package com.xdja.pki.ca.openpki.cmp.helper;

import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.km.SignedAndEnvelopedData;
import com.xdja.pki.ca.core.util.DnUtil;
import com.xdja.pki.ca.core.util.SpringUtils;
import com.xdja.pki.ca.openapi.asn1.NISTObjectIdentifiers;
import com.xdja.pki.ca.openapi.asn1.RsaObjectIdentifiers;
import com.xdja.pki.ca.openapi.asn1.SM2ObjectIdentifiers;
import com.xdja.pki.ca.openapi.cmp.CommonVariable;
import com.xdja.pki.ca.openapi.cmp.PKIMessageException;
import com.xdja.pki.ca.openapi.cmp.compent.CaCompentImpl;
import com.xdja.pki.ca.openapi.cmp.vo.BaseCMPInfo;
import com.xdja.pki.ca.openapi.cmp.vo.ManagerCertInfo;
import com.xdja.pki.ca.openapi.cmp.vo.UserCertInfo;
import com.xdja.pki.ca.openpki.cmp.utils.CertUtils;
import com.xdja.pki.ca.securitymanager.service.vo.AlgTypeEnum;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.gmssl.core.utils.GMSSLBCSignUtils;
import com.xdja.pki.gmssl.core.utils.GMSSLByteArrayUtils;
import com.xdja.pki.gmssl.crypto.sdf.SdfSHAType;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRSASignUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2SignUtils;
import com.xdja.pki.gmssl.sdf.SdfSDKException;
import com.xdja.pki.gmssl.x509.utils.bean.GMSSLSignatureAlgorithm;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateEncodingException;
import java.util.Date;
import java.util.Map;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.cmp.CMPCertificate;
import org.bouncycastle.asn1.cmp.CertOrEncCert;
import org.bouncycastle.asn1.cmp.CertRepMessage;
import org.bouncycastle.asn1.cmp.CertResponse;
import org.bouncycastle.asn1.cmp.CertifiedKeyPair;
import org.bouncycastle.asn1.cmp.ErrorMsgContent;
import org.bouncycastle.asn1.cmp.KeyRecRepContent;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIFailureInfo;
import org.bouncycastle.asn1.cmp.PKIFreeText;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIHeaderBuilder;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.cmp.PKIStatus;
import org.bouncycastle.asn1.cmp.PKIStatusInfo;
import org.bouncycastle.asn1.cmp.RevRepContent;
import org.bouncycastle.asn1.cmp.RevRepContentBuilder;
import org.bouncycastle.asn1.cms.EncryptedContentInfo;
import org.bouncycastle.asn1.cms.EnvelopedData;
import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import org.bouncycastle.asn1.crmf.CertRequest;
import org.bouncycastle.asn1.crmf.EncryptedValue;
import org.bouncycastle.asn1.crmf.PKIPublicationInfo;
import org.bouncycastle.asn1.crmf.POPOSigningKey;
import org.bouncycastle.asn1.crmf.ProofOfPossession;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:WEB-INF/classes/com/xdja/pki/ca/openpki/cmp/helper/PKIMessageHelper.class */
public class PKIMessageHelper {
    private static final Logger logger = Logger.getLogger(PKIMessageHelper.class);
    public static final String RSA_OID = "1.2.840.113549.1.1.1";
    public static final String ECC_SM2_OID = "1.2.156.10197.1.301.1";
    public static final String ECC_DSA_OID = "1.2.840.10045.3.1.7";

    public static Result checkCmpHeaderAndSign(PublicKey publicKey, PKIHeader pKIHeader, byte[] bArr, byte[] bArr2) throws PKIMessageException {
        boolean verifyByYunHsm;
        Result result = new Result();
        if (pKIHeader.getRecipNonce().getOctets().length != 16) {
            logger.debug("检查消息头和签名 ====== Wrong length of received recip nonce (made up by server). Is " + pKIHeader.getRecipNonce().getOctets().length + " byte but should be 16.");
            result.setError(ErrorEnum.WRONG_LEN_OF_RECEIVED_RECIP_NONCE);
            return result;
        }
        CaInfoVO cAInfo = ((CaCompentImpl) SpringUtils.getBean("caCompentImpl")).getCAInfo(Constants.BASE_ALG_TYPE.intValue() == AlgTypeEnum.SM2.value ? "1.2.156.10197.1.301.1" : Constants.BASE_ALG_TYPE.intValue() == AlgTypeEnum.RSA.value ? "1.2.840.113549.1.1.1" : "1.2.840.10045.3.1.7");
        if (null == cAInfo || null == cAInfo.getRootCert()) {
            logger.debug("检查消息头和签名 ====== CA has not inited");
            result.setError(ErrorEnum.CA_HAS_NOT_INITED);
            return result;
        }
        String x500Name = DnUtil.getRFC4519X500Name(pKIHeader.getRecipient().getName()).toString();
        String name = cAInfo.getRootCert().getSubjectX500Principal().getName();
        if (!x500Name.equalsIgnoreCase(name)) {
            logger.debug("检查消息头和签名 ======  Wrong recipient DN. Is '" + x500Name + "' should be '" + name);
            result.setError(ErrorEnum.WRONG_RECIPIENT_DN);
            return result;
        }
        byte[] octets = pKIHeader.getRecipNonce().getOctets();
        String str = new String(pKIHeader.getTransactionID().getOctets());
        Map<String, Object> map = CommonVariable.getMap();
        BaseCMPInfo baseCMPInfo = (BaseCMPInfo) map.get(str);
        if (baseCMPInfo == null) {
            logger.debug("检查消息头和签名 ====== 不存在对应的事务ID");
            result.setError(ErrorEnum.CMP_TRAN_ID_IS_NOT_EXIST);
            return result;
        }
        byte[] recipientNonce = baseCMPInfo.getRecipientNonce();
        if (!Arrays.areEqual(octets, recipientNonce)) {
            logger.debug("检查消息头和签名 ====== recipient nonce not the same as we sent away as the sender nonce. Sent: " + recipientNonce + " Received: " + octets);
            result.setError(ErrorEnum.WRONG_RECIPIENT_NONCE);
            return result;
        }
        int nonce = baseCMPInfo.getNonce();
        if (nonce > 1) {
            logger.debug("检查消息头和签名 ====== 出现重放请求 nonce time : " + nonce);
            map.remove(baseCMPInfo);
            result.setError(ErrorEnum.HAVE_RESET_REQUEST);
            return result;
        }
        baseCMPInfo.setNonce(nonce + 1);
        baseCMPInfo.setSenderNonce(pKIHeader.getSenderNonce().getOctets());
        AlgorithmIdentifier protectionAlg = pKIHeader.getProtectionAlg();
        if (protectionAlg == null || protectionAlg.getAlgorithm() == null || protectionAlg.getAlgorithm().getId() == null) {
            logger.debug("检查消息头和签名 ======  Not possible to get algorithm.");
            result.setError(ErrorEnum.NO_SIGN_ALG_IN_PKI_HEADER);
            return result;
        }
        logger.debug("检查消息头和签名 ====== 校验签名值");
        String id = protectionAlg.getAlgorithm().getId();
        logger.debug("检查消息头和签名 ====== CA接收到RA发送的消息中保护算法oid为：" + id);
        try {
            if (Constants.CRYPT_DEVICE_TYPE.equals(Constants.CRYPT_DEVICE_BC)) {
                if (id.equalsIgnoreCase(SM2ObjectIdentifiers.sm2SignWithSm3.getId())) {
                    verifyByYunHsm = GMSSLSM2SignUtils.verifyByBC(publicKey, Base64.toBase64String(bArr2), Base64.toBase64String(bArr));
                } else if (id.equalsIgnoreCase(RsaObjectIdentifiers.sha1WithRSA.getId())) {
                    verifyByYunHsm = GMSSLRSASignUtils.verifyByBC(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName(), publicKey, bArr2, bArr);
                } else if (id.equalsIgnoreCase(RsaObjectIdentifiers.sha256WithRSA.getId())) {
                    verifyByYunHsm = GMSSLRSASignUtils.verifyByBC(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName(), publicKey, bArr2, bArr);
                } else {
                    if (!id.equalsIgnoreCase(NISTObjectIdentifiers.nistSignAlgorithm.getId())) {
                        logger.info(String.format("No valid algorithm: '%s'", id));
                        result.setError(ErrorEnum.NO_VALID_ALGORITHM);
                        return result;
                    }
                    verifyByYunHsm = GMSSLBCSignUtils.verifySignature(GMSSLSignatureAlgorithm.SHA256_WITH_ECDSA.getSigAlgName(), publicKey, bArr2, bArr);
                }
            } else if (id.equalsIgnoreCase(SM2ObjectIdentifiers.sm2SignWithSm3.getId())) {
                verifyByYunHsm = GMSSLSM2SignUtils.verifyByYunhsm(publicKey, Base64.toBase64String(bArr2), Base64.toBase64String(bArr));
            } else if (id.equalsIgnoreCase(RsaObjectIdentifiers.sha1WithRSA.getId())) {
                verifyByYunHsm = GMSSLRSASignUtils.verifyByYunHsm(SdfSHAType.SHA1_WITH_RSA.getSigAlgName(), publicKey, Base64.toBase64String(bArr2), Base64.toBase64String(bArr));
            } else {
                if (!id.equalsIgnoreCase(RsaObjectIdentifiers.sha256WithRSA.getId())) {
                    if (id.equalsIgnoreCase(NISTObjectIdentifiers.nistSignAlgorithm.getId())) {
                        logger.info("====================暂不支持nist算法硬件验签==============================");
                        return result;
                    }
                    logger.info(String.format("No valid algorithm: '%s'", id));
                    result.setError(ErrorEnum.NO_VALID_ALGORITHM);
                    return result;
                }
                verifyByYunHsm = GMSSLRSASignUtils.verifyByYunHsm(SdfSHAType.SHA256_WITH_RSA.getSigAlgName(), publicKey, Base64.toBase64String(bArr2), Base64.toBase64String(bArr));
            }
            if (verifyByYunHsm) {
                return result;
            }
            logger.debug("gmssl_verify_sign_data_is_error");
            result.setError(ErrorEnum.VERIFY_PKI_HEADER_SIGN_ERROR);
            return result;
        } catch (Exception e) {
            logger.error("检查消息头和签名 ======  Not possible to verify signature.原因:{}", e);
            result.setError(ErrorEnum.VERIFY_PKI_HEADER_SIGN_EXCEPTION);
            return result;
        }
    }

    public static boolean verifyPKIMessageSign(PKIMessage pKIMessage, PublicKey publicKey) {
        AlgorithmIdentifier protectionAlg = pKIMessage.getHeader().getProtectionAlg();
        if (protectionAlg == null || protectionAlg.getAlgorithm() == null || protectionAlg.getAlgorithm().getId() == null) {
            logger.debug("Not possible to get algorithm.");
            return false;
        }
        String id = protectionAlg.getAlgorithm().getId();
        if (!id.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId())) {
            logger.debug(String.format("No valid algorithm: '%s'", id));
            return false;
        }
        byte[] protectedBytes = getProtectedBytes(pKIMessage);
        byte[] bArr = null;
        try {
            bArr = pKIMessage.getProtection().getEncoded();
        } catch (IOException e) {
            logger.error("获取签名内容异常{}", e);
        }
        try {
            GMSSLSM2SignUtils.verifyByYunhsm((PublicKey) null, Base64.toBase64String(protectedBytes), Base64.toBase64String(bArr));
            GMSSLByteArrayUtils.printHexBinary((org.slf4j.Logger) null, "data", protectedBytes);
            GMSSLByteArrayUtils.printHexBinary((org.slf4j.Logger) null, "sign data", bArr);
            return true;
        } catch (SdfSDKException e2) {
            logger.debug("gmssl_verify_sign_data_is_exception");
            return false;
        }
    }

    public static boolean verifyPopoSign(CertRequest certRequest, ProofOfPossession proofOfPossession, PublicKey publicKey) throws Exception {
        POPOSigningKey object = proofOfPossession.getObject();
        ASN1Encodable poposkInput = object.getPoposkInput();
        ASN1Encodable aSN1Encodable = poposkInput;
        if (logger.isDebugEnabled()) {
            logger.debug("Using POPOSigningKeyInput as POPO input.");
        }
        X500Name subject = certRequest.getCertTemplate().getSubject();
        if (subject != null && !subject.toString().equals(poposkInput.getSender().getName().toString())) {
            logger.debug("Subject '" + subject.toString() + "', is not equal to '" + poposkInput.getSender().toString() + "'.");
            aSN1Encodable = null;
        }
        SubjectPublicKeyInfo publicKey2 = certRequest.getCertTemplate().getPublicKey();
        if (publicKey2 != null && !Arrays.areEqual(publicKey2.getEncoded(), poposkInput.getPublicKey().getEncoded())) {
            logger.debug("Subject key in cert template, is not equal to subject key in POPOSigningKeyInput.");
            aSN1Encodable = null;
        }
        if (aSN1Encodable == null) {
            return false;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new DEROutputStream(byteArrayOutputStream).writeObject(aSN1Encodable);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        AlgorithmIdentifier algorithmIdentifier = object.getAlgorithmIdentifier();
        if (logger.isDebugEnabled()) {
            logger.debug("POP protection bytes length: " + (byteArray != null ? Integer.valueOf(byteArray.length) : "null"));
            logger.debug("POP algorithm identifier is: " + algorithmIdentifier.getAlgorithm().getId());
        }
        Signature signature = Signature.getInstance(algorithmIdentifier.getAlgorithm().getId(), "BC");
        signature.initVerify(publicKey);
        signature.update(byteArray);
        return signature.verify(object.getSignature().getBytes());
    }

    public static ErrorMsgContent genErrorMsgContent(PKIStatus pKIStatus, int i, String str) {
        return new ErrorMsgContent(new PKIStatusInfo(pKIStatus), new ASN1Integer(i), new PKIFreeText(str));
    }

    public static PKIMessage generatePKIMessage(GeneralName generalName, GeneralName generalName2, int i, byte[] bArr, byte[] bArr2, String str, ASN1Encodable aSN1Encodable, String str2) {
        PKIHeader build;
        String signByYunHsm;
        PKIHeaderBuilder pKIHeaderBuilder = new PKIHeaderBuilder(1, generalName2, generalName);
        pKIHeaderBuilder.setMessageTime(new ASN1GeneralizedTime(new Date()));
        pKIHeaderBuilder.setSenderNonce(new DEROctetString(bArr2));
        pKIHeaderBuilder.setRecipNonce(new DEROctetString(bArr));
        pKIHeaderBuilder.setTransactionID(str.getBytes());
        PKIBody pKIBody = new PKIBody(i, aSN1Encodable);
        if (str2 != null) {
            pKIHeaderBuilder.setFreeText(new PKIFreeText(str2));
        }
        CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
        logger.debug("header签名前caInfo信息" + caInfoVO);
        if (caInfoVO == null) {
            logger.debug("获取缓存的CA信息为空");
            return null;
        }
        String sigAlgOID = caInfoVO.getRootCert().getSigAlgOID();
        logger.debug("CA服务器证书的签名算法oid为：" + sigAlgOID);
        try {
            if (Constants.CRYPT_DEVICE_TYPE.equals(Constants.CRYPT_DEVICE_BC)) {
                if (sigAlgOID.equalsIgnoreCase(SM2ObjectIdentifiers.sm2SignWithSm3.getId())) {
                    pKIHeaderBuilder.setProtectionAlg(new AlgorithmIdentifier(SM2ObjectIdentifiers.sm2SignWithSm3));
                    build = pKIHeaderBuilder.build();
                    signByYunHsm = GMSSLSM2SignUtils.signByBC(caInfoVO.getRootPrivateKey(), Base64.toBase64String(getProtectedBytes(build, pKIBody)));
                } else if (sigAlgOID.equalsIgnoreCase(RsaObjectIdentifiers.sha1WithRSA.getId())) {
                    pKIHeaderBuilder.setProtectionAlg(new AlgorithmIdentifier(RsaObjectIdentifiers.sha1WithRSA));
                    build = pKIHeaderBuilder.build();
                    signByYunHsm = GMSSLRSASignUtils.signByBC(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName(), caInfoVO.getRootPrivateKey(), Base64.toBase64String(getProtectedBytes(build, pKIBody)));
                } else if (sigAlgOID.equalsIgnoreCase(RsaObjectIdentifiers.sha256WithRSA.getId())) {
                    pKIHeaderBuilder.setProtectionAlg(new AlgorithmIdentifier(RsaObjectIdentifiers.sha256WithRSA));
                    build = pKIHeaderBuilder.build();
                    signByYunHsm = GMSSLRSASignUtils.signByBC(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName(), caInfoVO.getRootPrivateKey(), Base64.toBase64String(getProtectedBytes(build, pKIBody)));
                } else {
                    if (!sigAlgOID.equalsIgnoreCase(NISTObjectIdentifiers.nistSignAlgorithm.getId())) {
                        logger.info("CA证书签名算法有误");
                        return null;
                    }
                    pKIHeaderBuilder.setProtectionAlg(new AlgorithmIdentifier(NISTObjectIdentifiers.nistSignAlgorithm));
                    build = pKIHeaderBuilder.build();
                    signByYunHsm = Base64.toBase64String(GMSSLBCSignUtils.generateSignature(GMSSLSignatureAlgorithm.SHA256_WITH_ECDSA.getSigAlgName(), caInfoVO.getRootPrivateKey(), getProtectedBytes(build, pKIBody)));
                }
            } else if (sigAlgOID.equalsIgnoreCase(SM2ObjectIdentifiers.sm2SignWithSm3.getId())) {
                pKIHeaderBuilder.setProtectionAlg(new AlgorithmIdentifier(SM2ObjectIdentifiers.sm2SignWithSm3));
                build = pKIHeaderBuilder.build();
                signByYunHsm = GMSSLSM2SignUtils.signByYunhsm(caInfoVO.getCaPwdBean().getKeyIndex().intValue(), caInfoVO.getCaPwdBean().getPrivateKeyPin(), Base64.toBase64String(getProtectedBytes(build, pKIBody)));
            } else if (sigAlgOID.equalsIgnoreCase(RsaObjectIdentifiers.sha1WithRSA.getId())) {
                pKIHeaderBuilder.setProtectionAlg(new AlgorithmIdentifier(RsaObjectIdentifiers.sha1WithRSA));
                build = pKIHeaderBuilder.build();
                signByYunHsm = GMSSLRSASignUtils.signByYunHsm(SdfSHAType.SHA1_WITH_RSA.getSigAlgName(), caInfoVO.getCaPwdBean().getKeyIndex().intValue(), caInfoVO.getCaPwdBean().getPrivateKeyPin(), Base64.toBase64String(getProtectedBytes(build, pKIBody)));
            } else {
                if (!sigAlgOID.equalsIgnoreCase(RsaObjectIdentifiers.sha256WithRSA.getId())) {
                    if (sigAlgOID.equalsIgnoreCase(NISTObjectIdentifiers.nistSignAlgorithm.getId())) {
                        logger.info("=============================暂不支持nist算法签名=================================");
                        return null;
                    }
                    logger.info("CA证书签名算法有误");
                    return null;
                }
                pKIHeaderBuilder.setProtectionAlg(new AlgorithmIdentifier(RsaObjectIdentifiers.sha256WithRSA));
                build = pKIHeaderBuilder.build();
                signByYunHsm = GMSSLRSASignUtils.signByYunHsm(SdfSHAType.SHA256_WITH_RSA.getSigAlgName(), caInfoVO.getCaPwdBean().getKeyIndex().intValue(), caInfoVO.getCaPwdBean().getPrivateKeyPin(), Base64.toBase64String(getProtectedBytes(build, pKIBody)));
            }
            return new PKIMessage(build, pKIBody, new DERBitString(GMSSLByteArrayUtils.base64Decode(signByYunHsm)));
        } catch (Exception e) {
            logger.error("调用密码机签名异常{}", e);
            return null;
        }
    }

    public static byte[] getProtectedBytes(PKIMessage pKIMessage) {
        return getProtectedBytes(pKIMessage.getHeader(), pKIMessage.getBody());
    }

    public static byte[] getProtectedBytes(PKIHeader pKIHeader, PKIBody pKIBody) {
        byte[] bArr = null;
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(pKIHeader);
        aSN1EncodableVector.add(pKIBody);
        DERSequence dERSequence = new DERSequence(aSN1EncodableVector);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new DEROutputStream(byteArrayOutputStream).writeObject(dERSequence);
            bArr = byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            logger.error(e.getLocalizedMessage(), e);
        }
        return bArr;
    }

    public static CertResponse genCertResponse(long j, ManagerCertInfo managerCertInfo, int i) {
        CertifiedKeyPair certifiedKeyPair = null;
        CertResponse certResponse = null;
        if (i == 1) {
            try {
                certifiedKeyPair = new CertifiedKeyPair(new CertOrEncCert(CertUtils.getCMPCert(CertUtils.getCertFromStr(managerCertInfo.getSignCert()))[0]), (EncryptedValue) null, (PKIPublicationInfo) null);
            } catch (Exception e) {
                e.printStackTrace();
            }
            certResponse = new CertResponse(new ASN1Integer(j), new PKIStatusInfo(PKIStatus.granted), certifiedKeyPair, (ASN1OctetString) null);
        } else if (i == 4) {
            try {
                EnvelopedData envelopedData = new EnvelopedData(ASN1Sequence.getInstance(Base64.decode(managerCertInfo.getEncCert())));
                ASN1Set recipientInfos = envelopedData.getRecipientInfos();
                EncryptedContentInfo encryptedContentInfo = envelopedData.getEncryptedContentInfo();
                AlgorithmIdentifier contentEncryptionAlgorithm = encryptedContentInfo.getContentEncryptionAlgorithm();
                ASN1OctetString encryptedContent = encryptedContentInfo.getEncryptedContent();
                KeyTransRecipientInfo keyTransRecipientInfo = KeyTransRecipientInfo.getInstance(recipientInfos.getObjectAt(0));
                EncryptedValue encryptedValue = null;
                try {
                    encryptedValue = new EncryptedValue((AlgorithmIdentifier) null, keyTransRecipientInfo.getKeyEncryptionAlgorithm(), new DERBitString(keyTransRecipientInfo.getEncryptedKey()), contentEncryptionAlgorithm, (ASN1OctetString) null, new DERBitString(encryptedContent));
                } catch (IOException e2) {
                    e2.printStackTrace();
                }
                certifiedKeyPair = new CertifiedKeyPair(new CertOrEncCert(encryptedValue), (EncryptedValue) null, (PKIPublicationInfo) null);
            } catch (Exception e3) {
                e3.printStackTrace();
            }
            certResponse = new CertResponse(new ASN1Integer(-1L), new PKIStatusInfo(PKIStatus.granted), certifiedKeyPair, new DEROctetString(managerCertInfo.getEncCert().getBytes()));
        }
        return certResponse;
    }

    public static CertResponse genCertResponse(long j, UserCertInfo userCertInfo, int i) {
        CertifiedKeyPair certifiedKeyPair = null;
        byte[] bArr = null;
        CertResponse certResponse = null;
        if (i == 1) {
            try {
                certifiedKeyPair = new CertifiedKeyPair(new CertOrEncCert(CertUtils.getCMPCert(CertUtils.getCertFromStr(userCertInfo.getSignCert()))[0]), (EncryptedValue) null, (PKIPublicationInfo) null);
            } catch (Exception e) {
                e.printStackTrace();
            }
            certResponse = new CertResponse(new ASN1Integer(j), new PKIStatusInfo(PKIStatus.granted), certifiedKeyPair, (ASN1OctetString) null);
        } else if (i == 2) {
            try {
                CertOrEncCert certOrEncCert = new CertOrEncCert(CertUtils.getCMPCert(CertUtils.getCertFromStr(userCertInfo.getEncCert()))[0]);
                SignedAndEnvelopedData signedAndEnvelopedData = new SignedAndEnvelopedData(ASN1Sequence.getInstance(Base64.decode(userCertInfo.getEncPriKey())));
                bArr = signedAndEnvelopedData.getDEREncoded();
                ASN1Set recipientInfos = signedAndEnvelopedData.getRecipientInfos();
                EncryptedContentInfo encryptedContentInfo = signedAndEnvelopedData.getEncryptedContentInfo();
                AlgorithmIdentifier contentEncryptionAlgorithm = encryptedContentInfo.getContentEncryptionAlgorithm();
                ASN1OctetString encryptedContent = encryptedContentInfo.getEncryptedContent();
                KeyTransRecipientInfo keyTransRecipientInfo = KeyTransRecipientInfo.getInstance(recipientInfos.getObjectAt(0));
                EncryptedValue encryptedValue = null;
                try {
                    encryptedValue = new EncryptedValue((AlgorithmIdentifier) null, keyTransRecipientInfo.getKeyEncryptionAlgorithm(), new DERBitString(keyTransRecipientInfo.getEncryptedKey()), contentEncryptionAlgorithm, (ASN1OctetString) null, new DERBitString(encryptedContent));
                } catch (IOException e2) {
                    e2.printStackTrace();
                }
                certifiedKeyPair = new CertifiedKeyPair(certOrEncCert, encryptedValue, (PKIPublicationInfo) null);
            } catch (Exception e3) {
                e3.printStackTrace();
                logger.debug("封装明文加密证书和加密私钥信封");
            }
            certResponse = new CertResponse(new ASN1Integer(-1L), new PKIStatusInfo(PKIStatus.granted), certifiedKeyPair, new DEROctetString(Base64.encode(bArr)));
        } else if (i == 3) {
            try {
                certifiedKeyPair = new CertifiedKeyPair(new CertOrEncCert(CertUtils.getCMPCert(CertUtils.getCertFromStr(userCertInfo.getEncCert()))[0]), (EncryptedValue) null, (PKIPublicationInfo) null);
            } catch (Exception e4) {
                e4.printStackTrace();
            }
            certResponse = new CertResponse(new ASN1Integer(-1L), new PKIStatusInfo(PKIStatus.granted), certifiedKeyPair, (ASN1OctetString) null);
        } else if (i == 4) {
            try {
                EnvelopedData envelopedData = EnvelopedData.getInstance(userCertInfo.getEncCert());
                bArr = envelopedData.getEncoded();
                ASN1Set recipientInfos2 = envelopedData.getRecipientInfos();
                EncryptedContentInfo encryptedContentInfo2 = envelopedData.getEncryptedContentInfo();
                AlgorithmIdentifier contentEncryptionAlgorithm2 = encryptedContentInfo2.getContentEncryptionAlgorithm();
                ASN1OctetString encryptedContent2 = encryptedContentInfo2.getEncryptedContent();
                KeyTransRecipientInfo keyTransRecipientInfo2 = KeyTransRecipientInfo.getInstance(recipientInfos2.getObjectAt(0));
                EncryptedValue encryptedValue2 = null;
                try {
                    encryptedValue2 = new EncryptedValue((AlgorithmIdentifier) null, keyTransRecipientInfo2.getKeyEncryptionAlgorithm(), new DERBitString(keyTransRecipientInfo2.getEncryptedKey()), contentEncryptionAlgorithm2, (ASN1OctetString) null, new DERBitString(encryptedContent2));
                } catch (IOException e5) {
                    e5.printStackTrace();
                }
                certifiedKeyPair = new CertifiedKeyPair(new CertOrEncCert(encryptedValue2), (EncryptedValue) null, (PKIPublicationInfo) null);
            } catch (Exception e6) {
                e6.printStackTrace();
            }
            certResponse = new CertResponse(new ASN1Integer(j), new PKIStatusInfo(PKIStatus.granted), certifiedKeyPair, new DEROctetString(Base64.encode(bArr)));
        }
        return certResponse;
    }

    public static CertRepMessage genFailCertResponse(long j, int i, String str) {
        return new CertRepMessage((CMPCertificate[]) null, new CertResponse[]{new CertResponse(new ASN1Integer(j), new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(str), new PKIFailureInfo(i)), (CertifiedKeyPair) null, (ASN1OctetString) null)});
    }

    public static RevRepContent genFailRevRepContent(long j, int i, String str) {
        PKIFailureInfo pKIFailureInfo = new PKIFailureInfo(i);
        PKIStatusInfo pKIStatusInfo = new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(str), pKIFailureInfo);
        RevRepContentBuilder revRepContentBuilder = new RevRepContentBuilder();
        revRepContentBuilder.add(pKIStatusInfo);
        return revRepContentBuilder.build();
    }

    public static KeyRecRepContent genKeyRecRepContent(UserCertInfo userCertInfo) throws IOException, CertificateEncodingException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new PKIStatusInfo(PKIStatus.granted));
        aSN1EncodableVector.add(new DERTaggedObject(true, 0, new CMPCertificate(CertUtils.getCMPCert(CertUtils.getCertFromStr(userCertInfo.getSignCert()))[0].getX509v3PKCert())));
        CertOrEncCert certOrEncCert = new CertOrEncCert(CertUtils.getCMPCert(CertUtils.getCertFromStr(userCertInfo.getEncCert()))[0]);
        SignedAndEnvelopedData signedAndEnvelopedData = new SignedAndEnvelopedData(ASN1Sequence.getInstance(Base64.decode(userCertInfo.getEncPriKey())));
        ASN1Set recipientInfos = signedAndEnvelopedData.getRecipientInfos();
        EncryptedContentInfo encryptedContentInfo = signedAndEnvelopedData.getEncryptedContentInfo();
        AlgorithmIdentifier contentEncryptionAlgorithm = encryptedContentInfo.getContentEncryptionAlgorithm();
        ASN1OctetString encryptedContent = encryptedContentInfo.getEncryptedContent();
        KeyTransRecipientInfo keyTransRecipientInfo = KeyTransRecipientInfo.getInstance(recipientInfos.getObjectAt(0));
        CertifiedKeyPair certifiedKeyPair = new CertifiedKeyPair(certOrEncCert, new EncryptedValue((AlgorithmIdentifier) null, contentEncryptionAlgorithm, new DERBitString(keyTransRecipientInfo.getEncryptedKey().getOctets()), keyTransRecipientInfo.getKeyEncryptionAlgorithm(), (ASN1OctetString) null, new DERBitString(encryptedContent.getOctets())), (PKIPublicationInfo) null);
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        aSN1EncodableVector2.add(certifiedKeyPair);
        aSN1EncodableVector.add(new DERTaggedObject(true, 2, new DERSequence(aSN1EncodableVector2)));
        return KeyRecRepContent.getInstance(new DERSequence(aSN1EncodableVector));
    }

    public static RevRepContent genRevRepContent() {
        PKIStatusInfo pKIStatusInfo = new PKIStatusInfo(PKIStatus.granted);
        RevRepContentBuilder revRepContentBuilder = new RevRepContentBuilder();
        revRepContentBuilder.add(pKIStatusInfo);
        return revRepContentBuilder.build();
    }

    public static KeyRecRepContent genFailKeyRecRepContent(int i, String str) {
        PKIFailureInfo pKIFailureInfo = new PKIFailureInfo(i);
        return KeyRecRepContent.getInstance(new DERSequence(new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(str), pKIFailureInfo)));
    }
}
