package com.xdja.pki.ldap.service;

import com.xdja.pki.issue.PkixIssueCRL;
import com.xdja.pki.issue.PkixIssueReq;
import com.xdja.pki.issue.PkixIssueRespBuilder;
import com.xdja.pki.issue.TBSIssueResponseStatus;
import com.xdja.pki.ldap.X509Utils;
import com.xdja.pki.ldap.config.LDAPConfiguration;
import com.xdja.pki.ldap.dao.IDAO;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.Iterator;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import sun.security.provider.certpath.X509CertificatePair;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/ldap-service-0.2.0-SNAPSHOT.jar:com/xdja/pki/ldap/service/OpenLDAPService.class
 */
@Service
/* loaded from: input_file:WEB-INF/lib/ldap-service-0.3.0-SNAPSHOT.jar:com/xdja/pki/ldap/service/OpenLDAPService.class */
public class OpenLDAPService {

    @Autowired
    private LDAPConfiguration ldapConfiguration;

    @Autowired
    private IDAO idao;
    private Logger logger = LoggerFactory.getLogger(getClass());

    public byte[] pkixIssue(PkixIssueReq pkixIssueReq, PkixIssueRespBuilder pkixIssueRespBuilder) throws Exception {
        switch (pkixIssueReq.getTBSIssueType()) {
            case UPDATE_ROOT_CERTIFICATE:
                List<X509Certificate> certificateList = pkixIssueReq.getCertificateList();
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("UPDATE_ROOT_CERTIFICATE LENGTH {}", Integer.valueOf(certificateList.size()));
                }
                if (certificateList.size() != 3) {
                    this.logger.error("更新根证书传递数量有误");
                    return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Error, this.ldapConfiguration.getSignCert().getSigAlgName()).getEncoded();
                }
                try {
                    this.idao.updateRootCACertificate(pkixIssueReq.getCertificateList().get(0), pkixIssueReq.getCertificateList().get(1), pkixIssueReq.getCertificateList().get(2));
                    this.ldapConfiguration.updateCaCert(pkixIssueReq.getCertificateList().get(2));
                    this.logger.info("更新根证书成功");
                    break;
                } catch (Exception e) {
                    this.logger.error("更新根证书失败", (Throwable) e);
                    return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Error, this.ldapConfiguration.getSignCert().getSigAlgName()).getEncoded();
                }
            case SEND_CERTIFICATE:
                List<X509Certificate> certificateList2 = pkixIssueReq.getCertificateList();
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("SEND_CERTIFICATE LENGTH {}", Integer.valueOf(certificateList2.size()));
                }
                for (X509Certificate x509Certificate : certificateList2) {
                    try {
                        if (X509Utils.isCACertificate(x509Certificate)) {
                            this.ldapConfiguration.updateCaCert(x509Certificate);
                        }
                        this.idao.sendCertificate(x509Certificate);
                    } catch (Exception e2) {
                        this.logger.error("发布证书失败", (Throwable) e2);
                        return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Error, this.ldapConfiguration.getSignCert().getSigAlgName()).getEncoded();
                    }
                }
                this.logger.info("发布证书成功");
                break;
            case SEND_CRL:
                List<PkixIssueCRL> cRLList = pkixIssueReq.getCRLList();
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("SEND_CRL {}", Integer.valueOf(cRLList.size()));
                }
                for (PkixIssueCRL pkixIssueCRL : cRLList) {
                    try {
                        this.idao.sendCRL(pkixIssueCRL.getStateOrProvinceNum(), pkixIssueCRL.getCrlSegment(), pkixIssueCRL.getCrl());
                    } catch (Exception e3) {
                        this.logger.error("发布CRL失败", (Throwable) e3);
                        return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Error, this.ldapConfiguration.getSignCert().getSigAlgName()).getEncoded();
                    }
                }
                this.logger.info("发布crl成功");
                break;
            case SEND_CROSS_CERTIFICATE:
                List<X509Certificate> certificateList3 = pkixIssueReq.getCertificateList();
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("SEND_CROSS_CERTIFICATE LENGTH {}", Integer.valueOf(certificateList3.size()));
                }
                List<X509Certificate> caCerts = this.ldapConfiguration.getCaCerts();
                if (certificateList3.size() != 1) {
                    if (certificateList3.size() != 2) {
                        this.logger.error("发布交叉证书失败");
                        return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Error, this.ldapConfiguration.getSignCert().getSigAlgName()).getEncoded();
                    }
                    try {
                        try {
                            this.idao.sendCrossCertificate(new X509CertificatePair(certificateList3.get(0), certificateList3.get(1)));
                            break;
                        } catch (Exception e4) {
                            this.logger.error("发布交叉证书失败", (Throwable) e4);
                            return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Error, this.ldapConfiguration.getSignCert().getSigAlgName()).getEncoded();
                        }
                    } catch (CertificateException e5) {
                        this.logger.error("发布交叉证书失败，无法通过这两个证书构建交叉证书对", (Throwable) e5);
                        return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Error, this.ldapConfiguration.getSignCert().getSigAlgName()).getEncoded();
                    }
                } else if (X509Utils.verifyCert(caCerts, certificateList3.get(0))) {
                    try {
                        if (this.logger.isDebugEnabled()) {
                            this.logger.debug("发布IssueByThisCA");
                        }
                        this.idao.sendCrossCertificate(new X509CertificatePair((X509Certificate) null, certificateList3.get(0)));
                        break;
                    } catch (Exception e6) {
                        this.logger.error("发布交叉证书失败", (Throwable) e6);
                        return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Error, this.ldapConfiguration.getSignCert().getSigAlgName()).getEncoded();
                    }
                } else {
                    try {
                        if (this.logger.isDebugEnabled()) {
                            this.logger.debug("发布IssueByToCA");
                        }
                        this.idao.sendCrossCertificate(new X509CertificatePair(certificateList3.get(0), (X509Certificate) null));
                        break;
                    } catch (Exception e7) {
                        this.logger.error("发布交叉证书失败", (Throwable) e7);
                        return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Error, this.ldapConfiguration.getSignCert().getSigAlgName()).getEncoded();
                    }
                }
            case SEND_CERTIFICATE_STATUS:
                pkixIssueReq.getCertStatusList();
                break;
            default:
                this.logger.error("未知的PkixIssue类型");
                throw new Exception(MessageFormat.format("bad request unknown type {0}", pkixIssueReq.getTBSIssueType()));
        }
        return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Normal, this.ldapConfiguration.getSignCert().getSigAlgName()).getEncoded();
    }

    public byte[] pkixIssue(PkixIssueReq pkixIssueReq, PkixIssueRespBuilder pkixIssueRespBuilder, X509Certificate x509Certificate) throws Exception {
        switch (pkixIssueReq.getTBSIssueType()) {
            case UPDATE_ROOT_CERTIFICATE:
                List<X509Certificate> certificateList = pkixIssueReq.getCertificateList();
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("UPDATE_ROOT_CERTIFICATE LENGTH {}", Integer.valueOf(certificateList.size()));
                }
                if (certificateList.size() != 3) {
                    this.logger.error("更新根证书传递数量有误");
                    return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Error, x509Certificate).getEncoded();
                }
                try {
                    this.idao.updateRootCACertificate(pkixIssueReq.getCertificateList().get(0), pkixIssueReq.getCertificateList().get(1), pkixIssueReq.getCertificateList().get(2));
                    this.logger.info("发布根证书成功");
                    break;
                } catch (Exception e) {
                    this.logger.error("发布根证书成功", (Throwable) e);
                    return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Error, x509Certificate).getEncoded();
                }
            case SEND_CERTIFICATE:
                List<X509Certificate> certificateList2 = pkixIssueReq.getCertificateList();
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("SEND_CERTIFICATE LENGTH {}", Integer.valueOf(certificateList2.size()));
                }
                Iterator<X509Certificate> it = certificateList2.iterator();
                while (it.hasNext()) {
                    try {
                        this.idao.sendCertificate(it.next());
                    } catch (Exception e2) {
                        this.logger.error("发布证书失败", (Throwable) e2);
                        return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Error, x509Certificate).getEncoded();
                    }
                }
                this.logger.info("发布证书成功");
                break;
            case SEND_CRL:
                List<PkixIssueCRL> cRLList = pkixIssueReq.getCRLList();
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("SEND_CRL {}", Integer.valueOf(cRLList.size()));
                }
                for (PkixIssueCRL pkixIssueCRL : cRLList) {
                    try {
                        this.idao.sendCRL(pkixIssueCRL.getStateOrProvinceNum(), pkixIssueCRL.getCrlSegment(), pkixIssueCRL.getCrl());
                    } catch (Exception e3) {
                        this.logger.error("发布CRL失败", (Throwable) e3);
                        return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Error, x509Certificate).getEncoded();
                    }
                }
                this.logger.info("发布crl成功");
                break;
            case SEND_CROSS_CERTIFICATE:
                List<X509Certificate> certificateList3 = pkixIssueReq.getCertificateList();
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("SEND_CROSS_CERTIFICATE LENGTH {}", Integer.valueOf(certificateList3.size()));
                }
                if (certificateList3.size() == 1) {
                    try {
                        if (this.logger.isDebugEnabled()) {
                            this.logger.debug("发布IssueToThisCA");
                        }
                        this.idao.sendCrossCertificate(new X509CertificatePair(certificateList3.get(0), (X509Certificate) null));
                        break;
                    } catch (Exception e4) {
                        this.logger.error("发布交叉证书失败", (Throwable) e4);
                        return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Error, x509Certificate).getEncoded();
                    }
                } else {
                    if (certificateList3.size() != 2) {
                        this.logger.error("发布交叉证书失败");
                        return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Error, x509Certificate).getEncoded();
                    }
                    try {
                        X509Certificate x509Certificate2 = certificateList3.get(0);
                        if (X509Utils.verifyCert(certificateList3.get(1), x509Certificate2)) {
                            if (this.logger.isDebugEnabled()) {
                                this.logger.debug("发布IssueByThisCA");
                            }
                            this.idao.sendCrossCertificate(new X509CertificatePair((X509Certificate) null, x509Certificate2));
                        } else {
                            if (this.logger.isDebugEnabled()) {
                                this.logger.debug("发布X509CertificatePair");
                            }
                            this.idao.sendCrossCertificate(new X509CertificatePair(certificateList3.get(0), certificateList3.get(1)));
                        }
                        break;
                    } catch (Exception e5) {
                        this.logger.error("发布交叉证书失败", (Throwable) e5);
                        return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Error, x509Certificate).getEncoded();
                    }
                }
            case SEND_CERTIFICATE_STATUS:
                pkixIssueReq.getCertStatusList();
                break;
            default:
                this.logger.error("未知的PkixIssue类型");
                throw new Exception(MessageFormat.format("bad request unknown type {0}", pkixIssueReq.getTBSIssueType()));
        }
        return pkixIssueRespBuilder.build(pkixIssueReq, TBSIssueResponseStatus.Normal, x509Certificate).getEncoded();
    }
}
