package com.xdja.ca.sdk;

import com.alibaba.fastjson.JSON;
import com.xdja.ca.bean.BaseCMPInfo;
import com.xdja.ca.constant.SdkCommonVariable;
import com.xdja.ca.constant.SdkConstants;
import com.xdja.ca.error.ErrorEnum;
import com.xdja.ca.utils.GMSSLHttpReqUtils;
import com.xdja.ca.utils.SdkCertUtils;
import com.xdja.ca.utils.SdkJsonUtils;
import com.xdja.ca.vo.FreeText;
import com.xdja.ca.vo.ManagerCertInfo;
import com.xdja.ca.vo.RevokeCertInfo;
import com.xdja.ca.vo.TempInfo;
import com.xdja.ca.vo.UpdateCertInfo;
import com.xdja.ca.vo.UserCertInfo;
import com.xdja.pki.gmssl.crypto.sdf.SdfCryptoType;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRandomUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2SignUtils;
import com.xdja.pki.gmssl.sdf.SdfSDKException;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.cmp.CMPCertificate;
import org.bouncycastle.asn1.cmp.CertConfirmContent;
import org.bouncycastle.asn1.cmp.CertOrEncCert;
import org.bouncycastle.asn1.cmp.CertRepMessage;
import org.bouncycastle.asn1.cmp.CertResponse;
import org.bouncycastle.asn1.cmp.CertStatus;
import org.bouncycastle.asn1.cmp.CertifiedKeyPair;
import org.bouncycastle.asn1.cmp.ErrorMsgContent;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIFailureInfo;
import org.bouncycastle.asn1.cmp.PKIFreeText;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIHeaderBuilder;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.cmp.PKIStatus;
import org.bouncycastle.asn1.cmp.PKIStatusInfo;
import org.bouncycastle.asn1.cmp.RevDetails;
import org.bouncycastle.asn1.cmp.RevReqContent;
import org.bouncycastle.asn1.crmf.AttributeTypeAndValue;
import org.bouncycastle.asn1.crmf.CertReqMessages;
import org.bouncycastle.asn1.crmf.CertReqMsg;
import org.bouncycastle.asn1.crmf.CertRequest;
import org.bouncycastle.asn1.crmf.CertTemplateBuilder;
import org.bouncycastle.asn1.crmf.Controls;
import org.bouncycastle.asn1.crmf.OptionalValidity;
import org.bouncycastle.asn1.crmf.ProofOfPossession;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.X509KeyUsage;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/xdja/ca/sdk/CmpApi.class */
public class CmpApi {
    private Logger logger = LoggerFactory.getLogger(getClass());
    static final ASN1ObjectIdentifier smAlgorithm = new ASN1ObjectIdentifier("1.2.156.10197.1");
    static final ASN1ObjectIdentifier SM3withSM2 = smAlgorithm.branch("501");
    private int keyIndex;
    private String pwd;
    private X509Certificate caCert;
    private String caServiceIp;
    private int caServicePort;
    private String raSignSn;
    private String caBaseUrl;
    private boolean isHttps;

    public CmpApi(int i, String str, X509Certificate x509Certificate, String str2, int i2, String str3, String str4) {
        this.isHttps = false;
        this.keyIndex = i;
        this.pwd = str;
        this.caCert = x509Certificate;
        this.caServiceIp = str2;
        this.caServicePort = i2;
        this.caBaseUrl = str2 + ":" + i2;
        this.raSignSn = str3;
        if ("true".equalsIgnoreCase(str4)) {
            this.isHttps = true;
        }
    }

    public SdkResult sendIssuerCertReqMessages(int i, String str, String str2, String str3, int i2, TempInfo tempInfo, String str4, String str5, String str6, String str7) {
        byte[] decode;
        byte[] decode2;
        this.logger.info("签发申请 ======== 【开始】申请事务Id为:{} ，用户类型为:{},raDN为:{},caDN为:{},申请有效期为:{},模板信息为:{},签名公钥为:{},加密公钥为:{},签名算法为:{},申请证书主体为:{}", new Object[]{str, Integer.valueOf(i), str2, str3, Integer.valueOf(i2), SdkJsonUtils.object2Json(tempInfo), str4, str5, str6, str7});
        SdkResult sdkResult = new SdkResult();
        this.logger.info("签发申请 ======== 0.参与校验");
        if (i != SdkConstants.APPLY_USER_TYPE_NORMAL_USER_1 && i != SdkConstants.APPLY_USER_TYPE_ADMIN_2) {
            this.logger.info("=============== 请求用户类型错误");
            sdkResult.setError(ErrorEnum.APPLY_USER_TYPE_IS_ERROR);
            return sdkResult;
        }
        if (i2 <= 0) {
            this.logger.info("=============== 参数中证书有效期不可以小于等于0");
            sdkResult.setError(ErrorEnum.CERT_VALIDITY_CANNOT_LESS_ZERO);
            return sdkResult;
        }
        if (tempInfo == null || StringUtils.isAnyBlank(new CharSequence[]{str, str2, str3, str4, str6, str7, tempInfo.tempNo})) {
            this.logger.info("=============== 参数中tempNo,transId,raDN,caDN,signPubKey,signAlg,certDN存在空值");
            sdkResult.setError(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
            return sdkResult;
        }
        this.logger.info("签发申请 ======== 1.向CA获取随机数");
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("transId", str);
            SdkResult sendGMSSLHttpGetReturnByte = GMSSLHttpReqUtils.sendGMSSLHttpGetReturnByte(this.keyIndex, this.pwd, hashMap, this.caBaseUrl + "ca-openapi/v1/cmp", this.raSignSn, this.isHttps, this.caCert);
            if (!sendGMSSLHttpGetReturnByte.isSuccess()) {
                sdkResult.setError(sendGMSSLHttpGetReturnByte.getError());
                return sdkResult;
            }
            byte[] bArr = (byte[]) sendGMSSLHttpGetReturnByte.getInfo();
            if (bArr == null) {
                this.logger.info("============== CA返回数据为空");
                sdkResult.setError(ErrorEnum.CA_OPEN_API_RETURN_INFO_IS_EMPTY);
                return sdkResult;
            }
            if (!"SM3withSM2".equalsIgnoreCase(str6)) {
                this.logger.info("===============  证书签名算法不支持：" + str6);
                sdkResult.setError(ErrorEnum.CERT_SIGN_ALG_IS_NOT_SUPPORT);
                return sdkResult;
            }
            ASN1ObjectIdentifier aSN1ObjectIdentifier = SM3withSM2;
            long currentTimeMillis = System.currentTimeMillis();
            this.logger.info("签发申请 ======== 2.封装CertRequest结构体");
            CertRequest[] certRequestArr = null;
            if (i == SdkConstants.APPLY_USER_TYPE_NORMAL_USER_1) {
                certRequestArr = new CertRequest[1];
                if (str4 == null) {
                    decode2 = null;
                } else {
                    try {
                        decode2 = Base64.decode(str4);
                    } catch (Exception e) {
                        this.logger.error(" ===============  封装【签名】certRequest异常:{}", e);
                        sdkResult.setError(ErrorEnum.MAKE_CERT_REQUEST_EXCEPTION);
                        return sdkResult;
                    }
                }
                certRequestArr[0] = genCertRequest(i2, str7, decode2, aSN1ObjectIdentifier, currentTimeMillis, SdkConstants.CERT_TYPE_SIGN_2);
            } else if (i == SdkConstants.APPLY_USER_TYPE_ADMIN_2) {
                certRequestArr = new CertRequest[2];
                if (str4 == null) {
                    decode = null;
                } else {
                    try {
                        decode = Base64.decode(str4);
                    } catch (Exception e2) {
                        this.logger.error(" ============= 封装【签名】certRequest异常:{}", e2);
                        sdkResult.setError(ErrorEnum.MAKE_CERT_REQUEST_EXCEPTION);
                        return sdkResult;
                    }
                }
                certRequestArr[0] = genCertRequest(i2, str7, decode, aSN1ObjectIdentifier, currentTimeMillis, SdkConstants.CERT_TYPE_ENC_3);
                try {
                    byte[] bArr2 = null;
                    if (StringUtils.isNotBlank(str5)) {
                        bArr2 = SdkCertUtils.convertSM2PublicKey(str5).getEncoded();
                    }
                    certRequestArr[1] = genCertRequest(i2, str7, bArr2, aSN1ObjectIdentifier, -1L, SdkConstants.CERT_TYPE_ENC_3);
                } catch (Exception e3) {
                    this.logger.error("============= 封装【加密】certRequest异常:{}", e3);
                    sdkResult.setError(ErrorEnum.MAKE_CERT_REQUEST_EXCEPTION);
                    return sdkResult;
                }
            }
            this.logger.info("签发申请 ======== 3.封装CertReqMessages结构体");
            try {
                CertReqMessages genCertReqMessages = genCertReqMessages(certRequestArr, aSN1ObjectIdentifier);
                try {
                    byte[] genRandomByHsm = genRandomByHsm(new byte[16].length);
                    FreeText freeText = new FreeText();
                    freeText.setApplyUserType(i);
                    freeText.setTempInfo(tempInfo);
                    freeText.setRaSignSn(this.raSignSn);
                    Map<String, Object> map = SdkCommonVariable.getMap();
                    map.put(str, new BaseCMPInfo(genRandomByHsm, bArr, str, currentTimeMillis, 0));
                    this.logger.info("=============== sendIssuerCertReqMessages.baseCMPInfo.map>> transId: " + str + " ========== " + SdkJsonUtils.object2Json(map));
                    this.logger.info("签发申请 ======== 4.封装PKIMessage结构体");
                    try {
                        PKIMessage genPKIMessage = genPKIMessage(this.keyIndex, this.pwd, str2, str3, 0, bArr, genRandomByHsm, str, genCertReqMessages, aSN1ObjectIdentifier, JSON.toJSONString(freeText));
                        this.logger.info("签发申请 ======== 5.发送证书申请请求");
                        try {
                            SdkResult sendGMSSLHttpPostReturnByte = GMSSLHttpReqUtils.sendGMSSLHttpPostReturnByte(this.keyIndex, this.pwd, genPKIMessage.getEncoded(), "ca-openapi/v1/cmp", "application/pkixcmp", this.raSignSn, this.isHttps, this.caCert);
                            if (!sendGMSSLHttpPostReturnByte.isSuccess()) {
                                sdkResult.setError(sendGMSSLHttpPostReturnByte.getError());
                                return sdkResult;
                            }
                            byte[] bArr3 = (byte[]) sendGMSSLHttpPostReturnByte.getInfo();
                            if (bArr3 == null) {
                                this.logger.info("============== 接收CA返回的数据内容为空");
                                sdkResult.setError(ErrorEnum.CA_OPEN_API_RETURN_INFO_IS_EMPTY);
                                return sdkResult;
                            }
                            this.logger.info("签发申请 ======== 6.检查CA返回消息的header和签名信息");
                            SdkResult checkCmpHeaderAndSign = checkCmpHeaderAndSign(bArr3, str2, str3, genRandomByHsm, str);
                            if (!checkCmpHeaderAndSign.isSuccess()) {
                                this.logger.info("签发申请 ======== 6.1 解析CA返回的头和签名错误");
                                SdkResult genErrorPKIMsg = genErrorPKIMsg(i, "签发申请-校验cmp返回消息头错误", checkCmpHeaderAndSign.getCode(), str2, str3, bArr, genRandomByHsm, aSN1ObjectIdentifier, str, "ca-openapi/v1/cmp");
                                if (genErrorPKIMsg.isSuccess()) {
                                    sdkResult.setError(checkCmpHeaderAndSign.getError());
                                } else {
                                    sdkResult.setError(genErrorPKIMsg.getError());
                                }
                                return sdkResult;
                            }
                            this.logger.info("签发申请 ======== 7.获取CA返回的证书信息");
                            SdkResult resolveVarietyRepMessage = resolveVarietyRepMessage(i, SdkConstants.CERT_APPLY_TYPE_ISSUE_1, bArr3, str, str7);
                            if (!resolveVarietyRepMessage.isSuccess()) {
                                if (ErrorEnum.CA_OPEN_API_RETURN_PKI_ERROR_MSG.code == resolveVarietyRepMessage.getCode()) {
                                    sdkResult.setError(resolveVarietyRepMessage.getError());
                                    return sdkResult;
                                }
                                this.logger.info("签发申请 ======== 7.1 解析CA返回的消息体错误");
                                SdkResult genErrorPKIMsg2 = genErrorPKIMsg(i, "解析CA返回的cmp消息体错误", resolveVarietyRepMessage.getCode(), str2, str3, bArr, genRandomByHsm, aSN1ObjectIdentifier, str, "ca-openapi/v1/cmp");
                                if (!genErrorPKIMsg2.isSuccess()) {
                                    sdkResult.setError(genErrorPKIMsg2.getError());
                                    return sdkResult;
                                }
                            }
                            sdkResult.setInfo(resolveVarietyRepMessage.getInfo());
                            this.logger.info("签发申请 ======== 【结束】申请事务Id为：{} ", str);
                            return sdkResult;
                        } catch (Exception e4) {
                            this.logger.error(" ============= 发送Http请求异常:{}", e4);
                            sdkResult.setError(ErrorEnum.SEND_HTTP_MESSAGE_EXCEPTION);
                            return sdkResult;
                        }
                    } catch (Exception e5) {
                        this.logger.error(" =============== 封装PKIMessage异常:{}", e5);
                        sdkResult.setError(ErrorEnum.MAKE_PKI_MESSAGE_EXCEPTION);
                        return sdkResult;
                    }
                } catch (Exception e6) {
                    this.logger.error(" ============== 通过密码机获取随机数异常:{}", e6);
                    sdkResult.setError(ErrorEnum.GET_RANDOM_BY_HSM_EXCEPTION);
                    return sdkResult;
                }
            } catch (Exception e7) {
                this.logger.error(" ============== 封装certRequestMessage异常:{}", e7);
                sdkResult.setError(ErrorEnum.MAKE_CERT_REQUEST_MESSAGE_EXCEPTION);
                return sdkResult;
            }
        } catch (Exception e8) {
            this.logger.error("===============  获取CMP请求随机数异常{}", e8);
            sdkResult.setError(ErrorEnum.GET_CMP_RANDOM_IS_EXCEPTION);
            return sdkResult;
        }
    }

    public SdkResult sendUpdateCertReqMessages(int i, String str, String str2, String str3, int i2, TempInfo tempInfo, UpdateCertInfo updateCertInfo, String str4, String str5) {
        this.logger.info("更新申请 ======== 【开始】申请事务Id为:{} ，用户类型为:{},raDN为:{},caDN为:{},申请有效期为:{},模板信息为:{},待更新内容为:{},待更新证书签名sn为:{},申请证书主体为:{}", new Object[]{str, Integer.valueOf(i), str2, str3, Integer.valueOf(i2), SdkJsonUtils.object2Json(tempInfo), SdkJsonUtils.object2Json(updateCertInfo), str4, str5});
        SdkResult sdkResult = new SdkResult();
        this.logger.info("更新申请 ======== 0.参与校验");
        if (i != SdkConstants.APPLY_USER_TYPE_NORMAL_USER_1 && i != SdkConstants.APPLY_USER_TYPE_ADMIN_2) {
            this.logger.info("请求用户类型错误");
            sdkResult.setError(ErrorEnum.APPLY_USER_TYPE_IS_ERROR);
            return sdkResult;
        }
        if (i2 <= 0) {
            this.logger.info("=============== 参数中证书有效期不可以小于等于0");
            sdkResult.setError(ErrorEnum.CERT_VALIDITY_CANNOT_LESS_ZERO);
            return sdkResult;
        }
        if (tempInfo == null || updateCertInfo == null || StringUtils.isAnyBlank(new CharSequence[]{str, str2, str3, updateCertInfo.getSignAlg(), str5, tempInfo.tempNo})) {
            this.logger.info("=============== 参数中tempNo,transId,raDN,caDN,signAlg,certDN存在空值");
            sdkResult.setError(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
            return sdkResult;
        }
        this.logger.info("更新申请 ======== 1.向CA获取随机数");
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("transId", str);
            SdkResult sendGMSSLHttpGetReturnByte = GMSSLHttpReqUtils.sendGMSSLHttpGetReturnByte(this.keyIndex, this.pwd, hashMap, this.caBaseUrl + "ca-openapi/v1/cmp", this.raSignSn, this.isHttps, this.caCert);
            if (!sendGMSSLHttpGetReturnByte.isSuccess()) {
                sdkResult.setError(sendGMSSLHttpGetReturnByte.getError());
                return sdkResult;
            }
            byte[] bArr = (byte[]) sendGMSSLHttpGetReturnByte.getInfo();
            if (bArr == null) {
                this.logger.info("============== CA返回数据为空");
                sdkResult.setError(ErrorEnum.CA_OPEN_API_RETURN_INFO_IS_EMPTY);
                return sdkResult;
            }
            byte[] bArr2 = null;
            if (updateCertInfo != null) {
                bArr2 = updateCertInfo.getSignPublicKey() == null ? null : Base64.decode(updateCertInfo.getSignPublicKey());
                updateCertInfo.getSignValue();
            }
            String signAlg = updateCertInfo.getSignAlg();
            if (!"SM3withSM2".equalsIgnoreCase(signAlg)) {
                this.logger.info(" ============= 证书签名算法不支持：" + signAlg);
                sdkResult.setError(ErrorEnum.CERT_SIGN_ALG_IS_NOT_SUPPORT);
                return sdkResult;
            }
            ASN1ObjectIdentifier aSN1ObjectIdentifier = SM3withSM2;
            long time = new Date().getTime();
            this.logger.info("更新申请 ======== 2.封装CertRequset结构体");
            CertRequest[] certRequestArr = null;
            if (i == SdkConstants.APPLY_USER_TYPE_NORMAL_USER_1) {
                certRequestArr = new CertRequest[1];
                try {
                    certRequestArr[0] = genCertRequest(i2, str5, bArr2, aSN1ObjectIdentifier, time, 1);
                } catch (Exception e) {
                    this.logger.error(" ================= 封装【签名】certRequest异常:{}", e);
                    sdkResult.setError(ErrorEnum.MAKE_CERT_REQUEST_EXCEPTION);
                    return sdkResult;
                }
            } else if (i == SdkConstants.APPLY_USER_TYPE_ADMIN_2) {
                certRequestArr = new CertRequest[2];
                try {
                    certRequestArr[0] = genCertRequest(i2, str5, updateCertInfo.getSignPublicKey() == null ? null : Base64.decode(updateCertInfo.getSignPublicKey()), aSN1ObjectIdentifier, time, 1);
                    try {
                        byte[] bArr3 = null;
                        if (StringUtils.isNotBlank(updateCertInfo.getEncPublicKey())) {
                            bArr3 = SdkCertUtils.convertSM2PublicKey(updateCertInfo.getEncPublicKey()).getEncoded();
                        }
                        certRequestArr[1] = genCertRequest(i2, str5, bArr3, aSN1ObjectIdentifier, time, 2);
                    } catch (Exception e2) {
                        this.logger.error(" ============== 封装【加密】certRequest异常:{}", e2);
                        sdkResult.setError(ErrorEnum.MAKE_CERT_REQUEST_EXCEPTION);
                        return sdkResult;
                    }
                } catch (Exception e3) {
                    this.logger.error(" ================ 封装【签名】certRequest异常:{}", e3);
                    sdkResult.setError(ErrorEnum.MAKE_CERT_REQUEST_EXCEPTION);
                    return sdkResult;
                }
            }
            this.logger.info("更新申请 ======== 3.封装CertReqMessages结构体");
            try {
                CertReqMessages genCertReqMessages = genCertReqMessages(certRequestArr, aSN1ObjectIdentifier);
                try {
                    byte[] genRandomByHsm = genRandomByHsm(new byte[16].length);
                    FreeText freeText = new FreeText();
                    freeText.setApplyUserType(i);
                    freeText.setTempInfo(tempInfo);
                    freeText.setSignSn(str4);
                    freeText.setRaSignSn(this.raSignSn);
                    Map<String, Object> map = SdkCommonVariable.getMap();
                    map.put(str, new BaseCMPInfo(genRandomByHsm, bArr, str, time, 0));
                    this.logger.info(" =============== sendUpdateCertReqMessages.baseCMPInfo.map>> transId: " + str + " ========== " + SdkJsonUtils.object2Json(map));
                    this.logger.info("更新申请 ======== 4.封装PKIMessage结构体");
                    try {
                        PKIMessage genPKIMessage = genPKIMessage(this.keyIndex, this.pwd, str2, str3, 7, bArr, genRandomByHsm, str, genCertReqMessages, aSN1ObjectIdentifier, JSON.toJSONString(freeText));
                        this.logger.info("更新申请 ======== 5.发送证书更新请求");
                        try {
                            SdkResult sendGMSSLHttpPostReturnByte = GMSSLHttpReqUtils.sendGMSSLHttpPostReturnByte(this.keyIndex, this.pwd, genPKIMessage.getEncoded(), "ca-openapi/v1/cmp", "application/pkixcmp", this.raSignSn, this.isHttps, this.caCert);
                            if (!sendGMSSLHttpPostReturnByte.isSuccess()) {
                                sdkResult.setError(sendGMSSLHttpPostReturnByte.getError());
                                return sdkResult;
                            }
                            byte[] bArr4 = (byte[]) sendGMSSLHttpPostReturnByte.getInfo();
                            if (bArr4 == null) {
                                this.logger.info("============== 接收CA返回的数据内容为空");
                                sdkResult.setError(ErrorEnum.CA_OPEN_API_RETURN_INFO_IS_EMPTY);
                                return sdkResult;
                            }
                            this.logger.info("更新申请 ======== 6.检查CA返回消息的header和签名信息");
                            SdkResult checkCmpHeaderAndSign = checkCmpHeaderAndSign(bArr4, str2, str3, genRandomByHsm, str);
                            if (!checkCmpHeaderAndSign.isSuccess()) {
                                this.logger.info("更新申请 ======== 6.1 解析CA返回的头和签名错误");
                                SdkResult genErrorPKIMsg = genErrorPKIMsg(i, "更新申请-检查cmp返回消息头错误", checkCmpHeaderAndSign.getCode(), str2, str3, bArr, genRandomByHsm, aSN1ObjectIdentifier, str, "ca-openapi/v1/cmp");
                                if (genErrorPKIMsg.isSuccess()) {
                                    sdkResult.setError(checkCmpHeaderAndSign.getError());
                                } else {
                                    sdkResult.setError(genErrorPKIMsg.getError());
                                }
                                return sdkResult;
                            }
                            this.logger.info("更新申请 ======== 7.获取CA返回body中的更新后的证书信息");
                            SdkResult resolveVarietyRepMessage = resolveVarietyRepMessage(i, SdkConstants.CERT_APPLY_TYPE_UPDATE_2, bArr4, str, str5);
                            if (!resolveVarietyRepMessage.isSuccess()) {
                                if (ErrorEnum.CA_OPEN_API_RETURN_PKI_ERROR_MSG.code == resolveVarietyRepMessage.getCode()) {
                                    sdkResult.setError(resolveVarietyRepMessage.getError());
                                    return sdkResult;
                                }
                                this.logger.info("更新申请 ======== 7.1 解析CA返回的消息体错误");
                                SdkResult genErrorPKIMsg2 = genErrorPKIMsg(i, "解析CA返回的cmp消息体错误", checkCmpHeaderAndSign.getCode(), str2, str3, bArr, genRandomByHsm, aSN1ObjectIdentifier, str, "ca-openapi/v1/cmp");
                                if (!genErrorPKIMsg2.isSuccess()) {
                                    sdkResult.setError(genErrorPKIMsg2.getError());
                                    return sdkResult;
                                }
                            }
                            sdkResult.setInfo(resolveVarietyRepMessage.getInfo());
                            this.logger.info("更新申请 ======== 【结束】申请事务Id为：{} ", str);
                            return sdkResult;
                        } catch (Exception e4) {
                            this.logger.error(" ============= 发送Http请求异常:{}", e4);
                            sdkResult.setError(ErrorEnum.SEND_HTTP_MESSAGE_EXCEPTION);
                            return sdkResult;
                        }
                    } catch (Exception e5) {
                        this.logger.error(" =============== 封装PKIMessage异常:{}", e5);
                        sdkResult.setError(ErrorEnum.MAKE_PKI_MESSAGE_EXCEPTION);
                        return sdkResult;
                    }
                } catch (Exception e6) {
                    this.logger.error(" ============== 通过密码机获取随机数异常:{}", e6);
                    sdkResult.setError(ErrorEnum.GET_RANDOM_BY_HSM_EXCEPTION);
                    return sdkResult;
                }
            } catch (Exception e7) {
                this.logger.error("封装certRequestMessage异常：{}", e7);
                sdkResult.setError(ErrorEnum.MAKE_CERT_REQUEST_MESSAGE_EXCEPTION);
                return sdkResult;
            }
        } catch (Exception e8) {
            this.logger.error("===============  获取CMP请求随机数异常{}", e8);
            sdkResult.setError(ErrorEnum.GET_CMP_RANDOM_IS_EXCEPTION);
            return sdkResult;
        }
    }

    public SdkResult sendRecoveryCertReqMessages(int i, String str, String str2, String str3, String str4, String str5, String str6, int i2, String str7) {
        this.logger.info("撤销申请 ======== 【开始】申请事务Id为:{},用户类型为:{},raDN为:{},caDN为:{},待撤销签名证书sn为:{},待撤销证书主体为:{},撤销类型为:{},撤销原因为:{}", new Object[]{str, Integer.valueOf(i), str2, str3, str4, str5, Integer.valueOf(i2), str7});
        SdkResult sdkResult = new SdkResult();
        this.logger.info("签发申请 ======== 0.参与校验");
        if (i != SdkConstants.APPLY_USER_TYPE_NORMAL_USER_1 && i != SdkConstants.APPLY_USER_TYPE_ADMIN_2) {
            this.logger.info("=============== 请求用户类型错误");
            sdkResult.setError(ErrorEnum.APPLY_USER_TYPE_IS_ERROR);
            return sdkResult;
        }
        if (StringUtils.isAnyBlank(new CharSequence[]{str, str2, str3, str4, str5, str7})) {
            this.logger.info("=============== 参数中transId,raDN,caDN,signSn,userCertDN,revokeReason存在空值");
            sdkResult.setError(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
            return sdkResult;
        }
        this.logger.info("撤销申请 ======== 1.向CA获取随机数");
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("transId", str);
            SdkResult sendGMSSLHttpGetReturnByte = GMSSLHttpReqUtils.sendGMSSLHttpGetReturnByte(this.keyIndex, this.pwd, hashMap, this.caBaseUrl + "/ca-openapi/v1/cmp", this.raSignSn, this.isHttps, this.caCert);
            if (!sendGMSSLHttpGetReturnByte.isSuccess()) {
                sdkResult.setError(sendGMSSLHttpGetReturnByte.getError());
                return sdkResult;
            }
            byte[] bArr = (byte[]) sendGMSSLHttpGetReturnByte.getInfo();
            this.logger.info("撤销申请 ======== 2.封装RevReqContent结构体");
            try {
                RevReqContent genRevReqContent = genRevReqContent(str3, str5, str4);
                try {
                    byte[] genRandomByHsm = genRandomByHsm(new byte[16].length);
                    FreeText freeText = new FreeText();
                    freeText.setApplyUserType(i);
                    freeText.setRevokeCertInfo(new RevokeCertInfo(i2, str7));
                    freeText.setRaSignSn(this.raSignSn);
                    if (!"SM3withSM2".equalsIgnoreCase(str6)) {
                        this.logger.info("===============  证书签名算法不支持：" + str6);
                        sdkResult.setError(ErrorEnum.CERT_SIGN_ALG_IS_NOT_SUPPORT);
                        return sdkResult;
                    }
                    ASN1ObjectIdentifier aSN1ObjectIdentifier = SM3withSM2;
                    this.logger.info("撤销申请 ======== 3.封装PkiMessage结构体");
                    try {
                        PKIMessage genPKIMessage = genPKIMessage(this.keyIndex, this.pwd, str2, str3, 11, bArr, genRandomByHsm, str, genRevReqContent, aSN1ObjectIdentifier, JSON.toJSONString(freeText));
                        this.logger.info("撤销申请 ======== 4.发送证书撤销请求");
                        try {
                            SdkResult sendGMSSLHttpPostReturnByte = GMSSLHttpReqUtils.sendGMSSLHttpPostReturnByte(this.keyIndex, this.pwd, genPKIMessage.getEncoded(), "/ca-openapi/v1/cmp", "application/pkixcmp", this.raSignSn, this.isHttps, this.caCert);
                            if (!sendGMSSLHttpPostReturnByte.isSuccess()) {
                                sdkResult.setError(sendGMSSLHttpPostReturnByte.getError());
                                return sdkResult;
                            }
                            byte[] bArr2 = (byte[]) sendGMSSLHttpPostReturnByte.getInfo();
                            if (bArr2 == null) {
                                this.logger.info("============== 接收CA返回的数据内容为空");
                                sdkResult.setError(ErrorEnum.CA_OPEN_API_RETURN_INFO_IS_EMPTY);
                                return sdkResult;
                            }
                            this.logger.info("撤销申请 ======== 5.检查CA返回消息的header和签名信息");
                            SdkResult checkCmpHeaderAndSign = checkCmpHeaderAndSign(bArr2, str2, str3, genRandomByHsm, str);
                            if (!checkCmpHeaderAndSign.isSuccess()) {
                                this.logger.info("撤销申请 ======== 5.1 解析CA返回的头和签名错误");
                                SdkResult genErrorPKIMsg = genErrorPKIMsg(i, "撤销申请-校验cmp返回消息头错误", checkCmpHeaderAndSign.getCode(), str2, str3, bArr, genRandomByHsm, aSN1ObjectIdentifier, str, "/ca-openapi/v1/cmp");
                                if (genErrorPKIMsg.isSuccess()) {
                                    sdkResult.setError(checkCmpHeaderAndSign.getError());
                                } else {
                                    sdkResult.setError(genErrorPKIMsg.getError());
                                }
                                return sdkResult;
                            }
                            this.logger.info("撤销申请 ======== 6.获取CA返回body中的撤销后的信息");
                            SdkResult resolveVarietyRepMessage = resolveVarietyRepMessage(i, SdkConstants.CERT_APPLY_TYPE_REVOKE_3, bArr2, str, str5);
                            if (!resolveVarietyRepMessage.isSuccess()) {
                                if (ErrorEnum.RA_CERT_ISSUE_STATUS_REVOKED.code == resolveVarietyRepMessage.getCode()) {
                                    this.logger.info("撤销申请 ======== RA申请撤销的证书已被撤销");
                                    sdkResult.setInfo(resolveVarietyRepMessage.getInfo());
                                    this.logger.info("撤销申请 ======== 【结束】申请事务Id为：{} ", str);
                                    return sdkResult;
                                }
                                if (ErrorEnum.CA_OPEN_API_RETURN_PKI_ERROR_MSG.code == resolveVarietyRepMessage.getCode()) {
                                    sdkResult.setError(resolveVarietyRepMessage.getError());
                                    return sdkResult;
                                }
                                this.logger.info("撤销申请 ======== 6.1 解析CA返回的消息体错误");
                                SdkResult genErrorPKIMsg2 = genErrorPKIMsg(i, "解析CA返回的cmp消息体错误", checkCmpHeaderAndSign.getCode(), str2, str3, bArr, genRandomByHsm, aSN1ObjectIdentifier, str, "/ca-openapi/v1/cmp");
                                if (!genErrorPKIMsg2.isSuccess()) {
                                    sdkResult.setError(genErrorPKIMsg2.getError());
                                    return sdkResult;
                                }
                            }
                            sdkResult.setInfo(resolveVarietyRepMessage.getInfo());
                            this.logger.info("撤销申请 ======== 【结束】申请事务Id为：{} ", str);
                            return sdkResult;
                        } catch (Exception e) {
                            this.logger.error(" ============= 发送Http请求异常:{}", e);
                            sdkResult.setError(ErrorEnum.SEND_HTTP_MESSAGE_EXCEPTION);
                            return sdkResult;
                        }
                    } catch (Exception e2) {
                        this.logger.error("封装PKIMessage异常：{}", e2);
                        sdkResult.setError(ErrorEnum.MAKE_PKI_MESSAGE_EXCEPTION);
                        return sdkResult;
                    }
                } catch (Exception e3) {
                    this.logger.error(" ============== 通过密码机获取随机数异常:{}", e3);
                    sdkResult.setError(ErrorEnum.GET_RANDOM_BY_HSM_EXCEPTION);
                    return sdkResult;
                }
            } catch (Exception e4) {
                this.logger.error("封装RevReqContent异常{}", e4);
                sdkResult.setError(ErrorEnum.MAKE_REV_REQ_CONTENT_EXCEPTION);
                return sdkResult;
            }
        } catch (Exception e5) {
            this.logger.error("===============  获取CMP请求随机数异常{}", e5);
            sdkResult.setError(ErrorEnum.GET_CMP_RANDOM_IS_EXCEPTION);
            return sdkResult;
        }
    }

    public SdkResult sendCertConfirmContent(int i, String str, String str2, String str3, String str4) {
        this.logger.info("发送证书 签发和更新的 确认消息 ======== 【开始】申请事务Id为：{} ", str);
        SdkResult sdkResult = new SdkResult();
        if (i != SdkConstants.APPLY_USER_TYPE_NORMAL_USER_1 && i != SdkConstants.APPLY_USER_TYPE_ADMIN_2) {
            this.logger.info(" ================ 请求用户类型错误");
            sdkResult.setError(ErrorEnum.APPLY_USER_TYPE_IS_ERROR);
            return sdkResult;
        }
        if (StringUtils.isAnyBlank(new CharSequence[]{str, str2, str3, str3})) {
            this.logger.info("=============== 参数中transId,raDN,caDN,caDN存在空值");
            sdkResult.setError(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
            return sdkResult;
        }
        if (!"SM3withSM2".equalsIgnoreCase(str4)) {
            this.logger.info("===============  证书签名算法不支持：" + str4);
            sdkResult.setError(ErrorEnum.CERT_SIGN_ALG_IS_NOT_SUPPORT);
            return sdkResult;
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier = SM3withSM2;
        String str5 = this.caBaseUrl + "/v1/cmp";
        Map<String, Object> map = SdkCommonVariable.getMap();
        if (map == null) {
            sdkResult.setError(ErrorEnum.LOCAL_CMP_CACHE_IS_EMPTY);
            return sdkResult;
        }
        BaseCMPInfo baseCMPInfo = (BaseCMPInfo) map.get(str);
        this.logger.info(" =================== sendCertConfirmContent.baseCMPInfo>> transId: " + str + ">>" + SdkJsonUtils.object2Json(baseCMPInfo));
        if (baseCMPInfo == null) {
            this.logger.info(" ================== 未找到RA发从的该transId:" + str);
            sdkResult.setError(ErrorEnum.CANNOT_GET_TRANS_ID_FORM_LOCAL_CACHE);
            return sdkResult;
        }
        byte[] recipientNonce = baseCMPInfo.getRecipientNonce();
        byte[] senderNonce = baseCMPInfo.getSenderNonce();
        long requestId = baseCMPInfo.getRequestId();
        this.logger.info("发送证书 签发和更新的 确认消息 ======== 1.封装CertConfirmContent结构体");
        try {
            CertConfirmContent genCertConfirmContent = genCertConfirmContent(str, requestId);
            FreeText freeText = new FreeText();
            freeText.setApplyUserType(i);
            freeText.setRaSignSn(this.raSignSn);
            this.logger.info("发送证书 签发和更新的 确认消息 ======== 2.封装PkiMessage结构体");
            try {
                PKIMessage genPKIMessage = genPKIMessage(this.keyIndex, this.pwd, str2, str3, 24, recipientNonce, senderNonce, str, genCertConfirmContent, aSN1ObjectIdentifier, SdkJsonUtils.object2Json(freeText));
                this.logger.info("发送证书 签发和更新的 确认消息 ======== 3.发送证书证书确认消息");
                try {
                    SdkResult sendGMSSLHttpPostReturnByte = GMSSLHttpReqUtils.sendGMSSLHttpPostReturnByte(this.keyIndex, this.pwd, genPKIMessage.getEncoded(), str5, "application/pkixcmp", this.raSignSn, this.isHttps, this.caCert);
                    if (!sendGMSSLHttpPostReturnByte.isSuccess()) {
                        sdkResult.setError(sendGMSSLHttpPostReturnByte.getError());
                        return sdkResult;
                    }
                    this.logger.info("sendCertConfirmContent.sendCmpHttpPost.result>>>>" + SdkJsonUtils.object2Json(sdkResult));
                    map.remove(str);
                    this.logger.info("发送证书 签发和更新的 确认消息 ========  【结束】申请事务Id为：{}", str);
                    return sdkResult;
                } catch (Exception e) {
                    this.logger.error(" ============= 发送Http请求异常:{}", e);
                    sdkResult.setError(ErrorEnum.SEND_HTTP_MESSAGE_EXCEPTION);
                    return sdkResult;
                }
            } catch (Exception e2) {
                this.logger.error("封装PKIMessage异常：{}", e2);
                sdkResult.setError(ErrorEnum.MAKE_PKI_MESSAGE_EXCEPTION);
                return sdkResult;
            }
        } catch (Exception e3) {
            this.logger.error("封装CertConfirmContent异常{}", e3);
            sdkResult.setError(ErrorEnum.MAKE_CERT_CONFIRM_CONTENT_EXCEPTION);
            return sdkResult;
        }
    }

    public SdkResult sendErrorMsgContent(int i, String str, String str2, String str3, int i2, String str4, String str5) {
        this.logger.info("发送错误消息 ======== 【开始】申请事务Id为：{} ", str);
        SdkResult sdkResult = new SdkResult();
        this.logger.info("发送错误消息 ======== 参与校验");
        if (i != SdkConstants.APPLY_USER_TYPE_NORMAL_USER_1 && i != SdkConstants.APPLY_USER_TYPE_ADMIN_2) {
            this.logger.info("请求用户类型错误");
            sdkResult.setError(ErrorEnum.APPLY_USER_TYPE_IS_ERROR);
            return sdkResult;
        }
        if (StringUtils.isAnyBlank(new CharSequence[]{str, str2, str3, str5})) {
            this.logger.info("=============== 参数中transId,raDN,caDN,signAlg存在空值");
            sdkResult.setError(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
            return sdkResult;
        }
        Map<String, Object> map = SdkCommonVariable.getMap();
        if (map == null) {
            this.logger.info("本地缓存数据为空");
            sdkResult.setError(ErrorEnum.LOCAL_CMP_CACHE_IS_EMPTY);
            return sdkResult;
        }
        BaseCMPInfo baseCMPInfo = (BaseCMPInfo) map.get(str);
        if (baseCMPInfo == null) {
            sdkResult.setError(ErrorEnum.CANNOT_GET_TRANS_ID_FORM_LOCAL_CACHE);
            return sdkResult;
        }
        byte[] recipientNonce = baseCMPInfo.getRecipientNonce();
        byte[] senderNonce = baseCMPInfo.getSenderNonce();
        if (!"SM3withSM2".equalsIgnoreCase(str5)) {
            this.logger.info("===============  证书签名算法不支持：" + str5);
            sdkResult.setError(ErrorEnum.CERT_SIGN_ALG_IS_NOT_SUPPORT);
            return sdkResult;
        }
        SdkResult genErrorPKIMsg = genErrorPKIMsg(i, str4, i2, str2, str3, recipientNonce, senderNonce, SM3withSM2, str, this.caBaseUrl + "/v1/cmp");
        if (!genErrorPKIMsg.isSuccess()) {
            sdkResult.setError(genErrorPKIMsg.getError());
        }
        map.remove(str);
        this.logger.info("发送错误消息 ======== 【结束】申请事务Id为：{} ", str);
        return sdkResult;
    }

    public SdkResult getRaBaseDN() {
        SdkResult sdkResult = new SdkResult();
        try {
            SdkResult sendGMSSLHttpGetReturnString = GMSSLHttpReqUtils.sendGMSSLHttpGetReturnString(this.keyIndex, this.pwd, null, this.caBaseUrl + "/ca-openapi/v1/ca/ra/baseDn", this.raSignSn, this.isHttps, this.caCert);
            if (sendGMSSLHttpGetReturnString.isSuccess()) {
                sdkResult.setInfo((String) sendGMSSLHttpGetReturnString.getInfo());
                return sdkResult;
            }
            sdkResult.setError(sendGMSSLHttpGetReturnString.getError());
            return sdkResult;
        } catch (Exception e) {
            this.logger.error("===============  获取RA系统BaseDN异常{}", e);
            sdkResult.setError(ErrorEnum.CONNECT_CA_OPEN_API_REFUSED);
            return sdkResult;
        }
    }

    public SdkResult getCertStatus(String str) {
        SdkResult sdkResult = new SdkResult();
        try {
            SdkResult sendGMSSLHttpGetReturnString = GMSSLHttpReqUtils.sendGMSSLHttpGetReturnString(this.keyIndex, this.pwd, null, this.caBaseUrl + ("/ca-openapi/v1/ca/cert/status/" + str), this.raSignSn, this.isHttps, this.caCert);
            if (sendGMSSLHttpGetReturnString.isSuccess()) {
                sdkResult.setInfo((String) sendGMSSLHttpGetReturnString.getInfo());
                return sdkResult;
            }
            sdkResult.setError(sendGMSSLHttpGetReturnString.getError());
            return sdkResult;
        } catch (Exception e) {
            this.logger.error("===============  获取证书状态异常{}", e);
            sdkResult.setError(ErrorEnum.CONNECT_CA_OPEN_API_REFUSED);
            return sdkResult;
        }
    }

    public SdkResult downloadCertByteInfo(String str) {
        SdkResult sdkResult = new SdkResult();
        try {
            SdkResult sendGMSSLHttpGetReturnString = GMSSLHttpReqUtils.sendGMSSLHttpGetReturnString(this.keyIndex, this.pwd, null, this.caBaseUrl + ("/ca-openapi/v1/ca/cert/download/" + str), this.raSignSn, this.isHttps, this.caCert);
            if (sendGMSSLHttpGetReturnString.isSuccess()) {
                sdkResult.setInfo((String) sendGMSSLHttpGetReturnString.getInfo());
                return sdkResult;
            }
            sdkResult.setError(sendGMSSLHttpGetReturnString.getError());
            return sdkResult;
        } catch (Exception e) {
            this.logger.error("===============  下载用户证书异常{}", e);
            sdkResult.setError(ErrorEnum.CONNECT_CA_OPEN_API_REFUSED);
            return sdkResult;
        }
    }

    public SdkResult getCertDetailInfo(String str) {
        SdkResult sdkResult = new SdkResult();
        try {
            SdkResult sendGMSSLHttpGetReturnString = GMSSLHttpReqUtils.sendGMSSLHttpGetReturnString(this.keyIndex, this.pwd, null, this.caBaseUrl + ("/ca-openapi/v1/ca/cert/detail/" + str), this.raSignSn, this.isHttps, this.caCert);
            if (sendGMSSLHttpGetReturnString.isSuccess()) {
                sdkResult.setInfo((String) sendGMSSLHttpGetReturnString.getInfo());
                return sdkResult;
            }
            sdkResult.setError(sendGMSSLHttpGetReturnString.getError());
            return sdkResult;
        } catch (Exception e) {
            this.logger.error("===============  获取证书详情异常{}", e);
            sdkResult.setError(ErrorEnum.CONNECT_CA_OPEN_API_REFUSED);
            return sdkResult;
        }
    }

    public SdkResult getCertTemplateList() {
        SdkResult sdkResult = new SdkResult();
        try {
            SdkResult sendGMSSLHttpGetReturnString = GMSSLHttpReqUtils.sendGMSSLHttpGetReturnString(this.keyIndex, this.pwd, null, this.caBaseUrl + "/ca-openapi/v1/ca/template/list", this.raSignSn, this.isHttps, this.caCert);
            if (sendGMSSLHttpGetReturnString.isSuccess()) {
                sdkResult.setInfo((String) sendGMSSLHttpGetReturnString.getInfo());
                return sdkResult;
            }
            sdkResult.setError(sendGMSSLHttpGetReturnString.getError());
            return sdkResult;
        } catch (Exception e) {
            this.logger.error("===============  获取证书模板列表异常{}", e);
            sdkResult.setError(ErrorEnum.CONNECT_CA_OPEN_API_REFUSED);
            return sdkResult;
        }
    }

    public SdkResult getCertTemplateDetailInfo(String str) {
        SdkResult sdkResult = new SdkResult();
        try {
            SdkResult sendGMSSLHttpGetReturnString = GMSSLHttpReqUtils.sendGMSSLHttpGetReturnString(this.keyIndex, this.pwd, null, this.caBaseUrl + ("/ca-openapi/v1/ca/template/detail/" + str), this.raSignSn, this.isHttps, this.caCert);
            if (sendGMSSLHttpGetReturnString.isSuccess()) {
                sdkResult.setInfo((String) sendGMSSLHttpGetReturnString.getInfo());
                return sdkResult;
            }
            sdkResult.setError(sendGMSSLHttpGetReturnString.getError());
            return sdkResult;
        } catch (Exception e) {
            this.logger.error("===============  获取证书模板详情异常{}", e);
            sdkResult.setError(ErrorEnum.CONNECT_CA_OPEN_API_REFUSED);
            return sdkResult;
        }
    }

    public SdkResult getRaOperatorCertTemp() {
        SdkResult sdkResult = new SdkResult();
        try {
            SdkResult sendGMSSLHttpGetReturnString = GMSSLHttpReqUtils.sendGMSSLHttpGetReturnString(this.keyIndex, this.pwd, null, this.caBaseUrl + "/ca-openapi/v1/ca/template/manage", this.raSignSn, this.isHttps, this.caCert);
            if (sendGMSSLHttpGetReturnString.isSuccess()) {
                sdkResult.setInfo((String) sendGMSSLHttpGetReturnString.getInfo());
                return sdkResult;
            }
            sdkResult.setError(sendGMSSLHttpGetReturnString.getError());
            return sdkResult;
        } catch (Exception e) {
            this.logger.error("===============  获取管理员证书模板详情异常{}", e);
            sdkResult.setError(ErrorEnum.CONNECT_CA_OPEN_API_REFUSED);
            return sdkResult;
        }
    }

    public SdkResult raAdminLoginAuthen(String str) {
        SdkResult sdkResult = new SdkResult();
        HashMap hashMap = new HashMap();
        hashMap.put("sn", str);
        try {
            SdkResult sendGMSSLHttpPostReturnString = GMSSLHttpReqUtils.sendGMSSLHttpPostReturnString(this.keyIndex, this.pwd, SdkJsonUtils.object2Json(hashMap).getBytes(), this.caBaseUrl + "/v1/ca/ra/login", "application/json", this.raSignSn, this.isHttps, this.caCert);
            if (sendGMSSLHttpPostReturnString.isSuccess()) {
                sdkResult.setInfo((String) sendGMSSLHttpPostReturnString.getInfo());
                return sdkResult;
            }
            sdkResult.setError(sendGMSSLHttpPostReturnString.getError());
            return sdkResult;
        } catch (Exception e) {
            this.logger.error("===============  管理员登录认证异常{}", e);
            sdkResult.setError(ErrorEnum.CONNECT_CA_OPEN_API_REFUSED);
            return sdkResult;
        }
    }

    public SdkResult sendCaServerMessages(String str, String str2) {
        this.logger.info("测试CA服务连通性================");
        SdkResult sdkResult = new SdkResult();
        try {
            SdkResult sendGMSSLHttpGetReturnByte = GMSSLHttpReqUtils.sendGMSSLHttpGetReturnByte(this.keyIndex, this.pwd, null, this.caBaseUrl + "/ca-openapi/v1/ca/interface/test", this.raSignSn, this.isHttps, this.caCert);
            if (sendGMSSLHttpGetReturnByte.isSuccess()) {
                return sdkResult;
            }
            sdkResult.setError(sendGMSSLHttpGetReturnByte.getError());
            return sdkResult;
        } catch (Exception e) {
            this.logger.error("===============  获取CA系统运行状态异常{}", e);
            sdkResult.setError(ErrorEnum.CONNECT_CA_OPEN_API_REFUSED);
            return sdkResult;
        }
    }

    private CertRequest genCertRequest(int i, String str, byte[] bArr, ASN1ObjectIdentifier aSN1ObjectIdentifier, long j, int i2) throws IOException {
        OptionalValidity optionalValidity = null;
        if (i != 0) {
            Date date = new Date();
            Calendar calendar = Calendar.getInstance();
            calendar.setTime(date);
            calendar.add(5, i);
            Date time = calendar.getTime();
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(new DERTaggedObject(true, 0, new Time(date)));
            aSN1EncodableVector.add(new DERTaggedObject(true, 1, new Time(time)));
            optionalValidity = OptionalValidity.getInstance(new DERSequence(aSN1EncodableVector));
        }
        CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
        certTemplateBuilder.setVersion(1);
        certTemplateBuilder.setSigningAlg(new AlgorithmIdentifier(aSN1ObjectIdentifier));
        certTemplateBuilder.setValidity(optionalValidity);
        certTemplateBuilder.setSubject(new X500Name(str));
        certTemplateBuilder.setPublicKey(SubjectPublicKeyInfo.getInstance(bArr));
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        try {
            int i3 = 0;
            if (i2 == SdkConstants.CERT_TYPE_SIGN_2) {
                i3 = 192;
            } else if (i2 == SdkConstants.CERT_TYPE_ENC_3) {
                i3 = 56;
            }
            extensionsGenerator.addExtension(Extension.keyUsage, false, new X509KeyUsage(i3));
            certTemplateBuilder.setExtensions(extensionsGenerator.generate());
            return new CertRequest(new ASN1Integer(j), certTemplateBuilder.build(), (Controls) null);
        } catch (IOException e) {
            this.logger.info("封装CertRequest的扩展信息异常{}", e);
            throw new IOException();
        }
    }

    private CertReqMessages genCertReqMessages(CertRequest[] certRequestArr, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        CertReqMsg[] certReqMsgArr = new CertReqMsg[certRequestArr.length];
        for (int i = 0; i < certRequestArr.length; i++) {
            if (certRequestArr[i] != null) {
                certReqMsgArr[i] = new CertReqMsg(certRequestArr[i], (ProofOfPossession) null, (AttributeTypeAndValue[]) null);
            }
        }
        return new CertReqMessages(certReqMsgArr);
    }

    private PKIMessage genPKIMessage(int i, String str, String str2, String str3, int i2, byte[] bArr, byte[] bArr2, String str4, ASN1Encodable aSN1Encodable, ASN1ObjectIdentifier aSN1ObjectIdentifier, String str5) throws Exception {
        PKIBody pKIBody = new PKIBody(i2, aSN1Encodable);
        PKIHeaderBuilder pKIHeaderBuilder = new PKIHeaderBuilder(1, new GeneralName(new X500Name(str2)), new GeneralName(new X500Name(str3)));
        pKIHeaderBuilder.setMessageTime(new ASN1GeneralizedTime(new Date()));
        pKIHeaderBuilder.setSenderNonce(new DEROctetString(bArr2));
        pKIHeaderBuilder.setRecipNonce(new DEROctetString(bArr));
        pKIHeaderBuilder.setTransactionID(str4.getBytes());
        pKIHeaderBuilder.setProtectionAlg(new AlgorithmIdentifier(aSN1ObjectIdentifier));
        pKIHeaderBuilder.setFreeText(new PKIFreeText(str5));
        PKIHeader build = pKIHeaderBuilder.build();
        return new PKIMessage(build, pKIBody, new DERBitString(Base64.decode(GMSSLSM2SignUtils.signByYunhsm(i, str, Base64.toBase64String(getProtectedBytes(build, pKIBody))))));
    }

    private SdkResult checkCmpHeaderAndSign(byte[] bArr, String str, String str2, byte[] bArr2, String str3) {
        SdkResult sdkResult = new SdkResult();
        PKIMessage pKIMessage = PKIMessage.getInstance(bArr);
        if (pKIMessage == null) {
            this.logger.info(" =================== No pkiMessage response message.");
            sdkResult.setError(ErrorEnum.NO_PKI_MESSAGE_RESP_MESSAGE);
            return sdkResult;
        }
        PKIHeader header = pKIMessage.getHeader();
        if (header == null) {
            this.logger.info(" =================== No header in response message.");
            sdkResult.setError(ErrorEnum.NO_HEADER_IN_RESPONSE_MESSAGE);
            return sdkResult;
        }
        X500Name x500Name = X500Name.getInstance(header.getSender().getName());
        if (x500Name == null || !x500Name.equals(new X500Name(str2))) {
            this.logger.info(" =================== received caDn is:" + x500Name.toString() + " but expect:" + new X500Name(str2).toString());
            sdkResult.setError(ErrorEnum.RECEIVED_CA_DN_NOT_EXPECT);
            return sdkResult;
        }
        if (header.getSenderNonce().getOctets().length != 16) {
            this.logger.info(" =================== Wrong length of received sender nonce (made up by server). Is " + header.getSenderNonce().getOctets().length + " byte but should be 16.");
            sdkResult.setError(ErrorEnum.WRONG_LEN_OF_RECEIVED_SENDER_NONCE);
            return sdkResult;
        }
        if (!Arrays.equals(header.getSenderNonce().getOctets(), bArr2)) {
            this.logger.info(" =================== recipient nonce not the same as we sent away as the sender nonce. Sent: " + Arrays.toString(bArr2) + " Received: " + Arrays.toString(header.getRecipNonce().getOctets()));
            sdkResult.setError(ErrorEnum.RECIPIENT_NONCE_NOT_THE_SAME_AS_WE_SENT);
            return sdkResult;
        }
        if (!str3.equalsIgnoreCase(new String(header.getTransactionID().getOctets()))) {
            this.logger.info(" =================== transid is not the same as the one we sent");
            sdkResult.setError(ErrorEnum.TRANS_ID_IS_NOT_THE_SAME_AS_WE_SENT);
            return sdkResult;
        }
        try {
            if (GMSSLSM2SignUtils.verifyBySdf(SdfCryptoType.YUNHSM, this.caCert.getPublicKey(), getProtectedBytes(pKIMessage), pKIMessage.getProtection().getBytes())) {
                return sdkResult;
            }
            this.logger.info(" =================== 加密机验签失败");
            sdkResult.setError(ErrorEnum.GMSSL_VERIFY_SIGN_DATA_IS_ERROR);
            return sdkResult;
        } catch (Exception e) {
            this.logger.error(" =================== 加密机验签异常{}", e);
            sdkResult.setError(ErrorEnum.GMSSL_VERIFY_SIGN_DATA_IS_EXCEPTION);
            return sdkResult;
        }
    }

    private SdkResult resolveVarietyRepMessage(int i, int i2, byte[] bArr, String str, String str2) {
        SdkResult sdkResult = new SdkResult();
        PKIBody body = PKIMessage.getInstance(bArr).getBody();
        if (body.getType() == 23) {
            try {
                sdkResult.setError(resolveErrorMsgContent(body).getError());
                return sdkResult;
            } catch (Exception e) {
                this.logger.error("解析ErrorMsgContent异常{}", e);
                sdkResult.setError(ErrorEnum.RESOLVE_ERROR_MSG_CONTENT_EXCEPTION);
                return sdkResult;
            }
        }
        if (body.getType() == 1 || body.getType() == 3) {
            SdkResult sdkResult2 = null;
            try {
                sdkResult2 = resolveCertRepMessage(i, i2, body, str2, str);
            } catch (Exception e2) {
                this.logger.error("解析CertRepMessage异常{}", e2);
                sdkResult.setError(ErrorEnum.RESOLVE_CERT_REP_MESSAGE_EXCEPTION);
            }
            if (sdkResult2.isSuccess()) {
                sdkResult.setInfo(sdkResult2.getInfo());
                return sdkResult;
            }
            sdkResult.setError(sdkResult2.getError());
            return sdkResult;
        }
        if (body.getType() == 12) {
            SdkResult sdkResult3 = null;
            try {
                sdkResult3 = resolveRevRepContent(body);
            } catch (Exception e3) {
                this.logger.error("解析RevRepContent异常{}", e3);
                sdkResult.setError(ErrorEnum.RESOLVE_REV_REP_CONTENT_EXCEPTION);
            }
            if (!sdkResult3.isSuccess()) {
                sdkResult.setError(sdkResult3.getError());
                return sdkResult;
            }
            sdkResult.setInfo(sdkResult3.getInfo());
        } else {
            this.logger.info("Cert body tag is:" + body.getType());
            sdkResult.setError(ErrorEnum.RA_NOT_SUPPORT_THIS_CERT_BODY_TAG);
        }
        return sdkResult;
    }

    private SdkResult resolveCertRepMessage(int i, int i2, PKIBody pKIBody, String str, String str2) throws IOException {
        boolean z;
        boolean z2;
        SdkResult sdkResult = new SdkResult();
        CertRepMessage content = pKIBody.getContent();
        if (content == null) {
            this.logger.info("============== No CertRepMessage for certificate received.");
            sdkResult.setError(ErrorEnum.NO_CERT_REQ_MESSAGE_RECEIVED);
            return sdkResult;
        }
        content.getCaPubs();
        CertResponse[] response = content.getResponse();
        UserCertInfo userCertInfo = new UserCertInfo();
        ManagerCertInfo managerCertInfo = new ManagerCertInfo();
        for (CertResponse certResponse : response) {
            if (certResponse == null) {
                this.logger.info("============== No CertResponse for certificate received.");
                sdkResult.setError(ErrorEnum.NO_CERT_RESPONSE_MESSAGE_RECEIVED);
                return sdkResult;
            }
            PKIStatusInfo status = certResponse.getStatus();
            if (status == null) {
                this.logger.info("No PKIStatusInfo for certificate received.");
                sdkResult.setError(ErrorEnum.NO_PKI_STATUS_INFO_FOR_RECEIVE);
                return sdkResult;
            }
            int intValue = status.getStatus().intValue();
            if (intValue != 0) {
                this.logger.info("Received Status is " + intValue + " but should be 0");
                sdkResult.setError(ErrorEnum.RECEIVED_STATUS_IS_NOT_0);
                return sdkResult;
            }
            CertifiedKeyPair certifiedKeyPair = certResponse.getCertifiedKeyPair();
            if (certifiedKeyPair == null) {
                this.logger.info("No CertifiedKeyPair for certificate received.");
                sdkResult.setError(ErrorEnum.NO_CERTIFIED_KEY_PAIR_FOR_RECEIVED);
                return sdkResult;
            }
            CertOrEncCert certOrEncCert = certifiedKeyPair.getCertOrEncCert();
            if (certOrEncCert == null) {
                this.logger.info("No CertOrEncCert for certificate received.");
                sdkResult.setError(ErrorEnum.NO_CERT_OR_ENC_CERT_FOR_RECEIVED);
                return sdkResult;
            }
            CMPCertificate certificate = certOrEncCert.getCertificate();
            if (i == SdkConstants.APPLY_USER_TYPE_NORMAL_USER_1) {
                BaseCMPInfo baseCMPInfo = (BaseCMPInfo) SdkCommonVariable.getMap().get(str2);
                if (baseCMPInfo == null) {
                    this.logger.info(" ============= No ra send transId.");
                    sdkResult.setError(ErrorEnum.NO_RA_SEND_TRANS_ID);
                    return sdkResult;
                }
                long requestId = baseCMPInfo.getRequestId();
                long longValue = certResponse.getCertReqId().getValue().longValue();
                if (longValue == requestId) {
                    z2 = true;
                } else {
                    if (longValue != -1) {
                        this.logger.info("=============== Received CertReqId is " + longValue + " but should be " + requestId);
                        sdkResult.setError(ErrorEnum.RA_RECEIVED_CERT_REQ_ID_IS_ERROR);
                        return sdkResult;
                    }
                    z2 = false;
                }
                SdkResult checkCMPCert = checkCMPCert(certificate, str);
                if (!checkCMPCert.isSuccess()) {
                    sdkResult.setError(checkCMPCert.getError());
                    return sdkResult;
                }
                if (z2) {
                    userCertInfo.setSignCert(SdkCertUtils.certToFullB64((X509Certificate) checkCMPCert.getInfo()));
                } else {
                    userCertInfo.setEncCert(SdkCertUtils.certToFullB64((X509Certificate) checkCMPCert.getInfo()));
                }
                if (certifiedKeyPair.getPrivateKey() != null) {
                    userCertInfo.setEncPriKey(new String(ASN1OctetString.getInstance(ASN1Sequence.getInstance(certResponse.getEncoded()).getObjectAt(3)).getOctets()));
                }
            } else if (i != SdkConstants.APPLY_USER_TYPE_ADMIN_2) {
                continue;
            } else {
                BaseCMPInfo baseCMPInfo2 = (BaseCMPInfo) SdkCommonVariable.getMap().get(str2);
                if (baseCMPInfo2 == null) {
                    this.logger.info("================ No ra send transId.");
                    sdkResult.setError(ErrorEnum.NO_RA_SEND_TRANS_ID);
                    return sdkResult;
                }
                long requestId2 = baseCMPInfo2.getRequestId();
                long longValue2 = certResponse.getCertReqId().getValue().longValue();
                if (longValue2 == requestId2) {
                    z = true;
                } else {
                    if (longValue2 != -1) {
                        this.logger.info("================== Received CertReqId is " + longValue2 + " but should be " + requestId2);
                        sdkResult.setError(ErrorEnum.RA_RECEIVED_CERT_REQ_ID_IS_ERROR);
                        return sdkResult;
                    }
                    z = false;
                }
                if (certificate != null) {
                    SdkResult checkCMPCert2 = checkCMPCert(certificate, str);
                    if (!checkCMPCert2.isSuccess()) {
                        sdkResult.setError(checkCMPCert2.getError());
                        return sdkResult;
                    }
                    X509Certificate x509Certificate = (X509Certificate) checkCMPCert2.getInfo();
                    if (z) {
                        managerCertInfo.setSignCert(SdkCertUtils.certToFullB64(x509Certificate));
                    }
                }
                if (!z) {
                    managerCertInfo.setEncEncCert(new String(ASN1OctetString.getInstance(ASN1Sequence.getInstance(certResponse.getEncoded()).getObjectAt(3)).getOctets()));
                }
            }
        }
        if (i == SdkConstants.APPLY_USER_TYPE_NORMAL_USER_1) {
            sdkResult.setInfo(userCertInfo);
        } else if (i == SdkConstants.APPLY_USER_TYPE_ADMIN_2) {
            sdkResult.setInfo(managerCertInfo);
        }
        return sdkResult;
    }

    private SdkResult resolveErrorMsgContent(PKIBody pKIBody) {
        SdkResult sdkResult = new SdkResult();
        ErrorMsgContent content = pKIBody.getContent();
        content.getPKIStatusInfo();
        ASN1Integer errorCode = content.getErrorCode();
        this.logger.info("========== CA返回的错误消息结构体 ========= errorCode:" + errorCode.getValue().intValue() + " errorMsg:" + content.getErrorDetails().getStringAt(0).getString());
        if (ErrorEnum.RA_CERT_ISSUE_STATUS_REVOKED.code == errorCode.getValue().intValue()) {
            sdkResult.setError(ErrorEnum.RA_CERT_ISSUE_STATUS_REVOKED);
        } else {
            sdkResult.setError(ErrorEnum.CA_OPEN_API_RETURN_PKI_ERROR_MSG);
        }
        return sdkResult;
    }

    private SdkResult resolveRevRepContent(PKIBody pKIBody) {
        SdkResult sdkResult = new SdkResult();
        if (0 != pKIBody.getContent().getStatus()[0].getStatus().intValue()) {
            return sdkResult;
        }
        this.logger.info("==========CA返回的撤销成功=========");
        return sdkResult;
    }

    private CertConfirmContent genCertConfirmContent(String str, long j) {
        CertStatus certStatus = new CertStatus(str.getBytes(), new BigInteger(String.valueOf(j)));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(certStatus);
        return CertConfirmContent.getInstance(new DERSequence(aSN1EncodableVector));
    }

    private RevReqContent genRevReqContent(String str, String str2, String str3) {
        CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
        certTemplateBuilder.setIssuer(new X500Name(str));
        certTemplateBuilder.setSerialNumber(new ASN1Integer(Long.valueOf(new BigInteger(str3, 16).toString(10)).longValue()));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(certTemplateBuilder.build());
        return new RevReqContent(RevDetails.getInstance(new DERSequence(aSN1EncodableVector)));
    }

    private ErrorMsgContent genErrorMsgContent(PKIStatus pKIStatus, int i, String str) {
        return new ErrorMsgContent(new PKIStatusInfo(pKIStatus), new ASN1Integer(i), new PKIFreeText(str));
    }

    private ErrorMsgContent genErrorMsgContent(int i, String str, int i2, int i3, String str2) {
        return new ErrorMsgContent(new PKIStatusInfo(PKIStatus.getInstance(Integer.valueOf(i)), new PKIFreeText(str), new PKIFailureInfo(i2)), new ASN1Integer(i3), new PKIFreeText(str2));
    }

    private byte[] getProtectedBytes(PKIMessage pKIMessage) {
        return getProtectedBytes(pKIMessage.getHeader(), pKIMessage.getBody());
    }

    private byte[] getProtectedBytes(PKIHeader pKIHeader, PKIBody pKIBody) {
        byte[] bArr = null;
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(pKIHeader);
        aSN1EncodableVector.add(pKIBody);
        DERSequence dERSequence = new DERSequence(aSN1EncodableVector);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new DEROutputStream(byteArrayOutputStream).writeObject(dERSequence);
            bArr = byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            this.logger.error(e.getLocalizedMessage(), e);
        }
        return bArr;
    }

    private String createP10FromPubKeyDer(byte[] bArr, String str, String str2) {
        String str3;
        try {
            CertificationRequestInfo certificationRequestInfo = new CertificationRequestInfo(new X509Name(str), new SubjectPublicKeyInfo(ASN1Sequence.getInstance(bArr)), (ASN1Set) null);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new DEROutputStream(byteArrayOutputStream).writeObject(certificationRequestInfo);
            CertificationRequest certificationRequest = new CertificationRequest(certificationRequestInfo, new AlgorithmIdentifier(new DERObjectIdentifier("1.2.840.113549.1.1.4")), new DERBitString(byteArrayOutputStream.toByteArray()));
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            new DEROutputStream(byteArrayOutputStream2).writeObject(certificationRequest);
            str3 = new String(Base64.encode(byteArrayOutputStream2.toByteArray())).replace("\n", "").replaceAll("\r", "");
        } catch (Exception e) {
            System.out.println("生成p10时错误。dn= " + str);
            e.printStackTrace();
            str3 = "";
        }
        return str3;
    }

    private SdkResult genErrorPKIMsg(int i, String str, int i2, String str2, String str3, byte[] bArr, byte[] bArr2, ASN1ObjectIdentifier aSN1ObjectIdentifier, String str4, String str5) {
        SdkResult sdkResult = new SdkResult();
        this.logger.info("发送错误消息 ======== 1.封装ErrorMsgContent结构体");
        try {
            ErrorMsgContent genErrorMsgContent = genErrorMsgContent(PKIStatus.rejection, i2, str);
            this.logger.info("发送错误消息 ======== 2.封装PKIMesage结构体");
            FreeText freeText = new FreeText();
            freeText.setApplyUserType(i);
            freeText.setRaSignSn(this.raSignSn);
            try {
                PKIMessage genPKIMessage = genPKIMessage(this.keyIndex, this.pwd, str2, str3, 23, bArr, bArr2, str4, genErrorMsgContent, aSN1ObjectIdentifier, SdkJsonUtils.object2Json(freeText));
                this.logger.info("发送错误消息 ======== 3.发送证书错误消息");
                try {
                    SdkResult sendGMSSLHttpPostReturnByte = GMSSLHttpReqUtils.sendGMSSLHttpPostReturnByte(this.keyIndex, this.pwd, genPKIMessage.getEncoded(), str5, "application/pkixcmp", this.raSignSn, this.isHttps, this.caCert);
                    if (sendGMSSLHttpPostReturnByte.isSuccess()) {
                        return sdkResult;
                    }
                    sdkResult.setError(sendGMSSLHttpPostReturnByte.getError());
                    return sdkResult;
                } catch (Exception e) {
                    this.logger.error(" ============= 发送Http请求异常:{}", e);
                    sdkResult.setError(ErrorEnum.SEND_HTTP_MESSAGE_EXCEPTION);
                    return sdkResult;
                }
            } catch (Exception e2) {
                this.logger.error("=============== 封装ErrorMsg的PKIMessage异常{}", e2);
                sdkResult.setError(ErrorEnum.MAKE_PKI_MESSAGE_EXCEPTION);
                return sdkResult;
            }
        } catch (Exception e3) {
            this.logger.error("=============== 封装ErrorMsgContent异常{}", e3);
            sdkResult.setError(ErrorEnum.ERROR_MSG_CONTENT_EXCEPTION);
            return sdkResult;
        }
    }

    private SdkResult checkCMPCert(CMPCertificate cMPCertificate, String str) {
        SdkResult sdkResult = new SdkResult();
        if (cMPCertificate == null) {
            this.logger.info("No X509CertificateStructure for certificate received.");
            sdkResult.setError(ErrorEnum.NO_X509_CERT_FOR_RECEIVED);
            return sdkResult;
        }
        byte[] bArr = new byte[0];
        try {
            byte[] encoded = cMPCertificate.getEncoded();
            if (encoded == null || encoded.length <= 0) {
                this.logger.info("No encoded certificate received");
                sdkResult.setError(ErrorEnum.NO_ENCODE_CERT_FOR_RECEIVED);
                return sdkResult;
            }
            try {
                X509Certificate convertDerCertToCert = SdkCertUtils.convertDerCertToCert(encoded);
                X500Name x500Name = X500Name.getInstance(convertDerCertToCert.getSubjectX500Principal().getEncoded());
                if (x500Name.hashCode() != new X500Name(str).hashCode()) {
                    this.logger.info("Subject is '" + x500Name.toString() + "' but should be '" + str);
                    sdkResult.setError(ErrorEnum.RECEIVE_SUBJECT_DN_IS_NOT_SAME_APPLY);
                    return sdkResult;
                }
                String name = this.caCert.getSubjectX500Principal().getName();
                if (convertDerCertToCert.getIssuerX500Principal().getName().hashCode() != this.caCert.getSubjectX500Principal().getName().hashCode()) {
                    this.logger.info("Issuer is '" + convertDerCertToCert.getIssuerX500Principal().getName() + "' but should be '" + name);
                    sdkResult.setError(ErrorEnum.RECEIVE_ISSUE_DN_IS_NOT_SAME_APPLY);
                    return sdkResult;
                }
                try {
                    convertDerCertToCert.verify(this.caCert.getPublicKey());
                    sdkResult.setInfo(convertDerCertToCert);
                    return sdkResult;
                } catch (Exception e) {
                    this.logger.error("Certificate not verifying.{}" + e);
                    sdkResult.setError(ErrorEnum.RA_VERIFY_CA_REP_CERT_ERROR);
                    return sdkResult;
                }
            } catch (Exception e2) {
                this.logger.error("Not possible to create certificate.{}", e2);
                sdkResult.setError(ErrorEnum.NOT_POSSIBLE_TO_CREATE_CERT);
                return sdkResult;
            }
        } catch (IOException e3) {
            this.logger.error("CMPCertificate Encode Exception.{}", e3);
            sdkResult.setError(ErrorEnum.CMP_CERT_ENCODE_EXCEPTION);
            return sdkResult;
        }
    }

    private byte[] genRandomByHsm(int i) throws SdfSDKException {
        return Base64.decode(GMSSLRandomUtils.generateRandomByYunhsm(i));
    }
}
