package com.xdja.pki.ca.certmanager.service.subsystem;

import com.xdja.pki.ca.certmanager.dao.CaSubServerCertDao;
import com.xdja.pki.ca.certmanager.dao.ManagerCertDao;
import com.xdja.pki.ca.certmanager.dao.ManagerCertDataDao;
import com.xdja.pki.ca.certmanager.dao.SubSystemDao;
import com.xdja.pki.ca.certmanager.dao.models.CaSubServerCertDO;
import com.xdja.pki.ca.certmanager.dao.models.ManageCertDO;
import com.xdja.pki.ca.certmanager.dao.models.ManageCertDataDO;
import com.xdja.pki.ca.certmanager.dao.models.SubSystemListDO;
import com.xdja.pki.ca.certmanager.dao.models.SubSystemQueryDO;
import com.xdja.pki.ca.certmanager.service.racert.bean.DeviceTypeToTemplateTypeEnum;
import com.xdja.pki.ca.certmanager.service.subsystem.bean.SubSystemCertVO;
import com.xdja.pki.ca.certmanager.service.subsystem.bean.SubSystemListVO;
import com.xdja.pki.ca.certmanager.service.subsystem.bean.SubSystemVO;
import com.xdja.pki.ca.certmanager.service.task.TaskDataService;
import com.xdja.pki.ca.certmanager.service.template.TemplateService;
import com.xdja.pki.ca.certmanager.service.template.bean.TemplateInfoVO;
import com.xdja.pki.ca.certmanager.service.util.ExtensionUtil;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.PageInfo;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.enums.KeyAlgEnum;
import com.xdja.pki.ca.core.enums.TemplateStatusEnum;
import com.xdja.pki.ca.core.enums.TemplateTypeEnum;
import com.xdja.pki.ca.core.exception.DAOException;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.core.pkcs7.EnvelopedDataUtil;
import com.xdja.pki.ca.core.util.DnUtil;
import com.xdja.pki.ca.core.util.time.DateTimeUtil;
import com.xdja.pki.ca.core.util.time.IssueTimeUtil;
import com.xdja.pki.ca.hsm.manager.HsmManager;
import com.xdja.pki.ca.ldap.service.CrlLdapUrlService;
import com.xdja.pki.ca.securitymanager.dao.CertSnDao;
import com.xdja.pki.ca.securitymanager.dao.DicDao;
import com.xdja.pki.ca.securitymanager.service.vo.AlgTypeEnum;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.ca.securitymanager.service.vo.InitAlgInfoVO;
import com.xdja.pki.ca.securitymanager.service.vo.SignAlgTypeEnum;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/xdja/pki/ca/certmanager/service/subsystem/SubSystemServiceImpl.class */
public class SubSystemServiceImpl implements SubSystemService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private SubSystemDao subSystemDao;

    @Autowired
    private DicDao dicDao;

    @Autowired
    private TemplateService templateService;

    @Autowired
    private ManagerCertDao managereCertDao;

    @Autowired
    private CaSubServerCertDao caSubServerCertDao;

    @Autowired
    private ManagerCertDataDao managerCertDataDao;

    @Autowired
    private HsmManager hsmService;

    @Autowired
    private CrlLdapUrlService crlLdapUrlService;

    @Autowired
    private TaskDataService taskDataService;

    @Autowired
    private CertSnDao certSnDao;

    public Object getSubSystemList(SubSystemVO subSystemVO) {
        SubSystemQueryDO subSystemQueryDO = new SubSystemQueryDO();
        BeanUtils.copyProperties(subSystemVO, subSystemQueryDO);
        PageInfo querySubSystemList = this.subSystemDao.querySubSystemList(subSystemQueryDO);
        try {
            if (!querySubSystemList.getDatas().isEmpty()) {
                Map dicsByParentCode = this.dicDao.getDicsByParentCode("deviceType");
                Map dicsByParentCode2 = this.dicDao.getDicsByParentCode("certStatus");
                ArrayList arrayList = new ArrayList();
                for (int i = 0; i < querySubSystemList.getDatas().size(); i++) {
                    SubSystemListDO subSystemListDO = (SubSystemListDO) ((List) querySubSystemList.getDatas()).get(i);
                    subSystemListDO.setStatus(Integer.valueOf(null == subSystemVO.getStatus() ? 1 : subSystemVO.getStatus().intValue()));
                    SubSystemListVO subSystemListVO = new SubSystemListVO();
                    BeanUtils.copyProperties(subSystemListDO, subSystemListVO);
                    subSystemListVO.setDeviceTypeStr((String) dicsByParentCode.get(String.valueOf(subSystemListDO.getDeviceType())));
                    subSystemListVO.setStatusStr((String) dicsByParentCode2.get(String.valueOf(subSystemListDO.getStatus())));
                    arrayList.add(subSystemListVO);
                }
                querySubSystemList.setDatas(arrayList);
            }
            return querySubSystemList;
        } catch (Exception e) {
            throw new DAOException("分页查询CA子系统列表时数据库异常", e);
        }
    }

    public Object doIssueSubSystemCert(SubSystemCertVO subSystemCertVO) {
        TemplateInfoVO innerTemplateByType = this.templateService.getInnerTemplateByType(DeviceTypeToTemplateTypeEnum.getTemplateTypeByDeviceType(subSystemCertVO.getDeviceType().intValue()));
        CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(innerTemplateByType.getKeyAlg());
        Result checkIssueCertParams = checkIssueCertParams(innerTemplateByType, caInfoVO, subSystemCertVO.getDn());
        if (!checkIssueCertParams.isSuccess()) {
            return checkIssueCertParams;
        }
        PublicKey publicKeyFromP10 = CertUtil.getPublicKeyFromP10(subSystemCertVO.getP10());
        if (null == publicKeyFromP10) {
            this.logger.debug("p10格式错误，获取公钥失败[{}]", subSystemCertVO.getP10());
            return Result.failure(ErrorEnum.P10_FORMAT_ERROR);
        }
        try {
            PublicKey publicKeyBySubjectKeyInfo = CertUtil.getPublicKeyBySubjectKeyInfo(Constants.BASE_ALG_TYPE, subSystemCertVO.getSubjectPublicKeyInfo());
            try {
                Date date = new Date();
                Date correctTime = IssueTimeUtil.getCorrectTime(subSystemCertVO.getMaxValidity(), innerTemplateByType.getMaxValidity(), caInfoVO.getRootCert().getNotAfter(), date);
                BigInteger maxSn = this.certSnDao.getMaxSn(date);
                X509Certificate genX509Certificate = this.hsmService.genX509Certificate(subSystemCertVO.getDn(), maxSn, date, correctTime, caInfoVO, publicKeyBySubjectKeyInfo, ExtensionUtil.changeExtensionFormat(innerTemplateByType.getExtensions(), (Map) null, publicKeyBySubjectKeyInfo, subSystemCertVO.getDn(), this.crlLdapUrlService.getLdapOcspUrl(maxSn, subSystemCertVO.getDn(), caInfoVO, false), false), innerTemplateByType.getSignAlg());
                BigInteger maxSn2 = this.certSnDao.getMaxSn(date);
                X509Certificate genX509Certificate2 = this.hsmService.genX509Certificate(subSystemCertVO.getDn(), maxSn2, date, correctTime, caInfoVO, publicKeyFromP10, ExtensionUtil.changeExtensionFormat(innerTemplateByType.getExtensions(), (Map) null, publicKeyFromP10, subSystemCertVO.getDn(), this.crlLdapUrlService.getLdapOcspUrl(maxSn2, subSystemCertVO.getDn(), caInfoVO, false), true), innerTemplateByType.getSignAlg());
                saveSubSystemCert(caInfoVO, genX509Certificate2, genX509Certificate, subSystemCertVO, innerTemplateByType);
                this.logger.info("CA子系统证书签发成功，signCert=" + CertUtil.writeObject(genX509Certificate2) + ",encCert=" + CertUtil.writeObject(genX509Certificate));
                HashMap hashMap = new HashMap();
                this.logger.debug("加密证书>>>>>>>>>>>>>>>" + new String(Base64.toBase64String(EnvelopedDataUtil.getEnvelopedData(Constants.BASE_ALG_TYPE, genX509Certificate).getEncoded("DER"))));
                hashMap.put("certName", "ServerCert_" + DateTimeUtil.dateToZipStr(date) + ".zip");
                hashMap.put("sn", maxSn2.toString(16));
                hashMap.put("keyAlg", innerTemplateByType.getKeyAlg());
                return Result.success(hashMap, maxSn2.toString(16));
            } catch (Exception e) {
                throw new ServiceException("签发CA子系统服务器证书失败", e);
            }
        } catch (Exception e2) {
            e2.printStackTrace();
            this.logger.debug("加密公钥格式错误:[{}]", subSystemCertVO.getSubjectPublicKeyInfo());
            return Result.failure(ErrorEnum.PEM_FORMAT_ERROR);
        }
    }

    private Result checkIssueCertParams(TemplateInfoVO templateInfoVO, CaInfoVO caInfoVO, String str) {
        if (null == templateInfoVO) {
            this.logger.debug("签发RA管理员证书失败，模板不存在");
            return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
        }
        if (TemplateStatusEnum.NORMAL.value != templateInfoVO.getStatus().intValue()) {
            this.logger.info("查询模板信息结果：模板状态不正常，模板状态为[{}]", templateInfoVO.getStatus());
            return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
        }
        if (null == caInfoVO || StringUtils.isBlank(caInfoVO.getBaseDn()) || null == caInfoVO.getRootCert()) {
            this.logger.debug("初始化CA子系统服务器失败：未查到CA基本信息[{}]", str);
            return Result.failure(ErrorEnum.CA_BASEINFO_GET_FAIL);
        }
        if (caInfoVO.getRootCert().getNotAfter().before(new Date())) {
            this.logger.debug("初始化CA子系统服务器失败：CA根证书已过期[{}]", str);
            return Result.failure(ErrorEnum.CA_ROOT_CERT_EXPIRED);
        }
        if (!str.toLowerCase().endsWith(caInfoVO.getBaseDn().toLowerCase())) {
            this.logger.debug("初始化CA子系统服务器失败：DN中的baseDn不正确[{}]", str);
            return Result.failure(ErrorEnum.BASEDN_ERROR);
        }
        try {
            DnUtil.getRFC4519X500Name(str);
            return Result.success();
        } catch (Exception e) {
            this.logger.debug("初始化CA证书失败：DN不符合X500规范[{}]", str);
            return Result.failure(ErrorEnum.DN_FORMAT_FAIL);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v24, types: [java.util.Map] */
    /* JADX WARN: Type inference failed for: r0v34, types: [java.util.Map] */
    public InitAlgInfoVO getCertIssueAlgInfo(Integer num) {
        try {
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
            InitAlgInfoVO initAlgInfoVO = new InitAlgInfoVO();
            if (null != caInfoVO && StringUtils.isNotBlank(caInfoVO.getBaseDn())) {
                initAlgInfoVO.setBaseDn(DnUtil.getRFC4519X500Name(caInfoVO.getBaseDn()).toString());
            }
            if (AlgTypeEnum.RSA.value == Constants.BASE_ALG_TYPE.intValue() && num.intValue() == TemplateTypeEnum.CA.value) {
                initAlgInfoVO.setKeyAlg(Constants.RSA_ALG);
            } else {
                TemplateInfoVO innerTemplateByType = this.templateService.getInnerTemplateByType(num.intValue());
                if (null != innerTemplateByType && null != caInfoVO && StringUtils.isNotBlank(caInfoVO.getBaseDn())) {
                    initAlgInfoVO.setKeyAlg(innerTemplateByType.getKeyAlg());
                    HashMap hashMap = new HashMap();
                    if (AlgTypeEnum.SM2.value == innerTemplateByType.getKeyAlg().intValue()) {
                        hashMap = this.dicDao.getDicsByParentCode("signAlg");
                    } else if (AlgTypeEnum.RSA.value == innerTemplateByType.getKeyAlg().intValue()) {
                        hashMap = this.dicDao.getDicsByParentCode("signAlgRsa");
                    }
                    initAlgInfoVO.setKeyAlgStr(AlgTypeEnum.getAlgStr(innerTemplateByType.getKeyAlg().intValue()));
                    initAlgInfoVO.setSignAlg(innerTemplateByType.getSignAlg());
                    initAlgInfoVO.setSignAlgStr((String) hashMap.get(innerTemplateByType.getSignAlg()));
                    initAlgInfoVO.setKeyAlgLength(innerTemplateByType.getKeySize());
                    if (null == caInfoVO.getRootCert()) {
                        initAlgInfoVO.setMaxValidity(innerTemplateByType.getMaxValidity());
                    } else {
                        initAlgInfoVO.setMaxValidity(IssueTimeUtil.getMaxIssueTime(innerTemplateByType.getMaxValidity(), caInfoVO.getRootCert().getNotAfter()));
                    }
                }
            }
            if (num.intValue() == TemplateTypeEnum.KM_SERVER.value) {
                initAlgInfoVO.setKeyAlg(Integer.valueOf(KeyAlgEnum.SM2.value));
                initAlgInfoVO.setKeyAlgStr(AlgTypeEnum.getAlgStr(KeyAlgEnum.SM2.value));
                initAlgInfoVO.setSignAlg(String.valueOf(SignAlgTypeEnum.SM3_WITH_SM2.value));
                initAlgInfoVO.setSignAlgStr(SignAlgTypeEnum.SM3_WITH_SM2.algName);
                initAlgInfoVO.setKeyAlgLength(256);
            }
            return initAlgInfoVO;
        } catch (Exception e) {
            throw new DAOException("获取证书签发时算法信息异常", e);
        }
    }

    public List<X509Certificate> getAllLdapServerCerts() {
        List allLdapServerSignCerts = this.subSystemDao.getAllLdapServerSignCerts();
        ArrayList arrayList = new ArrayList();
        Iterator it = allLdapServerSignCerts.iterator();
        while (it.hasNext()) {
            X509Certificate certFromStr = CertUtil.getCertFromStr((String) it.next());
            this.logger.info("ldap签名证书SN：" + certFromStr.getSerialNumber().toString(16));
            arrayList.add(certFromStr);
        }
        return arrayList;
    }

    public void saveSubSystemCert(CaInfoVO caInfoVO, X509Certificate x509Certificate, X509Certificate x509Certificate2, SubSystemCertVO subSystemCertVO, TemplateInfoVO templateInfoVO) throws Exception {
        ArrayList arrayList = new ArrayList();
        ManageCertDataDO manageCertDataDO = new ManageCertDataDO();
        ManageCertDataDO manageCertDataDO2 = new ManageCertDataDO();
        manageCertDataDO2.setData(CertUtil.writeObject(x509Certificate2));
        manageCertDataDO2.setGmtCreate(x509Certificate2.getNotBefore());
        manageCertDataDO.setData(CertUtil.writeObject(x509Certificate));
        manageCertDataDO.setGmtCreate(x509Certificate.getNotBefore());
        ManageCertDO manageCertDO = new ManageCertDO();
        manageCertDO.setCaCertId(caInfoVO.getCertId());
        manageCertDO.setSn(x509Certificate2.getSerialNumber().toString(16));
        manageCertDO.setIssuer(CertUtil.getIssuerByX509Cert(x509Certificate2));
        manageCertDO.setSubject(CertUtil.getSubjectByX509Cert(x509Certificate2));
        manageCertDO.setPublicKeyAlg(templateInfoVO.getKeyAlg());
        manageCertDO.setPrivateKeySize(templateInfoVO.getKeySize());
        manageCertDO.setBeforeTime(x509Certificate2.getNotBefore());
        manageCertDO.setAfterTime(x509Certificate2.getNotAfter());
        manageCertDO.setSignAlg(templateInfoVO.getSignAlg());
        manageCertDO.setType(Constants.ENC_CERT);
        manageCertDO.setStatus(1);
        manageCertDO.setTemplateId(templateInfoVO.getId());
        manageCertDO.setPairCertSn(x509Certificate.getSerialNumber().toString(16));
        manageCertDO.setConfirmationStatus(Constants.ISSUE_CERT_OK_ACK);
        manageCertDO.setGmtCreate(x509Certificate.getNotBefore());
        ManageCertDO save = this.managereCertDao.save(manageCertDO);
        manageCertDataDO2.setId(save.getId());
        arrayList.add(manageCertDataDO2);
        CaSubServerCertDO caSubServerCertDO = new CaSubServerCertDO();
        caSubServerCertDO.setDeviceType(subSystemCertVO.getDeviceType());
        caSubServerCertDO.setGmtCreate(x509Certificate2.getNotAfter());
        save.setSn(x509Certificate.getSerialNumber().toString(16));
        save.setPairCertSn(x509Certificate2.getSerialNumber().toString(16));
        save.setPairCertId(save.getId());
        save.setType(Constants.SIGN_CERT);
        save.setId((Long) null);
        ManageCertDO save2 = this.managereCertDao.save(save);
        manageCertDataDO.setId(save2.getId());
        arrayList.add(manageCertDataDO);
        caSubServerCertDO.setManageCertId(save2.getId());
        this.caSubServerCertDao.save(caSubServerCertDO);
        this.managereCertDao.updatePairCertId(save2.getPairCertId(), save2.getId());
        this.managerCertDataDao.batchSave(arrayList);
        this.taskDataService.savePublishCert(save2.getId(), save2.getPairCertId(), 2);
    }
}
