package com.xdja.pki.ca.certcrl.service.impl;

import com.xdja.pki.ca.certcrl.service.util.ArlPublishUtil;
import com.xdja.pki.ca.certcrl.service.util.CrlPublishUtil;
import com.xdja.pki.ca.certmanager.dao.ArlDao;
import com.xdja.pki.ca.certmanager.dao.ArlDataDao;
import com.xdja.pki.ca.certmanager.dao.CertDao;
import com.xdja.pki.ca.certmanager.dao.CrlDao;
import com.xdja.pki.ca.certmanager.dao.CrlDataDao;
import com.xdja.pki.ca.certmanager.dao.DeltaRevokeCertDao;
import com.xdja.pki.ca.certmanager.dao.RevokeCertDao;
import com.xdja.pki.ca.certmanager.dao.TemplateDao;
import com.xdja.pki.ca.certmanager.dao.TemplateUserCertDao;
import com.xdja.pki.ca.certmanager.dao.models.CrlBeanDo;
import com.xdja.pki.ca.certmanager.dao.models.DeltaRevokedCertDO;
import com.xdja.pki.ca.certmanager.dao.models.TemplateUserCertDO;
import com.xdja.pki.ca.certmanager.service.subsystem.SubSystemService;
import com.xdja.pki.ca.certmanager.service.util.ExtensionUtil;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.CrlConstants;
import com.xdja.pki.ca.core.configBasic.bean.CrlConfigBean;
import com.xdja.pki.ca.core.enums.CrlPublishEnum;
import com.xdja.pki.ca.core.enums.SignAlgFormatEnum;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.core.util.CrlUtil;
import com.xdja.pki.ca.core.util.time.IssueTimeUtil;
import com.xdja.pki.ca.securitymanager.dao.CaCertDao;
import com.xdja.pki.ca.securitymanager.dao.CertSnDao;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.ca.securitymanager.service.vo.SignAlgTypeEnum;
import com.xdja.pki.gmssl.x509.utils.GMSSLCRLUtils;
import com.xdja.pki.gmssl.x509.utils.GMSSLExtensionUtils;
import com.xdja.pki.gmssl.x509.utils.bean.CRLEntry;
import java.math.BigInteger;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.x509.Extension;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:WEB-INF/lib/ca-service-certcrl-impl-0.0.1-SNAPSHOT.jar:com/xdja/pki/ca/certcrl/service/impl/CRLServiceImpl.class */
public class CRLServiceImpl implements CrlService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private DeltaRevokeCertDao deltaRevokeCertDao;

    @Autowired
    private CertSnDao certSnDao;

    @Autowired
    private RevokeCertDao revokeCertDao;

    @Autowired
    private CrlDao crlDao;

    @Autowired
    private CrlDataDao crlDataDao;

    @Autowired
    private CaCertDao caCertDao;

    @Autowired
    private ArlDao arlDao;

    @Autowired
    private ArlDataDao arlDataDao;

    @Autowired
    private SubSystemService subSystemService;

    @Autowired
    private TemplateUserCertDao templateUserCertDao;

    @Autowired
    private TemplateDao templateDao;

    @Autowired
    private CertDao certDao;

    @Value("${ldapsdk.response.overtime}")
    public int ldapsdkOutTime;

    @Override // com.xdja.pki.ca.certcrl.service.impl.CrlService
    public void saveDeltaCrlInfo(String str, String str2, Integer num, Integer num2, Date date) {
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new DeltaRevokedCertDO(str, num, num2, date));
            if (null != str2) {
                arrayList.add(new DeltaRevokedCertDO(str2, num, num2, date));
            }
            this.deltaRevokeCertDao.saveBatch(arrayList);
        } catch (Exception e) {
            throw new ServiceException("保存增量CRL信息异常", e);
        }
    }

    @Override // com.xdja.pki.ca.certcrl.service.impl.CrlService
    public void saveDeltaCrlInfo(String str, Integer num, Integer num2, Date date) {
        try {
            this.deltaRevokeCertDao.save(new DeltaRevokedCertDO(str, num, num2, date));
        } catch (Exception e) {
            throw new ServiceException("保存增量CRL信息异常", e);
        }
    }

    private void copyList(List<CrlBeanDo> list, List<CRLEntry> list2) {
        for (CrlBeanDo crlBeanDo : list) {
            list2.add(new CRLEntry(crlBeanDo.getUserCertificateSerial(), crlBeanDo.getRevocationDate(), crlBeanDo.getReason().intValue()));
        }
    }

    private void saveCrlData(Map<Integer, X509CRL> map, Long l) {
        this.crlDataDao.saveCrlDatas(map, this.crlDao.saveCrls(l, map));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v18 */
    /* JADX WARN: Type inference failed for: r28v3, types: [java.util.List] */
    @Override // com.xdja.pki.ca.certcrl.service.impl.CrlService
    public void doIssueCrl(Date date, Integer num, boolean z) {
        List<CrlBeanDo> snsForDrl;
        Extension genAuthorityKeyIdentifier;
        this.logger.info("====================开始签发" + (z ? "drl" : "crl") + "====================");
        CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(num);
        List<X509Certificate> caCertsByCaId = this.caCertDao.getCaCertsByCaId(caInfoVO.getCaId());
        int computeSnFragmentantation = CrlUtil.computeSnFragmentantation(BigInteger.valueOf(this.certSnDao.getMaxId().longValue()), caInfoVO.getCrlConfig().getCertCounts().intValue());
        Date nextUpdateDate = IssueTimeUtil.getNextUpdateDate(date, z ? caInfoVO.getCrlConfig().getDeltaCrlCycle() : caInfoVO.getCrlConfig().getReleaseCycle());
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        Map<String, Object> lastCrlId = this.crlDao.getLastCrlId();
        int i = 0;
        boolean z2 = true;
        while (true) {
            if (z) {
                try {
                    snsForDrl = this.deltaRevokeCertDao.getSnsForDrl(num, date, i, CrlConstants.DB_READ_COUNTS.intValue());
                } catch (Exception e) {
                    e.printStackTrace();
                    throw new ServiceException("签发crl失败", e);
                }
            } else {
                ?? snsForCrl = this.revokeCertDao.getSnsForCrl(num, date, i, CrlConstants.DB_READ_COUNTS.intValue());
                snsForDrl = snsForCrl;
                if (z2) {
                    List<CrlBeanDo> snsForCrl2 = this.certDao.getSnsForCrl(num, date);
                    if (null != snsForCrl2 && 0 != snsForCrl2.size()) {
                        snsForCrl.addAll(snsForCrl2);
                    }
                    z2 = false;
                    snsForDrl = snsForCrl;
                }
            }
            if (false == snsForDrl || 0 == snsForDrl.size()) {
                break;
            }
            ArrayList arrayList = new ArrayList();
            copyList(snsForDrl, arrayList);
            i += CrlConstants.DB_READ_COUNTS.intValue();
            for (int i2 = 0; i2 < arrayList.size(); i2++) {
                CRLEntry cRLEntry = arrayList.get(i2);
                String userCertificateSerial = cRLEntry.getUserCertificateSerial();
                Integer valueOf = Integer.valueOf(CrlUtil.computeSnFragmentantation(new BigInteger(userCertificateSerial, 16), caInfoVO.getCrlConfig().getCertCounts().intValue()));
                TemplateUserCertDO queryBySn = this.templateUserCertDao.queryBySn(userCertificateSerial);
                Integer valueOf2 = (null == queryBySn || !queryBySn.isOpenCrl()) ? Integer.valueOf((CrlConstants.COMMON_CRL_TEMPLATE_ID.intValue() * CrlConstants.TRANSLATION_17.intValue()) + valueOf.intValue()) : Integer.valueOf((queryBySn.getTemplateId().intValue() * CrlConstants.TRANSLATION_17.intValue()) + valueOf.intValue());
                List list = (List) hashMap2.get(valueOf2);
                if (null == list) {
                    list = new ArrayList();
                }
                list.add(cRLEntry);
                hashMap2.put(valueOf2, list);
            }
        }
        List<Long> openCrlTemplateId = this.templateDao.getOpenCrlTemplateId();
        this.logger.debug("deltas:" + computeSnFragmentantation);
        for (int i3 = 0; i3 <= computeSnFragmentantation; i3++) {
            int intValue = (CrlConstants.COMMON_CRL_TEMPLATE_ID.intValue() * CrlConstants.TRANSLATION_17.intValue()) + i3;
            if (null == ((List) hashMap2.get(Integer.valueOf(intValue)))) {
                hashMap2.put(Integer.valueOf(intValue), new ArrayList());
            }
            if (null != openCrlTemplateId) {
                for (Long l : openCrlTemplateId) {
                    this.logger.debug("单独分片模板id：" + l);
                    int intValue2 = (l.intValue() * CrlConstants.TRANSLATION_17.intValue()) + i3;
                    if (null == ((List) hashMap2.get(Integer.valueOf(intValue2)))) {
                        hashMap2.put(Integer.valueOf(intValue2), new ArrayList());
                    }
                }
            }
        }
        for (Integer num2 : hashMap2.keySet()) {
            ArrayList arrayList2 = new ArrayList();
            if (z) {
                Object obj = lastCrlId.get("crl" + num2 + ".crl");
                if (null == obj) {
                    break;
                }
                String lastCrlSnById = this.crlDao.getLastCrlSnById((Long) obj);
                if (StringUtils.isBlank(lastCrlSnById)) {
                    break;
                } else {
                    genAuthorityKeyIdentifier = GMSSLExtensionUtils.genDRLExtension(new BigInteger(lastCrlSnById, 16).intValue());
                }
            } else {
                genAuthorityKeyIdentifier = ExtensionUtil.genAuthorityKeyIdentifier(null, false, caInfoVO.getRootCert());
            }
            arrayList2.add(genAuthorityKeyIdentifier);
            BigInteger crlMaxSn = this.certSnDao.getCrlMaxSn(new Date());
            List list2 = (List) hashMap2.get(num2);
            hashMap.put(num2, Constants.CRYPT_DEVICE_TYPE.equals(Constants.CRYPT_DEVICE_BC) ? GMSSLCRLUtils.generateCRLByBC(caInfoVO.getRootCert(), caInfoVO.getRootPrivateKey(), SignAlgTypeEnum.getAlgName(Integer.parseInt(caInfoVO.getSignAlg())), crlMaxSn, date, nextUpdateDate, arrayList2, list2, SignAlgFormatEnum.isBlankSpaceFormat(Constants.SIGN_ALG_FORMAT_FLAG)) : GMSSLCRLUtils.generateCRLByYunhsm(caInfoVO.getRootCert(), caInfoVO.getCaPwdBean().getKeyIndex().intValue(), caInfoVO.getCaPwdBean().getPrivateKeyPin(), SignAlgTypeEnum.getAlgName(Integer.parseInt(caInfoVO.getSignAlg())), crlMaxSn, date, nextUpdateDate, arrayList2, list2, SignAlgFormatEnum.isBlankSpaceFormat(Constants.SIGN_ALG_FORMAT_FLAG)));
        }
        if (0 != hashMap.size()) {
            if (z) {
                saveDrlData(hashMap, caInfoVO.getCertId(), lastCrlId);
            } else {
                saveCrlData(hashMap, caInfoVO.getCertId());
                if (caInfoVO.getCrlConfig().isDelta()) {
                    this.deltaRevokeCertDao.deleteBatch(hashMap, num);
                }
            }
            CrlPublishUtil crlPublishUtil = new CrlPublishUtil();
            CrlConfigBean crlConfig = caInfoVO.getCrlConfig();
            if (CrlPublishEnum.isHttpCRL(crlConfig.getCrlPublish())) {
                crlPublishUtil.httpPublishCrl(crlConfig, hashMap, z);
            }
            if (CrlPublishEnum.isLDAPCRL(crlConfig.getCrlPublish())) {
                crlPublishUtil.ldapPublishCrl(caInfoVO, hashMap, this.subSystemService.getAllLdapServerCerts(), caCertsByCaId, this.ldapsdkOutTime);
            }
        }
    }

    private void saveDrlData(Map<Integer, X509CRL> map, Long l, Map<String, Object> map2) {
        this.crlDataDao.saveDrlDatas(map, this.crlDao.saveDrls(l, map, map2));
    }

    @Override // com.xdja.pki.ca.certcrl.service.impl.CrlService
    public void doIssueArl(Date date, Integer num) {
        CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(num);
        List<X509Certificate> caCertsByCaId = this.caCertDao.getCaCertsByCaId(caInfoVO.getCaId());
        Date nextUpdateDate = IssueTimeUtil.getNextUpdateDate(date, caInfoVO.getCrlConfig().getReleaseCycle());
        ArrayList arrayList = new ArrayList();
        try {
            CrlConfigBean crlConfig = caInfoVO.getCrlConfig();
            if (CrlPublishEnum.isSignCRL(crlConfig.getCrlPublish())) {
                ArlPublishUtil arlPublishUtil = new ArlPublishUtil();
                arrayList.add(GMSSLExtensionUtils.genARLExtension(arlPublishUtil.getPublishArlUrl(caInfoVO)));
                List<CrlBeanDo> snsForArl = this.revokeCertDao.getSnsForArl(num, date);
                ArrayList arrayList2 = new ArrayList();
                copyList(snsForArl, arrayList2);
                BigInteger crlMaxSn = this.certSnDao.getCrlMaxSn(new Date());
                X509CRL generateCRLByBC = Constants.CRYPT_DEVICE_TYPE.equals(Constants.CRYPT_DEVICE_BC) ? GMSSLCRLUtils.generateCRLByBC(caInfoVO.getRootCert(), caInfoVO.getRootPrivateKey(), SignAlgTypeEnum.getAlgName(Integer.parseInt(caInfoVO.getSignAlg())), crlMaxSn, date, nextUpdateDate, arrayList, arrayList2, SignAlgFormatEnum.isBlankSpaceFormat(Constants.SIGN_ALG_FORMAT_FLAG)) : GMSSLCRLUtils.generateCRLByYunhsm(caInfoVO.getRootCert(), caInfoVO.getCaPwdBean().getKeyIndex().intValue(), caInfoVO.getCaPwdBean().getPrivateKeyPin(), SignAlgTypeEnum.getAlgName(Integer.parseInt(caInfoVO.getSignAlg())), crlMaxSn, date, nextUpdateDate, arrayList, arrayList2, SignAlgFormatEnum.isBlankSpaceFormat(Constants.SIGN_ALG_FORMAT_FLAG));
                saveArlData(generateCRLByBC, caInfoVO.getCertId());
                if (CrlPublishEnum.isHttpCRL(crlConfig.getCrlPublish())) {
                    arlPublishUtil.httpPublishCrl(crlConfig, generateCRLByBC);
                }
                if (CrlPublishEnum.isLDAPCRL(crlConfig.getCrlPublish())) {
                    arlPublishUtil.ldapPublishArl(caInfoVO, generateCRLByBC, this.subSystemService.getAllLdapServerCerts(), caCertsByCaId, this.ldapsdkOutTime);
                }
            }
        } catch (Exception e) {
            throw new ServiceException("签发ARL失败", e);
        }
    }

    private void saveArlData(X509CRL x509crl, Long l) {
        this.arlDataDao.saveArlDatas(x509crl, this.arlDao.saveArls(l, x509crl));
    }

    @Override // com.xdja.pki.ca.certcrl.service.impl.CrlService
    public Date getCrlLastUpdateTime() {
        try {
            return this.crlDao.getCrlLastUpdateTime();
        } catch (Exception e) {
            throw new ServiceException("获取当前最大CRL最后更新时间异常", e);
        }
    }

    @Override // com.xdja.pki.ca.certcrl.service.impl.CrlService
    public Date getDrlLastUpdateTime() {
        try {
            return this.crlDao.getArlLastUpdateTime();
        } catch (Exception e) {
            throw new ServiceException("获取当前最大CRL最后更新时间异常", e);
        }
    }
}
