package com.xdja.pki.ra.service.manager.system;

import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2KeyUtils;
import com.xdja.pki.gmssl.tomcat.utils.GMSSLTomcatUtils;
import com.xdja.pki.gmssl.x509.utils.GMSSLP10Utils;
import com.xdja.pki.ra.core.common.CommonVariable;
import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.config.Config;
import com.xdja.pki.ra.core.config.RaServerConfig;
import com.xdja.pki.ra.core.constant.Constants;
import com.xdja.pki.ra.core.constant.PathConstants;
import com.xdja.pki.ra.core.pkcs7.SignedDataUtils;
import com.xdja.pki.ra.core.util.cert.CertDnVerifyUtils;
import com.xdja.pki.ra.core.util.cert.CertUtils;
import com.xdja.pki.ra.core.util.cert.HsmUtils;
import com.xdja.pki.ra.core.util.cert.KeyStoreUtils;
import com.xdja.pki.ra.core.util.cert.KeyUtils;
import com.xdja.pki.ra.core.util.cert.P10Utils;
import com.xdja.pki.ra.core.util.cert.ScriptUtils;
import com.xdja.pki.ra.core.util.cert.VerifyCert;
import com.xdja.pki.ra.core.util.file.FileUtils;
import com.xdja.pki.ra.core.util.file.ZipUtils;
import com.xdja.pki.ra.manager.dao.CaCertDao;
import com.xdja.pki.ra.manager.dao.RaCertDao;
import com.xdja.pki.ra.manager.dao.model.CaCertDO;
import com.xdja.pki.ra.manager.dao.model.RaCertDO;
import com.xdja.pki.ra.service.manager.init.InitService;
import com.xdja.pki.ra.service.manager.utils.CertContentInfoUtil;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.springframework.web.multipart.MultipartFile;

@Service
/* loaded from: input_file:WEB-INF/lib/ra-service-manager-impl-0.0.1-SNAPSHOT.jar:com/xdja/pki/ra/service/manager/system/RaServerImpl.class */
public class RaServerImpl implements RaServer {

    @Autowired
    CaCertDao caCertDao;

    @Autowired
    RaCertDao raCertDao;

    @Autowired
    CertContentInfoUtil certContentInfoUtil;

    @Autowired
    InitService initService;

    @Value("${ra.tomcat.path}")
    private String tomcatPath;

    @Value("${ra.system.https.port}")
    private String httpsPort;
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Override // com.xdja.pki.ra.service.manager.system.RaServer
    public Result updateRaServerConfig(Integer num, String str, MultipartFile multipartFile, MultipartFile multipartFile2) {
        int keyIndex;
        String priKeyPwd;
        Result raServerSaveByBC;
        Result success = Result.success();
        try {
            Config config = Config.getConfig(PathConstants.GLOBAL_CONF_FILE_PATH);
            RaServerConfig raServerConfig = config.getRaServerConfig();
            String originalFilename = multipartFile.getOriginalFilename();
            raServerConfig.setSignCertName(originalFilename.substring(originalFilename.lastIndexOf("\\") + 1));
            String originalFilename2 = multipartFile2.getOriginalFilename();
            raServerConfig.setEncCertName(originalFilename2.substring(originalFilename2.lastIndexOf("\\") + 1));
            if (num != null && !StringUtils.isBlank(str)) {
                raServerConfig.setKeyIndex(num.intValue());
                raServerConfig.setPriKeyPwd(str);
                keyIndex = num.intValue();
                priKeyPwd = str;
            } else {
                if (num != null || !StringUtils.isBlank(str)) {
                    success.setError(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
                    return success;
                }
                keyIndex = raServerConfig.getKeyIndex();
                priKeyPwd = raServerConfig.getPriKeyPwd();
            }
            config.setRaServerConfig(raServerConfig);
            Config.saveConfig(config, PathConstants.GLOBAL_CONF_FILE_PATH);
            if (CommonVariable.isUseHsm() && Constants.KEY_ALG_NAME_SM2.equalsIgnoreCase(CommonVariable.getKeyAlgName())) {
                raServerSaveByBC = raServerSaveByHsm(Integer.valueOf(keyIndex), priKeyPwd, multipartFile, multipartFile2, Constants.SYSTEM_UPDATE_RA_TYPE.booleanValue());
            } else {
                try {
                    byte[] bytes = multipartFile.getBytes();
                    byte[] bytes2 = multipartFile2.getBytes();
                    if (bytes == null || bytes2 == null) {
                        success.setError(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
                        return success;
                    }
                    raServerSaveByBC = raServerSaveByBC(multipartFile.getOriginalFilename(), bytes, multipartFile2.getOriginalFilename(), bytes2, false);
                } catch (IOException e) {
                    this.logger.error("获取输入文件异常", (Throwable) e);
                    success.setError(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
                    return success;
                }
            }
            if (!raServerSaveByBC.isSuccess()) {
                return raServerSaveByBC;
            }
            raServerSaveByBC.setLogContent("，密钥索引=" + keyIndex + "，密钥访问控制码=" + priKeyPwd);
            return raServerSaveByBC;
        } catch (Exception e2) {
            this.logger.info("修改配置文件失败", (Throwable) e2);
            success.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
            return success;
        }
    }

    @Override // com.xdja.pki.ra.service.manager.system.RaServer
    public Result initRaServerConfig(Integer num, String str, MultipartFile multipartFile, MultipartFile multipartFile2) {
        Result raServerSaveByBC;
        Result success = Result.success();
        Result operateStep = this.initService.getOperateStep();
        this.logger.info("当前初始化步骤为========" + operateStep.getInfo());
        if (!operateStep.getInfo().equals(Integer.valueOf(Constants.CA_SERVER_PAGE))) {
            this.logger.info("初始化步骤数错误");
            success.setError(ErrorEnum.INIT_STEP_ERROR);
            return success;
        }
        if (CommonVariable.isUseHsm() && Constants.KEY_ALG_NAME_SM2.equalsIgnoreCase(CommonVariable.getKeyAlgName())) {
            raServerSaveByBC = raServerSaveByHsm(num, str, multipartFile, multipartFile2, Constants.INIT_UPDATE_RA_TYPE.booleanValue());
        } else {
            try {
                byte[] bytes = multipartFile.getBytes();
                byte[] bytes2 = multipartFile2.getBytes();
                if (bytes == null || bytes2 == null) {
                    success.setError(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
                    return success;
                }
                raServerSaveByBC = raServerSaveByBC(multipartFile.getOriginalFilename(), bytes, multipartFile2.getOriginalFilename(), bytes2, true);
            } catch (IOException e) {
                this.logger.error("获取输入文件异常", (Throwable) e);
                success.setError(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
                return success;
            }
        }
        return !raServerSaveByBC.isSuccess() ? raServerSaveByBC : raServerSaveByBC;
    }

    @Override // com.xdja.pki.ra.service.manager.system.RaServer
    public Result getRaServerCertDetails(int i) {
        Result success = Result.success();
        try {
            try {
                success.setInfo(this.certContentInfoUtil.getCertContentInfo(CertUtils.getCertFromStr(this.raCertDao.getNewRaCertInfo(i).getCertInfo())));
                return success;
            } catch (Exception e) {
                this.logger.info("证书详情格式读取异常", (Throwable) e);
                success.setError(ErrorEnum.CERT_DETAIL_FORMAT_ERROR);
                return success;
            }
        } catch (Exception e2) {
            this.logger.info("获取RA服务器证书为空", (Throwable) e2);
            success.setError(ErrorEnum.GET_RA_SERVER_CERT_INFO_EMPTY);
            return success;
        }
    }

    @Override // com.xdja.pki.ra.service.manager.system.RaServer
    public Result getRaServerCertInfo() {
        Result success = Result.success();
        try {
            success.setInfo(this.raCertDao.getNewRaCertInfo());
            return success;
        } catch (Exception e) {
            this.logger.info("获取RA服务器最新签名证书失败", (Throwable) e);
            success.setError(ErrorEnum.GET_RA_SERVER_CERT_INFO_EMPTY);
            return success;
        }
    }

    @Override // com.xdja.pki.ra.service.manager.system.RaServer
    public Result getRaServerConfigInfo() {
        Result success = Result.success();
        try {
            success.setInfo(Config.getConfig(PathConstants.GLOBAL_CONF_FILE_PATH).getRaServerConfig());
            return success;
        } catch (Exception e) {
            this.logger.info("读取配置文件错误", (Throwable) e);
            success.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
            return success;
        }
    }

    private Result raServerSaveByHsm(Integer num, String str, MultipartFile multipartFile, MultipartFile multipartFile2, boolean z) {
        Result success = Result.success();
        try {
            if (!GMSSLSM2KeyUtils.getPrivateKeyAccessRightFromYunHsm(num.intValue(), str)) {
                this.logger.info("密钥访问控制码错误");
                success.setError(ErrorEnum.RA_SERVER_PRIKEYPWD_ERROR);
                return success;
            }
            CaCertDO newCaCertInfo = this.caCertDao.getNewCaCertInfo();
            if (newCaCertInfo == null) {
                this.logger.info("获取CA证书信息为空");
                success.setError(ErrorEnum.GET_CA_CERT_INFO_IS_EMPTY);
                return success;
            }
            X509Certificate certFromStr = CertUtils.getCertFromStr(newCaCertInfo.getCertInfo());
            try {
                X509Certificate certFromStr2 = CertUtils.getCertFromStr(CertUtils.getEncCertByEnvelopDataByHsm(num.intValue(), str, multipartFile2));
                try {
                    byte[] bytes = multipartFile.getBytes();
                    Result verifyP7bCertList = VerifyCert.verifyP7bCertList(bytes);
                    if (!verifyP7bCertList.isSuccess()) {
                        success.setError(verifyP7bCertList.getError());
                        return success;
                    }
                    try {
                        List<X509Certificate> resolveCertChain = SignedDataUtils.resolveCertChain(bytes);
                        if (resolveCertChain.size() < 2) {
                            this.logger.error("RA服务器证书链大小错误");
                            success.setError(ErrorEnum.CONVERT_CERT_ERROR);
                            return success;
                        }
                        X509Certificate x509Certificate = resolveCertChain.get(0);
                        this.logger.info("RA的签名证书: " + x509Certificate);
                        resolveCertChain.remove(0);
                        try {
                            String base64String = Base64.toBase64String(bytes);
                            try {
                                String name = x509Certificate.getIssuerX500Principal().getName();
                                String name2 = certFromStr2.getIssuerX500Principal().getName();
                                String name3 = certFromStr.getSubjectX500Principal().getName();
                                this.logger.info("signDN: " + name + "  encDN: " + name2 + "  caDN: " + name3);
                                if (!name.equals(name3) || !name2.equals(name3)) {
                                    this.logger.info("DN不一致：非当前CA签发的服务器证书");
                                    success.setError(ErrorEnum.CERT_P7B_VERIFY_ERROR);
                                    return success;
                                }
                                PublicKey publicKey = certFromStr.getPublicKey();
                                if (!HsmUtils.verifyCertByYunHsm(x509Certificate, publicKey)) {
                                    this.logger.info("签名证书验签：非当前CA签发的服务器证书");
                                    success.setError(ErrorEnum.CERT_P7B_VERIFY_ERROR);
                                    return success;
                                }
                                if (!HsmUtils.verifyCertByYunHsm(certFromStr2, publicKey)) {
                                    this.logger.info("加密证书验签：非当前CA签发的服务器证书");
                                    success.setError(ErrorEnum.GET_RA_SERVER_ENC_CERT_ERROR);
                                    return success;
                                }
                                try {
                                    String writeObject = CertUtils.writeObject(x509Certificate);
                                    String writeObject2 = CertUtils.writeObject(certFromStr2);
                                    try {
                                        try {
                                            if (!Base64.toBase64String(x509Certificate.getPublicKey().getEncoded()).equals(Base64.toBase64String(GMSSLSM2KeyUtils.getSignPublicKeyByYunhsm(num.intValue()).getEncoded()))) {
                                                this.logger.info("证书中的公钥和申请时的公钥不一致");
                                                success.setError(ErrorEnum.CERT_PUB_KEY_NOT_SAME_REQ_PUB_KEY);
                                                return success;
                                            }
                                            RaCertDO raCertDO = new RaCertDO();
                                            RaCertDO raCertDO2 = new RaCertDO();
                                            raCertDO.setPairCertIndex(Long.valueOf(System.currentTimeMillis()));
                                            raCertDO.setCaCertId(newCaCertInfo.getId());
                                            raCertDO.setCertDn(x509Certificate.getSubjectX500Principal().getName());
                                            raCertDO.setCertSn(x509Certificate.getSerialNumber().toString(16).toLowerCase());
                                            raCertDO.setPublicKeyAlg(x509Certificate.getPublicKey().getAlgorithm());
                                            raCertDO.setCertType(Integer.valueOf(Constants.CERT_TYPE_SIGN_2));
                                            try {
                                                raCertDO.setPrivateKeyLength(Integer.valueOf(CertUtils.getPublicKeyLength(x509Certificate)));
                                                raCertDO.setSignAlg(x509Certificate.getSigAlgName());
                                                raCertDO.setHsmKeyIndex(num);
                                                raCertDO.setHsmPriKeyPin(str);
                                                raCertDO.setCertInfo(writeObject);
                                                raCertDO.setCertP7b(base64String);
                                                raCertDO.setGmtCreate(new Timestamp(System.currentTimeMillis()));
                                                raCertDO.setGmtUpdate(new Timestamp(System.currentTimeMillis()));
                                                BeanUtils.copyProperties(raCertDO, raCertDO2);
                                                raCertDO2.setCertP7b(null);
                                                raCertDO2.setCertDn(certFromStr2.getSubjectX500Principal().getName());
                                                raCertDO2.setCertSn(certFromStr2.getSerialNumber().toString(16).toLowerCase());
                                                raCertDO2.setCertType(Integer.valueOf(Constants.CERT_TYPE_ENC_3));
                                                raCertDO2.setSignAlg(certFromStr2.getSigAlgName());
                                                raCertDO2.setCertInfo(writeObject2);
                                                try {
                                                    FileUtils.saveFile(writeObject, PathConstants.RA_SERVICE_CERT_FILE_PATH);
                                                    try {
                                                        this.raCertDao.insertRaCertInfo(raCertDO);
                                                        this.raCertDao.insertRaCertInfo(raCertDO2);
                                                        try {
                                                            this.logger.info("系统配置Tomcat路径:  " + this.tomcatPath);
                                                            GMSSLTomcatUtils.openHttpsPortByYunHsm(resolveCertChain, x509Certificate, certFromStr2, num.intValue(), str, this.tomcatPath, Integer.parseInt(this.httpsPort));
                                                            try {
                                                                Config config = Config.getConfig(PathConstants.GLOBAL_CONF_FILE_PATH);
                                                                if (z) {
                                                                    config.setInitStep(Constants.RA_SERVER_PAGE);
                                                                }
                                                                RaServerConfig raServerConfig = config.getRaServerConfig();
                                                                String originalFilename = multipartFile.getOriginalFilename();
                                                                raServerConfig.setSignCertName(originalFilename.substring(originalFilename.lastIndexOf("\\") + 1));
                                                                String originalFilename2 = multipartFile2.getOriginalFilename();
                                                                raServerConfig.setEncCertName(originalFilename2.substring(originalFilename2.lastIndexOf("\\") + 1));
                                                                if (num.intValue() != 0 && !StringUtils.isBlank(str)) {
                                                                    raServerConfig.setKeyIndex(num.intValue());
                                                                    raServerConfig.setPriKeyPwd(str);
                                                                }
                                                                config.setRaServerConfig(raServerConfig);
                                                                config.setSigAlgName(x509Certificate.getSigAlgName());
                                                                Config.saveConfig(config, PathConstants.GLOBAL_CONF_FILE_PATH);
                                                                CommonVariable.setKeyIndex(num.intValue());
                                                                CommonVariable.setKeyPwd(str);
                                                                CommonVariable.setSigAlgName(x509Certificate.getSigAlgName());
                                                                return success;
                                                            } catch (Exception e) {
                                                                this.logger.info("修改初始化配置文件失败", (Throwable) e);
                                                                success.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
                                                                return success;
                                                            }
                                                        } catch (Exception e2) {
                                                            this.logger.error("启用https异常", (Throwable) e2);
                                                            success.setError(ErrorEnum.START_TOMCAT_HTTPS);
                                                            return success;
                                                        }
                                                    } catch (Exception e3) {
                                                        this.logger.error("RA服务器证书存ra_cert异常", (Throwable) e3);
                                                        success.setError(ErrorEnum.INSERT_RA_CERT_INFO_ERROR);
                                                        return success;
                                                    }
                                                } catch (Exception e4) {
                                                    this.logger.info("证书保存在指定路径中错误", (Throwable) e4);
                                                    success.setError(ErrorEnum.SAVE_RA_CERT_IS_ERROR);
                                                    return success;
                                                }
                                            } catch (Exception e5) {
                                                this.logger.error("获取证书公钥长度异常", (Throwable) e5);
                                                success.setError(ErrorEnum.GET_CERT_PUBLIC_KEY_LENGTH_EXCEPTION);
                                                return success;
                                            }
                                        } catch (Exception e6) {
                                            this.logger.error("密钥索引错误", (Throwable) e6);
                                            success.setError(ErrorEnum.RA_SERVER_KEYINDEX_ERROR);
                                            return success;
                                        }
                                    } catch (Exception e7) {
                                        this.logger.error("获取公钥异常", (Throwable) e7);
                                        success.setError(ErrorEnum.GET_PUB_KEY_INFO_EXCEPTION);
                                        return success;
                                    }
                                } catch (Exception e8) {
                                    this.logger.error("读取RA服务证书pem值异常", (Throwable) e8);
                                    success.setError(ErrorEnum.READ_RA_SERVER_CERT_PEM_ERROR);
                                    return success;
                                }
                            } catch (Exception e9) {
                                this.logger.info("密码机异常", (Throwable) e9);
                                success.setError(ErrorEnum.CERT_P7B_VERIFY_ERROR);
                                return success;
                            }
                        } catch (Exception e10) {
                            this.logger.error("配置RA服务读取证书链base64值异常", (Throwable) e10);
                            success.setError(ErrorEnum.CERT_P7B_INFO_READ_ERROR);
                            return success;
                        }
                    } catch (Exception e11) {
                        this.logger.error("RA服务解析证书链异常", (Throwable) e11);
                        success.setError(ErrorEnum.CONVERT_CERT_ERROR);
                        return success;
                    }
                } catch (Exception e12) {
                    this.logger.info("文件转换bytes异常");
                    success.setError(ErrorEnum.FILE_TO_BYTES_ERROR);
                    return success;
                }
            } catch (Exception e13) {
                this.logger.info("解析信封失败", (Throwable) e13);
                success.setError(ErrorEnum.GET_RA_SERVER_ENC_CERT_ERROR);
                return success;
            }
        } catch (Exception e14) {
            this.logger.info("异常：密钥访问控制码错误", (Throwable) e14);
            success.setError(ErrorEnum.RA_SERVER_PRIKEYPWD_ERROR);
            return success;
        }
    }

    private Result raServerSaveByBC(String str, byte[] bArr, String str2, byte[] bArr2, boolean z) {
        Result success = Result.success();
        CaCertDO newCaCertInfo = this.caCertDao.getNewCaCertInfo();
        if (newCaCertInfo == null) {
            this.logger.info("获取CA证书信息为空");
            success.setError(ErrorEnum.GET_CA_CERT_INFO_IS_EMPTY);
            return success;
        }
        X509Certificate certFromStr = CertUtils.getCertFromStr(newCaCertInfo.getCertInfo());
        try {
            X509Certificate certFromStr2 = CertUtils.getCertFromStr(CertUtils.getDataFromEnvelopDataByBc(KeyStoreUtils.getPriKeyByAliasFromJKS(Constants.RA_ENC_PRI_KEY_ALIAS, PathConstants.SOFT_ALG_FOLDER_PATH_TEMP + "EncPriKey.p12", Constants.JKS_FILE_AND_KEY_PWD).getEncoded(), bArr2, CommonVariable.getKeyAlgName()));
            Result verifyP7bCertList = VerifyCert.verifyP7bCertList(bArr);
            if (!verifyP7bCertList.isSuccess()) {
                success.setError(verifyP7bCertList.getError());
                return success;
            }
            try {
                List<X509Certificate> resolveCertChain = SignedDataUtils.resolveCertChain(bArr);
                if (resolveCertChain.size() < 2) {
                    this.logger.error("RA服务器证书链大小错误");
                    success.setError(ErrorEnum.CONVERT_CERT_ERROR);
                    return success;
                }
                X509Certificate x509Certificate = resolveCertChain.get(0);
                this.logger.info("RA的签名证书: " + x509Certificate);
                this.logger.info("截取前信任链的大小为：" + resolveCertChain.size());
                resolveCertChain.remove(0);
                this.logger.info("截取后信任链的大小为：" + resolveCertChain.size());
                try {
                    String base64String = Base64.toBase64String(bArr);
                    try {
                        String name = x509Certificate.getIssuerDN().getName();
                        String name2 = certFromStr2.getIssuerDN().getName();
                        String name3 = certFromStr.getSubjectDN().getName();
                        certFromStr.getSerialNumber();
                        this.logger.info("signDN: " + name + "  encDN: " + name2 + "  caDN: " + name3);
                        if (!name.equals(name3) || !name2.equals(name3)) {
                            this.logger.info("DN不一致：非当前CA签发的服务器证书");
                            success.setError(ErrorEnum.CERT_P7B_VERIFY_ERROR);
                            return success;
                        }
                        PublicKey publicKey = certFromStr.getPublicKey();
                        if (!HsmUtils.verifyCertByBC(x509Certificate.getSigAlgName(), publicKey, x509Certificate.getSignature(), x509Certificate.getTBSCertificate())) {
                            this.logger.info("签名证书验签：非当前CA签发的服务器证书");
                            success.setError(ErrorEnum.CERT_P7B_VERIFY_ERROR);
                            return success;
                        }
                        if (!HsmUtils.verifyCertByBC(certFromStr2.getSigAlgName(), publicKey, certFromStr2.getSignature(), certFromStr2.getTBSCertificate())) {
                            this.logger.info("加密证书验签：非当前CA签发的服务器证书");
                            success.setError(ErrorEnum.GET_RA_SERVER_ENC_CERT_ERROR);
                            return success;
                        }
                        try {
                            String writeObject = CertUtils.writeObject(x509Certificate);
                            String writeObject2 = CertUtils.writeObject(certFromStr2);
                            try {
                                byte[] encoded = x509Certificate.getPublicKey().getEncoded();
                                this.logger.info("1:" + Base64.toBase64String(encoded));
                                byte[] encoded2 = GMSSLP10Utils.decodeP10(FileUtils.readByBytes(PathConstants.SOFT_ALG_FOLDER_PATH_TEMP + "CertReq.p10")).getSubjectPublicKeyInfo().getEncoded();
                                this.logger.info("2:" + Base64.toBase64String(encoded2));
                                SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(Base64.decode(FileUtils.readByBinary(PathConstants.SOFT_ALG_FOLDER_PATH_TEMP + "EncPubKey.pem")));
                                this.logger.info("3:" + Base64.toBase64String(subjectPublicKeyInfo.getEncoded()));
                                byte[] encoded3 = certFromStr2.getPublicKey().getEncoded();
                                this.logger.info("4:" + Base64.toBase64String(encoded3));
                                if (!Arrays.equals(encoded, encoded2) || !Arrays.equals(encoded3, subjectPublicKeyInfo.getEncoded())) {
                                    this.logger.info("证书中的公钥和申请时的公钥不一致");
                                    success.setError(ErrorEnum.CERT_PUB_KEY_NOT_SAME_REQ_PUB_KEY);
                                    return success;
                                }
                                RaCertDO raCertDO = new RaCertDO();
                                RaCertDO raCertDO2 = new RaCertDO();
                                raCertDO.setPairCertIndex(Long.valueOf(System.currentTimeMillis()));
                                raCertDO.setCaCertId(newCaCertInfo.getId());
                                raCertDO.setCertDn(x509Certificate.getSubjectX500Principal().getName());
                                raCertDO.setCertSn(x509Certificate.getSerialNumber().toString(16).toLowerCase());
                                raCertDO.setPublicKeyAlg(x509Certificate.getPublicKey().getAlgorithm());
                                raCertDO.setCertType(Integer.valueOf(Constants.CERT_TYPE_SIGN_2));
                                try {
                                    raCertDO.setPrivateKeyLength(Integer.valueOf(CertUtils.getPublicKeyLength(x509Certificate)));
                                    raCertDO.setSignAlg(x509Certificate.getSigAlgName());
                                    raCertDO.setCertInfo(writeObject);
                                    raCertDO.setCertP7b(base64String);
                                    raCertDO.setGmtCreate(new Timestamp(System.currentTimeMillis()));
                                    raCertDO.setGmtUpdate(new Timestamp(System.currentTimeMillis()));
                                    BeanUtils.copyProperties(raCertDO, raCertDO2);
                                    raCertDO2.setCertP7b(null);
                                    raCertDO2.setCertDn(certFromStr2.getSubjectX500Principal().getName());
                                    raCertDO2.setCertSn(certFromStr2.getSerialNumber().toString(16).toLowerCase());
                                    raCertDO2.setCertType(Integer.valueOf(Constants.CERT_TYPE_ENC_3));
                                    raCertDO2.setSignAlg(certFromStr2.getSigAlgName());
                                    raCertDO2.setCertInfo(writeObject2);
                                    try {
                                        FileUtils.saveFile(writeObject, PathConstants.RA_SERVICE_CERT_FILE_PATH);
                                        ScriptUtils.executeScript("/bin/cp " + PathConstants.SOFT_ALG_FOLDER_PATH_TEMP + "SignPriKey.p12 " + PathConstants.SOFT_ALG_FOLDER_PATH + "SignPriKey.p12");
                                        ScriptUtils.executeScript("/bin/cp " + PathConstants.SOFT_ALG_FOLDER_PATH_TEMP + "EncPriKey.p12 " + PathConstants.SOFT_ALG_FOLDER_PATH + "EncPriKey.p12");
                                        try {
                                            this.raCertDao.insertRaCertInfo(raCertDO);
                                            this.raCertDao.insertRaCertInfo(raCertDO2);
                                            try {
                                                PrivateKey privateKeyFromP12 = KeyStoreUtils.getPrivateKeyFromP12(Constants.RA_ENC_PRI_KEY_ALIAS, PathConstants.SOFT_ALG_FOLDER_PATH + "EncPriKey.p12", Constants.JKS_FILE_AND_KEY_PWD);
                                                PrivateKey privateKeyFromP122 = KeyStoreUtils.getPrivateKeyFromP12(Constants.RA_SIGN_PRI_KEY_ALIAS, PathConstants.SOFT_ALG_FOLDER_PATH + "SignPriKey.p12", Constants.JKS_FILE_AND_KEY_PWD);
                                                if (CommonVariable.getKeyAlgName().equalsIgnoreCase(Constants.KEY_ALG_NAME_SM2)) {
                                                    GMSSLTomcatUtils.openHttpsPortByBC(resolveCertChain, x509Certificate, certFromStr2, privateKeyFromP122, privateKeyFromP12, this.tomcatPath, Integer.parseInt(this.httpsPort));
                                                } else {
                                                    GMSSLTomcatUtils.openHttpsPortByJKSWithRSA(resolveCertChain, x509Certificate, certFromStr2, privateKeyFromP122, privateKeyFromP12, this.tomcatPath, Integer.parseInt(this.httpsPort));
                                                }
                                                try {
                                                    Config config = Config.getConfig(PathConstants.GLOBAL_CONF_FILE_PATH);
                                                    if (z) {
                                                        config.setInitStep(Constants.RA_SERVER_PAGE);
                                                    }
                                                    RaServerConfig raServerConfig = config.getRaServerConfig();
                                                    raServerConfig.setSignCertName(str.substring(str.lastIndexOf("\\") + 1));
                                                    raServerConfig.setEncCertName(str2.substring(str2.lastIndexOf("\\") + 1));
                                                    config.setRaServerConfig(raServerConfig);
                                                    config.setSigAlgName(x509Certificate.getSigAlgName());
                                                    Config.saveConfig(config, PathConstants.GLOBAL_CONF_FILE_PATH);
                                                    CommonVariable.setSigAlgName(x509Certificate.getSigAlgName());
                                                    return success;
                                                } catch (Exception e) {
                                                    this.logger.info("修改初始化配置文件失败", (Throwable) e);
                                                    success.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
                                                    return success;
                                                }
                                            } catch (Exception e2) {
                                                this.logger.error("启用https异常", (Throwable) e2);
                                                success.setError(ErrorEnum.START_TOMCAT_HTTPS);
                                                return success;
                                            }
                                        } catch (Exception e3) {
                                            this.logger.error("RA服务器证书存ra_cert异常", (Throwable) e3);
                                            success.setError(ErrorEnum.INSERT_RA_CERT_INFO_ERROR);
                                            return success;
                                        }
                                    } catch (Exception e4) {
                                        this.logger.info("证书和对应私钥保存在指定路径中错误", (Throwable) e4);
                                        success.setError(ErrorEnum.SAVE_RA_CERT_IS_ERROR);
                                        return success;
                                    }
                                } catch (Exception e5) {
                                    this.logger.error("获取证书公钥长度异常", (Throwable) e5);
                                    success.setError(ErrorEnum.GET_CERT_PUBLIC_KEY_LENGTH_EXCEPTION);
                                    return success;
                                }
                            } catch (Exception e6) {
                                this.logger.error("获取公钥异常", (Throwable) e6);
                                success.setError(ErrorEnum.GET_PUB_KEY_INFO_EXCEPTION);
                                return success;
                            }
                        } catch (Exception e7) {
                            this.logger.error("读取RA服务证书pem值异常", (Throwable) e7);
                            success.setError(ErrorEnum.READ_RA_SERVER_CERT_PEM_ERROR);
                            return success;
                        }
                    } catch (Exception e8) {
                        this.logger.info("密码机异常", (Throwable) e8);
                        success.setError(ErrorEnum.CERT_P7B_VERIFY_ERROR);
                        return success;
                    }
                } catch (Exception e9) {
                    this.logger.error("配置RA服务读取证书链base64值异常", (Throwable) e9);
                    success.setError(ErrorEnum.CERT_P7B_INFO_READ_ERROR);
                    return success;
                }
            } catch (Exception e10) {
                this.logger.error("RA服务解析证书链异常", (Throwable) e10);
                success.setError(ErrorEnum.CONVERT_CERT_ERROR);
                return success;
            }
        } catch (Exception e11) {
            this.logger.info("解析信封失败", (Throwable) e11);
            success.setError(ErrorEnum.GET_RA_SERVER_ENC_CERT_ERROR);
            return success;
        }
    }

    @Override // com.xdja.pki.ra.service.manager.system.RaServer
    public Result isUseHsmInfo() {
        Result result = new Result();
        boolean z = false;
        String keyAlgName = CommonVariable.getKeyAlgName();
        if (Constants.KEY_ALG_NAME_SM2.equalsIgnoreCase(keyAlgName) && CommonVariable.isUseHsm()) {
            z = true;
        }
        this.logger.info("获取当前【系统密钥算法】类型：" + keyAlgName);
        result.setInfo(Boolean.valueOf(z));
        return result;
    }

    @Override // com.xdja.pki.ra.service.manager.system.RaServer
    public Result genRaServerCertP10(String str, int i, String str2) throws Exception {
        Result result = new Result();
        KeyPair genKeyPair = KeyUtils.genKeyPair(str2, i);
        PublicKey publicKey = genKeyPair.getPublic();
        PrivateKey privateKey = genKeyPair.getPrivate();
        KeyPair genKeyPair2 = KeyUtils.genKeyPair(str2, i);
        PublicKey publicKey2 = genKeyPair2.getPublic();
        PrivateKey privateKey2 = genKeyPair2.getPrivate();
        Result verifyRaServerCertDn = verifyRaServerCertDn(str);
        if (!verifyRaServerCertDn.isSuccess()) {
            result.setError(verifyRaServerCertDn.getError());
            return result;
        }
        try {
            X500Name x500Name = new X500Name(str);
            PKCS10CertificationRequest pKCS10CertificationRequest = null;
            if (Constants.KEY_ALG_NAME_SM2.equals(str2)) {
                pKCS10CertificationRequest = P10Utils.createP10ByAlgType(x500Name, publicKey, privateKey, Constants.SIGN_ALG_NAME_SM3_WHIT_SM2);
            } else if (Constants.KEY_ALG_NAME_RSA.equals(str2)) {
                pKCS10CertificationRequest = P10Utils.createP10ByAlgType(x500Name, publicKey, privateKey, Constants.SIGN_ALG_NAME_SHA256_WHIT_RSA);
            }
            FileUtils.saveFile(Base64.toBase64String(pKCS10CertificationRequest.getEncoded()), PathConstants.SOFT_ALG_FOLDER_PATH_TEMP + "CertReq.p10");
            KeyStoreUtils.storePriKeyToPKCS12(Constants.RA_SIGN_PRI_KEY_ALIAS, privateKey, new X509Certificate[]{CommonVariable.getCaServiceCert()}, Constants.JKS_FILE_AND_KEY_PWD, PathConstants.SOFT_ALG_FOLDER_PATH_TEMP + "SignPriKey.p12");
            FileUtils.saveFile(Base64.toBase64String(publicKey2.getEncoded()), PathConstants.SOFT_ALG_FOLDER_PATH_TEMP + "EncPubKey.pem");
            KeyStoreUtils.storePriKeyToPKCS12(Constants.RA_ENC_PRI_KEY_ALIAS, privateKey2, new X509Certificate[]{CommonVariable.getCaServiceCert()}, Constants.JKS_FILE_AND_KEY_PWD, PathConstants.SOFT_ALG_FOLDER_PATH_TEMP + "EncPriKey.p12");
            ArrayList arrayList = new ArrayList();
            HashMap hashMap = new HashMap();
            hashMap.put("name", "RACertReq");
            hashMap.put("suffix", "p10");
            hashMap.put("buffer", Base64.encode(pKCS10CertificationRequest.getEncoded()));
            arrayList.add(hashMap);
            HashMap hashMap2 = new HashMap();
            hashMap2.put("name", "RAEncPubKey");
            hashMap2.put("suffix", "pem");
            hashMap2.put("buffer", Base64.encode(publicKey2.getEncoded()));
            arrayList.add(hashMap2);
            byte[] generateZipByte = ZipUtils.generateZipByte(arrayList);
            String str3 = "RACertReq_" + new Date().getTime() + ".zip";
            FileUtils.saveFile(generateZipByte, PathConstants.SOFT_ALG_FOLDER_PATH_TEMP + str3);
            result.setInfo(str3);
            return result;
        } catch (Exception e) {
            this.logger.info("certDn不正确{}", e.getMessage());
            result.setError(ErrorEnum.CERT_APPLY_DN_IS_ERROR);
            return result;
        }
    }

    @Override // com.xdja.pki.ra.service.manager.system.RaServer
    public Result downloadRaServerCertReq(String str) {
        Result result = new Result();
        byte[] readByBinary = FileUtils.readByBinary(PathConstants.SOFT_ALG_FOLDER_PATH_TEMP + str);
        if (readByBinary != null) {
            result.setInfo(readByBinary);
            return result;
        }
        this.logger.info("获取服务器证书申请文件夹为空");
        result.setError(ErrorEnum.GET_RA_CERT_REQ_FILE_IS_EMPTY);
        return result;
    }

    public static KeyPair getKeyPair(int i, String str) throws Exception {
        SecureRandom secureRandom = new SecureRandom();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
        keyPairGenerator.initialize(i, secureRandom);
        return keyPairGenerator.generateKeyPair();
    }

    private Result verifyRaServerCertDn(String str) {
        Result result = new Result();
        try {
            String x500Name = new X500Name(str).toString();
            this.logger.info("格式化之后的RA服务器证书DN：" + x500Name);
            Result checkCertDnSymbol = CertDnVerifyUtils.checkCertDnSymbol(x500Name);
            if (!checkCertDnSymbol.isSuccess()) {
                this.logger.info("证书的DN的特殊符号校验有误");
                result.setError(checkCertDnSymbol.getError());
                return result;
            }
            Result check64 = CertDnVerifyUtils.check64(x500Name);
            if (!check64.isSuccess()) {
                this.logger.info("证书的DN关键字的值校验有误" + x500Name);
                result.setError(check64.getError());
                return result;
            }
            Result checkBlankSpace = CertDnVerifyUtils.checkBlankSpace(x500Name);
            if (!checkBlankSpace.isSuccess()) {
                this.logger.info("证书的DN关键字与值中有空格" + x500Name);
                result.setError(checkBlankSpace.getError());
                return result;
            }
            Result checkDnKeyword = CertDnVerifyUtils.checkDnKeyword(x500Name);
            if (checkDnKeyword.isSuccess()) {
                return result;
            }
            this.logger.info("申请DN中有系统不支持的关键字" + x500Name);
            result.setError(checkDnKeyword.getError());
            return result;
        } catch (Exception e) {
            this.logger.info("certDn不正确{}", e.getMessage());
            result.setError(ErrorEnum.CERT_APPLY_DN_IS_ERROR);
            return result;
        }
    }

    @Override // com.xdja.pki.ra.service.manager.system.RaServer
    public String getRAServiceDnName() {
        try {
            RaCertDO newRaCertInfo = this.raCertDao.getNewRaCertInfo();
            if (newRaCertInfo == null) {
                return null;
            }
            return CertUtils.getCertFromStr(newRaCertInfo.getCertInfo()).getSubjectX500Principal().getName();
        } catch (Exception e) {
            this.logger.error("获取RA服务器证书异常{}", (Throwable) e);
            return null;
        }
    }
}
