package com.xdja.pki.service.thirdApp;

import com.xdja.pki.annotation.LogPersistence;
import com.xdja.pki.api.thirdApp.ThirdAppCertService;
import com.xdja.pki.api.user.UserCertService;
import com.xdja.pki.bean.BeanTrans;
import com.xdja.pki.bean.PageDataResultBean;
import com.xdja.pki.bean.PageInfo;
import com.xdja.pki.common.bean.CaInfo;
import com.xdja.pki.common.bean.Result;
import com.xdja.pki.common.bean.ResultWithLogContent;
import com.xdja.pki.common.config.Cache;
import com.xdja.pki.common.config.ConfigConstant;
import com.xdja.pki.common.enums.CaAlgInfoEnum;
import com.xdja.pki.common.enums.CertStatusEnum;
import com.xdja.pki.common.enums.DicEnum;
import com.xdja.pki.common.enums.ErrorEnum;
import com.xdja.pki.common.enums.SystemEnum;
import com.xdja.pki.common.util.CertUtil;
import com.xdja.pki.common.util.DateTimeUtil;
import com.xdja.pki.common.util.RandomUtil;
import com.xdja.pki.common.util.ZipUtil;
import com.xdja.pki.dao.common.DicDao;
import com.xdja.pki.dao.thirdApp.ThirdAppCertDao;
import com.xdja.pki.dao.thirdApp.ThirdAppDao;
import com.xdja.pki.models.ThirdAppCertDO;
import com.xdja.pki.models.ThirdAppInfoDO;
import com.xdja.pki.vo.log.OperateLogTypeEnum;
import com.xdja.pki.vo.log.content.LogContentBuilder;
import com.xdja.pki.vo.thirdApp.ThirdAppCertVO;
import java.io.ByteArrayOutputStream;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.operator.RuntimeOperatorException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/xdja/pki/service/thirdApp/ThirdAppCertServiceImpl.class */
public class ThirdAppCertServiceImpl implements ThirdAppCertService {

    @Autowired
    private ThirdAppCertDao thirdAppCertDao;

    @Autowired
    private ThirdAppDao thirdAppDao;

    @Autowired
    private DicDao dicDao;

    @Autowired
    private UserCertService userCertService;

    @Value("${inner.baseDn}")
    private String baseDn;
    private Logger logger = LoggerFactory.getLogger(getClass());
    private final BeanTrans<ThirdAppCertDO, ThirdAppCertVO> DO_TO_VO = (thirdAppCertDO, thirdAppCertVO) -> {
        thirdAppCertVO.setDn(thirdAppCertDO.getSubject());
        thirdAppCertVO.setSignCertSn(thirdAppCertDO.getSignSn());
        thirdAppCertVO.setEncCertSn(thirdAppCertDO.getEncSn());
        thirdAppCertVO.setSignAlgName(this.dicDao.getNameByCodeAndParentCode(thirdAppCertDO.getSignAlg(), DicEnum.SIGN_ALG.value));
        thirdAppCertVO.setStatus(thirdAppCertDO.getStatus());
        if (thirdAppCertDO.getNotAfterTime().getTime() < System.currentTimeMillis()) {
            thirdAppCertVO.setStatus(Integer.valueOf(CertStatusEnum.EXPIRE.value));
        }
        thirdAppCertVO.setStatusStr(this.dicDao.getDicNoteByCodeAndParentCode(String.valueOf(thirdAppCertVO.getStatus()), DicEnum.CERT_STATUS.value));
        thirdAppCertVO.setBeforeTime(DateTimeUtil.dateToStr(thirdAppCertDO.getNotBeforeTime()));
        thirdAppCertVO.setAfterTime(DateTimeUtil.dateToStr(thirdAppCertDO.getNotAfterTime()));
    };

    public Result pageList(String str, String str2, Integer num, Integer num2, Integer num3) {
        PageInfo trans = this.thirdAppCertDao.pageInfo(str, str2, num, num2.intValue(), num3.intValue()).trans(ThirdAppCertVO.class, this.DO_TO_VO);
        PageDataResultBean pageDataResultBean = new PageDataResultBean(trans);
        pageDataResultBean.setDataList(trans.getList());
        return Result.success(pageDataResultBean);
    }

    @LogPersistence(logType = OperateLogTypeEnum.ISSUE_CERT)
    public Result issueThirdAppCert(Long l, Integer num, OutputStream outputStream) {
        ThirdAppInfoDO thirdAppInfoById = this.thirdAppDao.getThirdAppInfoById(l);
        String str = null;
        try {
            Result generateAdminCert = this.userCertService.generateAdminCert("", "CN=" + thirdAppInfoById.getAppName() + "," + this.baseDn, num, (Map) null);
            if (generateAdminCert.isSuccess()) {
                Map map = (Map) generateAdminCert.getInfo();
                X509Certificate x509Certificate = (X509Certificate) map.get("signCert");
                str = x509Certificate.getSerialNumber().toString(16);
                X509Certificate x509Certificate2 = null;
                PrivateKey privateKey = null;
                PrivateKey privateKey2 = null;
                if (null != map.get("signPrivate")) {
                    privateKey2 = (PrivateKey) map.get("signPrivate");
                }
                if (null != map.get("encCert")) {
                    x509Certificate2 = (X509Certificate) map.get("encCert");
                    privateKey = (PrivateKey) map.get("encPrivate");
                }
                saveThirdAppCert(l, x509Certificate);
                this.userCertService.downloadUserCert(x509Certificate, x509Certificate2, privateKey2, privateKey, "", SystemEnum.ADMIN_SYSTEM, 2, 1, outputStream);
            }
            return new ResultWithLogContent(Result.success(), LogContentBuilder.buildIssueThirdAppCertLog(thirdAppInfoById.getAppName(), str));
        } catch (Exception e) {
            e.printStackTrace();
            throw new RuntimeOperatorException("签发第三方应用证书失败");
        }
    }

    public Result revokeThirdAppCert(String str, Integer num, String str2) {
        int revokeThirdAppCert = this.thirdAppCertDao.revokeThirdAppCert(str, num, str2);
        ThirdAppCertDO queryThirdAppCert = this.thirdAppCertDao.queryThirdAppCert(str);
        if (0 == revokeThirdAppCert) {
            return (null == queryThirdAppCert || null == queryThirdAppCert.getStatus()) ? Result.failure(ErrorEnum.CERT_IS_NOT_EXISTED) : CertStatusEnum.REVOKE.value == queryThirdAppCert.getStatus().intValue() ? Result.failure(ErrorEnum.CERT_STATUS_IS_REVOKED) : CertStatusEnum.FROZEN.value == queryThirdAppCert.getStatus().intValue() ? Result.failure(ErrorEnum.CERT_STATUS_IS_FREEZE) : Result.failure(ErrorEnum.CERT_STATUS_IS_ABNORMAL);
        }
        Cache.THIRD_APP_CERT_INFO_CACHE.put(queryThirdAppCert.getSignSn(), queryThirdAppCert);
        return Result.success();
    }

    public byte[] downloadThirdAppCertBySn(String str) {
        try {
            ThirdAppCertDO queryThirdAppCert = this.thirdAppCertDao.queryThirdAppCert(str);
            if (null == queryThirdAppCert) {
                this.logger.error("下载第三方应用证书时候，证书不存在，SN=[{}]", str);
            }
            X509Certificate certFromBase64Str = CertUtil.getCertFromBase64Str(queryThirdAppCert.getSignCertData());
            X509Certificate x509Certificate = null;
            if (StringUtils.isNotEmpty(queryThirdAppCert.getEncCertData())) {
                x509Certificate = CertUtil.getCertFromBase64Str(queryThirdAppCert.getEncCertData());
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            this.userCertService.downloadUserCert(certFromBase64Str, x509Certificate, (PrivateKey) null, (PrivateKey) null, "", SystemEnum.ADMIN_SYSTEM, 1, (Integer) null, byteArrayOutputStream);
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            this.logger.error("下载用户证书失败", e);
            throw new RuntimeException("下载证书失败", e);
        }
    }

    public ThirdAppCertDO querySignCertBySn(String str) {
        return this.thirdAppCertDao.queryThirdAppCert(str);
    }

    public ThirdAppCertDO queryThirdAppSignCert(String str) {
        return this.thirdAppCertDao.queryThirdAppSignCert(str);
    }

    public void downloadThirdAppCert(X509Certificate x509Certificate, X509Certificate x509Certificate2, PrivateKey privateKey, PrivateKey privateKey2, OutputStream outputStream) throws Exception {
        HashMap hashMap = new HashMap();
        String randomNumber = RandomUtil.getRandomNumber(6);
        char[] charArray = randomNumber.toCharArray();
        String str = "_" + randomNumber + ".jks";
        jksBytesIntoMap(hashMap, x509Certificate, privateKey, "SignCert" + str, charArray);
        if (null != privateKey2) {
            jksBytesIntoMap(hashMap, x509Certificate2, privateKey2, "EncCert" + str, charArray);
        }
        ZipUtil.toZip(hashMap, outputStream);
    }

    private void jksBytesIntoMap(Map<String, byte[]> map, X509Certificate x509Certificate, PrivateKey privateKey, String str, char[] cArr) throws Exception {
        KeyStore generateJks = CertUtil.generateJks(str, privateKey, new X509Certificate[]{x509Certificate}, cArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        generateJks.store(byteArrayOutputStream, cArr);
        map.put(str, byteArrayOutputStream.toByteArray());
    }

    private void saveThirdAppCert(Long l, X509Certificate x509Certificate) throws Exception {
        CaInfo caInfo = (CaInfo) Cache.caInfo.get(CaAlgInfoEnum.getCaAlgInfoEnum(SystemEnum.ADMIN_SYSTEM, ConfigConstant.innerAdminSystemAlg.intValue()));
        ThirdAppCertDO thirdAppCertDO = new ThirdAppCertDO();
        Date date = new Date();
        thirdAppCertDO.setGmtCreate(date);
        thirdAppCertDO.setGmtModified(date);
        thirdAppCertDO.setIssuer(caInfo.getSubject());
        thirdAppCertDO.setNotAfterTime(x509Certificate.getNotAfter());
        thirdAppCertDO.setNotBeforeTime(x509Certificate.getNotBefore());
        thirdAppCertDO.setSubject(CertUtil.getSubjectByX509Cert(x509Certificate));
        thirdAppCertDO.setPrivateKeySize(Integer.valueOf(CertUtil.getKeySize(x509Certificate.getPublicKey())));
        thirdAppCertDO.setPublicKeyAlg(Integer.valueOf(CertUtil.getCertKeyAlg(x509Certificate.getPublicKey()).type));
        thirdAppCertDO.setSignAlg(CertUtil.getCertSignAlg(x509Certificate).code);
        thirdAppCertDO.setSignCertData(CertUtil.toPem(x509Certificate));
        thirdAppCertDO.setSignSn(CertUtil.getSnFillZero(x509Certificate));
        thirdAppCertDO.setThirdAppInfoId(Long.valueOf(l.toString()));
        thirdAppCertDO.setStatus(Integer.valueOf(CertStatusEnum.NORMAL.value));
        thirdAppCertDO.setCaCertId(caInfo.getCaCertId());
        this.thirdAppCertDao.saveThirdAppCert(thirdAppCertDO);
        Cache.THIRD_APP_CERT_INFO_CACHE.put(x509Certificate.getSerialNumber().toString(16), thirdAppCertDO);
    }
}
