package com.xdja.pki.ra.openapi.normal.handler;

import com.xdja.ca.constant.SdkConstants;
import com.xdja.ca.vo.UserCertInfo;
import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.constant.Constants;
import com.xdja.pki.ra.core.util.cert.PKICertHelper;
import com.xdja.pki.ra.core.util.json.JsonUtils;
import com.xdja.pki.ra.manager.dao.CertApplyDao;
import com.xdja.pki.ra.openapi.core.BaseCMPInfo;
import com.xdja.pki.ra.openapi.core.common.CmpRespCertType;
import com.xdja.pki.ra.openapi.core.common.FreeText;
import com.xdja.pki.ra.openapi.core.common.PKIMessageException;
import com.xdja.pki.ra.openapi.core.constant.SdkCommonVariable;
import com.xdja.pki.ra.openapi.core.handler.ICmpMessageHandler;
import com.xdja.pki.ra.openapi.core.helper.PKIMessageHelper;
import com.xdja.pki.ra.service.manager.certapply.CertApplyManagerService;
import com.xdja.pki.ra.service.manager.certapply.bean.ApplyVariable;
import com.xdja.pki.ra.service.manager.certapply.bean.DoubleCode;
import com.xdja.pki.ra.service.manager.customer.CustomerSysService;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.cmp.CMPCertificate;
import org.bouncycastle.asn1.cmp.CertRepMessage;
import org.bouncycastle.asn1.cmp.CertResponse;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIFreeText;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.crmf.CertReqMessages;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;

@Component("cmpNormalIssuerCertReqHandler")
/* loaded from: input_file:com/xdja/pki/ra/openapi/normal/handler/CmpNormalIssuerCertReqHandler.class */
public class CmpNormalIssuerCertReqHandler implements ICmpMessageHandler {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    CertApplyManagerService certApplyManagerService;

    @Autowired
    CustomerSysService customerSysService;

    @Autowired
    CertApplyDao certApplyDao;

    public Result handleMessage(PKIMessage pKIMessage, boolean z) throws PKIMessageException {
        CertResponse[] certResponseArr;
        this.logger.info("RA接收normal签发处理 ========== 【开始】");
        Result result = new Result();
        this.logger.info("RA签发处理 ========== 1. 获取PkiMessage消息结构");
        PKIMessage pKIMessage2 = PKIMessage.getInstance(pKIMessage);
        if (pKIMessage2 == null) {
            this.logger.info("RA签发处理 ========== No pkiMessage response message.");
            throw new PKIMessageException("RA签发处理 ========== No pkiMessage response message.");
        }
        PKIHeader pKIHeader = null;
        this.logger.info("RA签发处理 ========== 2. 获取PkiMessage消息头PKIHeader");
        try {
            pKIHeader = pKIMessage2.getHeader();
        } catch (Exception e) {
            this.logger.info("opani========" + e);
        }
        if (pKIHeader == null) {
            this.logger.info("RA签发处理 ========== No header in response message.");
            throw new PKIMessageException("RA签发处理 ========== No header in response message.");
        }
        GeneralName generalName = GeneralName.getInstance(pKIHeader.getSender());
        GeneralName recipient = pKIHeader.getRecipient();
        byte[] bArr = new byte[0];
        byte[] bArr2 = new byte[0];
        try {
            byte[] octets = pKIHeader.getRecipNonce() == null ? null : pKIHeader.getRecipNonce().getOctets();
            byte[] octets2 = pKIHeader.getSenderNonce() == null ? null : pKIHeader.getSenderNonce().getOctets();
            String str = pKIHeader.getTransactionID() == null ? null : new String(pKIHeader.getTransactionID().getOctets());
            AlgorithmIdentifier protectionAlg = pKIHeader.getProtectionAlg();
            if (octets == null || octets2 == null || protectionAlg == null || StringUtils.isBlank(str)) {
                this.logger.info("RA签发处理 ========== 签发接口中必填项有空值");
                throw new PKIMessageException("RA签发处理 ========== 签发接口中必填项有空值");
            }
            Map headerMap = SdkCommonVariable.getHeaderMap();
            BaseCMPInfo baseCMPInfo = (BaseCMPInfo) headerMap.get(str);
            if (baseCMPInfo == null) {
                this.logger.info("签发处理 ========== 不存在对应的事务ID tranId:{}", str);
                result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 1, octets, octets2, str, PKIMessageHelper.genFailCertResponse(-1L, ErrorEnum.CMP_TRAN_ID_IS_NOT_EXIST.code, ErrorEnum.CMP_TRAN_ID_IS_NOT_EXIST.desc), (String) null));
                return result;
            }
            long longValue = pKIMessage2.getBody().getContent().toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().longValue();
            baseCMPInfo.setRequestId(longValue);
            FreeText freeText = null;
            PKIFreeText freeText2 = pKIHeader.getFreeText();
            if (freeText2 != null) {
                freeText = (FreeText) JsonUtils.json2Object(freeText2.getStringAt(0).getString(), FreeText.class);
                if (freeText == null) {
                    this.logger.info("签发申请处理 ========== PKI消息体中不包含申请信息");
                    result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 1, octets, octets2, str, PKIMessageHelper.genFailRevRepContent(-1L, ErrorEnum.PKI_MESSAGE_NOT_CONTENT_REVOKE_INFO.code, ErrorEnum.PKI_MESSAGE_NOT_CONTENT_REVOKE_INFO.desc), (String) null));
                    return result;
                }
            }
            String applyNo = freeText.getApplyNo();
            DoubleCode doubleCode = freeText.getDoubleCode();
            String signSn = freeText.getSignSn();
            Integer keyFormat = freeText.getKeyFormat();
            String obj = generalName.getName().toString();
            this.logger.info("RA签发处理 ========== 签发申请的applyNo：" + applyNo + " 第三方系统-唯一标识: " + obj + " 私钥格式:" + keyFormat);
            Result sysCertBySysNumber = this.customerSysService.getSysCertBySysNumber(obj, signSn);
            if (!sysCertBySysNumber.isSuccess()) {
                this.logger.info("RA签发处理 ========== 通过第三方系统标识确认第三方的证书错误 原因：" + JsonUtils.object2Json(sysCertBySysNumber));
                result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 1, octets, octets2, str, PKIMessageHelper.genFailCertResponse(-1L, ErrorEnum.GET_CERT_INFO_BY_SYSNUMBER_ERROR.code, ErrorEnum.GET_CERT_INFO_BY_SYSNUMBER_ERROR.desc), (String) null));
                return result;
            }
            PublicKey publicKey = (PublicKey) sysCertBySysNumber.getInfo();
            this.logger.info("RA签发处理 ========== 3. 验证cmp消息的header和签名的正确性");
            Result checkCmpHeaderAndSign = PKIMessageHelper.checkCmpHeaderAndSign(publicKey, pKIHeader, pKIMessage2.getProtection().getBytes(), PKIMessageHelper.getProtectedBytes(pKIMessage), protectionAlg, (byte[]) null);
            if (!checkCmpHeaderAndSign.isSuccess()) {
                this.logger.info("RA签发处理 ========== 验证cmp消息的header和签名错误 原因：" + JsonUtils.object2Json(checkCmpHeaderAndSign));
                result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 1, octets, octets2, str, PKIMessageHelper.genFailCertResponse(-1L, checkCmpHeaderAndSign.getError().code, checkCmpHeaderAndSign.getError().desc), (String) null));
                return result;
            }
            PKIBody body = pKIMessage.getBody();
            if (body == null) {
                this.logger.info("RA签发处理 ========== 没有对应的PKI消息体");
                result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 1, octets, octets2, str, PKIMessageHelper.genFailCertResponse(longValue, ErrorEnum.NO_PKI_BODY_FOR_RECEIVED.code, ErrorEnum.NO_PKI_BODY_FOR_RECEIVED.desc), (String) null));
                return result;
            }
            if (body.getType() != 0 && body.getType() != 2) {
                this.logger.info("RA签发处理 ========== PKI消息体的类型不是0或2");
                result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 1, octets, octets2, str, PKIMessageHelper.genFailCertResponse(longValue, ErrorEnum.ISSUE_CERT_PKI_BODY_TAG_NOT_0_OR_2.code, ErrorEnum.ISSUE_CERT_PKI_BODY_TAG_NOT_0_OR_2.desc), (String) null));
                return result;
            }
            try {
                SubjectPublicKeyInfo publicKey2 = CertReqMessages.getInstance(body.getContent()).toCertReqMsgArray()[0].getCertReq().getCertTemplate().getPublicKey();
                if (publicKey2 == null) {
                    this.logger.info("RA签发申请处理 ========== PKI消息体中公钥信息为空");
                    result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 1, octets, octets2, str, PKIMessageHelper.genFailCertResponse(longValue, ErrorEnum.GET_PKI_MESSAGE_PUBLIC_KEY_EMPTY.code, ErrorEnum.GET_PKI_MESSAGE_PUBLIC_KEY_EMPTY.desc), (String) null));
                    return result;
                }
                PublicKey publicKeyFromSubjectPublicKey = PKICertHelper.getPublicKeyFromSubjectPublicKey(publicKey2, "BC");
                Map normalMap = ApplyVariable.getNormalMap();
                if (CollectionUtils.isEmpty(normalMap)) {
                    normalMap = new HashMap();
                    normalMap.put(str, applyNo);
                    ApplyVariable.setNormalMap(normalMap);
                } else {
                    normalMap.put(str, applyNo);
                }
                Map raMap = ApplyVariable.getRaMap();
                if (CollectionUtils.isEmpty(raMap)) {
                    raMap = new HashMap();
                    raMap.put(applyNo, str);
                    ApplyVariable.setRaMap(raMap);
                } else {
                    raMap.put(applyNo, str);
                }
                this.logger.info("RA签发申请处理 ========== 4. 发起签发用户双证书请求");
                Result certApplyCarry = this.certApplyManagerService.certApplyCarry(obj, Integer.valueOf(Constants.CERT_APPLY_TYPE_ISSUE_1), applyNo, doubleCode, publicKeyFromSubjectPublicKey.getEncoded(), keyFormat);
                if (!certApplyCarry.isSuccess()) {
                    this.logger.info("RA签发申请处理 ========== 4.1. 签发用户双证书请求错误" + JsonUtils.object2Json(certApplyCarry));
                    result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 1, octets, octets2, str, PKIMessageHelper.genFailCertResponse(longValue, certApplyCarry.getErrorBean().getErrCode(), certApplyCarry.getErrorBean().getErrMsg()), (String) null));
                    raMap.remove(applyNo);
                    normalMap.remove(str);
                    headerMap.remove(str);
                    return result;
                }
                this.logger.info("RA签发申请处理 ========== CA返回的证书签发请求的响应结果 >>>>>>> " + JsonUtils.object2Json(certApplyCarry));
                if (certApplyCarry.getInfo() == null) {
                    this.logger.info("RA签发申请处理 ========== 4.2. 签发用户证书暂无返回证书信息");
                    result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 1, octets, octets2, str, PKIMessageHelper.genFailCertResponse(longValue, ErrorEnum.ISSUE_USER_CERT_NO_CERT_INFO.code, ErrorEnum.ISSUE_USER_CERT_NO_CERT_INFO.desc), (String) null));
                    return result;
                }
                UserCertInfo userCertInfo = (UserCertInfo) certApplyCarry.getInfo();
                try {
                    Integer certPatterm = this.certApplyDao.getCertPatterm(applyNo);
                    if (null == userCertInfo.getSignCert()) {
                        this.logger.info("RA签发申请处理 ========== 4.3. 用户证书或加密证书为空");
                        result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 1, octets, octets2, str, PKIMessageHelper.genFailCertResponse(longValue, ErrorEnum.SIGN_CERT_OR_ENC_CERT_IS_EMPTY.code, ErrorEnum.SIGN_CERT_OR_ENC_CERT_IS_EMPTY.desc), (String) null));
                        return result;
                    }
                    if (SdkConstants.CERT_TYPE_SINGLE_1 != certPatterm.intValue() && null == userCertInfo.getEncCert()) {
                        this.logger.info("RA签发申请处理 ========== 4.3. 用户证书或加密证书为空");
                        result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 1, octets, octets2, str, PKIMessageHelper.genFailCertResponse(longValue, ErrorEnum.SIGN_CERT_OR_ENC_CERT_IS_EMPTY.code, ErrorEnum.SIGN_CERT_OR_ENC_CERT_IS_EMPTY.desc), (String) null));
                        return result;
                    }
                    CertResponse certResponse = null;
                    try {
                        this.logger.info("RA签发申请处理 ========== 5. 将证书封装签名CertResponse结构体");
                        CertResponse genCertResponse = PKIMessageHelper.genCertResponse(longValue, userCertInfo, CmpRespCertType.GEN_CERT_RESPONSE_SIGN_CERT_1.value, keyFormat);
                        if (SdkConstants.CERT_TYPE_SINGLE_1 != certPatterm.intValue()) {
                            this.logger.info("RA签发申请处理 ========== 6. 将证书封装加密CertResponse结构体");
                            certResponse = PKIMessageHelper.genCertResponse(longValue, userCertInfo, CmpRespCertType.GEN_CERT_RESPONSE_ENC_CERT_AND_ENC_PRI_KEY_2.value, keyFormat);
                        }
                        if (genCertResponse != null && certResponse == null) {
                            certResponseArr = new CertResponse[]{genCertResponse};
                        } else {
                            if (genCertResponse == null || certResponse == null) {
                                this.logger.info("更新申请处理 ========== 6.1. 封装CertResponse失败");
                                result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 3, octets, octets2, str, PKIMessageHelper.genFailCertResponse(longValue, ErrorEnum.MAKE_CERT_RESPONSE_ERROR.code, ErrorEnum.MAKE_CERT_RESPONSE_ERROR.desc), (String) null));
                                return result;
                            }
                            certResponseArr = new CertResponse[]{genCertResponse, certResponse};
                        }
                        this.logger.info("RA签发申请处理 ========== 7. 封装CertRepMessage结构体");
                        CertRepMessage certRepMessage = new CertRepMessage((CMPCertificate[]) null, certResponseArr);
                        this.logger.info("RA签发申请处理 ========== 8. 封装PKIMessage结构体");
                        result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 1, octets, octets2, str, certRepMessage, (String) null));
                        this.logger.info("RA签发申请处理 ========== 【结束】");
                        return result;
                    } catch (Exception e2) {
                        this.logger.error("RA签发申请处理 ========== 封装CertResponse结构体异常", e2);
                        result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 1, octets, octets2, str, PKIMessageHelper.genFailCertResponse(longValue, ErrorEnum.MAKE_CERT_RESPONSE_ERROR.code, ErrorEnum.MAKE_CERT_RESPONSE_ERROR.desc), (String) null));
                        return result;
                    }
                } catch (Exception e3) {
                    this.logger.info("获取签发证书申请基本信息为空");
                    result.setError(ErrorEnum.GET_ISSUE_APPLY_INFO_IS_EMPTY);
                    return result;
                }
            } catch (Exception e4) {
                this.logger.info("RA签发申请处理 ========== PKI消息体中公钥信息获取异常");
                result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 1, octets, octets2, str, PKIMessageHelper.genFailCertResponse(longValue, ErrorEnum.GET_PKI_MESSAGE_PUBLIC_KEY_EXCEPTION.code, ErrorEnum.GET_PKI_MESSAGE_PUBLIC_KEY_EXCEPTION.desc), (String) null));
                return result;
            }
        } catch (Exception e5) {
            this.logger.info("RA签normalTranID发处理 ========== No header in response message.");
            throw new PKIMessageException("RA签normalTranID发处理 ========== No header in response message.", e5);
        }
    }
}
