package com.xdja.pki.ra.service.manager.certapply;

import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.constant.Constants;
import com.xdja.pki.ra.core.util.cert.CertUtils;
import com.xdja.pki.ra.core.util.json.JsonUtils;
import com.xdja.pki.ra.core.util.time.DateUtils;
import com.xdja.pki.ra.manager.dao.ApplyRecordDao;
import com.xdja.pki.ra.manager.dao.BaseUserDao;
import com.xdja.pki.ra.manager.dao.CaCertDao;
import com.xdja.pki.ra.manager.dao.CertApplyDao;
import com.xdja.pki.ra.manager.dao.CertTempDao;
import com.xdja.pki.ra.manager.dao.RaCertDao;
import com.xdja.pki.ra.manager.dao.RevokeApplyDao;
import com.xdja.pki.ra.manager.dao.UserCertDao;
import com.xdja.pki.ra.manager.dao.model.CaCertDO;
import com.xdja.pki.ra.manager.dao.model.CertApplyDO;
import com.xdja.pki.ra.manager.dao.model.CertTempDO;
import com.xdja.pki.ra.manager.dao.model.RaCertDO;
import com.xdja.pki.ra.manager.dao.model.RevokeApplyDO;
import com.xdja.pki.ra.manager.dao.model.UserCertDO;
import com.xdja.pki.ra.manager.dto.RevokeApplyDTO;
import com.xdja.pki.ra.manager.sdk.cmp.CertLifeCycleManager;
import com.xdja.pki.ra.security.bean.Operator;
import com.xdja.pki.ra.security.util.OperatorUtil;
import com.xdja.pki.ra.service.manager.baseuser.bean.DecryptUserInfo;
import com.xdja.pki.ra.service.manager.certapply.bean.RevokeApplyVO;
import com.xdja.pki.ra.service.manager.login.bean.CurrentAdminInfo;
import com.xdja.pki.ra.service.manager.system.CaService;
import com.xdja.pki.ra.service.manager.system.RaServer;
import com.xdja.pki.ra.service.manager.usercert.UserCertService;
import java.sql.Timestamp;
import java.text.SimpleDateFormat;
import java.util.Date;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.dao.DataAccessException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service
/* loaded from: input_file:WEB-INF/lib/ra-service-manager-impl-0.0.1-SNAPSHOT.jar:com/xdja/pki/ra/service/manager/certapply/RevokeApplyServiceImpl.class */
public class RevokeApplyServiceImpl implements RevokeApplyService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    RaServer raServer;

    @Autowired
    CaService caService;

    @Autowired
    CertApplyDao certApplyDao;

    @Autowired
    RevokeApplyDao revokeApplyDao;

    @Autowired
    CertTempDao certTempDao;

    @Autowired
    ApplyRecordDao applyRecordDao;

    @Autowired
    CertApplyService certApplyService;

    @Autowired
    UserCertService userCertService;

    @Autowired
    CertLifeCycleManager certLifeCycleManager;

    @Autowired
    UserCertDao userCertDao;

    @Autowired
    CaCertDao caCertDao;

    @Autowired
    RaCertDao raCertDao;

    @Autowired
    BaseUserDao baseUserDao;

    @Override // com.xdja.pki.ra.service.manager.certapply.RevokeApplyService
    public Result getRevokeApplyInfo(String str) {
        Result result = new Result();
        RevokeApplyVO revokeApplyVO = new RevokeApplyVO();
        RevokeApplyDTO revokeApplyDTO = null;
        try {
            revokeApplyDTO = this.revokeApplyDao.getRevokeApplyInfoByApplyNo(str);
        } catch (EmptyResultDataAccessException e) {
            this.logger.info("getRevokeApplyInfo.applyNo:" + str + " 查询撤销证书申请实体为空");
        }
        if (revokeApplyDTO == null) {
            this.logger.info("获取撤销证书申请详细信息为空");
            result.setError(ErrorEnum.GET_REVOKE_APPLY_INFO_IS_EMPTY);
            return result;
        }
        BeanUtils.copyProperties(revokeApplyDTO, revokeApplyVO);
        try {
            revokeApplyVO.setLicenseNumber(DecryptUserInfo.getDecryptString(revokeApplyVO.getLicenseNumber()));
            revokeApplyVO.setGmtCreate(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format((Date) revokeApplyDTO.getGmtCreate()));
            result.setInfo(revokeApplyVO);
            return result;
        } catch (Exception e2) {
            result.setError(ErrorEnum.DECRYPT_ENCRYPT_INFO_ERROR);
            return result;
        }
    }

    @Override // com.xdja.pki.ra.service.manager.certapply.RevokeApplyService
    @Transactional
    public Result insertUserCertRevokeApply(String str, RevokeApplyDTO revokeApplyDTO, boolean z, boolean z2) {
        Result result = new Result();
        String rAServiceDnName = getRAServiceDnName();
        if (StringUtils.isBlank(rAServiceDnName)) {
            result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        String cAServiceDnName = getCAServiceDnName();
        if (StringUtils.isBlank(cAServiceDnName)) {
            result.setError(ErrorEnum.GET_CA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        UserCertDO userCertBaseInfo = this.userCertDao.getUserCertBaseInfo(revokeApplyDTO.getSignSn());
        if (userCertBaseInfo == null) {
            this.logger.info("获取用户证书信息为空");
            result.setError(ErrorEnum.GET_USER_CERT_INFO_IS_EMPTY);
            return result;
        }
        long time = userCertBaseInfo.getFailureTime().getTime() - System.currentTimeMillis();
        if ((Constants.CERT_STATUS_NORMAL_1 != userCertBaseInfo.getCertStatus().intValue() && Constants.CERT_STATUS_FREEZE_4 != userCertBaseInfo.getCertStatus().intValue()) || time < 0) {
            this.logger.info("用户证书不是可撤销状态");
            result.setError(ErrorEnum.USER_CERT_IS_NOT_NORMAL_STATUS);
            return result;
        }
        CertApplyDO certApplyDO = new CertApplyDO();
        if (z && !z2) {
            try {
                if (!this.baseUserDao.getLicenseNumberById(userCertBaseInfo.getUserId().longValue()).equals(revokeApplyDTO.getLicenseNumber())) {
                    this.logger.info("设备编号和sn对应证书不匹配");
                    result.setError(ErrorEnum.ONLINE_DEVICE_NO_GET_CERT_ERROR);
                    return result;
                }
                certApplyDO.setUserId(userCertBaseInfo.getUserId());
            } catch (DataAccessException e) {
                this.logger.info("查询证书对应的设备编号为空", (Throwable) e);
                result.setError(ErrorEnum.ONLINE_DEVICE_INFO_NOT_EXIST);
                return result;
            }
        }
        if (!z) {
            Operator operator = OperatorUtil.getOperator();
            if (operator == null || operator.getCurrUser() == null) {
                result.setError(ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN);
                return result;
            }
            CurrentAdminInfo currentAdminInfo = (CurrentAdminInfo) operator.getCurrUser();
            if (!currentAdminInfo.getRoleList().contains(Integer.valueOf(Constants.ADMIN_ROLE_OPERATOR_INPUT_3))) {
                result.setError(ErrorEnum.CURRENT_ADMIN_ROLE_IS_ERROR);
                return result;
            }
            long longValue = currentAdminInfo.getId().longValue();
            String certDn = currentAdminInfo.getCertDn();
            certApplyDO.setAdminId(Long.valueOf(longValue));
            certApplyDO.setAdminCertDn(certDn);
        }
        certApplyDO.setCertDn(userCertBaseInfo.getCertDn());
        if (certApplyDO.getUserId() == null) {
            certApplyDO.setUserId(revokeApplyDTO.getUserId());
        }
        certApplyDO.setApplyNo(DateUtils.getCurrDate("yyyyMMddHHmmssSSS") + String.valueOf(((int) (Math.random() * 900000.0d)) + 100000));
        certApplyDO.setApplyType(Integer.valueOf(Constants.CERT_APPLY_TYPE_REVOKE_3));
        result.setLogContent("，申请编号=" + certApplyDO.getApplyNo());
        certApplyDO.setGmtCreate(new Timestamp(new Date().getTime()));
        certApplyDO.setGmtUpdate(new Timestamp(new Date().getTime()));
        CertTempDO certTempInfoByTempNo = this.certTempDao.getCertTempInfoByTempNo(revokeApplyDTO.getTempNo());
        if (certTempInfoByTempNo == null) {
            this.logger.info("证书发起撤销时，获取证书模板信息为空");
            result.setError(ErrorEnum.GET_CERT_TEMP_INFO_IS_EMPTY);
            return result;
        }
        this.logger.info("证书发起撤销时，对应模板编号为{},审核策略为【{}】", certTempInfoByTempNo.getTempNo(), certTempInfoByTempNo.getCheckStrategy().intValue() == 1 ? "自动" : "手动");
        this.certApplyService.insertCertApplyRecord(Constants.CERT_APPLY_TYPE_REVOKE_3, Constants.OPERATE_TYPE_ENTRY_1, certApplyDO.getApplyNo(), str, 1, revokeApplyDTO.getApplyReason(), Constants.CERT_APPLY_OPERATE_TYPE_SUBMIT_SUCCESS_1, false, z);
        int i = 1;
        if (Constants.TEMP_CHECK_STRATEGY_AUTO_1 == certTempInfoByTempNo.getCheckStrategy().intValue() || (z && !z2)) {
            this.certApplyService.insertCertApplyRecord(Constants.CERT_APPLY_TYPE_REVOKE_3, Constants.OPERATE_TYPE_CHECK_3, certApplyDO.getApplyNo(), str, 0, "自动审核类模板-审核成功", Constants.CERT_APPLY_OPERATE_TYPE_CHECK_SUCCESS_4, true, z);
            Result revokeUserCert = this.certLifeCycleManager.revokeUserCert(certApplyDO.getApplyNo(), rAServiceDnName, cAServiceDnName, revokeApplyDTO.getSignSn(), revokeApplyDTO.getCertDn(), revokeApplyDTO.getRevokeReason().intValue(), revokeApplyDTO.getApplyReason());
            if (revokeUserCert.isSuccess()) {
                i = 7;
                this.certApplyService.insertCertApplyRecord(Constants.CERT_APPLY_TYPE_REVOKE_3, Constants.OPERATE_TYPE_REVOKE_4, certApplyDO.getApplyNo(), str, 7, revokeApplyDTO.getApplyReason(), Constants.CERT_APPLY_OPERATE_TYPE_REVOKE_SUCCESS_6, false, z);
                Result updateUserCertStatus = this.userCertService.updateUserCertStatus(Constants.CERT_STATUS_REVOKED_3, revokeApplyDTO.getSignSn());
                if (!updateUserCertStatus.isSuccess()) {
                    this.logger.info("更新证书状态错误:" + JsonUtils.object2Json(updateUserCertStatus));
                    result.setError(updateUserCertStatus.getError());
                    return result;
                }
            } else {
                this.logger.info("发起证书撤销失败 errorCode:" + revokeUserCert.getErrorBean().getErrCode());
                result.setErrorBean(revokeUserCert.getErrorBean());
                i = 6;
                this.certApplyService.insertCertApplyRecord(Constants.CERT_APPLY_TYPE_REVOKE_3, Constants.OPERATE_TYPE_REVOKE_4, certApplyDO.getApplyNo(), str, 6, "证书撤销失败code:" + revokeUserCert.getErrorBean().getErrCode(), Constants.CERT_APPLY_OPERATE_TYPE_REVOKE_FAIL_5, false, z);
            }
        }
        certApplyDO.setApplyStatus(Integer.valueOf(i));
        certApplyDO.setTempId(certTempInfoByTempNo.getId());
        CertApplyDO insertCertApply = this.certApplyDao.insertCertApply(certApplyDO);
        RevokeApplyDO revokeApplyDO = new RevokeApplyDO();
        revokeApplyDO.setSignSn(revokeApplyDTO.getSignSn());
        revokeApplyDO.setEncSn(revokeApplyDTO.getEncSn());
        revokeApplyDO.setApplyId(insertCertApply.getId());
        revokeApplyDO.setRevokeReason(revokeApplyDTO.getRevokeReason());
        revokeApplyDO.setApplyReason(revokeApplyDTO.getApplyReason());
        revokeApplyDO.setSignAlg(userCertBaseInfo.getSignAlg());
        revokeApplyDO.setPrivateKeyLength(userCertBaseInfo.getPrivateKeyLength());
        revokeApplyDO.setCertValidity(userCertBaseInfo.getCertValidity());
        Date date = new Date();
        revokeApplyDO.setGmtUpdate(new Timestamp(date.getTime()));
        revokeApplyDO.setGmtCreate(new Timestamp(date.getTime()));
        this.revokeApplyDao.insertRevokeApply(revokeApplyDO);
        result.setInfo(insertCertApply.getApplyNo());
        return result;
    }

    @Override // com.xdja.pki.ra.service.manager.certapply.RevokeApplyService
    @Transactional
    public Result updateUserCertRevokeApply(String str, String str2, RevokeApplyDTO revokeApplyDTO, boolean z) {
        Result result = new Result();
        if (!z) {
            Operator operator = OperatorUtil.getOperator();
            if (operator == null || operator.getCurrUser() == null) {
                result.setError(ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN);
                return result;
            }
            if (!((CurrentAdminInfo) operator.getCurrUser()).getRoleList().contains(Integer.valueOf(Constants.ADMIN_ROLE_OPERATOR_INPUT_3))) {
                result.setError(ErrorEnum.CURRENT_ADMIN_ROLE_IS_ERROR);
                return result;
            }
        }
        CertApplyDO certApplyInfo = this.certApplyDao.getCertApplyInfo(str2);
        if (certApplyInfo == null) {
            this.logger.info("获取证书申请基本信息为空");
            result.setError(ErrorEnum.GET_CERT_APPLY_INFO_IS_EMPTY);
            return result;
        }
        if (certApplyInfo.getApplyStatus().intValue() != 2) {
            this.logger.info("当前申请状态，不可修改申请信息");
            result.setError(ErrorEnum.APPLY_STATUS_CANNOT_UPDATE_INFO);
            return result;
        }
        UserCertDO userCertBaseInfo = this.userCertDao.getUserCertBaseInfo(revokeApplyDTO.getSignSn());
        if (userCertBaseInfo == null) {
            this.logger.info("获取用户证书信息为空");
            result.setError(ErrorEnum.GET_USER_CERT_INFO_IS_EMPTY);
            return result;
        }
        long time = userCertBaseInfo.getFailureTime().getTime() - System.currentTimeMillis();
        if ((Constants.CERT_STATUS_NORMAL_1 != userCertBaseInfo.getCertStatus().intValue() && Constants.CERT_STATUS_FREEZE_4 != userCertBaseInfo.getCertStatus().intValue()) || time < 0) {
            this.logger.info("用户证书不是可撤销状态");
            result.setError(ErrorEnum.USER_CERT_IS_NOT_NORMAL_STATUS);
            return result;
        }
        RevokeApplyDO revokeApplyInfoByApplyId = this.revokeApplyDao.getRevokeApplyInfoByApplyId(certApplyInfo.getId().longValue());
        if (revokeApplyInfoByApplyId == null) {
            this.logger.info("获取撤销证书申请基本信息为空");
            result.setError(ErrorEnum.GET_REVOKE_APPLY_INFO_IS_EMPTY);
            return result;
        }
        revokeApplyInfoByApplyId.setApplyReason(revokeApplyDTO.getApplyReason());
        revokeApplyInfoByApplyId.setRevokeReason(revokeApplyDTO.getRevokeReason());
        revokeApplyInfoByApplyId.setGmtUpdate(new Timestamp(System.currentTimeMillis()));
        if (this.revokeApplyDao.updateRevokeApply(revokeApplyInfoByApplyId) <= 0) {
            this.logger.info("更新撤销申请基本信息失败");
            result.setError(ErrorEnum.UPDATE_REVOKE_CERT_APPLY_INFO_FAIL);
            return result;
        }
        CertTempDO certTempInfoByTempNo = this.certTempDao.getCertTempInfoByTempNo(revokeApplyDTO.getTempNo());
        if (certTempInfoByTempNo == null) {
            this.logger.info("获取证书模板信息为空");
            result.setError(ErrorEnum.GET_CERT_TEMP_INFO_IS_EMPTY);
            return result;
        }
        this.certApplyService.insertCertApplyRecord(Constants.CERT_APPLY_TYPE_REVOKE_3, Constants.OPERATE_TYPE_UPDATE_2, str2, str, 1, revokeApplyDTO.getApplyReason(), Constants.CERT_APPLY_OPERATE_TYPE_UPDATE_SUCCESS_2, false, z);
        int i = 1;
        if (Constants.TEMP_CHECK_STRATEGY_AUTO_1 == certTempInfoByTempNo.getCheckStrategy().intValue()) {
            this.certApplyService.insertCertApplyRecord(Constants.CERT_APPLY_TYPE_REVOKE_3, Constants.OPERATE_TYPE_CHECK_3, certApplyInfo.getApplyNo(), str, 0, "自动审核类模板-审核成功", Constants.CERT_APPLY_OPERATE_TYPE_CHECK_SUCCESS_4, true, z);
            String rAServiceDnName = getRAServiceDnName();
            if (StringUtils.isBlank(rAServiceDnName)) {
                result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
                return result;
            }
            String cAServiceDnName = getCAServiceDnName();
            if (StringUtils.isBlank(cAServiceDnName)) {
                result.setError(ErrorEnum.GET_CA_SERVICE_DN_NAME_ERROR);
                return result;
            }
            Result revokeUserCert = this.certLifeCycleManager.revokeUserCert(str2, rAServiceDnName, cAServiceDnName, revokeApplyDTO.getSignSn(), revokeApplyDTO.getCertDn(), revokeApplyDTO.getRevokeReason().intValue(), revokeApplyDTO.getApplyReason());
            if (revokeUserCert.isSuccess()) {
                i = 7;
                this.certApplyService.insertCertApplyRecord(Constants.CERT_APPLY_TYPE_REVOKE_3, Constants.OPERATE_TYPE_REVOKE_4, str2, str, 7, revokeApplyDTO.getApplyReason(), Constants.CERT_APPLY_OPERATE_TYPE_REVOKE_SUCCESS_6, false, z);
            } else {
                this.logger.info("发起证书撤销失败 errorCode:" + revokeUserCert.getErrorBean().getErrCode());
                result.setErrorBean(revokeUserCert.getErrorBean());
                i = 6;
                this.certApplyService.insertCertApplyRecord(Constants.CERT_APPLY_TYPE_REVOKE_3, Constants.OPERATE_TYPE_REVOKE_4, str2, str, 6, "证书撤销失败code:" + revokeUserCert.getErrorBean().getErrCode(), Constants.CERT_APPLY_OPERATE_TYPE_REVOKE_FAIL_5, false, z);
            }
        }
        Result updateCertApplyInfo = this.certApplyService.updateCertApplyInfo(revokeApplyDTO.getCertDn(), str2, i, certTempInfoByTempNo.getId());
        if (updateCertApplyInfo.isSuccess()) {
            return result;
        }
        this.logger.info("更新申请信息失败:" + JsonUtils.object2Json(updateCertApplyInfo));
        throw new RuntimeException();
    }

    private String getRAServiceDnName() {
        try {
            RaCertDO newRaCertInfo = this.raCertDao.getNewRaCertInfo();
            if (newRaCertInfo == null) {
                return null;
            }
            return CertUtils.getSubjectByX509Cert(CertUtils.getCertFromStr(newRaCertInfo.getCertInfo()));
        } catch (Exception e) {
            this.logger.error("获取RA服务器证书异常{}", (Throwable) e);
            return null;
        }
    }

    private String getCAServiceDnName() {
        try {
            CaCertDO newCaCertInfo = this.caCertDao.getNewCaCertInfo();
            if (newCaCertInfo == null) {
                return null;
            }
            return CertUtils.getSubjectByX509Cert(CertUtils.getCertFromStr(newCaCertInfo.getCertInfo()));
        } catch (Exception e) {
            this.logger.error("获取CA服务器证书异常{}", (Throwable) e);
            return null;
        }
    }
}
