package com.xdja.pki.ca.securitymanager.service.init;

import com.xdja.pki.ca.certmanager.service.template.TemplateService;
import com.xdja.pki.ca.certmanager.service.template.bean.TemplateInfoVO;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.common.Config;
import com.xdja.pki.ca.core.common.ConfigUtil;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.configBasic.bean.CrlConfigBean;
import com.xdja.pki.ca.core.configBasic.bean.KmConfigBean;
import com.xdja.pki.ca.core.configBasic.bean.LdapConfigBean;
import com.xdja.pki.ca.core.configBasic.bean.OcspConfigBean;
import com.xdja.pki.ca.core.configBasic.bean.XdjaKmConfigBean;
import com.xdja.pki.ca.core.enums.CrlPublishEnum;
import com.xdja.pki.ca.core.enums.KeyAlgEnum;
import com.xdja.pki.ca.core.enums.P10typeEnum;
import com.xdja.pki.ca.core.enums.TemplateStatusEnum;
import com.xdja.pki.ca.core.enums.TemplateTypeEnum;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.core.pkcs7.P7bUtils;
import com.xdja.pki.ca.core.util.CertUtils;
import com.xdja.pki.ca.core.util.DnUtil;
import com.xdja.pki.ca.core.util.FileUtils;
import com.xdja.pki.ca.core.util.UrlUtil;
import com.xdja.pki.ca.core.util.time.DateTimeUtil;
import com.xdja.pki.ca.hsm.manager.HsmManager;
import com.xdja.pki.ca.hsm.manager.SoftAlgManager;
import com.xdja.pki.ca.securitymanager.dao.CaCertDao;
import com.xdja.pki.ca.securitymanager.dao.CertSnDao;
import com.xdja.pki.ca.securitymanager.service.vo.BaseConfigDTO;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.ca.securitymanager.service.vo.CreateP10VO;
import com.xdja.pki.ca.securitymanager.service.vo.CrlConfigVO;
import com.xdja.pki.ca.securitymanager.service.vo.LdapConfigVO;
import com.xdja.pki.ca.securitymanager.service.vo.OcspConfigVO;
import com.xdja.pki.ca.securitymanager.service.vo.SignAlgTypeEnum;
import com.xdja.pki.ca.securitymanager.service.vo.SubServerStatus;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRSAKeyUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2KeyUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2SignUtils;
import com.xdja.pki.gmssl.sdf.yunhsm.utils.GMSSLYunHsmUtils;
import java.io.File;
import java.io.FileInputStream;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Service;
import org.springframework.web.multipart.MultipartFile;

@Service
/* loaded from: input_file:com/xdja/pki/ca/securitymanager/service/init/SystemConfigServiceImpl.class */
public class SystemConfigServiceImpl implements SystemConfigService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private Environment env;

    @Autowired
    private CaCertDao caCertDao;

    @Autowired
    private TemplateService templateService;

    @Autowired
    private InitService initService;

    @Autowired
    private HsmManager hsmService;

    @Value("${config.path}")
    private String configPath;

    @Autowired
    private SoftAlgManager softAlgManager;

    @Autowired
    private CertSnDao certSnDao;

    public Result getBaseConfig() {
        BaseConfigDTO baseConfigDTO = new BaseConfigDTO();
        baseConfigDTO.setCaType(String.valueOf(this.caCertDao.currentIsRootCa().booleanValue() ? 1 : 2));
        baseConfigDTO.setKeyAlg(KeyAlgEnum.convert(Constants.BASE_ALG_TYPE.intValue()).desc);
        TemplateInfoVO innerTemplateByType = this.templateService.getInnerTemplateByType(TemplateTypeEnum.ROOT_CA.value);
        if (null == innerTemplateByType) {
            this.logger.info("查询模板信息结果：模板不存在[{}]", Integer.valueOf(TemplateTypeEnum.ROOT_CA.value));
            return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
        }
        if (TemplateStatusEnum.NORMAL.value != innerTemplateByType.getStatus().intValue()) {
            this.logger.info("查询模板信息结果：模板状态不正常，模板状态为[{}]", innerTemplateByType.getStatus());
            return Result.failure(ErrorEnum.TEMPLATE_STATUS_IS_STOP);
        }
        try {
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(innerTemplateByType.getKeyAlg());
            baseConfigDTO.setBaseDn(caInfoVO.getBaseDn());
            SubServerStatus subServerStatus = new SubServerStatus();
            if (null != caInfoVO.getLdapConfig()) {
                String[] split = UrlUtil.parseUrl(caInfoVO.getLdapConfig().getMasterURL()).split(":");
                subServerStatus.setLdap(Boolean.valueOf(isHostConnectivity(split[0], Integer.valueOf(split[1]).intValue())));
            } else {
                subServerStatus.setLdap(false);
            }
            if (null != caInfoVO.getOcspConfig()) {
                String[] split2 = UrlUtil.parseUrl(caInfoVO.getOcspConfig().getInterURL()).split(":");
                subServerStatus.setOcsp(Boolean.valueOf(isHostConnectivity(split2[0], Integer.valueOf(split2[1]).intValue())));
            } else {
                subServerStatus.setOcsp(false);
            }
            if (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_HSM.intValue()) {
                subServerStatus.setHsm(Boolean.valueOf(GMSSLYunHsmUtils.testConnect()));
            } else {
                subServerStatus.setHsm(false);
            }
            int kmSystemType = ConfigUtil.getConfigInfo(this.env).getKmSystemType();
            if (1 == kmSystemType) {
                if (null != caInfoVO.getKmConfigBean()) {
                    subServerStatus.setKms(Boolean.valueOf(isHostConnectivity(caInfoVO.getKmConfigBean().getIp(), caInfoVO.getKmConfigBean().getPort().intValue())));
                } else {
                    subServerStatus.setKms(false);
                }
            } else if (2 != kmSystemType) {
                subServerStatus.setKms(false);
            } else if (null != caInfoVO.getXdjaKmConfigBean()) {
                subServerStatus.setKms(Boolean.valueOf(isHostConnectivity(caInfoVO.getXdjaKmConfigBean().getKmIp(), caInfoVO.getXdjaKmConfigBean().getKmPort())));
            } else {
                subServerStatus.setKms(false);
            }
            baseConfigDTO.setSubServerStatus(subServerStatus);
            return Result.success(baseConfigDTO);
        } catch (Exception e) {
            throw new ServiceException("获取基本配置信息失败", e);
        }
    }

    public Result saveLdapConfig(LdapConfigVO ldapConfigVO) {
        try {
            if (StringUtils.isNotBlank(ldapConfigVO.getSlaveURL()) && StringUtils.isNotBlank(ldapConfigVO.getMasterURL())) {
                LdapConfigBean ldapConfigBean = new LdapConfigBean();
                BeanUtils.copyProperties(ldapConfigVO, ldapConfigBean);
                ConfigUtil.saveLdapConfig(this.env, ldapConfigBean);
                CrlConfigBean crlConfig = ConfigUtil.getCrlConfig(this.env);
                if (!CrlPublishEnum.isSignCRL(crlConfig.getCrlPublish())) {
                    crlConfig.setCrlPublish(CrlConfigBean.LDAP_PUBLISH);
                    ConfigUtil.saveCrlConfig(this.env, crlConfig);
                }
            }
            if (!ConfigUtil.verifySystemInitIsOK(this.env)) {
                this.initService.reportInitStep(6);
            }
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
            caInfoVO.setLadp(true);
            caInfoVO.setLdapConfig(ConfigUtil.getLdapConfig(this.env));
            Constants.CA_INFO.put(Constants.BASE_ALG_TYPE, caInfoVO);
            return Result.success();
        } catch (Exception e) {
            throw new ServiceException("保存ldap配置信息异常", e);
        }
    }

    public Result saveOcspConfig(OcspConfigVO ocspConfigVO) {
        try {
            if (StringUtils.isNotBlank(ocspConfigVO.getInterURL()) && StringUtils.isNotBlank(ocspConfigVO.getNetworkURL())) {
                OcspConfigBean ocspConfigBean = new OcspConfigBean();
                BeanUtils.copyProperties(ocspConfigVO, ocspConfigBean);
                ConfigUtil.saveOcspConfig(this.env, ocspConfigBean);
            }
            if (!ConfigUtil.verifySystemInitIsOK(this.env)) {
                this.initService.reportInitStep(7);
            }
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
            caInfoVO.setOcsp(true);
            caInfoVO.setOcspConfig(ConfigUtil.getOcspConfig(this.env));
            Constants.CA_INFO.put(Constants.BASE_ALG_TYPE, caInfoVO);
            return Result.success();
        } catch (Exception e) {
            throw new ServiceException("保存ldap配置信息异常", e);
        }
    }

    public Result saveCrlConfig(CrlConfigVO crlConfigVO) {
        try {
            CrlConfigBean crlConfigBean = new CrlConfigBean();
            BeanUtils.copyProperties(crlConfigVO, crlConfigBean);
            ConfigUtil.saveCrlConfig(this.env, crlConfigBean);
            if (!ConfigUtil.verifySystemInitIsOK(this.env)) {
                this.initService.reportInitStep(8);
            }
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
            caInfoVO.setCrlConfig(ConfigUtil.getCrlConfig(this.env));
            Constants.CA_INFO.put(Constants.BASE_ALG_TYPE, caInfoVO);
            return Result.success();
        } catch (Exception e) {
            throw new ServiceException("保存ldap配置信息异常", e);
        }
    }

    public Result getLdapConfig() {
        try {
            LdapConfigBean ldapConfig = ConfigUtil.getLdapConfig(this.env);
            return null == ldapConfig ? Result.success(new LdapConfigBean()) : Result.success(ldapConfig);
        } catch (Exception e) {
            throw new ServiceException("获取ldpa配置信息异常", e);
        }
    }

    public Result getCrlConfig() {
        LdapConfigBean ldapConfig;
        try {
            CrlConfigBean crlConfig = ConfigUtil.getCrlConfig(this.env);
            if (!CrlPublishEnum.isSignCRL(crlConfig.getCrlPublish()) && null != (ldapConfig = ConfigUtil.getLdapConfig(this.env)) && StringUtils.isNotBlank(ldapConfig.getMasterURL())) {
                crlConfig.setCrlPublish(CrlConfigBean.LDAP_PUBLISH);
                ConfigUtil.saveCrlConfig(this.env, crlConfig);
            }
            return Result.success(convertCrlConfig(crlConfig));
        } catch (Exception e) {
            throw new ServiceException("获取CRL配置信息异常", e);
        }
    }

    private CrlConfigBean convertCrlConfig(CrlConfigBean crlConfigBean) {
        if (null != crlConfigBean && StringUtils.isNotBlank(crlConfigBean.getCrlRemoteURL())) {
            crlConfigBean.setCrlRemoteURL(UrlUtil.convertUrlHttp(crlConfigBean.getCrlRemoteURL()));
            crlConfigBean.setCrlLocalDirectory(UrlUtil.convertUrlFormat(crlConfigBean.getCrlLocalDirectory()));
        }
        return crlConfigBean;
    }

    public Result getOcspConfig() {
        try {
            OcspConfigBean ocspConfig = ConfigUtil.getOcspConfig(this.env);
            return null == ocspConfig ? Result.success(new OcspConfigBean()) : Result.success(ocspConfig);
        } catch (Exception e) {
            throw new ServiceException("获取ocsp配置信息异常", e);
        }
    }

    private boolean isHostConnectivity(String str, int i) {
        Socket socket = new Socket();
        try {
            try {
                socket.connect(new InetSocketAddress(str, i));
                try {
                    socket.close();
                    return true;
                } catch (Exception e) {
                    this.logger.debug("isHostConnectivity socket close {}:{} error", new Object[]{str, Integer.valueOf(i), e});
                    return true;
                }
            } catch (Exception e2) {
                this.logger.debug("isHostConnectivity socket connect {}:{} error", new Object[]{str, Integer.valueOf(i), e2});
                try {
                    socket.close();
                } catch (Exception e3) {
                    this.logger.debug("isHostConnectivity socket close {}:{} error", new Object[]{str, Integer.valueOf(i), e3});
                }
                return false;
            }
        } catch (Throwable th) {
            try {
                socket.close();
            } catch (Exception e4) {
                this.logger.debug("isHostConnectivity socket close {}:{} error", new Object[]{str, Integer.valueOf(i), e4});
            }
            throw th;
        }
    }

    public Result updateCrlConfig(CrlConfigVO crlConfigVO) {
        try {
            CrlConfigBean crlConfigBean = new CrlConfigBean();
            BeanUtils.copyProperties(crlConfigVO, crlConfigBean);
            String crlLocalDirectory = crlConfigBean.getCrlLocalDirectory();
            if (StringUtils.isNotBlank(crlLocalDirectory)) {
                File file = new File(crlLocalDirectory);
                if (!file.exists()) {
                    file.mkdirs();
                }
                crlConfigBean.setCrlLocalDirectory(UrlUtil.checkUrlFromat(crlLocalDirectory));
                crlConfigBean.setCrlRemoteURL(UrlUtil.checkUrlHttp(crlConfigBean.getCrlRemoteURL()));
            }
            ConfigUtil.updateCrlConfig(this.env, crlConfigBean);
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
            caInfoVO.setCrlConfig(ConfigUtil.getCrlConfig(this.env));
            Constants.CA_INFO.put(Constants.BASE_ALG_TYPE, caInfoVO);
            return Result.success();
        } catch (Exception e) {
            throw new ServiceException("保存ldap配置信息异常", e);
        }
    }

    public Result genKmP10(CreateP10VO createP10VO) {
        String str;
        try {
            try {
                DnUtil.getRFC4519X500Name(createP10VO.getDn());
                if (StringUtils.isNotBlank(createP10VO.getSslDn())) {
                    KeyPair p10KeyPair = getP10KeyPair(createP10VO);
                    this.logger.debug("KM应用签名公私钥长度:" + createP10VO.getAlgLength());
                    createP10VO.setPrivateKey(p10KeyPair.getPrivate());
                    createP10VO.setPublicKey(p10KeyPair.getPublic());
                    str = "KMCertReq_qm_" + DateTimeUtil.dateToZipStr(new Date()) + "ZIP.zip";
                    File file = new File(this.configPath + "p10/");
                    if (!file.exists()) {
                        file.mkdir();
                    }
                    FileUtils.saveFile(FileUtils.buildZip(this.hsmService.genP10(createP10VO, Integer.valueOf(P10typeEnum.KM.value)).getEncoded(), p10KeyPair.getPublic().getEncoded()), this.configPath + "p10/" + str);
                } else {
                    if (Constants.CRYPT_DEVICE_TYPE.intValue() != Constants.CRYPT_DEVICE_HSM.intValue()) {
                        KeyPair generateSM2KeyPairByBC = GMSSLSM2KeyUtils.generateSM2KeyPairByBC();
                        CertUtil.writeObjToFile(generateSM2KeyPairByBC.getPrivate(), this.configPath + "km/tmp/appSignPrivate.key");
                        CertUtil.writeObjToFile(generateSM2KeyPairByBC.getPublic(), this.configPath + "km/tmp/appSignPublickey.pem");
                        createP10VO.setPrivateKey(generateSM2KeyPairByBC.getPrivate());
                        createP10VO.setPublicKey(generateSM2KeyPairByBC.getPublic());
                    } else if (!GMSSLSM2KeyUtils.getPrivateKeyAccessRightFromYunHsm(createP10VO.getKeyIndex().intValue(), createP10VO.getPrivateKeyPin())) {
                        this.logger.debug("生成KM通信证书p10失败：密码机两码没有访问权限[{}]", createP10VO);
                        return Result.failure(ErrorEnum.HSM_KEY_PIN_ERROR);
                    }
                    createP10VO.setAlgName(SignAlgTypeEnum.SM3_WITH_SM2.algName);
                    PKCS10CertificationRequest genP10 = this.hsmService.genP10(createP10VO, Integer.valueOf(P10typeEnum.KM.value));
                    str = "KMCertReq_" + DateTimeUtil.dateToZipStr(new Date()) + ".p10";
                    File file2 = new File(this.configPath + "p10/");
                    if (!file2.exists()) {
                        file2.mkdir();
                    }
                    CertUtil.writeObjToFile(genP10, this.configPath + "p10/" + str);
                    ConfigUtil.saveTmpKmConfig(this.env, new KmConfigBean(createP10VO.getKeyIndex(), createP10VO.getPrivateKeyPin()));
                }
                HashMap hashMap = new HashMap();
                hashMap.put("p10Name", str);
                hashMap.put("sslP10Name", "");
                return Result.success(hashMap);
            } catch (Exception e) {
                this.logger.debug("生成km通信证书申请文件p10失败：DN不符合X500规范[{}]", createP10VO.getDn());
                return Result.failure(ErrorEnum.DN_FORMAT_FAIL);
            }
        } catch (Exception e2) {
            throw new ServiceException("生成P10失败", e2);
        }
    }

    private KeyPair getP10KeyPair(CreateP10VO createP10VO) {
        KeyPair generateKeyPair = this.softAlgManager.generateKeyPair(createP10VO.getAlgLength());
        CertUtil.writeObjToFile(generateKeyPair.getPrivate(), this.configPath + "km/tmp/appSignPrivate.key");
        CertUtil.writeObjToFile(generateKeyPair.getPublic(), this.configPath + "km/tmp/appSignPublickey.pem");
        return generateKeyPair;
    }

    private KeyPair getSSLP10KeyPair(CreateP10VO createP10VO) {
        KeyPair generateKeyPair = this.softAlgManager.generateKeyPair(createP10VO.getAlgLength());
        CertUtil.writeObjToFile(generateKeyPair.getPrivate(), this.configPath + "km/tmp/sslPrivate.key");
        CertUtil.writeObjToFile(generateKeyPair.getPublic(), this.configPath + "km/tmp/sslPublickey.pem");
        return generateKeyPair;
    }

    public Result importKmConfig(FileInputStream fileInputStream, FileInputStream fileInputStream2, KmConfigBean kmConfigBean) {
        try {
            KmConfigBean kmConfig = ConfigUtil.getKmConfig(this.env);
            if (null != fileInputStream2) {
                X509Certificate certFromFile = CertUtils.getCertFromFile(fileInputStream2);
                if (Constants.BASE_ALG_TYPE == Constants.CRYPT_DEVICE_HSM) {
                    if (!Boolean.valueOf(GMSSLSM2SignUtils.verifyByYunhsm(certFromFile.getPublicKey(), Base64.toBase64String("sushi".getBytes()), GMSSLSM2SignUtils.signByYunhsm(kmConfigBean.getKeyIndex().intValue(), kmConfigBean.getPrivateKeyPin(), Base64.toBase64String("sushi".getBytes())))).booleanValue()) {
                        this.logger.info("通信证书公私钥验证失败");
                        return Result.failure(ErrorEnum.PUBLIC_KEY_IS_NOT_MATCH_ERROR);
                    }
                } else {
                    FileUtils.copy(this.configPath + "km/tmp/appSignPrivate.key", this.configPath + "km/appSignPrivate.key");
                    FileUtils.copy(this.configPath + "km/tmp/appSignPublickey.pem", this.configPath + "km/appSignPublickey.pem");
                }
                CertUtil.writeObjToPem(certFromFile, this.configPath + "swxa/certs/ck/swxaComm.cer");
            } else if (null != kmConfig && StringUtils.isNotBlank(kmConfig.getKmCommCertName())) {
                kmConfigBean.setKmCommCertName(kmConfig.getKmCommCertName());
            }
            if (null != fileInputStream) {
                CertUtil.writeObjToPem(CertUtils.getCertFromFile(fileInputStream), this.configPath + "swxa/certs/ck/swxaCa.cer");
            } else if (null != kmConfig && StringUtils.isNotBlank(kmConfig.getKmCaCertName())) {
                kmConfigBean.setKmCaCertName(kmConfig.getKmCaCertName());
            }
            ConfigUtil.saveKmConfig(this.env, kmConfigBean);
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
            caInfoVO.setKmConfigBean(ConfigUtil.getKmConfig(this.env));
            Constants.CA_INFO.put(Constants.BASE_ALG_TYPE, caInfoVO);
            return Result.success();
        } catch (Exception e) {
            throw new ServiceException("保存Km配置信息时异常", e);
        }
    }

    public Result getKmConfig() {
        try {
            KmConfigBean kmConfig = ConfigUtil.getKmConfig(this.env);
            return null == kmConfig ? Result.success(new KmConfigBean()) : Result.success(kmConfig);
        } catch (Exception e) {
            throw new ServiceException("获取km配置异常", e);
        }
    }

    public Result testKmConfig(String str, Integer num) {
        try {
            boolean isHostConnectivity = isHostConnectivity(str, num.intValue());
            HashMap hashMap = new HashMap();
            hashMap.put("result", Boolean.valueOf(isHostConnectivity));
            return Result.success(hashMap);
        } catch (Exception e) {
            throw new ServiceException("测试Km连通性异常", e);
        }
    }

    public Result testConfigKmInit() {
        try {
            HashMap hashMap = new HashMap();
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
            if (null != caInfoVO) {
                KmConfigBean kmConfigBean = caInfoVO.getKmConfigBean();
                if (null == kmConfigBean) {
                    XdjaKmConfigBean xdjaKmConfigBean = caInfoVO.getXdjaKmConfigBean();
                    if (null != xdjaKmConfigBean && StringUtils.isNotBlank(xdjaKmConfigBean.getKmIp())) {
                        hashMap.put("result", true);
                        return Result.success(hashMap);
                    }
                } else if (StringUtils.isNotBlank(kmConfigBean.getIp())) {
                    hashMap.put("result", true);
                    return Result.success(hashMap);
                }
            }
            hashMap.put("result", false);
            return Result.success(hashMap);
        } catch (Exception e) {
            throw new ServiceException("查询KM是否初始化异常", e);
        }
    }

    public String getNameByPath(String str) {
        String[] split = str.split("\\\\");
        return split[split.length - 1];
    }

    public Result saveXdjaKmConfig(Integer num, String str, String str2, int i, MultipartFile multipartFile, MultipartFile multipartFile2, MultipartFile multipartFile3, MultipartFile multipartFile4, MultipartFile multipartFile5, MultipartFile multipartFile6, MultipartFile multipartFile7) throws Exception {
        try {
            Result result = new Result();
            XdjaKmConfigBean xdjaKmConfigBean = ConfigUtil.getXdjaKmConfigBean(this.env);
            if (null == xdjaKmConfigBean) {
                if (multipartFile2.getBytes() == null || multipartFile.getBytes() == null || multipartFile3.getBytes() == null || multipartFile4.getBytes() == null) {
                    result.setError(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
                    return result;
                }
                xdjaKmConfigBean = new XdjaKmConfigBean();
            }
            Result testXdjaKmConfigConnection = testXdjaKmConfigConnection(num, str, str2, i, multipartFile, multipartFile2, multipartFile3, multipartFile4, multipartFile5, multipartFile6, multipartFile7);
            if (!testXdjaKmConfigConnection.isSuccess()) {
                return testXdjaKmConfigConnection;
            }
            if (!((Boolean) testXdjaKmConfigConnection.getInfo()).booleanValue()) {
                return Result.failure(ErrorEnum.XDJA_KM_CONNECTION_FAIL);
            }
            XdjaKmConfigBean saveNewXdjaKmCert = saveNewXdjaKmCert(xdjaKmConfigBean, num, str, str2, i, multipartFile, multipartFile2, multipartFile3, multipartFile4, multipartFile5, multipartFile6, multipartFile7);
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
            caInfoVO.setXdjaKmConfigBean(saveNewXdjaKmCert);
            ConfigUtil.saveXdjaKmConfigBean(this.env, saveNewXdjaKmCert);
            Constants.CA_INFO.put(Constants.BASE_ALG_TYPE, caInfoVO);
            return Result.success();
        } catch (Exception e) {
            throw new ServiceException("保存KM配置异常", e);
        }
    }

    private XdjaKmConfigBean saveNewXdjaKmCert(XdjaKmConfigBean xdjaKmConfigBean, Integer num, String str, String str2, int i, MultipartFile multipartFile, MultipartFile multipartFile2, MultipartFile multipartFile3, MultipartFile multipartFile4, MultipartFile multipartFile5, MultipartFile multipartFile6, MultipartFile multipartFile7) throws Exception {
        if (null != num) {
            xdjaKmConfigBean.setKeyIndex(num);
        }
        if (StringUtils.isNotBlank(str)) {
            xdjaKmConfigBean.setPriKeyPwd(str);
        }
        if (StringUtils.isNotBlank(str2)) {
            xdjaKmConfigBean.setKmIp(str2);
        }
        if (0 != i) {
            xdjaKmConfigBean.setKmPort(i);
        }
        if (null != multipartFile2 && null != multipartFile2.getBytes()) {
            xdjaKmConfigBean.setAppEncCert(multipartFile2.getOriginalFilename());
            P7bUtils.saveP7bByteToFile(multipartFile2.getBytes(), this.configPath + "km/appEncCert.p7b");
            if (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_BC.intValue()) {
                FileUtils.copy(this.configPath + "km/tmp/appSignPrivate.key", this.configPath + "km/appSignPrivate.key");
                FileUtils.copy(this.configPath + "km/tmp/appSignPublickey.pem", this.configPath + "km/appSignPublickey.pem");
            }
        }
        if (null != multipartFile && null != multipartFile.getBytes()) {
            xdjaKmConfigBean.setAppSignCert(multipartFile.getOriginalFilename());
            P7bUtils.saveP7bByteToFile(multipartFile.getBytes(), this.configPath + "km/appSignCert.p7b");
            if (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_BC.intValue()) {
                FileUtils.copy(this.configPath + "km/tmp/appSignPrivate.key", this.configPath + "km/appSignPrivate.key");
                FileUtils.copy(this.configPath + "km/tmp/appSignPublickey.pem", this.configPath + "km/appSignPublickey.pem");
            }
        }
        if (null != multipartFile3 && null != multipartFile3.getBytes()) {
            xdjaKmConfigBean.setKmServerSignCert(multipartFile3.getOriginalFilename());
            P7bUtils.saveP7bByteToFile(multipartFile3.getBytes(), this.configPath + "km/kmServerSignCert.p7b");
        }
        if (null != multipartFile4 && null != multipartFile4.getBytes()) {
            xdjaKmConfigBean.setKmServerEncCert(multipartFile4.getOriginalFilename());
            P7bUtils.saveP7bByteToFile(multipartFile4.getBytes(), this.configPath + "km/kmServerEncCert.p7b");
        }
        ConfigUtil.saveXdjaKmConfigBean(this.env, xdjaKmConfigBean);
        return xdjaKmConfigBean;
    }

    public Result getXdjaKmConfig() throws Exception {
        try {
            return Result.success(buildXdjaKmConfig(ConfigUtil.getXdjaKmConfigBean(this.env)));
        } catch (Exception e) {
            throw new ServiceException("获取信大捷安KM配置异常", e);
        }
    }

    private Map<String, Object> buildXdjaKmConfig(XdjaKmConfigBean xdjaKmConfigBean) {
        HashMap hashMap = new HashMap();
        if (null == xdjaKmConfigBean) {
            xdjaKmConfigBean = new XdjaKmConfigBean();
        }
        hashMap.put("kmIp", xdjaKmConfigBean.getKmIp());
        hashMap.put("kmPort", Integer.valueOf(xdjaKmConfigBean.getKmPort()));
        hashMap.put("keyIndex", xdjaKmConfigBean.getKeyIndex());
        hashMap.put("priKeyPwd", xdjaKmConfigBean.getPriKeyPwd());
        hashMap.put("localSignCert", xdjaKmConfigBean.getAppSignCert());
        hashMap.put("localEncCert", xdjaKmConfigBean.getAppEncCert());
        hashMap.put("kmServerSignCert", xdjaKmConfigBean.getKmServerSignCert());
        hashMap.put("kmServerEncCert", xdjaKmConfigBean.getKmServerEncCert());
        hashMap.put("kmTrustCert", xdjaKmConfigBean.getSslCaCertChain());
        hashMap.put("sslSignCert", xdjaKmConfigBean.getSslSignCert());
        hashMap.put("sslEncCert", xdjaKmConfigBean.getSslEncCert());
        return hashMap;
    }

    private Result verifyPublicKeyWithIndex(int i, int i2, X509Certificate x509Certificate) {
        Result result = new Result();
        String base64String = Base64.toBase64String(x509Certificate.getPublicKey().getEncoded());
        PublicKey publicKey = null;
        if (Constants.BASE_ALG_TYPE.equals(Constants.RSA_ALG)) {
            try {
                if (i == 2) {
                    publicKey = GMSSLRSAKeyUtils.getSignPublicKeyByYunhsm(i2);
                } else if (i == 3) {
                    publicKey = GMSSLRSAKeyUtils.getEncryptPublicKeyByYunhsm(i2);
                }
            } catch (Exception e) {
                this.logger.error("密钥索引错误", e);
                result.setError(ErrorEnum.KM_INDEX_CONFIG_IS_ERROR);
                return result;
            }
        } else {
            try {
                if (i == 2) {
                    publicKey = GMSSLSM2KeyUtils.getSignPublicKeyByYunhsm(i2);
                } else if (i == 3) {
                    publicKey = GMSSLSM2KeyUtils.getEncryptPublicKeyByYunhsm(i2);
                }
            } catch (Exception e2) {
                this.logger.error("密钥索引错误", e2);
                result.setError(ErrorEnum.KM_INDEX_CONFIG_IS_ERROR);
                return result;
            }
        }
        if (base64String.equals(Base64.toBase64String(publicKey.getEncoded()))) {
            return result;
        }
        this.logger.info("证书中的公钥和索引公钥不一致");
        result.setError(ErrorEnum.CERT_PUB_KEY_NOT_SAME_INDEX_KEY);
        return result;
    }

    public Result chooseKmSystem(int i) throws Exception {
        Result result = new Result();
        Config configInfo = ConfigUtil.getConfigInfo(this.env);
        configInfo.setKmSystemType(i);
        Config.saveConfig(configInfo, ConfigUtil.getConfigPath(this.env));
        return result;
    }

    public Result getKmSystemType() {
        Result result = new Result();
        result.setInfo(Integer.valueOf(ConfigUtil.getConfigInfo(this.env).getKmSystemType()));
        return result;
    }

    /* JADX WARN: Removed duplicated region for block: B:58:0x0292 A[Catch: Exception -> 0x045c, TryCatch #0 {Exception -> 0x045c, blocks: (B:66:0x002f, B:68:0x0039, B:70:0x004e, B:72:0x0067, B:74:0x0082, B:76:0x0097, B:12:0x019c, B:14:0x01a6, B:16:0x01bb, B:21:0x020e, B:23:0x0218, B:25:0x022d, B:27:0x025b, B:30:0x02a9, B:32:0x02b3, B:34:0x02c8, B:37:0x032c, B:39:0x038c, B:41:0x0396, B:43:0x03ab, B:45:0x03d9, B:48:0x0434, B:52:0x02f9, B:54:0x0321, B:56:0x026a, B:58:0x0292, B:60:0x029d, B:61:0x01d7, B:63:0x01fe, B:80:0x00b3, B:82:0x00e0, B:84:0x00f3, B:86:0x012d, B:4:0x0143, B:6:0x016a, B:9:0x0175), top: B:65:0x002f }] */
    /* JADX WARN: Removed duplicated region for block: B:60:0x029d A[Catch: Exception -> 0x045c, TRY_ENTER, TryCatch #0 {Exception -> 0x045c, blocks: (B:66:0x002f, B:68:0x0039, B:70:0x004e, B:72:0x0067, B:74:0x0082, B:76:0x0097, B:12:0x019c, B:14:0x01a6, B:16:0x01bb, B:21:0x020e, B:23:0x0218, B:25:0x022d, B:27:0x025b, B:30:0x02a9, B:32:0x02b3, B:34:0x02c8, B:37:0x032c, B:39:0x038c, B:41:0x0396, B:43:0x03ab, B:45:0x03d9, B:48:0x0434, B:52:0x02f9, B:54:0x0321, B:56:0x026a, B:58:0x0292, B:60:0x029d, B:61:0x01d7, B:63:0x01fe, B:80:0x00b3, B:82:0x00e0, B:84:0x00f3, B:86:0x012d, B:4:0x0143, B:6:0x016a, B:9:0x0175), top: B:65:0x002f }] */
    /* JADX WARN: Removed duplicated region for block: B:63:0x01fe A[Catch: Exception -> 0x045c, TryCatch #0 {Exception -> 0x045c, blocks: (B:66:0x002f, B:68:0x0039, B:70:0x004e, B:72:0x0067, B:74:0x0082, B:76:0x0097, B:12:0x019c, B:14:0x01a6, B:16:0x01bb, B:21:0x020e, B:23:0x0218, B:25:0x022d, B:27:0x025b, B:30:0x02a9, B:32:0x02b3, B:34:0x02c8, B:37:0x032c, B:39:0x038c, B:41:0x0396, B:43:0x03ab, B:45:0x03d9, B:48:0x0434, B:52:0x02f9, B:54:0x0321, B:56:0x026a, B:58:0x0292, B:60:0x029d, B:61:0x01d7, B:63:0x01fe, B:80:0x00b3, B:82:0x00e0, B:84:0x00f3, B:86:0x012d, B:4:0x0143, B:6:0x016a, B:9:0x0175), top: B:65:0x002f }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.xdja.pki.ca.core.common.Result testXdjaKmConfigConnection(java.lang.Integer r14, java.lang.String r15, java.lang.String r16, int r17, org.springframework.web.multipart.MultipartFile r18, org.springframework.web.multipart.MultipartFile r19, org.springframework.web.multipart.MultipartFile r20, org.springframework.web.multipart.MultipartFile r21, org.springframework.web.multipart.MultipartFile r22, org.springframework.web.multipart.MultipartFile r23, org.springframework.web.multipart.MultipartFile r24) {
        /*
            Method dump skipped, instructions count: 1144
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.xdja.pki.ca.securitymanager.service.init.SystemConfigServiceImpl.testXdjaKmConfigConnection(java.lang.Integer, java.lang.String, java.lang.String, int, org.springframework.web.multipart.MultipartFile, org.springframework.web.multipart.MultipartFile, org.springframework.web.multipart.MultipartFile, org.springframework.web.multipart.MultipartFile, org.springframework.web.multipart.MultipartFile, org.springframework.web.multipart.MultipartFile, org.springframework.web.multipart.MultipartFile):com.xdja.pki.ca.core.common.Result");
    }
}
