package com.xdja.pki.ra.service.manager.auditlog;

import com.xdja.pki.auditlog.dao.ArchiveLogDao;
import com.xdja.pki.auditlog.dao.model.ArchiveLogDO;
import com.xdja.pki.auditlog.service.ArchiveLogService;
import com.xdja.pki.auditlog.service.bean.ArchiveLogListVO;
import com.xdja.pki.auditlog.service.bean.ArchiveLogVO;
import com.xdja.pki.auditlog.service.bean.AuditLogIsAuditEnum;
import com.xdja.pki.auditlog.service.bean.AuditLogIsVerifyEnum;
import com.xdja.pki.auditlog.service.bean.AuditLogResultEnum;
import com.xdja.pki.auditlog.service.bean.ra.AuditLogOperatorTypeEnum;
import com.xdja.pki.auth.service.AuditLogService;
import com.xdja.pki.core.bean.CoreResult;
import com.xdja.pki.core.bean.ErrorBean;
import com.xdja.pki.core.bean.PageInfo;
import com.xdja.pki.ra.core.common.CommonVariable;
import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.pkcs7.SignedDataUtils;
import com.xdja.pki.ra.core.util.cert.CertUtils;
import com.xdja.pki.ra.core.util.cert.HsmUtils;
import com.xdja.pki.ra.manager.dao.AdminCertDao;
import com.xdja.pki.ra.manager.dao.RaCertDao;
import com.xdja.pki.ra.manager.dao.model.AdminCertDO;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.List;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/ra-service-manager-impl-0.0.1-SNAPSHOT.jar:com/xdja/pki/ra/service/manager/auditlog/ArchiveLogServiceImpl.class
 */
@Service
/* loaded from: input_file:WEB-INF/lib/ra-service-manager-impl-2.0.0-SNAPSHOT.jar:com/xdja/pki/ra/service/manager/auditlog/ArchiveLogServiceImpl.class */
public class ArchiveLogServiceImpl implements ArchiveLogService {

    @Autowired
    private ArchiveLogDao archiveLogDao;

    @Autowired
    public AdminCertDao adminCertDao;

    @Autowired
    public RaCertDao raCertDao;

    @Autowired
    private AuditLogService auditLogService;
    private Logger logger = LoggerFactory.getLogger(getClass());
    private SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");

    @Override // com.xdja.pki.auditlog.service.ArchiveLogService
    public Object listArchiveLogs(Integer num, Integer num2, Integer num3, String str, String str2, boolean z) {
        if (z) {
            return generateListVO((List) this.archiveLogDao.listArchiveLog(num, num2, num3, str, str2, z));
        }
        PageInfo pageInfo = (PageInfo) this.archiveLogDao.listArchiveLog(num, num2, num3, str, str2, z);
        pageInfo.setDatas(generateListVO((List) pageInfo.getDatas()));
        return pageInfo;
    }

    private List<ArchiveLogListVO> generateListVO(List<ArchiveLogDO> list) {
        ArrayList arrayList = new ArrayList();
        for (ArchiveLogDO archiveLogDO : list) {
            ArchiveLogListVO archiveLogListVO = new ArchiveLogListVO();
            archiveLogListVO.setId(archiveLogDO.getId());
            archiveLogListVO.setOperatorSubject(archiveLogDO.getOperatorSubject());
            archiveLogListVO.setOperatorType(archiveLogDO.getOperatorType());
            archiveLogListVO.setOperatorTypeString(AuditLogOperatorTypeEnum.getDescFromType(archiveLogDO.getOperatorType()));
            archiveLogListVO.setOperateClientIp(archiveLogDO.getOperateClientIp());
            archiveLogListVO.setOperateTime(this.sdf.format(archiveLogDO.getOperateTime()));
            archiveLogListVO.setOperateResult(archiveLogDO.getOperateResult());
            archiveLogListVO.setOperateResultString(AuditLogResultEnum.getValueFromId(archiveLogDO.getOperateResult().intValue()));
            archiveLogListVO.setIsAudit(archiveLogDO.getIsAudit());
            archiveLogListVO.setIsAuditString(AuditLogIsAuditEnum.getValueFromId(archiveLogDO.getIsAudit().intValue()));
            archiveLogListVO.setArchiveTime(this.sdf.format(archiveLogDO.getArchiveTime()));
            arrayList.add(archiveLogListVO);
        }
        return arrayList;
    }

    @Override // com.xdja.pki.auditlog.service.ArchiveLogService
    public Object getArchiveLogbyId(int i, Integer num) {
        try {
            ArchiveLogDO archiveLogDO = this.archiveLogDao.get(i);
            if (null == archiveLogDO) {
                return new CoreResult(-1, null, new ErrorBean(ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.code, ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.desc));
            }
            ArchiveLogVO archiveLogVO = new ArchiveLogVO();
            archiveLogVO.setId(archiveLogDO.getId());
            archiveLogVO.setOperatorSubject(archiveLogDO.getOperatorSubject());
            archiveLogVO.setOperatorSn(archiveLogDO.getOperatorSn());
            archiveLogVO.setOperatorType(archiveLogDO.getOperatorType());
            archiveLogVO.setOperatorTypeString(AuditLogOperatorTypeEnum.getDescFromType(archiveLogDO.getOperatorType()));
            archiveLogVO.setOperateClientIp(archiveLogDO.getOperateClientIp());
            archiveLogVO.setOperateContent(archiveLogDO.getOperateContent());
            archiveLogVO.setOperateResult(archiveLogDO.getOperateResult());
            archiveLogVO.setOperateTime(this.sdf.format(archiveLogDO.getOperateTime()));
            archiveLogVO.setOperateResultString(AuditLogResultEnum.getValueFromId(archiveLogDO.getOperateResult().intValue()));
            archiveLogVO.setOperateModifyDetail(archiveLogDO.getOperateModifyDetail());
            archiveLogVO.setOperateSign(archiveLogDO.getOperateSign());
            archiveLogVO.setIsAudit(archiveLogDO.getIsAudit());
            archiveLogVO.setIsAuditString(AuditLogIsAuditEnum.getValueFromId(archiveLogDO.getIsAudit().intValue()));
            if (archiveLogDO.getIsVerify() != null) {
                archiveLogVO.setIsVerify(archiveLogDO.getIsVerify());
                archiveLogVO.setIsVerifyString(AuditLogIsVerifyEnum.getValueFromId(archiveLogDO.getIsVerify().intValue()));
            }
            if (archiveLogDO.getIsAudit().intValue() == 2) {
                archiveLogVO.setAuditSubject(archiveLogDO.getAuditSubject());
                archiveLogVO.setAuditSn(archiveLogDO.getAuditSn());
                archiveLogVO.setAuditNote(archiveLogDO.getAuditNote());
                archiveLogVO.setAuditTime(this.sdf.format(archiveLogDO.getAuditTime()));
                archiveLogVO.setAuditClientIp(archiveLogDO.getAuditClientIp());
            }
            if (null != num && num.intValue() == 1) {
                this.logger.info("get archive log info with verify!");
                archiveLogVO.setIsVerifyString(AuditLogIsVerifyEnum.getInstance((archiveLogDO.getIsAudit().intValue() == 1 ? verifyOperateSign(archiveLogDO) : verifyAuditOperateSign(archiveLogDO)).isSuccess()).value);
            }
            archiveLogVO.setArchiveTime(this.sdf.format(archiveLogDO.getArchiveTime()));
            return CoreResult.success(archiveLogVO);
        } catch (Exception e) {
            this.logger.error("获取操作日志实例异常", (Throwable) e);
            return new CoreResult(-1, null, new ErrorBean(ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.code, ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.desc));
        }
    }

    @Override // com.xdja.pki.auditlog.service.ArchiveLogService
    public CoreResult verifyArchiveLog(int i) {
        try {
            ArchiveLogDO archiveLogDO = this.archiveLogDao.get(i);
            if (null == archiveLogDO) {
                return new CoreResult(-1, null, new ErrorBean(ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.code, ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.desc));
            }
            Result verifyOperateSign = archiveLogDO.getIsAudit().intValue() == 1 ? verifyOperateSign(archiveLogDO) : verifyAuditOperateSign(archiveLogDO);
            ErrorEnum error = verifyOperateSign.getError();
            ErrorBean errorBean = new ErrorBean();
            if (null != error) {
                errorBean = new ErrorBean(error.code, error.desc);
            }
            return new CoreResult(verifyOperateSign.getCode(), verifyOperateSign.getInfo(), errorBean);
        } catch (Exception e) {
            this.logger.error("获取操作日志实例异常", (Throwable) e);
            return new CoreResult(-1, null, new ErrorBean(ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.code, ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.desc));
        }
    }

    private Result verifyOperateSign(ArchiveLogDO archiveLogDO) {
        this.logger.info("verify:{}", archiveLogDO);
        AdminCertDO adminCertInfo = this.adminCertDao.getAdminCertInfo(archiveLogDO.getOperatorSn(), 2);
        if (adminCertInfo == null) {
            return Result.failure(ErrorEnum.GET_OPERATOR_CERT_EMPTY);
        }
        this.logger.info("证书：{}", adminCertInfo.getCertInfo());
        X509Certificate certFromStr = CertUtils.getCertFromStr(adminCertInfo.getCertInfo());
        if (certFromStr == null) {
            return Result.failure(ErrorEnum.GET_OPERATOR_CERT_EMPTY);
        }
        try {
            if (!SignedDataUtils.verifySignedData(archiveLogDO.getOperateSign(), certFromStr.getPublicKey())) {
                this.logger.error("验证管理员操作签名失败");
                return Result.failure(ErrorEnum.VERIFY_ADMIN_OPERATOR_SIGN_FAIL);
            }
            try {
                X509Certificate certFromStr2 = CertUtils.getCertFromStr(this.raCertDao.queryRaCertDataById(archiveLogDO.getServerCertId()).getCertInfo());
                return 0 != CommonVariable.getIsHsm().intValue() ? HsmUtils.verifyCertByYunHsm(certFromStr2.getSigAlgName(), certFromStr2.getPublicKey(), archiveLogDO.operatorBase64Encode(), archiveLogDO.getServerSign()) : HsmUtils.verifyCertByBC(certFromStr2.getSigAlgName(), certFromStr2.getPublicKey(), Base64.decode(archiveLogDO.getServerSign()), Base64.decode(archiveLogDO.operatorBase64Encode())) ? Result.success() : Result.failure(ErrorEnum.VERIFY_SERVER_CERT_SIGN_FAIL);
            } catch (Exception e) {
                this.logger.error("verify audit error", (Throwable) e);
                return Result.failure(ErrorEnum.VERIFY_SERVER_CERT_SIGN_FAIL);
            }
        } catch (Exception e2) {
            this.logger.error("验证管理员操作签名失败", (Throwable) e2);
            return Result.failure(ErrorEnum.VERIFY_ADMIN_OPERATOR_SIGN_FAIL);
        }
    }

    private Result verifyAuditOperateSign(ArchiveLogDO archiveLogDO) {
        this.logger.info("verify:{}", archiveLogDO);
        AdminCertDO adminCertInfo = this.adminCertDao.getAdminCertInfo(archiveLogDO.getAuditSn(), 2);
        if (adminCertInfo == null) {
            return Result.failure(ErrorEnum.GET_AUDITOR_CERT_EMPTY);
        }
        this.logger.info("证书：{}", adminCertInfo.getCertInfo());
        X509Certificate certFromStr = CertUtils.getCertFromStr(adminCertInfo.getCertInfo());
        if (certFromStr == null) {
            return Result.failure(ErrorEnum.GET_AUDITOR_CERT_EMPTY);
        }
        try {
            if (!SignedDataUtils.verifySignedData(archiveLogDO.getOperateSign(), certFromStr.getPublicKey())) {
                this.logger.error("验证审计员操作签名失败");
                return Result.failure(ErrorEnum.VERIFY_ADMIN_OPERATOR_SIGN_FAIL);
            }
            try {
                X509Certificate certFromStr2 = CertUtils.getCertFromStr(this.raCertDao.queryRaCertDataById(archiveLogDO.getServerCertId()).getCertInfo());
                return 0 != CommonVariable.getIsHsm().intValue() ? HsmUtils.verifyCertByYunHsm(certFromStr2.getSigAlgName(), certFromStr2.getPublicKey(), archiveLogDO.operatorWithAuditInfoBase64Encode(), archiveLogDO.getServerSign()) : HsmUtils.verifyCertByBC(certFromStr2.getSigAlgName(), certFromStr2.getPublicKey(), Base64.decode(archiveLogDO.getServerSign()), Base64.decode(archiveLogDO.operatorWithAuditInfoBase64Encode())) ? Result.success() : Result.failure(ErrorEnum.VERIFY_SERVER_CERT_SIGN_FAIL);
            } catch (Exception e) {
                this.logger.error("verify audit error", (Throwable) e);
                return Result.failure(ErrorEnum.VERIFY_SERVER_CERT_SIGN_FAIL);
            }
        } catch (Exception e2) {
            this.logger.error("验证审计员操作签名失败", (Throwable) e2);
            return Result.failure(ErrorEnum.VERIFY_ADMIN_OPERATOR_SIGN_FAIL);
        }
    }
}
