package com.xdja.pki.service.ca;

import com.xdja.pki.common.bean.extension.LdapOcspUrlInfo;
import com.xdja.pki.common.config.ConfigConstant;
import com.xdja.pki.common.enums.KeyAlgEnum;
import com.xdja.pki.common.enums.UserCaTypeEnum;
import com.xdja.pki.common.util.CertUtil;
import com.xdja.pki.dao.crl.CrlDao;
import com.xdja.pki.dao.crl.CrlDataDao;
import com.xdja.pki.models.CrlDO;
import com.xdja.pki.models.CrlDataDO;
import com.xdja.pki.service.crl.CrlPublicConstants;
import java.io.ByteArrayInputStream;
import java.io.FileOutputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.util.Date;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;

@Component
/* loaded from: input_file:WEB-INF/lib/scms-service-impl-1.0-SNAPSHOT.jar:com/xdja/pki/service/ca/CrlComm.class */
public class CrlComm {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private CrlDao crlDao;

    @Autowired
    private CrlDataDao crlDataDao;

    public void getAndWriteCrl(String str, String str2, String str3, String str4) {
        this.logger.info("getAndWriteCrl run start");
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", "ldap://" + str + ":" + str2 + "/");
        DirContext dirContext = null;
        try {
            try {
                HashSet hashSet = new HashSet();
                dirContext = new InitialDirContext(hashtable);
                this.logger.debug("LDAP init success, ctx = {}", dirContext);
                String[] split = str3.split(":");
                this.logger.debug("crlDns size: {}", Integer.valueOf(split.length));
                for (int i = 0; i < split.length; i++) {
                    String str5 = split[i];
                    this.logger.debug("crlDn: {}", str5);
                    if (StringUtils.isNotBlank(str5)) {
                        X509CRL lookupCrl = lookupCrl(dirContext, split[i], str4);
                        if (null != lookupCrl) {
                            addCrlSnToSet(lookupCrl, hashSet);
                            String crlName = getCrlName(KeyAlgEnum.SM2.type, i);
                            CrlDO crlDos = this.crlDao.getCrlDos(crlName);
                            if (null == crlDos) {
                                CrlDO crlDO = new CrlDO();
                                crlDO.setCaCertId(1L);
                                crlDO.setGmtCreate(new Date());
                                crlDO.setName(crlName);
                                crlDO.setSn("0");
                                crlDO.setThisUpdateTime(lookupCrl.getThisUpdate());
                                crlDO.setNewUpdateTime(lookupCrl.getNextUpdate());
                                CrlDO insert = this.crlDao.insert(crlDO);
                                CrlDataDO crlDataDO = new CrlDataDO();
                                crlDataDO.setCrlId(insert.getId());
                                crlDataDO.setData(CertUtil.toPem(lookupCrl));
                                crlDataDO.setGmtCreate(new Date());
                                this.crlDataDao.insert(crlDataDO);
                            } else {
                                crlDos.setGmtCreate(new Date());
                                crlDos.setThisUpdateTime(lookupCrl.getThisUpdate());
                                crlDos.setNewUpdateTime(lookupCrl.getNextUpdate());
                                this.crlDao.update(crlDos);
                                CrlDataDO crlDataDO2 = new CrlDataDO();
                                crlDataDO2.setCrlId(crlDos.getId());
                                crlDataDO2.setData(CertUtil.toPem(lookupCrl));
                                crlDataDO2.setGmtCreate(new Date());
                                this.crlDataDao.update(crlDataDO2);
                            }
                            writeCrl(lookupCrl, i);
                        } else {
                            this.logger.info("从格尔 {} 获取crl为空", split[i]);
                        }
                    }
                }
                updateCrlConstantSnSet(hashSet);
                if (null != dirContext) {
                    try {
                        dirContext.close();
                    } catch (NamingException e) {
                        e.printStackTrace();
                    }
                }
            } catch (Throwable th) {
                if (null != dirContext) {
                    try {
                        dirContext.close();
                    } catch (NamingException e2) {
                        e2.printStackTrace();
                        throw th;
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            this.logger.error("LDAP init error：" + e3);
            e3.printStackTrace();
            if (null != dirContext) {
                try {
                    dirContext.close();
                } catch (NamingException e4) {
                    e4.printStackTrace();
                }
            }
        }
    }

    private X509CRL lookupCrl(DirContext dirContext, String str, String str2) {
        try {
            DirContext dirContext2 = (DirContext) dirContext.lookup(str);
            this.logger.debug("dirContext: {}", dirContext2);
            Attributes attributes = dirContext2.getAttributes("");
            this.logger.debug("attributes: {}", attributes);
            X509CRL x509crl = (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(new ByteArrayInputStream((byte[]) attributes.get(str2).get()));
            this.logger.info("Get CRL success");
            return x509crl;
        } catch (Exception e) {
            this.logger.error("Get CRL error: " + e);
            e.printStackTrace();
            return null;
        }
    }

    private void writeCrl(X509CRL x509crl, int i) {
        try {
            String str = ConfigConstant.crlPath + UserCaTypeEnum.INNER_CA.name + "/" + getCrlName(KeyAlgEnum.SM2.type, i);
            this.logger.debug("writeCrl to " + str);
            byte[] encoded = x509crl.getEncoded();
            FileOutputStream fileOutputStream = new FileOutputStream(str);
            fileOutputStream.write(encoded);
            fileOutputStream.close();
        } catch (Exception e) {
            this.logger.error("Write Crl to file error: " + e);
            e.printStackTrace();
        }
    }

    private String getCrlName(int i, int i2) {
        return KeyAlgEnum.getAlgName(i) + LdapOcspUrlInfo.CRL_NAME + i2 + LdapOcspUrlInfo.CRL_NAME_TAIL;
    }

    public static void addCrlSnToSet(X509CRL x509crl, Set<String> set) {
        Set<? extends X509CRLEntry> revokedCertificates = x509crl.getRevokedCertificates();
        if (CollectionUtils.isEmpty(revokedCertificates)) {
            return;
        }
        Iterator<? extends X509CRLEntry> it = revokedCertificates.iterator();
        while (it.hasNext()) {
            set.add(it.next().getSerialNumber().toString(16));
        }
    }

    private void updateCrlConstantSnSet(Set<String> set) {
        CrlPublicConstants.CRL_REVOKE_SNS.clear();
        CrlPublicConstants.CRL_REVOKE_SNS.addAll(set);
        this.logger.info("本次定时任务获取吉大的CRL，SN集合大小为：{}", Integer.valueOf(CrlPublicConstants.CRL_REVOKE_SNS.size()));
    }
}
