package com.xdja.pki.ca.certmanager.service.racert;

import com.sansec.ca2kmc.utils.AlgorithmTools;
import com.xdja.pki.ca.certcrl.service.impl.CrlService;
import com.xdja.pki.ca.certmanager.dao.CertDataDao;
import com.xdja.pki.ca.certmanager.dao.CrossCertDao;
import com.xdja.pki.ca.certmanager.dao.ManagerCertDao;
import com.xdja.pki.ca.certmanager.dao.ManagerCertDataDao;
import com.xdja.pki.ca.certmanager.dao.OutDateManagerCertDao;
import com.xdja.pki.ca.certmanager.dao.OuterCrossCertDao;
import com.xdja.pki.ca.certmanager.dao.RaAdminCertDao;
import com.xdja.pki.ca.certmanager.dao.RaServerCertDao;
import com.xdja.pki.ca.certmanager.dao.RaTemplateDao;
import com.xdja.pki.ca.certmanager.dao.RevokeManagerCertDao;
import com.xdja.pki.ca.certmanager.dao.SubCaCertDao;
import com.xdja.pki.ca.certmanager.dao.TemplateDao;
import com.xdja.pki.ca.certmanager.dao.models.CertUpdateBaseInfoDO;
import com.xdja.pki.ca.certmanager.dao.models.CrossCertDO;
import com.xdja.pki.ca.certmanager.dao.models.ManageCertDO;
import com.xdja.pki.ca.certmanager.dao.models.ManageCertDataDO;
import com.xdja.pki.ca.certmanager.dao.models.OuterCrossCertDO;
import com.xdja.pki.ca.certmanager.dao.models.RaAdminCertDO;
import com.xdja.pki.ca.certmanager.dao.models.RaDO;
import com.xdja.pki.ca.certmanager.dao.models.RaServerCertDO;
import com.xdja.pki.ca.certmanager.dao.models.RevokedManageCertDO;
import com.xdja.pki.ca.certmanager.dao.models.SubCaCertDO;
import com.xdja.pki.ca.certmanager.dao.models.TemplateDO;
import com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService;
import com.xdja.pki.ca.certmanager.service.racert.bean.CertFileInfo;
import com.xdja.pki.ca.certmanager.service.racert.bean.CertTypeEnum;
import com.xdja.pki.ca.certmanager.service.racert.bean.CertUpdateBaseInfoVO;
import com.xdja.pki.ca.certmanager.service.racert.bean.DownloadCertVO;
import com.xdja.pki.ca.certmanager.service.racert.bean.FreezeCertVO;
import com.xdja.pki.ca.certmanager.service.racert.bean.IssueRaCertVO;
import com.xdja.pki.ca.certmanager.service.racert.bean.RACertListVO;
import com.xdja.pki.ca.certmanager.service.racert.bean.RACertQueryVO;
import com.xdja.pki.ca.certmanager.service.racert.bean.RACertTypeEnum;
import com.xdja.pki.ca.certmanager.service.racert.bean.RARoleEnum;
import com.xdja.pki.ca.certmanager.service.racert.bean.RevokeCertVO;
import com.xdja.pki.ca.certmanager.service.task.TaskDataService;
import com.xdja.pki.ca.certmanager.service.template.TemplateService;
import com.xdja.pki.ca.certmanager.service.template.bean.TemplateInfoVO;
import com.xdja.pki.ca.certmanager.service.util.CertDetailQueryHandle;
import com.xdja.pki.ca.certmanager.service.util.DicDataConverUtil;
import com.xdja.pki.ca.certmanager.service.util.ExtensionUtil;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.PageInfo;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.enums.CertStatusEnum;
import com.xdja.pki.ca.core.enums.TemplateStatusEnum;
import com.xdja.pki.ca.core.enums.TemplateTypeEnum;
import com.xdja.pki.ca.core.exception.DAOException;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.core.pkcs7.EnvelopedDataUtil;
import com.xdja.pki.ca.core.pkcs7.P7bUtils;
import com.xdja.pki.ca.core.util.DnUtil;
import com.xdja.pki.ca.core.util.FileUtils;
import com.xdja.pki.ca.core.util.time.DateTimeUtil;
import com.xdja.pki.ca.core.util.time.IssueTimeUtil;
import com.xdja.pki.ca.hsm.manager.HsmManager;
import com.xdja.pki.ca.securitymanager.dao.CaCertDao;
import com.xdja.pki.ca.securitymanager.dao.CaDao;
import com.xdja.pki.ca.securitymanager.dao.CertSnDao;
import com.xdja.pki.ca.securitymanager.dao.DicDao;
import com.xdja.pki.ca.securitymanager.dao.ManagerCertIdDao;
import com.xdja.pki.ca.securitymanager.dao.model.CaCertDo;
import com.xdja.pki.ca.securitymanager.dao.model.CaDO;
import com.xdja.pki.ca.securitymanager.service.init.InitService;
import com.xdja.pki.ca.securitymanager.service.vo.AlgTypeEnum;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.ca.securitymanager.service.vo.SignAlgTypeEnum;
import com.xdja.pki.core.utils.DateUtils;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import org.apache.catalina.util.ParameterMap;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.crmf.CertTemplate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.util.encoders.Base64;
import org.nutz.dao.pager.Pager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.web.servlet.tags.BindTag;

@Service
/* loaded from: input_file:WEB-INF/lib/ca-service-certmanager-impl-0.0.1-SNAPSHOT.jar:com/xdja/pki/ca/certmanager/service/racert/RaManagerCertServiceImpl.class */
public class RaManagerCertServiceImpl implements RaManagerCertService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private ManagerCertDao managereCertDao;

    @Autowired
    private ManagerCertDataDao managerCertDataDao;

    @Autowired
    private RaAdminCertDao raAdminCertDao;

    @Autowired
    private RaServerCertDao raServerCertDao;

    @Autowired
    private RevokeManagerCertDao revokeManagerCertDao;

    @Autowired
    private ManagerCertDao managerCertDao;

    @Autowired
    private TemplateDao templateDao;

    @Autowired
    private TemplateService templateService;

    @Resource
    private CertDataDao certDataDao;

    @Resource
    private CaDao caDao;

    @Resource
    private CaCertDao caCertDao;

    @Resource
    private SubCaCertDao subCaCertDao;

    @Resource
    private CrossCertDao crossCertDao;

    @Resource
    private OuterCrossCertDao outerCrossCertDao;

    @Autowired
    private OutDateManagerCertDao outDateManagerCertDao;

    @Autowired
    private DicDao dicDao;

    @Autowired
    private HsmManager hsmService;

    @Autowired
    private CrlTemplateService crlTemplateService;

    @Autowired
    private OpenApiCMPService openApiCMPService;

    @Autowired
    private CrlService crlService;

    @Autowired
    private TaskDataService taskDataService;

    @Autowired
    private CertDetailQueryHandle certDetailQueryHandle;

    @Autowired
    private DicDataConverUtil dicDataConverUtil;

    @Autowired
    private CertSnDao certSnDao;

    @Autowired
    private InitService initService;

    @Autowired
    private RaTemplateDao raTemplateDao;

    @Autowired
    private ManagerCertIdDao managerCertIdDao;

    @Override // com.xdja.pki.ca.certmanager.service.racert.RaManagerCertService
    public Result doIssueRaManagerCert(IssueRaCertVO issueRaCertVO) {
        if (StringUtils.isBlank(RARoleEnum.getDeviceType(issueRaCertVO.getCertType().intValue()))) {
            this.logger.debug("签发RA管理员证书失败,RA管理员证书类型错误[{}]", issueRaCertVO);
            return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
        }
        TemplateInfoVO innerTemplateByType = this.templateService.getInnerTemplateByType(TemplateTypeEnum.MANAGER.value);
        if (null == innerTemplateByType) {
            this.logger.debug("签发RA管理员证书失败，模板不存在");
            return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
        }
        if (TemplateStatusEnum.NORMAL.value != innerTemplateByType.getStatus().intValue()) {
            this.logger.info("查询模板信息结果：模板状态不正常，模板状态为[{}]", innerTemplateByType.getStatus());
            return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
        }
        CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(innerTemplateByType.getKeyAlg());
        if (null == caInfoVO || StringUtils.isBlank(caInfoVO.getBaseDn()) || null == caInfoVO.getRootCert()) {
            this.logger.debug("签发RA管理证书失败：未查到CA基本信息[{}]", issueRaCertVO);
            return Result.failure(ErrorEnum.CA_BASEINFO_GET_FAIL);
        }
        if (caInfoVO.getRootCert().getNotAfter().before(new Date())) {
            this.logger.debug("签发RA管理证书失败：CA根证书已过期[{}]", issueRaCertVO);
            return Result.failure(ErrorEnum.CA_ROOT_CERT_EXPIRED);
        }
        if (!issueRaCertVO.getCertDn().toLowerCase().endsWith(caInfoVO.getBaseDn().toLowerCase())) {
            this.logger.debug("签发RA管理证书失败：DN中的baseDn不正确[{}]", issueRaCertVO);
            return Result.failure(ErrorEnum.BASEDN_ERROR);
        }
        try {
            issueRaCertVO.setCertDn(DnUtil.getRFC4519X500Name(issueRaCertVO.getCertDn()).toString());
            PublicKey publicKeyFromP10 = CertUtil.getPublicKeyFromP10(issueRaCertVO.getP10());
            if (null == publicKeyFromP10) {
                this.logger.debug("签发RA管理证书失败：p10格式不正确[{}]", issueRaCertVO);
                return Result.failure(ErrorEnum.P10_FORMAT_ERROR);
            }
            try {
                PublicKey convertPublicKey = CertUtil.convertPublicKey(publicKeyFromP10, issueRaCertVO.getSubjectPublicKeyInfo());
                try {
                    Date date = new Date();
                    BigInteger maxSn = this.certSnDao.getMaxSn(date);
                    Date correctTime = IssueTimeUtil.getCorrectTime(issueRaCertVO.getValidity(), innerTemplateByType.getMaxValidity(), caInfoVO.getRootCert().getNotAfter(), date);
                    X509Certificate genX509Certificate = this.hsmService.genX509Certificate(issueRaCertVO.getCertDn(), maxSn, date, correctTime, caInfoVO, convertPublicKey, ExtensionUtil.changeExtensionFormat(innerTemplateByType.getExtensions(), null, convertPublicKey, issueRaCertVO.getCertDn(), this.crlTemplateService.getLdapOcspUrl(maxSn, issueRaCertVO.getCertDn(), caInfoVO, false, null, null), false), innerTemplateByType.getSignAlg());
                    BigInteger maxSn2 = this.certSnDao.getMaxSn(date);
                    X509Certificate genX509Certificate2 = this.hsmService.genX509Certificate(issueRaCertVO.getCertDn(), maxSn2, date, correctTime, caInfoVO, publicKeyFromP10, ExtensionUtil.changeExtensionFormat(innerTemplateByType.getExtensions(), null, publicKeyFromP10, issueRaCertVO.getCertDn(), this.crlTemplateService.getLdapOcspUrl(maxSn2, issueRaCertVO.getCertDn(), caInfoVO, false, null, null), true), innerTemplateByType.getSignAlg());
                    saveRaAdminCert(caInfoVO.getCertId(), genX509Certificate2, genX509Certificate, issueRaCertVO, innerTemplateByType);
                    this.logger.info("签发RA管理员证书成功：dn= " + issueRaCertVO.getCertDn() + ",signCert=" + CertUtil.writeObject(genX509Certificate2) + ",encCert=" + CertUtil.writeObject(genX509Certificate));
                    return Result.success(CertUtil.enPEncCert(genX509Certificate2, genX509Certificate, innerTemplateByType.getKeyAlg()), maxSn2.toString(16));
                } catch (Exception e) {
                    throw new ServiceException("签发RA管理员证书失败", e);
                }
            } catch (Exception e2) {
                this.logger.debug(String.format("签发RA管理员证书失败：加密公钥格式错误:%s", issueRaCertVO.getSubjectPublicKeyInfo()), (Throwable) e2);
                return Result.failure(ErrorEnum.PEM_FORMAT_ERROR);
            }
        } catch (Exception e3) {
            this.logger.debug("初始化CA证书失败：DN不符合X500规范[{}]", issueRaCertVO);
            return Result.failure(ErrorEnum.DN_FORMAT_FAIL);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.racert.RaManagerCertService
    public Result doIssueRaServerCert(IssueRaCertVO issueRaCertVO) {
        TemplateInfoVO innerTemplateByType = this.templateService.getInnerTemplateByType(TemplateTypeEnum.SERVER.value);
        if (null == innerTemplateByType) {
            this.logger.debug("签发RA服务器证书失败，模板不存在");
            return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
        }
        if (TemplateStatusEnum.NORMAL.value != innerTemplateByType.getStatus().intValue()) {
            this.logger.info("查询模板信息结果：模板状态不正常，模板状态为[{}]", innerTemplateByType.getStatus());
            return Result.failure(ErrorEnum.TEMPLATE_STATUS_NOT_NORMAL);
        }
        CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(innerTemplateByType.getKeyAlg());
        if (null == caInfoVO || StringUtils.isBlank(caInfoVO.getBaseDn()) || null == caInfoVO.getRootCert()) {
            this.logger.debug("签发RA服务器证书失败：未查到CA基本信息[{}]", issueRaCertVO);
            return Result.failure(ErrorEnum.CA_BASEINFO_GET_FAIL);
        }
        if (caInfoVO.getRootCert().getNotAfter().before(new Date())) {
            this.logger.debug("签发RA服务器证书失败：CA根证书已过期[{}]", issueRaCertVO);
            return Result.failure(ErrorEnum.CA_ROOT_CERT_EXPIRED);
        }
        if (!issueRaCertVO.getCertDn().toLowerCase().endsWith(caInfoVO.getBaseDn().toLowerCase())) {
            this.logger.debug("签发RA服务器证书失败：DN中的baseDn不正确[{}]", issueRaCertVO);
            return Result.failure(ErrorEnum.BASEDN_ERROR);
        }
        try {
            issueRaCertVO.setCertDn(DnUtil.getRFC4519X500Name(issueRaCertVO.getCertDn()).toString());
            PublicKey publicKeyFromP10 = CertUtil.getPublicKeyFromP10(issueRaCertVO.getP10());
            if (null == publicKeyFromP10) {
                this.logger.debug("p10格式错误，获取公钥失败[{}]", issueRaCertVO.getP10());
                return Result.failure(ErrorEnum.P10_FORMAT_ERROR);
            }
            try {
                PublicKey publicKeyBySubjectKeyInfo = CertUtil.getPublicKeyBySubjectKeyInfo(Constants.BASE_ALG_TYPE, issueRaCertVO.getSubjectPublicKeyInfo());
                ParameterMap parameterMap = new ParameterMap();
                if (null != issueRaCertVO.getSubjectAlternativeName()) {
                    parameterMap.put(Extension.subjectAlternativeName.getId(), issueRaCertVO.getSubjectAlternativeName());
                }
                try {
                    Date date = new Date();
                    BigInteger maxSn = this.certSnDao.getMaxSn(date);
                    Date correctTime = IssueTimeUtil.getCorrectTime(issueRaCertVO.getValidity(), innerTemplateByType.getMaxValidity(), caInfoVO.getRootCert().getNotAfter(), date);
                    X509Certificate genX509Certificate = this.hsmService.genX509Certificate(issueRaCertVO.getCertDn(), maxSn, date, correctTime, caInfoVO, publicKeyBySubjectKeyInfo, ExtensionUtil.changeExtensionFormat(innerTemplateByType.getExtensions(), parameterMap, publicKeyBySubjectKeyInfo, issueRaCertVO.getCertDn(), this.crlTemplateService.getLdapOcspUrl(maxSn, issueRaCertVO.getCertDn(), caInfoVO, false, null, null), false), innerTemplateByType.getSignAlg());
                    BigInteger maxSn2 = this.certSnDao.getMaxSn(date);
                    X509Certificate genX509Certificate2 = this.hsmService.genX509Certificate(issueRaCertVO.getCertDn(), maxSn2, date, correctTime, caInfoVO, publicKeyFromP10, ExtensionUtil.changeExtensionFormat(innerTemplateByType.getExtensions(), parameterMap, publicKeyFromP10, issueRaCertVO.getCertDn(), this.crlTemplateService.getLdapOcspUrl(maxSn2, issueRaCertVO.getCertDn(), caInfoVO, false, null, null), true), innerTemplateByType.getSignAlg());
                    this.logger.info("RA服务器证书签发完成，signCert=" + CertUtil.writeObject(genX509Certificate2) + ",encCert=" + CertUtil.writeObject(genX509Certificate));
                    saveRaServerCert(caInfoVO.getCertId(), genX509Certificate2, genX509Certificate, issueRaCertVO, innerTemplateByType);
                    HashMap hashMap = new HashMap();
                    hashMap.put("certName", Constants.CA_SUB_SYSTEM_CERT_ZIP_NAME + DateTimeUtil.dateToZipStr(date) + ".zip");
                    hashMap.put("sn", maxSn2.toString(16));
                    hashMap.put("keyAlg", innerTemplateByType.getKeyAlg());
                    return Result.success(hashMap, maxSn2.toString(16));
                } catch (Exception e) {
                    throw new ServiceException("签发ra服务器证书失败", e);
                }
            } catch (Exception e2) {
                this.logger.debug("加密公钥格式错误:[{}]", issueRaCertVO.getSubjectPublicKeyInfo(), e2);
                return Result.failure(ErrorEnum.PEM_FORMAT_ERROR);
            }
        } catch (Exception e3) {
            this.logger.debug("初始化CA证书失败：DN不符合X500规范[{}]", issueRaCertVO.getCertDn());
            return Result.failure(ErrorEnum.DN_FORMAT_FAIL);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.racert.RaManagerCertService
    public Result doVerifyPriCertStatus(String str, String str2) {
        try {
            this.logger.debug("signSn:[{}],encSn:[{}]", str, str2);
            if (this.raAdminCertDao.updatePriCertStatus(str, str2) != 2) {
                this.logger.debug("证书写卡成功确认消息处理失败:更新写卡状态时候证书数量不为2");
                return Result.failure(ErrorEnum.ADMIN_CERT_ACK_ERROR);
            }
            this.logger.debug("证书写卡成功状态更新成功");
            ManageCertDO managerCertsBySn = this.managereCertDao.getManagerCertsBySn(str, this.initService.getCaInfo(Constants.BASE_ALG_TYPE).getPublicKeyAlg().intValue());
            if (null == managerCertsBySn) {
                this.logger.debug("证书写卡成功确认消息处理失败：没有找到相应的证书");
                return Result.failure(ErrorEnum.DOWNLOAD_CERT_NOT_EXIST);
            }
            this.taskDataService.savePublishCert(managerCertsBySn.getId(), managerCertsBySn.getPairCertId(), 2);
            Result success = Result.success();
            if (null != managerCertsBySn.getOldCertId()) {
                ManageCertDO managerCertById = this.managerCertDao.getManagerCertById(managerCertsBySn.getOldCertId());
                RevokeCertVO revokeCertVO = new RevokeCertVO();
                revokeCertVO.setAlg(Constants.BASE_ALG_TYPE);
                revokeCertVO.setRevokeNote("证书更新");
                revokeCertVO.setRevokeReason(4);
                revokeCertVO.setSn(managerCertById.getSn());
                success = deleteRaManagerCert(revokeCertVO);
            }
            if (success.isSuccess()) {
                this.taskDataService.deleteNoConfirmCertSync(null, managerCertsBySn.getId());
            } else {
                success.setError(ErrorEnum.WRITE_CARD_ACK_TIME_OUT);
            }
            return success;
        } catch (Exception e) {
            throw new ServiceException("证书写卡成功上报异常", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.racert.RaManagerCertService
    public Result doUpdateRaManagerCert(IssueRaCertVO issueRaCertVO, CertTemplate certTemplate, Long l) {
        Date date;
        Date certUpdateTime;
        try {
            String sn = issueRaCertVO.getSn();
            List<ManageCertDO> certsBySignSn = this.managereCertDao.getCertsBySignSn(sn, Constants.BASE_ALG_TYPE);
            if (null == certsBySignSn || certsBySignSn.size() == 0) {
                if (null != this.revokeManagerCertDao.getRevokManagerCertsBySn(sn, Constants.BASE_ALG_TYPE)) {
                    this.logger.debug("获取RA服务器证书信息失败：证书已经被撤销，signSn=[{}]", sn);
                    return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_REVOKED);
                }
                if (null != this.outDateManagerCertDao.getOutDateManagerCertsBySn(sn, Constants.BASE_ALG_TYPE)) {
                    this.logger.debug("获取RA服务器证书信息失败：证书已经过期，signSn=[{}]", sn);
                    return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXPIRED);
                }
                this.logger.debug("更新管理类证书：没有找到正常状态的证书(管理员证书还需要证书正确状态为已确认)，signSN=[{}]", issueRaCertVO.getSn());
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXCEPTION);
            }
            ManageCertDO manageCertDO = certsBySignSn.get(0);
            if (manageCertDO.getAfterTime().before(new Date())) {
                this.logger.debug("更新管理类证书：证书已经过期signSN=[{}]", issueRaCertVO.getSn());
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXPIRED);
            }
            if (manageCertDO.getStatus().intValue() == 2) {
                this.logger.debug("更新管理类证书：证书被冻结signSN=[{}]", issueRaCertVO.getSn());
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_FREEZE);
            }
            TemplateDO templateById = this.templateDao.getTemplateById(manageCertDO.getTemplateId());
            if (null == templateById) {
                this.logger.debug("更新RA管理员证书失败，模板不存在");
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            if (TemplateStatusEnum.NORMAL.value != templateById.getStatus().intValue()) {
                this.logger.info("更新RA管理员证书失败：模板状态不正常，模板状态为[{}]", templateById.getStatus());
                return Result.failure(ErrorEnum.TEMPLATE_STATUS_NOT_NORMAL);
            }
            CaInfoVO caInfo = this.initService.getCaInfo(templateById.getKeyAlg());
            if (null == caInfo || StringUtils.isBlank(caInfo.getBaseDn()) || null == caInfo.getRootCert()) {
                this.logger.debug("更新RA管理员证书失败：未查到CA基本信息[{}]", issueRaCertVO);
                return Result.failure(ErrorEnum.CA_BASEINFO_GET_FAIL);
            }
            if (caInfo.getRootCert().getNotAfter().before(new Date())) {
                this.logger.debug("更新RA管理员证书失败：CA根证书已过期[{}]", issueRaCertVO);
                return Result.failure(ErrorEnum.CA_ROOT_CERT_EXPIRED);
            }
            if (issueRaCertVO.isDnUpdate()) {
                if (!issueRaCertVO.getCertDn().toLowerCase().endsWith(caInfo.getBaseDn().toLowerCase())) {
                    this.logger.debug("更新RA管理员证书失败：DN中的baseDn不正确[{}]", issueRaCertVO);
                    return Result.failure(ErrorEnum.BASEDN_ERROR);
                }
                try {
                    issueRaCertVO.setCertDn(DnUtil.getRFC4519X500Name(issueRaCertVO.getCertDn()).toString());
                } catch (Exception e) {
                    this.logger.debug("更新RA管理员证书失败：DN不符合X500规范[{}]", issueRaCertVO.getCertDn());
                    return Result.failure(ErrorEnum.DN_FORMAT_FAIL);
                }
            }
            PublicKey publicKey = null;
            PublicKey publicKey2 = null;
            if (issueRaCertVO.isKeyUpdate()) {
                if (StringUtils.isNotBlank(issueRaCertVO.getP10())) {
                    publicKey2 = CertUtil.getPublicKeyFromP10(issueRaCertVO.getP10());
                    if (null == publicKey2) {
                        this.logger.debug("更新RA管理员证书失败：p10格式不正确[{}]", issueRaCertVO);
                        return Result.failure(ErrorEnum.P10_FORMAT_ERROR);
                    }
                    try {
                        publicKey = CertUtil.convertPublicKey(publicKey2, issueRaCertVO.getSubjectPublicKeyInfo());
                    } catch (Exception e2) {
                        this.logger.debug(String.format("更新RA管理员证书失败：加密公钥格式错误:%s", issueRaCertVO.getSubjectPublicKeyInfo()), (Throwable) e2);
                        return Result.failure(ErrorEnum.PEM_FORMAT_ERROR);
                    }
                } else {
                    publicKey = issueRaCertVO.getEncPublicKey();
                    publicKey2 = issueRaCertVO.getSignPublicKey();
                }
            }
            ManageCertDataDO queryCertDataNoById = this.managereCertDao.queryCertDataNoById(manageCertDO.getId());
            ManageCertDataDO queryCertDataNoById2 = this.managereCertDao.queryCertDataNoById(manageCertDO.getPairCertId());
            Long id = manageCertDO.getType().intValue() == Constants.SIGN_CERT.intValue() ? queryCertDataNoById.getId() : queryCertDataNoById2.getId();
            Long id2 = manageCertDO.getType().intValue() != Constants.SIGN_CERT.intValue() ? queryCertDataNoById.getId() : queryCertDataNoById2.getId();
            X509Certificate certFromStr = manageCertDO.getType().intValue() == Constants.SIGN_CERT.intValue() ? CertUtil.getCertFromStr(queryCertDataNoById.getData()) : CertUtil.getCertFromStr(queryCertDataNoById2.getData());
            X509Certificate certFromStr2 = manageCertDO.getType().intValue() != Constants.SIGN_CERT.intValue() ? CertUtil.getCertFromStr(queryCertDataNoById.getData()) : CertUtil.getCertFromStr(queryCertDataNoById2.getData());
            PublicKey publicKey3 = issueRaCertVO.isKeyUpdate() ? publicKey2 : certFromStr.getPublicKey();
            PublicKey publicKey4 = issueRaCertVO.isKeyUpdate() ? publicKey : certFromStr2.getPublicKey();
            String certDn = issueRaCertVO.isDnUpdate() ? issueRaCertVO.getCertDn() : CertUtil.getSubjectByX509Cert(certFromStr);
            X509Certificate rootCert = caInfo.getRootCert();
            if (null != certTemplate) {
                RaDO raDoById = this.raTemplateDao.getRaDoById(l);
                if (null == raDoById || !certDn.toLowerCase().endsWith(raDoById.getBaseDn().toLowerCase())) {
                    this.logger.info("CMP签发双证书失败: 用户的baseDN[{}]和RA的BaseDn[{}]不一致", certDn, raDoById.getBaseDn());
                    return Result.failure(ErrorEnum.USER_DN_NOT_SAME_RA_BASEDN);
                }
                date = certTemplate.getValidity().getNotBefore().getDate();
                certUpdateTime = IssueTimeUtil.getUserIssueAfterTime(certTemplate.getValidity().getNotAfter().getDate(), templateById.getMaxValidity(), rootCert.getNotAfter(), date);
            } else {
                date = new Date();
                certUpdateTime = issueRaCertVO.isValidityUpdate() ? IssueTimeUtil.getCertUpdateTime(issueRaCertVO.getValidity(), templateById.getMaxValidity(), rootCert.getNotAfter(), certFromStr.getNotAfter(), date) : certFromStr.getNotAfter();
            }
            List<Extension> genExtensions = CertUtil.genExtensions(certFromStr);
            List<Extension> genExtensions2 = CertUtil.genExtensions(certFromStr2);
            BigInteger maxSn = this.certSnDao.getMaxSn(date);
            X509Certificate genX509Certificate = this.hsmService.genX509Certificate(issueRaCertVO.getCertDn(), maxSn, date, certUpdateTime, caInfo, publicKey3, ExtensionUtil.updateExtension(genExtensions, this.crlTemplateService.getLdapOcspUrl(maxSn, issueRaCertVO.getCertDn(), caInfo, false, null, null), issueRaCertVO.getCertDn(), publicKey3), templateById.getSignAlg());
            BigInteger maxSn2 = this.certSnDao.getMaxSn(date);
            X509Certificate genX509Certificate2 = this.hsmService.genX509Certificate(certDn, maxSn2, date, certUpdateTime, caInfo, publicKey4, ExtensionUtil.updateExtension(genExtensions2, this.crlTemplateService.getLdapOcspUrl(maxSn2, issueRaCertVO.getCertDn(), caInfo, false, null, null), issueRaCertVO.getCertDn(), publicKey4), templateById.getSignAlg());
            ManageCertDataDO manageCertDataDO = new ManageCertDataDO();
            ManageCertDataDO manageCertDataDO2 = new ManageCertDataDO();
            RaAdminCertDO raAdminCertByManageId = this.raAdminCertDao.getRaAdminCertByManageId(id);
            buildManagerCertData(genX509Certificate, genX509Certificate2, manageCertDO, manageCertDataDO, manageCertDataDO2);
            updateRaAdminCert(caInfo.getCertId(), genX509Certificate, genX509Certificate2, templateById, id, id2, manageCertDataDO, manageCertDataDO2, raAdminCertByManageId);
            this.logger.info("更新RA管理员证书成功，newSignCert=" + CertUtil.writeObject(genX509Certificate) + ",newEncCert=" + CertUtil.writeObject(genX509Certificate2));
            return Result.success(CertUtil.enPEncCert(genX509Certificate, genX509Certificate2, templateById.getKeyAlg()), manageCertDO.getSubject());
        } catch (Exception e3) {
            throw new ServiceException("更新管理类证书失败失败", e3);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.racert.RaManagerCertService
    public Result deleteRaManagerCert(RevokeCertVO revokeCertVO) {
        return doRevokeManageDoubleCert(revokeCertVO.getSn(), revokeCertVO.getAlg(), revokeCertVO.getRevokeReason().intValue(), revokeCertVO.getRevokeNote());
    }

    private void updateRaAdminCert(Long l, X509Certificate x509Certificate, X509Certificate x509Certificate2, TemplateDO templateDO, Long l2, Long l3, ManageCertDataDO manageCertDataDO, ManageCertDataDO manageCertDataDO2, RaAdminCertDO raAdminCertDO) throws Exception {
        ArrayList arrayList = new ArrayList();
        Date date = new Date();
        ManageCertDO manageCertDO = new ManageCertDO();
        manageCertDO.setId(Long.valueOf(this.managerCertIdDao.getMaxId(date)));
        manageCertDO.setCaCertId(l);
        manageCertDO.setSn(x509Certificate2.getSerialNumber().toString(16));
        manageCertDO.setIssuer(CertUtil.getIssuerByX509Cert(x509Certificate2));
        manageCertDO.setSubject(CertUtil.getSubjectByX509Cert(x509Certificate2));
        manageCertDO.setPublicKeyAlg(templateDO.getKeyAlg());
        manageCertDO.setPrivateKeySize(templateDO.getKeySize());
        manageCertDO.setBeforeTime(x509Certificate2.getNotBefore());
        manageCertDO.setAfterTime(x509Certificate2.getNotAfter());
        manageCertDO.setSignAlg(templateDO.getSignAlg());
        manageCertDO.setType(Constants.ENC_CERT);
        manageCertDO.setStatus(1);
        manageCertDO.setTemplateId(templateDO.getId());
        manageCertDO.setPairCertSn(x509Certificate.getSerialNumber().toString(16));
        manageCertDO.setConfirmationStatus(Constants.ISSUE_CERT_NO_ACK);
        manageCertDO.setGmtCreate(x509Certificate.getNotBefore());
        manageCertDO.setOldCertId(l3);
        ManageCertDO save = this.managereCertDao.save(manageCertDO);
        manageCertDataDO2.setId(save.getId());
        arrayList.add(manageCertDataDO2);
        save.setSn(x509Certificate.getSerialNumber().toString(16));
        save.setPairCertSn(x509Certificate2.getSerialNumber().toString(16));
        save.setPairCertId(save.getId());
        save.setType(Constants.SIGN_CERT);
        save.setId(Long.valueOf(this.managerCertIdDao.getMaxId(date)));
        save.setOldCertId(l2);
        ManageCertDO save2 = this.managereCertDao.save(save);
        manageCertDataDO.setId(save2.getId());
        arrayList.add(manageCertDataDO);
        raAdminCertDO.setGmtCreate(x509Certificate.getNotBefore());
        raAdminCertDO.setManageCertId(save2.getId());
        raAdminCertDO.setGmtModified(null);
        raAdminCertDO.setId(null);
        this.raAdminCertDao.save(raAdminCertDO);
        this.managereCertDao.updatePairCertId(save2.getPairCertId(), save2.getId());
        this.managerCertDataDao.batchSave(arrayList);
        this.taskDataService.saveCertConfirmStatus(null, manageCertDataDO.getId());
    }

    private void buildManagerCertData(X509Certificate x509Certificate, X509Certificate x509Certificate2, ManageCertDO manageCertDO, ManageCertDataDO manageCertDataDO, ManageCertDataDO manageCertDataDO2) throws Exception {
        manageCertDataDO.setGmtCreate(x509Certificate.getNotBefore());
        manageCertDataDO.setData(CertUtil.writeObject(x509Certificate));
        manageCertDataDO2.setGmtCreate(x509Certificate.getNotBefore());
        manageCertDataDO2.setData(CertUtil.writeObject(x509Certificate2));
    }

    private Result revokeNotAckManagerCert(String str, String str2, int i, String str3) {
        try {
            List<ManageCertDO> certsByNotAclSignSn = this.managereCertDao.getCertsByNotAclSignSn(str, str2);
            ArrayList arrayList = new ArrayList();
            ManageCertDO manageCertDO = new ManageCertDO();
            Result failure = Result.failure(ErrorEnum.SERVER_INTERNAL_EXCEPTION);
            if (null == certsByNotAclSignSn || certsByNotAclSignSn.size() == 0) {
                this.logger.debug("撤销管理类证书：没有找到正常状态的证书，signSN=[{}]", str);
                failure = Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXCEPTION);
            } else {
                for (int i2 = 0; i2 < certsByNotAclSignSn.size(); i2++) {
                    manageCertDO = certsByNotAclSignSn.get(i2);
                    bulidRevokeData(manageCertDO, arrayList, i, str3, new Date());
                }
                if (arrayList.size() == 2) {
                    this.revokeManagerCertDao.saveBatch(arrayList);
                    this.managerCertDao.deleteBatch(certsByNotAclSignSn);
                    this.logger.debug("撤销管理类证书成功：signSN=[{}]", str);
                    failure = Constants.SIGN_CERT.intValue() == manageCertDO.getType().intValue() ? Result.success(manageCertDO.getSubject(), String.valueOf(manageCertDO.getId())) : Result.success(manageCertDO.getSubject(), String.valueOf(manageCertDO.getPairCertId()));
                } else {
                    this.logger.debug("撤销管理类证书失败：没有找到双证信息signSN=[{}]", str);
                }
            }
            return failure;
        } catch (Exception e) {
            throw new ServiceException("撤销管理类证书失败", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.racert.RaManagerCertService
    public Result doRevokeManageDoubleCert(String str, Integer num, int i, String str2) {
        try {
            if (i < 0 || i > 10) {
                this.logger.info("撤销证书失败，撤销理由不正确,reason:" + i);
                return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
            }
            List<ManageCertDO> certsBySignSn = this.managereCertDao.getCertsBySignSn(str, num);
            ArrayList arrayList = new ArrayList();
            ManageCertDO manageCertDO = new ManageCertDO();
            Result failure = Result.failure(ErrorEnum.SERVER_INTERNAL_EXCEPTION);
            Date date = new Date();
            if (null == certsBySignSn || certsBySignSn.size() == 0) {
                this.logger.debug("撤销管理类证书：没有找到正常状态的证书(管理员证书还需要证书正确状态为已确认)，signSN=[{}]", str);
                failure = Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXCEPTION);
            } else {
                for (int i2 = 0; i2 < certsBySignSn.size(); i2++) {
                    manageCertDO = certsBySignSn.get(i2);
                    if (manageCertDO.getAfterTime().before(new Date())) {
                        this.logger.debug("撤销管理类证书：证书已经过期signSN=" + str + ",afterTime=" + manageCertDO.getAfterTime());
                        failure = Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXPIRED);
                    } else if (manageCertDO.getStatus().intValue() == 2) {
                        this.logger.debug("撤销管理类证书：证书被冻结signSN=[{}]", str);
                        failure = Result.failure(ErrorEnum.CERT_ISSUE_STATUE_FREEZE);
                    } else {
                        bulidRevokeData(manageCertDO, arrayList, i, str2, date);
                    }
                }
                if (arrayList.size() == 2) {
                    this.revokeManagerCertDao.saveBatch(arrayList);
                    this.managerCertDao.deleteBatch(certsBySignSn);
                    this.logger.debug("撤销管理类证书成功：signSN=[{}]", str);
                    RevokedManageCertDO revokedManageCertDO = arrayList.get(0);
                    if (Constants.SIGN_CERT.intValue() == revokedManageCertDO.getType().intValue()) {
                        this.taskDataService.saveSyncStatusCert(revokedManageCertDO.getId(), revokedManageCertDO.getPairCertId(), 2, Integer.valueOf(CertStatusEnum.REVOKE.value), Integer.valueOf(i), date);
                    } else {
                        this.taskDataService.saveSyncStatusCert(revokedManageCertDO.getPairCertId(), revokedManageCertDO.getId(), 2, Integer.valueOf(CertStatusEnum.REVOKE.value), Integer.valueOf(i), date);
                    }
                    failure = Result.success(manageCertDO.getSubject());
                } else {
                    this.logger.debug("撤销管理类证书失败：没有找到双证信息signSN=[{}]", str);
                }
            }
            return failure;
        } catch (Exception e) {
            throw new ServiceException("撤销管理类证书失败", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.racert.RaManagerCertService
    public Result doRevokeCert(RevokeCertVO revokeCertVO) {
        switch (revokeCertVO.getType().intValue()) {
            case 1:
                return deleteRaManagerCert(revokeCertVO);
            case 2:
                return deleteSubCaCert(revokeCertVO);
            case 3:
                return deleteCorssCert(revokeCertVO);
            case 4:
                return this.openApiCMPService.doRevokeUserCert(revokeCertVO.getSn(), revokeCertVO.getAlg(), true, revokeCertVO.getRevokeReason().intValue(), revokeCertVO.getRevokeNote(), false);
            case 5:
                return this.openApiCMPService.doRevokeUserCert(revokeCertVO.getSn(), revokeCertVO.getAlg(), true, revokeCertVO.getRevokeReason().intValue(), revokeCertVO.getRevokeNote(), true);
            default:
                return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.racert.RaManagerCertService
    public Result doFreezeCert(FreezeCertVO freezeCertVO) {
        switch (freezeCertVO.getType().intValue()) {
            case 4:
                return this.openApiCMPService.doFreezeUserCert(freezeCertVO.getSn(), freezeCertVO.getFreezeNote());
            default:
                return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.racert.RaManagerCertService
    public Result doUnFreezeCert(FreezeCertVO freezeCertVO) {
        switch (freezeCertVO.getType().intValue()) {
            case 4:
                return this.openApiCMPService.doUnFreezeUserCert(freezeCertVO.getSn(), freezeCertVO.getFreezeNote());
            default:
                return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
        }
    }

    private Result deleteSubCaCert(RevokeCertVO revokeCertVO) {
        try {
            if (revokeCertVO.getRevokeReason().intValue() < 0 || revokeCertVO.getRevokeReason().intValue() > 10) {
                this.logger.info("撤销证书失败，撤销理由不正确,reason:" + revokeCertVO.getRevokeReason());
                return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
            }
            Date date = new Date();
            SubCaCertDO subCaCert = this.subCaCertDao.getSubCaCert(revokeCertVO.getSn(), revokeCertVO.getAlg().intValue());
            if (null == subCaCert) {
                this.logger.debug("撤销子CA证书失败：没有找到子CA证书，sn=[{}]", revokeCertVO.getSn());
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXCEPTION);
            }
            if (subCaCert.getStatus().intValue() == 2) {
                this.logger.debug("撤销子CA证书失败：证书已经被撤销，sn=[{}]", revokeCertVO.getSn());
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_REVOKED);
            }
            if (subCaCert.getAfterTime().before(date)) {
                this.logger.debug("撤销子CA证书失败：证书已过期，sn=[{}]", revokeCertVO.getSn());
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXPIRED);
            }
            subCaCert.setStatus(2);
            subCaCert.setRevokeReason(revokeCertVO.getRevokeReason());
            if (StringUtils.isNotBlank(revokeCertVO.getRevokeNote())) {
                subCaCert.setRevokeNote(revokeCertVO.getRevokeNote());
            } else {
                subCaCert.setRevokeNote("");
            }
            subCaCert.setGmtModified(date);
            this.subCaCertDao.updateSubCaCert(subCaCert);
            this.taskDataService.saveSyncStatusCert(subCaCert.getId(), null, 4, Integer.valueOf(CertStatusEnum.REVOKE.value), revokeCertVO.getRevokeReason(), date);
            this.logger.info("撤销子CA证书成功");
            return Result.success(subCaCert.getSubject());
        } catch (Exception e) {
            throw new ServiceException("撤销子CA证书失败", e);
        }
    }

    private Result deleteCorssCert(RevokeCertVO revokeCertVO) {
        try {
            if (revokeCertVO.getRevokeReason().intValue() < 0 || revokeCertVO.getRevokeReason().intValue() > 10) {
                this.logger.info("撤销证书失败，撤销理由不正确,reason:" + revokeCertVO.getRevokeReason());
                return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
            }
            Date date = new Date();
            CrossCertDO crossCert = this.crossCertDao.getCrossCert(revokeCertVO.getSn(), revokeCertVO.getAlg().intValue());
            if (null == crossCert) {
                this.logger.debug("撤销交叉证书失败：没有找到交叉证书，sn=[{}]", revokeCertVO.getSn());
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXCEPTION);
            }
            if (crossCert.getStatus().intValue() == 2) {
                this.logger.debug("撤销交叉证书失败：证书已经被撤销，sn=[{}]", revokeCertVO.getSn());
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_REVOKED);
            }
            if (crossCert.getAfterTime().before(date)) {
                this.logger.debug("撤销交叉证书失败：证书已过期，sn=[{}]", revokeCertVO.getSn());
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXPIRED);
            }
            crossCert.setStatus(2);
            crossCert.setRevokeReason(revokeCertVO.getRevokeReason());
            if (StringUtils.isNotBlank(revokeCertVO.getRevokeNote())) {
                crossCert.setRevokeNote(revokeCertVO.getRevokeNote());
            } else {
                crossCert.setRevokeNote("");
            }
            crossCert.setGmtModified(date);
            this.crossCertDao.updateCrossCert(crossCert);
            this.taskDataService.saveSyncStatusCert(crossCert.getId(), null, 3, Integer.valueOf(CertStatusEnum.REVOKE.value), revokeCertVO.getRevokeReason(), date);
            this.logger.info("撤销交叉证书成功");
            return Result.success(crossCert.getSubject());
        } catch (Exception e) {
            throw new ServiceException("撤销交叉证书失败", e);
        }
    }

    private void bulidRevokeData(ManageCertDO manageCertDO, List<RevokedManageCertDO> list, int i, String str, Date date) {
        RevokedManageCertDO revokedManageCertDO = new RevokedManageCertDO();
        BeanUtils.copyProperties(manageCertDO, revokedManageCertDO);
        revokedManageCertDO.setAfterTime(manageCertDO.getAfterTime());
        revokedManageCertDO.setBeforeTime(manageCertDO.getBeforeTime());
        revokedManageCertDO.setRevokeReason(Integer.valueOf(i));
        revokedManageCertDO.setGmtCreate(date);
        revokedManageCertDO.setGmtModified(null);
        if (StringUtils.isBlank(str)) {
            str = "";
        }
        revokedManageCertDO.setRevokeNote(str);
        revokedManageCertDO.setGmtCreate(new Date());
        list.add(revokedManageCertDO);
    }

    private void saveRaServerCert(Long l, X509Certificate x509Certificate, X509Certificate x509Certificate2, IssueRaCertVO issueRaCertVO, TemplateInfoVO templateInfoVO) throws Exception {
        ArrayList arrayList = new ArrayList();
        ManageCertDataDO manageCertDataDO = new ManageCertDataDO();
        ManageCertDataDO manageCertDataDO2 = new ManageCertDataDO();
        manageCertDataDO2.setData(CertUtil.writeObject(x509Certificate2));
        manageCertDataDO2.setGmtCreate(x509Certificate2.getNotBefore());
        manageCertDataDO.setData(CertUtil.writeObject(x509Certificate));
        manageCertDataDO.setGmtCreate(x509Certificate.getNotBefore());
        Date date = new Date();
        ManageCertDO manageCertDO = new ManageCertDO();
        manageCertDO.setId(Long.valueOf(this.managerCertIdDao.getMaxId(date)));
        manageCertDO.setCaCertId(l);
        manageCertDO.setSn(x509Certificate2.getSerialNumber().toString(16));
        manageCertDO.setIssuer(CertUtil.getIssuerByX509Cert(x509Certificate2));
        manageCertDO.setSubject(CertUtil.getSubjectByX509Cert(x509Certificate2));
        manageCertDO.setPublicKeyAlg(templateInfoVO.getKeyAlg());
        manageCertDO.setPrivateKeySize(templateInfoVO.getKeySize());
        manageCertDO.setBeforeTime(x509Certificate2.getNotBefore());
        manageCertDO.setAfterTime(x509Certificate2.getNotAfter());
        manageCertDO.setSignAlg(templateInfoVO.getSignAlg());
        manageCertDO.setType(Constants.ENC_CERT);
        manageCertDO.setStatus(1);
        manageCertDO.setTemplateId(templateInfoVO.getId());
        manageCertDO.setPairCertSn(x509Certificate.getSerialNumber().toString(16));
        manageCertDO.setConfirmationStatus(Constants.ISSUE_CERT_OK_ACK);
        manageCertDO.setGmtCreate(x509Certificate2.getNotBefore());
        ManageCertDO save = this.managereCertDao.save(manageCertDO);
        manageCertDataDO2.setId(save.getId());
        arrayList.add(manageCertDataDO2);
        save.setSn(x509Certificate.getSerialNumber().toString(16));
        save.setPairCertSn(x509Certificate2.getSerialNumber().toString(16));
        save.setPairCertId(save.getId());
        save.setType(Constants.SIGN_CERT);
        save.setId(Long.valueOf(this.managerCertIdDao.getMaxId(date)));
        ManageCertDO save2 = this.managereCertDao.save(save);
        manageCertDataDO.setId(save2.getId());
        arrayList.add(manageCertDataDO);
        RaServerCertDO raServerCertDO = new RaServerCertDO();
        raServerCertDO.setRaId(issueRaCertVO.getId());
        raServerCertDO.setManageCertId(save2.getId());
        raServerCertDO.setGmtCreate(x509Certificate.getNotBefore());
        this.raServerCertDao.save(raServerCertDO);
        this.managereCertDao.updatePairCertId(save2.getPairCertId(), save2.getId());
        this.managerCertDataDao.batchSave(arrayList);
        this.taskDataService.savePublishCert(save2.getId(), save2.getPairCertId(), 2);
    }

    @Override // com.xdja.pki.ca.certmanager.service.racert.RaManagerCertService
    public void saveRaAdminCert(Long l, X509Certificate x509Certificate, X509Certificate x509Certificate2, IssueRaCertVO issueRaCertVO, TemplateInfoVO templateInfoVO) throws Exception {
        ArrayList arrayList = new ArrayList();
        ManageCertDataDO manageCertDataDO = new ManageCertDataDO();
        ManageCertDataDO manageCertDataDO2 = new ManageCertDataDO();
        manageCertDataDO2.setData(CertUtil.writeObject(x509Certificate2));
        manageCertDataDO2.setGmtCreate(x509Certificate2.getNotBefore());
        manageCertDataDO.setData(CertUtil.writeObject(x509Certificate));
        manageCertDataDO.setGmtCreate(x509Certificate.getNotBefore());
        Date date = new Date();
        ManageCertDO manageCertDO = new ManageCertDO();
        manageCertDO.setId(Long.valueOf(this.managerCertIdDao.getMaxId(date)));
        manageCertDO.setCaCertId(l);
        manageCertDO.setSn(x509Certificate2.getSerialNumber().toString(16));
        manageCertDO.setIssuer(CertUtil.getIssuerByX509Cert(x509Certificate2));
        manageCertDO.setSubject(CertUtil.getSubjectByX509Cert(x509Certificate2));
        manageCertDO.setPublicKeyAlg(templateInfoVO.getKeyAlg());
        manageCertDO.setPrivateKeySize(templateInfoVO.getKeySize());
        manageCertDO.setBeforeTime(x509Certificate2.getNotBefore());
        manageCertDO.setAfterTime(x509Certificate2.getNotAfter());
        manageCertDO.setSignAlg(templateInfoVO.getSignAlg());
        manageCertDO.setType(Constants.ENC_CERT);
        manageCertDO.setStatus(1);
        manageCertDO.setTemplateId(templateInfoVO.getId());
        manageCertDO.setPairCertSn(x509Certificate.getSerialNumber().toString(16));
        manageCertDO.setConfirmationStatus(Constants.ISSUE_CERT_NO_ACK);
        manageCertDO.setGmtCreate(x509Certificate2.getNotBefore());
        ManageCertDO save = this.managereCertDao.save(manageCertDO);
        manageCertDataDO2.setId(save.getId());
        arrayList.add(manageCertDataDO2);
        save.setSn(x509Certificate.getSerialNumber().toString(16));
        save.setPairCertSn(x509Certificate2.getSerialNumber().toString(16));
        save.setPairCertId(save.getId());
        save.setType(Constants.SIGN_CERT);
        save.setId(Long.valueOf(this.managerCertIdDao.getMaxId(date)));
        ManageCertDO save2 = this.managereCertDao.save(save);
        manageCertDataDO.setId(save2.getId());
        arrayList.add(manageCertDataDO);
        RaAdminCertDO raAdminCertDO = new RaAdminCertDO();
        raAdminCertDO.setRaId(issueRaCertVO.getId());
        raAdminCertDO.setGmtCreate(x509Certificate.getNotBefore());
        raAdminCertDO.setRoleType(issueRaCertVO.getCertType());
        raAdminCertDO.setManageCertId(save2.getId());
        this.raAdminCertDao.save(raAdminCertDO);
        this.managereCertDao.updatePairCertId(save2.getPairCertId(), save2.getId());
        this.managerCertDataDao.batchSave(arrayList);
        this.taskDataService.saveCertConfirmStatus(null, manageCertDataDO.getId());
    }

    @Override // com.xdja.pki.ca.certmanager.service.racert.RaManagerCertService
    public Result downloadCert(DownloadCertVO downloadCertVO) {
        try {
            StringBuilder sb = new StringBuilder();
            String dateToStr = DateTimeUtil.dateToStr(new Date(), DateUtils.FORMAT_FOUT);
            switch (CertTypeEnum.convert(downloadCertVO.getType())) {
                case ADMIN_CERT:
                case SERVER_CERT:
                    Object[] buildManageCertFile = buildManageCertFile(downloadCertVO);
                    String str = downloadCertVO.getType() == CertTypeEnum.ADMIN_CERT.value ? "管理员证书" : "服务器证书";
                    if (null != buildManageCertFile) {
                        sb.append("下载证书成功，证书角色=").append(str).append("，证书DN=").append(buildManageCertFile[1]).append("，证书SN=").append(downloadCertVO.getSn());
                        return Result.success(buildCertFileInfo(getFileName(dateToStr, downloadCertVO), (byte[]) buildManageCertFile[0])).setAuditContent(sb.toString());
                    }
                    this.logger.info("下载证书失败，原因：{}不存在[{}]", str, downloadCertVO);
                    sb.append("下载证书失败，原因：").append(str).append("不存在，证书SN=").append(downloadCertVO.getSn());
                    return Result.failure(ErrorEnum.DOWNLOAD_CERT_NOT_EXIST).setAuditContent(sb.toString());
                case USER_CERT:
                    List<String> userCert = this.certDataDao.getUserCert(downloadCertVO.getSn(), downloadCertVO.getKeyAlg());
                    if (userCert.size() < 3 || StringUtils.isBlank(userCert.get(0)) || StringUtils.isBlank(userCert.get(1)) || StringUtils.isBlank(userCert.get(2)) || (userCert.size() == 4 && StringUtils.isBlank(userCert.get(3)))) {
                        this.logger.info("下载证书失败，原因：用户证书不存在[{}]", downloadCertVO);
                        sb.append("下载证书失败，原因：用户证书不存在，证书SN=").append(downloadCertVO.getSn());
                        return Result.failure(ErrorEnum.DOWNLOAD_CERT_NOT_EXIST).setAuditContent(sb.toString());
                    }
                    CaCertDo caCert = this.caCertDao.getCaCert(Long.parseLong(userCert.get(0)));
                    String addCertToCertChain = addCertToCertChain(caCert.getCertChain(), userCert.get(2));
                    if (userCert.size() == 3) {
                        String fileName = StringUtils.isBlank(downloadCertVO.getFileName()) ? "SignCert_" + dateToStr + ".p7b" : downloadCertVO.getFileName();
                        sb.append("下载证书成功，证书角色=用户证书，证书DN=").append(userCert.get(1)).append("，证书SN=").append(downloadCertVO.getSn());
                        return Result.success(buildCertFileInfo(fileName, addCertToCertChain.getBytes())).setAuditContent(sb.toString());
                    }
                    byte[] buildZipFile = buildZipFile(addCertToCertChain.getBytes(), addCertToCertChain(caCert.getCertChain(), userCert.get(3)).getBytes(), false);
                    sb.append("下载证书成功，证书角色=用户证书，证书DN=").append(userCert.get(1)).append("，证书SN=").append(downloadCertVO.getSn());
                    return Result.success(buildCertFileInfo(getFileName(dateToStr, downloadCertVO), buildZipFile)).setAuditContent(sb.toString());
                case CA_CERT:
                    CaCertDo caCert2 = this.caCertDao.getCaCert(downloadCertVO.getSn(), downloadCertVO.getKeyAlg());
                    if (null == caCert2) {
                        this.logger.info("下载证书失败，原因：CA证书不存在[{}]", downloadCertVO);
                        sb.append("下载证书失败，原因：CA证书不存在，证书SN=").append(downloadCertVO.getSn());
                        return Result.failure(ErrorEnum.DOWNLOAD_CERT_NOT_EXIST).setAuditContent(sb.toString());
                    }
                    CaDO caById = this.caDao.getCaById(caCert2.getCaId().longValue());
                    String fileName2 = getFileName(dateToStr, downloadCertVO);
                    if (caById.getType().intValue() == CaDO.CaTypeEnum.ROOT_CA.value && StringUtils.isBlank(downloadCertVO.getFileName())) {
                        fileName2 = "RootCA_" + dateToStr + ".p7b";
                    }
                    sb.append("下载证书成功，证书角色=CA证书，证书DN=").append(caCert2.getSubject()).append("，证书SN=").append(downloadCertVO.getSn());
                    return Result.success(buildCertFileInfo(fileName2, caCert2.getCertChain().getBytes())).setAuditContent(sb.toString());
                case SUB_CA_CERT:
                    SubCaCertDO subCaCert = this.subCaCertDao.getSubCaCert(downloadCertVO.getSn(), downloadCertVO.getKeyAlg());
                    if (null == subCaCert) {
                        this.logger.info("下载证书失败，原因：子CA证书不存在[{}]", downloadCertVO);
                        sb.append("下载证书失败，原因：子CA证书不存在，证书SN=").append(downloadCertVO.getSn());
                        return Result.failure(ErrorEnum.DOWNLOAD_CERT_NOT_EXIST).setAuditContent(sb.toString());
                    }
                    String addCertToCertChain2 = addCertToCertChain(this.caCertDao.getCaCert(subCaCert.getCaCertId().longValue()).getCertChain(), subCaCert.getData());
                    sb.append("下载证书成功，证书角色=子CA证书，证书DN=").append(subCaCert.getSubject()).append("，证书SN=").append(downloadCertVO.getSn());
                    return Result.success(buildCertFileInfo(getFileName(dateToStr, downloadCertVO), addCertToCertChain2.getBytes())).setAuditContent(sb.toString());
                case CROSS_CERT:
                    CrossCertDO crossCert = this.crossCertDao.getCrossCert(downloadCertVO.getSn(), downloadCertVO.getKeyAlg());
                    if (null == crossCert) {
                        this.logger.info("下载证书失败，原因：交叉证书不存在[{}]", downloadCertVO);
                        sb.append("下载证书失败，原因：交叉证书不存在，证书SN=").append(downloadCertVO.getSn());
                        return Result.failure(ErrorEnum.DOWNLOAD_CERT_NOT_EXIST).setAuditContent(sb.toString());
                    }
                    String addCertToCertChain3 = addCertToCertChain(this.caCertDao.getCaCert(crossCert.getCaCertId().longValue()).getCertChain(), crossCert.getData());
                    sb.append("下载证书成功，证书角色=交叉证书，证书DN=").append(crossCert.getSubject()).append("，证书SN=").append(downloadCertVO.getSn());
                    return Result.success(buildCertFileInfo(getFileName(dateToStr, downloadCertVO), addCertToCertChain3.getBytes())).setAuditContent(sb.toString());
                case OUT_CROSS_CERT:
                    OuterCrossCertDO outerCrossCert = this.outerCrossCertDao.getOuterCrossCert(downloadCertVO.getSn(), downloadCertVO.getKeyAlg());
                    if (null != outerCrossCert) {
                        sb.append("下载证书成功，证书角色=外部交叉证书，证书DN=").append(outerCrossCert.getSubject()).append("，证书SN=").append(downloadCertVO.getSn());
                        return Result.success(buildCertFileInfo(getFileName(dateToStr, downloadCertVO), outerCrossCert.getCertChain().getBytes())).setAuditContent(sb.toString());
                    }
                    this.logger.info("下载证书失败，原因：外部交叉证书不存在[{}]", downloadCertVO);
                    sb.append("下载证书失败，原因：外部交叉证书不存在，证书SN=").append(downloadCertVO.getSn());
                    return Result.failure(ErrorEnum.DOWNLOAD_CERT_NOT_EXIST).setAuditContent(sb.toString());
                default:
                    sb.append("下载证书失败，原因：未知证书类型，证书SN=").append(downloadCertVO.getSn());
                    return Result.failure(ErrorEnum.DOWNLOAD_CERT_NOT_EXIST).setAuditContent(sb.toString());
            }
        } catch (Exception e) {
            throw new ServiceException("下载证书失败", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.racert.RaManagerCertService
    public Result getRootCaCertSn(int i) {
        try {
            Result result = new Result();
            result.setInfo(((CaInfoVO) Constants.CA_INFO.get(Integer.valueOf(i))).getSn());
            return result;
        } catch (Exception e) {
            throw new ServiceException("获取根证书SN失败", e);
        }
    }

    private CertFileInfo buildCertFileInfo(String str, byte[] bArr) {
        CertFileInfo certFileInfo = new CertFileInfo();
        certFileInfo.setFileName(str);
        certFileInfo.setData(bArr);
        return certFileInfo;
    }

    public Object[] buildManageCertFile(DownloadCertVO downloadCertVO) throws Exception {
        byte[] bytes;
        List<String> manageCert = this.managerCertDataDao.getManageCert(downloadCertVO.getSn(), downloadCertVO.getKeyAlg());
        if (manageCert.size() != 4 || StringUtils.isBlank(manageCert.get(0)) || StringUtils.isBlank(manageCert.get(1)) || StringUtils.isBlank(manageCert.get(2)) || StringUtils.isBlank(manageCert.get(3))) {
            return null;
        }
        CaCertDo caCert = this.caCertDao.getCaCert(Long.valueOf(manageCert.get(0)).longValue());
        String addCertToCertChain = addCertToCertChain(caCert.getCertChain(), manageCert.get(1));
        boolean z = false;
        this.logger.info("type=================[{}]", Integer.valueOf(downloadCertVO.getType()));
        if (downloadCertVO.getType() == CertTypeEnum.ADMIN_CERT.value || downloadCertVO.isNotEncData()) {
            bytes = addCertToCertChain(caCert.getCertChain(), manageCert.get(2)).getBytes();
        } else {
            bytes = Base64.encode(EnvelopedDataUtil.getEnvelopedData(CertUtil.getCertFromStr(manageCert.get(2))).getEncoded("DER"));
            z = true;
        }
        return new Object[]{buildZipFile(addCertToCertChain.getBytes(), bytes, z), manageCert.get(3)};
    }

    private byte[] buildZipFile(byte[] bArr, byte[] bArr2, boolean z) throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("SignCert.p7b", bArr);
        hashMap.put(z ? "EncCert.pem" : "EncCert.p7b", bArr2);
        return FileUtils.buildZip(hashMap);
    }

    private String addCertToCertChain(String str, String str2) throws Exception {
        List<X509Certificate> resolveCertChain = P7bUtils.resolveCertChain(str);
        resolveCertChain.add(CertUtil.getCertFromStr(str2));
        return P7bUtils.createCertChainByCerts(resolveCertChain);
    }

    public String getFileName(String str, DownloadCertVO downloadCertVO) {
        if (StringUtils.isNotBlank(downloadCertVO.getFileName())) {
            return downloadCertVO.getFileName();
        }
        switch (CertTypeEnum.convert(downloadCertVO.getType())) {
            case ADMIN_CERT:
                return "ManagerCert_" + str + ".zip";
            case SERVER_CERT:
                return Constants.CA_SUB_SYSTEM_CERT_ZIP_NAME + str + ".zip";
            case USER_CERT:
                return "UserCert_" + str + ".zip";
            case CA_CERT:
                return "SubCA_" + str + ".p7b";
            case SUB_CA_CERT:
                return "SubCA_" + str + ".p7b";
            case CROSS_CERT:
                return "CrossCA_" + str + ".p7b";
            case OUT_CROSS_CERT:
                return "CrossCA_" + str + ".p7b";
            default:
                return AlgorithmTools.KEYSPEC_UNKNOWN;
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.racert.RaManagerCertService
    public Result getCertUpdateBaseInfo(String str, String str2) {
        try {
            CertUpdateBaseInfoVO certUpdateBaseInfoVO = new CertUpdateBaseInfoVO();
            CertUpdateBaseInfoDO certUpdateBaseInfo = this.managereCertDao.getCertUpdateBaseInfo(str, str2);
            if (null == certUpdateBaseInfo) {
                return Result.success(certUpdateBaseInfoVO);
            }
            Date date = new Date();
            if (certUpdateBaseInfo.getAfterTime().before(date)) {
                this.logger.info("获取证书更新基本信息失败，证书过期signSn=[{}]", str);
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXPIRED);
            }
            BeanUtils.copyProperties(certUpdateBaseInfo, certUpdateBaseInfoVO);
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(certUpdateBaseInfo.getKeyAlg());
            if (null != caInfoVO && StringUtils.isNotBlank(caInfoVO.getBaseDn()) && null != certUpdateBaseInfo && null != caInfoVO.getRootCert()) {
                certUpdateBaseInfoVO.setBaseDn(caInfoVO.getBaseDn());
                certUpdateBaseInfoVO.setSignAlgStr(SignAlgTypeEnum.getViewAlgName(Integer.valueOf(certUpdateBaseInfoVO.getSignAlg()).intValue()));
                certUpdateBaseInfoVO.setKeyAlgStr(AlgTypeEnum.getAlgStr(certUpdateBaseInfoVO.getKeyAlg()));
                Long valueOf = Long.valueOf(date.getTime());
                certUpdateBaseInfoVO.setRemainingTime(IssueTimeUtil.getCertRemainTime(certUpdateBaseInfoVO.getAfterTime(), valueOf));
                certUpdateBaseInfoVO.setMaxValidity(IssueTimeUtil.getCertUpdateMaxValidity(caInfoVO.getRootCert().getNotAfter(), certUpdateBaseInfoVO.getMaxValidity(), certUpdateBaseInfoVO.getAfterTime(), valueOf));
            }
            this.logger.info("获取证书更新时基本信息[{}]", certUpdateBaseInfoVO);
            return Result.success(certUpdateBaseInfoVO);
        } catch (Exception e) {
            throw new ServiceException("获取证书更新时的基本信息失败", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.racert.RaManagerCertService
    public Result deleteNotAckManagerCert(RevokeCertVO revokeCertVO) {
        try {
            ManageCertDO managerCertsBySnNotAck = this.managereCertDao.getManagerCertsBySnNotAck(revokeCertVO.getSn(), Constants.BASE_ALG_TYPE.intValue());
            if (null != managerCertsBySnNotAck && 2 == this.raAdminCertDao.updatePriCertStatus(managerCertsBySnNotAck.getSn(), managerCertsBySnNotAck.getPairCertSn())) {
                Result deleteRaManagerCert = deleteRaManagerCert(revokeCertVO);
                if (deleteRaManagerCert.isSuccess()) {
                    this.taskDataService.savePublishCert(managerCertsBySnNotAck.getId(), managerCertsBySnNotAck.getPairCertId(), 2);
                    this.taskDataService.deleteNoConfirmCertSync(null, managerCertsBySnNotAck.getId());
                    return deleteRaManagerCert;
                }
            }
            return Result.failure(ErrorEnum.WRITE_CARD_ACK_TIME_OUT);
        } catch (Exception e) {
            throw new ServiceException("上报写卡失败证书异常", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.racert.RaManagerCertService
    public Result getCertDetail(String str, Integer num) {
        Integer num2 = Constants.BASE_ALG_TYPE;
        switch (CertTypeEnum.convert(num.intValue())) {
            case ADMIN_CERT:
            case SERVER_CERT:
                return this.certDetailQueryHandle.getManangeCertDetail(str, num2);
            case USER_CERT:
                return this.certDetailQueryHandle.getUserCertDetail(str, num2);
            case CA_CERT:
                return this.certDetailQueryHandle.getCaCertDetail(str, num2);
            case SUB_CA_CERT:
                return this.certDetailQueryHandle.getSubCaCertDetail(str, num2);
            case CROSS_CERT:
                return this.certDetailQueryHandle.getCrossCertDetail(str, num2);
            case OUT_CROSS_CERT:
                return this.certDetailQueryHandle.getOutCrossCertDetail(str, num2);
            default:
                return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.racert.RaManagerCertService
    public Result getRACertList(RACertQueryVO rACertQueryVO) {
        Pager pager = new Pager(rACertQueryVO.getPageNo(), rACertQueryVO.getPageSize());
        HashMap hashMap = new HashMap();
        hashMap.put("name", rACertQueryVO.getName());
        hashMap.put("certDN", rACertQueryVO.getCertDN());
        hashMap.put("certType", rACertQueryVO.getCertType());
        hashMap.put(BindTag.STATUS_VARIABLE_NAME, rACertQueryVO.getStatus());
        ArrayList arrayList = new ArrayList();
        try {
            PageInfo rACertLists = this.raAdminCertDao.getRACertLists(hashMap, pager);
            Collection<?> datas = rACertLists.getDatas();
            if (!datas.isEmpty()) {
                Iterator<?> it = datas.iterator();
                while (it.hasNext()) {
                    Map map = (Map) it.next();
                    RACertListVO rACertListVO = new RACertListVO();
                    Integer valueOf = Integer.valueOf(String.valueOf(map.get(BindTag.STATUS_VARIABLE_NAME)));
                    rACertListVO.setId((Long) map.get("id"));
                    rACertListVO.setName((String) map.get("name"));
                    rACertListVO.setCertDn((String) map.get("subject"));
                    rACertListVO.setSignSn((String) map.get("sn"));
                    rACertListVO.setEncSn((String) map.get("pair_cert_sn"));
                    rACertListVO.setStatus(valueOf);
                    rACertListVO.setStatusStr(this.dicDataConverUtil.ConverStatusToStr(valueOf));
                    rACertListVO.setCertType(Integer.valueOf(((Long) map.get("role_type")).intValue()));
                    rACertListVO.setCertTypeStr(ConverCertTypeToStr(Integer.valueOf(((Long) map.get("role_type")).intValue())));
                    rACertListVO.setNotBeforeTime(DateTimeUtil.dateToWebStr((Date) map.get("before_time")));
                    rACertListVO.setNotAfterTime(DateTimeUtil.dateToWebStr((Date) map.get("after_time")));
                    arrayList.add(rACertListVO);
                }
                rACertLists.setDatas(arrayList);
            }
            return Result.success(rACertLists);
        } catch (DAOException e) {
            this.logger.error("查询RA列表异常，");
            throw new ServiceException("查询RA列表服务异常,", e);
        }
    }

    private String ConverCertTypeToStr(Integer num) {
        return RACertTypeEnum.convert(num.intValue()).desc;
    }
}
