package com.xdja.pki.service.crl;

import com.xdja.pki.api.crl.CrlService;
import com.xdja.pki.common.bean.CaInfo;
import com.xdja.pki.common.bean.Result;
import com.xdja.pki.common.bean.extension.LdapOcspUrlInfo;
import com.xdja.pki.common.config.Cache;
import com.xdja.pki.common.config.ConfigConstant;
import com.xdja.pki.common.config.ConfigJson;
import com.xdja.pki.common.enums.AlgTypeEnum;
import com.xdja.pki.common.enums.CaAlgInfoEnum;
import com.xdja.pki.common.enums.CertStatusEnum;
import com.xdja.pki.common.enums.CipherStrategyEnum;
import com.xdja.pki.common.enums.ErrorEnum;
import com.xdja.pki.common.enums.KeyAlgEnum;
import com.xdja.pki.common.enums.SystemEnum;
import com.xdja.pki.common.enums.UserCaTypeEnum;
import com.xdja.pki.common.util.CertUtil;
import com.xdja.pki.common.util.ExtensionUtil;
import com.xdja.pki.common.util.FileUtil;
import com.xdja.pki.dao.cert.CertDao;
import com.xdja.pki.dao.crl.CrlDao;
import com.xdja.pki.dao.crl.CrlDataDao;
import com.xdja.pki.dao.crl.CrlSnDao;
import com.xdja.pki.models.CertDO;
import com.xdja.pki.models.CrlDO;
import com.xdja.pki.models.CrlDataDO;
import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.X509CRL;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.CRLNumber;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.X509v2CRLBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CRLConverter;
import org.bouncycastle.operator.ContentSigner;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.stereotype.Service;

@Service("innerCaCrl")
/* loaded from: input_file:WEB-INF/lib/scms-service-impl-1.0-SNAPSHOT.jar:com/xdja/pki/service/crl/InnerCrlServiceImpl.class */
public class InnerCrlServiceImpl implements CrlService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private CrlRsaPublishRunner crlRsaPublishRunner;

    @Autowired
    private CrlPublishRunner crlPublishRunner;
    private static final Integer counts = 10000;

    @Autowired
    private CertDao certDao;

    @Autowired
    private CrlSnDao crlSnDao;

    @Autowired
    private CrlDao crlDao;

    @Autowired
    private CrlDataDao crlDataDao;

    @Override // com.xdja.pki.api.crl.CrlService
    public Result publishCrl(Date date, Map<String, Object> map) throws Exception {
        List<CertDO> certList = this.certDao.getCertList(Integer.valueOf(CertStatusEnum.REVOKE.value), AlgTypeEnum.SM2.alg);
        Integer count = this.certDao.getCount(AlgTypeEnum.SM2.alg);
        ConfigJson.CrlConf readCrlConf = ConfigJson.readCrlConf();
        int intValue = (count.intValue() / readCrlConf.getCrlCertNum().intValue()) + 1;
        HashMap hashMap = new HashMap();
        for (CertDO certDO : certList) {
            Integer valueOf = Integer.valueOf(certDO.getId().intValue() / readCrlConf.getCrlCertNum().intValue());
            List list = (List) hashMap.get(valueOf);
            if (null == list) {
                list = new ArrayList();
                hashMap.put(valueOf, list);
            }
            list.add(certDO);
        }
        CaInfo caInfo = Cache.caInfo.get(SystemEnum.USER_SYSTEM);
        Extension genAuthorityKeyIdentifier = ExtensionUtil.genAuthorityKeyIdentifier(null, false, caInfo.getRootCert());
        ArrayList arrayList = new ArrayList();
        arrayList.add(genAuthorityKeyIdentifier);
        HashMap hashMap2 = new HashMap();
        ArrayList arrayList2 = new ArrayList();
        Date date2 = new Date(date.getTime() + (readCrlConf.getCrlPublishCycle().longValue() * 60 * 1000));
        caInfo.setNexUpdate(date2);
        X500Name x500Name = new X500Name(RFC4519Style.INSTANCE, caInfo.getSubject());
        ContentSigner contentSigner = CipherStrategyEnum.getCipherStrategy(SystemEnum.USER_SYSTEM, 1).cipher.getContentSigner(caInfo.getSignAlg(), caInfo.getKeyPair().getPrivate());
        for (int i = 0; i < intValue; i++) {
            BigInteger sn = this.crlSnDao.getSn();
            String str = LdapOcspUrlInfo.CRL_NAME + i + LdapOcspUrlInfo.CRL_NAME_TAIL;
            hashMap2.put(str, generateX509CRL(x500Name, contentSigner, sn, date, date2, arrayList, (List) hashMap.get(Integer.valueOf(i))));
            arrayList2.add(new CrlDO(caInfo.getCaCertId(), str, sn.toString(16), date, date2, new Date()));
        }
        saveCrl(hashMap2, arrayList2);
        this.logger.info("crl发布成功，本次发布时间[{}],下次发布时间[{}]", date, date2);
        return Result.success();
    }

    @Override // com.xdja.pki.api.crl.CrlService
    public Result publishCrl(Date date, Map<String, Object> map, int i) throws Exception {
        List<CertDO> revokeNotExpireCertByCrlNum;
        Long valueOf = Long.valueOf(this.certDao.getCertCountsByAlg(i) / ConfigJson.readCrlConf().getCrlCertNum().longValue());
        HashMap hashMap = new HashMap();
        for (int i2 = 0; i2 <= valueOf.longValue(); i2++) {
            ArrayList arrayList = new ArrayList();
            do {
                revokeNotExpireCertByCrlNum = this.certDao.getRevokeNotExpireCertByCrlNum(i2, i, 1, counts.intValue());
                if (0 != revokeNotExpireCertByCrlNum.size()) {
                    arrayList.addAll(revokeNotExpireCertByCrlNum);
                }
                int i3 = 1 + 1;
            } while (revokeNotExpireCertByCrlNum.size() >= counts.intValue());
            hashMap.put(Integer.valueOf(i2), arrayList);
        }
        CaInfo caInfo = Cache.caInfo.get(CaAlgInfoEnum.getCaAlgInfoEnum(SystemEnum.USER_SYSTEM, i));
        Extension genAuthorityKeyIdentifier = ExtensionUtil.genAuthorityKeyIdentifier(null, false, caInfo.getRootCert());
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(genAuthorityKeyIdentifier);
        HashMap hashMap2 = new HashMap();
        ArrayList arrayList3 = new ArrayList();
        Date date2 = new Date(date.getTime() + (ConfigJson.readCrlConf().getCrlPublishCycle().longValue() * 60 * 1000));
        caInfo.setNexUpdate(date2);
        X500Name x500Name = new X500Name(RFC4519Style.INSTANCE, caInfo.getSubject());
        ContentSigner contentSigner = CipherStrategyEnum.getCipherStrategy(SystemEnum.USER_SYSTEM, i).cipher.getContentSigner(caInfo.getSignAlg(), caInfo.getKeyPair().getPrivate());
        for (int i4 = 0; i4 <= valueOf.longValue(); i4++) {
            BigInteger sn = this.crlSnDao.getSn();
            String str = KeyAlgEnum.getAlgName(i) + LdapOcspUrlInfo.CRL_NAME + i4 + LdapOcspUrlInfo.CRL_NAME_TAIL;
            hashMap2.put(str, generateX509CRL(x500Name, contentSigner, sn, date, date2, arrayList2, (List) hashMap.get(Integer.valueOf(i4))));
            arrayList3.add(new CrlDO(caInfo.getCaCertId(), str, sn.toString(16), date, date2, new Date()));
        }
        saveCrl(hashMap2, arrayList3);
        this.logger.info(KeyAlgEnum.getAlgName(i) + " crl发布成功，本次发布时间[{}],下次发布时间[{}]", date, date2);
        return Result.success();
    }

    @Override // com.xdja.pki.api.crl.CrlService
    public Result saveReportCrl(String str, byte[] bArr) {
        try {
            String str2 = ConfigConstant.crlPath;
            File file = new File(str2);
            if (file.exists() && file.isDirectory()) {
                File[] listFiles = file.listFiles();
                int length = listFiles.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    File file2 = listFiles[i];
                    if (file2.getName().contains(str)) {
                        FileUtil.readBytesFromFile(file2.getAbsolutePath());
                        FileUtil.deleteFile(file2.getAbsolutePath());
                        break;
                    }
                    i++;
                }
            } else {
                file.mkdirs();
            }
            FileUtil.writeBytesToFile(str2 + System.getProperty("file.separator") + (str + "_" + System.currentTimeMillis() + LdapOcspUrlInfo.CRL_NAME_TAIL), bArr);
            return Result.success(null);
        } catch (Exception e) {
            this.logger.error("保存上报crl文件失败,节点UUID:{}", str, e);
            return Result.failure(ErrorEnum.SAVE_CRL_FILE_ERROR);
        }
    }

    private void saveCrl(Map<String, X509CRL> map, List<CrlDO> list) {
        List<CrlDO> insert = this.crlDao.insert(list);
        ArrayList arrayList = new ArrayList();
        for (CrlDO crlDO : insert) {
            arrayList.add(new CrlDataDO(crlDO.getId(), CertUtil.toPem(map.get(crlDO.getName())), new Date()));
        }
        this.crlDataDao.insert(arrayList);
        for (String str : map.keySet()) {
            CertUtil.writeObjectToFile(map.get(str), ConfigConstant.crlPath + UserCaTypeEnum.INNER_CA.name + "/" + str);
            Cache.crl.put(str, CertUtil.toPem(map.get(str)));
        }
    }

    private X509CRL generateX509CRL(X500Name x500Name, ContentSigner contentSigner, BigInteger bigInteger, Date date, Date date2, List<Extension> list, List<CertDO> list2) throws Exception {
        X509v2CRLBuilder x509v2CRLBuilder = new X509v2CRLBuilder(x500Name, date);
        x509v2CRLBuilder.addExtension(Extension.cRLNumber, false, (ASN1Encodable) new CRLNumber(bigInteger));
        if (null != list) {
            Iterator<Extension> it = list.iterator();
            while (it.hasNext()) {
                x509v2CRLBuilder.addExtension(it.next());
            }
        }
        if (null != list2) {
            for (CertDO certDO : list2) {
                x509v2CRLBuilder.addCRLEntry(new BigInteger(certDO.getSn(), 16), certDO.getGmtModified(), certDO.getRevokeReason().intValue());
            }
        }
        x509v2CRLBuilder.setNextUpdate(date2);
        return new JcaX509CRLConverter().getCRL(x509v2CRLBuilder.build(contentSigner));
    }

    @Override // com.xdja.pki.api.crl.CrlService
    public synchronized void restartCrlThreads() {
        this.logger.info("收到重启CRL发布线程的请求");
        try {
            if (null != CrlPublicConstants.CRL_SM2_SCHEDULED_THREAD_EXECUTOR) {
                CrlPublicConstants.CRL_SM2_SCHEDULED_THREAD_EXECUTOR.shutdown();
                while (!CrlPublicConstants.CRL_SM2_SCHEDULED_THREAD_EXECUTOR.awaitTermination(1L, TimeUnit.SECONDS)) {
                    this.logger.info("关闭SM2\u3000CRL 发布线程池");
                    CrlPublicConstants.CRL_SM2_SCHEDULED_THREAD_EXECUTOR.shutdown();
                }
            }
            startSm2CrlPublish();
            if (null != CrlPublicConstants.CRL_RSA_SCHEDULED_THREAD_EXECUTOR) {
                CrlPublicConstants.CRL_RSA_SCHEDULED_THREAD_EXECUTOR.shutdown();
                while (!CrlPublicConstants.CRL_RSA_SCHEDULED_THREAD_EXECUTOR.awaitTermination(1L, TimeUnit.SECONDS)) {
                    this.logger.info("关闭RSA CRL发布线程池");
                    CrlPublicConstants.CRL_RSA_SCHEDULED_THREAD_EXECUTOR.shutdownNow();
                }
            }
            startRsaCrlPublish();
        } catch (Exception e) {
            this.logger.error("CRL发布线程重启失败，请手工重启tomcat防止CRL发布失败", (Throwable) e);
        }
    }

    @Override // com.xdja.pki.api.crl.CrlService
    public String getUpdateCrl(int i, int i2) {
        return this.crlDao.getUpdateCrlByCrlName(KeyAlgEnum.getAlgName(i2) + LdapOcspUrlInfo.CRL_NAME + i + LdapOcspUrlInfo.CRL_NAME_TAIL);
    }

    @Override // com.xdja.pki.api.crl.CrlService
    public int computeFragmentationCountByAlg(int i) {
        return Long.valueOf(this.certDao.getCertCountsByAlg(i) / ConfigJson.readCrlConf().getCrlCertNum().longValue()).intValue();
    }

    @Override // com.xdja.pki.api.crl.CrlService
    public Result downloadCrlByCrlName(String str, HttpServletResponse httpServletResponse) {
        try {
            if (!str.endsWith(LdapOcspUrlInfo.CRL_NAME_TAIL)) {
                str = str + LdapOcspUrlInfo.CRL_NAME_TAIL;
            }
            String updateCrlByCrlName = this.crlDao.getUpdateCrlByCrlName(str);
            if (StringUtils.isEmpty(updateCrlByCrlName)) {
                return Result.failure(ErrorEnum.CRL_IS_NOT_EXIST);
            }
            httpServletResponse.reset();
            httpServletResponse.setHeader(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=" + str);
            httpServletResponse.setContentType("application/octet-stream;charset=UTF-8");
            ServletOutputStream outputStream = httpServletResponse.getOutputStream();
            try {
                try {
                    outputStream.write(updateCrlByCrlName.getBytes());
                    outputStream.flush();
                    if (null == outputStream) {
                        return null;
                    }
                    outputStream.close();
                    return null;
                } catch (IOException e) {
                    this.logger.error("写文件失败", (Throwable) e);
                    if (null == outputStream) {
                        return null;
                    }
                    outputStream.close();
                    return null;
                }
            } catch (Throwable th) {
                if (null != outputStream) {
                    outputStream.close();
                }
                throw th;
            }
        } catch (Exception e2) {
            throw new RuntimeException("下载CRL异常", e2);
        }
    }

    public void startSm2CrlPublish() throws Exception {
        CrlPublishRunner.FRESH_PUBLISH_SM2_CRL = true;
        this.crlPublishRunner.run(new String[0]);
        this.logger.info("SM2 CRL发布线程池启动");
    }

    public void startRsaCrlPublish() throws Exception {
        CrlRsaPublishRunner.FRESH_PUBLISH_RSA_CRL = true;
        this.crlRsaPublishRunner.run(new String[0]);
        this.logger.info("RSA CRL发布线程池启动");
    }
}
