package com.xdja.pki.ca.securitymanager.service.init;

import com.xdja.pki.ca.certmanager.dao.ManagerCertDao;
import com.xdja.pki.ca.certmanager.dao.ManagerCertDataDao;
import com.xdja.pki.ca.certmanager.dao.models.ManageCertDO;
import com.xdja.pki.ca.certmanager.dao.models.ManageCertDataDO;
import com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService;
import com.xdja.pki.ca.certmanager.service.racert.bean.PwdUsedEnum;
import com.xdja.pki.ca.certmanager.service.task.TaskDataService;
import com.xdja.pki.ca.certmanager.service.template.TemplateService;
import com.xdja.pki.ca.certmanager.service.template.bean.TemplateInfoVO;
import com.xdja.pki.ca.certmanager.service.util.ExtensionUtil;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.ca.util.gm.cert.RsaAlgUtils;
import com.xdja.pki.ca.core.common.Config;
import com.xdja.pki.ca.core.common.ConfigUtil;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.configBasic.bean.CaPwdBean;
import com.xdja.pki.ca.core.configBasic.bean.DirServerConfigBean;
import com.xdja.pki.ca.core.configBasic.bean.OcspConfigBean;
import com.xdja.pki.ca.core.enums.KeyLengthEnum;
import com.xdja.pki.ca.core.enums.P10typeEnum;
import com.xdja.pki.ca.core.enums.TemplateStatusEnum;
import com.xdja.pki.ca.core.enums.TemplateTypeEnum;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.core.pkcs7.P7bUtils;
import com.xdja.pki.ca.core.util.CertUtils;
import com.xdja.pki.ca.core.util.DnUtil;
import com.xdja.pki.ca.core.util.TomcatUtil;
import com.xdja.pki.ca.core.util.time.DateTimeUtil;
import com.xdja.pki.ca.core.util.time.IssueTimeUtil;
import com.xdja.pki.ca.hsm.manager.HsmManager;
import com.xdja.pki.ca.securitymanager.dao.AdminRoleDao;
import com.xdja.pki.ca.securitymanager.dao.CaCertDao;
import com.xdja.pki.ca.securitymanager.dao.CaDao;
import com.xdja.pki.ca.securitymanager.dao.CaServerCertDao;
import com.xdja.pki.ca.securitymanager.dao.CertSnDao;
import com.xdja.pki.ca.securitymanager.dao.DicDao;
import com.xdja.pki.ca.securitymanager.dao.ManagerCertIdDao;
import com.xdja.pki.ca.securitymanager.dao.RoleDao;
import com.xdja.pki.ca.securitymanager.dao.model.AdminRoleDO;
import com.xdja.pki.ca.securitymanager.dao.model.CaCertDo;
import com.xdja.pki.ca.securitymanager.dao.model.CaDO;
import com.xdja.pki.ca.securitymanager.dao.model.CaInfoDO;
import com.xdja.pki.ca.securitymanager.dao.model.CaServerCertDo;
import com.xdja.pki.ca.securitymanager.service.util.CaServerPwdUtil;
import com.xdja.pki.ca.securitymanager.service.util.TomcatHttpsUtil;
import com.xdja.pki.ca.securitymanager.service.vo.AlgTypeEnum;
import com.xdja.pki.ca.securitymanager.service.vo.BasicConfigVO;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.ca.securitymanager.service.vo.CaManagerCertVO;
import com.xdja.pki.ca.securitymanager.service.vo.CaManagerRoleEnum;
import com.xdja.pki.ca.securitymanager.service.vo.CertIssueInfoVO;
import com.xdja.pki.ca.securitymanager.service.vo.CreateP10VO;
import com.xdja.pki.ca.securitymanager.service.vo.InitAlgInfoVO;
import com.xdja.pki.ca.securitymanager.service.vo.ServerCertIsCurrentEnum;
import com.xdja.pki.ca.securitymanager.service.vo.SignAlgTypeEnum;
import com.xdja.pki.gmssl.crypto.init.GMSSLPkiCryptoInit;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2KeyUtils;
import com.xdja.pki.gmssl.sdf.yunhsm.utils.GMSSLSancHsmUtils;
import com.xdja.pki.gmssl.tomcat.utils.GMSSLTomcatUtils;
import com.xdja.pki.gmssl.x509.utils.bean.GMSSLCryptoType;
import com.xdja.pki.gmssl.x509.utils.bean.YunHsmExceptionEnum;
import java.io.File;
import java.io.FileReader;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.catalina.util.ParameterMap;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.openssl.PEMDecryptorProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Service;
import org.springframework.util.ResourceUtils;
import org.springframework.web.multipart.MultipartFile;

@Service
/* loaded from: input_file:com/xdja/pki/ca/securitymanager/service/init/InitServiceImpl.class */
public class InitServiceImpl implements InitService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private CaDao caDao;

    @Autowired
    private CaCertDao caCertDao;

    @Autowired
    private CertSnDao certSnDao;

    @Autowired
    private TemplateService templateService;

    @Autowired
    private DicDao dicDao;

    @Autowired
    private ManagerCertDao managereCertDao;

    @Autowired
    private ManagerCertDataDao managerCertDataDao;

    @Autowired
    private CaServerCertDao caServerCertDao;

    @Autowired
    private AdminRoleDao adminRoleDao;

    @Autowired
    private RoleDao roleDao;

    @Autowired
    private HsmManager hsmService;

    @Autowired
    private Environment environment;

    @Autowired
    CrlTemplateService crlTemplateService;

    @Autowired
    private TaskDataService taskDataService;

    @Autowired
    private ManagerCertIdDao managerCertIdDao;

    @Autowired
    private LicenseService licenseService;

    @Value("${config.path}")
    private String configPath;

    @Value("${http.port}")
    private String httpPort;

    public Result getInitAlgInfo(Integer num, int i) {
        TemplateInfoVO templateInfoVO = new TemplateInfoVO();
        templateInfoVO.setKeySize(256);
        templateInfoVO.setKeyAlg(2);
        templateInfoVO.setSignAlg("1");
        templateInfoVO.setMaxValidity(111111);
        if (null == templateInfoVO) {
            this.logger.info("获取模板基本算法信息失败，原因：模板不存在");
            return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
        }
        InitAlgInfoVO initAlgInfoVO = new InitAlgInfoVO();
        BeanUtils.copyProperties(templateInfoVO, initAlgInfoVO);
        initAlgInfoVO.setBaseDn(((CaInfoVO) Constants.CA_INFO.get(templateInfoVO.getKeyAlg())).getBaseDn());
        initAlgInfoVO.setSignAlgStr((String) this.dicDao.getDicsByParentCode("signAlg").get(templateInfoVO.getSignAlg()));
        return Result.success(initAlgInfoVO);
    }

    public Result doIssueSelfRootCert(CertIssueInfoVO certIssueInfoVO) {
        TemplateInfoVO innerTemplateByType = this.templateService.getInnerTemplateByType(TemplateTypeEnum.ROOT_CA.value);
        if (AlgTypeEnum.NISTP256.value == innerTemplateByType.getKeyAlg().intValue() && GMSSLCryptoType.SANC_HSM == GMSSLPkiCryptoInit.getCryptoType()) {
            this.logger.info("系统初始化-签发CA根证书失败，原因：根证书已经签发过");
            return Result.failure(ErrorEnum.UNSUPPORTED_ALGORITHM_EXCEPTION);
        }
        PublicKey signPublicKeyByCryptyDevice = this.hsmService.getSignPublicKeyByCryptyDevice(certIssueInfoVO.getKeyIndex(), Integer.valueOf(PwdUsedEnum.ROOT_CERT_TYPE.value), innerTemplateByType.getKeyAlg(), innerTemplateByType.getKeySize());
        CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(innerTemplateByType.getKeyAlg());
        Result checkIssueCertParams = checkIssueCertParams(certIssueInfoVO.getDn(), innerTemplateByType, caInfoVO, 3, Integer.valueOf(TemplateTypeEnum.ROOT_CA.value), signPublicKeyByCryptyDevice, certIssueInfoVO.getKeyIndex(), certIssueInfoVO.getPrivateKeyPin());
        if (!checkIssueCertParams.isSuccess()) {
            this.logger.debug("不符合自签发根证书条件,自签发根证书失败");
            return checkIssueCertParams;
        }
        if (null != caInfoVO.getRootCert()) {
            this.logger.info("系统初始化-签发CA根证书失败，原因：根证书已经签发过");
            return Result.failure(ErrorEnum.INIT_ROOT_SELFCERT_HAS_ISSUED);
        }
        try {
            Date date = new Date();
            Date correctTime = IssueTimeUtil.getCorrectTime(certIssueInfoVO.getValidity(), innerTemplateByType.getMaxValidity(), date);
            BigInteger maxSn = this.certSnDao.getMaxSn(date);
            List changeExtensionFormat = ExtensionUtil.changeExtensionFormat(innerTemplateByType.getExtensions(), (Map) null, signPublicKeyByCryptyDevice, certIssueInfoVO.getDn(), this.crlTemplateService.getLdapOcspUrl(maxSn, certIssueInfoVO.getDn(), caInfoVO, true, (Long) null, (Long) null), true);
            CaPwdBean caPwdBean = new CaPwdBean(certIssueInfoVO.getKeyIndex(), certIssueInfoVO.getPrivateKeyPin());
            caInfoVO.setCaPwdBean(caPwdBean);
            caInfoVO.setSubject(certIssueInfoVO.getDn());
            X509Certificate genRootX509Certificate = this.hsmService.genRootX509Certificate(certIssueInfoVO.getDn(), maxSn, date, correctTime, signPublicKeyByCryptyDevice, caInfoVO, changeExtensionFormat, innerTemplateByType.getSignAlg());
            ArrayList arrayList = new ArrayList();
            arrayList.add(genRootX509Certificate);
            CaCertDo buildRootCert = buildRootCert(genRootX509Certificate, arrayList, caInfoVO.getCaId());
            buildRootCert.setCaId(caInfoVO.getCaId());
            CaCertDo save = this.caCertDao.save(buildRootCert);
            saveCaInfoCache(innerTemplateByType.getKeyAlg(), save, caInfoVO, genRootX509Certificate);
            ConfigUtil.saveCaPwdConfig(this.environment, caPwdBean);
            this.taskDataService.savePublishCert(save.getId(), (Long) null, 3);
            return reportInitStep(3);
        } catch (Exception e) {
            throw new ServiceException("签发CA根证书失败", e);
        }
    }

    private void saveCaInfoCache(Integer num, CaCertDo caCertDo, CaInfoVO caInfoVO, X509Certificate x509Certificate) {
        caInfoVO.setRootCert(x509Certificate);
        BeanUtils.copyProperties(caCertDo, caInfoVO);
        caInfoVO.setCertId(caCertDo.getId());
        Constants.CA_INFO.put(num, caInfoVO);
    }

    public Result checkIssueCertParams(String str, TemplateInfoVO templateInfoVO, CaInfoVO caInfoVO, Integer num, Integer num2, PublicKey publicKey, Integer num3, String str2) {
        if (null == templateInfoVO) {
            this.logger.debug("查询模板信息结果：模板不存在[{}]", num2);
            return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
        }
        if (TemplateStatusEnum.NORMAL.value != templateInfoVO.getStatus().intValue()) {
            this.logger.info("查询模板信息结果：模板状态不正常，模板状态为[{}]", templateInfoVO.getStatus());
            return Result.failure(ErrorEnum.TEMPLATE_STATUS_IS_STOP);
        }
        if (null == caInfoVO || StringUtils.isBlank(caInfoVO.getBaseDn())) {
            this.logger.debug("签发证书失败：未查到CA基本信息[{}]", str);
            return Result.failure(ErrorEnum.CA_BASEINFO_GET_FAIL);
        }
        if (null != num && !ConfigUtil.verifyCurInitStep(this.environment, num.intValue())) {
            this.logger.debug("初始化步骤错误,当前初始化步骤为：" + ConfigUtil.getCurrInitStep(this.environment));
            return Result.failure(ErrorEnum.INIT_STEP_ERROR);
        }
        if ((null == num || 5 <= num.intValue()) && null == caInfoVO.getRootCert()) {
            this.logger.debug("签发证书失败：未查到CA根证书信息");
            return Result.failure(ErrorEnum.CA_BASEINFO_GET_FAIL);
        }
        if (!str.toLowerCase().endsWith(caInfoVO.getBaseDn().toLowerCase())) {
            this.logger.debug("签发证书失败：DN中的baseDn不正确dn=[{}],baseDn=[{}]", str, caInfoVO.getBaseDn());
            return Result.failure(ErrorEnum.BASEDN_ERROR);
        }
        if (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_XDJA_HSM.intValue() && null != num3 && !GMSSLSM2KeyUtils.getPrivateKeyAccessRightFromYunHsm(num3.intValue(), str2)) {
            this.logger.debug("信大捷安密码机两码没有访问权限keyIndex=[{}],privateKeyPin=[{}]", num3, str2);
            return Result.failure(ErrorEnum.HSM_KEY_PIN_ERROR);
        }
        if (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_SWXA_HSM.intValue() && null != num3) {
            try {
                if (GMSSLSancHsmUtils.testConnect().id != YunHsmExceptionEnum.NORMAL.id) {
                    this.logger.debug("连接三未信安密码机异常keyIndex=[{}]", num3);
                    return Result.failure(ErrorEnum.HSM_KEY_PIN_ERROR);
                }
            } catch (Exception e) {
                this.logger.debug("获取三未信安密码机异常keyIndex=[{}]", num3);
                return Result.failure(ErrorEnum.HSM_KEY_PIN_ERROR);
            }
        }
        Result checkPublicParams = RsaAlgUtils.checkPublicParams(publicKey, templateInfoVO.getKeyAlg(), templateInfoVO.getKeySize());
        if (!checkPublicParams.isSuccess()) {
            return checkPublicParams;
        }
        try {
            DnUtil.getRFC4519X500Name(str);
            return Result.success();
        } catch (Exception e2) {
            this.logger.debug("DN不符合X500规范dn=[{}]", str);
            return Result.failure(ErrorEnum.DN_FORMAT_FAIL);
        }
    }

    public CaCertDo buildRootCert(X509Certificate x509Certificate, List<X509Certificate> list, Long l) throws Exception {
        CaCertDo caCertDo = new CaCertDo();
        caCertDo.setCaId(l);
        caCertDo.setAfterTime(x509Certificate.getNotAfter());
        caCertDo.setBeforeTime(x509Certificate.getNotBefore());
        caCertDo.setCert(CertUtil.writeObject(x509Certificate));
        caCertDo.setGmtCreate(new Date());
        caCertDo.setIsCurrent(Integer.valueOf(CaDO.CaMasterEnum.YES.value));
        caCertDo.setCertChain(P7bUtils.createCertChainByCerts(list));
        caCertDo.setIssue(CertUtil.getIssuerByX509Cert(x509Certificate));
        caCertDo.setPublicKeyAlg(Constants.BASE_ALG_TYPE);
        if (AlgTypeEnum.SM2.value == Constants.BASE_ALG_TYPE.intValue()) {
            caCertDo.setPrivateKeySize(Integer.valueOf(KeyLengthEnum.SM2.length));
            caCertDo.setSignAlg(String.valueOf(SignAlgTypeEnum.SM3_WITH_SM2.value));
        } else if (AlgTypeEnum.RSA.value == Constants.BASE_ALG_TYPE.intValue()) {
            caCertDo.setPrivateKeySize(RsaAlgUtils.getRsaAlgLength(x509Certificate.getPublicKey()));
            caCertDo.setSignAlg(String.valueOf(SignAlgTypeEnum.getAlgValue(x509Certificate.getSigAlgName())));
        } else {
            caCertDo.setPrivateKeySize(Integer.valueOf(KeyLengthEnum.NIST.length));
            caCertDo.setSignAlg(String.valueOf(SignAlgTypeEnum.SHA256_WITH_ECDSA.value));
        }
        caCertDo.setSn(x509Certificate.getSerialNumber().toString(16));
        caCertDo.setSubject(CertUtil.getSubjectByX509Cert(x509Certificate));
        caCertDo.setStatus(1);
        return caCertDo;
    }

    public Result doIssueCaServerCert(CertIssueInfoVO certIssueInfoVO) {
        if (null != this.caServerCertDao.getCurrentCaServerCert()) {
            this.logger.debug("初始化CA服务器证书失败：服务器证书已经签发过");
            return Result.failure(ErrorEnum.CA_INIT_SERVER_CERT_HAS_ISSUED);
        }
        TemplateInfoVO innerTemplateByType = this.templateService.getInnerTemplateByType(TemplateTypeEnum.SERVER.value);
        CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(innerTemplateByType.getKeyAlg());
        try {
            PublicKey caSignServerPwd = this.hsmService.getCaSignServerPwd(innerTemplateByType.getKeyAlg(), innerTemplateByType.getKeySize(), certIssueInfoVO.getKeyIndex());
            PublicKey caEncServerPwd = this.hsmService.getCaEncServerPwd(innerTemplateByType.getKeyAlg(), innerTemplateByType.getKeySize(), certIssueInfoVO.getKeyIndex());
            Result checkIssueCertParams = checkIssueCertParams(certIssueInfoVO.getDn(), innerTemplateByType, caInfoVO, 5, Integer.valueOf(TemplateTypeEnum.SERVER.value), caSignServerPwd, certIssueInfoVO.getKeyIndex(), certIssueInfoVO.getPrivateKeyPin());
            if (!checkIssueCertParams.isSuccess()) {
                return checkIssueCertParams;
            }
            ParameterMap parameterMap = new ParameterMap();
            if (null != certIssueInfoVO.getSubjectAlternativeName()) {
                parameterMap.put(Extension.subjectAlternativeName.getId(), certIssueInfoVO.getSubjectAlternativeName());
            }
            try {
                Date date = new Date();
                BigInteger maxSn = this.certSnDao.getMaxSn(date);
                Date correctTime = IssueTimeUtil.getCorrectTime(certIssueInfoVO.getValidity(), innerTemplateByType.getMaxValidity(), caInfoVO.getRootCert().getNotAfter(), date);
                X509Certificate genX509Certificate = this.hsmService.genX509Certificate(certIssueInfoVO.getDn(), maxSn, date, correctTime, caInfoVO, caEncServerPwd, ExtensionUtil.changeExtensionFormat(innerTemplateByType.getExtensions(), parameterMap, caEncServerPwd, certIssueInfoVO.getDn(), this.crlTemplateService.getLdapOcspUrl(maxSn, certIssueInfoVO.getDn(), caInfoVO, false, (Long) null, (Long) null), false), innerTemplateByType.getSignAlg());
                BigInteger maxSn2 = this.certSnDao.getMaxSn(date);
                X509Certificate genX509Certificate2 = this.hsmService.genX509Certificate(certIssueInfoVO.getDn(), maxSn2, date, correctTime, caInfoVO, caSignServerPwd, ExtensionUtil.changeExtensionFormat(innerTemplateByType.getExtensions(), parameterMap, caSignServerPwd, certIssueInfoVO.getDn(), this.crlTemplateService.getLdapOcspUrl(maxSn2, certIssueInfoVO.getDn(), caInfoVO, false, (Long) null, (Long) null), true), innerTemplateByType.getSignAlg());
                saveCAServerCert(caInfoVO.getCertId(), genX509Certificate, genX509Certificate2, innerTemplateByType);
                TomcatHttpsUtil.setTomcatHttpsPort(innerTemplateByType.getKeyAlg(), caInfoVO.getCertChain(), genX509Certificate2, genX509Certificate, certIssueInfoVO.getKeyIndex(), certIssueInfoVO.getPrivateKeyPin(), ConfigUtil.getTomcatHttpsPort(this.environment));
                CaServerPwdUtil.saveCaServerPwdCache(this.environment, innerTemplateByType.getKeyAlg(), certIssueInfoVO.getKeyIndex(), certIssueInfoVO.getPrivateKeyPin());
                return reportInitStep(5);
            } catch (Exception e) {
                throw new ServiceException("签发CA服务器证书失败", e);
            }
        } catch (Exception e2) {
            throw new ServiceException("签发CA服务器证书失败:生成或校验密钥失败", e2);
        }
    }

    public Result doIssueCaAdminCert(CaManagerCertVO caManagerCertVO, boolean z) {
        if (!z) {
            Result checkInitAdminStepParams = checkInitAdminStepParams(caManagerCertVO.getType());
            if (!checkInitAdminStepParams.isSuccess()) {
                return checkInitAdminStepParams;
            }
        }
        TemplateInfoVO innerTemplateByType = this.templateService.getInnerTemplateByType(TemplateTypeEnum.MANAGER.value);
        CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(innerTemplateByType.getKeyAlg());
        PublicKey publicKeyFromP10 = CertUtil.getPublicKeyFromP10(caManagerCertVO.getP10());
        if (null == publicKeyFromP10) {
            this.logger.debug("签发CA管理证书失败：p10格式不正确[{}]", caManagerCertVO);
            return Result.failure(ErrorEnum.P10_FORMAT_ERROR);
        }
        try {
            PublicKey convertPublicKey = CertUtil.convertPublicKey(publicKeyFromP10, caManagerCertVO.getSubjectPublicKeyInfo());
            Result checkIssueCertParams = checkIssueCertParams(caManagerCertVO.getDn(), innerTemplateByType, caInfoVO, null, Integer.valueOf(TemplateTypeEnum.MANAGER.value), publicKeyFromP10, null, "");
            if (!checkIssueCertParams.isSuccess()) {
                return checkIssueCertParams;
            }
            try {
                Long id = this.roleDao.getRoleByType(caManagerCertVO.getType().intValue()).getId();
                try {
                    Date date = new Date();
                    BigInteger maxSn = this.certSnDao.getMaxSn(date);
                    Date correctTime = IssueTimeUtil.getCorrectTime(caManagerCertVO.getValidity(), innerTemplateByType.getMaxValidity(), caInfoVO.getRootCert().getNotAfter(), date);
                    X509Certificate genX509Certificate = this.hsmService.genX509Certificate(caManagerCertVO.getDn(), maxSn, date, correctTime, caInfoVO, convertPublicKey, ExtensionUtil.changeExtensionFormat(innerTemplateByType.getExtensions(), (Map) null, convertPublicKey, caManagerCertVO.getDn(), this.crlTemplateService.getLdapOcspUrl(maxSn, caManagerCertVO.getDn(), caInfoVO, false, (Long) null, (Long) null), false), innerTemplateByType.getSignAlg());
                    BigInteger maxSn2 = this.certSnDao.getMaxSn(date);
                    X509Certificate genX509Certificate2 = this.hsmService.genX509Certificate(caManagerCertVO.getDn(), maxSn2, date, correctTime, caInfoVO, publicKeyFromP10, ExtensionUtil.changeExtensionFormat(innerTemplateByType.getExtensions(), (Map) null, publicKeyFromP10, caManagerCertVO.getDn(), this.crlTemplateService.getLdapOcspUrl(maxSn2, caManagerCertVO.getDn(), caInfoVO, false, (Long) null, (Long) null), true), innerTemplateByType.getSignAlg());
                    saveCaAdminCert(caInfoVO.getCertId(), genX509Certificate2, genX509Certificate, caManagerCertVO, innerTemplateByType, id);
                    this.logger.info("签发CA管理员证书成功：dn= " + caManagerCertVO.getDn() + ",signCert=" + CertUtil.writeObject(genX509Certificate2) + ",encCert=" + CertUtil.writeObject(genX509Certificate));
                    return Result.success(CertUtil.enPEncCert(genX509Certificate2, genX509Certificate, innerTemplateByType.getKeyAlg()), maxSn2.toString(16));
                } catch (Exception e) {
                    throw new ServiceException("签发CA管理员证书失败", e);
                }
            } catch (Exception e2) {
                this.logger.error("没有找到该管理员角色对应权限id，type=" + caManagerCertVO.getType());
                throw new ServiceException("签发CA管理员证书失败", e2);
            }
        } catch (Exception e3) {
            this.logger.debug(String.format("签发CA管理员证书失败：加密公钥格式错误:%s", caManagerCertVO.getSubjectPublicKeyInfo()), e3);
            return Result.failure(ErrorEnum.PEM_FORMAT_ERROR);
        }
    }

    private Result checkInitAdminStepParams(Integer num) {
        if ((num.intValue() == CaManagerRoleEnum.SUPER_ADMIN.key || num.intValue() == CaManagerRoleEnum.AUDIT_ADMIN.key) && !ConfigUtil.verifyCurInitStep(this.environment, 9)) {
            this.logger.info("系统初始化-签发管理员证书失败，原因：步骤错误，当前服务器上初始化步骤=[{}]", Integer.valueOf(ConfigUtil.getCurrInitStep(this.environment)));
            return Result.failure(ErrorEnum.INIT_STEP_ERROR);
        }
        if ((num.intValue() == CaManagerRoleEnum.BUSINESS_ADMIN.key || num.intValue() == CaManagerRoleEnum.AUDIT_OPERATOR.key || num.intValue() == CaManagerRoleEnum.BUSINESS_OPERATOR.key) && !ConfigUtil.verifyCurInitStep(this.environment, 10)) {
            this.logger.info("系统初始化-签发管理员证书失败，原因：步骤错误，当前服务器上初始化步骤=[{}]", Integer.valueOf(ConfigUtil.getCurrInitStep(this.environment)));
            return Result.failure(ErrorEnum.INIT_STEP_ERROR);
        }
        if (0 == this.adminRoleDao.getRoleCountsByType(num)) {
            return Result.success();
        }
        this.logger.info("系统初始化-签发管理员证书失败：原因：管理员证书已经签发过");
        return Result.failure(ErrorEnum.MANAGER_HAS_ISSUED);
    }

    public Result queryAdminIsUnique(Integer num) {
        int roleCountsByType = this.adminRoleDao.getRoleCountsByType(num);
        HashMap hashMap = new HashMap();
        hashMap.put("count", Integer.valueOf(roleCountsByType));
        return Result.success(hashMap);
    }

    public Result queryAdminIssueCounts() {
        this.adminRoleDao.queryAdminIssueCounts();
        HashMap hashMap = new HashMap();
        hashMap.put("superAdminCounts", Integer.valueOf(this.adminRoleDao.getRoleCountsByType(1)));
        hashMap.put("businessAdminCounts", Integer.valueOf(this.adminRoleDao.getRoleCountsByType(2)));
        hashMap.put("businessOperateCounts", Integer.valueOf(this.adminRoleDao.getRoleCountsByType(3)));
        hashMap.put("auditAdminCounts", Integer.valueOf(this.adminRoleDao.getRoleCountsByType(4)));
        hashMap.put("auditOperateCounts", Integer.valueOf(this.adminRoleDao.getRoleCountsByType(5)));
        return Result.success(hashMap);
    }

    public Result saveBasicConfig(BasicConfigVO basicConfigVO) {
        try {
            if (null != this.caDao.getCaInfo()) {
                this.logger.debug("基本信息已经填写过，不能重复填写");
                return Result.failure(ErrorEnum.INIT_STEP_ERROR);
            }
            CaDO saveCaInfo = this.caDao.saveCaInfo(buildCaInfo(basicConfigVO));
            reportInitStep(1);
            CaInfoVO caInfoVO = new CaInfoVO();
            BeanUtils.copyProperties(saveCaInfo, caInfoVO);
            caInfoVO.setCaId(saveCaInfo.getId());
            Constants.CA_INFO.put(basicConfigVO.getKeyAlg(), caInfoVO);
            Constants.BASE_ALG_TYPE = basicConfigVO.getKeyAlg();
            return Result.success();
        } catch (Exception e) {
            throw new ServiceException("保存CA基本信息时出现异常", e);
        }
    }

    public Result createP10(CreateP10VO createP10VO) {
        if (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_XDJA_HSM.intValue() && null != createP10VO.getKeyIndex() && !GMSSLSM2KeyUtils.getPrivateKeyAccessRightFromYunHsm(createP10VO.getKeyIndex().intValue(), createP10VO.getPrivateKeyPin())) {
            this.logger.debug("创建子CA证书p10失败：密码机两码没有访问权限[{}]", createP10VO);
            return Result.failure(ErrorEnum.HSM_KEY_PIN_ERROR);
        }
        if (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_SWXA_HSM.intValue() && null != createP10VO.getKeyIndex()) {
            try {
                if (GMSSLSancHsmUtils.testConnect().id != YunHsmExceptionEnum.NORMAL.id) {
                    this.logger.debug("创建子CA证书p10失败：连接三未信安密码机异常[{}]", createP10VO);
                    return Result.failure(ErrorEnum.HSM_KEY_PIN_ERROR);
                }
            } catch (Exception e) {
                this.logger.debug("创建子CA证书p10失败：获取三未信安密码机异常[{}]", createP10VO);
                return Result.failure(ErrorEnum.HSM_KEY_PIN_ERROR);
            }
        }
        try {
            DnUtil.getRFC4519X500Name(createP10VO.getDn());
            try {
                PKCS10CertificationRequest genP10 = this.hsmService.genP10(createP10VO, Integer.valueOf(P10typeEnum.SubCa.value));
                String str = "CertReq_" + DateTimeUtil.dateToZipStr(new Date()) + ".p10";
                File file = new File(this.configPath + "p10/");
                if (!file.exists()) {
                    file.mkdir();
                }
                CertUtil.writeObjToFile(genP10, this.configPath + "p10/" + str);
                CaPwdBean caPwdBean = new CaPwdBean();
                BeanUtils.copyProperties(createP10VO, caPwdBean);
                ConfigUtil.saveCaPwdConfig(this.environment, caPwdBean);
                CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(createP10VO.getAlg());
                BeanUtils.copyProperties(createP10VO, caInfoVO);
                caInfoVO.setCaPwdBean(caPwdBean);
                Constants.CA_INFO.put(createP10VO.getAlg(), caInfoVO);
                HashMap hashMap = new HashMap();
                hashMap.put("p10Name", str);
                return Result.success(hashMap);
            } catch (Exception e2) {
                throw new ServiceException("生成P10失败", e2);
            }
        } catch (Exception e3) {
            this.logger.debug("初始化CA证书失败：DN不符合X500规范[{}]", createP10VO.getDn());
            return Result.failure(ErrorEnum.DN_FORMAT_FAIL);
        }
    }

    public Result reportInitStep(Integer num) {
        try {
            Config configInfo = ConfigUtil.getConfigInfo(this.environment);
            if (num.intValue() != configInfo.getInitStep()) {
                this.logger.debug("上报初始化步骤出错，服务器记录日志步骤：" + configInfo.getInitStep());
                return Result.failure(ErrorEnum.INIT_STEP_ERROR);
            }
            if (ConfigUtil.verifySystemInitIsOK(this.environment)) {
                this.logger.debug("上报初始化步骤出错，已经初始化完成");
                return Result.failure(ErrorEnum.INIT_STEP_ERROR);
            }
            if (3 == num.intValue() || 4 == num.intValue()) {
                configInfo.setInitStep(5);
            } else if (2 != num.intValue()) {
                configInfo.setInitStep(configInfo.getInitStep() + 1);
            } else if (((CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE)).getType().intValue() == 1) {
                configInfo.setInitStep(3);
            } else {
                configInfo.setInitStep(4);
            }
            ConfigUtil.saveConfigInfo(configInfo, this.environment);
            return Result.success();
        } catch (Exception e) {
            throw new ServiceException("上报初始化步骤异常", e);
        }
    }

    public Result getHsmList() {
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("hsmInfo", this.dicDao.getDicsByParentCode("hsmType"));
            return Result.success(hashMap);
        } catch (Exception e) {
            throw new ServiceException("获取密码机信息列表出现异常", e);
        }
    }

    public Result getInitStep() {
        try {
            int currInitStep = ConfigUtil.getCurrInitStep(this.environment);
            HashMap hashMap = new HashMap();
            hashMap.put("step", Integer.valueOf(currInitStep));
            if (11 < currInitStep) {
                hashMap.put("status", 1);
            } else {
                hashMap.put("status", 2);
            }
            hashMap.put("port", ConfigUtil.getTomcatHttpsPort(this.environment));
            if (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_XDJA_HSM.intValue()) {
                hashMap.put("useHsm", 1);
            } else if (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_SWXA_HSM.intValue()) {
                hashMap.put("useHsm", 2);
            } else {
                hashMap.put("useHsm", 0);
            }
            hashMap.put("alg", Constants.BASE_ALG_TYPE);
            return Result.success(hashMap);
        } catch (Exception e) {
            throw new ServiceException("获取初始化步骤出现异常", e);
        }
    }

    public Result doRecoverSystem() {
        try {
            if (ConfigUtil.verifySystemInitIsOK(this.environment)) {
                this.logger.debug("上报初始化步骤出错，已经初始化完成");
                return Result.failure(ErrorEnum.INIT_STEP_ERROR);
            }
            this.caDao.recoverSystemDb(ResourceUtils.getURL("classpath:recoverInitDb.sql").getPath().toString());
            ConfigUtil.resetConfig(this.environment);
            Constants.CA_INFO.clear();
            Constants.LICENSE = null;
            this.hsmService.recoverHsm();
            return Result.success();
        } catch (Exception e) {
            throw new ServiceException("恢复出厂设置异常", e);
        }
    }

    public Result resetSystem() {
        try {
            if (!TomcatUtil.restart()) {
                return Result.failure(ErrorEnum.REBOOT_SERVICE_FAIL);
            }
            try {
                GMSSLTomcatUtils.closeTomcatPort(System.getProperty("catalina.home"), Integer.valueOf(this.httpPort).intValue());
                return Result.success();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        } catch (Exception e2) {
            throw new ServiceException("系统重启出现异常", e2);
        }
    }

    public CaInfoVO getCaInfo(Integer num) {
        CaInfoDO caInfo = this.caCertDao.getCaInfo(num);
        Constants.SIGN_ALG_FORMAT_FLAG = ConfigUtil.getSignAlgFormatFlag(this.environment);
        Constants.KM_NOT_SUPPORT_DN = ConfigUtil.getKmNotSupportDn(this.environment);
        CaInfoVO caInfoVO = new CaInfoVO();
        if (null == caInfo) {
            return null;
        }
        BeanUtils.copyProperties(caInfo, caInfoVO);
        X509Certificate certFromStr = StringUtils.isBlank(caInfo.getCert()) ? null : CertUtil.getCertFromStr(caInfo.getCert());
        if (null != certFromStr) {
            if (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_BC.intValue()) {
                caInfoVO.setRootPrivateKey(CertUtil.getPrivateKey(Constants.CA_ROOT_PRIVATE_PATH + "private.key"));
                caInfoVO.setKmsoftKeyPair(new KeyPair(CertUtil.getPublicKey(Constants.XDJA_CONF_CERT_DIRECTORY + "km.public"), CertUtil.getPrivateKey(Constants.XDJA_CONF_CERT_DIRECTORY + "km.private")));
            }
            caInfoVO.setRootCert(certFromStr);
            Config configInfo = ConfigUtil.getConfigInfo(this.environment);
            caInfoVO.setCaPwdBean(configInfo.getCaPwdConfig());
            DirServerConfigBean dirServerConfig = configInfo.getDirServerConfig();
            if (null == dirServerConfig || !((StringUtils.isNotBlank(dirServerConfig.getMasterURL()) && StringUtils.isNotBlank(dirServerConfig.getSlaveURL())) || (StringUtils.isNotBlank(dirServerConfig.getExtranetHttpURL()) && StringUtils.isNotBlank(dirServerConfig.getLocalURL())))) {
                caInfoVO.setLadp(false);
            } else {
                caInfoVO.setLadp(true);
                caInfoVO.setDirServerConfigBean(dirServerConfig);
            }
            OcspConfigBean ocspConfig = configInfo.getOcspConfig();
            if (null != ocspConfig && StringUtils.isNotBlank(ocspConfig.getNetworkURL()) && StringUtils.isNotBlank(ocspConfig.getInterURL())) {
                caInfoVO.setOcspConfig(ocspConfig);
                caInfoVO.setOcsp(true);
            } else {
                caInfoVO.setOcsp(false);
            }
            caInfoVO.setCaServerPwdConfig(configInfo.getCaServerPwdConfig());
            caInfoVO.setCertPolicy(ConfigUtil.getCertPolicy(this.environment));
            if (configInfo.getKmSystemType() == 1) {
                caInfoVO.setKmConfigBean(configInfo.getKmConfigBean());
            } else if (configInfo.getKmSystemType() == 2) {
                caInfoVO.setXdjaKmConfigBean(configInfo.getXdjaKmConfigBean());
            }
        }
        return caInfoVO;
    }

    public Result uploadLicenseFile(MultipartFile multipartFile) {
        try {
            Result uploadLicenseFile = this.licenseService.uploadLicenseFile(multipartFile);
            return !uploadLicenseFile.isSuccess() ? uploadLicenseFile : reportInitStep(0);
        } catch (Exception e) {
            this.logger.error("系统初始化上传许可文件异常", e);
            throw new ServiceException("上传许可文件异常", e);
        }
    }

    public Result doImportSubCaChain(String str) {
        try {
            List<X509Certificate> resolveCertChain = P7bUtils.resolveCertChain(str);
            X509Certificate[] sortCertChain = CertUtil.sortCertChain(resolveCertChain);
            if (!CertUtil.verifyCertChainSign(sortCertChain)) {
                this.logger.debug("子CA证书验签失败");
                return Result.failure(ErrorEnum.CA_CHAIN_VERIFY_FAIL);
            }
            X509Certificate x509Certificate = sortCertChain[sortCertChain.length - 1];
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
            String subjectByX509Cert = CertUtil.getSubjectByX509Cert(x509Certificate);
            if (!subjectByX509Cert.toLowerCase().endsWith(caInfoVO.getBaseDn().toLowerCase())) {
                this.logger.debug("导入子CA证书链失败：DN中的baseDn不正确[{}]", subjectByX509Cert);
                return Result.failure(ErrorEnum.BASEDN_ERROR);
            }
            if (Constants.CRYPT_DEVICE_TYPE.equals(Constants.CRYPT_DEVICE_XDJA_HSM) && (null == caInfoVO.getCaPwdBean() || StringUtils.isBlank(caInfoVO.getCaPwdBean().getPrivateKeyPin()))) {
                this.logger.debug("没有找到密钥信息，需要先申请p10");
                return Result.failure(ErrorEnum.PUBLIC_KEY_IS_NOT_MATCH_ERROR);
            }
            if (Constants.CRYPT_DEVICE_TYPE.equals(Constants.CRYPT_DEVICE_BC) && null == caInfoVO.getRootPrivateKey()) {
                PrivateKey readPrivateKeyByPath = CertUtils.readPrivateKeyByPath(Constants.CA_ROOT_PRIVATE_PATH + "tmpPrivate.key");
                if (null == readPrivateKeyByPath) {
                    this.logger.debug("没有找到密钥信息，需要先申请p10");
                    return Result.failure(ErrorEnum.PUBLIC_KEY_IS_NOT_MATCH_ERROR);
                }
                caInfoVO.setRootPrivateKey(readPrivateKeyByPath);
            }
            if (!this.hsmService.verifySignByDefaultHash(Constants.BASE_ALG_TYPE, caInfoVO, x509Certificate.getPublicKey(), Base64.toBase64String("sushi".getBytes()), this.hsmService.signDataByDefaultHash(Constants.BASE_ALG_TYPE, caInfoVO, Base64.toBase64String("sushi".getBytes())))) {
                this.logger.debug("子CA证书公私钥不匹配");
                return Result.failure(ErrorEnum.PUBLIC_KEY_IS_NOT_MATCH_ERROR);
            }
            CaCertDo save = this.caCertDao.save(buildRootCert(x509Certificate, resolveCertChain, caInfoVO.getCaId()));
            if (Constants.CRYPT_DEVICE_TYPE.equals(Constants.CRYPT_DEVICE_BC)) {
                PrivateKey readPrivateKeyByPath2 = CertUtils.readPrivateKeyByPath(Constants.CA_ROOT_PRIVATE_PATH + "tmpPrivate.key");
                CertUtil.writeObjToFile(readPrivateKeyByPath2, Constants.CA_ROOT_PRIVATE_PATH + "private.key");
                caInfoVO.setRootPrivateKey(readPrivateKeyByPath2);
            }
            caInfoVO.setRootCert(x509Certificate);
            BeanUtils.copyProperties(save, caInfoVO);
            caInfoVO.setCertId(save.getId());
            Constants.CA_INFO.put(Constants.BASE_ALG_TYPE, caInfoVO);
            this.caCertDao.hideCrossFunction();
            return reportInitStep(4);
        } catch (Exception e) {
            this.logger.error("导入CA证书链异常", e);
            throw new ServiceException("导入CA证书链异常", e);
        }
    }

    private CaDO buildCaInfo(BasicConfigVO basicConfigVO) {
        CaDO caDO = new CaDO();
        BeanUtils.copyProperties(basicConfigVO, caDO);
        caDO.setGmtCreate(new Date());
        caDO.setIsMaster(Integer.valueOf(CaDO.CaMasterEnum.YES.value));
        if (CaDO.CaTypeEnum.ROOT_CA.value == basicConfigVO.getType().intValue()) {
            caDO.setName("根CA");
        } else {
            caDO.setName("CA");
        }
        return caDO;
    }

    public PrivateKey getRootPrivateKey(String str) {
        try {
            File file = new File(str);
            if (!file.exists()) {
                return null;
            }
            PEMParser pEMParser = new PEMParser(new FileReader(file));
            Object readObject = pEMParser.readObject();
            pEMParser.close();
            PEMDecryptorProvider build = new JcePEMDecryptorProviderBuilder().build((char[]) null);
            JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider("BC");
            return (readObject instanceof PEMEncryptedKeyPair ? provider.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(build)) : provider.getKeyPair((PEMKeyPair) readObject)).getPrivate();
        } catch (Exception e) {
            throw new ServiceException("读取公钥私服时异常：" + e.getMessage());
        }
    }

    private void saveCaAdminCert(Long l, X509Certificate x509Certificate, X509Certificate x509Certificate2, CaManagerCertVO caManagerCertVO, TemplateInfoVO templateInfoVO, Long l2) throws Exception {
        ArrayList arrayList = new ArrayList();
        ManageCertDataDO manageCertDataDO = new ManageCertDataDO();
        ManageCertDataDO manageCertDataDO2 = new ManageCertDataDO();
        manageCertDataDO2.setData(CertUtil.writeObject(x509Certificate2));
        manageCertDataDO2.setGmtCreate(x509Certificate2.getNotBefore());
        manageCertDataDO.setData(CertUtil.writeObject(x509Certificate));
        manageCertDataDO.setGmtCreate(x509Certificate2.getNotBefore());
        Date date = new Date();
        ManageCertDO manageCertDO = new ManageCertDO();
        manageCertDO.setId(Long.valueOf(this.managerCertIdDao.getMaxId(date)));
        manageCertDO.setCaCertId(l);
        manageCertDO.setSn(x509Certificate2.getSerialNumber().toString(16));
        manageCertDO.setIssuer(CertUtil.getIssuerByX509Cert(x509Certificate2));
        manageCertDO.setSubject(CertUtil.getSubjectByX509Cert(x509Certificate2));
        manageCertDO.setPublicKeyAlg(templateInfoVO.getKeyAlg());
        manageCertDO.setPrivateKeySize(templateInfoVO.getKeySize());
        manageCertDO.setBeforeTime(x509Certificate2.getNotBefore());
        manageCertDO.setAfterTime(x509Certificate2.getNotAfter());
        manageCertDO.setSignAlg(templateInfoVO.getSignAlg());
        manageCertDO.setType(Constants.ENC_CERT);
        manageCertDO.setStatus(1);
        manageCertDO.setTemplateId(templateInfoVO.getId());
        manageCertDO.setPairCertSn(x509Certificate.getSerialNumber().toString(16));
        manageCertDO.setConfirmationStatus(Constants.ISSUE_CERT_NO_ACK);
        manageCertDO.setGmtCreate(x509Certificate2.getNotBefore());
        ManageCertDO save = this.managereCertDao.save(manageCertDO);
        manageCertDataDO2.setId(save.getId());
        arrayList.add(manageCertDataDO2);
        save.setSn(x509Certificate.getSerialNumber().toString(16));
        save.setPairCertSn(x509Certificate2.getSerialNumber().toString(16));
        save.setPairCertId(save.getId());
        save.setType(Constants.SIGN_CERT);
        save.setId(Long.valueOf(this.managerCertIdDao.getMaxId(date)));
        ManageCertDO save2 = this.managereCertDao.save(save);
        manageCertDataDO.setId(save2.getId());
        arrayList.add(manageCertDataDO);
        AdminRoleDO adminRoleDO = new AdminRoleDO();
        adminRoleDO.setRoleId(l2);
        adminRoleDO.setGmtCreate(x509Certificate2.getNotBefore());
        adminRoleDO.setManageCertId(save2.getId());
        this.adminRoleDao.save(adminRoleDO);
        this.managereCertDao.updatePairCertId(save2.getPairCertId(), save2.getId());
        this.managerCertDataDao.batchSave(arrayList);
        this.taskDataService.saveCertConfirmStatus((Long) null, manageCertDataDO.getId());
    }

    public void saveCAServerCert(Long l, X509Certificate x509Certificate, X509Certificate x509Certificate2, TemplateInfoVO templateInfoVO) throws Exception {
        ArrayList arrayList = new ArrayList();
        ManageCertDataDO manageCertDataDO = new ManageCertDataDO();
        ManageCertDataDO manageCertDataDO2 = new ManageCertDataDO();
        manageCertDataDO2.setData(CertUtil.writeObject(x509Certificate));
        manageCertDataDO2.setGmtCreate(x509Certificate.getNotBefore());
        manageCertDataDO.setData(CertUtil.writeObject(x509Certificate2));
        manageCertDataDO.setGmtCreate(x509Certificate.getNotBefore());
        Date date = new Date();
        ManageCertDO manageCertDO = new ManageCertDO();
        manageCertDO.setId(Long.valueOf(this.managerCertIdDao.getMaxId(date)));
        manageCertDO.setCaCertId(l);
        manageCertDO.setSn(x509Certificate.getSerialNumber().toString(16));
        manageCertDO.setIssuer(CertUtil.getIssuerByX509Cert(x509Certificate));
        manageCertDO.setSubject(CertUtil.getSubjectByX509Cert(x509Certificate));
        manageCertDO.setPublicKeyAlg(templateInfoVO.getKeyAlg());
        manageCertDO.setPrivateKeySize(templateInfoVO.getKeySize());
        manageCertDO.setBeforeTime(x509Certificate.getNotBefore());
        manageCertDO.setAfterTime(x509Certificate.getNotAfter());
        manageCertDO.setSignAlg(templateInfoVO.getSignAlg());
        manageCertDO.setType(Constants.ENC_CERT);
        manageCertDO.setStatus(1);
        manageCertDO.setTemplateId(templateInfoVO.getId());
        manageCertDO.setPairCertSn(x509Certificate2.getSerialNumber().toString(16));
        manageCertDO.setConfirmationStatus(Constants.ISSUE_CERT_OK_ACK);
        manageCertDO.setGmtCreate(x509Certificate.getNotBefore());
        ManageCertDO save = this.managereCertDao.save(manageCertDO);
        manageCertDataDO2.setId(save.getId());
        arrayList.add(manageCertDataDO2);
        save.setSn(x509Certificate2.getSerialNumber().toString(16));
        save.setPairCertSn(x509Certificate.getSerialNumber().toString(16));
        save.setPairCertId(save.getId());
        save.setType(Constants.SIGN_CERT);
        save.setId(Long.valueOf(this.managerCertIdDao.getMaxId(date)));
        ManageCertDO save2 = this.managereCertDao.save(save);
        manageCertDataDO.setId(save2.getId());
        arrayList.add(manageCertDataDO);
        CaServerCertDo caServerCertDo = new CaServerCertDo();
        caServerCertDo.setGmtCreate(x509Certificate.getNotBefore());
        caServerCertDo.setIsCurrent(Integer.valueOf(ServerCertIsCurrentEnum.IS_CURRENT.value));
        caServerCertDo.setManageCertId(save2.getId());
        this.caServerCertDao.save(caServerCertDo);
        this.managereCertDao.updatePairCertId(save2.getPairCertId(), save2.getId());
        this.managerCertDataDao.batchSave(arrayList);
        this.taskDataService.savePublishCert(save2.getId(), save2.getPairCertId(), 2);
    }
}
