package com.xdja.pki.ra.service.manager.auth;

import com.xdja.pki.ca.auth.service.AuditSignService;
import com.xdja.pki.ca.auth.service.bean.CertInfoDTO;
import com.xdja.pki.ra.core.asn1.DigestObjectIdentifiers;
import com.xdja.pki.ra.core.common.CommonVariable;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.commonenum.KeyAlgEnum;
import com.xdja.pki.ra.core.constant.Constants;
import com.xdja.pki.ra.core.exception.ServiceException;
import com.xdja.pki.ra.core.util.cert.CertUtils;
import com.xdja.pki.ra.core.util.cert.HsmUtils;
import com.xdja.pki.ra.manager.dao.AdminCertDao;
import com.xdja.pki.ra.manager.dao.model.AdminCertDO;
import com.xdja.pki.ra.manager.sdk.business.CaBusinessManager;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;

@Service
/* loaded from: input_file:com/xdja/pki/ra/service/manager/auth/AuditSignServiceImpl.class */
public class AuditSignServiceImpl implements AuditSignService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Value("${client.offset.time}")
    private int offsetTime;

    @Autowired
    AdminCertDao adminCertDao;

    @Autowired
    CaBusinessManager caBusinessManager;

    public int getOffsetTime() {
        return this.offsetTime;
    }

    public boolean verifySign(int i, int i2, PublicKey publicKey, byte[] bArr, byte[] bArr2) {
        boolean z = false;
        this.logger.info("keyAlg:" + i + " digestAlg:" + i2);
        try {
            z = Constants.HSM_SERVER_1 == CommonVariable.getIsHsm().intValue() ? HsmUtils.verifyByYunHsmWithAlgId(i2, i, publicKey, bArr, bArr2) : HsmUtils.verifyByBCWithAlgId(i2, i, publicKey, bArr, bArr2);
        } catch (Exception e) {
            this.logger.error(" =================== 加密机验签异常{}", e);
        }
        if (!z) {
            this.logger.info(" =================== 加密机验签失败");
        }
        this.logger.info("=========================== " + z);
        return z;
    }

    public int getSystemKeyAlg() {
        String keyAlgName = CommonVariable.getKeyAlgName();
        if (keyAlgName.equalsIgnoreCase(KeyAlgEnum.RSA.desc)) {
            return KeyAlgEnum.RSA.value;
        }
        if (keyAlgName.equalsIgnoreCase(KeyAlgEnum.SM2.desc)) {
            return KeyAlgEnum.SM2.value;
        }
        if (keyAlgName.equalsIgnoreCase(KeyAlgEnum.NISTP256.desc)) {
            return KeyAlgEnum.NISTP256.value;
        }
        return 0;
    }

    public CertInfoDTO getCertBySn(String str, int i) {
        this.logger.info("当前操作的管理员sn为:" + str);
        AdminCertDO adminCertInfo = this.adminCertDao.getAdminCertInfo(str, Constants.CERT_TYPE_SIGN_2);
        if (adminCertInfo != null) {
            CertInfoDTO certInfoDTO = new CertInfoDTO();
            certInfoDTO.setSn(adminCertInfo.getCertSn());
            certInfoDTO.setKeyAlg(adminCertInfo.getPublicKeyAlg().equalsIgnoreCase("RSA") ? 1 : 2);
            certInfoDTO.setSubject(adminCertInfo.getCertDn());
            certInfoDTO.setStatus(adminCertInfo.getCertStatus().intValue());
            certInfoDTO.setData(adminCertInfo.getCertInfo());
            certInfoDTO.setPublicKey(CertUtils.getCertFromStr(adminCertInfo.getCertInfo()).getPublicKey());
            return certInfoDTO;
        }
        this.logger.info("本地无该sn：{}对应的证书信息，先请求CA进行验证！", str);
        try {
            Map map = (Map) this.caBusinessManager.raAdminLoginAuthen(str).getInfo();
            if (CollectionUtils.isEmpty(map)) {
                return null;
            }
            String str2 = (String) map.get("signCertData");
            X509Certificate certFromStr = CertUtils.getCertFromStr(str2);
            int intValue = ((Integer) map.get("signCertStatus")).intValue();
            CertInfoDTO certInfoDTO2 = new CertInfoDTO();
            certInfoDTO2.setSn(certFromStr.getSerialNumber().toString(16));
            certInfoDTO2.setKeyAlg(certFromStr.getPublicKey().getAlgorithm().equalsIgnoreCase("RSA") ? 1 : 2);
            certInfoDTO2.setSubject(certFromStr.getSubjectX500Principal().getName());
            certInfoDTO2.setStatus(intValue);
            certInfoDTO2.setData(str2);
            certInfoDTO2.setPublicKey(certFromStr.getPublicKey());
            return certInfoDTO2;
        } catch (Exception e) {
            this.logger.error("待CA认证管理员接口异常{}", e);
            throw new ServiceException(e);
        }
    }

    public byte[] getDigest(byte[] bArr) {
        byte[] bArr2 = null;
        try {
            bArr2 = Constants.HSM_SERVER_1 == CommonVariable.getIsHsm().intValue() ? (Constants.SIGN_ALG_NAME_SHA256_WHIT_ECDSA.equalsIgnoreCase(CommonVariable.getSigAlgName()) || Constants.SIGN_ALG_NAME_SHA256_WHIT_RSA.equalsIgnoreCase(CommonVariable.getSigAlgName())) ? HsmUtils.digestByYunHsmWithOid(DigestObjectIdentifiers.id_sha256.getId(), bArr) : Constants.SIGN_ALG_NAME_SM3_WHIT_SM2.equalsIgnoreCase(CommonVariable.getSigAlgName()) ? HsmUtils.digestByYunHsmWithOid(DigestObjectIdentifiers.sm3.getId(), bArr) : HsmUtils.digestByYunHsmWithOid(DigestObjectIdentifiers.id_sha1.getId(), bArr) : (Constants.SIGN_ALG_NAME_SHA256_WHIT_ECDSA.equalsIgnoreCase(CommonVariable.getSigAlgName()) || Constants.SIGN_ALG_NAME_SHA256_WHIT_RSA.equalsIgnoreCase(CommonVariable.getSigAlgName())) ? HsmUtils.digestByBCWithOid(DigestObjectIdentifiers.id_sha256.getId(), bArr) : Constants.SIGN_ALG_NAME_SM3_WHIT_SM2.equalsIgnoreCase(CommonVariable.getSigAlgName()) ? HsmUtils.digestByBCWithOid(DigestObjectIdentifiers.sm3.getId(), bArr) : HsmUtils.digestByBCWithOid(DigestObjectIdentifiers.id_sha1.getId(), bArr);
        } catch (Exception e) {
            this.logger.error(" =================== 加密机获取摘要异常{}", e);
        }
        return bArr2;
    }

    public Object getIllegalParamError(HttpServletResponse httpServletResponse) {
        return ErrorEnum.ILLEGAL_REQUEST_PARAMETER.resp(httpServletResponse);
    }

    public Object getVerifyTimeError(HttpServletResponse httpServletResponse) {
        return ErrorEnum.CLIENT_TIME_AND_SERVER_DISACCORD.resp(httpServletResponse);
    }

    public Object getContentDisaccordError(HttpServletResponse httpServletResponse) {
        return ErrorEnum.REQUEST_BODY_AND_SIGN_BODY_DISACCORD.resp(httpServletResponse);
    }

    public Object getIllegalSignAlgError(HttpServletResponse httpServletResponse) {
        return ErrorEnum.NOT_SUPPORTED_SIGN_ALG.resp(httpServletResponse);
    }

    public Object getCertNotExistError(HttpServletResponse httpServletResponse) {
        return ErrorEnum.ADMIN_CERT_NOT_EXIST.resp(httpServletResponse);
    }

    public Object getCertStatusError(int i, HttpServletResponse httpServletResponse) {
        return ErrorEnum.ADMIN_CERT_STATUS_IS_NOT_NORMAL.resp(httpServletResponse);
    }

    public Object getVerifySignFailError(HttpServletResponse httpServletResponse) {
        return ErrorEnum.VERIFY_ADMIN_OPERATOR_SIGN_FAIL.resp(httpServletResponse);
    }

    public Object getServerInternalError(HttpServletResponse httpServletResponse) {
        return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
    }
}
