package com.xdja.pki.ra.openapi.tbox.cmp.handler;

import com.xdja.ca.utils.SdkCertUtils;
import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.util.json.JsonUtils;
import com.xdja.pki.ra.manager.dao.UserCertDao;
import com.xdja.pki.ra.manager.dto.RevokeApplyDTO;
import com.xdja.pki.ra.openapi.core.common.PKIMessageException;
import com.xdja.pki.ra.openapi.core.handler.ICmpMessageHandler;
import com.xdja.pki.ra.openapi.core.helper.PKIMessageHelper;
import com.xdja.pki.ra.service.manager.certapply.RevokeApplyService;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.cmp.RevRepContent;
import org.bouncycastle.asn1.cmp.RevReqContent;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.GeneralName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

@Component("cmpRecoveryCertReqHandler")
/* loaded from: input_file:WEB-INF/lib/ra-openapi-tbox-2.0.0-SNAPSHOT.jar:com/xdja/pki/ra/openapi/tbox/cmp/handler/CmpRevokeReqHandler.class */
public class CmpRevokeReqHandler implements ICmpMessageHandler {
    protected Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    RevokeApplyService revokeApplyService;

    @Autowired
    UserCertDao userCertDao;

    @Autowired
    private Environment env;

    @Override // com.xdja.pki.ra.openapi.core.handler.ICmpMessageHandler
    @Transactional
    public Result handleMessage(PKIMessage pKIMessage, boolean z) throws PKIMessageException {
        this.logger.info("RA撤销申请处理 ========== 【开始】");
        Result result = new Result();
        this.logger.info("RA撤销申请处理 ========== 1. 获取PkiMessage消息结构");
        PKIMessage pKIMessage2 = PKIMessage.getInstance(pKIMessage);
        if (pKIMessage2 == null) {
            this.logger.info("RA撤销申请处理 ========== No pkiMessage response message.");
            throw new PKIMessageException("RA撤销申请处理 ========== No pkiMessage response message.");
        }
        this.logger.info("RA撤销申请处理 ========== 2. 获取PkiMessage消息头PKIHeader");
        PKIHeader header = pKIMessage2.getHeader();
        if (header == null) {
            this.logger.info("RA撤销申请处理 ========== No header in response message.");
            throw new PKIMessageException("RA撤销申请处理 ========== No header in response message.");
        }
        GeneralName generalName = GeneralName.getInstance(header.getSender());
        GeneralName recipient = header.getRecipient();
        byte[] bArr = new byte[0];
        byte[] bArr2 = new byte[0];
        try {
            byte[] octets = header.getRecipNonce() == null ? null : header.getRecipNonce().getOctets();
            byte[] octets2 = header.getSenderNonce() == null ? null : header.getSenderNonce().getOctets();
            String str = header.getTransactionID() == null ? null : new String(header.getTransactionID().getOctets());
            AlgorithmIdentifier protectionAlg = header.getProtectionAlg();
            if (octets == null || octets2 == null || protectionAlg == null || StringUtils.isBlank(str)) {
                this.logger.info("RA撤销申请处理 ========== 撤销接口中必填项有空值");
                throw new PKIMessageException("RA撤销申请处理 ========== 撤销接口中必填项有空值");
            }
            this.logger.info("RA撤销申请处理 ========== 3. 验证cmp消息的header和签名的正确性");
            try {
                Result checkCmpHeaderAndSign = PKIMessageHelper.checkCmpHeaderAndSign(SdkCertUtils.convertDerCertToCert(pKIMessage2.getExtraCerts()[0].getEncoded()).getPublicKey(), header, pKIMessage2.getProtection().getBytes(), PKIMessageHelper.getProtectedBytes(pKIMessage), protectionAlg, null);
                if (!checkCmpHeaderAndSign.isSuccess()) {
                    this.logger.info("RA撤销申请处理 ========== 3.1 验证cmp消息的header和签名错误 原因:{}", JsonUtils.object2Json(checkCmpHeaderAndSign));
                    result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 12, octets, octets2, str, PKIMessageHelper.genFailRevRepContent(-1L, checkCmpHeaderAndSign.getError().code, checkCmpHeaderAndSign.getError().desc)));
                    return result;
                }
                PKIBody body = pKIMessage2.getBody();
                if (body == null) {
                    this.logger.info("RA撤销申请处理 ========== 没有对应的PKI消息体");
                    result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 12, octets, octets2, str, PKIMessageHelper.genFailRevRepContent(-1L, ErrorEnum.NO_PKI_BODY_FOR_RECEIVED.code, ErrorEnum.NO_PKI_BODY_FOR_RECEIVED.desc)));
                    return result;
                }
                if (body.getType() != 11) {
                    this.logger.info("RA撤销申请处理 ========== PKI消息体的类型不是11");
                    result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 12, octets, octets2, str, PKIMessageHelper.genFailRevRepContent(-1L, ErrorEnum.REVOKED_CERT_PKI_BODY_TAG_NOT_11.code, ErrorEnum.REVOKED_CERT_PKI_BODY_TAG_NOT_11.desc)));
                    return result;
                }
                RevReqContent content = body.getContent();
                if (content == null) {
                    this.logger.info("RA撤销申请处理 ========== PKI消息中RevReqContent为空");
                    result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 12, octets, octets2, str, PKIMessageHelper.genFailRevRepContent(-1L, ErrorEnum.PKI_BODY_REV_REQ_CONTENT_IS_EMPTY.code, ErrorEnum.PKI_BODY_REV_REQ_CONTENT_IS_EMPTY.desc)));
                    return result;
                }
                String lowerCase = content.toRevDetailsArray()[0].getCertDetails().getSerialNumber().getValue().toString(16).toLowerCase();
                String obj = header.getSender().getName().toString();
                if (this.userCertDao.getUserIsHave(lowerCase) != 1) {
                    result.setError(ErrorEnum.ONLINE_DEVICE_INFO_NOT_EXIST);
                    return result;
                }
                this.logger.info("RA撤销申请处理 ========== 4. 发起撤销用户双证书请求");
                RevokeApplyDTO revokeApplyDTO = new RevokeApplyDTO();
                revokeApplyDTO.setSignSn(lowerCase);
                try {
                    String property = this.env.getProperty("tbox.cert.template.no");
                    if (StringUtils.isBlank(property)) {
                        result.setError(ErrorEnum.TBOX_TEMPLATE_NO_NOT_EXIST);
                        return result;
                    }
                    revokeApplyDTO.setTempNo(property);
                    revokeApplyDTO.setRevokeReason(0);
                    revokeApplyDTO.setApplyReason("Tbox发起在线撤销证书请求");
                    revokeApplyDTO.setLicenseNumber(obj);
                    Result insertUserCertRevokeApply = this.revokeApplyService.insertUserCertRevokeApply(null, revokeApplyDTO, true, false);
                    if (!insertUserCertRevokeApply.isSuccess()) {
                        this.logger.info("RA撤销申请处理 ========== 4.1. 撤销用户双证书请求错误:{}", JsonUtils.object2Json(insertUserCertRevokeApply));
                        result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 12, octets, octets2, str, PKIMessageHelper.genFailRevRepContent(-1L, insertUserCertRevokeApply.getError().code, insertUserCertRevokeApply.getError().desc)));
                        return result;
                    }
                    this.logger.info("RA撤销申请处理 ========== RA返回的证书撤销请求的响应结果>>>>>>>:{}", JsonUtils.object2Json(insertUserCertRevokeApply));
                    this.logger.info("RA撤销申请处理 ========== 5. 封装CertRepMessage结构体");
                    RevRepContent genRevRepContent = PKIMessageHelper.genRevRepContent();
                    this.logger.info("RA撤销申请处理 ========== 6. 封装PKIMessage结构体");
                    result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 12, octets, octets2, str, genRevRepContent));
                    this.logger.info("RA撤销申请处理 ========== 【结束】");
                    return result;
                } catch (Exception e) {
                    result.setError(ErrorEnum.GET_TBOX_TEMPLATE_EXCEPTION);
                    return result;
                }
            } catch (Exception e2) {
                this.logger.error("RA撤销申请处理 ========== 消息体中未包含验证证书");
                result.setError(ErrorEnum.THE_PKIMESSAGE_HEADER_NO_EXTRACERTS);
                return result;
            }
        } catch (Exception e3) {
            this.logger.info("RA撤销申请处理 ========== No header in response message.");
            throw new PKIMessageException("RA撤销申请处理 ========== No header in response message.", e3);
        }
    }
}
