package com.xdja.pki.ca.certmanager.service.kms;

import com.sansec.asn1.ASN1Integer;
import com.sansec.ca2kmc.bean.KMCKey;
import com.sansec.ca2kmc.ca.CA2KMC;
import com.xdja.pki.ca.certmanager.service.kms.bean.ResponseBean;
import com.xdja.pki.ca.certmanager.service.kms.ca.CaRequest;
import com.xdja.pki.ca.certmanager.service.kms.ca.CaRequestGenerator;
import com.xdja.pki.ca.certmanager.service.util.CaRequestAlgOid;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.CrlConstants;
import com.xdja.pki.ca.core.KmConstants;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.configBasic.bean.KmConfigBean;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.securitymanager.service.vo.AlgTypeEnum;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import java.io.File;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Map;
import java.util.Random;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Service;

@Service("kmsSansecService")
/* loaded from: input_file:WEB-INF/lib/ca-manager-kms-impl-0.0.1-SNAPSHOT.jar:com/xdja/pki/ca/certmanager/service/kms/KmsServiceImpl.class */
public class KmsServiceImpl implements KmsService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private Environment env;

    @Value("${config.path}")
    private String configPath;
    private CaRequestAlgOid caRequestAlgOid;

    @Override // com.xdja.pki.ca.certmanager.service.kms.KmsService
    public ResponseBean applyEncKey(CaInfoVO caInfoVO, BigInteger bigInteger, PublicKey publicKey, Date date, Date date2, String str, String str2, String str3, int i, String str4, String str5) {
        this.logger.debug("收到向密管系统申请公私钥对请求,encSn = " + bigInteger);
        int intValue = Integer.valueOf(String.valueOf(bigInteger.longValue() - CrlConstants.SN_BEGIN_VALUE1)).intValue();
        if (intValue < 0) {
            intValue = getRandomInt();
        }
        this.logger.info("applyEncKey>>>>>tastNo=" + intValue);
        this.caRequestAlgOid = buildCaRequestAlgOid();
        caInfoVO.setKmsoftKeyPair(getKeyPair());
        try {
            KmConfigBean kmConfigBean = caInfoVO.getKmConfigBean();
            String str6 = this.configPath + Constants.SWXA_COMM_CERT_DIRECTORY + Constants.SWXA_COMM_CERT;
            this.logger.debug("kmCommCertPath:" + str6);
            this.logger.debug("KmCommCertFile:" + new File(str6).exists());
            X509Certificate certFromB64File = CertUtil.getCertFromB64File(new File(str6));
            this.logger.debug("获取KM通信证书:" + certFromB64File.getSubjectDN().toString());
            CaRequest createApplyKeyRequest = createCaRequestGenerator(certFromB64File, caInfoVO, kmConfigBean).createApplyKeyRequest(intValue, bigInteger, publicKey, date, date2, str, null, null, i, this.caRequestAlgOid);
            FileOutputStream fileOutputStream = new FileOutputStream("/home/a.asn1");
            fileOutputStream.write(createApplyKeyRequest.getEncoded());
            fileOutputStream.close();
            ASN1Integer aSN1Integer = new ASN1Integer(intValue);
            String str7 = this.configPath + Constants.SWXA_COMM_CERT_DIRECTORY + Constants.SWXA_ROOT_CERT;
            String str8 = this.configPath + Constants.SWXA_SM2_INI;
            this.logger.debug("kmSM2Path:" + str8);
            this.logger.debug("kmCaCertPath:" + str7);
            CA2KMC ca2kmc = new CA2KMC(kmConfigBean.getIp(), kmConfigBean.getPort().intValue(), CertUtil.getCertFromB64File(new File(str7)), str8);
            System.currentTimeMillis();
            KMCKey applyKey = ca2kmc.applyKey(aSN1Integer, createApplyKeyRequest.getEncoded());
            this.logger.info("密管系统申请公私钥对成功，sn:" + applyKey.getUserCertNo() + ",priKey=" + applyKey.getcPriKey() + ",pubKey=" + applyKey.getUserCertNo() + "taskNo," + applyKey.getTaskNo());
            return new ResponseBean(applyKey.getcPubKey(), applyKey.getcPriKey());
        } catch (Exception e) {
            this.logger.debug("向密管系统申请公私钥对请求处理失败,encSn = " + bigInteger);
            throw new ServiceException("申请公私钥失败", e);
        }
    }

    private CaRequestAlgOid buildCaRequestAlgOid() {
        if (Constants.BASE_ALG_TYPE.intValue() == AlgTypeEnum.SM2.value) {
            return new CaRequestAlgOid(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1), new AlgorithmIdentifier(GMObjectIdentifiers.sm2sign_with_sm3), new AlgorithmIdentifier(GMObjectIdentifiers.sm2p256v1), new AlgorithmIdentifier(GMObjectIdentifiers.sm2p256v1), new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.156.10197.1.104")), new AlgorithmIdentifier(GMObjectIdentifiers.sm3));
        }
        if (Constants.BASE_ALG_TYPE.intValue() == AlgTypeEnum.RSA.value) {
            return new CaRequestAlgOid(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1), new AlgorithmIdentifier(GMObjectIdentifiers.sm2sign_with_sm3), new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption), new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption), new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.156.10197.1.104")), new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.1.1.5")));
        }
        return null;
    }

    @Override // com.xdja.pki.ca.certmanager.service.kms.KmsService
    public void revokeEncKey(CaInfoVO caInfoVO, BigInteger bigInteger) {
        this.logger.debug("收到向密管系统撤销密钥请求，encSn=" + bigInteger);
        int intValue = Integer.valueOf(String.valueOf(bigInteger.longValue() - CrlConstants.SN_BEGIN_VALUE1)).intValue();
        if (intValue < 0) {
            intValue = getRandomInt();
        }
        this.logger.info("applyEncKey>>>>>tastNo=" + intValue);
        this.caRequestAlgOid = buildCaRequestAlgOid();
        caInfoVO.setKmsoftKeyPair(getKeyPair());
        try {
            KmConfigBean kmConfigBean = caInfoVO.getKmConfigBean();
            String str = this.configPath + Constants.SWXA_COMM_CERT_DIRECTORY + Constants.SWXA_COMM_CERT;
            this.logger.debug("kmCommCertPath:" + str);
            this.logger.debug("KmCommCertFile:" + new File(str).exists());
            X509Certificate certFromB64File = CertUtil.getCertFromB64File(new File(str));
            this.logger.debug("获取KM通信证书:" + certFromB64File.getSubjectDN().toString());
            CaRequest createRevokeKeyRequest = createCaRequestGenerator(certFromB64File, caInfoVO, kmConfigBean).createRevokeKeyRequest(intValue, bigInteger, this.caRequestAlgOid);
            FileOutputStream fileOutputStream = new FileOutputStream("/home/a.asn1");
            fileOutputStream.write(createRevokeKeyRequest.getEncoded());
            fileOutputStream.close();
            ASN1Integer aSN1Integer = new ASN1Integer(intValue);
            String str2 = this.configPath + Constants.SWXA_COMM_CERT_DIRECTORY + Constants.SWXA_ROOT_CERT;
            String str3 = this.configPath + Constants.SWXA_SM2_INI;
            this.logger.debug("kmSM2Path:" + str3);
            this.logger.debug("kmCaCertPath:" + str2);
            KMCKey revokeKey = new CA2KMC(kmConfigBean.getIp(), kmConfigBean.getPort().intValue(), CertUtil.getCertFromB64File(new File(str2)), str3).revokeKey(aSN1Integer, createRevokeKeyRequest.getEncoded());
            this.logger.debug("向密管系统撤销密钥请求处理成功，encSn=" + revokeKey.getUserCertNo() + ",taskNo=" + revokeKey.getTaskNo());
        } catch (Exception e) {
            this.logger.debug("向密管系统撤销密钥处理失败");
            throw new ServiceException("撤销密钥失败", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.kms.KmsService
    public ResponseBean restoreEncKey(CaInfoVO caInfoVO, BigInteger bigInteger, PublicKey publicKey) {
        this.logger.debug("收到向密管系统恢复公私钥对请求,encSn = " + bigInteger);
        int intValue = Integer.valueOf(String.valueOf(bigInteger.longValue() - CrlConstants.SN_BEGIN_VALUE1)).intValue();
        if (intValue < 0) {
            intValue = getRandomInt();
        }
        this.logger.info("applyEncKey>>>>>tastNo=" + intValue);
        this.caRequestAlgOid = buildCaRequestAlgOid();
        caInfoVO.setKmsoftKeyPair(getKeyPair());
        try {
            KmConfigBean kmConfigBean = caInfoVO.getKmConfigBean();
            String str = this.configPath + Constants.SWXA_COMM_CERT_DIRECTORY + Constants.SWXA_COMM_CERT;
            this.logger.debug("kmCommCertPath:" + str);
            this.logger.debug("KmCommCertFile:" + new File(str).exists());
            X509Certificate certFromB64File = CertUtil.getCertFromB64File(new File(str));
            this.logger.debug("获取KM通信证书:" + certFromB64File.getSubjectDN().toString());
            CaRequest createRestoreKeyRequest = createCaRequestGenerator(certFromB64File, caInfoVO, kmConfigBean).createRestoreKeyRequest(intValue, bigInteger, publicKey, this.caRequestAlgOid);
            FileOutputStream fileOutputStream = new FileOutputStream("/home/a.asn1");
            fileOutputStream.write(createRestoreKeyRequest.getEncoded());
            fileOutputStream.close();
            ASN1Integer aSN1Integer = new ASN1Integer(intValue);
            String str2 = this.configPath + Constants.SWXA_COMM_CERT_DIRECTORY + Constants.SWXA_ROOT_CERT;
            String str3 = this.configPath + Constants.SWXA_SM2_INI;
            this.logger.debug("kmSM2Path:" + str3);
            this.logger.debug("kmCaCertPath:" + str2);
            KMCKey restoreKey = new CA2KMC(kmConfigBean.getIp(), kmConfigBean.getPort().intValue(), CertUtil.getCertFromB64File(new File(str2)), str3).restoreKey(aSN1Integer, createRestoreKeyRequest.getEncoded());
            this.logger.info("密管系统恢复公私钥对成功，priKey=" + restoreKey.getcPriKey());
            return new ResponseBean(restoreKey.getcPubKey(), restoreKey.getcPriKey());
        } catch (Exception e) {
            this.logger.debug("向密管系统恢复公私钥对请求处理失败,encSn = " + bigInteger);
            throw new ServiceException("恢复公私钥失败", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.kms.KmsService
    public ResponseBean testXdjaApplyEncKey(CaInfoVO caInfoVO, BigInteger bigInteger, PublicKey publicKey, Date date, Date date2, String str, String str2, String str3, int i, String str4, String str5) {
        return null;
    }

    @Override // com.xdja.pki.ca.certmanager.service.kms.KmsService
    public ResponseBean testApplyEncKey(Map<String, Object> map, BigInteger bigInteger, PublicKey publicKey, Date date, Date date2, String str, Object obj, Object obj2, int i, String str2, String str3) {
        return null;
    }

    private CaRequestGenerator createCaRequestGenerator(X509Certificate x509Certificate, CaInfoVO caInfoVO, KmConfigBean kmConfigBean) {
        return Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_BC.intValue() ? new CaRequestGenerator(x509Certificate, caInfoVO.getKmsoftKeyPair().getPrivate()) : new CaRequestGenerator(x509Certificate, kmConfigBean.getKeyIndex().intValue(), kmConfigBean.getPrivateKeyPin());
    }

    public int getRandomInt() {
        return (new Random().nextInt(20000) % ((20000 - 10) + 1)) + 10;
    }

    private KeyPair getKeyPair() {
        if (Constants.BASE_ALG_TYPE == Constants.CRYPT_DEVICE_BC) {
            return new KeyPair(CertUtil.getPublicKey(this.configPath + KmConstants.KM_APP_SIGN_PUBLICKEY_NAME), CertUtil.getPrivateKey(this.configPath + KmConstants.KM_APP_SIGN_PRIVATE_NAME));
        }
        return null;
    }
}
