package org.xipki.security.pkcs11;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.parser.Feature;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.password.PasswordResolver;
import org.xipki.security.XiSecurityException;
import org.xipki.security.pkcs11.Pkcs11conf;
import org.xipki.util.IoUtil;
import org.xipki.util.StringUtil;
import org.xipki.util.exception.InvalidConfException;

/* loaded from: input_file:WEB-INF/lib/security-6.0.0.jar:org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.class */
public class P11CryptServiceFactoryImpl implements P11CryptServiceFactory {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) P11CryptServiceFactoryImpl.class);
    private static final Map<String, P11CryptService> services = new HashMap();
    private PasswordResolver passwordResolver;
    private Map<String, P11ModuleConf> moduleConfs;
    private Set<String> moduleNames;
    private String pkcs11ConfFile;
    private Pkcs11conf pkcs11Conf;
    private final P11ModuleFactoryRegister p11ModuleFactoryRegister;

    public P11CryptServiceFactoryImpl(P11ModuleFactoryRegister p11ModuleFactoryRegister) {
        this.p11ModuleFactoryRegister = p11ModuleFactoryRegister;
    }

    public synchronized void init() throws InvalidConfException {
        if (this.moduleConfs != null) {
            return;
        }
        if (this.pkcs11Conf == null && StringUtil.isBlank(this.pkcs11ConfFile)) {
            LOG.error("neither pkcs11Conf nor pkcs11ConfFile is configured, could not initialize");
            return;
        }
        if (this.pkcs11Conf == null) {
            try {
                InputStream newInputStream = Files.newInputStream(Paths.get(this.pkcs11ConfFile, new String[0]), new OpenOption[0]);
                Throwable th = null;
                try {
                    this.pkcs11Conf = (Pkcs11conf) JSON.parseObject(newInputStream, Pkcs11conf.class, new Feature[0]);
                    this.pkcs11Conf.validate();
                    if (newInputStream != null) {
                        if (0 != 0) {
                            try {
                                newInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newInputStream.close();
                        }
                    }
                } finally {
                }
            } catch (IOException e) {
                throw new InvalidConfException("could not create P11Conf: " + e.getMessage(), e);
            }
        }
        try {
            List<Pkcs11conf.Module> modules = this.pkcs11Conf.getModules();
            List<Pkcs11conf.MechanismSet> mechanismSets = this.pkcs11Conf.getMechanismSets();
            HashMap hashMap = new HashMap();
            Iterator<Pkcs11conf.Module> it = modules.iterator();
            while (it.hasNext()) {
                P11ModuleConf p11ModuleConf = new P11ModuleConf(it.next(), mechanismSets, this.passwordResolver);
                hashMap.put(p11ModuleConf.getName(), p11ModuleConf);
            }
            if (!hashMap.containsKey(P11CryptServiceFactory.DEFAULT_P11MODULE_NAME)) {
                throw new InvalidConfException("module 'default' is not defined");
            }
            this.moduleConfs = Collections.unmodifiableMap(hashMap);
            this.moduleNames = Collections.unmodifiableSet(new HashSet(hashMap.keySet()));
        } catch (RuntimeException e2) {
            throw new InvalidConfException("could not create P11Conf: " + e2.getMessage(), e2);
        }
    }

    @Override // org.xipki.security.pkcs11.P11CryptServiceFactory
    public synchronized P11CryptService getP11CryptService(String str) throws XiSecurityException, P11TokenException {
        try {
            init();
            if (this.moduleConfs == null) {
                throw new IllegalStateException("please set pkcs11ConfFile and then call init() first");
            }
            String moduleName = getModuleName(str);
            P11ModuleConf p11ModuleConf = this.moduleConfs.get(moduleName);
            if (p11ModuleConf == null) {
                throw new XiSecurityException("PKCS#11 module " + moduleName + " is not defined");
            }
            P11CryptService p11CryptService = services.get(moduleName);
            if (p11CryptService == null) {
                p11CryptService = new P11CryptService(this.p11ModuleFactoryRegister.getP11Module(p11ModuleConf));
                LOG.info("added PKCS#11 module {}\n{}", moduleName, p11CryptService.getModule().getDescription());
                services.put(moduleName, p11CryptService);
            }
            return p11CryptService;
        } catch (InvalidConfException e) {
            throw new IllegalStateException("could not initialize P11CryptServiceFactory: " + e.getMessage(), e);
        }
    }

    private String getModuleName(String str) {
        return str == null ? P11CryptServiceFactory.DEFAULT_P11MODULE_NAME : str;
    }

    public void setPkcs11ConfFile(String str) {
        if (StringUtil.isBlank(str)) {
            this.pkcs11ConfFile = null;
        } else {
            this.pkcs11ConfFile = IoUtil.expandFilepath(str);
        }
        this.pkcs11Conf = null;
    }

    public void setPkcs11Conf(Pkcs11conf pkcs11conf) throws InvalidConfException {
        if (pkcs11conf != null) {
            pkcs11conf.validate();
        }
        this.pkcs11Conf = pkcs11conf;
        this.pkcs11ConfFile = null;
    }

    public void setPasswordResolver(PasswordResolver passwordResolver) {
        this.passwordResolver = passwordResolver;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        services.clear();
    }

    @Override // org.xipki.security.pkcs11.P11CryptServiceFactory
    public Set<String> getModuleNames() {
        try {
            init();
            return this.moduleNames;
        } catch (InvalidConfException e) {
            throw new IllegalStateException("could not initialize P11CryptServiceFactory: " + e.getMessage(), e);
        }
    }
}
