package com.xdja.pki.ca.certmanager.service.crosscert;

import com.xdja.pki.ca.certmanager.dao.CrossCertDao;
import com.xdja.pki.ca.certmanager.dao.OuterCrossCertDao;
import com.xdja.pki.ca.certmanager.dao.TemplateDao;
import com.xdja.pki.ca.certmanager.dao.models.CrossCertDO;
import com.xdja.pki.ca.certmanager.dao.models.OuterCrossCertDO;
import com.xdja.pki.ca.certmanager.dao.models.TemplateDO;
import com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService;
import com.xdja.pki.ca.certmanager.service.crosscert.bean.CrossCertApplyVO;
import com.xdja.pki.ca.certmanager.service.crosscert.bean.CrossCertQueryVO;
import com.xdja.pki.ca.certmanager.service.crosscert.bean.CrossCertTypeEnum;
import com.xdja.pki.ca.certmanager.service.crosscert.bean.CrossCertVO;
import com.xdja.pki.ca.certmanager.service.crosscert.bean.CrossViewTypeEnum;
import com.xdja.pki.ca.certmanager.service.crosscert.bean.UploadCertVO;
import com.xdja.pki.ca.certmanager.service.racert.bean.RevokeCertVO;
import com.xdja.pki.ca.certmanager.service.task.TaskDataService;
import com.xdja.pki.ca.certmanager.service.template.TemplateService;
import com.xdja.pki.ca.certmanager.service.template.bean.TemplateInfoVO;
import com.xdja.pki.ca.certmanager.service.userca.UserCaService;
import com.xdja.pki.ca.certmanager.service.util.CertContentInfoUtil;
import com.xdja.pki.ca.certmanager.service.util.DicDataConverUtil;
import com.xdja.pki.ca.certmanager.service.util.ExtensionUtil;
import com.xdja.pki.ca.certmanager.service.util.TemplateParamsUtil;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.PageInfo;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.enums.CertStatusEnum;
import com.xdja.pki.ca.core.enums.P10typeEnum;
import com.xdja.pki.ca.core.enums.TemplateStatusEnum;
import com.xdja.pki.ca.core.exception.DAOException;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.core.pkcs7.P7bUtils;
import com.xdja.pki.ca.core.util.CertUtils;
import com.xdja.pki.ca.core.util.time.DateTimeUtil;
import com.xdja.pki.ca.core.util.time.IssueTimeUtil;
import com.xdja.pki.ca.hsm.manager.HsmManager;
import com.xdja.pki.ca.securitymanager.dao.CaCertDao;
import com.xdja.pki.ca.securitymanager.dao.CertSnDao;
import com.xdja.pki.ca.securitymanager.dao.dto.UserCaBaseDTO;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.ca.securitymanager.service.vo.CreateP10VO;
import com.xdja.pki.ca.securitymanager.service.vo.IssueCaBaseInfo;
import com.xdja.pki.ca.securitymanager.service.vo.SignAlgTypeEnum;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.encoders.Hex;
import org.nutz.dao.pager.Pager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.springframework.web.servlet.tags.BindTag;

@Service
/* loaded from: input_file:WEB-INF/lib/ca-service-certmanager-impl-0.0.2-SNAPSHOT.jar:com/xdja/pki/ca/certmanager/service/crosscert/CrossCertManageServiceImpl.class */
public class CrossCertManageServiceImpl implements ICrossCertManageService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private HsmManager hsmService;

    @Autowired
    private CaCertDao caCertDao;

    @Autowired
    private TemplateService templateService;

    @Autowired
    private CrlTemplateService crlTemplateService;

    @Resource
    private CertSnDao certSnDao;

    @Resource
    private CrossCertDao crossCertDao;

    @Resource
    private OuterCrossCertDao outerCrossCertDao;

    @Autowired
    private TaskDataService taskDataService;

    @Autowired
    private DicDataConverUtil dicDataConverUtil;

    @Autowired
    CertContentInfoUtil certContentInfoUtil;

    @Value("${config.path}")
    private String configPath;

    @Autowired
    TemplateDao templateDao;

    @Autowired
    UserCaService userCaService;

    @Override // com.xdja.pki.ca.certmanager.service.crosscert.ICrossCertManageService
    public Result createCrossCertApplyP10() {
        if (!this.caCertDao.currentIsRootCa().booleanValue()) {
            this.logger.info("本级CA不是根CA,没有权限签发交叉证书");
            return Result.failure(ErrorEnum.PERMISSION_ACCESS_ERROR);
        }
        try {
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.ADMIN_CA_ID);
            String subjectByX509Cert = CertUtil.getSubjectByX509Cert(caInfoVO.getCaCert());
            Integer privateKeySize = caInfoVO.getPrivateKeySize();
            Integer keyIndex = caInfoVO.getCaPwdBean().getKeyIndex();
            String privateKeyPin = caInfoVO.getCaPwdBean().getPrivateKeyPin();
            CreateP10VO createP10VO = new CreateP10VO();
            createP10VO.setDn(subjectByX509Cert);
            createP10VO.setAlg(caInfoVO.getKeyAlg());
            createP10VO.setAlgLength(privateKeySize);
            if (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_BC.intValue()) {
                createP10VO.setPublicKey(caInfoVO.getCaCert().getPublicKey());
                createP10VO.setPrivateKey(caInfoVO.getRootPrivateKey());
            } else {
                createP10VO.setKeyIndex(keyIndex);
                createP10VO.setPrivateKeyPin(privateKeyPin);
            }
            PKCS10CertificationRequest genP10 = this.hsmService.genP10(createP10VO, Integer.valueOf(P10typeEnum.Cross.getValue()));
            String str = Constants.P10_FILE_NAME + DateTimeUtil.dateToZipStr(new Date()) + ".p10";
            CertUtil.writeObjToPem(genP10, this.configPath + Constants.P10_DIRECTORY + str);
            HashMap hashMap = new HashMap();
            hashMap.put("p10Name", str);
            return Result.success(hashMap, str);
        } catch (Exception e) {
            throw new ServiceException("生成交叉证书p10申请书失败", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.crosscert.ICrossCertManageService
    public Result doRevokeCrossCert(RevokeCertVO revokeCertVO) {
        try {
            if (revokeCertVO.getRevokeReason().intValue() < 0 || revokeCertVO.getRevokeReason().intValue() > 10) {
                this.logger.info("撤销证书失败，撤销理由不正确,reason:" + revokeCertVO.getRevokeReason());
                return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
            }
            Date date = new Date();
            CrossCertDO crossCert = this.crossCertDao.getCrossCert(revokeCertVO.getId());
            if (null == crossCert) {
                this.logger.error("撤销交叉证书失败：没有找到交叉证书，sn=[{}]", revokeCertVO.getSn());
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXCEPTION);
            }
            if (crossCert.getStatus().intValue() == 3) {
                this.logger.error("撤销交叉证书失败：证书已经被撤销，sn=[{}]", revokeCertVO.getSn());
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_REVOKED);
            }
            if (crossCert.getAfterTime().before(date)) {
                this.logger.error("撤销交叉证书失败：证书已过期，sn=[{}]", revokeCertVO.getSn());
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXPIRED);
            }
            crossCert.setStatus(3);
            crossCert.setRevokeReason(revokeCertVO.getRevokeReason());
            if (StringUtils.isNotBlank(revokeCertVO.getRevokeNote())) {
                crossCert.setRevokeNote(revokeCertVO.getRevokeNote());
            } else {
                crossCert.setRevokeNote("");
            }
            crossCert.setGmtModified(date);
            this.crossCertDao.updateCrossCert(crossCert);
            this.taskDataService.saveSyncStatusCert(crossCert.getId(), null, 3, Integer.valueOf(CertStatusEnum.REVOKE.getValue()), revokeCertVO.getRevokeReason(), date);
            this.logger.info("撤销交叉证书成功");
            return Result.success(crossCert.getSubject());
        } catch (Exception e) {
            throw new ServiceException("撤销交叉证书失败", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.crosscert.ICrossCertManageService
    public Result doIssueCrossCertByCaCert(CrossCertApplyVO crossCertApplyVO) {
        String tempCode = crossCertApplyVO.getTempCode();
        try {
            TemplateInfoVO templateInfoVO = this.templateService.getTemplatesByCodes(tempCode).get(tempCode);
            if (null == templateInfoVO) {
                this.logger.debug("签发交叉证书失败，模板不存在");
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            if (TemplateStatusEnum.NORMAL.getValue() != templateInfoVO.getStatus().intValue()) {
                this.logger.info("查询模板信息结果：模板状态不正常，模板状态为[{}]", templateInfoVO.getStatus());
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            Result validity = TemplateParamsUtil.validity(templateInfoVO, crossCertApplyVO.getTempParas());
            if (!validity.isSuccess()) {
                this.logger.info("签发交叉证书失败：缺少模板需要参数");
                return Result.failure(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
            }
            IssueCaBaseInfo issueCaBaseInfo = (IssueCaBaseInfo) Constants.CA_INFO.get(templateInfoVO.getCaId());
            if (issueCaBaseInfo == null) {
                Result issueUserCaBaseInfoByCaId = this.userCaService.getIssueUserCaBaseInfoByCaId(templateInfoVO.getCaId());
                if (!issueUserCaBaseInfoByCaId.isSuccess()) {
                    return issueUserCaBaseInfoByCaId;
                }
                issueCaBaseInfo = (IssueCaBaseInfo) issueUserCaBaseInfoByCaId.getInfo();
                Constants.CA_INFO.put(templateInfoVO.getCaId(), issueCaBaseInfo);
            }
            if (null == issueCaBaseInfo || null == issueCaBaseInfo.getCert()) {
                this.logger.info("签发交叉证书失败：未查到CA基本信息[{}]", crossCertApplyVO.toString());
                return Result.failure(ErrorEnum.CA_BASEINFO_GET_FAIL);
            }
            X509Certificate cert = issueCaBaseInfo.getCert();
            if (issueCaBaseInfo.getCert().getNotAfter().before(new Date())) {
                this.logger.info("签发交叉证书失败：CA根证书已过期[{}]", crossCertApplyVO.toString());
                return Result.failure(ErrorEnum.CA_ROOT_CERT_EXPIRED);
            }
            X509Certificate certFromStr = CertUtils.getCertFromStr(crossCertApplyVO.getCertData());
            if (null == certFromStr) {
                this.logger.info("转换证书失败");
                return Result.failure(ErrorEnum.INVALID_FORMAT_CERT);
            }
            try {
                Date date = new Date();
                Date correctTime = IssueTimeUtil.getCorrectTime(crossCertApplyVO.getValidity(), templateInfoVO.getMaxValidity(), cert.getNotAfter(), date);
                PublicKey publicKey = certFromStr.getPublicKey();
                BigInteger serialNumber = certFromStr.getSerialNumber();
                String subjectByX509Cert = CertUtil.getSubjectByX509Cert(certFromStr);
                CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.ADMIN_CA_ID);
                X509Certificate genX509Certificate = this.hsmService.genX509Certificate(subjectByX509Cert, serialNumber, date, correctTime, caInfoVO, issueCaBaseInfo, publicKey, ExtensionUtil.changeExtensionFormat(templateInfoVO.getExtensions(), (Map) validity.getInfo(), publicKey, subjectByX509Cert, this.crlTemplateService.getDirAndOcspUrlCross(serialNumber, subjectByX509Cert, caInfoVO, issueCaBaseInfo, 3, templateInfoVO.getId(), templateInfoVO.getCrlTempId(), templateInfoVO.getOpenCrl(), date, certFromStr), true, 3), templateInfoVO.getSignAlg());
                try {
                    CrossCertDO saveCrossCert = saveCrossCert(issueCaBaseInfo.getId(), genX509Certificate, templateInfoVO);
                    String dateToZipStr = DateTimeUtil.dateToZipStr(saveCrossCert.getBeforeTime());
                    this.logger.info("===========交叉证书签发成功将证书放入发布表===============" + saveCrossCert.getIssuer() + " 发布方式：" + templateInfoVO.getIssueCertType());
                    this.taskDataService.savePublishCert(saveCrossCert.getId(), null, 4, templateInfoVO.getIssueCertType());
                    this.logger.info("签发交叉证书成功：dn= " + subjectByX509Cert + " ,sn=" + serialNumber + " ,crossCert=" + CertUtil.writeObject(genX509Certificate));
                    HashMap hashMap = new HashMap();
                    hashMap.put("certName", "CrossCert_" + dateToZipStr + ".zip");
                    hashMap.put("sn", serialNumber.toString(16));
                    hashMap.put("keyAlg", templateInfoVO.getKeyAlg());
                    hashMap.put("currentTimeTag", dateToZipStr);
                    hashMap.put("id", saveCrossCert.getId());
                    return Result.success(hashMap, serialNumber.toString(16));
                } catch (DAOException e) {
                    throw new ServiceException("保存交叉证书信息失败，", e);
                }
            } catch (Exception e2) {
                throw new ServiceException("签发交叉证书失败", e2);
            }
        } catch (ServiceException e3) {
            this.logger.error("查询模板信息异常");
            throw e3;
        }
    }

    private CrossCertDO saveCrossCert(Long l, X509Certificate x509Certificate, TemplateInfoVO templateInfoVO) throws Exception {
        CrossCertDO crossCertDO = new CrossCertDO();
        crossCertDO.setCaCertId(l);
        crossCertDO.setSn(x509Certificate.getSerialNumber().toString(16));
        crossCertDO.setIssuer(CertUtil.getIssuerByX509Cert(x509Certificate));
        crossCertDO.setSubject(CertUtil.getSubjectByX509Cert(x509Certificate));
        crossCertDO.setPrivateKeySize(templateInfoVO.getKeySize());
        crossCertDO.setPublicKeyAlg(templateInfoVO.getKeyAlg());
        crossCertDO.setBeforeTime(x509Certificate.getNotBefore());
        crossCertDO.setAfterTime(x509Certificate.getNotAfter());
        crossCertDO.setSignAlg(templateInfoVO.getSignAlg());
        crossCertDO.setStatus(1);
        crossCertDO.setTemplateId(templateInfoVO.getId());
        crossCertDO.setGmtCreate(x509Certificate.getNotBefore());
        crossCertDO.setData(CertUtil.writeObject(x509Certificate));
        return this.crossCertDao.save(crossCertDO);
    }

    @Override // com.xdja.pki.ca.certmanager.service.crosscert.ICrossCertManageService
    public Result getCrossCertList(CrossCertQueryVO crossCertQueryVO) {
        Pager pager = new Pager(crossCertQueryVO.getPageNo(), crossCertQueryVO.getPageSize());
        HashMap hashMap = new HashMap();
        hashMap.put("certDn", crossCertQueryVO.getCertDn());
        hashMap.put("caId", crossCertQueryVO.getCaId());
        try {
            PageInfo crossCertList = this.crossCertDao.getCrossCertList(hashMap, pager);
            Collection<?> datas = crossCertList.getDatas();
            if (!datas.isEmpty()) {
                ArrayList arrayList = new ArrayList();
                Iterator<?> it = datas.iterator();
                while (it.hasNext()) {
                    CrossCertDO crossCertDO = (CrossCertDO) it.next();
                    CrossCertVO crossCertVO = new CrossCertVO();
                    crossCertVO.setId(crossCertDO.getId());
                    handleCrossCertDO(crossCertDO);
                    Integer status = crossCertDO.getStatus();
                    crossCertVO.setStatus(status);
                    crossCertVO.setStatusStr(this.dicDataConverUtil.ConverStatusToStr(status));
                    UserCaBaseDTO userCaBaseDTO = (UserCaBaseDTO) this.userCaService.getUserCaBaseInfoByCaCertId(crossCertDO.getCaCertId()).getInfo();
                    crossCertVO.setId(crossCertDO.getId());
                    crossCertVO.setCaId(userCaBaseDTO.getUserCaId());
                    crossCertVO.setUserCA(userCaBaseDTO.getUserCaName());
                    crossCertVO.setCertDn(crossCertDO.getSubject());
                    crossCertVO.setIssuer(crossCertDO.getIssuer());
                    crossCertVO.setSn(crossCertDO.getSn());
                    crossCertVO.setPublicKeyAlg(crossCertDO.getPublicKeyAlg());
                    crossCertVO.setNotBeforeTime(DateTimeUtil.dateToWebStr(crossCertDO.getBeforeTime()));
                    crossCertVO.setNotAfterTime(DateTimeUtil.dateToWebStr(crossCertDO.getAfterTime()));
                    arrayList.add(crossCertVO);
                }
                crossCertList.setDatas(arrayList);
            }
            return Result.success(crossCertList);
        } catch (DAOException e) {
            throw new ServiceException("查询交叉证书列表异常，", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.crosscert.ICrossCertManageService
    public Result getOutCrossCertList(CrossCertQueryVO crossCertQueryVO) {
        Pager pager = new Pager(crossCertQueryVO.getPageNo(), crossCertQueryVO.getPageSize());
        HashMap hashMap = new HashMap();
        hashMap.put("certDn", crossCertQueryVO.getCertDn());
        hashMap.put("caId", crossCertQueryVO.getCaId());
        try {
            PageInfo outCrossCertList = this.outerCrossCertDao.getOutCrossCertList(hashMap, pager);
            Collection<?> datas = outCrossCertList.getDatas();
            if (!datas.isEmpty()) {
                ArrayList arrayList = new ArrayList();
                Iterator<?> it = datas.iterator();
                while (it.hasNext()) {
                    OuterCrossCertDO outerCrossCertDO = (OuterCrossCertDO) it.next();
                    CrossCertVO crossCertVO = new CrossCertVO();
                    handleOutCrossCertDO(outerCrossCertDO, crossCertVO);
                    UserCaBaseDTO userCaBaseDTO = (UserCaBaseDTO) this.userCaService.getUserCaBaseInfoByCaCertId(outerCrossCertDO.getCaCertId()).getInfo();
                    crossCertVO.setId(outerCrossCertDO.getId());
                    crossCertVO.setCaId(userCaBaseDTO.getUserCaId());
                    crossCertVO.setUserCA(userCaBaseDTO.getUserCaName());
                    crossCertVO.setCertDn(outerCrossCertDO.getSubject());
                    crossCertVO.setIssuer(outerCrossCertDO.getIssuer());
                    crossCertVO.setSn(outerCrossCertDO.getSn());
                    crossCertVO.setPublicKeyAlg(outerCrossCertDO.getPublicKeyAlg());
                    crossCertVO.setNotBeforeTime(DateTimeUtil.dateToWebStr(outerCrossCertDO.getBeforeTime()));
                    crossCertVO.setNotAfterTime(DateTimeUtil.dateToWebStr(outerCrossCertDO.getAfterTime()));
                    arrayList.add(crossCertVO);
                }
                outCrossCertList.setDatas(arrayList);
            }
            return Result.success(outCrossCertList);
        } catch (DAOException e) {
            throw new ServiceException("查询交叉证书列表异常，", e);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.crosscert.ICrossCertManageService
    public Result uploadOutCrossCertChain(byte[] bArr) {
        try {
            try {
                X509Certificate[] sortCertChain = CertUtil.sortCertChain(CertUtils.getCertListFromB64(bArr));
                if (!CertUtil.verifyCertChainSign(sortCertChain)) {
                    this.logger.error("外部交叉证书验签失败");
                    return Result.failure(ErrorEnum.CA_CHAIN_VERIFY_FAIL);
                }
                X509Certificate x509Certificate = sortCertChain[sortCertChain.length - 1];
                CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.ADMIN_CA_ID);
                X509Certificate caCert = caInfoVO.getCaCert();
                if (!x509Certificate.getPublicKey().equals(caCert.getPublicKey()) || !x509Certificate.getSubjectDN().equals(caCert.getSubjectDN())) {
                    this.logger.error("外部交叉证书导入格式错误,请检查导入证书的主体和公钥是否正确");
                    return Result.failure(ErrorEnum.HSM_CA_CHAIN_FORMAT_ERROR);
                }
                String bigInteger = x509Certificate.getSerialNumber().toString(16);
                String subjectByX509Cert = CertUtil.getSubjectByX509Cert(x509Certificate);
                String issuerByX509Cert = CertUtil.getIssuerByX509Cert(x509Certificate);
                String sigAlgName = x509Certificate.getSigAlgName();
                SubjectPublicKeyInfo.getInstance(x509Certificate.getPublicKey().getEncoded()).getAlgorithm();
                OuterCrossCertDO outerCrossCertDO = new OuterCrossCertDO();
                outerCrossCertDO.setCaCertId(caInfoVO.getCaId());
                outerCrossCertDO.setSn(bigInteger);
                outerCrossCertDO.setSubject(subjectByX509Cert);
                outerCrossCertDO.setIssuer(issuerByX509Cert);
                outerCrossCertDO.setSignAlg(sigAlgName);
                outerCrossCertDO.setPublicKeyAlg(caInfoVO.getKeyAlg());
                outerCrossCertDO.setPrivateKeySize(caInfoVO.getPrivateKeySize());
                outerCrossCertDO.setBeforeTime(x509Certificate.getNotBefore());
                outerCrossCertDO.setAfterTime(x509Certificate.getNotAfter());
                outerCrossCertDO.setData(CertUtil.writeObject(x509Certificate));
                outerCrossCertDO.setCertChain(new String(bArr));
                outerCrossCertDO.setGmtCreate(new Date());
                this.taskDataService.savePublishCert(this.outerCrossCertDao.save(outerCrossCertDO).getId(), null, 5, null);
                return Result.success();
            } catch (Exception e) {
                this.logger.error("证书链格式错误", (Throwable) e);
                return Result.failure(ErrorEnum.HSM_CA_CHAIN_FORMAT_ERROR);
            }
        } catch (Exception e2) {
            this.logger.error("导入外部证书链异常", (Throwable) e2);
            throw new ServiceException("导入外部证书链异常", e2);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.crosscert.ICrossCertManageService
    public Result uploadOutCrossCert(byte[] bArr, Long l) {
        try {
            try {
                X509Certificate certFromByte = CertUtils.getCertFromByte(bArr);
                this.logger.debug("导入交叉证书信息： DN：{}，SN：{}", certFromByte.getSubjectDN(), certFromByte.getSerialNumber());
                Result issueUserCaBaseInfoByCaId = this.userCaService.getIssueUserCaBaseInfoByCaId(l);
                if (!issueUserCaBaseInfoByCaId.isSuccess()) {
                    this.logger.error("加载本地用户CA信息失败{}", issueUserCaBaseInfoByCaId.getError().getDesc());
                    return Result.failure(issueUserCaBaseInfoByCaId.getError());
                }
                IssueCaBaseInfo issueCaBaseInfo = (IssueCaBaseInfo) issueUserCaBaseInfoByCaId.getInfo();
                X509Certificate cert = issueCaBaseInfo.getCert();
                if (null == cert) {
                    this.logger.error("加载本地用户CA证书失败{}", issueUserCaBaseInfoByCaId.getError().getDesc());
                    return Result.failure(issueUserCaBaseInfoByCaId.getError());
                }
                if (certFromByte.equals(cert) || !certFromByte.getPublicKey().equals(cert.getPublicKey()) || !certFromByte.getSubjectDN().equals(cert.getSubjectDN()) || !certFromByte.getSerialNumber().equals(cert.getSerialNumber())) {
                    this.logger.error("交叉证书不属于此用户CA，CA {}", issueCaBaseInfo.getUserCaName());
                    return Result.failure(ErrorEnum.OUTCROSS_CERT_NOT_CONFIRMED_TO_CURRENT_USER_CA);
                }
                String bigInteger = certFromByte.getSerialNumber().toString(16);
                String subjectByX509Cert = CertUtil.getSubjectByX509Cert(certFromByte);
                String issuerByX509Cert = CertUtil.getIssuerByX509Cert(certFromByte);
                Integer algValue = SignAlgTypeEnum.getAlgValue(certFromByte.getSigAlgName());
                String writeObject = CertUtil.writeObject(certFromByte);
                OuterCrossCertDO outerCrossCertDO = new OuterCrossCertDO();
                outerCrossCertDO.setCaCertId(issueCaBaseInfo.getId());
                outerCrossCertDO.setSn(bigInteger);
                outerCrossCertDO.setSubject(subjectByX509Cert);
                outerCrossCertDO.setIssuer(issuerByX509Cert);
                outerCrossCertDO.setSignAlg(String.valueOf(algValue));
                outerCrossCertDO.setPublicKeyAlg(issueCaBaseInfo.getPublicKeyAlg());
                outerCrossCertDO.setPrivateKeySize(issueCaBaseInfo.getPrivateKeySize());
                outerCrossCertDO.setBeforeTime(certFromByte.getNotBefore());
                outerCrossCertDO.setAfterTime(certFromByte.getNotAfter());
                outerCrossCertDO.setData(writeObject);
                outerCrossCertDO.setCertChain(writeObject);
                outerCrossCertDO.setGmtCreate(new Date());
                OuterCrossCertDO save = this.outerCrossCertDao.save(outerCrossCertDO);
                Long templateId = issueCaBaseInfo.getTemplateId();
                if (null != templateId) {
                    this.taskDataService.savePublishCert(save.getId(), null, 5, this.templateDao.getTemplatesById(templateId).getIssueCertType());
                }
                return Result.success();
            } catch (Exception e) {
                this.logger.error("证书格式错误", (Throwable) e);
                return Result.failure(ErrorEnum.HSM_CA_CHAIN_FORMAT_ERROR);
            }
        } catch (Exception e2) {
            this.logger.error("导入外部证书异常", (Throwable) e2);
            throw new ServiceException("导入外部证书异常", e2);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.crosscert.ICrossCertManageService
    public Result resolveUploadCaCert(byte[] bArr) {
        try {
            X509Certificate certFromByte = CertUtils.getCertFromByte(bArr);
            if (certFromByte == null) {
                return Result.failure(ErrorEnum.INVALID_FORMAT_CERT);
            }
            UploadCertVO uploadCertVO = new UploadCertVO();
            uploadCertVO.setCertSn(certFromByte.getSerialNumber().toString(16));
            uploadCertVO.setCertDn(CertUtil.getSubjectByX509Cert(certFromByte));
            uploadCertVO.setCertPublicKey(Strings.fromByteArray(Hex.encode(SubjectPublicKeyInfo.getInstance(certFromByte.getPublicKey().getEncoded()).getPublicKeyData().getEncoded())));
            uploadCertVO.setCertData(CertUtil.writeObject(certFromByte));
            uploadCertVO.setKeyAlg(Integer.valueOf(CertUtil.getKeyAlgFromPublicKey(certFromByte.getPublicKey())));
            return Result.success(uploadCertVO);
        } catch (Exception e) {
            this.logger.error("上传的证书解析异常", (Throwable) e);
            return Result.failure(ErrorEnum.INVALID_FORMAT_CERT);
        }
    }

    @Override // com.xdja.pki.ca.certmanager.service.crosscert.ICrossCertManageService
    public Result getCertDetail(Long l, Integer num) {
        String data;
        boolean equals = CrossViewTypeEnum.CROSSCERT_INNER_ISSUE.value.equals(num);
        CrossCertDO crossCertDO = null;
        OuterCrossCertDO outerCrossCertDO = null;
        try {
            if (equals) {
                crossCertDO = this.crossCertDao.getCrossCert(l);
            } else {
                outerCrossCertDO = this.outerCrossCertDao.getOutCrossCert(l);
            }
            if (equals) {
                if (crossCertDO == null) {
                    return Result.failure(ErrorEnum.CERT_NOT_EXIST);
                }
                data = crossCertDO.getData();
                if (StringUtils.isBlank(data)) {
                    return Result.failure(ErrorEnum.CERT_DATA_NOT_EXIST);
                }
            } else {
                if (outerCrossCertDO == null) {
                    return Result.failure(ErrorEnum.CERT_NOT_EXIST);
                }
                data = outerCrossCertDO.getData();
                if (StringUtils.isBlank(data)) {
                    return Result.failure(ErrorEnum.CERT_DATA_NOT_EXIST);
                }
            }
            try {
                Map<String, Object> certContentInfo = this.certContentInfoUtil.getCertContentInfo(CertUtil.getCertFromStr(data), null);
                if (equals) {
                    handleCrossCertDO(crossCertDO);
                    appendCertContentInfo(certContentInfo, crossCertDO.getStatus(), crossCertDO.getTemplateId());
                }
                return Result.success(certContentInfo);
            } catch (Exception e) {
                this.logger.info("证书详情格式读取异常", (Throwable) e);
                return Result.failure(ErrorEnum.CERT_DETAIL_FORMAT_ERROR);
            }
        } catch (DAOException e2) {
            this.logger.error("根据id交叉证书失败，id=[{}]", l);
            throw new ServiceException("根据id查询交叉证书失败", e2);
        }
    }

    private void appendCertContentInfo(Map<String, Object> map, Integer num, Long l) {
        if (l != null) {
            try {
                TemplateDO templateById = this.templateDao.getTemplateById(l);
                map.put("templateName", templateById != null ? templateById.getName() : null);
            } catch (DAOException e) {
                this.logger.error("模板信息查询失败", (Throwable) e);
                throw new ServiceException("模板信息查询失败", e);
            }
        }
        if (num != null) {
            map.put(BindTag.STATUS_VARIABLE_NAME, num);
            map.put("statusStr", this.dicDataConverUtil.ConverStatusToStr(num));
        }
    }

    private void handleCrossCertDO(CrossCertDO crossCertDO) {
        if (CrossCertTypeEnum.CROSSCERT_STATUS_REVOKED.getValue() == crossCertDO.getStatus().intValue()) {
            crossCertDO.setStatus(3);
        }
        if (crossCertDO.getAfterTime().before(new Date())) {
            crossCertDO.setStatus(4);
        }
    }

    private void handleOutCrossCertDO(OuterCrossCertDO outerCrossCertDO, CrossCertVO crossCertVO) {
        if (outerCrossCertDO.getAfterTime().before(new Date())) {
            crossCertVO.setStatus(4);
            crossCertVO.setStatusStr(this.dicDataConverUtil.ConverStatusToStr(4));
        }
    }

    private String addCertToCertChain(String str, String str2) throws Exception {
        List<X509Certificate> resolveCertChain = P7bUtils.resolveCertChain(str);
        resolveCertChain.add(CertUtil.getCertFromStr(str2));
        return P7bUtils.createCertChainByCerts(resolveCertChain);
    }
}
