package org.openeuler.tomcat;

import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.SSLUtil;
import org.apache.tomcat.util.net.jsse.JSSEImplementation;

/* loaded from: input_file:org/openeuler/tomcat/GMJSSEImplementation.class */
public class GMJSSEImplementation extends JSSEImplementation {
    private static final String GM_PROTOCOL = "GMTLS";
    private static final String SEPARATOR = ":|,| ";
    private static final String HIGH = "HIGH";
    private static final String EXCLUDE = "!";
    private static final String DELETE = "-";
    private static final String ALL = "ALL";
    private Set<String> explicitlyRequestedProtocols;
    private static final Log log = LogFactory.getLog(GMJSSEImplementation.class);
    private static final Set<String> GM_CIPHERS_NAME_SET = new HashSet();
    private static final Map<String, List<String>> ALIAS_MAP = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/openeuler/tomcat/GMJSSEImplementation$GMCipher.class */
    public enum GMCipher {
        ECC_SM4_CBC_SM3("ECC_SM4_CBC_SM3", "ECC_SM4_SM3", GMCipherGroup.GM_ECC),
        ECDHE_SM4_CBC_SM3("ECDHE_SM4_CBC_SM3", "ECDHE_SM4_SM3", GMCipherGroup.GM_ECDHE),
        ECC_SM4_GCM_SM3("ECC_SM4_GCM_SM3", GMCipherGroup.GM_ECC),
        ECDHE_SM4_GCM_SM3("ECDHE_SM4_GCM_SM3", GMCipherGroup.GM_ECDHE);

        final String cipherName;
        final String aliasCipherName;
        final GMCipherGroup cipherGroup;

        GMCipher(String str, GMCipherGroup gMCipherGroup) {
            this(str, "", gMCipherGroup);
        }

        GMCipher(String str, String str2, GMCipherGroup gMCipherGroup) {
            this.cipherName = str;
            this.aliasCipherName = str2;
            this.cipherGroup = gMCipherGroup;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/openeuler/tomcat/GMJSSEImplementation$GMCipherGroup.class */
    public enum GMCipherGroup {
        GM_ECC,
        GM_ECDHE
    }

    private static void initGMCiphersNameSetAndAliasMap() {
        for (GMCipher gMCipher : GMCipher.values()) {
            GM_CIPHERS_NAME_SET.add(gMCipher.cipherName);
            ALIAS_MAP.computeIfAbsent(gMCipher.cipherName, str -> {
                return new ArrayList();
            }).add(gMCipher.cipherName);
            if (!gMCipher.aliasCipherName.isEmpty()) {
                ALIAS_MAP.computeIfAbsent(gMCipher.aliasCipherName, str2 -> {
                    return new ArrayList();
                }).add(gMCipher.cipherName);
            }
            ALIAS_MAP.computeIfAbsent(gMCipher.cipherGroup.name(), str3 -> {
                return new ArrayList();
            }).add(gMCipher.cipherName);
        }
    }

    public SSLUtil getSSLUtil(SSLHostConfigCertificate sSLHostConfigCertificate) {
        SSLHostConfig sSLHostConfig = sSLHostConfigCertificate.getSSLHostConfig();
        initGMProtocol(sSLHostConfig);
        initGMCipherSuites(sSLHostConfig);
        return new GMJSSEUtil(sSLHostConfigCertificate);
    }

    private void initGMProtocol(SSLHostConfig sSLHostConfig) {
        if (needAddGMProtocol(sSLHostConfig)) {
            sSLHostConfig.getProtocols().add(GM_PROTOCOL);
        }
    }

    private Set<String> getExplicitlyRequestedProtocol(SSLHostConfig sSLHostConfig) {
        if (this.explicitlyRequestedProtocols != null) {
            return this.explicitlyRequestedProtocols;
        }
        try {
            Field declaredField = sSLHostConfig.getClass().getDeclaredField("explicitlyRequestedProtocols");
            declaredField.setAccessible(true);
            this.explicitlyRequestedProtocols = (Set) declaredField.get(sSLHostConfig);
            declaredField.setAccessible(false);
            return this.explicitlyRequestedProtocols;
        } catch (IllegalAccessException | NoSuchFieldException e) {
            throw new RuntimeException("getExplicitlyRequestedProtocol failed", e);
        }
    }

    private boolean needAddGMProtocol(SSLHostConfig sSLHostConfig) {
        return getExplicitlyRequestedProtocol(sSLHostConfig).isEmpty();
    }

    private void initGMCipherSuites(SSLHostConfig sSLHostConfig) {
        Set<String> parseCiphers = parseCiphers(sSLHostConfig.getCiphers());
        sSLHostConfig.getJsseCipherNames().addAll(parseCiphers);
        log.info("gmCiphers = " + parseCiphers);
    }

    private Set<String> parseCiphers(String str) {
        String[] split = str.split(SEPARATOR);
        Set<String> hashSet = new HashSet<>();
        Set<String> hashSet2 = new HashSet<>();
        for (String str2 : split) {
            parseCipher(str2, hashSet, hashSet2);
        }
        hashSet.removeAll(hashSet2);
        log.info("Remove cipher suites : " + hashSet2);
        return hashSet;
    }

    private void parseCipher(String str, Set<String> set, Set<String> set2) {
        if (ALIAS_MAP.containsKey(str)) {
            List<String> list = ALIAS_MAP.get(str);
            set.addAll(list);
            log.info("Add cipher suites : " + list);
            return;
        }
        if (str.equals(HIGH) || str.equals(ALL)) {
            set.addAll(GM_CIPHERS_NAME_SET);
            log.info("Add cipher suites :" + GM_CIPHERS_NAME_SET);
            return;
        }
        if (!str.startsWith(DELETE)) {
            if (str.startsWith(EXCLUDE)) {
                String substring = str.substring(1);
                if (ALIAS_MAP.containsKey(substring)) {
                    set2.addAll(ALIAS_MAP.get(substring));
                    return;
                }
                return;
            }
            return;
        }
        String substring2 = str.substring(1);
        if (ALIAS_MAP.containsKey(substring2)) {
            List<String> list2 = ALIAS_MAP.get(substring2);
            set.getClass();
            list2.forEach((v1) -> {
                r1.remove(v1);
            });
            log.info("Remove cipher suites : " + list2);
        }
    }

    static {
        initGMCiphersNameSetAndAliasMap();
    }
}
