package com.xdja.ca.helper;

import com.xdja.ca.asn1.DigestObjectIdentifiers;
import com.xdja.ca.asn1.NISTObjectIdentifiers;
import com.xdja.ca.asn1.RsaObjectIdentifiers;
import com.xdja.ca.asn1.SM2EnvelopedData;
import com.xdja.ca.asn1.SM2ObjectIdentifiers;
import com.xdja.ca.asn1.SymmetryObjectIdentifiers;
import com.xdja.ca.bean.BaseCMPInfo;
import com.xdja.ca.bean.SignedAndEnvelopedData;
import com.xdja.ca.error.ErrorEnum;
import com.xdja.ca.pkcs7.Pkcs7Utils;
import com.xdja.ca.sdk.SdkResult;
import com.xdja.ca.service.CaSdkRedisCacheManagerService;
import com.xdja.ca.utils.ClientHttpUtils;
import com.xdja.ca.utils.DnUtil;
import com.xdja.ca.utils.SdkCertUtils;
import com.xdja.ca.utils.SdkHsmUtils;
import com.xdja.ca.utils.SdkJsonUtils;
import com.xdja.ca.vo.FreeText;
import com.xdja.ca.vo.ManagerCertInfo;
import com.xdja.ca.vo.UserCertInfo;
import com.xdja.pki.apache.client.utils.json.JsonUtils;
import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import javax.naming.NamingException;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.cmp.CMPCertificate;
import org.bouncycastle.asn1.cmp.CertConfirmContent;
import org.bouncycastle.asn1.cmp.CertOrEncCert;
import org.bouncycastle.asn1.cmp.CertRepMessage;
import org.bouncycastle.asn1.cmp.CertResponse;
import org.bouncycastle.asn1.cmp.CertStatus;
import org.bouncycastle.asn1.cmp.CertifiedKeyPair;
import org.bouncycastle.asn1.cmp.ErrorMsgContent;
import org.bouncycastle.asn1.cmp.KeyRecRepContent;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIFailureInfo;
import org.bouncycastle.asn1.cmp.PKIFreeText;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIHeaderBuilder;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.cmp.PKIStatus;
import org.bouncycastle.asn1.cmp.PKIStatusInfo;
import org.bouncycastle.asn1.cmp.RevDetails;
import org.bouncycastle.asn1.cmp.RevReqContent;
import org.bouncycastle.asn1.cms.EncryptedContentInfo;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import org.bouncycastle.asn1.cms.RecipientIdentifier;
import org.bouncycastle.asn1.crmf.AttributeTypeAndValue;
import org.bouncycastle.asn1.crmf.CertReqMessages;
import org.bouncycastle.asn1.crmf.CertReqMsg;
import org.bouncycastle.asn1.crmf.CertRequest;
import org.bouncycastle.asn1.crmf.CertTemplateBuilder;
import org.bouncycastle.asn1.crmf.Controls;
import org.bouncycastle.asn1.crmf.EncryptedValue;
import org.bouncycastle.asn1.crmf.OptionalValidity;
import org.bouncycastle.asn1.crmf.ProofOfPossession;
import org.bouncycastle.asn1.nist.NISTNamedCurves;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.X509KeyUsage;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.BigIntegers;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/xdja/ca/helper/CmpMessageHelper.class */
public class CmpMessageHelper {
    private static final Logger logger = LoggerFactory.getLogger(CmpMessageHelper.class);

    public static CertRequest genCertRequest(Boolean bool, int i, String str, byte[] bArr, ASN1ObjectIdentifier aSN1ObjectIdentifier, long j, int i2) throws Exception {
        CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
        if (i != 0) {
            Date date = new Date();
            Calendar calendar = Calendar.getInstance();
            calendar.setTime(date);
            calendar.add(5, i);
            Date time = calendar.getTime();
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(new DERTaggedObject(true, 0, new Time(date)));
            aSN1EncodableVector.add(new DERTaggedObject(true, 1, new Time(time)));
            certTemplateBuilder.setValidity(OptionalValidity.getInstance(new DERSequence(aSN1EncodableVector)));
        }
        certTemplateBuilder.setVersion(1);
        certTemplateBuilder.setSigningAlg(new AlgorithmIdentifier(aSN1ObjectIdentifier));
        certTemplateBuilder.setSubject(DnUtil.getRFC4519X500Name(str));
        SubjectPublicKeyInfo subjectPublicKeyInfo = null;
        if (bArr != null) {
            if (SM2ObjectIdentifiers.sm2SignWithSm3.equals(aSN1ObjectIdentifier)) {
                if (i2 == 2) {
                    subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(bArr);
                } else {
                    if (bool.booleanValue()) {
                        bArr = SdkCertUtils.convertSM2PublicKey(Base64.toBase64String(bArr)).getEncoded();
                    }
                    subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(bArr);
                }
            } else if (NISTObjectIdentifiers.nistSignAlgorithm.equals(aSN1ObjectIdentifier)) {
                if (i2 == 2) {
                    subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(bArr);
                } else {
                    if (bool.booleanValue()) {
                        bArr = SdkCertUtils.convertECPublicKey(Base64.toBase64String(bArr), NISTNamedCurves.getName(SECObjectIdentifiers.secp256r1)).getEncoded();
                    }
                    subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(bArr);
                }
            } else if (i2 == 2) {
                subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(bArr);
            } else {
                if (bool.booleanValue()) {
                    bArr = KeyFactory.getInstance("RSA", (Provider) new BouncyCastleProvider()).generatePublic(new RSAPublicKeySpec(BigIntegers.fromUnsignedByteArray(bArr), BigInteger.valueOf(65537L))).getEncoded();
                }
                subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(bArr);
            }
        }
        certTemplateBuilder.setPublicKey(subjectPublicKeyInfo);
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        int i3 = 0;
        if (i2 == 2) {
            i3 = 192;
        } else if (i2 == 3) {
            i3 = 56;
        }
        try {
            extensionsGenerator.addExtension(Extension.keyUsage, false, new X509KeyUsage(i3));
            certTemplateBuilder.setExtensions(extensionsGenerator.generate());
            return new CertRequest(new ASN1Integer(j), certTemplateBuilder.build(), (Controls) null);
        } catch (IOException e) {
            logger.info("封装CertRequest的扩展信息异常", e);
            throw new IOException();
        }
    }

    public static CertReqMessages genCertReqMessages(CertRequest[] certRequestArr) {
        CertReqMsg[] certReqMsgArr = new CertReqMsg[certRequestArr.length];
        for (int i = 0; i < certRequestArr.length; i++) {
            if (certRequestArr[i] != null) {
                certReqMsgArr[i] = new CertReqMsg(certRequestArr[i], (ProofOfPossession) null, (AttributeTypeAndValue[]) null);
            }
        }
        return new CertReqMessages(certReqMsgArr);
    }

    public static PKIMessage genPKIMessage(int i, String str, byte[] bArr, X509Certificate x509Certificate, String str2, String str3, int i2, byte[] bArr2, byte[] bArr3, String str4, ASN1Encodable aSN1Encodable, String str5, boolean z) throws Exception {
        PKIBody pKIBody = new PKIBody(i2, aSN1Encodable);
        PKIHeaderBuilder pKIHeaderBuilder = new PKIHeaderBuilder(1, new GeneralName(DnUtil.getRFC4519X500Name(str2)), new GeneralName(DnUtil.getRFC4519X500Name(str3)));
        pKIHeaderBuilder.setMessageTime(new ASN1GeneralizedTime(new Date()));
        pKIHeaderBuilder.setSenderNonce(new DEROctetString(bArr3));
        pKIHeaderBuilder.setRecipNonce(new DEROctetString(bArr2));
        pKIHeaderBuilder.setTransactionID(str4.getBytes());
        String sigAlgName = x509Certificate.getSigAlgName();
        ASN1ObjectIdentifier aSN1ObjectIdentifier = "SM3withSM2".equalsIgnoreCase(sigAlgName) ? SM2ObjectIdentifiers.sm2SignWithSm3 : "SHA1withRSA".equalsIgnoreCase(sigAlgName) ? RsaObjectIdentifiers.sha1WithRSA : "SHA256withRSA".equalsIgnoreCase(sigAlgName) ? RsaObjectIdentifiers.sha256WithRSA : NISTObjectIdentifiers.nistSignAlgorithm;
        logger.debug(" ================ RA封装消息使用的服务器证书的签名算法为：" + sigAlgName + " 算法oid为：" + aSN1ObjectIdentifier.getId());
        pKIHeaderBuilder.setProtectionAlg(new AlgorithmIdentifier(aSN1ObjectIdentifier));
        pKIHeaderBuilder.setFreeText(new PKIFreeText(str5));
        PKIHeader build = pKIHeaderBuilder.build();
        String signByYunHsm = bArr == null ? SdkHsmUtils.signByYunHsm(sigAlgName, i, str, Base64.toBase64String(getProtectedBytes(build, pKIBody))) : SdkHsmUtils.signByBC(sigAlgName, bArr, Base64.toBase64String(getProtectedBytes(build, pKIBody)));
        if (StringUtils.isBlank(signByYunHsm)) {
            throw new Exception("使用密码机签名失败");
        }
        return new PKIMessage(build, pKIBody, new DERBitString(Base64.decode(signByYunHsm)));
    }

    public static SdkResult genErrorPKIMsg(int i, String str, byte[] bArr, X509Certificate x509Certificate, X509Certificate[] x509CertificateArr, String str2, int i2, String str3, int i3, String str4, String str5, byte[] bArr2, byte[] bArr3, String str6, String str7, String str8, boolean z, boolean z2) {
        SdkResult sdkResult = new SdkResult();
        logger.info("发送错误消息 ======== 1.封装ErrorMsgContent结构体");
        try {
            ErrorMsgContent genErrorMsgContent = genErrorMsgContent(PKIStatus.rejection, i3, str3);
            logger.info("发送错误消息 ======== 2.封装PKIMesage结构体");
            FreeText freeText = new FreeText();
            freeText.setApplyUserType(i2);
            freeText.setRaSignSn(str2);
            try {
                PKIMessage genPKIMessage = genPKIMessage(i, str, bArr, x509Certificate, str4, str5, 23, bArr2, bArr3, str6, genErrorMsgContent, SdkJsonUtils.object2Json(freeText), z2);
                logger.info("发送错误消息 ======== 3.发送证书错误消息");
                try {
                    SdkResult sendApacheClientRequest = ClientHttpUtils.sendApacheClientRequest(i, str, bArr, genPKIMessage.getEncoded(), null, str7, "application/pkixcmp", str2, x509CertificateArr, str8, z, z2, "post");
                    if (sendApacheClientRequest.isSuccess()) {
                        return sdkResult;
                    }
                    sdkResult.setError(sendApacheClientRequest.getError());
                    return sdkResult;
                } catch (Exception e) {
                    logger.error(" ============= 发送Http请求异常:", e);
                    sdkResult.setError(ErrorEnum.SEND_HTTP_MESSAGE_EXCEPTION);
                    return sdkResult;
                }
            } catch (Exception e2) {
                logger.error("=============== 封装ErrorMsg的PKIMessage异常", e2);
                sdkResult.setError(ErrorEnum.MAKE_PKI_MESSAGE_EXCEPTION);
                return sdkResult;
            }
        } catch (Exception e3) {
            logger.error("=============== 封装ErrorMsgContent异常", e3);
            sdkResult.setError(ErrorEnum.ERROR_MSG_CONTENT_EXCEPTION);
            return sdkResult;
        }
    }

    public static SdkResult checkCmpHeaderAndSign(byte[] bArr, String str, String str2, byte[] bArr2, String str3, X509Certificate x509Certificate, boolean z) throws NamingException {
        logger.debug("CmpApi.checkCmpHeaderAndSign>>>>> raName:" + str + " caName:" + str2 + " senderNonce:" + Base64.toBase64String(bArr2) + " transId:" + str3 + " caCert:" + SdkCertUtils.certToFullB64(x509Certificate));
        SdkResult sdkResult = new SdkResult();
        PKIMessage pKIMessage = PKIMessage.getInstance(bArr);
        if (pKIMessage == null) {
            logger.error(" =================== No pkiMessage response message.");
            sdkResult.setError(ErrorEnum.NO_PKI_MESSAGE_RESP_MESSAGE);
            return sdkResult;
        }
        PKIHeader header = pKIMessage.getHeader();
        if (header == null) {
            logger.error(" =================== No header in response message.");
            sdkResult.setError(ErrorEnum.NO_HEADER_IN_RESPONSE_MESSAGE);
            return sdkResult;
        }
        logger.info("=================" + header.getSender().getName().toString());
        String x500Name = DnUtil.getRFC4519X500Name(header.getSender().getName()).toString();
        if (StringUtils.isBlank(x500Name) || !x500Name.equalsIgnoreCase(DnUtil.getRFC4519X500Name(str2).toString())) {
            logger.error(" =================== received caDn is:" + x500Name + " but expect:" + DnUtil.getRFC4519X500Name(str2).toString());
            sdkResult.setError(ErrorEnum.RECEIVED_CA_DN_NOT_EXPECT);
            return sdkResult;
        }
        if (header.getSenderNonce().getOctets().length != 16) {
            logger.error(" =================== Wrong length of received sender nonce (made up by server). Is " + header.getSenderNonce().getOctets().length + " byte but should be 16.");
            sdkResult.setError(ErrorEnum.WRONG_LEN_OF_RECEIVED_SENDER_NONCE);
            return sdkResult;
        }
        if (!Arrays.equals(header.getSenderNonce().getOctets(), bArr2)) {
            logger.error(" =================== recipient nonce not the same as we sent away as the sender nonce. Sent: " + Arrays.toString(bArr2) + " Received: " + Arrays.toString(header.getRecipNonce().getOctets()));
            sdkResult.setError(ErrorEnum.RECIPIENT_NONCE_NOT_THE_SAME_AS_WE_SENT);
            return sdkResult;
        }
        if (!str3.equalsIgnoreCase(new String(header.getTransactionID().getOctets()))) {
            logger.error(" =================== transid is not the same as the one we sent");
            sdkResult.setError(ErrorEnum.TRANS_ID_IS_NOT_THE_SAME_AS_WE_SENT);
            return sdkResult;
        }
        if (x509Certificate == null) {
            sdkResult.setError(ErrorEnum.CA_CERT_INFO_IS_ERROR);
            return sdkResult;
        }
        AlgorithmIdentifier protectionAlg = header.getProtectionAlg();
        String id = protectionAlg.getAlgorithm().getId();
        if (protectionAlg == null || protectionAlg.getAlgorithm() == null || id == null) {
            logger.error("检查消息头和签名 ======  Not possible to get algorithm.");
            sdkResult.setError(ErrorEnum.NO_PROTECTION_ALG_IN_PKI_HEADER);
            return sdkResult;
        }
        logger.debug(" ============= RA收到CA的返回内容的保护数据算法oid:{}", id);
        PublicKey publicKey = x509Certificate.getPublicKey();
        byte[] protectedBytes = getProtectedBytes(pKIMessage);
        byte[] bytes = pKIMessage.getProtection().getBytes();
        logger.debug("data>>>:[{}] signData>>>:[{}] caPublicKey>>>:[{}]", new Object[]{Base64.toBase64String(protectedBytes), Base64.toBase64String(bytes), Base64.toBase64String(publicKey.getEncoded())});
        try {
            if (z ? SdkHsmUtils.verifyCertByYunHsm(id, publicKey, protectedBytes, bytes) : SdkHsmUtils.verifyCertByBC(id, publicKey, protectedBytes, bytes)) {
                return sdkResult;
            }
            logger.error(" =================== 加密机验签失败");
            sdkResult.setError(ErrorEnum.GMSSL_VERIFY_SIGN_DATA_IS_ERROR);
            return sdkResult;
        } catch (Exception e) {
            logger.error(" =================== 加密机验签异常", e);
            sdkResult.setError(ErrorEnum.GMSSL_VERIFY_SIGN_DATA_IS_EXCEPTION);
            return sdkResult;
        }
    }

    public static SdkResult resolveVarietyRepMessage(byte[] bArr, X509Certificate x509Certificate, int i, int i2, byte[] bArr2, String str, String str2, String str3, int i3, String str4, boolean z, CaSdkRedisCacheManagerService caSdkRedisCacheManagerService) {
        SdkResult sdkResult = new SdkResult();
        PKIMessage pKIMessage = PKIMessage.getInstance(bArr2);
        PKIBody body = pKIMessage.getBody();
        if (body.getType() == 23) {
            try {
                sdkResult.setError(resolveErrorMsgContent(body).getError());
                return sdkResult;
            } catch (Exception e) {
                logger.error("解析ErrorMsgContent异常", e);
                sdkResult.setError(ErrorEnum.RESOLVE_ERROR_MSG_CONTENT_EXCEPTION);
                return sdkResult;
            }
        }
        if (body.getType() == 1 || body.getType() == 3 || body.getType() == 8) {
            try {
                SdkResult resolveCertRepMessage = resolveCertRepMessage(i, bArr, body, str2, str, x509Certificate, i3, str4, z, caSdkRedisCacheManagerService, pKIMessage);
                if (resolveCertRepMessage.isSuccess()) {
                    sdkResult.setInfo(resolveCertRepMessage.getInfo());
                    return sdkResult;
                }
                sdkResult.setError(resolveCertRepMessage.getError());
                return sdkResult;
            } catch (Exception e2) {
                logger.error("解析CertRepMessage异常", e2);
                sdkResult.setError(ErrorEnum.RESOLVE_CERT_REP_MESSAGE_EXCEPTION);
                return sdkResult;
            }
        }
        if (body.getType() == 12) {
            try {
                SdkResult resolveRevRepContent = resolveRevRepContent(body);
                if (!resolveRevRepContent.isSuccess()) {
                    sdkResult.setError(resolveRevRepContent.getError());
                    return sdkResult;
                }
                sdkResult.setInfo(resolveRevRepContent.getInfo());
            } catch (Exception e3) {
                logger.error("解析RevRepContent异常", e3);
                sdkResult.setError(ErrorEnum.RESOLVE_REV_REP_CONTENT_EXCEPTION);
                return sdkResult;
            }
        } else if (body.getType() == 10) {
            try {
                SdkResult resolveKeyRecRepContent = resolveKeyRecRepContent(bArr, x509Certificate, body, str2, str3, i3, str4, z, pKIMessage);
                if (!resolveKeyRecRepContent.isSuccess()) {
                    sdkResult.setError(resolveKeyRecRepContent.getError());
                    return sdkResult;
                }
                sdkResult.setInfo(resolveKeyRecRepContent.getInfo());
            } catch (Exception e4) {
                logger.error("解析KeyRecRepContent异常", e4);
                sdkResult.setError(ErrorEnum.RESOLVE_KEY_REC_REP_CONTENT_EXCEPTION);
                return sdkResult;
            }
        } else {
            logger.info("Cert body tag is:[{}]", Integer.valueOf(body.getType()));
            sdkResult.setError(ErrorEnum.RA_NOT_SUPPORT_THIS_CERT_BODY_TAG);
        }
        return sdkResult;
    }

    public static SdkResult resolveCertRepMessage(int i, byte[] bArr, PKIBody pKIBody, String str, String str2, X509Certificate x509Certificate, int i2, String str3, boolean z, CaSdkRedisCacheManagerService caSdkRedisCacheManagerService, PKIMessage pKIMessage) throws IOException, NamingException {
        boolean z2;
        boolean z3;
        SdkResult sdkResult = new SdkResult();
        CertRepMessage content = pKIBody.getContent();
        if (content == null) {
            logger.info("============== No CertRepMessage for certificate received.");
            sdkResult.setError(ErrorEnum.NO_CERT_REQ_MESSAGE_RECEIVED);
            return sdkResult;
        }
        CertResponse[] response = content.getResponse();
        UserCertInfo userCertInfo = new UserCertInfo();
        ManagerCertInfo managerCertInfo = new ManagerCertInfo();
        X509Certificate x509Certificate2 = null;
        X509Certificate x509Certificate3 = null;
        for (CertResponse certResponse : response) {
            if (certResponse == null) {
                logger.info("============== No CertResponse for certificate received.");
                sdkResult.setError(ErrorEnum.NO_CERT_RESPONSE_MESSAGE_RECEIVED);
                return sdkResult;
            }
            PKIStatusInfo status = certResponse.getStatus();
            if (status == null) {
                logger.info("No PKIStatusInfo for certificate received.");
                sdkResult.setError(ErrorEnum.NO_PKI_STATUS_INFO_FOR_RECEIVE);
                return sdkResult;
            }
            int intValue = status.getStatus().intValue();
            if (intValue != 0) {
                logger.error("Received Status is [{}] but should be 0 because [{}]", Integer.valueOf(intValue), status.getStatusString().getStringAt(0));
                String valueOf = String.valueOf(status.getFailInfo().intValue());
                ErrorEnum errorEnumByCode = ErrorEnum.getErrorEnumByCode(valueOf);
                if (null != errorEnumByCode) {
                    sdkResult.setError(errorEnumByCode);
                } else if ("10001".equals(valueOf)) {
                    sdkResult.setError(ErrorEnum.CA_ILLEGAL_REQUEST_PARAMETER);
                } else {
                    sdkResult.setError(ErrorEnum.CA_OPEN_API_INNER_EXCEPTION);
                }
                return sdkResult;
            }
            CertifiedKeyPair certifiedKeyPair = certResponse.getCertifiedKeyPair();
            if (certifiedKeyPair == null) {
                logger.info("No CertifiedKeyPair for certificate received.");
                sdkResult.setError(ErrorEnum.NO_CERTIFIED_KEY_PAIR_FOR_RECEIVED);
                return sdkResult;
            }
            CertOrEncCert certOrEncCert = certifiedKeyPair.getCertOrEncCert();
            if (certOrEncCert == null) {
                logger.error("No CertOrEncCert for certificate received.");
                sdkResult.setError(ErrorEnum.NO_CERT_OR_ENC_CERT_FOR_RECEIVED);
                return sdkResult;
            }
            CMPCertificate certificate = certOrEncCert.getCertificate();
            if (i == 1) {
                if (logger.isDebugEnabled()) {
                    logger.debug("getCaSdkCmpInfo{}", Integer.valueOf(i));
                }
                BaseCMPInfo baseCMPInfo = (BaseCMPInfo) JsonUtils.json2Object(caSdkRedisCacheManagerService.getCaSdkCmpInfo(str2), BaseCMPInfo.class);
                if (baseCMPInfo == null) {
                    logger.error(" ============= No ra send transId.");
                    sdkResult.setError(ErrorEnum.NO_RA_SEND_TRANS_ID);
                    return sdkResult;
                }
                long requestId = baseCMPInfo.getRequestId();
                long longValue = certResponse.getCertReqId().getValue().longValue();
                if (longValue == requestId) {
                    z3 = true;
                } else {
                    if (longValue != -1) {
                        logger.info("=============== Received CertReqId is [{}] but should be [{}]", Long.valueOf(longValue), Long.valueOf(requestId));
                        sdkResult.setError(ErrorEnum.RA_RECEIVED_CERT_REQ_ID_IS_ERROR);
                        return sdkResult;
                    }
                    z3 = false;
                }
                SdkResult checkCMPCert = checkCMPCert(x509Certificate, certificate, str);
                if (!checkCMPCert.isSuccess()) {
                    sdkResult.setError(checkCMPCert.getError());
                    return sdkResult;
                }
                if (z3) {
                    x509Certificate2 = (X509Certificate) checkCMPCert.getInfo();
                    userCertInfo.setSignCert(SdkCertUtils.certToFullB64(x509Certificate2));
                } else {
                    x509Certificate3 = (X509Certificate) checkCMPCert.getInfo();
                    userCertInfo.setEncCert(SdkCertUtils.certToFullB64(x509Certificate3));
                }
                EncryptedValue privateKey = certifiedKeyPair.getPrivateKey();
                if (privateKey == null) {
                    continue;
                } else {
                    if (x509Certificate2 == null) {
                        try {
                            x509Certificate2 = SdkCertUtils.convertDerCertToCert(response[1].getCertifiedKeyPair().getCertOrEncCert().getCertificate().getEncoded());
                        } catch (Exception e) {
                            logger.error("Not possible to create certificate.", e);
                            sdkResult.setError(ErrorEnum.NOT_POSSIBLE_TO_CREATE_CERT);
                            return sdkResult;
                        }
                    }
                    try {
                        userCertInfo.setEncPriKey(Base64.toBase64String(buildSignedAndEnvelopedData(bArr, z, x509Certificate.getSigAlgName(), str, privateKey, x509Certificate2.getSerialNumber().toString(16), i2, str3).getDEREncoded()));
                    } catch (Exception e2) {
                        logger.error("Build SignedAndEnvelopedData From Encryptedvalue Exception. ", e2);
                        sdkResult.setError(ErrorEnum.BUILD_SIGNEDANDENVLOPEDDATA_FROM_ENCRYPTEDVALUE_EXCPTION);
                        return sdkResult;
                    }
                }
            } else if (i != 2) {
                continue;
            } else {
                if (logger.isDebugEnabled()) {
                    logger.debug("getCaSdkCmpInfo{}", Integer.valueOf(i));
                }
                BaseCMPInfo baseCMPInfo2 = (BaseCMPInfo) JsonUtils.json2Object(caSdkRedisCacheManagerService.getCaSdkCmpInfo(str2), BaseCMPInfo.class);
                if (baseCMPInfo2 == null) {
                    logger.info("================ No ra send transId.");
                    sdkResult.setError(ErrorEnum.NO_RA_SEND_TRANS_ID);
                    return sdkResult;
                }
                long requestId2 = baseCMPInfo2.getRequestId();
                long longValue2 = certResponse.getCertReqId().getValue().longValue();
                if (longValue2 == requestId2) {
                    z2 = true;
                } else {
                    if (longValue2 != -1) {
                        logger.info("================== Received CertReqId is [{}] but should be [{}]", Long.valueOf(longValue2), Long.valueOf(requestId2));
                        sdkResult.setError(ErrorEnum.RA_RECEIVED_CERT_REQ_ID_IS_ERROR);
                        return sdkResult;
                    }
                    z2 = false;
                }
                if (certificate != null) {
                    SdkResult checkCMPCert2 = checkCMPCert(x509Certificate, certificate, str);
                    if (!checkCMPCert2.isSuccess()) {
                        sdkResult.setError(checkCMPCert2.getError());
                        return sdkResult;
                    }
                    x509Certificate2 = (X509Certificate) checkCMPCert2.getInfo();
                }
                if (z2) {
                    managerCertInfo.setSignCert(SdkCertUtils.certToFullB64(x509Certificate2));
                } else {
                    EncryptedValue encryptedCert = certifiedKeyPair.getCertOrEncCert().getEncryptedCert();
                    if (x509Certificate2 == null) {
                        try {
                            x509Certificate2 = SdkCertUtils.convertDerCertToCert(response[1].getCertifiedKeyPair().getCertOrEncCert().getCertificate().getEncoded());
                        } catch (Exception e3) {
                            logger.error("Not possible to create certificate.", e3);
                            sdkResult.setError(ErrorEnum.NOT_POSSIBLE_TO_CREATE_CERT);
                            return sdkResult;
                        }
                    }
                    try {
                        managerCertInfo.setEncEncCert(Base64.toBase64String(buildEnvelopedData(x509Certificate.getSigAlgName(), str, encryptedCert, x509Certificate2.getSerialNumber().toString(16)).getEncoded()));
                    } catch (Exception e4) {
                        logger.error("Build SignedAndEnvelopedData From Encryptedvalue Exception.", e4);
                        sdkResult.setError(ErrorEnum.BUILD_SIGNEDANDENVLOPEDDATA_FROM_ENCRYPTEDVALUE_EXCPTION);
                        return sdkResult;
                    }
                }
            }
        }
        if (i == 1) {
            SdkResult checkCMPCertAndBuildP7bCerts = checkCMPCertAndBuildP7bCerts(pKIMessage.getExtraCerts(), x509Certificate2, x509Certificate3, z);
            if (!checkCMPCertAndBuildP7bCerts.isSuccess()) {
                return checkCMPCertAndBuildP7bCerts;
            }
            userCertInfo.setExtraCertsP7b((String) checkCMPCertAndBuildP7bCerts.getInfo());
        }
        if (i == 1) {
            sdkResult.setInfo(userCertInfo);
        } else if (i == 2) {
            logger.info("managerCertInfo=========== [{}]", SdkJsonUtils.object2Json(managerCertInfo));
            sdkResult.setInfo(managerCertInfo);
        }
        return sdkResult;
    }

    public static SdkResult resolveErrorMsgContent(PKIBody pKIBody) {
        SdkResult sdkResult = new SdkResult();
        PKIStatusInfo pKIStatusInfo = pKIBody.getContent().getPKIStatusInfo();
        logger.info("========== CA返回的错误消息结构体 =========  errorCode:" + pKIStatusInfo.getFailInfo().intValue());
        logger.info("========== CA返回的错误消息结构体 =========  errorMsg:" + pKIStatusInfo.getStatusString().getStringAt(0));
        if (ErrorEnum.RA_CERT_ISSUE_STATUS_REVOKED.code == pKIStatusInfo.getFailInfo().intValue()) {
            sdkResult.setError(ErrorEnum.RA_CERT_ISSUE_STATUS_REVOKED);
        } else {
            sdkResult.setError(ErrorEnum.CA_OPEN_API_RETURN_PKI_ERROR_MSG);
        }
        return sdkResult;
    }

    public static SdkResult resolveRevRepContent(PKIBody pKIBody) {
        SdkResult sdkResult = new SdkResult();
        PKIStatusInfo[] status = pKIBody.getContent().getStatus();
        if (0 == status[0].getStatus().intValue()) {
            logger.info("==========CA返回的撤销/冻结/解冻成功=========");
            return sdkResult;
        }
        String valueOf = String.valueOf(status[0].getFailInfo().intValue());
        String dERUTF8String = status[0].getStatusString().getStringAt(0).toString();
        logger.info("==========CA返回的撤销/冻结/解冻失败=========原因： " + dERUTF8String);
        ErrorEnum errorEnumByCode = ErrorEnum.getErrorEnumByCode(valueOf);
        if (null != errorEnumByCode) {
            sdkResult.setError(errorEnumByCode);
        } else if ("10001".equals(dERUTF8String)) {
            sdkResult.setError(ErrorEnum.CA_ILLEGAL_REQUEST_PARAMETER);
        } else {
            sdkResult.setError(ErrorEnum.CA_OPEN_API_INNER_EXCEPTION);
        }
        return sdkResult;
    }

    private static SdkResult resolveKeyRecRepContent(byte[] bArr, X509Certificate x509Certificate, PKIBody pKIBody, String str, String str2, int i, String str3, boolean z, PKIMessage pKIMessage) throws NamingException {
        SdkResult sdkResult = new SdkResult();
        KeyRecRepContent content = pKIBody.getContent();
        if (content == null) {
            logger.info("============== No CertRepMessage for certificate received.");
            sdkResult.setError(ErrorEnum.NO_KEY_REC_REP_CONTENT_MESSAGE_RECEIVED);
            return sdkResult;
        }
        PKIStatusInfo status = content.getStatus();
        if (status == null) {
            logger.info("No PKIStatusInfo for certificate received.");
            sdkResult.setError(ErrorEnum.NO_PKI_STATUS_INFO_FOR_RECEIVE);
            return sdkResult;
        }
        int intValue = status.getStatus().intValue();
        if (0 != intValue) {
            logger.error("Received Status is:{} but should be 0 because:{}", Integer.valueOf(intValue), status.getStatusString().getStringAt(0));
            String valueOf = String.valueOf(status.getFailInfo().intValue());
            ErrorEnum errorEnumByCode = ErrorEnum.getErrorEnumByCode(valueOf);
            if (null != errorEnumByCode) {
                sdkResult.setError(errorEnumByCode);
            } else if ("10001".equals(valueOf)) {
                sdkResult.setError(ErrorEnum.CA_ILLEGAL_REQUEST_PARAMETER);
            } else {
                sdkResult.setError(ErrorEnum.CA_OPEN_API_INNER_EXCEPTION);
            }
            return sdkResult;
        }
        CMPCertificate newSigCert = content.getNewSigCert();
        CertifiedKeyPair[] keyPairHist = content.getKeyPairHist();
        CertOrEncCert certOrEncCert = keyPairHist[0].getCertOrEncCert();
        EncryptedValue privateKey = keyPairHist[0].getPrivateKey();
        UserCertInfo userCertInfo = new UserCertInfo();
        if (null == newSigCert) {
            logger.info("No NewSignCert for certificate received.");
            sdkResult.setError(ErrorEnum.NO_CERT_OR_ENC_CERT_FOR_RECEIVED);
            return sdkResult;
        }
        SdkResult checkCMPCert = checkCMPCert(x509Certificate, newSigCert, str);
        if (!checkCMPCert.isSuccess()) {
            sdkResult.setError(checkCMPCert.getError());
            return sdkResult;
        }
        X509Certificate x509Certificate2 = (X509Certificate) checkCMPCert.getInfo();
        userCertInfo.setSignCert(SdkCertUtils.certToFullB64(x509Certificate2));
        if (null == certOrEncCert || null == certOrEncCert.getCertificate()) {
            logger.info("No OldEncCert for certificate received.");
            sdkResult.setError(ErrorEnum.NO_CERT_OR_ENC_CERT_FOR_RECEIVED);
            return sdkResult;
        }
        SdkResult checkCMPCert2 = checkCMPCert(x509Certificate, certOrEncCert.getCertificate(), str);
        if (!checkCMPCert2.isSuccess()) {
            sdkResult.setError(checkCMPCert2.getError());
            return sdkResult;
        }
        X509Certificate x509Certificate3 = (X509Certificate) checkCMPCert2.getInfo();
        userCertInfo.setEncCert(SdkCertUtils.certToFullB64(x509Certificate3));
        if (privateKey == null) {
            logger.info("No encPprKey for certificate received.");
            sdkResult.setError(ErrorEnum.NO_CERTIFIED_KEY_PAIR_FOR_RECEIVED);
            return sdkResult;
        }
        try {
            userCertInfo.setEncPriKey(Base64.toBase64String(buildSignedAndEnvelopedData(bArr, z, x509Certificate.getSigAlgName(), SdkCertUtils.getSubjectByX509Cert(x509Certificate2), privateKey, x509Certificate2.getSerialNumber().toString(16), i, str3).getDEREncoded()));
            SdkResult checkCMPCertAndBuildP7bCerts = checkCMPCertAndBuildP7bCerts(pKIMessage.getExtraCerts(), x509Certificate2, x509Certificate3, z);
            if (!checkCMPCertAndBuildP7bCerts.isSuccess()) {
                return checkCMPCertAndBuildP7bCerts;
            }
            userCertInfo.setExtraCertsP7b((String) checkCMPCertAndBuildP7bCerts.getInfo());
            sdkResult.setInfo(userCertInfo);
            return sdkResult;
        } catch (Exception e) {
            logger.error("Build SignedAndEnvelopedData From Encryptedvalue Exception.", e);
            sdkResult.setError(ErrorEnum.BUILD_SIGNEDANDENVLOPEDDATA_FROM_ENCRYPTEDVALUE_EXCPTION);
            return sdkResult;
        }
    }

    private static SdkResult checkCMPCertAndBuildP7bCerts(CMPCertificate[] cMPCertificateArr, X509Certificate x509Certificate, X509Certificate x509Certificate2, boolean z) {
        if (cMPCertificateArr == null || cMPCertificateArr.length <= 0) {
            logger.error("缺少CA证书链");
            return SdkResult.failure(ErrorEnum.CA_CERTS_NOT_EXIST);
        }
        if (logger.isDebugEnabled()) {
            logger.error("extraCerts.length:[{}]", Integer.valueOf(cMPCertificateArr.length));
        }
        ArrayList arrayList = new ArrayList();
        boolean z2 = false;
        for (CMPCertificate cMPCertificate : cMPCertificateArr) {
            try {
                X509Certificate convertCertificate = GMSSLX509Utils.convertCertificate(cMPCertificate.getX509v3PKCert());
                if (!z2) {
                    if (z) {
                        try {
                            z2 = SdkHsmUtils.verifyCertByYunHsm(x509Certificate, convertCertificate.getPublicKey());
                        } catch (Exception e) {
                            logger.error("用户证书格式验证失败", e);
                            return SdkResult.failure(ErrorEnum.USER_CERT_VERIFY_FAIL);
                        }
                    } else {
                        z2 = SdkHsmUtils.verifyCertByBC(x509Certificate, convertCertificate.getPublicKey());
                    }
                    if (x509Certificate2 != null) {
                        z2 = z ? SdkHsmUtils.verifyCertByYunHsm(x509Certificate2, convertCertificate.getPublicKey()) : SdkHsmUtils.verifyCertByBC(x509Certificate2, convertCertificate.getPublicKey());
                    }
                }
                arrayList.add(convertCertificate);
            } catch (Exception e2) {
                logger.error("证书格式转换异常", e2);
                return SdkResult.failure(ErrorEnum.CMP_CERT_ENCODE_EXCEPTION);
            }
        }
        if (!z2) {
            logger.error("用户证书格式验证失败");
            return SdkResult.failure(ErrorEnum.USER_CERT_VERIFY_FAIL);
        }
        try {
            return SdkResult.success(Pkcs7Utils.createCertChainByCerts(arrayList));
        } catch (Exception e3) {
            logger.error("sdk接口-封装证书链异常", e3);
            return SdkResult.failure(ErrorEnum.BUILD_TRAIN_CERT_P7b_IS_ERROR);
        }
    }

    public static CertConfirmContent genCertConfirmContent(String str, long j) {
        CertStatus certStatus = new CertStatus(str.getBytes(), new BigInteger(String.valueOf(j)));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(certStatus);
        return CertConfirmContent.getInstance(new DERSequence(aSN1EncodableVector));
    }

    public static RevReqContent genRevReqContent(String str, String str2, String str3) throws NamingException {
        CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
        certTemplateBuilder.setIssuer(DnUtil.getRFC4519X500Name(str));
        certTemplateBuilder.setSerialNumber(new ASN1Integer(Long.valueOf(new BigInteger(str3, 16).toString(10)).longValue()));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(certTemplateBuilder.build());
        return new RevReqContent(RevDetails.getInstance(new DERSequence(aSN1EncodableVector)));
    }

    public static ErrorMsgContent genErrorMsgContent(PKIStatus pKIStatus, int i, String str) {
        return new ErrorMsgContent(new PKIStatusInfo(pKIStatus), new ASN1Integer(i), new PKIFreeText(str));
    }

    public static ErrorMsgContent genErrorMsgContent(int i, String str, int i2, int i3, String str2) {
        return new ErrorMsgContent(new PKIStatusInfo(PKIStatus.getInstance(Integer.valueOf(i)), new PKIFreeText(str), new PKIFailureInfo(i2)), new ASN1Integer(i3), new PKIFreeText(str2));
    }

    public static byte[] getProtectedBytes(PKIMessage pKIMessage) {
        return getProtectedBytes(pKIMessage.getHeader(), pKIMessage.getBody());
    }

    public static byte[] getProtectedBytes(PKIHeader pKIHeader, PKIBody pKIBody) {
        byte[] bArr = null;
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(pKIHeader);
        aSN1EncodableVector.add(pKIBody);
        DERSequence dERSequence = new DERSequence(aSN1EncodableVector);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new DEROutputStream(byteArrayOutputStream).writeObject(dERSequence);
            bArr = byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            logger.error(e.getLocalizedMessage(), e);
        }
        return bArr;
    }

    public static String createP10FromPubKeyDer(byte[] bArr, String str, String str2) {
        String str3;
        try {
            CertificationRequestInfo certificationRequestInfo = new CertificationRequestInfo(new X509Name(str), new SubjectPublicKeyInfo(ASN1Sequence.getInstance(bArr)), (ASN1Set) null);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new DEROutputStream(byteArrayOutputStream).writeObject(certificationRequestInfo);
            CertificationRequest certificationRequest = new CertificationRequest(certificationRequestInfo, new AlgorithmIdentifier(new DERObjectIdentifier("1.2.840.113549.1.1.4")), new DERBitString(byteArrayOutputStream.toByteArray()));
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            new DEROutputStream(byteArrayOutputStream2).writeObject(certificationRequest);
            str3 = new String(Base64.encode(byteArrayOutputStream2.toByteArray())).replace("\n", "").replaceAll("\r", "");
        } catch (Exception e) {
            logger.error("P10异常 ", e);
            str3 = "";
        }
        return str3;
    }

    private static SdkResult checkCMPCert(X509Certificate x509Certificate, CMPCertificate cMPCertificate, String str) throws NamingException {
        SdkResult sdkResult = new SdkResult();
        if (cMPCertificate == null) {
            logger.info("No X509CertificateStructure for certificate received.");
            sdkResult.setError(ErrorEnum.NO_X509_CERT_FOR_RECEIVED);
            return sdkResult;
        }
        byte[] bArr = new byte[0];
        try {
            byte[] encoded = cMPCertificate.getEncoded();
            if (encoded == null || encoded.length <= 0) {
                logger.info("No encoded certificate received");
                sdkResult.setError(ErrorEnum.NO_ENCODE_CERT_FOR_RECEIVED);
                return sdkResult;
            }
            try {
                X509Certificate convertDerCertToCert = SdkCertUtils.convertDerCertToCert(encoded);
                String subjectByX509Cert = SdkCertUtils.getSubjectByX509Cert(convertDerCertToCert);
                String x500Name = DnUtil.getRFC4519X500Name(str).toString();
                if (!subjectByX509Cert.equalsIgnoreCase(x500Name)) {
                    logger.info("Subject is '" + subjectByX509Cert + "' but should be '" + x500Name + "'");
                    sdkResult.setError(ErrorEnum.RECEIVE_SUBJECT_DN_IS_NOT_SAME_APPLY);
                    return sdkResult;
                }
                if (x509Certificate == null) {
                    sdkResult.setError(ErrorEnum.CA_CERT_INFO_IS_ERROR);
                    return sdkResult;
                }
                String subjectByX509Cert2 = SdkCertUtils.getSubjectByX509Cert(x509Certificate);
                if (!SdkCertUtils.getIssuerByX509Cert(convertDerCertToCert).equals(subjectByX509Cert2)) {
                    logger.info("Issuer is '" + SdkCertUtils.getIssuerByX509Cert(convertDerCertToCert) + "' but should be '" + subjectByX509Cert2);
                    sdkResult.setError(ErrorEnum.RECEIVE_ISSUE_DN_IS_NOT_SAME_APPLY);
                    return sdkResult;
                }
                try {
                    convertDerCertToCert.verify(x509Certificate.getPublicKey());
                    sdkResult.setInfo(convertDerCertToCert);
                    return sdkResult;
                } catch (Exception e) {
                    logger.error("Certificate not verifying.", e);
                    sdkResult.setError(ErrorEnum.RA_VERIFY_CA_REP_CERT_ERROR);
                    return sdkResult;
                }
            } catch (Exception e2) {
                logger.error("Not possible to create certificate.", e2);
                sdkResult.setError(ErrorEnum.NOT_POSSIBLE_TO_CREATE_CERT);
                return sdkResult;
            }
        } catch (IOException e3) {
            logger.error("CMPCertificate Encode Exception.", e3);
            sdkResult.setError(ErrorEnum.CMP_CERT_ENCODE_EXCEPTION);
            return sdkResult;
        }
    }

    /* JADX WARN: Type inference failed for: r0v10, types: [byte[], byte[][]] */
    private static SignedAndEnvelopedData buildSignedAndEnvelopedData(byte[] bArr, boolean z, String str, String str2, EncryptedValue encryptedValue, String str3, int i, String str4) throws Exception {
        ASN1Integer aSN1Integer = new ASN1Integer(1L);
        DERSet dERSet = ("SHA-1WithRSA".equalsIgnoreCase(str) || "SHA1WithRSA".equalsIgnoreCase(str) || "SHA256WithRSA".equalsIgnoreCase(str)) ? new DERSet(new AlgorithmIdentifier(DigestObjectIdentifiers.sha1)) : new DERSet(new AlgorithmIdentifier(DigestObjectIdentifiers.sm3));
        DERSet dERSet2 = new DERSet(new KeyTransRecipientInfo(new RecipientIdentifier(new IssuerAndSerialNumber(DnUtil.getRFC4519X500Name(str2), new BigInteger(str3, 16))), encryptedValue.getKeyAlg(), new DEROctetString(encryptedValue.getEncSymmKey().getOctets())));
        EncryptedContentInfo encryptedContentInfo = new EncryptedContentInfo(SymmetryObjectIdentifiers.sm4, encryptedValue.getSymmAlg(), new DEROctetString(encryptedValue.getEncValue().getOctets()));
        return new SignedAndEnvelopedData(aSN1Integer, dERSet2, dERSet, encryptedContentInfo, null, null, Pkcs7Utils.makeSignerInfos(bArr, z, str, str2, new BigInteger(str3, 16), i, str4, SdkCertUtils.byteMergerAll(new byte[]{aSN1Integer.getEncoded(), dERSet2.getEncoded(), dERSet.getEncoded(), encryptedContentInfo.getEncoded()})));
    }

    private static SM2EnvelopedData buildEnvelopedData(String str, String str2, EncryptedValue encryptedValue, String str3) throws Exception {
        logger.info("caAlg:" + str + " recipCertDn:" + str2 + "recipSignSn:" + str3 + " encryptedValue:" + Base64.toBase64String(encryptedValue.getEncoded()));
        return new SM2EnvelopedData(new ASN1Integer(1L), new DERSet(new KeyTransRecipientInfo(new RecipientIdentifier(new IssuerAndSerialNumber(DnUtil.getRFC4519X500Name(str2), new BigInteger(str3, 16))), encryptedValue.getKeyAlg(), new DEROctetString(encryptedValue.getEncSymmKey().getOctets()))), new EncryptedContentInfo(SymmetryObjectIdentifiers.sm4, encryptedValue.getSymmAlg(), new DEROctetString(encryptedValue.getEncValue().getOctets())));
    }

    public static byte[] genRandomByHsm(int i) {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }
}
