package com.xdja.pki.ra.service.manager.scep;

import com.alibaba.fastjson.TypeReference;
import com.xdja.ca.utils.SdkP10Utils;
import com.xdja.pki.ra.core.common.CommonVariable;
import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.util.cert.CertUtils;
import com.xdja.pki.ra.core.util.json.JsonUtils;
import com.xdja.pki.ra.manager.dao.BaseUserDao;
import com.xdja.pki.ra.manager.dao.CertApplyDao;
import com.xdja.pki.ra.manager.dao.CertTempDao;
import com.xdja.pki.ra.manager.dao.IssueApplyDao;
import com.xdja.pki.ra.manager.dao.RaCertDao;
import com.xdja.pki.ra.manager.dao.ScepDeviceDAO;
import com.xdja.pki.ra.manager.dao.UserCertDao;
import com.xdja.pki.ra.manager.dao.model.CertApplyDO;
import com.xdja.pki.ra.manager.dao.model.CertTempDO;
import com.xdja.pki.ra.manager.dao.model.ScepDeviceDO;
import com.xdja.pki.ra.manager.dto.IssueApplyDTO;
import com.xdja.pki.ra.manager.dto.RaServerCertDTO;
import com.xdja.pki.ra.manager.sdk.business.CaBusinessManager;
import com.xdja.pki.ra.service.manager.cache.RedisCacheManagerService;
import com.xdja.pki.ra.service.manager.certapply.CertApplyService;
import com.xdja.pki.ra.service.manager.certapply.IssueApplyService;
import com.xdja.pki.ra.service.manager.certapply.bean.ExtensionAttr;
import com.xdja.pki.ra.service.manager.system.SystemService;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/xdja/pki/ra/service/manager/scep/ScepCertServiceImpl.class */
public class ScepCertServiceImpl implements ScepCertService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private ScepDeviceDAO scepDeviceDAO;

    @Autowired
    private CertTempDao certTempDao;

    @Autowired
    private CertApplyService certApplyService;

    @Autowired
    private IssueApplyService issueApplyService;

    @Autowired
    CertApplyDao certApplyDao;

    @Autowired
    CaBusinessManager caBusinessManager;

    @Autowired
    RaCertDao raCertDao;

    @Autowired
    UserCertDao userCertDao;

    @Autowired
    BaseUserDao baseUserDao;

    @Autowired
    IssueApplyDao issueApplyDao;

    @Autowired
    private SystemService systemService;

    @Autowired
    RedisCacheManagerService redisCacheManagerService;
    private static final DERObjectIdentifier challengePasswordId = new DERObjectIdentifier("1.2.840.113549.1.9.7");
    private static final ASN1ObjectIdentifier extReq = new ASN1ObjectIdentifier("1.2.840.113549.1.9.14");

    public Result issueScepCert(PKCS10CertificationRequest pKCS10CertificationRequest, String str) throws Exception {
        String scepTempNo;
        Result verifyUserCertApplyDn;
        this.logger.info("scep注册证书 transactionId:{}", str);
        Result result = new Result();
        PublicKey publicKey = new JcaPEMKeyConverter().setProvider("BC").getPublicKey(pKCS10CertificationRequest.getSubjectPublicKeyInfo());
        String p10ToCertDn = SdkP10Utils.p10ToCertDn(Base64.toBase64String(pKCS10CertificationRequest.getEncoded()));
        String str2 = null;
        Attribute[] attributes = pKCS10CertificationRequest.getAttributes(challengePasswordId);
        if (attributes != null && attributes.length == 1) {
            str2 = new String(attributes[0].getAttributeValues()[0].getOctets());
        }
        this.logger.info("从P10中解析获取挑战值为:{}", str2);
        ScepDeviceDO scepDeviceDO = new ScepDeviceDO();
        if (StringUtils.isNotBlank(str2)) {
            scepDeviceDO = this.scepDeviceDAO.getScepByChallenge(str2);
            if (null == scepDeviceDO) {
                this.logger.info("不存在的挑战值！");
                return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
            }
        }
        String tempNo = scepDeviceDO.getTempNo();
        if (StringUtils.isNotBlank(tempNo)) {
            scepTempNo = tempNo;
        } else {
            scepTempNo = this.systemService.getConfigFile("config.json").getScepTempNo();
            if (StringUtils.isBlank(scepTempNo)) {
                this.logger.info("无可用的默认模板！");
                return Result.failure(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
            }
        }
        CertTempDO certTempInfoByTempNo = this.certTempDao.getCertTempInfoByTempNo(scepTempNo);
        if (certTempInfoByTempNo.getTempStatus().intValue() != 2 || certTempInfoByTempNo.getTempBound().intValue() != 1) {
            this.logger.info("本次使用的模板状态不可用:{}", JsonUtils.object2Json(certTempInfoByTempNo));
            result.setError(ErrorEnum.CERT_TEMP_STATUS_IS_NOT_NORMAL);
            return result;
        }
        if (!CertUtils.checkPublicKey(publicKey, certTempInfoByTempNo.getPublicKeyAlg(), certTempInfoByTempNo.getPrivateKeyLength()).booleanValue()) {
            result.setError(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
            return result;
        }
        List<ExtensionAttr> list = (List) JsonUtils.json2Object(certTempInfoByTempNo.getTempParas(), new TypeReference<List<ExtensionAttr>>() { // from class: com.xdja.pki.ra.service.manager.scep.ScepCertServiceImpl.1
        });
        Attribute[] attributes2 = pKCS10CertificationRequest.getAttributes(extReq);
        if (attributes2.length != 0) {
            Attribute attribute = attributes2[0];
            HashMap hashMap = new HashMap();
            Iterator it = attribute.getAttrValues().getObjectAt(0).iterator();
            while (it.hasNext()) {
                DERSequence dERSequence = (ASN1Encodable) it.next();
                hashMap.put(dERSequence.getObjectAt(0).getId(), new String(dERSequence.getObjectAt(1).getObjectAt(0).getOctets()));
            }
            for (ExtensionAttr extensionAttr : list) {
                if (!hashMap.containsKey(extensionAttr.getAttrOid()) && extensionAttr.getAttrRequired().intValue() == 1) {
                    this.logger.info("缺少必要的模板扩展属性信息：{}", extensionAttr.getAttrOid());
                    result.setError(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
                    return result;
                }
                extensionAttr.setAttrValue((String) hashMap.get(extensionAttr.getAttrOid()));
            }
        }
        String object2Json = JsonUtils.object2Json(list);
        this.logger.info("================P10中扩展项值=================:{}", JsonUtils.object2Json(object2Json));
        Long userId = this.baseUserDao.getUserId(3, "SCEP", 4, "scep");
        if (null == userId) {
            this.logger.info("查询scep默认用户id不存在！");
            return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
        }
        String baseDn = certTempInfoByTempNo.getBaseDn();
        this.logger.info("模板获取baseDn为:{}", baseDn);
        if (null != baseDn && p10ToCertDn.endsWith(baseDn)) {
            verifyUserCertApplyDn = this.certApplyService.verifyUserCertApplyDn(p10ToCertDn, userId.longValue(), (String) null);
        } else {
            if (!p10ToCertDn.endsWith(CommonVariable.getRaBaseDn())) {
                this.logger.info("注册签发申请DN后缀错误，DN[{}]", p10ToCertDn);
                return Result.failure(ErrorEnum.CERT_APPLY_DN_IS_ERROR);
            }
            verifyUserCertApplyDn = this.certApplyService.verifyUserCertApplyDn(p10ToCertDn, userId.longValue(), (String) null);
        }
        if (!verifyUserCertApplyDn.isSuccess()) {
            this.logger.info("注册签发申请DN格式错误，DN[{}]", p10ToCertDn);
            return verifyUserCertApplyDn;
        }
        int i = StringUtils.isNotBlank(str2) ? 3 : 1;
        IssueApplyDTO issueApplyDTO = new IssueApplyDTO();
        issueApplyDTO.setUserId(userId);
        issueApplyDTO.setTempNo(scepTempNo);
        issueApplyDTO.setCertDn(p10ToCertDn);
        issueApplyDTO.setSignAlg(certTempInfoByTempNo.getSignAlg());
        issueApplyDTO.setPrivateKeyLength(certTempInfoByTempNo.getPrivateKeyLength());
        issueApplyDTO.setCertValidity(certTempInfoByTempNo.getMaxValidity());
        issueApplyDTO.setApplyReason("SCEP设备在线发起注册签发证书申请");
        issueApplyDTO.setTempId(certTempInfoByTempNo.getId());
        issueApplyDTO.setCertPatterm(certTempInfoByTempNo.getCertPatterm());
        issueApplyDTO.setTempParas(object2Json);
        String incApplyNo = this.redisCacheManagerService.getIncApplyNo();
        issueApplyDTO.setApplyNo(incApplyNo);
        String scepName = StringUtils.isNotBlank(str2) ? scepDeviceDO.getScepName() : "scep默认设备";
        Result insertCertIssueApply = this.issueApplyService.insertCertIssueApply(Integer.valueOf(i), scepName, issueApplyDTO, certTempInfoByTempNo);
        if (!insertCertIssueApply.isSuccess()) {
            verifyUserCertApplyDn.setError(insertCertIssueApply.getError());
            return verifyUserCertApplyDn;
        }
        issueApplyDTO.setApplyId((Long) insertCertIssueApply.getInfo());
        this.certApplyService.insertCertApplyRecordScep(1, 1, incApplyNo, scepName, 1, issueApplyDTO.getApplyReason(), 1, false, true);
        this.redisCacheManagerService.cacheScepTransId(str, incApplyNo);
        if (!StringUtils.isNotBlank(str2)) {
            this.redisCacheManagerService.cacheScepPublicKey(incApplyNo, Base64.toBase64String(publicKey.getEncoded()));
            this.logger.info("==========请等待管理平台审核并进行轮循查询==========");
            return Result.success();
        }
        this.certApplyService.insertCertApplyRecordScep(1, 3, incApplyNo, scepName, 3, "自动审核类模板-审核成功", 4, true, true);
        Result issueCert = this.certApplyService.issueCert("SCEP", issueApplyDTO, publicKey.getEncoded(), scepName);
        if (!issueCert.isSuccess()) {
            this.logger.info("scep签发申请处理请求错误错误原因:{}", issueCert.getErrorBean().getErrMsg());
            return issueCert;
        }
        Result issueUserCertRespScep = this.certApplyService.issueUserCertRespScep(incApplyNo, scepName);
        if (issueUserCertRespScep.isSuccess()) {
            this.redisCacheManagerService.removeScepTransId(str);
            return issueCert;
        }
        this.logger.info("scep签发申请处理请求错误错误原因:{}", issueUserCertRespScep.getErrorBean().getErrMsg());
        return issueUserCertRespScep;
    }

    public Result getRaCert(int i) {
        this.logger.info("scep查询RA服务器signCert.p7b");
        try {
            RaServerCertDTO newRaCertInfo = this.raCertDao.getNewRaCertInfo(i);
            if (i == 3) {
                String certInfo = newRaCertInfo.getCertInfo();
                this.logger.info("查询RA加密证书成功:{}", certInfo);
                return Result.success(certInfo);
            }
            String certP7b = newRaCertInfo.getCertP7b();
            this.logger.info("查询RA签名证书成功:{}", Base64.decode(certP7b));
            return Result.success(new String(Base64.decode(certP7b)));
        } catch (Exception e) {
            this.logger.error("获取RA服务器证书为空", e);
            return Result.failure(ErrorEnum.GET_RA_SERVER_CERT_INFO_EMPTY);
        }
    }

    public Result getScepCert(String str, String str2) {
        this.logger.info("scep查询证书 sn:{}, issuerDn:{}", str, str2);
        Long userId = this.userCertDao.getUserId(str);
        if (null == userId) {
            this.logger.error("sn不存在！");
            return Result.failure(ErrorEnum.SCEP_CERT_SN_NOT_EXIST);
        }
        if (null == this.baseUserDao.getBaseUserInfo(userId.longValue(), "SCEP")) {
            this.logger.error("sn对应证书非SCEP设备！");
            return Result.failure(ErrorEnum.SCEP_CERT_SN_NOT_EXIST);
        }
        Result downloadCertDataInfo = this.caBusinessManager.downloadCertDataInfo(str, true);
        this.logger.info("查询注册证书成功：{}", downloadCertDataInfo.getInfo());
        return downloadCertDataInfo;
    }

    public Result pollScepCert(String str, String str2, String str3) {
        this.logger.info("scep轮循查询证书 subjectDn:[{}], issuerDn:[{}] transactionId:[{}]", new Object[]{str2, str3, str});
        String scepTransId = this.redisCacheManagerService.getScepTransId(str);
        if (null == scepTransId) {
            this.logger.error("根据transactionId找不到applyNo！");
            return Result.failure(ErrorEnum.SCEP_TRANSACTION_ID_ERROR);
        }
        try {
            PublicKey publicKey = new JcaPEMKeyConverter().setProvider("BC").getPublicKey(SubjectPublicKeyInfo.getInstance(Base64.decode(this.redisCacheManagerService.getScepPublicKey(scepTransId))));
            if (null == publicKey) {
                this.logger.error("缓存公钥信息丢失！");
                return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
            }
            boolean z = false;
            for (X509Certificate x509Certificate : CommonVariable.getSuperCaCerts()) {
                if (str3.equalsIgnoreCase(CertUtils.getSubjectByX509Cert(x509Certificate))) {
                    z = true;
                }
            }
            if (!z) {
                this.logger.error("issuerDn不存在！");
                return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
            }
            CertApplyDO certApplyInfo = this.certApplyDao.getCertApplyInfo(scepTransId);
            Integer applyStatus = certApplyInfo.getApplyStatus();
            IssueApplyDTO issueApplyInfoByApplyNo = this.issueApplyDao.getIssueApplyInfoByApplyNo(scepTransId);
            issueApplyInfoByApplyNo.setApplyNo(scepTransId);
            if (3 != applyStatus.intValue()) {
                return 1 == applyStatus.intValue() ? Result.success() : Result.failure(ErrorEnum.SCEP_ISSUE_CERT_END);
            }
            Result issueCert = this.certApplyService.issueCert("SCEP", issueApplyInfoByApplyNo, publicKey.getEncoded(), certApplyInfo.getAdminCertDn());
            if (!issueCert.isSuccess()) {
                this.logger.error("scep签发制证失败:{}", issueCert.getErrorBean().getErrMsg());
                return issueCert;
            }
            Result issueUserCertRespScep = this.certApplyService.issueUserCertRespScep(scepTransId, certApplyInfo.getAdminCertDn());
            if (!issueUserCertRespScep.isSuccess()) {
                this.logger.error("scep签发确认失败:{}", issueUserCertRespScep.getErrorBean().getErrMsg());
                return issueUserCertRespScep;
            }
            this.redisCacheManagerService.removeScepTransId(str);
            this.redisCacheManagerService.removeScepPublicKey(scepTransId);
            return issueCert;
        } catch (Exception e) {
            this.logger.error("转换公钥信息失败！", e);
            return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
        }
    }
}
