package com.xdja.pki.ra.openapi.normal.handler;

import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.util.json.JsonUtils;
import com.xdja.pki.ra.openapi.core.BaseCMPInfo;
import com.xdja.pki.ra.openapi.core.common.FreeText;
import com.xdja.pki.ra.openapi.core.common.PKIMessageException;
import com.xdja.pki.ra.openapi.core.handler.ICmpMessageHandler;
import com.xdja.pki.ra.openapi.core.helper.PKIMessageHelper;
import com.xdja.pki.ra.service.manager.cache.RedisCacheManagerService;
import com.xdja.pki.ra.service.manager.certapply.CertApplyService;
import com.xdja.pki.ra.service.manager.customer.CustomerSysService;
import java.io.IOException;
import java.security.PublicKey;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIFreeText;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.GeneralName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

@Component("cmpNormalConfirmReqHandler")
/* loaded from: input_file:WEB-INF/classes/com/xdja/pki/ra/openapi/normal/handler/CmpNormalConfirmReqHandler.class */
public class CmpNormalConfirmReqHandler implements ICmpMessageHandler {
    private final Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    CertApplyService certApplyService;

    @Autowired
    CustomerSysService customerSysService;

    @Autowired
    RedisCacheManagerService redisCacheManagerService;

    @Override // com.xdja.pki.ra.openapi.core.handler.ICmpMessageHandler
    @Transactional
    public Result handleMessage(PKIMessage pKIMessage, boolean z) throws PKIMessageException, IOException {
        this.logger.info("RA证书确认消息 ========== 【开始】");
        Result result = new Result();
        this.logger.info("RA证书确认消息 ========== 1. 获取PkiMessage消息结构");
        PKIMessage pKIMessage2 = PKIMessage.getInstance(pKIMessage);
        if (pKIMessage2 == null) {
            this.logger.info("RA证书确认消息 ========== No pkiMessage response message.");
            throw new PKIMessageException("RA证书确认消息 ========== No pkiMessage response message.");
        }
        this.logger.info("RA证书确认消息 ========== 2. 获取PkiMessage消息头PKIHeader");
        PKIHeader header = pKIMessage2.getHeader();
        if (header == null) {
            this.logger.info("RA证书确认消息 ========== No header in response message.");
            throw new PKIMessageException("RA证书确认消息 ========== No header in response message.");
        }
        GeneralName sender = header.getSender();
        GeneralName recipient = header.getRecipient();
        byte[] bArr = new byte[0];
        byte[] bArr2 = new byte[0];
        try {
            byte[] octets = header.getRecipNonce() == null ? null : header.getRecipNonce().getOctets();
            byte[] octets2 = header.getSenderNonce() == null ? null : header.getSenderNonce().getOctets();
            String str = header.getTransactionID() == null ? null : new String(header.getTransactionID().getOctets());
            AlgorithmIdentifier protectionAlg = header.getProtectionAlg();
            if (octets == null || octets2 == null || protectionAlg == null || StringUtils.isBlank(str)) {
                this.logger.info("RA证书确认消息 ========== 确认消息接口中必填项有空值");
                throw new PKIMessageException("RA证书确认消息 ========== 确认消息接口中必填项有空值");
            }
            if (((BaseCMPInfo) JsonUtils.json2Object(this.redisCacheManagerService.removeRaSdkCmpInfo(str), BaseCMPInfo.class)) == null) {
                this.logger.info("RA证书确认消息 ========== 不存在对应的事务ID tranId:{}", str);
                result.setError(ErrorEnum.CMP_TRAN_ID_IS_NOT_EXIST);
                return result;
            }
            PKIFreeText freeText = header.getFreeText();
            if (freeText == null) {
                this.logger.info("RA证书确认消息 ========== PKI消息体中不包含sn信息");
                result.setInfo(PKIMessageHelper.generatePKIMessage(sender, recipient, 24, octets, octets2, str, PKIMessageHelper.genFailRevRepContent(-1L, ErrorEnum.PKI_MESSAGE_NOT_CONTENT_REVOKE_INFO.code, ErrorEnum.PKI_MESSAGE_NOT_CONTENT_REVOKE_INFO.desc)));
                return result;
            }
            FreeText freeText2 = (FreeText) JsonUtils.json2Object(freeText.getStringAt(0).getString(), FreeText.class);
            if (freeText2 == null) {
                this.logger.info("RA证书确认消息 ========== PKI消息体中不包含sn信息");
                result.setInfo(PKIMessageHelper.generatePKIMessage(sender, recipient, 24, octets, octets2, str, PKIMessageHelper.genFailRevRepContent(-1L, ErrorEnum.PKI_MESSAGE_NOT_CONTENT_REVOKE_INFO.code, ErrorEnum.PKI_MESSAGE_NOT_CONTENT_REVOKE_INFO.desc)));
                return result;
            }
            String signSn = freeText2.getSignSn();
            String obj = sender.getName().toString();
            Result sysCertBySysNumber = this.customerSysService.getSysCertBySysNumber(obj, signSn);
            if (!sysCertBySysNumber.isSuccess()) {
                this.logger.info("RA证书确认消息 ========== 通过第三方系统标识确认第三方的证书错误 原因:{}", JsonUtils.object2Json(sysCertBySysNumber));
                result.setInfo(PKIMessageHelper.generatePKIMessage(sender, recipient, 24, octets, octets2, str, PKIMessageHelper.genFailCertResponse(-1L, sysCertBySysNumber.getError().code, sysCertBySysNumber.getError().desc)));
                return result;
            }
            PublicKey publicKey = (PublicKey) sysCertBySysNumber.getInfo();
            this.logger.info("RA证书确认消息 ========== 3. 验证cmp消息的header和签名的正确性");
            Result checkCmpHeaderAndSign = PKIMessageHelper.checkCmpHeaderAndSign(publicKey, header, pKIMessage2.getProtection().getBytes(), PKIMessageHelper.getProtectedBytes(pKIMessage), protectionAlg, null);
            if (!checkCmpHeaderAndSign.isSuccess()) {
                this.logger.info("RA证书确认消息 ========== 3.1 验证cmp消息的header和签名错误 原因:{}", JsonUtils.object2Json(checkCmpHeaderAndSign));
                result.setError(checkCmpHeaderAndSign.getError());
                return result;
            }
            PKIBody body = pKIMessage2.getBody();
            if (body == null) {
                this.logger.info("RA证书确认消息 ========== 没有对应的PKI消息体");
                result.setError(ErrorEnum.NO_PKI_BODY_FOR_RECEIVED);
                return result;
            }
            if (body.getType() != 24) {
                this.logger.info("RA证书确认消息 ========== PKI消息体的类型不是24");
                result.setError(ErrorEnum.CONFIRM_CERT_PKI_BODY_TAG_NOT_24);
                return result;
            }
            if (body.getContent() == null) {
                this.logger.info("RA证书确认消息 ========== PKI消息中CertConfirmContent为空");
                result.setError(ErrorEnum.PKI_BODY_CERT_CONFIRM_CONTENT_IS_EMPTY);
                return result;
            }
            this.logger.info("RA证书确认消息 ========== RA接收到normal发送的关于请求事务id为[{}]的消息确认请求", str);
            String removeNomalTransId = this.redisCacheManagerService.removeNomalTransId(str);
            this.logger.info("RA证书确认消息 ========== 的applyNo:{}", removeNomalTransId);
            Result issueUserCertResp = this.certApplyService.issueUserCertResp(removeNomalTransId, obj, true);
            if (issueUserCertResp.isSuccess()) {
                this.logger.info("RA证书确认消息 ========== 【结束】");
                return result;
            }
            this.logger.info("RA证书确认消息 ==========  RA证书确认消息请求错误:{}", JsonUtils.object2Json(issueUserCertResp));
            result.setErrorBean(issueUserCertResp.getErrorBean());
            return result;
        } catch (Exception e) {
            this.logger.info("RA证书确认消息 ========== No header in response message.");
            throw new PKIMessageException("RA证书确认消息 ========== No header in response message.", e);
        }
    }
}
