package com.xdja.cssp.key.server.api.impl;

import com.xdja.cssp.key.server.api.IKuepService;
import com.xdja.cssp.key.server.api.bean.AccountCertBean;
import com.xdja.cssp.key.server.api.bean.AccountDistinguishCertBean;
import com.xdja.cssp.key.server.api.bean.DeviceKuepBean;
import com.xdja.cssp.key.server.api.bean.KuepBean;
import com.xdja.cssp.key.server.api.bean.KuepubBean;
import com.xdja.cssp.key.server.api.common.ALG_TYPE;
import com.xdja.cssp.key.server.bean.AsymmetricKeyBean;
import com.xdja.cssp.key.server.business.IAccountKuepBusiness;
import com.xdja.cssp.key.server.entity.TAccountKuep;
import com.xdja.cssp.key.server.exception.KuepInitException;
import com.xdja.cssp.key.server.exception.RescourceNotFoundException;
import com.xdja.cssp.key.server.exception.RescourseConfictException;
import com.xdja.cssp.key.server.util.CertUtil;
import com.xdja.cssp.key.server.util.KeyUtil;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import javax.persistence.PersistenceException;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.util.encoders.Base64;
import org.hibernate.exception.ConstraintViolationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/xdja/cssp/key/server/api/impl/KuepServiceImpl.class */
public class KuepServiceImpl implements IKuepService {
    private Logger logger = LoggerFactory.getLogger(KuepServiceImpl.class);

    @Resource
    private IAccountKuepBusiness accountKuepBusiness;

    public DeviceKuepBean uploadKuep(KuepBean kuepBean) {
        this.logger.debug("uploadKuep begin ==>");
        if (!checkUploadKuepParam(kuepBean)) {
            throw new IllegalArgumentException("请求参数错误");
        }
        DeviceKuepBean deviceKuepBean = new DeviceKuepBean();
        try {
            deviceKuepBean = this.accountKuepBusiness.saveKuep(kuepBean);
        } catch (PersistenceException e) {
            if (e.getCause() != null && (e.getCause() instanceof ConstraintViolationException)) {
                deviceKuepBean = this.accountKuepBusiness.queryKuep(kuepBean.getAccount(), kuepBean.getKdepCertSn(), Integer.parseInt(kuepBean.getKdepCertAlg()));
                if (deviceKuepBean == null) {
                    this.logger.error("uploadKuep 处理失败 账号Kuep已存在", e);
                    throw new RescourseConfictException("账号Kuep已存在");
                }
            }
        }
        return deviceKuepBean;
    }

    private boolean checkDeviceKuepParam(DeviceKuepBean deviceKuepBean) {
        return (deviceKuepBean == null || StringUtils.isBlank(deviceKuepBean.getKdepCertSn()) || StringUtils.isBlank(deviceKuepBean.getEncryptKuepri()) || !ALG_TYPE.isExsit(deviceKuepBean.getKdepCertAlg())) ? false : true;
    }

    public void uploadDeviceKuep(DeviceKuepBean deviceKuepBean) {
        this.logger.debug("uploadDeviceKuep begin ==>");
        if (deviceKuepBean == null || StringUtils.isBlank(deviceKuepBean.getAccount()) || !checkDeviceKuepParam(deviceKuepBean)) {
            throw new IllegalArgumentException("请求参数错误");
        }
        if (this.accountKuepBusiness.queryKuep(deviceKuepBean.getAccount(), deviceKuepBean.getKdepCertSn(), Integer.parseInt(deviceKuepBean.getKdepCertAlg())) == null) {
            TAccountKuep findById = this.accountKuepBusiness.findById(deviceKuepBean.getKuepId());
            HashMap hashMap = new HashMap();
            hashMap.put(deviceKuepBean.getAccount(), deviceKuepBean.getKuepId());
            if (!this.accountKuepBusiness.checkKuepId(hashMap)) {
                throw new RescourseConfictException("KuepId与account不匹配");
            }
            this.accountKuepBusiness.saveDeviceKuep(findById.getId(), deviceKuepBean);
        }
    }

    public Map<String, KuepubBean> queryKuepubByAccounts(List<String> list) {
        this.logger.debug("queryKuepubByAccounts begin ==>");
        if (list == null || list.isEmpty()) {
            throw new IllegalArgumentException("请求参数错误");
        }
        return this.accountKuepBusiness.queryKuepubByAccounts(list);
    }

    public DeviceKuepBean queryDeviceKuep(DeviceKuepBean deviceKuepBean) {
        this.logger.debug("queryDeviceKuep begin account:{},kdepCertSn:{},kdepCertAlg:{}", new Object[]{deviceKuepBean.getAccount(), deviceKuepBean.getKdepCertSn(), deviceKuepBean.getKdepCertAlg()});
        if (StringUtils.isBlank(deviceKuepBean.getAccount()) || StringUtils.isBlank(deviceKuepBean.getKdepCertSn()) || !ALG_TYPE.isExsit(deviceKuepBean.getKdepCertAlg())) {
            throw new IllegalArgumentException("请求参数错误");
        }
        DeviceKuepBean queryKuep = this.accountKuepBusiness.queryKuep(deviceKuepBean.getAccount(), deviceKuepBean.getKdepCertSn(), Integer.parseInt(deviceKuepBean.getKdepCertAlg()));
        if (queryKuep == null) {
            throw new RescourceNotFoundException("Kuep不存在");
        }
        return queryKuep;
    }

    public Map<String, Boolean> checkAccoutsKuep(String... strArr) throws IllegalArgumentException {
        this.logger.debug("checkAccoutsKuep begin ==>");
        if (strArr == null || strArr.length <= 0) {
            throw new IllegalArgumentException("请求参数错误");
        }
        HashMap hashMap = new HashMap(strArr.length);
        Map<String, KuepubBean> queryKuepubByAccounts = this.accountKuepBusiness.queryKuepubByAccounts(Arrays.asList(strArr));
        for (int i = 0; i < strArr.length; i++) {
            if (queryKuepubByAccounts.containsKey(strArr[i])) {
                hashMap.put(strArr[i], Boolean.TRUE);
            } else {
                hashMap.put(strArr[i], Boolean.FALSE);
            }
        }
        return hashMap;
    }

    private boolean checkUploadKuepParam(KuepBean kuepBean) {
        if (kuepBean == null || StringUtils.isBlank(kuepBean.getKdepCertSn()) || StringUtils.isBlank(kuepBean.getKuepub()) || StringUtils.isBlank(kuepBean.getEncryptKuepri()) || !ALG_TYPE.isExsit(kuepBean.getKuepAlg()) || !ALG_TYPE.isExsit(kuepBean.getKdepCertAlg())) {
            return false;
        }
        if (kuepBean.getKeys() == null || kuepBean.getKeys().isEmpty()) {
            return true;
        }
        for (DeviceKuepBean deviceKuepBean : kuepBean.getKeys()) {
            if (StringUtils.isBlank(deviceKuepBean.getKdepCertSn()) || StringUtils.isBlank(deviceKuepBean.getEncryptKuepri()) || !ALG_TYPE.isExsit(deviceKuepBean.getKdepCertAlg())) {
                return false;
            }
        }
        return true;
    }

    public void accountKuepInit(List<AccountCertBean> list) {
        this.logger.debug("accountKuepInit begin ==>");
        long currentTimeMillis = System.currentTimeMillis();
        if (list == null || list.isEmpty()) {
            throw new IllegalArgumentException("请求参数错误 list不允许为空");
        }
        try {
            this.accountKuepBusiness.saveKueps(asslembelKuepBeans(getAccountCertBeans(list)));
            this.logger.debug("accountKuepInit end ==> 耗时：" + ((System.currentTimeMillis() - currentTimeMillis) / 1000) + "秒");
        } catch (Exception e) {
            e.printStackTrace();
            throw new KuepInitException("账号Kuep初始化产生密钥对异常", e);
        }
    }

    public void accountDistinguishKuepInit(List<AccountDistinguishCertBean> list) {
        this.logger.debug("accountDistinguishKuepInit begin ==>");
        if (list == null || list.isEmpty()) {
            throw new IllegalArgumentException("请求参数错误 list不允许为空");
        }
        ArrayList arrayList = new ArrayList();
        try {
            this.accountKuepBusiness.updateKueps(arrayList, asslembelDistinguishKuepBeans(list, arrayList));
        } catch (Exception e) {
            throw new KuepInitException("账号Kuep初始化产生密钥对异常", e);
        }
    }

    private KuepBean[] asslembelKuepBeans(List<AccountCertBean> list) throws Exception {
        KuepBean[] kuepBeanArr = new KuepBean[list.size()];
        int i = 0;
        for (AccountCertBean accountCertBean : list) {
            if (StringUtils.isBlank(accountCertBean.getAccount()) || StringUtils.isBlank(accountCertBean.getCert())) {
                throw new IllegalArgumentException("请求参数错误，account or cert can not be null");
            }
            KuepBean kuepBean = new KuepBean();
            kuepBean.setAccount(accountCertBean.getAccount());
            kuepBean.setKuepAlg(ALG_TYPE.sm2.value);
            AsymmetricKeyBean generateKey = KeyUtil.generateKey(kuepBean.getKuepAlg());
            kuepBean.setKuepub(base64Encode(generateKey.getPublickeyData()));
            kuepBean.setKeys(assembelDeviceKuepBean(generateKey.getPrivateKeyDate(), accountCertBean.getCert()));
            int i2 = i;
            i++;
            kuepBeanArr[i2] = kuepBean;
        }
        return kuepBeanArr;
    }

    private List<DeviceKuepBean> assembelDeviceKuepBean(byte[] bArr, String... strArr) {
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            X509Certificate certFromStr = CertUtil.getCertFromStr(str);
            DeviceKuepBean deviceKuepBean = new DeviceKuepBean();
            deviceKuepBean.setKdepCertAlg(CertUtil.getAlgFromCert(certFromStr));
            deviceKuepBean.setKdepCertSn(CertUtil.getSNFromCert(certFromStr));
            deviceKuepBean.setEncryptKuepri(base64Encode(KeyUtil.pubkeyEncrypt(bArr, certFromStr)));
            arrayList.add(deviceKuepBean);
        }
        return arrayList;
    }

    private KuepBean[] asslembelDistinguishKuepBeans(List<AccountDistinguishCertBean> list, List<String> list2) throws Exception {
        KuepBean[] kuepBeanArr = new KuepBean[list.size()];
        int i = 0;
        for (AccountDistinguishCertBean accountDistinguishCertBean : list) {
            if (StringUtils.isBlank(accountDistinguishCertBean.getAccount()) || StringUtils.isBlank(accountDistinguishCertBean.getDelAccount()) || accountDistinguishCertBean.getCerts() == null || accountDistinguishCertBean.getCerts().isEmpty()) {
                throw new IllegalArgumentException("请求参数错误，account or cert can not be null");
            }
            list2.add(accountDistinguishCertBean.getAccount());
            list2.add(accountDistinguishCertBean.getDelAccount());
            KuepBean kuepBean = new KuepBean();
            kuepBean.setAccount(accountDistinguishCertBean.getAccount());
            kuepBean.setKuepAlg(ALG_TYPE.sm2.value);
            AsymmetricKeyBean generateKey = KeyUtil.generateKey(kuepBean.getKuepAlg());
            kuepBean.setKuepub(base64Encode(generateKey.getPublickeyData()));
            kuepBean.setKeys(assembelDeviceKuepBean(generateKey.getPrivateKeyDate(), (String[]) accountDistinguishCertBean.getCerts().toArray(new String[accountDistinguishCertBean.getCerts().size()])));
            int i2 = i;
            i++;
            kuepBeanArr[i2] = kuepBean;
        }
        return kuepBeanArr;
    }

    private String base64Encode(byte[] bArr) {
        return new String(Base64.encode(bArr));
    }

    private List<AccountCertBean> getAccountCertBeans(List<AccountCertBean> list) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        Iterator<AccountCertBean> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getAccount());
        }
        Map<String, KuepubBean> queryKuepubByAccounts = this.accountKuepBusiness.queryKuepubByAccounts(arrayList);
        for (AccountCertBean accountCertBean : list) {
            if (!queryKuepubByAccounts.containsKey(accountCertBean.getAccount())) {
                arrayList2.add(accountCertBean);
            }
        }
        return arrayList2;
    }
}
