package com.xdja.pki.ra.service.manager.auditlog;

import com.xdja.pki.auditlog.dao.ArchiveLogDao;
import com.xdja.pki.auditlog.dao.AuditLogDao;
import com.xdja.pki.auditlog.dao.model.ArchiveLogDO;
import com.xdja.pki.auditlog.dao.model.AuditLogDO;
import com.xdja.pki.auditlog.dao.model.AuditLogListDO;
import com.xdja.pki.auditlog.service.bean.AuditLogIsAuditEnum;
import com.xdja.pki.auditlog.service.bean.AuditLogIsVerifyEnum;
import com.xdja.pki.auditlog.service.bean.AuditLogListVO;
import com.xdja.pki.auditlog.service.bean.AuditLogResultEnum;
import com.xdja.pki.auditlog.service.bean.AuditLogVO;
import com.xdja.pki.auditlog.service.bean.ra.AuditLogOperatorTypeEnum;
import com.xdja.pki.auth.service.AuditLogService;
import com.xdja.pki.auth.service.bean.AuditLogAuditReq;
import com.xdja.pki.auth.service.bean.AuditSignBean;
import com.xdja.pki.core.bean.CoreResult;
import com.xdja.pki.core.bean.ErrorBean;
import com.xdja.pki.core.bean.PageInfo;
import com.xdja.pki.gmssl.sdf.SdfSDKException;
import com.xdja.pki.ra.core.common.CommonVariable;
import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.config.ArchiveConfigBean;
import com.xdja.pki.ra.core.pkcs7.SignedDataUtils;
import com.xdja.pki.ra.core.util.cert.CertUtils;
import com.xdja.pki.ra.core.util.cert.HsmUtils;
import com.xdja.pki.ra.core.util.time.DateUtils;
import com.xdja.pki.ra.manager.dao.AdminCertDao;
import com.xdja.pki.ra.manager.dao.AdminRoleDao;
import com.xdja.pki.ra.manager.dao.RaCertDao;
import com.xdja.pki.ra.manager.dao.model.AdminCertDO;
import com.xdja.pki.ra.manager.dao.model.RaCertDO;
import com.xdja.pki.ra.manager.dao.model.RoleDO;
import com.xdja.pki.ra.service.manager.login.bean.CurrentAdminInfo;
import com.xdja.pki.security.bean.Operator;
import com.xdja.pki.security.util.OperatorUtil;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.util.encoders.Base64;
import org.nutz.mvc.Mvcs;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:WEB-INF/lib/ra-service-manager-impl-2.0.0-SNAPSHOT.jar:com/xdja/pki/ra/service/manager/auditlog/AuditLogServiceImpl.class */
public class AuditLogServiceImpl implements AuditLogService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    public AuditLogDao auditLogDao;

    @Autowired
    public AdminCertDao adminCertDao;

    @Autowired
    public RaCertDao raCertDao;

    @Autowired
    private ArchiveLogDao archiveLogDao;

    @Autowired
    private AdminRoleDao adminRoleDao;
    private static double ARCHIVE_PERCENT = 0.8d;
    private static long MS_PER_DAY = 86400000;

    @Override // com.xdja.pki.auth.service.AuditLogService
    public CoreResult save(int i, String str, int i2, String str2) {
        AuditLogDO auditLogDO = new AuditLogDO();
        Operator operator = OperatorUtil.getOperator();
        if (operator == null || operator.getCurrUser() == null) {
            return new CoreResult(-1, null, new ErrorBean(ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN.code, ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN.desc));
        }
        CurrentAdminInfo currentAdminInfo = (CurrentAdminInfo) operator.getCurrUser();
        auditLogDO.setOperatorSubject(currentAdminInfo.getCertDn());
        auditLogDO.setOperatorSn(currentAdminInfo.getCertSn());
        auditLogDO.setOperatorCertId(currentAdminInfo.getId());
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yy-MM-dd HH:mm:ss");
        try {
            auditLogDO.setOperateTime(simpleDateFormat.parse(simpleDateFormat.format(new Date())));
            auditLogDO.setOperatorType(String.valueOf(i));
            auditLogDO.setOperateClientIp(currentAdminInfo.getClientIpAddress());
            auditLogDO.setOperateContent(str);
            auditLogDO.setOperateResult(Integer.valueOf(i2));
            auditLogDO.setOperateSign(str2);
            auditLogDO.setIsAudit(Integer.valueOf(AuditLogIsAuditEnum.FALSE.id));
            try {
                try {
                    RaCertDO newRaCertInfo = this.raCertDao.getNewRaCertInfo();
                    if (newRaCertInfo == null) {
                        this.logger.error("获取RA服务器证书为空!");
                        return new CoreResult(-1, null, new ErrorBean(ErrorEnum.GET_RA_SERVER_CERT_EMPTY.code, ErrorEnum.GET_RA_SERVER_CERT_EMPTY.desc));
                    }
                    auditLogDO.setServerCertId(newRaCertInfo.getId());
                    String operatorBase64Encode = auditLogDO.operatorBase64Encode();
                    String signByYunHsm = (1 == CommonVariable.getIsHsm().intValue() && "SM2".equalsIgnoreCase(CommonVariable.getKeyAlgName())) ? HsmUtils.signByYunHsm(newRaCertInfo.getSignAlg(), CommonVariable.getKeyIndex(), CommonVariable.getKeyPwd(), operatorBase64Encode) : HsmUtils.signByBC(newRaCertInfo.getSignAlg(), CommonVariable.getRaSignPriKey(), operatorBase64Encode);
                    if (StringUtils.isBlank(signByYunHsm)) {
                        return new CoreResult(-1, null, new ErrorBean(ErrorEnum.SIGN_BY_HSM_IS_ERROR.code, ErrorEnum.SIGN_BY_HSM_IS_ERROR.desc));
                    }
                    auditLogDO.setServerSign(signByYunHsm);
                    this.auditLogDao.saveLog(auditLogDO);
                    return new CoreResult(0, null);
                } catch (Exception e) {
                    return new CoreResult(-1, null, new ErrorBean(ErrorEnum.RA_SERVER_CERT_SIGN_EXCEPTION.code, ErrorEnum.RA_SERVER_CERT_SIGN_EXCEPTION.desc));
                }
            } catch (CryptoException | SdfSDKException e2) {
                this.logger.error("RA服务器证书签名异常!", e2);
                return new CoreResult(-1, null, new ErrorBean(ErrorEnum.RA_SERVER_CERT_SIGN_EXCEPTION.code, ErrorEnum.RA_SERVER_CERT_SIGN_EXCEPTION.desc));
            }
        } catch (ParseException e3) {
            this.logger.error("时间转换异常", (Throwable) e3);
            return new CoreResult(-1, null, new ErrorBean(ErrorEnum.TIME_CONVERSION_EXCEPTION.code, ErrorEnum.TIME_CONVERSION_EXCEPTION.desc));
        }
    }

    @Override // com.xdja.pki.auth.service.AuditLogService
    public boolean saveAuditLog(int i, String str, int i2, String str2) {
        AuditLogDO auditLogDO = new AuditLogDO();
        Operator operator = OperatorUtil.getOperator();
        if (operator == null || operator.getCurrUser() == null) {
            return false;
        }
        CurrentAdminInfo currentAdminInfo = (CurrentAdminInfo) operator.getCurrUser();
        auditLogDO.setOperatorSubject(currentAdminInfo.getCertDn());
        auditLogDO.setOperatorSn(currentAdminInfo.getCertSn());
        auditLogDO.setOperatorCertId(currentAdminInfo.getId());
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yy-MM-dd HH:mm:ss");
        try {
            auditLogDO.setOperateTime(simpleDateFormat.parse(simpleDateFormat.format(new Date())));
            auditLogDO.setOperatorType(String.valueOf(i));
            auditLogDO.setOperateClientIp(currentAdminInfo.getClientIpAddress());
            auditLogDO.setOperateContent(str);
            auditLogDO.setOperateResult(Integer.valueOf(i2));
            auditLogDO.setOperateSign(str2);
            auditLogDO.setIsAudit(Integer.valueOf(AuditLogIsAuditEnum.FALSE.id));
            try {
                try {
                    RaCertDO newRaCertInfo = this.raCertDao.getNewRaCertInfo();
                    if (newRaCertInfo == null) {
                        this.logger.error("获取RA服务器证书为空!");
                        return false;
                    }
                    auditLogDO.setServerCertId(newRaCertInfo.getId());
                    String operatorBase64Encode = auditLogDO.operatorBase64Encode();
                    String signByYunHsm = (1 == CommonVariable.getIsHsm().intValue() && "SM2".equalsIgnoreCase(CommonVariable.getKeyAlgName())) ? HsmUtils.signByYunHsm(newRaCertInfo.getSignAlg(), CommonVariable.getKeyIndex(), CommonVariable.getKeyPwd(), operatorBase64Encode) : HsmUtils.signByBC(newRaCertInfo.getSignAlg(), CommonVariable.getRaSignPriKey(), operatorBase64Encode);
                    if (StringUtils.isBlank(signByYunHsm)) {
                        return false;
                    }
                    auditLogDO.setServerSign(signByYunHsm);
                    this.auditLogDao.saveLog(auditLogDO);
                    return true;
                } catch (Exception e) {
                    return false;
                }
            } catch (CryptoException | SdfSDKException e2) {
                this.logger.error("RA服务器证书签名异常!", e2);
                return false;
            }
        } catch (ParseException e3) {
            this.logger.error("时间转换异常", (Throwable) e3);
            return false;
        }
    }

    @Override // com.xdja.pki.auth.service.AuditLogService
    public boolean saveAuditLog(int i, String str, int i2, String str2, String str3) {
        AuditLogDO auditLogDO = new AuditLogDO();
        Operator operator = OperatorUtil.getOperator();
        if (operator == null || operator.getCurrUser() == null) {
            return false;
        }
        CurrentAdminInfo currentAdminInfo = (CurrentAdminInfo) operator.getCurrUser();
        auditLogDO.setOperatorSubject(currentAdminInfo.getCertDn());
        auditLogDO.setOperatorSn(currentAdminInfo.getCertSn());
        auditLogDO.setOperatorCertId(currentAdminInfo.getId());
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yy-MM-dd HH:mm:ss");
        try {
            auditLogDO.setOperateTime(simpleDateFormat.parse(simpleDateFormat.format(new Date())));
            auditLogDO.setOperatorType(String.valueOf(i));
            auditLogDO.setOperateClientIp(currentAdminInfo.getClientIpAddress());
            auditLogDO.setOperateContent(str);
            auditLogDO.setOperateResult(Integer.valueOf(i2));
            auditLogDO.setOperateSign(str2);
            auditLogDO.setOperateModifyDetail(str3);
            auditLogDO.setIsAudit(Integer.valueOf(AuditLogIsAuditEnum.FALSE.id));
            try {
                try {
                    RaCertDO newRaCertInfo = this.raCertDao.getNewRaCertInfo();
                    if (newRaCertInfo == null) {
                        this.logger.error("获取RA服务器证书为空!");
                        return false;
                    }
                    auditLogDO.setServerCertId(newRaCertInfo.getId());
                    String operatorBase64Encode = auditLogDO.operatorBase64Encode();
                    String signByYunHsm = (1 == CommonVariable.getIsHsm().intValue() && "SM2".equalsIgnoreCase(CommonVariable.getKeyAlgName())) ? HsmUtils.signByYunHsm(newRaCertInfo.getSignAlg(), CommonVariable.getKeyIndex(), CommonVariable.getKeyPwd(), operatorBase64Encode) : HsmUtils.signByBC(newRaCertInfo.getSignAlg(), CommonVariable.getRaSignPriKey(), operatorBase64Encode);
                    if (StringUtils.isBlank(signByYunHsm)) {
                        return false;
                    }
                    auditLogDO.setServerSign(signByYunHsm);
                    this.auditLogDao.saveLog(auditLogDO);
                    return true;
                } catch (CryptoException | SdfSDKException e) {
                    this.logger.error("RA服务器证书签名异常!", e);
                    return false;
                }
            } catch (Exception e2) {
                return false;
            }
        } catch (ParseException e3) {
            this.logger.error("时间转换异常", (Throwable) e3);
            return false;
        }
    }

    @Override // com.xdja.pki.auth.service.AuditLogService
    public CoreResult getAuditLogList(Integer num, Integer num2, String str, Integer num3, Integer num4, String str2, String str3) {
        if (num.intValue() == 0 && num2.intValue() == 0) {
            return new CoreResult(0, setDataList((List) this.auditLogDao.getLogList(num, num2, str, num3, num4, str2, str3)));
        }
        PageInfo pageInfo = (PageInfo) this.auditLogDao.getLogList(num, num2, str, num3, num4, str2, str3);
        pageInfo.setDatas(setDataList((List) pageInfo.getDatas()));
        return new CoreResult(0, pageInfo);
    }

    private List<AuditLogListVO> setDataList(List<AuditLogListDO> list) {
        ArrayList arrayList = new ArrayList();
        for (AuditLogListDO auditLogListDO : list) {
            AuditLogListVO auditLogListVO = new AuditLogListVO();
            auditLogListVO.setId(auditLogListDO.getId());
            auditLogListVO.setOperatorSubject(auditLogListDO.getOperatorSubject());
            auditLogListVO.setOperatorType(auditLogListDO.getOperatorType());
            auditLogListVO.setOperatorTypeString(AuditLogOperatorTypeEnum.getDescFromType(auditLogListDO.getOperatorType()));
            auditLogListVO.setOperateClientIp(auditLogListDO.getOperateClientIp());
            auditLogListVO.setOperateResult(auditLogListDO.getOperateResult());
            auditLogListVO.setOperateResultString(AuditLogResultEnum.getValueFromId(auditLogListDO.getOperateResult().intValue()));
            auditLogListVO.setIsAudit(auditLogListDO.getIsAudit());
            auditLogListVO.setIsAuditString(AuditLogIsAuditEnum.getValueFromId(auditLogListDO.getIsAudit().intValue()));
            auditLogListVO.setOperateTime(auditLogListDO.getOperateTime());
            arrayList.add(auditLogListVO);
        }
        return arrayList;
    }

    @Override // com.xdja.pki.auth.service.AuditLogService
    public CoreResult doAuditLog(AuditLogAuditReq auditLogAuditReq, AuditSignBean auditSignBean) {
        try {
            AuditLogDO logById = this.auditLogDao.getLogById(auditLogAuditReq.getId());
            if (null == logById) {
                return new CoreResult(-1, null, new ErrorBean(ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.code, ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.desc));
            }
            if (logById.getIsAudit().intValue() == AuditLogIsAuditEnum.TRUE.id) {
                this.logger.error("该日志已经被审核过!");
                return new CoreResult(-1, null, new ErrorBean(ErrorEnum.LOG_IS_ALREADY_AUDIT.code, ErrorEnum.LOG_IS_ALREADY_AUDIT.desc));
            }
            Result verifyOperateSign = verifyOperateSign(logById);
            if (!verifyOperateSign.isSuccess()) {
                return new CoreResult(verifyOperateSign.getCode(), verifyOperateSign.getInfo());
            }
            Operator operator = OperatorUtil.getOperator();
            if (operator == null || operator.getCurrUser() == null) {
                return new CoreResult(-1, null, new ErrorBean(ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN.code, ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN.desc));
            }
            CurrentAdminInfo currentAdminInfo = (CurrentAdminInfo) operator.getCurrUser();
            logById.setAuditClientIp(currentAdminInfo.getClientIpAddress());
            logById.setAuditCertId(currentAdminInfo.getId());
            logById.setAuditSn(currentAdminInfo.getCertSn());
            logById.setAuditSubject(currentAdminInfo.getCertDn());
            logById.setAuditSign(auditSignBean.getSign());
            logById.setAuditTime(new Date());
            logById.setIsAudit(Integer.valueOf(AuditLogIsAuditEnum.TRUE.id));
            logById.setAuditNote(auditLogAuditReq.getAuditNote());
            logById.setIsVerify(Integer.valueOf(auditLogAuditReq.getIsVerify()));
            String operatorWithAuditInfoBase64Encode = logById.operatorWithAuditInfoBase64Encode();
            try {
                RaCertDO newRaCertInfo = this.raCertDao.getNewRaCertInfo();
                if (newRaCertInfo == null) {
                    this.logger.error("获取RA服务器证书为空!");
                    return new CoreResult(-1, null, new ErrorBean(ErrorEnum.GET_RA_SERVER_CERT_EMPTY.code, ErrorEnum.GET_RA_SERVER_CERT_EMPTY.desc));
                }
                String signByYunHsm = (1 == CommonVariable.getIsHsm().intValue() && "SM2".equalsIgnoreCase(CommonVariable.getKeyAlgName())) ? HsmUtils.signByYunHsm(newRaCertInfo.getSignAlg(), CommonVariable.getKeyIndex(), CommonVariable.getKeyPwd(), operatorWithAuditInfoBase64Encode) : HsmUtils.signByBC(newRaCertInfo.getSignAlg(), CommonVariable.getRaSignPriKey(), operatorWithAuditInfoBase64Encode);
                if (StringUtils.isBlank(signByYunHsm)) {
                    return new CoreResult(-1, null, new ErrorBean(ErrorEnum.SIGN_BY_HSM_IS_ERROR.code, ErrorEnum.SIGN_BY_HSM_IS_ERROR.desc));
                }
                logById.setServerSign(signByYunHsm);
                if (this.auditLogDao.updateLog(logById) == 1) {
                    return new CoreResult(0, null);
                }
                this.logger.error("更新审核日志失败!");
                return new CoreResult(-1, null, new ErrorBean(ErrorEnum.UPDATE_AUDIT_IS_FAILURE.code, ErrorEnum.UPDATE_AUDIT_IS_FAILURE.desc));
            } catch (Exception e) {
                this.logger.error("服务器签名值验签失败", (Throwable) e);
                return new CoreResult(-1, null, new ErrorBean(ErrorEnum.VERIFY_SERVER_CERT_SIGN_FAIL.code, ErrorEnum.VERIFY_SERVER_CERT_SIGN_FAIL.desc));
            }
        } catch (Exception e2) {
            this.logger.error("获取操作日志实例异常", (Throwable) e2);
            return new CoreResult(-1, null, new ErrorBean(ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.code, ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.desc));
        }
    }

    @Override // com.xdja.pki.auth.service.AuditLogService
    public Object getOperateLogById(int i) {
        try {
            AuditLogDO logById = this.auditLogDao.getLogById(i);
            return null == logById ? new CoreResult(-1, null, new ErrorBean(ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.code, ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.desc)) : CoreResult.success(logById);
        } catch (Exception e) {
            this.logger.error("获取操作日志实例异常", (Throwable) e);
            return new CoreResult(-1, null, new ErrorBean(ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.code, ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.desc));
        }
    }

    @Override // com.xdja.pki.auth.service.AuditLogService
    public CoreResult get(int i, Integer num) {
        try {
            AuditLogDO logById = this.auditLogDao.getLogById(i);
            if (null == logById) {
                return new CoreResult(-1, null, new ErrorBean(ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.code, ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.desc));
            }
            AuditLogVO auditLogVO = new AuditLogVO();
            auditLogVO.setId(logById.getId());
            auditLogVO.setOperatorSubject(logById.getOperatorSubject());
            auditLogVO.setOperatorSn(logById.getOperatorSn());
            auditLogVO.setOperatorType(logById.getOperatorType());
            auditLogVO.setOperatorTypeString(AuditLogOperatorTypeEnum.getDescFromType(logById.getOperatorType()));
            auditLogVO.setOperateClientIp(logById.getOperateClientIp());
            auditLogVO.setOperateContent(logById.getOperateContent());
            auditLogVO.setOperateResult(logById.getOperateResult());
            auditLogVO.setOperateResultString(AuditLogResultEnum.getValueFromId(logById.getOperateResult().intValue()));
            auditLogVO.setOperateModifyDetail(logById.getOperateModifyDetail());
            auditLogVO.setOperateSign(logById.getOperateSign());
            auditLogVO.setIsAudit(logById.getIsAudit());
            auditLogVO.setIsAuditString(AuditLogIsAuditEnum.getValueFromId(logById.getIsAudit().intValue()));
            auditLogVO.setOperateTime(logById.getOperateTime());
            if (logById.getIsVerify() != null) {
                auditLogVO.setIsVerify(logById.getIsVerify());
                auditLogVO.setIsVerifyString(AuditLogIsVerifyEnum.getValueFromId(logById.getIsVerify().intValue()));
            }
            if (logById.getIsAudit().intValue() == 2) {
                auditLogVO.setAuditSubject(logById.getAuditSubject());
                auditLogVO.setAuditSn(logById.getAuditSn());
                auditLogVO.setAuditNote(logById.getAuditNote());
                auditLogVO.setAuditTime(logById.getAuditTime());
                auditLogVO.setAuditClientIp(logById.getAuditClientIp());
            }
            if (num != null && num.intValue() == 1) {
                this.logger.info("get audit log info with verify!");
                AuditLogIsVerifyEnum auditLogIsVerifyEnum = AuditLogIsVerifyEnum.getInstance((logById.getIsAudit().intValue() == 1 ? verifyOperateSign(logById) : verifyAuditOperateSign(logById)).isSuccess());
                auditLogVO.setIsVerify(Integer.valueOf(auditLogIsVerifyEnum.id));
                auditLogVO.setIsVerifyString(auditLogIsVerifyEnum.value);
            }
            return new CoreResult(0, auditLogVO);
        } catch (Exception e) {
            this.logger.error("获取操作日志实例异常", (Throwable) e);
            return new CoreResult(-1, null, new ErrorBean(ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.code, ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.desc));
        }
    }

    @Override // com.xdja.pki.auth.service.AuditLogService
    public CoreResult verify(int i) {
        try {
            AuditLogDO logById = this.auditLogDao.getLogById(i);
            if (null == logById) {
                return new CoreResult(-1, null, new ErrorBean(ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.code, ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.desc));
            }
            Result verifyAuditOperateSign = verifyAuditOperateSign(logById);
            ErrorEnum error = verifyAuditOperateSign.getError();
            ErrorBean errorBean = new ErrorBean();
            if (null != error) {
                errorBean = new ErrorBean(error.code, error.desc);
            }
            return new CoreResult(verifyAuditOperateSign.getCode(), verifyAuditOperateSign.getInfo(), errorBean);
        } catch (Exception e) {
            this.logger.error("获取操作日志实例异常", (Throwable) e);
            return new CoreResult(-1, null, new ErrorBean(ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.code, ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.desc));
        }
    }

    private Result verifyOperateSign(AuditLogDO auditLogDO) {
        AdminCertDO adminCertInfo = this.adminCertDao.getAdminCertInfo(auditLogDO.getOperatorSn(), 2);
        if (adminCertInfo == null) {
            this.logger.error("获取操作员证书为空");
            return Result.failure(ErrorEnum.GET_OPERATOR_CERT_EMPTY);
        }
        try {
            try {
                if (!SignedDataUtils.verifySignedData(auditLogDO.getOperateSign(), CertUtils.getCertFromStr(adminCertInfo.getCertInfo()).getPublicKey())) {
                    this.logger.error("验证管理员操作签名失败");
                    return Result.failure(ErrorEnum.VERIFY_ADMIN_OPERATOR_SIGN_FAIL);
                }
                try {
                    X509Certificate certFromStr = CertUtils.getCertFromStr(this.raCertDao.queryRaCertDataById(auditLogDO.getServerCertId()).getCertInfo());
                    if (0 != CommonVariable.getIsHsm().intValue() ? HsmUtils.verifyCertByYunHsm(certFromStr.getSigAlgName(), certFromStr.getPublicKey(), auditLogDO.operatorBase64Encode(), auditLogDO.getServerSign()) : HsmUtils.verifyCertByBC(certFromStr.getSigAlgName(), certFromStr.getPublicKey(), Base64.decode(auditLogDO.getServerSign()), Base64.decode(auditLogDO.operatorBase64Encode()))) {
                        return Result.success();
                    }
                    this.logger.error("服务器签名值验签失败");
                    return Result.failure(ErrorEnum.VERIFY_SERVER_CERT_SIGN_FAIL);
                } catch (Exception e) {
                    this.logger.error("服务器签名值验签失败", (Throwable) e);
                    return Result.failure(ErrorEnum.VERIFY_SERVER_CERT_SIGN_FAIL);
                }
            } catch (Exception e2) {
                this.logger.error("验证管理员操作签名失败", (Throwable) e2);
                return Result.failure(ErrorEnum.VERIFY_ADMIN_OPERATOR_SIGN_FAIL);
            }
        } catch (Exception e3) {
            this.logger.error("证书转换错误", (Throwable) e3);
            return Result.failure(ErrorEnum.GENERATE_CERT_IS_ERROR);
        }
    }

    private Result verifyAuditOperateSign(AuditLogDO auditLogDO) {
        AdminCertDO adminCertInfo = this.adminCertDao.getAdminCertInfo(auditLogDO.getAuditSn(), 2);
        if (adminCertInfo == null) {
            this.logger.error("获取审计员证书为空");
            return Result.failure(ErrorEnum.GET_AUDITOR_CERT_EMPTY);
        }
        try {
            try {
                if (!SignedDataUtils.verifySignedData(auditLogDO.getAuditSign(), CertUtils.getCertFromStr(adminCertInfo.getCertInfo()).getPublicKey())) {
                    this.logger.error("验证审计员操作签名失败");
                    return Result.failure(ErrorEnum.VERIFY_AUDITOR_SIGN_FAIL);
                }
                try {
                    X509Certificate certFromStr = CertUtils.getCertFromStr(this.raCertDao.queryRaCertDataById(auditLogDO.getServerCertId()).getCertInfo());
                    if (0 != CommonVariable.getIsHsm().intValue() ? HsmUtils.verifyCertByYunHsm(certFromStr.getSigAlgName(), certFromStr.getPublicKey(), auditLogDO.operatorWithAuditInfoBase64Encode(), auditLogDO.getServerSign()) : HsmUtils.verifyCertByBC(certFromStr.getSigAlgName(), certFromStr.getPublicKey(), Base64.decode(auditLogDO.getServerSign()), Base64.decode(auditLogDO.operatorWithAuditInfoBase64Encode()))) {
                        return Result.success();
                    }
                    this.logger.error("服务器签名值验签失败");
                    return Result.failure(ErrorEnum.VERIFY_SERVER_CERT_SIGN_FAIL);
                } catch (Exception e) {
                    this.logger.error("服务器签名值验签失败", (Throwable) e);
                    return Result.failure(ErrorEnum.VERIFY_SERVER_CERT_SIGN_FAIL);
                }
            } catch (Exception e2) {
                this.logger.error("验证审计员操作签名失败", (Throwable) e2);
                return Result.failure(ErrorEnum.VERIFY_AUDITOR_SIGN_FAIL);
            }
        } catch (Exception e3) {
            this.logger.error("证书转换错误", (Throwable) e3);
            return Result.failure(ErrorEnum.GENERATE_CERT_IS_ERROR);
        }
    }

    @Override // com.xdja.pki.auth.service.AuditLogService
    public CoreResult doArchiveOperateLog(String str, Integer num, Integer num2, String str2, String str3) {
        HashMap hashMap = new HashMap();
        try {
            List<AuditLogDO> list = (List) this.auditLogDao.archiveList(str, num, num2, str2, str3);
            if (null == list || list.isEmpty()) {
                this.logger.info("手动归档操作日志 没有可归档的日志");
                hashMap.put("archiveResult", true);
                hashMap.put("archiveNum", 0);
                return new CoreResult(0, hashMap);
            }
            int saveArchiveLogList = this.archiveLogDao.saveArchiveLogList(generateArchiveLogFromAuditLog(list));
            this.logger.info("手动归档 删除从AUDIT_LOG表 归档到ARCHIVE_LOG表 " + this.auditLogDao.deleteAuditLogList(list) + "数据");
            if (saveArchiveLogList != 0) {
                hashMap.put("archiveResult", true);
                hashMap.put("archiveNum", Integer.valueOf(saveArchiveLogList));
                return new CoreResult(0, hashMap);
            }
            hashMap.put("archiveResult", false);
            hashMap.put("archiveNum", Integer.valueOf(list.size()));
            return new CoreResult(-1, hashMap);
        } catch (Exception e) {
            this.logger.error("手动归档操作日志出现异常", (Throwable) e);
            return new CoreResult(-1, "手动归档操作日志出现异常");
        }
    }

    private List<ArchiveLogDO> generateArchiveLogFromAuditLog(List<AuditLogDO> list) {
        ArrayList arrayList = new ArrayList();
        for (AuditLogDO auditLogDO : list) {
            ArchiveLogDO archiveLogDO = new ArchiveLogDO();
            BeanUtils.copyProperties(auditLogDO, archiveLogDO, "id");
            archiveLogDO.setArchiveTime(new Date());
            arrayList.add(archiveLogDO);
        }
        return arrayList;
    }

    @Override // com.xdja.pki.auth.service.AuditLogService
    public Boolean isAllowLogin() {
        try {
            ArchiveConfigBean archiveConfig = CommonVariable.getArchiveConfig();
            if (null == archiveConfig || archiveConfig.getMaxAuditLogLimit() == null) {
                return true;
            }
            return archiveConfig.getMaxAuditLogLimit().intValue() > this.auditLogDao.getTotalRecords();
        } catch (Exception e) {
            this.logger.error("获取登录许可或日志写入出现异常", (Throwable) e);
            return false;
        }
    }

    @Override // com.xdja.pki.auth.service.AuditLogService
    public CoreResult getAuditMsgInfo() {
        try {
            ArchiveConfigBean archiveConfig = CommonVariable.getArchiveConfig();
            if (null == archiveConfig || archiveConfig.getAuditLogPeriod() == null) {
                return new CoreResult(0, null);
            }
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd");
            long overAuditRecordNum = this.auditLogDao.getOverAuditRecordNum(simpleDateFormat.format(Long.valueOf(DateUtils.getStartTime(simpleDateFormat.format(new Date())) - (archiveConfig.getAuditLogPeriod().intValue() * MS_PER_DAY))));
            return overAuditRecordNum != 0 ? new CoreResult(0, "有" + overAuditRecordNum + "条日志已超审核周期，请及时进行审核") : new CoreResult(0, null);
        } catch (Exception e) {
            return new CoreResult(-1, "获取审核提醒消息出现异常");
        }
    }

    @Override // com.xdja.pki.auth.service.AuditLogService
    public CoreResult getArchiveMsgInfo() {
        try {
            ArchiveConfigBean archiveConfig = CommonVariable.getArchiveConfig();
            if (null == archiveConfig || archiveConfig.getMaxAuditLogLimit() == null) {
                return new CoreResult(0, null);
            }
            return ((double) ((long) this.auditLogDao.getTotalRecords())) >= ((double) ((long) archiveConfig.getMaxAuditLogLimit().intValue())) * ARCHIVE_PERCENT ? new CoreResult(0, "日志即将达到存储操作日志的最大规模，请及时进行归档") : new CoreResult(0, null);
        } catch (Exception e) {
            return new CoreResult(-1, "获取归档提醒消息出现异常");
        }
    }

    @Override // com.xdja.pki.auth.service.AuditLogService
    public CoreResult doAutoArchiveOperateLog() {
        try {
            this.logger.debug("自动归档开始》》》》》》");
            HashMap hashMap = new HashMap();
            ArchiveConfigBean archiveConfig = CommonVariable.getArchiveConfig();
            if (null == archiveConfig || archiveConfig.getAutoArchiveFlag().intValue() != 1) {
                return new CoreResult(-1, "自动归档未开启");
            }
            List<AuditLogDO> list = (List) this.auditLogDao.autoArchiveList(new SimpleDateFormat("yy-MM-dd HH:mm:ss").format(Long.valueOf(DateUtils.getCurrentTimeMillis() - (archiveConfig.getAutoArchiveAgo().intValue() * MS_PER_DAY))));
            if (null == list || list.isEmpty()) {
                this.logger.info("自动归档操作日志 没有可归档的日志");
                hashMap.put("archiveResult", true);
                hashMap.put("archiveNum", 0);
                return new CoreResult(0, hashMap);
            }
            int saveArchiveLogList = this.archiveLogDao.saveArchiveLogList(generateArchiveLogFromAuditLog(list));
            if (saveArchiveLogList == 0) {
                hashMap.put("archiveResult", false);
                hashMap.put("archiveNum", Integer.valueOf(list.size()));
                this.logger.debug("自动归档结束》》》》》》");
                return new CoreResult(-1, hashMap);
            }
            int deleteAuditLogList = this.auditLogDao.deleteAuditLogList(list);
            if (deleteAuditLogList != saveArchiveLogList) {
                return new CoreResult(-1, "删除操作日志表数据异常");
            }
            this.logger.info("自动归档 删除从AUDIT_LOG表 归档到ARCHIVE_LOG表 " + deleteAuditLogList + "数据");
            hashMap.put("archiveResult", true);
            hashMap.put("archiveNum", Integer.valueOf(saveArchiveLogList));
            this.logger.debug("自动归档结束》》》》》》");
            return new CoreResult(0, hashMap);
        } catch (Exception e) {
            this.logger.error("自动归档操作日志出现异常", (Throwable) e);
            return new CoreResult(-1, "自动归档操作日志出现异常");
        }
    }

    @Override // com.xdja.pki.auth.service.AuditLogService
    public CoreResult getRemindMsg() {
        try {
            Operator operator = OperatorUtil.getOperator();
            if (operator == null || operator.getCurrUser() == null) {
                return new CoreResult(-1, null, new ErrorBean(ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN.code, ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN.desc));
            }
            List<RoleDO> roleListByAdminCertId = this.adminRoleDao.getRoleListByAdminCertId(((CurrentAdminInfo) operator.getCurrUser()).getId().longValue());
            HashMap hashMap = new HashMap();
            boolean z = false;
            Iterator<RoleDO> it = roleListByAdminCertId.iterator();
            while (it.hasNext()) {
                if (2 == it.next().getType().intValue()) {
                    z = true;
                }
            }
            HashMap hashMap2 = new HashMap();
            if (z) {
                CoreResult auditMsgInfo = getAuditMsgInfo();
                if (auditMsgInfo.isSuccess()) {
                    hashMap2.put("auditMsg", auditMsgInfo.getInfo());
                }
                CoreResult archiveMsgInfo = getArchiveMsgInfo();
                if (archiveMsgInfo.isSuccess()) {
                    hashMap2.put("archiveMsg", archiveMsgInfo.getInfo());
                }
            }
            if (!hashMap2.isEmpty()) {
                hashMap.put(Mvcs.MSG, hashMap2);
            }
            return new CoreResult(0, hashMap);
        } catch (Exception e) {
            this.logger.error("获取提醒消息异常", (Throwable) e);
            return new CoreResult(-1, "获取提醒消息异常");
        }
    }

    @Override // com.xdja.pki.auth.service.AuditLogService
    public CoreResult existOrNot(int i) {
        try {
            return null == this.auditLogDao.get(i) ? new CoreResult(-1, null, new ErrorBean(ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.code, ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.desc)) : CoreResult.success();
        } catch (Exception e) {
            this.logger.error("判断操作日志实例存在异常", (Throwable) e);
            return new CoreResult(-1, null, new ErrorBean(ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.code, ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.desc));
        }
    }
}
