package com.xdja.pki.service.common;

import com.xdja.pki.annotation.LogPersistence;
import com.xdja.pki.api.admin.AdminService;
import com.xdja.pki.api.certmanager.CertManagerService;
import com.xdja.pki.api.common.CommonService;
import com.xdja.pki.api.subca.SubCaCertService;
import com.xdja.pki.api.thirdApp.ThirdAppCertService;
import com.xdja.pki.api.user.UserCertService;
import com.xdja.pki.common.bean.CaInfo;
import com.xdja.pki.common.bean.Result;
import com.xdja.pki.common.bean.ResultWithLogContent;
import com.xdja.pki.common.config.Cache;
import com.xdja.pki.common.config.ConfigConstant;
import com.xdja.pki.common.config.ConfigJson;
import com.xdja.pki.common.enums.AlgTypeEnum;
import com.xdja.pki.common.enums.BindStatusEnum;
import com.xdja.pki.common.enums.CaAlgInfoEnum;
import com.xdja.pki.common.enums.CaTypeEnum;
import com.xdja.pki.common.enums.CertPatternEnum;
import com.xdja.pki.common.enums.CertPatternTemplageEnum;
import com.xdja.pki.common.enums.CertTypeEnum;
import com.xdja.pki.common.enums.DicEnum;
import com.xdja.pki.common.enums.ErrorEnum;
import com.xdja.pki.common.enums.IsOrNotEnum;
import com.xdja.pki.common.enums.KeyAlgEnum;
import com.xdja.pki.common.enums.SignAlgEnum;
import com.xdja.pki.common.enums.SwitchEnum;
import com.xdja.pki.common.enums.SystemEnum;
import com.xdja.pki.common.enums.TemplateTypeEnum;
import com.xdja.pki.common.util.CertUtil;
import com.xdja.pki.common.util.DateTimeUtil;
import com.xdja.pki.common.util.FileUtil;
import com.xdja.pki.common.util.RandomUtil;
import com.xdja.pki.common.util.SignatureUtil;
import com.xdja.pki.common.util.tomcat.TomcatUtil;
import com.xdja.pki.dao.admin.AdminDao;
import com.xdja.pki.dao.admin.ManagerUserCertDao;
import com.xdja.pki.dao.common.DicDao;
import com.xdja.pki.dao.template.TemplateDao;
import com.xdja.pki.models.ManagerCertDO;
import com.xdja.pki.models.TemplateDO;
import com.xdja.pki.security.util.OperatorUtil;
import com.xdja.pki.vo.common.AlgInfoVO;
import com.xdja.pki.vo.common.DictVO;
import com.xdja.pki.vo.common.InitStatusVO;
import com.xdja.pki.vo.common.RevokeCertParam;
import com.xdja.pki.vo.common.TemplateVO;
import com.xdja.pki.vo.log.OperateLogTypeEnum;
import com.xdja.pki.vo.log.content.LogContentBuilder;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.crypto.hash.Sha256Hash;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/xdja/pki/service/common/CommonServiceImpl.class */
public class CommonServiceImpl implements CommonService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private TemplateDao templateDao;

    @Autowired
    private DicDao dicDao;

    @Autowired
    private ManagerUserCertDao managerUserCertDao;

    @Value("${system.type}")
    private Integer systemType;

    @Value("${http.port}")
    private Integer httpPort;

    @Value("${admin.https.port}")
    private Integer httpsPort;

    @Value("${inner.baseDn}")
    private String baseDn;

    @Value("${admin.usbkey.container}")
    private String adminUsbkeyContainer;

    @Autowired
    private SubCaCertService subCaCertService;

    @Autowired
    private UserCertService userCertService;

    @Autowired
    private CertManagerService certManagerService;

    @Autowired
    private AdminService adminService;

    @Autowired
    private AdminDao adminDao;

    @Autowired
    private ThirdAppCertService thirdAppCertService;

    /* renamed from: com.xdja.pki.service.common.CommonServiceImpl$1, reason: invalid class name */
    /* loaded from: input_file:com/xdja/pki/service/common/CommonServiceImpl$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$xdja$pki$common$enums$CertTypeEnum = new int[CertTypeEnum.values().length];

        static {
            try {
                $SwitchMap$com$xdja$pki$common$enums$CertTypeEnum[CertTypeEnum.CA_CERT.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$xdja$pki$common$enums$CertTypeEnum[CertTypeEnum.P10_FILE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$xdja$pki$common$enums$CertTypeEnum[CertTypeEnum.SUB_CA_CERT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$xdja$pki$common$enums$CertTypeEnum[CertTypeEnum.USER_CERT.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$xdja$pki$common$enums$CertTypeEnum[CertTypeEnum.DEVICE_CERT.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$com$xdja$pki$common$enums$CertTypeEnum[CertTypeEnum.ADMIN_CERT.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$com$xdja$pki$common$enums$CertTypeEnum[CertTypeEnum.THIRD_CERT.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    public Result getSystemInfo() {
        InitStatusVO initStatusVO = new InitStatusVO();
        ConfigJson readINSTANCE = ConfigJson.readINSTANCE();
        initStatusVO.setInitStep(readINSTANCE.getInitStep());
        initStatusVO.setInitComplete(readINSTANCE.getInitComplete());
        initStatusVO.setHttpPort(this.httpPort);
        initStatusVO.setHttpsPort(this.httpsPort);
        initStatusVO.setSystemType(this.systemType);
        initStatusVO.setIsKey(readINSTANCE.getIsKey());
        initStatusVO.setSwitchAuthority(readINSTANCE.getSwitchAuthority());
        initStatusVO.setCaName(ConfigJson.readCaName());
        initStatusVO.setBaseDn(this.baseDn);
        return Result.success(initStatusVO);
    }

    public Result getAlgInfoBeforeIssue(CertTypeEnum certTypeEnum) {
        AlgInfoVO algInfoVoWithTemplate;
        new AlgInfoVO();
        CaInfo caInfo = (CaInfo) Cache.caInfo.get(CaAlgInfoEnum.getCaAlgInfoEnum(SystemEnum.USER_SYSTEM, AlgTypeEnum.RSA.alg));
        CaInfo caInfo2 = (CaInfo) Cache.caInfo.get(CaAlgInfoEnum.getCaAlgInfoEnum(SystemEnum.USER_SYSTEM, AlgTypeEnum.SM2.alg));
        CaInfo caInfo3 = (CaInfo) Cache.caInfo.get(CaAlgInfoEnum.getCaAlgInfoEnum(SystemEnum.ADMIN_SYSTEM, ConfigConstant.innerAdminSystemAlg.intValue()));
        switch (AnonymousClass1.$SwitchMap$com$xdja$pki$common$enums$CertTypeEnum[certTypeEnum.ordinal()]) {
            case 1:
            case 2:
                if (null == caInfo && null != caInfo2) {
                    algInfoVoWithTemplate = getAlgInfoVoWithTemplate(this.templateDao.getTemplate(TemplateTypeEnum.CA_TEMPLATE, Integer.valueOf(AlgTypeEnum.RSA.alg)), null, Integer.valueOf(AlgTypeEnum.RSA.alg));
                    break;
                } else if (null != caInfo && null == caInfo2) {
                    algInfoVoWithTemplate = getAlgInfoVoWithTemplate(this.templateDao.getTemplate(TemplateTypeEnum.CA_TEMPLATE, Integer.valueOf(AlgTypeEnum.SM2.alg)), null, Integer.valueOf(AlgTypeEnum.SM2.alg));
                    break;
                } else {
                    algInfoVoWithTemplate = getAlgInfoVoWithTemplate(this.templateDao.getTemplate(TemplateTypeEnum.CA_TEMPLATE, Integer.valueOf(AlgTypeEnum.SM2.alg)), null, null);
                    break;
                }
                break;
            case 3:
                if (null == caInfo && null != caInfo2) {
                    algInfoVoWithTemplate = getAlgInfoVoWithTemplate(this.templateDao.getTemplate(TemplateTypeEnum.CA_TEMPLATE, Integer.valueOf(AlgTypeEnum.SM2.alg)), caInfo2, Integer.valueOf(AlgTypeEnum.SM2.alg));
                    break;
                } else if (null != caInfo && null == caInfo2) {
                    algInfoVoWithTemplate = getAlgInfoVoWithTemplate(this.templateDao.getTemplate(TemplateTypeEnum.CA_TEMPLATE, Integer.valueOf(AlgTypeEnum.RSA.alg)), caInfo, Integer.valueOf(AlgTypeEnum.RSA.alg));
                    break;
                } else {
                    algInfoVoWithTemplate = getAlgInfoVoWithTemplate(this.templateDao.getTemplate(TemplateTypeEnum.CA_TEMPLATE, Integer.valueOf(AlgTypeEnum.SM2.alg)), null, null);
                    break;
                }
                break;
            case 4:
            case 5:
                if (null == caInfo && null != caInfo2) {
                    algInfoVoWithTemplate = getAlgInfoVoWithTemplate(this.templateDao.getTemplateByName(CertPatternTemplageEnum.getTemplateName(SystemEnum.USER_SYSTEM, AlgTypeEnum.SM2.alg, CertPatternEnum.DOUBLE.value)), caInfo2, Integer.valueOf(AlgTypeEnum.SM2.alg));
                } else if (null == caInfo || null != caInfo2) {
                    algInfoVoWithTemplate = getAlgInfoVoWithTemplate(this.templateDao.getTemplateByName(CertPatternTemplageEnum.getTemplateName(SystemEnum.USER_SYSTEM, AlgTypeEnum.SM2.alg, CertPatternEnum.DOUBLE.value)), null, null);
                } else {
                    algInfoVoWithTemplate = getAlgInfoVoWithTemplate(this.templateDao.getTemplateByName(CertPatternTemplageEnum.getTemplateName(SystemEnum.USER_SYSTEM, AlgTypeEnum.RSA.alg, CertPatternEnum.DOUBLE.value)), caInfo, Integer.valueOf(AlgTypeEnum.RSA.alg));
                }
                algInfoVoWithTemplate.setChipContainer(ConfigJson.readContainerConf());
                break;
            case 6:
            case 7:
                algInfoVoWithTemplate = getAlgInfoVoWithTemplate(this.templateDao.getTemplateByName(CertPatternTemplageEnum.getAdminTemplateName(ConfigConstant.innerAdminSystemAlg.intValue())), caInfo3, ConfigConstant.innerAdminSystemAlg);
                algInfoVoWithTemplate.setChipContainer(this.adminUsbkeyContainer);
                break;
            default:
                throw new RuntimeException("不支持的证书类型" + certTypeEnum);
        }
        return Result.success(algInfoVoWithTemplate);
    }

    private AlgInfoVO getAlgInfoVoWithTemplate(TemplateDO templateDO, CaInfo caInfo, Integer num) {
        AlgInfoVO algInfoVO = new AlgInfoVO();
        Integer maxValidity = templateDO.getMaxValidity();
        if (null != caInfo) {
            Integer calculateValidity = DateTimeUtil.calculateValidity(caInfo.getRootCert());
            algInfoVO.setMaxValidity(calculateValidity.intValue() < maxValidity.intValue() ? calculateValidity : maxValidity);
        } else {
            algInfoVO.setMaxValidity(maxValidity);
        }
        if (null != num) {
            algInfoVO.setAlg(num);
            algInfoVO.setAlgStr(this.dicDao.getNameByCodeAndParentCode(num, DicEnum.ALG.value));
            algInfoVO.setSignAlg(Integer.valueOf(templateDO.getSignAlg()));
            algInfoVO.setSignAlgStr(this.dicDao.getNameByCodeAndParentCode(templateDO.getSignAlg(), DicEnum.SIGN_ALG.value));
            algInfoVO.setKeyLength(templateDO.getKeySize());
        } else {
            algInfoVO.setAlg(4);
        }
        algInfoVO.setBaseDn(this.baseDn);
        return algInfoVO;
    }

    public Result restartSystem() throws Exception {
        TomcatUtil.restart();
        return Result.success((Object) null);
    }

    @LogPersistence(logType = OperateLogTypeEnum.DOWN_CERT)
    public Result fileDownLoad(String str, CertTypeEnum certTypeEnum, HttpServletResponse httpServletResponse) throws Exception {
        byte[] downloadThirdAppCertBySn;
        String dateToStr = DateTimeUtil.dateToStr(new Date(), "yyyyMMddHHmmss");
        switch (AnonymousClass1.$SwitchMap$com$xdja$pki$common$enums$CertTypeEnum[certTypeEnum.ordinal()]) {
            case 1:
                Map downloadCaCertWithInfo = this.certManagerService.downloadCaCertWithInfo(SystemEnum.USER_SYSTEM, str);
                downloadThirdAppCertBySn = (byte[]) downloadCaCertWithInfo.get("certChainBytes");
                str = buildCaName((Integer) downloadCaCertWithInfo.get("type"), (Integer) downloadCaCertWithInfo.get("alg"));
                break;
            case 2:
                downloadThirdAppCertBySn = FileUtil.readBytesFromFile(ConfigConstant.p10Path + str);
                break;
            case 3:
                downloadThirdAppCertBySn = this.subCaCertService.downloadSubCaCert(str);
                str = "SubCA_" + dateToStr + ".p7b";
                break;
            case 4:
            case 5:
                downloadThirdAppCertBySn = this.userCertService.downloadUserCertBySn(str);
                str = "UserCert_" + dateToStr + ".zip";
                break;
            case 6:
                downloadThirdAppCertBySn = FileUtil.readBytesFromFile(ConfigConstant.managerCertPath + str);
                break;
            case 7:
                downloadThirdAppCertBySn = this.thirdAppCertService.downloadThirdAppCertBySn(str);
                str = "ApplyCert_" + dateToStr + ".zip";
                break;
            default:
                throw new RuntimeException("cert type unsupported");
        }
        httpServletResponse.reset();
        httpServletResponse.setHeader("Content-Disposition", "attachment; filename=" + str);
        httpServletResponse.setContentType("application/octet-stream;charset=UTF-8");
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        try {
            try {
                outputStream.write(downloadThirdAppCertBySn);
                outputStream.flush();
                if (null != outputStream) {
                    outputStream.close();
                }
            } catch (IOException e) {
                this.logger.error("写文件失败", e);
                if (null != outputStream) {
                    outputStream.close();
                }
            }
            return new ResultWithLogContent(Result.success(), LogContentBuilder.buildCertDownloadLog(certTypeEnum, str));
        } catch (Throwable th) {
            if (null != outputStream) {
                outputStream.close();
            }
            throw th;
        }
    }

    public String buildCaName(Integer num, Integer num2) {
        String str = KeyAlgEnum.getAlgName(num2.intValue()) + "_";
        return (num.intValue() == CaTypeEnum.ROOT_CA.type ? str + "RootCA" : str + "SubCA") + ".p7b";
    }

    public Map<String, DictVO> getDictGroupByParentCode(String str) {
        List listDictByParentCode = this.dicDao.listDictByParentCode(str);
        HashMap hashMap = new HashMap();
        if (listDictByParentCode == null || listDictByParentCode.isEmpty()) {
            return hashMap;
        }
        listDictByParentCode.forEach(dicDO -> {
            DictVO dictVO = new DictVO();
            BeanUtils.copyProperties(dicDO, dictVO);
            hashMap.put(dicDO.getCode(), dictVO);
        });
        return hashMap;
    }

    public TemplateVO getTemplate(CertTypeEnum certTypeEnum) {
        TemplateDO template;
        switch (AnonymousClass1.$SwitchMap$com$xdja$pki$common$enums$CertTypeEnum[certTypeEnum.ordinal()]) {
            case 1:
                template = this.templateDao.getTemplate(TemplateTypeEnum.CA_TEMPLATE, ConfigConstant.innerUserSystemAlg);
                break;
            case 2:
            case 5:
            default:
                throw new RuntimeException("不支持的证书类型" + certTypeEnum);
            case 3:
                template = this.templateDao.getTemplate(TemplateTypeEnum.CA_TEMPLATE, ConfigConstant.innerUserSystemAlg);
                break;
            case 4:
                template = this.templateDao.getTemplate(TemplateTypeEnum.USER_TEMPLATE, ConfigConstant.innerUserSystemAlg);
                break;
            case 6:
                template = this.templateDao.getTemplate(TemplateTypeEnum.ADMIN_TEMPLATE, ConfigConstant.innerAdminSystemAlg);
                break;
        }
        TemplateVO templateVO = new TemplateVO();
        BeanUtils.copyProperties(template, templateVO);
        return templateVO;
    }

    public Result listDicByParentCode(String str) {
        List listDictByParentCode = this.dicDao.listDictByParentCode(str);
        ArrayList arrayList = new ArrayList(listDictByParentCode.size());
        listDictByParentCode.forEach(dicDO -> {
            HashMap hashMap = new HashMap(2);
            hashMap.put("code", dicDO.getCode());
            hashMap.put("name", dicDO.getName());
            arrayList.add(hashMap);
        });
        return Result.success(arrayList);
    }

    @LogPersistence(logType = OperateLogTypeEnum.REVOKE_CERT)
    public Result revokeCert(RevokeCertParam revokeCertParam) {
        Integer revokeReason = revokeCertParam.getRevokeReason();
        Integer type = revokeCertParam.getType();
        if (revokeCertParam.getRevokeReason().intValue() > 10) {
            return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
        }
        String sn = revokeCertParam.getSn();
        String note = revokeCertParam.getNote();
        CertTypeEnum certTypeEnum = CertTypeEnum.getCertTypeEnum(type);
        Result success = Result.success();
        switch (AnonymousClass1.$SwitchMap$com$xdja$pki$common$enums$CertTypeEnum[certTypeEnum.ordinal()]) {
            case 1:
            case 2:
                break;
            case 3:
                success = this.subCaCertService.revokeCert(sn, revokeReason.intValue(), note);
                break;
            case 4:
            case 5:
                success = this.userCertService.revoke(sn, revokeReason.intValue(), note);
                break;
            case 6:
                success = this.adminService.revokeAdminCert(sn, revokeReason.intValue(), note);
                break;
            case 7:
                success = this.thirdAppCertService.revokeThirdAppCert(sn, revokeReason, note);
                break;
            default:
                throw new RuntimeException("不支持的证书类型" + certTypeEnum);
        }
        return new ResultWithLogContent(success, LogContentBuilder.buildCertRevokeLog(certTypeEnum, sn), sn);
    }

    public Result random(String str) {
        String randomNumber = RandomUtil.getRandomNumber(16);
        if (null != Cache.random.get(str)) {
        }
        Cache.random.put(str, randomNumber);
        return Result.success(Collections.singletonMap("random", randomNumber));
    }

    public Result isBind(String str) {
        ManagerCertDO managerCert = this.adminDao.getManagerCert(str);
        HashMap hashMap = new HashMap();
        hashMap.put("isBind", Integer.valueOf(null == managerCert ? BindStatusEnum.NOT_BIND.value : BindStatusEnum.BIND.value));
        return Result.success(hashMap);
    }

    public Result isMatch(String str, String str2) {
        ManagerCertDO managerCert = this.adminDao.getManagerCert(str);
        HashMap hashMap = new HashMap();
        hashMap.put("keyMatch", Integer.valueOf(str2.equalsIgnoreCase(managerCert.getDeviceNo()) ? IsOrNotEnum.IS.value : IsOrNotEnum.NOT.value));
        return Result.success(hashMap);
    }

    public boolean checkPassword(String str, String str2, String str3) {
        String str4 = str3 + ((String) Cache.random.get(str));
        Cache.random.remove(str);
        if (ConfigJson.readIsKey().intValue() == SwitchEnum.OFF.value || ConfigJson.readInitComplete().intValue() == IsOrNotEnum.NOT.value) {
            return str2.equals(new Sha256Hash(str4).toHex().toLowerCase());
        }
        try {
            return SignatureUtil.verify(str4.getBytes(), SignatureUtil.getSignFromP7(str2), CertUtil.getCertFromBase64Str(this.adminDao.getManagerCert(str).getCertData()).getPublicKey(), SignAlgEnum.SM3_WITH_SM2);
        } catch (Exception e) {
            this.logger.error("验签失败", e);
            return false;
        }
    }

    public Result managerKeyLogin(Integer num) {
        if (num.intValue() == SwitchEnum.ON.value) {
            if (null == this.managerUserCertDao.get(OperatorUtil.getOperator().getId())) {
                return Result.failure(ErrorEnum.ADMIN_HAS_NOT_BIND_KEY);
            }
            this.logger.info("系统开启key登录");
            ConfigJson.writeIsKey(num);
        } else {
            if (num.intValue() != SwitchEnum.OFF.value) {
                return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
            }
            this.logger.info("系统关闭key登录");
            ConfigJson.writeIsKey(num);
        }
        return Result.success();
    }

    public <T> boolean lock(T t, Integer num, TimeUnit timeUnit) {
        return true;
    }

    public <T> void unlock(T t) {
    }
}
