package org.xipki.security;

import com.alibaba.fastjson.JSON;
import java.io.Closeable;
import java.io.IOException;
import java.security.Security;
import java.util.List;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.password.PasswordResolver;
import org.xipki.password.Passwords;
import org.xipki.security.pkcs11.P11CryptServiceFactory;
import org.xipki.security.pkcs11.P11CryptServiceFactoryImpl;
import org.xipki.security.pkcs11.P11ModuleFactoryRegisterImpl;
import org.xipki.security.pkcs11.P11SignerFactory;
import org.xipki.security.pkcs11.Pkcs11conf;
import org.xipki.security.pkcs11.emulator.EmulatorP11ModuleFactory;
import org.xipki.security.pkcs11.iaik.IaikP11ModuleFactory;
import org.xipki.security.pkcs11.proxy.ProxyP11ModuleFactory;
import org.xipki.security.pkcs12.P12SignerFactory;
import org.xipki.util.CollectionUtil;
import org.xipki.util.FileOrBinary;
import org.xipki.util.FileOrValue;
import org.xipki.util.InvalidConfException;
import org.xipki.util.ValidatableConf;

/* loaded from: input_file:WEB-INF/lib/security-5.2.0.jar:org/xipki/security/Securities.class */
public class Securities implements Closeable {
    private static final Logger LOG = LoggerFactory.getLogger(Securities.class);
    private P11ModuleFactoryRegisterImpl p11ModuleFactoryRegister;
    private P11CryptServiceFactoryImpl p11CryptServiceFactory;
    private SecurityFactoryImpl securityFactory;

    /* loaded from: input_file:WEB-INF/lib/security-5.2.0.jar:org/xipki/security/Securities$KeystoreConf.class */
    public static class KeystoreConf extends ValidatableConf {
        private String type;
        private FileOrBinary keystore;
        private String password;

        public String getType() {
            return this.type;
        }

        public void setType(String str) {
            this.type = str;
        }

        public FileOrBinary getKeystore() {
            return this.keystore;
        }

        public void setKeystore(FileOrBinary fileOrBinary) {
            this.keystore = fileOrBinary;
        }

        public String getPassword() {
            return this.password;
        }

        public void setPassword(String str) {
            this.password = str;
        }

        @Override // org.xipki.util.ValidatableConf
        public void validate() throws InvalidConfException {
            notEmpty(this.type, "type");
            validate(this.keystore);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/security-5.2.0.jar:org/xipki/security/Securities$SecurityConf.class */
    public static class SecurityConf extends ValidatableConf {
        private boolean keyStrongrandomEnabled;
        private boolean signStrongrandomEnabled;
        private int defaultSignerParallelism = 32;
        private FileOrValue pkcs11Conf;
        private Passwords.PasswordConf password;
        public static final SecurityConf DEFAULT = new SecurityConf();
        private List<String> signerFactories;

        public boolean isKeyStrongrandomEnabled() {
            return this.keyStrongrandomEnabled;
        }

        public void setKeyStrongrandomEnabled(boolean z) {
            this.keyStrongrandomEnabled = z;
        }

        public boolean isSignStrongrandomEnabled() {
            return this.signStrongrandomEnabled;
        }

        public void setSignStrongrandomEnabled(boolean z) {
            this.signStrongrandomEnabled = z;
        }

        public int getDefaultSignerParallelism() {
            return this.defaultSignerParallelism;
        }

        public void setDefaultSignerParallelism(int i) {
            this.defaultSignerParallelism = i;
        }

        public FileOrValue getPkcs11Conf() {
            return this.pkcs11Conf;
        }

        public void setPkcs11Conf(FileOrValue fileOrValue) {
            this.pkcs11Conf = fileOrValue;
        }

        public Passwords.PasswordConf getPassword() {
            return this.password == null ? Passwords.PasswordConf.DEFAULT : this.password;
        }

        public void setPassword(Passwords.PasswordConf passwordConf) {
            this.password = passwordConf;
        }

        public List<String> getSignerFactories() {
            return this.signerFactories;
        }

        public void setSignerFactories(List<String> list) {
            this.signerFactories = list;
        }

        @Override // org.xipki.util.ValidatableConf
        public void validate() throws InvalidConfException {
            validate(this.password);
        }
    }

    public SecurityFactory getSecurityFactory() {
        return this.securityFactory;
    }

    public P11CryptServiceFactory getP11CryptServiceFactory() {
        return this.p11CryptServiceFactory;
    }

    public void init() throws IOException, InvalidConfException {
        init(null);
    }

    public void init(SecurityConf securityConf) throws IOException, InvalidConfException {
        if (Security.getProvider("BC") == null) {
            LOG.info("add BouncyCastleProvider");
            Security.addProvider(new BouncyCastleProvider());
        } else {
            LOG.info("BouncyCastleProvider already added");
        }
        if (securityConf == null) {
            securityConf = SecurityConf.DEFAULT;
        }
        initSecurityFactory(securityConf);
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        if (this.p11ModuleFactoryRegister != null) {
            try {
                this.p11ModuleFactoryRegister.close();
            } catch (Throwable th) {
                LOG.error("error while closing P11ModuleFactoryRegister", th);
            }
            this.p11ModuleFactoryRegister = null;
        }
        if (this.p11CryptServiceFactory != null) {
            try {
                this.p11CryptServiceFactory.close();
            } catch (Throwable th2) {
                LOG.error("error while closing P11CryptServiceFactory", th2);
            }
            this.p11CryptServiceFactory = null;
        }
    }

    private void initSecurityFactory(SecurityConf securityConf) throws IOException, InvalidConfException {
        Passwords passwords = new Passwords();
        passwords.init(securityConf.getPassword());
        this.securityFactory = new SecurityFactoryImpl();
        this.securityFactory.setStrongRandom4SignEnabled(securityConf.isSignStrongrandomEnabled());
        this.securityFactory.setStrongRandom4KeyEnabled(securityConf.isKeyStrongrandomEnabled());
        this.securityFactory.setDefaultSignerParallelism(securityConf.getDefaultSignerParallelism());
        SignerFactoryRegisterImpl signerFactoryRegisterImpl = new SignerFactoryRegisterImpl();
        this.securityFactory.setSignerFactoryRegister(signerFactoryRegisterImpl);
        this.securityFactory.setPasswordResolver(passwords.getPasswordResolver());
        initSecurityPkcs12(signerFactoryRegisterImpl);
        if (securityConf.getPkcs11Conf() != null) {
            initSecurityPkcs11(securityConf.getPkcs11Conf(), signerFactoryRegisterImpl, passwords.getPasswordResolver());
        }
        if (CollectionUtil.isNonEmpty(securityConf.getSignerFactories())) {
            for (String str : securityConf.getSignerFactories()) {
                try {
                    signerFactoryRegisterImpl.registFactory((SignerFactory) Class.forName(str).newInstance());
                } catch (ClassCastException | ClassNotFoundException | IllegalAccessException | InstantiationException e) {
                    throw new InvalidConfException("error caught while initializing SignerFactory " + str + ": " + e.getClass().getName() + ": " + e.getMessage(), e);
                }
            }
        }
    }

    private void initSecurityPkcs12(SignerFactoryRegisterImpl signerFactoryRegisterImpl) throws IOException {
        P12SignerFactory p12SignerFactory = new P12SignerFactory();
        p12SignerFactory.setSecurityFactory(this.securityFactory);
        signerFactoryRegisterImpl.registFactory(p12SignerFactory);
    }

    private void initSecurityPkcs11(FileOrValue fileOrValue, SignerFactoryRegisterImpl signerFactoryRegisterImpl, PasswordResolver passwordResolver) throws InvalidConfException {
        this.p11ModuleFactoryRegister = new P11ModuleFactoryRegisterImpl();
        this.p11ModuleFactoryRegister.registFactory(new EmulatorP11ModuleFactory());
        this.p11ModuleFactoryRegister.registFactory(new IaikP11ModuleFactory());
        this.p11ModuleFactoryRegister.registFactory(new ProxyP11ModuleFactory());
        this.p11CryptServiceFactory = new P11CryptServiceFactoryImpl();
        this.p11CryptServiceFactory.setP11ModuleFactoryRegister(this.p11ModuleFactoryRegister);
        this.p11CryptServiceFactory.setPasswordResolver(passwordResolver);
        try {
            this.p11CryptServiceFactory.setPkcs11Conf((Pkcs11conf) JSON.parseObject(fileOrValue.readContent(), Pkcs11conf.class));
            this.p11CryptServiceFactory.init();
            P11SignerFactory p11SignerFactory = new P11SignerFactory();
            p11SignerFactory.setSecurityFactory(this.securityFactory);
            p11SignerFactory.setP11CryptServiceFactory(this.p11CryptServiceFactory);
            signerFactoryRegisterImpl.registFactory(p11SignerFactory);
        } catch (IOException e) {
            throw new InvalidConfException("could not create P11Conf: " + e.getMessage(), e);
        }
    }
}
