package com.xdja.pki.service.admin;

import com.xdja.pki.annotation.LogPersistence;
import com.xdja.pki.api.admin.AdminService;
import com.xdja.pki.api.cert.CertService;
import com.xdja.pki.api.common.CommonService;
import com.xdja.pki.api.init.InitService;
import com.xdja.pki.bean.PageDataResultBean;
import com.xdja.pki.bean.PageInfo;
import com.xdja.pki.common.bean.CaInfo;
import com.xdja.pki.common.bean.Result;
import com.xdja.pki.common.bean.ResultWithLogContent;
import com.xdja.pki.common.config.Cache;
import com.xdja.pki.common.config.ConfigConstant;
import com.xdja.pki.common.config.ConfigJson;
import com.xdja.pki.common.enums.AdminTypeEnum;
import com.xdja.pki.common.enums.BindStatusEnum;
import com.xdja.pki.common.enums.CertIssueTypeEnum;
import com.xdja.pki.common.enums.CertStatusEnum;
import com.xdja.pki.common.enums.ErrorEnum;
import com.xdja.pki.common.enums.RoleTypeEnum;
import com.xdja.pki.common.enums.SwitchEnum;
import com.xdja.pki.common.enums.SystemEnum;
import com.xdja.pki.common.util.CertUtil;
import com.xdja.pki.common.util.DateTimeUtil;
import com.xdja.pki.dao.admin.AdminDao;
import com.xdja.pki.dao.admin.ManagerCertDao;
import com.xdja.pki.dao.admin.ManagerUserCertDao;
import com.xdja.pki.dao.admin.RoleDao;
import com.xdja.pki.dto.admin.AdminWithCert;
import com.xdja.pki.dto.admin.AdminWithRole;
import com.xdja.pki.models.ManagerCertDO;
import com.xdja.pki.models.ManagerUserCertDO;
import com.xdja.pki.models.ManagerUserDO;
import com.xdja.pki.models.ManagerUserRoleDO;
import com.xdja.pki.models.RoleDO;
import com.xdja.pki.security.util.OperatorUtil;
import com.xdja.pki.vo.admin.AdminDetailVO;
import com.xdja.pki.vo.admin.AdminEditVO;
import com.xdja.pki.vo.admin.AdminListItemVO;
import com.xdja.pki.vo.admin.AdminListQueryVO;
import com.xdja.pki.vo.admin.GateWayAdminItemVO;
import com.xdja.pki.vo.admin.IssueAdminCertVO;
import com.xdja.pki.vo.init.SystemAdminVO;
import com.xdja.pki.vo.log.OperateLogTypeEnum;
import com.xdja.pki.vo.log.content.LogContentBuilder;
import com.xdja.pki.vo.role.RoleDictVO;
import java.security.cert.X509Certificate;
import java.sql.Date;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.crypto.hash.Sha256Hash;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/xdja/pki/service/admin/AdminServiceImpl.class */
public class AdminServiceImpl implements AdminService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private AdminDao adminDao;

    @Autowired
    private RoleDao roleDao;

    @Autowired
    private CertService certService;

    @Autowired
    private ManagerCertDao managerCertDao;

    @Autowired
    private ManagerUserCertDao managerUserCertDao;

    @Autowired
    private CommonService commonService;

    @Autowired
    private InitService initService;
    private static final String DEFAULT = "Xdja@123";

    public Result updateAuthority(Integer num, List<AdminEditVO> list) {
        ManagerUserRoleDO managerUserRoleDO = new ManagerUserRoleDO();
        for (AdminEditVO adminEditVO : list) {
            managerUserRoleDO.setManagerUserId(adminEditVO.getAdminId());
            managerUserRoleDO.setRoleId(adminEditVO.getRoleId());
            this.adminDao.updateManagerUserRoleRelation(managerUserRoleDO);
        }
        ConfigJson.writeSwitchAuthority(num);
        new Thread(() -> {
            try {
                Thread.sleep(5L);
            } catch (InterruptedException e) {
                this.logger.error("线程休眠异常", e);
                Thread.currentThread().interrupt();
            }
            Cache.rpcAuthority.clear();
        }).start();
        return Result.success();
    }

    @LogPersistence(logType = OperateLogTypeEnum.SYSTEM_CONFIG, desc = "新增管理员")
    public Result addAdmin(AdminEditVO adminEditVO) {
        if (isGateWaySystem()) {
            if (this.adminDao.queryAdminCount() + 1 > ConfigConstant.adminMaxNum.intValue()) {
                return Result.failure(ErrorEnum.ADMIN_MAX_NUM_REACHED);
            }
            if (isExistAdmin(adminEditVO.getName())) {
                return Result.failure(ErrorEnum.ADMIN_ACCOUNT_IS_EXIST);
            }
        }
        Date date = new Date(System.currentTimeMillis());
        ManagerUserDO managerUserDO = new ManagerUserDO();
        managerUserDO.setName(adminEditVO.getName());
        managerUserDO.setPassword(new Sha256Hash(adminEditVO.getPassword()).toHex().toLowerCase());
        managerUserDO.setGmtCreate(date);
        managerUserDO.setGmtModified(date);
        managerUserDO.setCompellation(adminEditVO.getCompellation());
        managerUserDO.setContact(adminEditVO.getContact());
        managerUserDO.setLastUpdatePwdTime(date);
        managerUserDO.setTryCount(0);
        saveManagerRole(this.adminDao.addManagerUser(managerUserDO).getId(), Long.valueOf(null == adminEditVO.getRoleId() ? 1L : adminEditVO.getRoleId().longValue()));
        return Result.success();
    }

    public Result issueAdminCert(IssueAdminCertVO issueAdminCertVO) throws Exception {
        Result generateAdminCert;
        ManagerUserDO managerUserById = this.adminDao.getManagerUserById(issueAdminCertVO.getId());
        if (!isGateWaySystem()) {
            generateAdminCert = this.certService.generateAdminCert(managerUserById.getName(), CertIssueTypeEnum.ISSUE_WITH_NO_KEY, AdminTypeEnum.MANAGER_ADMIN, (Map) null);
        } else {
            if (null != this.adminDao.getManagerCert(managerUserById.getName())) {
                return Result.failure(ErrorEnum.ADMIN_HAS_BIND_KEY);
            }
            HashMap hashMap = new HashMap();
            hashMap.put("P10", issueAdminCertVO.getP10());
            generateAdminCert = this.certService.generateAdminCert(managerUserById.getName(), CertIssueTypeEnum.ISSUE_WITH_P10, AdminTypeEnum.MANAGER_ADMIN, hashMap);
        }
        if (!generateAdminCert.isSuccess()) {
            return generateAdminCert;
        }
        Map map = (Map) generateAdminCert.getInfo();
        X509Certificate x509Certificate = (X509Certificate) map.get("signCert");
        String str = (String) map.get("fileName");
        saveCert(managerUserById.getId(), issueAdminCertVO.getDeviceNo(), x509Certificate, str);
        HashMap hashMap2 = new HashMap();
        hashMap2.put("fileName", str);
        hashMap2.put("signCert", CertUtil.toPem(x509Certificate));
        return new ResultWithLogContent(Result.success(hashMap2), LogContentBuilder.buildAddAdminLog(managerUserById.getName(), this.roleDao.getRoleNameByManagerUserId(managerUserById.getId()).getName()));
    }

    public Result deleteAdminCert(Long l) {
        ManagerUserCertDO managerUserCertDO = this.managerUserCertDao.get(l);
        if (null == managerUserCertDO) {
            return Result.failure(ErrorEnum.ADMIN_HAS_NOT_BIND_KEY);
        }
        this.managerUserCertDao.deleteByManagerId(l);
        this.managerCertDao.delete(managerUserCertDO.getManagerCertId());
        if (!this.adminDao.hasManagerCert()) {
            ConfigJson.writeIsKey(Integer.valueOf(SwitchEnum.OFF.value));
        }
        return Result.success();
    }

    public Result getIsBind(String str) {
        ManagerCertDO byDeviceNo = this.managerCertDao.getByDeviceNo(str);
        HashMap hashMap = new HashMap();
        hashMap.put("isKey", Integer.valueOf(null == byDeviceNo ? BindStatusEnum.NOT_BIND.value : BindStatusEnum.BIND.value));
        return Result.success(hashMap);
    }

    private void saveCert(Long l, String str, X509Certificate x509Certificate, String str2) {
        java.util.Date date = new java.util.Date();
        CaInfo caInfo = (CaInfo) Cache.caInfo.get(SystemEnum.ADMIN_SYSTEM);
        ManagerCertDO managerCertDO = new ManagerCertDO();
        managerCertDO.setCaCertId(caInfo.getCaCertId());
        managerCertDO.setDeviceNo(str);
        managerCertDO.setSignAlg(caInfo.getSignAlg());
        managerCertDO.setSn(CertUtil.getSnFillZero(x509Certificate));
        managerCertDO.setSubject(x509Certificate.getSubjectDN().toString());
        managerCertDO.setIssuer(x509Certificate.getIssuerDN().toString());
        managerCertDO.setPublicKeyAlg(caInfo.getKeyAlg());
        managerCertDO.setPrivateKeySize(Integer.valueOf(CertUtil.getKeySize(x509Certificate.getPublicKey())));
        managerCertDO.setNotBeforeTime(x509Certificate.getNotBefore());
        managerCertDO.setNotAfterTime(x509Certificate.getNotAfter());
        managerCertDO.setCertName(str2);
        managerCertDO.setCertData(CertUtil.certToFullB64(x509Certificate));
        managerCertDO.setStatus(Integer.valueOf(CertStatusEnum.NORMAL.value));
        managerCertDO.setGmtCreate(date);
        managerCertDO.setGmtModified(date);
        ManagerCertDO insert = this.managerCertDao.insert(managerCertDO);
        ManagerUserCertDO managerUserCertDO = new ManagerUserCertDO();
        managerUserCertDO.setManagerUserId(l);
        managerUserCertDO.setManagerCertId(insert.getId());
        managerUserCertDO.setGmtCreate(date);
        managerUserCertDO.setGmtModified(date);
        this.managerUserCertDao.insert(managerUserCertDO);
    }

    @LogPersistence(logType = OperateLogTypeEnum.SYSTEM_CONFIG, desc = "修改管理员")
    public Result updateAdmin(AdminEditVO adminEditVO) {
        Date date = new Date(System.currentTimeMillis());
        ManagerUserDO managerUserById = this.adminDao.getManagerUserById(Long.valueOf(adminEditVO.getAdminId().longValue()));
        if (managerUserById == null) {
            return Result.failure(ErrorEnum.MANAGER_USER_IS_NOT_EXIST);
        }
        if (adminEditVO.isResetPassword()) {
            managerUserById.setPassword(new Sha256Hash(DEFAULT).toHex().toLowerCase());
            managerUserById.setTryCount(0);
            managerUserById.setLastUpdatePwdTime(date);
        }
        if (!isGateWaySystem()) {
            managerUserById.setName(adminEditVO.getName());
        }
        managerUserById.setGmtModified(date);
        managerUserById.setCompellation(adminEditVO.getCompellation());
        managerUserById.setContact(adminEditVO.getContact());
        this.adminDao.updateManagerUser(managerUserById);
        ManagerUserRoleDO managerUserRoleDO = new ManagerUserRoleDO();
        managerUserRoleDO.setManagerUserId(managerUserById.getId());
        if (ConfigJson.readSwitchAuthority().intValue() == SwitchEnum.ON.value && this.adminDao.queryRoleId(managerUserById.getId()).longValue() == RoleTypeEnum.SECURITY_ADMIN.id && adminEditVO.getRoleId().longValue() != RoleTypeEnum.SECURITY_ADMIN.id && this.adminDao.queryAdminCountByRoleId(Long.valueOf(RoleTypeEnum.SECURITY_ADMIN.id)).intValue() <= 1) {
            return Result.failure(ErrorEnum.NEED_ONE_SECURITY_ADMIN);
        }
        managerUserRoleDO.setRoleId(adminEditVO.getRoleId());
        this.adminDao.updateManagerUserRoleRelation(managerUserRoleDO);
        if (isGateWaySystem()) {
            return Result.success();
        }
        this.adminDao.deleteManagerRoleRelation(managerUserById.getId());
        saveManagerRole(managerUserById.getId(), Long.valueOf(adminEditVO.getRoleId().longValue()));
        return new ResultWithLogContent(Result.success((Object) null), LogContentBuilder.buildAddAdminLog(adminEditVO.getName(), this.roleDao.getRoleById(Long.valueOf(adminEditVO.getRoleId().longValue())).getName()));
    }

    private void saveManagerRole(Long l, Long l2) {
        Date date = new Date(System.currentTimeMillis());
        ManagerUserRoleDO managerUserRoleDO = new ManagerUserRoleDO();
        managerUserRoleDO.setManagerUserId(l);
        managerUserRoleDO.setRoleId(l2);
        managerUserRoleDO.setGmtCreate(date);
        managerUserRoleDO.setGmtModified(date);
        this.adminDao.addManagerUserRoleRelation(managerUserRoleDO);
    }

    public Result queryAdminListByPage(AdminListQueryVO adminListQueryVO) {
        if (isGateWaySystem()) {
            PageInfo queryAdminListByPage = this.adminDao.queryAdminListByPage(adminListQueryVO);
            PageDataResultBean pageDataResultBean = new PageDataResultBean(queryAdminListByPage);
            ArrayList arrayList = new ArrayList(queryAdminListByPage.getList().size());
            for (int i = 0; i < queryAdminListByPage.getList().size(); i++) {
                ManagerUserDO managerUserDO = (ManagerUserDO) queryAdminListByPage.getList().get(i);
                RoleDO roleNameByManagerUserId = this.roleDao.getRoleNameByManagerUserId(managerUserDO.getId());
                if (ConfigJson.readSwitchAuthority().intValue() != SwitchEnum.ON.value || !roleNameByManagerUserId.equals("超级管理员")) {
                    GateWayAdminItemVO gateWayAdminItemVO = new GateWayAdminItemVO();
                    gateWayAdminItemVO.setId(managerUserDO.getId());
                    gateWayAdminItemVO.setName(managerUserDO.getName());
                    gateWayAdminItemVO.setCompellation(managerUserDO.getCompellation());
                    gateWayAdminItemVO.setContact(managerUserDO.getContact());
                    gateWayAdminItemVO.setIsBind(Integer.valueOf(null == this.managerUserCertDao.get(managerUserDO.getId()) ? 0 : 1));
                    gateWayAdminItemVO.setRole(roleNameByManagerUserId.getName());
                    gateWayAdminItemVO.setRoleId(roleNameByManagerUserId.getId());
                    arrayList.add(gateWayAdminItemVO);
                }
            }
            pageDataResultBean.setDataList(arrayList);
            return Result.success(pageDataResultBean);
        }
        PageInfo queryAdmin = this.adminDao.queryAdmin(adminListQueryVO.getName(), adminListQueryVO.getSerialNumber(), adminListQueryVO.getStatus(), adminListQueryVO);
        PageDataResultBean pageDataResultBean2 = new PageDataResultBean(queryAdmin);
        List list = queryAdmin.getList();
        ArrayList arrayList2 = new ArrayList();
        for (int i2 = 0; i2 < list.size(); i2++) {
            AdminWithCert adminWithCert = (AdminWithCert) list.get(i2);
            if (!adminWithCert.getAdminCertId().equals("1")) {
                AdminListItemVO adminListItemVO = new AdminListItemVO();
                adminListItemVO.setId(adminWithCert.getAdminId());
                adminListItemVO.setName(adminWithCert.getAdminName());
                adminListItemVO.setCertSn(adminWithCert.getSn());
                adminListItemVO.setCertDn(adminWithCert.getCertDn());
                adminListItemVO.setCertStatus(adminWithCert.getStatus());
                if (adminWithCert.getNotAfterTime().getTime() < System.currentTimeMillis()) {
                    adminListItemVO.setCertStatus(Integer.valueOf(CertStatusEnum.EXPIRE.value));
                }
                adminListItemVO.setCertStatusName(CertStatusEnum.getCertStatusDicName(adminWithCert.getStatus().intValue()));
                adminListItemVO.setNotAfterTime(DateTimeUtil.dateToStr(adminWithCert.getNotAfterTime()));
                adminListItemVO.setNotBeforeTime(DateTimeUtil.dateToStr(adminWithCert.getNotBeforeTime()));
                adminListItemVO.setCertName(adminWithCert.getCertName());
                arrayList2.add(adminListItemVO);
            }
        }
        pageDataResultBean2.setDataList(arrayList2);
        return Result.success(pageDataResultBean2);
    }

    public Result getAdminDetailById(String str) {
        AdminWithRole adminWithRoleByAdminId = this.adminDao.getAdminWithRoleByAdminId(Long.valueOf(str));
        if (adminWithRoleByAdminId == null) {
            return Result.failure(ErrorEnum.MANAGER_USER_IS_NOT_EXIST);
        }
        AdminDetailVO adminDetailVO = new AdminDetailVO();
        adminDetailVO.setId(String.valueOf(adminWithRoleByAdminId.getAdminId()));
        adminDetailVO.setName(adminWithRoleByAdminId.getAdminName());
        RoleDictVO roleDictVO = new RoleDictVO();
        roleDictVO.setId(String.valueOf(adminWithRoleByAdminId.getRoleId()));
        roleDictVO.setName(adminWithRoleByAdminId.getRoleName());
        adminDetailVO.setRole(roleDictVO);
        return Result.success(adminDetailVO);
    }

    public Result revokeAdminCert(String str, int i, String str2) {
        return 0 == this.adminDao.revokeAdminCert(str, i, str2) ? Result.failure(ErrorEnum.CERT_IS_NOT_EXISTED) : Result.success();
    }

    public Result getAdminDetailByUserName(String str) {
        return Result.success(this.adminDao.getAdminWithRoleByAdminName(str));
    }

    public Result deleteAdmin(String str) {
        ManagerUserDO managerUserById = this.adminDao.getManagerUserById(Long.valueOf(str));
        if (null == managerUserById) {
            return Result.failure(ErrorEnum.MANAGER_USER_IS_NOT_EXIST);
        }
        if (ConfigJson.readSwitchAuthority().intValue() == SwitchEnum.ON.value && this.adminDao.queryRoleId(managerUserById.getId()).longValue() == RoleTypeEnum.SECURITY_ADMIN.id && this.adminDao.queryAdminCountByRoleId(Long.valueOf(RoleTypeEnum.SECURITY_ADMIN.id)).intValue() <= 1) {
            return Result.failure(ErrorEnum.NEED_ONE_SECURITY_ADMIN);
        }
        ManagerCertDO managerCert = this.adminDao.getManagerCert(managerUserById.getName());
        if (null != managerCert) {
            this.managerCertDao.delete(managerCert.getId());
        }
        this.adminDao.delete(managerUserById);
        this.adminDao.deleteManagerRoleRelation(managerUserById.getId());
        this.managerUserCertDao.deleteByManagerId(managerUserById.getId());
        OperatorUtil.kickOutUser(managerUserById.getName());
        return Result.success();
    }

    public Result updateAdminPassword(AdminEditVO adminEditVO) {
        ManagerUserDO queryAdminByName = this.adminDao.queryAdminByName(adminEditVO.getName());
        if (null == queryAdminByName) {
            return Result.failure(ErrorEnum.MANAGER_USER_IS_NOT_EXIST);
        }
        if (!this.commonService.checkPassword(adminEditVO.getName(), adminEditVO.getOldPassword(), queryAdminByName.getPassword())) {
            return Result.failure(ErrorEnum.ADMIN_PWD_ERROR);
        }
        String lowerCase = new Sha256Hash(adminEditVO.getNewPassword()).toHex().toLowerCase();
        if (StringUtils.equals(queryAdminByName.getPassword(), lowerCase)) {
            return Result.failure(ErrorEnum.ADMIN_PWD_MODIFY_ERROR_NEW_EQUALS_OLD);
        }
        queryAdminByName.setPassword(lowerCase);
        java.util.Date date = new java.util.Date(System.currentTimeMillis());
        queryAdminByName.setLastUpdatePwdTime(date);
        queryAdminByName.setTryCount(0);
        queryAdminByName.setGmtModified(date);
        this.adminDao.updateManagerUser(queryAdminByName);
        OperatorUtil.kickOutUser(adminEditVO.getName());
        return Result.success();
    }

    public Result resetAdminPassword(String str) {
        ManagerUserDO managerUserById = this.adminDao.getManagerUserById(Long.valueOf(str));
        if (null == managerUserById) {
            return Result.failure(ErrorEnum.MANAGER_USER_IS_NOT_EXIST);
        }
        managerUserById.setPassword(new Sha256Hash(DEFAULT).toHex().toLowerCase());
        managerUserById.setGmtModified(new Date(System.currentTimeMillis()));
        this.adminDao.updateManagerUser(managerUserById);
        return Result.success();
    }

    public Result getRoleList() {
        return Result.success(this.roleDao.queryAllRoleWithNoSysAdmin());
    }

    @LogPersistence(logType = OperateLogTypeEnum.ISSUE_CERT)
    public Result addAdminInfoAndCert(SystemAdminVO systemAdminVO) {
        try {
            if (isExistAdmin(systemAdminVO.getName())) {
                return Result.failure(ErrorEnum.ADMIN_ACCOUNT_IS_EXIST);
            }
            Result issueCardSuperAdmin = this.initService.issueCardSuperAdmin(systemAdminVO);
            return new ResultWithLogContent(issueCardSuperAdmin, LogContentBuilder.buildAdminUserCertLog(systemAdminVO.getName(), issueCardSuperAdmin.isSuccess() ? CertUtil.getCertFromBase64Str((String) ((Map) issueCardSuperAdmin.getInfo()).get("signCert")).getSerialNumber().toString(16) : ""));
        } catch (Exception e) {
            throw new RuntimeException("签发管理员证书异常", e);
        }
    }

    private boolean isExistAdmin(String str) {
        return null != this.adminDao.queryAdminByName(str);
    }

    private boolean isGateWaySystem() {
        return ConfigConstant.GATE_WAY_SYSTEM.equals(ConfigConstant.systemType);
    }
}
