package com.xdja.pki.ca.openapi.cmp.handler;

import com.xdja.pki.ca.certmanager.service.racert.OpenApiCMPManagerService;
import com.xdja.pki.ca.certmanager.service.racert.OpenApiCMPService;
import com.xdja.pki.ca.certmanager.service.racert.bean.RAServerCertVO;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.enums.KeyAlgEnum;
import com.xdja.pki.ca.openapi.asn1.NISTObjectIdentifiers;
import com.xdja.pki.ca.openapi.asn1.SM2ObjectIdentifiers;
import com.xdja.pki.ca.openapi.cmp.PKIMessageException;
import com.xdja.pki.ca.openapi.cmp.vo.FreeText;
import com.xdja.pki.ca.openapi.cmp.vo.RevokeCertInfo;
import com.xdja.pki.ca.openpki.cmp.helper.PKIMessageHelper;
import com.xdja.pki.ca.openpki.cmp.utils.CertUtils;
import com.xdja.pki.ca.openpki.cmp.utils.JsonUtils;
import java.io.IOException;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIFreeText;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.cmp.RevRepContent;
import org.bouncycastle.asn1.cmp.RevReqContent;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.GeneralName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component("cmpRevokeCertReqHandler")
/* loaded from: input_file:WEB-INF/classes/com/xdja/pki/ca/openapi/cmp/handler/CmpRevokeCertReqHandler.class */
public class CmpRevokeCertReqHandler implements ICmpMessageHandler {
    protected Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    OpenApiCMPService openApiCMPService;

    @Autowired
    OpenApiCMPManagerService openApiCMPManagerService;

    @Override // com.xdja.pki.ca.openapi.cmp.handler.ICmpMessageHandler
    public Result handleMessage(PKIMessage pKIMessage, boolean z) throws PKIMessageException, IOException {
        Result doRevokeManagerCert;
        this.logger.info("撤销/冻结/解冻申请 ========== 【开始】");
        Result result = new Result();
        this.logger.info("撤销/冻结/解冻申请 ========== 1. 获取PkiMessage消息结构");
        PKIMessage pKIMessage2 = PKIMessage.getInstance(pKIMessage);
        if (pKIMessage2 == null) {
            this.logger.info("撤销/冻结/解冻申请 ========== 没有收到包含PKIMessage消息体的请求");
            throw new PKIMessageException("撤销/冻结/解冻申请 ========== 没有收到包含PKIMessage消息体的请求");
        }
        this.logger.info("撤销/冻结/解冻申请 ========== 2. 获取PkiMessage消息头PKIHeader");
        PKIHeader header = pKIMessage2.getHeader();
        if (header == null) {
            this.logger.info("撤销/冻结/解冻申请 ========== 收到的消息体中未包含消息头信息");
            throw new PKIMessageException("撤销/冻结/解冻申请 ========== 收到的消息体中未包含消息头信息");
        }
        GeneralName sender = header.getSender();
        GeneralName recipient = header.getRecipient();
        byte[] bArr = new byte[0];
        byte[] bArr2 = new byte[0];
        try {
            byte[] octets = header.getRecipNonce().getOctets();
            byte[] octets2 = header.getSenderNonce().getOctets();
            String str = new String(header.getTransactionID().getOctets());
            AlgorithmIdentifier protectionAlg = header.getProtectionAlg();
            this.logger.info("撤销/冻结/解冻申请 ========== 3. 验证cmp消息的header和签名的正确性");
            FreeText freeText = null;
            PKIFreeText freeText2 = header.getFreeText();
            if (freeText2 != null) {
                freeText = (FreeText) JsonUtils.json2Object(freeText2.getStringAt(0).getString(), FreeText.class);
                if (freeText == null) {
                    this.logger.info("撤销/冻结/解冻申请 ========== PKI消息体中不包含撤销原因信息");
                    result.setInfo(PKIMessageHelper.generatePKIMessage(sender, recipient, 12, octets, octets2, str, PKIMessageHelper.genFailRevRepContent(-1L, ErrorEnum.PKI_MESSAGE_NOT_CONTENT_REVOKE_INFO.code, ErrorEnum.PKI_MESSAGE_NOT_CONTENT_REVOKE_INFO.desc), null));
                    return result;
                }
            }
            String raSignSn = freeText.getRaSignSn();
            int i = KeyAlgEnum.RSA.value;
            if (protectionAlg.getAlgorithm().getId().equalsIgnoreCase(SM2ObjectIdentifiers.sm2SignWithSm3.getId())) {
                i = KeyAlgEnum.SM2.value;
            } else if (protectionAlg.getAlgorithm().getId().equalsIgnoreCase(NISTObjectIdentifiers.nistSignAlgorithm.getId())) {
                i = KeyAlgEnum.NIST.value;
            }
            Result serverCertInfoBySignSn = this.openApiCMPService.getServerCertInfoBySignSn(raSignSn, Integer.valueOf(i));
            if (!serverCertInfoBySignSn.isSuccess()) {
                this.logger.info("撤销/冻结/解冻申请 ========== 获取RA服务器证书错误:" + JsonUtils.object2Json(serverCertInfoBySignSn));
                result.setInfo(PKIMessageHelper.generatePKIMessage(sender, recipient, 12, octets, octets2, str, PKIMessageHelper.genFailRevRepContent(-1L, ErrorEnum.GET_RA_SERVICE_CERT_ERROR.code, ErrorEnum.GET_RA_SERVICE_CERT_ERROR.desc), null));
                return result;
            }
            Result checkCmpHeaderAndSign = PKIMessageHelper.checkCmpHeaderAndSign(CertUtils.getCertFromStr(((RAServerCertVO) serverCertInfoBySignSn.getInfo()).getServerCert()).getPublicKey(), header, pKIMessage2.getProtection().getBytes(), PKIMessageHelper.getProtectedBytes(pKIMessage));
            if (!checkCmpHeaderAndSign.isSuccess()) {
                this.logger.info("撤销/冻结/解冻申请 ========== 3.1 验证cmp消息的header和签名错误 原因：" + JsonUtils.object2Json(checkCmpHeaderAndSign));
                result.setInfo(PKIMessageHelper.generatePKIMessage(sender, recipient, 12, octets, octets2, str, PKIMessageHelper.genFailRevRepContent(-1L, checkCmpHeaderAndSign.getError().code, checkCmpHeaderAndSign.getError().desc), null));
                return result;
            }
            PKIBody body = pKIMessage2.getBody();
            if (body == null) {
                this.logger.info("撤销/冻结/解冻申请 ========== 没有对应的PKI消息体");
                result.setInfo(PKIMessageHelper.generatePKIMessage(sender, recipient, 12, octets, octets2, str, PKIMessageHelper.genFailRevRepContent(-1L, ErrorEnum.NO_PKI_BODY_FOR_RECEIVED.code, ErrorEnum.NO_PKI_BODY_FOR_RECEIVED.desc), null));
                return result;
            }
            if (body.getType() != 11) {
                this.logger.info("撤销/冻结/解冻申请 ========== PKI消息体的类型不是11");
                result.setInfo(PKIMessageHelper.generatePKIMessage(sender, recipient, 12, octets, octets2, str, PKIMessageHelper.genFailRevRepContent(-1L, ErrorEnum.REVOKED_CERT_PKI_BODY_TAG_NOT_11.code, ErrorEnum.REVOKED_CERT_PKI_BODY_TAG_NOT_11.desc), null));
                return result;
            }
            RevReqContent content = body.getContent();
            if (content == null) {
                this.logger.info("撤销/冻结/解冻申请 ========== PKI消息中RevReqContent为空");
                result.setInfo(PKIMessageHelper.generatePKIMessage(sender, recipient, 12, octets, octets2, str, PKIMessageHelper.genFailRevRepContent(-1L, ErrorEnum.PKI_BODY_REV_REQ_CONTENT_IS_EMPTY.code, ErrorEnum.PKI_BODY_REV_REQ_CONTENT_IS_EMPTY.desc), null));
                return result;
            }
            String lowerCase = content.toRevDetailsArray()[0].getCertDetails().getSerialNumber().getValue().toString(16).toLowerCase();
            RevokeCertInfo revokeCertInfo = freeText.getRevokeCertInfo();
            int applyUserType = freeText.getApplyUserType();
            int revokeType = revokeCertInfo.getRevokeType();
            if (applyUserType == 1) {
                if (revokeType == 6) {
                    this.logger.info("冻结申请 ========== 4. 发起冻结用户双证书请求");
                    doRevokeManagerCert = this.openApiCMPService.doFreezeUserCert(lowerCase, revokeCertInfo.getRevokeReason());
                } else if (revokeType == 8) {
                    this.logger.info("解冻申请 ========== 4. 发起解冻用户双证书请求");
                    doRevokeManagerCert = this.openApiCMPService.doUnFreezeUserCert(lowerCase, revokeCertInfo.getRevokeReason());
                } else {
                    this.logger.info("撤销申请 ========== 4. 发起撤销用户双证书请求");
                    doRevokeManagerCert = this.openApiCMPService.doRevokeUserCert(lowerCase, Integer.valueOf(i), true, revokeType, revokeCertInfo.getRevokeReason(), false);
                }
            } else {
                if (applyUserType != 2) {
                    this.logger.info("撤销/冻结/解冻申请 ========== RA申请用户类型不支持");
                    result.setInfo(PKIMessageHelper.generatePKIMessage(sender, recipient, 12, octets, octets2, str, PKIMessageHelper.genFailRevRepContent(-1L, ErrorEnum.APPLY_USER_TYPE_NOT_SUPPORT.code, ErrorEnum.APPLY_USER_TYPE_NOT_SUPPORT.desc), null));
                    return result;
                }
                this.logger.info("撤销/冻结/解冻申请 ========== 4. 发起撤销管理员双证书请求");
                doRevokeManagerCert = this.openApiCMPManagerService.doRevokeManagerCert(lowerCase, Integer.valueOf(i), revokeType, revokeCertInfo.getRevokeReason());
            }
            if (!doRevokeManagerCert.isSuccess()) {
                this.logger.info("撤销/冻结/解冻申请 ========== 4.1. 撤销用户双证书请求错误");
                result.setInfo(PKIMessageHelper.generatePKIMessage(sender, recipient, 12, octets, octets2, str, PKIMessageHelper.genFailRevRepContent(-1L, doRevokeManagerCert.getError().code, doRevokeManagerCert.getError().desc), null));
                return result;
            }
            this.logger.info("撤销/冻结/解冻申请 ========== CA返回的证书撤销请求的响应结果>>>>>>>" + JsonUtils.object2Json(doRevokeManagerCert));
            this.logger.info("撤销/冻结/解冻申请 ========== 5. 封装CertRepMessage结构体");
            RevRepContent genRevRepContent = PKIMessageHelper.genRevRepContent();
            this.logger.info("撤销/冻结/解冻申请 ========== 6. 封装PKIMessage结构体");
            result.setInfo(PKIMessageHelper.generatePKIMessage(sender, recipient, 12, octets, octets2, str, genRevRepContent, null));
            this.logger.info("撤销/冻结/解冻申请 ========== 【结束】");
            return result;
        } catch (Exception e) {
            this.logger.info("撤销/冻结/解冻申请 ========== 收到的消息体中未包含消息头未包含必填信息");
            throw new PKIMessageException("撤销/冻结/解冻申请 ========== 收到的消息体中未包含消息头未包含必填信息", e);
        }
    }
}
