package com.sansec.net.pool.socket;

import com.sansec.net.SocketException;
import com.sansec.net.bean.DeviceInfo;
import com.sansec.net.log.ConsoleLogger;
import java.net.Socket;
import java.security.Provider;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;

/* loaded from: input_file:com/sansec/net/pool/socket/DeviceSocketSSL.class */
public class DeviceSocketSSL {
    private static Logger logger = ConsoleLogger.getLogger();

    public static Socket createSocket(DeviceInfo deviceInfo) throws SocketException {
        try {
            String jsseProvider = deviceInfo.getJsseProvider();
            String jceProvider = deviceInfo.getJceProvider();
            String keyManagerType = deviceInfo.getKeyManagerType();
            String trustManagerType = deviceInfo.getTrustManagerType();
            String protocol = deviceInfo.getProtocol();
            String keyStoreType = deviceInfo.getKeyStoreType();
            String keyStore = deviceInfo.getKeyStore();
            String keyStorePassword = deviceInfo.getKeyStorePassword();
            String trustKeyStoreType = deviceInfo.getTrustKeyStoreType();
            String trustKeyStore = deviceInfo.getTrustKeyStore();
            String trustKeyStorePassword = deviceInfo.getTrustKeyStorePassword();
            String includeCipherSuiteFilter = deviceInfo.getIncludeCipherSuiteFilter();
            String excludeCipherSuiteFilter = deviceInfo.getExcludeCipherSuiteFilter();
            loadJsseAndJce(jsseProvider, jceProvider);
            SSLSocket sSLSocket = (SSLSocket) TLSManagers.getSSLContext(jsseProvider, jceProvider, keyManagerType, trustManagerType, protocol, keyStoreType, keyStore, keyStorePassword, trustKeyStoreType, trustKeyStore, trustKeyStorePassword).getSocketFactory().createSocket();
            sSLSocket.setEnabledProtocols(new String[]{protocol});
            ArrayList arrayList = new ArrayList();
            String[] supportedCipherSuites = sSLSocket.getSupportedCipherSuites();
            if (includeCipherSuiteFilter != null && !includeCipherSuiteFilter.equals("")) {
                for (String str : supportedCipherSuites) {
                    if (isMatch(includeCipherSuiteFilter, str)) {
                        arrayList.add(str);
                    }
                }
                supportedCipherSuites = (String[]) arrayList.toArray(new String[0]);
            }
            if (excludeCipherSuiteFilter != null && !excludeCipherSuiteFilter.equals("")) {
                arrayList.clear();
                for (String str2 : supportedCipherSuites) {
                    if (!isMatch(excludeCipherSuiteFilter, str2)) {
                        arrayList.add(str2);
                    }
                }
            }
            if (!arrayList.isEmpty()) {
                sSLSocket.setEnabledCipherSuites((String[]) arrayList.toArray(new String[0]));
            }
            return sSLSocket;
        } catch (Exception e) {
            throw new SocketException("Create SSLSocket error :" + e.getMessage(), e);
        }
    }

    private static boolean isMatch(String str, String str2) {
        return Pattern.matches(str, str2);
    }

    public static void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
        if (logger.isLoggable(Level.INFO)) {
            try {
                logger.info("Use SSL protocol is " + handshakeCompletedEvent.getSession().getProtocol());
                logger.info("Use SSL cipher suite is " + handshakeCompletedEvent.getSession().getCipherSuite());
                X509Certificate x509Certificate = (X509Certificate) handshakeCompletedEvent.getPeerCertificates()[0];
                logger.info("Server certificate issuer is " + x509Certificate.getIssuerDN());
                logger.info("Server certificate subject is " + x509Certificate.getSubjectDN());
                X509Certificate x509Certificate2 = (X509Certificate) handshakeCompletedEvent.getLocalCertificates()[0];
                logger.info("Client certificate issuer is " + x509Certificate2.getIssuerDN());
                logger.info("Client certificate subject is " + x509Certificate2.getSubjectDN());
            } catch (SSLPeerUnverifiedException e) {
                if (logger.isLoggable(Level.SEVERE)) {
                    logger.severe("Get Server certifiacte error: " + e.getMessage());
                }
            }
        }
    }

    private static void loadJsseAndJce(String str, String str2) throws SocketException {
        Provider provider = null;
        if (str2.equals("CommonJCE") && Security.getProvider(str2) == null) {
            try {
                Class<?> cls = Class.forName("com.common.jce.provider.CommonProvider");
                if (cls == null) {
                    throw new SocketException("Init CommonJCE instance failed,the object is null.");
                }
                provider = (Provider) cls.getConstructor(String.class, String.class).newInstance(null, null);
                Security.addProvider(provider);
                System.setProperty("COMMON.SSL", "TRUE");
            } catch (Exception e) {
                throw new SocketException("Init CommonJCE instance failed", e);
            }
        }
        if (str.equals("SwxaJSSE") && Security.getProvider(str) == null && provider != null) {
            try {
                Class<?> cls2 = Class.forName("com.sansec.tlcp.jsse.provider.SwxaJsseProvider");
                if (cls2 == null) {
                    throw new SocketException("Init SwxaJSSE instance failed,the object is null");
                }
                Security.addProvider((Provider) cls2.getConstructor(Provider.class).newInstance(provider));
            } catch (Exception e2) {
                throw new SocketException("Init SwxaJSSE instance failed", e2);
            }
        }
    }
}
