        Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                        if (certificateChain != null) {
                            logger.debug("Certificate chain '" + nextElement + "':");
                            for (int i = 0; i < certificateChain.length; i++) {
                                if (certificateChain[i] instanceof X509Certificate) {
                                    X509Certificate x509Certificate = (X509Certificate) certificateChain[i];
                                    logger.debug(" Certificate " + (i + 1) + ":");
                                    logger.debug("  Subject DN: " + x509Certificate.getSubjectDN());
                                    logger.debug("  Signature Algorithm: " + x509Certificate.getSigAlgName());
                                    logger.debug("  Valid from: " + x509Certificate.getNotBefore());
                                    logger.debug("  Valid until: " + x509Certificate.getNotAfter());
                                    logger.debug("  Issuer: " + x509Certificate.getIssuerDN());
                                }
                            }
                        }
                    }
                }
                keyManagerArr = createKeyManagers(keyStore, org.apache.commons.lang3.StringUtils.isNotBlank(str2) ? str2 : str);
            } catch (KeyStoreException e) {
                throw CommonException.wrap(e);
            } catch (NoSuchAlgorithmException e2) {
                throw CommonException.wrap(e2);
            } catch (GeneralSecurityException e3) {
                throw CommonException.wrap(e3);
            }
        }
        if (keyStore2 != null) {
            if (logger.isDebugEnabled()) {
                Enumeration<String> aliases2 = keyStore2.aliases();
                while (aliases2.hasMoreElements()) {
                    String nextElement2 = aliases2.nextElement();
                    logger.debug("Trusted certificate '" + nextElement2 + "':");
                    Certificate certificate = keyStore2.getCertificate(nextElement2);
                    if (certificate != null && (certificate instanceof X509Certificate)) {
                        X509Certificate x509Certificate2 = (X509Certificate) certificate;
                        logger.debug("  Subject DN: " + x509Certificate2.getSubjectDN());
                        logger.debug("  Signature Algorithm: " + x509Certificate2.getSigAlgName());
                        logger.debug("  Valid from: " + x509Certificate2.getNotBefore());
                        logger.debug("  Valid until: " + x509Certificate2.getNotAfter());
                        logger.debug("  Issuer: " + x509Certificate2.getIssuerDN());
                    }
                }
            }
            trustManagerArr = createTrustManagers(keyStore2);
        }
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerArr, trustManagerArr, null);
        return sSLContext;
    }

    private static KeyManager[] createKeyManagers(KeyStore keyStore, String str) throws CommonException {
        if (keyStore == null) {
            throw new CommonException("密钥库不能为空");
        }
        logger.debug("初始化密钥管理器");
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, org.apache.commons.lang3.StringUtils.isNotBlank(str) ? str.toCharArray() : null);
            return keyManagerFactory.getKeyManagers();
        } catch (KeyStoreException e) {
            throw CommonException.wrap(e);
        } catch (NoSuchAlgorithmException e2) {
            throw CommonException.wrap(e2);
        } catch (UnrecoverableKeyException e3) {
            throw CommonException.wrap(e3);
        }
    }

    private static TrustManager[] createTrustManagers(KeyStore keyStore) throws CommonException {
        if (keyStore == null) {
            throw new CommonException("密钥库不能为空");
        }
        logger.debug("初始化信任管理器");
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (int i = 0; i < trustManagers.length; i++) {
                if (trustManagers[i] instanceof X509TrustManager) {
                    trustManagers[i] = new SslX509TrustManager((X509TrustManager) trustManagers[i]);
                }
            }
            return trustManagers;
        } catch (KeyStoreException e) {
            throw CommonException.wrap(e);
        } catch (NoSuchAlgorithmException e2) {
            throw CommonException.wrap(e2);
        }
    }
}
