package com.xdja.pki.ca.certmanager.service.task;

import com.xdja.pki.ca.certmanager.dao.CertDataDao;
import com.xdja.pki.ca.certmanager.dao.CrossCertDao;
import com.xdja.pki.ca.certmanager.dao.ManagerCertDataDao;
import com.xdja.pki.ca.certmanager.dao.OuterCrossCertDao;
import com.xdja.pki.ca.certmanager.dao.PublishCertSyncDao;
import com.xdja.pki.ca.certmanager.dao.SubCaCertDao;
import com.xdja.pki.ca.certmanager.service.util.LdapCASDKUtil;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.common.ConfigUtil;
import com.xdja.pki.ca.core.configBasic.bean.DirServerConfigBean;
import com.xdja.pki.ca.core.util.FileUtils;
import com.xdja.pki.ca.core.util.json.JsonUtils;
import com.xdja.pki.ca.securitymanager.dao.CaCertDao;
import com.xdja.pki.ca.securitymanager.dao.CaDao;
import com.xdja.pki.ca.securitymanager.dao.model.CaCertDo;
import com.xdja.pki.ca.securitymanager.dao.model.CaDO;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.ldap.sdk.ca.LDAPCASDK;
import com.xdja.pki.ldap.sdk.ca.LDAPResponse;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:WEB-INF/lib/ca-service-certmanager-impl-0.0.1-SNAPSHOT.jar:com/xdja/pki/ca/certmanager/service/task/CertPublishServiceImpl.class */
public class CertPublishServiceImpl implements ICertPublishService {
    private Logger logger = LoggerFactory.getLogger(getClass());
    public static final String DIGESTALGORITHMNAME = "SM3";
    public static final String PUBLISH_CERT_TYPE_CERT = "cert_id";
    public static final String PUBLISH_CERT_TYPE_MANAGECERT = "manage_cert_id";
    public static final String PUBLISH_CERT_TYPE_SUBCACERT = "sub_ca_id";
    public static final String PUBLISH_CERT_TYPE_CACERT = "ca_cert_id";
    public static final String PUBLISH_CERT_TYPE_CROSSCERT = "cross_cert_id";
    public static final String PUBLISH_CERT_TYPE_OUTERCROSSCERT = "outer_cross_cert_id";

    @Resource
    private PublishCertSyncDao publishCertSyncDao;

    @Resource
    private CertDataDao certDataDao;

    @Resource
    private ManagerCertDataDao managerCertDataDao;

    @Resource
    private CrossCertDao crossCertDao;

    @Resource
    private OuterCrossCertDao outerCrossCertDao;

    @Resource
    private SubCaCertDao subCaCertDao;

    @Resource
    private CaCertDao caCertDao;

    @Resource
    private CaDao caDao;

    @Autowired
    private LdapCASDKUtil ldapCASDKUtil;

    @Autowired
    private Environment env;

    @Value("${ldapsdk.response.overtime}")
    public int ldapsdkOutTime;

    @Override // com.xdja.pki.ca.certmanager.service.task.ICertPublishService
    public void publishCertSync() {
        if (!ConfigUtil.verifySystemInitIsOK(this.env)) {
            this.logger.debug("====CA暂无初始化！");
            return;
        }
        CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
        if (null == caInfoVO || !caInfoVO.isLadp()) {
            this.logger.debug("===CA系统未启用LDAP服务！");
            return;
        }
        Map<String, Object> queryPublishCertForList = this.publishCertSyncDao.queryPublishCertForList();
        if (queryPublishCertForList == null || queryPublishCertForList.isEmpty()) {
            return;
        }
        List<Long> publishCertIds = getPublishCertIds(queryPublishCertForList.get("certId"));
        List<Long> publishCertIds2 = getPublishCertIds(queryPublishCertForList.get("manageCertId"));
        List<Long> publishCertIds3 = getPublishCertIds(queryPublishCertForList.get("caCertId"));
        List<Long> publishCertIds4 = getPublishCertIds(queryPublishCertForList.get("crossCertId"));
        List<Long> publishCertIds5 = getPublishCertIds(queryPublishCertForList.get("outCrossCertId"));
        List<Long> publishCertIds6 = getPublishCertIds(queryPublishCertForList.get("subCaCertId"));
        if (CollectionUtils.isNotEmpty(publishCertIds3)) {
            ArrayList arrayList = new ArrayList();
            for (Long l : publishCertIds3) {
                CaCertDo caCert = this.caCertDao.getCaCert(l.longValue());
                X509Certificate certFromStr = null != caCert.getCert() ? CertUtil.getCertFromStr(caCert.getCert()) : null;
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(certFromStr);
                if (!sendCertificates(arrayList2, caCert, 1)) {
                    this.logger.info("发布CA证书错误 ========== ");
                    return;
                } else {
                    arrayList.add(l);
                    if (!arrayList.isEmpty()) {
                        this.publishCertSyncDao.deletePublishCertSyncByCertType(PUBLISH_CERT_TYPE_CACERT, arrayList);
                    }
                }
            }
        }
        if (CollectionUtils.isNotEmpty(publishCertIds)) {
            ArrayList arrayList3 = new ArrayList();
            ArrayList arrayList4 = new ArrayList();
            arrayList4.addAll(getCertificateFormMaps(this.certDataDao.getUserCertData(publishCertIds)));
            if (CollectionUtils.isNotEmpty(arrayList4)) {
                if (sendCertificates(arrayList4, null, 0)) {
                    arrayList3.addAll(publishCertIds);
                    if (!arrayList3.isEmpty()) {
                        this.publishCertSyncDao.deletePublishCertSyncByCertType(PUBLISH_CERT_TYPE_CERT, arrayList3);
                    }
                } else {
                    this.logger.info("========== 发布用户证书错误 ========== ");
                }
            }
        }
        if (CollectionUtils.isNotEmpty(publishCertIds2)) {
            ArrayList arrayList5 = new ArrayList();
            ArrayList arrayList6 = new ArrayList();
            arrayList6.addAll(getCertificateFormMaps(this.managerCertDataDao.getManageCertData(publishCertIds2)));
            if (CollectionUtils.isNotEmpty(arrayList6)) {
                if (sendCertificates(arrayList6, null, 0)) {
                    arrayList5.addAll(publishCertIds2);
                    if (!arrayList5.isEmpty()) {
                        this.publishCertSyncDao.deletePublishCertSyncByCertType(PUBLISH_CERT_TYPE_MANAGECERT, arrayList5);
                    }
                } else {
                    this.logger.info(" ========== 发布管理类证书错误 ========== ");
                }
            }
        }
        if (CollectionUtils.isNotEmpty(publishCertIds6)) {
            ArrayList arrayList7 = new ArrayList();
            ArrayList arrayList8 = new ArrayList();
            arrayList8.addAll(getCertificateFormMaps(this.subCaCertDao.getSubCaCertData(publishCertIds6)));
            if (CollectionUtils.isNotEmpty(arrayList8)) {
                if (sendCertificates(arrayList8, null, 0)) {
                    arrayList7.addAll(publishCertIds6);
                    if (!arrayList7.isEmpty()) {
                        this.publishCertSyncDao.deletePublishCertSyncByCertType(PUBLISH_CERT_TYPE_SUBCACERT, arrayList7);
                    }
                } else {
                    this.logger.info(" ========== 发布子CA证书错误 ========== ");
                }
            }
        }
        if (CollectionUtils.isNotEmpty(publishCertIds4)) {
            ArrayList arrayList9 = new ArrayList();
            List<X509Certificate> certificateFormMaps = getCertificateFormMaps(this.crossCertDao.getCrossCertData(publishCertIds4));
            if (CollectionUtils.isNotEmpty(certificateFormMaps)) {
                if (sendCertificates(certificateFormMaps, null, 3)) {
                    arrayList9.addAll(publishCertIds4);
                    if (!arrayList9.isEmpty()) {
                        this.publishCertSyncDao.deletePublishCertSyncByCertType(PUBLISH_CERT_TYPE_CROSSCERT, arrayList9);
                    }
                } else {
                    this.logger.info("发布交叉证书错误 ========== " + JsonUtils.object2Json(null));
                }
            }
        }
        if (CollectionUtils.isNotEmpty(publishCertIds5)) {
            ArrayList arrayList10 = new ArrayList();
            List<X509Certificate> certificateFormMaps2 = getCertificateFormMaps(this.outerCrossCertDao.getOuterCrossCertData(publishCertIds5));
            if (CollectionUtils.isNotEmpty(certificateFormMaps2)) {
                if (!sendCertificates(certificateFormMaps2, null, 2)) {
                    this.logger.info("发布外部导入交叉证书错误 ========== ");
                    return;
                }
                arrayList10.addAll(publishCertIds5);
                if (arrayList10.isEmpty()) {
                    return;
                }
                this.publishCertSyncDao.deletePublishCertSyncByCertType(PUBLISH_CERT_TYPE_OUTERCROSSCERT, arrayList10);
            }
        }
    }

    private boolean sendRootCACertificateToLDAP(X509Certificate x509Certificate, X509Certificate x509Certificate2, X509Certificate x509Certificate3, LDAPCASDK ldapcasdk, LDAPResponse lDAPResponse) {
        LDAPResponse updateRootCACertificateToLDAP = ldapcasdk.updateRootCACertificateToLDAP(x509Certificate, x509Certificate2, x509Certificate3);
        boolean isFlag = updateRootCACertificateToLDAP.isFlag();
        if (!isFlag) {
            this.logger.error("根证书更新LDAP发布失败，reason:[{}]", updateRootCACertificateToLDAP.getReason());
        }
        return isFlag;
    }

    private boolean sendRootCACertificateToOCSP(X509Certificate x509Certificate, X509Certificate x509Certificate2, X509Certificate x509Certificate3, LDAPCASDK ldapcasdk, LDAPResponse lDAPResponse) {
        LDAPResponse updateRootCACertificateToOCSP = ldapcasdk.updateRootCACertificateToOCSP(x509Certificate, x509Certificate2, x509Certificate3);
        boolean isFlag = updateRootCACertificateToOCSP.isFlag();
        if (!isFlag) {
            this.logger.error("根证书更新OCSP发布失败，reason:[{}]", updateRootCACertificateToOCSP.getReason());
        }
        return isFlag;
    }

    private boolean sendCertificates(List<X509Certificate> list, CaCertDo caCertDo, int i) {
        LDAPCASDK pkixIssueSDKInstance = this.ldapCASDKUtil.getPkixIssueSDKInstance();
        DirServerConfigBean dirServerConfigBean = ((CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE)).getDirServerConfigBean();
        if (!StringUtils.isAnyBlank(dirServerConfigBean.getSlaveURL(), dirServerConfigBean.getMasterURL())) {
            this.logger.info("====================系统将证书发布到LDAP服务器上==================== certType == " + i);
            if (1 == i) {
                CaDO caById = this.caDao.getCaById(caCertDo.getCaId().longValue());
                X509Certificate certFromStr = null != caCertDo.getCert() ? CertUtil.getCertFromStr(caCertDo.getCert()) : null;
                X509Certificate certFromStr2 = null != caCertDo.getOldWithNewCert() ? CertUtil.getCertFromStr(caCertDo.getOldWithNewCert()) : null;
                X509Certificate certFromStr3 = null != caCertDo.getNewWithOldCert() ? CertUtil.getCertFromStr(caCertDo.getNewWithOldCert()) : null;
                if (null != certFromStr2 && null != certFromStr3 && CaDO.CaTypeEnum.ROOT_CA.value == caById.getType().intValue()) {
                    this.logger.info("系统配置了LDAP服务，发布线程向LDA服务发布CA证书");
                    if (!pkixIssueSDKInstance.updateRootCACertificateToLDAP(certFromStr2, certFromStr3, certFromStr).isFlag()) {
                        this.logger.error("向LDAP发布更新CA证书错误 ========== " + JsonUtils.object2Json(null));
                        return false;
                    }
                }
            } else if (2 == i) {
                Iterator<X509Certificate> it = list.iterator();
                while (it.hasNext()) {
                    LDAPResponse sendCrossCertificateIssueToThisCA = pkixIssueSDKInstance.sendCrossCertificateIssueToThisCA(it.next());
                    if (!sendCrossCertificateIssueToThisCA.isFlag()) {
                        this.logger.error("外部交叉证书发布失败，reason:[{}]", sendCrossCertificateIssueToThisCA.getReason());
                        return false;
                    }
                }
            } else if (3 == i) {
                Iterator<X509Certificate> it2 = list.iterator();
                while (it2.hasNext()) {
                    LDAPResponse sendCrossCertificateIssueByThisCA = pkixIssueSDKInstance.sendCrossCertificateIssueByThisCA(it2.next());
                    if (!sendCrossCertificateIssueByThisCA.isFlag()) {
                        this.logger.error("交叉证书发布失败，reason:[{}]", sendCrossCertificateIssueByThisCA.getReason());
                        return false;
                    }
                }
            } else if (CollectionUtils.isNotEmpty(list)) {
                LDAPResponse sendCertificate = pkixIssueSDKInstance.sendCertificate(list);
                if (!sendCertificate.isFlag()) {
                    this.logger.error("LDAP方式发布证书失败，reason:[{}]", JsonUtils.object2Json(sendCertificate));
                    return false;
                }
            }
        }
        if (!StringUtils.isAnyBlank(dirServerConfigBean.getLocalURL(), dirServerConfigBean.getExtranetHttpURL())) {
            this.logger.info("====================系统将证书发布到HTTP服务器上====================");
            for (X509Certificate x509Certificate : list) {
                try {
                    FileUtils.saveFile(x509Certificate.getEncoded(), dirServerConfigBean.getLocalURL() + "/cert_" + x509Certificate.getSerialNumber() + ".cer");
                } catch (CertificateEncodingException e) {
                    this.logger.error("证书错误 ======== ", (Throwable) e);
                }
            }
        }
        return true;
    }

    private List<Long> getPublishCertIds(Object obj) {
        ArrayList arrayList = null;
        if (obj != null) {
            String[] split = ((String) obj).split(",");
            if (split.length > 0) {
                arrayList = new ArrayList();
                for (String str : split) {
                    arrayList.add(Long.valueOf(Long.parseLong(str)));
                }
            }
        }
        return arrayList;
    }

    private List<X509Certificate> getCertificateFormMaps(Map<Long, String> map) {
        ArrayList arrayList = null;
        if (map != null && !map.isEmpty()) {
            arrayList = new ArrayList();
            Iterator<Long> it = map.keySet().iterator();
            while (it.hasNext()) {
                arrayList.add(CertUtil.getCertFromStr(map.get(it.next())));
            }
        }
        return arrayList;
    }
}
