package com.xdja.pki.ca.certmanager.service.crosscert;

import com.xdja.pki.ca.certmanager.dao.CrossCertDao;
import com.xdja.pki.ca.certmanager.dao.OuterCrossCertDao;
import com.xdja.pki.ca.certmanager.dao.models.CrossCertDO;
import com.xdja.pki.ca.certmanager.dao.models.OuterCrossCertDO;
import com.xdja.pki.ca.certmanager.service.crosscert.bean.CrossCertApplyVO;
import com.xdja.pki.ca.certmanager.service.crosscert.bean.CrossCertQueryVO;
import com.xdja.pki.ca.certmanager.service.crosscert.bean.CrossCertTypeEnum;
import com.xdja.pki.ca.certmanager.service.crosscert.bean.CrossCertVO;
import com.xdja.pki.ca.certmanager.service.task.TaskDataService;
import com.xdja.pki.ca.certmanager.service.template.TemplateService;
import com.xdja.pki.ca.certmanager.service.template.bean.TemplateInfoVO;
import com.xdja.pki.ca.certmanager.service.util.DicDataConverUtil;
import com.xdja.pki.ca.certmanager.service.util.ExtensionUtil;
import com.xdja.pki.ca.certmanager.service.util.TemplateParamsUtil;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.ca.util.gm.cert.SM2PublicKey;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.PageInfo;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.enums.P10typeEnum;
import com.xdja.pki.ca.core.enums.TemplateStatusEnum;
import com.xdja.pki.ca.core.exception.DAOException;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.core.util.CertUtils;
import com.xdja.pki.ca.core.util.DnUtil;
import com.xdja.pki.ca.core.util.time.DateTimeUtil;
import com.xdja.pki.ca.core.util.time.IssueTimeUtil;
import com.xdja.pki.ca.hsm.manager.HsmManager;
import com.xdja.pki.ca.ldap.service.CrlLdapUrlService;
import com.xdja.pki.ca.securitymanager.dao.CaCertDao;
import com.xdja.pki.ca.securitymanager.dao.CertSnDao;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.ca.securitymanager.service.vo.CreateP10VO;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.Resource;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.nutz.dao.pager.Pager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/xdja/pki/ca/certmanager/service/crosscert/CrossCertManageServiceImpl.class */
public class CrossCertManageServiceImpl implements ICrossCertManageService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private HsmManager hsmService;

    @Autowired
    private CaCertDao caCertDao;

    @Autowired
    private TemplateService templateService;

    @Autowired
    private CrlLdapUrlService crlLdapUrlService;

    @Resource
    private CertSnDao certSnDao;

    @Resource
    private CrossCertDao crossCertDao;

    @Resource
    private OuterCrossCertDao outerCrossCertDao;

    @Autowired
    private TaskDataService taskDataService;

    @Autowired
    private DicDataConverUtil dicDataConverUtil;

    @Value("${config.path}")
    private String configPath;

    @Autowired
    private Environment environment;

    public Result createCrossCertApplyP10() {
        if (!this.caCertDao.currentIsRootCa().booleanValue()) {
            this.logger.info("本级CA不是根CA,没有权限签发交叉证书");
            return Result.failure(ErrorEnum.PERMISSION_ACCESS_ERROR);
        }
        CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
        String subjectByX509Cert = CertUtil.getSubjectByX509Cert(caInfoVO.getRootCert());
        Integer privateKeySize = caInfoVO.getPrivateKeySize();
        Integer keyIndex = caInfoVO.getCaPwdBean().getKeyIndex();
        String privateKeyPin = caInfoVO.getCaPwdBean().getPrivateKeyPin();
        CreateP10VO createP10VO = new CreateP10VO();
        createP10VO.setDn(subjectByX509Cert);
        createP10VO.setAlg(Constants.BASE_ALG_TYPE);
        createP10VO.setAlgLength(privateKeySize);
        if (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_BC.intValue()) {
            createP10VO.setPublicKey(caInfoVO.getRootCert().getPublicKey());
            createP10VO.setPrivateKey(caInfoVO.getRootPrivateKey());
        } else {
            createP10VO.setKeyIndex(keyIndex);
            createP10VO.setPrivateKeyPin(privateKeyPin);
        }
        try {
            PKCS10CertificationRequest genP10 = this.hsmService.genP10(createP10VO, Integer.valueOf(P10typeEnum.Cross.value));
            String str = "CertReq_" + DateTimeUtil.dateToZipStr(new Date()) + ".p10";
            CertUtil.writeObjToFile(genP10, this.configPath + "p10/" + str);
            HashMap hashMap = new HashMap();
            hashMap.put("p10Name", str);
            return Result.success(hashMap, str);
        } catch (Exception e) {
            throw new ServiceException("生成交叉证书p10申请书失败", e);
        }
    }

    public Result doIssueCrossCert(CrossCertApplyVO crossCertApplyVO) {
        String tempCode = crossCertApplyVO.getTempCode();
        try {
            TemplateInfoVO templateInfoVO = (TemplateInfoVO) this.templateService.getTemplatesByCodes(new String[]{tempCode}).get(tempCode);
            if (null == templateInfoVO) {
                this.logger.debug("签发交叉证书失败，模板不存在");
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            if (TemplateStatusEnum.NORMAL.value != templateInfoVO.getStatus().intValue()) {
                this.logger.info("查询模板信息结果：模板状态不正常，模板状态为[{}]", templateInfoVO.getStatus());
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            Result validity = TemplateParamsUtil.validity(templateInfoVO, crossCertApplyVO.getTempParas());
            if (!validity.isSuccess()) {
                this.logger.info("签发交叉证书失败：缺少模板需要参数");
                return Result.failure(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
            }
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(templateInfoVO.getKeyAlg());
            X509Certificate rootCert = caInfoVO.getRootCert();
            if (null == caInfoVO || StringUtils.isBlank(caInfoVO.getBaseDn()) || null == caInfoVO.getRootCert()) {
                this.logger.debug("签发交叉证书失败：未查到CA基本信息[{}]", crossCertApplyVO.toString());
                return Result.failure(ErrorEnum.CA_BASEINFO_GET_FAIL);
            }
            if (caInfoVO.getRootCert().getNotAfter().before(new Date())) {
                this.logger.debug("签发交叉证书失败：CA根证书已过期[{}]", crossCertApplyVO.toString());
                return Result.failure(ErrorEnum.CA_ROOT_CERT_EXPIRED);
            }
            try {
                DnUtil.getRFC4519X500Name(crossCertApplyVO.getCertDn());
                PublicKey publicKeyFromP10 = CertUtil.getPublicKeyFromP10(crossCertApplyVO.getP10());
                if (null == publicKeyFromP10) {
                    this.logger.debug("签发交叉证书失败：p10格式不正确[{}]", crossCertApplyVO.toString());
                    return Result.failure(ErrorEnum.P10_FORMAT_ERROR);
                }
                try {
                    Date date = new Date();
                    Date correctTime = IssueTimeUtil.getCorrectTime(crossCertApplyVO.getValidity(), templateInfoVO.getMaxValidity(), rootCert.getNotAfter(), date);
                    BigInteger maxSn = this.certSnDao.getMaxSn(date);
                    X509Certificate genX509Certificate = this.hsmService.genX509Certificate(crossCertApplyVO.getCertDn(), maxSn, date, correctTime, caInfoVO, publicKeyFromP10, ExtensionUtil.changeExtensionFormat(templateInfoVO.getExtensions(), (Map) validity.getInfo(), publicKeyFromP10, crossCertApplyVO.getCertDn(), this.crlLdapUrlService.getLdapOcspUrl(maxSn, crossCertApplyVO.getCertDn(), caInfoVO, true, (Integer) null), true), templateInfoVO.getSignAlg());
                    try {
                        this.taskDataService.savePublishCert(saveCrossCert(caInfoVO.getCertId(), genX509Certificate, crossCertApplyVO, templateInfoVO).getId(), (Long) null, 4);
                        this.logger.info("签发交叉证书成功：dn= " + crossCertApplyVO.getCertDn() + ",signCert=" + CertUtil.writeObject(genX509Certificate));
                        HashMap hashMap = new HashMap();
                        hashMap.put("certName", "CrossCA_" + DateTimeUtil.dateToZipStr(date) + ".p7b");
                        hashMap.put("sn", maxSn.toString(16));
                        hashMap.put("keyAlg", templateInfoVO.getKeyAlg());
                        return Result.success(hashMap, maxSn.toString(16));
                    } catch (DAOException e) {
                        throw new ServiceException("保存交叉证书信息失败，", e);
                    }
                } catch (Exception e2) {
                    throw new ServiceException("签发交叉证书失败", e2);
                }
            } catch (Exception e3) {
                this.logger.debug("签发交叉证书失败：DN不符合X500规范[{}]", crossCertApplyVO.toString());
                return Result.failure(ErrorEnum.DN_FORMAT_FAIL);
            }
        } catch (ServiceException e4) {
            this.logger.error("查询模板信息异常");
            throw e4;
        }
    }

    private CrossCertDO saveCrossCert(Long l, X509Certificate x509Certificate, CrossCertApplyVO crossCertApplyVO, TemplateInfoVO templateInfoVO) throws Exception {
        CrossCertDO crossCertDO = new CrossCertDO();
        crossCertDO.setCaCertId(l);
        crossCertDO.setSn(x509Certificate.getSerialNumber().toString(16));
        crossCertDO.setIssuer(CertUtil.getIssuerByX509Cert(x509Certificate));
        crossCertDO.setSubject(CertUtil.getSubjectByX509Cert(x509Certificate));
        crossCertDO.setPrivateKeySize(templateInfoVO.getKeySize());
        crossCertDO.setPublicKeyAlg(templateInfoVO.getKeyAlg());
        crossCertDO.setBeforeTime(x509Certificate.getNotBefore());
        crossCertDO.setAfterTime(x509Certificate.getNotAfter());
        crossCertDO.setSignAlg(templateInfoVO.getSignAlg());
        crossCertDO.setStatus(1);
        crossCertDO.setTemplateId(templateInfoVO.getId());
        crossCertDO.setGmtCreate(x509Certificate.getNotBefore());
        crossCertDO.setData(CertUtil.writeObject(x509Certificate));
        return this.crossCertDao.save(crossCertDO);
    }

    public Result getCrossCertList(CrossCertQueryVO crossCertQueryVO) {
        Pager pager = new Pager(crossCertQueryVO.getPageNo(), crossCertQueryVO.getPageSize());
        HashMap hashMap = new HashMap();
        hashMap.put("certDn", crossCertQueryVO.getCertDn());
        try {
            PageInfo crossCertList = this.crossCertDao.getCrossCertList(hashMap, pager);
            Collection<CrossCertDO> datas = crossCertList.getDatas();
            if (!datas.isEmpty()) {
                ArrayList arrayList = new ArrayList();
                for (CrossCertDO crossCertDO : datas) {
                    CrossCertVO crossCertVO = new CrossCertVO();
                    handleCrossCertDO(crossCertDO);
                    Integer status = crossCertDO.getStatus();
                    crossCertVO.setStatus(status);
                    crossCertVO.setStatusStr(this.dicDataConverUtil.ConverStatusToStr(status));
                    crossCertVO.setCertDn(crossCertDO.getSubject());
                    crossCertVO.setIssuer(crossCertDO.getIssuer());
                    crossCertVO.setSn(crossCertDO.getSn());
                    crossCertVO.setNotBeforeTime(DateTimeUtil.dateToWebStr(crossCertDO.getBeforeTime()));
                    crossCertVO.setNotAfterTime(DateTimeUtil.dateToWebStr(crossCertDO.getAfterTime()));
                    arrayList.add(crossCertVO);
                }
                crossCertList.setDatas(arrayList);
            }
            return Result.success(crossCertList);
        } catch (DAOException e) {
            throw new ServiceException("查询交叉证书列表异常，", e);
        }
    }

    public Result getOutCrossCertList(CrossCertQueryVO crossCertQueryVO) {
        Pager pager = new Pager(crossCertQueryVO.getPageNo(), crossCertQueryVO.getPageSize());
        HashMap hashMap = new HashMap();
        hashMap.put("certDn", crossCertQueryVO.getCertDn());
        try {
            PageInfo outCrossCertList = this.outerCrossCertDao.getOutCrossCertList(hashMap, pager);
            Collection<OuterCrossCertDO> datas = outCrossCertList.getDatas();
            if (!datas.isEmpty()) {
                ArrayList arrayList = new ArrayList();
                for (OuterCrossCertDO outerCrossCertDO : datas) {
                    CrossCertVO crossCertVO = new CrossCertVO();
                    handleOutCrossCertDO(outerCrossCertDO, crossCertVO);
                    crossCertVO.setCertDn(outerCrossCertDO.getSubject());
                    crossCertVO.setIssuer(outerCrossCertDO.getIssuer());
                    crossCertVO.setSn(outerCrossCertDO.getSn());
                    crossCertVO.setNotBeforeTime(DateTimeUtil.dateToWebStr(outerCrossCertDO.getBeforeTime()));
                    crossCertVO.setNotAfterTime(DateTimeUtil.dateToWebStr(outerCrossCertDO.getAfterTime()));
                    arrayList.add(crossCertVO);
                }
                outCrossCertList.setDatas(arrayList);
            }
            return Result.success(outCrossCertList);
        } catch (DAOException e) {
            throw new ServiceException("查询交叉证书列表异常，", e);
        }
    }

    public Result uploadOutCrossCertChain(byte[] bArr) {
        try {
            try {
                X509Certificate[] sortCertChain = CertUtil.sortCertChain(CertUtils.getCertListFromB64(bArr));
                if (!CertUtil.verifyCertChainSign(sortCertChain)) {
                    this.logger.error("外部交叉证书验签失败");
                    return Result.failure(ErrorEnum.CA_CHAIN_VERIFY_FAIL);
                }
                X509Certificate x509Certificate = sortCertChain[sortCertChain.length - 1];
                CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
                X509Certificate rootCert = caInfoVO.getRootCert();
                if (!x509Certificate.getPublicKey().equals(rootCert.getPublicKey()) || !x509Certificate.getSubjectDN().equals(rootCert.getSubjectDN())) {
                    this.logger.error("外部交叉证书导入格式错误,请检查导入证书的主体和公钥是否正确");
                    return Result.failure(ErrorEnum.HSM_CA_CHAIN_FORMAT_ERROR);
                }
                String bigInteger = x509Certificate.getSerialNumber().toString(16);
                String subjectByX509Cert = CertUtil.getSubjectByX509Cert(x509Certificate);
                String issuerByX509Cert = CertUtil.getIssuerByX509Cert(x509Certificate);
                String sigAlgName = x509Certificate.getSigAlgName();
                AlgorithmIdentifier algorithm = SubjectPublicKeyInfo.getInstance(x509Certificate.getPublicKey().getEncoded()).getAlgorithm();
                OuterCrossCertDO outerCrossCertDO = new OuterCrossCertDO();
                outerCrossCertDO.setCaCertId(caInfoVO.getCaId());
                outerCrossCertDO.setSn(bigInteger);
                outerCrossCertDO.setSubject(subjectByX509Cert);
                outerCrossCertDO.setIssuer(issuerByX509Cert);
                outerCrossCertDO.setSignAlg(sigAlgName);
                if (SM2PublicKey.ID_SM2_PUBKEY_PARAM.equals(algorithm.getParameters())) {
                    outerCrossCertDO.setPublicKeyAlg(Constants.BASE_ALG_TYPE);
                } else {
                    outerCrossCertDO.setPublicKeyAlg(Constants.BASE_ALG_TYPE);
                }
                outerCrossCertDO.setPrivateKeySize(caInfoVO.getPrivateKeySize());
                outerCrossCertDO.setBeforeTime(x509Certificate.getNotBefore());
                outerCrossCertDO.setAfterTime(x509Certificate.getNotAfter());
                outerCrossCertDO.setData(CertUtil.writeObject(x509Certificate));
                outerCrossCertDO.setCertChain(new String(bArr));
                outerCrossCertDO.setGmtCreate(new Date());
                this.taskDataService.savePublishCert(this.outerCrossCertDao.save(outerCrossCertDO).getId(), (Long) null, 5);
                return Result.success();
            } catch (Exception e) {
                this.logger.error("证书链格式错误", e);
                return Result.failure(ErrorEnum.HSM_CA_CHAIN_FORMAT_ERROR);
            }
        } catch (Exception e2) {
            this.logger.error("导入外部证书链异常", e2);
            throw new ServiceException("导入外部证书链异常", e2);
        }
    }

    private void handleCrossCertDO(CrossCertDO crossCertDO) {
        if (CrossCertTypeEnum.CROSSCERT_STATUS_REVOKED.value == crossCertDO.getStatus().intValue()) {
            crossCertDO.setStatus(3);
        }
        if (crossCertDO.getAfterTime().before(new Date())) {
            crossCertDO.setStatus(4);
        }
    }

    private void handleOutCrossCertDO(OuterCrossCertDO outerCrossCertDO, CrossCertVO crossCertVO) {
        if (outerCrossCertDO.getAfterTime().before(new Date())) {
            crossCertVO.setStatus(4);
            crossCertVO.setStatusStr(this.dicDataConverUtil.ConverStatusToStr(4));
        }
    }
}
