package com.xdja.pki.ca.certmanager.service.subca;

import com.xdja.pki.ca.certmanager.dao.SubCaCertDao;
import com.xdja.pki.ca.certmanager.dao.SubCaManageDao;
import com.xdja.pki.ca.certmanager.dao.models.SubCaCertDO;
import com.xdja.pki.ca.certmanager.dao.models.SubCaDO;
import com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService;
import com.xdja.pki.ca.certmanager.service.ra.bean.UniqueReq;
import com.xdja.pki.ca.certmanager.service.subca.bean.InnerTemplateVO;
import com.xdja.pki.ca.certmanager.service.subca.bean.IssueSubCaCertVO;
import com.xdja.pki.ca.certmanager.service.subca.bean.SubCaCertQueryVO;
import com.xdja.pki.ca.certmanager.service.subca.bean.SubCaCertTypeEnum;
import com.xdja.pki.ca.certmanager.service.subca.bean.SubCaCertVO;
import com.xdja.pki.ca.certmanager.service.subca.bean.SubCaInfoVO;
import com.xdja.pki.ca.certmanager.service.subca.bean.SubCaManageQueryVO;
import com.xdja.pki.ca.certmanager.service.task.TaskDataService;
import com.xdja.pki.ca.certmanager.service.template.TemplateService;
import com.xdja.pki.ca.certmanager.service.template.bean.TemplateInfoVO;
import com.xdja.pki.ca.certmanager.service.userca.UserCaService;
import com.xdja.pki.ca.certmanager.service.util.DicDataConverUtil;
import com.xdja.pki.ca.certmanager.service.util.ExtensionUtil;
import com.xdja.pki.ca.certmanager.service.util.TemplateParamsUtil;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.PageInfo;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.enums.KeyAlgEnum;
import com.xdja.pki.ca.core.enums.SignAlgTypeEnum;
import com.xdja.pki.ca.core.enums.TemplateStatusEnum;
import com.xdja.pki.ca.core.exception.DAOException;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.core.util.DnUtil;
import com.xdja.pki.ca.core.util.time.DateTimeUtil;
import com.xdja.pki.ca.core.util.time.IssueTimeUtil;
import com.xdja.pki.ca.core.util.verify.ParmsCommonVerifyUtil;
import com.xdja.pki.ca.core.vo.CaInfoVO;
import com.xdja.pki.ca.core.vo.IssueCaBaseInfo;
import com.xdja.pki.ca.hsm.manager.HsmManager;
import com.xdja.pki.ca.securitymanager.dao.CertSnDao;
import com.xdja.pki.ca.securitymanager.dao.dto.UserCaBaseDTO;
import com.xdja.pki.ca.securitymanager.service.vo.ExtensionVO;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import org.bouncycastle.asn1.x500.X500Name;
import org.nutz.dao.pager.Pager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/xdja/pki/ca/certmanager/service/subca/SubCaManageServiceImpl.class */
public class SubCaManageServiceImpl implements ISubCaManageService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Resource
    private SubCaManageDao subCaManageDao;

    @Autowired
    private TemplateService templateService;

    @Autowired
    private DicDataConverUtil dicDataConverUtil;

    @Autowired
    private CrlTemplateService crlTemplateService;

    @Autowired
    private TaskDataService taskDataService;

    @Autowired
    private CertSnDao certSnDao;

    @Autowired
    private HsmManager hsmService;

    @Autowired
    private SubCaCertDao subCaCertDao;

    @Autowired
    private UserCaService userCaService;

    public Result getSubCaManageList(SubCaManageQueryVO subCaManageQueryVO) {
        Pager pager = new Pager(subCaManageQueryVO.getPageNo(), subCaManageQueryVO.getPageSize());
        HashMap hashMap = new HashMap();
        hashMap.put("name", subCaManageQueryVO.getName());
        try {
            PageInfo subCaManageList = this.subCaManageDao.getSubCaManageList(hashMap, pager);
            Collection<SubCaDO> datas = subCaManageList.getDatas();
            if (!datas.isEmpty()) {
                ArrayList arrayList = new ArrayList();
                for (SubCaDO subCaDO : datas) {
                    SubCaInfoVO subCaInfoVO = new SubCaInfoVO();
                    subCaInfoVO.setId(subCaDO.getId());
                    subCaInfoVO.setName(subCaDO.getName());
                    subCaInfoVO.setOrgName(subCaDO.getOrganizationName());
                    subCaInfoVO.setContacts(subCaDO.getLinkMain());
                    subCaInfoVO.setEmail(subCaDO.getEmail());
                    subCaInfoVO.setMobile(subCaDO.getMobile());
                    subCaInfoVO.setRegisterTime(DateTimeUtil.dateToWebStr(subCaDO.getGmtCreate()));
                    arrayList.add(subCaInfoVO);
                }
                subCaManageList.setDatas(arrayList);
            }
            return Result.success(subCaManageList);
        } catch (DAOException e) {
            this.logger.error("查询CA管理员证书列表异常");
            throw new ServiceException("查询CA管理员证书列表异常，", e);
        }
    }

    public Result saveSubCaInfo(SubCaInfoVO subCaInfoVO) {
        if (subCaParamVerify(subCaInfoVO) && this.subCaManageDao.getCaNameUnique(subCaInfoVO.getName(), (Integer) null) == 0) {
            SubCaDO subCaDO = new SubCaDO();
            BeanUtils.copyProperties(subCaInfoVO, subCaDO);
            subCaDO.setLinkMain(subCaInfoVO.getContacts());
            subCaDO.setOrganizationName(subCaInfoVO.getOrgName());
            subCaDO.setGmtCreate(new Date(System.currentTimeMillis()));
            subCaDO.setCaId(0L);
            try {
                this.subCaManageDao.saveSubCa(subCaDO);
                return Result.success();
            } catch (DAOException e) {
                throw new ServiceException("保存下级CA机构信息异常，", e);
            }
        }
        return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
    }

    public Result updateSubCaInfo(SubCaInfoVO subCaInfoVO) {
        if (subCaParamVerify(subCaInfoVO) && this.subCaManageDao.getCaNameUnique(subCaInfoVO.getName(), Integer.valueOf(Math.toIntExact(subCaInfoVO.getId().longValue()))) == 0) {
            SubCaDO subCaDO = new SubCaDO();
            BeanUtils.copyProperties(subCaInfoVO, subCaDO);
            subCaDO.setLinkMain(subCaInfoVO.getContacts());
            subCaDO.setOrganizationName(subCaInfoVO.getOrgName());
            subCaDO.setGmtModified(new Date(System.currentTimeMillis()));
            try {
                this.subCaManageDao.updateSubCa(subCaDO);
                return Result.success();
            } catch (DAOException e) {
                throw new ServiceException("保存下级CA机构信息异常，", e);
            }
        }
        return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
    }

    public Result getSubCaInfo(Long l) {
        try {
            SubCaDO subCa = this.subCaManageDao.getSubCa(l.longValue());
            if (subCa == null) {
                return Result.failure(ErrorEnum.SUBCA_INFO_NOT_EXIST);
            }
            SubCaInfoVO subCaInfoVO = new SubCaInfoVO();
            BeanUtils.copyProperties(subCa, subCaInfoVO);
            subCaInfoVO.setContacts(subCa.getLinkMain());
            subCaInfoVO.setOrgName(subCa.getOrganizationName());
            subCaInfoVO.setRegisterTime(DateTimeUtil.dateToWebStr(subCa.getGmtCreate()));
            return Result.success(subCaInfoVO);
        } catch (DAOException e) {
            throw new ServiceException("查询下级CA详情服务失败,", e);
        }
    }

    private boolean subCaParamVerify(SubCaInfoVO subCaInfoVO) {
        String mobile = subCaInfoVO.getMobile();
        String email = subCaInfoVO.getEmail();
        if (!ParmsCommonVerifyUtil.isMobile(mobile)) {
            this.logger.error("电话格式错误！mobile=【{}】", mobile);
            return false;
        }
        if (ParmsCommonVerifyUtil.isEmail(email)) {
            return true;
        }
        this.logger.error("邮箱格式错误！email=【{}】", email);
        return false;
    }

    public Result getTemplateInfo(String str) {
        try {
            TemplateInfoVO templateInfoVO = (TemplateInfoVO) this.templateService.getTemplatesByCodes(new String[]{str}).get(str);
            if (null == templateInfoVO) {
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            InnerTemplateVO innerTemplateVO = new InnerTemplateVO();
            BeanUtils.copyProperties(templateInfoVO, innerTemplateVO);
            innerTemplateVO.setKeyAlgStr(templateInfoVO.getKeyAlg().intValue() == KeyAlgEnum.RSA.getValue() ? KeyAlgEnum.RSA.name() : KeyAlgEnum.SM2.name());
            innerTemplateVO.setSignAlgStr(SignAlgTypeEnum.getViewAlgName(Integer.valueOf(innerTemplateVO.getSignAlg()).intValue()));
            IssueCaBaseInfo issueCaBaseInfo = (IssueCaBaseInfo) Constants.CA_INFO.get(templateInfoVO.getCaId());
            if (null == issueCaBaseInfo) {
                Result issueUserCaBaseInfoByCaId = this.userCaService.getIssueUserCaBaseInfoByCaId(templateInfoVO.getCaId());
                if (!issueUserCaBaseInfoByCaId.isSuccess()) {
                    return issueUserCaBaseInfoByCaId;
                }
                issueCaBaseInfo = (IssueCaBaseInfo) issueUserCaBaseInfoByCaId.getInfo();
                Constants.CA_INFO.put(templateInfoVO.getCaId(), issueCaBaseInfo);
            }
            if (null == issueCaBaseInfo.getCert()) {
                innerTemplateVO.setMaxValidity(templateInfoVO.getMaxValidity());
            } else {
                innerTemplateVO.setMaxValidity(IssueTimeUtil.getMaxIssueTime(templateInfoVO.getMaxValidity(), issueCaBaseInfo.getCert().getNotAfter()));
            }
            innerTemplateVO.setIssueCertDn(issueCaBaseInfo.getIssue());
            List<ExtensionVO> extensions = templateInfoVO.getExtensions();
            ArrayList arrayList = new ArrayList();
            if (null != extensions && !extensions.isEmpty()) {
                for (ExtensionVO extensionVO : extensions) {
                    HashMap hashMap = new HashMap();
                    if (extensionVO.getIsInput().intValue() == 1) {
                        hashMap.put("attrName", extensionVO.getName());
                        hashMap.put("attrOid", extensionVO.getExtnId());
                        hashMap.put("attrType", extensionVO.getValue() == null ? "" : extensionVO.getValue());
                        hashMap.put("attrValue", "");
                    }
                    if (!hashMap.isEmpty()) {
                        arrayList.add(hashMap);
                    }
                }
            }
            innerTemplateVO.setTemParas(arrayList);
            return Result.success(innerTemplateVO);
        } catch (ServiceException e) {
            this.logger.error("查询模板信息异常");
            throw e;
        }
    }

    public Result doIssueSubCaCert(IssueSubCaCertVO issueSubCaCertVO) {
        String tempCode = issueSubCaCertVO.getTempCode();
        try {
            TemplateInfoVO templateInfoVO = (TemplateInfoVO) this.templateService.getTemplatesByCodes(new String[]{tempCode}).get(tempCode);
            if (null == templateInfoVO) {
                this.logger.error("签发下级CA证书失败，模板不存在");
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            if (TemplateStatusEnum.NORMAL.getValue() != templateInfoVO.getStatus().intValue()) {
                this.logger.error("查询模板信息结果：模板状态不正常，模板状态为[{}]", templateInfoVO.getStatus());
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            Result validity = TemplateParamsUtil.validity(templateInfoVO, issueSubCaCertVO.getTempParas());
            if (!validity.isSuccess()) {
                this.logger.error("签发下级CA证书失败：缺少模板需要参数");
                return Result.failure(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
            }
            IssueCaBaseInfo issueCaBaseInfo = (IssueCaBaseInfo) Constants.CA_INFO.get(templateInfoVO.getCaId());
            if (null == issueCaBaseInfo) {
                Result issueUserCaBaseInfoByCaId = this.userCaService.getIssueUserCaBaseInfoByCaId(templateInfoVO.getCaId());
                if (!issueUserCaBaseInfoByCaId.isSuccess()) {
                    return issueUserCaBaseInfoByCaId;
                }
                issueCaBaseInfo = (IssueCaBaseInfo) issueUserCaBaseInfoByCaId.getInfo();
                Constants.CA_INFO.put(templateInfoVO.getCaId(), issueCaBaseInfo);
            }
            if (issueCaBaseInfo.getCert().getNotAfter().before(new Date())) {
                this.logger.debug("签发下级CA证书失败：CA根证书已过期[{}]", issueSubCaCertVO);
                return Result.failure(ErrorEnum.CA_ROOT_CERT_EXPIRED);
            }
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.ADMIN_CA_ID);
            if (null == caInfoVO || null == caInfoVO.getCert()) {
                this.logger.debug("签发下级CA证书失败：未查到CA基本信息[{}]", caInfoVO);
                return Result.failure(ErrorEnum.CA_BASEINFO_GET_FAIL);
            }
            X509Certificate cert = issueCaBaseInfo.getCert();
            if (cert.getBasicConstraints() <= 0) {
                this.logger.debug("本CA无权签发下级CA");
                return Result.failure(ErrorEnum.NOPERMISSION_SIGN_SUBCA);
            }
            try {
                X500Name rFC4519X500Name = DnUtil.getRFC4519X500Name(issueSubCaCertVO.getCertDn());
                this.logger.debug("收到子CA证书请求：" + rFC4519X500Name.toString());
                issueSubCaCertVO.setCertDn(rFC4519X500Name.toString());
                PublicKey publicKeyFromP10 = CertUtil.getPublicKeyFromP10(issueSubCaCertVO.getP10());
                if (null == publicKeyFromP10) {
                    this.logger.error("签发下级CA证书失败：p10格式不正确[{}]", issueSubCaCertVO);
                    return Result.failure(ErrorEnum.P10_FORMAT_ERROR);
                }
                int keyAlgFromP10 = CertUtil.getKeyAlgFromP10(issueSubCaCertVO.getP10());
                if (keyAlgFromP10 != templateInfoVO.getKeyAlg().intValue()) {
                    this.logger.error("p10和模板算法类型不匹配");
                    return Result.failure(ErrorEnum.TEMPLATE_P10_KEY_ALG_IS_NOT_MATCH);
                }
                if (keyAlgFromP10 == KeyAlgEnum.RSA.getValue() && ((RSAPublicKey) publicKeyFromP10).getModulus().bitLength() != templateInfoVO.getKeySize().intValue()) {
                    this.logger.error("p10和模板算法长度不匹配");
                    return Result.failure(ErrorEnum.TEMPLATE_P10_KEY_LENGTH_IS_NOT_MATCH);
                }
                try {
                    Date date = new Date();
                    Date correctTime = IssueTimeUtil.getCorrectTime(issueSubCaCertVO.getValidity(), templateInfoVO.getMaxValidity(), cert.getNotAfter(), date);
                    BigInteger maxSn = this.certSnDao.getMaxSn(date);
                    X509Certificate genX509Certificate = this.hsmService.genX509Certificate(issueSubCaCertVO.getCertDn(), maxSn, date, correctTime, caInfoVO, issueCaBaseInfo, publicKeyFromP10, ExtensionUtil.changeExtensionFormat(templateInfoVO.getExtensions(), (Map) validity.getInfo(), publicKeyFromP10, issueSubCaCertVO.getCertDn(), this.crlTemplateService.getDirAndOcspUrl(maxSn, issueSubCaCertVO.getCertDn(), caInfoVO, issueCaBaseInfo, 2, templateInfoVO.getId(), templateInfoVO.getCrlTempId(), templateInfoVO.getOpenCrl()), true), templateInfoVO.getSignAlg());
                    try {
                        this.taskDataService.savePublishCert(saveSubCaCert(issueCaBaseInfo.getId(), genX509Certificate, issueSubCaCertVO, templateInfoVO).getId(), (Long) null, 6, templateInfoVO.getIssueCertType());
                        this.logger.info("签发下级CA证书成功：dn= " + issueSubCaCertVO.getCertDn() + ",signCert=" + CertUtil.writeObject(genX509Certificate));
                        HashMap hashMap = new HashMap();
                        hashMap.put("certName", "SubCA_" + DateTimeUtil.dateToZipStr(date) + ".p7b");
                        hashMap.put("sn", maxSn.toString(16));
                        hashMap.put("keyAlg", templateInfoVO.getKeyAlg());
                        return Result.success(hashMap, maxSn.toString(16));
                    } catch (DAOException e) {
                        throw new ServiceException("保存下级CA证书信息失败，", e);
                    }
                } catch (Exception e2) {
                    throw new ServiceException("签发下级CA证书失败", e2);
                }
            } catch (Exception e3) {
                this.logger.debug("签发下级CA证书失败：DN不符合X500规范[{}]", issueSubCaCertVO);
                return Result.failure(ErrorEnum.DN_FORMAT_FAIL);
            }
        } catch (ServiceException e4) {
            this.logger.error("查询模板信息异常");
            throw e4;
        }
    }

    private SubCaCertDO saveSubCaCert(Long l, X509Certificate x509Certificate, IssueSubCaCertVO issueSubCaCertVO, TemplateInfoVO templateInfoVO) throws Exception {
        SubCaCertDO subCaCertDO = new SubCaCertDO();
        subCaCertDO.setCaCertId(l);
        subCaCertDO.setSubCaId(issueSubCaCertVO.getId());
        subCaCertDO.setSn(x509Certificate.getSerialNumber().toString(16));
        subCaCertDO.setIssuer(CertUtil.getIssuerByX509Cert(x509Certificate));
        subCaCertDO.setSubject(CertUtil.getSubjectByX509Cert(x509Certificate));
        subCaCertDO.setPrivateKeySize(templateInfoVO.getKeySize());
        subCaCertDO.setPublicKeyAlg(templateInfoVO.getKeyAlg());
        subCaCertDO.setBeforeTime(x509Certificate.getNotBefore());
        subCaCertDO.setAfterTime(x509Certificate.getNotAfter());
        subCaCertDO.setSignAlg(templateInfoVO.getSignAlg());
        subCaCertDO.setStatus(1);
        subCaCertDO.setTemplateId(templateInfoVO.getId());
        subCaCertDO.setGmtCreate(x509Certificate.getNotBefore());
        subCaCertDO.setData(CertUtil.writeObject(x509Certificate));
        return this.subCaCertDao.save(subCaCertDO);
    }

    public Result getSubCaCertList(SubCaCertQueryVO subCaCertQueryVO) {
        Pager pager = new Pager(subCaCertQueryVO.getPageNo(), subCaCertQueryVO.getPageSize());
        HashMap hashMap = new HashMap();
        hashMap.put("certDn", subCaCertQueryVO.getCertDn());
        Integer status = subCaCertQueryVO.getStatus();
        if (3 == status.intValue()) {
            status = Integer.valueOf(SubCaCertTypeEnum.SUBCACERT_STATUS_REVOKED.getValue());
        }
        hashMap.put("status", status);
        hashMap.put("caId", subCaCertQueryVO.getCaId());
        try {
            PageInfo subCaCertList = this.subCaCertDao.getSubCaCertList(hashMap, pager);
            Collection<SubCaCertDO> datas = subCaCertList.getDatas();
            if (!datas.isEmpty()) {
                ArrayList arrayList = new ArrayList();
                for (SubCaCertDO subCaCertDO : datas) {
                    SubCaCertVO subCaCertVO = new SubCaCertVO();
                    handleSubCaCertDO(subCaCertDO);
                    Integer status2 = subCaCertDO.getStatus();
                    subCaCertVO.setStatus(status2);
                    subCaCertVO.setStatusStr(this.dicDataConverUtil.ConverStatusToStr(status2));
                    SubCaDO subCa = this.subCaManageDao.getSubCa(subCaCertDO.getSubCaId().longValue());
                    subCaCertVO.setName(subCa.getName());
                    subCaCertVO.setCaId(subCa.getCaId());
                    subCaCertVO.setUserCA(((UserCaBaseDTO) this.userCaService.getUserCaBaseInfoByCaCertId(subCaCertDO.getCaCertId()).getInfo()).getUserCaName());
                    subCaCertVO.setCertDn(subCaCertDO.getSubject());
                    subCaCertVO.setSn(subCaCertDO.getSn());
                    subCaCertVO.setNotBeforeTime(DateTimeUtil.dateToWebStr(subCaCertDO.getBeforeTime()));
                    subCaCertVO.setNotAfterTime(DateTimeUtil.dateToWebStr(subCaCertDO.getAfterTime()));
                    arrayList.add(subCaCertVO);
                }
                subCaCertList.setDatas(arrayList);
            }
            return Result.success(subCaCertList);
        } catch (DAOException e) {
            this.logger.error("查询下级CA证书列表异常");
            throw new ServiceException("查询下级CA证书列表异常，", e);
        }
    }

    public Result verifyCaName(String str, Integer num) {
        try {
            int caNameUnique = this.subCaManageDao.getCaNameUnique(str, num);
            UniqueReq uniqueReq = new UniqueReq();
            if (caNameUnique == 0) {
                uniqueReq.setUnique(true);
            }
            return Result.success(uniqueReq);
        } catch (DAOException e) {
            this.logger.error("校验caName唯一性失败");
            throw new ServiceException("校验caName唯一性失败,", e);
        }
    }

    private void handleSubCaCertDO(SubCaCertDO subCaCertDO) {
        if (subCaCertDO.getAfterTime().before(new Date())) {
            subCaCertDO.setStatus(4);
        }
    }
}
