package com.xdja.pki.ra.service.manager.auditlog;

import com.xdja.pki.auditlog.dao.AuditLogDao;
import com.xdja.pki.auditlog.dao.PeriodAuditLogDao;
import com.xdja.pki.auditlog.dao.PeriodAuditLogRelationDao;
import com.xdja.pki.auditlog.dao.model.AuditLogDO;
import com.xdja.pki.auditlog.dao.model.PeriodAuditLogDO;
import com.xdja.pki.auditlog.dao.model.PeriodAuditLogRelationDO;
import com.xdja.pki.auditlog.service.PeriodAuditLogService;
import com.xdja.pki.auditlog.service.bean.AuditLogIsAuditEnum;
import com.xdja.pki.auditlog.service.bean.AuditLogIsVerifyEnum;
import com.xdja.pki.auditlog.service.bean.AuditLogListVO;
import com.xdja.pki.auditlog.service.bean.AuditLogResultEnum;
import com.xdja.pki.auditlog.service.bean.PeriodAuditLogListVO;
import com.xdja.pki.auditlog.service.bean.ra.AuditLogOperatorTypeEnum;
import com.xdja.pki.core.bean.CoreResult;
import com.xdja.pki.core.bean.ErrorBean;
import com.xdja.pki.core.bean.PageInfo;
import com.xdja.pki.gmssl.core.utils.GMSSLByteArrayUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSHA1DigestUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSHA256DigestUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM3DigestUtils;
import com.xdja.pki.gmssl.sdf.SdfSDKException;
import com.xdja.pki.ra.core.common.CommonVariable;
import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.constant.Constants;
import com.xdja.pki.ra.core.pkcs7.SignedDataUtils;
import com.xdja.pki.ra.core.util.cert.CertUtils;
import com.xdja.pki.ra.core.util.cert.HsmUtils;
import com.xdja.pki.ra.core.util.time.DateUtils;
import com.xdja.pki.ra.manager.dao.AdminCertDao;
import com.xdja.pki.ra.manager.dao.RaCertDao;
import com.xdja.pki.ra.manager.dao.model.AdminCertDO;
import com.xdja.pki.ra.manager.dao.model.RaCertDO;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:WEB-INF/lib/ra-service-manager-impl-2.0.0-SNAPSHOT.jar:com/xdja/pki/ra/service/manager/auditlog/PeriodAuditLogServiceImpl.class */
public class PeriodAuditLogServiceImpl implements PeriodAuditLogService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    public AuditLogDao auditLogDao;

    @Autowired
    public PeriodAuditLogDao periodAuditLogDao;

    @Autowired
    public PeriodAuditLogRelationDao periodAuditLogRelationDao;

    @Autowired
    public AdminCertDao adminCertDao;

    @Autowired
    public RaCertDao raCertDao;
    private static final String EMPTYSTR = "";
    private static final int PID = 1;

    @Override // com.xdja.pki.auditlog.service.PeriodAuditLogService
    public CoreResult saveAndSignAuditLog(Integer num) {
        this.logger.info("周期性审计日志开始》》》》》");
        String currDate = DateUtils.getCurrDate();
        String longToStr = DateUtils.longToStr(DateUtils.dateTimeStrToLong(currDate) - (3600000 * num.intValue()));
        List<AuditLogDO> auditLogListbyPeriod = this.auditLogDao.getAuditLogListbyPeriod(longToStr, currDate);
        PeriodAuditLogDO periodAuditLogDO = new PeriodAuditLogDO();
        periodAuditLogDO.setSignPeriodStart(DateUtils.strToDate(longToStr));
        periodAuditLogDO.setSignPeriodEnd(DateUtils.strToDate(currDate));
        try {
            try {
                RaCertDO newRaCertInfo = this.raCertDao.getNewRaCertInfo();
                if (null == newRaCertInfo) {
                    this.logger.error("获取RA服务器证书为空!");
                    return new CoreResult(-1, null, new ErrorBean(ErrorEnum.GET_RA_SERVER_CERT_EMPTY.code, ErrorEnum.GET_RA_SERVER_CERT_EMPTY.desc));
                }
                periodAuditLogDO.setServerCertId(newRaCertInfo.getId());
                periodAuditLogDO.setServerSubject(newRaCertInfo.getCertDn());
                PeriodAuditLogDO maxIdPeriodAuditLog = this.periodAuditLogDao.getMaxIdPeriodAuditLog();
                String distAuditLogList = getDistAuditLogList(auditLogListbyPeriod, newRaCertInfo.getSignAlg(), null == maxIdPeriodAuditLog ? "" : maxIdPeriodAuditLog.getAuditLogSign());
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug(">>>>>>>>>>>>>>>> 审计签名 原文：{}", distAuditLogList);
                }
                String signByYunHsm = (1 == CommonVariable.getIsHsm().intValue() && "SM2".equalsIgnoreCase(CommonVariable.getKeyAlgName())) ? HsmUtils.signByYunHsm(newRaCertInfo.getSignAlg(), CommonVariable.getKeyIndex(), CommonVariable.getKeyPwd(), distAuditLogList) : HsmUtils.signByBC(newRaCertInfo.getSignAlg(), CommonVariable.getRaSignPriKey(), distAuditLogList);
                if (StringUtils.isBlank(signByYunHsm)) {
                    return new CoreResult(-1, null, new ErrorBean(ErrorEnum.SIGN_BY_HSM_IS_ERROR.code, ErrorEnum.SIGN_BY_HSM_IS_ERROR.desc));
                }
                periodAuditLogDO.setOperateResult(Integer.valueOf(AuditLogResultEnum.SUCCESS.id));
                periodAuditLogDO.setAuditLogSign(signByYunHsm);
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug(">>>>>>>>>>>>>>>> 审计签名 签名：{ }", signByYunHsm);
                }
                String operatorBase64Encode = periodAuditLogDO.operatorBase64Encode();
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug(">>>>>>>>>>>>>>>> 服务器操作 原文：{ }", operatorBase64Encode);
                }
                String signByYunHsm2 = (1 == CommonVariable.getIsHsm().intValue() && "SM2".equalsIgnoreCase(CommonVariable.getKeyAlgName())) ? HsmUtils.signByYunHsm(newRaCertInfo.getSignAlg(), CommonVariable.getKeyIndex(), CommonVariable.getKeyPwd(), operatorBase64Encode) : HsmUtils.signByBC(newRaCertInfo.getSignAlg(), CommonVariable.getRaSignPriKey(), operatorBase64Encode);
                if (StringUtils.isBlank(signByYunHsm2)) {
                    return new CoreResult(-1, null, new ErrorBean(ErrorEnum.SIGN_BY_HSM_IS_ERROR.code, ErrorEnum.SIGN_BY_HSM_IS_ERROR.desc));
                }
                periodAuditLogDO.setServerOperatorSign(signByYunHsm2);
                periodAuditLogDO.setOperateTime(DateUtils.strToDate(currDate));
                PeriodAuditLogDO savePeriodAuditLog = this.periodAuditLogDao.savePeriodAuditLog(periodAuditLogDO);
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug(">>>>>>>>>>>>>>>> 服务器操作 签名：{ }", signByYunHsm2);
                }
                ArrayList arrayList = new ArrayList();
                for (AuditLogDO auditLogDO : auditLogListbyPeriod) {
                    PeriodAuditLogRelationDO periodAuditLogRelationDO = new PeriodAuditLogRelationDO();
                    periodAuditLogRelationDO.setPeriodLogId(savePeriodAuditLog.getId());
                    periodAuditLogRelationDO.setAuditLogId(auditLogDO.getId());
                    periodAuditLogRelationDO.setCreateTime(new Date());
                    arrayList.add(periodAuditLogRelationDO);
                }
                this.periodAuditLogRelationDao.insertList(arrayList);
                this.logger.info("周期性审计日志结束》》》》》");
                return new CoreResult(0, null);
            } catch (Exception e) {
                return new CoreResult(-1, null, new ErrorBean(ErrorEnum.RA_SERVER_CERT_SIGN_EXCEPTION.code, ErrorEnum.RA_SERVER_CERT_SIGN_EXCEPTION.desc));
            }
        } catch (CryptoException | SdfSDKException e2) {
            this.logger.error("RA服务器证书签名异常!", e2);
            return new CoreResult(-1, null, new ErrorBean(ErrorEnum.RA_SERVER_CERT_SIGN_EXCEPTION.code, ErrorEnum.RA_SERVER_CERT_SIGN_EXCEPTION.desc));
        }
    }

    private String getDistAuditLogList(List<AuditLogDO> list, String str, String str2) throws Exception {
        String str3 = (str.equalsIgnoreCase(Constants.SIGN_ALG_NAME_SHA256_WHIT_RSA) || str.equalsIgnoreCase(Constants.SIGN_ALG_NAME_SHA256_WHIT_ECDSA)) ? Constants.DIGEST_ALG_NAME_SHA256 : str.equalsIgnoreCase(Constants.SIGN_ALG_NAME_SM3_WHIT_SM2) ? "SM2" : Constants.DIGEST_ALG_NAME_SHA1;
        StringBuffer stringBuffer = new StringBuffer();
        for (AuditLogDO auditLogDO : list) {
            stringBuffer.append(1 == CommonVariable.getIsHsm().intValue() ? str3.equalsIgnoreCase(Constants.DIGEST_ALG_NAME_SHA256) ? GMSSLSHA256DigestUtils.digestByYunHsm(auditLogDO.operatorBase64Encode()) : str3.equalsIgnoreCase("SM2") ? GMSSLSM3DigestUtils.digestByYunhsm(auditLogDO.operatorBase64Encode()) : GMSSLSHA1DigestUtils.digestByYunHsm(auditLogDO.operatorBase64Encode()) : str3.equalsIgnoreCase(Constants.DIGEST_ALG_NAME_SHA256) ? GMSSLSHA256DigestUtils.digestByBC(auditLogDO.operatorBase64Encode()) : str3.equalsIgnoreCase("SM2") ? GMSSLSM3DigestUtils.digestByBC(auditLogDO.operatorBase64Encode()) : GMSSLSHA1DigestUtils.digestByBC(auditLogDO.operatorBase64Encode()));
        }
        stringBuffer.append(GMSSLByteArrayUtils.base64Encode(str2.getBytes()));
        return 1 == CommonVariable.getIsHsm().intValue() ? str3.equalsIgnoreCase(Constants.DIGEST_ALG_NAME_SHA256) ? GMSSLSHA256DigestUtils.digestByYunHsm(GMSSLByteArrayUtils.base64Encode(stringBuffer.toString().getBytes())) : str3.equalsIgnoreCase("SM2") ? GMSSLSM3DigestUtils.digestByYunhsm(GMSSLByteArrayUtils.base64Encode(stringBuffer.toString().getBytes())) : GMSSLSHA1DigestUtils.digestByYunHsm(GMSSLByteArrayUtils.base64Encode(stringBuffer.toString().getBytes())) : str3.equalsIgnoreCase(Constants.DIGEST_ALG_NAME_SHA256) ? GMSSLSHA256DigestUtils.digestByBC(GMSSLByteArrayUtils.base64Encode(stringBuffer.toString().getBytes())) : str3.equalsIgnoreCase("SM2") ? GMSSLSM3DigestUtils.digestByBC(GMSSLByteArrayUtils.base64Encode(stringBuffer.toString().getBytes())) : GMSSLSHA1DigestUtils.digestByBC(GMSSLByteArrayUtils.base64Encode(stringBuffer.toString().getBytes()));
    }

    @Override // com.xdja.pki.auditlog.service.PeriodAuditLogService
    public CoreResult getPeriodAuditLogList(Integer num, Integer num2, String str, String str2) {
        if (num.intValue() == 0 && num2.intValue() == 0) {
            return new CoreResult(0, setDataList((List) this.periodAuditLogDao.getPeriodAuditLogList(num, num2, str, str2)));
        }
        PageInfo pageInfo = (PageInfo) this.periodAuditLogDao.getPeriodAuditLogList(num, num2, str, str2);
        pageInfo.setDatas(setDataList((List) pageInfo.getDatas()));
        return new CoreResult(0, pageInfo);
    }

    private List<PeriodAuditLogListVO> setDataList(List<PeriodAuditLogDO> list) {
        ArrayList arrayList = new ArrayList();
        for (PeriodAuditLogDO periodAuditLogDO : list) {
            PeriodAuditLogListVO periodAuditLogListVO = new PeriodAuditLogListVO();
            periodAuditLogListVO.setId(periodAuditLogDO.getId());
            periodAuditLogListVO.setOperateResult(periodAuditLogDO.getOperateResult());
            periodAuditLogListVO.setOperateResultString(AuditLogResultEnum.getValueFromId(periodAuditLogDO.getOperateResult().intValue()));
            periodAuditLogListVO.setOperateTime(periodAuditLogDO.getOperateTime());
            periodAuditLogListVO.setServerSubject(periodAuditLogDO.getServerSubject());
            periodAuditLogListVO.setSignPeriodStart(periodAuditLogDO.getSignPeriodStart());
            periodAuditLogListVO.setSignPeriodEnd(periodAuditLogDO.getSignPeriodEnd());
            arrayList.add(periodAuditLogListVO);
        }
        return arrayList;
    }

    @Override // com.xdja.pki.auditlog.service.PeriodAuditLogService
    public CoreResult getAuditLogList(long j, Integer num, Integer num2) {
        PageInfo pageInfoByPeriodId = this.periodAuditLogRelationDao.getPageInfoByPeriodId(j, num, num2);
        ArrayList arrayList = new ArrayList();
        Iterator it = ((List) pageInfoByPeriodId.getDatas()).iterator();
        while (it.hasNext()) {
            arrayList.add(((PeriodAuditLogRelationDO) it.next()).getAuditLogId());
        }
        if (null == arrayList) {
            return new CoreResult(-1, null, new ErrorBean(ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.code, ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.desc));
        }
        List<AuditLogDO> auditLogByPeriodId = this.periodAuditLogDao.getAuditLogByPeriodId(arrayList);
        PageInfo pageInfo = new PageInfo(num.intValue(), num2.intValue());
        pageInfo.setDatas(setAuditDataList(auditLogByPeriodId));
        pageInfo.setRecordCount(pageInfoByPeriodId.getRecordCount());
        return new CoreResult(0, pageInfo);
    }

    private List<AuditLogListVO> setAuditDataList(List<AuditLogDO> list) {
        ArrayList arrayList = new ArrayList();
        for (AuditLogDO auditLogDO : list) {
            AuditLogListVO auditLogListVO = new AuditLogListVO();
            auditLogListVO.setId(auditLogDO.getId());
            auditLogListVO.setOperatorSubject(auditLogDO.getOperatorSubject());
            auditLogListVO.setOperatorType(auditLogDO.getOperatorType());
            auditLogListVO.setOperatorTypeString(AuditLogOperatorTypeEnum.getDescFromType(auditLogDO.getOperatorType()));
            auditLogListVO.setOperateClientIp(auditLogDO.getOperateClientIp());
            auditLogListVO.setOperateResult(auditLogDO.getOperateResult());
            auditLogListVO.setOperateResultString(AuditLogResultEnum.getValueFromId(auditLogDO.getOperateResult().intValue()));
            auditLogListVO.setIsAudit(auditLogDO.getIsAudit());
            auditLogListVO.setIsAuditString(AuditLogIsAuditEnum.getValueFromId(auditLogDO.getIsAudit().intValue()));
            if ((auditLogDO.getIsAudit().intValue() == 1 ? verifyOperateSign(auditLogDO) : verifyAuditOperateSign(auditLogDO)).isSuccess()) {
                auditLogListVO.setIsVerify(Integer.valueOf(AuditLogIsVerifyEnum.TRUE.id));
                auditLogListVO.setIsVerifyString(AuditLogIsVerifyEnum.getValueFromId(AuditLogIsVerifyEnum.TRUE.id));
            } else {
                auditLogListVO.setIsVerify(Integer.valueOf(AuditLogIsVerifyEnum.FALSE.id));
                auditLogListVO.setIsVerifyString(AuditLogIsVerifyEnum.getValueFromId(AuditLogIsVerifyEnum.FALSE.id));
            }
            auditLogListVO.setOperateTime(auditLogDO.getOperateTime());
            arrayList.add(auditLogListVO);
        }
        return arrayList;
    }

    private Result verifyOperateSign(AuditLogDO auditLogDO) {
        AdminCertDO adminCertInfo = this.adminCertDao.getAdminCertInfo(auditLogDO.getOperatorSn(), 2);
        if (null == adminCertInfo) {
            this.logger.error("获取操作员证书为空");
            return Result.failure(ErrorEnum.GET_OPERATOR_CERT_EMPTY);
        }
        try {
            try {
                if (!SignedDataUtils.verifySignedData(auditLogDO.getOperateSign(), CertUtils.getCertFromStr(adminCertInfo.getCertInfo()).getPublicKey())) {
                    this.logger.error("验证管理员操作签名失败");
                    return Result.failure(ErrorEnum.VERIFY_ADMIN_OPERATOR_SIGN_FAIL);
                }
                try {
                    X509Certificate certFromStr = CertUtils.getCertFromStr(this.raCertDao.queryRaCertDataById(auditLogDO.getServerCertId()).getCertInfo());
                    if (0 != CommonVariable.getIsHsm().intValue() ? HsmUtils.verifyCertByYunHsm(certFromStr.getSigAlgName(), certFromStr.getPublicKey(), auditLogDO.operatorBase64Encode(), auditLogDO.getServerSign()) : HsmUtils.verifyCertByBC(certFromStr.getSigAlgName(), certFromStr.getPublicKey(), Base64.decode(auditLogDO.getServerSign()), Base64.decode(auditLogDO.operatorBase64Encode()))) {
                        return Result.success();
                    }
                    this.logger.error("服务器签名值验签失败");
                    return Result.failure(ErrorEnum.VERIFY_SERVER_CERT_SIGN_FAIL);
                } catch (Exception e) {
                    this.logger.error("服务器签名值验签失败", (Throwable) e);
                    return Result.failure(ErrorEnum.VERIFY_SERVER_CERT_SIGN_FAIL);
                }
            } catch (Exception e2) {
                this.logger.error("验证管理员操作签名失败", (Throwable) e2);
                return Result.failure(ErrorEnum.VERIFY_ADMIN_OPERATOR_SIGN_FAIL);
            }
        } catch (Exception e3) {
            this.logger.error("证书转换错误", (Throwable) e3);
            return Result.failure(ErrorEnum.GENERATE_CERT_IS_ERROR);
        }
    }

    private Result verifyAuditOperateSign(AuditLogDO auditLogDO) {
        AdminCertDO adminCertInfo = this.adminCertDao.getAdminCertInfo(auditLogDO.getAuditSn(), 2);
        if (null == adminCertInfo) {
            this.logger.error("获取审计员证书为空");
            return Result.failure(ErrorEnum.GET_AUDITOR_CERT_EMPTY);
        }
        try {
            try {
                if (!SignedDataUtils.verifySignedData(auditLogDO.getAuditSign(), CertUtils.getCertFromStr(adminCertInfo.getCertInfo()).getPublicKey())) {
                    this.logger.error("验证审计员操作签名失败");
                    return Result.failure(ErrorEnum.VERIFY_AUDITOR_SIGN_FAIL);
                }
                try {
                    X509Certificate certFromStr = CertUtils.getCertFromStr(this.raCertDao.queryRaCertDataById(auditLogDO.getServerCertId()).getCertInfo());
                    if (0 != CommonVariable.getIsHsm().intValue() ? HsmUtils.verifyCertByYunHsm(certFromStr.getSigAlgName(), certFromStr.getPublicKey(), auditLogDO.operatorWithAuditInfoBase64Encode(), auditLogDO.getServerSign()) : HsmUtils.verifyCertByBC(certFromStr.getSigAlgName(), certFromStr.getPublicKey(), Base64.decode(auditLogDO.getServerSign()), Base64.decode(auditLogDO.operatorWithAuditInfoBase64Encode()))) {
                        return Result.success();
                    }
                    this.logger.error("服务器签名值验签失败");
                    return Result.failure(ErrorEnum.VERIFY_SERVER_CERT_SIGN_FAIL);
                } catch (Exception e) {
                    this.logger.error("服务器签名值验签失败", (Throwable) e);
                    return Result.failure(ErrorEnum.VERIFY_SERVER_CERT_SIGN_FAIL);
                }
            } catch (Exception e2) {
                this.logger.error("验证审计员操作签名失败", (Throwable) e2);
                return Result.failure(ErrorEnum.VERIFY_AUDITOR_SIGN_FAIL);
            }
        } catch (Exception e3) {
            this.logger.error("证书转换错误", (Throwable) e3);
            return Result.failure(ErrorEnum.GENERATE_CERT_IS_ERROR);
        }
    }

    @Override // com.xdja.pki.auditlog.service.PeriodAuditLogService
    public CoreResult verify(int i) {
        try {
            PeriodAuditLogDO periodAuditLogById = this.periodAuditLogDao.getPeriodAuditLogById(i);
            if (null == periodAuditLogById) {
                return new CoreResult(-1, null, new ErrorBean(ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.code, ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.desc));
            }
            Result verifyPeriodAuditLogSign = verifyPeriodAuditLogSign(periodAuditLogById);
            ErrorEnum error = verifyPeriodAuditLogSign.getError();
            ErrorBean errorBean = new ErrorBean();
            if (null != error) {
                errorBean = new ErrorBean(error.code, error.desc);
            }
            return new CoreResult(verifyPeriodAuditLogSign.getCode(), verifyPeriodAuditLogSign.getInfo(), errorBean);
        } catch (Exception e) {
            this.logger.error("获取操作日志实例异常", (Throwable) e);
            return new CoreResult(-1, null, new ErrorBean(ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.code, ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED.desc));
        }
    }

    private Result verifyPeriodAuditLogSign(PeriodAuditLogDO periodAuditLogDO) {
        List<Long> auditLogIdByPeriodId = this.periodAuditLogRelationDao.getAuditLogIdByPeriodId(periodAuditLogDO.getId().longValue());
        if (null == auditLogIdByPeriodId) {
            return Result.failure(ErrorEnum.LOG_NOT_EXIST_OR_ARCHIVED);
        }
        List<AuditLogDO> auditLogByPeriodId = this.periodAuditLogDao.getAuditLogByPeriodId(auditLogIdByPeriodId);
        try {
            try {
                X509Certificate certFromStr = CertUtils.getCertFromStr(this.raCertDao.queryRaCertDataById(periodAuditLogDO.getServerCertId()).getCertInfo());
                Long id = periodAuditLogDO.getId();
                String distAuditLogList = getDistAuditLogList(auditLogByPeriodId, certFromStr.getSigAlgName(), 1 == id.longValue() ? "" : this.periodAuditLogDao.getPeriodAuditLogById(id.longValue() - 1).getAuditLogSign());
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug(">>>>>>>>>>>>>>>>>>>> 审计验签 原文：{ }", distAuditLogList);
                    this.logger.debug(">>>>>>>>>>>>>>>>>>>> 审计验签 签名：{ }", periodAuditLogDO.getAuditLogSign());
                }
                boolean verifyCertByYunHsm = 0 != CommonVariable.getIsHsm().intValue() ? HsmUtils.verifyCertByYunHsm(certFromStr.getSigAlgName(), certFromStr.getPublicKey(), distAuditLogList, periodAuditLogDO.getAuditLogSign()) : HsmUtils.verifyCertByBC(certFromStr.getSigAlgName(), certFromStr.getPublicKey(), Base64.decode(periodAuditLogDO.getAuditLogSign()), Base64.decode(distAuditLogList));
                if (!verifyCertByYunHsm) {
                    this.logger.error("存在日志签名验证不一致");
                    return Result.failure(ErrorEnum.AUDIT_LOG_EXIST_VERIFY_FAILURE);
                }
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug(">>>>>>>>>>>>>>>>>>>> 服务器操作验签 原文：{ }", periodAuditLogDO.operatorBase64Encode());
                    this.logger.debug(">>>>>>>>>>>>>>>>>>>> 服务器操作验签 签名：{ }", periodAuditLogDO.getServerOperatorSign());
                }
                boolean verifyCertByYunHsm2 = 0 != CommonVariable.getIsHsm().intValue() ? HsmUtils.verifyCertByYunHsm(certFromStr.getSigAlgName(), certFromStr.getPublicKey(), periodAuditLogDO.operatorBase64Encode(), periodAuditLogDO.getServerOperatorSign()) : HsmUtils.verifyCertByBC(certFromStr.getSigAlgName(), certFromStr.getPublicKey(), Base64.decode(periodAuditLogDO.getServerOperatorSign()), Base64.decode(periodAuditLogDO.operatorBase64Encode()));
                if (!verifyCertByYunHsm2) {
                    this.logger.error("本条审计记录签名验证不一致");
                    return Result.failure(ErrorEnum.CURRENT_PERIOD_AUDIT_LOG_VERIFY_FAILURE);
                }
                if (verifyCertByYunHsm && verifyCertByYunHsm2) {
                    return Result.success();
                }
                this.logger.error("日志和审计记录签名验证都不一致");
                return Result.failure(ErrorEnum.VERIFY_SERVER_CERT_SIGN_FAIL);
            } catch (Exception e) {
                this.logger.error("服务器签名值验签失败", (Throwable) e);
                return Result.failure(ErrorEnum.VERIFY_SERVER_CERT_SIGN_FAIL);
            }
        } catch (Exception e2) {
            this.logger.error("证书转换错误", (Throwable) e2);
            return Result.failure(ErrorEnum.GENERATE_CERT_IS_ERROR);
        }
    }
}
