package com.xdja.pki.ra.service.manager.customer;

import com.xdja.ca.constant.SdkConstants;
import com.xdja.ca.utils.DnUtil;
import com.xdja.ca.vo.UserCertInfo;
import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import com.xdja.pki.ra.core.asn1.RsaObjectIdentifiers;
import com.xdja.pki.ra.core.common.CommonVariable;
import com.xdja.pki.ra.core.common.OperatorCertCache;
import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.constant.Constants;
import com.xdja.pki.ra.core.constant.PathConstants;
import com.xdja.pki.ra.core.exception.DAOException;
import com.xdja.pki.ra.core.exception.ServiceException;
import com.xdja.pki.ra.core.util.cert.CertDnVerifyUtils;
import com.xdja.pki.ra.core.util.cert.CertUtils;
import com.xdja.pki.ra.core.util.cert.KeyStoreUtils;
import com.xdja.pki.ra.core.util.cert.KeyUtils;
import com.xdja.pki.ra.core.util.cert.RandomUtils;
import com.xdja.pki.ra.core.util.json.JsonUtils;
import com.xdja.pki.ra.manager.dao.CaCertDao;
import com.xdja.pki.ra.manager.dao.CertTempDao;
import com.xdja.pki.ra.manager.dao.CustomerCertDao;
import com.xdja.pki.ra.manager.dao.CustomerDao;
import com.xdja.pki.ra.manager.dao.CustomerTempDao;
import com.xdja.pki.ra.manager.dao.RaCertDao;
import com.xdja.pki.ra.manager.dao.model.CaCertDO;
import com.xdja.pki.ra.manager.dao.model.CertTempDO;
import com.xdja.pki.ra.manager.dao.model.CustomerSysCertDO;
import com.xdja.pki.ra.manager.dao.model.CustomerSysDO;
import com.xdja.pki.ra.manager.dao.model.CustomerSysTempDO;
import com.xdja.pki.ra.manager.dao.model.RaCertDO;
import com.xdja.pki.ra.manager.dto.CustomerCertDTO;
import com.xdja.pki.ra.manager.page.PageInfo;
import com.xdja.pki.ra.manager.sdk.business.CaBusinessManager;
import com.xdja.pki.ra.manager.sdk.cmp.CertLifeCycleManager;
import com.xdja.pki.ra.service.manager.customer.bean.CustomerCertIssueApplyVO;
import com.xdja.pki.ra.service.manager.customer.bean.CustomerSysCertVO;
import com.xdja.pki.ra.service.manager.customer.bean.CustomerSysResp;
import com.xdja.pki.ra.service.manager.customer.bean.CustomerSysVO;
import com.xdja.pki.ra.service.manager.customer.bean.CustomerTemplateRepVO;
import com.xdja.pki.ra.service.manager.customer.bean.CustomerTemplateSaveVO;
import com.xdja.pki.ra.service.manager.organuser.bean.OrganParamsCheck;
import com.xdja.pki.ra.service.manager.system.CaService;
import com.xdja.pki.ra.service.manager.system.RaServer;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.sql.Timestamp;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.DataAccessException;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;

@Service
/* loaded from: input_file:com/xdja/pki/ra/service/manager/customer/CustomerSysServiceImpl.class */
public class CustomerSysServiceImpl implements CustomerSysService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private CustomerDao customerDao;

    @Autowired
    private CustomerCertDao customerCertDao;

    @Autowired
    private CertTempDao certTempDao;

    @Autowired
    private CustomerTempDao customerTempDao;

    @Autowired
    private RaServer raServer;

    @Autowired
    private CaService caService;

    @Autowired
    private CaCertDao caCertDao;

    @Autowired
    RaCertDao raCertDao;

    @Autowired
    private CertLifeCycleManager certLifeCycleManager;

    @Autowired
    private CaBusinessManager caBusinessManager;

    public Result registerCustomerInfo(CustomerSysVO customerSysVO) {
        Result result = new Result();
        if (this.customerDao.getSystemIdentifier(customerSysVO.getCustomerSysNumber()) >= 1) {
            result.setError(ErrorEnum.SYS_ID_HAS_EXISTED);
            return result;
        }
        if (!StringUtils.isAnyBlank(new CharSequence[]{customerSysVO.getCustomerSysContact()}) && !OrganParamsCheck.isCheck("^(13|14|15|16|17|18|19)[0-9]{9}$", customerSysVO.getCustomerSysContact())) {
            this.logger.info("联系电话格式错误");
            return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
        }
        CustomerSysDO customerSysDO = new CustomerSysDO();
        BeanUtils.copyProperties(customerSysVO, customerSysDO);
        Date date = new Date(System.currentTimeMillis());
        customerSysDO.setGmtCreate(date);
        customerSysDO.setGmtUpdate(date);
        this.customerDao.insertSystemInfo(customerSysDO);
        return Result.success();
    }

    public Result getCustomerInfo(Integer num) {
        Result result = new Result();
        result.setInfo(this.customerDao.getSystemInfo(num));
        return result;
    }

    public Result updateCustomerInfo(Integer num, CustomerSysVO customerSysVO) {
        Result result = new Result();
        if (!this.customerDao.getSystemInfo(num).getCustomerSysNumber().equals(customerSysVO.getCustomerSysNumber())) {
            return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
        }
        if (!StringUtils.isAnyBlank(new CharSequence[]{customerSysVO.getCustomerSysContact()}) && !OrganParamsCheck.isCheck("^(13|14|15|16|17|18|19)[0-9]{9}$", customerSysVO.getCustomerSysContact())) {
            this.logger.info("联系电话格式错误");
            return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
        }
        CustomerSysDO systemInfo = this.customerDao.getSystemInfo(num);
        BeanUtils.copyProperties(customerSysVO, systemInfo);
        systemInfo.setGmtUpdate(new Date(System.currentTimeMillis()));
        if (this.customerDao.updateSystemInfo(systemInfo) != 0) {
            return Result.success();
        }
        result.setError(ErrorEnum.SYS_UPDATE_IS_ERROR);
        return result;
    }

    public Result getCustomerInfoList(String str, String str2, int i, int i2) {
        CustomerSysResp customerSysResp = new CustomerSysResp();
        Result result = new Result();
        PageInfo systemInfoList = this.customerDao.getSystemInfoList(str, str2, Integer.valueOf(i), Integer.valueOf(i2));
        ArrayList arrayList = new ArrayList();
        List<CustomerSysDO> list = systemInfoList.getList();
        if (CollectionUtils.isEmpty(list)) {
            customerSysResp.setRecordCount(0);
            customerSysResp.setPageCount(0);
            customerSysResp.setDatas(arrayList);
            result.setInfo(customerSysResp);
            return result;
        }
        for (CustomerSysDO customerSysDO : list) {
            CustomerSysVO customerSysVO = new CustomerSysVO();
            BeanUtils.copyProperties(customerSysDO, customerSysVO);
            Date gmtCreate = customerSysDO.getGmtCreate();
            customerSysVO.setId(Integer.valueOf((int) customerSysDO.getId()));
            customerSysVO.setGmtCreate(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(gmtCreate));
            arrayList.add(customerSysVO);
        }
        customerSysResp.setDatas(arrayList);
        customerSysResp.setPageCount(systemInfoList.getPageCount());
        customerSysResp.setRecordCount(systemInfoList.getRecordCount());
        result.setInfo(customerSysResp);
        return result;
    }

    public Result getCustomerCertInfoList(String str, String str2, String str3, String str4, int i, int i2) {
        CustomerSysResp customerSysResp = new CustomerSysResp();
        Result result = new Result();
        PageInfo systemCertInfoList = this.customerCertDao.getSystemCertInfoList(str, str2, str3, str4, Integer.valueOf(i), Integer.valueOf(i2));
        ArrayList arrayList = new ArrayList();
        List<CustomerCertDTO> list = systemCertInfoList.getList();
        if (CollectionUtils.isEmpty(list)) {
            customerSysResp.setRecordCount(0);
            customerSysResp.setPageCount(0);
            customerSysResp.setDatas(arrayList);
            result.setInfo(customerSysResp);
            return result;
        }
        for (CustomerCertDTO customerCertDTO : list) {
            CustomerSysCertVO customerSysCertVO = new CustomerSysCertVO();
            BeanUtils.copyProperties(customerCertDTO, customerSysCertVO);
            long currentTimeMillis = System.currentTimeMillis();
            long time = customerCertDTO.getFailureTime().getTime();
            if (time < currentTimeMillis) {
                customerSysCertVO.setCertStatus(Integer.valueOf(Constants.CERT_STATUS_EXPIRED_2));
            }
            Calendar calendar = Calendar.getInstance();
            long timeInMillis = calendar.getTimeInMillis();
            calendar.add(2, 1);
            if (time <= timeInMillis || calendar.getTimeInMillis() <= time) {
                customerSysCertVO.setOutStatus(false);
            } else {
                customerSysCertVO.setOutStatus(true);
            }
            customerSysCertVO.setEffectiveTime(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(customerCertDTO.getEffectiveTime()));
            customerSysCertVO.setFailureTime(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(customerCertDTO.getFailureTime()));
            arrayList.add(customerSysCertVO);
        }
        customerSysResp.setDatas(arrayList);
        customerSysResp.setPageCount(systemCertInfoList.getPageCount());
        customerSysResp.setRecordCount(systemCertInfoList.getRecordCount());
        result.setInfo(customerSysResp);
        return result;
    }

    public Result getCustomerTemplateById(Long l) {
        ArrayList arrayList = new ArrayList();
        try {
            List<CertTempDO> allNewCertTemplateList = this.certTempDao.getAllNewCertTemplateList();
            List customerTempInfoById = this.customerTempDao.getCustomerTempInfoById(l);
            if (null != allNewCertTemplateList && !allNewCertTemplateList.isEmpty()) {
                for (CertTempDO certTempDO : allNewCertTemplateList) {
                    CustomerTemplateRepVO customerTemplateRepVO = new CustomerTemplateRepVO();
                    customerTemplateRepVO.setId(certTempDO.getId());
                    customerTemplateRepVO.setTempNo(certTempDO.getTempNo());
                    customerTemplateRepVO.setName(certTempDO.getTempName());
                    customerTemplateRepVO.setStatus(certTempDO.getTempStatus());
                    boolean z = certTempDO.getTempStatus().intValue() != Constants.TEMP_STATUS_STOP_3;
                    if (null != customerTempInfoById && !customerTempInfoById.isEmpty()) {
                        Iterator it = customerTempInfoById.iterator();
                        while (it.hasNext()) {
                            if (((CustomerSysTempDO) it.next()).getTempNo().equals(certTempDO.getTempNo())) {
                                customerTemplateRepVO.setBound(true);
                                z = true;
                            }
                        }
                    }
                    if (z) {
                        arrayList.add(customerTemplateRepVO);
                    }
                }
            }
            return Result.success(arrayList);
        } catch (DAOException e) {
            throw new ServiceException("查询第三方授权模板信息异常", e);
        }
    }

    public Result saveCustomerTemplates(CustomerTemplateSaveVO customerTemplateSaveVO) {
        long longValue = customerTemplateSaveVO.getCustomsysId().longValue();
        String templateNos = customerTemplateSaveVO.getTemplateNos();
        String[] strArr = null;
        String str = "";
        try {
            if (!StringUtils.isEmpty(templateNos)) {
                strArr = templateNos.split("#");
                if (strArr.length > 0) {
                    str = Arrays.toString(strArr);
                    List allNewCertTemplateList = this.certTempDao.getAllNewCertTemplateList();
                    for (String str2 : strArr) {
                        boolean z = false;
                        if (null != allNewCertTemplateList && !allNewCertTemplateList.isEmpty()) {
                            Iterator it = allNewCertTemplateList.iterator();
                            while (true) {
                                if (!it.hasNext()) {
                                    break;
                                }
                                if (str2.equals(((CertTempDO) it.next()).getTempNo())) {
                                    z = true;
                                    break;
                                }
                            }
                            if (!z) {
                                return Result.failure(ErrorEnum.TEMPLATEID_NOT_EXIST);
                            }
                        }
                    }
                }
            }
            Iterator it2 = this.customerTempDao.getCustomerTemplateByStatus(Long.valueOf(longValue), Constants.TEMP_STATUS_STOP_3).iterator();
            while (it2.hasNext()) {
                if (!str.contains(((CustomerSysTempDO) it2.next()).getTempNo())) {
                    return Result.failure(ErrorEnum.TEMPLATE_STOPED_CANNOT_CANCEL);
                }
            }
            this.customerTempDao.resetCustomerTemplate(Long.valueOf(longValue));
            if (null != strArr && strArr.length > 0) {
                CustomerSysTempDO customerSysTempDO = new CustomerSysTempDO();
                customerSysTempDO.setCustomerSysId(Long.valueOf(longValue));
                Arrays.asList(strArr).forEach(str3 -> {
                    customerSysTempDO.setTempNo(str3);
                    customerSysTempDO.setGmtCreate(new Date(System.currentTimeMillis()));
                    this.customerTempDao.saveCustomerTemplate(customerSysTempDO);
                });
            }
            return Result.success();
        } catch (DAOException e) {
            throw new ServiceException("保存第三方授权模板服务失败，", e);
        }
    }

    public Result issCustomerCertByKeyStore(CustomerCertIssueApplyVO customerCertIssueApplyVO) {
        String str;
        int intValue;
        Result result = new Result();
        String rAServiceDnName = this.raServer.getRAServiceDnName();
        if (StringUtils.isBlank(rAServiceDnName)) {
            result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        String cAServiceDnName = this.caService.getCAServiceDnName();
        if (StringUtils.isBlank(cAServiceDnName)) {
            result.setError(ErrorEnum.GET_CA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        int intValue2 = customerCertIssueApplyVO.getCertValidity().intValue();
        String signAlg = customerCertIssueApplyVO.getSignAlg();
        String tempNo = customerCertIssueApplyVO.getTempNo();
        String tempParas = StringUtils.isNotBlank(customerCertIssueApplyVO.getTempParas()) ? customerCertIssueApplyVO.getTempParas() : null;
        String certDn = customerCertIssueApplyVO.getCertDn();
        if (Constants.SIGN_ALG_NAME_SM3_WHIT_SM2.equalsIgnoreCase(signAlg)) {
            str = Constants.KEY_ALG_NAME_SM2;
            intValue = 256;
        } else if (Constants.SIGN_ALG_NAME_SHA256_WHIT_ECDSA.equalsIgnoreCase(signAlg)) {
            str = Constants.KEY_ALG_NAME_NIST;
            intValue = 256;
        } else {
            str = Constants.KEY_ALG_NAME_RSA;
            intValue = customerCertIssueApplyVO.getPrivateKeyLength().intValue();
        }
        this.logger.info("密钥算法：" + str + " 密钥长度：" + intValue);
        String uuid = RandomUtils.getUUID();
        try {
            KeyPair genKeyPair = KeyUtils.genKeyPair(str, intValue);
            Result issueUserCert = this.certLifeCycleManager.issueUserCert((String) null, (String) null, genKeyPair.getPublic().getEncoded(), rAServiceDnName, cAServiceDnName, uuid, tempNo, tempParas, signAlg, intValue2, certDn, (Integer) null);
            if (!issueUserCert.isSuccess()) {
                this.logger.info("签发第三方系统证书失败:【code:" + issueUserCert.getErrorBean().getErrCode() + ";desc:" + issueUserCert.getErrorBean().getErrMsg() + "】");
                throw new ServiceException("签发第三方系统证书失败" + JsonUtils.object2Json(customerCertIssueApplyVO));
            }
            UserCertInfo userCertInfo = (UserCertInfo) issueUserCert.getInfo();
            Result insertCustomerCertInfo = insertCustomerCertInfo(customerCertIssueApplyVO, userCertInfo);
            if (!insertCustomerCertInfo.isSuccess()) {
                this.logger.info("将用户证书插入数据库失败");
                result.setError(insertCustomerCertInfo.getError());
                return result;
            }
            CertTempDO certTempInfoByTempNo = this.certTempDao.getCertTempInfoByTempNo(tempNo);
            PrivateKey privateKey = null;
            if (SdkConstants.CERT_TYPE_SINGLE_1 != certTempInfoByTempNo.getCertPatterm().intValue()) {
                try {
                    this.logger.info("签名私钥：" + Base64.toBase64String(genKeyPair.getPrivate().getEncoded()) + " 私钥信封：" + userCertInfo.getEncPriKey());
                    String dataFromSignedAndEnvelopedDataByBc = CertUtils.getDataFromSignedAndEnvelopedDataByBc(genKeyPair.getPrivate().getEncoded(), userCertInfo.getEncPriKey().getBytes(), CommonVariable.getKeyAlgName());
                    this.logger.info("加密私钥：" + dataFromSignedAndEnvelopedDataByBc);
                    byte[] decode = Base64.decode(dataFromSignedAndEnvelopedDataByBc);
                    if (CommonVariable.getKeyAlgName().equalsIgnoreCase(Constants.KEY_ALG_NAME_SM2)) {
                        byte[] bArr = new byte[32];
                        System.arraycopy(decode, 32, bArr, 0, 32);
                        privateKey = GMSSLX509Utils.convertSM2PrivateKey(bArr);
                    } else if (CommonVariable.getKeyAlgName().equalsIgnoreCase(Constants.KEY_ALG_NAME_RSA)) {
                        privateKey = KeyFactory.getInstance(RsaObjectIdentifiers.rsaAlg.getId(), (Provider) new BouncyCastleProvider()).generatePrivate(new PKCS8EncodedKeySpec(decode));
                    } else {
                        byte[] bArr2 = new byte[32];
                        System.arraycopy(decode, 32, bArr2, 0, 32);
                        privateKey = GMSSLX509Utils.convertPrivateKeyEncode(bArr2);
                    }
                } catch (Exception e) {
                    this.logger.error("从P7b格式中获取加密私钥失败", e);
                    result.setError(ErrorEnum.GET_ENC_PUBLIC_KEY_FROM_P7B_FAIL);
                    return result;
                }
            }
            try {
                List<X509Certificate> trustCaCerts = CommonVariable.getTrustCaCerts();
                for (X509Certificate x509Certificate : trustCaCerts) {
                    this.logger.info("trustCaCert====issuer:" + x509Certificate.getIssuerX500Principal().getName() + " subjcet:" + x509Certificate.getSubjectX500Principal().getName());
                }
                X509Certificate[] x509CertificateArr = new X509Certificate[trustCaCerts.size()];
                trustCaCerts.toArray(x509CertificateArr);
                for (X509Certificate x509Certificate2 : x509CertificateArr) {
                    this.logger.info("caCert====issuer:" + x509Certificate2.getIssuerX500Principal().getName() + " subjcet:" + x509Certificate2.getSubjectX500Principal().getName());
                }
                X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length + 1];
                X509Certificate certFromStr = CertUtils.getCertFromStr(userCertInfo.getSignCert());
                x509CertificateArr2[0] = CertUtils.getCertFromStr(userCertInfo.getSignCert());
                for (int i = 1; i < x509CertificateArr2.length; i++) {
                    x509CertificateArr2[i] = x509CertificateArr[i - 1];
                }
                for (X509Certificate x509Certificate3 : x509CertificateArr2) {
                    this.logger.info("signCert====issuer:" + x509Certificate3.getIssuerX500Principal().getName() + " subjcet:" + x509Certificate3.getSubjectX500Principal().getName());
                }
                X509Certificate[] x509CertificateArr3 = null;
                if (SdkConstants.CERT_TYPE_SINGLE_1 != certTempInfoByTempNo.getCertPatterm().intValue()) {
                    x509CertificateArr3 = new X509Certificate[x509CertificateArr.length + 1];
                    x509CertificateArr3[0] = CertUtils.getCertFromStr(userCertInfo.getEncCert());
                    for (int i2 = 1; i2 < x509CertificateArr3.length; i2++) {
                        x509CertificateArr3[i2] = x509CertificateArr[i2 - 1];
                    }
                }
                KeyStoreUtils.generateDoubleCertByKeyStore(x509CertificateArr2, x509CertificateArr3, genKeyPair.getPrivate(), privateKey, Constants.PFX_PRIVATE_KEY_STORE_TYPE_1, certFromStr.getSerialNumber().toString(16), PathConstants.USER_CERT_KEYSTORE_FILE_PATH);
                HashMap hashMap = new HashMap();
                hashMap.put("transId", uuid);
                hashMap.put("customerSystemFlag", customerCertIssueApplyVO.getCustomerSysNumber());
                hashMap.put("certSn", certFromStr.getSerialNumber().toString(16));
                result.setInfo(hashMap);
                return result;
            } catch (Exception e2) {
                this.logger.error("生成用户keyStore类型证书失败", e2);
                result.setError(ErrorEnum.GEN_USER_CERT_KEY_STORE_FILE_FAIL);
                return result;
            }
        } catch (Exception e3) {
            this.logger.info("生成用户签名公私钥失败");
            result.setError(ErrorEnum.GEN_USER_CERT_SIGN_KEY_FAIL);
            return result;
        }
    }

    public Result getSysCertBySysNumber(String str, String str2) {
        Result result = new Result();
        try {
            CustomerSysCertDO sysCertBySysNumber = this.customerDao.getSysCertBySysNumber(str, str2);
            if (sysCertBySysNumber.getCertStatus().intValue() == Constants.CERT_STATUS_NORMAL_1) {
                result.setInfo(CertUtils.getCertFromStr(sysCertBySysNumber.getCertInfo()).getPublicKey());
                return result;
            }
            this.logger.info("系统证书状态不正常");
            result.setError(ErrorEnum.CUSTOMER_SYS_CERT_IS_NOT_NORMAL);
            return result;
        } catch (Exception e) {
            this.logger.info("获取证书信息异常", e);
            result.setError(ErrorEnum.GET_CERT_INFO_BY_SYSNUMBER_ERROR);
            return result;
        } catch (DataAccessException e2) {
            this.logger.info("查询证书信息结果不为1", e2 + "certSn : " + str2);
            result.setError(ErrorEnum.GET_CERT_INFO_BY_SYSNUMBER_IS_EMPTY);
            return result;
        }
    }

    public Result genCertConfirm(String str, String str2) {
        Result result = new Result();
        String rAServiceDnName = getRAServiceDnName();
        if (StringUtils.isBlank(rAServiceDnName)) {
            result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        String cAServiceDnName = getCAServiceDnName();
        if (StringUtils.isBlank(cAServiceDnName)) {
            result.setError(ErrorEnum.GET_CA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        Result issueCertResp = this.certLifeCycleManager.issueCertResp(rAServiceDnName, cAServiceDnName, Constants.APPLY_USER_TYPE_NORMAL_USER_1, str);
        if (!issueCertResp.isSuccess()) {
            this.logger.info("签发第三方系统证书响应");
            result.setErrorBean(issueCertResp.getErrorBean());
            return result;
        }
        try {
            this.customerCertDao.updateCustomerCertStatus(Constants.CERT_STATUS_NORMAL_1, str2);
            return result;
        } catch (Exception e) {
            this.logger.error("更新第三方系统证书状态异常{}", e);
            result.setError(ErrorEnum.UPDATE_USER_CERT_STATUS_EXCEPTION);
            return result;
        }
    }

    public Result genErrorMsgContent(String str, int i, String str2) {
        Result result = new Result();
        String rAServiceDnName = getRAServiceDnName();
        if (StringUtils.isBlank(rAServiceDnName)) {
            result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        String cAServiceDnName = getCAServiceDnName();
        if (StringUtils.isBlank(cAServiceDnName)) {
            result.setError(ErrorEnum.GET_CA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        OperatorCertCache.getMap().remove(str);
        Result sendErrorCMPMessage = this.certLifeCycleManager.sendErrorCMPMessage(rAServiceDnName, cAServiceDnName, Constants.APPLY_USER_TYPE_ADMIN_2, str, i, str2);
        if (sendErrorCMPMessage.isSuccess()) {
            return result;
        }
        this.logger.info("错误确认消息出错：" + JsonUtils.object2Json(sendErrorCMPMessage));
        result.setErrorBean(sendErrorCMPMessage.getErrorBean());
        return result;
    }

    public Result revokeCustomerCert(String str, String str2, int i, String str3) {
        Result result = new Result();
        String rAServiceDnName = getRAServiceDnName();
        if (StringUtils.isBlank(rAServiceDnName)) {
            result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        String cAServiceDnName = getCAServiceDnName();
        if (StringUtils.isBlank(cAServiceDnName)) {
            result.setError(ErrorEnum.GET_CA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        Result revokeUserCert = this.certLifeCycleManager.revokeUserCert((String) null, rAServiceDnName, cAServiceDnName, str, str2, i, str3);
        if (!revokeUserCert.isSuccess()) {
            this.logger.info("CA返回撤销证书错误消息 ==== " + JsonUtils.object2Json(revokeUserCert));
            result.setErrorBean(revokeUserCert.getErrorBean());
            return result;
        }
        try {
            this.customerCertDao.updateCustomerCertStatus(Constants.CERT_STATUS_REVOKED_3, str);
            return result;
        } catch (Exception e) {
            this.logger.error("修改第三方系统证书状态异常{}", e);
            result.setError(ErrorEnum.UPDATE_OPERATOR_CERT_STATUS_EXCEPTION);
            return result;
        }
    }

    public Result getCertMaxValidity(String str) {
        Result result = new Result();
        CertTempDO certTempInfoByTempNo = this.certTempDao.getCertTempInfoByTempNo(str);
        if (certTempInfoByTempNo == null) {
            result.setError(ErrorEnum.GET_CERT_TEMP_INFO_IS_EMPTY);
            return result;
        }
        int intValue = certTempInfoByTempNo.getMaxValidity().intValue();
        CaCertDO newCaCertInfo = this.caCertDao.getNewCaCertInfo();
        if (newCaCertInfo == null) {
            result.setError(ErrorEnum.GET_CA_CERT_INFO_IS_EMPTY);
            return result;
        }
        int time = (int) ((newCaCertInfo.getFailureTime().getTime() - System.currentTimeMillis()) / 86400000);
        this.logger.info("用户模板:" + str + " CA最大有效期:" + time + " 模板最大有效期:" + intValue);
        int i = intValue < time ? intValue : time;
        HashMap hashMap = new HashMap();
        hashMap.put("maxValidity", Integer.valueOf(i));
        result.setInfo(hashMap);
        return result;
    }

    public Result getCustomerTemplateSelectList(Long l) {
        Result result = new Result();
        try {
            result.setInfo(this.customerTempDao.getCustomerTemplateSelectList(l));
            return result;
        } catch (DAOException e) {
            throw new ServiceException("查询第三方系统模板下拉选择列表异常", e);
        }
    }

    public Result verifyClientCertDn(String str, String str2) {
        Result result = new Result();
        try {
            String x500Name = DnUtil.getRFC4519X500Name(str2).toString();
            this.logger.info("格式化之后的操作员证书DN：" + x500Name);
            Result checkCertDnCnValue = checkCertDnCnValue(x500Name);
            if (!checkCertDnCnValue.isSuccess()) {
                this.logger.info("证书的DN的特殊符号校验有误");
                result.setError(checkCertDnCnValue.getError());
                return result;
            }
            Result check64 = CertDnVerifyUtils.check64(x500Name);
            if (!check64.isSuccess()) {
                this.logger.info("证书的DN关键字的值校验有误" + x500Name);
                result.setError(check64.getError());
                return result;
            }
            Result checkBlankSpace = CertDnVerifyUtils.checkBlankSpace(x500Name);
            if (!checkBlankSpace.isSuccess()) {
                this.logger.info("证书的DN关键字与值中有空格" + x500Name);
                result.setError(checkBlankSpace.getError());
                return result;
            }
            Result checkDnKeyword = CertDnVerifyUtils.checkDnKeyword(x500Name);
            if (!checkDnKeyword.isSuccess()) {
                this.logger.info("申请DN中有系统不支持的关键字" + x500Name);
                result.setError(checkDnKeyword.getError());
                return result;
            }
            if (CollectionUtils.isEmpty(this.customerCertDao.queryClientCertByCertDn(str, str2))) {
                return result;
            }
            this.logger.info("有多个的证书的DN信息同【" + str2 + "】一致");
            result.setError(ErrorEnum.CLIENT_CERT_DN_HAVE_SAME_IN_CREATED);
            return result;
        } catch (Exception e) {
            this.logger.info("certDn不正确{}", e.getMessage());
            result.setError(ErrorEnum.CERT_APPLY_DN_IS_ERROR);
            return result;
        }
    }

    public Result verifyCustomerSysName(Boolean bool, Integer num, String str) {
        Result result = new Result();
        if (this.customerDao.getSystemIdentifier(bool, num, str) < 1) {
            return result;
        }
        result.setError(ErrorEnum.SYS_NAME_HAS_EXISTED);
        return result;
    }

    public Result verifyCustomerSysNumber(String str) {
        Result result = new Result();
        if (this.customerDao.getSystemIdentifier(str) < 1) {
            return result;
        }
        result.setError(ErrorEnum.SYS_ID_HAS_EXISTED);
        return result;
    }

    private Result checkCertDnCnValue(String str) {
        Result result = new Result();
        Result raBaseDN = this.caBusinessManager.getRaBaseDN();
        if (!raBaseDN.isSuccess()) {
            return raBaseDN;
        }
        String str2 = (String) raBaseDN.getInfo();
        if (str.length() <= 3 || str.length() <= 3 + str2.length()) {
            result.setError(ErrorEnum.OPERATOR_CERT_DN_LENGTH_IS_ERROR);
            return result;
        }
        String substring = str.substring(3, (str.length() - str2.length()) - 1);
        this.logger.info("第三方系统的DN值为 ========== " + substring);
        if (substring.contains(",") || substring.contains("=")) {
            this.logger.info("第三方系统的DN中含有特殊符号");
            result.setError(ErrorEnum.OPERATOR_CERT_DN_VALUE_HAVE_ERROR_SYMBOL);
            return result;
        }
        if (!Pattern.compile("，").matcher(substring).find()) {
            return result;
        }
        this.logger.info("证书主体中包含中文逗号>>>certDn:" + str);
        result.setError(ErrorEnum.CERT_DN_HAVE_CHINESE_COMMA);
        return result;
    }

    private String getRAServiceDnName() {
        try {
            RaCertDO newRaCertInfo = this.raCertDao.getNewRaCertInfo();
            if (newRaCertInfo == null) {
                return null;
            }
            return CertUtils.getCertFromStr(newRaCertInfo.getCertInfo()).getSubjectX500Principal().getName();
        } catch (Exception e) {
            this.logger.error("获取RA服务器证书异常{}", e);
            return null;
        }
    }

    private String getCAServiceDnName() {
        try {
            CaCertDO newCaCertInfo = this.caCertDao.getNewCaCertInfo();
            if (newCaCertInfo == null) {
                return null;
            }
            return CertUtils.getCertFromStr(newCaCertInfo.getCertInfo()).getSubjectX500Principal().getName();
        } catch (Exception e) {
            this.logger.error("获取CA服务器证书异常{}", e);
            return null;
        }
    }

    private Result insertCustomerCertInfo(CustomerCertIssueApplyVO customerCertIssueApplyVO, UserCertInfo userCertInfo) {
        Result result = new Result();
        String signCert = userCertInfo.getSignCert();
        if (StringUtils.isBlank(signCert)) {
            this.logger.info("CA返回的用户证书信息中，签名证书为空");
            result.setError(ErrorEnum.CA_RESPONSE_USER_SIGN_CERT_INFO_IS_EMPTY);
            return result;
        }
        long time = new Date().getTime();
        CustomerSysCertDO customerSysCertDO = new CustomerSysCertDO();
        handleCustomerSysCertDO(time, customerCertIssueApplyVO, customerSysCertDO);
        if (StringUtils.isBlank(userCertInfo.getEncCert())) {
            customerSysCertDO.setCertType(Integer.valueOf(Constants.CERT_TYPE_SINGLE_1));
        } else {
            customerSysCertDO.setCertType(Integer.valueOf(Constants.CERT_TYPE_SIGN_2));
        }
        CaCertDO newCaCertInfo = this.caCertDao.getNewCaCertInfo();
        if (newCaCertInfo == null) {
            this.logger.info("获取CA证书信息为空");
            result.setError(ErrorEnum.GET_CA_CERT_INFO_IS_EMPTY);
            return result;
        }
        customerSysCertDO.setCaCertId(newCaCertInfo.getId());
        X509Certificate certFromStr = CertUtils.getCertFromStr(signCert);
        if (certFromStr == null) {
            this.logger.info("CA返回的用户证书信息中，签名证书错误");
            result.setError(ErrorEnum.CA_RESPONSE_USER_SIGN_CERT_ERROR);
            return result;
        }
        customerSysCertDO.setCertInfo(signCert);
        customerSysCertDO.setCertSn(certFromStr.getSerialNumber().toString(16).toLowerCase());
        customerSysCertDO.setCertDn(certFromStr.getSubjectX500Principal().getName());
        Date notBefore = certFromStr.getNotBefore();
        Date notAfter = certFromStr.getNotAfter();
        customerSysCertDO.setEffectiveTime(new Timestamp(notBefore.getTime()));
        customerSysCertDO.setFailureTime(new Timestamp(notAfter.getTime()));
        int time2 = (int) ((notAfter.getTime() - notBefore.getTime()) / 86400000);
        customerSysCertDO.setCertValidity(Integer.valueOf(time2));
        int time3 = (int) ((newCaCertInfo.getFailureTime().getTime() - notBefore.getTime()) / 86400000);
        customerSysCertDO.setEncKeyValidity(Integer.valueOf(time3));
        Date date = new Date();
        customerSysCertDO.setGmtCreate(new Timestamp(date.getTime()));
        customerSysCertDO.setGmtUpdate(new Timestamp(date.getTime()));
        CustomerSysCertDO insertCustomerCertInfo = this.customerCertDao.insertCustomerCertInfo(customerSysCertDO);
        String encCert = userCertInfo.getEncCert();
        if (StringUtils.isNotBlank(encCert)) {
            CustomerSysCertDO customerSysCertDO2 = new CustomerSysCertDO();
            handleCustomerSysCertDO(time, customerCertIssueApplyVO, customerSysCertDO2);
            customerSysCertDO2.setCertType(Integer.valueOf(Constants.CERT_TYPE_ENC_3));
            customerSysCertDO2.setCertStatus(Integer.valueOf(Constants.CERT_STATUS_NO_CONFIRM_0));
            customerSysCertDO2.setCaCertId(newCaCertInfo.getId());
            customerSysCertDO2.setEffectiveTime(new Timestamp(notBefore.getTime()));
            customerSysCertDO2.setFailureTime(new Timestamp(notAfter.getTime()));
            customerSysCertDO2.setCertValidity(Integer.valueOf(time2));
            customerSysCertDO2.setEncKeyValidity(Integer.valueOf(time3));
            X509Certificate certFromStr2 = CertUtils.getCertFromStr(encCert);
            if (certFromStr2 == null) {
                this.logger.info("CA返回的用户证书信息中，加密证书错误");
                result.setError(ErrorEnum.CA_RESPONSE_USER_ENC_CERT_ERROR);
                return result;
            }
            customerSysCertDO2.setCertInfo(encCert);
            customerSysCertDO2.setGmtCreate(new Timestamp(date.getTime()));
            customerSysCertDO2.setGmtUpdate(new Timestamp(date.getTime()));
            customerSysCertDO2.setCertDn(certFromStr2.getSubjectX500Principal().getName());
            customerSysCertDO2.setCertSn(certFromStr2.getSerialNumber().toString(16).toLowerCase());
            customerSysCertDO2.setSignCertSn(insertCustomerCertInfo.getCertSn());
            try {
                this.customerCertDao.insertCustomerCertInfo(customerSysCertDO2);
            } catch (Exception e) {
                this.logger.info("插入第三方系统证书信息异常");
                this.customerCertDao.deleteCustomerCert(insertCustomerCertInfo.getId().longValue());
            }
        }
        return result;
    }

    private void handleCustomerSysCertDO(long j, CustomerCertIssueApplyVO customerCertIssueApplyVO, CustomerSysCertDO customerSysCertDO) {
        customerSysCertDO.setPairCertIndex(Long.valueOf(j));
        customerSysCertDO.setCertStatus(Integer.valueOf(Constants.CERT_STATUS_NO_CONFIRM_0));
        customerSysCertDO.setCustomerSysId(customerCertIssueApplyVO.getCustomerSysId());
        customerSysCertDO.setCustomerSysNumber(customerCertIssueApplyVO.getCustomerSysNumber());
        customerSysCertDO.setTempId(customerCertIssueApplyVO.getTempId());
        customerSysCertDO.setTempNo(customerCertIssueApplyVO.getTempNo());
        customerSysCertDO.setSignAlg(customerCertIssueApplyVO.getSignAlg());
        customerSysCertDO.setPrivateKeyLength(customerCertIssueApplyVO.getPrivateKeyLength());
    }
}
