package com.xdja.pki.ca.certmanager.web.userca;

import com.xdja.pki.auditlog.service.bean.AuditLogResultEnum;
import com.xdja.pki.auditlog.service.bean.ca.AuditLogOperatorTypeEnum;
import com.xdja.pki.auth.annotation.AuditSign;
import com.xdja.pki.auth.service.AuditLogService;
import com.xdja.pki.auth.service.bean.AuditSignBean;
import com.xdja.pki.ca.certmanager.service.userca.UserCaService;
import com.xdja.pki.ca.certmanager.service.userca.bean.UpdateUserCaCertReq;
import com.xdja.pki.ca.certmanager.service.userca.bean.UpdateUserCaP10Req;
import com.xdja.pki.ca.certmanager.service.userca.bean.UserCaCertReq;
import com.xdja.pki.ca.certmanager.service.userca.bean.UserSubCaP10Req;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.enums.KeyAlgEnum;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.securitymanager.dao.model.CaDO;
import com.xdja.pki.core.json.JsonUtils;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletResponse;
import javax.validation.Valid;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.validation.BindingResult;
import org.springframework.validation.FieldError;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.MultipartFile;

@RestController
/* loaded from: input_file:com/xdja/pki/ca/certmanager/web/userca/UserCaController.class */
public class UserCaController {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private UserCaService userCaService;

    @Autowired
    AuditLogService auditLogService;

    @RequestMapping(value = {"/v1/userca/list"}, method = {RequestMethod.GET})
    public Object queryUserCaList(@RequestParam(value = "userCaName", required = false) String str, @RequestParam(value = "subjectDn", required = false) String str2, @RequestParam("pageNo") Integer num, @RequestParam("pageSize") Integer num2, HttpServletResponse httpServletResponse) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("用户CA证书管理模块>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>分页查询用户CA证书列表");
        }
        if ((null == num && null == num2) || ((null != num && null == num2) || (null == num && null != num2))) {
            this.logger.error("分页查询 用户CA证书列表 时请求参数非法[{}, {}]", num, num2);
            return ErrorEnum.ILLEGAL_REQUEST_PARAMETER.resp(httpServletResponse);
        }
        try {
            Result queryUserCaList = this.userCaService.queryUserCaList(str, str2, num, num2);
            return !queryUserCaList.isSuccess() ? queryUserCaList.getError().resp(httpServletResponse) : queryUserCaList.getInfo();
        } catch (ServiceException e) {
            this.logger.error("分页查询用户CA证书列表失败", e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/userca/rootca"}, method = {RequestMethod.POST})
    @AuditSign
    public Object genRootUserCa(@Valid @RequestBody UserCaCertReq userCaCertReq, BindingResult bindingResult, AuditSignBean auditSignBean, HttpServletResponse httpServletResponse) {
        int i;
        this.logger.info("UserCaController.genRootUserCa>>>>>>userCaCertReq:" + JsonUtils.object2Json(userCaCertReq));
        if (bindingResult.hasErrors()) {
            if (this.logger.isWarnEnabled()) {
                StringBuilder sb = new StringBuilder();
                for (FieldError fieldError : bindingResult.getFieldErrors()) {
                    sb.append(fieldError.getField()).append("=").append(fieldError.getDefaultMessage()).append(",");
                }
                this.logger.info("创建根用户CA证书请求参数非法，原因：[{}]", sb.substring(0, sb.length() - 1));
            }
            return ErrorEnum.ILLEGAL_REQUEST_PARAMETER.resp(httpServletResponse);
        }
        if ((Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_XDJA_HSM.intValue() && (StringUtils.isBlank(userCaCertReq.getKeyPwd()) || null == userCaCertReq.getKeyIndex())) || (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_SWXA_HSM.intValue() && null == userCaCertReq.getKeyIndex())) {
            this.logger.debug("缺少必要的参数");
            return ErrorEnum.ILLEGAL_REQUEST_PARAMETER.resp(httpServletResponse);
        }
        try {
            Result genRootUserCa = this.userCaService.genRootUserCa(userCaCertReq);
            StringBuffer stringBuffer = new StringBuffer();
            if (genRootUserCa.isSuccess()) {
                i = AuditLogResultEnum.SUCCESS.id;
                stringBuffer.append("创建根用户CA证书成功 ").append(userCaCertReq.getSubjectDn());
            } else {
                i = AuditLogResultEnum.FAIL.id;
                stringBuffer.append("创建根用户CA证书失败 ").append(userCaCertReq.getSubjectDn());
            }
            this.logger.info(stringBuffer.toString());
            try {
                if (!this.auditLogService.saveAuditLog(AuditLogOperatorTypeEnum.CERT_SIGN.type, stringBuffer.toString(), i, auditSignBean.getSign())) {
                    this.logger.error("创建根用户CA证书审计日志失败");
                }
            } catch (Exception e) {
                this.logger.error("创建根用户CA证书审计日志失败", e);
            }
            return !genRootUserCa.isSuccess() ? genRootUserCa.getError().resp(httpServletResponse) : Result.success();
        } catch (Exception e2) {
            this.logger.error("创建根用户CA证书异常", e2);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/userca/rootca/{userCaCertId}"}, method = {RequestMethod.PUT})
    @AuditSign
    public Object updateRootUserCa(@PathVariable Long l, @RequestBody UpdateUserCaCertReq updateUserCaCertReq, BindingResult bindingResult, AuditSignBean auditSignBean, HttpServletResponse httpServletResponse) {
        int i;
        this.logger.info("用户CA证书管理模块>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>更新根证书");
        if (null == updateUserCaCertReq || bindingResult.hasErrors()) {
            this.logger.debug("更新用户根CA证书请求参数非法{}", bindingResult.getAllErrors().toString());
            return ErrorEnum.ILLEGAL_REQUEST_PARAMETER.resp(httpServletResponse);
        }
        try {
            Result updateRootUserCa = this.userCaService.updateRootUserCa(l, updateUserCaCertReq);
            StringBuffer stringBuffer = new StringBuffer();
            if (updateRootUserCa.isSuccess()) {
                i = AuditLogResultEnum.SUCCESS.id;
                stringBuffer.append("更新用户根CA证书成功 ").append(updateUserCaCertReq.getSubjectDn());
            } else {
                i = AuditLogResultEnum.FAIL.id;
                stringBuffer.append("更新用户根CA证书失败 ").append(updateUserCaCertReq.getSubjectDn());
            }
            this.logger.info(stringBuffer.toString());
            try {
                if (!this.auditLogService.saveAuditLog(AuditLogOperatorTypeEnum.CERT_UPDATE.type, stringBuffer.toString(), i, auditSignBean.getSign())) {
                    this.logger.error("更新用户根CA证书审计日志失败");
                }
            } catch (Exception e) {
                this.logger.error("更新用户根CA证书审计日志失败", e);
            }
            return !updateRootUserCa.isSuccess() ? updateRootUserCa.getError().resp(httpServletResponse) : Result.success();
        } catch (Exception e2) {
            this.logger.error("创建根用户CA证书异常", e2);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/userca/subca/p10"}, method = {RequestMethod.POST})
    @AuditSign
    public Object genSubUserCaP10(@Valid @RequestBody UserSubCaP10Req userSubCaP10Req, AuditSignBean auditSignBean, BindingResult bindingResult, HttpServletResponse httpServletResponse) {
        int i;
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("用户CA证书管理模块>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>生成子用户CA申请书");
        }
        if (null == userSubCaP10Req || bindingResult.hasErrors()) {
            this.logger.error("生成子用户CA证书请求参数非法{}", bindingResult.getAllErrors().toString());
            return ErrorEnum.ILLEGAL_REQUEST_PARAMETER.resp(httpServletResponse);
        }
        try {
            Result genSubUserCaP10 = this.userCaService.genSubUserCaP10(userSubCaP10Req);
            StringBuilder sb = new StringBuilder();
            if (genSubUserCaP10.isSuccess()) {
                i = AuditLogResultEnum.SUCCESS.id;
                sb.append("生成子用户CA申请书成功,主体DN").append(userSubCaP10Req.getSubjectDn()).append(",密钥算法=").append(userSubCaP10Req.getPublicKeyAlg());
            } else {
                i = AuditLogResultEnum.FAIL.id;
                sb.append("生成子用户CA申请书失败,主体DN").append(userSubCaP10Req.getSubjectDn()).append(",密钥算法=").append(userSubCaP10Req.getPublicKeyAlg());
            }
            this.logger.info(sb.toString());
            try {
                if (!this.auditLogService.saveAuditLog(AuditLogOperatorTypeEnum.P10_GENERATE.type, sb.toString(), i, auditSignBean.getSign())) {
                    this.logger.error("记录-生成子用户CA申请书失败-审计日志失败");
                }
            } catch (Exception e) {
                this.logger.error("记录-生成子用户CA申请书异常-审计日志失败", e);
            }
            return !genSubUserCaP10.isSuccess() ? genSubUserCaP10.getError().resp(httpServletResponse) : genSubUserCaP10.getInfo();
        } catch (Exception e2) {
            this.logger.error("生成子用户CA申请书", e2);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/userca/subca/{userCaCertId}"}, method = {RequestMethod.PUT})
    @AuditSign
    public Object updateSubUserCaGenP10(@PathVariable Long l, @RequestBody UpdateUserCaP10Req updateUserCaP10Req, AuditSignBean auditSignBean, HttpServletResponse httpServletResponse) {
        int i;
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("用户CA证书管理模块>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>更新子用户CA申请书");
        }
        if (null == updateUserCaP10Req || null == l || (null == updateUserCaP10Req.getKeyIndex() && StringUtils.isEmpty(updateUserCaP10Req.getKeyPwd()) && StringUtils.isEmpty(updateUserCaP10Req.getSubjectDn()))) {
            this.logger.error("更新子用户CA证书请求参数非法");
            return ErrorEnum.ILLEGAL_REQUEST_PARAMETER.resp(httpServletResponse);
        }
        try {
            Result updateSubUserCaGenP10 = this.userCaService.updateSubUserCaGenP10(l, updateUserCaP10Req);
            StringBuilder sb = new StringBuilder();
            if (updateSubUserCaGenP10.isSuccess()) {
                i = AuditLogResultEnum.SUCCESS.id;
                sb.append("更新子用户CA申请书成功,更新信息：").append(JsonUtils.object2Json(updateUserCaP10Req));
            } else {
                i = AuditLogResultEnum.FAIL.id;
                sb.append("更新子用户CA申请书失败,更新信息：").append(JsonUtils.object2Json(updateUserCaP10Req));
            }
            this.logger.info(sb.toString());
            try {
                if (!this.auditLogService.saveAuditLog(AuditLogOperatorTypeEnum.P10_GENERATE.type, sb.toString(), i, auditSignBean.getSign())) {
                    this.logger.error("记录-更新子用户CA申请书失败-审计日志失败");
                }
            } catch (Exception e) {
                this.logger.error("记录-更新子用户CA申请书异常-审计日志失败", e);
            }
            return !updateSubUserCaGenP10.isSuccess() ? updateSubUserCaGenP10.getError().resp(httpServletResponse) : updateSubUserCaGenP10.getInfo();
        } catch (Exception e2) {
            this.logger.error("更新子用户CA申请书", e2);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/userca/p10"}, method = {RequestMethod.GET})
    public Object downloadSubUserCaP10(@RequestParam("p10Name") String str, HttpServletResponse httpServletResponse) {
        try {
            Result downloadSubCaP10 = this.userCaService.downloadSubCaP10(str);
            if (!downloadSubCaP10.isSuccess()) {
                return downloadSubCaP10.getError().resp(httpServletResponse);
            }
            try {
                byte[] bArr = (byte[]) downloadSubCaP10.getInfo();
                httpServletResponse.setContentType("application/octet-stream");
                httpServletResponse.setCharacterEncoding("UTF-8");
                httpServletResponse.setHeader("Content-Disposition", "attachment; filename=CertReq_" + str + ".p10");
                ServletOutputStream outputStream = httpServletResponse.getOutputStream();
                IOUtils.write(bArr, outputStream);
                outputStream.flush();
                outputStream.close();
                return Result.success();
            } catch (Exception e) {
                this.logger.error("下载用户子CA的P10文件异常", e);
                return ErrorEnum.DOWNLOAD_USER_SUB_CA_P10_FILE_EXCEPTION.resp(httpServletResponse);
            }
        } catch (Exception e2) {
            this.logger.error("下载用户子CA的P10文件失败", e2);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/userca/subca/{userCaCertId}"}, method = {RequestMethod.POST})
    @AuditSign
    public Object uploadUserCaCert(@PathVariable Long l, @RequestParam("subCaFile") MultipartFile multipartFile, AuditSignBean auditSignBean, HttpServletResponse httpServletResponse) {
        int i;
        this.logger.info("UserCaController.uploadUserCaCert>>>>>>userCaCertId:{}", l);
        if (null == multipartFile || multipartFile.isEmpty()) {
            this.logger.debug("导入用户子CA证书链请求参数非法{}", multipartFile);
            return ErrorEnum.ILLEGAL_REQUEST_PARAMETER.resp(httpServletResponse);
        }
        try {
            Result uploadUserCaCert = this.userCaService.uploadUserCaCert(l, multipartFile.getBytes());
            StringBuilder sb = new StringBuilder();
            if (uploadUserCaCert.isSuccess()) {
                i = AuditLogResultEnum.SUCCESS.id;
                sb.append("导入用户子CA证书链成功,操作者IP=").append(auditSignBean.getIp() + ",证书SN=").append(auditSignBean.getSn()).append(",密钥算法=").append(auditSignBean.getKeyAlg());
            } else {
                i = AuditLogResultEnum.FAIL.id;
                sb.append("导入用户子CA证书链失败,操作者IP=").append(auditSignBean.getIp() + ",证书SN=").append(auditSignBean.getSn()).append(",密钥算法=").append(auditSignBean.getKeyAlg());
            }
            this.logger.info(sb.toString());
            try {
                if (!this.auditLogService.saveAuditLog(AuditLogOperatorTypeEnum.CERT_IMPORT.type, sb.toString(), i, auditSignBean.getSign())) {
                    this.logger.error("记录-导入用户子CA证书链-审计日志失败");
                }
            } catch (Exception e) {
                this.logger.error("记录-导入用户子CA证书链-审计日志失败", e);
            }
            return !uploadUserCaCert.isSuccess() ? uploadUserCaCert.getError().resp(httpServletResponse) : Boolean.valueOf(Result.success().isSuccess());
        } catch (Exception e2) {
            this.logger.error("导入用户子CA证书链失败", e2);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/userca/history/{userCaCertId}"}, method = {RequestMethod.GET})
    public Object getHistoryUserCaList(@PathVariable Long l, @RequestParam Integer num, @RequestParam Integer num2, HttpServletResponse httpServletResponse) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("用户CA证书管理模块>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>获取用户CA历史证书列表");
        }
        if ((null == num && null == num2) || ((null != num && null == num2) || ((null == num && null != num2) || null == l))) {
            this.logger.error("分页查询 用户CA历史证书列表 时请求参数非法[{}, {}, {}]", new Object[]{l, num, num2});
            return ErrorEnum.ILLEGAL_REQUEST_PARAMETER.resp(httpServletResponse);
        }
        try {
            Result historyUserCaList = this.userCaService.getHistoryUserCaList(l, num, num2);
            return !historyUserCaList.isSuccess() ? historyUserCaList.getError().resp(httpServletResponse) : historyUserCaList.getInfo();
        } catch (Exception e) {
            this.logger.error("获取用户CA历史证书列表", e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/userca/baseinfo/{userCaCertId}"}, method = {RequestMethod.GET})
    public Object getUserCaBaseInfo(@PathVariable Long l, HttpServletResponse httpServletResponse) {
        try {
            Result userCaBaseInfoByCaCertId = this.userCaService.getUserCaBaseInfoByCaCertId(l);
            return !userCaBaseInfoByCaCertId.isSuccess() ? userCaBaseInfoByCaCertId.getError().resp(httpServletResponse) : userCaBaseInfoByCaCertId.getInfo();
        } catch (ServiceException e) {
            this.logger.error("查询用户CA基本信息失败", e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/userca/info/{userCaCertId}"}, method = {RequestMethod.GET})
    public Object getUserCaCertInfo(@PathVariable Long l, HttpServletResponse httpServletResponse) {
        try {
            Result userCaCertInfo = this.userCaService.getUserCaCertInfo(l);
            return !userCaCertInfo.isSuccess() ? userCaCertInfo.getError().resp(httpServletResponse) : userCaCertInfo.getInfo();
        } catch (ServiceException e) {
            this.logger.error("查询用户CA证书详细信息失败", e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/userca/p7b/{userCaCertId}"}, method = {RequestMethod.GET})
    public Object getUserCaP7bInfo(@PathVariable Long l, HttpServletResponse httpServletResponse) {
        try {
            Result userCaP7bInfo = this.userCaService.getUserCaP7bInfo(l);
            return !userCaP7bInfo.isSuccess() ? userCaP7bInfo.getError().resp(httpServletResponse) : userCaP7bInfo.getInfo();
        } catch (ServiceException e) {
            this.logger.error("查询用户CA证书P7b信息失败", e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/userca/{userCaCertId}"}, method = {RequestMethod.GET})
    public Object downloadUserCaCert(@PathVariable Long l, HttpServletResponse httpServletResponse) {
        try {
            Result downloadUserCaCert = this.userCaService.downloadUserCaCert(l);
            if (!downloadUserCaCert.isSuccess()) {
                return downloadUserCaCert.getError().resp(httpServletResponse);
            }
            try {
                String str = (String) downloadUserCaCert.getInfo();
                httpServletResponse.setContentType("application/octet-stream");
                httpServletResponse.setCharacterEncoding("UTF-8");
                httpServletResponse.setHeader("Content-Disposition", "attachment; filename=UserCa_" + new String(downloadUserCaCert.getAuditContent().getBytes("gb2312"), "ISO8859-1") + ".p7b");
                ServletOutputStream outputStream = httpServletResponse.getOutputStream();
                IOUtils.write(str, outputStream);
                outputStream.flush();
                outputStream.close();
                return Result.success();
            } catch (Exception e) {
                this.logger.error("下载用户CA证书异常", e);
                return ErrorEnum.DOWNLOAD_USER_CA_CERT_EXCEPTION.resp(httpServletResponse);
            }
        } catch (Exception e2) {
            this.logger.error("下载用户CA证书链失败", e2);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/userca/{userCaCertId}"}, method = {RequestMethod.DELETE})
    public Object deleteUserCa(@PathVariable Long l, HttpServletResponse httpServletResponse) {
        try {
            Result deleteUserCa = this.userCaService.deleteUserCa(l);
            return !deleteUserCa.isSuccess() ? deleteUserCa.getError().resp(httpServletResponse) : Result.success();
        } catch (ServiceException e) {
            this.logger.error("删除未上传证书的子用户CA失败", e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/userca/baseinfo/list"}, method = {RequestMethod.GET})
    public Object queryUserCaBaseInfoList(@RequestParam(value = "caType", required = false) Integer num, @RequestParam(value = "keyAlg", required = false) Integer num2, HttpServletResponse httpServletResponse) {
        if (num != null && num.intValue() != CaDO.CaTypeEnum.ROOT_CA.getValue() && num.intValue() != CaDO.CaTypeEnum.SUB_CA.getValue()) {
            return ErrorEnum.ILLEGAL_REQUEST_PARAMETER;
        }
        if (num2 != null && num2.intValue() != KeyAlgEnum.RSA.getValue() && num2.intValue() != KeyAlgEnum.SM2.getValue() && num2.intValue() != KeyAlgEnum.NIST.getValue()) {
            return ErrorEnum.ILLEGAL_REQUEST_PARAMETER;
        }
        try {
            Result queryUserCaBaseInfoList = this.userCaService.queryUserCaBaseInfoList(num, num2);
            return !queryUserCaBaseInfoList.isSuccess() ? queryUserCaBaseInfoList.getError().resp(httpServletResponse) : queryUserCaBaseInfoList.getInfo();
        } catch (ServiceException e) {
            this.logger.error("查询用户CA基本信息列表失败", e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }
}
