package com.xdja.pki.ca.certmanager.service.racert;

import com.xdja.pki.ca.certmanager.dao.RaTemplateDao;
import com.xdja.pki.ca.certmanager.dao.models.RaDO;
import com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService;
import com.xdja.pki.ca.certmanager.service.racert.bean.CMPReqCacheVO;
import com.xdja.pki.ca.certmanager.service.racert.bean.IssueRaCertVO;
import com.xdja.pki.ca.certmanager.service.racert.bean.RACertResponseVO;
import com.xdja.pki.ca.certmanager.service.racert.bean.RARoleEnum;
import com.xdja.pki.ca.certmanager.service.racert.bean.RevokeCertVO;
import com.xdja.pki.ca.certmanager.service.task.TaskDataService;
import com.xdja.pki.ca.certmanager.service.template.TemplateService;
import com.xdja.pki.ca.certmanager.service.template.bean.TemplateInfoVO;
import com.xdja.pki.ca.certmanager.service.util.ExtensionUtil;
import com.xdja.pki.ca.certmanager.service.util.TemplateParamsUtil;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.ca.util.gm.cert.RsaAlgUtils;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.enums.TemplateStatusEnum;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.core.util.time.IssueTimeUtil;
import com.xdja.pki.ca.hsm.manager.HsmManager;
import com.xdja.pki.ca.securitymanager.dao.CertSnDao;
import com.xdja.pki.ca.securitymanager.service.init.InitService;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.ca.securitymanager.service.vo.IssueCaBaseInfo;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.cmp.ErrorMsgContent;
import org.bouncycastle.asn1.crmf.CertTemplate;
import org.bouncycastle.asn1.x500.X500Name;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/xdja/pki/ca/certmanager/service/racert/OpenApiCMPManagerServiceImpl.class */
public class OpenApiCMPManagerServiceImpl implements OpenApiCMPManagerService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private TemplateService templateService;

    @Autowired
    private RaManagerCertService raManagerCertService;

    @Autowired
    private HsmManager hsmService;

    @Autowired
    private CrlTemplateService crlTemplateService;

    @Autowired
    private CertSnDao certSnDao;

    @Autowired
    private TaskDataService taskDataService;

    @Autowired
    private InitService initService;

    @Autowired
    private RaTemplateDao raTemplateDao;

    public Result doIssueManagerCert(PublicKey publicKey, PublicKey publicKey2, X500Name x500Name, String str, String str2, CertTemplate certTemplate, Long l, String str3) {
        try {
            this.logger.info("收到CMP管理员证书签发请求：reqId=" + str3 + ",dn=" + x500Name.toString() + ",tempNo=" + str + ",tempParas=" + str2);
            TemplateInfoVO innerTemplateByCode = this.templateService.getInnerTemplateByCode(str);
            innerTemplateByCode.getExtensions();
            CaInfoVO caInfo = this.initService.getCaInfo(Integer.valueOf(Constants.ADMIN_CA_ID.intValue()));
            Result checkIssueCertParams = checkIssueCertParams(innerTemplateByCode, publicKey, caInfo, l, str2, x500Name);
            if (!checkIssueCertParams.isSuccess()) {
                return checkIssueCertParams;
            }
            new Date();
            Date date = certTemplate.getValidity().getNotBefore().getDate();
            Date userIssueAfterTime = IssueTimeUtil.getUserIssueAfterTime(certTemplate.getValidity().getNotAfter().getDate(), innerTemplateByCode.getMaxValidity(), caInfo.getCaCert().getNotAfter(), date);
            BigInteger maxSn = this.certSnDao.getMaxSn(date);
            X509Certificate genX509Certificate = this.hsmService.genX509Certificate(x500Name.toString(), maxSn, date, userIssueAfterTime, caInfo, (IssueCaBaseInfo) null, publicKey, ExtensionUtil.changeExtensionFormat(innerTemplateByCode.getExtensions(), (Map) null, publicKey, x500Name.toString(), this.crlTemplateService.getDirAndOcspUrl(maxSn, x500Name.toString(), caInfo, (IssueCaBaseInfo) null, 6, (Long) null, (Long) null, (Boolean) null), true), innerTemplateByCode.getSignAlg());
            BigInteger maxSn2 = this.certSnDao.getMaxSn(date);
            X509Certificate genX509Certificate2 = this.hsmService.genX509Certificate(x500Name.toString(), maxSn2, date, userIssueAfterTime, caInfo, (IssueCaBaseInfo) null, publicKey2, ExtensionUtil.changeExtensionFormat(innerTemplateByCode.getExtensions(), (Map) null, publicKey2, x500Name.toString(), this.crlTemplateService.getDirAndOcspUrl(maxSn2, x500Name.toString(), caInfo, (IssueCaBaseInfo) null, 6, (Long) null, (Long) null, (Boolean) null), false), innerTemplateByCode.getSignAlg());
            saveRaAdminCert(caInfo.getCertId(), genX509Certificate, genX509Certificate2, l, innerTemplateByCode);
            Constants.CMP_REQ_INFO.put(str3, new CMPReqCacheVO(maxSn.toString(16), maxSn2.toString(16), innerTemplateByCode.getKeyAlg(), false));
            this.logger.debug("cmp请求id信息写入缓存成功，reqId=" + str3 + ",signSn=" + maxSn.toString(16) + ",encSn=" + maxSn2.toString(16));
            this.logger.info("CMP管理员证书签发成功，reqId=" + str3 + ",signCert=" + CertUtil.writeObject(genX509Certificate) + ",encCert=" + CertUtil.writeObject(genX509Certificate2));
            return Result.success(new RACertResponseVO(genX509Certificate, genX509Certificate2, innerTemplateByCode.getKeyAlg()));
        } catch (Exception e) {
            this.logger.error("CMP管理员证书签发失败：reqId=" + str3 + ",dn=" + x500Name.toString() + ",tempNo=" + str + ",tempParas=" + str2, e);
            throw new ServiceException("CMP签发管理员证书失败", e);
        }
    }

    private Result checkIssueCertParams(TemplateInfoVO templateInfoVO, PublicKey publicKey, CaInfoVO caInfoVO, Long l, String str, X500Name x500Name) {
        if (null == templateInfoVO) {
            this.logger.debug("cmp签发管理员证书失败：未查询到模板信息[{}]", x500Name.toString());
            return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
        }
        if (TemplateStatusEnum.NORMAL.getValue() != templateInfoVO.getStatus().intValue()) {
            this.logger.info("查询模板信息结果：模板状态不正常，模板状态为[{}]", templateInfoVO.getStatus());
            return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
        }
        RaDO raDoById = this.raTemplateDao.getRaDoById(l);
        if (null == raDoById) {
            this.logger.info("CMP签发双证书失败, RA信息为空");
            return Result.failure(ErrorEnum.RA_INFO_NOT_EXIST);
        }
        if (!x500Name.toString().toLowerCase().endsWith(raDoById.getBaseDn().toLowerCase())) {
            this.logger.info("CMP签发双证书失败: 用户的baseDN[{}]和RA的BaseDn[{}]不一致", x500Name.toString(), raDoById.getBaseDn());
            return Result.failure(ErrorEnum.USER_DN_NOT_SAME_RA_BASEDN);
        }
        if (!TemplateParamsUtil.validity(templateInfoVO, str).isSuccess()) {
            this.logger.info("CMP签发管理员证书失败：缺少模板需要参数");
            return Result.failure(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
        }
        if (null == caInfoVO || StringUtils.isBlank(caInfoVO.getBaseDn()) || null == caInfoVO.getCaCert()) {
            this.logger.debug("cmp签发管理员证书失败：未查到CA基本信息[{}]", x500Name.toString());
            return Result.failure(ErrorEnum.CA_BASEINFO_GET_FAIL);
        }
        if (x500Name.toString().toLowerCase().endsWith(caInfoVO.getBaseDn().toLowerCase())) {
            return RsaAlgUtils.checkPublicParams(publicKey, templateInfoVO.getKeyAlg(), templateInfoVO.getKeySize());
        }
        this.logger.debug("cmp签发管理员证书失败：DN中的baseDn不正确[{}]", x500Name.toString());
        return Result.failure(ErrorEnum.BASEDN_ERROR);
    }

    private void saveRaAdminCert(Long l, X509Certificate x509Certificate, X509Certificate x509Certificate2, Long l2, TemplateInfoVO templateInfoVO) throws Exception {
        IssueRaCertVO issueRaCertVO = new IssueRaCertVO();
        issueRaCertVO.setCertType(Integer.valueOf(RARoleEnum.BUSINESS_OPERATER.getValue()));
        issueRaCertVO.setId(l2);
        this.raManagerCertService.saveRaAdminCert(l, x509Certificate, x509Certificate2, issueRaCertVO, templateInfoVO);
    }

    public Result doUpdateManagerCert(String str, Integer num, CertTemplate certTemplate, PublicKey publicKey, PublicKey publicKey2, X500Name x500Name, Long l, String str2) {
        try {
            Result doUpdateRaManagerCert = this.raManagerCertService.doUpdateRaManagerCert(buildIssueRaCertData(l, x500Name, publicKey, publicKey2, str), certTemplate, l);
            if (doUpdateRaManagerCert.isSuccess()) {
                Map map = (Map) doUpdateRaManagerCert.getInfo();
                String obj = map.get("signSn").toString();
                String obj2 = map.get("encSn").toString();
                Constants.CMP_REQ_INFO.put(str2, new CMPReqCacheVO(obj, obj2, num, false));
                this.logger.debug("cmp请求id信息写入缓存成功，reqId=" + str2 + ",signSn=" + obj + ",encSn=" + obj2);
                this.logger.info("CMP管理员证书更新成功，reqId=");
            }
            return doUpdateRaManagerCert;
        } catch (Exception e) {
            this.logger.error("CMP更新RA管理员证书异常", e);
            throw new ServiceException("CMP管理员证书更新异常", e);
        }
    }

    private IssueRaCertVO buildIssueRaCertData(Long l, X500Name x500Name, PublicKey publicKey, PublicKey publicKey2, String str) {
        IssueRaCertVO issueRaCertVO = new IssueRaCertVO();
        issueRaCertVO.setId(l);
        issueRaCertVO.setCertType(Integer.valueOf(RARoleEnum.BUSINESS_OPERATER.getValue()));
        issueRaCertVO.setCertDn(x500Name.toString());
        issueRaCertVO.setDnUpdate(true);
        if (null != publicKey) {
            issueRaCertVO.setKeyUpdate(true);
            issueRaCertVO.setSignPublicKey(publicKey);
            issueRaCertVO.setEncPublicKey(publicKey2);
        }
        issueRaCertVO.setSn(str);
        return issueRaCertVO;
    }

    public Result doAckManagerCertStatus(String str) {
        this.logger.info("CMP收到证书状态确认消息处理请求，tranID=" + str);
        try {
            CMPReqCacheVO cMPReqCacheVO = (CMPReqCacheVO) Constants.CMP_REQ_INFO.get(str);
            return null != cMPReqCacheVO ? this.raManagerCertService.doVerifyPriCertStatus(cMPReqCacheVO.getSignSn(), cMPReqCacheVO.getEncSn()) : Result.failure(ErrorEnum.ADMIN_CERT_ACK_ERROR);
        } catch (Exception e) {
            this.logger.debug("确认cmp证书写卡状态失败", e);
            throw new ServiceException("确认cmp证书写卡状态失败异", e);
        }
    }

    public Result doErrAckManagerCertStatus(String str, ErrorMsgContent errorMsgContent) {
        try {
            CMPReqCacheVO cMPReqCacheVO = (CMPReqCacheVO) Constants.CMP_REQ_INFO.get(str);
            if (null != cMPReqCacheVO) {
                this.logger.error("CMP协议返回异常确认消息[{}]", "[ErrorMsgContent:errorCode=" + errorMsgContent.getErrorCode() + ",errorMsg=" + errorMsgContent.getErrorDetails().getStringAt(0).toString());
                RevokeCertVO revokeCertVO = new RevokeCertVO();
                revokeCertVO.setSn(cMPReqCacheVO.getSignSn());
                revokeCertVO.setAlg(cMPReqCacheVO.getKeyAlg());
                revokeCertVO.setRevokeReason(0);
                revokeCertVO.setRevokeNote("证书写卡失败");
                if (this.raManagerCertService.deleteNotAckManagerCert(revokeCertVO).isSuccess()) {
                    Constants.CMP_REQ_INFO.remove(str);
                    return Result.success();
                }
            }
            return Result.failure(ErrorEnum.ADMIN_CERT_ACK_ERROR);
        } catch (Exception e) {
            this.logger.error("确认cmp证书写卡状态失败", e);
            throw new ServiceException("确认cmp证书写卡状态失败异常", e);
        }
    }

    public Result doRevokeManagerCert(String str, Integer num, int i, String str2) {
        try {
            return this.raManagerCertService.doRevokeManageDoubleCert(str, num, i, str2);
        } catch (Exception e) {
            this.logger.error("cmp撤销RA管理员证书失败", e);
            throw new ServiceException("cmp撤销RA管理员证书异常", e);
        }
    }
}
