package com.xdja.pki.ra.manager.sdk.business;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.xdja.ca.bean.CertCoreExtendInfoOriginVO;
import com.xdja.ca.bean.CertCoreExtendInfoVO;
import com.xdja.ca.bean.CertPolicyVO;
import com.xdja.ca.cache.RedisClient;
import com.xdja.ca.sdk.CmpApi;
import com.xdja.ca.sdk.SdkResult;
import com.xdja.pki.core.json.JsonUtils;
import com.xdja.pki.ra.core.common.CommonVariable;
import com.xdja.pki.ra.core.common.ErrorBean;
import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.constant.PathConstants;
import com.xdja.pki.ra.core.pkcs7.SignedDataUtils;
import com.xdja.pki.ra.core.util.cert.CertUtils;
import com.xdja.pki.ra.core.util.cert.HsmUtils;
import com.xdja.pki.ra.core.util.cert.VerifyCert;
import com.xdja.pki.ra.core.util.file.FileUtils;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x509.CertificatePolicies;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.PolicyQualifierId;
import org.bouncycastle.asn1.x509.PolicyQualifierInfo;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.springframework.web.multipart.MultipartFile;
import redis.clients.jedis.Jedis;
import redis.clients.util.Pool;

@Service
/* loaded from: input_file:com/xdja/pki/ra/manager/sdk/business/CaBusinessManagerImpl.class */
public class CaBusinessManagerImpl implements CaBusinessManager {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Value("${ca.open.api.https}")
    private boolean isHttps;
    private CmpApi cmpApi;

    @Autowired
    private Pool<Jedis> jedisPool;
    private RedisClient redisClient;
    private int transIdExpireTime;

    @Value("${transId.cache.expireTime}")
    private void init(int i) {
        this.transIdExpireTime = i;
        this.redisClient = new RedisClient(this.jedisPool);
    }

    public void initCmpApi() {
        synchronized (this) {
            if (this.cmpApi == null) {
                if (1 == CommonVariable.getIsHsm().intValue() && "SM2".equalsIgnoreCase(CommonVariable.getKeyAlgName())) {
                    this.cmpApi = new CmpApi(CommonVariable.getKeyIndex(), CommonVariable.getKeyPwd(), CommonVariable.getSuperCaCerts(), CommonVariable.getCaServiceCert(), CommonVariable.getCaServiceIp(), CommonVariable.getCaServicePort(), CommonVariable.getRaSingSn(), CommonVariable.getSigAlgName(), this.isHttps, true, this.redisClient, this.transIdExpireTime);
                } else {
                    this.cmpApi = new CmpApi(CommonVariable.getRaSignPriKey(), CommonVariable.getSuperCaCerts(), CommonVariable.getCaServiceCert(), CommonVariable.getCaServiceIp(), CommonVariable.getCaServicePort(), CommonVariable.getRaSingSn(), CommonVariable.getSigAlgName(), this.isHttps, false, this.redisClient, this.transIdExpireTime);
                }
            }
        }
    }

    public Result getUserCACertFileTime(Long l) {
        initCmpApi();
        SdkResult userCACertFileTime = this.cmpApi.getUserCACertFileTime(l);
        Result result = getResult(userCACertFileTime);
        if (null == result.getErrorBean()) {
            result.setInfo(userCACertFileTime.getInfo());
        }
        return result;
    }

    public Result getUserCA() {
        initCmpApi();
        SdkResult userCA = this.cmpApi.getUserCA();
        Result result = getResult(userCA);
        if (null == result.getErrorBean()) {
            result.setInfo(userCA.getInfo());
        }
        return result;
    }

    public Result testCaServerConnect(MultipartFile multipartFile, String str, int i) {
        byte[] bytes;
        X509Certificate[] x509CertificateArr;
        X509Certificate x509Certificate;
        String sigAlgName;
        Result result = new Result();
        int i2 = 0;
        X509Certificate[] x509CertificateArr2 = null;
        try {
            x509CertificateArr2 = CommonVariable.getSuperCaCerts();
            if (x509CertificateArr2 == null) {
                i2 = 0;
                x509CertificateArr2 = new X509Certificate[0];
            } else {
                i2 = x509CertificateArr2.length;
            }
        } catch (Exception e) {
            this.logger.info("获取CA历史证书异常");
            result.setError(ErrorEnum.GET_HISTORY_CA_CERT_ERROR);
        }
        byte[] bArr = new byte[0];
        if (multipartFile != null) {
            try {
                bytes = multipartFile.getBytes();
                Result verifyP7bCertList = VerifyCert.verifyP7bCertList(bytes);
                if (!verifyP7bCertList.isSuccess()) {
                    result.setError(verifyP7bCertList.getError());
                    return result;
                }
                try {
                    List resolveCertChain = SignedDataUtils.resolveCertChain(bytes);
                    int size = i2 + resolveCertChain.size();
                    x509CertificateArr = new X509Certificate[size];
                    for (int i3 = 0; i3 < x509CertificateArr2.length; i3++) {
                        x509CertificateArr[i3] = x509CertificateArr2[i3];
                    }
                    x509Certificate = (X509Certificate) resolveCertChain.get(0);
                    sigAlgName = x509Certificate.getSigAlgName();
                    for (int i4 = 0; i4 < resolveCertChain.size(); i4++) {
                        x509Certificate = (X509Certificate) resolveCertChain.get(i4);
                        x509CertificateArr[(size - i4) - 1] = x509Certificate;
                    }
                } catch (Exception e2) {
                    this.logger.error("配置CA服务解析证书链异常", e2);
                    result.setError(ErrorEnum.CONVERT_CERT_ERROR);
                    return result;
                }
            } catch (Exception e3) {
                this.logger.info("文件转换bytes异常");
                result.setError(ErrorEnum.FILE_TO_BYTES_ERROR);
                return result;
            }
        } else {
            x509CertificateArr = new X509Certificate[i2];
            for (int i5 = 0; i5 < x509CertificateArr2.length; i5++) {
                x509CertificateArr[i5] = x509CertificateArr2[i5];
            }
            try {
                bytes = FileUtils.readByBinary(PathConstants.CA_TRUST_SERVICE_CERT_FILE_PATH);
                try {
                    x509Certificate = (X509Certificate) SignedDataUtils.resolveCertChain(bytes).get(0);
                    sigAlgName = x509Certificate.getSigAlgName();
                } catch (Exception e4) {
                    this.logger.error("配置CA服务解析证书链异常", e4);
                    result.setError(ErrorEnum.CONVERT_CERT_ERROR);
                    return result;
                }
            } catch (Exception e5) {
                this.logger.info("读取服务器已存证书链异常");
                result.setError(ErrorEnum.CERT_P7B_INFO_READ_ERROR);
                return result;
            }
        }
        try {
            String keyAlg = CertUtils.getKeyAlg(x509Certificate);
            if (2 == CommonVariable.getIsHsm().intValue() && "NISTP256".equalsIgnoreCase(keyAlg)) {
                this.logger.error("三未信安密码机不支持NIST256算法");
                result.setError(ErrorEnum.SWXA_HSM_NOT_SUPPORT_NIST);
                return result;
            }
            try {
                String digestByYunHsm = 0 != CommonVariable.getIsHsm().intValue() ? HsmUtils.digestByYunHsm(sigAlgName, Base64.toBase64String(bytes)) : HsmUtils.digestByBC(sigAlgName, Base64.toBase64String(bytes));
                this.logger.info("p7bHashCode==========={}", digestByYunHsm);
                return getResult(((1 == CommonVariable.getIsHsm().intValue() && "SM2".equalsIgnoreCase(CommonVariable.getKeyAlgName())) ? new CmpApi(0, (String) null, x509CertificateArr, (X509Certificate) null, str, i, (String) null, sigAlgName, this.isHttps, true, this.redisClient, this.transIdExpireTime) : new CmpApi((byte[]) null, x509CertificateArr, (X509Certificate) null, str, i, (String) null, sigAlgName, this.isHttps, false, this.redisClient, this.transIdExpireTime)).sendCaServerMessages(str, i, digestByYunHsm, x509CertificateArr));
            } catch (Exception e6) {
                this.logger.error("测试CA服务连通性读取证书链异常", e6);
                result.setError(ErrorEnum.CERT_P7B_INFO_READ_ERROR);
                return result;
            }
        } catch (Exception e7) {
            this.logger.error("获取证书秘钥算法异常", e7);
            result.setError(ErrorEnum.GET_CERT_ALG_NAME_LENGTH_EXCEPTION);
            return result;
        }
    }

    private static Result getResult(SdkResult sdkResult) {
        Result result = new Result();
        if (!sdkResult.isSuccess()) {
            String substring = String.valueOf(sdkResult.getErrorBean().getErrCode()).substring(0, 3);
            if ("300".equals(substring) || "310".equals(substring)) {
                result.setError(ErrorEnum.CA_SDK_INNER_EXCEPTION);
            } else {
                result.setErrorBean(new ErrorBean(sdkResult.getErrorBean().getErrCode(), sdkResult.getErrorBean().getErrMsg()));
            }
        }
        return result;
    }

    public Result getRaBaseDN() {
        initCmpApi();
        SdkResult raBaseDN = this.cmpApi.getRaBaseDN();
        Result result = getResult(raBaseDN);
        if (null == result.getErrorBean()) {
            result.setInfo((String) JSONObject.parseObject(String.valueOf(raBaseDN.getInfo())).get("baseDn"));
        }
        return result;
    }

    public Result getCertStatus(String str) {
        initCmpApi();
        SdkResult certStatus = this.cmpApi.getCertStatus(str);
        Result result = getResult(certStatus);
        if (null == result.getErrorBean()) {
            result.setInfo(Integer.valueOf(((Integer) JSONObject.parseObject((String) certStatus.getInfo()).get("status")).intValue()));
        }
        return result;
    }

    public Result downloadCertDataInfo(String str, boolean z) {
        initCmpApi();
        SdkResult downloadCertByteInfo = this.cmpApi.downloadCertByteInfo(str);
        Result result = getResult(downloadCertByteInfo);
        if (null == result.getErrorBean()) {
            String str2 = (String) downloadCertByteInfo.getInfo();
            HashMap hashMap = new HashMap();
            HashMap hashMap2 = new HashMap();
            JSONObject parseObject = JSONObject.parseObject(str2);
            String str3 = (String) parseObject.get("signCert");
            String str4 = (String) parseObject.get("signCertP7b");
            if (StringUtils.isBlank(str3)) {
                this.logger.info("sdk接口-获取的签名或加密证书为空{}", str2);
                result.setError(ErrorEnum.GET_USER_CERT_INFO_IS_EMPTY);
                return result;
            }
            hashMap.put("signCert", str4);
            hashMap2.put("signCert", str3);
            String str5 = (String) parseObject.get("encCert");
            String str6 = (String) parseObject.get("encCertP7b");
            if (StringUtils.isNotBlank(str5)) {
                hashMap.put("encCert", str6);
                hashMap2.put("encCert", str5);
            }
            String str7 = (String) parseObject.get("userCACert");
            hashMap.put("CACert", str7);
            hashMap2.put("CACert", str7);
            if (z) {
                result.setInfo(hashMap2);
            } else {
                result.setInfo(hashMap);
            }
        }
        return result;
    }

    public Result getCertDetailInfoBySingSn(String str) {
        initCmpApi();
        SdkResult certDetailInfo = this.cmpApi.getCertDetailInfo(str);
        Result result = getResult(certDetailInfo);
        if (null == result.getErrorBean()) {
            result.setInfo((String) certDetailInfo.getInfo());
        }
        return result;
    }

    public Result synCertTemplateList() {
        initCmpApi();
        SdkResult certTemplateList = this.cmpApi.getCertTemplateList();
        Result result = getResult(certTemplateList);
        if (null == result.getErrorBean()) {
            try {
                result.setInfo(JSON.parseArray((String) certTemplateList.getInfo(), SynTempInfo.class));
            } catch (Exception e) {
                this.logger.info("解析json错误", e);
                result.setError(ErrorEnum.SYN_CERT_TEMP_INFO_FORMAT_ERROR);
                return result;
            }
        }
        return result;
    }

    public Result getCertTemplateDetailInfoByTempNo(String str) {
        initCmpApi();
        SdkResult certTemplateDetailInfo = this.cmpApi.getCertTemplateDetailInfo(str);
        Result result = getResult(certTemplateDetailInfo);
        if (null == result.getErrorBean()) {
            result.setInfo((String) certTemplateDetailInfo.getInfo());
        }
        return result;
    }

    public Result getRaOperatorCertTemp() {
        initCmpApi();
        SdkResult raOperatorCertTemp = this.cmpApi.getRaOperatorCertTemp();
        Result result = getResult(raOperatorCertTemp);
        if (null == result.getErrorBean()) {
            JSONObject parseObject = JSONObject.parseObject((String) raOperatorCertTemp.getInfo());
            HashMap hashMap = new HashMap();
            hashMap.put("tempCode", parseObject.get("code"));
            hashMap.put("signAlg", parseObject.get("signAlgStr"));
            hashMap.put("privateKeyLength", parseObject.get("keySize"));
            hashMap.put("maxDate", parseObject.get("maxValidity"));
            Integer num = (Integer) parseObject.get("keyAlg");
            hashMap.put("keyAlg", 1 == num.intValue() ? "RSA" : 2 == num.intValue() ? "SM2" : "NISTP256");
            result.setInfo(hashMap);
        }
        return result;
    }

    public Result raAdminLoginAuthen(String str) {
        initCmpApi();
        SdkResult raAdminLoginAuthen = this.cmpApi.raAdminLoginAuthen(str);
        Result result = getResult(raAdminLoginAuthen);
        if (null == result.getErrorBean()) {
            String str2 = (String) raAdminLoginAuthen.getInfo();
            if (StringUtils.isBlank(str2)) {
                result.setError(ErrorEnum.CA_RETURN_ADMIN_AUTHEN_INFO_IS_EMPTY);
                return result;
            }
            JSONObject parseObject = JSONObject.parseObject(str2);
            HashMap hashMap = new HashMap();
            hashMap.put("adminType", parseObject.get("adminType"));
            hashMap.put("signCertStatus", parseObject.get("signCertStatus"));
            hashMap.put("signCertData", parseObject.get("signCertData"));
            hashMap.put("encCertData", parseObject.get("encCertData"));
            result.setInfo(hashMap);
        }
        return result;
    }

    public Result getCaTemplateNameConstraints(Long l) {
        Result result;
        String caCoreExtendValue = CommonVariable.getCaCoreExtendValue(l);
        if (StringUtils.isEmpty(caCoreExtendValue) || StringUtils.isBlank(caCoreExtendValue)) {
            initCmpApi();
            SdkResult caCoreExtendByCaId = this.cmpApi.getCaCoreExtendByCaId(l);
            result = getResult(caCoreExtendByCaId);
            if (null != result.getErrorBean()) {
                return result;
            }
            if (caCoreExtendByCaId.getInfo() != null) {
                CertCoreExtendInfoOriginVO certCoreExtendInfoOriginVO = (CertCoreExtendInfoOriginVO) caCoreExtendByCaId.getInfo();
                CommonVariable.setCaCoreExtendValue(l, JsonUtils.object2Json(certCoreExtendInfoOriginVO));
                this.logger.debug("从CA侧返回的名称限制内容为：{}", certCoreExtendInfoOriginVO.getNameConstraint());
                result.setInfo(certCoreExtendInfoOriginVO.getNameConstraint());
            }
        } else {
            CertCoreExtendInfoOriginVO certCoreExtendInfoOriginVO2 = (CertCoreExtendInfoOriginVO) JsonUtils.json2Object(caCoreExtendValue, CertCoreExtendInfoOriginVO.class);
            result = new Result();
            result.setInfo(certCoreExtendInfoOriginVO2.getNameConstraint());
        }
        return result;
    }

    public Result getCaCoreExtendByCaId(Long l) {
        Result result;
        String caCoreExtendValue = CommonVariable.getCaCoreExtendValue(l);
        if (StringUtils.isEmpty(caCoreExtendValue)) {
            initCmpApi();
            SdkResult caCoreExtendByCaId = this.cmpApi.getCaCoreExtendByCaId(l);
            result = getResult(caCoreExtendByCaId);
            if (null != result.getErrorBean()) {
                return result;
            }
            if (caCoreExtendByCaId.getInfo() != null) {
                CertCoreExtendInfoOriginVO certCoreExtendInfoOriginVO = (CertCoreExtendInfoOriginVO) caCoreExtendByCaId.getInfo();
                CommonVariable.setCaCoreExtendValue(l, JsonUtils.object2Json(certCoreExtendInfoOriginVO));
                this.logger.debug("从CA侧返回的扩展项内容为：{}", JsonUtils.object2Json(certCoreExtendInfoOriginVO));
                result.setInfo(convertFromOriginVO(certCoreExtendInfoOriginVO));
            }
        } else {
            CertCoreExtendInfoOriginVO certCoreExtendInfoOriginVO2 = (CertCoreExtendInfoOriginVO) JsonUtils.json2Object(caCoreExtendValue, CertCoreExtendInfoOriginVO.class);
            result = new Result();
            result.setInfo(convertFromOriginVO(certCoreExtendInfoOriginVO2));
        }
        return result;
    }

    private CertCoreExtendInfoVO convertFromOriginVO(CertCoreExtendInfoOriginVO certCoreExtendInfoOriginVO) {
        List<CertPolicyVO> resolveCertPolices;
        CertCoreExtendInfoVO certCoreExtendInfoVO = new CertCoreExtendInfoVO();
        BeanUtils.copyProperties(certCoreExtendInfoOriginVO, certCoreExtendInfoVO, new String[]{"certPolicyList"});
        String certPolicyList = certCoreExtendInfoOriginVO.getCertPolicyList();
        if (StringUtils.isNotBlank(certPolicyList) && (resolveCertPolices = resolveCertPolices(certPolicyList)) != null && !resolveCertPolices.isEmpty()) {
            certCoreExtendInfoVO.setCertPolicyList(resolveCertPolices);
        }
        return certCoreExtendInfoVO;
    }

    public List<CertPolicyVO> resolveCertPolices(String str) {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (PolicyInformation policyInformation : CertificatePolicies.getInstance(Base64.decode(str)).getPolicyInformation()) {
            CertPolicyVO certPolicyVO = new CertPolicyVO();
            ASN1ObjectIdentifier policyIdentifier = policyInformation.getPolicyIdentifier();
            this.logger.debug("AttrId : {}", policyIdentifier.toString());
            ASN1Sequence policyQualifiers = policyInformation.getPolicyQualifiers();
            ArrayList arrayList2 = new ArrayList();
            ArrayList arrayList3 = new ArrayList();
            for (int i = 0; i < policyQualifiers.size(); i++) {
                PolicyQualifierInfo policyQualifierInfo = PolicyQualifierInfo.getInstance(policyQualifiers.getObjectAt(i));
                ASN1ObjectIdentifier policyQualifierId = policyQualifierInfo.getPolicyQualifierId();
                ASN1Encodable qualifier = policyQualifierInfo.getQualifier();
                if (null != policyQualifierId) {
                    String[] split = qualifier.toString().split("=");
                    if (PolicyQualifierId.id_qt_cps.equals(policyQualifierId)) {
                        this.logger.debug("cps : {}", qualifier.toString());
                        arrayList2.add(split[split.length - 1]);
                    } else if (PolicyQualifierId.id_qt_unotice.equals(policyQualifierId)) {
                        this.logger.debug("userNotice : {}", qualifier.toString());
                        arrayList3.add(split[split.length - 1].replace("[", "").replace("]", ""));
                    }
                }
            }
            certPolicyVO.setAttrId(policyIdentifier.toString());
            certPolicyVO.setCps(arrayList2);
            certPolicyVO.setUserNotice(arrayList3);
            arrayList.add(certPolicyVO);
        }
        return arrayList;
    }
}
