package com.xdja.pki.service.init;

import com.xdja.pki.api.admin.AdminService;
import com.xdja.pki.api.cert.CertService;
import com.xdja.pki.api.crl.CrlService;
import com.xdja.pki.api.init.InitService;
import com.xdja.pki.api.user.UserCertService;
import com.xdja.pki.common.bean.CaInfo;
import com.xdja.pki.common.bean.Result;
import com.xdja.pki.common.config.Cache;
import com.xdja.pki.common.config.ConfigConstant;
import com.xdja.pki.common.config.ConfigJson;
import com.xdja.pki.common.enums.AlgTypeEnum;
import com.xdja.pki.common.enums.CaAlgInfoEnum;
import com.xdja.pki.common.enums.CaCompanyEnum;
import com.xdja.pki.common.enums.CaTypeEnum;
import com.xdja.pki.common.enums.CamsInitStepEnum;
import com.xdja.pki.common.enums.CertStatusEnum;
import com.xdja.pki.common.enums.CipherStrategyEnum;
import com.xdja.pki.common.enums.DataBaseTypeEnum;
import com.xdja.pki.common.enums.DicEnum;
import com.xdja.pki.common.enums.ErrorEnum;
import com.xdja.pki.common.enums.IsOrNotEnum;
import com.xdja.pki.common.enums.KeyAlgEnum;
import com.xdja.pki.common.enums.PciEPwdIndexEnum;
import com.xdja.pki.common.enums.SignAlgEnum;
import com.xdja.pki.common.enums.SuffixEnum;
import com.xdja.pki.common.enums.SystemEnum;
import com.xdja.pki.common.enums.TemplateTypeEnum;
import com.xdja.pki.common.util.ByteUtil;
import com.xdja.pki.common.util.CertUtil;
import com.xdja.pki.common.util.DateTimeUtil;
import com.xdja.pki.common.util.FileUtil;
import com.xdja.pki.common.util.KeyUtil;
import com.xdja.pki.common.util.NetworkUtil;
import com.xdja.pki.common.util.P7bUtils;
import com.xdja.pki.common.util.RandomUtil;
import com.xdja.pki.common.util.tomcat.TomcatUtil;
import com.xdja.pki.dao.admin.ManagerCertDao;
import com.xdja.pki.dao.admin.ManagerUserCertDao;
import com.xdja.pki.dao.admin.ManagerUserRoleDao;
import com.xdja.pki.dao.admin.RoleDao;
import com.xdja.pki.dao.ca.CaDao;
import com.xdja.pki.dao.common.CommonDao;
import com.xdja.pki.dao.common.DicDao;
import com.xdja.pki.dao.security.ManagerUserDao;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRSASignUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2SignUtils;
import com.xdja.pki.models.CaDO;
import com.xdja.pki.models.ManagerCertDO;
import com.xdja.pki.models.ManagerUserCertDO;
import com.xdja.pki.models.ManagerUserDO;
import com.xdja.pki.models.ManagerUserRoleDO;
import com.xdja.pki.vo.admin.AdminEditVO;
import com.xdja.pki.vo.common.InitBaseConfigVo;
import com.xdja.pki.vo.init.DataBaseInfoVO;
import com.xdja.pki.vo.init.InitInfoVO;
import com.xdja.pki.vo.init.RootCaIssueInfoVO;
import com.xdja.pki.vo.init.SystemAdminVO;
import java.io.IOException;
import java.io.OutputStream;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.sql.DriverManager;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.crypto.hash.Sha1Hash;
import org.bouncycastle.operator.RuntimeOperatorException;
import org.bouncycastle.util.BigIntegers;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.springframework.util.ResourceUtils;

@Service
/* loaded from: input_file:com/xdja/pki/service/init/InitServiceImpl.class */
public class InitServiceImpl implements InitService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private DicDao dicDao;

    @Autowired
    private CaDao caDao;

    @Autowired
    private CommonDao commonDao;

    @Autowired
    private ManagerCertDao managerCertDao;

    @Autowired
    private ManagerUserCertDao managerUserCertDao;

    @Autowired
    private ManagerUserRoleDao managerUserRoleDao;

    @Autowired
    private ManagerUserDao managerUserDao;

    @Autowired
    private AdminService adminService;

    @Autowired
    private RoleDao roleDao;

    @Autowired
    private UserCertService userCertService;

    @Autowired
    private CrlService innerCaCrl;

    @Value("${inner.caName}")
    private String caName;

    @Value("${inner.user.caAlg}")
    private String caAlg;

    @Value("${inner.baseDn}")
    private String baseDn;

    @Value("${admin.https.port}")
    private Integer adminPort;

    @Value("${user.https.port}")
    private Integer userPort;

    @Autowired
    private CertService certService;

    public Result getSystemInfo() {
        InitInfoVO initInfoVO = new InitInfoVO();
        initInfoVO.setCaName(this.caName);
        initInfoVO.setCaAlgStr(this.dicDao.getNameByCodeAndParentCode(this.caAlg, DicEnum.ALG.value));
        initInfoVO.setCaType(ConfigJson.getINSTANCE().getCaType());
        initInfoVO.setBaseDn(this.baseDn);
        return Result.success(initInfoVO);
    }

    public Result testConnection(DataBaseInfoVO dataBaseInfoVO) throws Exception {
        DataBaseTypeEnum dataBaseTypeEnum = DataBaseTypeEnum.MYSQL;
        String str = dataBaseTypeEnum.suffix + dataBaseInfoVO.getIp() + ":" + dataBaseInfoVO.getPort() + "/" + dataBaseInfoVO.getDataName() + "?useUnicode=true&characterEncoding=UTF-8&useSSL=false";
        try {
            Class.forName(dataBaseTypeEnum.driver);
            return null == DriverManager.getConnection(str, dataBaseInfoVO.getUserName(), dataBaseInfoVO.getPassword()) ? Result.failure(ErrorEnum.DB_CONNECTION_FAIL) : Result.success();
        } catch (Exception e) {
            this.logger.error("数据库连接失败", e);
            return Result.failure(ErrorEnum.DB_CONNECTION_FAIL);
        }
    }

    public Result setDataBase(DataBaseInfoVO dataBaseInfoVO) throws Exception {
        try {
            return Result.success();
        } catch (Exception e) {
            throw new RuntimeException("保存数据库配置信息异常", e);
        }
    }

    public Result setBasicConfig(Integer num) {
        if (!CaTypeEnum.contain(num.intValue())) {
            return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
        }
        ConfigJson.writeCaType(num);
        return Result.success((Object) null);
    }

    public Result issueRootCert(String str, Integer num) throws Exception {
        Result issueRootCert = issueRootCert(SystemEnum.USER_SYSTEM, "CN=user," + str, num);
        if (!issueRootCert.isSuccess()) {
            this.logger.error("签发用户体系根证书失败");
            return issueRootCert;
        }
        CertUtil.writeObjectToFile(issueRootCert.getInfo(), ConfigConstant.gateway_ca_path);
        Result issueGateWayCert = issueGateWayCert();
        if (!issueGateWayCert.isSuccess()) {
            return issueGateWayCert;
        }
        Result issueRootCert2 = issueRootCert(SystemEnum.ADMIN_SYSTEM, "CN=admin," + str, num);
        if (!issueRootCert2.isSuccess()) {
            this.logger.error("签发管理体系根证书失败");
            return issueRootCert2;
        }
        Result issueInnerServerCert = issueInnerServerCert(num);
        if (issueInnerServerCert.isSuccess()) {
            return Result.success((Object) null);
        }
        this.logger.error("签发服务器证书失败");
        return issueInnerServerCert;
    }

    public Result issueGateWayCert() throws Exception {
        Result generateInnerCert = this.certService.generateInnerCert("CN=gateWay," + this.baseDn, TemplateTypeEnum.USER_TEMPLATE, (Map) null);
        if (!generateInnerCert.isSuccess()) {
            this.logger.error("签发网关证书失败");
            return generateInnerCert;
        }
        Map map = (Map) generateInnerCert.getInfo();
        FileUtil.writeBytesToFile(ConfigConstant.gateway_signCert_path, ((X509Certificate) map.get("signCert")).getEncoded());
        FileUtil.writeBytesToFile(ConfigConstant.gateway_encCert_path, ((X509Certificate) map.get("encCert")).getEncoded());
        FileUtil.writeBytesToFile(ConfigConstant.gateway_signKey_path, ByteUtil.changeLength(BigIntegers.asUnsignedByteArray(((KeyPair) map.get("signKeyPair")).getPrivate().getS()), 32));
        FileUtil.writeBytesToFile(ConfigConstant.gateway_encKey_path, ByteUtil.changeLength(BigIntegers.asUnsignedByteArray(((KeyPair) map.get("encKeyPair")).getPrivate().getS()), 32));
        return Result.success();
    }

    private Result issueInnerServerCert(Integer num) throws Exception {
        Result issueServerCert = issueServerCert(SystemEnum.ADMIN_SYSTEM, this.adminPort, "CN=adminServer", num);
        if (issueServerCert.isSuccess()) {
            return issueServerCert;
        }
        this.logger.error("签发管理体系服务证书失败");
        return issueServerCert;
    }

    public Result generateSubCaP10(String str) throws Exception {
        Result generateP10 = this.certService.generateP10(SystemEnum.USER_SYSTEM, str, TemplateTypeEnum.CA_TEMPLATE, (Map) null);
        if (!generateP10.isSuccess()) {
            this.logger.error("签发子CA申请书失败");
            return generateP10;
        }
        Map map = (Map) generateP10.getInfo();
        String str2 = (String) map.get("p10");
        String str3 = SuffixEnum.CERT_REQ.value + RandomUtil.getRandomNumber(6) + ".p10";
        FileUtil.writeStringToFile(ConfigConstant.p10Path + str3, str2);
        HashMap hashMap = new HashMap();
        hashMap.put("p10Name", str3);
        return Result.success(hashMap);
    }

    public Result importCertChain(byte[] bArr) throws Exception {
        boolean verifyByBC;
        try {
            List sortCerts = CertUtil.sortCerts(P7bUtils.resolveCertChain(bArr));
            if (!CertUtil.certChainVerify(sortCerts)) {
                return Result.failure(ErrorEnum.CERT_CHAIN_VERIFY_ERROR);
            }
            X509Certificate x509Certificate = (X509Certificate) sortCerts.get(0);
            int i = CertUtil.getCertKeyAlg(x509Certificate.getPublicKey()).type;
            CaAlgInfoEnum caAlgInfoEnum = CaAlgInfoEnum.getCaAlgInfoEnum(SystemEnum.USER_SYSTEM, i);
            CaInfo caInfo = (CaInfo) Cache.caInfo.get(caAlgInfoEnum);
            if (null != caInfo && null != caInfo.getRootCert()) {
                this.logger.error("该算法的CA已经初始化过，一个算法的CA系统支持一个");
                return Result.failure(ErrorEnum.CA_ALG_HAS_INITED_COMLETE);
            }
            KeyPair resolveCipherKeyPair = CertUtil.resolveCipherKeyPair(ConfigConstant.getPriateKeyPathByAlg(SystemEnum.USER_SYSTEM, i), ConfigConstant.getPublicKeyPathByAlg(SystemEnum.USER_SYSTEM, i), new CaInfo(SystemEnum.USER_SYSTEM));
            if (i == AlgTypeEnum.RSA.alg) {
                verifyByBC = GMSSLRSASignUtils.verifyByBC("sha256WithRSA", x509Certificate.getPublicKey(), Base64.toBase64String("sushi".getBytes()), GMSSLRSASignUtils.signByBC("sha256WithRSA", resolveCipherKeyPair.getPrivate(), Base64.toBase64String("sushi".getBytes())));
            } else {
                verifyByBC = GMSSLSM2SignUtils.verifyByBC(x509Certificate.getPublicKey(), Base64.toBase64String("sushi".getBytes()), GMSSLSM2SignUtils.signByBC(resolveCipherKeyPair.getPrivate(), Base64.toBase64String("sushi".getBytes())));
            }
            if (!verifyByBC) {
                this.logger.error("子CA证书链与私钥不一致");
                return Result.failure(ErrorEnum.PUBLIC_KEY_IS_NOT_MATCH);
            }
            KeyPair keyPair = new KeyPair(x509Certificate.getPublicKey(), resolveCipherKeyPair.getPrivate());
            CipherStrategyEnum cipherStrategy = CipherStrategyEnum.getCipherStrategy(ConfigJson.readCryptModule().intValue(), i);
            int indexByUserTypeAndAlg = PciEPwdIndexEnum.getIndexByUserTypeAndAlg(SystemEnum.USER_SYSTEM, cipherStrategy.alg);
            cipherStrategy.cipher.writeKeyPair(indexByUserTypeAndAlg, new String(cipherStrategy.password), keyPair, false);
            KeyUtil.writeKeyPair(SystemEnum.USER_SYSTEM, cipherStrategy.alg, keyPair);
            saveRoot(caAlgInfoEnum, x509Certificate, P7bUtils.createCertChainByCerts(sortCerts), KeyUtil.resolveKeyPair(cipherStrategy, indexByUserTypeAndAlg, keyPair), x509Certificate.getSubjectDN().toString());
            if (ConfigJson.readInitStep().intValue() != CamsInitStepEnum.SUB_CA_CERT_ISSUE.step) {
                this.innerCaCrl.restartCrlThreads();
                return Result.success();
            }
            Integer calculateValidity = DateTimeUtil.calculateValidity(x509Certificate);
            Result issueRootCert = issueRootCert(SystemEnum.ADMIN_SYSTEM, "CN=adminCa," + this.baseDn, calculateValidity);
            if (!issueRootCert.isSuccess()) {
                this.logger.error("签发管理体系根证书失败");
                return issueRootCert;
            }
            Result generateAdminCert = this.userCertService.generateAdminCert("", "CN=caAdmin", calculateValidity, (Map) null);
            CaInfo caInfo2 = (CaInfo) Cache.caInfo.get(CaAlgInfoEnum.getCaAlgInfoEnum(SystemEnum.ADMIN_SYSTEM, ConfigConstant.innerAdminSystemAlg.intValue()));
            if (!generateAdminCert.isSuccess()) {
                return Result.failure(ErrorEnum.SERVER_INTERNAL_EXCEPTION);
            }
            Map map = (Map) generateAdminCert.getInfo();
            X509Certificate x509Certificate2 = (X509Certificate) map.get("signCert");
            PrivateKey privateKey = (PrivateKey) map.get("signPrivate");
            String property = System.getProperty("catalina.home");
            if (ConfigConstant.innerAdminSystemAlg.intValue() == KeyAlgEnum.RSA.type) {
                TomcatUtil.openHttpsPortByJKSWithRSA(P7bUtils.resolveCertChain(caInfo2.getCertChain()), x509Certificate2, (X509Certificate) null, privateKey, (PrivateKey) null, property, this.adminPort.intValue());
            } else {
                TomcatUtil.openHttpsPortByBC(P7bUtils.resolveCertChain(caInfo2.getCertChain()), x509Certificate2, (X509Certificate) map.get("encCert"), privateKey, (PrivateKey) map.get("encPrivate"), this.adminPort.intValue());
            }
            return Result.success((Object) null);
        } catch (IOException e) {
            this.logger.error("私钥文件不存在", e);
            return Result.failure(ErrorEnum.NOT_FOUND_SUBCA_PRIVATEKEY_FILE);
        } catch (Exception e2) {
            e2.printStackTrace();
            throw new RuntimeException("导入子CA证书链异常", e2);
        }
    }

    public Result issueSuperAdmin(String str) throws Exception {
        Result generateAdminCert = this.userCertService.generateAdminCert("", "CN=" + str + "," + this.baseDn, (Integer) null, (Map) null);
        if (!generateAdminCert.isSuccess()) {
            this.logger.error("签发超级管理员失败");
            return generateAdminCert;
        }
        Map map = (Map) generateAdminCert.getInfo();
        SystemAdminVO systemAdminVO = new SystemAdminVO();
        systemAdminVO.setName(str);
        saveAdmin((X509Certificate) map.get("signCert"), (String) map.get("fileName"), systemAdminVO);
        return Result.success(map.get("fileName"));
    }

    private void saveAdmin(X509Certificate x509Certificate, String str, SystemAdminVO systemAdminVO) {
        CaInfo caInfo = (CaInfo) Cache.caInfo.get(CaAlgInfoEnum.getCaAlgInfoEnum(SystemEnum.ADMIN_SYSTEM, ConfigConstant.innerAdminSystemAlg.intValue()));
        ManagerCertDO managerCertDO = new ManagerCertDO();
        managerCertDO.setCaCertId(caInfo.getCaCertId());
        managerCertDO.setSn(x509Certificate.getSerialNumber().toString(16));
        managerCertDO.setSubject(x509Certificate.getSubjectDN().toString());
        managerCertDO.setIssuer(caInfo.getSubject());
        managerCertDO.setPublicKeyAlg(Integer.valueOf(CertUtil.getCertKeyAlg(x509Certificate.getPublicKey()).type));
        managerCertDO.setPrivateKeySize(Integer.valueOf(CertUtil.getKeySize(x509Certificate.getPublicKey())));
        managerCertDO.setNotBeforeTime(x509Certificate.getNotBefore());
        managerCertDO.setNotAfterTime(x509Certificate.getNotAfter());
        managerCertDO.setSignAlg(SignAlgEnum.getCode(x509Certificate.getSigAlgName()));
        managerCertDO.setCertName("");
        managerCertDO.setCertData(CertUtil.toPem(x509Certificate));
        managerCertDO.setStatus(Integer.valueOf(CertStatusEnum.NORMAL.value));
        managerCertDO.setGmtCreate(new Date());
        managerCertDO.setGmtModified(new Date());
        managerCertDO.setDeviceNo(systemAdminVO.getCardNo());
        ManagerCertDO insert = this.managerCertDao.insert(managerCertDO);
        ManagerUserDO managerUserDO = new ManagerUserDO();
        managerUserDO.setName(systemAdminVO.getName());
        managerUserDO.setPassword(new Sha1Hash("Xdja@123").toHex().toLowerCase());
        managerUserDO.setGmtCreate(new Date());
        managerUserDO.setGmtModified(new Date());
        ManagerUserDO insert2 = this.managerUserDao.insert(managerUserDO);
        ManagerUserCertDO managerUserCertDO = new ManagerUserCertDO();
        managerUserCertDO.setManagerUserId(insert2.getId());
        managerUserCertDO.setManagerCertId(insert.getId());
        managerUserCertDO.setGmtCreate(new Date());
        managerUserCertDO.setGmtModified(new Date());
        this.managerUserCertDao.insert(managerUserCertDO);
        ManagerUserRoleDO managerUserRoleDO = new ManagerUserRoleDO();
        managerUserRoleDO.setRoleId(systemAdminVO.getRoleId());
        managerUserRoleDO.setManagerUserId(insert2.getId());
        managerUserRoleDO.setGmtCreate(new Date());
        managerUserRoleDO.setGmtModified(new Date());
        this.managerUserRoleDao.insert(managerUserRoleDO);
    }

    public Result doReInit() throws Exception {
        if (ConfigJson.readInitComplete().intValue() != IsOrNotEnum.NOT.value) {
            return Result.failure(ErrorEnum.INIT_STEP_IS_ERROR);
        }
        for (String str : FileUtil.readLines(ResourceUtils.getURL("classpath:sql/reset.sql").getPath())) {
            if (StringUtils.isNotBlank(str)) {
                this.commonDao.executeSql(str);
            }
        }
        this.logger.info("数据库重新初始化完成");
        FileUtil.deleteDirectory(ConfigConstant.p10Path);
        FileUtil.deleteDirectory(ConfigConstant.managerCertPath);
        FileUtil.deleteDirectory(ConfigConstant.keyPath);
        FileUtil.deleteDirectory(ConfigConstant.crlPath);
        FileUtil.deleteDirectory(ConfigConstant.gateway_ca_path);
        FileUtil.deleteDirectory(ConfigConstant.gateway_crl_path);
        FileUtil.deleteDirectory(ConfigConstant.gateway_signCert_path);
        FileUtil.deleteDirectory(ConfigConstant.gateway_encCert_path);
        FileUtil.deleteDirectory(ConfigConstant.gateway_encKey_path);
        FileUtil.deleteDirectory(ConfigConstant.caCertPath);
        this.logger.info("系统相关文件重新初始化完成");
        ConfigJson.init();
        this.logger.info("配置文件重新初始化完成");
        Cache.caInfo.clear();
        this.logger.info("根证书缓存重新初始化完成");
        return Result.success();
    }

    public Result issueRootCert(SystemEnum systemEnum, String str, Integer num) throws Exception {
        Result generateRootCert = this.certService.generateRootCert(systemEnum, str, num, (Map) null);
        if (!generateRootCert.isSuccess()) {
            this.logger.error("签发内置CA根证书失败");
            return generateRootCert;
        }
        Map map = (Map) generateRootCert.getInfo();
        X509Certificate x509Certificate = (X509Certificate) map.get("rootCert");
        saveRoot(CaAlgInfoEnum.getCaAlgInfoEnum(systemEnum, ConfigConstant.innerAdminSystemAlg.intValue()), x509Certificate, null, (KeyPair) map.get("keyPair"), str);
        return Result.success(x509Certificate);
    }

    private void saveRoot(CaAlgInfoEnum caAlgInfoEnum, X509Certificate x509Certificate, String str, KeyPair keyPair, String str2) throws Exception {
        CaInfo caInfo = (CaInfo) Cache.caInfo.get(caAlgInfoEnum);
        if (null == caInfo) {
            caInfo = new CaInfo(caAlgInfoEnum.systemType);
            Cache.caInfo.put(caAlgInfoEnum, caInfo);
        }
        caInfo.setRootCert(x509Certificate);
        caInfo.setSubject(CertUtil.getSubjectByX509Cert(x509Certificate));
        caInfo.setBaseDn(this.baseDn);
        caInfo.setKeyAlg(Integer.valueOf(caAlgInfoEnum.alg));
        caInfo.setKeyPair(keyPair);
        CaDO caDO = new CaDO();
        caDO.setName(CaCompanyEnum.XDJA.code);
        caDO.setBaseDn(this.baseDn);
        caDO.setSystemType(Integer.valueOf(caAlgInfoEnum.systemType.type));
        caDO.setType(Integer.valueOf(null == str ? CaTypeEnum.ROOT_CA.type : CaTypeEnum.SUB_CA.type));
        caDO.setSubject(CertUtil.getSubjectByX509Cert(x509Certificate));
        caDO.setIssuer(CertUtil.getIssuerByX509Cert(x509Certificate));
        caDO.setPublicKeyAlg(Integer.valueOf(caAlgInfoEnum.alg));
        caDO.setSignAlg(SignAlgEnum.getCode(x509Certificate.getSigAlgName()));
        caDO.setIsCurrent(Integer.valueOf(IsOrNotEnum.IS.value));
        caDO.setCert(CertUtil.toPem(x509Certificate));
        if (StringUtils.isEmpty(str)) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(x509Certificate);
            str = P7bUtils.createCertChainByCerts(arrayList);
        }
        caDO.setCertChain(str);
        caDO.setGmtCreate(new Date());
        caDO.setSn(x509Certificate.getSerialNumber().toString(16));
        CaDO insert = this.caDao.insert(caDO);
        caInfo.setCaCertId(insert.getId());
        caInfo.setCertChain(str);
        caInfo.setSignAlg(this.dicDao.getNameByCodeAndParentCode(insert.getSignAlg(), DicEnum.SIGN_ALG.value));
    }

    private Result issueServerCert(SystemEnum systemEnum, Integer num, String str, Integer num2) throws Exception {
        Result generateServerCert = this.certService.generateServerCert(systemEnum, str, num2, num, (Map) null);
        if (generateServerCert.isSuccess()) {
            return Result.success((Object) null);
        }
        this.logger.error("签发服务器证书失败");
        return generateServerCert;
    }

    public Result doIntegrationInit(AdminEditVO adminEditVO) throws Exception {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("融合版初始化-保存管理员-设置CA类型");
        }
        setBasicConfig(Integer.valueOf(CaTypeEnum.ROOT_CA.type));
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("融合版初始化-保存管理员-签发根证书");
        }
        String str = "CN=" + UUID.randomUUID().toString().replaceAll("-", "") + "," + this.baseDn;
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("签发根证书:validity:{},dn:{}", 10950, str);
        }
        Result issueRootCert = issueRootCert(str, 10950);
        if (issueRootCert.isNotSuccess()) {
            this.logger.error("签发根证书发生错误:{}", issueRootCert.getErrorEnum());
            return issueRootCert;
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("融合版初始化-保存管理员-保存管理员");
        }
        adminEditVO.setRoleId(1L);
        return this.adminService.addAdmin(adminEditVO);
    }

    public Result check() throws Exception {
        Result generateInnerCert = this.certService.generateInnerCert("CN=" + UUID.randomUUID().toString().replaceAll("-", "") + "," + ((CaInfo) Cache.caInfo.get(SystemEnum.USER_SYSTEM)).getBaseDn(), TemplateTypeEnum.USER_TEMPLATE, new HashMap(2));
        Map map = (Map) generateInnerCert.getInfo();
        map.put("signCert", CertUtil.toPem((X509Certificate) map.get("signCert")));
        map.put("encCert", CertUtil.toPem((X509Certificate) map.get("encCert")));
        map.put("signKeyPair", CertUtil.toPem((KeyPair) map.get("signKeyPair")));
        map.put("encKeyPair", CertUtil.toPem((KeyPair) map.get("encKeyPair")));
        generateInnerCert.setInfo(map);
        return generateInnerCert;
    }

    public Result saveBasicConfig(InitBaseConfigVo initBaseConfigVo) {
        try {
            ConfigJson.writeInitBaseConfig(initBaseConfigVo.getCaType(), initBaseConfigVo.getCryptModule(), initBaseConfigVo.getCaName());
            if (initBaseConfigVo.getCaType().intValue() == CaTypeEnum.ROOT_CA.type) {
                ConfigJson.writeInitStep(Integer.valueOf(CamsInitStepEnum.ROOT_CA_CERT_ISSUE.step));
            } else if (initBaseConfigVo.getCaType().intValue() == CaTypeEnum.SUB_CA.type) {
                ConfigJson.writeInitStep(Integer.valueOf(CamsInitStepEnum.SUB_CA_CERT_ISSUE.step));
            }
            return Result.success();
        } catch (Exception e) {
            throw new RuntimeOperatorException("保存基本基本信息异常", e);
        }
    }

    public Result issueInitRootCert(RootCaIssueInfoVO rootCaIssueInfoVO) {
        try {
            Result issueRootCert = issueRootCert(SystemEnum.USER_SYSTEM, rootCaIssueInfoVO.getDn(), rootCaIssueInfoVO.getValidity(), rootCaIssueInfoVO.getCaAlg());
            if (!issueRootCert.isSuccess()) {
                this.logger.error("签发用户体系根证书失败");
                return issueRootCert;
            }
            Result issueRootCert2 = issueRootCert(SystemEnum.ADMIN_SYSTEM, "CN=adminCa," + this.baseDn, rootCaIssueInfoVO.getValidity(), ConfigConstant.innerAdminSystemAlg);
            if (!issueRootCert2.isSuccess()) {
                this.logger.error("签发管理体系根证书失败");
                return issueRootCert2;
            }
            List localIps = NetworkUtil.getLocalIps();
            String str = localIps.size() == 0 ? "CN=server," + this.baseDn : "CN=" + ((String) localIps.get(0)) + "," + this.baseDn;
            HashMap hashMap = new HashMap();
            hashMap.put("ipList", localIps);
            Result generateAdminCert = this.userCertService.generateAdminCert("", str, rootCaIssueInfoVO.getValidity(), hashMap);
            CaInfo caInfo = (CaInfo) Cache.caInfo.get(CaAlgInfoEnum.getCaAlgInfoEnum(SystemEnum.ADMIN_SYSTEM, ConfigConstant.innerAdminSystemAlg.intValue()));
            if (!generateAdminCert.isSuccess()) {
                return Result.failure(ErrorEnum.SERVER_INTERNAL_EXCEPTION);
            }
            Map map = (Map) generateAdminCert.getInfo();
            X509Certificate x509Certificate = (X509Certificate) map.get("signCert");
            PrivateKey privateKey = (PrivateKey) map.get("signPrivate");
            String property = System.getProperty("catalina.home");
            if (ConfigConstant.innerAdminSystemAlg.intValue() == KeyAlgEnum.RSA.type) {
                TomcatUtil.openHttpsPortByJKSWithRSA(P7bUtils.resolveCertChain(caInfo.getCertChain()), x509Certificate, (X509Certificate) null, privateKey, (PrivateKey) null, property, this.adminPort.intValue());
            } else {
                TomcatUtil.openHttpsPortByBC(P7bUtils.resolveCertChain(caInfo.getCertChain()), x509Certificate, (X509Certificate) map.get("encCert"), privateKey, (PrivateKey) map.get("encPrivate"), this.adminPort.intValue());
            }
            return Result.success((Object) null);
        } catch (Exception e) {
            throw new RuntimeOperatorException("签发CA证书异常", e);
        }
    }

    public Result issueCardSuperAdmin(SystemAdminVO systemAdminVO) {
        try {
            if (this.managerCertDao.cardNoIsHasNormalCert(systemAdminVO.getCardNo())) {
                return Result.failure(ErrorEnum.CARD_IS_EXITS);
            }
            HashMap hashMap = new HashMap();
            hashMap.put("P10", systemAdminVO.getP10());
            hashMap.put("name", systemAdminVO.getName());
            hashMap.put("cardNo", systemAdminVO.getCardNo());
            hashMap.put("validity", systemAdminVO.getValidity());
            String name = this.roleDao.getRoleById(systemAdminVO.getRoleId()).getName();
            hashMap.put("roleName", name);
            Result generateAdminCert = this.userCertService.generateAdminCert(systemAdminVO.getP10(), CertUtil.buildDn(systemAdminVO.getCardNo(), systemAdminVO.getName(), name, this.baseDn), systemAdminVO.getValidity(), (Map) null);
            if (!generateAdminCert.isSuccess()) {
                this.logger.error("签发超级管理员失败");
                return generateAdminCert;
            }
            Map map = (Map) generateAdminCert.getInfo();
            X509Certificate x509Certificate = (X509Certificate) map.get("signCert");
            X509Certificate x509Certificate2 = null;
            String str = null;
            if (null != map.get("encCert")) {
                x509Certificate2 = (X509Certificate) map.get("encCert");
                str = map.get("signedAndEnvelopData").toString();
            }
            saveAdmin(x509Certificate, (String) map.get("fileName"), systemAdminVO);
            return null != x509Certificate2 ? Result.issueCardDoubleCertSuccess(CertUtil.toPem(x509Certificate), CertUtil.toPem(x509Certificate2), str) : Result.issueCardSignleCertSuccess(CertUtil.toPem(x509Certificate));
        } catch (Exception e) {
            e.printStackTrace();
            this.logger.error("签发管理员失败:", e);
            throw new RuntimeOperatorException("签发管理员失败", e);
        }
    }

    public Result getDbInfo() {
        return null;
    }

    public Result issueRootCert(SystemEnum systemEnum, String str, Integer num, Integer num2) throws Exception {
        Result generateRootCert = this.certService.generateRootCert(systemEnum, str, num, num2, (Map) null);
        if (!generateRootCert.isSuccess()) {
            this.logger.error("签发内置CA根证书失败");
            return generateRootCert;
        }
        Map map = (Map) generateRootCert.getInfo();
        X509Certificate x509Certificate = (X509Certificate) map.get("rootCert");
        saveRoot(CaAlgInfoEnum.getCaAlgInfoEnum(systemEnum, num2.intValue()), x509Certificate, null, (KeyPair) map.get("keyPair"), str);
        return Result.success(x509Certificate.getSerialNumber().toString(16));
    }

    public Result generateSubCaP10(String str, Integer num, OutputStream outputStream) {
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("caAlg", num);
            Result generateP10 = this.certService.generateP10(SystemEnum.USER_SYSTEM, str, TemplateTypeEnum.CA_TEMPLATE, hashMap);
            if (!generateP10.isSuccess()) {
                this.logger.error("签发子CA申请书失败");
                return generateP10;
            }
            try {
                try {
                    outputStream.write(((String) ((Map) generateP10.getInfo()).get("p10")).getBytes());
                    outputStream.flush();
                    if (null != outputStream) {
                        outputStream.close();
                    }
                    return Result.success();
                } catch (IOException e) {
                    this.logger.error("写文件失败", e);
                    throw new RuntimeException("生成p10异常", e);
                }
            } catch (Throwable th) {
                if (null != outputStream) {
                    outputStream.close();
                }
                throw th;
            }
        } catch (Exception e2) {
            throw new RuntimeException("生成p10异常", e2);
        }
    }
}
