package com.xdja.pki.ra.service.manager.certapply;

import com.xdja.ca.constant.SdkConstants;
import com.xdja.ca.utils.SdkP10Utils;
import com.xdja.ca.vo.UserCertInfo;
import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import com.xdja.pki.gmssl.keystore.utils.GMSSLKeyStoreUtils;
import com.xdja.pki.ra.core.asn1.RsaObjectIdentifiers;
import com.xdja.pki.ra.core.common.CommonVariable;
import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.constant.Constants;
import com.xdja.pki.ra.core.constant.PathConstants;
import com.xdja.pki.ra.core.pkcs7.SignedDataUtils;
import com.xdja.pki.ra.core.util.cert.CertDnVerifyUtils;
import com.xdja.pki.ra.core.util.cert.CertUtils;
import com.xdja.pki.ra.core.util.cert.KeyStoreUtils;
import com.xdja.pki.ra.core.util.cert.KeyUtils;
import com.xdja.pki.ra.core.util.cert.RandomUtils;
import com.xdja.pki.ra.core.util.file.FileUtils;
import com.xdja.pki.ra.core.util.json.JsonUtils;
import com.xdja.pki.ra.core.util.time.DateUtils;
import com.xdja.pki.ra.manager.dao.ApplyRecordDao;
import com.xdja.pki.ra.manager.dao.BaseUserDao;
import com.xdja.pki.ra.manager.dao.CaCertDao;
import com.xdja.pki.ra.manager.dao.CertApplyDao;
import com.xdja.pki.ra.manager.dao.IssueApplyDao;
import com.xdja.pki.ra.manager.dao.RaCertDao;
import com.xdja.pki.ra.manager.dao.RevokeApplyDao;
import com.xdja.pki.ra.manager.dao.UpdateApplyDao;
import com.xdja.pki.ra.manager.dao.UserCertDao;
import com.xdja.pki.ra.manager.dao.model.ApplyRecordDO;
import com.xdja.pki.ra.manager.dao.model.BaseUserDO;
import com.xdja.pki.ra.manager.dao.model.CaCertDO;
import com.xdja.pki.ra.manager.dao.model.CertApplyDO;
import com.xdja.pki.ra.manager.dao.model.UserCertDO;
import com.xdja.pki.ra.manager.dto.CertApplyDTO;
import com.xdja.pki.ra.manager.dto.IssueApplyDTO;
import com.xdja.pki.ra.manager.dto.RevokeApplyDTO;
import com.xdja.pki.ra.manager.dto.UpdateApplyDTO;
import com.xdja.pki.ra.manager.page.PageInfo;
import com.xdja.pki.ra.manager.sdk.business.CaBusinessManager;
import com.xdja.pki.ra.manager.sdk.cmp.CertLifeCycleManager;
import com.xdja.pki.ra.security.bean.Operator;
import com.xdja.pki.ra.security.util.OperatorUtil;
import com.xdja.pki.ra.service.manager.certapply.bean.ApplyRecordVO;
import com.xdja.pki.ra.service.manager.certapply.bean.ApplyVariable;
import com.xdja.pki.ra.service.manager.certapply.bean.CertApplyResp;
import com.xdja.pki.ra.service.manager.certapply.bean.CertApplyVO;
import com.xdja.pki.ra.service.manager.login.bean.CurrentAdminInfo;
import com.xdja.pki.ra.service.manager.usercert.UserCertService;
import java.io.File;
import java.io.FileOutputStream;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.sql.Timestamp;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.CollectionUtils;

@Service
/* loaded from: input_file:WEB-INF/lib/ra-service-manager-impl-0.0.1-SNAPSHOT.jar:com/xdja/pki/ra/service/manager/certapply/CertApplyServiceImpl.class */
public class CertApplyServiceImpl implements CertApplyService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    CertApplyDao certApplyDao;

    @Autowired
    ApplyRecordDao applyRecordDao;

    @Autowired
    CertLifeCycleManager certLifeCycleManager;

    @Autowired
    UserCertDao userCertDao;

    @Autowired
    CaCertDao caCertDao;

    @Autowired
    IssueApplyDao issueApplyDao;

    @Autowired
    UpdateApplyDao updateApplyDao;

    @Autowired
    RevokeApplyDao revokeApplyDao;

    @Autowired
    CertApplyService certApplyService;

    @Autowired
    UserCertService userCertService;

    @Autowired
    CaBusinessManager caBusinessManager;

    @Autowired
    BaseUserDao baseUserDao;

    @Autowired
    RaCertDao raCertDao;

    @Override // com.xdja.pki.ra.service.manager.certapply.CertApplyService
    public Result updateCertApplyInfo(String str, String str2, int i, Long l) {
        Result result = new Result();
        CertApplyDO certApplyInfo = this.certApplyDao.getCertApplyInfo(str2);
        if (StringUtils.isNotBlank(str)) {
            certApplyInfo.setCertDn(str == null ? certApplyInfo.getCertDn() : str);
        }
        certApplyInfo.setApplyStatus(Integer.valueOf(i));
        certApplyInfo.setAdminId(666L);
        certApplyInfo.setAdminCertDn("CN=当前登录的管理员，O=**省公安厅，C=CN");
        certApplyInfo.setGmtUpdate(new Timestamp(System.currentTimeMillis()));
        if (l != null) {
            certApplyInfo.setTempId(l);
        }
        if (this.certApplyDao.updateCertApply(certApplyInfo) > 0) {
            return result;
        }
        this.logger.info("更新申请基本信息失败");
        result.setError(ErrorEnum.UPDATE_CERT_APPLY_INFO_FAIL);
        return result;
    }

    @Override // com.xdja.pki.ra.service.manager.certapply.CertApplyService
    public Result insertCertApplyRecord(int i, int i2, String str, int i3, String str2, int i4, boolean z, boolean z2) {
        Result result = new Result();
        ApplyRecordDO applyRecordDO = new ApplyRecordDO();
        if (!z2) {
            Operator operator = OperatorUtil.getOperator();
            if (operator == null || operator.getCurrUser() == null) {
                result.setError(ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN);
                return result;
            }
            CurrentAdminInfo currentAdminInfo = (CurrentAdminInfo) operator.getCurrUser();
            long longValue = currentAdminInfo.getId().longValue();
            String certDn = currentAdminInfo.getCertDn();
            applyRecordDO.setAdminId(Long.valueOf(longValue));
            applyRecordDO.setAdminCertDn(certDn);
        } else if (z) {
            applyRecordDO.setAdminId(0L);
            applyRecordDO.setAdminCertDn("自动审核");
        } else {
            applyRecordDO.setAdminId(0L);
            applyRecordDO.setAdminCertDn("第三方系统");
        }
        applyRecordDO.setApplyNo(str);
        applyRecordDO.setOperateType(Integer.valueOf(i2));
        applyRecordDO.setApplyType(Integer.valueOf(i));
        applyRecordDO.setApplyStatus(Integer.valueOf(i3));
        applyRecordDO.setOperateResult(Integer.valueOf(i4));
        applyRecordDO.setRemark(str2 == null ? "" : str2);
        applyRecordDO.setGmtUpdate(new Timestamp(new Date().getTime()));
        applyRecordDO.setGmtCreate(new Timestamp(new Date().getTime()));
        try {
            this.applyRecordDao.addApplyRecord(applyRecordDO);
        } catch (Exception e) {
            this.logger.error("applyNo{}，记录申请操作异常{}", str, e.getMessage());
        }
        return result;
    }

    @Deprecated
    public Result updateCertApplyStatus(int i, int i2, String str, int i3, String str2, int i4) {
        Result result = new Result();
        Operator operator = OperatorUtil.getOperator();
        if (operator == null || operator.getCurrUser() == null) {
            result.setError(ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN);
            return result;
        }
        CurrentAdminInfo currentAdminInfo = (CurrentAdminInfo) operator.getCurrUser();
        long longValue = currentAdminInfo.getId().longValue();
        String certDn = currentAdminInfo.getCertDn();
        ApplyRecordDO applyRecordDO = new ApplyRecordDO();
        applyRecordDO.setApplyNo(str);
        applyRecordDO.setOperateType(Integer.valueOf(i2));
        applyRecordDO.setApplyType(Integer.valueOf(i));
        applyRecordDO.setApplyStatus(Integer.valueOf(i3));
        applyRecordDO.setAdminId(Long.valueOf(longValue));
        applyRecordDO.setAdminCertDn(certDn);
        applyRecordDO.setOperateResult(Integer.valueOf(i4));
        applyRecordDO.setRemark(str2);
        applyRecordDO.setGmtUpdate(new Timestamp(new Date().getTime()));
        applyRecordDO.setGmtCreate(new Timestamp(new Date().getTime()));
        if (this.applyRecordDao.addApplyRecord(applyRecordDO) != null) {
            return result;
        }
        this.logger.info("添加申请记录失败");
        result.setError(ErrorEnum.INSERT_APPLY_RECORD_FAIL);
        throw new RuntimeException();
    }

    @Override // com.xdja.pki.ra.service.manager.certapply.CertApplyService
    public Result listUserApply(String str, int i, int i2, int i3, int i4) {
        CertApplyResp certApplyResp = new CertApplyResp();
        Result result = new Result();
        PageInfo<CertApplyDTO> listPageUserCert = this.certApplyDao.listPageUserCert(str, i, i2, i3, i4);
        if (listPageUserCert == null) {
            result.setError(ErrorEnum.QUERY_CERT_APPLY_LIST_ERROR);
            return result;
        }
        ArrayList arrayList = new ArrayList();
        List<CertApplyDTO> list = listPageUserCert.getList();
        if (CollectionUtils.isEmpty(list)) {
            certApplyResp.setRecordCount(0);
            certApplyResp.setPageCount(0);
            certApplyResp.setDatas(arrayList);
            result.setInfo(certApplyResp);
            return result;
        }
        for (CertApplyDTO certApplyDTO : list) {
            CertApplyVO certApplyVO = new CertApplyVO();
            BeanUtils.copyProperties(certApplyDTO, certApplyVO);
            certApplyVO.setGmtCreate(new SimpleDateFormat(DateUtils.FORMAT_ONE).format((Date) certApplyDTO.getGmtCreate()));
            arrayList.add(certApplyVO);
        }
        certApplyResp.setDatas(arrayList);
        certApplyResp.setPageCount(listPageUserCert.getPageCount());
        certApplyResp.setRecordCount(listPageUserCert.getRecordCount());
        result.setInfo(certApplyResp);
        return result;
    }

    @Override // com.xdja.pki.ra.service.manager.certapply.CertApplyService
    public Result verifyUserCertApplyDn(String str) {
        Result result = new Result();
        try {
            String x500Name = new X500Name(str).toString();
            this.logger.info("格式化之后的申请DN:" + x500Name);
            Result checkCertDnSymbol = CertDnVerifyUtils.checkCertDnSymbol(x500Name);
            if (!checkCertDnSymbol.isSuccess()) {
                this.logger.info("证书的DN的特殊符号校验有误");
                result.setError(checkCertDnSymbol.getError());
                return result;
            }
            Result checkCertDnSort = CertDnVerifyUtils.checkCertDnSort(x500Name);
            if (!checkCertDnSort.isSuccess()) {
                this.logger.info("证书的DN的类型先后顺序有误");
                result.setError(checkCertDnSort.getError());
                return result;
            }
            Result check64 = CertDnVerifyUtils.check64(x500Name);
            if (!check64.isSuccess()) {
                this.logger.info("证书的DN关键字的值校验有误" + x500Name);
                result.setError(check64.getError());
                return result;
            }
            Result checkBlankSpace = CertDnVerifyUtils.checkBlankSpace(x500Name);
            if (!checkBlankSpace.isSuccess()) {
                this.logger.info("证书的DN关键字与值之间有空格" + x500Name);
                result.setError(checkBlankSpace.getError());
                return result;
            }
            Result checkDnKeyword = CertDnVerifyUtils.checkDnKeyword(x500Name);
            if (checkDnKeyword.isSuccess()) {
                return result;
            }
            this.logger.info("申请DN中有系统不支持的关键字" + x500Name);
            result.setError(checkDnKeyword.getError());
            return result;
        } catch (Exception e) {
            this.logger.info("certDn不正确{}", e.getMessage());
            result.setError(ErrorEnum.CERT_APPLY_DN_IS_ERROR);
            return result;
        }
    }

    @Override // com.xdja.pki.ra.service.manager.certapply.CertApplyService
    public Result verifyUserCertApplyDn(String str, long j, String str2) {
        Result verifyUserCertApplyDn = verifyUserCertApplyDn(str);
        if (!verifyUserCertApplyDn.isSuccess()) {
            return verifyUserCertApplyDn;
        }
        if (this.userCertDao.getUserCertByUserIdAndCertDN(str, j) >= 1) {
            this.logger.info("有多个的证书的DN信息同【" + str + "】一致");
            verifyUserCertApplyDn.setError(ErrorEnum.USER_CERT_DN_HAVE_SAME_APPLY_CERT_DN);
            return verifyUserCertApplyDn;
        }
        if (this.certApplyDao.getCertApplyCountByCertDn(str, j) < 1) {
            return verifyUserCertApplyDn;
        }
        if (StringUtils.isNotBlank(str2) && str.equalsIgnoreCase(this.certApplyDao.getCertDnByApplyNo(str2))) {
            return verifyUserCertApplyDn;
        }
        this.logger.info("已存在相同证书主体的用户申请 " + str);
        verifyUserCertApplyDn.setError(ErrorEnum.CERT_APPLY_CERT_DN_IS_EXIST);
        return verifyUserCertApplyDn;
    }

    @Override // com.xdja.pki.ra.service.manager.certapply.CertApplyService
    public Result verifyUserCertApply(String str, int i) {
        Result result = new Result();
        if (i == Constants.CERT_APPLY_TYPE_UPDATE_2) {
            if (this.updateApplyDao.getUnClosedUpdateApplyNum(str) > 0) {
                result.setError(ErrorEnum.SIGN_SN_HAS_UPDATE_APPLY_NOT_CLOSED);
                return result;
            }
        } else if (i == Constants.CERT_APPLY_TYPE_REVOKE_3 && this.revokeApplyDao.getUnClosedRevokeApplyNum(str) > 0) {
            result.setError(ErrorEnum.SIGN_SN_HAS_REVOKE_APPLY_NOT_CLOSED);
            return result;
        }
        return result;
    }

    @Override // com.xdja.pki.ra.service.manager.certapply.CertApplyService
    public Result issueUserCert(Integer num, String str, Integer num2, int i, String str2, String str3, byte[] bArr, int i2, boolean z, boolean z2) {
        Result result = new Result();
        if (!z) {
            Operator operator = OperatorUtil.getOperator();
            if (operator == null || operator.getCurrUser() == null) {
                result.setError(ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN);
                return result;
            }
            if (!((CurrentAdminInfo) operator.getCurrUser()).getRoleList().contains(Integer.valueOf(Constants.ADMIN_ROLE_OPERATOR_ISSUE_5))) {
                result.setError(ErrorEnum.CURRENT_ADMIN_ROLE_IS_ERROR);
                return result;
            }
        }
        String rAServiceDnName = getRAServiceDnName();
        if (StringUtils.isBlank(rAServiceDnName)) {
            this.logger.error("获取RA服务器证书DN名字错误");
            result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        String cAServiceDnName = getCAServiceDnName();
        if (StringUtils.isBlank(cAServiceDnName)) {
            this.logger.error("获取CA服务器证书DN名字错误");
            result.setError(ErrorEnum.GET_CA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        CertApplyDO certApplyInfo = this.certApplyDao.getCertApplyInfo(str2);
        if (certApplyInfo == null) {
            this.logger.info("不存在当前申请编号对应的申请记录 applyNo:" + str2);
            result.setError(ErrorEnum.CANNOT_FIND_APPLY_BY_NO);
            return result;
        }
        result.setLogContent("，证书主体=" + certApplyInfo.getCertDn());
        int intValue = certApplyInfo.getApplyStatus().intValue();
        if (3 != intValue) {
            this.logger.info("当前申请状态不可发起签发 applyStatus:" + intValue);
            result.setError(ErrorEnum.APPLY_STATUS_NOT_SUPPORT_ISSUE_CERT);
            return result;
        }
        String valueOf = String.valueOf(System.nanoTime());
        Map<String, String> raMap = ApplyVariable.getRaMap();
        if (CollectionUtils.isEmpty(raMap)) {
            raMap = new HashMap();
            raMap.put(str2, valueOf);
            ApplyVariable.setRaMap(raMap);
        } else {
            raMap.put(str2, valueOf);
        }
        this.logger.debug("RA缓存applyNo和raTransId的对应关系：" + JsonUtils.object2Json(raMap));
        if (i == Constants.CERT_APPLY_TYPE_ISSUE_1) {
            Result issueApplyHandler = issueApplyHandler(num, str, num2, str2, str3, bArr, rAServiceDnName, cAServiceDnName, valueOf, i2, z, z2);
            if (!issueApplyHandler.isSuccess()) {
                this.logger.info("签发证书申请处理失败");
                result.setErrorBean(issueApplyHandler.getErrorBean());
                raMap.remove(str2);
                return result;
            }
            result.setInfo(issueApplyHandler.getInfo());
        } else if (i == Constants.CERT_APPLY_TYPE_UPDATE_2) {
            Result updateApplyHandler = updateApplyHandler(num, str, num2, str2, str3, bArr, rAServiceDnName, cAServiceDnName, valueOf, i2, z, z2);
            if (!updateApplyHandler.isSuccess()) {
                this.logger.info("更新证书申请处理失败");
                result.setErrorBean(updateApplyHandler.getErrorBean());
                raMap.remove(str2);
                return result;
            }
            result.setInfo(updateApplyHandler.getInfo());
        }
        try {
            Integer certPatterm = this.certApplyDao.getCertPatterm(str2);
            UserCertInfo userCertInfo = (UserCertInfo) result.getInfo();
            if (i2 == Constants.APPLY_CERT_TYPE_BY_UKEY_1 || z) {
                result.setInfo(userCertInfo);
                return result;
            }
            ArrayList arrayList = new ArrayList();
            if (StringUtils.isNotBlank(userCertInfo.getEncPriKey())) {
                HashMap hashMap = new HashMap();
                hashMap.put("name", "EncPrivateKey");
                hashMap.put("suffix", "pem");
                hashMap.put("buffer", userCertInfo.getEncPriKey().getBytes());
                arrayList.add(hashMap);
            }
            if (num2.intValue() == Constants.P10_ISSUE_TYPE_P7B_4) {
                HashMap hashMap2 = new HashMap();
                hashMap2.put("name", "SignCert");
                hashMap2.put("suffix", "p7b");
                hashMap2.put("buffer", userCertInfo.getSignCert().getBytes());
                arrayList.add(hashMap2);
                if (certPatterm.intValue() != SdkConstants.CERT_TYPE_SINGLE_1) {
                    HashMap hashMap3 = new HashMap();
                    hashMap3.put("name", "EncCert");
                    hashMap3.put("suffix", "p7b");
                    hashMap3.put("buffer", userCertInfo.getEncCert().getBytes());
                    arrayList.add(hashMap3);
                }
            } else {
                try {
                    X509Certificate certFromStr = CertUtils.getCertFromStr(userCertInfo.getSignCert());
                    String lowerCase = certFromStr.getSerialNumber().toString(16).toLowerCase();
                    if (num == null && StringUtils.isBlank(str)) {
                        String read = FileUtils.read(PathConstants.USER_CERT_KEYSTORE_FILE_PATH + "/" + this.updateApplyDao.getUpdateApplyInfoByApplyNo(str2).getSignSn() + "/index.txt");
                        str = read.substring(1);
                        num = Integer.valueOf(read.substring(0, 1));
                    }
                    HashMap hashMap4 = new HashMap();
                    hashMap4.put("name", "CACert");
                    hashMap4.put("suffix", "p7b");
                    hashMap4.put("buffer", FileUtils.readByBinary(PathConstants.CA_TRUST_SERVICE_CERT_FILE_PATH));
                    arrayList.add(hashMap4);
                    if (certPatterm.intValue() != SdkConstants.CERT_TYPE_SINGLE_1) {
                        HashMap hashMap5 = new HashMap();
                        hashMap5.put("name", "encCert");
                        hashMap5.put("suffix", "cer");
                        hashMap5.put("buffer", userCertInfo.getEncCert().getBytes());
                        arrayList.add(hashMap5);
                        X509Certificate certFromStr2 = CertUtils.getCertFromStr(userCertInfo.getEncCert());
                        FileUtils.saveFile(num + str, PathConstants.USER_CERT_KEYSTORE_FILE_PATH + "/" + lowerCase + "/index.txt");
                        String stringRandom = KeyStoreUtils.getStringRandom(8);
                        KeyStore generateGMSSLKeyStoreWithBKS = GMSSLKeyStoreUtils.generateGMSSLKeyStoreWithBKS(stringRandom, CommonVariable.getCaServiceCert(), num.intValue(), str, str2 + "_sign", certFromStr, str2 + "_enc", certFromStr2);
                        File file = new File(PathConstants.USER_CERT_KEYSTORE_FILE_PATH + "/" + lowerCase);
                        if (file.exists()) {
                            file.delete();
                        }
                        file.mkdir();
                        FileOutputStream fileOutputStream = new FileOutputStream(PathConstants.USER_CERT_KEYSTORE_FILE_PATH + "/" + lowerCase + "/SignAndEncCert_" + stringRandom + ".bks");
                        generateGMSSLKeyStoreWithBKS.store(fileOutputStream, stringRandom.toCharArray());
                        fileOutputStream.close();
                        HashMap hashMap6 = new HashMap();
                        hashMap6.put("name", "SignAndEncCert_" + stringRandom);
                        hashMap6.put("suffix", "bks");
                        hashMap6.put("buffer", FileUtils.readByBinary(PathConstants.USER_CERT_KEYSTORE_FILE_PATH + lowerCase + "/SignAndEncCert_" + stringRandom + ".bks"));
                        arrayList.add(hashMap6);
                    }
                } catch (Exception e) {
                    this.logger.error("使用密码机生成keyStore失败", (Throwable) e);
                    result.setError(ErrorEnum.USE_HSM_GENERATE_BKS_KEYSTORE_ERROR);
                    return result;
                }
            }
            result.setInfo(arrayList);
            return result;
        } catch (Exception e2) {
            this.logger.info("获取签发证书申请基本信息为空");
            result.setError(ErrorEnum.GET_ISSUE_APPLY_INFO_IS_EMPTY);
            return result;
        }
    }

    public static void main(String[] strArr) throws Exception {
        String read = FileUtils.read("/home/xdja/user_cert/1000000/index.txt");
        System.out.println(read.substring(1));
        System.out.println(read.substring(0, 1));
    }

    @Override // com.xdja.pki.ra.service.manager.certapply.CertApplyService
    public Result issueUserCertByKeyStore(int i, String str, int i2, boolean z) {
        Result result = new Result();
        if (!z) {
            Operator operator = OperatorUtil.getOperator();
            if (operator == null || operator.getCurrUser() == null) {
                result.setError(ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN);
                return result;
            }
            if (!((CurrentAdminInfo) operator.getCurrUser()).getRoleList().contains(Integer.valueOf(Constants.ADMIN_ROLE_OPERATOR_ISSUE_5))) {
                result.setError(ErrorEnum.CURRENT_ADMIN_ROLE_IS_ERROR);
                return result;
            }
        }
        String rAServiceDnName = getRAServiceDnName();
        if (StringUtils.isBlank(rAServiceDnName)) {
            result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        String cAServiceDnName = getCAServiceDnName();
        if (StringUtils.isBlank(cAServiceDnName)) {
            result.setError(ErrorEnum.GET_CA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        CertApplyDO certApplyInfo = this.certApplyDao.getCertApplyInfo(str);
        if (certApplyInfo == null) {
            this.logger.info("不存在当前申请编号对应的申请记录 applyNo:" + str);
            result.setError(ErrorEnum.CANNOT_FIND_APPLY_BY_NO);
            return result;
        }
        result.setLogContent("，证书主体=" + certApplyInfo.getCertDn());
        int intValue = certApplyInfo.getApplyStatus().intValue();
        if (3 != intValue) {
            this.logger.info("当前申请状态不可发起签发 applyStatus:" + intValue);
            result.setError(ErrorEnum.APPLY_STATUS_NOT_SUPPORT_ISSUE_CERT);
            return result;
        }
        String uuid = RandomUtils.getUUID();
        Map<String, String> raMap = ApplyVariable.getRaMap();
        if (CollectionUtils.isEmpty(raMap)) {
            raMap = new HashMap();
            raMap.put(str, uuid);
            ApplyVariable.setRaMap(raMap);
        } else {
            raMap.put(str, uuid);
        }
        this.logger.info("RA缓存applyNo和raTransId的对应关系：" + JsonUtils.object2Json(raMap));
        if (i2 == Constants.CERT_APPLY_TYPE_ISSUE_1) {
            Result issueApplyHandlerByKeyStore = issueApplyHandlerByKeyStore(str, rAServiceDnName, cAServiceDnName, uuid, i, z);
            if (!issueApplyHandlerByKeyStore.isSuccess()) {
                this.logger.info("签发证书申请处理失败");
                raMap.remove(str);
                result.setErrorBean(issueApplyHandlerByKeyStore.getErrorBean());
                return result;
            }
            result.setInfo(issueApplyHandlerByKeyStore.getInfo());
        } else if (i2 == Constants.CERT_APPLY_TYPE_UPDATE_2) {
            Result updateApplyHandlerByKeyStore = updateApplyHandlerByKeyStore(str, rAServiceDnName, cAServiceDnName, uuid, i, z);
            if (!updateApplyHandlerByKeyStore.isSuccess()) {
                this.logger.info("更新证书申请处理失败");
                raMap.remove(str);
                result.setErrorBean(updateApplyHandlerByKeyStore.getErrorBean());
                return result;
            }
            result.setInfo(updateApplyHandlerByKeyStore.getInfo());
        }
        try {
            Integer certPatterm = this.certApplyDao.getCertPatterm(str);
            Map map = (Map) result.getInfo();
            Object obj = "jks";
            if (i == Constants.PFX_PRIVATE_KEY_STORE_TYPE_1) {
                obj = "p12";
            } else if (i == Constants.JKS_PRIVATE_KEY_STORE_TYPE_2) {
                obj = "jks";
            } else if (i == Constants.JKS_PRIVATE_KEY_STORE_TYPE_3) {
                obj = "bks";
            }
            ArrayList arrayList = new ArrayList();
            HashMap hashMap = new HashMap();
            hashMap.put("name", "SignCert_" + new String((byte[]) map.get("signStorePwd")));
            hashMap.put("suffix", obj);
            hashMap.put("buffer", (byte[]) map.get("signStore"));
            arrayList.add(hashMap);
            if (certPatterm.intValue() != SdkConstants.CERT_TYPE_SINGLE_1) {
                HashMap hashMap2 = new HashMap();
                hashMap2.put("name", "EncCert_" + new String((byte[]) map.get("encStorePwd")));
                hashMap2.put("suffix", obj);
                hashMap2.put("buffer", (byte[]) map.get("encStore"));
                arrayList.add(hashMap2);
                if (i == Constants.JKS_PRIVATE_KEY_STORE_TYPE_3) {
                    HashMap hashMap3 = new HashMap();
                    hashMap3.put("name", "signAndEncCert_" + new String((byte[]) map.get("signAndEncPwd")));
                    hashMap3.put("suffix", obj);
                    hashMap3.put("buffer", (byte[]) map.get("signAndEncStore"));
                    arrayList.add(hashMap3);
                }
            }
            result.setInfo(arrayList);
            return result;
        } catch (Exception e) {
            this.logger.info("获取签发证书申请基本信息为空");
            result.setError(ErrorEnum.GET_ISSUE_APPLY_INFO_IS_EMPTY);
            return result;
        }
    }

    @Override // com.xdja.pki.ra.service.manager.certapply.CertApplyService
    public Result formatUserCertInfo(String str) {
        Result result = new Result();
        UserCertInfo userCertInfo = (UserCertInfo) JsonUtils.json2Object(str, UserCertInfo.class);
        ArrayList arrayList = new ArrayList();
        HashMap hashMap = new HashMap();
        hashMap.put("name", "SignCert");
        hashMap.put("suffix", "p7b");
        hashMap.put("buffer", userCertInfo.getSignCert().getBytes());
        arrayList.add(hashMap);
        HashMap hashMap2 = new HashMap();
        hashMap2.put("name", "EncCert");
        hashMap2.put("suffix", "p7b");
        hashMap2.put("buffer", userCertInfo.getEncCert().getBytes());
        arrayList.add(hashMap2);
        HashMap hashMap3 = new HashMap();
        hashMap3.put("name", "EncPrivateKey");
        hashMap3.put("suffix", "pem");
        hashMap3.put("buffer", userCertInfo.getEncPriKey().getBytes());
        arrayList.add(hashMap3);
        result.setInfo(arrayList);
        return result;
    }

    @Override // com.xdja.pki.ra.service.manager.certapply.CertApplyService
    public Result listApplyRecord(String str) {
        Result result = new Result();
        List<ApplyRecordDO> listApplyRecord = this.applyRecordDao.listApplyRecord(str);
        if (CollectionUtils.isEmpty(listApplyRecord)) {
            this.logger.info(str + " 该sn不存在申请记录");
            result.setError(ErrorEnum.SIGN_NO_NOT_HAVE_APPLY_RECORD);
            return result;
        }
        ArrayList arrayList = new ArrayList();
        for (ApplyRecordDO applyRecordDO : listApplyRecord) {
            ApplyRecordVO applyRecordVO = new ApplyRecordVO();
            BeanUtils.copyProperties(applyRecordDO, applyRecordVO);
            applyRecordVO.setGmtCreate(new SimpleDateFormat(DateUtils.FORMAT_ONE).format((Date) applyRecordDO.getGmtCreate()));
            arrayList.add(applyRecordVO);
        }
        result.setInfo(arrayList);
        return result;
    }

    @Override // com.xdja.pki.ra.service.manager.certapply.CertApplyService
    public Result checkUserCertApply(String str, int i, boolean z, String str2, boolean z2) {
        int i2;
        Result result = new Result();
        String rAServiceDnName = getRAServiceDnName();
        if (StringUtils.isBlank(rAServiceDnName)) {
            result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        String cAServiceDnName = getCAServiceDnName();
        if (StringUtils.isBlank(cAServiceDnName)) {
            result.setError(ErrorEnum.GET_CA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        if (!z2) {
            Operator operator = OperatorUtil.getOperator();
            if (operator == null || operator.getCurrUser() == null) {
                result.setError(ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN);
                return result;
            }
            if (!((CurrentAdminInfo) operator.getCurrUser()).getRoleList().contains(Integer.valueOf(Constants.ADMIN_ROLE_OPERATOR_AUDIT_4))) {
                result.setError(ErrorEnum.CURRENT_ADMIN_ROLE_IS_ERROR);
                return result;
            }
        }
        CertApplyDO certApplyInfo = this.certApplyDao.getCertApplyInfo(str, Integer.valueOf(i));
        if (certApplyInfo == null) {
            this.logger.info("该申请类型下不存在当前申请编号对应的申请记录 applyNo:" + str);
            result.setError(ErrorEnum.CANNOT_FIND_APPLY_BY_NO);
            return result;
        }
        BaseUserDO baseUserInfo = this.baseUserDao.getBaseUserInfo(certApplyInfo.getUserId().longValue());
        if (baseUserInfo.getId() != null) {
            result.setLogContent("，用户ID=" + baseUserInfo.getId());
        }
        result.setLogContent(result.getLogContent() + "，证书主体=" + certApplyInfo.getCertDn());
        if (1 != certApplyInfo.getApplyStatus().intValue()) {
            this.logger.info("当前申请状态不是待审核状态 status:" + certApplyInfo.getApplyStatus());
            result.setError(ErrorEnum.CERT_APPLY_TYPE_IS_NOT_NO_CHECK_1);
            return result;
        }
        if (!z || Constants.CERT_APPLY_TYPE_REVOKE_3 == i) {
            if (z && Constants.CERT_APPLY_TYPE_REVOKE_3 == i) {
                RevokeApplyDTO revokeApplyDTO = null;
                try {
                    revokeApplyDTO = this.revokeApplyDao.getRevokeApplyInfoByApplyNo(str);
                } catch (EmptyResultDataAccessException e) {
                    this.logger.info("getRevokeApplyInfo.applyNo:" + str + " 查询撤销证书申请实体为空");
                }
                if (revokeApplyDTO == null) {
                    this.logger.info("获取撤销证书申请详细信息为空");
                    result.setError(ErrorEnum.GET_REVOKE_APPLY_INFO_IS_EMPTY);
                    return result;
                }
                this.certApplyService.insertCertApplyRecord(Constants.CERT_APPLY_TYPE_REVOKE_3, Constants.OPERATE_TYPE_CHECK_3, str, 0, str2, Constants.CERT_APPLY_OPERATE_TYPE_CHECK_SUCCESS_4, false, z2);
                Result revokeUserCert = this.certLifeCycleManager.revokeUserCert(rAServiceDnName, cAServiceDnName, str, revokeApplyDTO.getSignSn(), revokeApplyDTO.getCertDn(), revokeApplyDTO.getRevokeReason().intValue(), revokeApplyDTO.getApplyReason());
                if (revokeUserCert.isSuccess()) {
                    i2 = 7;
                    this.certApplyService.insertCertApplyRecord(Constants.CERT_APPLY_TYPE_REVOKE_3, Constants.OPERATE_TYPE_REVOKE_4, str, 7, revokeApplyDTO.getApplyReason(), Constants.CERT_APPLY_OPERATE_TYPE_REVOKE_SUCCESS_6, false, z2);
                    Result updateUserCertStatus = this.userCertService.updateUserCertStatus(Constants.CERT_STATUS_REVOKED_3, revokeApplyDTO.getSignSn());
                    if (!updateUserCertStatus.isSuccess()) {
                        this.logger.info("更新证书状态错误:" + JsonUtils.object2Json(updateUserCertStatus));
                        result.setError(updateUserCertStatus.getError());
                        throw new RuntimeException();
                    }
                } else {
                    this.logger.info("发起证书撤销失败 errorCode:" + revokeUserCert.getErrorBean().getErrCode());
                    result.setErrorBean(revokeUserCert.getErrorBean());
                    i2 = 6;
                    this.certApplyService.insertCertApplyRecord(Constants.CERT_APPLY_TYPE_REVOKE_3, Constants.OPERATE_TYPE_REVOKE_4, str, 6, "证书撤销失败code:" + revokeUserCert.getErrorBean().getErrCode(), Constants.CERT_APPLY_OPERATE_TYPE_REVOKE_FAIL_5, false, z2);
                }
                Result updateCertApplyInfo = this.certApplyService.updateCertApplyInfo(null, str, i2, null);
                if (!updateCertApplyInfo.isSuccess()) {
                    result.setError(updateCertApplyInfo.getError());
                    return result;
                }
            } else if (!z) {
                int i3 = Constants.CERT_APPLY_OPERATE_TYPE_CHECK_FAIL_3;
                result = this.certApplyService.updateCertApplyInfo(null, str, 2, null);
                if (!result.isSuccess()) {
                    return result;
                }
                this.certApplyService.insertCertApplyRecord(i, Constants.OPERATE_TYPE_CHECK_3, str, 2, str2, i3, false, z2);
            }
        } else {
            if (baseUserInfo == null || baseUserInfo.getStatus().intValue() == Constants.USER_STATUS_STOP_1) {
                this.logger.info("当前申请状态不是待审核状态 status:" + certApplyInfo.getApplyStatus());
                result.setError(ErrorEnum.USER_STATUS_CANNOT_CHECK_PASS);
                return result;
            }
            int i4 = Constants.CERT_APPLY_OPERATE_TYPE_CHECK_SUCCESS_4;
            result = this.certApplyService.updateCertApplyInfo(null, str, 3, null);
            if (!result.isSuccess()) {
                return result;
            }
            this.certApplyService.insertCertApplyRecord(i, Constants.OPERATE_TYPE_CHECK_3, str, 3, str2, i4, false, z2);
        }
        return result;
    }

    @Override // com.xdja.pki.ra.service.manager.certapply.CertApplyService
    @Transactional
    public Result issueUserCertResp(String str, boolean z) {
        Result result = new Result();
        String rAServiceDnName = getRAServiceDnName();
        if (StringUtils.isBlank(rAServiceDnName)) {
            result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        if (!z) {
            Operator operator = OperatorUtil.getOperator();
            if (operator == null || operator.getCurrUser() == null) {
                result.setError(ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN);
                return result;
            }
            if (!((CurrentAdminInfo) operator.getCurrUser()).getRoleList().contains(Integer.valueOf(Constants.ADMIN_ROLE_OPERATOR_ISSUE_5))) {
                result.setError(ErrorEnum.CURRENT_ADMIN_ROLE_IS_ERROR);
                return result;
            }
        }
        String cAServiceDnName = getCAServiceDnName();
        if (StringUtils.isBlank(cAServiceDnName)) {
            result.setError(ErrorEnum.GET_CA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        Map<String, String> raMap = ApplyVariable.getRaMap();
        if (CollectionUtils.isEmpty(raMap)) {
            this.logger.info("获取本地缓存申请信息为空");
            result.setError(ErrorEnum.GET_LOCAL_CACHE_APPLY_INFO_IS_EMPTY);
        }
        String str2 = raMap.get(str);
        CertApplyDO certApplyInfo = this.certApplyDao.getCertApplyInfo(str);
        if (certApplyInfo == null) {
            this.logger.info("不存在当前申请编号对应的申请记录 applyNo:" + str);
            result.setError(ErrorEnum.CANNOT_FIND_APPLY_BY_NO);
            return result;
        }
        Result issueCertResp = this.certLifeCycleManager.issueCertResp(rAServiceDnName, cAServiceDnName, Constants.APPLY_USER_TYPE_NORMAL_USER_1, str2);
        if (!issueCertResp.isSuccess()) {
            Result updateCertApplyInfo = this.certApplyService.updateCertApplyInfo(certApplyInfo.getCertDn(), str, 4, certApplyInfo.getTempId());
            if (updateCertApplyInfo.getCode() != 0) {
                this.logger.info("操作签发证书确认消息失败:" + JsonUtils.object2Json(updateCertApplyInfo));
                throw new RuntimeException();
            }
            raMap.remove(str);
            this.certApplyService.insertCertApplyRecord(certApplyInfo.getApplyType().intValue(), Constants.OPERATE_TYPE_ISSUE_5, str, 4, issueCertResp.getErrorBean().getErrMsg(), Constants.CERT_APPLY_OPERATE_TYPE_ISSUE_FAIL_7, false, z);
            this.logger.info("签发证书确认消息出错");
            result.setErrorBean(issueCertResp.getErrorBean());
            return result;
        }
        raMap.remove(str);
        if (Constants.CERT_APPLY_TYPE_UPDATE_2 == certApplyInfo.getApplyType().intValue()) {
            UpdateApplyDTO updateApplyDTO = null;
            try {
                updateApplyDTO = this.updateApplyDao.getUpdateApplyInfoByApplyNo(str);
            } catch (EmptyResultDataAccessException e) {
                this.logger.info("getUpdateApplyInfoByApplyNo.applyNo:" + str + " 查询更新证书申请实体为空");
            }
            if (updateApplyDTO == null) {
                this.logger.info("获取更新证书申请基本信息为空");
                result.setError(ErrorEnum.GET_UPDATE_APPLY_INFO_IS_EMPTY);
                return result;
            }
            try {
                this.userCertDao.updateUserCertStatus(Constants.CERT_STATUS_REVOKED_3, updateApplyDTO.getSignSn());
            } catch (Exception e2) {
                this.logger.error("更新用户证书状态异常{}", (Throwable) e2);
                throw new RuntimeException();
            }
        }
        this.certApplyService.insertCertApplyRecord(Constants.CERT_APPLY_TYPE_ISSUE_1, Constants.OPERATE_TYPE_ISSUE_5, str, 5, "用户证书-成功签发", Constants.CERT_APPLY_OPERATE_TYPE_ISSUE_SUCCESS_8, false, z);
        try {
            String certSnByApplyNo = this.certApplyDao.getCertSnByApplyNo(str);
            StringBuilder sb = new StringBuilder();
            sb.append("，证书的SN=" + certSnByApplyNo);
            result.setLogContent(sb.toString());
            Result updateUserCertStatus = this.userCertService.updateUserCertStatus(Constants.CERT_STATUS_NORMAL_1, certSnByApplyNo);
            if (!updateUserCertStatus.isSuccess()) {
                result.setError(updateUserCertStatus.getError());
                return result;
            }
            result.setLogContent(sb.append("，证书主体=" + certApplyInfo.getCertDn()).toString());
            Result updateCertApplyInfo2 = this.certApplyService.updateCertApplyInfo(certApplyInfo.getCertDn(), str, 5, certApplyInfo.getTempId());
            if (updateCertApplyInfo2.getCode() == 0) {
                return result;
            }
            this.logger.info("操作签发失败:" + JsonUtils.object2Json(updateCertApplyInfo2));
            throw new RuntimeException();
        } catch (Exception e3) {
            this.logger.error("根据申请编号{}，未找到对应的签发证书sn", str);
            result.setError(ErrorEnum.CANNOT_GET_CERT_SN_BY_APPLY_NO);
            return result;
        }
    }

    @Override // com.xdja.pki.ra.service.manager.certapply.CertApplyService
    public Result getUserCertStatus(String str) {
        Result result = new Result();
        try {
            String certSnByApplyNo = this.certApplyDao.getCertSnByApplyNo(str);
            Result certStatus = this.caBusinessManager.getCertStatus(certSnByApplyNo);
            if (!certStatus.isSuccess()) {
                return certStatus;
            }
            int intValue = ((Integer) certStatus.getInfo()).intValue();
            if (intValue != Constants.CERT_STATUS_NO_CONFIRM_0) {
                try {
                    this.userCertDao.updateUserCertStatus(intValue, certSnByApplyNo);
                } catch (Exception e) {
                    this.logger.error("更新用户证书状态异常{}", (Throwable) e);
                    result.setError(ErrorEnum.UPDATE_USER_CERT_STATUS_EXCEPTION);
                    return result;
                }
            }
            result.setInfo(Integer.valueOf(intValue));
            return result;
        } catch (Exception e2) {
            this.logger.error("根据申请编号{}，未找到对应的签发证书sn", str);
            result.setError(ErrorEnum.CANNOT_GET_CERT_SN_BY_APPLY_NO);
            return result;
        }
    }

    @Override // com.xdja.pki.ra.service.manager.certapply.CertApplyService
    public Result genErrorMsgContent(String str, int i, String str2, boolean z) {
        Result result = new Result();
        if (!z) {
            Operator operator = OperatorUtil.getOperator();
            if (operator == null || operator.getCurrUser() == null) {
                result.setError(ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN);
                return result;
            }
            if (!((CurrentAdminInfo) operator.getCurrUser()).getRoleList().contains(Integer.valueOf(Constants.ADMIN_ROLE_OPERATOR_ISSUE_5))) {
                result.setError(ErrorEnum.CURRENT_ADMIN_ROLE_IS_ERROR);
                return result;
            }
        }
        String rAServiceDnName = getRAServiceDnName();
        if (StringUtils.isBlank(rAServiceDnName)) {
            result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        String cAServiceDnName = getCAServiceDnName();
        if (StringUtils.isBlank(cAServiceDnName)) {
            result.setError(ErrorEnum.GET_CA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        Map<String, String> raMap = ApplyVariable.getRaMap();
        if (CollectionUtils.isEmpty(raMap)) {
            this.logger.info("获取本地缓存申请信息为空");
            result.setError(ErrorEnum.GET_LOCAL_CACHE_APPLY_INFO_IS_EMPTY);
        }
        String str3 = raMap.get(str);
        CertApplyDO certApplyInfo = this.certApplyDao.getCertApplyInfo(str);
        if (certApplyInfo == null) {
            this.logger.info("不存在当前申请编号对应的申请记录 applyNo:" + str);
            result.setError(ErrorEnum.CANNOT_FIND_APPLY_BY_NO);
            return result;
        }
        Result sendErrorCMPMessage = this.certLifeCycleManager.sendErrorCMPMessage(rAServiceDnName, cAServiceDnName, Constants.APPLY_USER_TYPE_NORMAL_USER_1, str3, i, str2);
        if (sendErrorCMPMessage.isSuccess()) {
            Result updateCertApplyInfo = this.certApplyService.updateCertApplyInfo(certApplyInfo.getCertDn(), str, 4, certApplyInfo.getTempId());
            if (updateCertApplyInfo.getCode() != 0) {
                this.logger.info("操作签发证书确认消息失败:" + JsonUtils.object2Json(updateCertApplyInfo));
                throw new RuntimeException();
            }
            this.certApplyService.insertCertApplyRecord(certApplyInfo.getApplyType().intValue(), Constants.OPERATE_TYPE_ISSUE_5, str, 4, str2, Constants.CERT_APPLY_OPERATE_TYPE_ISSUE_FAIL_7, false, z);
            return result;
        }
        Result updateCertApplyInfo2 = this.certApplyService.updateCertApplyInfo(certApplyInfo.getCertDn(), str, 4, certApplyInfo.getTempId());
        if (updateCertApplyInfo2.getCode() != 0) {
            this.logger.info("操作签发证书确认消息失败:" + JsonUtils.object2Json(updateCertApplyInfo2));
            throw new RuntimeException();
        }
        this.certApplyService.insertCertApplyRecord(certApplyInfo.getApplyType().intValue(), Constants.OPERATE_TYPE_ISSUE_5, str, 4, sendErrorCMPMessage.getErrorBean().getErrMsg(), Constants.CERT_APPLY_OPERATE_TYPE_ISSUE_FAIL_7, false, z);
        this.logger.info("错误确认消息出错：" + JsonUtils.object2Json(sendErrorCMPMessage));
        result.setErrorBean(sendErrorCMPMessage.getErrorBean());
        return result;
    }

    private Result insertUserCertInfo(long j, long j2, long j3, String str, String str2, int i, UserCertInfo userCertInfo) {
        Result result = new Result();
        String signCert = userCertInfo.getSignCert();
        if (StringUtils.isBlank(signCert)) {
            this.logger.info("CA返回的用户证书信息中，签名证书为空");
            result.setError(ErrorEnum.CA_RESPONSE_USER_SIGN_CERT_INFO_IS_EMPTY);
            return result;
        }
        X509Certificate certFromStr = CertUtils.getCertFromStr(signCert);
        if (certFromStr == null) {
            this.logger.info("CA返回的用户证书信息中，签名证书错误");
            result.setError(ErrorEnum.CA_RESPONSE_USER_SIGN_CERT_ERROR);
            return result;
        }
        long time = new Date().getTime();
        UserCertDO userCertDO = new UserCertDO();
        userCertDO.setPairCertIndex(Long.valueOf(time));
        if (StringUtils.isBlank(userCertInfo.getEncCert())) {
            userCertDO.setCertType(Integer.valueOf(Constants.CERT_TYPE_SINGLE_1));
        } else {
            userCertDO.setCertType(Integer.valueOf(Constants.CERT_TYPE_SIGN_2));
        }
        userCertDO.setCertStatus(Integer.valueOf(Constants.CERT_STATUS_NO_CONFIRM_0));
        userCertDO.setUserId(Long.valueOf(j));
        userCertDO.setApplyId(Long.valueOf(j2));
        userCertDO.setTempId(Long.valueOf(j3));
        userCertDO.setTempNo(str);
        userCertDO.setSignAlg(str2);
        userCertDO.setPrivateKeyLength(Integer.valueOf(i));
        CaCertDO newCaCertInfo = this.caCertDao.getNewCaCertInfo();
        if (newCaCertInfo == null) {
            this.logger.info("获取CA证书信息为空");
            result.setError(ErrorEnum.GET_CA_CERT_INFO_IS_EMPTY);
            return result;
        }
        userCertDO.setCaCertId(newCaCertInfo.getId());
        userCertDO.setCertSn(certFromStr.getSerialNumber().toString(16).toLowerCase());
        userCertDO.setCertDn(certFromStr.getSubjectX500Principal().getName());
        Date notBefore = certFromStr.getNotBefore();
        Date notAfter = certFromStr.getNotAfter();
        userCertDO.setEffectiveTime(new Timestamp(notBefore.getTime()));
        userCertDO.setFailureTime(new Timestamp(notAfter.getTime()));
        int time2 = (int) ((notAfter.getTime() - notBefore.getTime()) / 86400000);
        userCertDO.setCertValidity(Integer.valueOf(time2));
        int time3 = (int) ((newCaCertInfo.getFailureTime().getTime() - notBefore.getTime()) / 86400000);
        userCertDO.setEncKeyValidity(Integer.valueOf(time3));
        Date date = new Date();
        userCertDO.setGmtCreate(new Timestamp(date.getTime()));
        userCertDO.setGmtUpdate(new Timestamp(date.getTime()));
        UserCertDO insertUserCertInfo = this.userCertDao.insertUserCertInfo(userCertDO);
        String encCert = userCertInfo.getEncCert();
        if (StringUtils.isNotBlank(encCert)) {
            UserCertDO userCertDO2 = new UserCertDO();
            userCertDO2.setPairCertIndex(Long.valueOf(time));
            userCertDO2.setCertType(Integer.valueOf(Constants.CERT_TYPE_ENC_3));
            userCertDO2.setCertStatus(Integer.valueOf(Constants.CERT_STATUS_NO_CONFIRM_0));
            userCertDO2.setUserId(Long.valueOf(j));
            userCertDO2.setApplyId(Long.valueOf(j2));
            userCertDO2.setTempId(Long.valueOf(j3));
            userCertDO2.setTempNo(str);
            userCertDO2.setSignAlg(str2);
            userCertDO2.setPrivateKeyLength(Integer.valueOf(i));
            userCertDO2.setCaCertId(newCaCertInfo.getId());
            userCertDO2.setEffectiveTime(new Timestamp(notBefore.getTime()));
            userCertDO2.setFailureTime(new Timestamp(notAfter.getTime()));
            userCertDO2.setCertValidity(Integer.valueOf(time2));
            userCertDO2.setEncKeyValidity(Integer.valueOf(time3));
            X509Certificate certFromStr2 = CertUtils.getCertFromStr(encCert);
            if (certFromStr2 == null) {
                this.logger.info("CA返回的用户证书信息中，加密证书错误");
                result.setError(ErrorEnum.CA_RESPONSE_USER_ENC_CERT_ERROR);
                return result;
            }
            userCertDO2.setGmtCreate(new Timestamp(date.getTime()));
            userCertDO2.setGmtUpdate(new Timestamp(date.getTime()));
            userCertDO2.setCertDn(certFromStr2.getSubjectX500Principal().getName());
            userCertDO2.setCertSn(certFromStr2.getSerialNumber().toString(16).toLowerCase());
            userCertDO2.setSignCertSn(insertUserCertInfo.getCertSn());
            try {
                this.userCertDao.insertUserCertInfo(userCertDO2);
            } catch (Exception e) {
                this.logger.info("手动处理manager层的插入异常");
                this.userCertDao.deleteUserCert(insertUserCertInfo.getId().longValue());
            }
        }
        return result;
    }

    private Result issueApplyHandler(Integer num, String str, Integer num2, String str2, String str3, byte[] bArr, String str4, String str5, String str6, int i, boolean z, boolean z2) {
        byte[] encoded;
        Result result = new Result();
        try {
            IssueApplyDTO issueApplyInfoByApplyNo = this.issueApplyDao.getIssueApplyInfoByApplyNo(str2);
            int intValue = issueApplyInfoByApplyNo.getCertValidity().intValue();
            String signAlg = issueApplyInfoByApplyNo.getSignAlg();
            String tempNo = issueApplyInfoByApplyNo.getTempNo();
            String str7 = null;
            if (StringUtils.isNotBlank(issueApplyInfoByApplyNo.getTempParas())) {
                str7 = issueApplyInfoByApplyNo.getTempParas();
            }
            String certDn = issueApplyInfoByApplyNo.getCertDn();
            if (z) {
                encoded = bArr;
            } else {
                try {
                    String str8 = new String(bArr);
                    PublicKey p10ToPublicKey = SdkP10Utils.p10ToPublicKey(str8);
                    encoded = p10ToPublicKey.getEncoded();
                    this.logger.info("签发申请，申请书中的用户DN为：" + SdkP10Utils.p10ToCertDn(str8));
                    String str9 = p10ToPublicKey.getAlgorithm().equalsIgnoreCase("RSA") ? "RSA" : "SM2";
                    this.logger.info("签发申请，申请书中的用户密钥算法为：" + str9);
                    if (!str9.equalsIgnoreCase(CommonVariable.getKeyAlgName())) {
                        this.logger.info("用户证书秘钥算法和当前系统密钥算法不一致");
                        result.setError(ErrorEnum.USER_CERT_KEY_ALG_NOT_SAME_WITH_SYSTEM);
                        return result;
                    }
                    X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(SubjectPublicKeyInfo.getInstance(p10ToPublicKey.getEncoded()).toASN1Primitive().getEncoded("DER"));
                    if (str9.equalsIgnoreCase(Constants.KEY_ALG_NAME_SM2)) {
                        this.logger.info("签发时证书密钥算法长度为:" + KeyFactory.getInstance("EC", "BC").generatePublic(x509EncodedKeySpec).getW().getAffineX().bitLength());
                        if (issueApplyInfoByApplyNo.getPrivateKeyLength().intValue() != 256) {
                            this.logger.info("用户证书秘钥算法长度和申请时的秘钥长度不一致");
                            result.setError(ErrorEnum.USER_CERT_KEY_ALG_LENGTH_NOT_SAME_WITH_APPLY);
                            return result;
                        }
                    } else {
                        if (issueApplyInfoByApplyNo.getPrivateKeyLength().intValue() != KeyFactory.getInstance("RSA", "BC").generatePublic(x509EncodedKeySpec).getModulus().bitLength()) {
                            this.logger.info("用户证书秘钥算法长度和申请时的秘钥长度不一致");
                            result.setError(ErrorEnum.USER_CERT_KEY_ALG_LENGTH_NOT_SAME_WITH_APPLY);
                            return result;
                        }
                    }
                } catch (Exception e) {
                    this.logger.info("从P10中获取公钥信息异常：{}", (Throwable) e);
                    result.setError(ErrorEnum.GET_PUBLIC_KEY_FROM_P10_EXCEPTION);
                    return result;
                }
            }
            Result issueUserCert = this.certLifeCycleManager.issueUserCert(str2, str3, encoded, str4, str5, str6, tempNo, str7, signAlg, intValue, certDn);
            if (!issueUserCert.isSuccess()) {
                Result updateCertApplyInfo = this.certApplyService.updateCertApplyInfo(issueApplyInfoByApplyNo.getCertDn(), str2, 4, issueApplyInfoByApplyNo.getTempId());
                if (updateCertApplyInfo.getCode() != 0) {
                    this.logger.info("操作签发失败:" + JsonUtils.object2Json(updateCertApplyInfo));
                    throw new RuntimeException();
                }
                this.certApplyService.insertCertApplyRecord(Constants.CERT_APPLY_TYPE_ISSUE_1, Constants.OPERATE_TYPE_ISSUE_5, str2, 4, issueUserCert.getErrorBean().getErrMsg(), Constants.CERT_APPLY_OPERATE_TYPE_ISSUE_FAIL_7, false, z);
                this.logger.info("调用CA，签发证书失败");
                result.setErrorBean(issueUserCert.getErrorBean());
                return result;
            }
            UserCertInfo userCertInfo = (UserCertInfo) issueUserCert.getInfo();
            Result insertUserCertInfo = insertUserCertInfo(issueApplyInfoByApplyNo.getUserId().longValue(), issueApplyInfoByApplyNo.getApplyId().longValue(), issueApplyInfoByApplyNo.getTempId().longValue(), issueApplyInfoByApplyNo.getTempNo(), signAlg, issueApplyInfoByApplyNo.getPrivateKeyLength().intValue(), userCertInfo);
            if (!insertUserCertInfo.isSuccess()) {
                this.logger.info("将用户证书插入数据库失败");
                result.setError(insertUserCertInfo.getError());
                return result;
            }
            if (i == Constants.APPLY_CERT_TYPE_BY_UKEY_1 || z || num2.intValue() == Constants.P10_ISSUE_TYPE_BKS_5) {
                result.setInfo(userCertInfo);
                return result;
            }
            ArrayList arrayList = new ArrayList(CommonVariable.getTrustCaCerts());
            try {
                X509Certificate certFromStr = CertUtils.getCertFromStr(userCertInfo.getSignCert());
                arrayList.add(certFromStr);
                userCertInfo.setSignCert(SignedDataUtils.createCertChainByCerts(arrayList));
                if (issueApplyInfoByApplyNo.getCertPatterm().intValue() != SdkConstants.CERT_TYPE_SINGLE_1) {
                    arrayList.remove(certFromStr);
                    arrayList.add(CertUtils.getCertFromStr(userCertInfo.getEncCert()));
                    userCertInfo.setEncCert(SignedDataUtils.createCertChainByCerts(arrayList));
                }
                result.setInfo(userCertInfo);
                return result;
            } catch (Exception e2) {
                this.logger.error("sdk接口-封装证书链异常", (Throwable) e2);
                result.setError(ErrorEnum.BUILD_TRAIN_CERT_P7b_IS_ERROR);
                return result;
            }
        } catch (Exception e3) {
            this.logger.info("获取签发证书申请基本信息为空");
            result.setError(ErrorEnum.GET_ISSUE_APPLY_INFO_IS_EMPTY);
            return result;
        }
    }

    private Result updateApplyHandler(Integer num, String str, Integer num2, String str2, String str3, byte[] bArr, String str4, String str5, String str6, int i, boolean z, boolean z2) {
        Result result = new Result();
        UpdateApplyDTO updateApplyDTO = null;
        try {
            updateApplyDTO = this.updateApplyDao.getUpdateApplyInfoByApplyNo(str2);
        } catch (EmptyResultDataAccessException e) {
            this.logger.info("getUpdateApplyInfo.applyNo:" + str2 + " 查询更新证书申请实体为空");
        }
        if (updateApplyDTO == null) {
            this.logger.info("获取更新证书申请基本信息为空");
            result.setError(ErrorEnum.GET_UPDATE_APPLY_INFO_IS_EMPTY);
            return result;
        }
        int i2 = 0;
        if (updateApplyDTO.isUpdateValidity()) {
            i2 = updateApplyDTO.getCertValidity().intValue();
        }
        String tempNo = updateApplyDTO.getTempNo();
        String str7 = null;
        if (StringUtils.isNotBlank(updateApplyDTO.getTempParas())) {
            str7 = updateApplyDTO.getTempParas();
        }
        byte[] bArr2 = null;
        if (z) {
            if (!updateApplyDTO.isUpdateKey()) {
                this.logger.info("在线更新申请不更新秘钥");
                bArr2 = null;
            } else {
                if (bArr == null) {
                    this.logger.info("更新密钥时，必须上传p10文件");
                    result.setError(ErrorEnum.UPDATE_KEY_NEED_P10_FILE);
                    return result;
                }
                this.logger.info("在线更新申请更新秘钥");
                bArr2 = bArr;
            }
        } else if (updateApplyDTO.isUpdateKey()) {
            try {
                String str8 = new String(bArr);
                PublicKey p10ToPublicKey = SdkP10Utils.p10ToPublicKey(str8);
                if (p10ToPublicKey == null) {
                    this.logger.info("更新密钥时，必须上传p10文件");
                    result.setError(ErrorEnum.UPDATE_KEY_NEED_P10_FILE);
                    return result;
                }
                bArr2 = p10ToPublicKey.getEncoded();
                this.logger.info("更新申请，申请书中的用户DN为：" + SdkP10Utils.p10ToCertDn(str8));
                String str9 = p10ToPublicKey.getAlgorithm().equalsIgnoreCase("RSA") ? "RSA" : "SM2";
                this.logger.info("签发申请，申请书中的用户密钥算法为：" + str9);
                if (!str9.equalsIgnoreCase(CommonVariable.getKeyAlgName())) {
                    this.logger.info("用户证书秘钥算法和当前系统密钥算法不一致");
                    result.setError(ErrorEnum.USER_CERT_KEY_ALG_NOT_SAME_WITH_SYSTEM);
                    return result;
                }
                X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(SubjectPublicKeyInfo.getInstance(p10ToPublicKey.getEncoded()).toASN1Primitive().getEncoded("DER"));
                if (str9.equalsIgnoreCase(Constants.KEY_ALG_NAME_SM2)) {
                    this.logger.info("更新时证书密钥算法长度为:" + KeyFactory.getInstance("EC", "BC").generatePublic(x509EncodedKeySpec).getW().getAffineX().bitLength());
                    if (updateApplyDTO.getPrivateKeyLength().intValue() != 256) {
                        this.logger.info("用户证书秘钥算法长度和申请时的秘钥长度不一致");
                        result.setError(ErrorEnum.USER_CERT_KEY_ALG_LENGTH_NOT_SAME_WITH_APPLY);
                        return result;
                    }
                } else {
                    if (updateApplyDTO.getPrivateKeyLength().intValue() != KeyFactory.getInstance("RSA", "BC").generatePublic(x509EncodedKeySpec).getModulus().bitLength()) {
                        this.logger.info("用户证书秘钥算法长度和申请时的秘钥长度不一致");
                        result.setError(ErrorEnum.USER_CERT_KEY_ALG_LENGTH_NOT_SAME_WITH_APPLY);
                        return result;
                    }
                }
            } catch (Exception e2) {
                this.logger.info("从P10中获取公钥信息异常：{}", (Throwable) e2);
                result.setError(ErrorEnum.GET_PUBLIC_KEY_FROM_P10_EXCEPTION);
                return result;
            }
        }
        Result updateUserCert = this.certLifeCycleManager.updateUserCert(str2, str3, bArr2, str4, str5, str6, tempNo, str7, updateApplyDTO.getSignAlg(), i2, updateApplyDTO.getCertDn(), updateApplyDTO.getSignSn(), updateApplyDTO.isUpdateKey());
        if (!updateUserCert.isSuccess()) {
            Result updateCertApplyInfo = this.certApplyService.updateCertApplyInfo(updateApplyDTO.getCertDn(), str2, 4, updateApplyDTO.getTempId());
            if (updateCertApplyInfo.getCode() != 0) {
                this.logger.info("操作签发失败:" + JsonUtils.object2Json(updateCertApplyInfo));
                throw new RuntimeException();
            }
            this.certApplyService.insertCertApplyRecord(Constants.CERT_APPLY_TYPE_UPDATE_2, Constants.OPERATE_TYPE_ISSUE_5, str2, 4, updateApplyDTO.getApplyReason(), Constants.CERT_APPLY_OPERATE_TYPE_ISSUE_FAIL_7, false, z);
            this.logger.info("调用CA，更新证书失败");
            result.setErrorBean(updateUserCert.getErrorBean());
            return result;
        }
        UserCertInfo userCertInfo = (UserCertInfo) updateUserCert.getInfo();
        if (!insertUserCertInfo(updateApplyDTO.getUserId().longValue(), updateApplyDTO.getApplyId().longValue(), updateApplyDTO.getTempId().longValue(), updateApplyDTO.getTempNo(), updateApplyDTO.getSignAlg(), updateApplyDTO.getPrivateKeyLength().intValue(), userCertInfo).isSuccess()) {
            this.logger.info("将用户证书插入数据库失败");
            throw new RuntimeException();
        }
        if (i == Constants.APPLY_CERT_TYPE_BY_UKEY_1 || z || num2.intValue() == Constants.P10_ISSUE_TYPE_BKS_5) {
            result.setInfo(userCertInfo);
            return result;
        }
        ArrayList arrayList = new ArrayList(CommonVariable.getTrustCaCerts());
        X509Certificate certFromStr = CertUtils.getCertFromStr(userCertInfo.getSignCert());
        arrayList.add(certFromStr);
        try {
            userCertInfo.setSignCert(SignedDataUtils.createCertChainByCerts(arrayList));
            if (updateApplyDTO.getCertPatterm().intValue() != SdkConstants.CERT_TYPE_SINGLE_1) {
                arrayList.remove(certFromStr);
                arrayList.add(CertUtils.getCertFromStr(userCertInfo.getEncCert()));
                userCertInfo.setEncCert(SignedDataUtils.createCertChainByCerts(arrayList));
            }
            result.setInfo(userCertInfo);
            return result;
        } catch (Exception e3) {
            this.logger.error("sdk接口-封装证书链异常", (Throwable) e3);
            result.setError(ErrorEnum.BUILD_TRAIN_CERT_P7b_IS_ERROR);
            return result;
        }
    }

    private Result issueApplyHandlerByKeyStore(String str, String str2, String str3, String str4, int i, boolean z) {
        Result result = new Result();
        try {
            IssueApplyDTO issueApplyInfoByApplyNo = this.issueApplyDao.getIssueApplyInfoByApplyNo(str);
            int intValue = issueApplyInfoByApplyNo.getCertValidity().intValue();
            String signAlg = issueApplyInfoByApplyNo.getSignAlg();
            String tempNo = issueApplyInfoByApplyNo.getTempNo();
            String tempParas = StringUtils.isNotBlank(issueApplyInfoByApplyNo.getTempParas()) ? issueApplyInfoByApplyNo.getTempParas() : null;
            String certDn = issueApplyInfoByApplyNo.getCertDn();
            String keyAlg = issueApplyInfoByApplyNo.getKeyAlg();
            int intValue2 = issueApplyInfoByApplyNo.getPrivateKeyLength().intValue();
            this.logger.info("密钥算法：" + keyAlg + " 密钥长度：" + intValue2);
            try {
                KeyPair genKeyPair = KeyUtils.genKeyPair(keyAlg, intValue2);
                Result issueUserCert = this.certLifeCycleManager.issueUserCert(str, null, genKeyPair.getPublic().getEncoded(), str2, str3, str4, tempNo, tempParas, signAlg, intValue, certDn);
                if (!issueUserCert.isSuccess()) {
                    Result updateCertApplyInfo = this.certApplyService.updateCertApplyInfo(issueApplyInfoByApplyNo.getCertDn(), str, 4, issueApplyInfoByApplyNo.getTempId());
                    if (updateCertApplyInfo.getCode() != 0) {
                        this.logger.info("操作签发失败:" + JsonUtils.object2Json(updateCertApplyInfo));
                        throw new RuntimeException();
                    }
                    this.certApplyService.insertCertApplyRecord(Constants.CERT_APPLY_TYPE_ISSUE_1, Constants.OPERATE_TYPE_ISSUE_5, str, 4, issueUserCert.getErrorBean().getErrMsg(), Constants.CERT_APPLY_OPERATE_TYPE_ISSUE_FAIL_7, false, z);
                    this.logger.info("调用CA，签发证书失败");
                    result.setErrorBean(issueUserCert.getErrorBean());
                    return result;
                }
                UserCertInfo userCertInfo = (UserCertInfo) issueUserCert.getInfo();
                Result insertUserCertInfo = insertUserCertInfo(issueApplyInfoByApplyNo.getUserId().longValue(), issueApplyInfoByApplyNo.getApplyId().longValue(), issueApplyInfoByApplyNo.getTempId().longValue(), issueApplyInfoByApplyNo.getTempNo(), signAlg, issueApplyInfoByApplyNo.getPrivateKeyLength().intValue(), userCertInfo);
                if (!insertUserCertInfo.isSuccess()) {
                    this.logger.info("将用户证书插入数据库失败");
                    result.setError(insertUserCertInfo.getError());
                    return result;
                }
                PrivateKey privateKey = null;
                if (issueApplyInfoByApplyNo.getCertPatterm().intValue() != SdkConstants.CERT_TYPE_SINGLE_1) {
                    try {
                        this.logger.info("签名私钥：" + Base64.toBase64String(genKeyPair.getPrivate().getEncoded()) + " 私钥信封：" + userCertInfo.getEncPriKey());
                        String dataFromSignedAndEnvelopedDataByBc = CertUtils.getDataFromSignedAndEnvelopedDataByBc(genKeyPair.getPrivate().getEncoded(), userCertInfo.getEncPriKey().getBytes(), CommonVariable.getKeyAlgName());
                        this.logger.info("加密私钥：" + dataFromSignedAndEnvelopedDataByBc);
                        byte[] decode = Base64.decode(dataFromSignedAndEnvelopedDataByBc);
                        if (CommonVariable.getKeyAlgName().equalsIgnoreCase(Constants.KEY_ALG_NAME_SM2)) {
                            byte[] bArr = new byte[32];
                            System.arraycopy(decode, 32, bArr, 0, 32);
                            privateKey = GMSSLX509Utils.convertSM2PrivateKey(bArr);
                        } else {
                            privateKey = KeyFactory.getInstance(RsaObjectIdentifiers.rsaEncryption.getId(), (Provider) new BouncyCastleProvider()).generatePrivate(new PKCS8EncodedKeySpec(decode));
                        }
                    } catch (Exception e) {
                        this.logger.error("从P7b格式中获取加密私钥失败", (Throwable) e);
                        result.setError(ErrorEnum.GET_ENC_PUBLIC_KEY_FROM_P7B_FAIL);
                        return result;
                    }
                }
                try {
                    List<X509Certificate> trustCaCerts = CommonVariable.getTrustCaCerts();
                    for (X509Certificate x509Certificate : trustCaCerts) {
                        this.logger.info("trustCaCerts.size()==========" + trustCaCerts.size());
                        this.logger.info("trustCaCert====issuer:" + x509Certificate.getIssuerX500Principal().getName() + " subjcet:" + x509Certificate.getSubjectX500Principal().getName());
                    }
                    X509Certificate[] x509CertificateArr = new X509Certificate[trustCaCerts.size()];
                    trustCaCerts.toArray(x509CertificateArr);
                    for (X509Certificate x509Certificate2 : x509CertificateArr) {
                        this.logger.info("caCerts.length==========" + x509CertificateArr.length);
                        this.logger.info("caCert====issuer:" + x509Certificate2.getIssuerX500Principal().getName() + " subjcet:" + x509Certificate2.getSubjectX500Principal().getName());
                    }
                    X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length + 1];
                    x509CertificateArr2[0] = CertUtils.getCertFromStr(userCertInfo.getSignCert());
                    for (int i2 = 1; i2 < x509CertificateArr2.length; i2++) {
                        x509CertificateArr2[i2] = x509CertificateArr[i2 - 1];
                    }
                    for (X509Certificate x509Certificate3 : x509CertificateArr2) {
                        this.logger.info("signCert.length==========" + x509CertificateArr2.length);
                        this.logger.info("signCert====issuer:" + x509Certificate3.getIssuerX500Principal().getName() + " subjcet:" + x509Certificate3.getSubjectX500Principal().getName());
                    }
                    X509Certificate[] x509CertificateArr3 = null;
                    if (issueApplyInfoByApplyNo.getCertPatterm().intValue() != SdkConstants.CERT_TYPE_SINGLE_1) {
                        x509CertificateArr3 = new X509Certificate[x509CertificateArr.length + 1];
                        x509CertificateArr3[0] = CertUtils.getCertFromStr(userCertInfo.getEncCert());
                        for (int i3 = 1; i3 < x509CertificateArr3.length; i3++) {
                            x509CertificateArr3[i3] = x509CertificateArr[i3 - 1];
                        }
                    }
                    result.setInfo(KeyStoreUtils.generateDoubleCertByKeyStore(x509CertificateArr2, x509CertificateArr3, genKeyPair.getPrivate(), privateKey, i, str, PathConstants.USER_CERT_KEYSTORE_FILE_PATH));
                    return result;
                } catch (Exception e2) {
                    this.logger.error("生成用户keyStore类型证书失败", (Throwable) e2);
                    result.setError(ErrorEnum.GEN_USER_CERT_KEY_STORE_FILE_FAIL);
                    return result;
                }
            } catch (Exception e3) {
                this.logger.info("生成用户签名公私钥失败");
                result.setError(ErrorEnum.GEN_USER_CERT_SIGN_KEY_FAIL);
                return result;
            }
        } catch (Exception e4) {
            this.logger.info("获取签发证书申请基本信息为空");
            result.setError(ErrorEnum.GET_ISSUE_APPLY_INFO_IS_EMPTY);
            return result;
        }
    }

    private Result updateApplyHandlerByKeyStore(String str, String str2, String str3, String str4, int i, boolean z) {
        String str5;
        int i2;
        Result result = new Result();
        UpdateApplyDTO updateApplyDTO = null;
        try {
            updateApplyDTO = this.updateApplyDao.getUpdateApplyInfoByApplyNo(str);
        } catch (EmptyResultDataAccessException e) {
            this.logger.info("getUpdateApplyInfo.applyNo:" + str + " 查询更新证书申请实体为空");
        }
        if (updateApplyDTO == null) {
            this.logger.info("获取更新证书申请基本信息为空");
            result.setError(ErrorEnum.GET_UPDATE_APPLY_INFO_IS_EMPTY);
            return result;
        }
        int intValue = updateApplyDTO.getCertValidity().intValue();
        String tempNo = updateApplyDTO.getTempNo();
        String tempParas = StringUtils.isNotBlank(updateApplyDTO.getTempParas()) ? updateApplyDTO.getTempParas() : null;
        if (Constants.SIGN_ALG_NAME_SM3_WHIT_SM2.equalsIgnoreCase(updateApplyDTO.getSignAlg())) {
            str5 = Constants.KEY_ALG_NAME_SM2;
            i2 = 256;
        } else {
            str5 = Constants.KEY_ALG_NAME_RSA;
            i2 = 2048;
        }
        try {
            KeyPair genKeyPair = KeyUtils.genKeyPair(str5, i2);
            Result updateUserCert = this.certLifeCycleManager.updateUserCert(str, null, genKeyPair.getPublic().getEncoded(), str2, str3, str4, tempNo, tempParas, updateApplyDTO.getSignAlg(), intValue, updateApplyDTO.getCertDn(), updateApplyDTO.getSignSn(), updateApplyDTO.isUpdateKey());
            if (!updateUserCert.isSuccess()) {
                Result updateCertApplyInfo = this.certApplyService.updateCertApplyInfo(updateApplyDTO.getCertDn(), str, 4, updateApplyDTO.getTempId());
                if (updateCertApplyInfo.getCode() != 0) {
                    this.logger.info("操作签发失败:" + JsonUtils.object2Json(updateCertApplyInfo));
                    throw new RuntimeException();
                }
                this.certApplyService.insertCertApplyRecord(Constants.CERT_APPLY_TYPE_UPDATE_2, Constants.OPERATE_TYPE_ISSUE_5, str, 4, updateApplyDTO.getApplyReason(), Constants.CERT_APPLY_OPERATE_TYPE_ISSUE_FAIL_7, false, z);
                this.logger.info("调用CA，更新证书失败");
                result.setErrorBean(updateUserCert.getErrorBean());
                return result;
            }
            UserCertInfo userCertInfo = (UserCertInfo) updateUserCert.getInfo();
            if (!insertUserCertInfo(updateApplyDTO.getUserId().longValue(), updateApplyDTO.getApplyId().longValue(), updateApplyDTO.getTempId().longValue(), updateApplyDTO.getTempNo(), updateApplyDTO.getSignAlg(), updateApplyDTO.getPrivateKeyLength().intValue(), userCertInfo).isSuccess()) {
                this.logger.info("将用户证书插入数据库失败");
                throw new RuntimeException();
            }
            if (userCertInfo.getEncPriKey() == null) {
                this.logger.info("CA未返回加密私钥信封");
                throw new RuntimeException();
            }
            PrivateKey privateKey = null;
            if (updateApplyDTO.getCertPatterm().intValue() != SdkConstants.CERT_TYPE_SINGLE_1) {
                try {
                    byte[] decode = Base64.decode(CertUtils.getDataFromSignedAndEnvelopedDataByBc(genKeyPair.getPrivate().getEncoded(), userCertInfo.getEncPriKey().getBytes(), CommonVariable.getKeyAlgName()));
                    if (CommonVariable.getKeyAlgName().equalsIgnoreCase(Constants.KEY_ALG_NAME_SM2)) {
                        byte[] bArr = new byte[32];
                        System.arraycopy(decode, 32, bArr, 0, 32);
                        privateKey = GMSSLX509Utils.convertSM2PrivateKey(bArr);
                    } else {
                        privateKey = KeyFactory.getInstance(RsaObjectIdentifiers.rsaEncryption.getId(), (Provider) new BouncyCastleProvider()).generatePrivate(new PKCS8EncodedKeySpec(decode));
                    }
                } catch (Exception e2) {
                    this.logger.error("从P7b格式中获取加密私钥失败", (Throwable) e2);
                    result.setError(ErrorEnum.GET_ENC_PUBLIC_KEY_FROM_P7B_FAIL);
                    return result;
                }
            }
            try {
                List<X509Certificate> trustCaCerts = CommonVariable.getTrustCaCerts();
                X509Certificate[] x509CertificateArr = new X509Certificate[trustCaCerts.size()];
                trustCaCerts.toArray(x509CertificateArr);
                X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length + 1];
                x509CertificateArr2[0] = CertUtils.getCertFromStr(userCertInfo.getSignCert());
                for (int i3 = 1; i3 < x509CertificateArr2.length; i3++) {
                    x509CertificateArr2[i3] = x509CertificateArr[i3 - 1];
                }
                X509Certificate[] x509CertificateArr3 = null;
                if (updateApplyDTO.getCertPatterm().intValue() != SdkConstants.CERT_TYPE_SINGLE_1) {
                    x509CertificateArr3 = new X509Certificate[x509CertificateArr.length + 1];
                    x509CertificateArr3[0] = CertUtils.getCertFromStr(userCertInfo.getEncCert());
                    for (int i4 = 1; i4 < x509CertificateArr3.length; i4++) {
                        x509CertificateArr3[i4] = x509CertificateArr[i4 - 1];
                    }
                }
                result.setInfo(KeyStoreUtils.generateDoubleCertByKeyStore(x509CertificateArr2, x509CertificateArr3, genKeyPair.getPrivate(), privateKey, i, str, PathConstants.USER_CERT_KEYSTORE_FILE_PATH));
                return result;
            } catch (Exception e3) {
                this.logger.error("生成用户keyStore类型证书失败", (Throwable) e3);
                result.setError(ErrorEnum.GEN_USER_CERT_KEY_STORE_FILE_FAIL);
                return result;
            }
        } catch (Exception e4) {
            this.logger.error("生成用户签名公私钥失败", (Throwable) e4);
            result.setError(ErrorEnum.GEN_USER_CERT_SIGN_KEY_FAIL);
            return result;
        }
    }

    private String getRAServiceDnName() {
        return CommonVariable.getRaServiceCert().getSubjectX500Principal().getName();
    }

    private String getCAServiceDnName() {
        return CommonVariable.getCaServiceCert().getSubjectX500Principal().getName();
    }
}
