package com.xdja.pki.ca.securitymanager.web;

import com.xdja.pki.ca.auth.annotation.AuditSign;
import com.xdja.pki.ca.auth.service.bean.AuditSignBean;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.common.ConfigUtil;
import com.xdja.pki.ca.core.common.ErrorBean;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.util.DnUtil;
import com.xdja.pki.ca.securityaudit.service.bean.AuditLogOperatorTypeEnum;
import com.xdja.pki.ca.securityaudit.service.bean.AuditLogResultEnum;
import com.xdja.pki.ca.securityaudit.service.log.AuditLogService;
import com.xdja.pki.ca.securitymanager.service.init.InitService;
import com.xdja.pki.ca.securitymanager.service.vo.AlgTypeEnum;
import com.xdja.pki.ca.securitymanager.service.vo.BasicConfigVO;
import com.xdja.pki.ca.securitymanager.service.vo.CaManagerCertVO;
import com.xdja.pki.ca.securitymanager.service.vo.CaManagerRoleEnum;
import com.xdja.pki.ca.securitymanager.service.vo.CertIssueInfoVO;
import com.xdja.pki.ca.securitymanager.service.vo.CreateP10VO;
import java.io.BufferedReader;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.URLEncoder;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpHeaders;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.MultipartFile;

@RestController
/* loaded from: input_file:WEB-INF/classes/com/xdja/pki/ca/securitymanager/web/InitSystemController.class */
public class InitSystemController {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private InitService initService;

    @Autowired
    private Environment environment;

    @Value("${config.path}")
    private String configPath;

    @Autowired
    private AuditLogService auditLogService;

    @RequestMapping(value = {"/v1/init/rootCa/Cert"}, method = {RequestMethod.POST})
    public Object issueSelfRootCert(@RequestBody CertIssueInfoVO certIssueInfoVO, HttpServletResponse httpServletResponse) {
        this.logger.debug("收到根CA证书签发请求[{}]", certIssueInfoVO);
        if (StringUtils.isBlank(certIssueInfoVO.getDn()) || null == certIssueInfoVO.getValidity() || (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_HSM.intValue() && (StringUtils.isBlank(certIssueInfoVO.getPrivateKeyPin()) || null == certIssueInfoVO.getKeyIndex()))) {
            this.logger.debug("缺少必要的参数");
            return ErrorEnum.ILLEGAL_REQUEST_PARAMETER.resp(httpServletResponse);
        }
        try {
            Result doIssueSelfRootCert = this.initService.doIssueSelfRootCert(certIssueInfoVO);
            this.logger.debug("根CA证书签发请求处理完成[{}]", doIssueSelfRootCert);
            return !doIssueSelfRootCert.isSuccess() ? doIssueSelfRootCert.getError().resp(httpServletResponse) : Result.success();
        } catch (Exception e) {
            this.logger.error("初始化过程中签发根CA证书失败", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/init/caserver/cert"}, method = {RequestMethod.POST})
    public Object issueCaServerCert(HttpServletResponse httpServletResponse, @RequestBody CertIssueInfoVO certIssueInfoVO) {
        this.logger.debug("收到CA服务器证书签发请求[{}]", certIssueInfoVO);
        if (StringUtils.isBlank(certIssueInfoVO.getDn()) || null == certIssueInfoVO.getValidity()) {
            return ErrorEnum.MISSING_REQUIRED_PARAMETERS.resp(httpServletResponse);
        }
        if (AlgTypeEnum.SM2.value == Constants.BASE_ALG_TYPE.intValue() && Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_HSM.intValue() && (null == certIssueInfoVO.getKeyIndex() || StringUtils.isBlank(certIssueInfoVO.getPrivateKeyPin()))) {
            return ErrorEnum.MISSING_REQUIRED_PARAMETERS.resp(httpServletResponse);
        }
        try {
            Result doIssueCaServerCert = this.initService.doIssueCaServerCert(certIssueInfoVO);
            this.logger.debug("CA服务器证书签发请求处理完成[{}]", doIssueCaServerCert);
            if (doIssueCaServerCert.isSuccess()) {
                return null;
            }
            return doIssueCaServerCert.getError().resp(httpServletResponse);
        } catch (Exception e) {
            this.logger.error("初始化过程中签发CA服务器证书失败", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/init/admin/cert"}, method = {RequestMethod.POST})
    public Object issueCaAdminCert(HttpServletResponse httpServletResponse, @RequestBody CaManagerCertVO caManagerCertVO) {
        this.logger.debug("初始化过程中收到签发管理员证书请求[{}]", caManagerCertVO);
        if (StringUtils.isBlank(caManagerCertVO.getDn()) || StringUtils.isBlank(caManagerCertVO.getSubjectPublicKeyInfo()) || StringUtils.isBlank(caManagerCertVO.getP10()) || null == caManagerCertVO.getValidity() || null == caManagerCertVO.getType()) {
            this.logger.debug("签发CA管理员证书出现空参数[{}]", caManagerCertVO);
            return ErrorEnum.MISSING_REQUIRED_PARAMETERS.resp(httpServletResponse);
        }
        if (StringUtils.isBlank(CaManagerRoleEnum.getCaManagerRoleNameById(caManagerCertVO.getType().intValue()))) {
            this.logger.debug("签发CA管理员角色错误type[{}]", caManagerCertVO.getType());
            return ErrorEnum.MANAGER_TYPE_ERROR.resp(httpServletResponse);
        }
        try {
            Result doIssueCaAdminCert = this.initService.doIssueCaAdminCert(caManagerCertVO, false);
            this.logger.debug("初始化过程中签发管理员证书请求处理结束，返回结果[{}]", doIssueCaAdminCert);
            return doIssueCaAdminCert.isSuccess() ? doIssueCaAdminCert.getInfo() : doIssueCaAdminCert.getError().resp(httpServletResponse);
        } catch (Exception e) {
            this.logger.error("签发CA管理员证书失败", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/init/admin/cert/unique/{type}"}, method = {RequestMethod.GET})
    public Object queryAdminIsUnique(HttpServletResponse httpServletResponse, @PathVariable Integer num) {
        this.logger.debug("收到查询管理员证书是否签发过请求[{}]", num);
        if (StringUtils.isBlank(CaManagerRoleEnum.getCaManagerRoleNameById(num.intValue()))) {
            this.logger.debug("CA管理员角色错误type[{}]", num);
            return ErrorEnum.MANAGER_TYPE_ERROR.resp(httpServletResponse);
        }
        try {
            Result queryAdminIsUnique = this.initService.queryAdminIsUnique(num);
            this.logger.debug("查询管理员证书是否签发过请求处理结束，返回结果[{}]", queryAdminIsUnique);
            return queryAdminIsUnique.isSuccess() ? queryAdminIsUnique.getInfo() : queryAdminIsUnique.getError().resp(httpServletResponse);
        } catch (Exception e) {
            this.logger.error("查询管理员证书是否签发过请求失败", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/init/admin/cert/count"}, method = {RequestMethod.GET})
    public Object queryAdminIssueCounts(HttpServletResponse httpServletResponse) {
        this.logger.debug("收到查询管理员证书签发数量请求[{}]");
        try {
            Result queryAdminIssueCounts = this.initService.queryAdminIssueCounts();
            this.logger.debug("查询管理员证书签发数量请求处理结束，返回结果[{}]", queryAdminIssueCounts);
            return queryAdminIssueCounts.isSuccess() ? queryAdminIssueCounts.getInfo() : queryAdminIssueCounts.getError().resp(httpServletResponse);
        } catch (Exception e) {
            this.logger.error("查询管理员证书是否签发过请求失败", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/init/baseConfig"}, method = {RequestMethod.POST})
    public Object InitBasicConfig(HttpServletResponse httpServletResponse, @RequestBody BasicConfigVO basicConfigVO) {
        this.logger.debug("收到初始化基本配置保存请求[{}]", basicConfigVO);
        if (StringUtils.isBlank(basicConfigVO.getBaseDn()) || null == basicConfigVO.getType() || null == basicConfigVO.getKeyAlg()) {
            this.logger.debug("初始化过程中，保存CA基本配置出现空参数:" + basicConfigVO);
            return ErrorEnum.MISSING_REQUIRED_PARAMETERS.resp(httpServletResponse);
        }
        if (basicConfigVO.getKeyAlg().intValue() != AlgTypeEnum.SM2.value && basicConfigVO.getKeyAlg().intValue() != AlgTypeEnum.RSA.value && basicConfigVO.getKeyAlg().intValue() != AlgTypeEnum.NISTP256.value) {
            this.logger.debug("初始化过程中，基本配置密钥算法错误，算法=" + basicConfigVO.getKeyAlg());
            return ErrorEnum.ILLEGAL_REQUEST_PARAMETER.resp(httpServletResponse);
        }
        if (!ConfigUtil.verifyCurInitStep(this.environment, 1)) {
            this.logger.debug("保存初始化基本配置失败，当前初始化步骤为：1");
            return ErrorEnum.INIT_STEP_ERROR.resp(httpServletResponse);
        }
        try {
            basicConfigVO.setBaseDn(DnUtil.getRFC4519X500Name(basicConfigVO.getBaseDn()).toString());
            try {
                Result saveBasicConfig = this.initService.saveBasicConfig(basicConfigVO);
                this.logger.debug("初始化基本配置保存请求处理完成[{}]", saveBasicConfig);
                return !saveBasicConfig.isSuccess() ? saveBasicConfig.getError().resp(httpServletResponse) : Result.success();
            } catch (Exception e) {
                this.logger.error("初始化过程中，保存CA基本配置失败", (Throwable) e);
                return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
            }
        } catch (Exception e2) {
            this.logger.debug("初始化CA证书失败：DN不符合X500规范[{}]", basicConfigVO.getBaseDn());
            return ErrorEnum.DN_FORMAT_FAIL.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/init/step/{step}"}, method = {RequestMethod.PUT})
    public Object reportInitStep(HttpServletResponse httpServletResponse, @PathVariable Integer num) {
        this.logger.debug("收到上报初始化步骤请求[{}]", num);
        try {
            Result reportInitStep = this.initService.reportInitStep(num);
            this.logger.debug("上报初始化步骤请求处理完成[{}]", num);
            return !reportInitStep.isSuccess() ? reportInitStep.getError().resp(httpServletResponse) : Result.success();
        } catch (Exception e) {
            this.logger.error("初始化过程中上报初始化步骤错误");
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/init/subCa/p10"}, method = {RequestMethod.POST})
    public Object createSubCaP10(HttpServletResponse httpServletResponse, @RequestBody CreateP10VO createP10VO) {
        this.logger.debug("收到初始化子CA时生成子CA证书申请书请求[{}]");
        if (StringUtils.isBlank(createP10VO.getDn()) || ((Constants.CRYPT_DEVICE_TYPE == Constants.CRYPT_DEVICE_HSM && (StringUtils.isBlank(createP10VO.getPrivateKeyPin()) || null == createP10VO.getKeyIndex())) || null == createP10VO.getAlgLength())) {
            this.logger.debug("生成子证书p10出现空参数：" + createP10VO);
            return ErrorEnum.MISSING_REQUIRED_PARAMETERS.resp(httpServletResponse);
        }
        createP10VO.setAlg(Constants.BASE_ALG_TYPE);
        try {
            if (!ConfigUtil.verifyCurInitStep(this.environment, 4)) {
                this.logger.debug("当前步骤错误，服务器当前初始化步骤为：" + ConfigUtil.getCurrInitStep(this.environment));
                return ErrorEnum.INIT_STEP_ERROR.resp(httpServletResponse);
            }
            Result createP10 = this.initService.createP10(createP10VO);
            this.logger.debug("初始化子CA时生成子CA证书申请书请求处理结束[{}]", createP10);
            return !createP10.isSuccess() ? createP10.getError().resp(httpServletResponse) : createP10.getInfo();
        } catch (Exception e) {
            this.logger.error("生成子证书p10出现异常", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/cert/p10/download/{p10Name}"}, method = {RequestMethod.GET})
    @AuditSign
    public Object downloadSubCaP10(HttpServletResponse httpServletResponse, @PathVariable String str, AuditSignBean auditSignBean) {
        this.logger.debug("收到p10下载请求，p10Name=[{}]", str);
        OutputStream outputStream = null;
        DataInputStream dataInputStream = null;
        try {
            try {
                String encode = URLEncoder.encode(str, "UTF-8");
                String str2 = this.configPath + Constants.P10_DIRECTORY + encode + ".p10";
                File file = new File(str2);
                if (!file.exists()) {
                    this.logger.debug("下载P10文件失败，p10文件不存在，p10文件路径为[{}]", str2);
                    AuditLog(auditSignBean, false);
                    ErrorBean resp = ErrorEnum.P10_NOT_EXIST.resp(httpServletResponse);
                    if (0 != 0) {
                        try {
                            outputStream.close();
                            dataInputStream.close();
                        } catch (IOException e) {
                            e.printStackTrace();
                        }
                    }
                    return resp;
                }
                httpServletResponse.reset();
                httpServletResponse.setHeader(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=" + encode + ".p10");
                httpServletResponse.setContentType("application/octet-stream;charset=UTF-8");
                DataInputStream dataInputStream2 = new DataInputStream(new FileInputStream(file));
                ServletOutputStream outputStream2 = httpServletResponse.getOutputStream();
                byte[] bArr = new byte[dataInputStream2.available()];
                while (true) {
                    int read = dataInputStream2.read(bArr);
                    if (read == -1) {
                        break;
                    }
                    outputStream2.write(bArr, 0, read);
                }
                this.logger.debug("p10下载请求处理成功，p10Name=[{}]", encode);
                AuditLog(auditSignBean, true);
                if (null != outputStream2) {
                    try {
                        outputStream2.close();
                        dataInputStream2.close();
                    } catch (IOException e2) {
                        e2.printStackTrace();
                    }
                }
                return null;
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        outputStream.close();
                        dataInputStream.close();
                    } catch (IOException e3) {
                        e3.printStackTrace();
                    }
                }
                throw th;
            }
        } catch (Exception e4) {
            this.logger.error("下载子证书p10出现异常", (Throwable) e4);
            AuditLog(auditSignBean, false);
            ErrorBean resp2 = ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
            if (0 != 0) {
                try {
                    outputStream.close();
                    dataInputStream.close();
                } catch (IOException e5) {
                    e5.printStackTrace();
                }
            }
            return resp2;
        }
    }

    public void AuditLog(AuditSignBean auditSignBean, boolean z) {
        StringBuilder sb = new StringBuilder();
        if (z) {
            sb.append("下载p10文件成功,操作者IP=").append(auditSignBean.getIp() + ",证书SN=").append(auditSignBean.getSn()).append(",密钥算法=").append(auditSignBean.getKeyAlg());
            int i = AuditLogResultEnum.SUCCESS.id;
        }
        sb.append("下载p10失败,操作者IP=").append(auditSignBean.getIp() + ",证书SN=").append(auditSignBean.getSn()).append(",密钥算法=").append(auditSignBean.getKeyAlg());
        int i2 = AuditLogResultEnum.FAIL.id;
        this.logger.info(sb.toString());
        try {
            if (!this.auditLogService.save(AuditLogOperatorTypeEnum.CERT_IMPORT.type, sb.toString(), i2, auditSignBean.getSign())) {
                this.logger.error("记录-下载p10-审计日志失败");
            }
        } catch (Exception e) {
            this.logger.error("记录-下载p10-审计日志失败", (Throwable) e);
        }
    }

    @RequestMapping(value = {"/v1/init/p10/download/{p10Name}"}, method = {RequestMethod.GET})
    public Object downloadInitSubCaP10(HttpServletResponse httpServletResponse, @PathVariable String str) {
        this.logger.debug("初始化过程中，收到p10下载请求，p10Name=[{}]", str);
        OutputStream outputStream = null;
        DataInputStream dataInputStream = null;
        try {
            try {
                String encode = URLEncoder.encode(str, "UTF-8");
                String str2 = this.configPath + Constants.P10_DIRECTORY + encode + ".p10";
                File file = new File(str2);
                if (!file.exists()) {
                    this.logger.debug("下载P10文件失败，p10文件不存在，p10文件路径为[{}]", str2);
                    ErrorBean resp = ErrorEnum.P10_NOT_EXIST.resp(httpServletResponse);
                    if (0 != 0) {
                        try {
                            outputStream.close();
                            dataInputStream.close();
                        } catch (IOException e) {
                            e.printStackTrace();
                        }
                    }
                    return resp;
                }
                httpServletResponse.reset();
                httpServletResponse.setHeader(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=" + encode + ".p10");
                httpServletResponse.setContentType("application/octet-stream;charset=UTF-8");
                DataInputStream dataInputStream2 = new DataInputStream(new FileInputStream(file));
                ServletOutputStream outputStream2 = httpServletResponse.getOutputStream();
                byte[] bArr = new byte[dataInputStream2.available()];
                while (true) {
                    int read = dataInputStream2.read(bArr);
                    if (read == -1) {
                        break;
                    }
                    outputStream2.write(bArr, 0, read);
                }
                this.logger.debug("p10下载请求处理成功，p10Name=[{}]", encode);
                if (null != outputStream2) {
                    try {
                        outputStream2.close();
                        dataInputStream2.close();
                    } catch (IOException e2) {
                        e2.printStackTrace();
                    }
                }
                return null;
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        outputStream.close();
                        dataInputStream.close();
                    } catch (IOException e3) {
                        e3.printStackTrace();
                    }
                }
                throw th;
            }
        } catch (Exception e4) {
            this.logger.error("下载子证书p10出现异常", (Throwable) e4);
            ErrorBean resp2 = ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
            if (0 != 0) {
                try {
                    outputStream.close();
                    dataInputStream.close();
                } catch (IOException e5) {
                    e5.printStackTrace();
                }
            }
            return resp2;
        }
    }

    @RequestMapping(value = {"/v1/init/subCa/certChain"}, method = {RequestMethod.POST})
    public Object importSubCaCert(HttpServletResponse httpServletResponse, @RequestParam("caCertChain") MultipartFile multipartFile) {
        this.logger.debug("初始化过程中，收到子CA证书链导入请求");
        if (null == multipartFile || 0 == multipartFile.getSize()) {
            this.logger.debug("证书链为空");
            return ErrorEnum.MISSING_REQUIRED_PARAMETERS.resp(httpServletResponse);
        }
        StringBuffer stringBuffer = new StringBuffer();
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(multipartFile.getInputStream()));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                stringBuffer.append(readLine);
            }
            Result importSubCaChain = this.initService.importSubCaChain(stringBuffer.toString());
            this.logger.debug("初始化过程中，子CA证书链导入请求处理结束,result=[{}]", importSubCaChain);
            return !importSubCaChain.isSuccess() ? importSubCaChain.getError().resp(httpServletResponse) : Result.success();
        } catch (Exception e) {
            this.logger.error("子CA证书链导入异常");
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/init/step"}, method = {RequestMethod.GET})
    public Object getInitStep(HttpServletResponse httpServletResponse) {
        this.logger.debug("收到获取初始化步骤请求");
        try {
            Result initStep = this.initService.getInitStep();
            this.logger.debug("获取初始化步骤请求处理结束[{}]", initStep);
            return !initStep.isSuccess() ? initStep.getError().resp(httpServletResponse) : initStep.getInfo();
        } catch (Exception e) {
            this.logger.error("获取初始化步骤异常", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/init/system/recover"}, method = {RequestMethod.DELETE})
    public Object systemRecover(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            this.logger.info("收到初始化过程中恢复出厂设置请求");
            Result doRecoverSystem = this.initService.doRecoverSystem();
            this.logger.info("初始化过程中恢复出厂设置请求处理完成[{}]", doRecoverSystem);
            return !doRecoverSystem.isSuccess() ? doRecoverSystem.getError().resp(httpServletResponse) : Result.success();
        } catch (Exception e) {
            this.logger.error("系统恢复出厂设置异常", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/init/server/restart"}, method = {RequestMethod.GET})
    public Object systemRest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.logger.debug("初始化过程中收到系统重启请求");
        try {
            Result reportInitStep = this.initService.reportInitStep(11);
            if (!reportInitStep.isSuccess()) {
                return reportInitStep.getError().resp(httpServletResponse);
            }
            Result resetSystem = this.initService.resetSystem();
            this.logger.debug("初始化过程中系统重启请求处理完成[{}]", resetSystem);
            return !resetSystem.isSuccess() ? resetSystem.getError().resp(httpServletResponse) : resetSystem.getInfo();
        } catch (Exception e) {
            this.logger.error("系统重启出现异常", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }
}
