package com.xdja.pki.ca.certmanager.web.racert;

import com.mysql.jdbc.MysqlErrorNumbers;
import com.xdja.pki.ca.auth.annotation.AuditSign;
import com.xdja.pki.ca.auth.service.bean.AuditSignBean;
import com.xdja.pki.ca.certcrl.service.impl.CrlService;
import com.xdja.pki.ca.certmanager.service.kms.KmsService;
import com.xdja.pki.ca.certmanager.service.racert.OpenApiCMPManagerService;
import com.xdja.pki.ca.certmanager.service.racert.OpenApiCMPService;
import com.xdja.pki.ca.certmanager.service.racert.RaManagerCertService;
import com.xdja.pki.ca.certmanager.service.racert.bean.CertDetailQueryVO;
import com.xdja.pki.ca.certmanager.service.racert.bean.CertFileInfo;
import com.xdja.pki.ca.certmanager.service.racert.bean.DownloadCertVO;
import com.xdja.pki.ca.certmanager.service.racert.bean.FreezeCertVO;
import com.xdja.pki.ca.certmanager.service.racert.bean.IssueRaCertVO;
import com.xdja.pki.ca.certmanager.service.racert.bean.RACertQueryVO;
import com.xdja.pki.ca.certmanager.service.racert.bean.RevokeCertVO;
import com.xdja.pki.ca.certmanager.service.racert.bean.UsbKeyAckVO;
import com.xdja.pki.ca.certmanager.service.task.TaskDataService;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.common.ConfigUtil;
import com.xdja.pki.ca.core.common.ErrorBean;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.enums.CertStatusEnum;
import com.xdja.pki.ca.core.enums.KeyAlgEnum;
import com.xdja.pki.ca.core.exception.KMCException;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.core.util.SpringUtils;
import com.xdja.pki.ca.securityaudit.service.bean.AuditLogOperatorTypeEnum;
import com.xdja.pki.ca.securityaudit.service.bean.AuditLogResultEnum;
import com.xdja.pki.ca.securityaudit.service.log.AuditLogService;
import com.xdja.pki.ca.securitymanager.service.init.InitService;
import com.xdja.pki.ca.securitymanager.service.vo.AlgTypeEnum;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.gmssl.core.utils.GMSSLRSAUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRSAKeyUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2KeyUtils;
import com.xdja.pki.gmssl.utils.bc.X509CertUtils;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.util.Calendar;
import java.util.Date;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletResponse;
import javax.validation.Valid;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.crmf.CertTemplateBuilder;
import org.bouncycastle.asn1.crmf.OptionalValidity;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.Time;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpHeaders;
import org.springframework.validation.BindingResult;
import org.springframework.validation.FieldError;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RestController
/* loaded from: input_file:WEB-INF/lib/ca-web-certmanager-0.0.1-SNAPSHOT.jar:com/xdja/pki/ca/certmanager/web/racert/RaCertController.class */
public class RaCertController {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private RaManagerCertService raManagerCertService;

    @Autowired
    private OpenApiCMPService openApiCMPService;

    @Autowired
    private OpenApiCMPManagerService openApiCMPManagerService;

    @Autowired
    private CrlService crlService;

    @Autowired
    private TaskDataService taskDataService;

    @Autowired
    private AuditLogService auditLogService;

    @Autowired
    private InitService initService;

    @Autowired
    private Environment env;

    @RequestMapping(value = {"/v1/ra/cert/manager"}, method = {RequestMethod.POST})
    @AuditSign
    public Object issueRaAdminCert(HttpServletResponse httpServletResponse, @RequestBody IssueRaCertVO issueRaCertVO, AuditSignBean auditSignBean) {
        int i;
        this.logger.info("收到RA管理员签发请求[{}]", issueRaCertVO);
        if (null == issueRaCertVO.getId() || StringUtils.isBlank(issueRaCertVO.getCertDn()) || StringUtils.isBlank(issueRaCertVO.getSubjectPublicKeyInfo()) || null == issueRaCertVO.getCertType() || StringUtils.isBlank(issueRaCertVO.getP10()) || null == issueRaCertVO.getValidity() || null == issueRaCertVO) {
            this.logger.debug("签发RA管理员证书失败,出现空参数[{}]", issueRaCertVO);
            return ErrorEnum.MISSING_REQUIRED_PARAMETERS.resp(httpServletResponse);
        }
        try {
            Result doIssueRaManagerCert = this.raManagerCertService.doIssueRaManagerCert(issueRaCertVO);
            this.logger.info("RA管理员签发请求处理完成[{}]", doIssueRaManagerCert);
            StringBuffer stringBuffer = new StringBuffer();
            if (doIssueRaManagerCert.isSuccess()) {
                i = AuditLogResultEnum.SUCCESS.id;
                stringBuffer.append("RA管理员签发证书成功,证书DN=").append(issueRaCertVO.getCertDn()).append(",证书SN=").append(doIssueRaManagerCert.getAuditContent());
            } else {
                i = AuditLogResultEnum.FAIL.id;
                stringBuffer.append("RA管理员签发证书失败,证书DN=").append(issueRaCertVO.getCertDn()).append(",证书SN=").append(doIssueRaManagerCert.getAuditContent());
            }
            this.logger.info(stringBuffer.toString());
            try {
                if (!this.auditLogService.save(AuditLogOperatorTypeEnum.CERT_SIGN.type, stringBuffer.toString(), i, auditSignBean.getSign())) {
                    this.logger.error("记录RA管理员签发证书审计日志失败");
                }
            } catch (Exception e) {
                this.logger.error("记录RA管理员签发证书审计日志失败", (Throwable) e);
            }
            return doIssueRaManagerCert.isSuccess() ? doIssueRaManagerCert.getInfo() : doIssueRaManagerCert.getError().resp(httpServletResponse);
        } catch (Exception e2) {
            this.logger.error("签发RA管理员证书失败", (Throwable) e2);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/ra/cert/manager"}, method = {RequestMethod.PUT})
    @AuditSign
    public Object updateRaAdminCert(HttpServletResponse httpServletResponse, @RequestBody IssueRaCertVO issueRaCertVO, AuditSignBean auditSignBean) {
        int i;
        this.logger.info("收到RA管理员证书更新请求[{}]", issueRaCertVO);
        if (StringUtils.isBlank(issueRaCertVO.getSn()) || (issueRaCertVO.isDnUpdate() && StringUtils.isBlank(issueRaCertVO.getCertDn()))) {
            this.logger.debug("RA管理员证书更新请求出现空参数[{}]", issueRaCertVO);
            return ErrorEnum.MISSING_REQUIRED_PARAMETERS.resp(httpServletResponse);
        }
        try {
            Result doUpdateRaManagerCert = this.raManagerCertService.doUpdateRaManagerCert(issueRaCertVO, null, null);
            this.logger.info("RA管理员证书更新请求处理完成，Result[{}]", doUpdateRaManagerCert);
            StringBuffer stringBuffer = new StringBuffer();
            if (doUpdateRaManagerCert.isSuccess()) {
                i = AuditLogResultEnum.SUCCESS.id;
                stringBuffer.append("RA管理员更新证书成功,旧证书DN=").append(doUpdateRaManagerCert.getAuditContent()).append(",旧证书SN=").append(issueRaCertVO.getSn());
            } else {
                i = AuditLogResultEnum.FAIL.id;
                stringBuffer.append("RA管理员更新证书失败,旧证书DN=").append(doUpdateRaManagerCert.getAuditContent()).append(",旧证书SN=").append(issueRaCertVO.getSn());
            }
            this.logger.info(stringBuffer.toString());
            try {
                if (!this.auditLogService.save(AuditLogOperatorTypeEnum.CERT_UPDATE.type, stringBuffer.toString(), i, auditSignBean.getSign())) {
                    this.logger.error("记录RA管理员更新证书审计日志失败");
                }
            } catch (Exception e) {
                this.logger.error("记录RA管理员更新证书审计日志失败", (Throwable) e);
            }
            return doUpdateRaManagerCert.isSuccess() ? doUpdateRaManagerCert.getInfo() : doUpdateRaManagerCert.getError().resp(httpServletResponse);
        } catch (Exception e2) {
            this.logger.error("签发RA管理员证书失败", (Throwable) e2);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/ra/cert/manager"}, method = {RequestMethod.DELETE})
    @AuditSign
    public Object deleteRaAdminCert(HttpServletResponse httpServletResponse, @RequestBody RevokeCertVO revokeCertVO, AuditSignBean auditSignBean) {
        int i;
        this.logger.info("收到管理类证书撤销请求[{}]", revokeCertVO);
        if (StringUtils.isBlank(revokeCertVO.getSn()) || null == revokeCertVO.getRevokeReason()) {
            this.logger.debug("撤销证书出现非法参数[{}]", revokeCertVO);
            return ErrorEnum.MISSING_REQUIRED_PARAMETERS.resp(httpServletResponse);
        }
        revokeCertVO.setAlg(Integer.valueOf(null == revokeCertVO.getAlg() ? AlgTypeEnum.SM2.value : revokeCertVO.getAlg().intValue()));
        try {
            Result deleteRaManagerCert = this.raManagerCertService.deleteRaManagerCert(revokeCertVO);
            StringBuffer stringBuffer = new StringBuffer();
            if (deleteRaManagerCert.isSuccess()) {
                i = AuditLogResultEnum.SUCCESS.id;
                stringBuffer.append("撤销RA管理员证书成功,证书DN=").append(deleteRaManagerCert.getAuditContent()).append(",证书SN=").append(revokeCertVO.getSn());
            } else {
                i = AuditLogResultEnum.FAIL.id;
                stringBuffer.append("撤销管理员证书失败,证书DN=").append(deleteRaManagerCert.getAuditContent()).append(",证书SN=").append(revokeCertVO.getSn());
            }
            this.logger.info(stringBuffer.toString());
            try {
                if (!this.auditLogService.save(AuditLogOperatorTypeEnum.CERT_REVOKED.type, stringBuffer.toString(), i, auditSignBean.getSign())) {
                    this.logger.error("记录撤销RA管理员审计日志失败");
                }
            } catch (Exception e) {
                this.logger.error("记录撤销RA管理员审计日志失败", (Throwable) e);
            }
            this.logger.info("管理类证书撤销处理完成[{}]", revokeCertVO);
            return deleteRaManagerCert.isSuccess() ? deleteRaManagerCert.getInfo() : deleteRaManagerCert.getError().resp(httpServletResponse);
        } catch (Exception e2) {
            this.logger.error("撤销管理类证书失败", (Throwable) e2);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/ra/cert/server"}, method = {RequestMethod.POST})
    @AuditSign
    public Object issueRaServerCert(HttpServletResponse httpServletResponse, @RequestBody IssueRaCertVO issueRaCertVO, AuditSignBean auditSignBean) {
        int i;
        this.logger.info("收到RA服务器证书签发请求[{}]", issueRaCertVO);
        if (null == issueRaCertVO.getId() || StringUtils.isBlank(issueRaCertVO.getCertDn()) || StringUtils.isBlank(issueRaCertVO.getSubjectPublicKeyInfo()) || StringUtils.isBlank(issueRaCertVO.getP10()) || null == issueRaCertVO.getValidity() || null == issueRaCertVO || null == issueRaCertVO.getSubjectAlternativeName()) {
            this.logger.debug("签发RA服务器证书失败[{}]", issueRaCertVO);
            return ErrorEnum.MISSING_REQUIRED_PARAMETERS.resp(httpServletResponse);
        }
        try {
            Result doIssueRaServerCert = this.raManagerCertService.doIssueRaServerCert(issueRaCertVO);
            this.logger.info("RA服务器证书签发请求处理完成[{}]", doIssueRaServerCert);
            StringBuffer stringBuffer = new StringBuffer();
            if (doIssueRaServerCert.isSuccess()) {
                i = AuditLogResultEnum.SUCCESS.id;
                stringBuffer.append("签发RA服务器证书成功,证书DN=").append(issueRaCertVO.getCertDn()).append(",证书SN=").append(doIssueRaServerCert.getAuditContent());
            } else {
                i = AuditLogResultEnum.FAIL.id;
                stringBuffer.append("签发RA服务器证书失败,证书DN=").append(issueRaCertVO.getCertDn()).append(",证书SN=").append(doIssueRaServerCert.getAuditContent());
            }
            this.logger.info(stringBuffer.toString());
            try {
                if (!this.auditLogService.save(AuditLogOperatorTypeEnum.CERT_SIGN.type, stringBuffer.toString(), i, auditSignBean.getSign())) {
                    this.logger.error("记录签发RA服务器证书审计日志失败");
                }
            } catch (Exception e) {
                this.logger.error("记录签发RA服务器证书审计日志失败", (Throwable) e);
            }
            return doIssueRaServerCert.isSuccess() ? doIssueRaServerCert.getInfo() : doIssueRaServerCert.getError().resp(httpServletResponse);
        } catch (Exception e2) {
            this.logger.error("签发RA管理员证书失败", (Throwable) e2);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/ra/cert/status/ack"}, method = {RequestMethod.POST})
    @AuditSign
    public Object verifyPriCertStatus(HttpServletResponse httpServletResponse, @RequestBody UsbKeyAckVO usbKeyAckVO, AuditSignBean auditSignBean, @RequestParam(value = "flag", required = false) String str) {
        int i;
        this.logger.debug("收到管理员证书签发写卡确认消息[{}]", usbKeyAckVO);
        if (StringUtils.isBlank(usbKeyAckVO.getEncCert()) || StringUtils.isBlank(usbKeyAckVO.getSignSn())) {
            this.logger.debug("管理员证书确认出现空参数[{}]", usbKeyAckVO);
            return ErrorEnum.MISSING_REQUIRED_PARAMETERS.resp(httpServletResponse);
        }
        try {
            try {
                Result doVerifyPriCertStatus = this.raManagerCertService.doVerifyPriCertStatus(usbKeyAckVO.getSignSn(), CertUtil.getSNByCertStr(usbKeyAckVO.getEncCert()));
                this.logger.debug("管理员证书签发写卡确认消息处理完成[{}]", doVerifyPriCertStatus);
                StringBuffer stringBuffer = new StringBuffer();
                String subjectByCertStr = CertUtil.getSubjectByCertStr(usbKeyAckVO.getEncCert());
                if (doVerifyPriCertStatus.isSuccess()) {
                    i = AuditLogResultEnum.SUCCESS.id;
                    stringBuffer.append("管理员证书写卡成功状态上报成功,证书DN=").append(subjectByCertStr).append(",证书SN=").append(usbKeyAckVO.getSignSn());
                } else {
                    i = AuditLogResultEnum.FAIL.id;
                    stringBuffer.append("管理员证书写卡成功状态上报失败,证书DN=").append(subjectByCertStr).append(",证书SN=").append(usbKeyAckVO.getSignSn());
                }
                this.logger.info(stringBuffer.toString());
                try {
                    if (!this.auditLogService.save(AuditLogOperatorTypeEnum.CERT_SIGN.type, stringBuffer.toString(), i, auditSignBean.getSign())) {
                        this.logger.error("记录管理员证书写卡成功状态上报审计日志失败");
                    }
                } catch (Exception e) {
                    this.logger.error("记录管理员证书写卡成功状态上报审计日志失败", (Throwable) e);
                }
                if (!doVerifyPriCertStatus.isSuccess()) {
                    return doVerifyPriCertStatus.getError().resp(httpServletResponse);
                }
                if (str == null) {
                    return null;
                }
                SecurityUtils.getSubject().logout();
                return null;
            } catch (Exception e2) {
                this.logger.error("管理员证书签发状态确认失败", (Throwable) e2);
                return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
            }
        } catch (Exception e3) {
            this.logger.debug("管理员加密证书格式错误[{}]", usbKeyAckVO);
            return ErrorEnum.CERT_FORMAT_ERROE.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/init/cert/status/ack"}, method = {RequestMethod.POST})
    public Object verifyInitPriCertStatus(HttpServletResponse httpServletResponse, @RequestBody UsbKeyAckVO usbKeyAckVO) {
        this.logger.debug("收到管理员证书签发写卡确认消息[{}]", usbKeyAckVO);
        if (StringUtils.isBlank(usbKeyAckVO.getEncCert()) || StringUtils.isBlank(usbKeyAckVO.getSignSn())) {
            this.logger.debug("管理员证书确认出现空参数[{}]", usbKeyAckVO);
            return ErrorEnum.MISSING_REQUIRED_PARAMETERS.resp(httpServletResponse);
        }
        try {
            try {
                Result doVerifyPriCertStatus = this.raManagerCertService.doVerifyPriCertStatus(usbKeyAckVO.getSignSn(), CertUtil.getSNByCertStr(usbKeyAckVO.getEncCert()));
                this.logger.debug("管理员证书签发写卡确认消息处理完成[{}]", doVerifyPriCertStatus);
                if (doVerifyPriCertStatus.isSuccess()) {
                    return null;
                }
                return doVerifyPriCertStatus.getError().resp(httpServletResponse);
            } catch (Exception e) {
                this.logger.error("管理员证书签发状态确认失败", (Throwable) e);
                return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
            }
        } catch (Exception e2) {
            this.logger.error("管理员加密证书格式错误[{}]", usbKeyAckVO);
            return ErrorEnum.CERT_FORMAT_ERROE.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/ra/cert/fail/status/ack"}, method = {RequestMethod.POST})
    @AuditSign
    public Object verifyPriCertFailStatus(HttpServletResponse httpServletResponse, @RequestBody UsbKeyAckVO usbKeyAckVO, AuditSignBean auditSignBean) {
        int i;
        this.logger.info("收到管理员证书写卡失败确认消息[{}]", usbKeyAckVO);
        if (StringUtils.isBlank(usbKeyAckVO.getSignSn())) {
            this.logger.debug("管理员证书写卡失败确认消息[{}]", usbKeyAckVO);
            return ErrorEnum.MISSING_REQUIRED_PARAMETERS.resp(httpServletResponse);
        }
        RevokeCertVO revokeCertVO = new RevokeCertVO(usbKeyAckVO.getSignSn(), Integer.valueOf(null == usbKeyAckVO.getAlg() ? AlgTypeEnum.SM2.value : usbKeyAckVO.getAlg().intValue()), 0);
        revokeCertVO.setRevokeNote("证书写卡失败");
        try {
            Result deleteNotAckManagerCert = this.raManagerCertService.deleteNotAckManagerCert(revokeCertVO);
            this.logger.info("管理员证书写卡失败确认消息处理完成[{}]", revokeCertVO);
            StringBuffer stringBuffer = new StringBuffer();
            if (deleteNotAckManagerCert.isSuccess()) {
                i = AuditLogResultEnum.SUCCESS.id;
                stringBuffer.append("管理员证书写卡失败状态上报成功,证书DN=").append(deleteNotAckManagerCert.getAuditContent()).append(",证书SN=").append(usbKeyAckVO.getSignSn());
            } else {
                i = AuditLogResultEnum.FAIL.id;
                stringBuffer.append("管理员证书写卡失败状态上报失败,证书DN=").append(deleteNotAckManagerCert.getAuditContent()).append(",证书SN=").append(usbKeyAckVO.getSignSn());
            }
            this.logger.info(stringBuffer.toString());
            try {
                if (!this.auditLogService.save(AuditLogOperatorTypeEnum.CERT_SIGN.type, stringBuffer.toString(), i, auditSignBean.getSign())) {
                    this.logger.error("记录管理员证书写卡失败状态上报审计日志失败");
                }
            } catch (Exception e) {
                this.logger.error("记录管理员证书写卡失败状态上报审计日志失败", (Throwable) e);
            }
            return deleteNotAckManagerCert.isSuccess() ? deleteNotAckManagerCert.getInfo() : deleteNotAckManagerCert.getError().resp(httpServletResponse);
        } catch (Exception e2) {
            this.logger.error("管理员证书写卡失败确认消息处理失败", (Throwable) e2);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/init/cert/fail/status/ack"}, method = {RequestMethod.POST})
    public Object verifyInitPriCertFailStatus(HttpServletResponse httpServletResponse, @RequestBody UsbKeyAckVO usbKeyAckVO) {
        this.logger.info("收到管理员证书写卡失败确认消息[{}]", usbKeyAckVO);
        if (StringUtils.isBlank(usbKeyAckVO.getSignSn())) {
            this.logger.debug("管理员证书写卡失败确认消息[{}]", usbKeyAckVO);
            return ErrorEnum.MISSING_REQUIRED_PARAMETERS.resp(httpServletResponse);
        }
        RevokeCertVO revokeCertVO = new RevokeCertVO(usbKeyAckVO.getSignSn(), Integer.valueOf(null == usbKeyAckVO.getAlg() ? AlgTypeEnum.SM2.value : usbKeyAckVO.getAlg().intValue()), 0);
        try {
            Result deleteNotAckManagerCert = this.raManagerCertService.deleteNotAckManagerCert(revokeCertVO);
            this.logger.info("管理员证书写卡失败确认消息处理完成[{}]", revokeCertVO);
            return deleteNotAckManagerCert.isSuccess() ? deleteNotAckManagerCert.getInfo() : deleteNotAckManagerCert.getError().resp(httpServletResponse);
        } catch (Exception e) {
            this.logger.error("管理员证书写卡失败确认消息处理失败", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/cert/update/algInfo/{signSn}/{alg}"}, method = {RequestMethod.GET})
    public Object getCertUpdateBaseInfo(HttpServletResponse httpServletResponse, @PathVariable String str, @PathVariable String str2) {
        try {
            Result certUpdateBaseInfo = this.raManagerCertService.getCertUpdateBaseInfo(str, str2);
            return certUpdateBaseInfo.isSuccess() ? certUpdateBaseInfo.getInfo() : certUpdateBaseInfo.getError().resp(httpServletResponse);
        } catch (Exception e) {
            this.logger.error("获取证书更新时基本信息失败", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/ra/cert/cmp/test"}, method = {RequestMethod.POST})
    public Object cmpTestIssu(HttpServletResponse httpServletResponse) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, IOException {
        KeyPair generateRSAKeyPair = GMSSLRSAUtils.generateRSAKeyPair(2048);
        generateRSAKeyPair.getPrivate();
        PublicKey publicKey = generateRSAKeyPair.getPublic();
        X500Name x500Name = new X500Name("CN=sushi,O=xdja,C=cn");
        ASN1ObjectIdentifier branch = new ASN1ObjectIdentifier("1.2.156.10197.1").branch("501");
        CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
        certTemplateBuilder.setVersion(1);
        Date date = new Date();
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(5, MysqlErrorNumbers.ER_INVALID_GROUP_FUNC_USE);
        Date time = calendar.getTime();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new DERTaggedObject(true, 0, new Time(date)));
        aSN1EncodableVector.add(new DERTaggedObject(true, 1, new Time(time)));
        OptionalValidity optionalValidity = OptionalValidity.getInstance(new DERSequence(aSN1EncodableVector));
        certTemplateBuilder.setSigningAlg(new AlgorithmIdentifier(branch));
        certTemplateBuilder.setValidity(optionalValidity);
        certTemplateBuilder.setSubject(new X500Name("CN=syg111,CN=xdja,C=cn"));
        certTemplateBuilder.setPublicKey(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
        Result doIssueUserDoubleCert = this.openApiCMPService.doIssueUserDoubleCert(publicKey, x500Name, "0001", null, certTemplateBuilder.build(), 3L, "1111");
        return doIssueUserDoubleCert.isSuccess() ? doIssueUserDoubleCert.getInfo() : doIssueUserDoubleCert.getError().resp(httpServletResponse);
    }

    @RequestMapping(value = {"/v1/km/pwd/revoke/{encSn}/{alg}"}, method = {RequestMethod.GET})
    public Object testKmRevoke(HttpServletResponse httpServletResponse, @PathVariable String str, @PathVariable Integer num) {
        try {
            ((KmsService) SpringUtils.getBean("kmsXdjaHttpService")).revokeEncKey(this.initService.getCaInfo(num), new BigInteger(str, 16));
            return null;
        } catch (Exception e) {
            this.logger.error("获取证书更新时基本信息失败", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/km/pwd/resore/{encSn}/{alg}"}, method = {RequestMethod.GET})
    public Object testKmRestore(HttpServletResponse httpServletResponse, @PathVariable String str, @PathVariable Integer num) {
        try {
            CaInfoVO caInfo = this.initService.getCaInfo(num);
            ((KmsService) SpringUtils.getBean("kmsXdjaHttpService")).restoreEncKey(caInfo, new BigInteger(str, 16), GMSSLRSAKeyUtils.generateKeyPairByBC(2048).getPublic());
            return null;
        } catch (Exception e) {
            this.logger.error("获取证书更新时基本信息失败", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/ra/cert/manager/cmp/test"}, method = {RequestMethod.POST})
    public Object cmpTestIssuManager(HttpServletResponse httpServletResponse) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, IOException {
        PublicKey publicKey = GMSSLRSAKeyUtils.generateKeyPairByBC(2048).getPublic();
        Result doIssueManagerCert = this.openApiCMPManagerService.doIssueManagerCert(publicKey, publicKey, new X500Name("CN=sushi,O=xdja,C=CN"), "", "", null, 1L, "111");
        return doIssueManagerCert.isSuccess() ? doIssueManagerCert.getInfo() : doIssueManagerCert.getError().resp(httpServletResponse);
    }

    @RequestMapping(value = {"/v1/ra/manager/cert/cmp/test/ack"}, method = {RequestMethod.POST})
    public Object cmpTesManagertAck(HttpServletResponse httpServletResponse) {
        this.openApiCMPManagerService.doAckManagerCertStatus("1111");
        return null;
    }

    @RequestMapping(value = {"/v1/ra/cert/manager/cmp/test/revoke"}, method = {RequestMethod.POST})
    public Object cmpTestManagerRevoke(HttpServletResponse httpServletResponse, @RequestParam("signSn") String str) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException {
        KeyPair generateSM2KeyPairByBC = GMSSLSM2KeyUtils.generateSM2KeyPairByBC();
        generateSM2KeyPairByBC.getPrivate();
        generateSM2KeyPairByBC.getPublic();
        this.openApiCMPManagerService.doRevokeManagerCert(str, 2, 1, "不想玩了");
        return null;
    }

    @RequestMapping(value = {"/v1/ra/cert/cmp/test/revoke"}, method = {RequestMethod.POST})
    public Object cmpTestRevoke(HttpServletResponse httpServletResponse, @RequestParam("signSn") String str) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException {
        KeyPair generateSM2KeyPairByBC = GMSSLSM2KeyUtils.generateSM2KeyPairByBC();
        generateSM2KeyPairByBC.getPrivate();
        generateSM2KeyPairByBC.getPublic();
        return null;
    }

    @RequestMapping(value = {"/v1/ra/cert/cmp/test/update"}, method = {RequestMethod.POST})
    public Object cmpTestUpdate(HttpServletResponse httpServletResponse, @RequestParam("signSn") String str) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, IOException {
        KeyPair generateSM2KeyPairByBC = GMSSLSM2KeyUtils.generateSM2KeyPairByBC();
        generateSM2KeyPairByBC.getPrivate();
        generateSM2KeyPairByBC.getPublic();
        new X500Name("CN=sushi,O=公安部,C=CN");
        new Date();
        return null;
    }

    @RequestMapping(value = {"/v1/ra/cert/manager/cmp/test/update"}, method = {RequestMethod.POST})
    public Object cmpTestManagerUpdate(HttpServletResponse httpServletResponse, @RequestParam("signSn") String str) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, IOException {
        KeyPair generateKeyPairByBC = GMSSLRSAKeyUtils.generateKeyPairByBC(2048);
        generateKeyPairByBC.getPrivate();
        PublicKey publicKey = generateKeyPairByBC.getPublic();
        X500Name x500Name = new X500Name("CN=sushi,OU=xdja,C=CN");
        new Date();
        Result doUpdateManagerCert = this.openApiCMPManagerService.doUpdateManagerCert(str, 2, null, publicKey, publicKey, x500Name, 1L, "111");
        return doUpdateManagerCert.isSuccess() ? doUpdateManagerCert.getInfo() : doUpdateManagerCert.getError().resp(httpServletResponse);
    }

    @RequestMapping(value = {"/v1/ra/cert/cmp/test/server"}, method = {RequestMethod.POST})
    public Object cmpTestServer(HttpServletResponse httpServletResponse, @RequestParam("signSn") String str) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, IOException {
        KeyPair generateSM2KeyPairByBC = GMSSLSM2KeyUtils.generateSM2KeyPairByBC();
        generateSM2KeyPairByBC.getPrivate();
        generateSM2KeyPairByBC.getPublic();
        new X500Name("CN=sushi,O=公安部,C=CN");
        this.openApiCMPService.getServerCertInfoBySignSn(str, null);
        return null;
    }

    @RequestMapping(value = {"/v1/ra/cert/cmp/test/ack"}, method = {RequestMethod.POST})
    public Object cmpTestAck(HttpServletResponse httpServletResponse, @RequestParam("signSn") String str, @RequestParam("encSn") String str2) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, IOException {
        KeyPair generateSM2KeyPairByBC = GMSSLSM2KeyUtils.generateSM2KeyPairByBC();
        generateSM2KeyPairByBC.getPrivate();
        generateSM2KeyPairByBC.getPublic();
        new X500Name("CN=sushi,O=公安部,C=CN");
        this.openApiCMPService.doAckCertIssueStatus("1111");
        return null;
    }

    @RequestMapping(value = {"/ca/crl"}, method = {RequestMethod.POST})
    public Object caCrlTest(HttpServletResponse httpServletResponse) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, IOException {
        KeyPair generateSM2KeyPairByBC = GMSSLSM2KeyUtils.generateSM2KeyPairByBC();
        generateSM2KeyPairByBC.getPrivate();
        generateSM2KeyPairByBC.getPublic();
        new X500Name("CN=sushi,O=公安部,C=CN");
        this.crlService.doIssueCrl(new Date(), 2, false);
        return null;
    }

    @RequestMapping(value = {"/ca/drl"}, method = {RequestMethod.POST})
    public Object caDrlTest(HttpServletResponse httpServletResponse) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, KMCException {
        KeyPair generateSM2KeyPairByBC = GMSSLSM2KeyUtils.generateSM2KeyPairByBC();
        generateSM2KeyPairByBC.getPrivate();
        generateSM2KeyPairByBC.getPublic();
        new X500Name("CN=sushi,O=公安部,C=CN");
        this.crlService.doIssueCrl(new Date(), 2, true);
        return null;
    }

    @RequestMapping(value = {"/ca/kms/apply"}, method = {RequestMethod.POST})
    public Object caKmsApply(HttpServletResponse httpServletResponse) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, KMCException {
        KeyPair generateSM2KeyPairByBC = GMSSLSM2KeyUtils.generateSM2KeyPairByBC();
        generateSM2KeyPairByBC.getPrivate();
        PublicKey publicKey = generateSM2KeyPairByBC.getPublic();
        X500Name x500Name = new X500Name("CN=sushi,O=公安部,C=CN");
        Date date = new Date();
        BigInteger valueOf = BigInteger.valueOf(10L);
        KmsService kmsService = null;
        int kmSystemType = ConfigUtil.getConfigInfo(this.env).getKmSystemType();
        if (kmSystemType == 1) {
            kmsService = (KmsService) SpringUtils.getBean("kmsSansecService");
        } else if (kmSystemType == 2) {
            kmsService = (KmsService) SpringUtils.getBean("kmsXdjaHttpService");
        }
        kmsService.applyEncKey(null, valueOf, publicKey, date, date, x500Name.toString(), "", "", 256, "", "");
        return null;
    }

    @RequestMapping(value = {"/cmp/ra"}, method = {RequestMethod.POST})
    public Object cmpRa(HttpServletResponse httpServletResponse, @RequestParam("signSn") String str) {
        this.openApiCMPService.getServerCertInfoBySignSn(str, 2);
        return null;
    }

    @RequestMapping(value = {"/v1/ra/cert/publish"}, method = {RequestMethod.POST})
    public Object cmpCertpublish(HttpServletResponse httpServletResponse, @RequestParam("signId") Long l, @RequestParam("encId") Long l2, @RequestParam("type") Integer num) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, IOException {
        this.taskDataService.savePublishCert(l, l2, num);
        this.taskDataService.saveSyncStatusCert(l, l2, num, Integer.valueOf(CertStatusEnum.REVOKE.value), 1, new Date());
        return null;
    }

    @RequestMapping(value = {"/ca/kms/revoke"}, method = {RequestMethod.POST})
    public Object caKmsRevoke(HttpServletResponse httpServletResponse) throws Exception {
        KeyPair generateSM2KeyPairByBC = GMSSLSM2KeyUtils.generateSM2KeyPairByBC();
        generateSM2KeyPairByBC.getPrivate();
        generateSM2KeyPairByBC.getPublic();
        new X500Name("CN=sushi,O=公安部,C=CN");
        new Date();
        CaInfoVO caInfo = this.initService.getCaInfo(2);
        BigInteger valueOf = BigInteger.valueOf(1L);
        KmsService kmsService = null;
        int kmSystemType = ConfigUtil.getConfigInfo(this.env).getKmSystemType();
        if (kmSystemType == 1) {
            kmsService = (KmsService) SpringUtils.getBean("kmsSansecService");
        } else if (kmSystemType == 2) {
            kmsService = (KmsService) SpringUtils.getBean("kmsXdjaHttpService");
        }
        kmsService.revokeEncKey(caInfo, valueOf);
        return null;
    }

    @RequestMapping(value = {"/ca/kms/restore"}, method = {RequestMethod.POST})
    public Object caKmsRestore(HttpServletResponse httpServletResponse) throws Exception {
        KeyPair generateSM2KeyPairByBC = GMSSLSM2KeyUtils.generateSM2KeyPairByBC();
        generateSM2KeyPairByBC.getPrivate();
        PublicKey publicKey = generateSM2KeyPairByBC.getPublic();
        new X500Name("CN=sushi,O=公安部,C=CN");
        new Date();
        BigInteger valueOf = BigInteger.valueOf(1L);
        CaInfoVO caInfo = this.initService.getCaInfo(2);
        KmsService kmsService = null;
        int kmSystemType = ConfigUtil.getConfigInfo(this.env).getKmSystemType();
        if (kmSystemType == 1) {
            kmsService = (KmsService) SpringUtils.getBean("kmsSansecService");
        } else if (kmSystemType == 2) {
            kmsService = (KmsService) SpringUtils.getBean("kmsXdjaHttpService");
        }
        kmsService.restoreEncKey(caInfo, valueOf, publicKey);
        return null;
    }

    @RequestMapping(value = {"/v1/cert/download"}, method = {RequestMethod.GET})
    @AuditSign
    public Object downloadCert(HttpServletResponse httpServletResponse, AuditSignBean auditSignBean, @Valid DownloadCertVO downloadCertVO, BindingResult bindingResult) {
        if (bindingResult.hasErrors()) {
            if (this.logger.isDebugEnabled()) {
                StringBuilder sb = new StringBuilder();
                for (FieldError fieldError : bindingResult.getFieldErrors()) {
                    sb.append(fieldError.getField()).append("=").append(fieldError.getDefaultMessage()).append(",");
                }
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("下载证书时请求参数非法，原因：[{}]", sb.substring(0, sb.length() - 1));
                }
            }
            return ErrorEnum.ILLEGAL_REQUEST_PARAMETER.resp(httpServletResponse);
        }
        OutputStream outputStream = null;
        try {
            try {
                Result downloadCert = this.raManagerCertService.downloadCert(downloadCertVO);
                if (!downloadCert.isSuccess()) {
                    saveDownloadCertAuditLog(downloadCert.getAuditContent(), auditSignBean.getSign(), false);
                    ErrorBean resp = downloadCert.getError().resp(httpServletResponse);
                    if (0 != 0) {
                        try {
                            outputStream.close();
                        } catch (IOException e) {
                            this.logger.error("下载文件时关闭流异常", (Throwable) e);
                        }
                    }
                    return resp;
                }
                CertFileInfo certFileInfo = (CertFileInfo) downloadCert.getInfo();
                httpServletResponse.setHeader(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=" + certFileInfo.getFileName());
                httpServletResponse.addHeader(HttpHeaders.CONTENT_LENGTH, String.valueOf(certFileInfo.getData().length));
                httpServletResponse.setContentType("application/octet-stream;charset=UTF-8");
                ServletOutputStream outputStream2 = httpServletResponse.getOutputStream();
                outputStream2.write(certFileInfo.getData());
                outputStream2.flush();
                this.logger.info(downloadCert.getAuditContent());
                saveDownloadCertAuditLog(downloadCert.getAuditContent(), auditSignBean.getSign(), true);
                if (null != outputStream2) {
                    try {
                        outputStream2.close();
                    } catch (IOException e2) {
                        this.logger.error("下载文件时关闭流异常", (Throwable) e2);
                    }
                }
                return null;
            } catch (Exception e3) {
                this.logger.error("下载证书失败", (Throwable) e3);
                ErrorBean resp2 = ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
                if (0 != 0) {
                    try {
                        outputStream.close();
                    } catch (IOException e4) {
                        this.logger.error("下载文件时关闭流异常", (Throwable) e4);
                    }
                }
                return resp2;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    outputStream.close();
                } catch (IOException e5) {
                    this.logger.error("下载文件时关闭流异常", (Throwable) e5);
                }
            }
            throw th;
        }
    }

    @RequestMapping(value = {"/v1/cert/root/sn"}, method = {RequestMethod.GET})
    public Object getRootCaCert(@RequestParam int i, HttpServletResponse httpServletResponse) {
        if (!KeyAlgEnum.contain(i)) {
            return ErrorEnum.ILLEGAL_REQUEST_PARAMETER.resp(httpServletResponse);
        }
        Result result = null;
        try {
            result = this.raManagerCertService.getRootCaCertSn(i);
        } catch (Exception e) {
            this.logger.error("获取根证书SN失败", (Throwable) e);
        }
        return result;
    }

    private void saveDownloadCertAuditLog(String str, String str2, boolean z) {
        try {
            if (!this.auditLogService.save(AuditLogOperatorTypeEnum.CERT_DOWNLOAD.type, str, z ? AuditLogResultEnum.SUCCESS.id : AuditLogResultEnum.FAIL.id, str2)) {
                this.logger.error("保存下载证书审计日志失败");
            }
        } catch (Exception e) {
            this.logger.error("保存下载证书审计日志失败", (Throwable) e);
        }
    }

    @RequestMapping(value = {"/v1/cert/detail"}, method = {RequestMethod.GET})
    public Object getCertDetail(CertDetailQueryVO certDetailQueryVO, HttpServletResponse httpServletResponse) {
        if (StringUtils.isBlank(certDetailQueryVO.getSn()) || null == certDetailQueryVO.getType()) {
            this.logger.debug("查询证书详情参数为空[{}]", certDetailQueryVO);
            return ErrorEnum.MISSING_REQUIRED_PARAMETERS.resp(httpServletResponse);
        }
        try {
            Result certDetail = this.raManagerCertService.getCertDetail(certDetailQueryVO.getSn(), certDetailQueryVO.getType());
            return !certDetail.isSuccess() ? certDetail.getError().resp(httpServletResponse) : certDetail.getInfo();
        } catch (ServiceException e) {
            this.logger.error("查询证书详情异常，", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/ra/cert/list"}, method = {RequestMethod.GET})
    public Object list(RACertQueryVO rACertQueryVO, HttpServletResponse httpServletResponse) {
        try {
            Result rACertList = this.raManagerCertService.getRACertList(rACertQueryVO);
            return !rACertList.isSuccess() ? rACertList.getError().resp(httpServletResponse) : rACertList.getInfo();
        } catch (ServiceException e) {
            this.logger.error("分页查询RA证书列表失败", (Throwable) e);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/cert/revoke"}, method = {RequestMethod.DELETE})
    @AuditSign
    public Object revokeCert(HttpServletResponse httpServletResponse, @RequestBody RevokeCertVO revokeCertVO, AuditSignBean auditSignBean) {
        int i;
        this.logger.info("收到证书撤销请求[{}]", revokeCertVO);
        if (StringUtils.isBlank(revokeCertVO.getSn()) || null == revokeCertVO.getRevokeReason() || null == revokeCertVO.getType()) {
            this.logger.debug("撤销证书出现非法参数[{}]", revokeCertVO);
            return ErrorEnum.MISSING_REQUIRED_PARAMETERS.resp(httpServletResponse);
        }
        try {
            Result doRevokeCert = this.raManagerCertService.doRevokeCert(revokeCertVO);
            StringBuffer stringBuffer = new StringBuffer();
            if (doRevokeCert.isSuccess()) {
                i = AuditLogResultEnum.SUCCESS.id;
                stringBuffer.append("证书撤销成功,证书DN=").append(doRevokeCert.getAuditContent()).append(",证书SN=").append(revokeCertVO.getSn()).append(",撤销原因=").append(revokeCertVO.getRevokeReason()).append(",撤销理由=").append(revokeCertVO.getRevokeNote()).append(",撤销证书类型=").append(revokeCertVO.getType());
            } else {
                i = AuditLogResultEnum.FAIL.id;
                stringBuffer.append("证书撤销失败,证书DN=").append(doRevokeCert.getAuditContent()).append(",证书SN=").append(revokeCertVO.getSn()).append(revokeCertVO.getRevokeReason()).append(",撤销理由=").append(revokeCertVO.getRevokeNote()).append(",撤销证书类型=").append(revokeCertVO.getType());
            }
            this.logger.info(stringBuffer.toString());
            try {
                if (!this.auditLogService.save(AuditLogOperatorTypeEnum.CERT_REVOKED.type, stringBuffer.toString(), i, auditSignBean.getSign())) {
                    this.logger.error("记录证书撤销审计日志失败");
                }
            } catch (Exception e) {
                this.logger.error("记录证书撤销审计日志失败", (Throwable) e);
            }
            return !doRevokeCert.isSuccess() ? doRevokeCert.getError().resp(httpServletResponse) : doRevokeCert.getInfo();
        } catch (Exception e2) {
            this.logger.error("撤销证书失败", (Throwable) e2);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/cert/freeze"}, method = {RequestMethod.DELETE})
    @AuditSign
    public Object freezeCert(HttpServletResponse httpServletResponse, @Valid @RequestBody FreezeCertVO freezeCertVO, AuditSignBean auditSignBean, BindingResult bindingResult) {
        int i;
        this.logger.info("收到证书冻结请求请求[{}]", freezeCertVO);
        if (bindingResult.hasErrors()) {
            return ErrorEnum.MISSING_REQUIRED_PARAMETERS.resp(httpServletResponse);
        }
        try {
            Result doFreezeCert = this.raManagerCertService.doFreezeCert(freezeCertVO);
            StringBuffer stringBuffer = new StringBuffer();
            if (doFreezeCert.isSuccess()) {
                i = AuditLogResultEnum.SUCCESS.id;
                stringBuffer.append("证书冻结成功,证书DN=").append(doFreezeCert.getAuditContent()).append(",证书SN=").append(freezeCertVO.getSn()).append(",冻结原因=").append(freezeCertVO.getFreezeNote());
            } else {
                i = AuditLogResultEnum.FAIL.id;
                stringBuffer.append("证书冻结失败,证书DN=").append(doFreezeCert.getAuditContent()).append(",证书SN=").append(freezeCertVO.getSn()).append(freezeCertVO.getFreezeNote());
            }
            this.logger.info(stringBuffer.toString());
            try {
                if (!this.auditLogService.save(AuditLogOperatorTypeEnum.CERT_REEZE.type, stringBuffer.toString(), i, auditSignBean.getSign())) {
                    this.logger.error("记录证书冻结审计日志失败");
                }
            } catch (Exception e) {
                this.logger.error("记录证书冻结审计日志失败", (Throwable) e);
            }
            return !doFreezeCert.isSuccess() ? doFreezeCert.getError().resp(httpServletResponse) : doFreezeCert.getInfo();
        } catch (Exception e2) {
            this.logger.error("冻结证书失败", (Throwable) e2);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/cert/unfreeze"}, method = {RequestMethod.DELETE})
    @AuditSign
    public Object unFreezeCert(HttpServletResponse httpServletResponse, @Valid @RequestBody FreezeCertVO freezeCertVO, AuditSignBean auditSignBean, BindingResult bindingResult) {
        int i;
        this.logger.info("收到证书解冻请求请求[{}]", freezeCertVO);
        if (bindingResult.hasErrors()) {
            return ErrorEnum.MISSING_REQUIRED_PARAMETERS.resp(httpServletResponse);
        }
        try {
            Result doUnFreezeCert = this.raManagerCertService.doUnFreezeCert(freezeCertVO);
            StringBuffer stringBuffer = new StringBuffer();
            if (doUnFreezeCert.isSuccess()) {
                i = AuditLogResultEnum.SUCCESS.id;
                stringBuffer.append("证书解冻成功,证书DN=").append(doUnFreezeCert.getAuditContent()).append(",证书SN=").append(freezeCertVO.getSn()).append(",解冻原因=").append(freezeCertVO.getFreezeNote()).append(",解冻理由=").append(freezeCertVO.getFreezeNote()).append(",解冻证书类型=").append(freezeCertVO.getType());
            } else {
                i = AuditLogResultEnum.FAIL.id;
                stringBuffer.append("证书解冻失败,证书DN=").append(doUnFreezeCert.getAuditContent()).append(",证书SN=").append(freezeCertVO.getSn()).append(freezeCertVO.getFreezeNote()).append(",解冻理由=").append(freezeCertVO.getFreezeNote()).append(",解冻证书类型=").append(freezeCertVO.getType());
            }
            this.logger.info(stringBuffer.toString());
            try {
                if (!this.auditLogService.save(AuditLogOperatorTypeEnum.CERT_UNFREEZE.type, stringBuffer.toString(), i, auditSignBean.getSign())) {
                    this.logger.error("记录证书解冻审计日志失败");
                }
            } catch (Exception e) {
                this.logger.error("记录证书解冻审计日志失败", (Throwable) e);
            }
            return !doUnFreezeCert.isSuccess() ? doUnFreezeCert.getError().resp(httpServletResponse) : doUnFreezeCert.getInfo();
        } catch (Exception e2) {
            this.logger.error("冻结证书失败", (Throwable) e2);
            return ErrorEnum.SERVER_INTERNAL_EXCEPTION.resp(httpServletResponse);
        }
    }

    @RequestMapping(value = {"/v1/ra/cert/cmp/test/recovery"}, method = {RequestMethod.POST})
    public Object cmpTestRecovery(HttpServletResponse httpServletResponse, @RequestParam("signSn") String str) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, IOException {
        KeyPair generateSM2KeyPair = X509CertUtils.generateSM2KeyPair();
        generateSM2KeyPair.getPrivate();
        PublicKey publicKey = generateSM2KeyPair.getPublic();
        X500Name x500Name = new X500Name("CN=syg,CN=AA,C=cn");
        new Date();
        ASN1ObjectIdentifier branch = new ASN1ObjectIdentifier("1.2.156.10197.1").branch("501");
        CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
        certTemplateBuilder.setVersion(1);
        Date date = new Date();
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(5, MysqlErrorNumbers.ER_INVALID_GROUP_FUNC_USE);
        Date time = calendar.getTime();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new DERTaggedObject(true, 0, new Time(date)));
        aSN1EncodableVector.add(new DERTaggedObject(true, 1, new Time(time)));
        OptionalValidity optionalValidity = OptionalValidity.getInstance(new DERSequence(aSN1EncodableVector));
        certTemplateBuilder.setSigningAlg(new AlgorithmIdentifier(branch));
        certTemplateBuilder.setValidity(optionalValidity);
        certTemplateBuilder.setSubject(new X500Name("CN=syg111,CN=AA,C=cn"));
        certTemplateBuilder.setPublicKey(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
        Result doRecoveryUserDoubleCert = this.openApiCMPService.doRecoveryUserDoubleCert(str, 2, publicKey, x500Name, 3L, "1111");
        return doRecoveryUserDoubleCert.isSuccess() ? doRecoveryUserDoubleCert.getInfo() : doRecoveryUserDoubleCert.getError().resp(httpServletResponse);
    }
}
