package com.xdja.pki.service.ca;

import com.xdja.pki.api.ca.CaService;
import com.xdja.pki.api.km.vo.AsyCipherVO;
import com.xdja.pki.common.asn1.SignedAndEnvelopedData;
import com.xdja.pki.common.bean.CaInfo;
import com.xdja.pki.common.bean.Result;
import com.xdja.pki.common.bean.extension.ExtensionAttr;
import com.xdja.pki.common.bean.extension.LdapOcspUrlInfo;
import com.xdja.pki.common.cipher.Cipher;
import com.xdja.pki.common.config.Cache;
import com.xdja.pki.common.config.ConfigConstant;
import com.xdja.pki.common.config.ConfigJson;
import com.xdja.pki.common.enums.CaAlgInfoEnum;
import com.xdja.pki.common.enums.CertPatternEnum;
import com.xdja.pki.common.enums.CertStatusEnum;
import com.xdja.pki.common.enums.CertTypeEnum;
import com.xdja.pki.common.enums.CipherStrategyEnum;
import com.xdja.pki.common.enums.DicEnum;
import com.xdja.pki.common.enums.DoubleCodeIsUserdEnum;
import com.xdja.pki.common.enums.EnumNames;
import com.xdja.pki.common.enums.ErrorEnum;
import com.xdja.pki.common.enums.SystemEnum;
import com.xdja.pki.common.util.Asn1Util;
import com.xdja.pki.common.util.CertUtil;
import com.xdja.pki.common.util.DateTimeUtil;
import com.xdja.pki.common.util.DnUtil;
import com.xdja.pki.common.util.ExtensionAttrUtil;
import com.xdja.pki.common.util.ExtensionUtil;
import com.xdja.pki.common.util.RandomUtil;
import com.xdja.pki.dao.cert.CertDao;
import com.xdja.pki.dao.common.CertSnDao;
import com.xdja.pki.dao.common.DicDao;
import com.xdja.pki.dao.template.ExtensionDao;
import com.xdja.pki.dao.user.PersonUserDao;
import com.xdja.pki.dao.user.UserDoubleCodeDao;
import com.xdja.pki.models.CertDO;
import com.xdja.pki.models.PersonUserDO;
import com.xdja.pki.models.TemplateDO;
import com.xdja.pki.models.UserDoubleCodeDo;
import com.xdja.pki.service.cache.KmAsyCipherCache;
import com.xdja.pki.vo.openapi.RegisterUserResp;
import com.xdja.pki.vo.user.UserInfoVo;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

@Service("innerCa")
/* loaded from: input_file:com/xdja/pki/service/ca/InnerCaServiceImpl.class */
public class InnerCaServiceImpl implements CaService {
    private final Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private DicDao dicDao;

    @Autowired
    private ExtensionDao extensionDao;

    @Autowired
    private CertSnDao certSnDao;

    @Autowired
    private CertDao certDao;

    @Value("${crl.download.url}")
    private String crlDownloadUrl;

    @Value("${inner.baseDn}")
    private String baseDn;

    @Autowired
    private KmAsyCipherCache kmAsyCipherCache;

    @Autowired
    private PersonUserDao personUserDao;

    @Autowired
    private UserDoubleCodeDao userDoubleCodeDao;

    public Result registerUserInfo(UserInfoVo userInfoVo) {
        PersonUserDO personUserDO = new PersonUserDO();
        BeanUtils.copyProperties(userInfoVo, personUserDO);
        String verifyCode = RandomUtil.getVerifyCode();
        UserDoubleCodeDo userDoubleCodeDo = new UserDoubleCodeDo(this.personUserDao.saveOrUpdateUserInfo(personUserDO).getId(), verifyCode, DoubleCodeIsUserdEnum.NOT_USE.value);
        userDoubleCodeDo.setCreateTime(new Date());
        this.userDoubleCodeDao.saveUserDoubleCode(userDoubleCodeDo);
        return Result.success(new RegisterUserResp("" + userDoubleCodeDo.getUserId().intValue() + "#" + verifyCode));
    }

    public Result generateCert(String str, Integer num, String str2, Map<String, Object> map) throws Exception {
        Result publicKeyFromP10 = CertUtil.getPublicKeyFromP10(str2);
        return !publicKeyFromP10.isSuccess() ? publicKeyFromP10 : generateCert(str, num, (PublicKey) publicKeyFromP10.getInfo(), CertPatternEnum.DOUBLE.value, map);
    }

    public Result generateCert(String str, Integer num, PublicKey publicKey, int i, Map<String, Object> map) throws Exception {
        TemplateDO templateDO = (TemplateDO) map.get("templateDO");
        Map<String, ExtensionAttr> generateSubjectAlternativeName = generateSubjectAlternativeName(map);
        if (StringUtils.isNotBlank(str) && !DnUtil.checkBaseDn(str, this.baseDn)) {
            this.logger.error("BASE DN不正确");
            return Result.failure(ErrorEnum.BASE_DN_NOT_CORRECT);
        }
        HashMap hashMap = new HashMap();
        CipherStrategyEnum cipherStrategy = CipherStrategyEnum.getCipherStrategy(ConfigJson.readCryptModule().intValue(), CertUtil.getCertKeyAlg(publicKey).type);
        Cipher cipher = cipherStrategy.cipher;
        CaInfo caInfo = (CaInfo) Cache.caInfo.get(CaAlgInfoEnum.getCaAlgInfoEnum(SystemEnum.USER_SYSTEM, cipherStrategy.alg));
        if (null == caInfo || null == caInfo.getCaCertId()) {
            this.logger.error("CA未初始化,系统算法：" + cipherStrategy.alg);
            return Result.failure(ErrorEnum.CA_NOT_INITED_COMLETE);
        }
        String nameByCodeAndParentCode = this.dicDao.getNameByCodeAndParentCode(templateDO.getSignAlg(), DicEnum.SIGN_ALG.value);
        Date date = new Date();
        Date calculateCertNotAfter = DateTimeUtil.calculateCertNotAfter(date, num, templateDO.getMaxValidity(), caInfo.getRootCert());
        List extension = this.extensionDao.getExtension(templateDO.getId());
        BigInteger sn = this.certSnDao.getSn();
        BigInteger bigInteger = null;
        Integer count = this.certDao.getCount(templateDO.getKeyAlg().intValue());
        if (templateDO.getCertPattern().intValue() == CertPatternEnum.DOUBLE.value) {
            bigInteger = this.certSnDao.getSn();
        }
        LdapOcspUrlInfo ldapOcspUrlInfo = LdapOcspUrlInfo.getDefault(this.crlDownloadUrl, templateDO.getKeyAlg().intValue(), count.intValue(), CertTypeEnum.USER_CERT);
        List changeExtensionFormat = ExtensionUtil.changeExtensionFormat(extension, generateSubjectAlternativeName, publicKey, str, ldapOcspUrlInfo, true);
        List list = null;
        KeyPair keyPair = null;
        if (templateDO.getCertPattern().intValue() == CertPatternEnum.DOUBLE.value) {
            AsyCipherVO asyCipher = this.kmAsyCipherCache.getAsyCipher(templateDO.getKeyAlg().intValue(), templateDO.getKeySize().intValue());
            keyPair = new KeyPair(asyCipher.getPublicKey(), asyCipher.getPrivateKey());
            list = ExtensionUtil.changeExtensionFormat(extension, generateSubjectAlternativeName, keyPair.getPublic(), str, ldapOcspUrlInfo, false);
            hashMap.put("encKeyPair", keyPair);
            hashMap.put("encPrivate", keyPair.getPrivate());
            hashMap.put("privateId", asyCipher.getId());
        }
        X509Certificate generateCert = cipher.generateCert(caInfo.getSubject(), str, sn, date, calculateCertNotAfter, caInfo.getKeyPair().getPrivate(), publicKey, nameByCodeAndParentCode, changeExtensionFormat, (Map) null);
        if (templateDO.getCertPattern().intValue() == CertPatternEnum.DOUBLE.value) {
            X509Certificate generateCert2 = cipher.generateCert(caInfo.getSubject(), str, bigInteger, date, calculateCertNotAfter, caInfo.getKeyPair().getPrivate(), keyPair.getPublic(), nameByCodeAndParentCode, list, (Map) null);
            SignedAndEnvelopedData generateSignedAndEnvelopedData = Asn1Util.generateSignedAndEnvelopedData(Integer.valueOf(cipherStrategy.alg), publicKey, keyPair.getPrivate(), caInfo.getSubject(), sn.toString(16));
            hashMap.put("encCert", generateCert2);
            hashMap.put("signedAndEnvelopData", Base64.toBase64String(generateSignedAndEnvelopedData.getEncoded()));
        }
        hashMap.put("signCert", generateCert);
        hashMap.put("crlNum", ldapOcspUrlInfo.getCrlNum());
        hashMap.put("templateDo", templateDO);
        return Result.success(hashMap);
    }

    public Result generateAdminCert(String str, Integer num, PublicKey publicKey, TemplateDO templateDO, Map<String, Object> map) throws Exception {
        HashMap hashMap = new HashMap();
        CipherStrategyEnum cipherStrategy = CipherStrategyEnum.getCipherStrategy(ConfigConstant.adminCipherDevice.intValue(), templateDO.getKeyAlg().intValue());
        Cipher cipher = cipherStrategy.cipher;
        CaInfo caInfo = (CaInfo) Cache.caInfo.get(CaAlgInfoEnum.getCaAlgInfoEnum(SystemEnum.ADMIN_SYSTEM, templateDO.getKeyAlg().intValue()));
        if (null == caInfo || null == caInfo.getCaCertId()) {
            this.logger.error("CA未初始化,系统算法：" + cipherStrategy.alg);
            return Result.failure(ErrorEnum.CA_NOT_INITED_COMLETE);
        }
        String nameByCodeAndParentCode = this.dicDao.getNameByCodeAndParentCode(templateDO.getSignAlg(), DicEnum.SIGN_ALG.value);
        Date date = new Date();
        Date calculateCertNotAfter = DateTimeUtil.calculateCertNotAfter(date, num, templateDO.getMaxValidity(), caInfo.getRootCert());
        List extension = this.extensionDao.getExtension(templateDO.getId());
        Map<String, ExtensionAttr> generateSubjectAlternativeName = generateSubjectAlternativeName(map);
        List changeExtensionFormat = ExtensionUtil.changeExtensionFormat(extension, generateSubjectAlternativeName, publicKey, str, SystemEnum.USER_SYSTEM, true);
        List list = null;
        KeyPair keyPair = null;
        if (templateDO.getCertPattern().intValue() == CertPatternEnum.DOUBLE.value) {
            keyPair = cipher.generateKeyPair(templateDO.getKeySize().intValue());
            list = ExtensionUtil.changeExtensionFormat(extension, generateSubjectAlternativeName, keyPair.getPublic(), str, SystemEnum.USER_SYSTEM, false);
            hashMap.put("encKeyPair", keyPair);
            hashMap.put("encPrivate", keyPair.getPrivate());
        }
        BigInteger sn = this.certSnDao.getSn();
        X509Certificate generateCert = cipher.generateCert(caInfo.getSubject(), str, sn, date, calculateCertNotAfter, caInfo.getKeyPair().getPrivate(), publicKey, nameByCodeAndParentCode, changeExtensionFormat, (Map) null);
        if (templateDO.getCertPattern().intValue() == CertPatternEnum.DOUBLE.value) {
            X509Certificate generateCert2 = cipher.generateCert(caInfo.getSubject(), str, this.certSnDao.getSn(), date, calculateCertNotAfter, caInfo.getKeyPair().getPrivate(), keyPair.getPublic(), nameByCodeAndParentCode, list, (Map) null);
            SignedAndEnvelopedData generateSignedAndEnvelopedData = Asn1Util.generateSignedAndEnvelopedData(Integer.valueOf(cipherStrategy.alg), publicKey, keyPair.getPrivate(), caInfo.getSubject(), sn.toString(16));
            hashMap.put("encCert", generateCert2);
            hashMap.put("signedAndEnvelopData", Base64.toBase64String(generateSignedAndEnvelopedData.getEncoded()));
        }
        hashMap.put("signCert", generateCert);
        return Result.success(hashMap);
    }

    private Map<String, ExtensionAttr> generateSubjectAlternativeName(Map<String, Object> map) {
        HashMap hashMap = new HashMap();
        if (null != map) {
            List list = null;
            List list2 = null;
            if (null != map.get("ipList")) {
                list = (List) map.get("ipList");
            }
            if (null != map.get("domainList")) {
                list2 = (List) map.get("domainList");
            }
            hashMap.put(Extension.subjectAlternativeName.getId(), ExtensionAttrUtil.generateSubjectAlternativeName(list, list2));
        }
        return hashMap;
    }

    public Result updateCert(String str, Integer num, Map<String, Object> map, String str2, Map<String, Object> map2) {
        return null;
    }

    public Result revokeCert(String str, Integer num, String str2, Map<String, Object> map) {
        Integer num2 = null;
        String str3 = null;
        if (null != map.get(EnumNames.CARD_TYPE.name)) {
            num2 = (Integer) map.get(EnumNames.CARD_TYPE.name);
        }
        if (null != map.get(EnumNames.CARD_NUMBER.name)) {
            str3 = (String) map.get(EnumNames.CARD_NUMBER.name);
        }
        Result checkCertSn = checkCertSn(num2, str3, str);
        if (!checkCertSn.isSuccess()) {
            return checkCertSn;
        }
        this.certDao.updateCertRevokeStatus(String.valueOf(num2), str3, str, num, str2);
        return Result.success();
    }

    public Result queryCert(String str, Map<String, Object> map) {
        Integer num = null;
        String str2 = null;
        if (StringUtils.isBlank(str)) {
            if (null != map.get(EnumNames.CARD_TYPE.name)) {
                num = (Integer) map.get(EnumNames.CARD_TYPE.name);
            }
            if (null != map.get(EnumNames.CARD_NUMBER.name)) {
                str2 = (String) map.get(EnumNames.CARD_NUMBER.name);
            }
            CertDO queryCertByCardNo = this.certDao.queryCertByCardNo(String.valueOf(num), str2);
            if (null != queryCertByCardNo) {
                str = queryCertByCardNo.getSn();
            }
        }
        if (!StringUtils.isNotBlank(str)) {
            return Result.failure(ErrorEnum.CERT_IS_NOT_EXISTED);
        }
        Map queryUserCertsBySn = this.certDao.queryUserCertsBySn(str);
        if (null == queryUserCertsBySn.get("notAfterTime")) {
            return Result.failure(ErrorEnum.CERT_IS_NOT_EXISTED);
        }
        if (queryUserCertsBySn.get("notAfterTime").toString().compareTo(DateTimeUtil.dateToStr(new Date())) < 0) {
            queryUserCertsBySn.put("status", Integer.valueOf(CertStatusEnum.EXPIRE.value));
        }
        return Result.success(queryUserCertsBySn);
    }

    public Result getCrl(Integer num, Map<String, Object> map) {
        return null;
    }

    private Result checkCertSn(Integer num, String str, String str2) {
        CertDO certDO = null;
        if (StringUtils.isNotBlank(str2)) {
            certDO = this.certDao.queryCertBySn(str2);
        } else if (StringUtils.isNotBlank(str)) {
            certDO = this.certDao.queryCertByCardNo(String.valueOf(num), str);
        }
        return null == certDO ? Result.failure(ErrorEnum.CERT_IS_NOT_EXISTED) : certDO.getStatus().intValue() == CertStatusEnum.NORMAL.value ? Result.success() : certDO.getNotAfterTime().before(new Date()) ? Result.failure(ErrorEnum.CERT_STATUS_IS_EXPIRED) : certDO.getStatus().intValue() == CertStatusEnum.REVOKE.value ? Result.failure(ErrorEnum.CERT_STATUS_IS_REVOKED) : certDO.getStatus().intValue() == CertStatusEnum.FROZEN.value ? Result.failure(ErrorEnum.CERT_STATUS_IS_FREEZE) : Result.failure(ErrorEnum.CERT_STATUS_IS_ABNORMAL);
    }
}
