package com.union.utils;

import cn.keyou.security.tls.jsse.provider.UnionCryptoProvider;
import cn.keyou.security.tls.jsse.provider.UnionJsseProvider;
import com.union.config.Loader;
import com.union.logger.Logger;
import com.union.logger.LoggerFactory;
import com.union.parser.Parser;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:com/union/utils/UnionGMAuth.class */
public class UnionGMAuth {
    private static final String CERTIFICATE_TYPE = "X.509";
    private static final String PROTOCOL = "GMSSL";
    private static final String alg = "EC";
    private static final String DefaultPassword = "123456";
    private static SSLSocketFactory sslSocketFactory = null;
    private static final Logger logger = LoggerFactory.getLogger(UnionGMAuth.class);
    public static final Provider BC = new BouncyCastleProvider();
    public static final Provider UCP = new UnionCryptoProvider();
    public static final Provider UJP = new UnionJsseProvider();
    private final List<Certificate> trusts = new ArrayList();
    private final List<SSLPrivateKey> privateKeys = new ArrayList();
    private final SSLContext sslContext = SSLContext.getInstance(PROTOCOL);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/union/utils/UnionGMAuth$SSLPrivateKey.class */
    public static class SSLPrivateKey {
        private final PrivateKey privateKey;
        private final Certificate[] chain;

        public SSLPrivateKey(PrivateKey privateKey, Certificate[] certificateArr) {
            this.privateKey = privateKey;
            this.chain = certificateArr;
        }

        public PrivateKey getPrivateKey() {
            return this.privateKey;
        }

        public Certificate[] getChain() {
            return this.chain;
        }
    }

    public static synchronized SSLSocketFactory getInstance() throws Exception {
        if (sslSocketFactory == null) {
            sslSocketFactory = new UnionGMAuth().getSSLSocketFactory(false);
        }
        return sslSocketFactory;
    }

    public static synchronized SSLSocketFactory getInstance(boolean z) throws Exception {
        if (sslSocketFactory == null) {
            sslSocketFactory = new UnionGMAuth().getSSLSocketFactory(z);
        }
        return sslSocketFactory;
    }

    public SSLSocketFactory getSSLSocketFactory(boolean z) throws Exception {
        try {
            if (Loader.getInstance().getGmsslBox().size() <= 0 || !(Loader.getInstance().isEnableSSL() || z)) {
                logger.warn("unable to setting GMSSL, please fix with right trustCertificates!");
                this.sslContext.init(null, new TrustManager[]{new FakeTrustManager()}, SecureRandom.getInstance("URNG", UCP));
            } else {
                initCertAndPrivateKey();
                initSSLContext();
            }
            return this.sslContext.getSocketFactory();
        } catch (Exception e) {
            logger.error(" API :: generate SSLContext failed.", (Throwable) e);
            throw e;
        }
    }

    private void initCertAndPrivateKey() throws Exception {
        Map<String, String> gmsslBox = Loader.getInstance().getGmsslBox();
        logger.info("enable SSL, and init SSL.");
        String str = gmsslBox.get("CERTPATH");
        this.trusts.addAll(Arrays.asList(CertificateUtil.getCertificates(str, gmsslBox.get("CAFILENAME"))));
        String str2 = gmsslBox.get("SIGNCERTFILENAME");
        String str3 = gmsslBox.get("SIGNKEYFILENAME");
        String str4 = gmsslBox.get("SIGNPASSWORD");
        X509Certificate[] sortCertificates = CertHelper.sortCertificates(CertificateUtil.getCertificates(str, str2));
        this.privateKeys.add(new SSLPrivateKey(Parser.loadPrivateKey(CertificateUtil.getFile(str, str3), str4, alg), sortCertificates));
        String str5 = gmsslBox.get("ENCRYPTCERTFILENAME");
        String str6 = gmsslBox.get("ENCRYPTKEYFILENAME");
        String str7 = gmsslBox.get("ENCRYPTPASSWORD");
        X509Certificate[] sortCertificates2 = CertHelper.sortCertificates(CertificateUtil.getCertificates(str, str5));
        this.privateKeys.add(new SSLPrivateKey(Parser.loadPrivateKey(CertificateUtil.getFile(str, str6), str7, alg), sortCertificates2));
    }

    private void initSSLContext() {
        try {
            TrustManager[] trustManagerArr = null;
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(CERTIFICATE_TYPE, UJP);
            if (this.trusts.size() != 0) {
                KeyStore keyStore = KeyStore.getInstance("BKS", BC);
                keyStore.load(null);
                int size = this.trusts.size();
                for (int i = 0; i < size; i++) {
                    keyStore.setCertificateEntry(String.valueOf(i), this.trusts.get(i));
                }
                trustManagerFactory.init(keyStore);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            }
            KeyManager[] keyManagerArr = null;
            if (this.privateKeys.size() > 0) {
                KeyStore keyStore2 = KeyStore.getInstance("BKS", BC);
                keyStore2.load(null);
                int size2 = this.privateKeys.size();
                for (int i2 = 0; i2 < size2; i2++) {
                    keyStore2.setKeyEntry(String.valueOf(i2), this.privateKeys.get(i2).getPrivateKey(), DefaultPassword.toCharArray(), this.privateKeys.get(i2).getChain());
                }
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(CERTIFICATE_TYPE, UJP);
                keyManagerFactory.init(keyStore2, DefaultPassword.toCharArray());
                keyManagerArr = keyManagerFactory.getKeyManagers();
            }
            this.sslContext.init(keyManagerArr, trustManagerArr, SecureRandom.getInstance("URNG", UCP));
        } catch (Exception e) {
            throw new IllegalStateException(" API :: construction SSLContext failed.", e);
        }
    }

    static {
        Security.addProvider(BC);
        Security.addProvider(UCP);
        Security.addProvider(UJP);
    }
}
