package com.xdja.pki.ca.securitymanager.service.localca;

import com.xdja.pki.ca.certmanager.service.racert.RaManagerCertService;
import com.xdja.pki.ca.certmanager.service.racert.bean.CertTypeEnum;
import com.xdja.pki.ca.certmanager.service.racert.bean.PwdUsedEnum;
import com.xdja.pki.ca.certmanager.service.task.TaskDataService;
import com.xdja.pki.ca.certmanager.service.template.TemplateService;
import com.xdja.pki.ca.certmanager.service.template.bean.TemplateInfoVO;
import com.xdja.pki.ca.certmanager.service.util.ExtensionUtil;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.common.ConfigUtil;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.PageInfo;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.configBasic.bean.CaPwdBean;
import com.xdja.pki.ca.core.configBasic.bean.KeyInfoBean;
import com.xdja.pki.ca.core.enums.CertStatusEnum;
import com.xdja.pki.ca.core.enums.P10typeEnum;
import com.xdja.pki.ca.core.enums.TemplateStatusEnum;
import com.xdja.pki.ca.core.enums.TemplateTypeEnum;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.core.pkcs7.P7bUtils;
import com.xdja.pki.ca.core.util.CertUtils;
import com.xdja.pki.ca.core.util.DnUtil;
import com.xdja.pki.ca.core.util.time.DateTimeUtil;
import com.xdja.pki.ca.core.util.time.IssueTimeUtil;
import com.xdja.pki.ca.hsm.manager.HsmManager;
import com.xdja.pki.ca.ldap.service.CrlLdapUrlService;
import com.xdja.pki.ca.securitymanager.dao.CaCertDao;
import com.xdja.pki.ca.securitymanager.dao.CertSnDao;
import com.xdja.pki.ca.securitymanager.dao.model.CaCertDTO;
import com.xdja.pki.ca.securitymanager.dao.model.CaCertDo;
import com.xdja.pki.ca.securitymanager.dao.model.CaDO;
import com.xdja.pki.ca.securitymanager.dao.model.RootCertDO;
import com.xdja.pki.ca.securitymanager.service.vo.BasicContrainsEnum;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.ca.securitymanager.service.vo.CreateP10VO;
import com.xdja.pki.ca.securitymanager.service.vo.OldAndNewDTO;
import com.xdja.pki.ca.securitymanager.service.vo.RootCaDetailDTO;
import com.xdja.pki.ca.securitymanager.service.vo.SignAlgTypeEnum;
import com.xdja.pki.ca.securitymanager.service.vo.UpdateRootCertVO;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2KeyUtils;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;

@Service
/* loaded from: input_file:com/xdja/pki/ca/securitymanager/service/localca/LocalCaServiceImpl.class */
public class LocalCaServiceImpl implements LocalCaService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private CaCertDao caCertDao;

    @Autowired
    private HsmManager hsmService;

    @Autowired
    private Environment environment;

    @Autowired
    private TemplateService templateService;

    @Autowired
    private CertSnDao certSnDao;

    @Autowired
    private CrlLdapUrlService crlLdapUrlService;

    @Autowired
    private TaskDataService taskDataService;

    @Autowired
    private RaManagerCertService raManagerCertService;

    @Value("${config.path}")
    private String configPath;

    public Result getLocalCaHistoryList(Integer num, Integer num2) {
        try {
            PageInfo caCertHistoryList = this.caCertDao.getCaCertHistoryList(num.intValue(), num2.intValue());
            List<CaCertDTO> list = (List) caCertHistoryList.getDatas();
            for (CaCertDTO caCertDTO : list) {
                caCertDTO.setSignAlgStr(SignAlgTypeEnum.getViewAlgName(Integer.parseInt(caCertDTO.getSignAlg())));
            }
            caCertHistoryList.setDatas(list);
            return Result.success(caCertHistoryList);
        } catch (Exception e) {
            throw new ServiceException("查询本机CA历史证书列表失败", e);
        }
    }

    public Result createP10(CreateP10VO createP10VO) {
        try {
            DnUtil.getRFC4519X500Name(createP10VO.getDn());
            if (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_HSM.intValue()) {
                if (null == createP10VO.getKeyIndex() && StringUtils.isEmpty(createP10VO.getPrivateKeyPin())) {
                    CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
                    createP10VO.setKeyIndex(caInfoVO.getCaPwdBean().getKeyIndex());
                    createP10VO.setPrivateKeyPin(caInfoVO.getCaPwdBean().getPrivateKeyPin());
                }
                if (!GMSSLSM2KeyUtils.getPrivateKeyAccessRightFromYunHsm(createP10VO.getKeyIndex().intValue(), createP10VO.getPrivateKeyPin())) {
                    this.logger.debug("更新根证书失败：密码机两码没有访问权限[{}]", createP10VO);
                    return Result.failure(ErrorEnum.HSM_KEY_PIN_ERROR);
                }
            }
            try {
                PKCS10CertificationRequest genP10 = this.hsmService.genP10(createP10VO, Integer.valueOf(P10typeEnum.CA.value));
                String str = "CertReq_" + DateTimeUtil.dateToZipStr(new Date()) + ".p10";
                CertUtil.writeObjToFile(genP10, this.configPath + "p10/" + str);
                KeyInfoBean keyInfoBean = new KeyInfoBean();
                CaPwdBean caPwdBean = new CaPwdBean();
                BeanUtils.copyProperties(createP10VO, caPwdBean);
                keyInfoBean.setCaPwdBean(caPwdBean);
                keyInfoBean.setKeyAlg(createP10VO.getAlg());
                keyInfoBean.setKeySize(createP10VO.getAlgLength());
                if (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_BC.intValue()) {
                    keyInfoBean.setPublicKey(CertUtil.getPublicKeyFromP10(CertUtil.writeObject(genP10)));
                }
                writeObjToFile(keyInfoBean, Constants.TEMPORARY_LOCAL_CAPWD_PATH);
                HashMap hashMap = new HashMap();
                hashMap.put("p10Name", str);
                return Result.success(hashMap);
            } catch (Exception e) {
                throw new ServiceException("生成p10申请书失败", e);
            }
        } catch (Exception e2) {
            this.logger.debug("生成P10失败: DN不符合X500规范[{}]", createP10VO.getDn());
            return Result.failure(ErrorEnum.DN_FORMAT_FAIL);
        }
    }

    public Result getRootCertDetail() {
        try {
            if (!this.caCertDao.currentIsRootCa().booleanValue()) {
                this.logger.info("本机CA不是根CA,无法获取根CA信息");
                return Result.failure(ErrorEnum.PERMISSION_ACCESS_ERROR);
            }
            RootCertDO currentRootCert = this.caCertDao.getCurrentRootCert();
            CaCertDo currentCert = this.caCertDao.getCurrentCert();
            RootCaDetailDTO rootCaDetailDTO = new RootCaDetailDTO();
            BeanUtils.copyProperties(currentRootCert, rootCaDetailDTO);
            TemplateInfoVO innerTemplateByType = this.templateService.getInnerTemplateByType(TemplateTypeEnum.ROOT_CA.value);
            if (null == innerTemplateByType) {
                this.logger.info("查询模板信息结果：模板不存在[{}]", Integer.valueOf(TemplateTypeEnum.ROOT_CA.value));
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            if (TemplateStatusEnum.NORMAL.value != innerTemplateByType.getStatus().intValue()) {
                this.logger.info("查询模板信息结果：模板状态不正常，模板状态为[{}]", innerTemplateByType.getStatus());
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(currentCert.getPublicKeyAlg());
            rootCaDetailDTO.setBaseDn(caInfoVO.getBaseDn());
            rootCaDetailDTO.setRemainingTime(Integer.valueOf(IssueTimeUtil.getCertRemainTime(caInfoVO.getRootCert().getNotAfter(), new Date()).intValue()));
            rootCaDetailDTO.setMaxValidity(innerTemplateByType.getMaxValidity());
            rootCaDetailDTO.setKeyAlgLength(innerTemplateByType.getKeySize());
            return Result.success(rootCaDetailDTO);
        } catch (BeansException e) {
            throw new ServiceException("获取根CA详情失败", e);
        }
    }

    public Result updateRootCert(UpdateRootCertVO updateRootCertVO) {
        try {
            if (!this.caCertDao.isCurrent(updateRootCertVO.getSn()).booleanValue() || !this.caCertDao.isRootCa(updateRootCertVO.getSn()).booleanValue()) {
                this.logger.info("本机CA不是根CA,无法获取根CA信息");
                return Result.failure(ErrorEnum.PERMISSION_ACCESS_ERROR);
            }
            TemplateInfoVO innerTemplateByType = this.templateService.getInnerTemplateByType(TemplateTypeEnum.ROOT_CA.value);
            OldAndNewDTO oldAndNewDTO = new OldAndNewDTO();
            if (null == innerTemplateByType) {
                this.logger.info("查询模板信息结果：模板不存在[{}]", Integer.valueOf(TemplateTypeEnum.CA.value));
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            if (TemplateStatusEnum.NORMAL.value != innerTemplateByType.getStatus().intValue()) {
                this.logger.info("查询模板信息结果：模板状态不正常，模板状态为[{}]", innerTemplateByType.getStatus());
                return Result.failure(ErrorEnum.TEMPLATE_STATUS_IS_STOP);
            }
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(innerTemplateByType.getKeyAlg());
            if (null == caInfoVO || StringUtils.isBlank(caInfoVO.getBaseDn())) {
                this.logger.debug("更新CA根证书失败：未查到CA基本信息[{}]", updateRootCertVO);
                return Result.failure(ErrorEnum.CA_BASEINFO_GET_FAIL);
            }
            CaInfoVO caInfoVO2 = new CaInfoVO();
            BeanUtils.copyProperties(caInfoVO, caInfoVO2);
            ConfigUtil.saveOldCaPwdConfig(this.environment, caInfoVO2.getCaPwdBean());
            PublicKey publicKey = Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_BC.intValue() ? caInfoVO2.getKeyPair().getPublic() : this.hsmService.getSignPublicKeyByCryptyDevice(caInfoVO2.getCaPwdBean().getKeyIndex(), Integer.valueOf(PwdUsedEnum.ROOT_CERT_TYPE.value), innerTemplateByType.getKeyAlg(), innerTemplateByType.getKeySize());
            oldAndNewDTO.setOldSubject(caInfoVO2.getSubject());
            oldAndNewDTO.setOldPrivateKey(caInfoVO2.getRootPrivateKey());
            oldAndNewDTO.setOldPublicKey(publicKey);
            oldAndNewDTO.setOldCaPwdBean(caInfoVO2.getCaPwdBean());
            oldAndNewDTO.setOldCertBeforeTime(caInfoVO2.getRootCert().getNotBefore());
            oldAndNewDTO.setOldCertAfterTime(caInfoVO2.getRootCert().getNotBefore());
            oldAndNewDTO.setNewSubject(caInfoVO2.getSubject());
            oldAndNewDTO.setNewPrivateKey(caInfoVO2.getRootPrivateKey());
            oldAndNewDTO.setNewCaPwdBean(caInfoVO2.getCaPwdBean());
            oldAndNewDTO.setNewPublicKey(publicKey);
            if (null == caInfoVO || StringUtils.isBlank(caInfoVO.getBaseDn())) {
                this.logger.debug("更新CA根证书失败：未查到CA基本信息[{}]", updateRootCertVO);
                return Result.failure(ErrorEnum.CA_BASEINFO_GET_FAIL);
            }
            if (updateRootCertVO.getDnUpdate().booleanValue()) {
                if (!updateRootCertVO.getCertDn().toLowerCase().endsWith(caInfoVO.getBaseDn().toLowerCase())) {
                    this.logger.debug("更新CA根证书失败：DN中的baseDn不正确[{}]", updateRootCertVO);
                    return Result.failure(ErrorEnum.BASEDN_ERROR);
                }
                try {
                    DnUtil.getRFC4519X500Name(updateRootCertVO.getCertDn());
                    oldAndNewDTO.setNewSubject(updateRootCertVO.getCertDn());
                } catch (Exception e) {
                    this.logger.debug("初始化CA证书失败：DN不符合X500规范[{}]", updateRootCertVO.getCertDn());
                    return Result.failure(ErrorEnum.DN_FORMAT_FAIL);
                }
            }
            Date date = new Date();
            Date notAfter = caInfoVO.getRootCert().getNotAfter();
            if (updateRootCertVO.getValidityUpdate().booleanValue()) {
                if (updateRootCertVO.getValidity().intValue() > innerTemplateByType.getMaxValidity().intValue()) {
                    this.logger.debug("延期天数超过模板最大有效期");
                    return Result.failure(ErrorEnum.TIME_BEYOND_VALIDITY_ERROR);
                }
                notAfter = new Date(date.getTime() + (updateRootCertVO.getValidity().intValue() * 24 * 60 * 60 * 1000));
            }
            oldAndNewDTO.setNewCertBeforeTime(date);
            oldAndNewDTO.setNewCertAfterTime(notAfter);
            BigInteger maxSn = this.certSnDao.getMaxSn(date);
            CaPwdBean caPwdBean = caInfoVO.getCaPwdBean();
            if (updateRootCertVO.isKeyUpdate()) {
                if (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_HSM.intValue()) {
                    if (!GMSSLSM2KeyUtils.getPrivateKeyAccessRightFromYunHsm(updateRootCertVO.getKeyIndex().intValue(), updateRootCertVO.getPrivateKeyPin())) {
                        this.logger.debug("更新根证书失败：密码机两码没有访问权限[{}]", updateRootCertVO);
                        return Result.failure(ErrorEnum.HSM_KEY_PIN_ERROR);
                    }
                    caPwdBean = new CaPwdBean(updateRootCertVO.getKeyIndex(), updateRootCertVO.getPrivateKeyPin());
                }
                oldAndNewDTO.setNewPublicKey(this.hsmService.getSignPublicKeyByCryptyDevice(updateRootCertVO.getKeyIndex(), Integer.valueOf(PwdUsedEnum.ROOT_CERT_TYPE.value), innerTemplateByType.getKeyAlg(), innerTemplateByType.getKeySize()));
            }
            oldAndNewDTO.setNewCaPwdBean(caPwdBean);
            List changeExtensionFormat = ExtensionUtil.changeExtensionFormat(innerTemplateByType.getExtensions(), (Map) null, oldAndNewDTO.getNewPublicKey(), updateRootCertVO.getCertDn(), this.crlLdapUrlService.getLdapOcspUrl(maxSn, updateRootCertVO.getCertDn(), caInfoVO, true, (Integer) null), true);
            caInfoVO.setCaPwdBean(caPwdBean);
            caInfoVO.setSubject(updateRootCertVO.getCertDn());
            X509Certificate genRootX509Certificate = this.hsmService.genRootX509Certificate(updateRootCertVO.getCertDn(), maxSn, date, notAfter, oldAndNewDTO.getNewPublicKey(), caInfoVO, changeExtensionFormat, innerTemplateByType.getSignAlg());
            TemplateInfoVO innerTemplateByType2 = this.templateService.getInnerTemplateByType(TemplateTypeEnum.CA.value);
            CaCertDo completeRootCert = completeRootCert(genRootX509Certificate, innerTemplateByType2, oldAndNewDTO, caInfoVO);
            completeRootCert.setCaId(caInfoVO.getCaId());
            completeRootCert.setOldCertId(this.caCertDao.getCurrentCaCert().getId());
            this.caCertDao.setIsCurrent(updateRootCertVO.getSn(), CaDO.CaMasterEnum.NO.value);
            CaCertDo save = this.caCertDao.save(completeRootCert);
            caInfoVO.setRootCert(genRootX509Certificate);
            BeanUtils.copyProperties(save, caInfoVO);
            caInfoVO.setCertId(save.getId());
            Constants.CA_INFO.put(innerTemplateByType2.getKeyAlg(), caInfoVO);
            ConfigUtil.saveCaPwdConfig(this.environment, caPwdBean);
            this.taskDataService.savePublishCert(save.getId(), (Long) null, 3);
            this.taskDataService.saveSyncStatusCert(save.getId(), (Long) null, 5, Integer.valueOf(CertStatusEnum.NORMAL.value), (Integer) null, new Date());
            return Result.success((Object) null, oldAndNewDTO.getOldSubject());
        } catch (Exception e2) {
            throw new ServiceException("更新根CA证书失败", e2);
        }
    }

    public Result importCertChain(byte[] bArr) {
        try {
            Result vertifyCertChain = vertifyCertChain(bArr);
            if (!vertifyCertChain.isSuccess()) {
                return vertifyCertChain;
            }
            X509Certificate x509Certificate = (X509Certificate) ((List) vertifyCertChain.getInfo()).get(0);
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
            if (!CertUtil.getSubjectByX509Cert(x509Certificate).toLowerCase().endsWith(caInfoVO.getBaseDn().toLowerCase())) {
                this.logger.error("导入证书失败：DN中的baseDn不正确[{}]", CertUtil.getSubjectByX509Cert(x509Certificate));
                return Result.failure(ErrorEnum.BASEDN_ERROR);
            }
            try {
                KeyInfoBean readObjFromFile = readObjFromFile(Constants.TEMPORARY_LOCAL_CAPWD_PATH);
                if (!new String((Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_HSM.intValue() ? this.hsmService.getSignPublicKeyByCryptyDevice(readObjFromFile.getCaPwdBean().getKeyIndex(), Integer.valueOf(PwdUsedEnum.ROOT_CERT_TYPE.value), readObjFromFile.getKeyAlg(), readObjFromFile.getKeySize()) : readObjFromFile.getPublicKey()).getEncoded()).equals(new String(x509Certificate.getPublicKey().getEncoded()))) {
                    this.logger.info("导入证书链失败:证书中的公钥和P10申请书中的公钥不一致");
                    return Result.failure(ErrorEnum.PUBLIC_KEY_IS_NOT_MATCH_ERROR);
                }
                X509Certificate certFromStr = CertUtil.getCertFromStr(this.caCertDao.getCurrentCaCert().getCert());
                if (x509Certificate.getBasicConstraints() == BasicContrainsEnum.NOT_IS_CA.key) {
                    this.logger.info("导入证书链失败：证书不是CA证书");
                    return Result.failure(ErrorEnum.IS_NOT_CA_CERT);
                }
                if (certFromStr.getBasicConstraints() != x509Certificate.getBasicConstraints()) {
                    this.logger.info("导入证书链失败：导入证书与旧证书的path_length不一致");
                    return Result.failure(ErrorEnum.PATH_LENGTH_IS_NOT_MATCH);
                }
                CaCertDo assemblingByCaCert = assemblingByCaCert(x509Certificate, readObjFromFile, null);
                assemblingByCaCert.setCertChain(new String(bArr));
                this.caCertDao.setIsCurrent(caInfoVO.getRootCert().getSerialNumber().toString(16), CaDO.CaMasterEnum.NO.value);
                CaCertDo save = this.caCertDao.save(assemblingByCaCert);
                caInfoVO.setRootCert(x509Certificate);
                deleteFile(Constants.TEMPORARY_LOCAL_CAPWD_PATH);
                caInfoVO.setCaPwdBean(readObjFromFile.getCaPwdBean());
                ConfigUtil.saveCaPwdConfig(this.environment, readObjFromFile.getCaPwdBean());
                BeanUtils.copyProperties(save, caInfoVO);
                caInfoVO.setCertId(save.getId());
                Constants.CA_INFO.put(readObjFromFile.getKeyAlg(), caInfoVO);
                return Result.success();
            } catch (Exception e) {
                return Result.failure(ErrorEnum.IMPORT_SUB_CA_CERT_CHAIN_NEED_CREATE_SUB_CA_APPLY);
            }
        } catch (Exception e2) {
            throw new ServiceException("导入证书链失败", e2);
        }
    }

    public Result viewCertDetail() {
        try {
            return this.raManagerCertService.getCertDetail(this.caCertDao.getCurrentCert().getSn(), Integer.valueOf(CertTypeEnum.CA_CERT.value));
        } catch (Exception e) {
            throw new ServiceException("查看证书详情失败", e);
        }
    }

    public CaCertDo assemblingByCaCert(X509Certificate x509Certificate, KeyInfoBean keyInfoBean, TemplateInfoVO templateInfoVO) throws Exception {
        CaCertDo caCertDo = new CaCertDo();
        caCertDo.setBeforeTime(x509Certificate.getNotBefore());
        caCertDo.setAfterTime(x509Certificate.getNotAfter());
        caCertDo.setCert(CertUtil.writeObject(x509Certificate));
        caCertDo.setGmtModified(new Date());
        caCertDo.setGmtCreate(new Date());
        caCertDo.setIsCurrent(Integer.valueOf(CaDO.CaMasterEnum.YES.value));
        caCertDo.setIssue(CertUtil.getIssuerByX509Cert(x509Certificate));
        caCertDo.setSn(x509Certificate.getSerialNumber().toString(16));
        caCertDo.setSubject(CertUtil.getSubjectByX509Cert(x509Certificate));
        caCertDo.setStatus(1);
        if (null == templateInfoVO) {
            caCertDo.setCaId(((CaInfoVO) Constants.CA_INFO.get(keyInfoBean.getKeyAlg())).getCaId());
            caCertDo.setPublicKeyAlg(keyInfoBean.getKeyAlg());
            caCertDo.setPrivateKeySize(keyInfoBean.getKeySize());
            caCertDo.setSignAlg(x509Certificate.getSigAlgName());
        } else {
            caCertDo.setCaId(((CaInfoVO) Constants.CA_INFO.get(templateInfoVO.getKeyAlg())).getCaId());
            caCertDo.setPublicKeyAlg(templateInfoVO.getKeyAlg());
            caCertDo.setPrivateKeySize(templateInfoVO.getKeySize());
            caCertDo.setSignAlg(templateInfoVO.getSignAlg());
        }
        return caCertDo;
    }

    public Result vertifyCertChain(byte[] bArr) {
        try {
            List certListFromB64 = CertUtils.getCertListFromB64(bArr);
            if (CollectionUtils.isEmpty(certListFromB64)) {
                this.logger.debug("导入证书链模块>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>证书链格式错误");
                return Result.failure(ErrorEnum.HSM_CA_CHAIN_FORMAT_ERROR);
            }
            if (certListFromB64.size() >= 2) {
                X509Certificate x509Certificate = (X509Certificate) certListFromB64.get(certListFromB64.size() - 1);
                x509Certificate.verify(x509Certificate.getPublicKey());
                x509Certificate.checkValidity(new Date());
                for (int size = certListFromB64.size() - 1; size > 0; size--) {
                    X509Certificate x509Certificate2 = (X509Certificate) certListFromB64.get(size);
                    X509Certificate x509Certificate3 = (X509Certificate) certListFromB64.get(size - 1);
                    x509Certificate3.verify(x509Certificate2.getPublicKey());
                    x509Certificate3.checkValidity(new Date());
                }
            }
            return Result.success(certListFromB64);
        } catch (Exception e) {
            this.logger.debug("导入证书链模块>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>证书链验证失败", e);
            return Result.failure(ErrorEnum.HSM_CA_CHAIN_VERIFY_ERROR);
        }
    }

    private CaCertDo completeRootCert(X509Certificate x509Certificate, TemplateInfoVO templateInfoVO, OldAndNewDTO oldAndNewDTO, CaInfoVO caInfoVO) throws Exception {
        CaCertDo assemblingByCaCert = assemblingByCaCert(x509Certificate, null, templateInfoVO);
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        assemblingByCaCert.setCertChain(P7bUtils.createCertChainByCerts(arrayList));
        Date date = new Date();
        CaInfoVO caInfoVO2 = new CaInfoVO();
        BigInteger maxSn = this.certSnDao.getMaxSn(date);
        List changeExtensionFormat = ExtensionUtil.changeExtensionFormat(templateInfoVO.getExtensions(), (Map) null, oldAndNewDTO.getOldPublicKey(), oldAndNewDTO.getOldSubject(), this.crlLdapUrlService.getLdapOcspUrl(maxSn, oldAndNewDTO.getOldSubject(), caInfoVO, true, (Integer) null), true);
        caInfoVO2.setRootPrivateKey(oldAndNewDTO.getNewPrivateKey());
        caInfoVO2.setCaPwdBean(oldAndNewDTO.getNewCaPwdBean());
        caInfoVO2.setSubject(oldAndNewDTO.getNewSubject());
        assemblingByCaCert.setOldWithNewCert(CertUtil.writeObject(this.hsmService.genX509Certificate(oldAndNewDTO.getOldSubject(), maxSn, oldAndNewDTO.getOldCertBeforeTime(), oldAndNewDTO.getOldCertAfterTime(), caInfoVO2, oldAndNewDTO.getOldPublicKey(), changeExtensionFormat, templateInfoVO.getSignAlg())));
        BigInteger maxSn2 = this.certSnDao.getMaxSn(date);
        List changeExtensionFormat2 = ExtensionUtil.changeExtensionFormat(templateInfoVO.getExtensions(), (Map) null, oldAndNewDTO.getNewPublicKey(), oldAndNewDTO.getNewSubject(), this.crlLdapUrlService.getLdapOcspUrl(maxSn2, oldAndNewDTO.getNewSubject(), caInfoVO, true, (Integer) null), true);
        caInfoVO2.setRootPrivateKey(oldAndNewDTO.getOldPrivateKey());
        caInfoVO2.setCaPwdBean(oldAndNewDTO.getOldCaPwdBean());
        caInfoVO2.setSubject(oldAndNewDTO.getOldSubject());
        assemblingByCaCert.setNewWithOldCert(CertUtil.writeObject(this.hsmService.genX509Certificate(oldAndNewDTO.getNewSubject(), maxSn2, oldAndNewDTO.getNewCertBeforeTime(), oldAndNewDTO.getNewCertAfterTime().getTime() < oldAndNewDTO.getOldCertAfterTime().getTime() ? oldAndNewDTO.getNewCertAfterTime() : oldAndNewDTO.getOldCertAfterTime(), caInfoVO2, oldAndNewDTO.getNewPublicKey(), changeExtensionFormat2, templateInfoVO.getSignAlg())));
        return assemblingByCaCert;
    }

    private Result writeObjToFile(KeyInfoBean keyInfoBean, String str) {
        try {
            File file = new File(str);
            if (file.exists()) {
                file.delete();
            }
            file.getParentFile().mkdirs();
            file.createNewFile();
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(new FileOutputStream(file));
            objectOutputStream.writeObject(keyInfoBean);
            objectOutputStream.flush();
            objectOutputStream.close();
            return Result.success();
        } catch (IOException e) {
            this.logger.error("保存临时密钥信息失败", e);
            return Result.failure(ErrorEnum.WRITE_TO_FILE_ERRO);
        }
    }

    private KeyInfoBean readObjFromFile(String str) throws Exception {
        ObjectInputStream objectInputStream = new ObjectInputStream(new FileInputStream(new File(str)));
        KeyInfoBean keyInfoBean = (KeyInfoBean) objectInputStream.readObject();
        objectInputStream.close();
        return keyInfoBean;
    }

    private void deleteFile(String str) {
        File file = new File(str);
        if (file.exists()) {
            file.delete();
        }
    }

    private int getValidity(String str) {
        int i = 0;
        try {
            i = (int) ((new SimpleDateFormat("yyyy.MM.dd HH:mm:ss").parse(str).getTime() - new Date().getTime()) / 86400000);
        } catch (ParseException e) {
            e.printStackTrace();
        }
        return i;
    }

    public static void main(String[] strArr) {
        System.out.println(new LocalCaServiceImpl().getValidity("2029.07.18 14:30:00"));
    }
}
