package cn.com.infosec.netsign.base.channels;

import cn.com.infosec.netsign.base.CRLUpdater;
import cn.com.infosec.netsign.base.Channel;
import cn.com.infosec.netsign.base.NetSignX509Certificate;
import cn.com.infosec.netsign.base.TransUtil;
import cn.com.infosec.netsign.base.processors.util.CryptoUtil;
import cn.com.infosec.netsign.base.util.NetSignImpl;
import cn.com.infosec.netsign.base.util.ServerKeyStore;
import cn.com.infosec.netsign.base.util.TrustConfig;
import cn.com.infosec.netsign.base.util.TrustConfigMap;
import cn.com.infosec.netsign.frame.config.ConfigManager;
import cn.com.infosec.netsign.frame.config.ExtendedConfig;
import cn.com.infosec.netsign.frame.config.Key;
import cn.com.infosec.netsign.frame.config.PDFSignConfig;
import cn.com.infosec.netsign.frame.config.Service;
import cn.com.infosec.netsign.frame.config.ServiceConfig;
import cn.com.infosec.netsign.frame.config.TrustField;
import cn.com.infosec.netsign.frame.util.PBCUtil;
import cn.com.infosec.netsign.logger.AbstractLogger;
import cn.com.infosec.netsign.logger.ConsoleLogger;
import cn.com.infosec.netsign.logger.LoggerException;
import cn.com.infosec.netsign.manager.JKSManager;
import cn.com.infosec.netsign.manager.LogManager;
import cn.com.infosec.netsign.resources.ResourceList;
import cn.com.infosec.netsign.resources.ResourceManager;
import cn.com.infosec.netsign.resources.ResourcePool;
import cn.com.infosec.swxa.SWXAUtil;
import com.itextpdf.text.Image;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:cn/com/infosec/netsign/base/channels/ServerChannel.class */
public class ServerChannel implements Channel {
    private BasicChannel channel;
    private boolean checkValidity;
    private Image pdfImage;
    private ResourcePool rp;
    private ServiceConfig config = null;
    private Service service = null;
    private boolean usedHardware = true;
    private boolean cryptoCommunicate = true;
    private CryptoUtil cryptoUtil = null;
    private List updaters = null;
    private TrustConfigMap trustConfigs = null;
    private Map signKeyStores = null;
    private Map signKeySNDNMap = null;
    private String defaultCertDN = null;
    private Map envelopeCerts = null;
    private String defaultEnvelopeCertDN = null;
    private String defaultDigestAlg = NetSignImpl.SHA1;
    private String defaultSymmetricalAlg = "RC4";
    private AbstractLogger accessLogger = null;
    private AbstractLogger debugLogger = null;
    private boolean checkAuth = false;
    private List authList = null;
    private String logLevel = "INFO";

    public ResourcePool getResourcePool() {
        return this.rp;
    }

    public Service getService() {
        return this.service;
    }

    private void initResourcePool() throws ChannelException {
        ArrayList resourceNames = this.service.getResourceNames();
        if (resourceNames == null || resourceNames.size() <= 0) {
            return;
        }
        this.rp = new ResourcePool();
        int size = resourceNames.size();
        for (int i = 0; i < size; i++) {
            String str = (String) resourceNames.get(i);
            ResourceList resourceList = ResourceManager.getAllResourceList().get(str);
            if (resourceList == null) {
                throw new ChannelException(new StringBuffer("ResourceList ").append(str).append(" does not exists").toString());
            }
            this.rp.put(str, resourceList);
        }
    }

    private void initPDFConfig() {
        String stamp;
        try {
            PDFSignConfig pdfSignConfig = this.service.getPdfSignConfig();
            this.pdfImage = null;
            if (pdfSignConfig == null || (stamp = pdfSignConfig.getStamp()) == null || stamp.equals("")) {
                return;
            }
            this.pdfImage = Image.getInstance(new StringBuffer("data/pdfstamp/").append(stamp).toString());
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private void initAuth() {
        this.authList = this.service.getClientAuth();
        this.checkAuth = this.service.isClientAuthEnabled();
    }

    private void initConfig(String str) {
        this.config = ConfigManager.getService();
        this.service = this.config.getService(str);
        LogManager.getSystemLogger().Log(new StringBuffer(String.valueOf(str)).append(" Get ServerChannel's config").toString());
    }

    private void initLoggers() throws ChannelException {
        this.logLevel = this.service.getLogLevel();
        try {
            LogManager.register(this.config, this.service.getName());
            this.accessLogger = LogManager.getAccessLogger(this.service.getName());
            this.debugLogger = LogManager.getErrorLogger(this.service.getName());
            LogManager.getSystemLogger().Log(new StringBuffer(String.valueOf(this.service.getName())).append(" Initialize Loggers").toString());
        } catch (LoggerException e) {
            LogManager.getSystemLogger().Log(new StringBuffer(String.valueOf(this.service.getName())).append(" Register Logger failed: ").append(e.getMessage()).toString());
            throw new ChannelException((Throwable) e);
        }
    }

    private void initMode() {
        this.usedHardware = ExtendedConfig.getAlgMode().equals(TransUtil.HARD);
        LogManager.getSystemLogger().Log(new StringBuffer(String.valueOf(this.service.getName())).append(" used hardware: ").append(this.usedHardware).toString());
    }

    private void initCommunication() throws ChannelException {
        if (this.service.getCommuniteStoreAlias() == null) {
            this.cryptoCommunicate = false;
            ConsoleLogger.logString(new StringBuffer(String.valueOf(this.service.getName())).append(" Initialize communicate config,").append(" the communication is not cryptoable").toString());
            LogManager.getSystemLogger().Log(new StringBuffer(String.valueOf(this.service.getName())).append(" Initialize communicate config,").append(" the communication is not cryptoable").toString());
        } else {
            this.cryptoCommunicate = true;
            this.cryptoUtil = new CryptoUtil();
            ConfigManager.getKeyStore().getKey(this.service.getCommuniteStoreAlias());
            this.cryptoUtil.SetDecKey(JKSManager.getPriKey(this.service.getCommuniteStoreAlias()));
            LogManager.getSystemLogger().Log(new StringBuffer(String.valueOf(this.service.getName())).append(" Initialize communicate config").toString());
            ConsoleLogger.logString(new StringBuffer(String.valueOf(this.service.getName())).append(" Initialize communicate config").toString());
        }
    }

    private void initRootCerts() throws ChannelException {
        ArrayList trustFields = this.service.getTrustFields();
        this.checkValidity = this.service.isCheckValidity();
        this.trustConfigs = null;
        if (trustFields != null) {
            ConsoleLogger.logString(new StringBuffer("trust list:").append(trustFields.size()).toString());
            HashMap trustFields2 = ConfigManager.getTrustFields();
            this.trustConfigs = new TrustConfigMap();
            this.updaters = new ArrayList();
            int size = trustFields.size();
            for (int i = 0; i < size; i++) {
                String str = (String) trustFields.get(i);
                System.out.println(new StringBuffer("Init trust config: ").append(str).toString());
                TrustConfig trustConfig = new TrustConfig((TrustField) trustFields2.get(str));
                this.trustConfigs.put(cn.com.infosec.netsign.crypto.util.CryptoUtil.trimDN(trustConfig.getRootCertDN()), trustConfig);
                LogManager.getSystemLogger().Log(new StringBuffer(String.valueOf(this.service.getName())).append(" Initialize root cert: ").append(trustConfig.getRootCertDN()).toString() == null ? null : trustConfig.getRootCertDN().replaceAll("\\\\<", "<").replaceAll("\\\\>", ">"));
                if (trustConfig.isCrlEnabled()) {
                    CRLUpdater cRLUpdater = new CRLUpdater(trustConfig.getCRLList(), new StringBuffer("crl/").append(trustConfig.getCRLPath()).toString(), trustConfig.getCRLUpdateInterval(), trustConfig.useCRLDP());
                    trustConfig.setCRLUpdater(cRLUpdater);
                    if (ExtendedConfig.getCRLLoadMode().equals(TrustConfig.CRL_LOAD_MODE_ALL) || !trustConfig.useCRLDP()) {
                        new Thread(cRLUpdater).start();
                    }
                    this.updaters.add(cRLUpdater);
                    LogManager.getSystemLogger().Log(new StringBuffer(String.valueOf(this.service.getName())).append(" Start a crl update thread").toString());
                }
            }
        }
    }

    private void initEnvelopeCerts() throws ChannelException {
        ArrayList encryptCertAlias = this.service.getEncryptCertAlias();
        this.envelopeCerts = null;
        ConsoleLogger.logString(new StringBuffer("initEnvelopeCerts:").append(encryptCertAlias.size()).toString());
        if (encryptCertAlias == null || encryptCertAlias.size() <= 0) {
            return;
        }
        this.envelopeCerts = new HashMap();
        int size = encryptCertAlias.size();
        for (int i = 0; i < size; i++) {
            Key key = (Key) ConfigManager.getKeys().get(encryptCertAlias.get(i));
            X509Certificate x509Certificate = null;
            PrivateKey privateKey = null;
            if (key.getPrivateKeyAlg() == null) {
                x509Certificate = JKSManager.getCertificate((String) encryptCertAlias.get(i));
                privateKey = JKSManager.getPriKey((String) encryptCertAlias.get(i));
            } else if (NetSignImpl.PROVIDER_SWXA_ALG.equals(ExtendedConfig.getPrivateKeyAlg()) && ExtendedConfig.isUsehardkeystore()) {
                if (!NetSignImpl.PROVIDER_SWXA_ALG.equals(key.getPrivateKeyAlg())) {
                    throw new ChannelException(new StringBuffer("unsupport private key alg ").append(key.getPrivateKeyAlg()).toString());
                }
                privateKey = SWXAUtil.getHsmKeyPair(key.getKeylable(), NetSignImpl.PROVIDER_SWXA).getPrivate();
                x509Certificate = SWXAUtil.getCertificate(key.getKeylable());
            }
            if (x509Certificate != null) {
                try {
                    NetSignX509Certificate netSignX509Certificate = NetSignX509Certificate.getInstance(x509Certificate, privateKey, key.getKeylable(), ExtendedConfig.getEncryptProvider());
                    System.out.println(new StringBuffer("init envelope cert: ").append(netSignX509Certificate.getSubjectDNStr() == null ? null : netSignX509Certificate.getSubjectDNStr().replaceAll("\\\\<", "<").replaceAll("\\\\>", ">")).toString());
                    this.envelopeCerts.put(netSignX509Certificate.getSubjectDNStr(), netSignX509Certificate);
                    this.envelopeCerts.put(cn.com.infosec.netsign.crypto.util.CryptoUtil.turnDN(netSignX509Certificate.getSubjectDNStr()), netSignX509Certificate);
                    if (key.getPrivateKeyAlg() != null) {
                        this.envelopeCerts.put(key.getKeylable(), netSignX509Certificate);
                    }
                    if (i == 0) {
                        this.defaultEnvelopeCertDN = x509Certificate.getSubjectDN().getName();
                        System.out.println(new StringBuffer("Default envelope cert is: ").append(this.defaultEnvelopeCertDN == null ? null : this.defaultEnvelopeCertDN.replaceAll("\\\\<", "<").replaceAll("\\\\>", ">")).toString());
                        LogManager.getSystemLogger().Log(new StringBuffer(String.valueOf(this.service.getName())).append(" Initialize envelope certs, the default envelope cert is: ").append(this.defaultEnvelopeCertDN).toString() == null ? null : this.defaultEnvelopeCertDN.replaceAll("\\\\<", "<").replaceAll("\\\\>", ">"));
                    }
                } catch (Exception e) {
                    throw new ChannelException(e);
                }
            } else {
                ConsoleLogger.logString(new StringBuffer("Warrning: can not find encrypt certificate ").append(encryptCertAlias.get(i)).toString());
            }
        }
    }

    private void initKeyStore() throws ChannelException {
        ArrayList signCertAlias = this.service.getSignCertAlias();
        this.signKeyStores = null;
        this.signKeySNDNMap = null;
        if (signCertAlias == null || signCertAlias.size() <= 0) {
            return;
        }
        this.signKeyStores = new HashMap();
        this.signKeySNDNMap = new HashMap();
        int size = signCertAlias.size();
        for (int i = 0; i < size; i++) {
            Key key = (Key) ConfigManager.getKeys().get(signCertAlias.get(i));
            if (key != null) {
                ServerKeyStore serverKeyStore = new ServerKeyStore(key, ExtendedConfig.getSignProvider());
                System.out.println(new StringBuffer("Init sign cert: ").append(serverKeyStore.getCertDN() == null ? null : serverKeyStore.getCertDN().replaceAll("\\\\<", "<").replaceAll("\\\\>", ">")).toString());
                this.signKeyStores.put(serverKeyStore.getCertDN(), serverKeyStore);
                this.signKeyStores.put(cn.com.infosec.netsign.crypto.util.CryptoUtil.turnDN(serverKeyStore.getCertDN()), serverKeyStore);
                this.signKeySNDNMap.put(serverKeyStore.getSerialNumber(), serverKeyStore.getCertDN());
                if (key.getPrivateKeyAlg() != null) {
                    this.signKeyStores.put(key.getKeylable(), serverKeyStore);
                }
                if (i == 0) {
                    this.defaultCertDN = serverKeyStore.getCertDN();
                    System.out.println(new StringBuffer("Default sign cert is: ").append(this.defaultCertDN == null ? null : this.defaultCertDN.replaceAll("\\\\<", "<").replaceAll("\\\\>", ">")).toString());
                    LogManager.getSystemLogger().Log(new StringBuffer(String.valueOf(this.service.getName())).append(" Initialize key store, the default sign cert is: ").append(this.defaultCertDN).toString() == null ? null : this.defaultCertDN.replaceAll("\\\\<", "<").replaceAll("\\\\>", ">"));
                }
            } else {
                ConsoleLogger.logString(new StringBuffer("Warrning: can not find sign certificate ").append(signCertAlias.get(i)).toString());
            }
        }
    }

    public ServerChannel(String str) throws ChannelException {
        LogManager.getSystemLogger().Log(new StringBuffer(String.valueOf(str)).append(" ServerChannel initialize...").toString());
        initConfig(str);
        initLoggers();
        initMode();
        initRootCerts();
        initCommunication();
        initEnvelopeCerts();
        initKeyStore();
        initAuth();
        initPDFConfig();
        initResourcePool();
        this.channel = new BasicChannel(str);
    }

    public void reload(String str) throws ChannelException {
        LogManager.getSystemLogger().Log(new StringBuffer(String.valueOf(str)).append(" ServerChannel reload...").toString());
        Iterator it = this.updaters.iterator();
        while (it.hasNext()) {
            ((CRLUpdater) it.next()).shutdown();
        }
        initConfig(str);
        initLoggers();
        initMode();
        initRootCerts();
        initCommunication();
        initEnvelopeCerts();
        initKeyStore();
        initAuth();
        initPDFConfig();
        initResourcePool();
        this.channel.reload(str);
    }

    @Override // cn.com.infosec.netsign.base.Channel
    public String getId() {
        return this.channel.getId();
    }

    @Override // cn.com.infosec.netsign.base.Channel
    public void startChannel() throws ChannelException {
        this.channel.startChannel();
        LogManager.getSystemLogger().Log(new StringBuffer(String.valueOf(this.channel.getId())).append(" ServerChannel started").toString());
    }

    @Override // cn.com.infosec.netsign.base.Channel
    public void stopChannel() throws ChannelException {
        this.channel.stopChannel();
        Iterator it = this.updaters.iterator();
        while (it.hasNext()) {
            ((CRLUpdater) it.next()).shutdown();
        }
        LogManager.getSystemLogger().Log(new StringBuffer(String.valueOf(this.service.getName())).append(" ServerChannel stopped").toString());
    }

    public String getDefaultDigestAlg() {
        return this.defaultDigestAlg;
    }

    public String getDefaultSymmetricalAlg() {
        return this.defaultSymmetricalAlg;
    }

    public boolean isCryptoCommunicate() {
        return this.cryptoCommunicate;
    }

    public boolean isUsedHardware() {
        return this.usedHardware;
    }

    public ServiceConfig getConfig() {
        return this.config;
    }

    public CryptoUtil getCryptoUtil() {
        return this.cryptoUtil;
    }

    public AbstractLogger getAccessLogger() {
        return this.accessLogger;
    }

    public AbstractLogger getDebugLogger() {
        return this.debugLogger;
    }

    public Map getTrustConfigs() {
        return this.trustConfigs;
    }

    public Map getSignKeyStores() {
        return this.signKeyStores;
    }

    public ServerKeyStore getSignKeyStore(String str) {
        if (this.signKeyStores == null) {
            return null;
        }
        if (str == null || str.equals("")) {
            str = this.defaultCertDN;
        }
        ServerKeyStore serverKeyStore = (ServerKeyStore) this.signKeyStores.get(str);
        if (serverKeyStore != null) {
            return serverKeyStore;
        }
        ArrayList resourceNames = this.service.getResourceNames();
        if (resourceNames == null || resourceNames.size() <= 0) {
            return null;
        }
        if (!resourceNames.contains("pbcrawcerts") && !resourceNames.contains("rbcrawcerts")) {
            return null;
        }
        for (Object obj : this.signKeyStores.keySet().toArray()) {
            String str2 = (String) obj;
            if (PBCUtil.getBankID(str2).equals(str)) {
                return (ServerKeyStore) this.signKeyStores.get(str2);
            }
        }
        return null;
    }

    public ServerKeyStore getSignKeyStore() {
        if (this.signKeyStores == null) {
            return null;
        }
        return (ServerKeyStore) this.signKeyStores.get(this.defaultCertDN);
    }

    public ServerKeyStore getSignKeyStoreBySN(String str) {
        if (this.signKeySNDNMap == null) {
            return null;
        }
        if (str == null || str.equals("")) {
            return getSignKeyStore();
        }
        String str2 = (String) this.signKeySNDNMap.get(str);
        if (str2 == null) {
            return null;
        }
        return getSignKeyStore(str2);
    }

    public NetSignX509Certificate getEnvelopeCert(String str) {
        if (this.envelopeCerts == null) {
            return null;
        }
        if (str == null) {
            str = this.defaultEnvelopeCertDN;
        }
        ConsoleLogger.logString(new StringBuffer("Default Envelope Cert DN:").append(str).toString());
        return (NetSignX509Certificate) this.envelopeCerts.get(str);
    }

    public NetSignX509Certificate getEnvelopeCert() {
        if (this.envelopeCerts == null) {
            return null;
        }
        return (NetSignX509Certificate) this.envelopeCerts.get(this.defaultEnvelopeCertDN);
    }

    public int getActiveThreads() {
        return this.channel.getActiveThreads();
    }

    public List getAuthList() {
        return this.authList;
    }

    public boolean isCheckAuth() {
        return this.checkAuth;
    }

    public boolean IsStarted() {
        return this.channel.IsStarted();
    }

    public boolean isCheckValidity() {
        return this.checkValidity;
    }

    public String getLogLevel() {
        return this.logLevel;
    }

    public Image getPdfImage() {
        return this.pdfImage;
    }
}
