package omm.south.client;

import omm.thrift.transport.ThriftSSLTransportFactory;
import org.apache.thrift.TServiceClient;
import org.apache.thrift.protocol.TBinaryProtocol;
import org.apache.thrift.protocol.TProtocol;
import org.apache.thrift.transport.TTransport;
import org.apache.thrift.transport.TTransportException;
import org.wcc.framework.AppProperties;
import org.wcc.framework.AppRuntimeException;
import org.wcc.framework.log.AppLogger;
import org.wcc.framework.util.encrypt.Crypter;
import org.wcc.framework.util.encrypt.CrypterFactory;

/* loaded from: input_file:omm/south/client/ThriftSSLClient.class */
public class ThriftSSLClient extends AbstractClient {
    private static final AppLogger LOG = AppLogger.getInstance(ThriftSSLClient.class);
    private static final String[] SSL_CIPHERS = {"TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"};
    private static final String[] SSL_PROTOCOL = {"TLS", "TLSv1", "TLSv1.1", "TLSv1.2"};
    private static String keyStore = AppProperties.get("KeyStore");
    private static String keySequence = AppProperties.get("KeySequence");
    private static String trustStore = AppProperties.get("TrustStore");
    private static String trustSequence = AppProperties.get("TrustSequence");
    private static String protocol = AppProperties.get("tls_protocol", "TLS");
    private TTransport transport;

    public ThriftSSLClient(String str, int i, Class<? extends TServiceClient> cls) {
        super(str, i, cls);
        this.transport = null;
    }

    private boolean isVaildProtocol(String str) {
        if (null == str || str.trim().isEmpty()) {
            return false;
        }
        for (String str2 : SSL_PROTOCOL) {
            if (str2.equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // omm.south.client.AbstractClient
    public TServiceClient open(int i, int i2) throws ThriftClientException {
        try {
            if (null == keyStore || null == keySequence) {
                throw new IllegalArgumentException("serverKeyStore or serverKeySequence is null");
            }
            if (null == trustStore || null == trustSequence) {
                throw new IllegalArgumentException("clientTrustStore or clientTrustSequence is null");
            }
            if (!isVaildProtocol(protocol)) {
                throw new IllegalArgumentException("protocol is invaild.");
            }
            Crypter crypter = CrypterFactory.getCrypter("AES_CBC");
            String decryptByRootKey = crypter.decryptByRootKey(keySequence);
            String decryptByRootKey2 = crypter.decryptByRootKey(trustSequence);
            ThriftSSLTransportFactory.TSSLTransportParameters tSSLTransportParameters = new ThriftSSLTransportFactory.TSSLTransportParameters(protocol, SSL_CIPHERS, true);
            tSSLTransportParameters.setKeyStore(keyStore, decryptByRootKey);
            tSSLTransportParameters.setTrustStore(trustStore, decryptByRootKey2);
            tSSLTransportParameters.requireClientAuth(true);
            LOG.info("protocol type:" + protocol);
            this.transport = ThriftSSLTransportFactory.getClientSocket(getIp(), getPort(), i2, tSSLTransportParameters);
            return getClientClass().getConstructor(TProtocol.class).newInstance(new TBinaryProtocol(this.transport));
        } catch (AppRuntimeException e) {
            LOG.error("Failed to decrypt:", e);
            throw new ThriftClientException((Throwable) e);
        } catch (TTransportException e2) {
            LOG.error("Failed to getClientSocket", e2);
            throw new ThriftClientException((Throwable) e2);
        } catch (Exception e3) {
            LOG.error(e3);
            throw new ThriftClientException(e3);
        }
    }

    @Override // omm.south.client.AbstractClient
    public void close() {
        if (this.transport != null) {
            this.transport.close();
        }
    }
}
