package com.xdja.pki.ca.certmanager.service.camanagecert;

import com.xdja.pki.ca.certmanager.dao.CaAdminCertDao;
import com.xdja.pki.ca.certmanager.dao.ManagerCertDao;
import com.xdja.pki.ca.certmanager.dao.ManagerCertDataDao;
import com.xdja.pki.ca.certmanager.dao.OutDateManagerCertDao;
import com.xdja.pki.ca.certmanager.dao.RevokeManagerCertDao;
import com.xdja.pki.ca.certmanager.dao.TemplateDao;
import com.xdja.pki.ca.certmanager.dao.models.ManageCertDO;
import com.xdja.pki.ca.certmanager.dao.models.ManageCertDataDO;
import com.xdja.pki.ca.certmanager.dao.models.TemplateDO;
import com.xdja.pki.ca.certmanager.service.camanagecert.bean.CaManageCertListVO;
import com.xdja.pki.ca.certmanager.service.camanagecert.bean.CaManageCertQueryVO;
import com.xdja.pki.ca.certmanager.service.camanagecert.bean.IssueCaCertReqVO;
import com.xdja.pki.ca.certmanager.service.racert.RaManagerCertService;
import com.xdja.pki.ca.certmanager.service.racert.bean.CertTypeEnum;
import com.xdja.pki.ca.certmanager.service.racert.bean.IssueRaCertVO;
import com.xdja.pki.ca.certmanager.service.task.TaskDataService;
import com.xdja.pki.ca.certmanager.service.template.TemplateService;
import com.xdja.pki.ca.certmanager.service.template.bean.TemplateInfoVO;
import com.xdja.pki.ca.certmanager.service.util.DicDataConverUtil;
import com.xdja.pki.ca.certmanager.service.util.ExtensionUtil;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.common.ConfigUtil;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.PageInfo;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.configBasic.bean.CaPwdBean;
import com.xdja.pki.ca.core.configBasic.bean.CaSoftServerPwdBean;
import com.xdja.pki.ca.core.enums.TemplateStatusEnum;
import com.xdja.pki.ca.core.enums.TemplateTypeEnum;
import com.xdja.pki.ca.core.exception.DAOException;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.core.util.DnUtil;
import com.xdja.pki.ca.core.util.TomcatUtil;
import com.xdja.pki.ca.core.util.time.DateTimeUtil;
import com.xdja.pki.ca.core.util.time.IssueTimeUtil;
import com.xdja.pki.ca.hsm.manager.HsmManager;
import com.xdja.pki.ca.ldap.service.CrlLdapUrlService;
import com.xdja.pki.ca.securitymanager.dao.AdminRoleDao;
import com.xdja.pki.ca.securitymanager.dao.CaServerCertDao;
import com.xdja.pki.ca.securitymanager.dao.CertSnDao;
import com.xdja.pki.ca.securitymanager.dao.DicDao;
import com.xdja.pki.ca.securitymanager.dao.ManagerCertIdDao;
import com.xdja.pki.ca.securitymanager.dao.RoleDao;
import com.xdja.pki.ca.securitymanager.dao.model.AdminRoleDO;
import com.xdja.pki.ca.securitymanager.dao.model.CaServerCertDo;
import com.xdja.pki.ca.securitymanager.service.CommonService;
import com.xdja.pki.ca.securitymanager.service.init.InitService;
import com.xdja.pki.ca.securitymanager.service.util.CaServerPwdUtil;
import com.xdja.pki.ca.securitymanager.service.util.TomcatHttpsUtil;
import com.xdja.pki.ca.securitymanager.service.vo.AlgTypeEnum;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.ca.securitymanager.service.vo.CaManagerCertVO;
import com.xdja.pki.ca.securitymanager.service.vo.ServerCertIsCurrentEnum;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2KeyUtils;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.x509.Extension;
import org.nutz.dao.pager.Pager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Service;
import org.springframework.web.servlet.tags.BindTag;

@Service
/* loaded from: input_file:WEB-INF/lib/ca-service-certmanager-impl-0.0.1-SNAPSHOT.jar:com/xdja/pki/ca/certmanager/service/camanagecert/CaManageCertServiceImpl.class */
public class CaManageCertServiceImpl implements ICaManageCertService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Resource
    private CaAdminCertDao caAdminCertDao;

    @Autowired
    private DicDataConverUtil dicDataConverUtil;

    @Autowired
    private InitService initService;

    @Autowired
    private TemplateService templateService;

    @Autowired
    private ManagerCertDao managereCertDao;

    @Autowired
    private ManagerCertDataDao managerCertDataDao;

    @Autowired
    private AdminRoleDao adminRoleDao;

    @Autowired
    private RoleDao roleDao;

    @Autowired
    private RaManagerCertService raManagerCertService;

    @Autowired
    private HsmManager hsmService;

    @Autowired
    private CrlLdapUrlService crlLdapUrlService;

    @Autowired
    private CertSnDao certSnDao;

    @Autowired
    private CaServerCertDao caServerCertDao;

    @Autowired
    private DicDao dicDao;

    @Autowired
    private RevokeManagerCertDao revokeManagerCertDao;

    @Autowired
    private OutDateManagerCertDao outDateManagerCertDao;

    @Autowired
    private TemplateDao templateDao;

    @Autowired
    private Environment environment;

    @Autowired
    private TaskDataService taskDataService;

    @Autowired
    private CommonService commonService;

    @Autowired
    private ManagerCertIdDao managerCertIdDao;

    @Value("${config.path}")
    private String configPath;

    @Override // com.xdja.pki.ca.certmanager.service.camanagecert.ICaManageCertService
    public Result getCaManageCertList(CaManageCertQueryVO caManageCertQueryVO) {
        Pager pager = new Pager(caManageCertQueryVO.getPageNo(), caManageCertQueryVO.getPageSize());
        HashMap hashMap = new HashMap();
        hashMap.put("certDn", caManageCertQueryVO.getCertDn());
        hashMap.put("sn", caManageCertQueryVO.getSn());
        hashMap.put("caManageRoleType", caManageCertQueryVO.getRoleType());
        hashMap.put(BindTag.STATUS_VARIABLE_NAME, caManageCertQueryVO.getStatus());
        ArrayList arrayList = new ArrayList();
        try {
            PageInfo caAdminCertLists = this.caAdminCertDao.getCaAdminCertLists(hashMap, pager);
            Collection<?> datas = caAdminCertLists.getDatas();
            if (!datas.isEmpty()) {
                Iterator<?> it = datas.iterator();
                while (it.hasNext()) {
                    Map map = (Map) it.next();
                    CaManageCertListVO caManageCertListVO = new CaManageCertListVO();
                    Integer valueOf = Integer.valueOf(String.valueOf(map.get(BindTag.STATUS_VARIABLE_NAME)));
                    caManageCertListVO.setCertDn((String) map.get("subject"));
                    caManageCertListVO.setSignSn((String) map.get("sn"));
                    caManageCertListVO.setEncSn((String) map.get("pair_cert_sn"));
                    caManageCertListVO.setStatus(valueOf);
                    caManageCertListVO.setStatusStr(this.dicDataConverUtil.ConverStatusToStr(valueOf));
                    caManageCertListVO.setSignAlg((String) map.get("sign_alg"));
                    caManageCertListVO.setSignAlgStr(this.dicDataConverUtil.coneverSingAlgToStr((String) map.get("sign_alg")));
                    caManageCertListVO.setNotBeforeTime(DateTimeUtil.dateToWebStr((Date) map.get("before_time")));
                    caManageCertListVO.setNotAfterTime(DateTimeUtil.dateToWebStr((Date) map.get("after_time")));
                    arrayList.add(caManageCertListVO);
                }
                caAdminCertLists.setDatas(arrayList);
            }
            return Result.success(caAdminCertLists);
        } catch (DAOException e) {
            this.logger.error("查询CA管理员证书列表异常");
            throw new ServiceException("查询CA管理员证书列表异常，", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.camanagecert.ICaManageCertService
    public Result doIssueCaManagerCert(IssueCaCertReqVO issueCaCertReqVO) {
        CaManagerCertVO caManagerCertVO = new CaManagerCertVO();
        BeanUtils.copyProperties(issueCaCertReqVO, caManagerCertVO);
        caManagerCertVO.setDn(issueCaCertReqVO.getCertDn());
        caManagerCertVO.setType(issueCaCertReqVO.getRoleType());
        try {
            return this.initService.doIssueCaAdminCert(caManagerCertVO, true);
        } catch (ServiceException e) {
            throw new ServiceException("签发CA理员证书失败", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.camanagecert.ICaManageCertService
    public Result doUpdateCaManagerCert(IssueCaCertReqVO issueCaCertReqVO) {
        try {
            try {
                Long id = this.roleDao.getRoleByType(issueCaCertReqVO.getRoleType().intValue()).getId();
                TemplateInfoVO innerTemplateByType = this.templateService.getInnerTemplateByType(TemplateTypeEnum.MANAGER.value);
                if (null == innerTemplateByType) {
                    this.logger.debug("更新CA管理员证书失败，模板不存在");
                    return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
                }
                if (TemplateStatusEnum.NORMAL.value != innerTemplateByType.getStatus().intValue()) {
                    this.logger.info("更新CA管理员证书失败：模板状态不正常，模板状态为[{}]", innerTemplateByType.getStatus());
                    return Result.failure(ErrorEnum.TEMPLATE_STATUS_NOT_NORMAL);
                }
                CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(innerTemplateByType.getKeyAlg());
                if (null == caInfoVO || StringUtils.isBlank(caInfoVO.getBaseDn()) || null == caInfoVO.getRootCert()) {
                    this.logger.debug("更新CA管理员证书失败：未查到CA基本信息[{}]", issueCaCertReqVO);
                    return Result.failure(ErrorEnum.CA_BASEINFO_GET_FAIL);
                }
                if (caInfoVO.getRootCert().getNotAfter().before(new Date())) {
                    this.logger.debug("更新CA管理员证书失败：CA根证书已过期[{}]", issueCaCertReqVO);
                    return Result.failure(ErrorEnum.CA_ROOT_CERT_EXPIRED);
                }
                if (issueCaCertReqVO.isDnUpdate()) {
                    if (!issueCaCertReqVO.getCertDn().toLowerCase().endsWith(caInfoVO.getBaseDn().toLowerCase())) {
                        this.logger.debug("更新CA管理员证书失败：DN中的baseDn不正确[{}]", issueCaCertReqVO);
                        return Result.failure(ErrorEnum.BASEDN_ERROR);
                    }
                    try {
                        DnUtil.getRFC4519X500Name(issueCaCertReqVO.getCertDn());
                    } catch (Exception e) {
                        this.logger.debug("更新CA管理员证书失败：DN不符合X500规范[{}]", issueCaCertReqVO.getCertDn());
                        return Result.failure(ErrorEnum.DN_FORMAT_FAIL);
                    }
                }
                PublicKey publicKey = null;
                PublicKey publicKey2 = null;
                if (issueCaCertReqVO.isKeyUpdate()) {
                    publicKey2 = CertUtil.getPublicKeyFromP10(issueCaCertReqVO.getP10());
                    if (null == publicKey2) {
                        this.logger.debug("更新CA管理员证书失败：p10格式不正确[{}]", issueCaCertReqVO);
                        return Result.failure(ErrorEnum.P10_FORMAT_ERROR);
                    }
                    try {
                        publicKey = CertUtil.convertPublicKey(publicKey2, issueCaCertReqVO.getSubjectPublicKeyInfo());
                    } catch (Exception e2) {
                        this.logger.debug(String.format("签发CA管理员证书失败：加密公钥格式错误:%s", issueCaCertReqVO.getSubjectPublicKeyInfo()), (Throwable) e2);
                        return Result.failure(ErrorEnum.PEM_FORMAT_ERROR);
                    }
                }
                List<ManageCertDO> certsBySignSn = this.managereCertDao.getCertsBySignSn(issueCaCertReqVO.getSn(), Constants.BASE_ALG_TYPE);
                if (null == certsBySignSn || certsBySignSn.size() == 0) {
                    this.logger.debug("更新管理类证书：没有找到正常状态的证书(管理员证书还需要证书正确状态为已确认)，signSN=[{}]", issueCaCertReqVO.getSn());
                    return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXCEPTION);
                }
                ManageCertDO manageCertDO = certsBySignSn.get(0);
                if (manageCertDO.getAfterTime().before(new Date())) {
                    this.logger.debug("更新管理类证书：证书已经过期signSN=[{}]", issueCaCertReqVO.getSn());
                    return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXPIRED);
                }
                if (manageCertDO.getStatus().intValue() == 2) {
                    this.logger.debug("更新管理类证书：证书被冻结signSN=[{}]", issueCaCertReqVO.getSn());
                    return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_FREEZE);
                }
                ManageCertDataDO queryCertDataNoById = this.managereCertDao.queryCertDataNoById(manageCertDO.getId());
                ManageCertDataDO queryCertDataNoById2 = this.managereCertDao.queryCertDataNoById(manageCertDO.getPairCertId());
                Long id2 = manageCertDO.getType().intValue() == Constants.SIGN_CERT.intValue() ? queryCertDataNoById.getId() : queryCertDataNoById2.getId();
                Long id3 = manageCertDO.getType().intValue() != Constants.SIGN_CERT.intValue() ? queryCertDataNoById.getId() : queryCertDataNoById2.getId();
                X509Certificate certFromStr = manageCertDO.getType().intValue() == Constants.SIGN_CERT.intValue() ? CertUtil.getCertFromStr(queryCertDataNoById.getData()) : CertUtil.getCertFromStr(queryCertDataNoById2.getData());
                X509Certificate certFromStr2 = manageCertDO.getType().intValue() != Constants.SIGN_CERT.intValue() ? CertUtil.getCertFromStr(queryCertDataNoById.getData()) : CertUtil.getCertFromStr(queryCertDataNoById2.getData());
                PublicKey publicKey3 = issueCaCertReqVO.isKeyUpdate() ? publicKey2 : certFromStr.getPublicKey();
                PublicKey publicKey4 = issueCaCertReqVO.isKeyUpdate() ? publicKey : certFromStr2.getPublicKey();
                Date date = new Date();
                Date certUpdateTime = issueCaCertReqVO.isValidityUpdate() ? IssueTimeUtil.getCertUpdateTime(issueCaCertReqVO.getValidity(), innerTemplateByType.getMaxValidity(), caInfoVO.getRootCert().getNotAfter(), certFromStr.getNotAfter(), date) : certFromStr.getNotAfter();
                String certDn = issueCaCertReqVO.isDnUpdate() ? issueCaCertReqVO.getCertDn() : CertUtil.getSubjectByX509Cert(certFromStr);
                List<Extension> genExtensions = CertUtil.genExtensions(certFromStr);
                CertUtil.genExtensions(certFromStr2);
                BigInteger maxSn = this.certSnDao.getMaxSn(date);
                List<Extension> updateExtension = ExtensionUtil.updateExtension(genExtensions, this.crlLdapUrlService.getLdapOcspUrl(maxSn, issueCaCertReqVO.getCertDn(), caInfoVO, false, null), issueCaCertReqVO.getCertDn(), publicKey3);
                X509Certificate genX509Certificate = this.hsmService.genX509Certificate(issueCaCertReqVO.getCertDn(), maxSn, date, certUpdateTime, caInfoVO, publicKey3, updateExtension, innerTemplateByType.getSignAlg());
                BigInteger maxSn2 = this.certSnDao.getMaxSn(date);
                X509Certificate genX509Certificate2 = this.hsmService.genX509Certificate(certDn, maxSn2, date, certUpdateTime, caInfoVO, publicKey4, ExtensionUtil.updateExtension(updateExtension, this.crlLdapUrlService.getLdapOcspUrl(maxSn2, certDn, caInfoVO, false, null), issueCaCertReqVO.getCertDn(), publicKey4), innerTemplateByType.getSignAlg());
                ManageCertDataDO manageCertDataDO = new ManageCertDataDO();
                ManageCertDataDO manageCertDataDO2 = new ManageCertDataDO();
                AdminRoleDO caAdminCertByManageId = this.adminRoleDao.getCaAdminCertByManageId(id2);
                buildManagerCertData(genX509Certificate, genX509Certificate2, manageCertDO, manageCertDataDO, manageCertDataDO2);
                updateCaAdminCert(caInfoVO.getCertId(), genX509Certificate, genX509Certificate2, innerTemplateByType, id2, id3, manageCertDataDO, manageCertDataDO2, caAdminCertByManageId, id);
                this.logger.info("更新CA管理员证书成功，newSignSn=" + CertUtil.writeObject(genX509Certificate) + ",newEncSn=" + genX509Certificate2);
                return Result.success(CertUtil.enPEncCert(genX509Certificate, genX509Certificate2, innerTemplateByType.getKeyAlg()), CertUtil.getSubjectByX509Cert(certFromStr));
            } catch (Exception e3) {
                this.logger.error("没有找到该管理员角色对应权限id，type=" + issueCaCertReqVO.getRoleType());
                throw new ServiceException("签发CA管理员证书失败", e3);
            }
        } catch (Exception e4) {
            throw new ServiceException("更新管理类证书失败失败", e4);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.camanagecert.ICaManageCertService
    public Result getCurrentCaServer() {
        try {
            Map<String, Object> currentCaServerCertSn = this.caServerCertDao.getCurrentCaServerCertSn();
            if (null == currentCaServerCertSn || null == currentCaServerCertSn.get("sn")) {
                this.logger.info("获取CA服务器证书失败，服务器证书不存在");
                return Result.failure(ErrorEnum.CERT_NOT_EXIST);
            }
            return this.raManagerCertService.getCertDetail(currentCaServerCertSn.get("sn").toString(), Integer.valueOf(CertTypeEnum.SERVER_CERT.value));
        } catch (Exception e) {
            throw new ServiceException("获取当前CA服务器证书时异常", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.camanagecert.ICaManageCertService
    public Object getCaServerCertList(Integer num, Integer num2) {
        try {
            return this.commonService.CertFormatConverse(this.caServerCertDao.querySubSystemList(num.intValue(), num2.intValue()));
        } catch (Exception e) {
            throw new DAOException("分页查询CA子系统列表时数据库异常", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.camanagecert.ICaManageCertService
    public Result doUpdateCaServerCert(IssueRaCertVO issueRaCertVO) {
        try {
            String sn = issueRaCertVO.getSn();
            List<ManageCertDO> certsBySignSn = this.managereCertDao.getCertsBySignSn(sn, Constants.BASE_ALG_TYPE);
            if (null == certsBySignSn || certsBySignSn.size() == 0) {
                if (null != this.revokeManagerCertDao.getRevokManagerCertsBySn(sn, Constants.BASE_ALG_TYPE)) {
                    this.logger.debug("获取CA服务器证书信息失败：证书已经被撤销，signSn=[{}]", sn);
                    return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_REVOKED);
                }
                if (null != this.outDateManagerCertDao.getOutDateManagerCertsBySn(sn, Constants.BASE_ALG_TYPE)) {
                    this.logger.debug("获取CA服务器证书信息失败：证书已经过期，signSn=[{}]", sn);
                    return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXPIRED);
                }
                this.logger.debug("更新管理类证书：没有找到正常状态的证书，signSN=[{}]", issueRaCertVO.getSn());
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXCEPTION);
            }
            ManageCertDO manageCertDO = certsBySignSn.get(0);
            if (manageCertDO.getAfterTime().before(new Date())) {
                this.logger.debug("更新管理类证书：证书已经过期signSN=[{}]", issueRaCertVO.getSn());
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXPIRED);
            }
            if (manageCertDO.getStatus().intValue() == 2) {
                this.logger.debug("更新管理类证书：证书被冻结signSN=[{}]", issueRaCertVO.getSn());
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_FREEZE);
            }
            TemplateDO templateById = this.templateDao.getTemplateById(manageCertDO.getTemplateId());
            if (null == templateById) {
                this.logger.debug("更新CA服务器证书失败，模板不存在");
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            if (TemplateStatusEnum.NORMAL.value != templateById.getStatus().intValue()) {
                this.logger.info("更新CA服务器证书失败：模板状态不正常，模板状态为[{}]", templateById.getStatus());
                return Result.failure(ErrorEnum.TEMPLATE_STATUS_NOT_NORMAL);
            }
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(templateById.getKeyAlg());
            if (null == caInfoVO || StringUtils.isBlank(caInfoVO.getBaseDn()) || null == caInfoVO.getRootCert()) {
                this.logger.debug("更新CA服务器证书失败：未查到CA基本信息[{}]", issueRaCertVO);
                return Result.failure(ErrorEnum.CA_BASEINFO_GET_FAIL);
            }
            if (caInfoVO.getRootCert().getNotAfter().before(new Date())) {
                this.logger.debug("更新CA服务器证书失败：CA根证书已过期[{}]", issueRaCertVO);
                return Result.failure(ErrorEnum.CA_ROOT_CERT_EXPIRED);
            }
            if (issueRaCertVO.isDnUpdate()) {
                if (!issueRaCertVO.getCertDn().toLowerCase().endsWith(caInfoVO.getBaseDn().toLowerCase())) {
                    this.logger.debug("更新CA服务器证书失败：DN中的baseDn不正确[{}]", issueRaCertVO);
                    return Result.failure(ErrorEnum.BASEDN_ERROR);
                }
                try {
                    DnUtil.getRFC4519X500Name(issueRaCertVO.getCertDn());
                } catch (Exception e) {
                    this.logger.debug("更新CA服务器证书失败：DN不符合X500规范[{}]", issueRaCertVO.getCertDn());
                    return Result.failure(ErrorEnum.DN_FORMAT_FAIL);
                }
            }
            ManageCertDataDO queryCertDataNoById = this.managereCertDao.queryCertDataNoById(manageCertDO.getId());
            ManageCertDataDO queryCertDataNoById2 = this.managereCertDao.queryCertDataNoById(manageCertDO.getPairCertId());
            Long id = manageCertDO.getType().intValue() == Constants.SIGN_CERT.intValue() ? queryCertDataNoById.getId() : queryCertDataNoById2.getId();
            Long id2 = manageCertDO.getType().intValue() != Constants.SIGN_CERT.intValue() ? queryCertDataNoById.getId() : queryCertDataNoById2.getId();
            X509Certificate certFromStr = manageCertDO.getType().intValue() == Constants.SIGN_CERT.intValue() ? CertUtil.getCertFromStr(queryCertDataNoById.getData()) : CertUtil.getCertFromStr(queryCertDataNoById2.getData());
            X509Certificate certFromStr2 = manageCertDO.getType().intValue() != Constants.SIGN_CERT.intValue() ? CertUtil.getCertFromStr(queryCertDataNoById.getData()) : CertUtil.getCertFromStr(queryCertDataNoById2.getData());
            PublicKey publicKey = certFromStr.getPublicKey();
            PublicKey publicKey2 = certFromStr2.getPublicKey();
            if (issueRaCertVO.isKeyUpdate()) {
                if (Constants.BASE_ALG_TYPE.intValue() == AlgTypeEnum.SM2.value && Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_HSM.intValue() && !GMSSLSM2KeyUtils.getPrivateKeyAccessRightFromYunHsm(issueRaCertVO.getKeyIndex().intValue(), issueRaCertVO.getPrivateKeyPin())) {
                    this.logger.debug("更新ca服务器证书失败：密码机两码没有访问权限[{}]", issueRaCertVO);
                    return Result.failure(ErrorEnum.HSM_KEY_PIN_ERROR);
                }
                publicKey = this.hsmService.getCaSignServerPwd(templateById.getKeyAlg(), templateById.getKeySize(), issueRaCertVO.getKeyIndex());
                publicKey2 = this.hsmService.getCaEncServerPwd(templateById.getKeyAlg(), templateById.getKeySize(), issueRaCertVO.getKeyIndex());
            } else if (Constants.BASE_ALG_TYPE.intValue() == AlgTypeEnum.SM2.value && Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_HSM.intValue()) {
                CaPwdBean caServerPwdConfig = caInfoVO.getCaServerPwdConfig();
                issueRaCertVO.setKeyIndex(caServerPwdConfig.getKeyIndex());
                issueRaCertVO.setPrivateKeyPin(caServerPwdConfig.getPrivateKeyPin());
            }
            String certDn = issueRaCertVO.isDnUpdate() ? issueRaCertVO.getCertDn() : CertUtil.getSubjectByX509Cert(certFromStr);
            X509Certificate rootCert = caInfoVO.getRootCert();
            Date date = new Date();
            Date certUpdateTime = issueRaCertVO.isValidityUpdate() ? IssueTimeUtil.getCertUpdateTime(issueRaCertVO.getValidity(), templateById.getMaxValidity(), rootCert.getNotAfter(), certFromStr.getNotAfter(), date) : certFromStr.getNotAfter();
            List<Extension> genExtensions = CertUtil.genExtensions(certFromStr);
            List<Extension> genExtensions2 = CertUtil.genExtensions(certFromStr2);
            BigInteger maxSn = this.certSnDao.getMaxSn(date);
            X509Certificate genX509Certificate = this.hsmService.genX509Certificate(issueRaCertVO.getCertDn(), maxSn, date, certUpdateTime, caInfoVO, publicKey, ExtensionUtil.updateExtension(genExtensions, this.crlLdapUrlService.getLdapOcspUrl(maxSn, issueRaCertVO.getCertDn(), caInfoVO, false, null), issueRaCertVO.getCertDn(), publicKey), templateById.getSignAlg());
            BigInteger maxSn2 = this.certSnDao.getMaxSn(date);
            X509Certificate genX509Certificate2 = this.hsmService.genX509Certificate(certDn, maxSn2, date, certUpdateTime, caInfoVO, publicKey2, ExtensionUtil.updateExtension(genExtensions2, this.crlLdapUrlService.getLdapOcspUrl(maxSn2, issueRaCertVO.getCertDn(), caInfoVO, false, null), issueRaCertVO.getCertDn(), publicKey2), templateById.getSignAlg());
            this.raManagerCertService.doRevokeManageDoubleCert(issueRaCertVO.getSn(), Constants.BASE_ALG_TYPE, 4, "证书更新");
            this.caServerCertDao.updateIsCurrent(id);
            saveCAServerCert(caInfoVO.getCertId(), genX509Certificate2, genX509Certificate, templateById, id, id2);
            TomcatHttpsUtil.setTomcatHttpsPort(templateById.getKeyAlg(), caInfoVO.getCertChain(), genX509Certificate, genX509Certificate2, issueRaCertVO.getKeyIndex(), issueRaCertVO.getPrivateKeyPin(), ConfigUtil.getTomcatHttpsPort(this.environment));
            CaServerPwdUtil.saveCaServerPwdCache(this.environment, templateById.getKeyAlg(), issueRaCertVO.getKeyIndex(), issueRaCertVO.getPrivateKeyPin());
            this.logger.info("更新CA服务器证书成功，newSignCert=" + CertUtil.writeObject(genX509Certificate) + ",newEncCert=" + CertUtil.writeObject(genX509Certificate2));
            try {
                TomcatUtil.restart();
                return Result.success(manageCertDO.getSubject());
            } catch (Exception e2) {
                this.logger.error("重启tomcat失败", (Throwable) e2);
                return Result.failure(ErrorEnum.REBOOT_SERVICE_FAIL);
            }
        } catch (Exception e3) {
            throw new ServiceException("更新服务器证书失败", e3);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.camanagecert.ICaManageCertService
    public Result getCurrentCaServerEncCert() {
        try {
            Map<String, Object> currentCaServerCertEncSn = this.caServerCertDao.getCurrentCaServerCertEncSn();
            if (null == currentCaServerCertEncSn || null == currentCaServerCertEncSn.get("sn")) {
                this.logger.info("获取CA服务器证书失败，服务器证书不存在");
                return Result.failure(ErrorEnum.CERT_NOT_EXIST);
            }
            return this.raManagerCertService.getCertDetail(currentCaServerCertEncSn.get("sn").toString(), Integer.valueOf(CertTypeEnum.SERVER_CERT.value));
        } catch (Exception e) {
            throw new ServiceException("获取当前CA服务器证书时异常", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.camanagecert.ICaManageCertService
    public CaSoftServerPwdBean getCaCurrServerCert() {
        Object obj;
        try {
            Map<String, Object> currentCaSignServerCert = this.caServerCertDao.getCurrentCaSignServerCert();
            if (null == currentCaSignServerCert || currentCaSignServerCert.isEmpty() || null == (obj = currentCaSignServerCert.get("data"))) {
                return null;
            }
            String obj2 = obj.toString();
            Object obj3 = this.caServerCertDao.getCurrentCaEncServerCert().get("data");
            if (null == obj3) {
                return null;
            }
            return CaServerPwdUtil.getCaRSAServerPwdCache(this.environment, CertUtil.getCertFromStr(obj2), CertUtil.getCertFromStr(obj3.toString()));
        } catch (Exception e) {
            throw new ServiceException("获取当前CA服务器证书实体异常", e);
        }
    }

    public void saveCAServerCert(Long l, X509Certificate x509Certificate, X509Certificate x509Certificate2, TemplateDO templateDO, Long l2, Long l3) throws Exception {
        ArrayList arrayList = new ArrayList();
        ManageCertDataDO manageCertDataDO = new ManageCertDataDO();
        ManageCertDataDO manageCertDataDO2 = new ManageCertDataDO();
        manageCertDataDO2.setData(CertUtil.writeObject(x509Certificate));
        manageCertDataDO2.setGmtCreate(x509Certificate.getNotBefore());
        manageCertDataDO.setData(CertUtil.writeObject(x509Certificate2));
        manageCertDataDO.setGmtCreate(x509Certificate.getNotBefore());
        Date date = new Date();
        ManageCertDO manageCertDO = new ManageCertDO();
        manageCertDO.setId(Long.valueOf(this.managerCertIdDao.getMaxId(date)));
        manageCertDO.setCaCertId(l);
        manageCertDO.setSn(x509Certificate.getSerialNumber().toString(16));
        manageCertDO.setIssuer(CertUtil.getIssuerByX509Cert(x509Certificate));
        manageCertDO.setSubject(CertUtil.getSubjectByX509Cert(x509Certificate));
        manageCertDO.setPublicKeyAlg(templateDO.getKeyAlg());
        manageCertDO.setPrivateKeySize(templateDO.getKeySize());
        manageCertDO.setBeforeTime(x509Certificate.getNotBefore());
        manageCertDO.setAfterTime(x509Certificate.getNotAfter());
        manageCertDO.setSignAlg(templateDO.getSignAlg());
        manageCertDO.setType(Constants.ENC_CERT);
        manageCertDO.setStatus(1);
        manageCertDO.setTemplateId(templateDO.getId());
        manageCertDO.setPairCertSn(x509Certificate2.getSerialNumber().toString(16));
        manageCertDO.setConfirmationStatus(Constants.ISSUE_CERT_OK_ACK);
        manageCertDO.setGmtCreate(x509Certificate.getNotBefore());
        manageCertDO.setOldCertId(l3);
        ManageCertDO save = this.managereCertDao.save(manageCertDO);
        manageCertDataDO2.setId(save.getId());
        arrayList.add(manageCertDataDO2);
        save.setSn(x509Certificate2.getSerialNumber().toString(16));
        save.setPairCertSn(x509Certificate.getSerialNumber().toString(16));
        save.setPairCertId(save.getId());
        save.setType(Constants.SIGN_CERT);
        save.setId(Long.valueOf(this.managerCertIdDao.getMaxId(date)));
        save.setOldCertId(l2);
        ManageCertDO save2 = this.managereCertDao.save(save);
        manageCertDataDO.setId(save2.getId());
        arrayList.add(manageCertDataDO);
        CaServerCertDo caServerCertDo = new CaServerCertDo();
        caServerCertDo.setGmtCreate(x509Certificate.getNotBefore());
        caServerCertDo.setIsCurrent(Integer.valueOf(ServerCertIsCurrentEnum.IS_CURRENT.value));
        caServerCertDo.setManageCertId(save2.getId());
        this.caServerCertDao.save(caServerCertDo);
        this.managereCertDao.updatePairCertId(save2.getPairCertId(), save2.getId());
        this.managerCertDataDao.batchSave(arrayList);
        this.taskDataService.savePublishCert(save2.getId(), save2.getPairCertId(), 2);
    }

    private void buildManagerCertData(X509Certificate x509Certificate, X509Certificate x509Certificate2, ManageCertDO manageCertDO, ManageCertDataDO manageCertDataDO, ManageCertDataDO manageCertDataDO2) throws Exception {
        manageCertDataDO.setGmtCreate(x509Certificate.getNotBefore());
        manageCertDataDO.setData(CertUtil.writeObject(x509Certificate));
        manageCertDataDO2.setGmtCreate(x509Certificate.getNotBefore());
        manageCertDataDO2.setData(CertUtil.writeObject(x509Certificate2));
    }

    private void updateCaAdminCert(Long l, X509Certificate x509Certificate, X509Certificate x509Certificate2, TemplateInfoVO templateInfoVO, Long l2, Long l3, ManageCertDataDO manageCertDataDO, ManageCertDataDO manageCertDataDO2, AdminRoleDO adminRoleDO, Long l4) {
        ArrayList arrayList = new ArrayList();
        Date date = new Date();
        ManageCertDO manageCertDO = new ManageCertDO();
        manageCertDO.setId(Long.valueOf(this.managerCertIdDao.getMaxId(date)));
        manageCertDO.setCaCertId(l);
        manageCertDO.setSn(x509Certificate2.getSerialNumber().toString(16));
        manageCertDO.setIssuer(CertUtil.getIssuerByX509Cert(x509Certificate2));
        manageCertDO.setSubject(CertUtil.getSubjectByX509Cert(x509Certificate2));
        manageCertDO.setPublicKeyAlg(templateInfoVO.getKeyAlg());
        manageCertDO.setPrivateKeySize(templateInfoVO.getKeySize());
        manageCertDO.setBeforeTime(x509Certificate2.getNotBefore());
        manageCertDO.setAfterTime(x509Certificate2.getNotAfter());
        manageCertDO.setSignAlg(templateInfoVO.getSignAlg());
        manageCertDO.setType(Constants.ENC_CERT);
        manageCertDO.setStatus(1);
        manageCertDO.setTemplateId(templateInfoVO.getId());
        manageCertDO.setPairCertSn(x509Certificate.getSerialNumber().toString(16));
        manageCertDO.setConfirmationStatus(Constants.ISSUE_CERT_NO_ACK);
        manageCertDO.setGmtCreate(x509Certificate.getNotBefore());
        manageCertDO.setOldCertId(l3);
        ManageCertDO save = this.managereCertDao.save(manageCertDO);
        manageCertDataDO2.setId(save.getId());
        arrayList.add(manageCertDataDO2);
        save.setSn(x509Certificate.getSerialNumber().toString(16));
        save.setPairCertSn(x509Certificate2.getSerialNumber().toString(16));
        save.setPairCertId(save.getId());
        save.setType(Constants.SIGN_CERT);
        save.setId(Long.valueOf(this.managerCertIdDao.getMaxId(date)));
        save.setOldCertId(l2);
        ManageCertDO save2 = this.managereCertDao.save(save);
        manageCertDataDO.setId(save2.getId());
        arrayList.add(manageCertDataDO);
        adminRoleDO.setGmtCreate(x509Certificate.getNotBefore());
        adminRoleDO.setRoleId(l4);
        adminRoleDO.setManageCertId(save2.getId());
        adminRoleDO.setGmtModified(null);
        adminRoleDO.setId(null);
        this.adminRoleDao.save(adminRoleDO);
        this.managereCertDao.updatePairCertId(save2.getPairCertId(), save2.getId());
        this.managerCertDataDao.batchSave(arrayList);
        this.taskDataService.saveCertConfirmStatus(null, manageCertDataDO.getId());
    }
}
