package com.xdja.pki.ca.securitymanager.service.init;

import com.xdja.pki.ca.certmanager.service.template.TemplateService;
import com.xdja.pki.ca.certmanager.service.template.bean.TemplateInfoVO;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.common.ConfigUtil;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.configBasic.bean.CrlConfigBean;
import com.xdja.pki.ca.core.configBasic.bean.KmConfigBean;
import com.xdja.pki.ca.core.configBasic.bean.LdapConfigBean;
import com.xdja.pki.ca.core.configBasic.bean.OcspConfigBean;
import com.xdja.pki.ca.core.enums.KeyAlgEnum;
import com.xdja.pki.ca.core.enums.TemplateStatusEnum;
import com.xdja.pki.ca.core.enums.TemplateTypeEnum;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.core.util.CertUtils;
import com.xdja.pki.ca.core.util.DnUtil;
import com.xdja.pki.ca.core.util.UrlUtil;
import com.xdja.pki.ca.core.util.time.DateTimeUtil;
import com.xdja.pki.ca.hsm.manager.HsmManager;
import com.xdja.pki.ca.securitymanager.dao.CaCertDao;
import com.xdja.pki.ca.securitymanager.service.vo.BaseConfigDTO;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.ca.securitymanager.service.vo.CreateP10VO;
import com.xdja.pki.ca.securitymanager.service.vo.CrlConfigVO;
import com.xdja.pki.ca.securitymanager.service.vo.LdapConfigVO;
import com.xdja.pki.ca.securitymanager.service.vo.OcspConfigVO;
import com.xdja.pki.ca.securitymanager.service.vo.SubServerStatus;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2KeyUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2SignUtils;
import com.xdja.pki.gmssl.sdf.yunhsm.utils.GMSSLYunHsmUtils;
import java.io.File;
import java.io.FileInputStream;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/xdja/pki/ca/securitymanager/service/init/SystemConfigServiceImpl.class */
public class SystemConfigServiceImpl implements SystemConfigService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private Environment env;

    @Autowired
    private CaCertDao caCertDao;

    @Autowired
    private TemplateService templateService;

    @Autowired
    private InitService initService;

    @Autowired
    private HsmManager hsmService;

    @Value("${config.path}")
    private String configPath;

    public Result getBaseConfig() {
        BaseConfigDTO baseConfigDTO = new BaseConfigDTO();
        baseConfigDTO.setCaType(String.valueOf(this.caCertDao.currentIsRootCa().booleanValue() ? 1 : 2));
        baseConfigDTO.setKeyAlg(Constants.BASE_ALG_TYPE.intValue() == KeyAlgEnum.SM2.value ? "SM2" : "RSA");
        TemplateInfoVO innerTemplateByType = this.templateService.getInnerTemplateByType(TemplateTypeEnum.ROOT_CA.value);
        if (null == innerTemplateByType) {
            this.logger.info("查询模板信息结果：模板不存在[{}]", Integer.valueOf(TemplateTypeEnum.ROOT_CA.value));
            return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
        }
        if (TemplateStatusEnum.NORMAL.value != innerTemplateByType.getStatus().intValue()) {
            this.logger.info("查询模板信息结果：模板状态不正常，模板状态为[{}]", innerTemplateByType.getStatus());
            return Result.failure(ErrorEnum.TEMPLATE_STATUS_IS_STOP);
        }
        try {
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(innerTemplateByType.getKeyAlg());
            baseConfigDTO.setBaseDn(caInfoVO.getBaseDn());
            SubServerStatus subServerStatus = new SubServerStatus();
            if (null != caInfoVO.getLdapConfig()) {
                String[] split = UrlUtil.parseUrl(caInfoVO.getLdapConfig().getMasterURL()).split(":");
                subServerStatus.setLdap(Boolean.valueOf(isHostConnectivity(split[0], Integer.valueOf(split[1]).intValue())));
            } else {
                subServerStatus.setLdap(false);
            }
            if (null != caInfoVO.getOcspConfig()) {
                String[] split2 = UrlUtil.parseUrl(caInfoVO.getOcspConfig().getInterURL()).split(":");
                subServerStatus.setOcsp(Boolean.valueOf(isHostConnectivity(split2[0], Integer.valueOf(split2[1]).intValue())));
            } else {
                subServerStatus.setOcsp(false);
            }
            subServerStatus.setHsm(Boolean.valueOf(GMSSLYunHsmUtils.testConnect()));
            if (null != caInfoVO.getKmConfigBean()) {
                subServerStatus.setKms(Boolean.valueOf(isHostConnectivity(caInfoVO.getKmConfigBean().getIp(), caInfoVO.getKmConfigBean().getPort().intValue())));
            } else {
                subServerStatus.setKms(false);
            }
            baseConfigDTO.setSubServerStatus(subServerStatus);
            return Result.success(baseConfigDTO);
        } catch (Exception e) {
            throw new ServiceException("获取基本配置信息失败", e);
        }
    }

    public Result saveLdapConfig(LdapConfigVO ldapConfigVO) {
        try {
            if (StringUtils.isNotBlank(ldapConfigVO.getSlaveURL()) && StringUtils.isNotBlank(ldapConfigVO.getMasterURL())) {
                LdapConfigBean ldapConfigBean = new LdapConfigBean();
                BeanUtils.copyProperties(ldapConfigVO, ldapConfigBean);
                ConfigUtil.saveLdapConfig(this.env, ldapConfigBean);
            }
            if (!ConfigUtil.verifySystemInitIsOK(this.env)) {
                this.initService.reportInitStep(6);
            }
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
            caInfoVO.setLadp(true);
            caInfoVO.setLdapConfig(ConfigUtil.getLdapConfig(this.env));
            Constants.CA_INFO.put(Constants.BASE_ALG_TYPE, caInfoVO);
            return Result.success();
        } catch (Exception e) {
            throw new ServiceException("保存ldap配置信息异常", e);
        }
    }

    public Result saveOcspConfig(OcspConfigVO ocspConfigVO) {
        try {
            if (StringUtils.isNotBlank(ocspConfigVO.getInterURL()) && StringUtils.isNotBlank(ocspConfigVO.getNetworkURL())) {
                OcspConfigBean ocspConfigBean = new OcspConfigBean();
                BeanUtils.copyProperties(ocspConfigVO, ocspConfigBean);
                ConfigUtil.saveOcspConfig(this.env, ocspConfigBean);
            }
            if (!ConfigUtil.verifySystemInitIsOK(this.env)) {
                this.initService.reportInitStep(7);
            }
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
            caInfoVO.setOcsp(true);
            caInfoVO.setOcspConfig(ConfigUtil.getOcspConfig(this.env));
            Constants.CA_INFO.put(Constants.BASE_ALG_TYPE, caInfoVO);
            return Result.success();
        } catch (Exception e) {
            throw new ServiceException("保存ldap配置信息异常", e);
        }
    }

    public Result saveCrlConfig(CrlConfigVO crlConfigVO) {
        try {
            CrlConfigBean crlConfigBean = new CrlConfigBean();
            BeanUtils.copyProperties(crlConfigVO, crlConfigBean);
            ConfigUtil.saveCrlConfig(this.env, crlConfigBean);
            if (!ConfigUtil.verifySystemInitIsOK(this.env)) {
                this.initService.reportInitStep(8);
            }
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
            caInfoVO.setCrlConfig(ConfigUtil.getCrlConfig(this.env));
            Constants.CA_INFO.put(Constants.BASE_ALG_TYPE, caInfoVO);
            return Result.success();
        } catch (Exception e) {
            throw new ServiceException("保存ldap配置信息异常", e);
        }
    }

    public Result getLdapConfig() {
        try {
            LdapConfigBean ldapConfig = ConfigUtil.getLdapConfig(this.env);
            return null == ldapConfig ? Result.success(new LdapConfigBean()) : Result.success(ldapConfig);
        } catch (Exception e) {
            throw new ServiceException("获取ldpa配置信息异常", e);
        }
    }

    public Result getCrlConfig() {
        try {
            return Result.success(ConfigUtil.getCrlConfig(this.env));
        } catch (Exception e) {
            throw new ServiceException("获取CRL配置信息异常", e);
        }
    }

    public Result getOcspConfig() {
        try {
            OcspConfigBean ocspConfig = ConfigUtil.getOcspConfig(this.env);
            return null == ocspConfig ? Result.success(new OcspConfigBean()) : Result.success(ocspConfig);
        } catch (Exception e) {
            throw new ServiceException("获取ocsp配置信息异常", e);
        }
    }

    private boolean isHostConnectivity(String str, int i) {
        Socket socket = new Socket();
        try {
            try {
                socket.connect(new InetSocketAddress(str, i));
                try {
                    socket.close();
                    return true;
                } catch (Exception e) {
                    this.logger.debug("isHostConnectivity socket close {}:{} error", new Object[]{str, Integer.valueOf(i), e});
                    return true;
                }
            } catch (Exception e2) {
                this.logger.debug("isHostConnectivity socket connect {}:{} error", new Object[]{str, Integer.valueOf(i), e2});
                try {
                    socket.close();
                } catch (Exception e3) {
                    this.logger.debug("isHostConnectivity socket close {}:{} error", new Object[]{str, Integer.valueOf(i), e3});
                }
                return false;
            }
        } catch (Throwable th) {
            try {
                socket.close();
            } catch (Exception e4) {
                this.logger.debug("isHostConnectivity socket close {}:{} error", new Object[]{str, Integer.valueOf(i), e4});
            }
            throw th;
        }
    }

    public Result updateCrlConfig(CrlConfigVO crlConfigVO) {
        try {
            CrlConfigBean crlConfigBean = new CrlConfigBean();
            BeanUtils.copyProperties(crlConfigVO, crlConfigBean);
            ConfigUtil.updateCrlConfig(this.env, crlConfigBean);
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
            caInfoVO.setCrlConfig(ConfigUtil.getCrlConfig(this.env));
            Constants.CA_INFO.put(Constants.BASE_ALG_TYPE, caInfoVO);
            return Result.success();
        } catch (Exception e) {
            throw new ServiceException("保存ldap配置信息异常", e);
        }
    }

    public Result genKmP10(CreateP10VO createP10VO) {
        if (!GMSSLSM2KeyUtils.getPrivateKeyAccessRightFromYunHsm(createP10VO.getKeyIndex().intValue(), createP10VO.getPrivateKeyPin())) {
            this.logger.debug("生成KM通信证书p10失败：密码机两码没有访问权限[{}]", createP10VO);
            return Result.failure(ErrorEnum.HSM_KEY_PIN_ERROR);
        }
        try {
            DnUtil.getRFC4519X500Name(createP10VO.getDn());
            try {
                PKCS10CertificationRequest genP10 = this.hsmService.genP10(createP10VO);
                String str = "KMCertReq_" + DateTimeUtil.dateToZipStr(new Date()) + ".p10";
                File file = new File(this.configPath + "p10/");
                if (!file.exists()) {
                    file.mkdir();
                }
                CertUtil.writeObjToFile(genP10, this.configPath + "p10/" + str);
                ConfigUtil.saveTmpKmConfig(this.env, new KmConfigBean(createP10VO.getKeyIndex(), createP10VO.getPrivateKeyPin()));
                HashMap hashMap = new HashMap();
                hashMap.put("p10Name", str);
                return Result.success(hashMap);
            } catch (Exception e) {
                throw new ServiceException("生成P10失败", e);
            }
        } catch (Exception e2) {
            this.logger.debug("生成km通信证书申请文件p10失败：DN不符合X500规范[{}]", createP10VO.getDn());
            return Result.failure(ErrorEnum.DN_FORMAT_FAIL);
        }
    }

    public Result importKmConfig(FileInputStream fileInputStream, FileInputStream fileInputStream2, KmConfigBean kmConfigBean) {
        try {
            KmConfigBean kmConfig = ConfigUtil.getKmConfig(this.env);
            if (null != fileInputStream2) {
                X509Certificate certFromFile = CertUtils.getCertFromFile(fileInputStream2);
                if (!Boolean.valueOf(GMSSLSM2SignUtils.verifyByYunhsm(certFromFile.getPublicKey(), Base64.toBase64String("sushi".getBytes()), GMSSLSM2SignUtils.signByYunhsm(kmConfigBean.getKeyIndex().intValue(), kmConfigBean.getPrivateKeyPin(), Base64.toBase64String("sushi".getBytes())))).booleanValue()) {
                    this.logger.info("通信证书公私钥验证失败");
                    return Result.failure(ErrorEnum.PUBLIC_KEY_IS_NOT_MATCH_ERROR);
                }
                CertUtil.writeObjToPem(certFromFile, this.configPath + "swxa/certs/ck/swxaComm.cer");
            } else if (null != kmConfig && StringUtils.isNotBlank(kmConfig.getKmCommCertName())) {
                kmConfigBean.setKmCommCertName(kmConfig.getKmCommCertName());
            }
            if (null != fileInputStream) {
                CertUtil.writeObjToPem(CertUtils.getCertFromFile(fileInputStream), this.configPath + "swxa/certs/ck/swxaCa.cer");
            } else if (null != kmConfig && StringUtils.isNotBlank(kmConfig.getKmCaCertName())) {
                kmConfigBean.setKmCaCertName(kmConfig.getKmCaCertName());
            }
            ConfigUtil.saveKmConfig(this.env, kmConfigBean);
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
            caInfoVO.setKmConfigBean(ConfigUtil.getKmConfig(this.env));
            Constants.CA_INFO.put(Constants.BASE_ALG_TYPE, caInfoVO);
            return Result.success();
        } catch (Exception e) {
            throw new ServiceException("保存Km配置信息时异常", e);
        }
    }

    public Result getKmConfig() {
        try {
            KmConfigBean kmConfig = ConfigUtil.getKmConfig(this.env);
            return null == kmConfig ? Result.success(new KmConfigBean()) : Result.success(kmConfig);
        } catch (Exception e) {
            throw new ServiceException("获取km配置异常", e);
        }
    }

    public Result testKmConfig(String str, Integer num) {
        try {
            boolean isHostConnectivity = isHostConnectivity(str, num.intValue());
            HashMap hashMap = new HashMap();
            hashMap.put("result", Boolean.valueOf(isHostConnectivity));
            return Result.success(hashMap);
        } catch (Exception e) {
            throw new ServiceException("测试Km连通性异常", e);
        }
    }

    public Result testConfigKmInit() {
        KmConfigBean kmConfigBean;
        try {
            HashMap hashMap = new HashMap();
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
            if (null == caInfoVO || null == (kmConfigBean = caInfoVO.getKmConfigBean()) || !StringUtils.isNotBlank(kmConfigBean.getIp())) {
                hashMap.put("result", false);
                return Result.success(hashMap);
            }
            hashMap.put("result", true);
            return Result.success(hashMap);
        } catch (Exception e) {
            throw new ServiceException("查询KM是否初始化异常", e);
        }
    }

    public String getNameByPath(String str) {
        String[] split = str.split("\\\\");
        return split[split.length - 1];
    }
}
