package com.xdja.pki.ocsp.init;

import com.xdja.pki.gmssl.core.utils.GMSSLECUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLECKeyUtils;
import com.xdja.pki.ldap.X509Utils;
import com.xdja.pki.ocsp.certmanager.service.certstatus.CaCertDigestService;
import com.xdja.pki.ocsp.core.Constants;
import com.xdja.pki.ocsp.core.enums.DigestObjectIdentifiers;
import com.xdja.pki.ocsp.core.ocsp.util.CertUtils;
import com.xdja.pki.ocsp.core.ocsp.util.P7bUtils;
import com.xdja.pki.ocsp.issue.bean.ResponseIDEnum;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.io.FileUtils;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.CommandLineRunner;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.core.env.Environment;
import org.springframework.transaction.interceptor.RuleBasedTransactionAttribute;

@Configuration
@Order(1)
/* loaded from: input_file:WEB-INF/lib/ocsp-web-core-0.0.1-SNAPSHOT.jar:com/xdja/pki/ocsp/init/InitOCSPInfo.class */
public class InitOCSPInfo implements CommandLineRunner {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private Environment environment;

    @Autowired
    private CaCertDigestService caCertDigestService;

    @Override // org.springframework.boot.CommandLineRunner
    public void run(String... strArr) throws Exception {
        Constants.SYSTEM_DATABASE_TYPE = ConfigUtils.getSystemDatabaseType(this.environment);
        Constants.RESPONSE_RESPONSER_TYPE = ConfigUtils.getResponseResponserType(this.environment);
        Constants.RESPONSE_RESPONSER_ID = ConfigUtils.getResponseResponserID(this.environment);
        Constants.IS_REDIS_CACHE = ConfigUtils.isDbCache(this.environment);
        if (ResponseIDEnum.OCSP_SIGN_CERT.type != Constants.RESPONSE_RESPONSER_ID) {
            this.logger.error("当前OCSP不支持的响应消息签名对象");
            throw new Exception("不支持的响应消息签名对象");
        }
        Constants.CA_TO_OCSP_MAP = getCAToOCSPMap();
        DigestObjectIdentifiers.DIGEST_COLLECTION = this.caCertDigestService.addOrUpdateCaCertDigest();
    }

    private List<X509Certificate> getIssueCertsList() {
        try {
            List<X509Certificate> arrayList = new ArrayList();
            String str = ConfigUtils.getConfigPath(this.environment) + Constants.CA_CERT_LIST;
            if (new File(str).exists()) {
                arrayList = resolveCertList(str);
            } else {
                arrayList.add(P7bUtils.getUserCertFromCertChain(new File(ConfigUtils.getConfigPath(this.environment) + Constants.CA_CERT_CHAIN)));
            }
            return arrayList;
        } catch (Exception e) {
            this.logger.error("解析签发者证书链异常", (Throwable) e);
            return null;
        }
    }

    private List<List<X509Certificate>> getAllIssueCertsList() {
        try {
            String caPath = ConfigUtils.getCaPath(this.environment);
            String[] list = new File(caPath).list();
            ArrayList arrayList = new ArrayList();
            for (String str : list) {
                ArrayList arrayList2 = new ArrayList();
                Iterator it = new CMSSignedData(Base64.decode(FileUtils.readFileToString(X509Utils.getFileFromPath(caPath + "/" + str), "UTF-8").replaceFirst("-----BEGIN PKCS7-----", "").replaceFirst("-----END PKCS7-----", ""))).getCertificates().getMatches((Selector) null).iterator();
                while (it.hasNext()) {
                    arrayList2.add(new JcaX509CertificateConverter().setProvider(Constants.PROVIDER).getCertificate((X509CertificateHolder) it.next()));
                }
                arrayList.add(arrayList2);
            }
            return arrayList;
        } catch (Exception e) {
            this.logger.error("解析签发者证书链异常", (Throwable) e);
            return null;
        }
    }

    private List<KeyPair> getAllSignKey() {
        String privateKeyPath = ConfigUtils.getPrivateKeyPath(this.environment);
        String[] list = new File(privateKeyPath).list();
        ArrayList arrayList = new ArrayList();
        if (list != null && list.length > 0) {
            for (String str : list) {
                arrayList.add(CertUtils.getRootKeyPair(privateKeyPath + "/" + str));
            }
        }
        return arrayList;
    }

    public List<String> getPrivateKey() {
        return Arrays.asList(ConfigUtils.getPrivatekey(this.environment).split(","));
    }

    private Map<String, Object> getCAToOCSPMap() throws Exception {
        HashMap hashMap = new HashMap();
        List<List<X509Certificate>> allIssueCertsList = getAllIssueCertsList();
        List<X509Certificate> allOcspSignCert = getAllOcspSignCert();
        List<KeyPair> allSignKey = getAllSignKey();
        List<String> privateKey = getPrivateKey();
        for (int i = 0; i < allIssueCertsList.size(); i++) {
            ArrayList arrayList = new ArrayList();
            List<X509Certificate> list = allIssueCertsList.get(i);
            X509Certificate x509Certificate = list.get(list.size() - 1);
            String keyFromCertificate = X509Utils.getKeyFromCertificate(x509Certificate);
            String sigAlgName = x509Certificate.getSigAlgName();
            arrayList.add(list);
            for (int i2 = 0; i2 < allOcspSignCert.size(); i2++) {
                X509Certificate x509Certificate2 = allOcspSignCert.get(i2);
                if (X509Utils.verifyCert(list, x509Certificate2)) {
                    arrayList.add(allOcspSignCert.get(i2));
                    for (int i3 = 0; i3 < allSignKey.size(); i3++) {
                        KeyPair keyPair = allSignKey.get(i3);
                        if (!x509Certificate2.getSigAlgName().contains("SM2") && x509Certificate2.getPublicKey().equals(keyPair.getPublic())) {
                            arrayList.add(keyPair);
                        }
                    }
                    if (sigAlgName.contains("SM2") && x509Certificate2.getSigAlgName().contains("SM2")) {
                        BCECPublicKey publicKey = x509Certificate2.getPublicKey();
                        for (int i4 = 0; i4 < privateKey.size(); i4++) {
                            String[] split = privateKey.get(i4).split(RuleBasedTransactionAttribute.PREFIX_ROLLBACK_RULE);
                            if (split.length == 2 && publicKey.equals(GMSSLECKeyUtils.getSignPublicKeyByYunhsm(Integer.parseInt(split[0]), GMSSLECUtils.SM2p256))) {
                                arrayList.add(split);
                            }
                        }
                    }
                }
            }
            hashMap.put(keyFromCertificate, arrayList);
        }
        return hashMap;
    }

    private X509Certificate getOcspSignCert() {
        try {
            X509Certificate[] sortCertChain = CertUtils.sortCertChain(P7bUtils.resolvePemCertChain(new FileInputStream(new File(ConfigUtils.getConfigPath(this.environment) + Constants.OCSP_SIGN_CERT_NAME))));
            if (CertUtils.verifyCertChainSign(sortCertChain)) {
                return sortCertChain[sortCertChain.length - 1];
            }
            this.logger.error("解析签名证书链，证书链验签失败");
            return null;
        } catch (Exception e) {
            throw new RuntimeException("解析签名证书链异常", e);
        }
    }

    private List<X509Certificate> getAllOcspSignCert() {
        try {
            String serverCertPath = ConfigUtils.getServerCertPath(this.environment);
            String[] list = new File(serverCertPath).list();
            ArrayList arrayList = new ArrayList();
            for (String str : list) {
                X509Certificate[] sortCertChain = CertUtils.sortCertChain(P7bUtils.resolvePemCertChain(new FileInputStream(new File(serverCertPath + "/" + str))));
                if (!CertUtils.verifyCertChainSign(sortCertChain)) {
                    this.logger.error("解析签名证书链，证书链验签失败");
                    return null;
                }
                arrayList.add(sortCertChain[sortCertChain.length - 1]);
            }
            return arrayList;
        } catch (Exception e) {
            throw new RuntimeException("解析签名证书链异常", e);
        }
    }

    private List<X509Certificate> resolveCertList(String str) {
        try {
            return P7bUtils.resolvePemCertChain(new FileInputStream(new File(str)));
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }
}
