package com.fisec.jsse.provider.test;

import ch.qos.logback.core.net.ssl.SSL;
import com.fisec.cosignsdk.bean.Constants;
import com.fisec.jsse.provider.test.TestProtocolUtil;
import fisec.i;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.concurrent.CountDownLatch;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
import junit.framework.TestCase;
import org.junit.Assert;

/* loaded from: classes2.dex */
public class BasicClientAuthGMSSLTest extends TestCase {
    public static final String HOST = "localhost";
    public static final int PORT_NO_ACCEPTED = 9019;
    public static final int PORT_NO_REJECTED = 9020;

    /* loaded from: classes2.dex */
    public static class ClientAuthAcceptedClient implements TestProtocolUtil.BlockingCallable {
        public final char[] clientKeyPass;
        public final KeyStore clientStore;
        public final CountDownLatch latch;
        public final KeyStore trustStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);

        public ClientAuthAcceptedClient(KeyStore keyStore, char[] cArr, X509Certificate x509Certificate) {
            this.trustStore.load(null, Constants.operaPin.toCharArray());
            this.trustStore.setCertificateEntry("serverCa", x509Certificate);
            this.clientStore = keyStore;
            this.clientKeyPass = cArr;
            this.latch = new CountDownLatch(1);
        }

        @Override // com.fisec.jsse.provider.test.TestProtocolUtil.BlockingCallable
        public void await() {
            this.latch.await();
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.concurrent.Callable
        public Exception call() {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX", "FMJSSE");
                trustManagerFactory.init(this.trustStore);
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("PKIX", "FMJSSE");
                keyManagerFactory.init(this.clientStore, this.clientKeyPass);
                SSLContext sSLContext = SSLContext.getInstance("GMSSL", "FMJSSE");
                sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), SecureRandom.getInstance("TrueRandom", ProviderUtils.PROVIDER_NAME_FMJCE));
                SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket("localhost", 9019);
                sSLSocket.setEnabledCipherSuites(new String[]{"ECDHE_SM4_SM3"});
                SSLSession session = sSLSocket.getSession();
                TestCase.assertNotNull(session);
                Assert.assertNotEquals("SSL_NULL_WITH_NULL_NULL", session.getCipherSuite());
                TestProtocolUtil.doClientProtocol(sSLSocket, "Hello");
                this.latch.countDown();
                return null;
            } catch (Throwable th) {
                this.latch.countDown();
                throw th;
            }
        }
    }

    /* loaded from: classes2.dex */
    public static class ClientAuthRejectedClient implements TestProtocolUtil.BlockingCallable {
        public final CountDownLatch latch;
        public final KeyStore trustStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);

        public ClientAuthRejectedClient(X509Certificate x509Certificate) {
            this.trustStore.load(null, Constants.operaPin.toCharArray());
            this.trustStore.setCertificateEntry("serverCa", x509Certificate);
            this.latch = new CountDownLatch(1);
        }

        @Override // com.fisec.jsse.provider.test.TestProtocolUtil.BlockingCallable
        public void await() {
            this.latch.await();
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.concurrent.Callable
        public Exception call() {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX", "FMJSSE");
                trustManagerFactory.init(this.trustStore);
                SSLContext sSLContext = SSLContext.getInstance("GMSSL", "FMJSSE");
                sSLContext.init(null, trustManagerFactory.getTrustManagers(), SecureRandom.getInstance("TrueRandom", ProviderUtils.PROVIDER_NAME_FMJCE));
                SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket("localhost", BasicClientAuthGMSSLTest.PORT_NO_REJECTED);
                sSLSocket.setEnabledCipherSuites(new String[]{i.f13370a});
                SSLSession session = sSLSocket.getSession();
                TestCase.assertNotNull(session);
                Assert.assertNotEquals("SSL_NULL_WITH_NULL_NULL", session.getCipherSuite());
                TestCase.assertNull(session.getLocalPrincipal());
                TestProtocolUtil.doClientProtocol(sSLSocket, "Hello");
                return null;
            } finally {
                this.latch.countDown();
            }
        }
    }

    /* loaded from: classes2.dex */
    public static class ClientAuthServer implements TestProtocolUtil.BlockingCallable {
        public final char[] keyPass;
        public final CountDownLatch latch;
        public final boolean needClientAuth;
        public final int port;
        public final KeyStore serverStore;
        public final KeyStore trustStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);

        public ClientAuthServer(int i, boolean z, KeyStore keyStore, char[] cArr, X509Certificate x509Certificate) {
            this.port = i;
            this.needClientAuth = z;
            this.serverStore = keyStore;
            this.keyPass = cArr;
            this.trustStore.load(null, Constants.operaPin.toCharArray());
            this.trustStore.setCertificateEntry("clientCa", x509Certificate);
            this.latch = new CountDownLatch(1);
        }

        @Override // com.fisec.jsse.provider.test.TestProtocolUtil.BlockingCallable
        public void await() {
            this.latch.await();
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.concurrent.Callable
        public Exception call() {
            try {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("PKIX", "FMJSSE");
                keyManagerFactory.init(this.serverStore, this.keyPass);
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX", "FMJSSE");
                trustManagerFactory.init(this.trustStore);
                SSLContext sSLContext = SSLContext.getInstance("GMSSL", "FMJSSE");
                sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), SecureRandom.getInstance("TrueRandom", ProviderUtils.PROVIDER_NAME_FMJCE));
                SSLServerSocket sSLServerSocket = (SSLServerSocket) sSLContext.getServerSocketFactory().createServerSocket(this.port);
                SSLUtils.enableAll(sSLServerSocket);
                if (this.needClientAuth) {
                    sSLServerSocket.setNeedClientAuth(true);
                } else {
                    sSLServerSocket.setWantClientAuth(true);
                }
                this.latch.countDown();
                SSLSocket sSLSocket = (SSLSocket) sSLServerSocket.accept();
                SSLSession session = sSLSocket.getSession();
                TestCase.assertNotNull(session);
                Assert.assertNotEquals("SSL_NULL_WITH_NULL_NULL", session.getCipherSuite());
                if (!this.needClientAuth) {
                    try {
                        session.getPeerPrincipal();
                        Assert.fail();
                    } catch (SSLPeerUnverifiedException unused) {
                    }
                }
                TestProtocolUtil.doServerProtocol(sSLSocket, "World");
                sSLSocket.close();
                sSLServerSocket.close();
                this.latch.countDown();
                return null;
            } catch (Throwable th) {
                this.latch.countDown();
                throw th;
            }
        }
    }

    public void setUp() {
        ProviderUtils.setupLowPriority(false);
    }

    public void testClientAuthAccepted() {
        char[] charArray = "keyPassword".toCharArray();
        PrivateKey priKeyFromASN1 = TestUtils.getPriKeyFromASN1("pem/eccsignsitekey.pem");
        X509Certificate certFromPem = TestUtils.getCertFromPem("pem/eccsignsite.pem");
        PrivateKey priKeyFromASN12 = TestUtils.getPriKeyFromASN1("pem/eccencsitekey.pem");
        X509Certificate certFromPem2 = TestUtils.getCertFromPem("pem/eccencsite.pem");
        X509Certificate certFromPem3 = TestUtils.getCertFromPem("pem/ca.pem");
        KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE, ProviderUtils.PROVIDER_NAME_FMJCE);
        keyStore.load(null, Constants.operaPin.toCharArray());
        keyStore.setKeyEntry("serverSign", priKeyFromASN1, charArray, new X509Certificate[]{certFromPem});
        keyStore.setKeyEntry("serverEnc", priKeyFromASN12, charArray, new X509Certificate[]{certFromPem2});
        PrivateKey priKeyFromASN13 = TestUtils.getPriKeyFromASN1("pem/eccsignuserkey.pem");
        X509Certificate certFromPem4 = TestUtils.getCertFromPem("pem/eccsignuser.pem");
        PrivateKey priKeyFromASN14 = TestUtils.getPriKeyFromASN1("pem/eccencuserkey.pem");
        X509Certificate certFromPem5 = TestUtils.getCertFromPem("pem/eccencuser.pem");
        KeyStore keyStore2 = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE, ProviderUtils.PROVIDER_NAME_FMJCE);
        keyStore2.load(null, Constants.operaPin.toCharArray());
        keyStore2.setKeyEntry("clientSign", priKeyFromASN13, charArray, new X509Certificate[]{certFromPem4});
        keyStore2.setKeyEntry("clientEnc", priKeyFromASN14, charArray, new X509Certificate[]{certFromPem5});
        TestProtocolUtil.runClientAndServer(new ClientAuthServer(9019, true, keyStore, charArray, certFromPem3), new ClientAuthAcceptedClient(keyStore2, charArray, certFromPem3));
    }

    public void testClientAuthRejected() {
        char[] charArray = "keyPassword".toCharArray();
        PrivateKey priKeyFromASN1 = TestUtils.getPriKeyFromASN1("pem/eccsignsitekey.pem");
        X509Certificate certFromPem = TestUtils.getCertFromPem("pem/eccsignsite.pem");
        PrivateKey priKeyFromASN12 = TestUtils.getPriKeyFromASN1("pem/eccencsitekey.pem");
        X509Certificate certFromPem2 = TestUtils.getCertFromPem("pem/eccencsite.pem");
        X509Certificate certFromPem3 = TestUtils.getCertFromPem("pem/ca.pem");
        KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE, ProviderUtils.PROVIDER_NAME_FMJCE);
        keyStore.load(null, Constants.operaPin.toCharArray());
        keyStore.setKeyEntry("serverSign", priKeyFromASN1, charArray, new X509Certificate[]{certFromPem});
        keyStore.setKeyEntry("serverEnc", priKeyFromASN12, charArray, new X509Certificate[]{certFromPem2});
        TestProtocolUtil.runClientAndServer(new ClientAuthServer(PORT_NO_REJECTED, false, keyStore, charArray, certFromPem3), new ClientAuthRejectedClient(certFromPem3));
    }
}
