package com.xdja.pki.ldap.controller;

import com.xdja.pki.gmssl.crypto.sdf.SdfCryptoType;
import com.xdja.pki.issue.PkixIssueReq;
import com.xdja.pki.issue.PkixIssueRespBuilder;
import com.xdja.pki.issue.TBSIssueResponseStatus;
import com.xdja.pki.ldap.config.LDAPConfiguration;
import com.xdja.pki.ldap.service.OpenLDAPService;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.servlet.http.HttpServletResponse;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/api/v1/ldapserver"})
@RestController
/* loaded from: input_file:WEB-INF/classes/com/xdja/pki/ldap/controller/LDAPController.class */
public class LDAPController {

    @Autowired
    private LDAPConfiguration ldapConfiguration;

    @Autowired
    private OpenLDAPService openLDAPService;
    private Logger logger = LoggerFactory.getLogger(getClass());

    @PostMapping({"/pkixissue"})
    public byte[] pkixissue(@RequestBody byte[] bArr, HttpServletResponse httpServletResponse) {
        PkixIssueRespBuilder pkixIssueRespBuilder;
        this.logger.info("------------访问服务器成功------------");
        try {
            List<X509Certificate> caCerts = this.ldapConfiguration.getCaCerts();
            if ("YUNHSM".equalsIgnoreCase(this.ldapConfiguration.getCryptoType())) {
                pkixIssueRespBuilder = new PkixIssueRespBuilder(this.ldapConfiguration.getPrivateKeyIndex(), this.ldapConfiguration.getPrivateKeyPassword(), caCerts, SdfCryptoType.YUNHSM);
                this.logger.debug("使用加密机验签");
            } else if ("SWXAHSM".equalsIgnoreCase(this.ldapConfiguration.getCryptoType())) {
                pkixIssueRespBuilder = new PkixIssueRespBuilder(this.ldapConfiguration.getPrivateKeyIndex(), this.ldapConfiguration.getPrivateKeyPassword(), caCerts, SdfCryptoType.YUNHSM);
                this.logger.debug("使用加密机验签");
            } else if ("PCIE".equalsIgnoreCase(this.ldapConfiguration.getCryptoType())) {
                pkixIssueRespBuilder = new PkixIssueRespBuilder(this.ldapConfiguration.getPrivateKeyIndex(), this.ldapConfiguration.getPrivateKeyPassword(), caCerts, SdfCryptoType.PCIE);
                this.logger.debug("使用PCIE卡验签");
            } else {
                if (!BouncyCastleProvider.PROVIDER_NAME.equalsIgnoreCase(this.ldapConfiguration.getCryptoType())) {
                    this.logger.error("配置文件验签方式配置有误");
                    httpServletResponse.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
                    return new byte[0];
                }
                pkixIssueRespBuilder = new PkixIssueRespBuilder(this.ldapConfiguration.getSignKey(), caCerts);
                this.logger.debug("使用BC模式验签");
            }
            try {
                PkixIssueReq pkixIssueReq = new PkixIssueReq(bArr);
                this.logger.info("请求结构体类型为 " + pkixIssueReq.getTBSIssueType());
                if ("PCIE".equalsIgnoreCase(this.ldapConfiguration.getCryptoType())) {
                    if (!pkixIssueReq.verifySignatureBySdf(caCerts, SdfCryptoType.PCIE)) {
                        this.logger.error("请求结构体签名无效");
                        return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Error, this.ldapConfiguration.getSignCert().getSigAlgName()).getEncoded();
                    }
                } else if ("YUNHSM".equalsIgnoreCase(this.ldapConfiguration.getCryptoType())) {
                    if (!pkixIssueReq.verifySignatureBySdf(caCerts, SdfCryptoType.YUNHSM)) {
                        this.logger.error("请求结构体签名无效");
                        return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Error, this.ldapConfiguration.getSignCert().getSigAlgName()).getEncoded();
                    }
                } else if ("SWXAHSM".equalsIgnoreCase(this.ldapConfiguration.getCryptoType())) {
                    if (!pkixIssueReq.verifySignatureBySdf(caCerts)) {
                        this.logger.error("请求结构体签名无效");
                        return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Error, this.ldapConfiguration.getSignCert().getSigAlgName()).getEncoded();
                    }
                } else if (!pkixIssueReq.verifySignatureByBC(caCerts, caCerts.get(0).getSigAlgName())) {
                    this.logger.error("请求结构体签名无效");
                    return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Error, this.ldapConfiguration.getSignCert().getSigAlgName()).getEncoded();
                }
                try {
                    return this.openLDAPService.pkixIssue(pkixIssueReq, pkixIssueRespBuilder);
                } catch (Exception e) {
                    this.logger.error("向LDAP存储失败 ", (Throwable) e);
                    httpServletResponse.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
                    return new byte[0];
                }
            } catch (Exception e2) {
                this.logger.error("无法解析请求结构体 ", (Throwable) e2);
                httpServletResponse.setStatus(HttpStatus.BAD_REQUEST.value());
                return new byte[0];
            }
        } catch (Exception e3) {
            this.logger.error("读取配置证书失败", (Throwable) e3);
            httpServletResponse.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
            return new byte[0];
        }
    }
}
