package com.xdja.pki.ra.service.manager.system;

import com.xdja.ca.asn1.NISTObjectIdentifiers;
import com.xdja.ca.asn1.RsaObjectIdentifiers;
import com.xdja.pki.ra.core.common.CommonVariable;
import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.config.CaServerConf;
import com.xdja.pki.ra.core.config.Config;
import com.xdja.pki.ra.core.constant.Constants;
import com.xdja.pki.ra.core.constant.PathConstants;
import com.xdja.pki.ra.core.pkcs7.SignedDataUtils;
import com.xdja.pki.ra.core.util.cert.CertUtils;
import com.xdja.pki.ra.core.util.cert.VerifyCert;
import com.xdja.pki.ra.core.util.file.FileUtils;
import com.xdja.pki.ra.manager.dao.CaCertDao;
import com.xdja.pki.ra.manager.dao.CaServerDao;
import com.xdja.pki.ra.manager.dao.InitDao;
import com.xdja.pki.ra.manager.dao.model.CaCertDO;
import com.xdja.pki.ra.manager.sdk.business.CaBusinessManager;
import com.xdja.pki.ra.service.manager.init.InitService;
import com.xdja.pki.ra.service.manager.system.bean.CaCertInfo;
import com.xdja.pki.ra.service.manager.utils.ParmsCommonVerifyUtil;
import java.security.cert.X509Certificate;
import java.sql.Timestamp;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.List;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.web.multipart.MultipartFile;

@Service
/* loaded from: input_file:WEB-INF/lib/ra-service-manager-impl-2.0.0-SNAPSHOT.jar:com/xdja/pki/ra/service/manager/system/CaServiceImpl.class */
public class CaServiceImpl implements CaService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    CaServerDao caServerDao;

    @Autowired
    InitDao initDao;

    @Autowired
    InitService initService;

    @Autowired
    CaCertDao caCertDao;

    @Autowired
    SystemService systemService;

    @Autowired
    CaBusinessManager caBusinessManager;

    @Override // com.xdja.pki.ra.service.manager.system.CaService
    public Result configCaServer(MultipartFile multipartFile, String str, int i) {
        Result testCaServerConnect = this.caBusinessManager.testCaServerConnect(multipartFile, str, i);
        if (!testCaServerConnect.isSuccess()) {
            this.logger.error("测试CA连通性失败");
            return testCaServerConnect;
        }
        Result operateStep = this.initService.getOperateStep();
        this.logger.info("当前初始化步骤为========" + operateStep.getInfo());
        if (operateStep.getInfo().equals(1)) {
            Result updateConfigCaInfo = updateConfigCaInfo(multipartFile, str, i, false);
            return !updateConfigCaInfo.isSuccess() ? updateConfigCaInfo : this.initService.updateInitStep(2);
        }
        this.logger.info("初始化步骤数错误");
        testCaServerConnect.setError(ErrorEnum.INIT_STEP_ERROR);
        return testCaServerConnect;
    }

    @Override // com.xdja.pki.ra.service.manager.system.CaService
    public Result updateLessCAServer(String str, int i) {
        Result result = new Result();
        if (!ParmsCommonVerifyUtil.isIpv4(str)) {
            this.logger.error("IP地址格式错误！");
            return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
        }
        try {
            Config configFile = this.systemService.getConfigFile(Constants.CONFIG_JSON_FILE_NAME);
            CaServerConf caServerConf = configFile.getCaServerConf();
            caServerConf.setCaServerIp(str);
            caServerConf.setCaServerPort(i);
            this.systemService.updateConfigFile(configFile);
            CommonVariable.setCaServiceIp(str);
            CommonVariable.setCaServicePort(i);
            return result;
        } catch (Exception e) {
            this.logger.error("配置CA服务操作config.json异常", (Throwable) e);
            result.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
            return result;
        }
    }

    @Override // com.xdja.pki.ra.service.manager.system.CaService
    public Result updateConfigCaServer(MultipartFile multipartFile, String str, int i) {
        Result testCaServerConnect = this.caBusinessManager.testCaServerConnect(multipartFile, str, i);
        if (testCaServerConnect.isSuccess()) {
            return updateConfigCaInfo(multipartFile, str, i, true);
        }
        this.logger.error("测试CA连通性失败");
        return testCaServerConnect;
    }

    public Result updateConfigCaInfo(MultipartFile multipartFile, String str, int i, boolean z) {
        Result result = new Result();
        if (!ParmsCommonVerifyUtil.isIpv4(str)) {
            this.logger.error("IP地址格式错误！");
            return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
        }
        String originalFilename = multipartFile.getOriginalFilename();
        String substring = originalFilename.substring(originalFilename.lastIndexOf("\\") + 1);
        try {
            Config configFile = this.systemService.getConfigFile(Constants.CONFIG_JSON_FILE_NAME);
            CaServerConf caServerConf = configFile.getCaServerConf();
            if (null == caServerConf) {
                caServerConf = new CaServerConf();
            }
            caServerConf.setCaServerIp(str);
            caServerConf.setCaServerPort(i);
            caServerConf.setTrustCertName(substring);
            configFile.setCaServerConf(caServerConf);
            byte[] bArr = new byte[0];
            try {
                byte[] bytes = multipartFile.getBytes();
                Result verifyP7bCertList = VerifyCert.verifyP7bCertList(bytes);
                if (!verifyP7bCertList.isSuccess()) {
                    result.setError(verifyP7bCertList.getError());
                    return result;
                }
                try {
                    List<X509Certificate> resolveCertChain = SignedDataUtils.resolveCertChain(bytes);
                    try {
                        String str2 = new String(bytes);
                        X509Certificate x509Certificate = resolveCertChain.get(0);
                        try {
                            String writeObject = CertUtils.writeObject(x509Certificate);
                            try {
                                String keyAlg = CertUtils.getKeyAlg(x509Certificate);
                                if (2 == CommonVariable.getIsHsm().intValue() && Constants.KEY_ALG_NAME_NIST.equalsIgnoreCase(keyAlg)) {
                                    this.logger.error("三未信安密码机不支持NIST256算法");
                                    result.setError(ErrorEnum.SWXA_HSM_NOT_SUPPORT_NIST);
                                    return result;
                                }
                                this.logger.info("=============CommonVariable.getKeyAlgName()" + CommonVariable.getKeyAlgName());
                                this.logger.info("=============certInfo.getKeyAlg()" + keyAlg);
                                if (z && !CommonVariable.getKeyAlgName().equalsIgnoreCase(keyAlg)) {
                                    this.logger.info("导入CA证书秘钥算法和原系统不一致");
                                    result.setError(ErrorEnum.CA_ALGORITHM_IS_NOT_SAME_OLD);
                                    return result;
                                }
                                configFile.setKeyAlgName(keyAlg);
                                this.systemService.updateConfigFile(configFile);
                                try {
                                    FileUtils.saveFile(writeObject, PathConstants.CA_SERVICE_CERT_FILE_PATH);
                                    try {
                                        FileUtils.saveFile(writeObject, PathConstants.SUPER_CA_CERTS_FILE_PATH + "/caCert-" + new SimpleDateFormat("yyyyMMddHHmmss").format(Calendar.getInstance().getTime()) + ".cer");
                                        try {
                                            FileUtils.saveFile(str2, PathConstants.CA_TRUST_SERVICE_CERT_FILE_PATH);
                                            CaCertDO caCertDO = new CaCertDO();
                                            caCertDO.setCertDn(CertUtils.getSubjectByX509Cert(x509Certificate));
                                            caCertDO.setCertSn(x509Certificate.getSerialNumber().toString(16).toLowerCase());
                                            caCertDO.setPublicKeyAlg(keyAlg);
                                            try {
                                                caCertDO.setPrivateKeyLength(Integer.valueOf(CertUtils.getPublicKeyLength(x509Certificate)));
                                                caCertDO.setSignAlg(x509Certificate.getSigAlgName());
                                                caCertDO.setCertInfo(writeObject);
                                                caCertDO.setCertP7b(str2);
                                                caCertDO.setEffectiveTime(new Timestamp(x509Certificate.getNotBefore().getTime()));
                                                caCertDO.setFailureTime(new Timestamp(x509Certificate.getNotAfter().getTime()));
                                                caCertDO.setGmtCreate(new Timestamp(System.currentTimeMillis()));
                                                caCertDO.setGmtUpdate(new Timestamp(System.currentTimeMillis()));
                                                try {
                                                    this.caServerDao.insertCaCertInfo(caCertDO);
                                                    CommonVariable.setCaServiceIp(str);
                                                    CommonVariable.setCaServicePort(i);
                                                    CommonVariable.setCaServiceCert(x509Certificate);
                                                    CommonVariable.setKeyAlgName(keyAlg);
                                                    CommonVariable.setTrustCaCerts(null);
                                                    CommonVariable.setCaCerts(null);
                                                    return result;
                                                } catch (Exception e) {
                                                    this.logger.error("CA基本信息存ca_cert异常", (Throwable) e);
                                                    result.setError(ErrorEnum.INSERT_CA_CERT_INFO_ERROR);
                                                    return result;
                                                }
                                            } catch (Exception e2) {
                                                this.logger.error("获取证书公钥长度异常", (Throwable) e2);
                                                result.setError(ErrorEnum.GET_CERT_PUBLIC_KEY_LENGTH_EXCEPTION);
                                                return result;
                                            }
                                        } catch (Exception e3) {
                                            this.logger.info("证书链保存在指定路径中错误", (Throwable) e3);
                                            result.setInfo(ErrorEnum.SAVE_CA_CERT_IS_ERROR);
                                            return result;
                                        }
                                    } catch (Exception e4) {
                                        this.logger.info("证书保存在指定路径中错误", (Throwable) e4);
                                        result.setInfo(ErrorEnum.SAVE_CA_CERT_IS_ERROR);
                                        return result;
                                    }
                                } catch (Exception e5) {
                                    this.logger.info("证书保存在指定路径中错误", (Throwable) e5);
                                    result.setInfo(ErrorEnum.SAVE_CA_CERT_IS_ERROR);
                                    return result;
                                }
                            } catch (Exception e6) {
                                this.logger.error("秘钥算法写到配置文件异常", (Throwable) e6);
                                result.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
                                return result;
                            }
                        } catch (Exception e7) {
                            this.logger.error("读取CA服务证书pem值异常", (Throwable) e7);
                            result.setError(ErrorEnum.CERT_SERVER_INFO_READ_ERROR);
                            return result;
                        }
                    } catch (Exception e8) {
                        this.logger.error("配置CA服务读取证书链base64值异常", (Throwable) e8);
                        result.setError(ErrorEnum.CERT_P7B_INFO_READ_ERROR);
                        return result;
                    }
                } catch (Exception e9) {
                    this.logger.error("配置CA服务解析证书链异常", (Throwable) e9);
                    result.setError(ErrorEnum.CONVERT_CERT_ERROR);
                    return result;
                }
            } catch (Exception e10) {
                this.logger.info("文件转换bytes异常");
                result.setError(ErrorEnum.FILE_TO_BYTES_ERROR);
                return result;
            }
        } catch (Exception e11) {
            this.logger.error("配置CA服务操作config.json异常", (Throwable) e11);
            result.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
            return result;
        }
    }

    @Override // com.xdja.pki.ra.service.manager.system.CaService
    public Result getVerifyCaCertInfo(MultipartFile multipartFile, boolean z) {
        Result result = new Result();
        byte[] bArr = new byte[0];
        try {
            byte[] bytes = multipartFile.getBytes();
            Result verifyP7bCertList = VerifyCert.verifyP7bCertList(bytes);
            if (!verifyP7bCertList.isSuccess()) {
                result.setError(verifyP7bCertList.getError());
                return result;
            }
            try {
                X509Certificate x509Certificate = SignedDataUtils.resolveCertChain(bytes).get(0);
                try {
                    String keyAlg = CertUtils.getKeyAlg(x509Certificate);
                    this.logger.info("=============CommonVariable.getKeyAlgName()" + CommonVariable.getKeyAlgName());
                    this.logger.info("=============certInfo.getKeyAlg()" + keyAlg);
                    if (!z || CommonVariable.getKeyAlgName().equalsIgnoreCase(keyAlg)) {
                        result.setInfo(getCAInfo(x509Certificate));
                        return result;
                    }
                    this.logger.info("导入CA证书秘钥算法和原系统不一致");
                    result.setError(ErrorEnum.CA_ALGORITHM_IS_NOT_SAME_OLD);
                    return result;
                } catch (Exception e) {
                    this.logger.error("获取证书密钥算法异常", (Throwable) e);
                    result.setError(ErrorEnum.GET_CERT_ALG_NAME_LENGTH_EXCEPTION);
                    return result;
                }
            } catch (Exception e2) {
                this.logger.error("配置CA服务解析证书链异常", (Throwable) e2);
                result.setError(ErrorEnum.CONVERT_CERT_ERROR);
                return result;
            }
        } catch (Exception e3) {
            this.logger.info("文件转换bytes异常");
            result.setError(ErrorEnum.FILE_TO_BYTES_ERROR);
            return result;
        }
    }

    @Override // com.xdja.pki.ra.service.manager.system.CaService
    public Result getCaConfigInfo() {
        Result result = new Result();
        try {
            CaServerConf caServerConf = this.systemService.getConfigFile(Constants.CONFIG_JSON_FILE_NAME).getCaServerConf();
            if (null == caServerConf) {
                this.logger.error("获取CA服务详情为空");
                result.setError(ErrorEnum.GET_CA_SERVER_INFO_IS_EMPTY);
                return result;
            }
            CaCertInfo cAInfo = getCAInfo(CommonVariable.getCaServiceCert());
            cAInfo.setCaServerConf(caServerConf);
            result.setInfo(cAInfo);
            return result;
        } catch (Exception e) {
            result.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
            return result;
        }
    }

    private CaCertInfo getCAInfo(X509Certificate x509Certificate) {
        String subjectByX509Cert = CertUtils.getSubjectByX509Cert(x509Certificate);
        String sigAlgOID = x509Certificate.getSigAlgOID();
        String sigAlgName = x509Certificate.getSigAlgName();
        if (sigAlgOID.equals(GMObjectIdentifiers.sm2sign_with_sm3.getId())) {
            sigAlgName = "SM3WithSM2";
        }
        if (sigAlgOID.equals(NISTObjectIdentifiers.nistSignAlgorithm.getId())) {
            sigAlgName = "sha256WithECDSA";
        }
        if (sigAlgOID.equals(RsaObjectIdentifiers.sha256WithRSA.getId())) {
            sigAlgName = "sha256WithRSA";
        }
        if (sigAlgOID.equals(RsaObjectIdentifiers.sha1WithRSA.getId())) {
            sigAlgName = "sha-1WithRSA";
        }
        CaCertInfo caCertInfo = new CaCertInfo();
        caCertInfo.setCertDN(subjectByX509Cert);
        caCertInfo.setSignAlgName(sigAlgName);
        caCertInfo.setNotBefore(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(x509Certificate.getNotBefore()));
        caCertInfo.setNotAfter(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(x509Certificate.getNotAfter()));
        return caCertInfo;
    }

    @Override // com.xdja.pki.ra.service.manager.system.CaService
    public CaCertDO getCaConfigInfoByTime() {
        return this.caServerDao.getCaCert(this.caServerDao.getCaCertId());
    }

    @Override // com.xdja.pki.ra.service.manager.system.CaService
    public Result getNewCaCertInfo() {
        Result result = new Result();
        CaCertDO newCaCertInfo = this.caCertDao.getNewCaCertInfo();
        if (newCaCertInfo == null) {
            result.setError(ErrorEnum.GET_CA_CERT_INFO_IS_EMPTY);
            return result;
        }
        result.setInfo(newCaCertInfo);
        return result;
    }

    @Override // com.xdja.pki.ra.service.manager.system.CaService
    public String getCAServiceDnName() {
        try {
            CaCertDO newCaCertInfo = this.caCertDao.getNewCaCertInfo();
            if (newCaCertInfo == null) {
                return null;
            }
            return CertUtils.getSubjectByX509Cert(CertUtils.getCertFromStr(newCaCertInfo.getCertInfo()));
        } catch (Exception e) {
            this.logger.error("获取CA服务器证书异常{}", (Throwable) e);
            return null;
        }
    }
}
