package com.xdja.pki.ca.certmanager.service.kms;

import com.sansec.asn1.ASN1Integer;
import com.sansec.ca2kmc.bean.KMCKey;
import com.sansec.ca2kmc.ca.CA2KMC;
import com.xdja.pki.ca.certmanager.service.kms.bean.ResponseBean;
import com.xdja.pki.ca.certmanager.service.kms.ca.CaRequest;
import com.xdja.pki.ca.certmanager.service.kms.ca.CaRequestGenerator;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.configBasic.bean.KmConfigBean;
import com.xdja.pki.ca.core.exception.KMCException;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.gmssl.core.utils.GMSSLByteArrayUtils;
import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Random;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERTaggedObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.env.Environment;

/* loaded from: input_file:com/xdja/pki/ca/certmanager/service/kms/KmsServiceImpl.class */
public class KmsServiceImpl implements KmsService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private Environment env;

    @Value("${config.path}")
    private String configPath;

    public ResponseBean applyEncKey(CaInfoVO caInfoVO, BigInteger bigInteger, PublicKey publicKey, Date date, Date date2, String str, String str2, String str3, int i, String str4, String str5) throws KMCException {
        this.logger.debug("收到向密管系统申请公私钥对请求,encSn = " + bigInteger);
        int intValue = Integer.valueOf(String.valueOf(bigInteger.longValue() - 268435456)).intValue();
        if (intValue < 0) {
            intValue = getRandomInt();
        }
        this.logger.info("applyEncKey>>>>>tastNo=" + intValue);
        try {
            KmConfigBean kmConfigBean = caInfoVO.getKmConfigBean();
            String str6 = this.configPath + "swxa/certs/ck/swxaComm.cer";
            this.logger.debug("kmCommCertPath:" + str6);
            this.logger.debug("KmCommCertFile:" + new File(str6).exists());
            X509Certificate certFromB64File = CertUtil.getCertFromB64File(new File(str6));
            this.logger.debug("获取KM通信证书:" + certFromB64File.getSubjectDN().toString());
            CaRequest createApplyKeyRequest = new CaRequestGenerator(certFromB64File, kmConfigBean.getKeyIndex().intValue(), kmConfigBean.getPrivateKeyPin()).createApplyKeyRequest(intValue, bigInteger, publicKey, date, date2, str, null, null, i, "SM4", "SM3");
            FileOutputStream fileOutputStream = new FileOutputStream("/home/a.asn1");
            fileOutputStream.write(createApplyKeyRequest.getEncoded());
            fileOutputStream.close();
            ASN1Integer aSN1Integer = new ASN1Integer(intValue);
            String str7 = this.configPath + "swxa/certs/ck/swxaCa.cer";
            String str8 = this.configPath + "swxa/SSL_Config.ini";
            this.logger.debug("kmSM2Path:" + str8);
            this.logger.debug("kmCaCertPath:" + str7);
            CA2KMC ca2kmc = new CA2KMC(kmConfigBean.getIp(), kmConfigBean.getPort().intValue(), CertUtil.getCertFromB64File(new File(str7)), str8);
            System.currentTimeMillis();
            KMCKey applyKey = ca2kmc.applyKey(aSN1Integer, createApplyKeyRequest.getEncoded());
            this.logger.info("密管系统申请公私钥对成功，sn:" + applyKey.getUserCertNo() + ",priKey=" + applyKey.getcPriKey() + ",pubKey=" + applyKey.getUserCertNo() + "taskNo," + applyKey.getTaskNo());
            return new ResponseBean(applyKey.getcPubKey(), applyKey.getcPriKey());
        } catch (Exception e) {
            this.logger.debug("向密管系统申请公私钥对请求处理失败,encSn = " + bigInteger);
            throw new ServiceException("申请公私钥失败", e);
        }
    }

    public void revokeEncKey(CaInfoVO caInfoVO, BigInteger bigInteger) throws KMCException {
        this.logger.debug("收到向密管系统撤销密钥请求，encSn=" + bigInteger);
        int intValue = Integer.valueOf(String.valueOf(bigInteger.longValue() - 268435456)).intValue();
        if (intValue < 0) {
            intValue = getRandomInt();
        }
        this.logger.info("applyEncKey>>>>>tastNo=" + intValue);
        try {
            KmConfigBean kmConfigBean = caInfoVO.getKmConfigBean();
            String str = this.configPath + "swxa/certs/ck/swxaComm.cer";
            this.logger.debug("kmCommCertPath:" + str);
            this.logger.debug("KmCommCertFile:" + new File(str).exists());
            X509Certificate certFromB64File = CertUtil.getCertFromB64File(new File(str));
            this.logger.debug("获取KM通信证书:" + certFromB64File.getSubjectDN().toString());
            CaRequest createRevokeKeyRequest = new CaRequestGenerator(certFromB64File, kmConfigBean.getKeyIndex().intValue(), kmConfigBean.getPrivateKeyPin()).createRevokeKeyRequest(intValue, bigInteger);
            FileOutputStream fileOutputStream = new FileOutputStream("/home/a.asn1");
            fileOutputStream.write(createRevokeKeyRequest.getEncoded());
            fileOutputStream.close();
            ASN1Integer aSN1Integer = new ASN1Integer(intValue);
            String str2 = this.configPath + "swxa/certs/ck/swxaCa.cer";
            String str3 = this.configPath + "swxa/SSL_Config.ini";
            this.logger.debug("kmSM2Path:" + str3);
            this.logger.debug("kmCaCertPath:" + str2);
            KMCKey revokeKey = new CA2KMC(kmConfigBean.getIp(), kmConfigBean.getPort().intValue(), CertUtil.getCertFromB64File(new File(str2)), str3).revokeKey(aSN1Integer, createRevokeKeyRequest.getEncoded());
            this.logger.debug("向密管系统撤销密钥请求处理成功，encSn=" + revokeKey.getUserCertNo() + ",taskNo=" + revokeKey.getTaskNo());
        } catch (Exception e) {
            this.logger.debug("向密管系统撤销密钥处理失败");
            throw new ServiceException("撤销密钥失败", e);
        }
    }

    public ResponseBean restoreEncKey(CaInfoVO caInfoVO, BigInteger bigInteger, PublicKey publicKey) throws Exception {
        this.logger.debug("收到向密管系统恢复公私钥对请求,encSn = " + bigInteger);
        int intValue = Integer.valueOf(String.valueOf(bigInteger.longValue() - 268435456)).intValue();
        if (intValue < 0) {
            intValue = getRandomInt();
        }
        this.logger.info("applyEncKey>>>>>tastNo=" + intValue);
        try {
            KmConfigBean kmConfigBean = caInfoVO.getKmConfigBean();
            String str = this.configPath + "swxa/certs/ck/swxaComm.cer";
            this.logger.debug("kmCommCertPath:" + str);
            this.logger.debug("KmCommCertFile:" + new File(str).exists());
            X509Certificate certFromB64File = CertUtil.getCertFromB64File(new File(str));
            this.logger.debug("获取KM通信证书:" + certFromB64File.getSubjectDN().toString());
            CaRequest createRestoreKeyRequest = new CaRequestGenerator(certFromB64File, kmConfigBean.getKeyIndex().intValue(), kmConfigBean.getPrivateKeyPin()).createRestoreKeyRequest(intValue, bigInteger, publicKey);
            FileOutputStream fileOutputStream = new FileOutputStream("/home/a.asn1");
            fileOutputStream.write(createRestoreKeyRequest.getEncoded());
            fileOutputStream.close();
            ASN1Integer aSN1Integer = new ASN1Integer(intValue);
            String str2 = this.configPath + "swxa/certs/ck/swxaCa.cer";
            String str3 = this.configPath + "swxa/SSL_Config.ini";
            this.logger.debug("kmSM2Path:" + str3);
            this.logger.debug("kmCaCertPath:" + str2);
            KMCKey restoreKey = new CA2KMC(kmConfigBean.getIp(), kmConfigBean.getPort().intValue(), CertUtil.getCertFromB64File(new File(str2)), str3).restoreKey(aSN1Integer, createRestoreKeyRequest.getEncoded());
            this.logger.info("密管系统恢复公私钥对成功，priKey=" + restoreKey.getcPriKey());
            return new ResponseBean(restoreKey.getcPubKey(), restoreKey.getcPriKey());
        } catch (Exception e) {
            this.logger.debug("向密管系统恢复公私钥对请求处理失败,encSn = " + bigInteger);
            throw new ServiceException("恢复公私钥失败", e);
        }
    }

    public int getRandomInt() {
        return (new Random().nextInt(20000) % ((20000 - 10) + 1)) + 10;
    }

    public PrivateKey getPriateKey() throws IOException {
        try {
            byte[] base64Decode = GMSSLByteArrayUtils.base64Decode("MHcCAQECIJQeTVOBAP+O0KxlX6GwQahQ8IwcjYKmUW2+5/TS3K3VoAoGCCqBHM9VAYItoUQDQgAEYpmyIhanq21Jnwede7PqQvw9c/DDR+jI8jd2ewTpvzsd9B85/hZyDXf3UMRQ1S8d7/cyWYgBjIasvy5LZuMQWw==");
            ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(base64Decode);
            GMSSLByteArrayUtils.printHexBinary((Logger) null, "decode", base64Decode);
            GMSSLByteArrayUtils.printHexBinary((Logger) null, "version", org.bouncycastle.asn1.ASN1Integer.getInstance(aSN1Sequence.getObjectAt(0)).getValue().toByteArray());
            byte[] byteArray = org.bouncycastle.asn1.ASN1Integer.getInstance(aSN1Sequence.getObjectAt(1)).getValue().toByteArray();
            GMSSLByteArrayUtils.printHexBinary((Logger) null, "sPrivateKey", byteArray);
            ASN1ObjectIdentifier aSN1ObjectIdentifier = ASN1ObjectIdentifier.getInstance(DERTaggedObject.getInstance(aSN1Sequence.getObjectAt(2)).getObject());
            GMSSLByteArrayUtils.printHexBinary((Logger) null, "objectIdentifier", aSN1ObjectIdentifier.getEncoded());
            System.out.println("id " + aSN1ObjectIdentifier.getId());
            GMSSLByteArrayUtils.printHexBinary((Logger) null, "derBitString", DERBitString.getInstance(DERTaggedObject.getInstance(aSN1Sequence.getObjectAt(3)).getObject()).getOctets());
            return GMSSLX509Utils.convertSM2PrivateKey(byteArray);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }
}
