package com.tongweb.web.util.net.gmjsse;

import com.alibaba.druid.pool.DruidDataSourceFactory;
import com.tongweb.juli.logging.Log;
import com.tongweb.juli.logging.LogFactory;
import com.tongweb.web.util.file.ConfigFileLoader;
import com.tongweb.web.util.net.SSLContext;
import com.tongweb.web.util.net.SSLHostConfig;
import com.tongweb.web.util.net.SSLHostConfigCertificate;
import com.tongweb.web.util.net.SSLUtilBase;
import com.tongweb.web.util.res.StringManager;
import java.io.InputStream;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import java.util.Vector;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;

/* loaded from: input_file:WEB-INF/lib/tongweb-embed-core-7.0.E.6_P9.jar:com/tongweb/web/util/net/gmjsse/GMUtil.class */
public class GMUtil extends SSLUtilBase {
    public static final boolean DEBUG = false;
    private static final Log log = LogFactory.getLog((Class<?>) GMUtil.class);
    private static final StringManager sm = StringManager.getManager((Class<?>) GMUtil.class);
    private static final Set<String> implementedProtocols;
    private static final Set<String> implementedCiphers;
    private SSLHostConfigCertificate conf;

    public GMUtil(SSLHostConfigCertificate sSLHostConfigCertificate) {
        this(sSLHostConfigCertificate, true);
    }

    public GMUtil(SSLHostConfigCertificate sSLHostConfigCertificate, boolean z) {
        super(sSLHostConfigCertificate, z);
        this.conf = null;
        this.conf = sSLHostConfigCertificate;
    }

    @Override // com.tongweb.web.util.net.SSLUtilBase
    protected Log getLog() {
        return log;
    }

    @Override // com.tongweb.web.util.net.SSLUtilBase, com.tongweb.web.util.net.SSLUtil
    public KeyManager[] getKeyManagers() {
        SSLHostConfig sSLHostConfig = this.conf.getSSLHostConfig();
        String certificateKeystoreFile = this.conf.getCertificateKeystoreFile();
        String certificateKeystorePassword = this.conf.getCertificateKeystorePassword();
        String truststoreFile = sSLHostConfig.getTruststoreFile();
        String truststorePassword = sSLHostConfig.getTruststorePassword();
        String certificateKeystoreType = this.conf.getCertificateKeystoreType();
        KeyManager[] keyManagerArr = null;
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
            keyManagerFactory.init(null, null);
            keyManagerFactory.getKeyManagers();
            Class<?> cls = Class.forName("com.tongweb.gmssl.jsse.security.ssl.SunX509KeyManagerImpl");
            keyManagerArr = new KeyManager[]{(KeyManager) cls.getMethod(DruidDataSourceFactory.PROP_INIT, String.class, InputStream.class, String.class, InputStream.class, String.class).invoke(cls.newInstance(), certificateKeystoreType, ConfigFileLoader.getInputStream(certificateKeystoreFile), certificateKeystorePassword, ConfigFileLoader.getInputStream(truststoreFile), truststorePassword)};
        } catch (Exception e) {
            e.printStackTrace();
        }
        return keyManagerArr;
    }

    @Override // com.tongweb.web.util.net.SSLUtilBase, com.tongweb.web.util.net.SSLUtil
    public TrustManager[] getTrustManagers() throws Exception {
        return new TrustManager[]{new GMTrustManager()};
    }

    @Override // com.tongweb.web.util.net.SSLUtilBase
    protected Set<String> getImplementedProtocols() {
        return implementedProtocols;
    }

    @Override // com.tongweb.web.util.net.SSLUtilBase
    protected Set<String> getImplementedCiphers() {
        return implementedCiphers;
    }

    @Override // com.tongweb.web.util.net.SSLUtilBase, com.tongweb.web.util.net.SSLUtil
    public String[] getEnabledProtocols() {
        String[] enabledProtocols = super.getEnabledProtocols();
        String[] strArr = new String[enabledProtocols.length + 2];
        for (int i = 0; i < enabledProtocols.length; i++) {
            strArr[i] = enabledProtocols[i];
        }
        strArr[enabledProtocols.length] = GMConstant.GM_PROTOCOL;
        strArr[enabledProtocols.length + 1] = "TLSv1.2";
        return strArr;
    }

    @Override // com.tongweb.web.util.net.SSLUtilBase, com.tongweb.web.util.net.SSLUtil
    public String[] getEnabledCiphers() {
        String[] enabledCiphers = super.getEnabledCiphers();
        Vector vector = new Vector();
        for (int i = 0; i < enabledCiphers.length; i++) {
            if (enabledCiphers[i].indexOf("ECDSA") == -1 && enabledCiphers[i].indexOf("_DSS_") == -1) {
                vector.addElement(enabledCiphers[i]);
            }
        }
        vector.addAll(GMConstant.CIPHERS);
        String[] strArr = new String[vector.size()];
        for (int i2 = 0; i2 < vector.size(); i2++) {
            strArr[i2] = (String) vector.elementAt(i2);
        }
        return strArr;
    }

    @Override // com.tongweb.web.util.net.SSLUtilBase
    protected boolean isTls13RenegAuthAvailable() {
        return false;
    }

    @Override // com.tongweb.web.util.net.SSLUtilBase
    public SSLContext createSSLContextInternal(List<String> list) throws Exception {
        return new GMSSLContext(this.sslHostConfig.getSslProtocol());
    }

    static {
        try {
            GMSSLContext gMSSLContext = new GMSSLContext(GMConstant.GM_PROTOCOL, GMConstant.GM_PROVIDER);
            gMSSLContext.init(null, null, null);
            String[] protocols = gMSSLContext.getSupportedSSLParameters().getProtocols();
            implementedProtocols = new HashSet(protocols.length);
            for (String str : protocols) {
                String upperCase = str.toUpperCase(Locale.ENGLISH);
                if ("SSLV2HELLO".equals(upperCase) || "SSLV3".equals(upperCase) || !upperCase.contains("SSL")) {
                    implementedProtocols.add(str);
                } else {
                    log.debug(sm.getString("jsse.excludeProtocol", str));
                }
            }
            if (implementedProtocols.size() == 0) {
                log.warn(sm.getString("jsse.noDefaultProtocols"));
            }
            String[] cipherSuites = gMSSLContext.getSupportedSSLParameters().getCipherSuites();
            implementedCiphers = new HashSet(cipherSuites.length);
            implementedCiphers.addAll(Arrays.asList(cipherSuites));
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }
}
