package com.xdja.pki.ca.securitymanager.service.cache;

import com.xdja.pki.ca.certmanager.service.camanagecert.ICaManageCertService;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.common.Config;
import com.xdja.pki.ca.core.common.ConfigUtil;
import com.xdja.pki.ca.core.configBasic.bean.LdapConfigBean;
import com.xdja.pki.ca.core.configBasic.bean.OcspConfigBean;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.securitymanager.dao.CaCertDao;
import com.xdja.pki.ca.securitymanager.dao.CaDao;
import com.xdja.pki.ca.securitymanager.dao.model.CaCertDo;
import com.xdja.pki.ca.securitymanager.dao.model.CaDO;
import com.xdja.pki.ca.securitymanager.service.vo.AlgTypeEnum;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import java.io.File;
import java.io.FileReader;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.annotation.Resource;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMDecryptorProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.CommandLineRunner;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.core.env.Environment;

@Configuration
@Order(1)
/* loaded from: input_file:WEB-INF/lib/ca-service-securitymanager-impl-0.0.1-SNAPSHOT.jar:com/xdja/pki/ca/securitymanager/service/cache/InitCaInfo.class */
public class InitCaInfo implements CommandLineRunner {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Resource
    private CaDao caDao;

    @Resource
    private CaCertDao caCertDao;

    @Autowired
    private Environment environment;

    @Resource
    private ICaManageCertService iCaManageCertService;

    @Override // org.springframework.boot.CommandLineRunner
    public void run(String... strArr) throws Exception {
        Constants.CRYPT_DEVICE_TYPE = ConfigUtil.getCryptDeviceType(this.environment);
        this.logger.info("本系统采用的密码设备类型：" + (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_HSM.intValue() ? "HSM" : "BC"));
        Constants.IS_KM = ConfigUtil.getEncIsKm(this.environment);
        List<CaDO> caInfoList = this.caDao.getCaInfoList();
        if (null == caInfoList && caInfoList.size() == 0) {
            this.logger.info("CA未进行初始化基本配置，加载CA基本信息失败");
            return;
        }
        for (int i = 0; i < caInfoList.size(); i++) {
            CaInfoVO caInfoVO = new CaInfoVO();
            CaDO caDO = caInfoList.get(i);
            BeanUtils.copyProperties(caDO, caInfoVO);
            caInfoVO.setCaId(caDO.getId());
            this.logger.info("加载baseDN信息到系统，baseDN为：" + caDO.getBaseDn());
            Constants.BASE_ALG_TYPE = Integer.valueOf(caDO.getKeyAlg().intValue());
            CaCertDo cACertObject = this.caCertDao.getCACertObject(caInfoVO.getCaId());
            if (null != cACertObject) {
                BeanUtils.copyProperties(cACertObject, caInfoVO);
                caInfoVO.setCertId(cACertObject.getId());
                X509Certificate certFromStr = null == cACertObject ? null : CertUtil.getCertFromStr(cACertObject.getCert());
                if (null != certFromStr) {
                    caInfoVO.setRootPrivateKey(getRootPrivateKey("/home/xdja/conf/ca/private.key"));
                    caInfoVO.setRootCert(certFromStr);
                    caInfoVO.setSignAlg(cACertObject.getSignAlg());
                    this.logger.info("本系统的签名算法类型:" + caInfoVO.getSignAlg());
                    Config configInfo = ConfigUtil.getConfigInfo(this.environment);
                    caInfoVO.setCaPwdBean(configInfo.getCaPwdConfig());
                    LdapConfigBean ldapConfig = configInfo.getLdapConfig();
                    if (null != ldapConfig && StringUtils.isNotBlank(ldapConfig.getMasterURL()) && StringUtils.isNotBlank(ldapConfig.getSlaveURL())) {
                        caInfoVO.setLadp(true);
                        caInfoVO.setLdapConfig(ldapConfig);
                    } else {
                        caInfoVO.setLadp(false);
                    }
                    OcspConfigBean ocspConfig = configInfo.getOcspConfig();
                    if (null != ocspConfig && StringUtils.isNotBlank(ocspConfig.getNetworkURL()) && StringUtils.isNotBlank(ocspConfig.getInterURL())) {
                        caInfoVO.setOcspConfig(ocspConfig);
                        caInfoVO.setOcsp(true);
                    } else {
                        caInfoVO.setOcsp(false);
                    }
                    caInfoVO.setCrlConfig(configInfo.getCrlConfig());
                    if (AlgTypeEnum.RSA.value == Constants.BASE_ALG_TYPE.intValue()) {
                        caInfoVO.setCaRSAServerPwdBean(this.iCaManageCertService.getCaCurrServerCert());
                        caInfoVO.setCaServerPwdConfig(null);
                    } else {
                        caInfoVO.setCaServerPwdConfig(configInfo.getCaServerPwdConfig());
                    }
                    caInfoVO.setCertPolicy(ConfigUtil.getCertPolicy(this.environment));
                    caInfoVO.setKmConfigBean(configInfo.getKmConfigBean());
                }
            }
            Constants.CA_INFO.put(Integer.valueOf(caDO.getKeyAlg().intValue()), caInfoVO);
        }
    }

    public PrivateKey getRootPrivateKey(String str) {
        try {
            File file = new File(str);
            if (!file.exists()) {
                return null;
            }
            PEMParser pEMParser = new PEMParser(new FileReader(file));
            Object readObject = pEMParser.readObject();
            pEMParser.close();
            PEMDecryptorProvider build = new JcePEMDecryptorProviderBuilder().build((char[]) null);
            JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider("BC");
            return (readObject instanceof PEMEncryptedKeyPair ? provider.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(build)) : provider.getKeyPair((PEMKeyPair) readObject)).getPrivate();
        } catch (Exception e) {
            throw new ServiceException("读取公钥私服时异常：" + e.getMessage());
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
