package com.xdja.pki.ldap.dao;

import com.xdja.pki.ldap.X509Utils;
import com.xdja.pki.ldap.config.OpenLDAPConfiguration;
import com.xdja.pki.ldap.config.StoreDRLException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x509.CRLNumber;
import org.bouncycastle.asn1.x509.Extension;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Repository;
import sun.security.provider.certpath.X509CertificatePair;
import sun.security.x509.X500Name;

@Repository
/* loaded from: input_file:com/xdja/pki/ldap/dao/LDAPDAO.class */
public class LDAPDAO implements IDAO {
    private Logger logger = LoggerFactory.getLogger(LDAPDAO.class);
    private SpringLDAPConnect ldapConnect;

    public LDAPDAO(@Autowired OpenLDAPConfiguration openLDAPConfiguration) {
        this.ldapConnect = new SpringLDAPConnect(openLDAPConfiguration.getHost(), openLDAPConfiguration.getPort(), openLDAPConfiguration.getRootDn(), openLDAPConfiguration.getRootPassword(), openLDAPConfiguration.getContainerName());
    }

    @Override // com.xdja.pki.ldap.dao.IDAO
    public void init(X509Certificate x509Certificate) throws Exception {
        this.logger.debug("-----初始化服务器开始------");
        clear();
        addCertEntry(x509Certificate);
    }

    @Override // com.xdja.pki.ldap.dao.IDAO
    public void updateRootCACertificate(X509Certificate x509Certificate, X509Certificate x509Certificate2, X509Certificate x509Certificate3) throws Exception {
        addCertEntry(x509Certificate);
        addCertEntry(x509Certificate2);
        addCertEntry(x509Certificate3);
    }

    @Override // com.xdja.pki.ldap.dao.IDAO
    public void sendCertificate(X509Certificate x509Certificate) throws Exception {
        addCertEntry(x509Certificate);
    }

    @Override // com.xdja.pki.ldap.dao.IDAO
    public void sendInvaildCertificateSN(String[] strArr) {
    }

    @Override // com.xdja.pki.ldap.dao.IDAO
    public void sendCRL(int i, X509CRL x509crl) throws Exception {
        this.logger.info("clrSegment" + i);
        this.logger.info("发布的crl为" + x509crl);
        addCRLEntry(i, x509crl);
    }

    @Override // com.xdja.pki.ldap.dao.IDAO
    public void sendCrossCertificate(X509CertificatePair x509CertificatePair) throws Exception {
        X509Certificate forward = x509CertificatePair.getForward();
        X509Certificate reverse = x509CertificatePair.getReverse();
        if (forward != null && reverse == null) {
            sendForwardCert(forward);
            return;
        }
        if (forward == null && reverse != null) {
            sendReserveCert(reverse);
            return;
        }
        if (forward == null || reverse == null) {
            this.logger.error("can't insert");
            throw new Exception("can't insert");
        }
        String subjectByX509Cert = X509Utils.getSubjectByX509Cert(forward);
        this.ldapConnect.addCrossCertEntry(subjectByX509Cert, new X500Name(subjectByX509Cert).getCommonName(), x509CertificatePair.getEncoded());
    }

    private void sendReserveCert(X509Certificate x509Certificate) throws Exception {
        String issuerByX509Cert = X509Utils.getIssuerByX509Cert(x509Certificate);
        this.ldapConnect.addReserveCert(issuerByX509Cert, new X500Name(issuerByX509Cert).getCommonName(), x509Certificate);
    }

    private void sendForwardCert(X509Certificate x509Certificate) throws Exception {
        String subjectByX509Cert = X509Utils.getSubjectByX509Cert(x509Certificate);
        this.ldapConnect.addForwardCert(subjectByX509Cert, new X500Name(subjectByX509Cert).getCommonName(), x509Certificate);
    }

    private void clear() {
        this.ldapConnect.deleteAll();
    }

    private void addCertEntry(X509Certificate x509Certificate) throws Exception {
        String subjectByX509Cert = X509Utils.getSubjectByX509Cert(x509Certificate);
        LdapName ldapName = new LdapName(subjectByX509Cert);
        String str = (String) ldapName.getRdn(ldapName.size() - 1).getValue();
        if (X509Utils.isCACertificate(x509Certificate)) {
            this.ldapConnect.addCACertEntry(subjectByX509Cert, str, x509Certificate.getEncoded());
        } else {
            this.ldapConnect.addUserCertEntry(subjectByX509Cert, str, x509Certificate.getEncoded());
        }
    }

    private void addCRLEntry(int i, X509CRL x509crl) throws Exception {
        String issuerByX509CRL = X509Utils.getIssuerByX509CRL(x509crl);
        LdapName ldapName = new LdapName(issuerByX509CRL);
        Rdn rdn = ldapName.getRdn(ldapName.size() - 1);
        String rdn2 = rdn.toString();
        if (X509Utils.isARL(x509crl)) {
            String str = "arl" + i;
            String str2 = "cn=" + str + ",o=" + rdn.getValue() + "ARL" + issuerByX509CRL.replace(rdn2, "");
            this.logger.debug("开始向LDAP服务器中插入ARL");
            this.ldapConnect.addARLEntry(str2, str, x509crl.getEncoded());
            return;
        }
        if (X509Utils.isDRL(x509crl)) {
            addDRLEntry(i, x509crl);
            return;
        }
        String str3 = "crl" + i;
        String str4 = "cn=" + str3 + ",o=" + rdn.getValue() + "CRL" + issuerByX509CRL.replace(rdn2, "");
        this.logger.debug("开始向LDAP服务器中插入CRL");
        this.ldapConnect.addCRLEntry(str4, str3, x509crl.getEncoded());
    }

    private void addDRLEntry(int i, X509CRL x509crl) throws Exception {
        String issuerByX509CRL = X509Utils.getIssuerByX509CRL(x509crl);
        LdapName ldapName = new LdapName(issuerByX509CRL);
        Rdn rdn = ldapName.getRdn(ldapName.size() - 1);
        String rdn2 = rdn.toString();
        CRLNumber cRLNumber = CRLNumber.getInstance(DEROctetString.getInstance(x509crl.getExtensionValue(Extension.deltaCRLIndicator.getId())).getOctets());
        String str = "crl" + i;
        String str2 = "cn=" + str + ",o=" + rdn.getValue() + "CRL" + issuerByX509CRL.replace(rdn2, "");
        X509CRL searchCrlEntry = this.ldapConnect.searchCrlEntry(str2, "certificateRevocationList;binary");
        if (null == searchCrlEntry) {
            this.logger.info("get crl is null");
        } else {
            this.logger.info("get crl is {}", searchCrlEntry);
        }
        StoreDRLException storeDRLException = StoreDRLException.ARL_AND_CRL_NOT_FOUND;
        if (searchCrlEntry != null) {
            CRLNumber cRLNumber2 = CRLNumber.getInstance(DEROctetString.getInstance(searchCrlEntry.getExtensionValue(Extension.cRLNumber.getId())).getOctets());
            System.out.println(searchCrlEntry);
            System.out.println(x509crl);
            this.logger.info("crlInstance.getCRLNumber().  " + cRLNumber2.getCRLNumber());
            this.logger.info("baseCrlNumber.getCRLNumber(). " + cRLNumber.getCRLNumber());
            if (cRLNumber2.getCRLNumber().equals(cRLNumber.getCRLNumber())) {
                this.logger.debug("开始向LDAP服务器中插入DRL");
                this.ldapConnect.addDRLEntry(str2, str, x509crl.getEncoded());
                return;
            }
            storeDRLException = StoreDRLException.CRL_NOT_MATCH;
        }
        String str3 = "arl" + i;
        String str4 = "cn=" + str3 + ",o=" + rdn.getValue() + "ARL" + issuerByX509CRL.replace(rdn2, "");
        X509CRL searchCrlEntry2 = this.ldapConnect.searchCrlEntry(str4, "authorityRevocationList;binary");
        if (null == searchCrlEntry2) {
            this.logger.info("get arl is null");
        } else {
            this.logger.info("get arl is {}", searchCrlEntry2);
        }
        if (searchCrlEntry2 != null) {
            if (CRLNumber.getInstance(DEROctetString.getInstance(searchCrlEntry2.getExtensionValue(Extension.cRLNumber.getId())).getOctets()).getCRLNumber().equals(cRLNumber.getCRLNumber())) {
                this.logger.debug("开始向LDAP服务器中插入DRL");
                this.ldapConnect.addDRLEntry(str4, str3, x509crl.getEncoded());
                return;
            }
            storeDRLException = StoreDRLException.CRL_NOT_MATCH.equals(storeDRLException) ? StoreDRLException.CRL_AND_ARL_NOT_MATCH : StoreDRLException.ARL_NOT_MATCH;
        }
        this.logger.error(storeDRLException.getDescription());
        throw new Exception(storeDRLException.getDescription());
    }
}
