package com.xdja.pki.ldap.dao;

import com.fasterxml.jackson.core.util.MinimalPrettyPrinter;
import java.io.ByteArrayInputStream;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.ModificationItem;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.X509CertPairParser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.NameNotFoundException;
import org.springframework.ldap.NamingException;
import org.springframework.ldap.core.ContextMapper;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.DefaultDirObjectFactory;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.ldap.query.LdapQueryBuilder;
import sun.security.provider.certpath.X509CertificatePair;

/* loaded from: input_file:WEB-INF/lib/ldap-dao-0.0.6-SNAPSHOT.jar:com/xdja/pki/ldap/dao/SpringLDAPConnect.class */
public class SpringLDAPConnect {
    private LdapTemplate ldapTemplate;
    private String containerName;
    private Logger logger = LoggerFactory.getLogger(getClass());

    public SpringLDAPConnect(String str, int i, String str2, String str3, String str4) {
        try {
            LdapContextSource ldapContextSource = new LdapContextSource();
            ldapContextSource.setUrl("ldap://" + str + ":" + i);
            ldapContextSource.setUserDn(str2);
            ldapContextSource.setPassword(str3);
            ldapContextSource.setDirObjectFactory(DefaultDirObjectFactory.class);
            ldapContextSource.afterPropertiesSet();
            this.ldapTemplate = new LdapTemplate(ldapContextSource);
            this.containerName = str4;
            this.logger.info("连接ldap服务器成功");
        } catch (Exception e) {
            this.logger.error("连接ldap服务器失败");
            e.printStackTrace();
        }
    }

    public void deleteAll() {
        try {
            this.ldapTemplate.unbind(this.containerName, true);
            this.logger.info("-------已清空服务器 " + this.containerName + "节点下所有数据---------");
        } catch (NamingException e) {
        }
    }

    public X509CRL searchCrlEntry(String str, String str2) throws Exception {
        if (!str.endsWith(this.containerName)) {
            str = str + "," + this.containerName;
        }
        this.logger.info("search dn is {}", str);
        try {
            Attributes attributes = (Attributes) this.ldapTemplate.searchForObject(LdapQueryBuilder.query().base(str).filter("(objectClass=*)"), new ContextMapper<Attributes>() { // from class: com.xdja.pki.ldap.dao.SpringLDAPConnect.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.springframework.ldap.core.ContextMapper
                public Attributes mapFromContext(Object obj) {
                    return ((DirContextAdapter) obj).getAttributes();
                }
            });
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
            NamingEnumeration iDs = attributes.getIDs();
            while (iDs.hasMore()) {
                String str3 = (String) iDs.next();
                if (str3.equalsIgnoreCase(str2)) {
                    NamingEnumeration all = attributes.get(str3).getAll();
                    if (all.hasMore()) {
                        return (X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream((byte[]) all.next()));
                    }
                }
            }
            this.logger.error("没有查到该节点：" + str2);
            throw new Exception("没有查到该节点：" + str2);
        } catch (NameNotFoundException e) {
            return null;
        }
    }

    public void addCACertEntry(String str, String str2, byte[] bArr) throws Exception {
        BasicAttributes basicAttributes = new BasicAttributes();
        BasicAttribute basicAttribute = new BasicAttribute("objectclass");
        basicAttribute.add("pkiCA");
        basicAttribute.add("organizationalRole");
        basicAttributes.put(basicAttribute);
        basicAttributes.put("cn", str2);
        basicAttributes.put("cACertificate;binary", bArr);
        this.logger.debug("开始插入CA证书");
        addEntry(str, basicAttributes);
    }

    public void addUserCertEntry(String str, String str2, byte[] bArr) throws Exception {
        BasicAttributes basicAttributes = new BasicAttributes();
        basicAttributes.put("objectclass", "inetOrgPerson");
        basicAttributes.put("userCertificate;binary", bArr);
        basicAttributes.put("cn", str2);
        basicAttributes.put("sn", str2);
        this.logger.debug("开始插入用户证书");
        addEntry(str, basicAttributes);
    }

    public void addARLEntry(String str, String str2, byte[] bArr) throws Exception {
        BasicAttributes basicAttributes = new BasicAttributes();
        basicAttributes.put("objectclass", "cRLDistributionPoint");
        basicAttributes.put("cn", str2);
        basicAttributes.put("authorityRevocationList;binary", bArr);
        this.logger.debug("开始插入arl");
        addEntry(str, basicAttributes);
    }

    public void addDRLEntry(String str, String str2, byte[] bArr) throws Exception {
        BasicAttributes basicAttributes = new BasicAttributes();
        basicAttributes.put("objectclass", "cRLDistributionPoint");
        basicAttributes.put("cn", str2);
        basicAttributes.put("deltaRevocationList;binary", bArr);
        this.logger.debug("开始插入drl");
        addEntry(str, basicAttributes);
    }

    public void addCRLEntry(String str, String str2, byte[] bArr) throws Exception {
        BasicAttributes basicAttributes = new BasicAttributes();
        basicAttributes.put("objectclass", "cRLDistributionPoint");
        basicAttributes.put("cn", str2);
        basicAttributes.put("certificateRevocationList;binary", bArr);
        this.logger.debug("开始插入crl");
        addEntry(str, basicAttributes);
    }

    public void addCrossCertEntry(String str, String str2, byte[] bArr) throws Exception {
        if (selectCrossCert(str) != null) {
            this.logger.error("该节点已经有一个交叉证书，无法继续插入");
            throw new Exception("该节点已经有一个交叉证书，无法继续插入");
        }
        this.logger.debug("该节点没有交叉证书");
        addCrossCert(str, str2, bArr);
    }

    public void addForwardCert(String str, String str2, X509Certificate x509Certificate) throws Exception {
        if (!checkExist(str)) {
            this.logger.debug("说明不存在该节点,可以插入交叉证书forward");
            addCrossCert(str, str2, new X509CertificatePair(x509Certificate, (X509Certificate) null).getEncoded());
            return;
        }
        if (selectCrossCert(str) == null) {
            this.logger.debug("说明该节点没有交叉证书,可以插入交叉证书forward");
            addCrossCert(str, str2, new X509CertificatePair(x509Certificate, (X509Certificate) null).getEncoded());
        }
        X509CertificatePair selectCrossCert = selectCrossCert(str);
        if (selectCrossCert.getForward() != null) {
            this.logger.error("该节点已经存在交叉证书的forward,不能继续插入");
            throw new Exception("该节点已经存在交叉证书的forward,不能继续插入");
        }
        if (selectCrossCert.getReverse() != null) {
            try {
                byte[] encoded = new X509CertificatePair(x509Certificate, selectCrossCert.getReverse()).getEncoded();
                this.logger.debug("开始插入交叉证书forward");
                addCrossCert(str, str2, encoded);
            } catch (CertificateException e) {
                this.logger.error("crossPair.getForward().getIssuerX500Principal() " + x509Certificate.getSubjectX500Principal());
                this.logger.error("crossPair.getReverse().getIssuerX500Principal() " + selectCrossCert.getReverse().getIssuerX500Principal());
                this.logger.error("该证书无法与服务器的Forward证书构成交叉证书对", (Throwable) e);
                throw new Exception("can't use these two certs build X509CertificatePair");
            }
        }
    }

    public void addReserveCert(String str, String str2, X509Certificate x509Certificate) throws Exception {
        if (!checkExist(str)) {
            this.logger.debug("说明不存在该节点,可以插入交叉证书reserve");
            addCrossCert(str, str2, new X509CertificatePair((X509Certificate) null, x509Certificate).getEncoded());
            return;
        }
        if (selectCrossCert(str) == null) {
            this.logger.debug("说明该节点没有交叉证书,可以插入交叉证书reserve");
            addCrossCert(str, str2, new X509CertificatePair((X509Certificate) null, x509Certificate).getEncoded());
        }
        X509CertificatePair selectCrossCert = selectCrossCert(str);
        if (selectCrossCert.getReverse() != null) {
            this.logger.error("该节点已经存在交叉证书的reserve,不能继续插入");
            throw new Exception("该节点已经存在交叉证书的reserve,不能继续插入");
        }
        if (selectCrossCert.getForward() != null) {
            try {
                byte[] encoded = new X509CertificatePair(selectCrossCert.getForward(), x509Certificate).getEncoded();
                this.logger.debug("开始插入交叉证书reserve");
                addCrossCert(str, str2, encoded);
            } catch (CertificateException e) {
                this.logger.error("crossPair.getForward().getIssuerX500Principal() " + selectCrossCert.getForward().getSubjectX500Principal());
                this.logger.error("crossPair.getReverse().getIssuerX500Principal() " + x509Certificate.getIssuerX500Principal());
                this.logger.error("该证书无法与服务器的Forward证书构成交叉证书对 ", (Throwable) e);
                throw new Exception("can't use these two certs build X509CertificatePair");
            }
        }
    }

    private void addCrossCert(String str, String str2, byte[] bArr) throws Exception {
        BasicAttributes basicAttributes = new BasicAttributes();
        BasicAttribute basicAttribute = new BasicAttribute("objectclass", "organizationalRole");
        basicAttribute.add("pkiCA");
        basicAttributes.put(basicAttribute);
        basicAttributes.put("cn", str2);
        basicAttributes.put("crossCertificatePair;binary", bArr);
        this.logger.debug("开始插入交叉证书对");
        addEntry(str, basicAttributes);
    }

    private void addEntry(String str, Attributes attributes) throws Exception {
        if (!str.toUpperCase().endsWith(this.containerName.toUpperCase())) {
            str = str + "," + this.containerName;
            this.logger.debug("证书dn修改后为 " + str);
        }
        if (!checkExist(str)) {
            addPoint(str, attributes);
            return;
        }
        Object[] objectAttributes = ((DirContextAdapter) this.ldapTemplate.lookup(str)).getObjectAttributes("objectclass");
        ArrayList arrayList = new ArrayList();
        for (Object obj : objectAttributes) {
            arrayList.add((String) obj);
        }
        try {
            ArrayList arrayList2 = new ArrayList();
            NamingEnumeration all = attributes.getAll();
            while (all.hasMoreElements()) {
                Attribute attribute = (Attribute) all.next();
                if (attribute.getID().contains("objectclass")) {
                    String str2 = (String) attribute.get();
                    if (!arrayList.contains("person") || !arrayList.contains("pkiCA") || !str2.equalsIgnoreCase("pkiCA")) {
                        if (arrayList.contains("person") && str2.equalsIgnoreCase("pkiCA")) {
                            BasicAttribute basicAttribute = new BasicAttribute("objectclass");
                            basicAttribute.add("pkiCA");
                            arrayList2.add(new ModificationItem(1, basicAttribute));
                        } else if (!arrayList.contains("person") || !arrayList.contains("pkiUser")) {
                            if (arrayList.contains("person")) {
                                BasicAttribute basicAttribute2 = new BasicAttribute("objectclass");
                                basicAttribute2.add("pkiUser");
                                arrayList2.add(new ModificationItem(1, basicAttribute2));
                            }
                        }
                    }
                }
                arrayList2.add((attribute.getID().contains("userCertificate;binary") || attribute.getID().contains("cACertificate;binary")) ? new ModificationItem(1, attribute) : new ModificationItem(2, attribute));
            }
            this.ldapTemplate.modifyAttributes(str, (ModificationItem[]) arrayList2.toArray(new ModificationItem[arrayList2.size()]));
            this.logger.info("更新 " + str + " 节点成功");
        } catch (Exception e) {
            if (!e.getMessage().contains("LDAP: error code 20")) {
                this.logger.error("修改" + str + "节点失败", (Throwable) e);
                throw new Exception("修改" + str + "节点失败", e);
            }
            this.logger.info("节点 " + str + " 数据已存在 不再插入");
        }
    }

    private void addPoint(String str, Attributes attributes) throws Exception {
        if (!str.toUpperCase().endsWith(this.containerName.toUpperCase())) {
            str = str + "," + this.containerName;
        }
        LdapName ldapName = new LdapName(str);
        int i = 0;
        Rdn rdn = ldapName.getRdn(0);
        String str2 = rdn + "";
        while (true) {
            String str3 = str2;
            if (str3.equalsIgnoreCase(this.containerName)) {
                while (i <= ldapName.size()) {
                    this.logger.debug("当前得到的dn节点为 " + str3);
                    if (!checkExist(str3)) {
                        if (str3.equalsIgnoreCase(str)) {
                            this.ldapTemplate.bind(str3, (Object) null, attributes);
                            this.logger.info("添加 " + str + "节点成功");
                            return;
                        }
                        Attributes basicAttributes = new BasicAttributes();
                        if (rdn.getType().equalsIgnoreCase("ou")) {
                            basicAttributes.put("objectclass", "organizationalUnit");
                        } else if (rdn.getType().equalsIgnoreCase("o")) {
                            basicAttributes.put("objectclass", "organization");
                        } else if (rdn.getType().equalsIgnoreCase("L")) {
                            basicAttributes.put("objectclass", "locality");
                        } else if (rdn.getType().equalsIgnoreCase("st")) {
                            basicAttributes.put("objectclass", "locality");
                        } else if (rdn.getType().equalsIgnoreCase("c")) {
                            basicAttributes.put("objectclass", "country");
                        } else {
                            if (!rdn.getType().equalsIgnoreCase("cn")) {
                                this.logger.error("该rdn类型未定义  " + rdn.getType());
                                throw new Exception("unknown this type " + rdn.getType());
                            }
                            basicAttributes.put("objectclass", "person");
                            basicAttributes.put("sn", rdn.getValue());
                        }
                        this.ldapTemplate.bind(str3, (Object) null, basicAttributes);
                    }
                    rdn = ldapName.getRdn(i + 1);
                    str3 = rdn + "," + str3;
                    i++;
                }
                return;
            }
            i++;
            if (i >= ldapName.size()) {
                this.logger.error("传入的dn不是以" + this.containerName + "结尾的");
                throw new Exception("this dn is false " + str + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + str3 + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + this.containerName);
            }
            rdn = ldapName.getRdn(i);
            str2 = rdn + "," + str3;
        }
    }

    private boolean checkExist(String str) {
        boolean z = false;
        try {
            Object lookup = this.ldapTemplate.lookup(str);
            System.out.println(lookup);
            if (lookup != null) {
                z = true;
            }
        } catch (Exception e) {
        }
        return z;
    }

    private X509CertificatePair selectCrossCert(String str) {
        this.logger.debug("开始查询");
        try {
            Iterator it = this.ldapTemplate.search(LdapQueryBuilder.query().base(str).where("objectclass").is("pkiCA"), attributes -> {
                System.out.println(attributes);
                return (byte[]) attributes.get("crosscertificatepair;binary").get();
            }).iterator();
            if (!it.hasNext()) {
                return null;
            }
            byte[] bArr = (byte[]) it.next();
            X509CertPairParser x509CertPairParser = new X509CertPairParser();
            x509CertPairParser.engineInit(new ByteArrayInputStream(bArr));
            try {
                org.bouncycastle.x509.X509CertificatePair x509CertificatePair = (org.bouncycastle.x509.X509CertificatePair) x509CertPairParser.engineRead();
                this.logger.debug("查到了");
                return new X509CertificatePair(x509CertificatePair.getForward(), x509CertificatePair.getReverse());
            } catch (Exception e) {
                return null;
            }
        } catch (Exception e2) {
            this.logger.debug("此节点下查不到");
            return null;
        }
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
