package com.xdja.pki.ra.security.service;

import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.pkcs7.SignedDataUtils;
import com.xdja.pki.ra.core.util.cert.CertUtils;
import com.xdja.pki.ra.core.util.json.JsonUtils;
import com.xdja.pki.ra.manager.dao.AdminCertDao;
import com.xdja.pki.ra.manager.dao.AdminRoleDao;
import com.xdja.pki.ra.manager.dao.CaCertDao;
import com.xdja.pki.ra.manager.dao.FunctionDao;
import com.xdja.pki.ra.manager.dao.model.AdminCertDO;
import com.xdja.pki.ra.manager.dao.model.AdminRoleDO;
import com.xdja.pki.ra.manager.dao.model.CaCertDO;
import com.xdja.pki.ra.manager.dao.model.FunctionDO;
import com.xdja.pki.ra.manager.sdk.business.CaBusinessManager;
import com.xdja.pki.security.bean.AuthenticationInfo;
import com.xdja.pki.security.bean.Menu;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.joda.time.DateTimeConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.CollectionUtils;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/ra-service-security-0.0.1-SNAPSHOT.jar:com/xdja/pki/ra/security/service/SecurityServiceImpl.class
 */
@Service
/* loaded from: input_file:WEB-INF/lib/ra-service-security-impl-2.0.0-SNAPSHOT.jar:com/xdja/pki/ra/security/service/SecurityServiceImpl.class */
public class SecurityServiceImpl implements com.xdja.pki.security.service.SecurityService {
    protected final transient Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    FunctionDao functionDao;

    @Autowired
    CaBusinessManager caBusinessManager;

    @Autowired
    AdminCertDao adminCertDao;

    @Autowired
    CaCertDao caCertDao;

    @Autowired
    AdminRoleDao adminRoleDao;

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/ra-service-security-0.0.1-SNAPSHOT.jar:com/xdja/pki/ra/security/service/SecurityServiceImpl$MenuComparator.class
     */
    /* loaded from: input_file:WEB-INF/lib/ra-service-security-impl-2.0.0-SNAPSHOT.jar:com/xdja/pki/ra/security/service/SecurityServiceImpl$MenuComparator.class */
    private class MenuComparator implements Comparator<Object> {
        private MenuComparator() {
        }

        @Override // java.util.Comparator
        public int compare(Object obj, Object obj2) {
            int order = ((Menu) obj).getOrder();
            int order2 = ((Menu) obj2).getOrder();
            if (order > order2) {
                return 1;
            }
            return order < order2 ? -1 : 0;
        }
    }

    @Override // com.xdja.pki.security.service.SecurityService
    @Transactional
    public AuthenticationInfo doAuthen(AuthenticationToken authenticationToken) {
        this.logger.debug("doAuthen:[{}]", authenticationToken);
        if (authenticationToken == null) {
            throw new AuthenticationException(String.valueOf(ErrorEnum.ADMIN_LOGIN_AUTHEN_EXCEPTION.code));
        }
        com.xdja.pki.security.bean.AdminCertCardNoToken adminCertCardNoToken = (com.xdja.pki.security.bean.AdminCertCardNoToken) authenticationToken;
        String cardNo = adminCertCardNoToken.getCardNo();
        String signSn = adminCertCardNoToken.getSignSn();
        adminCertCardNoToken.getChallengeCode();
        String signData = adminCertCardNoToken.getSignData();
        try {
            Result raAdminLoginAuthen = this.caBusinessManager.raAdminLoginAuthen(signSn);
            if (!raAdminLoginAuthen.isSuccess()) {
                this.logger.info("=============== CA服务返回登录认证失败 =========== " + JsonUtils.object2Json(raAdminLoginAuthen));
                throw new AuthenticationException(String.valueOf(ErrorEnum.CA_SERVICE_RETURN_LOGIN_AUTHEN_ERROR.code));
            }
            Map map = (Map) raAdminLoginAuthen.getInfo();
            this.logger.info("CA返回的认证信息 ============ " + JsonUtils.object2Json(map));
            if (CollectionUtils.isEmpty((Map<?, ?>) map)) {
                throw new AuthenticationException(String.valueOf(ErrorEnum.CA_RETURN_ADMIN_AUTHEN_INFO_IS_EMPTY.code));
            }
            int intValue = ((Integer) map.get("adminType")).intValue();
            if (0 == intValue) {
                throw new AuthenticationException(String.valueOf(ErrorEnum.ADMIN_ROLE_TYPE_IS_ERROR.code));
            }
            int intValue2 = ((Integer) map.get("signCertStatus")).intValue();
            if (1 != intValue2) {
                throw new AuthenticationException(String.valueOf(ErrorEnum.ADMIN_CERT_STATUS_IS_NOT_NORMAL.code));
            }
            String str = (String) map.get("signCertData");
            PublicKey publicKey = CertUtils.getCertFromStr(str).getPublicKey();
            this.logger.info(" ================ 验证挑战值 =============");
            try {
                if (!SignedDataUtils.verifySignedData(signData, publicKey)) {
                    this.logger.info("对登录的挑战值进行验签失败");
                }
                String str2 = (String) map.get("encCertData");
                if ((intValue == 1 || intValue == 2) && this.adminCertDao.getAdminCertInfo(signSn, 2) == null) {
                    this.logger.info("该sn【{}】未进行过授权，将进行授权操作！", signSn);
                    try {
                        Result authorizationAdminInfo = authorizationAdminInfo(cardNo, str, str2, intValue, intValue2);
                        if (!authorizationAdminInfo.isSuccess()) {
                            this.logger.info("授权业务管理员和审计员信息出错");
                            throw new AuthenticationException(String.valueOf(authorizationAdminInfo.getError().code));
                        }
                    } catch (Exception e) {
                        this.logger.error("进行授权操作接口异常{}", (Throwable) e);
                        throw new AuthenticationException(String.valueOf(ErrorEnum.CERT_DN_IS_NOT_FORMAT.code));
                    }
                }
                AuthenticationInfo authenticationInfo = new AuthenticationInfo();
                authenticationInfo.setAdminType(intValue);
                authenticationInfo.setSignCertStatus(intValue2);
                authenticationInfo.setSignCertData(str);
                authenticationInfo.setEncCertData(str2);
                return authenticationInfo;
            } catch (Exception e2) {
                this.logger.error("密码机国密算法工具类-验证签名-异常,{}", (Throwable) e2);
                throw new AuthenticationException(String.valueOf(ErrorEnum.GMSSL_HSM_UTILS_IS_EXCEPTION.code));
            }
        } catch (Exception e3) {
            this.logger.error("CA的登录认证接口异常{}", (Throwable) e3);
            throw new AuthenticationException(String.valueOf(ErrorEnum.CA_OPEN_API_SERVICE_EXCEPTION.code));
        }
    }

    @Override // com.xdja.pki.security.service.SecurityService
    public Collection<Menu> getFunctions() {
        return queryMapFunctions(this.functionDao.queryAllFunctions()).values();
    }

    @Override // com.xdja.pki.security.service.SecurityService
    public Collection<String> getWhiteLink() {
        ArrayList arrayList = new ArrayList();
        arrayList.add("/v1/init/system/recovery");
        arrayList.add("/v1/init/system/isRecoveryOver");
        arrayList.add("/v1/login/manager");
        arrayList.add("/v1/login/challenge/*");
        arrayList.add("/v1/logout");
        arrayList.add("/v1/init/ra/config/**");
        arrayList.add("/v1/init/hsm/connect/**");
        arrayList.add("/v1/init/hsm/config/**");
        arrayList.add("/v1/init/isinit");
        arrayList.add("/v1/init/update/*");
        arrayList.add("/v1/init/step");
        arrayList.add("/v1/init/recover");
        arrayList.add("/v1/init/ca/config/**");
        arrayList.add("/v1/init/ca/connect/**");
        arrayList.add("/v1/init/admin/author/**");
        arrayList.add("/v1/init/ra/system");
        arrayList.add("/v1/init/ra/restart");
        arrayList.add("/v1/init/ra/hsm");
        arrayList.add("/v1/init/ra/p10");
        arrayList.add("/v1/init/ra/certReq");
        arrayList.add("/v1/init/hsm/no");
        arrayList.add("/v1/init/key/name");
        arrayList.add("/v1/init/caCert/info");
        arrayList.add("/v1/init/swxahsm/config");
        arrayList.add("/v1/init/swxahsm/connect");
        arrayList.add("/v1/init/encrypt/localkey");
        arrayList.add("/v1/init/encrypt/key");
        arrayList.add("/v1/dic/*");
        arrayList.add("/v1/tbox/**");
        arrayList.add("/v1/normal/**");
        arrayList.add("/v1/ra-openapi/**");
        arrayList.add("/v1/scep/**");
        return arrayList;
    }

    @Override // com.xdja.pki.security.service.SecurityService
    public String unAuthenticationContent() {
        return String.valueOf(ErrorEnum.UNAUTHENTICATED.code);
    }

    @Override // com.xdja.pki.security.service.SecurityService
    public String unAuthorizationContent() {
        return String.valueOf(ErrorEnum.UNAUTHORIZED_REQUEST.code);
    }

    public Map<String, Menu> queryMapFunctions(List<FunctionDO> list) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        LinkedHashMap linkedHashMap2 = new LinkedHashMap();
        for (FunctionDO functionDO : list) {
            Menu function2Menu = function2Menu(functionDO);
            if (functionDO.getParentId().longValue() == 0) {
                linkedHashMap2.put(functionDO.getId(), function2Menu);
                linkedHashMap.put(String.valueOf(functionDO.getId()), function2Menu);
            } else {
                Menu menu = (Menu) linkedHashMap2.get(functionDO.getParentId());
                if (menu != null) {
                    menu.addChild(function2Menu);
                }
                linkedHashMap2.put(functionDO.getId(), function2Menu);
            }
        }
        return linkedHashMap;
    }

    private Menu function2Menu(FunctionDO functionDO) {
        Menu menu = new Menu();
        menu.setId(String.valueOf(functionDO.getId()));
        menu.setName(functionDO.getName());
        menu.setPermissionKey(functionDO.getPermissionKey());
        menu.setPermission(functionDO.getPermission());
        menu.setIcon(functionDO.getIcon());
        menu.setLink(functionDO.getLink());
        menu.setObjName(functionDO.getObjName());
        menu.setOrder(functionDO.getOrderNum().intValue());
        menu.setShow(functionDO.getIsShow().intValue() == 1);
        return menu;
    }

    private List<Menu> sortMenuList(Collection<Menu> collection) {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(collection);
        Collections.sort(arrayList, new MenuComparator());
        return arrayList;
    }

    @Override // com.xdja.pki.security.service.SecurityService
    public Result authorizationAdminInfo(String str, String str2, String str3, int i, int i2) {
        Result result = new Result();
        CaCertDO newCaCertInfo = this.caCertDao.getNewCaCertInfo();
        if (newCaCertInfo == null) {
            this.logger.info("获取CA证书信息为空");
            result.setError(ErrorEnum.GET_CA_CERT_INFO_IS_EMPTY);
            return result;
        }
        newCaCertInfo.getCertDn();
        long nanoTime = System.nanoTime();
        String str4 = i == 1 ? "业务管理员" : "审计员";
        AdminCertDO adminCertDO = new AdminCertDO();
        adminCertDO.setCardNo(str);
        adminCertDO.setAdminType(Integer.valueOf(i));
        adminCertDO.setCaCertId(newCaCertInfo.getId());
        adminCertDO.setCertInfo(str2);
        adminCertDO.setPairCertIndex(Long.valueOf(nanoTime));
        adminCertDO.setCertType(2);
        adminCertDO.setRoleInfo(str4);
        X509Certificate certFromStr = CertUtils.getCertFromStr(str2);
        if (certFromStr == null) {
            this.logger.info("CA返回的管理员证书信息中，签名证书错误");
            result.setError(ErrorEnum.CA_RESPONSE_USER_SIGN_CERT_ERROR);
            return result;
        }
        try {
            int publicKeyLength = CertUtils.getPublicKeyLength(certFromStr);
            adminCertDO.setCertSn(certFromStr.getSerialNumber().toString(16).toLowerCase());
            adminCertDO.setCertDn(CertUtils.getSubjectByX509Cert(certFromStr));
            adminCertDO.setSignAlg(certFromStr.getSigAlgName());
            adminCertDO.setCertStatus(Integer.valueOf(i2));
            adminCertDO.setPrivateKeyLength(Integer.valueOf(publicKeyLength));
            try {
                String keyAlg = CertUtils.getKeyAlg(certFromStr);
                adminCertDO.setPublicKeyAlg(keyAlg);
                Date notBefore = certFromStr.getNotBefore();
                Date notAfter = certFromStr.getNotAfter();
                adminCertDO.setCertValidity(Integer.valueOf(((int) (notAfter.getTime() - notBefore.getTime())) / DateTimeConstants.MILLIS_PER_DAY));
                adminCertDO.setEffectiveTime(new Timestamp(notBefore.getTime()));
                adminCertDO.setFailureTime(new Timestamp(notAfter.getTime()));
                adminCertDO.setGmtCreate(new Timestamp(System.currentTimeMillis()));
                adminCertDO.setGmtUpdate(new Timestamp(System.currentTimeMillis()));
                AdminCertDO insertAdminCert = this.adminCertDao.insertAdminCert(adminCertDO);
                AdminCertDO adminCertDO2 = new AdminCertDO();
                adminCertDO2.setCardNo(str);
                adminCertDO2.setAdminType(Integer.valueOf(i));
                adminCertDO2.setCaCertId(newCaCertInfo.getId());
                adminCertDO2.setCertInfo(str3);
                adminCertDO2.setPairCertIndex(Long.valueOf(nanoTime));
                adminCertDO2.setCertType(3);
                adminCertDO2.setRoleInfo(str4);
                X509Certificate certFromStr2 = CertUtils.getCertFromStr(str3);
                if (certFromStr2 == null) {
                    this.logger.info("CA返回的管理员证书信息中，加密证书错误");
                    result.setError(ErrorEnum.CA_RESPONSE_USER_ENC_CERT_ERROR);
                    return result;
                }
                adminCertDO2.setCertSn(certFromStr2.getSerialNumber().toString(16).toLowerCase());
                adminCertDO2.setCertDn(CertUtils.getSubjectByX509Cert(certFromStr2));
                adminCertDO2.setSignAlg(certFromStr2.getSigAlgName());
                adminCertDO2.setCertStatus(Integer.valueOf(i2));
                adminCertDO2.setPrivateKeyLength(Integer.valueOf(publicKeyLength));
                adminCertDO2.setPublicKeyAlg(keyAlg);
                adminCertDO2.setCertValidity(Integer.valueOf(((int) (notAfter.getTime() - notBefore.getTime())) / DateTimeConstants.MILLIS_PER_DAY));
                adminCertDO2.setEffectiveTime(new Timestamp(notBefore.getTime()));
                adminCertDO2.setFailureTime(new Timestamp(notAfter.getTime()));
                adminCertDO2.setGmtCreate(new Timestamp(System.currentTimeMillis()));
                adminCertDO2.setGmtUpdate(new Timestamp(System.currentTimeMillis()));
                this.adminCertDao.insertAdminCert(adminCertDO2);
                this.adminRoleDao.insertAdminRole(new AdminRoleDO(insertAdminCert.getId(), Long.valueOf(i), new Timestamp(System.currentTimeMillis()), new Timestamp(System.currentTimeMillis())));
                return result;
            } catch (Exception e) {
                this.logger.error("获取证书密钥算法异常", (Throwable) e);
                result.setError(ErrorEnum.GET_CERT_ALG_NAME_LENGTH_EXCEPTION);
                return result;
            }
        } catch (Exception e2) {
            this.logger.error("获取证书公钥长度异常", (Throwable) e2);
            result.setError(ErrorEnum.GET_CERT_PUBLIC_KEY_LENGTH_EXCEPTION);
            return result;
        }
    }
}
