package com.xdja.pki.ca.certmanager.service.racert;

import com.xdja.pki.ca.certcrl.service.CrlService;
import com.xdja.pki.ca.certmanager.dao.CertDao;
import com.xdja.pki.ca.certmanager.dao.CertDataDao;
import com.xdja.pki.ca.certmanager.dao.ManagerCertDao;
import com.xdja.pki.ca.certmanager.dao.OutDateManagerCertDao;
import com.xdja.pki.ca.certmanager.dao.OutdateCertDao;
import com.xdja.pki.ca.certmanager.dao.RaCertDao;
import com.xdja.pki.ca.certmanager.dao.RaTemplateDao;
import com.xdja.pki.ca.certmanager.dao.RevokeCertDao;
import com.xdja.pki.ca.certmanager.dao.RevokeManagerCertDao;
import com.xdja.pki.ca.certmanager.dao.TemplateDao;
import com.xdja.pki.ca.certmanager.dao.models.CertDO;
import com.xdja.pki.ca.certmanager.dao.models.CertDataDO;
import com.xdja.pki.ca.certmanager.dao.models.ManageCertDO;
import com.xdja.pki.ca.certmanager.dao.models.RaCertDO;
import com.xdja.pki.ca.certmanager.dao.models.RevokedCertDO;
import com.xdja.pki.ca.certmanager.dao.models.TemplateDO;
import com.xdja.pki.ca.certmanager.service.racert.bean.CMPReqCacheVO;
import com.xdja.pki.ca.certmanager.service.racert.bean.RACertResponseVO;
import com.xdja.pki.ca.certmanager.service.racert.bean.RAServerCertVO;
import com.xdja.pki.ca.certmanager.service.task.TaskDataService;
import com.xdja.pki.ca.certmanager.service.template.TemplateService;
import com.xdja.pki.ca.certmanager.service.template.bean.TemplateInfoVO;
import com.xdja.pki.ca.certmanager.service.util.ExtensionUtil;
import com.xdja.pki.ca.certmanager.service.util.TemplateParamsUtil;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.enums.KeyAlgEnum;
import com.xdja.pki.ca.core.enums.TemplateStatusEnum;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.core.km.KmSoft;
import com.xdja.pki.ca.core.km.RetKeyRespond;
import com.xdja.pki.ca.core.km.SignedAndEnvelopedData;
import com.xdja.pki.ca.core.util.time.IssueTimeUtil;
import com.xdja.pki.ca.hsm.manager.HsmManager;
import com.xdja.pki.ca.ldap.service.CrlLdapUrlService;
import com.xdja.pki.ca.securitymanager.dao.CertSnDao;
import com.xdja.pki.ca.securitymanager.service.vo.AlgTypeEnum;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.ca.securitymanager.service.vo.UserCertTypeEnum;
import com.xdja.pki.core.ca.util.gm.cert.CertUtil;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.cmp.ErrorMsgContent;
import org.bouncycastle.asn1.crmf.CertTemplate;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/xdja/pki/ca/certmanager/service/racert/OpenApiCMPServiceImpl.class */
public class OpenApiCMPServiceImpl implements OpenApiCMPService {
    public static final String RSA_OID = "1.2.840.113549.1.1.1";
    public static final String ECC_OID = "1.2.840.10045.2.1";
    public static final Integer DOUBLE_CERT = 2;
    public static final Integer KEY_LENGTH = 256;
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private CertDao certDao;

    @Autowired
    private RaCertDao raCertDao;

    @Autowired
    private RevokeCertDao revokeCertDao;

    @Autowired
    private CertDataDao certDataDao;

    @Autowired
    private TemplateService templateService;

    @Autowired
    private CrlService crlService;

    @Autowired
    private TemplateDao templateDao;

    @Autowired
    private OutdateCertDao outdateCertDao;

    @Autowired
    private ManagerCertDao managerCertDao;

    @Autowired
    private RevokeManagerCertDao revokeManagerCertDao;

    @Autowired
    private OutDateManagerCertDao outDateManagerCertDao;

    @Autowired
    private RaTemplateDao raTemplateDao;

    @Autowired
    private HsmManager hsmService;

    @Autowired
    private CrlLdapUrlService crlLdapUrlService;

    @Autowired
    private TaskDataService taskDataService;

    @Autowired
    private CertSnDao certSnDao;

    public Map<String, CaInfoVO> getCaInfo() {
        try {
            Map map = Constants.CA_INFO;
            HashMap hashMap = new HashMap();
            for (Map.Entry entry : map.entrySet()) {
                Integer num = (Integer) entry.getKey();
                if (num.intValue() == AlgTypeEnum.RSA.value) {
                    hashMap.put(RSA_OID, (CaInfoVO) entry.getValue());
                }
                if (num.intValue() == AlgTypeEnum.SM2.value) {
                    hashMap.put(ECC_OID, (CaInfoVO) entry.getValue());
                }
            }
            return hashMap;
        } catch (Exception e) {
            throw new ServiceException("获取CA基本信息时异常", e);
        }
    }

    public Result doIssueUserDoubleCert(PublicKey publicKey, X500Name x500Name, String str, String str2, CertTemplate certTemplate, Long l, String str3) {
        try {
            this.logger.info("收到CMP用户证书签发请求：reqId=" + str3 + ",dn=" + x500Name.toString() + ",tempNo=" + str + ",tempParas=" + str2);
            TemplateInfoVO templateInfoVO = (TemplateInfoVO) this.templateService.getTemplatesByCodes(new String[]{str}).get(str);
            if (null == templateInfoVO) {
                this.logger.debug("cmp签发双证书失败：未查询到模板信息[{}]", x500Name.toString());
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            if (TemplateStatusEnum.NORMAL.value != templateInfoVO.getStatus().intValue()) {
                this.logger.info("查询模板信息结果：模板状态不正常，模板状态为[{}]", templateInfoVO.getStatus());
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            if (!this.raTemplateDao.verifyRATemplateRelate(l, templateInfoVO.getId())) {
                this.logger.info("CMP签发双证书失败：模板已经取消授权raId=[{}],tempId=[{}]", l, templateInfoVO.getId());
                return Result.failure(ErrorEnum.RA_TEMPLATE_RELATE_DELETE);
            }
            Result validity = TemplateParamsUtil.validity(templateInfoVO, str2);
            if (!validity.isSuccess()) {
                this.logger.info("CMP签发证书失败：缺少模板需要参数");
                return Result.failure(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
            }
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(templateInfoVO.getKeyAlg());
            if (null == caInfoVO || StringUtils.isBlank(caInfoVO.getBaseDn()) || null == caInfoVO.getRootCert()) {
                this.logger.debug("cmp签发双证书失败：未查到CA基本信息[{}]", x500Name.toString());
                return Result.failure(ErrorEnum.CA_BASEINFO_GET_FAIL);
            }
            if (!x500Name.toString().toLowerCase().endsWith(caInfoVO.getBaseDn().toLowerCase())) {
                this.logger.debug("cmp签发双证书失败：DN中的baseDn不正确[{}]", x500Name.toString());
                return Result.failure(ErrorEnum.BASEDN_ERROR);
            }
            try {
                new sun.security.x509.X500Name(x500Name.toString());
                Date date = certTemplate.getValidity().getNotBefore().getDate();
                Date userIssueAfterTime = IssueTimeUtil.getUserIssueAfterTime(certTemplate.getValidity().getNotAfter().getDate(), templateInfoVO.getMaxValidity(), caInfoVO.getRootCert().getNotAfter(), date);
                BigInteger maxSn = this.certSnDao.getMaxSn(date);
                X509Certificate genX509Certificate = this.hsmService.genX509Certificate(x500Name.toString(), maxSn, date, userIssueAfterTime, caInfoVO, publicKey, ExtensionUtil.changeExtensionFormat(templateInfoVO.getExtensions(), (Map) validity.getInfo(), publicKey, x500Name.toString(), this.crlLdapUrlService.getLdapOcspUrl(maxSn, caInfoVO), true));
                BigInteger maxSn2 = this.certSnDao.getMaxSn(date);
                this.logger.info("开始向KM申请加密公私钥，dn=" + x500Name.toString() + ",signSn=" + genX509Certificate);
                RetKeyRespond applyKey = new KmSoft().applyKey(String.valueOf(templateInfoVO.getKeyAlg()), templateInfoVO.getKeySize().intValue(), x500Name.toString(), maxSn, publicKey);
                this.logger.info("向KM申请加密公私钥成功，encPrivate" + Base64.toBase64String(applyKey.getEncryptedPrivateKey().getDEREncoded()) + ",public=" + new String(Base64.encode(applyKey.getPublicKey().getEncoded())));
                X509Certificate genX509Certificate2 = this.hsmService.genX509Certificate(x500Name.toString(), maxSn2, date, userIssueAfterTime, caInfoVO, applyKey.getPublicKey(), ExtensionUtil.changeExtensionFormat(templateInfoVO.getExtensions(), (Map) validity.getInfo(), applyKey.getPublicKey(), x500Name.toString(), this.crlLdapUrlService.getLdapOcspUrl(maxSn2, caInfoVO), false));
                saveRaUserCert(caInfoVO, genX509Certificate, genX509Certificate2, templateInfoVO, l);
                Constants.CMP_REQ_INFO.put(str3, new CMPReqCacheVO(maxSn.toString(16), maxSn2.toString(16), templateInfoVO.getKeyAlg()));
                this.logger.debug("cmp请求id信息写入缓存成功，reqId=" + str3 + ",signSn=" + maxSn.toString(16) + ",encSn=" + maxSn2.toString(16));
                this.logger.info("CMP用户证书签发成功，reqId=" + str3 + ",signCert=" + CertUtil.writeObject(genX509Certificate) + ",encCert=" + CertUtil.writeObject(genX509Certificate2) + ",encPriKey=" + Base64.toBase64String(applyKey.getEncryptedPrivateKey().getDEREncoded()));
                return Result.success(new RACertResponseVO(genX509Certificate, genX509Certificate2, applyKey.getEncryptedPrivateKey()));
            } catch (Exception e) {
                this.logger.debug("cmp签发双证书失败：DN不符合X500规范[{}]", x500Name.toString());
                return Result.failure(ErrorEnum.DN_FORMAT_FAIL);
            }
        } catch (Exception e2) {
            this.logger.error("CMP用户证书签发失败：reqId=" + str3 + ",dn=" + x500Name.toString() + ",tempNo=" + str + ",tempParas=" + str2, e2);
            throw new ServiceException("CMP签发用户证书失败", e2);
        }
    }

    public Result doRevokeUserDoubleCert(String str, String str2, boolean z, int i, String str3) {
        try {
            this.logger.info("CMP收到证书撤销请求，signSn=" + str + ",keyRevokedStatus=" + z + ",revokeRease=" + i + ",revokeNote=" + str3);
            List certsBySignSn = this.certDao.getCertsBySignSn(str, str2);
            ArrayList arrayList = new ArrayList();
            CertDO certDO = new CertDO();
            Result failure = Result.failure(ErrorEnum.SERVER_INTERNAL_EXCEPTION);
            if (null == certsBySignSn || certsBySignSn.size() == 0) {
                if (null != this.revokeCertDao.getRevokeCertBySn(str, str2)) {
                    this.logger.debug("CMP撤销证书失败：证书已经被撤销，signSn=[{}]", str);
                    return Result.failure(ErrorEnum.RA_CERT_ISSUE_STATUA_REVOKED);
                }
                if (null != this.outdateCertDao.getOutDateCertBySn(str, str2)) {
                    this.logger.debug("CMP撤销证书失败：证书已经过期，signSn=[{}]", str);
                    return Result.failure(ErrorEnum.RA_CERT_ISSUE_STATUA_EXPIRED);
                }
                this.logger.debug("CMP撤销证书失败：没有找到正常状态的证书(还需要证书正确状态为已确认)，signSN=[{}]", str);
                failure = Result.failure(ErrorEnum.RA_CERT_ISSUE_STATUA_EXCEPTION);
            } else {
                for (int i2 = 0; i2 < certsBySignSn.size(); i2++) {
                    certDO = (CertDO) certsBySignSn.get(i2);
                    if (certDO.getNotAfterTime().before(new Date())) {
                        this.logger.info("CMP撤销证书失败：证书过期signSn=" + str + ",afterTime=" + certDO.getNotAfterTime());
                        failure = Result.failure(ErrorEnum.RA_CERT_ISSUE_STATUA_EXPIRED);
                    } else if (certDO.getStatus().intValue() == 2) {
                        this.logger.debug("CMP撤销证书失败：证书被冻结signSN=[{}]", str);
                        failure = Result.failure(ErrorEnum.RA_CERT_ISSUE_STATUA_FROZEND);
                    } else {
                        bulidRevokeData(certDO, arrayList, z, i, str3);
                    }
                }
                if (arrayList.size() == DOUBLE_CERT.intValue()) {
                    this.revokeCertDao.saveBatch(arrayList);
                    this.certDao.deleteBatch(certsBySignSn);
                    this.logger.info("CMP证书撤销请求处理成功，signSn=" + str + ",keyRevokedStatus=" + z + ",revokeRease=" + i + ",revokeNote=" + str3);
                    CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Integer.valueOf(str2));
                    RevokedCertDO revokedCertDO = arrayList.get(0);
                    if (caInfoVO.isLadp() && caInfoVO.getCrlConfig().isDelta()) {
                        this.crlService.saveDeltaCrlInfo(revokedCertDO.getSn(), revokedCertDO.getPairCertSn(), revokedCertDO.getPublicKeyAlg(), Integer.valueOf(i), revokedCertDO.getGmtCreate());
                        this.logger.debug("开启了增量CRL，保存增量CRL信息成功，sn1=" + revokedCertDO.getSn() + ",sn2=" + revokedCertDO.getPairCertSn());
                    }
                    if (Constants.SIGN_CERT.intValue() == revokedCertDO.getType().intValue()) {
                        this.taskDataService.saveSyncStatusCert(revokedCertDO.getId(), revokedCertDO.getPairCertId(), 1, 1, Integer.valueOf(i));
                    } else {
                        this.taskDataService.saveSyncStatusCert(revokedCertDO.getPairCertId(), revokedCertDO.getId(), 1, 1, Integer.valueOf(i));
                    }
                    failure = Result.success(certDO.getSubject());
                } else {
                    this.logger.error("CMP证书撤销请求处理失败：未找到双证书。");
                }
            }
            return failure;
        } catch (Exception e) {
            this.logger.debug("CMP证书撤销处理失败，signSn=" + str + ",keyRevokedStatus=" + z + ",revokeRease=" + i + ",revokeNote=" + str3);
            throw new ServiceException("撤销用户证书失败", e);
        }
    }

    private void bulidRevokeData(CertDO certDO, List<RevokedCertDO> list, boolean z, int i, String str) {
        RevokedCertDO revokedCertDO = new RevokedCertDO();
        BeanUtils.copyProperties(certDO, revokedCertDO);
        revokedCertDO.setKeyNotBeforeTime(certDO.getNotBeforeTime());
        revokedCertDO.setKeyNotAfterTime(certDO.getNotAfterTime());
        revokedCertDO.setAfterTime(certDO.getNotAfterTime());
        revokedCertDO.setBeforeTime(certDO.getNotBeforeTime());
        String str2 = StringUtils.isBlank(str) ? "" : str;
        revokedCertDO.setRevokeReason(Integer.valueOf(i));
        revokedCertDO.setRevokeNote(str2);
        revokedCertDO.setGmtCreate(new Date());
        if (z) {
            revokedCertDO.setIsRevokeKey(Integer.valueOf(RevokedCertDO.IS_REVOKE_KEY.YES_REGOKE_KEY.value));
        } else {
            revokedCertDO.setIsRevokeKey(Integer.valueOf(RevokedCertDO.IS_REVOKE_KEY.NO_REVOKE_KEY.value));
        }
        revokedCertDO.setKeyRevokedStatus(Integer.valueOf(RevokedCertDO.KEY_REVOKE_STATUS.NO_KEY_REVOKE.value));
        list.add(revokedCertDO);
    }

    public Result doUpdateUserDoubleCert(String str, String str2, CertTemplate certTemplate, PublicKey publicKey, X500Name x500Name, Long l, String str3) {
        RACertResponseVO updateUserCertPwd;
        Result failure;
        this.logger.info("CMP收到证书更新请求，reqID=" + str3 + ",signSn" + str + ",maxValidity=" + certTemplate.getValidity().getNotAfter() + ",dn=" + x500Name + ",raId=" + l);
        try {
            List certsBySignSn = this.certDao.getCertsBySignSn(str, str2);
            new Result();
            if (null == certsBySignSn || certsBySignSn.size() == 0) {
                if (null != this.revokeCertDao.getRevokeCertBySn(str, str2)) {
                    this.logger.debug("CMP更新证书失败：证书已经被撤销，signSn=[{}]", str);
                    return Result.failure(ErrorEnum.RA_CERT_ISSUE_STATUA_REVOKED);
                }
                if (null != this.outdateCertDao.getOutDateCertBySn(str, str2)) {
                    this.logger.debug("CMP更新证书失败：证书已经过期，signSn=[{}]", str);
                    return Result.failure(ErrorEnum.RA_CERT_ISSUE_STATUA_EXPIRED);
                }
                this.logger.debug("CMP更新证书失败：没有找到正常状态的证书(还需要证书正确状态为已确认)，signSN=[{}]", str);
                return Result.failure(ErrorEnum.RA_CERT_ISSUE_STATUA_EXCEPTION);
            }
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Integer.valueOf(str2));
            if (null == caInfoVO || StringUtils.isBlank(caInfoVO.getBaseDn())) {
                this.logger.debug("CMP更新双证书失败：未查到CA基本信息[{}]", x500Name.toString());
                return Result.failure(ErrorEnum.CA_BASEINFO_GET_FAIL);
            }
            if (!x500Name.toString().toLowerCase().endsWith(caInfoVO.getBaseDn().toLowerCase())) {
                this.logger.debug("CMP更新双证书失败：DN中的baseDn不正确[{}]", x500Name.toString());
                return Result.failure(ErrorEnum.BASEDN_ERROR);
            }
            if (caInfoVO.getRootCert().getNotAfter().before(new Date())) {
                this.logger.debug("CMP更新证书失败：CA根证书已过期,rootCertAfterTime=[{}]", caInfoVO.getRootCert().getNotAfter());
                return Result.failure(ErrorEnum.CA_ROOT_CERT_EXPIRED);
            }
            if (null != x500Name && !x500Name.toString().toLowerCase().endsWith(caInfoVO.getBaseDn().toLowerCase())) {
                this.logger.debug("CMP更新证书失败：DN中的baseDn不正确dn=[{}]", x500Name);
                return Result.failure(ErrorEnum.BASEDN_ERROR);
            }
            CertDO certDO = (CertDO) certsBySignSn.get(0);
            TemplateDO templateById = this.templateDao.getTemplateById(certDO.getTemplateId());
            if (null == templateById) {
                this.logger.debug("cmp签发双证书失败：未查询到模板信息[{}]", x500Name.toString());
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            if (TemplateStatusEnum.NORMAL.value != templateById.getStatus().intValue()) {
                this.logger.info("查询模板信息结果：模板状态不正常，模板状态为[{}]", templateById.getStatus());
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            if (certDO.getNotAfterTime().before(new Date())) {
                this.logger.info("CMP更新证书失败：证书过期signSn=" + str + ",afterTime=" + certDO.getNotAfterTime());
                failure = Result.failure(ErrorEnum.RA_CERT_ISSUE_STATUA_EXPIRED);
            } else {
                if (certDO.getStatus().intValue() != 2) {
                    try {
                        CertDataDO queryCertDataById = this.certDataDao.queryCertDataById(certDO.getId());
                        CertDataDO queryCertDataById2 = this.certDataDao.queryCertDataById(certDO.getPairCertId());
                        new RACertResponseVO();
                        Date date = certTemplate.getValidity().getNotBefore().getDate();
                        Date userIssueAfterTime = IssueTimeUtil.getUserIssueAfterTime(certTemplate.getValidity().getNotAfter().getDate(), templateById.getMaxValidity(), caInfoVO.getRootCert().getNotAfter(), date);
                        if (null == publicKey) {
                            this.logger.debug("开始处理证书延期或DN更新请求，dn=" + x500Name);
                            updateUserCertPwd = updateUserCertInfo(caInfoVO, x500Name, queryCertDataById, queryCertDataById2, date, userIssueAfterTime, certDO, l);
                            doRevokeUserDoubleCert(str, String.valueOf(AlgTypeEnum.SM2.value), false, 4, "");
                            this.logger.debug("证书延期或DN更新请求处理完成，dn=" + x500Name);
                        } else {
                            this.logger.debug("开始处理证书密钥更新请求，dn=" + x500Name);
                            updateUserCertPwd = updateUserCertPwd(caInfoVO, publicKey, x500Name, certDO, queryCertDataById, queryCertDataById2, date, userIssueAfterTime, l);
                            doRevokeUserDoubleCert(str, String.valueOf(AlgTypeEnum.SM2.value), true, 4, "");
                            this.logger.debug("证书密钥更新请求处理完成，dn=" + x500Name);
                        }
                        Constants.CMP_REQ_INFO.put(str3, new CMPReqCacheVO(CertUtil.getSNByCertStr(updateUserCertPwd.getSignCert()), CertUtil.getSNByCertStr(updateUserCertPwd.getEncCert()), Integer.getInteger(str2)));
                        this.logger.debug("cmp请求id信息写入缓存成功，reqId=" + str3 + ",signSn=" + CertUtil.getSNByCertStr(updateUserCertPwd.getSignCert()) + ",encSn=" + CertUtil.getSNByCertStr(updateUserCertPwd.getEncCert()));
                        this.logger.info("CMP用户证书更新成功，reqId=" + str3 + ",signCert=" + updateUserCertPwd.getSignCert() + ",encCert=" + updateUserCertPwd.getEncCert() + ",encPriKey=" + updateUserCertPwd.getEncPriKey());
                        this.logger.info("更新用户证书成功：signCert=" + updateUserCertPwd.getSignCert() + ",encCert=" + updateUserCertPwd.getEncCert() + ",encPriKey=" + updateUserCertPwd.getEncPriKey());
                        return Result.success(updateUserCertPwd);
                    } catch (Exception e) {
                        this.logger.debug("CMP更新用户证书失败：reqId=" + str3 + ",dn=" + x500Name.toString(), e);
                        throw new ServiceException("更新用户证书失败", e);
                    }
                }
                this.logger.debug("CMP更新证书失败：证书被冻结signSN=[{}]", str);
                failure = Result.failure(ErrorEnum.RA_CERT_ISSUE_STATUA_FROZEND);
            }
            return failure;
        } catch (Exception e2) {
            this.logger.debug("CMP更新用户证书失败：reqId=" + str3 + ",dn=" + x500Name.toString(), e2);
            throw new ServiceException("更新用户证书失败", e2);
        }
    }

    public Result getServerCertInfoBySignSn(String str, Integer num) {
        try {
            this.logger.debug("收到RA获取服务器证书信息请求，signSn=" + str);
            Integer valueOf = Integer.valueOf(null == num ? AlgTypeEnum.SM2.value : num.intValue());
            Map queryServerCertInfoBySignSn = this.raCertDao.queryServerCertInfoBySignSn(str, valueOf);
            if (null != queryServerCertInfoBySignSn) {
                RAServerCertVO rAServerCertVO = new RAServerCertVO();
                rAServerCertVO.setRaId(Long.valueOf(queryServerCertInfoBySignSn.get("raId").toString()));
                rAServerCertVO.setStatus(Integer.valueOf(queryServerCertInfoBySignSn.get("status").toString()));
                rAServerCertVO.setServerCert(queryServerCertInfoBySignSn.get("certData").toString());
                this.logger.debug("RA获取服务器证书信息请求处理成功：" + rAServerCertVO);
                return Result.success(rAServerCertVO);
            }
            if (null != this.revokeManagerCertDao.getRevokManagerCertsBySn(str, valueOf)) {
                this.logger.debug("获取RA服务器证书信息失败：证书已经被撤销，signSn=[{}]", str);
                return Result.failure(ErrorEnum.RA_CERT_ISSUE_STATUA_REVOKED);
            }
            if (null != this.outDateManagerCertDao.getOutDateManagerCertsBySn(str, valueOf)) {
                this.logger.debug("获取RA服务器证书信息失败：证书已经过期，signSn=[{}]", str);
                return Result.failure(ErrorEnum.RA_CERT_ISSUE_STATUA_EXPIRED);
            }
            this.logger.debug("获取RA服务器证书信息失败：没有找到证书信息，signSN=[{}]", str);
            return Result.failure(ErrorEnum.RA_CERT_ISSUE_STATUA_EXCEPTION);
        } catch (Exception e) {
            throw new ServiceException("根据RA服务器证书SN和算法获取证书信息异常", e);
        }
    }

    public Result doAckCertIssueStatus(String str) {
        this.logger.info("CMP收到证书状态确认消息处理请求，tranID=" + str);
        try {
            CMPReqCacheVO cMPReqCacheVO = (CMPReqCacheVO) Constants.CMP_REQ_INFO.get(str);
            if (null != cMPReqCacheVO && this.certDao.updatePriCertStatus(cMPReqCacheVO.getSignSn(), cMPReqCacheVO.getEncSn()) == 2) {
                Constants.CMP_REQ_INFO.remove(str);
                this.logger.info("CMP收到证书状态确认消息处理成功：reqID=" + str + ",signSn=" + cMPReqCacheVO.getSignSn() + ",encSn=" + cMPReqCacheVO.getEncSn());
                CertDO certBySignSn = this.certDao.getCertBySignSn(cMPReqCacheVO.getSignSn(), String.valueOf(AlgTypeEnum.SM2.value));
                this.taskDataService.savePublishCert(certBySignSn.getId(), certBySignSn.getPairCertId(), 1);
                return Result.success();
            }
            return Result.failure(ErrorEnum.ADMIN_CERT_ACK_ERROR);
        } catch (Exception e) {
            this.logger.debug("确认cmp证书写卡状态失败", e);
            throw new ServiceException("确认cmp证书写卡状态异常", e);
        }
    }

    public Result doErrorAckCertIssueStatus(String str, ErrorMsgContent errorMsgContent) {
        try {
            if (null == ((CMPReqCacheVO) Constants.CMP_REQ_INFO.get(str))) {
                return Result.failure(ErrorEnum.ADMIN_CERT_ACK_ERROR);
            }
            this.logger.error("CMP协议返回异常确认消息[{}]", "[ErrorMsgContent:errorCode=" + errorMsgContent.getErrorCode() + ",errorMsg=" + errorMsgContent.getErrorDetails().getStringAt(0).getString());
            Constants.CMP_REQ_INFO.remove(str);
            return Result.success();
        } catch (Exception e) {
            this.logger.error("确认cmp证书写卡状态失败", e);
            throw new ServiceException("确认cmp证书写卡状态失败", e);
        }
    }

    public Result getCertLastUpdateTime(String str, Integer num, Integer num2) {
        try {
            X509Certificate rootCert = ((CaInfoVO) Constants.CA_INFO.get(num2)).getRootCert();
            Integer num3 = 0;
            if (Constants.RA_USER_CERT_TYPE.intValue() == num2.intValue()) {
                CertDO certBySignSn = this.certDao.getCertBySignSn(str, String.valueOf(num));
                new Result();
                if (null == certBySignSn) {
                    if (null != this.revokeCertDao.getRevokeCertBySn(str, String.valueOf(num))) {
                        this.logger.debug("CMP更新证书失败：证书已经被撤销，signSn=[{}]", str);
                        return Result.failure(ErrorEnum.RA_CERT_ISSUE_STATUA_REVOKED);
                    }
                    if (null != this.outdateCertDao.getOutDateCertBySn(str, String.valueOf(num))) {
                        this.logger.debug("CMP更新证书失败：证书已经过期，signSn=[{}]", str);
                        return Result.failure(ErrorEnum.RA_CERT_ISSUE_STATUA_EXPIRED);
                    }
                    this.logger.debug("CMP更新证书失败：没有找到正常状态的证书(还需要证书正确状态为已确认)，signSN=[{}]", str);
                    return Result.failure(ErrorEnum.RA_CERT_ISSUE_STATUA_EXCEPTION);
                }
                num3 = Integer.valueOf(IssueTimeUtil.getMaxIssueTime(this.templateDao.getTemplateById(certBySignSn.getTemplateId()).getMaxValidity(), rootCert.getNotAfter(), certBySignSn.getKeyNotAfterTime()).intValue());
            } else if (Constants.RA_MANAGER_CERT_TYPE.intValue() == num2.intValue()) {
                ManageCertDO managerCertsBySn = this.managerCertDao.getManagerCertsBySn(str, num.intValue());
                if (null == managerCertsBySn) {
                    if (null != this.revokeManagerCertDao.getRevokManagerCertsBySn(str, num)) {
                        this.logger.debug("获取RA管理员证书信息失败：证书已经被撤销，signSn=[{}]", str);
                        return Result.failure(ErrorEnum.RA_CERT_ISSUE_STATUA_REVOKED);
                    }
                    if (null != this.outDateManagerCertDao.getOutDateManagerCertsBySn(str, num)) {
                        this.logger.debug("获取RA管理员证书信息失败：证书已经过期，signSn=[{}]", str);
                        return Result.failure(ErrorEnum.RA_CERT_ISSUE_STATUA_EXPIRED);
                    }
                    this.logger.debug("获取RA管理员证书信息失败：没有找到正常状态的证书(管理员证书还需要证书正确状态为已确认)，signSN=[{}]", str);
                    return Result.failure(ErrorEnum.RA_CERT_ISSUE_STATUA_EXCEPTION);
                }
                num3 = IssueTimeUtil.getMaxIssueTime(this.templateDao.getTemplateById(managerCertsBySn.getTemplateId()).getMaxValidity(), rootCert.getNotAfter());
            }
            HashMap hashMap = new HashMap();
            hashMap.put("maxIssueTime", num3);
            return Result.success(hashMap);
        } catch (Exception e) {
            this.logger.error("获取证书签发时间异常", e);
            throw new ServiceException("获取证书签发时间异常", e);
        }
    }

    private RACertResponseVO updateUserCertInfo(CaInfoVO caInfoVO, X500Name x500Name, CertDataDO certDataDO, CertDataDO certDataDO2, Date date, Date date2, CertDO certDO, Long l) throws Exception {
        X509Certificate x509Certificate;
        X509Certificate x509Certificate2;
        X509Certificate certFromStr = CertUtil.getCertFromStr(certDataDO.getData());
        List genExtensions = CertUtil.genExtensions(certFromStr);
        BigInteger maxSn = this.certSnDao.getMaxSn(date);
        X509Certificate genX509Certificate = this.hsmService.genX509Certificate(x500Name.toString(), maxSn, date, date2, caInfoVO, certFromStr.getPublicKey(), ExtensionUtil.updateExtension(genExtensions, this.crlLdapUrlService.getLdapOcspUrl(maxSn, caInfoVO), x500Name.toString(), certFromStr.getPublicKey()));
        BigInteger maxSn2 = this.certSnDao.getMaxSn(date);
        X509Certificate certFromStr2 = CertUtil.getCertFromStr(certDataDO2.getData());
        X509Certificate genX509Certificate2 = this.hsmService.genX509Certificate(x500Name.toString(), maxSn2, date, date2, caInfoVO, certFromStr2.getPublicKey(), ExtensionUtil.updateExtension(CertUtil.genExtensions(certFromStr2), this.crlLdapUrlService.getLdapOcspUrl(maxSn2, caInfoVO), x500Name.toString(), certFromStr2.getPublicKey()));
        TemplateInfoVO templateInfoVO = new TemplateInfoVO();
        templateInfoVO.setKeyAlg(certDO.getPublicKeyAlg());
        templateInfoVO.setKeySize(certDO.getPrivateKeySize());
        templateInfoVO.setSignAlg(certDO.getSignAlg());
        templateInfoVO.setId(certDO.getTemplateId());
        if (certDO.getType().intValue() == UserCertTypeEnum.SIGNCERT.value) {
            x509Certificate = genX509Certificate;
            x509Certificate2 = genX509Certificate2;
        } else {
            x509Certificate = genX509Certificate2;
            x509Certificate2 = genX509Certificate;
        }
        saveRaUserCert(caInfoVO, x509Certificate, x509Certificate2, templateInfoVO, l);
        return new RACertResponseVO(x509Certificate, x509Certificate2, (SignedAndEnvelopedData) null);
    }

    private RACertResponseVO updateUserCertPwd(CaInfoVO caInfoVO, PublicKey publicKey, X500Name x500Name, CertDO certDO, CertDataDO certDataDO, CertDataDO certDataDO2, Date date, Date date2, Long l) {
        X509Certificate x509Certificate;
        X509Certificate x509Certificate2;
        try {
            X509Certificate certFromStr = CertUtil.getCertFromStr(certDataDO.getData());
            X509Certificate certFromStr2 = CertUtil.getCertFromStr(certDataDO2.getData());
            if (certDO.getType().intValue() == UserCertTypeEnum.SIGNCERT.value) {
                x509Certificate = certFromStr;
                x509Certificate2 = certFromStr2;
            } else {
                x509Certificate = certFromStr2;
                x509Certificate2 = certFromStr;
            }
            List genExtensions = CertUtil.genExtensions(x509Certificate);
            BigInteger maxSn = this.certSnDao.getMaxSn(date);
            X509Certificate genX509Certificate = this.hsmService.genX509Certificate(x500Name.toString(), maxSn, date, date2, caInfoVO, publicKey, ExtensionUtil.updateExtension(genExtensions, this.crlLdapUrlService.getLdapOcspUrl(maxSn, caInfoVO), x500Name.toString(), publicKey));
            RetKeyRespond applyKey = new KmSoft().applyKey(String.valueOf(KeyAlgEnum.SM2.value), KEY_LENGTH.intValue(), x500Name.toString().toString(), maxSn, publicKey);
            BigInteger maxSn2 = this.certSnDao.getMaxSn(date);
            X509Certificate genX509Certificate2 = this.hsmService.genX509Certificate(x500Name.toString(), maxSn2, date, date2, caInfoVO, applyKey.getPublicKey(), ExtensionUtil.updateExtension(CertUtil.genExtensions(x509Certificate2), this.crlLdapUrlService.getLdapOcspUrl(maxSn2, caInfoVO), x500Name.toString(), applyKey.getPublicKey()));
            TemplateInfoVO templateInfoVO = new TemplateInfoVO();
            templateInfoVO.setKeyAlg(certDO.getPublicKeyAlg());
            templateInfoVO.setKeySize(certDO.getPrivateKeySize());
            templateInfoVO.setSignAlg(certDO.getSignAlg());
            templateInfoVO.setId(certDO.getTemplateId());
            RACertResponseVO rACertResponseVO = new RACertResponseVO(genX509Certificate, genX509Certificate2, applyKey.getEncryptedPrivateKey());
            saveRaUserCert(caInfoVO, genX509Certificate, genX509Certificate2, templateInfoVO, l);
            return rACertResponseVO;
        } catch (Exception e) {
            throw new ServiceException("更新用户证书失败", e);
        }
    }

    public void saveRaUserCert(CaInfoVO caInfoVO, X509Certificate x509Certificate, X509Certificate x509Certificate2, TemplateInfoVO templateInfoVO, Long l) throws Exception {
        CertDO certDO = new CertDO();
        CertDataDO certDataDO = new CertDataDO();
        CertDataDO certDataDO2 = new CertDataDO();
        certDataDO.setData(CertUtil.writeObject(x509Certificate));
        certDataDO.setGmtCreate(x509Certificate.getNotBefore());
        certDO.setCaCertId(caInfoVO.getCertId());
        certDO.setConfirmationStatus(Constants.ISSUE_CERT_NO_ACK);
        certDO.setSn(x509Certificate.getSerialNumber().toString(16));
        certDO.setSubject(CertUtil.getSubjectByX509Cert(x509Certificate));
        certDO.setIssuer(CertUtil.getIssuerByX509Cert(x509Certificate));
        certDO.setPublicKeyAlg(templateInfoVO.getKeyAlg());
        certDO.setPrivateKeySize(templateInfoVO.getKeySize());
        certDO.setNotBeforeTime(x509Certificate.getNotBefore());
        certDO.setNotAfterTime(x509Certificate.getNotAfter());
        certDO.setKeyNotAfterTime(x509Certificate.getNotAfter());
        certDO.setKeyNotBeforeTime(x509Certificate.getNotBefore());
        certDO.setSignAlg(templateInfoVO.getSignAlg());
        certDO.setType(Integer.valueOf(UserCertTypeEnum.SIGNCERT.value));
        certDO.setStatus(1);
        certDO.setTemplateId(templateInfoVO.getId());
        certDO.setPairCertSn(x509Certificate2.getSerialNumber().toString(16));
        certDO.setConfirmationStatus(Constants.ISSUE_CERT_NO_ACK);
        certDO.setGmtCreate(x509Certificate.getNotBefore());
        certDataDO2.setData(CertUtil.writeObject(x509Certificate2));
        certDataDO2.setGmtCreate(x509Certificate.getNotBefore());
        CertDO save = this.certDao.save(certDO);
        certDataDO.setId(save.getId());
        save.setSn(x509Certificate2.getSerialNumber().toString(16));
        save.setPairCertId(save.getId());
        save.setType(Integer.valueOf(UserCertTypeEnum.ENCCERT.value));
        save.setPairCertSn(x509Certificate.getSerialNumber().toString(16));
        save.setId((Long) null);
        CertDO save2 = this.certDao.save(save);
        certDataDO2.setId(save2.getId());
        this.certDao.updatePairCertId(save2.getPairCertId(), save2.getId());
        ArrayList arrayList = new ArrayList();
        arrayList.add(certDataDO2);
        arrayList.add(certDataDO);
        this.certDataDao.saveBatch(arrayList);
        RaCertDO raCertDO = new RaCertDO();
        RaCertDO raCertDO2 = new RaCertDO();
        raCertDO.setRaId(l);
        raCertDO.setCertId(save2.getId());
        raCertDO.setGmtCreate(x509Certificate2.getNotBefore());
        raCertDO2.setCertId(save2.getPairCertId());
        raCertDO2.setRaId(l);
        raCertDO2.setGmtCreate(x509Certificate2.getNotBefore());
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(raCertDO);
        arrayList2.add(raCertDO2);
        this.raCertDao.saveBatch(arrayList2);
    }
}
