package com.xdja.pki.ca.openapi.service.impl.v1;

import com.alibaba.fastjson.JSONObject;
import com.xdja.pki.ca.auth.service.bean.DigestAlgEnum;
import com.xdja.pki.ca.certmanager.dao.CertDataDao;
import com.xdja.pki.ca.certmanager.dao.ManagerCertDao;
import com.xdja.pki.ca.certmanager.dao.ManagerCertDataDao;
import com.xdja.pki.ca.certmanager.dao.OutDateManagerCertDao;
import com.xdja.pki.ca.certmanager.dao.RaAdminCertDao;
import com.xdja.pki.ca.certmanager.dao.RaServerCertDao;
import com.xdja.pki.ca.certmanager.dao.RevokeManagerCertDao;
import com.xdja.pki.ca.certmanager.dao.models.CertDO;
import com.xdja.pki.ca.certmanager.dao.models.CertDataDO;
import com.xdja.pki.ca.certmanager.dao.models.ManageCertDO;
import com.xdja.pki.ca.certmanager.dao.models.ManageCertDataDO;
import com.xdja.pki.ca.certmanager.dao.models.OutdateCertDO;
import com.xdja.pki.ca.certmanager.dao.models.OutdateManageCertDO;
import com.xdja.pki.ca.certmanager.dao.models.RaAdminCertDO;
import com.xdja.pki.ca.certmanager.dao.models.RevokedCertDO;
import com.xdja.pki.ca.certmanager.dao.models.RevokedManageCertDO;
import com.xdja.pki.ca.certmanager.dao.models.TemplateDO;
import com.xdja.pki.ca.certmanager.dao.models.ra.TRA;
import com.xdja.pki.ca.certmanager.dao.openapi.RAOpenApiDao;
import com.xdja.pki.ca.certmanager.service.template.TemplateService;
import com.xdja.pki.ca.certmanager.service.template.bean.ExtensionVO;
import com.xdja.pki.ca.certmanager.service.template.bean.TemplateInfoVO;
import com.xdja.pki.ca.certmanager.service.util.CertContentInfoUtil;
import com.xdja.pki.ca.certmanager.service.util.DicDataConverUtil;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.enums.KeyAlgEnum;
import com.xdja.pki.ca.core.enums.TemplateTypeEnum;
import com.xdja.pki.ca.core.exception.DAOException;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.core.util.time.DateTimeUtil;
import com.xdja.pki.ca.hsm.manager.HsmManager;
import com.xdja.pki.ca.openapi.service.impl.v1.util.JsonUtils;
import com.xdja.pki.ca.openapi.service.v1.IRAOpenApiService;
import com.xdja.pki.ca.openapi.service.v1.bean.CertDownloadRep;
import com.xdja.pki.ca.openapi.service.v1.bean.CertStatusRep;
import com.xdja.pki.ca.openapi.service.v1.bean.RALoginResp;
import com.xdja.pki.ca.openapi.service.v1.bean.RATemplateRep;
import com.xdja.pki.ca.openapi.service.v1.bean.RAinfoRep;
import com.xdja.pki.ca.openapi.service.v1.bean.RAmanageTemplVO;
import com.xdja.pki.ca.securitymanager.dao.CaDao;
import com.xdja.pki.gmssl.x509.utils.bean.GMSSLSignatureAlgorithm;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;
import javax.annotation.Resource;
import org.bouncycastle.asn1.DEROctetString;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/xdja/pki/ca/openapi/service/impl/v1/RAOpenApiServiceImpl.class */
public class RAOpenApiServiceImpl implements IRAOpenApiService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private RAOpenApiDao raOpenApiDao;

    @Autowired
    private CertDataDao certDataDao;

    @Autowired
    private TemplateService templateService;

    @Autowired
    private CertContentInfoUtil certContentInfoUtil;

    @Autowired
    private DicDataConverUtil dicDataConverUtil;

    @Autowired
    private ManagerCertDao managereCertDao;

    @Autowired
    private RevokeManagerCertDao revokeManagerCertDao;

    @Autowired
    private OutDateManagerCertDao outDateManagerCertDao;

    @Autowired
    private RaAdminCertDao raAdminCertDao;

    @Autowired
    private ManagerCertDataDao managerCertDataDao;

    @Resource
    private CaDao caDao;

    @Autowired
    private HsmManager hsmManager;

    @Autowired
    RaServerCertDao raServerCertDao;

    public Result getCertConfirmStatusBySN(Long l, String str) {
        CertStatusRep certStatusRep = new CertStatusRep();
        try {
            Integer certConfirmStatusBySN = this.raOpenApiDao.getCertConfirmStatusBySN(l, str);
            if (null == certConfirmStatusBySN) {
                this.logger.info("证书信息不存在");
                return Result.failure(ErrorEnum.CERT_NOT_EXIST);
            }
            certStatusRep.setStatus(certConfirmStatusBySN);
            return Result.success(certStatusRep);
        } catch (DAOException e) {
            this.logger.error("service查询证书信息异常");
            throw new ServiceException(e);
        }
    }

    public Result getDownloadCerts(Long l, String str) {
        CertDownloadRep certDownloadRep = new CertDownloadRep();
        CertDO certDO = null;
        RevokedCertDO revokedCertDO = null;
        OutdateCertDO outdateCertDO = null;
        CertDataDO certDataDO = null;
        Long l2 = null;
        Integer num = null;
        try {
            certDO = this.raOpenApiDao.getCertDetailBySn(l, str, Constants.BASE_ALG_TYPE.intValue());
            certDataDO = getCertDataById(certDO.getId());
            num = certDO.getType();
            l2 = certDO.getPairCertId();
        } catch (DAOException e) {
            try {
                revokedCertDO = this.raOpenApiDao.getRevokedCertDetailBySn(l, str, Constants.BASE_ALG_TYPE.intValue());
                certDataDO = getCertDataById(revokedCertDO.getId());
                num = revokedCertDO.getType();
                l2 = revokedCertDO.getPairCertId();
            } catch (DAOException e2) {
                try {
                    outdateCertDO = this.raOpenApiDao.getOutdateCertDetailBySn(l, str, Constants.BASE_ALG_TYPE.intValue());
                    certDataDO = getCertDataById(outdateCertDO.getId());
                    num = outdateCertDO.getType();
                    l2 = outdateCertDO.getPairCertId();
                } catch (DAOException e3) {
                    this.logger.info("根据sn查询证书详情无数据返回sn={}", str);
                }
            }
        }
        if (null == certDO && null == revokedCertDO && null == outdateCertDO) {
            this.logger.info("证书信息不存在");
            return Result.failure(ErrorEnum.CERT_NOT_EXIST);
        }
        if (null == certDataDO) {
            this.logger.info("证书内容不存在");
            return Result.failure(ErrorEnum.CERTDATA_NOT_EXIST);
        }
        if (num.intValue() == 1) {
            certDownloadRep.setSignCert(certDataDO.getData());
        } else {
            CertDataDO certDataById = getCertDataById(l2);
            if (null == certDataById) {
                this.logger.info("证书内容不存在");
                return Result.failure(ErrorEnum.CERTDATA_NOT_EXIST);
            }
            if (num.intValue() == 3) {
                certDownloadRep.setEncCert(certDataDO.getData());
                certDownloadRep.setSignCert(certDataById.getData());
            } else {
                certDownloadRep.setEncCert(certDataById.getData());
                certDownloadRep.setSignCert(certDataDO.getData());
            }
        }
        return Result.success(certDownloadRep);
    }

    public Result getCertDetailBySN(Long l, String str) {
        CertDO certDO = null;
        RevokedCertDO revokedCertDO = null;
        OutdateCertDO outdateCertDO = null;
        Integer num = 0;
        Long l2 = null;
        CertDataDO certDataDO = null;
        Integer num2 = 2;
        try {
            certDO = this.raOpenApiDao.getCertDetailBySn(l, str, Constants.BASE_ALG_TYPE.intValue());
            num2 = certDO.getType();
            num = DateTimeUtil.compare(certDO.getNotAfterTime(), new Date()) == -1 ? 4 : certDO.getStatus();
            l2 = certDO.getTemplateId();
            certDataDO = getCertDataById(certDO.getId());
        } catch (DAOException e) {
            try {
                revokedCertDO = this.raOpenApiDao.getRevokedCertDetailBySn(l, str, Constants.BASE_ALG_TYPE.intValue());
                num2 = revokedCertDO.getType();
                num = DateTimeUtil.compare(revokedCertDO.getAfterTime(), new Date()) == -1 ? 4 : 3;
                l2 = revokedCertDO.getTemplateId();
                certDataDO = getCertDataById(revokedCertDO.getId());
            } catch (DAOException e2) {
                try {
                    outdateCertDO = this.raOpenApiDao.getOutdateCertDetailBySn(l, str, Constants.BASE_ALG_TYPE.intValue());
                    num2 = outdateCertDO.getType();
                    num = 4;
                    l2 = outdateCertDO.getTemplateId();
                    certDataDO = getCertDataById(outdateCertDO.getId());
                } catch (DAOException e3) {
                    this.logger.info("根据sn查询证书详情无数据返回sn={}", str);
                }
            }
        }
        if (null == certDO && null == revokedCertDO && null == outdateCertDO) {
            this.logger.info("证书信息不存在,sn={}", str);
            return Result.failure(ErrorEnum.CERT_NOT_EXIST);
        }
        if (null == certDataDO) {
            this.logger.info("证书内容不存在,sn={}", str);
            return Result.failure(ErrorEnum.CERTDATA_NOT_EXIST);
        }
        try {
            Map certContentInfo = this.certContentInfoUtil.getCertContentInfo(CertUtil.getCertFromStr(certDataDO.getData()));
            try {
                TemplateDO templateById = this.raOpenApiDao.getTemplateById(l2);
                certContentInfo.put("status", num);
                certContentInfo.put("statusStr", this.dicDataConverUtil.ConverStatusToStr(num));
                certContentInfo.put("templateName", templateById != null ? templateById.getName() : null);
                certContentInfo.put("type", num2);
                return Result.success(certContentInfo);
            } catch (DAOException e4) {
                this.logger.error("模板信息查询失败", e4);
                throw new ServiceException("模板信息查询失败", e4);
            }
        } catch (Exception e5) {
            this.logger.error("证书详情格式读取异常", e5);
            return Result.failure(ErrorEnum.CERTDETAIL_FORMATE_ERROR);
        }
    }

    public Result getRATemplateById(Long l) {
        ArrayList arrayList = new ArrayList();
        try {
            List<TemplateDO> raTemplateCodes = this.raOpenApiDao.getRaTemplateCodes(l, Integer.valueOf(TemplateTypeEnum.USER.value));
            String[] strArr = new String[raTemplateCodes.size()];
            for (int i = 0; i < raTemplateCodes.size(); i++) {
                strArr[i] = ((TemplateDO) raTemplateCodes.get(i)).getCode();
            }
            Map templatesByCodes = this.templateService.getTemplatesByCodes(strArr);
            for (TemplateDO templateDO : raTemplateCodes) {
                String name = templateDO.getKeyAlg().intValue() == KeyAlgEnum.RSA.value ? KeyAlgEnum.RSA.name() : KeyAlgEnum.SM2.name();
                RATemplateRep rATemplateRep = new RATemplateRep();
                BeanUtils.copyProperties(templateDO, rATemplateRep);
                rATemplateRep.setKeyAlg(name);
                String coneverSingAlgToStr = this.dicDataConverUtil.coneverSingAlgToStr(templateDO.getSignAlg());
                if (coneverSingAlgToStr.equals("SHA1WithRSA")) {
                    coneverSingAlgToStr = "SHA-1WithRSA";
                }
                rATemplateRep.setSignAlg(coneverSingAlgToStr);
                TemplateInfoVO templateInfoVO = (TemplateInfoVO) templatesByCodes.get(templateDO.getCode());
                if (null != templateInfoVO) {
                    List<ExtensionVO> extensions = templateInfoVO.getExtensions();
                    ArrayList arrayList2 = new ArrayList();
                    if (null != extensions && !extensions.isEmpty()) {
                        for (ExtensionVO extensionVO : extensions) {
                            HashMap hashMap = new HashMap();
                            if (extensionVO.getIsInput().intValue() == 1) {
                                hashMap.put("attrName", extensionVO.getName());
                                hashMap.put("attrOid", extensionVO.getExtnId());
                                hashMap.put("attrType", extensionVO.getValue() == null ? "" : extensionVO.getValue());
                                hashMap.put("attrValue", "");
                            }
                            if (!hashMap.isEmpty()) {
                                arrayList2.add(hashMap);
                            }
                        }
                    }
                    rATemplateRep.setTemParas(arrayList2);
                    rATemplateRep.setCertPatterm(templateInfoVO.getCertPatterm());
                }
                arrayList.add(rATemplateRep);
            }
            return Result.success(arrayList);
        } catch (DAOException e) {
            this.logger.info("service查询RA授权模板列表异常");
            throw new ServiceException("service查询RA授权模板列表", e);
        }
    }

    public Result getTemplateDetail(Long l, String str) {
        try {
            List raTemplateCodes = this.raOpenApiDao.getRaTemplateCodes(l, Integer.valueOf(TemplateTypeEnum.USER.value));
            boolean z = true;
            if (null != raTemplateCodes && !raTemplateCodes.isEmpty()) {
                Iterator it = raTemplateCodes.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (((TemplateDO) it.next()).getCode().equals(str)) {
                        z = false;
                        break;
                    }
                }
            }
            if (z) {
                return Result.failure(ErrorEnum.UNAUTHORIZED_REQUEST);
            }
            Result templateByCode = this.templateService.getTemplateByCode(str);
            if (!templateByCode.isSuccess()) {
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            Object info = templateByCode.getInfo();
            JSONObject jSONObject = null;
            if (info != null) {
                jSONObject = JSONObject.parseObject(JsonUtils.object2Json(info));
                jSONObject.put("keyAlg", ((Integer) jSONObject.get("keyAlg")).intValue() == KeyAlgEnum.RSA.value ? KeyAlgEnum.RSA.name() : KeyAlgEnum.SM2.name());
            }
            return Result.success(jSONObject);
        } catch (ServiceException e) {
            throw new ServiceException("根据模板编号获取模板信息失败", e);
        }
    }

    private CertDataDO getCertDataById(Long l) {
        try {
            return this.certDataDao.queryCertDataById(l);
        } catch (DAOException e) {
            this.logger.info("查询证书内容异常,certId={}", l);
            throw new ServiceException("service查询证书内容异常", e);
        }
    }

    private ManageCertDataDO getManageCertDataById(Long l) {
        try {
            return this.managerCertDataDao.queryManagerCertDataById(l);
        } catch (DAOException e) {
            this.logger.info("查询管理证书内容异常,certId={}", l);
            throw new ServiceException("service查询管理证书内容异常", e);
        }
    }

    public RAinfoRep getRAInfoBySN(String str) {
        try {
            TRA rAInfoBySN = this.raOpenApiDao.getRAInfoBySN(str);
            RAinfoRep rAinfoRep = new RAinfoRep();
            BeanUtils.copyProperties(rAInfoBySN, rAinfoRep);
            return rAinfoRep;
        } catch (DAOException e) {
            throw new ServiceException("service查询RA信息异常", e);
        }
    }

    public Result getChallenge() {
        HashMap hashMap = new HashMap();
        byte[] bArr = new byte[16];
        new Random().nextBytes(bArr);
        hashMap.put("challenge", new DEROctetString(bArr).toString());
        return Result.success(hashMap);
    }

    public Result RALoginVerify(Map<String, Object> map, long j) {
        RaAdminCertDO raAdminCertByManageId;
        String str = (String) map.get("sn");
        Integer num = (Integer) map.get("alg");
        RevokedManageCertDO revokedManageCertDO = null;
        OutdateManageCertDO outdateManageCertDO = null;
        ManageCertDataDO manageCertDataDO = null;
        Long l = null;
        Integer num2 = null;
        Integer num3 = RALoginResp.DEFULT_CERTSTATUS;
        Integer num4 = RALoginResp.DEFULT_ADMINTYPE;
        Long l2 = null;
        int intValue = (num == null ? this.caDao.getCaInfo().getKeyAlg() : num).intValue();
        try {
            ManageCertDO managerCertsBySn = this.managereCertDao.getManagerCertsBySn(str, intValue);
            if (null != managerCertsBySn) {
                num3 = managerCertsBySn.getStatus();
                l2 = managerCertsBySn.getId();
                num2 = managerCertsBySn.getType();
                l = managerCertsBySn.getPairCertId();
                manageCertDataDO = getManageCertDataById(managerCertsBySn.getId());
            } else {
                revokedManageCertDO = this.revokeManagerCertDao.getRevokManagerCertsBySn(str, Integer.valueOf(intValue));
                if (null != revokedManageCertDO) {
                    num3 = 3;
                    l2 = revokedManageCertDO.getId();
                    num2 = revokedManageCertDO.getType();
                    l = revokedManageCertDO.getPairCertId();
                    manageCertDataDO = getManageCertDataById(revokedManageCertDO.getId());
                } else {
                    outdateManageCertDO = this.outDateManagerCertDao.getOutDateManagerCertsBySn(str, Integer.valueOf(intValue));
                    if (null != outdateManageCertDO) {
                        num3 = 4;
                        l2 = outdateManageCertDO.getId();
                        num2 = outdateManageCertDO.getType();
                        l = outdateManageCertDO.getPairCertId();
                        manageCertDataDO = getManageCertDataById(outdateManageCertDO.getId());
                    }
                }
            }
            if (null == managerCertsBySn && null == revokedManageCertDO && null == outdateManageCertDO) {
                this.logger.info("证书信息不存在,sn={}", str);
                return Result.failure(ErrorEnum.CERT_NOT_EXIST);
            }
            if (this.raAdminCertDao.getRaAdminCertByManageId(l2).getRaId().longValue() != j) {
                this.logger.info("证书信息不存在,sn={}", str);
                return Result.failure(ErrorEnum.CERT_NOT_EXIST);
            }
            ManageCertDataDO manageCertDataById = getManageCertDataById(l);
            if (null == manageCertDataDO || null == manageCertDataById) {
                this.logger.info("证书内容不存在");
                return Result.failure(ErrorEnum.CERTDATA_NOT_EXIST);
            }
            RALoginResp rALoginResp = new RALoginResp();
            if (num2.intValue() == 1) {
                rALoginResp.setSignCertData(manageCertDataDO.getData());
                rALoginResp.setEncCertData(manageCertDataById.getData());
            } else {
                rALoginResp.setSignCertData(manageCertDataById.getData());
                rALoginResp.setEncCertData(manageCertDataDO.getData());
            }
            if (null != l2 && null != (raAdminCertByManageId = this.raAdminCertDao.getRaAdminCertByManageId(l2))) {
                num4 = raAdminCertByManageId.getRoleType();
            }
            rALoginResp.setAdminType(num4);
            rALoginResp.setSignCertStatus(num3);
            return Result.success(rALoginResp);
        } catch (DAOException e) {
            this.logger.info("根据sn查询RA证书详情无数据返回sn={}", str);
            throw new ServiceException("service根据sn查询RA证书详情", e);
        }
    }

    public Result getRAmanageTemplateInfo() {
        try {
            TemplateInfoVO innerTemplateByType = this.templateService.getInnerTemplateByType(TemplateTypeEnum.MANAGER.value);
            if (null == innerTemplateByType) {
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            RAmanageTemplVO rAmanageTemplVO = new RAmanageTemplVO();
            BeanUtils.copyProperties(innerTemplateByType, rAmanageTemplVO);
            rAmanageTemplVO.setKeyAlgStr(rAmanageTemplVO.getKeyAlg().intValue() == KeyAlgEnum.RSA.value ? KeyAlgEnum.RSA.name() : KeyAlgEnum.SM2.name());
            String coneverSingAlgToStr = this.dicDataConverUtil.coneverSingAlgToStr(rAmanageTemplVO.getSignAlg());
            if (coneverSingAlgToStr.equals("SHA1WithRSA")) {
                coneverSingAlgToStr = "SHA-1WithRSA";
            }
            rAmanageTemplVO.setSignAlgStr(coneverSingAlgToStr);
            rAmanageTemplVO.setKeyAlg(innerTemplateByType.getKeyAlg());
            List<ExtensionVO> extensions = innerTemplateByType.getExtensions();
            ArrayList arrayList = new ArrayList();
            if (null != extensions && !extensions.isEmpty()) {
                for (ExtensionVO extensionVO : extensions) {
                    HashMap hashMap = new HashMap();
                    if (extensionVO.getIsInput().intValue() == 1) {
                        hashMap.put("attrName", extensionVO.getName());
                        hashMap.put("attrOid", extensionVO.getExtnId());
                        hashMap.put("attrType", extensionVO.getValue() == null ? "" : extensionVO.getValue());
                        hashMap.put("attrValue", "");
                    }
                    if (!hashMap.isEmpty()) {
                        arrayList.add(hashMap);
                    }
                }
            }
            rAmanageTemplVO.setTemParas(arrayList);
            return Result.success(rAmanageTemplVO);
        } catch (ServiceException e) {
            this.logger.error("ca-openapi-service查询RA管理模板信息异常");
            throw e;
        }
    }

    public boolean verifySign(String str, PublicKey publicKey, byte[] bArr, byte[] bArr2) {
        int i;
        try {
            if (str.equals(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName())) {
                i = DigestAlgEnum.SHA1.value;
            } else if (str.equals(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName())) {
                i = DigestAlgEnum.SHA256.value;
            } else if (str.equals(GMSSLSignatureAlgorithm.SM3_WITH_SM2.getSigAlgName())) {
                i = DigestAlgEnum.SM3.value;
            } else {
                if (!str.equals(GMSSLSignatureAlgorithm.SHA256_WITH_ECDSA.getSigAlgName())) {
                    this.logger.info("不支持的签名算法：" + str);
                    throw new RuntimeException("不支持的签名算法");
                }
                i = DigestAlgEnum.SHA256.value;
            }
            return this.hsmManager.verifySign(Constants.BASE_ALG_TYPE.intValue(), i, publicKey, bArr, bArr2);
        } catch (Exception e) {
            throw new ServiceException("验证签名失败", e);
        }
    }

    public Result getRaServerCertByRaId(String str) {
        ManageCertDataDO manageCertDataDO = null;
        try {
            ManageCertDO managerCertsBySn = this.managereCertDao.getManagerCertsBySn(str, null != this.caDao.getCaInfo().getKeyAlg() ? this.caDao.getCaInfo().getKeyAlg().intValue() : KeyAlgEnum.SM2.value);
            if (null != managerCertsBySn) {
                manageCertDataDO = this.managerCertDataDao.queryManagerCertDataById(managerCertsBySn.getId());
            }
            return Result.success(manageCertDataDO);
        } catch (DAOException e) {
            throw new ServiceException("查询RA服务器证书失败，", e);
        }
    }
}
