package com.xdja.pki.ca.certcrl.service;

import com.xdja.pki.ca.certmanager.dao.ArlDao;
import com.xdja.pki.ca.certmanager.dao.ArlDataDao;
import com.xdja.pki.ca.certmanager.dao.CrlDao;
import com.xdja.pki.ca.certmanager.dao.CrlDataDao;
import com.xdja.pki.ca.certmanager.dao.DeltaRevokeCertDao;
import com.xdja.pki.ca.certmanager.dao.RevokeCertDao;
import com.xdja.pki.ca.certmanager.dao.models.CrlBeanDo;
import com.xdja.pki.ca.certmanager.dao.models.DeltaRevokedCertDO;
import com.xdja.pki.ca.certmanager.service.subsystem.SubSystemService;
import com.xdja.pki.ca.certmanager.service.template.bean.ExtensionVO;
import com.xdja.pki.ca.certmanager.service.util.ExtensionUtil;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.core.util.CrlUtil;
import com.xdja.pki.ca.core.util.time.IssueTimeUtil;
import com.xdja.pki.ca.securitymanager.dao.CaCertDao;
import com.xdja.pki.ca.securitymanager.dao.CertSnDao;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.gmssl.crypto.sdf.SdfCryptoType;
import com.xdja.pki.gmssl.x509.utils.GMSSLCRLUtils;
import com.xdja.pki.gmssl.x509.utils.GMSSLExtensionUtils;
import com.xdja.pki.gmssl.x509.utils.bean.CRLEntry;
import com.xdja.pki.ldap.sdk.ca.LDAPCASDK;
import com.xdja.pki.ldap.sdk.ca.LDAPUrlUtils;
import java.math.BigInteger;
import java.security.cert.X509CRL;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/xdja/pki/ca/certcrl/service/CRLServiceImpl.class */
public class CRLServiceImpl implements CrlService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private DeltaRevokeCertDao deltaRevokeCertDao;

    @Autowired
    private CertSnDao certSnDao;

    @Autowired
    private RevokeCertDao revokeCertDao;

    @Autowired
    private CrlDao crlDao;

    @Autowired
    private CrlDataDao crlDataDao;

    @Autowired
    private CaCertDao caCertDao;

    @Autowired
    private ArlDao arlDao;

    @Autowired
    private ArlDataDao arlDataDao;

    @Autowired
    private SubSystemService subSystemService;

    public void saveDeltaCrlInfo(String str, String str2, Integer num, Integer num2, Date date) {
        try {
            ArrayList arrayList = new ArrayList();
            DeltaRevokedCertDO deltaRevokedCertDO = new DeltaRevokedCertDO(str, num, num2, date);
            DeltaRevokedCertDO deltaRevokedCertDO2 = new DeltaRevokedCertDO(str2, num, num2, date);
            arrayList.add(deltaRevokedCertDO);
            arrayList.add(deltaRevokedCertDO2);
            this.deltaRevokeCertDao.saveBatch(arrayList);
        } catch (Exception e) {
            throw new ServiceException("保存增量CRL信息异常", e);
        }
    }

    public void saveDeltaCrlInfo(String str, Integer num, Integer num2, Date date) {
        try {
            this.deltaRevokeCertDao.save(new DeltaRevokedCertDO(str, num, num2, date));
        } catch (Exception e) {
            throw new ServiceException("保存增量CRL信息异常", e);
        }
    }

    public void doIssueCrl(Date date, Integer num) {
        ArrayList arrayList = new ArrayList();
        CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(num);
        Long maxId = this.certSnDao.getMaxId();
        int intValue = caInfoVO.getCrlConfig().getCertCounts().intValue();
        int computeSnFragmentantation = CrlUtil.computeSnFragmentantation(BigInteger.valueOf(maxId.longValue()), caInfoVO.getCrlConfig().getCertCounts().intValue());
        Date nextUpdateDate = IssueTimeUtil.getNextUpdateDate(date, caInfoVO.getCrlConfig().getReleaseCycle());
        ArrayList arrayList2 = new ArrayList();
        try {
            arrayList2.add(ExtensionUtil.genAuthorityKeyIdentifier((ExtensionVO) null, false, caInfoVO.getRootCert()));
            for (int i = 0; i <= computeSnFragmentantation; i++) {
                List<CrlBeanDo> snsForCrl = this.revokeCertDao.getSnsForCrl(Integer.toHexString((intValue * i) + 1), Integer.toHexString(intValue * (i + 1)), num, date);
                ArrayList arrayList3 = new ArrayList();
                copyList(snsForCrl, arrayList3);
                arrayList.add(GMSSLCRLUtils.generateCRLByYunhsm(caInfoVO.getRootCert(), caInfoVO.getCaPwdBean().getKeyIndex().intValue(), caInfoVO.getCaPwdBean().getPrivateKeyPin(), BigInteger.valueOf(i), date, nextUpdateDate, arrayList2, arrayList3));
            }
            saveCrlData(arrayList, caInfoVO.getCertId());
            if (caInfoVO.getCrlConfig().isDelta()) {
                this.deltaRevokeCertDao.deleteBatch(arrayList, num);
            }
            for (int i2 = 0; i2 < arrayList.size(); i2++) {
                CertUtil.writeObjToFile(arrayList.get(i2), "/home/xdja/conf/ca/crl" + i2 + ".crl");
            }
            if (null != caInfoVO.getLdapConfig() && StringUtils.isNotBlank(caInfoVO.getLdapConfig().getMasterURL())) {
                List allLdapServerCerts = this.subSystemService.getAllLdapServerCerts();
                this.logger.info("开始向LDAP服务器发布CRL列表");
                LDAPCASDK ldapcasdk = new LDAPCASDK(caInfoVO.getRootCert(), caInfoVO.getCaPwdBean().getKeyIndex().intValue(), caInfoVO.getCaPwdBean().getPrivateKeyPin(), SdfCryptoType.YUNHSM, "", caInfoVO.getLdapConfig().getMasterURL(), (String) null, allLdapServerCerts, (List) null);
                for (int i3 = 0; i3 < arrayList.size(); i3++) {
                    this.logger.debug("向LDAP服务器发布CRL列表，返回reason:" + ldapcasdk.sendCRL(i3, arrayList.get(i3)).getReason());
                }
                this.logger.info("向LDAP服务器发布CRL列表结束");
            }
        } catch (Exception e) {
            throw new ServiceException("签发全量CRL失败", e);
        }
    }

    private void copyList(List<CrlBeanDo> list, List<CRLEntry> list2) {
        for (CrlBeanDo crlBeanDo : list) {
            list2.add(new CRLEntry(crlBeanDo.getUserCertificateSerial(), crlBeanDo.getRevocationDate(), crlBeanDo.getReason().intValue()));
        }
    }

    private void saveCrlData(List<X509CRL> list, Long l) {
        this.crlDataDao.saveCrlDatas(list, this.crlDao.saveCrls(l, list));
    }

    public void doIssueDeltaCrl(Date date, Integer num) {
        ArrayList arrayList = new ArrayList();
        CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(num);
        Long maxId = this.certSnDao.getMaxId();
        int intValue = caInfoVO.getCrlConfig().getCertCounts().intValue();
        int computeSnFragmentantation = CrlUtil.computeSnFragmentantation(BigInteger.valueOf(maxId.longValue()), intValue);
        Date nextUpdateDate = IssueTimeUtil.getNextUpdateDate(date, caInfoVO.getCrlConfig().getDeltaCrlCycle());
        for (int i = 0; i <= computeSnFragmentantation; i++) {
            try {
                List<CrlBeanDo> snsForCrl = this.deltaRevokeCertDao.getSnsForCrl(Integer.toHexString((intValue * i) + 1), Integer.toHexString(intValue * (i + 1)), num, date);
                ArrayList arrayList2 = new ArrayList();
                copyList(snsForCrl, arrayList2);
                ArrayList arrayList3 = new ArrayList();
                arrayList3.add(GMSSLExtensionUtils.genDRLExtension(i));
                arrayList.add(GMSSLCRLUtils.generateCRLByYunhsm(caInfoVO.getRootCert(), caInfoVO.getCaPwdBean().getKeyIndex().intValue(), caInfoVO.getCaPwdBean().getPrivateKeyPin(), BigInteger.valueOf(i), date, nextUpdateDate, arrayList3, arrayList2));
            } catch (Exception e) {
                throw new ServiceException("签发增量DRL失败", e);
            }
        }
        saveDrlData(arrayList, caInfoVO.getCertId(), this.crlDao.getLastCrlId());
        for (int i2 = 0; i2 < arrayList.size(); i2++) {
            CertUtil.writeObjToFile(arrayList.get(i2), "/home/xdja/conf/ca/drl" + i2 + ".crl");
        }
        if (null != caInfoVO.getLdapConfig() && StringUtils.isNotBlank(caInfoVO.getLdapConfig().getMasterURL())) {
            List allLdapServerCerts = this.subSystemService.getAllLdapServerCerts();
            this.logger.info("开始向LDAP服务器发布DRL列表");
            LDAPCASDK ldapcasdk = new LDAPCASDK(caInfoVO.getRootCert(), caInfoVO.getCaPwdBean().getKeyIndex().intValue(), caInfoVO.getCaPwdBean().getPrivateKeyPin(), SdfCryptoType.YUNHSM, "", caInfoVO.getLdapConfig().getMasterURL(), (String) null, allLdapServerCerts, (List) null);
            for (int i3 = 0; i3 < arrayList.size(); i3++) {
                this.logger.debug("向LDAP服务器发布DRL列表，返回reason:" + ldapcasdk.sendCRL(i3, arrayList.get(i3)).getReason());
            }
            this.logger.info("向LDAP服务器发布DRL列表结束");
        }
    }

    private void saveDrlData(List<X509CRL> list, Long l, Map<String, Object> map) {
        this.crlDataDao.saveArlDatas(list, this.crlDao.saveDrls(l, list, map));
    }

    public void doIssueArl(Date date, Integer num) {
        CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(num);
        Date nextUpdateDate = IssueTimeUtil.getNextUpdateDate(date, caInfoVO.getCrlConfig().getReleaseCycle());
        ArrayList arrayList = new ArrayList();
        try {
            arrayList.add(GMSSLExtensionUtils.genARLExtension(LDAPUrlUtils.genCertArlLdapUri(caInfoVO.getLdapConfig().getSlaveURL(), caInfoVO.getSubject(), 0, caInfoVO.getBaseDn())));
            List<CrlBeanDo> snsForArl = this.revokeCertDao.getSnsForArl(num, date);
            ArrayList arrayList2 = new ArrayList();
            copyList(snsForArl, arrayList2);
            X509CRL generateCRLByYunhsm = GMSSLCRLUtils.generateCRLByYunhsm(caInfoVO.getRootCert(), caInfoVO.getCaPwdBean().getKeyIndex().intValue(), caInfoVO.getCaPwdBean().getPrivateKeyPin(), BigInteger.valueOf(0L), date, nextUpdateDate, arrayList, arrayList2);
            saveArlData(generateCRLByYunhsm, caInfoVO.getCertId());
            CertUtil.writeObjToFile(generateCRLByYunhsm, "/home/xdja/conf/ca/arl0.crl");
            if (null != caInfoVO.getLdapConfig() && StringUtils.isNotBlank(caInfoVO.getLdapConfig().getMasterURL())) {
                List allLdapServerCerts = this.subSystemService.getAllLdapServerCerts();
                this.logger.info("开始向LDAP服务器发布ARL列表");
                this.logger.info("向LDAP服务器发布ARL列表结束，返回reason：" + new LDAPCASDK(caInfoVO.getRootCert(), caInfoVO.getCaPwdBean().getKeyIndex().intValue(), caInfoVO.getCaPwdBean().getPrivateKeyPin(), SdfCryptoType.YUNHSM, "", caInfoVO.getLdapConfig().getMasterURL(), (String) null, allLdapServerCerts, (List) null).sendCRL(0, generateCRLByYunhsm).getReason());
            }
        } catch (Exception e) {
            throw new ServiceException("签发ARL失败", e);
        }
    }

    private void saveArlData(X509CRL x509crl, Long l) {
        this.arlDataDao.saveArlDatas(x509crl, this.arlDao.saveArls(l, x509crl));
    }

    public Date getCrlLastUpdateTime() {
        try {
            return this.crlDao.getCrlLastUpdateTime();
        } catch (Exception e) {
            throw new ServiceException("获取当前最大CRL最后更新时间异常", e);
        }
    }

    public Date getDrlLastUpdateTime() {
        try {
            return this.crlDao.getArlLastUpdateTime();
        } catch (Exception e) {
            throw new ServiceException("获取当前最大CRL最后更新时间异常", e);
        }
    }
}
