package com.xdja.pki.service.user;

import com.xdja.pki.api.cert.CertService;
import com.xdja.pki.api.config.LicenseService;
import com.xdja.pki.api.user.UserCertService;
import com.xdja.pki.bean.BeanTrans;
import com.xdja.pki.common.bean.CaInfo;
import com.xdja.pki.common.bean.Result;
import com.xdja.pki.common.config.Cache;
import com.xdja.pki.common.config.ConfigConstant;
import com.xdja.pki.common.enums.CaAlgInfoEnum;
import com.xdja.pki.common.enums.CertPatternEnum;
import com.xdja.pki.common.enums.CertPatternTemplageEnum;
import com.xdja.pki.common.enums.CertStatusEnum;
import com.xdja.pki.common.enums.CertUsageEnum;
import com.xdja.pki.common.enums.ErrorEnum;
import com.xdja.pki.common.enums.IsOrNotEnum;
import com.xdja.pki.common.enums.KeyIssueCertCount;
import com.xdja.pki.common.enums.SystemEnum;
import com.xdja.pki.common.enums.UserTypeEnum;
import com.xdja.pki.common.util.CertUtil;
import com.xdja.pki.common.util.P7bUtils;
import com.xdja.pki.common.util.RandomUtil;
import com.xdja.pki.common.util.ZipUtil;
import com.xdja.pki.dao.cert.CertDao;
import com.xdja.pki.dao.cert.UserCertDao;
import com.xdja.pki.dao.km.AsyCipherDao;
import com.xdja.pki.models.CertDO;
import com.xdja.pki.models.UserCertDO;
import com.xdja.pki.models.UserEncPrivateDO;
import com.xdja.pki.vo.Constants;
import com.xdja.pki.vo.user.CertSaveParam;
import com.xdja.pki.vo.user.CertVO;
import com.xdja.pki.vo.user.PersonUserIssueCertVO;
import java.io.ByteArrayOutputStream;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.codec.Base64;
import org.nutz.lang.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:WEB-INF/lib/scms-service-impl-1.0-SNAPSHOT.jar:com/xdja/pki/service/user/UserCertServiceImpl.class */
public class UserCertServiceImpl implements UserCertService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private CertDao certDao;

    @Autowired
    private CertService certService;

    @Autowired
    private UserCertDao userCertDao;

    @Autowired
    private LicenseService licenseService;

    @Autowired
    private AsyCipherDao asyCipherDao;

    @Value("${key.cert.count}")
    private Integer keyCertCount;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) UserCertServiceImpl.class);
    private static final BeanTrans<CertDO, CertVO> DO_TO_VO = (v0, v1) -> {
        BeanUtils.copyProperties(v0, v1);
    };
    private static final BeanTrans<CertVO, CertDO> VO_TO_DO = (v0, v1) -> {
        BeanUtils.copyProperties(v0, v1);
    };

    @Override // com.xdja.pki.api.user.UserCertService
    public Result generateUserCert(PublicKey publicKey, Integer num, String str, String str2, Integer num2, Integer num3, Integer num4, Map<String, Object> map) throws Exception {
        if (Strings.isNotBlank(str)) {
            Result checkP10 = CertUtil.checkP10(str, num, num4);
            if (checkP10.isNotSuccess()) {
                return checkP10;
            }
            if (null == num4) {
                num4 = Integer.valueOf(CertUtil.getKeySize((PublicKey) checkP10.getInfo()));
            }
        }
        CertPatternTemplageEnum instance = CertPatternTemplageEnum.instance(SystemEnum.USER_SYSTEM, num.intValue(), num3.intValue(), num4.intValue());
        Result checkLicense = this.licenseService.checkLicense(CertPatternEnum.isSignle(num3.intValue()));
        if (checkLicense.isNotSuccess()) {
            this.logger.error("签发用户证书时候，License存在问题");
            return checkLicense;
        }
        if (Strings.isNotBlank(str)) {
            return this.certService.generateUserCert(str, num2, instance, map);
        }
        if (publicKey == null) {
            return str2 != null ? this.certService.generateUserCert(num2, str2, instance, map) : Result.success();
        }
        Result checkPublic = CertUtil.checkPublic(publicKey, num, num4);
        return checkPublic.isNotSuccess() ? checkPublic : this.certService.generateUserCert(publicKey, str2, num2, instance, map);
    }

    @Override // com.xdja.pki.api.user.UserCertService
    public Map<String, String> saveCerts(Result result, CertSaveParam certSaveParam, CaInfo caInfo) {
        try {
            HashMap hashMap = new HashMap();
            Map map = (Map) result.infoData(HashMap.class);
            Integer num = (Integer) map.get("crlNum");
            X509Certificate x509Certificate = (X509Certificate) map.get(Constants.PARAM_SIGN_CERT);
            X509Certificate x509Certificate2 = (X509Certificate) map.get(Constants.PARAM_ENC_CERT);
            String str = (String) map.get("refCode");
            if (map.containsKey(Constants.PARAM_ENC_PRIVATE)) {
            }
            Object obj = map.get(Constants.PARAM_SIGNED_AND_ENVELOP_DATA);
            String str2 = null;
            if (obj != null) {
                str2 = (String) obj;
            }
            CertDO parseDo = parseDo(x509Certificate, certSaveParam, caInfo, str);
            parseDo.setCrlNum(num);
            String certData = getCertData(x509Certificate);
            if (null != x509Certificate2) {
                parseDo.setType(Integer.valueOf(CertUsageEnum.SIGNATURE.value));
            } else {
                parseDo.setType(Integer.valueOf(CertUsageEnum.SINGLE.value));
            }
            CertDO saveCertWithData = this.certDao.saveCertWithData(parseDo, certData);
            if (null != x509Certificate2) {
                CertDO parseDo2 = parseDo(x509Certificate2, certSaveParam, caInfo, str);
                parseDo2.setCrlNum(num);
                parseDo2.setPairCertId(saveCertWithData.getId());
                parseDo2.setPairCertSn(saveCertWithData.getSn());
                parseDo2.setType(Integer.valueOf(CertUsageEnum.ENCRYPTION.value));
                String certData2 = getCertData(x509Certificate2);
                CertDO saveCertWithData2 = this.certDao.saveCertWithData(parseDo2, certData2);
                saveCertWithData.setPairCertId(saveCertWithData2.getId());
                saveCertWithData.setPairCertSn(saveCertWithData2.getSn());
                this.certDao.update(saveCertWithData);
                Object obj2 = map.get("privateId");
                if (null != obj2) {
                    this.asyCipherDao.updateCertSnById((Long) obj2, x509Certificate.getSerialNumber().toString(16), x509Certificate.getNotBefore(), x509Certificate.getNotAfter());
                }
                hashMap.put(Constants.PARAM_ENC_CERT, CertUtil.formatCertForCard(certData2));
                hashMap.put("encKey", str2);
            }
            UserCertDO userCertDO = new UserCertDO();
            if (certSaveParam.getUserType() == UserTypeEnum.PERSON_USER.type) {
                userCertDO.setUserId(certSaveParam.getUserId());
            } else {
                userCertDO.setDeviceId(certSaveParam.getUserId());
            }
            userCertDO.setCertId(saveCertWithData.getId());
            userCertDO.setGmtCreate(certSaveParam.getNow());
            this.userCertDao.saveUserCert(userCertDO);
            hashMap.put(Constants.PARAM_SIGN_CERT, CertUtil.formatCertForCard(certData));
            hashMap.put("signSn", parseDo.getSn());
            return hashMap;
        } catch (Exception e) {
            throw new RuntimeException("保存用户证书异常", e);
        }
    }

    @Override // com.xdja.pki.api.user.UserCertService
    public CertVO queryCertBySn(String str) {
        CertDO queryCertBySn = this.certDao.queryCertBySn(str);
        if (null == queryCertBySn) {
            return null;
        }
        CertVO certVO = new CertVO();
        DO_TO_VO.doTrans(queryCertBySn, certVO);
        return certVO;
    }

    @Override // com.xdja.pki.api.user.UserCertService
    public List<CertVO> getDoubleCertBySignSn(String str) {
        List<CertDO> doubleCertBySignSn = this.certDao.getDoubleCertBySignSn(str);
        if (doubleCertBySignSn == null || doubleCertBySignSn.isEmpty()) {
            return null;
        }
        ArrayList arrayList = new ArrayList(doubleCertBySignSn.size());
        doubleCertBySignSn.forEach(certDO -> {
            CertVO certVO = new CertVO();
            DO_TO_VO.doTrans(certDO, certVO);
            arrayList.add(certVO);
        });
        return arrayList;
    }

    @Override // com.xdja.pki.api.user.UserCertService
    public byte[] downloadUserCertBySn(String str) {
        try {
            List<CertVO> doubleCertBySignSn = getDoubleCertBySignSn(str);
            if (doubleCertBySignSn != null && !doubleCertBySignSn.isEmpty()) {
                X509Certificate certFromBase64Str = CertUtil.getCertFromBase64Str(this.certDao.getCertData(doubleCertBySignSn.get(0).getId().longValue()));
                X509Certificate x509Certificate = null;
                if (doubleCertBySignSn.size() > 1) {
                    x509Certificate = CertUtil.getCertFromBase64Str(this.certDao.getCertData(doubleCertBySignSn.get(1).getId().longValue()));
                }
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                downloadUserCert(certFromBase64Str, x509Certificate, null, null, "", SystemEnum.USER_SYSTEM, 1, null, byteArrayOutputStream);
                return byteArrayOutputStream.toByteArray();
            }
        } catch (Exception e) {
            LOGGER.error("下载用户证书失败", (Throwable) e);
        }
        return new byte[0];
    }

    @Override // com.xdja.pki.api.user.UserCertService
    public void downloadUserCert(X509Certificate x509Certificate, X509Certificate x509Certificate2, PrivateKey privateKey, PrivateKey privateKey2, String str, SystemEnum systemEnum, Integer num, Integer num2, OutputStream outputStream) throws Exception {
        HashMap hashMap = new HashMap();
        CaInfo caInfo = systemEnum.type == SystemEnum.USER_SYSTEM.type ? Cache.caInfo.get(CaAlgInfoEnum.getCaAlgInfoEnum(SystemEnum.USER_SYSTEM, CertUtil.getCertKeyAlg(x509Certificate.getPublicKey()).type)) : Cache.caInfo.get(CaAlgInfoEnum.getCaAlgInfoEnum(SystemEnum.ADMIN_SYSTEM, ConfigConstant.innerAdminSystemAlg.intValue()));
        hashMap.put("CACert.p7b", caInfo.getCertChain().getBytes());
        if (1 != num.intValue()) {
            String randomNumber = RandomUtil.getRandomNumber(6);
            char[] charArray = randomNumber.toCharArray();
            String str2 = "_" + randomNumber;
            List<X509Certificate> resolveCertChain = P7bUtils.resolveCertChain(caInfo.getCertChain());
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(resolveCertChain);
            arrayList.add(x509Certificate);
            ArrayList arrayList2 = new ArrayList();
            arrayList2.addAll(resolveCertChain);
            String bigInteger = x509Certificate.getSerialNumber().toString(16);
            if (1 == num2.intValue()) {
                String str3 = str2 + ".p12";
                if (null == privateKey2) {
                    p12BytesIntoMap(hashMap, arrayList, privateKey, "UserCert" + str3, charArray, bigInteger);
                } else {
                    p12BytesIntoMap(hashMap, arrayList, privateKey, "SignCert" + str3, charArray, bigInteger);
                    if (null != privateKey2) {
                        arrayList2.add(x509Certificate2);
                        p12BytesIntoMap(hashMap, arrayList2, privateKey2, "EncCert" + str3, charArray, x509Certificate2.getSerialNumber().toString(16));
                    }
                }
            } else {
                String str4 = str2 + ".jks";
                if (null == privateKey2) {
                    jksBytesIntoMap(hashMap, arrayList, privateKey, "UserCert" + str4, charArray, bigInteger);
                } else {
                    jksBytesIntoMap(hashMap, arrayList, privateKey, "SignCert" + str4, charArray, bigInteger);
                    if (null != privateKey2) {
                        arrayList2.add(x509Certificate2);
                        jksBytesIntoMap(hashMap, arrayList2, privateKey2, "EncCert" + str4, charArray, x509Certificate2.getSerialNumber().toString(16));
                    }
                }
            }
        } else if (null == x509Certificate2) {
            hashMap.put("UserCert.p7b", p7bBytes(x509Certificate, caInfo));
        } else {
            hashMap.put("SignCert.p7b", p7bBytes(x509Certificate, caInfo));
            if (x509Certificate2 != null) {
                hashMap.put("EncCert.p7b", p7bBytes(x509Certificate2, caInfo));
                if (StringUtils.isNotEmpty(str)) {
                    hashMap.put("EncPrivateKey.pem", str.getBytes());
                }
            }
        }
        ZipUtil.toZip(hashMap, outputStream);
    }

    @Override // com.xdja.pki.api.user.UserCertService
    public Result revoke(String str, int i, String str2) {
        try {
            return this.certService.revokeUserCert(str, null, "", Integer.valueOf(i), str2, null);
        } catch (Exception e) {
            throw new RuntimeException("撤销证书异常", e);
        }
    }

    @Override // com.xdja.pki.api.user.UserCertService
    public Result generateUserCert(PersonUserIssueCertVO personUserIssueCertVO, boolean z) throws Exception {
        Result publicKeyFromP10;
        CaInfo caInfo = Cache.caInfo.get(CaAlgInfoEnum.getCaAlgInfoEnum(SystemEnum.USER_SYSTEM, personUserIssueCertVO.getAlg().intValue()));
        if (null == caInfo || null == caInfo.getCaCertId()) {
            this.logger.error("CA未初始化");
            return Result.failure(ErrorEnum.CA_NOT_INITED_COMLETE);
        }
        if (KeyIssueCertCount.isLimitedKeyIssueCertCounts(this.keyCertCount.intValue()) && this.certDao.getCountByCardNo(personUserIssueCertVO.getCardNo()) >= 1) {
            this.logger.error("一个UK只能签发一个或一对证书，cardNo=[{}]", personUserIssueCertVO.getCardNo());
            return Result.failure(ErrorEnum.CARD_HAS_EXIST_CERT);
        }
        Object obj = Cache.CARD_TYPE_NOTE_CACHE.get(String.valueOf(personUserIssueCertVO.getCardType()));
        if (null == obj) {
            this.logger.error("不支持的卡类型[{}]", personUserIssueCertVO.getCardType());
            return Result.failure(ErrorEnum.CARD_TYPE_IS_INVALID);
        }
        if (z) {
            HashMap hashMap = new HashMap();
            hashMap.put(Constants.PARAM_CARD_NO, personUserIssueCertVO.getCardNo());
            hashMap.put(Constants.PARAM_USER_ID, personUserIssueCertVO.getUserId());
            hashMap.put(Constants.USER_TYPE, personUserIssueCertVO.getUserType());
            publicKeyFromP10 = generateUserCert(null, personUserIssueCertVO.getAlg(), personUserIssueCertVO.getP10(), "", personUserIssueCertVO.getValidity(), personUserIssueCertVO.getCertType(), personUserIssueCertVO.getAlgLength(), hashMap);
        } else {
            String buildDn = CertUtil.buildDn(personUserIssueCertVO.getCardNo(), personUserIssueCertVO.getName(), obj.toString(), caInfo.getBaseDn());
            publicKeyFromP10 = CertUtil.getPublicKeyFromP10(personUserIssueCertVO.getP10());
            if (publicKeyFromP10.isSuccess()) {
                publicKeyFromP10 = generateUserCert((PublicKey) publicKeyFromP10.getInfo(), personUserIssueCertVO.getAlg(), null, buildDn, personUserIssueCertVO.getValidity(), personUserIssueCertVO.getCertType(), personUserIssueCertVO.getAlgLength(), null);
            }
        }
        if (publicKeyFromP10.isSuccess()) {
            publicKeyFromP10 = Result.success(saveCerts(publicKeyFromP10, new CertSaveParam(new Date(), personUserIssueCertVO.getUserId(), SystemEnum.USER_SYSTEM.type, personUserIssueCertVO.getCardNo(), Integer.valueOf(personUserIssueCertVO.getCardType().intValue())), caInfo));
        }
        return publicKeyFromP10;
    }

    @Override // com.xdja.pki.api.user.UserCertService
    public boolean isCardNoCertExist(String str) {
        return this.certDao.getCountByCardNo(str) > 0;
    }

    private void setRevoke(CertDO certDO, int i, String str, Date date) {
        certDO.setRevokeNote(str);
        certDO.setRevokeReason(Integer.valueOf(i));
        certDO.setGmtModified(date);
        certDO.setStatus(Integer.valueOf(CertStatusEnum.REVOKE.value));
    }

    private void jksBytesIntoMap(Map<String, byte[]> map, List<X509Certificate> list, PrivateKey privateKey, String str, char[] cArr, String str2) throws Exception {
        KeyStore generateJks = CertUtil.generateJks(str2, privateKey, list, cArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        generateJks.store(byteArrayOutputStream, cArr);
        map.put(str, byteArrayOutputStream.toByteArray());
    }

    private void p12BytesIntoMap(Map<String, byte[]> map, List<X509Certificate> list, PrivateKey privateKey, String str, char[] cArr, String str2) throws Exception {
        KeyStore generateP12 = CertUtil.generateP12(str2, privateKey, list, cArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        generateP12.store(byteArrayOutputStream, cArr);
        map.put(str, byteArrayOutputStream.toByteArray());
    }

    private byte[] p7bBytes(X509Certificate x509Certificate, CaInfo caInfo) throws Exception {
        List<X509Certificate> resolveCertChain = P7bUtils.resolveCertChain(caInfo.getCertChain());
        resolveCertChain.add(x509Certificate);
        return P7bUtils.createCertChainByCerts(CertUtil.sortCerts(resolveCertChain)).getBytes();
    }

    private UserEncPrivateDO parseUserEncPrivateDo(X509Certificate x509Certificate, PrivateKey privateKey, CaInfo caInfo, Date date) {
        UserEncPrivateDO userEncPrivateDO = new UserEncPrivateDO();
        userEncPrivateDO.setCaCertId(caInfo.getCaCertId());
        userEncPrivateDO.setSn(x509Certificate.getSerialNumber().toString(16));
        userEncPrivateDO.setSubject(x509Certificate.getSubjectDN().getName());
        userEncPrivateDO.setPublicKeyAlg(Integer.valueOf(CertUtil.getCertKeyAlg(x509Certificate.getPublicKey()).type));
        userEncPrivateDO.setPrivateKeySize(Integer.valueOf(CertUtil.getKeySize(x509Certificate.getPublicKey())));
        userEncPrivateDO.setNotBeforeTime(x509Certificate.getNotBefore());
        userEncPrivateDO.setNotAfterTime(x509Certificate.getNotAfter());
        userEncPrivateDO.setPrivateDate(new String(Base64.encode(privateKey.getEncoded())));
        userEncPrivateDO.setStatus(Integer.valueOf(IsOrNotEnum.IS.value));
        userEncPrivateDO.setGmtCreate(date);
        userEncPrivateDO.setGmtModified(date);
        return userEncPrivateDO;
    }

    private CertDO parseDo(X509Certificate x509Certificate, CertSaveParam certSaveParam, CaInfo caInfo, String str) throws Exception {
        CertDO certDO = new CertDO();
        certDO.setCaCertId(caInfo.getCaCertId());
        certDO.setCardNo(StringUtils.isBlank(certSaveParam.getCardNo()) ? "device_card_no" : certSaveParam.getCardNo());
        certDO.setSn(x509Certificate.getSerialNumber().toString(16));
        certDO.setSubject(CertUtil.getSubjectByX509Cert(x509Certificate));
        certDO.setIssuer(caInfo.getSubject());
        certDO.setNotBeforeTime(x509Certificate.getNotBefore());
        certDO.setNotAfterTime(x509Certificate.getNotAfter());
        PublicKey publicKey = x509Certificate.getPublicKey();
        certDO.setPrivateKeySize(Integer.valueOf(CertUtil.getKeySize(publicKey)));
        certDO.setSignAlg(CertUtil.getCertSignAlg(x509Certificate).code);
        certDO.setPublicKeyAlg(Integer.valueOf(CertUtil.getCertKeyAlg(publicKey).type));
        certDO.setStatus(Integer.valueOf(CertStatusEnum.NORMAL.value));
        certDO.setGmtCreate(certSaveParam.getNow());
        certDO.setGmtModified(certSaveParam.getNow());
        certDO.setCardType(certSaveParam.getCardType());
        certDO.setRefCode(str);
        return certDO;
    }

    private String getCertData(X509Certificate x509Certificate) {
        try {
            return new String(Base64.encode(x509Certificate.getEncoded()));
        } catch (CertificateEncodingException e) {
            LOGGER.error("X509Certificate getEncoded 异常", (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    @Override // com.xdja.pki.api.user.UserCertService
    public Result generateAdminCert(String str, String str2, Integer num, Map<String, Object> map) throws Exception {
        String adminTemplateName = CertPatternTemplageEnum.getAdminTemplateName(ConfigConstant.innerAdminSystemAlg.intValue());
        if (null == map) {
            map = new HashMap();
        }
        if (Strings.isNotBlank(str)) {
            map.put("subject", str2);
            return this.certService.generateAdminCert(str, num.intValue(), adminTemplateName, map);
        }
        if (StringUtils.isNotEmpty(str2)) {
            return this.certService.generateAdminCert(num.intValue(), str2, adminTemplateName, map);
        }
        LOGGER.error("生成正证书参数为空: [publicKey, p10, subject]");
        throw new RuntimeException("生成正证书参数为空: [publicKey, p10, subject]");
    }
}
