package com.xdja.pki.ldap.config;

import com.xdja.pki.gmssl.core.utils.GMSSLECUtils;
import com.xdja.pki.gmssl.crypto.init.GMSSLPkiCryptoInit;
import com.xdja.pki.gmssl.crypto.utils.GMSSLECKeyUtils;
import com.xdja.pki.gmssl.keystore.utils.GMSSLKeyStoreUtils;
import com.xdja.pki.ldap.X509Utils;
import java.io.File;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;

@ConfigurationProperties(prefix = "ldap.server")
@Component
/* loaded from: input_file:com/xdja/pki/ldap/config/LDAPConfiguration.class */
public class LDAPConfiguration {
    private Logger logger = LoggerFactory.getLogger(LDAPConfiguration.class);
    private String caCert;
    private String signCert;
    private String signKey;
    private int privateKeyIndex;
    private String privateKeyPassword;
    private String cryptoType;
    private String privateKey;

    public String getCryptoType() {
        if (StringUtils.isEmpty(this.cryptoType)) {
            this.cryptoType = "YUNHSM";
        }
        return this.cryptoType;
    }

    public void setCryptoType(String str) throws Exception {
        this.cryptoType = str;
        if ("YUNHSM".equalsIgnoreCase(this.cryptoType) || "PCIE".equalsIgnoreCase(this.cryptoType) || "BC".equalsIgnoreCase(this.cryptoType)) {
            this.logger.info("签名验签方式为  " + this.cryptoType);
        } else {
            this.logger.error("请配置正确的签名验签方式");
            throw new Exception("请配置正确的签名验签方式");
        }
    }

    public int getPrivateKeyIndex() {
        return this.privateKeyIndex;
    }

    public String getPrivateKeyPassword() {
        return this.privateKeyPassword;
    }

    public void setPrivateKeyIndex(int i) {
        this.privateKeyIndex = i;
    }

    public void setPrivateKeyPassword(String str) {
        this.privateKeyPassword = str;
    }

    public List<String> getPrivateKey() {
        ArrayList arrayList = new ArrayList();
        for (String str : this.privateKey.split(",")) {
            arrayList.add(str);
        }
        return arrayList;
    }

    public void setPrivateKey(String str) {
        this.privateKey = str;
    }

    public List<X509Certificate> getCaCerts() throws Exception {
        String caPem = getCaPem();
        if (isCaPemExist()) {
            return X509Utils.getX509CertificateListFromFile(caPem);
        }
        X509Utils.convertP7BToCaPemJson(this.caCert, caPem);
        return X509Utils.convertNestListToList(X509Utils.getX509CertificateListFromAllP7B(this.caCert));
    }

    public void setCaCert(String str) {
        this.caCert = str;
    }

    public String getCaPem() {
        return this.caCert + "/ca.pem";
    }

    private boolean isCaPemExist() {
        return new File(getCaPem()).exists();
    }

    public void updateCaCert(X509Certificate x509Certificate) throws Exception {
        String caPem = getCaPem();
        if (!isCaPemExist()) {
            X509Utils.convertP7BToCaPemJson(this.caCert, caPem);
        }
        X509Utils.appendCertificateToPem(caPem, x509Certificate);
    }

    public void updateCaCert(X509Certificate x509Certificate, List<X509Certificate> list) throws Exception {
        String caPemPathByCaCerts = getCaPemPathByCaCerts(list, this.caCert);
        if (X509Utils.getX509CertificateListFromFile(caPemPathByCaCerts).contains(x509Certificate)) {
            return;
        }
        X509Utils.appendCertificateToPem(caPemPathByCaCerts, x509Certificate);
    }

    public X509Certificate getSignCert() throws Exception {
        initInstance();
        return (!this.cryptoType.equalsIgnoreCase("YUNHSM") || this.privateKeyPassword == null) ? (X509Certificate) GMSSLKeyStoreUtils.readCertificateFromKeyStore(X509Utils.readKeyStoreFromPath(this.signKey, "password".toCharArray()), "sign") : X509Utils.getX509CertificateFromPEM(this.signCert);
    }

    public List<X509Certificate> getAllSignCert() throws Exception {
        new ArrayList();
        List<X509Certificate> x509CertificateFromAllPEM = X509Utils.getX509CertificateFromAllPEM(this.signCert);
        List readAllKeyStoreFromPath = X509Utils.readAllKeyStoreFromPath(this.signKey, "password".toCharArray());
        if (readAllKeyStoreFromPath != null && readAllKeyStoreFromPath.size() > 0) {
            for (int i = 0; i < readAllKeyStoreFromPath.size(); i++) {
                x509CertificateFromAllPEM.add((X509Certificate) GMSSLKeyStoreUtils.readCertificateFromKeyStore((KeyStore) readAllKeyStoreFromPath.get(i), "sign"));
            }
        }
        return x509CertificateFromAllPEM;
    }

    public void setSignCert(String str) {
        this.signCert = str;
    }

    public KeyPair getSignKey() throws Exception {
        KeyStore readKeyStoreFromPath = X509Utils.readKeyStoreFromPath(this.signKey, "password".toCharArray());
        return new KeyPair(GMSSLKeyStoreUtils.readCertificateFromKeyStore(readKeyStoreFromPath, "sign").getPublicKey(), GMSSLKeyStoreUtils.readPrivateKeyFromKeyStore(readKeyStoreFromPath, "password".toCharArray(), "sign"));
    }

    public List<KeyPair> getAllSignKey() throws Exception {
        ArrayList arrayList = new ArrayList();
        List readAllKeyStoreFromPath = X509Utils.readAllKeyStoreFromPath(this.signKey, "password".toCharArray());
        if (readAllKeyStoreFromPath != null && readAllKeyStoreFromPath.size() > 0) {
            for (int i = 0; i < readAllKeyStoreFromPath.size(); i++) {
                arrayList.add(new KeyPair(GMSSLKeyStoreUtils.readCertificateFromKeyStore((KeyStore) readAllKeyStoreFromPath.get(i), "sign").getPublicKey(), GMSSLKeyStoreUtils.readPrivateKeyFromKeyStore((KeyStore) readAllKeyStoreFromPath.get(i), "password".toCharArray(), "sign")));
            }
        }
        return arrayList;
    }

    public void setSignKey(String str) {
        this.signKey = str;
    }

    public void initInstance() {
        if ("YUNHSM".equalsIgnoreCase(this.cryptoType)) {
            if (this.privateKeyPassword == null) {
                try {
                    GMSSLPkiCryptoInit.getSancHsmInstance();
                } catch (Exception e) {
                    this.logger.error("获取Sanc hsm instance异常");
                }
            } else {
                GMSSLPkiCryptoInit.getXdjaYunHsmInstance();
            }
        }
        if ("PCIE".equalsIgnoreCase(this.cryptoType)) {
            GMSSLPkiCryptoInit.getPcieInstance();
        }
        if ("BC".equalsIgnoreCase(this.cryptoType)) {
            GMSSLPkiCryptoInit.getBCInstance();
        }
    }

    public void initInstance(String str) {
        if ("YUNHSM".equalsIgnoreCase(str)) {
            if (this.privateKeyPassword == null) {
                try {
                    GMSSLPkiCryptoInit.getSancHsmInstance();
                } catch (Exception e) {
                    this.logger.error("获取Sanc hsm instance异常");
                }
            } else {
                GMSSLPkiCryptoInit.getXdjaYunHsmInstance();
            }
        }
        if ("PCIE".equalsIgnoreCase(str)) {
            GMSSLPkiCryptoInit.getPcieInstance();
        }
        if ("BC".equalsIgnoreCase(str)) {
            GMSSLPkiCryptoInit.getBCInstance();
        }
    }

    public Map<String, Object> getCAToLDAPMap() throws Exception {
        HashMap hashMap = new HashMap();
        List<List<X509Certificate>> allCAListFromPath = getAllCAListFromPath(this.caCert);
        List<X509Certificate> allSignCert = getAllSignCert();
        List<KeyPair> allSignKey = getAllSignKey();
        List<String> privateKey = getPrivateKey();
        for (int i = 0; i < allCAListFromPath.size(); i++) {
            ArrayList arrayList = new ArrayList();
            List<X509Certificate> list = allCAListFromPath.get(i);
            arrayList.add(list);
            String keyFromCertificate = X509Utils.getKeyFromCertificate(list.get(list.size() - 1));
            for (int size = list.size() - 1; size >= 0; size--) {
                String sigAlgName = list.get(size).getSigAlgName();
                Iterator<X509Certificate> it = allSignCert.iterator();
                while (it.hasNext()) {
                    X509Certificate next = it.next();
                    if (X509Utils.verifyCert(list, next)) {
                        arrayList.add(next);
                        Iterator<KeyPair> it2 = allSignKey.iterator();
                        while (it2.hasNext()) {
                            KeyPair next2 = it2.next();
                            if (next.getPublicKey().equals(next2.getPublic())) {
                                arrayList.add(next2);
                                it2.remove();
                                it.remove();
                            }
                        }
                        if (sigAlgName.contains("SM2") && next.getSigAlgName().contains("SM2")) {
                            BCECPublicKey publicKey = next.getPublicKey();
                            Iterator<String> it3 = privateKey.iterator();
                            while (it3.hasNext()) {
                                String[] split = it3.next().split("-");
                                if (split.length != 2) {
                                    it3.remove();
                                } else if (publicKey.equals(GMSSLECKeyUtils.getSignPublicKeyByYunhsm(Integer.parseInt(split[0]), GMSSLECUtils.SM2p256))) {
                                    arrayList.add(split);
                                    it3.remove();
                                    it.remove();
                                }
                            }
                        }
                    }
                }
                if (arrayList.size() == 3) {
                    hashMap.put(keyFromCertificate, arrayList);
                }
            }
        }
        return hashMap;
    }

    private List<List<X509Certificate>> getAllCAListFromPath(String str) throws Exception {
        List x509CertificateListFromFile;
        String[] list = new File(str).list();
        ArrayList arrayList = new ArrayList();
        for (String str2 : list) {
            new ArrayList();
            String[] list2 = new File(str + "/" + str2).list();
            if (list2.length == 1) {
                String str3 = str + "/" + str2 + "/" + list2[0];
                X509Utils.convertP7BToCaPemJson(str3, str + "/" + str2 + "/ca.pem");
                x509CertificateListFromFile = X509Utils.getX509CertificateListFromP7B(str3);
            } else {
                String str4 = str + "/" + str2 + "/ca.pem";
                List x509CertificateListFromFile2 = X509Utils.getX509CertificateListFromFile(str4);
                List arrayList2 = new ArrayList();
                for (int i = 0; i < list2.length; i++) {
                    if (!"ca.pem".equalsIgnoreCase(list2[i])) {
                        arrayList2 = X509Utils.getX509CertificateListFromP7B(str + "/" + str2 + "/" + list2[i]);
                    }
                    if (!x509CertificateListFromFile2.containsAll(arrayList2)) {
                        for (int i2 = 0; i2 < arrayList2.size(); i2++) {
                            X509Utils.appendCertificateToPem(str4, (X509Certificate) arrayList2.get(i2));
                        }
                    }
                }
                x509CertificateListFromFile = X509Utils.getX509CertificateListFromFile(str4);
            }
            arrayList.add(x509CertificateListFromFile);
        }
        return arrayList;
    }

    private String getCaPemPathByCaCerts(List<X509Certificate> list, String str) throws Exception {
        String str2;
        List x509CertificateListFromFile;
        for (String str3 : new File(str).list()) {
            new ArrayList();
            String[] list2 = new File(str + "/" + str3).list();
            if (list2.length == 1) {
                String str4 = str + "/" + str3 + "/" + list2[0];
                str2 = str + "/" + str3 + "/ca.pem";
                X509Utils.convertP7BToCaPemJson(str4, str2);
                x509CertificateListFromFile = X509Utils.getX509CertificateListFromP7B(str4);
            } else {
                str2 = str + "/" + str3 + "/ca.pem";
                List x509CertificateListFromFile2 = X509Utils.getX509CertificateListFromFile(str2);
                List arrayList = new ArrayList();
                for (int i = 0; i < list2.length; i++) {
                    String str5 = null;
                    if (!"ca.pem".equalsIgnoreCase(list2[i])) {
                        str5 = str + "/" + str3 + "/" + list2[i];
                        arrayList = X509Utils.getX509CertificateListFromP7B(str5);
                    }
                    if (!x509CertificateListFromFile2.containsAll(arrayList)) {
                        X509Utils.convertP7BToCaPemJson(str5, str2);
                    }
                }
                x509CertificateListFromFile = X509Utils.getX509CertificateListFromFile(str2);
            }
            if (x509CertificateListFromFile.containsAll(list)) {
                return str2;
            }
        }
        return null;
    }
}
