package com.xdja.pki.ocsp.certmanager.service.certstatus;

import com.xdja.pki.gmssl.operator.GMSSLDigestCalculatorProvider;
import com.xdja.pki.ocsp.cache.CertStatusCache;
import com.xdja.pki.ocsp.cermanager.dao.CaCertQueryDao;
import com.xdja.pki.ocsp.cermanager.dao.UpdateCertStatusDao;
import com.xdja.pki.ocsp.core.Constants;
import com.xdja.pki.ocsp.core.enums.DigestObjectIdentifiers;
import com.xdja.pki.ocsp.core.exception.ServiceException;
import com.xdja.pki.ocsp.core.ocsp.util.CalcIssuerIdHashUtil;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.encoders.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:WEB-INF/lib/ocsp-service-certmanager-impl-0.0.1-SNAPSHOT.jar:com/xdja/pki/ocsp/certmanager/service/certstatus/CaCertDigestServiceImpl.class */
public class CaCertDigestServiceImpl implements CaCertDigestService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private CertStatusCache certStatusCache;

    @Autowired
    private UpdateCertStatusDao updateCertStatusDao;

    @Autowired
    private CaCertQueryDao caCertQueryDao;

    @Override // com.xdja.pki.ocsp.certmanager.service.certstatus.CaCertDigestService
    public void computeCaCertDigest(List<String> list) {
        try {
            Map<String, Object> map = Constants.CA_TO_OCSP_MAP;
            Iterator<String> it = map.keySet().iterator();
            while (it.hasNext()) {
                List list2 = (List) ((List) map.get(it.next())).get(0);
                ArrayList arrayList = new ArrayList();
                for (int i = 0; i < list2.size(); i++) {
                    arrayList.addAll(buildIssuerCertList((X509Certificate) list2.get(i), list));
                }
                if (Constants.IS_REDIS_CACHE) {
                    this.certStatusCache.addORUpdateIssuerCerts(arrayList);
                } else {
                    this.caCertQueryDao.addCaCertDigest(arrayList);
                }
            }
        } catch (Exception e) {
            throw new ServiceException("计算CA证书摘要并添加数据库异常", e);
        }
    }

    @Override // com.xdja.pki.ocsp.certmanager.service.certstatus.CaCertDigestService
    public List<String> updateCaCertDigest(String str) {
        try {
            List<X509Certificate> list = Constants.ISSUERCERT;
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i < list.size(); i++) {
                arrayList.add(buildIssuerCertMap(list.get(i), str));
            }
            if (Constants.IS_REDIS_CACHE) {
                this.certStatusCache.addORUpdateIssuerCerts(arrayList);
            } else {
                this.caCertQueryDao.addCaCertDigest(arrayList);
            }
            DigestObjectIdentifiers.DIGEST_COLLECTION.add(str);
            return DigestObjectIdentifiers.DIGEST_COLLECTION;
        } catch (Exception e) {
            e.printStackTrace();
            this.logger.error("不支持的摘要算法：" + str);
            return DigestObjectIdentifiers.DIGEST_COLLECTION;
        }
    }

    @Override // com.xdja.pki.ocsp.certmanager.service.certstatus.CaCertDigestService
    public List<String> addOrUpdateCaCertDigest() {
        this.logger.info("检测系统支持的hash算法");
        try {
            if (Constants.IS_REDIS_CACHE) {
                computeCaCertDigest(DigestObjectIdentifiers.DIGEST_COLLECTION);
                return DigestObjectIdentifiers.DIGEST_COLLECTION;
            }
            List<String> queryCaDigestAlg = this.caCertQueryDao.queryCaDigestAlg();
            if (null == queryCaDigestAlg || queryCaDigestAlg.isEmpty()) {
                computeCaCertDigest(DigestObjectIdentifiers.DIGEST_COLLECTION);
                return DigestObjectIdentifiers.DIGEST_COLLECTION;
            }
            for (int i = 0; i < queryCaDigestAlg.size(); i++) {
                String trim = queryCaDigestAlg.get(i).trim();
                if (DigestObjectIdentifiers.DIGEST_COLLECTION.contains(trim)) {
                    DigestObjectIdentifiers.DIGEST_COLLECTION.remove(trim);
                }
            }
            if (!DigestObjectIdentifiers.DIGEST_COLLECTION.isEmpty()) {
                computeCaCertDigest(DigestObjectIdentifiers.DIGEST_COLLECTION);
                queryCaDigestAlg.addAll(DigestObjectIdentifiers.DIGEST_COLLECTION);
            }
            return queryCaDigestAlg;
        } catch (Exception e) {
            throw new ServiceException("添加或更新CA摘要算法异常");
        }
    }

    private Map<String, Object> buildIssuerCertMap(X509Certificate x509Certificate, String str) throws Exception {
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(new ASN1ObjectIdentifier(str));
        CertificateID certificateID = new CertificateID(new GMSSLDigestCalculatorProvider().get(algorithmIdentifier), new X509CertificateHolder(x509Certificate.getEncoded()), x509Certificate.getSerialNumber());
        String fromByteArray = Strings.fromByteArray(Hex.encode(certificateID.getIssuerNameHash()));
        String fromByteArray2 = Strings.fromByteArray(Hex.encode(certificateID.getIssuerKeyHash()));
        HashMap hashMap = new HashMap();
        hashMap.put("hashAlogrithm", certificateID.getHashAlgOID().getId());
        hashMap.put("issuerNameHash", fromByteArray);
        hashMap.put("issuerKeyHash", fromByteArray2);
        hashMap.put(CertStatusCache.ISSUER_ID_HSAH, CalcIssuerIdHashUtil.calcIssuerIdHash(algorithmIdentifier.getAlgorithm(), fromByteArray, fromByteArray2));
        return hashMap;
    }

    private List<Map<String, Object>> buildIssuerCertList(X509Certificate x509Certificate) throws Exception {
        List<String> list = DigestObjectIdentifiers.DIGEST_COLLECTION;
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(buildIssuerCertMap(x509Certificate, it.next()));
        }
        return arrayList;
    }

    private List<Map<String, Object>> buildIssuerCertList(X509Certificate x509Certificate, List<String> list) throws Exception {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(buildIssuerCertMap(x509Certificate, it.next()));
        }
        return arrayList;
    }
}
