package com.xdja.cryptoappkit.device.soft;

import com.xdja.cryptoappkit.domain.bean.CryptoAppKitProperties;
import com.xdja.cryptoappkit.domain.exception.CryptOperatorException;
import com.xdja.cryptoappkit.domain.operator.cert.CertOperator;
import java.io.ByteArrayInputStream;
import java.security.cert.CRL;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/xdja/cryptoappkit/device/soft/SoftCertOperator.class */
public class SoftCertOperator implements CertOperator {
    private static final int CERT_VALIDITY_TYPE_CRL = 1;
    private static final int CERT_VALIDITY_TYPE_OCSP = 2;
    CryptoAppKitProperties.CertInfo certInfo = CryptoAppKitProperties.getInstance().getCertInfo();
    private static final SoftCertOperator softCryptOperator = new SoftCertOperator();

    public static SoftCertOperator getInstance() {
        return softCryptOperator;
    }

    @Override // com.xdja.cryptoappkit.domain.operator.cert.CertOperator
    public boolean certVerify(String str) {
        if (StringUtils.isBlank(this.certInfo.getRootCertPath())) {
            throw new CryptOperatorException("根证书路径没有配置");
        }
        if (StringUtils.isBlank(this.certInfo.getCertChainFilePath())) {
            throw new CryptOperatorException("证书链文件路径没有配置");
        }
        SoftOperatorUtil.checkCertChain(str, this.certInfo.getRootCertPath(), this.certInfo.getCertChainFilePath());
        if (1 == this.certInfo.getCertValidityType()) {
            checkCertByLdap(str, this.certInfo.getCrlDn(), this.certInfo.getLdapIp(), this.certInfo.getLdapPort(), this.certInfo.getCrlFileCachePath());
            return true;
        }
        if (2 == this.certInfo.getCertValidityType()) {
            return true;
        }
        throw new CryptOperatorException("证书的撤销状态选择crl和ocsp中的一种检验方式");
    }

    private void checkCertByLdap(String str, String str2, String str3, String str4, String str5) {
        String lowerCase = SoftOperatorUtil.getX509CertificateByCert(str).getSerialNumber().toString(16).toLowerCase();
        List<X509CRL> crlList = SoftOperatorUtil.getCrlList(str5);
        if (null == crlList) {
            crlList = getCrlList(str2, str3, str4, str5);
        }
        Iterator<X509CRL> it = crlList.iterator();
        while (it.hasNext()) {
            Set<? extends X509CRLEntry> revokedCertificates = it.next().getRevokedCertificates();
            if (null != revokedCertificates) {
                Iterator<? extends X509CRLEntry> it2 = revokedCertificates.iterator();
                while (it2.hasNext()) {
                    if (lowerCase.equals(it2.next().getSerialNumber().toString(16).toLowerCase())) {
                        throw new CryptOperatorException("该证书已撤销不可用");
                    }
                }
            }
        }
    }

    private List<X509CRL> getCrlList(String str, String str2, String str3, String str4) {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", "ldap://" + str2 + ":" + str3 + "/");
        DirContext dirContext = null;
        ArrayList arrayList = new ArrayList();
        try {
            try {
                dirContext = new InitialDirContext(hashtable);
                for (String str5 : str.split(":")) {
                    if (null != str5 && str5.length() > 0) {
                        byte[] lookupCrl = SoftOperatorUtil.lookupCrl(dirContext, str, this.certInfo.getCrlAttrName());
                        new Thread(() -> {
                            SoftOperatorUtil.saveCrlFile(lookupCrl, str4);
                        }).start();
                        CRL generateCRL = CertificateFactory.getInstance("X.509", "BC").generateCRL(new ByteArrayInputStream(lookupCrl));
                        if (null != generateCRL) {
                            arrayList.add((X509CRL) generateCRL);
                        }
                    }
                }
                if (null != dirContext) {
                    try {
                        dirContext.close();
                    } catch (NamingException e) {
                        throw new CryptOperatorException("ldap流关闭失败");
                    }
                }
                return arrayList;
            } catch (Exception e2) {
                throw new CryptOperatorException("获取CRL列表失败：" + e2.getMessage());
            }
        } catch (Throwable th) {
            if (null != dirContext) {
                try {
                    dirContext.close();
                } catch (NamingException e3) {
                    throw new CryptOperatorException("ldap流关闭失败");
                }
            }
            throw th;
        }
    }
}
