package com.xdja.ca.sdk;

import com.alibaba.fastjson.JSON;
import com.xdja.ca.utils.CMPSendHttpUtils;
import com.xdja.ca.utils.P10Utils;
import com.xdja.ca.utils.SdkCertUtils;
import com.xdja.ca.utils.SdkFileUtils;
import com.xdja.ca.vo.FreeText;
import com.xdja.ca.vo.TempInfo;
import com.xdja.ca.vo.UpdateCertInfo;
import com.xdja.ca.vo.UserCertInfo;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.Map;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.cmp.CMPCertificate;
import org.bouncycastle.asn1.cmp.CertConfirmContent;
import org.bouncycastle.asn1.cmp.CertOrEncCert;
import org.bouncycastle.asn1.cmp.CertRepMessage;
import org.bouncycastle.asn1.cmp.CertResponse;
import org.bouncycastle.asn1.cmp.CertStatus;
import org.bouncycastle.asn1.cmp.CertifiedKeyPair;
import org.bouncycastle.asn1.cmp.ErrorMsgContent;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIFailureInfo;
import org.bouncycastle.asn1.cmp.PKIFreeText;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIHeaderBuilder;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.cmp.PKIStatus;
import org.bouncycastle.asn1.cmp.PKIStatusInfo;
import org.bouncycastle.asn1.cmp.RevDetails;
import org.bouncycastle.asn1.cmp.RevReqContent;
import org.bouncycastle.asn1.crmf.AttributeTypeAndValue;
import org.bouncycastle.asn1.crmf.CertReqMessages;
import org.bouncycastle.asn1.crmf.CertReqMsg;
import org.bouncycastle.asn1.crmf.CertRequest;
import org.bouncycastle.asn1.crmf.CertTemplateBuilder;
import org.bouncycastle.asn1.crmf.Controls;
import org.bouncycastle.asn1.crmf.OptionalValidity;
import org.bouncycastle.asn1.crmf.ProofOfPossession;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:com/xdja/ca/sdk/CmpApi.class */
public class CmpApi {
    protected static final transient Logger logger = Logger.getLogger(CmpApi.class.getClass());
    static final ASN1ObjectIdentifier smAlgorithm = new ASN1ObjectIdentifier("1.2.156.10197.1");
    static final ASN1ObjectIdentifier SM3withSM2 = smAlgorithm.branch("501");
    private static X509Certificate cacert;

    public byte[] sendRandomNumReq(byte[] bArr, String str) {
        String sendGet = CMPSendHttpUtils.sendGet(str, "transId=" + Base64.toBase64String(bArr));
        if (sendGet == null || sendGet == "") {
            return null;
        }
        return Base64.decode(sendGet.getBytes());
    }

    public Result sendIssuerCertReqMessages(String str, String str2, byte[] bArr, int i, TempInfo tempInfo, String str3, String str4, String str5) {
        Result result = new Result();
        byte[] sendRandomNumReq = sendRandomNumReq(bArr, str5);
        byte[] bArr2 = null;
        ASN1ObjectIdentifier aSN1ObjectIdentifier = null;
        String str6 = null;
        if (str3 != null && str3 != "") {
            bArr2 = P10Utils.p10ToPublicKey(str3).getEncoded();
            aSN1ObjectIdentifier = P10Utils.p10ToSignAlgo(str3);
            str6 = P10Utils.p10ToSignValue(str3);
        }
        long time = new Date().getTime();
        CertRequest genCertRequest = genCertRequest(i, str4, bArr2, aSN1ObjectIdentifier, time);
        if (genCertRequest == null) {
            result.setErrCode(111);
            result.setErrMsg("封装certRequest错误");
            return result;
        }
        CertReqMessages genCertReqMessages = genCertReqMessages(false, genCertRequest, aSN1ObjectIdentifier, str6);
        if (genCertReqMessages == null) {
            result.setErrCode(111);
            result.setErrMsg("封装certReqMessages错误");
            return result;
        }
        byte[] bArr3 = new byte[16];
        new SecureRandom().nextBytes(bArr3);
        FreeText freeText = new FreeText();
        freeText.setTempInfo(tempInfo);
        Map<String, Object> map = CommonVariable.getMap();
        if (((BaseCMPInfo) map.get(new String(Base64.encode(bArr)))) == null) {
            map.put(new String(Base64.encode(bArr)), new BaseCMPInfo(bArr3, sendRandomNumReq, bArr, time, 0));
        }
        PKIMessage genPKIMessage = genPKIMessage(str, str2, 0, sendRandomNumReq, bArr3, bArr, genCertReqMessages, JSON.toJSONString(freeText));
        if (genPKIMessage == null) {
            result.setErrCode(111);
            result.setErrMsg("封装PKIMessage错误");
            return result;
        }
        byte[] sendCmpHttpPost = sendCmpHttpPost(genPKIMessage, str5);
        if (sendCmpHttpPost == null) {
            result.setErrCode(222);
            result.setErrMsg("没有收到CA的返回结果");
            return result;
        }
        Result checkCmpHeaderAndSign = checkCmpHeaderAndSign(sendCmpHttpPost, str, str2, bArr3, bArr);
        if (!checkCmpHeaderAndSign.isSuccess()) {
            sendCmpHttpPost(genPKIMessage(str, str2, 23, sendRandomNumReq, bArr3, bArr, genErrorMsgContent(PKIStatus.keyUpdateWaiting, checkCmpHeaderAndSign.getErrCode(), checkCmpHeaderAndSign.getErrMsg()), ""), str5);
            result.setErrCode(checkCmpHeaderAndSign.getErrCode());
            result.setErrMsg(checkCmpHeaderAndSign.getErrMsg());
            return result;
        }
        Result resolveVarietyRepMessage = resolveVarietyRepMessage(sendCmpHttpPost, bArr, str4);
        if (resolveVarietyRepMessage.isSuccess()) {
            result.setInfo(resolveVarietyRepMessage.getInfo());
            result.setSuccess(true);
            return result;
        }
        if (resolveVarietyRepMessage.getErrCode() == -1) {
            result.setErrCode(resolveVarietyRepMessage.getErrCode());
            result.setErrMsg(resolveVarietyRepMessage.getErrMsg());
            return result;
        }
        sendCmpHttpPost(genPKIMessage(str, str2, 23, sendRandomNumReq, bArr3, bArr, genErrorMsgContent(PKIStatus.waiting, resolveVarietyRepMessage.getErrCode(), resolveVarietyRepMessage.getErrMsg()), ""), str5);
        result.setErrCode(resolveVarietyRepMessage.getErrCode());
        result.setErrMsg(resolveVarietyRepMessage.getErrMsg());
        return result;
    }

    public Result sendUpdateCertReqMessages(String str, String str2, byte[] bArr, int i, TempInfo tempInfo, UpdateCertInfo updateCertInfo, String str3, String str4, String str5) {
        Result result = new Result();
        byte[] sendRandomNumReq = sendRandomNumReq(bArr, str5);
        byte[] bArr2 = null;
        ASN1ObjectIdentifier aSN1ObjectIdentifier = null;
        String str6 = null;
        if (updateCertInfo != null) {
            bArr2 = updateCertInfo.getPublicKey();
            aSN1ObjectIdentifier = updateCertInfo.getSignAlgo();
            str6 = updateCertInfo.getSignValue();
        }
        long time = new Date().getTime();
        CertReqMessages genCertReqMessages = genCertReqMessages(true, genCertRequest(i, str4, bArr2, aSN1ObjectIdentifier, time), aSN1ObjectIdentifier, str6);
        if (genCertReqMessages == null) {
            result.setErrCode(111);
            result.setErrMsg("封装certReqMessages错误");
            return result;
        }
        byte[] bArr3 = new byte[16];
        new SecureRandom().nextBytes(bArr3);
        FreeText freeText = new FreeText();
        freeText.setTempInfo(tempInfo);
        freeText.setSignSn(str3);
        Map<String, Object> map = CommonVariable.getMap();
        if (((BaseCMPInfo) map.get(new String(Base64.encode(bArr)))) == null) {
            map.put(new String(Base64.encode(bArr)), new BaseCMPInfo(bArr3, sendRandomNumReq, bArr, time, 0));
        }
        byte[] sendCmpHttpPost = sendCmpHttpPost(genPKIMessage(str, str2, 7, sendRandomNumReq, bArr3, bArr, genCertReqMessages, JSON.toJSONString(freeText)), str5);
        if (sendCmpHttpPost == null) {
            result.setErrCode(222);
            result.setErrMsg("没有收到CA的返回结果");
            return result;
        }
        Result checkCmpHeaderAndSign = checkCmpHeaderAndSign(sendCmpHttpPost, str, str2, bArr3, bArr);
        if (!checkCmpHeaderAndSign.isSuccess()) {
            sendCmpHttpPost(genPKIMessage(str, str2, 23, sendRandomNumReq, bArr3, bArr, genErrorMsgContent(PKIStatus.rejection, checkCmpHeaderAndSign.getErrCode(), checkCmpHeaderAndSign.getErrMsg()), ""), str5);
            result.setErrCode(checkCmpHeaderAndSign.getErrCode());
            result.setErrMsg(checkCmpHeaderAndSign.getErrMsg());
            return result;
        }
        Result resolveVarietyRepMessage = resolveVarietyRepMessage(sendCmpHttpPost, bArr, str4);
        if (resolveVarietyRepMessage.isSuccess()) {
            result.setInfo(resolveVarietyRepMessage.getInfo());
            result.setSuccess(true);
            return result;
        }
        if (resolveVarietyRepMessage.getErrCode() == -1) {
            result.setErrCode(resolveVarietyRepMessage.getErrCode());
            result.setErrMsg(resolveVarietyRepMessage.getErrMsg());
            return result;
        }
        sendCmpHttpPost(genPKIMessage(str, str2, 23, sendRandomNumReq, bArr3, bArr, genErrorMsgContent(PKIStatus.waiting, resolveVarietyRepMessage.getErrCode(), resolveVarietyRepMessage.getErrMsg()), ""), str5);
        result.setErrCode(resolveVarietyRepMessage.getErrCode());
        result.setErrMsg(resolveVarietyRepMessage.getErrMsg());
        return result;
    }

    public Result sendRecoveryCertReqMessages(String str, String str2, byte[] bArr, long j, String str3, String str4, String str5) {
        Result result = new Result();
        byte[] sendRandomNumReq = sendRandomNumReq(bArr, str5);
        RevReqContent genRevReqContent = genRevReqContent(str2, str4, j);
        byte[] bArr2 = new byte[16];
        new SecureRandom().nextBytes(bArr2);
        PKIMessage genPKIMessage = genPKIMessage(str, str2, 11, sendRandomNumReq, bArr2, bArr, genRevReqContent, "");
        if (genPKIMessage == null) {
            result.setErrCode(111);
            result.setErrMsg("封装PKIMessage错误");
            return result;
        }
        byte[] sendCmpHttpPost = sendCmpHttpPost(genPKIMessage, str5);
        Result checkCmpHeaderAndSign = checkCmpHeaderAndSign(sendCmpHttpPost, str, str2, bArr2, bArr);
        if (!checkCmpHeaderAndSign.isSuccess()) {
            sendCmpHttpPost(genPKIMessage(str, str2, 23, sendRandomNumReq, bArr2, bArr, genErrorMsgContent(PKIStatus.keyUpdateWaiting, checkCmpHeaderAndSign.getErrCode(), checkCmpHeaderAndSign.getErrMsg()), ""), str5);
            result.setErrCode(checkCmpHeaderAndSign.getErrCode());
            result.setErrMsg(checkCmpHeaderAndSign.getErrMsg());
            return result;
        }
        Result resolveVarietyRepMessage = resolveVarietyRepMessage(sendCmpHttpPost, bArr, str4);
        if (resolveVarietyRepMessage.isSuccess()) {
            result.setInfo(resolveVarietyRepMessage.getInfo());
            result.setSuccess(true);
            return result;
        }
        sendCmpHttpPost(genPKIMessage(str, str2, 23, sendRandomNumReq, bArr2, bArr, genErrorMsgContent(PKIStatus.rejection, resolveVarietyRepMessage.getErrCode(), resolveVarietyRepMessage.getErrMsg()), ""), str5);
        result.setErrCode(resolveVarietyRepMessage.getErrCode());
        result.setErrMsg(resolveVarietyRepMessage.getErrMsg());
        return result;
    }

    public void sendCertConfirmContent(String str, String str2, byte[] bArr, byte[] bArr2, long j, String str3) {
        sendCmpHttpPost(genPKIMessage(str, str2, 24, bArr, null, bArr2, genCertConfirmContent("syg", j), ""), str3);
    }

    public void sendErrorMsgContent(String str, String str2, byte[] bArr, byte[] bArr2, int i, String str3, String str4) {
        sendCmpHttpPost(genPKIMessage(str, str2, 23, bArr, null, bArr2, genErrorMsgContent(PKIStatus.rejection, i, str3), ""), str4);
    }

    private CertRequest genCertRequest(int i, String str, byte[] bArr, ASN1ObjectIdentifier aSN1ObjectIdentifier, long j) {
        OptionalValidity optionalValidity = null;
        if (i != 0) {
            Date date = new Date();
            Calendar calendar = Calendar.getInstance();
            calendar.setTime(date);
            calendar.add(5, i);
            Date time = calendar.getTime();
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(new DERTaggedObject(true, 0, new Time(date)));
            aSN1EncodableVector.add(new DERTaggedObject(true, 1, new Time(time)));
            optionalValidity = OptionalValidity.getInstance(new DERSequence(aSN1EncodableVector));
        }
        CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
        certTemplateBuilder.setVersion(1);
        certTemplateBuilder.setSigningAlg(new AlgorithmIdentifier(aSN1ObjectIdentifier));
        certTemplateBuilder.setValidity(optionalValidity);
        certTemplateBuilder.setSubject(new X500Name(str));
        if (bArr == null) {
            return null;
        }
        certTemplateBuilder.setPublicKey(SubjectPublicKeyInfo.getInstance(bArr));
        return new CertRequest(new ASN1Integer(j), certTemplateBuilder.build(), (Controls) null);
    }

    private CertReqMessages genCertReqMessages(boolean z, CertRequest certRequest, ASN1ObjectIdentifier aSN1ObjectIdentifier, String str) {
        if (z && str != null) {
            SubjectPublicKeyInfo publicKey = certRequest.getCertTemplate().getPublicKey();
            try {
                Signature signature = Signature.getInstance("SM3WithSM2");
                signature.initVerify((PublicKey) publicKey.parsePublicKey());
                if (!signature.verify(str.getBytes())) {
                    logger.info("RA验证签名POP失败");
                    return null;
                }
            } catch (Exception e) {
                logger.error("RA验证POP异常，原因{}", e);
                return null;
            }
        }
        return new CertReqMessages(new CertReqMsg(certRequest, (ProofOfPossession) null, (AttributeTypeAndValue[]) null));
    }

    private PKIMessage genPKIMessage(String str, String str2, int i, byte[] bArr, byte[] bArr2, byte[] bArr3, ASN1Encodable aSN1Encodable, String str3) {
        PKIBody pKIBody = new PKIBody(i, aSN1Encodable);
        PKIHeaderBuilder pKIHeaderBuilder = new PKIHeaderBuilder(1, new GeneralName(new X500Name(str)), new GeneralName(new X500Name(str2)));
        pKIHeaderBuilder.setMessageTime(new ASN1GeneralizedTime(new Date()));
        pKIHeaderBuilder.setSenderNonce(new DEROctetString(bArr2));
        pKIHeaderBuilder.setRecipNonce(new DEROctetString(bArr));
        pKIHeaderBuilder.setTransactionID(new DEROctetString(bArr3));
        pKIHeaderBuilder.setProtectionAlg(new AlgorithmIdentifier(SM3withSM2));
        pKIHeaderBuilder.setFreeText(new PKIFreeText(str3));
        PKIMessage pKIMessage = null;
        SecureRandom secureRandom = new SecureRandom(String.valueOf(System.nanoTime()).getBytes());
        KeyPairGenerator keyPairGenerator = null;
        try {
            keyPairGenerator = KeyPairGenerator.getInstance("EC", (Provider) new BouncyCastleProvider());
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        keyPairGenerator.initialize(256, secureRandom);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        SdkFileUtils.saveAs(new String(Base64.encode(privateKey.getEncoded())), "F:\\cmp_cert\\prikey.dat");
        SdkFileUtils.saveAs(new String(Base64.encode(generateKeyPair.getPublic().getEncoded())), "F:\\cmp_cert\\pubkey.dat");
        try {
            PKIHeader build = pKIHeaderBuilder.build();
            Signature signature = Signature.getInstance("SM3withSM2", (Provider) new BouncyCastleProvider());
            signature.initSign(privateKey);
            signature.update(getProtectedBytes(build, pKIBody));
            pKIMessage = new PKIMessage(build, pKIBody, new DERBitString(signature.sign()));
        } catch (Exception e2) {
            logger.error("封装PKIMessage异常，原因:{}", e2);
        }
        return pKIMessage;
    }

    private byte[] sendCmpHttpPost(PKIMessage pKIMessage, String str) {
        byte[] bArr = new byte[0];
        try {
            bArr = pKIMessage.getEncoded();
        } catch (IOException e) {
            logger.error("PKIMessage的encode异常，原因{}", e);
        }
        return Base64.decode(CMPSendHttpUtils.sendPost(str, new String(Base64.encode(bArr))));
    }

    private Result checkCmpHeaderAndSign(byte[] bArr, String str, String str2, byte[] bArr2, byte[] bArr3) {
        Result result = new Result();
        PKIMessage pKIMessage = PKIMessage.getInstance(bArr);
        if (pKIMessage == null) {
            logger.info("No pkiMessage response message.");
            result.setErrMsg("No pkiMessage response message.");
            return result;
        }
        PKIHeader header = pKIMessage.getHeader();
        if (header == null) {
            logger.info("No header in response message.");
            result.setErrMsg("No header in response message.");
            return result;
        }
        X500Name x500Name = X500Name.getInstance(header.getSender().getName());
        if (x500Name == null || !x500Name.equals(new X500Name(str2))) {
            String str3 = "received caDn is:" + x500Name.toString() + " but expect:" + new X500Name(str2).toString();
            logger.info(str3);
            result.setErrMsg(str3);
            return result;
        }
        if (header.getSenderNonce().getOctets().length != 16) {
            String str4 = "Wrong length of received sender nonce (made up by server). Is " + header.getSenderNonce().getOctets().length + " byte but should be 16.";
            logger.info(str4);
            result.setErrMsg(str4);
            return result;
        }
        if (!Arrays.equals(header.getSenderNonce().getOctets(), bArr2)) {
            String str5 = "recipient nonce not the same as we sent away as the sender nonce. Sent: " + Arrays.toString(bArr2) + " Received: " + Arrays.toString(header.getRecipNonce().getOctets());
            logger.info(str5);
            result.setErrMsg(str5);
            return result;
        }
        if (Arrays.equals(header.getTransactionID().getOctets(), bArr3)) {
            result.setSuccess(true);
            return result;
        }
        logger.info("transid is not the same as the one we sent");
        result.setErrMsg("transid is not the same as the one we sent");
        return result;
    }

    private Result resolveVarietyRepMessage(byte[] bArr, byte[] bArr2, String str) {
        Result result = new Result();
        PKIBody body = PKIMessage.getInstance(bArr).getBody();
        if (body.getType() == 23) {
            Result resolveErrorMsgContent = resolveErrorMsgContent(body);
            result.setErrMsg("CA返回ErrorCode:" + resolveErrorMsgContent.getErrCode() + " errMsg:" + resolveErrorMsgContent.getErrMsg());
            result.setErrCode(-1);
            return result;
        }
        if (body.getType() == 1 || body.getType() == 3) {
            Result resolveCertRepMessage = resolveCertRepMessage(body, str, bArr2);
            if (!resolveCertRepMessage.isSuccess()) {
                result.setErrMsg(resolveCertRepMessage.getErrMsg());
                result.setErrCode(resolveCertRepMessage.getErrCode());
                return result;
            }
            result.setSuccess(true);
            result.setInfo(resolveCertRepMessage.getInfo());
        } else if (body.getType() == 12) {
            Result resolveRevRepContent = resolveRevRepContent(body);
            if (!resolveRevRepContent.isSuccess()) {
                result.setErrMsg(resolveRevRepContent.getErrMsg());
                result.setErrCode(resolveRevRepContent.getErrCode());
                return result;
            }
            result.setSuccess(true);
            result.setInfo(resolveRevRepContent.getInfo());
        } else {
            String str2 = "Cert body tag is:" + body.getType();
            logger.info(str2);
            result.setErrMsg(str2);
        }
        return result;
    }

    private Result resolveCertRepMessage(PKIBody pKIBody, String str, byte[] bArr) {
        Result result = new Result();
        CertRepMessage content = pKIBody.getContent();
        if (content == null) {
            logger.info("No CertRepMessage for certificate received.");
            result.setErrMsg("No CertRepMessage for certificate received.");
            return result;
        }
        content.getCaPubs();
        UserCertInfo userCertInfo = new UserCertInfo();
        for (CertResponse certResponse : content.getResponse()) {
            if (certResponse == null) {
                logger.info("No CertResponse for certificate received.");
                result.setErrMsg("No CertResponse for certificate received.");
                return result;
            }
            BaseCMPInfo baseCMPInfo = (BaseCMPInfo) CommonVariable.getMap().get(new String(Base64.encode(bArr)));
            if (baseCMPInfo == null) {
                logger.info("No ra send transId.");
                result.setErrMsg("No ra send transId.");
                return result;
            }
            long requestId = baseCMPInfo.getRequestId();
            long longValue = certResponse.getCertReqId().getValue().longValue();
            if (longValue != requestId) {
                String str2 = "Received CertReqId is " + longValue + " but should be " + requestId;
                logger.info(str2);
                result.setErrMsg(str2);
                return result;
            }
            PKIStatusInfo status = certResponse.getStatus();
            if (status == null) {
                logger.info("No PKIStatusInfo for certificate received.");
                result.setErrMsg("No PKIStatusInfo for certificate received.");
                return result;
            }
            int intValue = status.getStatus().intValue();
            if (intValue != 0) {
                String str3 = "Received Status is " + intValue + " but should be 0";
                logger.info(str3);
                result.setErrMsg(str3);
                return result;
            }
            CertifiedKeyPair certifiedKeyPair = certResponse.getCertifiedKeyPair();
            if (certifiedKeyPair == null) {
                logger.info("No CertifiedKeyPair for certificate received.");
                result.setErrMsg("No CertifiedKeyPair for certificate received.");
                return result;
            }
            CertOrEncCert certOrEncCert = certifiedKeyPair.getCertOrEncCert();
            if (certOrEncCert == null) {
                logger.info("No CertOrEncCert for certificate received.");
                result.setErrMsg("No CertOrEncCert for certificate received.");
                return result;
            }
            CMPCertificate certificate = certOrEncCert.getCertificate();
            if (certificate == null) {
                logger.info("No X509CertificateStructure for certificate received.");
                result.setErrMsg("No X509CertificateStructure for certificate received.");
                return result;
            }
            byte[] bArr2 = new byte[0];
            try {
                byte[] encoded = certificate.getEncoded();
                if (encoded == null || encoded.length <= 0) {
                    logger.info("No encoded certificate received.");
                    result.setErrMsg("No encoded certificate received.");
                    return result;
                }
                X509Certificate convertUploadFileToCert = SdkCertUtils.convertUploadFileToCert(encoded);
                if (convertUploadFileToCert == null) {
                    logger.info("Not possbile to create certificate.");
                    result.setErrMsg("Not possbile to create certificate.");
                    return result;
                }
                X500Name x500Name = X500Name.getInstance(convertUploadFileToCert.getSubjectX500Principal().getEncoded());
                if (x500Name.hashCode() != new X500Name(str).hashCode()) {
                    String str4 = "Subject is '" + x500Name.toString() + "' but should be '" + str;
                    logger.info(str4);
                    result.setErrMsg(str4);
                }
                if (convertUploadFileToCert.getIssuerX500Principal().hashCode() != "CN = grgrgvreg,L = 金水区,L = 郑州市,C = CN".hashCode()) {
                    String str5 = "Issuer is '" + convertUploadFileToCert.getIssuerX500Principal().getName() + "' but should be 'CN = grgrgvreg,L = 金水区,L = 郑州市,C = CN";
                    logger.info(str5);
                    result.setErrMsg(str5);
                }
                if (SdkCertUtils.isSignCert(convertUploadFileToCert)) {
                    userCertInfo.setSignCert(SdkCertUtils.certToFullB64(convertUploadFileToCert));
                } else {
                    certifiedKeyPair.getPrivateKey();
                }
            } catch (IOException e) {
                logger.info("CMPCertificate Encode Error.");
                result.setErrMsg("CMPCertificate Encode Error.");
                return result;
            }
        }
        result.setSuccess(true);
        result.setInfo(userCertInfo);
        return result;
    }

    private Result resolveErrorMsgContent(PKIBody pKIBody) {
        Result result = new Result();
        ErrorMsgContent content = pKIBody.getContent();
        content.getPKIStatusInfo();
        ASN1Integer errorCode = content.getErrorCode();
        PKIFreeText errorDetails = content.getErrorDetails();
        result.setErrCode(errorCode.getValue().intValue());
        result.setErrMsg(errorDetails.getStringAt(0).toString());
        return result;
    }

    private Result resolveRevRepContent(PKIBody pKIBody) {
        Result result = new Result();
        PKIStatusInfo[] status = pKIBody.getContent().getStatus();
        logger.info("撤销成功");
        result.setSuccess(true);
        result.setErrCode(status[0].getFailInfo().intValue());
        result.setErrMsg(status[0].getStatusString().toString());
        result.setInfo(Integer.valueOf(status[0].getStatus().intValue()));
        return result;
    }

    private CertConfirmContent genCertConfirmContent(String str, long j) {
        CertStatus certStatus = new CertStatus(str.getBytes(), new BigInteger(String.valueOf(j)));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(certStatus);
        return CertConfirmContent.getInstance(new DERSequence(aSN1EncodableVector));
    }

    private RevReqContent genRevReqContent(String str, String str2, long j) {
        CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
        certTemplateBuilder.setIssuer(new X500Name(str));
        certTemplateBuilder.setSubject(new X500Name(str2));
        certTemplateBuilder.setSerialNumber(new ASN1Integer(j));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(certTemplateBuilder.build());
        return new RevReqContent(RevDetails.getInstance(new DERSequence(aSN1EncodableVector)));
    }

    private ErrorMsgContent genErrorMsgContent(PKIStatus pKIStatus, int i, String str) {
        return new ErrorMsgContent(new PKIStatusInfo(pKIStatus), new ASN1Integer(i), new PKIFreeText(str));
    }

    private ErrorMsgContent genErrorMsgContent(int i, String str, int i2, int i3, String str2) {
        return new ErrorMsgContent(new PKIStatusInfo(PKIStatus.getInstance(Integer.valueOf(i)), new PKIFreeText(str), new PKIFailureInfo(i2)), new ASN1Integer(i3), new PKIFreeText(str2));
    }

    private byte[] getProtectedBytes(PKIMessage pKIMessage) {
        return getProtectedBytes(pKIMessage.getHeader(), pKIMessage.getBody());
    }

    private byte[] getProtectedBytes(PKIHeader pKIHeader, PKIBody pKIBody) {
        byte[] bArr = null;
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(pKIHeader);
        aSN1EncodableVector.add(pKIBody);
        DERSequence dERSequence = new DERSequence(aSN1EncodableVector);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new DEROutputStream(byteArrayOutputStream).writeObject(dERSequence);
            bArr = byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            logger.error(e.getLocalizedMessage(), e);
        }
        return bArr;
    }

    public String createP10FromPubKeyDer(byte[] bArr, String str, String str2) {
        String str3;
        try {
            CertificationRequestInfo certificationRequestInfo = new CertificationRequestInfo(new X509Name(str), new SubjectPublicKeyInfo(ASN1Sequence.getInstance(bArr)), (ASN1Set) null);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new DEROutputStream(byteArrayOutputStream).writeObject(certificationRequestInfo);
            CertificationRequest certificationRequest = new CertificationRequest(certificationRequestInfo, new AlgorithmIdentifier(new DERObjectIdentifier("1.2.840.113549.1.1.4")), new DERBitString(byteArrayOutputStream.toByteArray()));
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            new DEROutputStream(byteArrayOutputStream2).writeObject(certificationRequest);
            str3 = new String(Base64.encode(byteArrayOutputStream2.toByteArray())).replace("\n", "").replaceAll("\r", "");
        } catch (Exception e) {
            System.out.println("生成p10时错误。dn= " + str);
            e.printStackTrace();
            str3 = "";
        }
        return str3;
    }
}
