package com.yqbsoft.laser.service.hw.saas.utils;

import java.net.HttpURLConnection;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Locale;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.prng.SP800SecureRandomBuilder;
import org.openeuler.BGMProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yqbsoft/laser/service/hw/saas/utils/SSLCipherSuiteUtil.class */
public class SSLCipherSuiteUtil {
    private static final Logger LOGGER = LoggerFactory.getLogger(SSLCipherSuiteUtil.class);
    private static CloseableHttpClient httpClient;
    private static OkHttpClient okHttpClient;
    private static final int CIPHER_LEN = 256;
    private static final int ENTROPY_BITS_REQUIRED = 384;

    /* loaded from: input_file:com/yqbsoft/laser/service/hw/saas/utils/SSLCipherSuiteUtil$TrustAllHostnameVerifier.class */
    private static class TrustAllHostnameVerifier implements HostnameVerifier {
        private TrustAllHostnameVerifier() {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/yqbsoft/laser/service/hw/saas/utils/SSLCipherSuiteUtil$TrustAllManager.class */
    public static class TrustAllManager implements X509TrustManager {
        private X509Certificate[] issuers = new X509Certificate[0];

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.issuers;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }
    }

    public static HttpClient createHttpClient(String str) throws Exception {
        httpClient = HttpClients.custom().setSSLSocketFactory(new SSLConnectionSocketFactory(getSslContext(str), new String[]{str}, Constant.SUPPORTED_CIPHER_SUITES, new TrustAllHostnameVerifier())).build();
        return httpClient;
    }

    public static OkHttpClient createOkHttpClient(String str) throws Exception {
        okHttpClient = new OkHttpClient.Builder().sslSocketFactory(getSslContext(str).getSocketFactory(), new TrustAllManager()).hostnameVerifier(new TrustAllHostnameVerifier()).connectTimeout(10L, TimeUnit.SECONDS).readTimeout(60L, TimeUnit.SECONDS).build();
        return okHttpClient;
    }

    public static HttpURLConnection createHttpsOrHttpURLConnection(URL url, String str) throws Exception {
        if (!url.getProtocol().toUpperCase(Locale.getDefault()).equals(Constant.HTTPS)) {
            return (HttpURLConnection) url.openConnection();
        }
        SSLContext sslContext = getSslContext(str);
        HttpsURLConnection.setDefaultHostnameVerifier(new TrustAllHostnameVerifier());
        HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
        return (HttpsURLConnection) url.openConnection();
    }

    private static SSLContext getSslContext(String str) throws UnsupportProtocolException, NoSuchAlgorithmException, NoSuchProviderException, KeyManagementException {
        if (!Constant.GM_PROTOCOL.equals(str) && !Constant.INTERNATIONAL_PROTOCOL.equals(str)) {
            LOGGER.info("Unsupport protocol: {}, Only support GMTLS TLSv1.2", str);
            throw new UnsupportProtocolException("Unsupport protocol, Only support GMTLS TLSv1.2");
        }
        TrustAllManager[] trustAllManagerArr = {new TrustAllManager()};
        SSLContext sSLContext = SSLContext.getInstance(Constant.INTERNATIONAL_PROTOCOL, "SunJSSE");
        if (Constant.GM_PROTOCOL.equals(str)) {
            Security.insertProviderAt(new BGMProvider(), 1);
            sSLContext = SSLContext.getInstance(Constant.GM_PROTOCOL, "BGMProvider");
        }
        sSLContext.init(null, trustAllManagerArr, getSecureRandom());
        sSLContext.getServerSessionContext().setSessionCacheSize(8192);
        sSLContext.getServerSessionContext().setSessionTimeout(3600);
        return sSLContext;
    }

    private static SecureRandom getSecureRandom() {
        try {
            SecureRandom instanceStrong = SecureRandom.getInstanceStrong();
            return new SP800SecureRandomBuilder(instanceStrong, true).setEntropyBitsRequired(ENTROPY_BITS_REQUIRED).buildCTR(new AESEngine(), CIPHER_LEN, (byte[]) null, false);
        } catch (NoSuchAlgorithmException e) {
            LOGGER.error("get SecureRandom failed", e);
            throw new RuntimeException("get SecureRandom failed");
        }
    }
}
