package com.xdja.pki.ra.service.manager.init;

import com.xdja.pki.apache.client.utils.ApacheClientHttpUtils;
import com.xdja.pki.cache.RedisClient;
import com.xdja.pki.core.exception.ServiceException;
import com.xdja.pki.gmssl.core.utils.GMSSLRandomUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLKeKUtils;
import com.xdja.pki.ra.core.common.CommonVariable;
import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.config.Config;
import com.xdja.pki.ra.core.constant.Constants;
import com.xdja.pki.ra.core.constant.PathConstants;
import com.xdja.pki.ra.core.util.cert.HsmUtils;
import com.xdja.pki.ra.core.util.file.FileUtils;
import com.xdja.pki.ra.core.util.json.JsonUtils;
import com.xdja.pki.ra.manager.dao.AdminCertDao;
import com.xdja.pki.ra.manager.dao.InitDao;
import com.xdja.pki.ra.manager.dao.model.AdminCertDO;
import com.xdja.pki.ra.manager.sdk.business.CaBusinessManager;
import com.xdja.pki.ra.service.manager.system.SystemService;
import com.xdja.pki.security.service.SecurityService;
import java.io.File;
import java.io.IOException;
import java.util.Map;
import javax.naming.NamingException;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;

@Service
/* loaded from: input_file:WEB-INF/lib/ra-service-manager-impl-2.0.1-SNAPSHOT.jar:com/xdja/pki/ra/service/manager/init/InitServiceImpl.class */
public class InitServiceImpl implements InitService {

    @Autowired
    InitDao initDao;

    @Autowired
    SecurityService securityService;

    @Autowired
    CaBusinessManager caBusinessManager;

    @Autowired
    AdminCertDao adminCertDao;

    @Autowired
    SystemService systemService;

    @Value("${ra.system.https.port}")
    private String httpsPort;

    @Value("${ra.system.http.port}")
    private String httpPort;

    @Autowired
    private RedisClient redisClient;
    private Logger logger = LoggerFactory.getLogger(getClass());
    private String tomcatPath = System.getProperty("catalina.home");

    @Override // com.xdja.pki.ra.service.manager.init.InitService
    public Result isInitialized() {
        Result result = new Result();
        try {
            Config configFile = this.systemService.getConfigFile(Constants.CONFIG_JSON_FILE_NAME);
            if (null == configFile) {
                result.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
                return result;
            }
            result.setInfo(Integer.valueOf(configFile.getIsInit()));
            return result;
        } catch (Exception e) {
            this.logger.error("获取是否初始化读取配置文件异常", (Throwable) e);
            result.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
            return result;
        }
    }

    @Override // com.xdja.pki.ra.service.manager.init.InitService
    public Result updateDeviceInitStatus(Integer num) {
        Result result = new Result();
        try {
            Config config = Config.getConfig(PathConstants.GLOBAL_CONF_FILE_PATH);
            if (null == config) {
                result.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
                return result;
            }
            config.setIsInit(num.intValue());
            Config.saveConfig(config, PathConstants.GLOBAL_CONF_FILE_PATH);
            return result;
        } catch (Exception e) {
            this.logger.error("修改初始化状态操作异常", (Throwable) e);
            result.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
            return result;
        }
    }

    @Override // com.xdja.pki.ra.service.manager.init.InitService
    public Result updateInitStep(int i) {
        Result result = new Result();
        try {
            Config configFile = this.systemService.getConfigFile(Constants.CONFIG_JSON_FILE_NAME);
            if (null == configFile) {
                result.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
                return result;
            }
            configFile.setInitStep(i);
            this.systemService.updateConfigFile(configFile);
            return result;
        } catch (Exception e) {
            this.logger.error("记录步骤数异常", (Throwable) e);
            result.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
            return result;
        }
    }

    @Override // com.xdja.pki.ra.service.manager.init.InitService
    public Result getOperateStep() {
        Result result = new Result();
        try {
            Config configFile = this.systemService.getConfigFile(Constants.CONFIG_JSON_FILE_NAME);
            if (null == configFile) {
                result.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
                return result;
            }
            result.setInfo(Integer.valueOf(configFile.getInitStep()));
            return result;
        } catch (Exception e) {
            this.logger.error("获取步骤数异常", (Throwable) e);
            result.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
            return result;
        }
    }

    @Override // com.xdja.pki.ra.service.manager.init.InitService
    public Result initDeviceRecover() {
        Result result = new Result();
        try {
            Config configFile = this.systemService.getConfigFile(Constants.CONFIG_JSON_FILE_NAME);
            if (null == configFile) {
                result.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
                return result;
            }
            if (1 == configFile.getIsInit()) {
                this.logger.info("系统已经初始化");
                result.setError(ErrorEnum.SYSTEM_IS_INIT_TRUE);
                return result;
            }
            configFile.setIsInit(0);
            configFile.setInitStep(0);
            configFile.setIsReboot(0);
            this.systemService.updateConfigFile(configFile);
            try {
                this.initDao.deleteRaCert();
                try {
                    this.initDao.deleteCACert();
                    try {
                        this.initDao.deleteAdminCert();
                        try {
                            this.initDao.deleteAdminRole();
                            try {
                                this.systemService.updateConfigFile(Config.getConfigInit());
                                CommonVariable.clear();
                                ApacheClientHttpUtils.client = null;
                                FileUtils.deleteFile(new File(PathConstants.SOFT_ALG_FOLDER_PATH));
                                FileUtils.deleteFile(new File(PathConstants.SUPER_CA_CERTS_FILE_PATH));
                                this.redisClient.flushAll();
                                return result;
                            } catch (Exception e) {
                                result.setError(ErrorEnum.DECRYPT_ENCRYPT_INFO_ERROR);
                                return result;
                            }
                        } catch (Exception e2) {
                            this.logger.error("重新开始初始化清空admin_role表异常", (Throwable) e2);
                            result.setError(ErrorEnum.RECOVER_INIT_DB_OPERATION_ERROR);
                            return result;
                        }
                    } catch (Exception e3) {
                        this.logger.error("重新开始初始化清空admin_cert表异常", (Throwable) e3);
                        result.setError(ErrorEnum.RECOVER_INIT_DB_OPERATION_ERROR);
                        return result;
                    }
                } catch (Exception e4) {
                    this.logger.error("重新开始初始化清空ca_cert表异常", (Throwable) e4);
                    result.setError(ErrorEnum.RECOVER_INIT_DB_OPERATION_ERROR);
                    return result;
                }
            } catch (Exception e5) {
                this.logger.error("重新开始初始化清空ra_cert表异常", (Throwable) e5);
                result.setError(ErrorEnum.RECOVER_INIT_DB_OPERATION_ERROR);
                return result;
            }
        } catch (Exception e6) {
            this.logger.error("重新开始初始化重置配置文件异常", (Throwable) e6);
            result.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
            return result;
        }
    }

    @Override // com.xdja.pki.ra.service.manager.init.InitService
    public Result authorizeAdmin(String str, String str2, int i) {
        Result result = new Result();
        AdminCertDO adminCertDO = null;
        Result operateStep = getOperateStep();
        this.logger.info("当前初始化步骤为========" + operateStep.getInfo());
        if (1 == i && !operateStep.getInfo().equals(4)) {
            this.logger.info("初始化步骤数错误");
            result.setError(ErrorEnum.INIT_STEP_ERROR);
            return result;
        }
        if (2 == i && !operateStep.getInfo().equals(5)) {
            this.logger.info("初始化步骤数错误");
            result.setError(ErrorEnum.INIT_STEP_ERROR);
            return result;
        }
        try {
            adminCertDO = this.adminCertDao.getAdminCertInfo(str, 2);
        } catch (Exception e) {
            this.logger.info("该sn【{}】未进行过授权，将进行授权操作！", str);
        }
        if (adminCertDO != null) {
            result.setError(ErrorEnum.THIS_ADMIN_SIGN_SN_HAD_AUTHORIZE);
            return result;
        }
        Result raAdminLoginAuthen = this.caBusinessManager.raAdminLoginAuthen(str);
        if (!raAdminLoginAuthen.isSuccess()) {
            return raAdminLoginAuthen;
        }
        Map map = (Map) raAdminLoginAuthen.getInfo();
        this.logger.info("CA返回的认证信息 ============ " + JsonUtils.object2Json(map));
        if (CollectionUtils.isEmpty((Map<?, ?>) map)) {
            result.setError(ErrorEnum.CA_RETURN_ADMIN_AUTHEN_INFO_IS_EMPTY);
            return result;
        }
        if (((Integer) map.get("adminType")).intValue() != i) {
            result.setError(ErrorEnum.AUTHEN_ADMIN_ROLE_IS_ERROR);
            return result;
        }
        int intValue = ((Integer) map.get("signCertStatus")).intValue();
        if (1 != intValue) {
            result.setError(ErrorEnum.ADMIN_CERT_STATUS_IS_NOT_NORMAL);
            return result;
        }
        Result result2 = null;
        try {
            result2 = (Result) this.securityService.authorizationAdminInfo(str2, (String) map.get("signCertData"), (String) map.get("encCertData"), i, intValue);
        } catch (NamingException e2) {
            this.logger.error("授权管理员异常 ", e2);
        }
        if (result2.isSuccess()) {
            return 1 == i ? updateInitStep(5) : updateInitStep(6);
        }
        result.setError(result2.getError());
        return result;
    }

    @Override // com.xdja.pki.ra.service.manager.init.InitService
    public Result initRaSystem() {
        Result result = new Result();
        try {
            Config configFile = this.systemService.getConfigFile(Constants.CONFIG_JSON_FILE_NAME);
            if (null == configFile) {
                result.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
                return result;
            }
            configFile.setIsReboot(1);
            configFile.setIsInit(1);
            configFile.setInitStep(7);
            this.systemService.updateConfigFile(configFile);
            this.logger.info("HTTPs端口：" + this.httpsPort + " 请跳转");
            result.setInfo(this.httpsPort);
            return result;
        } catch (Exception e) {
            this.logger.error("系统重启修改配置文件异常", (Throwable) e);
            result.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
            return result;
        }
    }

    @Override // com.xdja.pki.ra.service.manager.init.InitService
    public Result restartTomcat() {
        Result result = new Result();
        this.logger.info("================tomcatPath " + this.tomcatPath);
        try {
            new Thread(new Runnable() { // from class: com.xdja.pki.ra.service.manager.init.InitServiceImpl.1
                @Override // java.lang.Runnable
                public void run() {
                    try {
                        Thread.sleep(900L);
                        Runtime.getRuntime().exec(InitServiceImpl.this.tomcatPath + "/bin/restart.sh");
                    } catch (IOException e) {
                        InitServiceImpl.this.logger.error("重启系统异常 ", (Throwable) e);
                    } catch (InterruptedException e2) {
                        InitServiceImpl.this.logger.error("重启系统异常 ", (Throwable) e2);
                        Thread.currentThread().interrupt();
                    }
                }
            }).start();
            return Result.success();
        } catch (Exception e) {
            this.logger.error("重启tomcat失败");
            result.setError(ErrorEnum.RESTART_TOMCAT_ERROR);
            return result;
        }
    }

    @Override // com.xdja.pki.ra.service.manager.init.InitService
    public Result getSystemKeyAlgName() {
        if (!StringUtils.isBlank(CommonVariable.getKeyAlgName())) {
            return Result.success(Integer.valueOf("SM2".equalsIgnoreCase(CommonVariable.getKeyAlgName()) ? 1 : Constants.KEY_ALG_NAME_RSA.equalsIgnoreCase(CommonVariable.getKeyAlgName()) ? 2 : 3));
        }
        this.logger.error("获取系统算法失败");
        return Result.failure(ErrorEnum.GET_CERT_ALG_NAME_LENGTH_EXCEPTION);
    }

    @Override // com.xdja.pki.ra.service.manager.init.InitService
    public Result genLocalEncryptKey() {
        try {
            GMSSLRandomUtils.generateRandom(16);
            return Result.success();
        } catch (Exception e) {
            this.logger.error("生成加密对称密钥失败", (Throwable) e);
            throw new ServiceException("生成加密对称密钥失败", e);
        }
    }

    @Override // com.xdja.pki.ra.service.manager.init.InitService
    public Result genEncryptKey(Integer num) {
        byte[] generateRandom;
        try {
            Result operateStep = getOperateStep();
            if (!operateStep.getInfo().equals(3)) {
                this.logger.info("初始化步骤数错误");
                operateStep.setError(ErrorEnum.INIT_STEP_ERROR);
                return operateStep;
            }
            Config configFile = this.systemService.getConfigFile(Constants.CONFIG_JSON_FILE_NAME);
            if (null == configFile) {
                operateStep.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
                return operateStep;
            }
            CommonVariable.setIsEncrypt(Constants.DATA_IS_ENCRYPTION_1);
            configFile.setInitStep(4);
            if (1 == CommonVariable.getIsHsm().intValue()) {
                configFile.setEncryptKeyIndex(num.intValue());
                CommonVariable.setEncryptKeyIndex(num.intValue());
                generateRandom = GMSSLKeKUtils.generateKeyWithKeKBySM4ECB(num.intValue());
            } else {
                generateRandom = GMSSLRandomUtils.generateRandom(16);
            }
            CommonVariable.setEncryptKey(Base64.toBase64String(generateRandom));
            configFile.setEncryptKey(HsmUtils.getEncryptKey(Base64.toBase64String(generateRandom)));
            this.systemService.updateConfigFile(HsmUtils.cryptConfigRaPwd(true, configFile));
            return Result.success();
        } catch (Exception e) {
            this.logger.error("生成加密对称密钥失败", (Throwable) e);
            throw new ServiceException("生成加密对称密钥失败", e);
        }
    }
}
