package com.xdja.pki.ra.openapi.scep.handler;

import com.xdja.ca.utils.SdkP10Utils;
import com.xdja.pki.gmssl.x509.utils.GMSSLX500NameUtils;
import com.xdja.pki.ra.core.common.CommonVariable;
import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.util.cert.CertUtils;
import com.xdja.pki.ra.core.util.cert.RFC4519StyleUpperCase;
import com.xdja.pki.ra.openapi.core.handler.IScepMessageHandler;
import com.xdja.pki.ra.openapi.core.scep.CertRepUtils;
import com.xdja.pki.ra.openapi.scep.common.P7bUtils;
import com.xdja.pki.ra.service.manager.scep.ScepCertService;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
import java.util.Map;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.pkcs.ContentInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.SignedData;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component("getCertScepMessageHandler")
/* loaded from: input_file:WEB-INF/lib/ra-openapi-scep-2.0.1-SNAPSHOT.jar:com/xdja/pki/ra/openapi/scep/handler/GetCertScepMessageHandler.class */
public class GetCertScepMessageHandler implements IScepMessageHandler {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    ScepCertService scepCertService;

    @Override // com.xdja.pki.ra.openapi.core.handler.IScepMessageHandler
    public Result handleMessage(byte[] bArr, byte[] bArr2, byte[] bArr3, X509Certificate x509Certificate) {
        SignedData createRepSignedData;
        Result result = new Result();
        this.logger.info("SCEP获取证书消息处理类接收到的明文请求数据::" + Base64.toBase64String(bArr));
        try {
            IssuerAndSerialNumber issuerAndSerialNumber = IssuerAndSerialNumber.getInstance(bArr);
            this.logger.info("服务端解析获取客户端证书查询对象：" + Base64.toBase64String(issuerAndSerialNumber.getEncoded()));
            result.setInfo(new Date());
            String bigInteger = issuerAndSerialNumber.getSerialNumber().getValue().toString(16);
            String reverseDnSeq = SdkP10Utils.reverseDnSeq(X500Name.getInstance(RFC4519StyleUpperCase.INSTANCE, issuerAndSerialNumber.getName()));
            result = this.scepCertService.getScepCert(bigInteger, reverseDnSeq);
            X509Certificate raServiceCert = CommonVariable.getRaServiceCert();
            if (!result.isSuccess() || result.getInfo() == null) {
                createRepSignedData = CertRepUtils.createRepSignedData(null, raServiceCert, bArr2, "3", "2", bArr3, x509Certificate, Integer.valueOf(CertRepUtils.getFailInfoByErrorCode(result.getErrorBean().getErrCode())));
            } else {
                Map map = (Map) result.getInfo();
                X509Certificate certFromStr = CertUtils.getCertFromStr((String) map.get("signCert"));
                if (GMSSLX500NameUtils.getRFCStyleIssuerDN(certFromStr).equals(reverseDnSeq)) {
                    X509Certificate x509Certificate2 = null;
                    if (null != map.get("encCert")) {
                        x509Certificate2 = CertUtils.getCertFromStr((String) map.get("encCert"));
                    }
                    List<X509Certificate> list = null;
                    if (null != map.get("CACert")) {
                        list = P7bUtils.resolveCertChain((String) map.get("CACert"));
                    }
                    createRepSignedData = CertRepUtils.createRepSignedData(new ContentInfo(PKCSObjectIdentifiers.signedData, CertRepUtils.createSourceRepSignedData(certFromStr, x509Certificate2, null, null, null, list)).getEncoded("DL"), raServiceCert, bArr2, "3", "0", bArr3, x509Certificate, null);
                } else {
                    createRepSignedData = CertRepUtils.createRepSignedData(null, raServiceCert, bArr2, "3", "2", bArr3, x509Certificate, 6);
                }
            }
            ContentInfo createContentInfo = CertRepUtils.createContentInfo(PKCSObjectIdentifiers.signedData, createRepSignedData);
            result.setContentType("application/x-pki-message");
            result.setInfo(createContentInfo);
            return result;
        } catch (Exception e) {
            this.logger.error("构建返回数据结构内部异常", (Throwable) e);
            result.setError(ErrorEnum.CREATE_CERT_REP_STRUCTURE_EXCEPTION);
            return result;
        }
    }
}
