package com.xdja.pki.ca.certcrl.service;

import com.xdja.pki.ca.certmanager.dao.ArlDao;
import com.xdja.pki.ca.certmanager.dao.ArlDataDao;
import com.xdja.pki.ca.certmanager.dao.CrlDao;
import com.xdja.pki.ca.certmanager.dao.CrlDataDao;
import com.xdja.pki.ca.certmanager.dao.DeltaRevokeCertDao;
import com.xdja.pki.ca.certmanager.dao.RevokeCertDao;
import com.xdja.pki.ca.certmanager.dao.TemplateUserCertDao;
import com.xdja.pki.ca.certmanager.dao.models.CrlBeanDo;
import com.xdja.pki.ca.certmanager.dao.models.DeltaRevokedCertDO;
import com.xdja.pki.ca.certmanager.dao.models.TemplateUserCertDO;
import com.xdja.pki.ca.certmanager.service.subsystem.SubSystemService;
import com.xdja.pki.ca.certmanager.service.util.ExtensionUtil;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.CrlConstants;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.core.util.CrlUtil;
import com.xdja.pki.ca.core.util.time.IssueTimeUtil;
import com.xdja.pki.ca.securitymanager.dao.CaCertDao;
import com.xdja.pki.ca.securitymanager.dao.CertSnDao;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.ca.securitymanager.service.vo.DefaulSignNameEnum;
import com.xdja.pki.ca.securitymanager.service.vo.SignAlgTypeEnum;
import com.xdja.pki.gmssl.crypto.sdf.SdfCryptoType;
import com.xdja.pki.gmssl.x509.utils.GMSSLCRLUtils;
import com.xdja.pki.gmssl.x509.utils.GMSSLExtensionUtils;
import com.xdja.pki.gmssl.x509.utils.bean.CRLEntry;
import com.xdja.pki.ldap.sdk.ca.LDAPCASDK;
import com.xdja.pki.ldap.sdk.ca.LDAPUrlUtils;
import java.math.BigInteger;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:WEB-INF/lib/ca-service-certcrl-impl-0.0.1-SNAPSHOT.jar:com/xdja/pki/ca/certcrl/service/CRLServiceImpl.class */
public class CRLServiceImpl implements CrlService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private DeltaRevokeCertDao deltaRevokeCertDao;

    @Autowired
    private CertSnDao certSnDao;

    @Autowired
    private RevokeCertDao revokeCertDao;

    @Autowired
    private CrlDao crlDao;

    @Autowired
    private CrlDataDao crlDataDao;

    @Autowired
    private CaCertDao caCertDao;

    @Autowired
    private ArlDao arlDao;

    @Autowired
    private ArlDataDao arlDataDao;

    @Autowired
    private SubSystemService subSystemService;

    @Autowired
    private TemplateUserCertDao templateUserCertDao;

    @Value("${ldapsdk.response.overtime}")
    public int ldapsdkOutTime;

    @Override // com.xdja.pki.ca.certcrl.service.CrlService
    public void saveDeltaCrlInfo(String str, String str2, Integer num, Integer num2, Date date) {
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new DeltaRevokedCertDO(str, num, num2, date));
            if (null != str2) {
                arrayList.add(new DeltaRevokedCertDO(str2, num, num2, date));
            }
            this.deltaRevokeCertDao.saveBatch(arrayList);
        } catch (Exception e) {
            throw new ServiceException("保存增量CRL信息异常", e);
        }
    }

    @Override // com.xdja.pki.ca.certcrl.service.CrlService
    public void saveDeltaCrlInfo(String str, Integer num, Integer num2, Date date) {
        try {
            this.deltaRevokeCertDao.save(new DeltaRevokedCertDO(str, num, num2, date));
        } catch (Exception e) {
            throw new ServiceException("保存增量CRL信息异常", e);
        }
    }

    @Override // com.xdja.pki.ca.certcrl.service.CrlService
    public void doIssueCrl(Date date, Integer num) {
        CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(num);
        List<X509Certificate> caCertsByCaId = this.caCertDao.getCaCertsByCaId(caInfoVO.getCaId());
        int computeSnFragmentantation = CrlUtil.computeSnFragmentantation(BigInteger.valueOf(this.certSnDao.getMaxId().longValue()), caInfoVO.getCrlConfig().getCertCounts().intValue());
        Date nextUpdateDate = IssueTimeUtil.getNextUpdateDate(date, caInfoVO.getCrlConfig().getReleaseCycle());
        Map<Integer, X509CRL> hashMap = new HashMap<>();
        HashMap hashMap2 = new HashMap();
        ArrayList arrayList = new ArrayList();
        try {
            arrayList.add(ExtensionUtil.genAuthorityKeyIdentifier(null, false, caInfoVO.getRootCert()));
            int i = 0;
            while (true) {
                List<CrlBeanDo> snsForCrl = this.revokeCertDao.getSnsForCrl(num, date, i, CrlConstants.DB_READ_COUNTS.intValue());
                if (null == snsForCrl || 0 == snsForCrl.size()) {
                    break;
                }
                ArrayList arrayList2 = new ArrayList();
                copyList(snsForCrl, arrayList2);
                i += CrlConstants.DB_READ_COUNTS.intValue();
                for (int i2 = 0; i2 < arrayList2.size(); i2++) {
                    CRLEntry cRLEntry = arrayList2.get(i2);
                    String userCertificateSerial = cRLEntry.getUserCertificateSerial();
                    Integer valueOf = Integer.valueOf(CrlUtil.computeSnFragmentantation(new BigInteger(userCertificateSerial, 16), caInfoVO.getCrlConfig().getCertCounts().intValue()));
                    TemplateUserCertDO queryBySn = this.templateUserCertDao.queryBySn(userCertificateSerial);
                    Integer valueOf2 = queryBySn.isOpenCrl() ? Integer.valueOf((queryBySn.getTemplateId().intValue() * CrlConstants.TRANSLATION_17.intValue()) + valueOf.intValue()) : Integer.valueOf((CrlConstants.COMMON_CRL_TEMPLATE_ID.intValue() * CrlConstants.TRANSLATION_17.intValue()) + valueOf.intValue());
                    List list = (List) hashMap2.get(valueOf2);
                    if (null == list) {
                        list = new ArrayList();
                    }
                    list.add(cRLEntry);
                    hashMap2.put(valueOf2, list);
                }
            }
            for (int i3 = 0; i3 <= computeSnFragmentantation; i3++) {
                if (null == ((List) hashMap2.get(Integer.valueOf(i3)))) {
                    hashMap2.put(Integer.valueOf(i3), new ArrayList());
                }
            }
            for (Integer num2 : hashMap2.keySet()) {
                BigInteger crlMaxSn = this.certSnDao.getCrlMaxSn(new Date());
                List list2 = (List) hashMap2.get(num2);
                hashMap.put(num2, Constants.CRYPT_DEVICE_TYPE.equals(Constants.CRYPT_DEVICE_BC) ? GMSSLCRLUtils.generateCRLByBC(caInfoVO.getRootCert(), caInfoVO.getRootPrivateKey(), SignAlgTypeEnum.getAlgName(Integer.parseInt(caInfoVO.getSignAlg())), crlMaxSn, date, nextUpdateDate, arrayList, list2) : GMSSLCRLUtils.generateCRLByYunhsm(caInfoVO.getRootCert(), caInfoVO.getCaPwdBean().getKeyIndex().intValue(), caInfoVO.getCaPwdBean().getPrivateKeyPin(), DefaulSignNameEnum.getAlgName(Constants.BASE_ALG_TYPE.intValue()), crlMaxSn, date, nextUpdateDate, arrayList, list2));
            }
            saveCrlData(hashMap, caInfoVO.getCertId());
            if (caInfoVO.getCrlConfig().isDelta()) {
                this.deltaRevokeCertDao.deleteBatch(hashMap, num);
            }
            for (Integer num3 : hashMap.keySet()) {
                CertUtil.writeObjToFile(hashMap.get(num3), "/home/xdja/conf/ca/crl" + num3 + CrlConstants.CRL_NAME_TAIL);
            }
            if (null == caInfoVO.getLdapConfig() || !StringUtils.isNotBlank(caInfoVO.getLdapConfig().getMasterURL())) {
                this.logger.info("没有配置LDAP服务信息，不向LDAP服务器上发布CRL");
            } else {
                List<X509Certificate> allLdapServerCerts = this.subSystemService.getAllLdapServerCerts();
                this.logger.info("开始向LDAP服务器发布CRL列表");
                LDAPCASDK ldapcasdk = Constants.CRYPT_DEVICE_TYPE.equals(Constants.CRYPT_DEVICE_BC) ? new LDAPCASDK(caCertsByCaId, caInfoVO.getKeyPair(), caInfoVO.getLdapConfig().getMasterURL(), null, allLdapServerCerts, null) : new LDAPCASDK(caCertsByCaId, caInfoVO.getCaPwdBean().getKeyIndex().intValue(), caInfoVO.getCaPwdBean().getPrivateKeyPin(), SdfCryptoType.YUNHSM, caInfoVO.getLdapConfig().getMasterURL(), null, allLdapServerCerts, null);
                ldapcasdk.setTime(this.ldapsdkOutTime);
                for (Integer num4 : hashMap.keySet()) {
                    this.logger.debug("向LDAP服务器发布分片号为" + num4 + "的CRL结束，返回reason:" + ldapcasdk.sendCRL(num4.intValue(), hashMap.get(num4)).getReason());
                }
                this.logger.info("向LDAP服务器发布CRL列表结束");
            }
        } catch (Exception e) {
            throw new ServiceException("签发全量CRL失败", e);
        }
    }

    private void copyList(List<CrlBeanDo> list, List<CRLEntry> list2) {
        for (CrlBeanDo crlBeanDo : list) {
            list2.add(new CRLEntry(crlBeanDo.getUserCertificateSerial(), crlBeanDo.getRevocationDate(), crlBeanDo.getReason().intValue()));
        }
    }

    private void saveCrlData(Map<Integer, X509CRL> map, Long l) {
        this.crlDataDao.saveCrlDatas(map, this.crlDao.saveCrls(l, map));
    }

    @Override // com.xdja.pki.ca.certcrl.service.CrlService
    public void doIssueDeltaCrl(Date date, Integer num) {
        ArrayList arrayList = new ArrayList();
        CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(num);
        List<X509Certificate> caCertsByCaId = this.caCertDao.getCaCertsByCaId(caInfoVO.getCaId());
        Long maxId = this.certSnDao.getMaxId();
        int intValue = caInfoVO.getCrlConfig().getCertCounts().intValue();
        int computeSnFragmentantation = CrlUtil.computeSnFragmentantation(BigInteger.valueOf(maxId.longValue()), intValue);
        Date nextUpdateDate = IssueTimeUtil.getNextUpdateDate(date, caInfoVO.getCrlConfig().getDeltaCrlCycle());
        try {
            Map<String, Object> lastCrlId = this.crlDao.getLastCrlId();
            for (int i = 0; i <= computeSnFragmentantation; i++) {
                List<CrlBeanDo> snsForCrl = this.deltaRevokeCertDao.getSnsForCrl(Integer.toHexString((intValue * i) + 1), Integer.toHexString(intValue * (i + 1)), num, date);
                ArrayList arrayList2 = new ArrayList();
                copyList(snsForCrl, arrayList2);
                ArrayList arrayList3 = new ArrayList();
                Object obj = lastCrlId.get(CrlConstants.CRL_NAME + i + CrlConstants.CRL_NAME_TAIL);
                if (null != obj) {
                    String lastCrlSnById = this.crlDao.getLastCrlSnById((Long) obj);
                    if (StringUtils.isNotBlank(lastCrlSnById)) {
                        arrayList3.add(GMSSLExtensionUtils.genDRLExtension(new BigInteger(lastCrlSnById, 16).intValue()));
                        BigInteger crlMaxSn = this.certSnDao.getCrlMaxSn(new Date());
                        arrayList.add(Constants.CRYPT_DEVICE_TYPE.equals(Constants.CRYPT_DEVICE_BC) ? GMSSLCRLUtils.generateCRLByBC(caInfoVO.getRootCert(), caInfoVO.getRootPrivateKey(), SignAlgTypeEnum.getAlgName(Integer.parseInt(caInfoVO.getSignAlg())), crlMaxSn, date, nextUpdateDate, arrayList3, arrayList2) : GMSSLCRLUtils.generateCRLByYunhsm(caInfoVO.getRootCert(), caInfoVO.getCaPwdBean().getKeyIndex().intValue(), caInfoVO.getCaPwdBean().getPrivateKeyPin(), DefaulSignNameEnum.getAlgName(Constants.BASE_ALG_TYPE.intValue()), crlMaxSn, date, nextUpdateDate, arrayList3, arrayList2));
                    } else {
                        this.logger.info("增量CRL分片号为" + i + "没有找到对应的全量CRL，不进行该分片的增量CRL发布");
                    }
                } else {
                    this.logger.info("增量CRL分片号为" + i + "没有找到对应的全量CRL，不进行该分片的增量CRL发布");
                }
            }
            if (0 != arrayList.size()) {
                saveDrlData(arrayList, caInfoVO.getCertId(), lastCrlId);
                for (int i2 = 0; i2 < arrayList.size(); i2++) {
                    CertUtil.writeObjToFile(arrayList.get(i2), "/home/xdja/conf/ca/drl" + i2 + CrlConstants.CRL_NAME_TAIL);
                }
                if (null == caInfoVO.getLdapConfig() || !StringUtils.isNotBlank(caInfoVO.getLdapConfig().getMasterURL())) {
                    this.logger.info("没有配置LDAP服务信息，不向LDAP服务器上发布DRL");
                } else {
                    List<X509Certificate> allLdapServerCerts = this.subSystemService.getAllLdapServerCerts();
                    this.logger.info("开始向LDAP服务器发布DRL列表");
                    LDAPCASDK ldapcasdk = Constants.CRYPT_DEVICE_TYPE.equals(Constants.CRYPT_DEVICE_BC) ? new LDAPCASDK(caCertsByCaId, caInfoVO.getKeyPair(), caInfoVO.getLdapConfig().getMasterURL(), null, allLdapServerCerts, null) : new LDAPCASDK(caCertsByCaId, caInfoVO.getCaPwdBean().getKeyIndex().intValue(), caInfoVO.getCaPwdBean().getPrivateKeyPin(), SdfCryptoType.YUNHSM, caInfoVO.getLdapConfig().getMasterURL(), null, allLdapServerCerts, null);
                    ldapcasdk.setTime(this.ldapsdkOutTime);
                    for (int i3 = 0; i3 < arrayList.size(); i3++) {
                        this.logger.debug("向LDAP服务器发布DRL列表，返回reason:" + ldapcasdk.sendCRL(i3, arrayList.get(i3)).getReason());
                    }
                    this.logger.info("向LDAP服务器发布DRL列表结束");
                }
            }
        } catch (Exception e) {
            throw new ServiceException("签发增量DRL失败", e);
        }
    }

    private void saveDrlData(List<X509CRL> list, Long l, Map<String, Object> map) {
        this.crlDataDao.saveArlDatas(list, this.crlDao.saveDrls(l, list, map));
    }

    @Override // com.xdja.pki.ca.certcrl.service.CrlService
    public void doIssueArl(Date date, Integer num) {
        String genCertArlLdapUri;
        CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(num);
        List<X509Certificate> caCertsByCaId = this.caCertDao.getCaCertsByCaId(caInfoVO.getCaId());
        Date nextUpdateDate = IssueTimeUtil.getNextUpdateDate(date, caInfoVO.getCrlConfig().getReleaseCycle());
        ArrayList arrayList = new ArrayList();
        try {
            if (null == caInfoVO.getLdapConfig() || !StringUtils.isNotBlank(caInfoVO.getLdapConfig().getMasterURL())) {
                this.logger.info("未配置LDAP服务，发布ARL暂时使用http://127.0.0.1/arl代替");
                genCertArlLdapUri = LDAPUrlUtils.genCertArlLdapUri("http://127.0.0.1/arl", caInfoVO.getSubject(), 0, caInfoVO.getBaseDn());
            } else {
                genCertArlLdapUri = LDAPUrlUtils.genCertArlLdapUri(caInfoVO.getLdapConfig().getSlaveURL(), caInfoVO.getSubject(), 0, caInfoVO.getBaseDn());
            }
            arrayList.add(GMSSLExtensionUtils.genARLExtension(genCertArlLdapUri));
            List<CrlBeanDo> snsForArl = this.revokeCertDao.getSnsForArl(num, date);
            ArrayList arrayList2 = new ArrayList();
            copyList(snsForArl, arrayList2);
            BigInteger crlMaxSn = this.certSnDao.getCrlMaxSn(new Date());
            X509CRL generateCRLByBC = Constants.CRYPT_DEVICE_TYPE.equals(Constants.CRYPT_DEVICE_BC) ? GMSSLCRLUtils.generateCRLByBC(caInfoVO.getRootCert(), caInfoVO.getRootPrivateKey(), SignAlgTypeEnum.getAlgName(Integer.parseInt(caInfoVO.getSignAlg())), crlMaxSn, date, nextUpdateDate, arrayList, arrayList2) : GMSSLCRLUtils.generateCRLByYunhsm(caInfoVO.getRootCert(), caInfoVO.getCaPwdBean().getKeyIndex().intValue(), caInfoVO.getCaPwdBean().getPrivateKeyPin(), DefaulSignNameEnum.getAlgName(Constants.BASE_ALG_TYPE.intValue()), crlMaxSn, date, nextUpdateDate, arrayList, arrayList2);
            saveArlData(generateCRLByBC, caInfoVO.getCertId());
            CertUtil.writeObjToFile(generateCRLByBC, "/home/xdja/conf/ca/arl0.crl");
            if (null == caInfoVO.getLdapConfig() || !StringUtils.isNotBlank(caInfoVO.getLdapConfig().getMasterURL())) {
                this.logger.info("没有配置LDAP服务信息，不向LDAP服务器上发布ARL");
            } else {
                List<X509Certificate> allLdapServerCerts = this.subSystemService.getAllLdapServerCerts();
                this.logger.info("开始向LDAP服务器发布ARL列表");
                LDAPCASDK ldapcasdk = Constants.CRYPT_DEVICE_TYPE.equals(Constants.CRYPT_DEVICE_BC) ? new LDAPCASDK(caCertsByCaId, caInfoVO.getKeyPair(), caInfoVO.getLdapConfig().getMasterURL(), null, allLdapServerCerts, null) : new LDAPCASDK(caCertsByCaId, caInfoVO.getCaPwdBean().getKeyIndex().intValue(), caInfoVO.getCaPwdBean().getPrivateKeyPin(), SdfCryptoType.YUNHSM, caInfoVO.getLdapConfig().getMasterURL(), null, allLdapServerCerts, null);
                ldapcasdk.setTime(this.ldapsdkOutTime);
                this.logger.info("向LDAP服务器发布ARL列表结束，返回reason：" + ldapcasdk.sendCRL(0, generateCRLByBC).getReason());
            }
        } catch (Exception e) {
            throw new ServiceException("签发ARL失败", e);
        }
    }

    private void saveArlData(X509CRL x509crl, Long l) {
        this.arlDataDao.saveArlDatas(x509crl, this.arlDao.saveArls(l, x509crl));
    }

    @Override // com.xdja.pki.ca.certcrl.service.CrlService
    public Date getCrlLastUpdateTime() {
        try {
            return this.crlDao.getCrlLastUpdateTime();
        } catch (Exception e) {
            throw new ServiceException("获取当前最大CRL最后更新时间异常", e);
        }
    }

    @Override // com.xdja.pki.ca.certcrl.service.CrlService
    public Date getDrlLastUpdateTime() {
        try {
            return this.crlDao.getArlLastUpdateTime();
        } catch (Exception e) {
            throw new ServiceException("获取当前最大CRL最后更新时间异常", e);
        }
    }
}
