package com.xdja.pki.ca.certmanager.service.task;

import com.xdja.pki.ca.certmanager.dao.CertDao;
import com.xdja.pki.ca.certmanager.dao.CertDataDao;
import com.xdja.pki.ca.certmanager.dao.CertStatusSyncDao;
import com.xdja.pki.ca.certmanager.dao.CrossCertDao;
import com.xdja.pki.ca.certmanager.dao.ManagerCertDataDao;
import com.xdja.pki.ca.certmanager.dao.RevokeCertDao;
import com.xdja.pki.ca.certmanager.dao.SubCaCertDao;
import com.xdja.pki.ca.certmanager.dao.models.CertStatusSyncDO;
import com.xdja.pki.ca.certmanager.service.task.bean.IssueCertStatusVO;
import com.xdja.pki.ca.certmanager.service.util.LdapCASDKUtil;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.enums.CaOcspCertStatusEnum;
import com.xdja.pki.ca.core.enums.CertStatusEnum;
import com.xdja.pki.ca.core.exception.DAOException;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.securitymanager.dao.CaCertDao;
import com.xdja.pki.ca.securitymanager.dao.CaDao;
import com.xdja.pki.ca.securitymanager.dao.model.CaCertDO;
import com.xdja.pki.ca.securitymanager.dao.model.CaDO;
import com.xdja.pki.ca.securitymanager.service.configfile.ConfigFileService;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.issue.PkixIssueCertStatus;
import com.xdja.pki.issue.TBSIssueCRLReason;
import com.xdja.pki.ldap.sdk.ca.LDAPCASDK;
import com.xdja.pki.ldap.sdk.ca.LDAPResponse;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import org.bouncycastle.asn1.ASN1Integer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/xdja/pki/ca/certmanager/service/task/CertStatusSyncServiceImpl.class */
public class CertStatusSyncServiceImpl implements ICertStatusSyncService {
    private Logger logger = LoggerFactory.getLogger(getClass());
    static final int CERTSTATUSSYNC_TYPE_CERT = 1;
    static final int CERTSTATUSSYNC_TYPE_MANAGECERT = 2;
    static final int CERTSTATUSSYNC_TYPE_CROSSCERT = 3;
    static final int CERTSTATUSSYNC_TYPE_SUBCACERT = 4;

    @Resource
    private CertStatusSyncDao certStatusSyncDao;

    @Resource
    private CertDataDao certDataDao;

    @Resource
    private ManagerCertDataDao managerCertDataDao;

    @Resource
    private CrossCertDao crossCertDao;

    @Resource
    private SubCaCertDao subCaCertDao;

    @Autowired
    private LdapCASDKUtil ldapCASDKUtil;

    @Autowired
    private Environment env;

    @Autowired
    private CaCertDao caCertDao;

    @Autowired
    private RevokeCertDao revokeCertDao;

    @Autowired
    private CaDao caDao;

    @Autowired
    private CertDao certDao;

    @Autowired
    private ConfigFileService configFileService;

    @Value("${ldapsdk.response.overtime}")
    public int ldapsdkOutTime;

    public void execCertStatSync() {
        if (!this.configFileService.verifySystemInitIsOK()) {
            this.logger.info("====CA暂无初始化！");
            return;
        }
        CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.ADMIN_CA_ID);
        if (null == caInfoVO || !caInfoVO.isOcsp()) {
            this.logger.debug("===CA系统未启用OCSP服务！");
            return;
        }
        try {
            List queryCACertUpdateForList = this.certStatusSyncDao.queryCACertUpdateForList(CertStatusEnum.NORMAL.getValue());
            if (queryCACertUpdateForList != null && !queryCACertUpdateForList.isEmpty()) {
                Iterator it = queryCACertUpdateForList.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Long rootCertId = ((CertStatusSyncDO) it.next()).getRootCertId();
                    if (null != rootCertId) {
                        CaCertDO caCertById = this.caCertDao.getCaCertById(rootCertId.longValue());
                        CaDO caById = this.caDao.getCaById(caCertById.getCaId().longValue());
                        X509Certificate certFromStr = null != caCertById.getCert() ? CertUtil.getCertFromStr(caCertById.getCert()) : null;
                        X509Certificate certFromStr2 = null != caCertById.getOldWithNewCert() ? CertUtil.getCertFromStr(caCertById.getOldWithNewCert()) : null;
                        X509Certificate certFromStr3 = null != caCertById.getNewWithOldCert() ? CertUtil.getCertFromStr(caCertById.getNewWithOldCert()) : null;
                        if (null != certFromStr2 && null != certFromStr3 && CaDO.CaMasterEnum.NO.getValue() == caById.getIsMaster().intValue()) {
                            if (!caInfoVO.isOcsp()) {
                                this.logger.error("===CA系统未启用OCSP服务！");
                                break;
                            } else if (!this.ldapCASDKUtil.getPkixIssueSDKInstance().updateRootCACertificateToOCSP(certFromStr2, certFromStr3, certFromStr).isFlag()) {
                                this.logger.error("同步CA更新根证书到ocsp失败");
                                return;
                            } else {
                                this.certStatusSyncDao.deleteDataByRootCertId(rootCertId);
                                this.logger.info("同步CA更新根证书到ocsp成功");
                            }
                        }
                    }
                }
            }
            queryCACertUpdateForList.clear();
            try {
                List<CertStatusSyncDO> queryPublishUserCert = this.certStatusSyncDao.queryPublishUserCert();
                if (queryPublishUserCert == null || queryPublishUserCert.isEmpty()) {
                    this.logger.debug("====本次没有要同步的证书状态信息，当前时间:{}", Long.valueOf(System.currentTimeMillis()));
                    return;
                }
                Map<Long, List<CertStatusSyncDO>> certStatusListByCaCertId = getCertStatusListByCaCertId(queryPublishUserCert);
                for (Long l : certStatusListByCaCertId.keySet()) {
                    List<CertStatusSyncDO> list = certStatusListByCaCertId.get(l);
                    ArrayList<IssueCertStatusVO> arrayList = new ArrayList();
                    HashMap hashMap = new HashMap();
                    HashMap hashMap2 = new HashMap();
                    HashMap hashMap3 = new HashMap();
                    for (CertStatusSyncDO certStatusSyncDO : list) {
                        Long certId = certStatusSyncDO.getCertId();
                        Integer revokeReason = certStatusSyncDO.getRevokeReason();
                        if (certId != null) {
                            hashMap.put(certId, revokeReason);
                            hashMap2.put(certId, certStatusSyncDO.getGmtCreate());
                            hashMap3.put(certId, certStatusSyncDO.getStatus());
                        }
                    }
                    if (!hashMap.isEmpty()) {
                        arrayList.addAll(getCertStatSyncData(hashMap, hashMap3, hashMap2, CERTSTATUSSYNC_TYPE_CERT));
                    }
                    if (!arrayList.isEmpty()) {
                        LDAPCASDK pkixIssueSDKInstance = this.ldapCASDKUtil.getPkixIssueSDKInstance();
                        List<X509Certificate> ocspSignCerts = this.ldapCASDKUtil.getOcspSignCerts();
                        if (null == ocspSignCerts || ocspSignCerts.isEmpty()) {
                            this.logger.info("CA系统未签发OCSP服务器证书，暂不能同步证书状态！");
                            return;
                        }
                        pkixIssueSDKInstance.setUserCaCert(CertUtil.getCertFromStr(this.caCertDao.getCaCertById(l.longValue()).getCert()));
                        ArrayList arrayList2 = new ArrayList();
                        for (IssueCertStatusVO issueCertStatusVO : arrayList) {
                            try {
                                arrayList2.add(new PkixIssueCertStatus(TBSIssueCRLReason.decode(new ASN1Integer(issueCertStatusVO.getReason().intValue())), CertUtil.getCertFromStr(issueCertStatusVO.getData()), issueCertStatusVO.getRevokeDate(), Integer.valueOf(CaOcspCertStatusEnum.getOcspCertStatus(issueCertStatusVO.getStatus().intValue()))));
                            } catch (Exception e) {
                                throw new ServiceException("PkixIssueReq构造异常，", e);
                            }
                        }
                        LDAPResponse sendCertStatus = pkixIssueSDKInstance.sendCertStatus(arrayList2);
                        if (sendCertStatus.isFlag()) {
                            this.logger.info("===证书状态同步成功");
                            this.certStatusSyncDao.deleteBatch(list);
                        } else {
                            this.logger.error("===证书状态同步失败，reason:{}", sendCertStatus.getReason());
                        }
                    }
                }
            } catch (DAOException e2) {
                throw new ServiceException("CertStatusSyncServiceImpl查询用户证书发布状态列表异常，", e2);
            }
        } catch (Exception e3) {
            throw new ServiceException("CertStatusSyncServiceImpl查询证书发布状态列表异常，", e3);
        }
    }

    private Map<Long, List<CertStatusSyncDO>> getCertStatusListByCaCertId(List<CertStatusSyncDO> list) {
        Long caCertId;
        HashMap hashMap = new HashMap();
        for (CertStatusSyncDO certStatusSyncDO : list) {
            int intValue = certStatusSyncDO.getStatus().intValue();
            if (CertStatusEnum.NORMAL.getValue() == intValue || CertStatusEnum.FROZEN.getValue() == intValue) {
                caCertId = this.certDao.getCertById(certStatusSyncDO.getCertId()).getCaCertId();
            } else if (CertStatusEnum.REVOKE.getValue() == intValue) {
                caCertId = this.revokeCertDao.getCertById(certStatusSyncDO.getCertId().longValue()).getCaCertId();
            } else {
                this.logger.error("CertStatus {} is not invalid ", Integer.valueOf(intValue));
            }
            if (hashMap.containsKey(caCertId)) {
                ((List) hashMap.get(caCertId)).add(certStatusSyncDO);
            } else {
                ArrayList arrayList = new ArrayList();
                arrayList.add(certStatusSyncDO);
                hashMap.put(caCertId, arrayList);
            }
        }
        return hashMap;
    }

    /* JADX WARN: Removed duplicated region for block: B:20:0x00d5 A[LOOP:1: B:18:0x00cb->B:20:0x00d5, LOOP_END] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.util.List<com.xdja.pki.ca.certmanager.service.task.bean.IssueCertStatusVO> getCertStatSyncData(java.util.Map<java.lang.Long, java.lang.Integer> r6, java.util.Map<java.lang.Long, java.lang.Integer> r7, java.util.Map<java.lang.Long, java.util.Date> r8, int r9) {
        /*
            Method dump skipped, instructions count: 323
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.xdja.pki.ca.certmanager.service.task.CertStatusSyncServiceImpl.getCertStatSyncData(java.util.Map, java.util.Map, java.util.Map, int):java.util.List");
    }
}
