package com.xdja.pki.ldap.config;

import ch.qos.logback.core.net.ssl.SSL;
import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import com.xdja.pki.gmssl.crypto.init.GMSSLPkiCryptoInit;
import com.xdja.pki.gmssl.keystore.utils.GMSSLKeyStoreUtils;
import com.xdja.pki.ldap.X509Utils;
import java.io.File;
import java.io.InputStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.List;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;

@ConfigurationProperties(prefix = "ldap.server")
@Component
/* loaded from: input_file:WEB-INF/lib/ldap-service-0.0.8-SNAPSHOT.jar:com/xdja/pki/ldap/config/LDAPConfiguration.class */
public class LDAPConfiguration {
    private Logger logger = LoggerFactory.getLogger((Class<?>) LDAPConfiguration.class);
    private String caCert;
    private String signCert;
    private String signKey;
    private int privateKeyIndex;
    private String privateKeyPassword;
    private String cryptoType;

    public String getCryptoType() {
        if (StringUtils.isEmpty(this.cryptoType)) {
            this.cryptoType = "YUNHSM";
        }
        return this.cryptoType;
    }

    public void setCryptoType(String str) throws Exception {
        this.cryptoType = str;
        if ("YUNHSM".equalsIgnoreCase(this.cryptoType) || "PCIE".equalsIgnoreCase(this.cryptoType) || "BC".equalsIgnoreCase(this.cryptoType)) {
            this.logger.info("签名验签方式为  " + this.cryptoType);
        } else {
            this.logger.error("请配置正确的签名验签方式");
            throw new Exception("请配置正确的签名验签方式");
        }
    }

    public int getPrivateKeyIndex() {
        return this.privateKeyIndex;
    }

    public String getPrivateKeyPassword() {
        return this.privateKeyPassword;
    }

    public void setPrivateKeyIndex(int i) {
        this.privateKeyIndex = i;
    }

    public void setPrivateKeyPassword(String str) {
        this.privateKeyPassword = str;
    }

    public List<X509Certificate> getCaCerts() throws Exception {
        String caPem = getCaPem();
        if (isCaPemExist()) {
            return X509Utils.getX509CertificateListFromFile(caPem);
        }
        X509Utils.convertP7BToCaPemJson(this.caCert, caPem);
        return X509Utils.getX509CertificateListFromP7B(this.caCert);
    }

    public void setCaCert(String str) {
        this.caCert = str;
    }

    public String getCaPem() {
        return this.caCert.substring(0, this.caCert.lastIndexOf("/")) + "/ca.pem";
    }

    private boolean isCaPemExist() {
        return new File(getCaPem()).exists();
    }

    public void updateCaCert(X509Certificate x509Certificate) throws Exception {
        String caPem = getCaPem();
        if (!isCaPemExist()) {
            X509Utils.convertP7BToCaPemJson(this.caCert, caPem);
        }
        X509Utils.appendCertificateToPem(caPem, x509Certificate);
    }

    public X509Certificate getSignCert() throws Exception {
        initInstance();
        return (!this.cryptoType.equalsIgnoreCase("YUNHSM") || this.privateKeyPassword == null) ? (X509Certificate) GMSSLKeyStoreUtils.readCertificateFromKeyStore(readKeyStoreFromPath(this.signKey, "password".toCharArray()), "sign") : X509Utils.getX509CertificateFromPEM(this.signCert);
    }

    public void setSignCert(String str) {
        this.signCert = str;
    }

    public KeyPair getSignKey() throws Exception {
        KeyStore readKeyStoreFromPath = readKeyStoreFromPath(this.signKey, "password".toCharArray());
        return new KeyPair(GMSSLKeyStoreUtils.readCertificateFromKeyStore(readKeyStoreFromPath, "sign").getPublicKey(), GMSSLKeyStoreUtils.readPrivateKeyFromKeyStore(readKeyStoreFromPath, "password".toCharArray(), "sign"));
    }

    public void setSignKey(String str) {
        this.signKey = str;
    }

    public static KeyStore readKeyStoreFromPath(String str, char[] cArr) throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        try {
            InputStream readInputStreamFromPath = GMSSLX509Utils.readInputStreamFromPath(str);
            KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
            keyStore.load(readInputStreamFromPath, cArr);
            return keyStore;
        } catch (Exception e) {
            System.out.println(false);
            if (0 != 0) {
                return null;
            }
            InputStream readInputStreamFromPath2 = GMSSLX509Utils.readInputStreamFromPath(str);
            KeyStore keyStore2 = KeyStore.getInstance("BKS", "BC");
            keyStore2.load(readInputStreamFromPath2, cArr);
            return keyStore2;
        }
    }

    public void initInstance() {
        if ("YUNHSM".equalsIgnoreCase(this.cryptoType)) {
            if (this.privateKeyPassword == null) {
                try {
                    GMSSLPkiCryptoInit.getSancHsmInstance();
                } catch (Exception e) {
                    this.logger.error("获取Sanc hsm instance异常");
                }
            } else {
                GMSSLPkiCryptoInit.getXdjaYunHsmInstance();
            }
        }
        if ("PCIE".equalsIgnoreCase(this.cryptoType)) {
            GMSSLPkiCryptoInit.getPcieInstance();
        }
        if ("BC".equalsIgnoreCase(this.cryptoType)) {
            GMSSLPkiCryptoInit.getBCInstance();
        }
    }
}
