package com.xdja.pki.ca.openapi.api.v1;

import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.common.ConfigUtil;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.openapi.service.v1.IRAOpenApiService;
import com.xdja.pki.ca.openapi.service.v1.bean.RAinfoRep;
import com.xdja.pki.ca.openpki.cmp.utils.JsonUtils;
import com.xdja.pki.ca.securitymanager.dao.CaCertDao;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSHA1DigestUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSHA256DigestUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM3DigestUtils;
import com.xdja.pki.gmssl.x509.utils.bean.GMSSLSignatureAlgorithm;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RestController
/* loaded from: input_file:WEB-INF/classes/com/xdja/pki/ca/openapi/api/v1/RAOpenApiController.class */
public class RAOpenApiController {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private IRAOpenApiService raOpenApiService;

    @Autowired
    private Environment env;

    @Resource
    private CaCertDao caCertDao;

    @RequestMapping(value = {"/v1/api/interface/test"}, method = {RequestMethod.GET})
    public Object raInterfaceApiTest(@RequestParam String str, HttpServletResponse httpServletResponse) {
        if (!ConfigUtil.verifySystemInitIsOK(this.env)) {
            return ErrorEnum.CA_HAS_NOT_INITED.resp(httpServletResponse);
        }
        String calcCertChainHash = calcCertChainHash(this.caCertDao.getCurrentCaCert().getCertChain());
        if (calcCertChainHash.equals(str)) {
            return null;
        }
        this.logger.error("证书链验签失败 请求Hash:" + str + "CA hash:" + calcCertChainHash);
        return ErrorEnum.CA_CHAIN_VERIFY_FAIL.resp(httpServletResponse);
    }

    @RequestMapping(value = {"/v1/api/ra/baseDn"}, method = {RequestMethod.GET})
    public Object getRABaseDN(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        RAinfoRep rAinfoRep = (RAinfoRep) httpServletRequest.getAttribute("raInfo");
        if (null == rAinfoRep || StringUtils.isEmpty(rAinfoRep.getRaBaseDn())) {
            return ErrorEnum.BASE_DN_NOT_EXIST_API.resp(httpServletResponse);
        }
        HashMap hashMap = new HashMap();
        hashMap.put("baseDn", StringUtils.isEmpty(rAinfoRep.getRaBaseDn()) ? "" : rAinfoRep.getRaBaseDn());
        return hashMap;
    }

    @RequestMapping(value = {"/v1/api/cert/status/{sn}"}, method = {RequestMethod.GET})
    public Object getCertStatusBySN(@PathVariable String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            Result certConfirmStatusBySN = this.raOpenApiService.getCertConfirmStatusBySN(Long.valueOf(((RAinfoRep) httpServletRequest.getAttribute("raInfo")).getId()), str);
            return !certConfirmStatusBySN.isSuccess() ? certConfirmStatusBySN.getError().resp(httpServletResponse) : certConfirmStatusBySN.getInfo();
        } catch (ServiceException e) {
            this.logger.error("查询证书状态失败", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/api/cert/download/{sn}"}, method = {RequestMethod.GET})
    public Object getDownloadCerts(@PathVariable String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            Result downloadCerts = this.raOpenApiService.getDownloadCerts(Long.valueOf(((RAinfoRep) httpServletRequest.getAttribute("raInfo")).getId()), str);
            return !downloadCerts.isSuccess() ? downloadCerts.getError().resp(httpServletResponse) : downloadCerts.getInfo();
        } catch (Exception e) {
            this.logger.error("查询下载证书信息失败", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/api/cert/detail/{sn}"}, method = {RequestMethod.GET})
    public Object getCertDetail(@PathVariable String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            Result certDetailBySN = this.raOpenApiService.getCertDetailBySN(Long.valueOf(((RAinfoRep) httpServletRequest.getAttribute("raInfo")).getId()), str);
            return !certDetailBySN.isSuccess() ? certDetailBySN.getError().resp(httpServletResponse) : certDetailBySN.getInfo();
        } catch (ServiceException e) {
            this.logger.error("查询证书详情异常，", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/api/template/list"}, method = {RequestMethod.GET})
    public Object getRATemplateById(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            Result rATemplateById = this.raOpenApiService.getRATemplateById(Long.valueOf(((RAinfoRep) httpServletRequest.getAttribute("raInfo")).getId()));
            this.logger.debug("" + rATemplateById);
            if (rATemplateById == null) {
                return null;
            }
            return rATemplateById.getInfo();
        } catch (ServiceException e) {
            this.logger.error("查询授权模板列表异常，", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/api/template/detail/{templateCode}"}, method = {RequestMethod.GET})
    public Object getTemplateDetail(@PathVariable String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            Result templateDetail = this.raOpenApiService.getTemplateDetail(Long.valueOf(((RAinfoRep) httpServletRequest.getAttribute("raInfo")).getId()), str);
            return !templateDetail.isSuccess() ? templateDetail.getError().resp(httpServletResponse) : templateDetail.getInfo();
        } catch (ServiceException e) {
            this.logger.error("查询授权模板状态异常，", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/api/template/manage"}, method = {RequestMethod.GET})
    public Object getRAmanageTemplateInfo(HttpServletResponse httpServletResponse) {
        try {
            Result rAmanageTemplateInfo = this.raOpenApiService.getRAmanageTemplateInfo();
            return !rAmanageTemplateInfo.isSuccess() ? rAmanageTemplateInfo.getError().resp(httpServletResponse) : rAmanageTemplateInfo.getInfo();
        } catch (ServiceException e) {
            this.logger.error("查询RA模板管理信息异常，", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/api/ra/login"}, method = {RequestMethod.POST})
    public Object raLoginVerify(@RequestBody byte[] bArr, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        RAinfoRep rAinfoRep = (RAinfoRep) httpServletRequest.getAttribute("raInfo");
        Map<String, Object> map = (Map) JsonUtils.json2Object(new String(Base64.decode(bArr)), Map.class);
        if (StringUtils.isEmpty((String) map.get("sn"))) {
            return ErrorEnum.MISSING_REQUIRED_PARAMETERS.resp(httpServletResponse);
        }
        try {
            Result RALoginVerify = this.raOpenApiService.RALoginVerify(map, rAinfoRep.getId());
            return !RALoginVerify.isSuccess() ? RALoginVerify.getError().resp(httpServletResponse) : RALoginVerify.getInfo();
        } catch (ServiceException e) {
            this.logger.error("RA登录过程校验失败，", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    private String calcCertChainHash(String str) {
        String str2 = null;
        try {
            str2 = calHash(Base64.toBase64String(str.getBytes()));
        } catch (Exception e) {
            this.logger.error("证书链hash计算错误，", (Throwable) e);
        }
        return str2;
    }

    private String calHash(String str) throws Exception {
        String digestByYunHsm;
        String sigAlgName = ((CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE)).getRootCert().getSigAlgName();
        if (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_BC.intValue()) {
            if (sigAlgName.equals(GMSSLSignatureAlgorithm.SM3_WITH_SM2.getSigAlgName())) {
                digestByYunHsm = GMSSLSM3DigestUtils.digestByBC(str);
            } else if (sigAlgName.equals(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName()) || sigAlgName.equals(GMSSLSignatureAlgorithm.SHA256_WITH_ECDSA.getSigAlgName())) {
                digestByYunHsm = GMSSLSHA256DigestUtils.digestByBC(str);
            } else {
                if (!sigAlgName.equals(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName())) {
                    this.logger.error("不支持的hash算法:" + sigAlgName);
                    throw new Exception("不支持的hash算法");
                }
                digestByYunHsm = GMSSLSHA1DigestUtils.digestByBC(str);
            }
        } else if (sigAlgName.equals(GMSSLSignatureAlgorithm.SM3_WITH_SM2.getSigAlgName())) {
            digestByYunHsm = GMSSLSM3DigestUtils.digestByYunhsm(str);
        } else if (sigAlgName.equals(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName()) || sigAlgName.equals(GMSSLSignatureAlgorithm.SHA256_WITH_ECDSA.getSigAlgName())) {
            digestByYunHsm = GMSSLSHA256DigestUtils.digestByYunHsm(str);
        } else {
            if (!sigAlgName.equals(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName())) {
                this.logger.error("不支持的hash算法:" + sigAlgName);
                throw new Exception("不支持的hash算法");
            }
            digestByYunHsm = GMSSLSHA1DigestUtils.digestByYunHsm(str);
        }
        return digestByYunHsm;
    }
}
