package com.xdja.pki.ca.certmanager.service.task;

import com.xdja.pki.ca.certmanager.dao.CertDataDao;
import com.xdja.pki.ca.certmanager.dao.CrossCertDao;
import com.xdja.pki.ca.certmanager.dao.PublishCertSyncDao;
import com.xdja.pki.ca.certmanager.dao.SubCaCertDao;
import com.xdja.pki.ca.certmanager.dao.TemplateDao;
import com.xdja.pki.ca.certmanager.dao.models.TemplateDO;
import com.xdja.pki.ca.certmanager.service.util.LdapCASDKUtil;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.configBasic.bean.DirServerConfigBean;
import com.xdja.pki.ca.core.util.FileUtils;
import com.xdja.pki.ca.core.util.json.JsonUtils;
import com.xdja.pki.ca.core.vo.CaInfoVO;
import com.xdja.pki.ca.manager.core.configfile.ConfigFileService;
import com.xdja.pki.ca.securitymanager.dao.CaCertDao;
import com.xdja.pki.ca.securitymanager.dao.CaDao;
import com.xdja.pki.ca.securitymanager.dao.model.CaCertDO;
import com.xdja.pki.ca.securitymanager.dao.model.CaDO;
import com.xdja.pki.core.utils.DateUtils;
import com.xdja.pki.ldap.sdk.ca.LDAPCASDK;
import com.xdja.pki.ldap.sdk.ca.LDAPResponse;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/xdja/pki/ca/certmanager/service/task/CertPublishServiceImpl.class */
public class CertPublishServiceImpl implements ICertPublishService {
    private Logger logger = LoggerFactory.getLogger(getClass());
    public static final String DIGESTALGORITHMNAME = "SM3";
    public static final String PUBLISH_CERT_TYPE_CERT = "cert_id";
    public static final String PUBLISH_CERT_TYPE_MANAGECERT = "manage_cert_id";
    public static final String PUBLISH_CERT_TYPE_SUBCACERT = "sub_ca_id";
    public static final String PUBLISH_CERT_TYPE_CACERT = "ca_cert_id";
    public static final String PUBLISH_CERT_TYPE_CROSSCERT = "cross_cert_id";
    public static final String PUBLISH_CERT_TYPE_OUTERCROSSCERT = "outer_cross_cert_id";

    @Resource
    private PublishCertSyncDao publishCertSyncDao;

    @Resource
    private CertDataDao certDataDao;

    @Resource
    private CrossCertDao crossCertDao;

    @Resource
    private SubCaCertDao subCaCertDao;

    @Resource
    private CaCertDao caCertDao;

    @Resource
    private CaDao caDao;

    @Autowired
    private LdapCASDKUtil ldapCASDKUtil;

    @Autowired
    private ConfigFileService configFileService;

    @Autowired
    TemplateDao templateDao;

    @Value("${ldapsdk.response.overtime}")
    public int ldapsdkOutTime;

    public void publishCertSync() {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("证书发布线程=========线程名:{} 当前时间:{}", Thread.currentThread().getName(), DateUtils.getCurrDate());
        }
        if (!this.configFileService.verifySystemInitIsOK()) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("====CA暂无初始化！");
                return;
            }
            return;
        }
        CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.ADMIN_CA_ID);
        if (null == caInfoVO || !caInfoVO.isOpenDir()) {
            this.logger.debug("===CA系统未启用LDAP服务！");
            return;
        }
        Map queryPublishCertForList = this.publishCertSyncDao.queryPublishCertForList();
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("===============获取待发布各种证书==============[{}]", JsonUtils.object2Json(queryPublishCertForList));
        }
        if (queryPublishCertForList == null || queryPublishCertForList.isEmpty()) {
            return;
        }
        List<Long> publishCertIds = getPublishCertIds(queryPublishCertForList.get("certId"));
        List<Long> publishCertIds2 = getPublishCertIds(queryPublishCertForList.get("caCertId"));
        List<Long> publishCertIds3 = getPublishCertIds(queryPublishCertForList.get("crossCertId"));
        List<Long> publishCertIds4 = getPublishCertIds(queryPublishCertForList.get("subCaCertId"));
        if (CollectionUtils.isNotEmpty(publishCertIds2)) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("待发布[CA证书] ===============个数:[{}]", Integer.valueOf(publishCertIds2.size()));
            }
            try {
                ArrayList arrayList = new ArrayList();
                for (Long l : publishCertIds2) {
                    CaCertDO caCertById = this.caCertDao.getCaCertById(l.longValue());
                    X509Certificate certFromStr = null != caCertById.getCert() ? CertUtil.getCertFromStr(caCertById.getCert()) : null;
                    ArrayList arrayList2 = new ArrayList();
                    arrayList2.add(certFromStr);
                    TemplateDO templateById = this.templateDao.getTemplateById(caCertById.getTemplateId());
                    if (null != templateById) {
                        DirServerConfigBean dirServerConfigBean = caInfoVO.getDirServerConfigBean();
                        if ((!StringUtils.isAnyBlank(new CharSequence[]{dirServerConfigBean.getSlaveURL(), dirServerConfigBean.getMasterURL()}) && 1 == templateById.getIssueCertType().intValue()) || (!StringUtils.isAnyBlank(new CharSequence[]{dirServerConfigBean.getLocalURL(), dirServerConfigBean.getExtranetHttpURL()}) && 2 == templateById.getIssueCertType().intValue())) {
                            if (sendCertificates(arrayList2, caCertById, 1, templateById.getIssueCertType().intValue())) {
                                arrayList.add(l);
                            } else {
                                this.logger.error("============== 发布CA证书错误 ==========证书id,[{}]", l);
                            }
                        }
                    } else if (this.logger.isDebugEnabled()) {
                        this.logger.debug("待发布[CA证书]，模板不存在");
                    }
                }
                if (!arrayList.isEmpty()) {
                    this.publishCertSyncDao.deletePublishCertSyncByCertType(PUBLISH_CERT_TYPE_CACERT, arrayList);
                }
            } catch (Exception e) {
                this.logger.error("[CA证书]发布异常", e);
            }
        }
        if (CollectionUtils.isNotEmpty(publishCertIds4)) {
            this.logger.debug("待发布[子CA证书] ===============个数:{}", Integer.valueOf(publishCertIds4.size()));
            try {
                publishByIssueCertType(2, PUBLISH_CERT_TYPE_SUBCACERT, this.subCaCertDao.getSubCaCertData(publishCertIds4), null);
            } catch (Exception e2) {
                this.logger.error("[子CA证书]发布异常", e2);
            }
        }
        if (CollectionUtils.isNotEmpty(publishCertIds3)) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("待发布[交叉证书] ===============个数[{}]", Integer.valueOf(publishCertIds3.size()));
            }
            try {
                publishByIssueCertType(3, PUBLISH_CERT_TYPE_CROSSCERT, this.crossCertDao.getCrossCertData(publishCertIds3), null);
            } catch (Exception e3) {
                this.logger.error("[交叉证书]发布异常", e3);
            }
        }
        if (CollectionUtils.isNotEmpty(publishCertIds)) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("待发布[用户证书] ===============个数:[{}]", Integer.valueOf(publishCertIds.size()));
            }
            try {
                publishByIssueCertType(5, PUBLISH_CERT_TYPE_CERT, this.certDataDao.getUserCertData(publishCertIds), null);
            } catch (Exception e4) {
                this.logger.error("[用户证书]发布异常", e4);
            }
        }
    }

    private void publishByIssueCertType(int i, String str, Map<Long, String> map, CaCertDO caCertDO) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("===========================待发布[证书类型:{}] 开始发布，需要发布的证书个数:{}开始根据发布类型进行分类!", Integer.valueOf(i), Integer.valueOf(map.size()));
        }
        CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.ADMIN_CA_ID);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        ArrayList arrayList4 = new ArrayList();
        ArrayList arrayList5 = new ArrayList();
        ArrayList arrayList6 = new ArrayList();
        ArrayList arrayList7 = new ArrayList();
        if (map.isEmpty()) {
            return;
        }
        for (Long l : map.keySet()) {
            for (Long l2 : this.publishCertSyncDao.getIssueCertTypeByCertId(i, l)) {
                if (1 == l2.longValue()) {
                    arrayList2.add(l);
                    arrayList6.add(CertUtil.getCertFromStr(map.get(l)));
                } else if (2 == l2.longValue()) {
                    arrayList3.add(l);
                    arrayList7.add(CertUtil.getCertFromStr(map.get(l)));
                } else if (0 == l2.longValue()) {
                    arrayList4.add(l);
                } else {
                    arrayList5.add(l);
                }
            }
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("===========================待发布<证书类型:{} 需要发布的总证书个数:{} 按配置发布个数:{}不发布个数:{}", new Object[]{Integer.valueOf(i), Integer.valueOf(map.size()), Integer.valueOf(arrayList5.size()), Integer.valueOf(arrayList4.size())});
        }
        DirServerConfigBean dirServerConfigBean = caInfoVO.getDirServerConfigBean();
        if (CollectionUtils.isNotEmpty(arrayList2) && StringUtils.isNotEmpty(dirServerConfigBean.getMasterURL())) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("=== 待发布<证书类型:{} ladp方式发布个数:{} ===", Integer.valueOf(i), Integer.valueOf(arrayList2.size()));
            }
            if (sendCertificates(arrayList6, caCertDO, i, 1)) {
                arrayList.addAll(arrayList2);
            }
        }
        if (CollectionUtils.isNotEmpty(arrayList3) && StringUtils.isNotEmpty(dirServerConfigBean.getLocalURL())) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("=== 待发布<证书类型:{} http方式发布个数:{} ===", Integer.valueOf(i), Integer.valueOf(arrayList3.size()));
            }
            if (sendCertificates(arrayList7, caCertDO, i, 2)) {
                arrayList.addAll(arrayList3);
            }
        }
        if (arrayList.isEmpty()) {
            return;
        }
        this.publishCertSyncDao.deletePublishCertSyncByCertType(str, arrayList);
    }

    private boolean sendCertificates(List<X509Certificate> list, CaCertDO caCertDO, int i, int i2) {
        DirServerConfigBean dirServerConfigBean = ((CaInfoVO) Constants.CA_INFO.get(Constants.ADMIN_CA_ID)).getDirServerConfigBean();
        if (StringUtils.isAnyBlank(new CharSequence[]{dirServerConfigBean.getSlaveURL(), dirServerConfigBean.getMasterURL()}) || 1 != i2) {
            if (StringUtils.isAnyBlank(new CharSequence[]{dirServerConfigBean.getLocalURL(), dirServerConfigBean.getExtranetHttpURL()}) || 2 != i2) {
                return false;
            }
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("====================系统将证书发布到HTTP服务器上 certType:[{}] issueCertType:[{}] certs.size[{}]", new Object[]{Integer.valueOf(i), Integer.valueOf(i2), Integer.valueOf(list.size())});
            }
            if (1 == i) {
                if (null != caCertDO.getOldWithNewCert()) {
                    list.add(CertUtil.getCertFromStr(caCertDO.getOldWithNewCert()));
                }
                if (null != caCertDO.getNewWithOldCert()) {
                    list.add(CertUtil.getCertFromStr(caCertDO.getNewWithOldCert()));
                }
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("添加CA根证书更新后 certs.size[{}]" + list.size());
                }
            }
            for (X509Certificate x509Certificate : list) {
                try {
                    FileUtils.saveFile(x509Certificate.getEncoded(), dirServerConfigBean.getLocalURL() + "/" + CertUtil.getSubjectByX509Cert(x509Certificate) + "_" + x509Certificate.getSerialNumber().toString(16) + ".cer");
                } catch (Exception e) {
                    this.logger.error("系统将证书发布到HTTP服务器上错误 ======== ", e);
                    return false;
                }
            }
            return true;
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("====================系统将证书发布到LDAP服务器上==================== certType:" + i + " issueCertType:" + i2 + " certs.size：" + list.size());
        }
        LDAPCASDK pkixIssueSDKInstance = this.ldapCASDKUtil.getPkixIssueSDKInstance();
        if (1 == i) {
            CaDO caById = this.caDao.getCaById(caCertDO.getCaId().longValue());
            X509Certificate certFromStr = null != caCertDO.getCert() ? CertUtil.getCertFromStr(caCertDO.getCert()) : null;
            X509Certificate certFromStr2 = null != caCertDO.getOldWithNewCert() ? CertUtil.getCertFromStr(caCertDO.getOldWithNewCert()) : null;
            X509Certificate certFromStr3 = null != caCertDO.getNewWithOldCert() ? CertUtil.getCertFromStr(caCertDO.getNewWithOldCert()) : null;
            if (null == certFromStr2 || null == certFromStr3 || CaDO.CaMasterEnum.NO.getValue() != caById.getIsMaster().intValue()) {
                LDAPResponse sendCertificate = pkixIssueSDKInstance.sendCertificate(list);
                if (sendCertificate.isFlag()) {
                    return true;
                }
                this.logger.error("向LDAP发布CA证书错误，reason:[{}]", JsonUtils.object2Json(sendCertificate));
                return false;
            }
            this.logger.info("系统配置了LDAP服务，发布线程向LDA服务发布CA证书");
            LDAPResponse updateRootCACertificateToLDAP = pkixIssueSDKInstance.updateRootCACertificateToLDAP(certFromStr2, certFromStr3, certFromStr);
            if (updateRootCACertificateToLDAP.isFlag()) {
                return true;
            }
            this.logger.error("向LDAP发布更新CA证书错误 ========== {}", JsonUtils.object2Json(updateRootCACertificateToLDAP));
            return false;
        }
        if (2 == i) {
            LDAPResponse sendCertificate2 = pkixIssueSDKInstance.sendCertificate(list);
            if (sendCertificate2.isFlag()) {
                return true;
            }
            this.logger.error("向LDAP发布子CA证书错误，reason:[{}]", JsonUtils.object2Json(sendCertificate2));
            return false;
        }
        if (3 != i) {
            LDAPResponse sendCertificate3 = pkixIssueSDKInstance.sendCertificate(list);
            if (sendCertificate3.isFlag()) {
                return true;
            }
            this.logger.error("LDAP方式发布证书失败，reason:[{}]", JsonUtils.object2Json(sendCertificate3));
            return false;
        }
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            LDAPResponse sendCrossCertificateIssueByThisCA = pkixIssueSDKInstance.sendCrossCertificateIssueByThisCA(it.next());
            if (!sendCrossCertificateIssueByThisCA.isFlag()) {
                this.logger.error("交叉证书发布失败，reason:[{}]", sendCrossCertificateIssueByThisCA.getReason());
                return false;
            }
        }
        return true;
    }

    private List<Long> getPublishCertIds(Object obj) {
        ArrayList arrayList = null;
        if (obj != null) {
            String[] split = ((String) obj).split(",");
            if (split.length > 0) {
                arrayList = new ArrayList();
                for (String str : split) {
                    arrayList.add(Long.valueOf(Long.parseLong(str)));
                }
            }
        }
        return arrayList;
    }

    private List<X509Certificate> getCertificateFormMaps(Map<Long, String> map) {
        ArrayList arrayList = null;
        if (map != null && !map.isEmpty()) {
            arrayList = new ArrayList();
            Iterator<Long> it = map.keySet().iterator();
            while (it.hasNext()) {
                arrayList.add(CertUtil.getCertFromStr(map.get(it.next())));
            }
        }
        return arrayList;
    }
}
