package com.xdja.pki.ca.certmanager.service.crltemplate;

import com.xdja.pki.ca.cache.CrlTempCache;
import com.xdja.pki.ca.certcrl.service.CrlService;
import com.xdja.pki.ca.certmanager.dao.CrlTemplateDao;
import com.xdja.pki.ca.certmanager.dao.TemplateDao;
import com.xdja.pki.ca.certmanager.dao.models.CrlTemplateDO;
import com.xdja.pki.ca.certmanager.dao.models.CrlTemplateExtensionDO;
import com.xdja.pki.ca.certmanager.dao.models.TemplateDO;
import com.xdja.pki.ca.certmanager.service.crltemplate.bean.CrlExtensionVO;
import com.xdja.pki.ca.certmanager.service.crltemplate.bean.CrlTemplateExtensionVO;
import com.xdja.pki.ca.certmanager.service.crltemplate.bean.CrlTemplateListVO;
import com.xdja.pki.ca.certmanager.service.crltemplate.bean.CrlTemplateQueryVO;
import com.xdja.pki.ca.certmanager.service.crltemplate.bean.CrlTemplateVO;
import com.xdja.pki.ca.certmanager.service.crltemplate.thread.CrlPublishThread;
import com.xdja.pki.ca.certmanager.service.crltemplate.thread.DrlPublishThread;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.CrlConstants;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.GeneralNameFinder;
import com.xdja.pki.ca.core.common.PageInfo;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.configBasic.bean.DirServerConfigBean;
import com.xdja.pki.ca.core.enums.CrlPublishEnum;
import com.xdja.pki.ca.core.enums.CrlTemplateStatusEnum;
import com.xdja.pki.ca.core.enums.SignAlgTypeEnum;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.core.util.CrlUtil;
import com.xdja.pki.ca.core.util.json.JsonUtils;
import com.xdja.pki.ca.core.util.time.DateTimeUtil;
import com.xdja.pki.ca.core.util.time.IssueTimeUtil;
import com.xdja.pki.ca.core.vo.CaInfoVO;
import com.xdja.pki.ca.core.vo.IssueCaBaseInfo;
import com.xdja.pki.ca.ldap.service.vo.LdapOcspUrlVO;
import com.xdja.pki.ca.securitymanager.dao.CaDao;
import com.xdja.pki.core.utils.DateUtils;
import com.xdja.pki.gmssl.asn1.x509.SubjectInformationAccess;
import com.xdja.pki.ldap.sdk.ca.LDAPUrlUtils;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.naming.InvalidNameException;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;

@Service
/* loaded from: input_file:WEB-INF/lib/ca-service-manager-impl-2.0.0-SNAPSHOT.jar:com/xdja/pki/ca/certmanager/service/crltemplate/CrlTemplateServiceImpl.class */
public class CrlTemplateServiceImpl implements CrlTemplateService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private CaDao caDao;

    @Autowired
    private CrlTemplateDao crlTemplateDao;

    @Autowired
    private CrlService crlService;

    @Autowired
    private TemplateDao templateDao;

    @Autowired
    private CrlTempCache crlTempCache;
    public static final String CRL_FORMAT = ".crl";
    public static final String CRL_NAME_HEAD = "crl";
    public static final String ARL_NAME_HEAD = "arl";
    public static final String DRL_NAME_HEAD = "drl";
    public static final String ISSUER_DRL_NAME_HEAD = "adrl";

    @Override // com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService
    public Result saveCrlTemplate(CrlTemplateExtensionVO crlTemplateExtensionVO) {
        StringBuffer stringBuffer = new StringBuffer("");
        String name = this.caDao.getCaById(crlTemplateExtensionVO.getCaId().longValue()).getName();
        try {
            if (this.crlTemplateDao.checkCrlTemplateNameExist(crlTemplateExtensionVO.getCrlTempName())) {
                this.logger.error("保存模板信息失败，原因：模板名称已存在 [name={}]", crlTemplateExtensionVO.getCrlTempName());
                stringBuffer.append("保存证书模板失败，原因：模板名称已存在，").append("模板名称=").append(crlTemplateExtensionVO.getCrlTempName()).append(",颁发者=").append(name);
                return Result.failure(ErrorEnum.CRL_TEMPLATE_NAME_EXISTD).setAuditContent(stringBuffer.toString());
            }
            Integer drlPeriod = crlTemplateExtensionVO.getCrlConfig().getDrlPeriod();
            Integer crlPeriod = crlTemplateExtensionVO.getCrlConfig().getCrlPeriod();
            if (drlPeriod != null && drlPeriod.intValue() > 0 && crlPeriod.intValue() < drlPeriod.intValue()) {
                this.logger.error("保存crl模板信息失败，原因：增量周期大于全量周期 [name={}]", crlTemplateExtensionVO.getCrlTempName());
                stringBuffer.append("保存crl模板失败，原因：增量周期大于全量周期，").append("模板名称=").append(crlTemplateExtensionVO.getCrlTempName()).append(",颁发者=").append(name);
                return Result.failure(ErrorEnum.CRL_TEMPLATE_DRLPEROID_ERROR).setAuditContent(stringBuffer.toString());
            }
            ArrayList arrayList = new ArrayList();
            if (!CollectionUtils.isEmpty(crlTemplateExtensionVO.getCrlExtension()) && !checkCrlExtension(crlTemplateExtensionVO.getCrlExtension(), arrayList)) {
                this.logger.error("保存crl模板信息失败，原因：模板类型与扩展项不匹配 [name={}]", crlTemplateExtensionVO.getCrlTempName());
                stringBuffer.append("保存crl模板失败，原因：模板类型与扩展项不匹配，").append("模板名称=").append(crlTemplateExtensionVO.getCrlTempName()).append(",颁发者=").append(name);
                return Result.failure(ErrorEnum.CRL_TEMPLATE_TYPE_AND_EXTENSION_MISMATCH).setAuditContent(stringBuffer.toString());
            }
            CrlTemplateDO crlTemplateDO = new CrlTemplateDO();
            BeanUtils.copyProperties(crlTemplateExtensionVO.getCrlConfig(), crlTemplateDO);
            crlTemplateDO.setCrlTempName(crlTemplateExtensionVO.getCrlTempName());
            crlTemplateDO.setCaId(crlTemplateExtensionVO.getCaId());
            crlTemplateDO.setCrlTempDesc(crlTemplateExtensionVO.getCrlTempDesc());
            crlTemplateDO.setCrlStatus(Integer.valueOf(CrlTemplateStatusEnum.NOT_RELATION.getValue()));
            crlTemplateDO.setGmtCreate(new Date());
            crlTemplateDO.setGmtModified(crlTemplateDO.getGmtCreate());
            CrlTemplateDO saveCrlTemplate = this.crlTemplateDao.saveCrlTemplate(crlTemplateDO);
            Map<String, Long> extensionIdByOID = this.crlTemplateDao.getExtensionIdByOID(arrayList);
            ArrayList arrayList2 = new ArrayList();
            if (!CollectionUtils.isEmpty(crlTemplateExtensionVO.getCrlExtension())) {
                crlTemplateExtensionVO.getCrlExtension().forEach(crlExtensionVO -> {
                    CrlTemplateExtensionDO crlTemplateExtensionDO = new CrlTemplateExtensionDO();
                    crlTemplateExtensionDO.setCrlExtenId((Long) extensionIdByOID.get(crlExtensionVO.getExtenOid()));
                    crlTemplateExtensionDO.setCrlTempId(crlTemplateDO.getId());
                    crlTemplateExtensionDO.setExtenValue(crlExtensionVO.getExtenValue());
                    crlTemplateExtensionDO.setIsCritical(crlExtensionVO.getIsCritical());
                    crlTemplateExtensionDO.setGmtCreate(crlTemplateDO.getGmtCreate());
                    arrayList2.add(crlTemplateExtensionDO);
                });
                this.crlTemplateDao.saveCrlTemplateExtensions(arrayList2);
            }
            this.crlTempCache.setCertCount(saveCrlTemplate.getId(), 0);
            stringBuffer.append("保存crl模板成功").append("，模板名称=").append(crlTemplateExtensionVO.getCrlTempName()).append(",颁发者=").append(name);
            this.logger.info(stringBuffer.toString());
            return Result.success(stringBuffer.toString());
        } catch (Exception e) {
            throw new ServiceException("保存crl模板信息失败", e);
        }
    }

    private boolean checkCrlExtension(List<CrlExtensionVO> list, List<String> list2) {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(Constants.CRL_TEMPLATE_EXTENSIONS);
        for (CrlExtensionVO crlExtensionVO : list) {
            if (!arrayList.contains(crlExtensionVO.getExtenOid())) {
                return false;
            }
            list2.add(crlExtensionVO.getExtenOid());
        }
        return true;
    }

    @Override // com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService
    public Result updateCrlTemplate(CrlTemplateExtensionVO crlTemplateExtensionVO) {
        StringBuffer stringBuffer = new StringBuffer("");
        String name = this.caDao.getCaById(crlTemplateExtensionVO.getCaId().longValue()).getName();
        try {
            Long id = crlTemplateExtensionVO.getCrlConfig().getId();
            StringBuilder sb = new StringBuilder();
            sb.append("模板ID=").append(id).append("，模板名称=").append(crlTemplateExtensionVO.getCrlTempName());
            CrlTemplateDO crlTemplateById = this.crlTemplateDao.getCrlTemplateById(id);
            if (crlTemplateById == null) {
                this.logger.error("更新crl模板信息失败，原因：模板不存在 [id={}]", id);
                stringBuffer.append("更新crl模板失败，原因：模板不存在，").append((CharSequence) sb);
                return Result.failure(ErrorEnum.CRL_TEMPLATE_NOT_EXIST).setAuditContent(stringBuffer.toString());
            }
            if (!crlTemplateById.getCrlTempName().equalsIgnoreCase(crlTemplateExtensionVO.getCrlTempName()) && this.crlTemplateDao.checkCrlTemplateNameExist(crlTemplateExtensionVO.getCrlTempName())) {
                this.logger.error("更新crl模板信息失败，原因：模板名称已存在 [name={}]", crlTemplateById.getCrlTempName());
                stringBuffer.append("保存crl模板失败，原因：模板名称已存在，").append("模板名称=").append(crlTemplateById.getCrlTempName()).append(",颁发者=").append(name);
                return Result.failure(ErrorEnum.CRL_TEMPLATE_NAME_EXISTD).setAuditContent(stringBuffer.toString());
            }
            Integer drlPeriod = crlTemplateExtensionVO.getCrlConfig().getDrlPeriod();
            Integer crlPeriod = crlTemplateExtensionVO.getCrlConfig().getCrlPeriod();
            if (drlPeriod != null && drlPeriod.intValue() > 0 && crlPeriod.intValue() < drlPeriod.intValue()) {
                this.logger.error("保存模板信息失败，原因：增量周期大于全量周期 [name={}]", crlTemplateById.getCrlTempName());
                stringBuffer.append("保存crl模板失败，原因：增量周期大于全量周期，").append("模板名称=").append(crlTemplateById.getCrlTempName()).append(",颁发者=").append(name);
                return Result.failure(ErrorEnum.CRL_TEMPLATE_DRLPEROID_ERROR).setAuditContent(stringBuffer.toString());
            }
            crlTemplateById.setDrlPeriod(drlPeriod);
            crlTemplateById.setCrlPeriod(crlPeriod);
            crlTemplateById.setCrlTempName(crlTemplateExtensionVO.getCrlTempName());
            crlTemplateById.setCaId(crlTemplateExtensionVO.getCaId());
            crlTemplateById.setCrlTempDesc(crlTemplateExtensionVO.getCrlTempDesc());
            crlTemplateById.setGmtModified(new Date());
            if (crlTemplateById.getCrlStatus().intValue() == CrlTemplateStatusEnum.NOT_RELATION.getValue()) {
                crlTemplateById.setIssuerDn(crlTemplateExtensionVO.getCrlConfig().getIssuerDn());
                crlTemplateById.setCrlMaxCertNumber(crlTemplateExtensionVO.getCrlConfig().getCrlMaxCertNumber());
                crlTemplateById.setCrlSignAlg(crlTemplateExtensionVO.getCrlConfig().getCrlSignAlg());
                crlTemplateById.setQueryType(crlTemplateExtensionVO.getCrlConfig().getQueryType());
                crlTemplateById.setQueryType(crlTemplateExtensionVO.getCrlConfig().getQueryType());
                ArrayList arrayList = new ArrayList();
                if (!CollectionUtils.isEmpty(crlTemplateExtensionVO.getCrlExtension()) && !checkCrlExtension(crlTemplateExtensionVO.getCrlExtension(), arrayList)) {
                    this.logger.error("更新crl模板信息失败，原因：模板类型与扩展项不匹配 [name={}]", crlTemplateById.getCrlTempName());
                    stringBuffer.append("更新crl模板失败，原因：模板类型与扩展项不匹配，").append("模板名称=").append(crlTemplateById.getCrlTempName()).append(",颁发者=").append(name);
                    return Result.failure(ErrorEnum.CRL_TEMPLATE_TYPE_AND_EXTENSION_MISMATCH).setAuditContent(stringBuffer.toString());
                }
                this.crlTemplateDao.deleteExtensionByCrlTempId(id);
                Map<String, Long> extensionIdByOID = this.crlTemplateDao.getExtensionIdByOID(arrayList);
                ArrayList arrayList2 = new ArrayList();
                if (!CollectionUtils.isEmpty(crlTemplateExtensionVO.getCrlExtension())) {
                    crlTemplateExtensionVO.getCrlExtension().forEach(crlExtensionVO -> {
                        CrlTemplateExtensionDO crlTemplateExtensionDO = new CrlTemplateExtensionDO();
                        crlTemplateExtensionDO.setCrlExtenId((Long) extensionIdByOID.get(crlExtensionVO.getExtenOid()));
                        crlTemplateExtensionDO.setCrlTempId(crlTemplateById.getId());
                        crlTemplateExtensionDO.setExtenValue(crlExtensionVO.getExtenValue());
                        crlTemplateExtensionDO.setIsCritical(crlExtensionVO.getIsCritical());
                        crlTemplateExtensionDO.setGmtCreate(crlTemplateById.getGmtCreate());
                        arrayList2.add(crlTemplateExtensionDO);
                    });
                    this.crlTemplateDao.saveCrlTemplateExtensions(arrayList2);
                }
                this.crlTemplateDao.update(crlTemplateById);
            } else {
                this.crlTemplateDao.update(crlTemplateById);
                doCrlPublish(id);
                doDrlPublish(id);
            }
            stringBuffer.append("更新crl模板成功").append("，模板id=").append(id).append("，模板名称=").append(crlTemplateExtensionVO.getCrlTempName()).append(",颁发者=").append(name);
            this.logger.info(stringBuffer.toString());
            return Result.success(stringBuffer.toString());
        } catch (Exception e) {
            throw new ServiceException("更新crl模板信息失败", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService
    public Result updateCrlTemplateStatus(Long l) {
        try {
            CrlTemplateDO crlTemplateById = this.crlTemplateDao.getCrlTemplateById(l);
            if (crlTemplateById == null) {
                this.logger.info("修改crl模板状态失败，原因：crl模板不存在 [id={}]", l);
                return Result.failure(ErrorEnum.CRL_TEMPLATE_NOT_EXIST);
            }
            synchronized ((l + "").intern()) {
                if (crlTemplateById.getCrlStatus().intValue() == CrlTemplateStatusEnum.RELATION.getValue()) {
                    this.logger.info("修改crl模板状态失败，原因：crl模板已被关联 [id={}]", l);
                    return Result.failure(ErrorEnum.CRL_TEMPLATE_RELATION_CANNOT_UPDATE_STATUS);
                }
                crlTemplateById.setGmtModified(new Date());
                crlTemplateById.setCrlStatus(Integer.valueOf(CrlTemplateStatusEnum.RELATION.getValue()));
                this.crlTemplateDao.update(crlTemplateById);
                doCrlPublish(l);
                doDrlPublish(l);
                return Result.success();
            }
        } catch (Exception e) {
            throw new ServiceException("更新crl模板状态失败", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService
    public Result deleteCrlTemplate(Long l) {
        try {
            StringBuilder sb = new StringBuilder();
            CrlTemplateDO crlTemplateById = this.crlTemplateDao.getCrlTemplateById(l);
            if (null == crlTemplateById) {
                this.logger.info("删除crl模板失败，原因：crl模板不存在 [id={}]", l);
                sb.append("删除crl模板失败，原因：crl模板不存在，模板id=").append(l);
                return Result.failure(ErrorEnum.CRL_TEMPLATE_NOT_EXIST).setAuditContent(sb.toString());
            }
            String name = this.caDao.getCaById(crlTemplateById.getCaId().longValue()).getName();
            if (crlTemplateById.getCrlStatus().intValue() == CrlTemplateStatusEnum.RELATION.getValue()) {
                this.logger.info("删除crl模板失败，原因：已关联的crl模板不能删除[id={}]", l);
                sb.append("删除crl模板失败，原因：已关联的crl模板不能删除").append("，模板id=").append(l).append("，模板名称=").append(crlTemplateById.getCrlTempName()).append(",颁发者=").append(name);
                return Result.failure(ErrorEnum.CRL_TEMPLATE_RELATION_CANNOT_DELETE).setAuditContent(sb.toString());
            }
            this.crlTemplateDao.deleteExtensionByCrlTempId(l);
            this.crlTemplateDao.deleteCrlTemplate(l);
            this.crlTempCache.delCertCount(l);
            sb.append("删除crl模板成功").append("，模板id=").append(l).append("，模板名称=").append(crlTemplateById.getCrlTempName()).append(",颁发者=").append(name);
            this.logger.info(sb.toString());
            return Result.success(sb.toString());
        } catch (Exception e) {
            throw new ServiceException("删除crl模板失败", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService
    public PageInfo queryCrlTemplates(CrlTemplateQueryVO crlTemplateQueryVO) {
        try {
            CrlTemplateDO crlTemplateDO = new CrlTemplateDO();
            BeanUtils.copyProperties(crlTemplateQueryVO, crlTemplateDO);
            PageInfo queryCrlTemplates = this.crlTemplateDao.queryCrlTemplates(crlTemplateDO, crlTemplateQueryVO.getPageNo(), crlTemplateQueryVO.getPageSize());
            if (!queryCrlTemplates.getDatas().isEmpty()) {
                ArrayList arrayList = new ArrayList();
                for (Object obj : queryCrlTemplates.getDatas()) {
                    CrlTemplateListVO crlTemplateListVO = new CrlTemplateListVO();
                    BeanUtils.copyProperties(obj, crlTemplateListVO);
                    String viewAlgName = SignAlgTypeEnum.getViewAlgName(Integer.parseInt(crlTemplateListVO.getCrlSignAlg()));
                    if (viewAlgName.equals(SignAlgTypeEnum.SHA1_WITH_RSA.getAlgName())) {
                        viewAlgName = SignAlgTypeEnum.SHA1_WITH_RSA.getViewAlgName();
                    }
                    crlTemplateListVO.setCrlSignAlgName(viewAlgName);
                    crlTemplateListVO.setUserCA(this.caDao.getCaById(crlTemplateListVO.getCaId().longValue()).getName());
                    if (crlTemplateListVO.getGmtCreate() != null) {
                        crlTemplateListVO.setGmtCreateStr(DateUtils.longToStr(crlTemplateListVO.getGmtCreate().getTime(), ""));
                    }
                    if (crlTemplateListVO.getGmtModified() != null) {
                        crlTemplateListVO.setGmtModifiedStr(DateUtils.longToStr(crlTemplateListVO.getGmtModified().getTime(), ""));
                    }
                    arrayList.add(crlTemplateListVO);
                }
                queryCrlTemplates.setDatas(arrayList);
            }
            return queryCrlTemplates;
        } catch (Exception e) {
            this.logger.error("分页crl查询模板列表失败", (Throwable) e);
            throw new ServiceException("分页crl查询模板列表失败", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService
    public Result getCrlTemplateById(Long l) {
        CrlTemplateExtensionVO crlTemplateExtensionVO = new CrlTemplateExtensionVO();
        CrlTemplateVO crlTemplateVO = new CrlTemplateVO();
        try {
            CrlTemplateDO crlTemplateById = this.crlTemplateDao.getCrlTemplateById(l);
            if (crlTemplateById == null) {
                this.logger.info("删除crl证书模板失败，原因：crl模板不存在 [id={}]", l);
                return Result.failure(ErrorEnum.CRL_TEMPLATE_NOT_EXIST);
            }
            BeanUtils.copyProperties(crlTemplateById, crlTemplateVO);
            String viewAlgName = SignAlgTypeEnum.getViewAlgName(Integer.parseInt(crlTemplateVO.getCrlSignAlg()));
            if (viewAlgName.equals(SignAlgTypeEnum.SHA1_WITH_RSA.getAlgName())) {
                viewAlgName = SignAlgTypeEnum.SHA1_WITH_RSA.getViewAlgName();
            }
            crlTemplateVO.setCrlSignAlgName(viewAlgName);
            crlTemplateVO.setUserCA(this.caDao.getCaById(crlTemplateById.getCaId().longValue()).getName());
            crlTemplateExtensionVO.setCrlTempName(crlTemplateById.getCrlTempName());
            crlTemplateExtensionVO.setCrlTempDesc(crlTemplateById.getCrlTempDesc());
            crlTemplateExtensionVO.setCrlConfig(crlTemplateVO);
            List<CrlTemplateExtensionDO> queryTemplateExtensionByCrlTemplateId = this.crlTemplateDao.queryTemplateExtensionByCrlTemplateId(l);
            if (!CollectionUtils.isEmpty(queryTemplateExtensionByCrlTemplateId)) {
                ArrayList arrayList = new ArrayList();
                queryTemplateExtensionByCrlTemplateId.forEach(crlTemplateExtensionDO -> {
                    arrayList.add(crlTemplateExtensionDO.getCrlExtenId());
                });
                Map<Long, String> extensionOIDByID = this.crlTemplateDao.getExtensionOIDByID(arrayList);
                ArrayList arrayList2 = new ArrayList();
                queryTemplateExtensionByCrlTemplateId.forEach(crlTemplateExtensionDO2 -> {
                    arrayList2.add(new CrlExtensionVO((String) extensionOIDByID.get(crlTemplateExtensionDO2.getCrlExtenId()), crlTemplateExtensionDO2.getExtenValue(), crlTemplateExtensionDO2.getIsCritical()));
                });
                crlTemplateExtensionVO.setCrlExtension(arrayList2);
            }
            return Result.success(crlTemplateExtensionVO);
        } catch (Exception e) {
            throw new ServiceException("根据crl模板id获取模板信息失败", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService
    public Result increaseCertCount(Long l) {
        try {
            this.crlTempCache.increaseCertCount(l);
            return Result.success();
        } catch (Exception e) {
            throw new ServiceException("更新crl模板关联证书数量+1失败", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService
    public Integer getCertCountByCache(Long l) {
        try {
            return this.crlTempCache.getCertCount(l);
        } catch (Exception e) {
            throw new ServiceException("获取crl模板关联证书数量失败", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService
    public Integer getCrlTemplateStatus(Long l) {
        try {
            if (this.crlTemplateDao.getCrlTemplateById(l) == null) {
                throw new ServiceException("crl模板不存在 [id={" + l + "}]");
            }
            return this.crlTemplateDao.getCrlTemplateStatus(l);
        } catch (Exception e) {
            throw new ServiceException("根据crl模板id获取模板状态失败", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService
    public Integer getCrlTemplateCertCount(Long l) {
        try {
            if (this.crlTemplateDao.getCrlTemplateById(l) == null) {
                throw new ServiceException("crl模板不存在 [id={" + l + "}]");
            }
            return this.crlTemplateDao.getCrlTemplateCertCount(l);
        } catch (Exception e) {
            throw new ServiceException("根据crl模板id获取模板状态失败", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService
    public LdapOcspUrlVO getDirAndOcspUrl(BigInteger bigInteger, String str, CaInfoVO caInfoVO, IssueCaBaseInfo issueCaBaseInfo, int i, Long l, Long l2, Boolean bool) throws Exception {
        int intValue;
        LdapOcspUrlVO ldapOcspUrlVO = new LdapOcspUrlVO();
        int i2 = 0;
        if (l != null) {
            TemplateDO templateById = this.templateDao.getTemplateById(l);
            i2 = (null == templateById.getIssueCertType() ? caInfoVO.getCaCertPublishType() : templateById.getIssueCertType()).intValue();
        }
        if (null == issueCaBaseInfo) {
            issueCaBaseInfo = new IssueCaBaseInfo();
            if (null == caInfoVO.getCaCert()) {
                issueCaBaseInfo.setCaCertPublishType(i2);
            } else if (null != caInfoVO.getCaCert()) {
                issueCaBaseInfo.setCaCertPublishType(i2);
                issueCaBaseInfo.setCert(caInfoVO.getCaCert());
            }
        }
        if (null != issueCaBaseInfo.getCert()) {
            ldapOcspUrlVO.setCaCert(issueCaBaseInfo.getCert());
        }
        if (null != caInfoVO.getOcspConfig() && StringUtils.isNotBlank(caInfoVO.getOcspConfig().getNetworkURL())) {
            ldapOcspUrlVO.setOcspUrl(caInfoVO.getOcspConfig().getNetworkURL());
        }
        getCaCertDownloadUrl(bigInteger, caInfoVO, issueCaBaseInfo, str, i, ldapOcspUrlVO);
        if (null != caInfoVO.getDirServerConfigBean()) {
            if (l2 != null && l2.longValue() != -1) {
                CrlTemplateDO crlTemplateById = this.crlTemplateDao.getCrlTemplateById(l2);
                if (l2.longValue() == 0) {
                    int computeSnFragmentantation = CrlUtil.computeSnFragmentantation(bigInteger, crlTemplateById.getCrlMaxCertNumber());
                    intValue = (bool == null || !bool.booleanValue()) ? (CrlConstants.COMMON_CRL_TEMPLATE_ID.intValue() * CrlConstants.TRANSLATION_17.intValue()) + computeSnFragmentantation : (l.intValue() * CrlConstants.TRANSLATION_17.intValue()) + computeSnFragmentantation;
                } else {
                    intValue = getCertCountByCache(l2).intValue() / crlTemplateById.getCrlMaxCertNumber().intValue();
                }
                String crl = getCrl(caInfoVO, issueCaBaseInfo.getSubject(), l2, intValue, i, crlTemplateById.getQueryType().intValue());
                if (StringUtils.isNotBlank(crl)) {
                    ldapOcspUrlVO.setCrlUrl(crl);
                }
                if (crlTemplateById.getDrlPeriod() != null) {
                    String drl = getDrl(caInfoVO, issueCaBaseInfo.getSubject(), l2, intValue, i, crlTemplateById.getQueryType().intValue());
                    if (StringUtils.isNotBlank(drl)) {
                        ldapOcspUrlVO.setDrlUrl(drl);
                    }
                }
            }
            if (i == 5 || i == 2 || i == 3) {
                ldapOcspUrlVO.setCertUrl(getCertDownloadUrl(bigInteger, caInfoVO, str, i, Integer.valueOf(i2)));
            } else if (i == 1) {
                ldapOcspUrlVO.setCertUrl(getCertDownloadUrl(bigInteger, caInfoVO, str, i, Integer.valueOf(i2)));
            }
        }
        this.logger.info("CrlTemplateServiceImpl.getDirAndOcspUrl===============ldapOcspUrlVO===============" + ldapOcspUrlVO.toString());
        return ldapOcspUrlVO;
    }

    @Override // com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService
    public String getCrl(CaInfoVO caInfoVO, String str, Long l, int i, int i2, int i3) throws InvalidNameException {
        DirServerConfigBean dirServerConfigBean = caInfoVO.getDirServerConfigBean();
        if (dirServerConfigBean == null) {
            return null;
        }
        if (i2 == 2 || i2 == 3) {
            if (i3 == 1) {
                String slaveURL = dirServerConfigBean.getSlaveURL();
                if (StringUtils.isNotBlank(slaveURL)) {
                    return LDAPUrlUtils.genCertArlLdapUri(slaveURL, str, l.intValue(), i, caInfoVO.getBaseDn());
                }
                return null;
            }
            if (i3 != 2) {
                return null;
            }
            String extranetHttpURL = dirServerConfigBean.getExtranetHttpURL();
            if (StringUtils.isNotBlank(extranetHttpURL)) {
                return "http://" + extranetHttpURL + "/" + (l.longValue() == 0 ? "" : l) + "arl" + i + ".crl";
            }
            return null;
        }
        if (i3 == 1) {
            String slaveURL2 = dirServerConfigBean.getSlaveURL();
            if (StringUtils.isNotBlank(slaveURL2)) {
                return LDAPUrlUtils.genCertCrlLdapUri(slaveURL2, str, l.intValue(), i, caInfoVO.getBaseDn());
            }
            return null;
        }
        if (i3 != 2) {
            return null;
        }
        String extranetHttpURL2 = dirServerConfigBean.getExtranetHttpURL();
        if (StringUtils.isNotBlank(extranetHttpURL2)) {
            return "http://" + extranetHttpURL2 + "/" + (l.longValue() == 0 ? "" : l) + "crl" + i + ".crl";
        }
        return null;
    }

    @Override // com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService
    public String getDrl(CaInfoVO caInfoVO, String str, Long l, int i, int i2, int i3) throws InvalidNameException {
        DirServerConfigBean dirServerConfigBean = caInfoVO.getDirServerConfigBean();
        if (dirServerConfigBean == null) {
            return null;
        }
        if (i2 == 2) {
            if (i3 == 1) {
                String slaveURL = dirServerConfigBean.getSlaveURL();
                if (StringUtils.isNotBlank(slaveURL)) {
                    return LDAPUrlUtils.genCertArlDrlLdapUri(slaveURL, str, l.intValue(), i, caInfoVO.getBaseDn());
                }
                return null;
            }
            if (i3 != 2) {
                return null;
            }
            String extranetHttpURL = dirServerConfigBean.getExtranetHttpURL();
            if (StringUtils.isNotBlank(extranetHttpURL)) {
                return "http://" + extranetHttpURL + "/" + (l.longValue() == 0 ? "" : l) + "adrl" + i + ".crl";
            }
            return null;
        }
        if (i3 == 1) {
            String slaveURL2 = dirServerConfigBean.getSlaveURL();
            if (StringUtils.isNotBlank(slaveURL2)) {
                return LDAPUrlUtils.genCertCrlDrlLdapUri(slaveURL2, str, l.intValue(), i, caInfoVO.getBaseDn());
            }
            return null;
        }
        if (i3 != 2) {
            return null;
        }
        String extranetHttpURL2 = dirServerConfigBean.getExtranetHttpURL();
        if (StringUtils.isNotBlank(extranetHttpURL2)) {
            return "http://" + extranetHttpURL2 + "/" + (l.longValue() == 0 ? "" : l) + "drl" + i + ".crl";
        }
        return null;
    }

    private String getCertDownloadUrl(BigInteger bigInteger, CaInfoVO caInfoVO, String str, int i, Integer num) {
        DirServerConfigBean dirServerConfigBean = caInfoVO.getDirServerConfigBean();
        this.logger.info("===================dirServerConfigBean===============" + JsonUtils.object2Json(dirServerConfigBean) + "   " + num);
        if (1 == num.intValue() && null != dirServerConfigBean && StringUtils.isNotBlank(dirServerConfigBean.getSlaveURL())) {
            return (i == 1 || i == 2 || i == 3) ? LDAPUrlUtils.genCACertSubjectLdapUri(dirServerConfigBean.getSlaveURL(), str, caInfoVO.getBaseDn()) : LDAPUrlUtils.genUserCertSubjectLdapUri(dirServerConfigBean.getSlaveURL(), str, caInfoVO.getBaseDn());
        }
        if (2 != num.intValue() || null == dirServerConfigBean || !StringUtils.isNotBlank(dirServerConfigBean.getExtranetHttpURL())) {
            return null;
        }
        String extranetHttpURL = dirServerConfigBean.getExtranetHttpURL();
        if (StringUtils.isNotBlank(extranetHttpURL)) {
            return "http://" + extranetHttpURL + "/" + str + "_" + bigInteger.toString(16) + ".cer";
        }
        return null;
    }

    private void getCaCertDownloadUrl(BigInteger bigInteger, CaInfoVO caInfoVO, IssueCaBaseInfo issueCaBaseInfo, String str, int i, LdapOcspUrlVO ldapOcspUrlVO) throws Exception {
        if (null != issueCaBaseInfo.getCert()) {
            List<Map<String, Object>> subjectInformationAccess = getSubjectInformationAccess(issueCaBaseInfo.getCert());
            if (CollectionUtils.isEmpty(subjectInformationAccess)) {
                return;
            }
            for (Map<String, Object> map : subjectInformationAccess) {
                String str2 = (String) map.get("Access Method");
                if (str2.equalsIgnoreCase(AccessDescription.id_ad_ocsp.getId())) {
                    ldapOcspUrlVO.setCaOcspUrl((String) map.get("Access Location"));
                } else if (str2.equalsIgnoreCase(SubjectInformationAccess.id_ad_caRepository.getId())) {
                    ldapOcspUrlVO.setCaCertUrl((String) map.get("Access Location"));
                }
            }
            return;
        }
        DirServerConfigBean dirServerConfigBean = caInfoVO.getDirServerConfigBean();
        if (1 == issueCaBaseInfo.getCaCertPublishType() && null != dirServerConfigBean && StringUtils.isNotBlank(dirServerConfigBean.getSlaveURL())) {
            if (i == 1) {
                ldapOcspUrlVO.setCaCertUrl(LDAPUrlUtils.genCACertSubjectLdapUri(dirServerConfigBean.getSlaveURL(), str, caInfoVO.getBaseDn()));
            }
        } else if (2 == issueCaBaseInfo.getCaCertPublishType() && null != dirServerConfigBean && StringUtils.isNotBlank(dirServerConfigBean.getExtranetHttpURL())) {
            ldapOcspUrlVO.setCaCertUrl("http://" + dirServerConfigBean.getExtranetHttpURL() + "/" + str + "_" + bigInteger.toString(16) + ".cer");
        }
    }

    private List<Map<String, Object>> getSubjectInformationAccess(X509Certificate x509Certificate) throws Exception {
        AccessDescription[] accessDescriptions;
        SubjectInformationAccess fromExtensions = SubjectInformationAccess.fromExtensions(new JcaX509CertificateHolder(x509Certificate).getExtensions());
        if (null == fromExtensions || null == (accessDescriptions = fromExtensions.getAccessDescriptions()) || accessDescriptions.length <= 0) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (AccessDescription accessDescription : accessDescriptions) {
            HashMap hashMap = new HashMap();
            hashMap.put("Access Method", accessDescription.getAccessMethod().toString());
            GeneralName accessLocation = accessDescription.getAccessLocation();
            hashMap.put("Access Location", GeneralNameFinder.getGeneralName(accessLocation.getTagNo()) + "=" + new String(accessLocation.getName().getOctets(), "UTF-8"));
            arrayList.add(hashMap);
        }
        return arrayList;
    }

    @Override // com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService
    public void doDrlPublish(Long l) {
        this.logger.info("为crl模板[{}]启动drl线程", l);
        try {
            Result crlTemplateById = getCrlTemplateById(l);
            Long valueOf = Long.valueOf(System.currentTimeMillis());
            String str = "drl" + l;
            if (null == crlTemplateById) {
                this.logger.error("获取crl模板详情失败,返回结果为空");
            } else if (crlTemplateById.isSuccess()) {
                Integer drlPeriod = ((CrlTemplateExtensionVO) crlTemplateById.getInfo()).getCrlConfig().getDrlPeriod();
                this.logger.debug("DRL线程的增量发布周期releaseCycle:{} ", drlPeriod);
                if (drlPeriod == null || drlPeriod.intValue() <= 0) {
                    this.logger.info("模板[{}]未开启DRL发布线程", l);
                    if (CrlConstants.CRL_THREAD_COLLECTION.containsKey(str)) {
                        this.logger.info("模板[{}]停止已存在的drl任务", l);
                        CrlConstants.CRL_THREAD_COLLECTION.get(str).cancel(true);
                        return;
                    }
                    return;
                }
                Date drlLastNextUpdatTimeByCrlTemplateId = this.crlService.getDrlLastNextUpdatTimeByCrlTemplateId(l);
                Date longToDate = null == drlLastNextUpdatTimeByCrlTemplateId ? DateTimeUtil.longToDate(valueOf.longValue() + (drlPeriod.intValue() * 60 * 1000)) : IssueTimeUtil.computeCrlPublishTime(drlLastNextUpdatTimeByCrlTemplateId, valueOf);
                this.logger.debug("DRL线程的增量 下次发布时间{}", longToDate);
                long time = longToDate.getTime() - System.currentTimeMillis();
                long j = time > 0 ? time : 0L;
                CrlConstants.CRL_THREAD_NEXT_UPDATE_TIME.put(str, longToDate);
                DrlPublishThread drlPublishThread = new DrlPublishThread(l);
                if (CrlConstants.CRL_THREAD_COLLECTION.containsKey(str)) {
                    CrlConstants.CRL_THREAD_COLLECTION.get(str).cancel(true);
                }
                CrlConstants.CRL_THREAD_COLLECTION.put(str, CrlConstants.CRL_THREAD_POOL_EXECUTOR.scheduleAtFixedRate(drlPublishThread, j / 1000, drlPeriod.intValue() * 60, TimeUnit.SECONDS));
                this.logger.info("模板[{}]启动DRL发布线程成功", l);
            } else {
                this.logger.error("获取crl模板详情失败,原因为：{}", crlTemplateById.getError().getDesc());
            }
        } catch (Exception e) {
            this.logger.error("开启drl线程失败,原因为：{}", e.getMessage());
            throw new ServiceException("开启drl线程失败", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService
    public void doCrlPublish(Long l) {
        this.logger.info("为crl模板[{}]启动crl线程", l);
        try {
            Result crlTemplateById = getCrlTemplateById(l);
            Long valueOf = Long.valueOf(System.currentTimeMillis());
            String str = "crl" + l;
            if (null == crlTemplateById) {
                this.logger.error("获取crl模板详情失败,返回结果为空");
            } else if (crlTemplateById.isSuccess()) {
                CrlTemplateExtensionVO crlTemplateExtensionVO = (CrlTemplateExtensionVO) crlTemplateById.getInfo();
                Date crlLastNextUpdatTimeByCrlTemplateId = this.crlService.getCrlLastNextUpdatTimeByCrlTemplateId(l);
                Integer crlPeriod = crlTemplateExtensionVO.getCrlConfig().getCrlPeriod();
                if (crlPeriod == null || crlPeriod.intValue() <= 0) {
                    this.logger.info("模板[{}]未开启CRL发布线程", l);
                    if (CrlConstants.CRL_THREAD_COLLECTION.containsKey(str)) {
                        CrlConstants.CRL_THREAD_COLLECTION.get(str).cancel(true);
                        return;
                    }
                    return;
                }
                Date longToDate = null == crlLastNextUpdatTimeByCrlTemplateId ? DateTimeUtil.longToDate(valueOf.longValue()) : IssueTimeUtil.computeCrlPublishTime(crlLastNextUpdatTimeByCrlTemplateId, valueOf);
                this.logger.debug("crl 下次发布时间{}", longToDate);
                long time = longToDate.getTime() - System.currentTimeMillis();
                long j = time > 0 ? time : 0L;
                CrlConstants.CRL_THREAD_NEXT_UPDATE_TIME.put(str, longToDate);
                CrlPublishThread crlPublishThread = new CrlPublishThread(l);
                if (CrlConstants.CRL_THREAD_COLLECTION.containsKey(str)) {
                    CrlConstants.CRL_THREAD_COLLECTION.get(str).cancel(true);
                }
                CrlConstants.CRL_THREAD_COLLECTION.put(str, CrlConstants.CRL_THREAD_POOL_EXECUTOR.scheduleAtFixedRate(crlPublishThread, j / 1000, crlPeriod.intValue() * 60, TimeUnit.SECONDS));
                this.logger.info("模板[{}]启动CRL发布线程成功", l);
            } else {
                this.logger.error("获取crl模板详情失败,原因为：{}", crlTemplateById.getError().getDesc());
            }
        } catch (Exception e) {
            this.logger.error("开启crl线程失败,原因为：{}", e.getMessage());
            throw new ServiceException("开启crl线程失败", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService
    public Boolean verifyQueryType(Integer num) {
        CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.ADMIN_CA_ID);
        if (caInfoVO.getDirServerConfigBean() == null) {
            return false;
        }
        if (CrlPublishEnum.isHttpCRL(num)) {
            return Boolean.valueOf(StringUtils.isNoneBlank(caInfoVO.getDirServerConfigBean().getLocalURL()) && StringUtils.isNoneBlank(caInfoVO.getDirServerConfigBean().getExtranetHttpURL()));
        }
        if (CrlPublishEnum.isLDAPCRL(num)) {
            return Boolean.valueOf(StringUtils.isNoneBlank(caInfoVO.getDirServerConfigBean().getMasterURL()) && StringUtils.isNoneBlank(caInfoVO.getDirServerConfigBean().getSlaveURL()));
        }
        return false;
    }
}
