package com.bes.enterprise.cipher.jsse.provider;

import com.bes.enterprise.cipher.gmssl.CipherSuite;
import com.bes.enterprise.cipher.gmssl.ProtocolVersion;
import com.bes.enterprise.cipher.gmssl.TlsUtils;
import com.bes.enterprise.cipher.gmssl.crypto.TlsCrypto;
import com.bes.enterprise.cipher.gmssl.crypto.TlsCryptoProvider;
import com.bes.mq.transport.stomp.Stomp;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContextSpi;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/bes/enterprise/cipher/jsse/provider/ProvSSLContextSpi.class */
class ProvSSLContextSpi extends SSLContextSpi {
    private static final String PROPERTY_CLIENT_PROTOCOLS = "jdk.tls.client.protocols";
    protected final boolean isInFipsMode;
    protected final TlsCryptoProvider cryptoProvider;
    protected final String[] defaultProtocolsClient;
    protected final String[] defaultProtocolsServer;
    protected final Map<String, Integer> supportedCipherSuites;
    protected final String[] defaultCipherSuites;
    protected boolean initialized = false;
    private TlsCrypto crypto;
    private X509KeyManager km;
    private X509TrustManager tm;
    private ProvSSLSessionContext clientSessionContext;
    private ProvSSLSessionContext serverSessionContext;
    private static Logger LOG = Logger.getLogger(ProvSSLContextSpi.class.getName());
    private static final Map<String, Integer> SUPPORTED_CIPHERSUITE_MAP = createSupportedCipherSuiteMap();
    private static final Map<String, Integer> SUPPORTED_CIPHERSUITE_MAP_FIPS = createSupportedCipherSuiteMapFips(SUPPORTED_CIPHERSUITE_MAP);
    private static final Map<String, ProtocolVersion> supportedProtocols = createSupportedProtocols();
    private static final List<String> DEFAULT_CIPHERSUITE_LIST = createDefaultCipherSuiteList(SUPPORTED_CIPHERSUITE_MAP.keySet());
    private static final List<String> DEFAULT_CIPHERSUITE_LIST_FIPS = createDefaultCipherSuiteListFips(DEFAULT_CIPHERSUITE_LIST);
    private static final String[] DEFAULT_PROTOCOLS = {"GMSSLv1.1"};

    private static List<String> createDefaultCipherSuiteList(Set<String> set) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("ECC_SM4_SM3");
        arrayList.retainAll(set);
        arrayList.trimToSize();
        return Collections.unmodifiableList(arrayList);
    }

    private static List<String> createDefaultCipherSuiteListFips(List<String> list) {
        ArrayList arrayList = new ArrayList(list);
        FipsUtils.removeNonFipsCipherSuites(arrayList);
        arrayList.trimToSize();
        return Collections.unmodifiableList(arrayList);
    }

    private static Map<String, Integer> createSupportedCipherSuiteMap() {
        HashMap<String, Integer> hashMap = new HashMap<String, Integer>() { // from class: com.bes.enterprise.cipher.jsse.provider.ProvSSLContextSpi.1
            @Override // java.util.HashMap, java.util.AbstractMap, java.util.Map
            public Integer put(String str, Integer num) {
                if (null != super.put((AnonymousClass1) str, (String) num)) {
                    throw new IllegalStateException("Duplicate names in supported-cipher-suites");
                }
                return null;
            }
        };
        hashMap.put("ECC_SM4_SM3", Integer.valueOf(CipherSuite.ECC_SM4_SM3));
        return Collections.unmodifiableMap(hashMap);
    }

    private static Map<String, Integer> createSupportedCipherSuiteMapFips(Map<String, Integer> map) {
        HashMap hashMap = new HashMap(map);
        FipsUtils.removeNonFipsCipherSuites(hashMap.keySet());
        return Collections.unmodifiableMap(hashMap);
    }

    private static Map<String, ProtocolVersion> createSupportedProtocols() {
        HashMap hashMap = new HashMap();
        hashMap.put("GMSSLv1.1", ProtocolVersion.GMSSLv11);
        return Collections.unmodifiableMap(hashMap);
    }

    private static String[] getDefaultProtocolsClient(String[] strArr) {
        if (strArr != null) {
            return strArr;
        }
        String[] jdkTlsClientProtocols = getJdkTlsClientProtocols();
        return jdkTlsClientProtocols != null ? jdkTlsClientProtocols : DEFAULT_PROTOCOLS;
    }

    private static String[] getDefaultProtocolsServer(String[] strArr) {
        return strArr != null ? strArr : DEFAULT_PROTOCOLS;
    }

    private static String[] getJdkTlsClientProtocols() {
        String stringSystemProperty = PropertyUtils.getStringSystemProperty(PROPERTY_CLIENT_PROTOCOLS);
        if (stringSystemProperty == null) {
            return null;
        }
        String[] split = JsseUtils.stripQuotes(stringSystemProperty.trim()).split(Stomp.COMMA);
        String[] strArr = new String[split.length];
        int i = 0;
        for (String str : split) {
            String trim = str.trim();
            if (trim.length() >= 1) {
                if (!supportedProtocols.containsKey(trim)) {
                    LOG.warning("'jdk.tls.client.protocols' contains unsupported protocol: " + trim);
                } else if (!JsseUtils.contains(strArr, trim)) {
                    int i2 = i;
                    i++;
                    strArr[i2] = trim;
                }
            }
        }
        if (i < 1) {
            LOG.severe("'jdk.tls.client.protocols' contained no usable protocol values (ignoring)");
            return null;
        }
        if (i < strArr.length) {
            strArr = JsseUtils.copyOf(strArr, i);
        }
        return strArr;
    }

    private static String[] getArray(Collection<String> collection) {
        return (String[]) collection.toArray(new String[collection.size()]);
    }

    private static String[] getKeysArray(Map<String, ?> map) {
        return getArray(map.keySet());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProvSSLContextSpi(boolean z, TlsCryptoProvider tlsCryptoProvider, String[] strArr) {
        this.isInFipsMode = z;
        this.cryptoProvider = tlsCryptoProvider;
        this.defaultProtocolsClient = getDefaultProtocolsClient(strArr);
        this.defaultProtocolsServer = getDefaultProtocolsServer(strArr);
        this.supportedCipherSuites = z ? SUPPORTED_CIPHERSUITE_MAP_FIPS : SUPPORTED_CIPHERSUITE_MAP;
        this.defaultCipherSuites = getArray(z ? DEFAULT_CIPHERSUITE_LIST_FIPS : DEFAULT_CIPHERSUITE_LIST);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int[] convertCipherSuites(String[] strArr) {
        int[] iArr = new int[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            iArr[i] = this.supportedCipherSuites.get(strArr[i]).intValue();
        }
        return iArr;
    }

    ProvSSLSessionContext createSSLSessionContext() {
        return new ProvSSLSessionContext(this, this.crypto);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getCipherSuiteString(int i) {
        if (!TlsUtils.isValidUint16(i)) {
            return null;
        }
        for (Map.Entry<String, Integer> entry : this.supportedCipherSuites.entrySet()) {
            if (entry.getValue().intValue() == i) {
                return entry.getKey();
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String[] getDefaultCipherSuites() {
        return (String[]) this.defaultCipherSuites.clone();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProvSSLParameters getDefaultParameters(boolean z) {
        return new ProvSSLParameters(this, this.defaultCipherSuites, getDefaultProtocols(z));
    }

    String[] getDefaultProtocols(boolean z) {
        return z ? getDefaultProtocolsServer() : getDefaultProtocolsClient();
    }

    String[] getDefaultProtocolsClient() {
        return this.defaultProtocolsClient;
    }

    String[] getDefaultProtocolsServer() {
        return this.defaultProtocolsServer;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProtocolVersion getMaximumVersion(String[] strArr) {
        ProtocolVersion protocolVersion;
        ProtocolVersion protocolVersion2 = null;
        if (strArr != null) {
            for (String str : strArr) {
                if (str != null && (protocolVersion = supportedProtocols.get(str)) != null && (protocolVersion2 == null || protocolVersion.isLaterVersionOf(protocolVersion2))) {
                    protocolVersion2 = protocolVersion;
                }
            }
        }
        return protocolVersion2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProtocolVersion getMinimumVersion(String[] strArr) {
        ProtocolVersion protocolVersion;
        ProtocolVersion protocolVersion2 = null;
        if (strArr != null) {
            for (String str : strArr) {
                if (str != null && (protocolVersion = supportedProtocols.get(str)) != null && (protocolVersion2 == null || protocolVersion2.isLaterVersionOf(protocolVersion))) {
                    protocolVersion2 = protocolVersion;
                }
            }
        }
        return protocolVersion2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getProtocolString(ProtocolVersion protocolVersion) {
        if (protocolVersion == null) {
            return null;
        }
        for (Map.Entry<String, ProtocolVersion> entry : supportedProtocols.entrySet()) {
            if (protocolVersion.equals(entry.getValue())) {
                return entry.getKey();
            }
        }
        return null;
    }

    boolean isDefaultProtocols(String[] strArr) {
        return strArr == getDefaultProtocolsClient() || strArr == getDefaultProtocolsServer();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String[] getSupportedCipherSuites() {
        return getKeysArray(this.supportedCipherSuites);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String[] getSupportedProtocols() {
        return getKeysArray(supportedProtocols);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isFips() {
        return this.isInFipsMode;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isSupportedCipherSuites(String[] strArr) {
        if (strArr == null) {
            return false;
        }
        for (String str : strArr) {
            if (str == null || !this.supportedCipherSuites.containsKey(str)) {
                return false;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isSupportedProtocols(String[] strArr) {
        if (strArr == null) {
            return false;
        }
        for (String str : strArr) {
            if (str == null || !supportedProtocols.containsKey(str)) {
                return false;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void updateDefaultProtocols(ProvSSLParameters provSSLParameters, boolean z) {
        if (isDefaultProtocols(provSSLParameters.getProtocolsArray())) {
            provSSLParameters.setProtocolsArray(getDefaultProtocols(z));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void validateNegotiatedCipherSuite(int i) {
        String cipherSuiteString = getCipherSuiteString(i);
        if (cipherSuiteString == null || !this.supportedCipherSuites.containsKey(cipherSuiteString) || (this.isInFipsMode && !FipsUtils.isFipsCipherSuite(cipherSuiteString))) {
            throw new IllegalStateException("SSL connection negotiated unsupported ciphersuite: " + i);
        }
    }

    protected void checkInitialized() {
        if (!this.initialized) {
            throw new IllegalStateException("SSLContext has not been initialized.");
        }
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected synchronized SSLEngine engineCreateSSLEngine() {
        checkInitialized();
        return new ProvSSLEngine(this, createContextData());
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected synchronized SSLEngine engineCreateSSLEngine(String str, int i) {
        checkInitialized();
        return new ProvSSLEngine(this, createContextData(), str, i);
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected synchronized SSLSessionContext engineGetClientSessionContext() {
        return this.clientSessionContext;
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected synchronized SSLSessionContext engineGetServerSessionContext() {
        return this.serverSessionContext;
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLServerSocketFactory engineGetServerSocketFactory() {
        checkInitialized();
        return new ProvSSLServerSocketFactory(this);
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLSocketFactory engineGetSocketFactory() {
        checkInitialized();
        return new ProvSSLSocketFactory(this);
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLParameters engineGetSupportedSSLParameters() {
        SSLParameters sSLParameters = new SSLParameters();
        sSLParameters.setCipherSuites(getSupportedCipherSuites());
        sSLParameters.setProtocols(getSupportedProtocols());
        return sSLParameters;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.SSLContextSpi
    public synchronized void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) throws KeyManagementException {
        this.initialized = false;
        this.crypto = this.cryptoProvider.create(secureRandom);
        this.km = selectKeyManager(keyManagerArr);
        this.tm = selectTrustManager(trustManagerArr);
        this.clientSessionContext = createSSLSessionContext();
        this.serverSessionContext = createSSLSessionContext();
        this.initialized = true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ContextData createContextData() {
        return new ContextData(this.crypto, this.km, this.tm, this.clientSessionContext, this.serverSessionContext);
    }

    protected X509KeyManager findX509KeyManager(KeyManager[] keyManagerArr) {
        if (keyManagerArr == null) {
            return null;
        }
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        return null;
    }

    protected X509TrustManager findX509TrustManager(TrustManager[] trustManagerArr) {
        if (trustManagerArr == null) {
            return null;
        }
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    protected X509KeyManager selectKeyManager(KeyManager[] keyManagerArr) throws KeyManagementException {
        if (keyManagerArr == null) {
            try {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(null, null);
                keyManagerArr = keyManagerFactory.getKeyManagers();
            } catch (GeneralSecurityException e) {
                throw new KeyManagementException(e);
            }
        }
        return findX509KeyManager(keyManagerArr);
    }

    protected X509TrustManager selectTrustManager(TrustManager[] trustManagerArr) throws KeyManagementException {
        if (trustManagerArr == null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } catch (GeneralSecurityException e) {
                throw new KeyManagementException(e);
            }
        }
        return findX509TrustManager(trustManagerArr);
    }
}
