package com.xdja.pki.ca.certmanager.service.racert;

import com.alibaba.fastjson.JSON;
import com.xdja.pki.ca.certcrl.service.impl.CrlService;
import com.xdja.pki.ca.certmanager.dao.CertDao;
import com.xdja.pki.ca.certmanager.dao.CertDataDao;
import com.xdja.pki.ca.certmanager.dao.CrlTemplateDao;
import com.xdja.pki.ca.certmanager.dao.DeltaRevokeCertDao;
import com.xdja.pki.ca.certmanager.dao.ManagerCertDao;
import com.xdja.pki.ca.certmanager.dao.OutDateManagerCertDao;
import com.xdja.pki.ca.certmanager.dao.OutdateCertDao;
import com.xdja.pki.ca.certmanager.dao.RaCertDao;
import com.xdja.pki.ca.certmanager.dao.RaTemplateDao;
import com.xdja.pki.ca.certmanager.dao.RevokeCertDao;
import com.xdja.pki.ca.certmanager.dao.RevokeManagerCertDao;
import com.xdja.pki.ca.certmanager.dao.TemplateDao;
import com.xdja.pki.ca.certmanager.dao.TemplateUserCertDao;
import com.xdja.pki.ca.certmanager.dao.models.CertDO;
import com.xdja.pki.ca.certmanager.dao.models.CertDataDO;
import com.xdja.pki.ca.certmanager.dao.models.CrlTemplateDO;
import com.xdja.pki.ca.certmanager.dao.models.DeltaRevokedCertDO;
import com.xdja.pki.ca.certmanager.dao.models.ManageCertDO;
import com.xdja.pki.ca.certmanager.dao.models.RaCertDO;
import com.xdja.pki.ca.certmanager.dao.models.RaDO;
import com.xdja.pki.ca.certmanager.dao.models.RevokedCertDO;
import com.xdja.pki.ca.certmanager.dao.models.TemplateDO;
import com.xdja.pki.ca.certmanager.dao.models.TemplateUserCertDO;
import com.xdja.pki.ca.certmanager.service.crltemplate.CrlTemplateService;
import com.xdja.pki.ca.certmanager.service.crltemplate.bean.CrlTemplateExtensionVO;
import com.xdja.pki.ca.certmanager.service.kms.KmsService;
import com.xdja.pki.ca.certmanager.service.kms.bean.ResponseBean;
import com.xdja.pki.ca.certmanager.service.racert.bean.CMPReqCacheVO;
import com.xdja.pki.ca.certmanager.service.racert.bean.RACertResponseVO;
import com.xdja.pki.ca.certmanager.service.racert.bean.RAServerCertVO;
import com.xdja.pki.ca.certmanager.service.task.TaskDataService;
import com.xdja.pki.ca.certmanager.service.template.TemplateService;
import com.xdja.pki.ca.certmanager.service.template.bean.TemplateInfoVO;
import com.xdja.pki.ca.certmanager.service.usercert.bean.UserCertSnVO;
import com.xdja.pki.ca.certmanager.service.util.ExtensionUtil;
import com.xdja.pki.ca.certmanager.service.util.TemplateParamsUtil;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.ca.util.gm.cert.RsaAlgUtils;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.enums.CertPattermEnum;
import com.xdja.pki.ca.core.enums.CertStatusEnum;
import com.xdja.pki.ca.core.enums.TemplateStatusEnum;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.core.km.KmSoft;
import com.xdja.pki.ca.core.km.RetKeyRespond;
import com.xdja.pki.ca.core.util.CertUtils;
import com.xdja.pki.ca.core.util.SpringBeanUtil;
import com.xdja.pki.ca.core.util.json.JsonUtils;
import com.xdja.pki.ca.core.util.time.IssueTimeUtil;
import com.xdja.pki.ca.extension.util.ExtensionAttr;
import com.xdja.pki.ca.hsm.manager.HsmManager;
import com.xdja.pki.ca.ldap.service.vo.LdapOcspUrlVO;
import com.xdja.pki.ca.securitymanager.dao.CertIdDao;
import com.xdja.pki.ca.securitymanager.dao.CertSnDao;
import com.xdja.pki.ca.securitymanager.service.configfile.ConfigFileService;
import com.xdja.pki.ca.securitymanager.service.init.InitService;
import com.xdja.pki.ca.securitymanager.service.init.LicenseService;
import com.xdja.pki.ca.securitymanager.service.vo.AlgTypeEnum;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.ca.securitymanager.service.vo.UserCertTypeEnum;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.cmp.ErrorMsgContent;
import org.bouncycastle.asn1.crmf.CertTemplate;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;

@Service
/* loaded from: input_file:com/xdja/pki/ca/certmanager/service/racert/OpenApiCMPServiceImpl.class */
public class OpenApiCMPServiceImpl implements OpenApiCMPService {
    public static final String RSA_OID = "1.2.840.113549.1.1.1";
    public static final String ECC_SM2_OID = "1.2.156.10197.1.301.1";
    public static final String ECC_DSA_OID = "1.2.840.10045.3.1.7";
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private CertDao certDao;

    @Autowired
    private RaCertDao raCertDao;

    @Autowired
    private RevokeCertDao revokeCertDao;

    @Autowired
    private CertDataDao certDataDao;

    @Autowired
    private TemplateService templateService;

    @Autowired
    private CrlService crlService;

    @Autowired
    private TemplateDao templateDao;

    @Autowired
    private OutdateCertDao outdateCertDao;

    @Autowired
    private ManagerCertDao managerCertDao;

    @Autowired
    private RevokeManagerCertDao revokeManagerCertDao;

    @Autowired
    private OutDateManagerCertDao outDateManagerCertDao;

    @Autowired
    private RaTemplateDao raTemplateDao;

    @Autowired
    private HsmManager hsmService;

    @Autowired
    private TaskDataService taskDataService;

    @Autowired
    private CertSnDao certSnDao;

    @Autowired
    private DeltaRevokeCertDao deltaRevokeCertDao;

    @Autowired
    private InitService initService;

    @Autowired
    private CertIdDao certIdDao;

    @Autowired
    private Environment env;

    @Autowired
    private TemplateUserCertDao templateUserCertDao;

    @Autowired
    CrlTemplateService crlTemplateService;

    @Autowired
    CrlTemplateDao crlTemplateDao;

    @Autowired
    LicenseService licenseService;

    @Autowired
    private ConfigFileService configFileService;
    public static final Integer DOUBLE_CERT = 2;
    public static final Integer KEY_LENGTH = 256;
    private static volatile KmSoft kmSoft = new KmSoft();

    public Map<String, CaInfoVO> getCaInfo() {
        try {
            HashMap hashMap = new HashMap();
            CaInfoVO caInfo = this.initService.getCaInfo(Integer.valueOf(AlgTypeEnum.RSA.value));
            hashMap.put(RSA_OID, caInfo);
            CaInfoVO caInfo2 = this.initService.getCaInfo(Integer.valueOf(AlgTypeEnum.SM2.value));
            hashMap.put(ECC_SM2_OID, caInfo2);
            CaInfoVO caInfo3 = this.initService.getCaInfo(Integer.valueOf(AlgTypeEnum.NISTP256.value));
            hashMap.put(ECC_DSA_OID, caInfo3);
            if (null != caInfo2) {
                this.logger.debug("根证书DN：" + CertUtil.getSubjectByX509Cert(caInfo2.getRootCert()));
            } else if (null != caInfo) {
                this.logger.debug("根证书DN：" + CertUtil.getSubjectByX509Cert(caInfo.getRootCert()));
            } else {
                this.logger.debug("根证书DN：" + CertUtil.getSubjectByX509Cert(caInfo3.getRootCert()));
            }
            return hashMap;
        } catch (Exception e) {
            throw new ServiceException("获取CA基本信息时异常", e);
        }
    }

    public UserCertSnVO getUserCertSn() {
        Date date = new Date();
        return new UserCertSnVO(this.certSnDao.getMaxSn(date), this.certSnDao.getMaxSn(date));
    }

    public Result issueUserCert(PublicKey publicKey, X500Name x500Name, String str, String str2, CertTemplate certTemplate, Long l, String str3) {
        try {
            UserCertSnVO userCertSn = getUserCertSn();
            return doIssueUserDoubleCert(userCertSn.getSignSn(), userCertSn.getEncSn(), publicKey, x500Name, str, str2, certTemplate, l, str3);
        } catch (Exception e) {
            this.logger.error("CMP用户证书签发失败：reqId=" + str3 + ",dn=" + x500Name.toString() + ",tempNo=" + str + ",tempParas=" + str2, e);
            throw new ServiceException("CMP签发用户证书失败", e);
        }
    }

    public Result doIssueUserDoubleCert(BigInteger bigInteger, BigInteger bigInteger2, PublicKey publicKey, X500Name x500Name, String str, String str2, CertTemplate certTemplate, Long l, String str3) {
        CMPReqCacheVO cMPReqCacheVO;
        PublicKey publicKey2;
        try {
            this.logger.info("收到CMP用户证书签发请求：reqId=" + str3 + ",dn=" + x500Name.toString() + ",tempNo=" + str + ",tempParas=" + str2);
            TemplateInfoVO templateInfoVO = (TemplateInfoVO) this.templateService.getTemplatesByCodes(new String[]{str}).get(str);
            if (null == templateInfoVO) {
                this.logger.debug("cmp签发双证书失败：未查询到模板信息[{}]", x500Name.toString());
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            CaInfoVO caInfo = this.initService.getCaInfo(templateInfoVO.getKeyAlg());
            Result checkIssueCertParams = checkIssueCertParams(templateInfoVO, publicKey, caInfo, l, str2, x500Name);
            if (!checkIssueCertParams.isSuccess()) {
                return checkIssueCertParams;
            }
            Date date = certTemplate.getValidity().getNotBefore().getDate();
            Date userIssueAfterTime = IssueTimeUtil.getUserIssueAfterTime(certTemplate.getValidity().getNotAfter().getDate(), templateInfoVO.getMaxValidity(), caInfo.getRootCert().getNotAfter(), date);
            Map<String, ExtensionAttr> map = (Map) checkIssueCertParams.getInfo();
            Result genX509Certificate = genX509Certificate(x500Name, date, userIssueAfterTime, bigInteger, caInfo, templateInfoVO, publicKey, map, true);
            if (!genX509Certificate.isSuccess()) {
                return genX509Certificate;
            }
            X509Certificate x509Certificate = (X509Certificate) genX509Certificate.getInfo();
            String str4 = null;
            X509Certificate x509Certificate2 = null;
            if (templateInfoVO.getCertPatterm().intValue() == CertPattermEnum.DOUBLE_CERT.id) {
                if (Constants.IS_KM) {
                    KmsService kmsService = null;
                    int kmSystemType = this.configFileService.getConfigInfo().getKmSystemType();
                    if (kmSystemType == 1) {
                        kmsService = (KmsService) SpringBeanUtil.getBean("kmsSansecService");
                    } else if (kmSystemType == 2) {
                        kmsService = (KmsService) SpringBeanUtil.getBean("kmsXdjaHttpService");
                    }
                    this.logger.debug("开始密管系统申请公私钥");
                    ResponseBean applyEncKey = kmsService.applyEncKey(caInfo, bigInteger2, publicKey, date, caInfo.getRootCert().getNotAfter(), x500Name.toString(), (String) null, (String) null, templateInfoVO.getKeySize().intValue(), "SM4", "SM3");
                    if (StringUtils.isNotBlank(applyEncKey.getPublicKeyStr())) {
                        publicKey2 = CertUtils.getPublicKeyBySubjectPublicInfo(applyEncKey.getPublicKeyStr());
                        this.logger.debug("密管系统返回信息，公钥：" + applyEncKey.getPublicKeyStr() + "，私钥:" + applyEncKey.getPrivateKeyStr());
                    } else {
                        publicKey2 = applyEncKey.getEncPublicKey();
                        this.logger.debug("密管系统返回信息,私钥:" + applyEncKey.getPrivateKeyStr());
                    }
                    str4 = applyEncKey.getPrivateKeyStr();
                    this.logger.debug("向密管系统申请公私钥结束");
                } else {
                    this.logger.debug("开始向KmSoft申请公私钥");
                    RetKeyRespond applyKey = kmSoft.applyKey(templateInfoVO.getKeyAlg(), templateInfoVO.getKeySize().intValue(), x500Name.toString(), bigInteger, publicKey);
                    publicKey2 = applyKey.getPublicKey();
                    str4 = Base64.toBase64String(applyKey.getEncryptedPrivateKey().getDEREncoded());
                    this.logger.info("向KM申请加密公私钥成功，encPrivate:" + Base64.toBase64String(applyKey.getEncryptedPrivateKey().getDEREncoded()) + ",public=" + new String(Base64.encode(applyKey.getPublicKey().getEncoded())));
                }
                Result genX509Certificate2 = genX509Certificate(x500Name, date, userIssueAfterTime, bigInteger2, caInfo, templateInfoVO, publicKey2, map, false);
                if (!genX509Certificate2.isSuccess()) {
                    return genX509Certificate2;
                }
                x509Certificate2 = (X509Certificate) genX509Certificate2.getInfo();
                saveRaUserCert(caInfo, x509Certificate, x509Certificate2, templateInfoVO, l, null, null);
                cMPReqCacheVO = new CMPReqCacheVO(bigInteger.toString(16), bigInteger2.toString(16), templateInfoVO.getKeyAlg(), false);
            } else {
                saveRaUserCert(caInfo, x509Certificate, templateInfoVO, l, null);
                cMPReqCacheVO = new CMPReqCacheVO(bigInteger.toString(16), (String) null, templateInfoVO.getKeyAlg(), false);
            }
            Constants.CMP_REQ_INFO.put(str3, cMPReqCacheVO);
            this.logger.debug("cmp请求id信息写入缓存成功，reqId=" + str3 + ",signSn=" + bigInteger.toString(16));
            this.logger.info("CMP用户证书签发成功，reqId=" + str3 + ",signCert=" + CertUtil.writeObject(x509Certificate) + ",encCert=" + CertUtil.writeObject(x509Certificate2) + ",encPriKey=" + str4);
            return Result.success(new RACertResponseVO(x509Certificate, x509Certificate2, str4));
        } catch (Exception e) {
            this.logger.error("CMP用户证书签发失败：reqId=" + str3 + ",dn=" + x500Name.toString() + ",tempNo=" + str + ",tempParas=" + str2, e);
            throw new ServiceException("CMP签发用户证书失败", e);
        }
    }

    private Result checkIssueCertParams(TemplateInfoVO templateInfoVO, PublicKey publicKey, CaInfoVO caInfoVO, Long l, String str, X500Name x500Name) {
        if (TemplateStatusEnum.NORMAL.value != templateInfoVO.getStatus().intValue()) {
            this.logger.info("查询模板信息结果：模板状态不正常，模板状态为[{}]", templateInfoVO.getStatus());
            return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
        }
        Result checkPublicParams = RsaAlgUtils.checkPublicParams(publicKey, templateInfoVO.getKeyAlg(), templateInfoVO.getKeySize());
        if (!checkPublicParams.isSuccess()) {
            return checkPublicParams;
        }
        if (!this.raTemplateDao.verifyRATemplateRelate(l, templateInfoVO.getId())) {
            this.logger.info("CMP签发双证书失败：模板已经取消授权raId=[{}],tempId=[{}]", l, templateInfoVO.getId());
            return Result.failure(ErrorEnum.RA_TEMPLATE_RELATE_DELETE);
        }
        RaDO raDoById = this.raTemplateDao.getRaDoById(l);
        if (null == templateInfoVO.getBaseDn() || !x500Name.toString().toLowerCase().endsWith(templateInfoVO.getBaseDn().toLowerCase())) {
            this.logger.info("CMP签发双证书: 用户的baseDN[{}]和模板的BaseDn[{}]不一致,进行与RA的BaseDn是否一致校验", x500Name.toString(), templateInfoVO.getBaseDn());
            if (null == raDoById || !x500Name.toString().toLowerCase().endsWith(raDoById.getBaseDn().toLowerCase())) {
                this.logger.info("CMP签发双证书: 用户的baseDN[{}]和RA的BaseDn[{}]不一致", x500Name.toString(), raDoById.getBaseDn());
                return Result.failure(ErrorEnum.USER_DN_NOT_SAME_RA_BASEDN);
            }
            if (null == caInfoVO || StringUtils.isBlank(caInfoVO.getBaseDn()) || null == caInfoVO.getRootCert()) {
                this.logger.debug("cmp签发双证书失败：未查到CA基本信息[{}]", x500Name.toString());
                return Result.failure(ErrorEnum.CA_BASEINFO_GET_FAIL);
            }
            if (!x500Name.toString().toLowerCase().endsWith(caInfoVO.getBaseDn().toLowerCase())) {
                this.logger.debug("cmp签发双证书失败：DN中的baseDn不正确[{}]", x500Name.toString());
                return Result.failure(ErrorEnum.BASEDN_ERROR);
            }
        }
        Result validity = TemplateParamsUtil.validity(templateInfoVO, str);
        if (validity.isSuccess()) {
            return validity;
        }
        this.logger.info("CMP签发证书失败：缺少模板需要参数");
        return Result.failure(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
    }

    private Result genX509Certificate(X500Name x500Name, Date date, Date date2, BigInteger bigInteger, CaInfoVO caInfoVO, TemplateInfoVO templateInfoVO, PublicKey publicKey, Map<String, ExtensionAttr> map, boolean z) throws Exception {
        Long l = null;
        if (templateInfoVO.getOpenCrl().booleanValue()) {
            l = templateInfoVO.getId();
        }
        Result verifyLicense = this.licenseService.verifyLicense();
        if (!verifyLicense.isSuccess()) {
            return verifyLicense;
        }
        LdapOcspUrlVO ldapOcspUrl = this.crlTemplateService.getLdapOcspUrl(bigInteger, x500Name.toString(), caInfoVO, false, l, templateInfoVO.getCrlTempId());
        this.logger.info("当前待生成证书所需目录服务的基本信息 ================== " + ldapOcspUrl.toString());
        List changeExtensionFormat = ExtensionUtil.changeExtensionFormat(templateInfoVO.getExtensions(), map, publicKey, x500Name.toString(), ldapOcspUrl, z);
        changeExtensionFormat.addAll(ExtensionUtil.buildTemplateCustomizeExtensions(templateInfoVO.getCustomizeExtens(), map));
        X509Certificate genX509Certificate = this.hsmService.genX509Certificate(x500Name.toString(), bigInteger, date, date2, caInfoVO, publicKey, changeExtensionFormat, templateInfoVO.getSignAlg());
        this.licenseService.increamCurrentCertCount();
        return Result.success(genX509Certificate);
    }

    public Result doRevokeUserCert(String str, Integer num, boolean z, int i, String str2, boolean z2) {
        try {
            this.logger.info("收到证书撤销请求，signSn=" + str + ",keyRevokedStatus=" + z + ",revokeRease=" + i + ",revokeNote=" + str2);
            if (i < 0 || i > 10) {
                this.logger.info("撤销证书失败，撤销理由不正确,reason:" + i);
                return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
            }
            Result checkCertStatus = checkCertStatus(str);
            if (!checkCertStatus.isSuccess() && checkCertStatus.getError().code != ErrorEnum.CERT_ISSUE_STATUE_FREEZE.code) {
                return checkCertStatus;
            }
            List<CertDO> arrayList = new ArrayList();
            if (checkCertStatus.isSuccess() && !z2) {
                arrayList = (List) checkCertStatus.getInfo();
            } else if (checkCertStatus.isSuccess() && z2) {
                arrayList.add(this.certDao.getCertBySn(str, num));
            } else {
                arrayList = this.certDao.getCertsBySignSn(str, num);
            }
            ArrayList arrayList2 = new ArrayList();
            Date date = new Date();
            buildRevokeData(arrayList, arrayList2, z, i, str2, date);
            this.revokeCertDao.saveCerts(arrayList2);
            this.certDao.deleteBatch(arrayList);
            syncDrlAndOcsp(arrayList2, Integer.valueOf(i), date);
            this.logger.info("证书撤销请求处理成功，signSn=" + str + ",keyRevokedStatus=" + z + ",revokeRease=" + i + ",revokeNote=" + str2);
            return Result.success(arrayList.get(0).getSubject());
        } catch (Exception e) {
            this.logger.debug("证书撤销处理失败，signSn=" + str + ",keyRevokedStatus=" + z + ",revokeRease=" + i + ",revokeNote=" + str2);
            throw new ServiceException("撤销用户证书失败", e);
        }
    }

    public void syncDrlAndOcsp(List<RevokedCertDO> list, Integer num, Date date) throws Exception {
        RevokedCertDO revokedCertDO = list.get(0);
        syncOcsp(revokedCertDO, num, date);
        long crlTempIdByCertTempId = this.templateDao.getCrlTempIdByCertTempId(revokedCertDO.getTemplateId().longValue());
        if (crlTempIdByCertTempId == -1) {
            return;
        }
        Result crlTemplateById = this.crlTemplateService.getCrlTemplateById(Long.valueOf(crlTempIdByCertTempId));
        if (!crlTemplateById.isSuccess()) {
            this.logger.info("查找CRL模板信息失败:" + JsonUtils.object2Json(crlTemplateById));
            return;
        }
        Integer drlPeriod = ((CrlTemplateExtensionVO) crlTemplateById.getInfo()).getCrlConfig().getDrlPeriod();
        if (drlPeriod == null || drlPeriod.intValue() == 0) {
            return;
        }
        if (list.size() == CertPattermEnum.DOUBLE_CERT.id) {
            this.crlService.saveDeltaCrlInfo(revokedCertDO.getSn(), revokedCertDO.getPairCertSn(), revokedCertDO.getPublicKeyAlg(), num, revokedCertDO.getGmtCreate(), revokedCertDO.getCrlTempId().longValue(), revokedCertDO.getSegmentNo());
            this.logger.debug("开启了增量CRL，保存增量CRL信息成功，sn1=" + revokedCertDO.getSn() + ",sn2=" + revokedCertDO.getPairCertSn());
        } else {
            this.crlService.saveDeltaCrlInfo(revokedCertDO.getSn(), revokedCertDO.getPairCertSn(), revokedCertDO.getPublicKeyAlg(), num, revokedCertDO.getGmtCreate(), revokedCertDO.getCrlTempId().longValue(), revokedCertDO.getSegmentNo());
            this.logger.debug("开启了增量CRL，保存增量CRL信息成功，sn1=" + revokedCertDO.getSn());
        }
    }

    public void syncDrlAndOcspFreezen(List<CertDO> list, Integer num, Date date) throws Exception {
        CertDO certDO = list.get(0);
        syncOcsp(certDO, num, date);
        long crlTempIdByCertTempId = this.templateDao.getCrlTempIdByCertTempId(certDO.getTemplateId().longValue());
        if (crlTempIdByCertTempId == -1) {
            return;
        }
        Result crlTemplateById = this.crlTemplateService.getCrlTemplateById(Long.valueOf(crlTempIdByCertTempId));
        if (!crlTemplateById.isSuccess()) {
            this.logger.info("查找CRL模板信息失败:" + JsonUtils.object2Json(crlTemplateById));
            return;
        }
        Integer drlPeriod = ((CrlTemplateExtensionVO) crlTemplateById.getInfo()).getCrlConfig().getDrlPeriod();
        if (drlPeriod == null || drlPeriod.intValue() == 0) {
            return;
        }
        if (list.size() == CertPattermEnum.DOUBLE_CERT.id) {
            this.crlService.saveDeltaCrlInfo(certDO.getSn(), certDO.getPairCertSn(), certDO.getPublicKeyAlg(), num, certDO.getGmtCreate(), certDO.getCrlTempId().longValue(), certDO.getSegmentNo());
            this.logger.debug("开启了增量CRL，保存增量CRL信息成功，sn1=" + certDO.getSn() + ",sn2=" + certDO.getPairCertSn());
        } else {
            this.crlService.saveDeltaCrlInfo(certDO.getSn(), certDO.getPairCertSn(), certDO.getPublicKeyAlg(), num, certDO.getGmtCreate(), certDO.getCrlTempId().longValue(), certDO.getSegmentNo());
            this.logger.debug("开启了增量CRL，保存增量CRL信息成功，sn1=" + certDO.getSn());
        }
    }

    public void syncOcsp(RevokedCertDO revokedCertDO, Integer num, Date date) {
        Integer valueOf = Integer.valueOf(CertStatusEnum.REVOKE.value);
        if (6 == num.intValue()) {
            valueOf = Integer.valueOf(CertStatusEnum.FROZEN.value);
        } else if (8 == num.intValue()) {
            valueOf = Integer.valueOf(CertStatusEnum.NORMAL.value);
        }
        if (revokedCertDO.getType().intValue() == UserCertTypeEnum.SIGNCERT.value) {
            this.taskDataService.saveSyncStatusCert(revokedCertDO.getId(), revokedCertDO.getPairCertId(), 1, valueOf, num, date);
        } else if (revokedCertDO.getType().intValue() == UserCertTypeEnum.ENCCERT.value) {
            this.taskDataService.saveSyncStatusCert(revokedCertDO.getPairCertId(), revokedCertDO.getId(), 1, valueOf, num, date);
        } else {
            this.taskDataService.saveSyncStatusCert(revokedCertDO.getId(), (Long) null, 1, valueOf, num, date);
        }
    }

    public void syncOcsp(CertDO certDO, Integer num, Date date) {
        Integer valueOf = Integer.valueOf(CertStatusEnum.REVOKE.value);
        if (6 == num.intValue()) {
            valueOf = Integer.valueOf(CertStatusEnum.FROZEN.value);
        } else if (8 == num.intValue()) {
            valueOf = Integer.valueOf(CertStatusEnum.NORMAL.value);
        }
        if (certDO.getType().intValue() == UserCertTypeEnum.SIGNCERT.value) {
            this.taskDataService.saveSyncStatusCert(certDO.getId(), certDO.getPairCertId(), 1, valueOf, num, date);
        } else if (certDO.getType().intValue() == UserCertTypeEnum.ENCCERT.value) {
            this.taskDataService.saveSyncStatusCert(certDO.getPairCertId(), certDO.getId(), 1, valueOf, num, date);
        } else {
            this.taskDataService.saveSyncStatusCert(certDO.getId(), (Long) null, 1, valueOf, num, date);
        }
    }

    public Result checkCertStatus(String str) {
        List certsBySignSn = this.certDao.getCertsBySignSn(str, Constants.BASE_ALG_TYPE);
        if (null != certsBySignSn && certsBySignSn.size() != 0) {
            if (((CertDO) certsBySignSn.get(0)).getNotAfterTime().before(new Date())) {
                this.logger.debug("证书已经过期，signSn=[{}]", str);
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXPIRED);
            }
            if (((CertDO) certsBySignSn.get(0)).getStatus().intValue() != 2) {
                return Result.success(certsBySignSn);
            }
            this.logger.debug("证书已经被冻结,signSN=[{}]", str);
            return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_FREEZE);
        }
        if (null != this.revokeCertDao.getRevokeCertBySn(str, Constants.BASE_ALG_TYPE)) {
            this.logger.debug("证书已经被撤销，signSn=[{}]", str);
            return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_REVOKED);
        }
        if (null != this.outdateCertDao.getOutDateCertBySn(str, Constants.BASE_ALG_TYPE)) {
            this.logger.debug("证书已经过期，signSn=[{}]", str);
            return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXPIRED);
        }
        this.logger.debug("CMP撤销证书失败：没有找到正常状态的证书(还需要证书正确状态为已确认)，signSN=[{}]", str);
        return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXCEPTION);
    }

    public Result doFreezeUserCert(String str, String str2) {
        this.logger.info("收到证书冻结请求，signSn=" + str + "freezeNote=" + str2);
        try {
            Result checkCertStatus = checkCertStatus(str);
            if (!checkCertStatus.isSuccess()) {
                return checkCertStatus;
            }
            Date date = new Date();
            List<CertDO> list = (List) checkCertStatus.getInfo();
            this.certDao.updateCertStatus(list.get(0).getSn(), CertStatusEnum.FROZEN.value);
            ArrayList arrayList = new ArrayList();
            for (CertDO certDO : list) {
                RevokedCertDO revokedCertDO = new RevokedCertDO();
                BeanUtils.copyProperties(certDO, revokedCertDO);
                revokedCertDO.setBeforeTime(certDO.getNotBeforeTime());
                revokedCertDO.setAfterTime(certDO.getKeyNotAfterTime());
                revokedCertDO.setKeyRevokedStatus(Integer.valueOf(RevokedCertDO.KEY_REVOKE_STATUS.NO_KEY_REVOKE.value));
                revokedCertDO.setIsRevokeKey(Integer.valueOf(RevokedCertDO.IS_REVOKE_KEY.NO_REVOKE_KEY.value));
                revokedCertDO.setRevokeReason(Integer.valueOf(CertStatusEnum.FROZEN.value));
                revokedCertDO.setFrozenNum(Integer.valueOf(certDO.getFrozenNum().intValue() + 1));
                revokedCertDO.setCrlTempId(certDO.getCrlTempId());
                arrayList.add(revokedCertDO);
            }
            this.revokeCertDao.saveCerts(arrayList);
            ArrayList arrayList2 = new ArrayList();
            for (CertDO certDO2 : list) {
                long crlTempIdByCertTempId = this.templateDao.getCrlTempIdByCertTempId(certDO2.getTemplateId().longValue());
                if (crlTempIdByCertTempId != -1) {
                    Result crlTemplateById = this.crlTemplateService.getCrlTemplateById(Long.valueOf(crlTempIdByCertTempId));
                    if (crlTemplateById.isSuccess()) {
                        Integer drlPeriod = ((CrlTemplateExtensionVO) crlTemplateById.getInfo()).getCrlConfig().getDrlPeriod();
                        if (drlPeriod != null && drlPeriod.intValue() != 0) {
                            DeltaRevokedCertDO deltaRevokedCertDO = new DeltaRevokedCertDO();
                            BeanUtils.copyProperties(certDO2, deltaRevokedCertDO);
                            deltaRevokedCertDO.setKeyAlg(certDO2.getPublicKeyAlg());
                            deltaRevokedCertDO.setRevokeReason(Integer.valueOf(CertStatusEnum.FROZEN.value));
                            arrayList2.add(deltaRevokedCertDO);
                        }
                    } else {
                        this.logger.info("查找CRL模板信息失败:" + JsonUtils.object2Json(crlTemplateById));
                    }
                }
            }
            if (!CollectionUtils.isEmpty(arrayList2)) {
                this.deltaRevokeCertDao.saveBatch(arrayList2);
            }
            this.logger.info("证书冻结请求处理成功，signSn=" + str + ",freezeNote=" + str2);
            syncDrlAndOcspFreezen(list, 6, date);
            checkCertStatus.setAuditContent(list.get(0).getSubject());
            return checkCertStatus;
        } catch (Exception e) {
            this.logger.debug("证书冻结处理失败，signSn=" + str + ",freezeNote=" + str2);
            throw new ServiceException("冻结用户证书失败", e);
        }
    }

    public Result doUnFreezeUserCert(String str, String str2) {
        try {
            this.logger.info("收到证书解冻请求，signSn=" + str + "unFreezeNote=" + str2);
            Result checkCertStatus = checkCertStatus(str);
            if (checkCertStatus.isSuccess()) {
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_NORMAL);
            }
            if (checkCertStatus.getError().code != ErrorEnum.CERT_ISSUE_STATUE_FREEZE.code) {
                return checkCertStatus;
            }
            Date date = new Date();
            CertDO certDO = (CertDO) this.certDao.getCertsBySignSn(str, Constants.BASE_ALG_TYPE).get(0);
            this.certDao.updateCertStatus(certDO.getSn(), CertStatusEnum.NORMAL.value);
            RevokedCertDO revokedCertDO = new RevokedCertDO();
            BeanUtils.copyProperties(certDO, revokedCertDO);
            this.revokeCertDao.delete(certDO.getSn(), certDO.getPairCertSn());
            this.deltaRevokeCertDao.delete(certDO.getSn(), certDO.getPairCertSn());
            syncOcsp(revokedCertDO, (Integer) 8, date);
            this.logger.info("证书解冻请求处理成功，signSn=" + str + ",unFreezeNote=" + str2);
            return Result.success(certDO.getSubject());
        } catch (Exception e) {
            throw new ServiceException("证书解冻异常", e);
        }
    }

    private void buildRevokeData(List<CertDO> list, List<RevokedCertDO> list2, boolean z, int i, String str, Date date) {
        for (CertDO certDO : list) {
            RevokedCertDO revokedCertDO = new RevokedCertDO();
            BeanUtils.copyProperties(certDO, revokedCertDO);
            revokedCertDO.setKeyNotBeforeTime(certDO.getNotBeforeTime());
            revokedCertDO.setKeyNotAfterTime(certDO.getNotAfterTime());
            revokedCertDO.setAfterTime(certDO.getNotAfterTime());
            revokedCertDO.setBeforeTime(certDO.getNotBeforeTime());
            str = StringUtils.isBlank(str) ? "" : str;
            revokedCertDO.setRevokeReason(Integer.valueOf(i));
            revokedCertDO.setRevokeNote(str);
            revokedCertDO.setGmtCreate(date);
            revokedCertDO.setCrlTempId(certDO.getCrlTempId());
            if (z) {
                revokedCertDO.setIsRevokeKey(Integer.valueOf(RevokedCertDO.IS_REVOKE_KEY.YES_REGOKE_KEY.value));
            } else {
                revokedCertDO.setIsRevokeKey(Integer.valueOf(RevokedCertDO.IS_REVOKE_KEY.NO_REVOKE_KEY.value));
            }
            revokedCertDO.setKeyRevokedStatus(Integer.valueOf(RevokedCertDO.KEY_REVOKE_STATUS.NO_KEY_REVOKE.value));
            list2.add(revokedCertDO);
        }
    }

    public Result userCertUpdate(String str, Integer num, CertTemplate certTemplate, PublicKey publicKey, X500Name x500Name, Long l, String str2) {
        try {
            return doUpdateUserCert(getUserCertSn(), str, num, certTemplate, publicKey, x500Name, l, str2);
        } catch (Exception e) {
            this.logger.debug("CMP更新用户证书失败：reqId=" + str2 + ",dn=" + x500Name.toString(), e);
            throw new ServiceException("更新用户证书失败", e);
        }
    }

    public Result doUpdateUserCert(UserCertSnVO userCertSnVO, String str, Integer num, CertTemplate certTemplate, PublicKey publicKey, X500Name x500Name, Long l, String str2) {
        RACertResponseVO updateUserCertPwd;
        Result failure;
        this.logger.info("CMP收到证书更新请求，reqID=" + str2 + ",signSn" + str + ",dn=" + x500Name + ",raId=" + l);
        try {
            List certsBySignSn = this.certDao.getCertsBySignSn(str, num);
            new Result();
            if (null == certsBySignSn || certsBySignSn.size() == 0) {
                if (null != this.revokeCertDao.getRevokeCertBySn(str, num)) {
                    this.logger.debug("CMP更新证书失败：证书已经被撤销，signSn=[{}]", str);
                    return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_REVOKED);
                }
                if (null != this.outdateCertDao.getOutDateCertBySn(str, num)) {
                    this.logger.debug("CMP更新证书失败：证书已经过期，signSn=[{}]", str);
                    return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXPIRED);
                }
                this.logger.debug("CMP更新证书失败：没有找到正常状态的证书(还需要证书正确状态为已确认)，signSN=[{}]", str);
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXCEPTION);
            }
            CaInfoVO caInfo = this.initService.getCaInfo(Integer.valueOf(num.intValue()));
            if (null == caInfo || StringUtils.isBlank(caInfo.getBaseDn())) {
                this.logger.debug("CMP更新双证书失败：未查到CA基本信息[{}]", x500Name.toString());
                return Result.failure(ErrorEnum.CA_BASEINFO_GET_FAIL);
            }
            if (caInfo.getRootCert().getNotAfter().before(new Date())) {
                this.logger.debug("CMP更新证书失败：CA根证书已过期,rootCertAfterTime=[{}]", caInfo.getRootCert().getNotAfter());
                return Result.failure(ErrorEnum.CA_ROOT_CERT_EXPIRED);
            }
            CertDO certDO = (CertDO) certsBySignSn.get(0);
            TemplateDO templateById = this.templateDao.getTemplateById(certDO.getTemplateId());
            if (null == templateById) {
                this.logger.debug("cmp签发双证书失败：未查询到模板信息[{}]", x500Name.toString());
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            if (TemplateStatusEnum.NORMAL.value != templateById.getStatus().intValue()) {
                this.logger.info("查询模板信息结果：模板状态不正常，模板状态为[{}]", templateById.getStatus());
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            if (null != x500Name && (null == templateById.getCustomizeDn() || !x500Name.toString().toLowerCase().endsWith(templateById.getCustomizeDn().toLowerCase()))) {
                this.logger.debug("CMP更新证书：DN中的baseDn和模板不一致dn=[{}]", x500Name);
                if (!x500Name.toString().toLowerCase().endsWith(caInfo.getBaseDn().toLowerCase())) {
                    this.logger.debug("CMP更新证书失败：DN中的baseDn不正确dn=[{}]", x500Name);
                    return Result.failure(ErrorEnum.BASEDN_ERROR);
                }
                RaDO raDoById = this.raTemplateDao.getRaDoById(l);
                if (null == raDoById || !x500Name.toString().toLowerCase().endsWith(raDoById.getBaseDn().toLowerCase())) {
                    this.logger.info("CMP更新双证书失败: 用户的baseDN[{}]和RA的BaseDn[{}]不一致", x500Name.toString(), raDoById.getBaseDn());
                    return Result.failure(ErrorEnum.USER_DN_NOT_SAME_RA_BASEDN);
                }
            }
            if (certDO.getNotAfterTime().before(new Date())) {
                this.logger.info("CMP更新证书失败：证书过期signSn=" + str + ",afterTime=" + certDO.getNotAfterTime());
                failure = Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXPIRED);
            } else {
                if (certDO.getStatus().intValue() != 2) {
                    try {
                        CertDataDO queryCertDataById = this.certDataDao.queryCertDataById(certDO.getId());
                        CertDataDO queryCertDataById2 = this.certDataDao.queryCertDataById(certDO.getPairCertId());
                        new RACertResponseVO();
                        Date date = new Date();
                        Date notAfterTime = certDO.getNotAfterTime();
                        if (null != certTemplate.getValidity()) {
                            date = certTemplate.getValidity().getNotBefore().getDate();
                            notAfterTime = IssueTimeUtil.getUserIssueAfterTime(certTemplate.getValidity().getNotAfter().getDate(), templateById.getMaxValidity(), caInfo.getRootCert().getNotAfter(), date);
                        }
                        boolean z = false;
                        if (null == publicKey) {
                            this.logger.debug("开始处理证书延期或DN更新请求，dn=" + x500Name);
                            updateUserCertPwd = updateUserCertInfo(caInfo, x500Name, queryCertDataById, queryCertDataById2, date, notAfterTime, certDO, l, templateById, userCertSnVO);
                            this.logger.debug("证书延期或DN更新请求处理完成，dn=" + x500Name);
                        } else {
                            this.logger.debug("开始处理证书密钥更新请求，dn=" + x500Name);
                            updateUserCertPwd = updateUserCertPwd(caInfo, publicKey, x500Name, certDO, queryCertDataById, queryCertDataById2, date, notAfterTime, l, templateById, userCertSnVO);
                            z = true;
                            this.logger.debug("证书密钥更新请求处理完成，dn=" + x500Name);
                        }
                        Constants.CMP_REQ_INFO.put(str2, templateById.getCertPatterm().intValue() == CertPattermEnum.DOUBLE_CERT.id ? new CMPReqCacheVO(CertUtil.getSNByCertStr(updateUserCertPwd.getSignCert()), CertUtil.getSNByCertStr(updateUserCertPwd.getEncCert()), num, z) : new CMPReqCacheVO(CertUtil.getSNByCertStr(updateUserCertPwd.getSignCert()), (String) null, num, z));
                        this.logger.debug("cmp请求id信息写入缓存成功，reqId=" + str2 + ",signSn=" + CertUtil.getSNByCertStr(updateUserCertPwd.getSignCert()) + ",isRevokePwd=" + z);
                        this.logger.info("CMP用户证书更新成功，reqId=" + str2 + ",signCert=" + updateUserCertPwd.getSignCert());
                        this.logger.info("更新用户证书成功：signCert=" + updateUserCertPwd.getSignCert() + ",encCert=" + updateUserCertPwd.getEncCert() + ",encPriKey=" + updateUserCertPwd.getEncPriKey());
                        return Result.success(updateUserCertPwd);
                    } catch (Exception e) {
                        this.logger.debug("CMP更新用户证书失败：reqId=" + str2 + ",dn=" + x500Name.toString(), e);
                        throw new ServiceException("更新用户证书失败", e);
                    }
                }
                this.logger.debug("CMP更新证书失败：证书被冻结signSN=[{}]", str);
                failure = Result.failure(ErrorEnum.CERT_ISSUE_STATUE_FREEZE);
            }
            return failure;
        } catch (Exception e2) {
            this.logger.debug("CMP更新用户证书失败：reqId=" + str2 + ",dn=" + x500Name.toString(), e2);
            throw new ServiceException("更新用户证书失败", e2);
        }
    }

    public Result doRecoveryUserDoubleCert(String str, Integer num, PublicKey publicKey, X500Name x500Name, Long l, String str2) {
        this.logger.info("CMP收到证书恢复请求，reqID=" + str2 + " ,alg=" + num + " ,signSn=" + str + ",dn=" + x500Name + ",raId=" + l);
        try {
            CertDO certBySn = this.certDao.getCertBySn(str, num);
            new Result();
            if (null == certBySn) {
                if (null != this.revokeCertDao.getRevokeCertBySn(str, num)) {
                    this.logger.debug("CMP恢复证书失败：证书已经被撤销，signSn=[{}]", str);
                    return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_REVOKED);
                }
                if (null != this.outdateCertDao.getOutDateCertBySn(str, num)) {
                    this.logger.debug("CMP恢复证书失败：证书已经过期，signSn=[{}]", str);
                    return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXPIRED);
                }
                this.logger.debug("CMP恢复证书失败：没有找到正常状态的证书(还需要证书正确状态为已确认)，signSN=[{}]", str);
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXCEPTION);
            }
            CaInfoVO caInfo = this.initService.getCaInfo(num);
            if (null == caInfo || StringUtils.isBlank(caInfo.getBaseDn())) {
                this.logger.debug("CMP恢复双证书失败：未查到CA基本信息[{}]", x500Name.toString());
                return Result.failure(ErrorEnum.CA_BASEINFO_GET_FAIL);
            }
            if (caInfo.getRootCert().getNotAfter().before(new Date())) {
                this.logger.debug("CMP恢复证书失败：CA根证书已过期,rootCertAfterTime=[{}]", caInfo.getRootCert().getNotAfter());
                return Result.failure(ErrorEnum.CA_ROOT_CERT_EXPIRED);
            }
            TemplateDO templateById = this.templateDao.getTemplateById(certBySn.getTemplateId());
            if (null == templateById) {
                this.logger.debug("cmp恢复双证书失败：未查询到模板信息[{}]", x500Name.toString());
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            if (TemplateStatusEnum.NORMAL.value != templateById.getStatus().intValue()) {
                this.logger.info("查询模板信息结果：模板状态不正常，模板状态为[{}]", templateById.getStatus());
                return Result.failure(ErrorEnum.TEMPLATE_NOT_EXIST);
            }
            if (null != x500Name && (null == templateById.getCustomizeDn() || !x500Name.toString().toLowerCase().endsWith(templateById.getCustomizeDn().toLowerCase()))) {
                this.logger.debug("CMP恢复证书：DN中的baseDn和模板不一致dn=[{}]", x500Name);
                if (!x500Name.toString().toLowerCase().endsWith(caInfo.getBaseDn().toLowerCase())) {
                    this.logger.debug("CMP恢复证书失败：DN中的baseDn不正确dn=[{}]", x500Name);
                    return Result.failure(ErrorEnum.BASEDN_ERROR);
                }
                RaDO raDoById = this.raTemplateDao.getRaDoById(l);
                if (null == raDoById || !x500Name.toString().toLowerCase().endsWith(raDoById.getBaseDn().toLowerCase())) {
                    this.logger.info("CMP恢复双证书失败: 用户的baseDN[{}]和RA的BaseDn[{}]不一致", x500Name.toString(), raDoById.getBaseDn());
                    return Result.failure(ErrorEnum.USER_DN_NOT_SAME_RA_BASEDN);
                }
            }
            if (certBySn.getNotAfterTime().before(new Date())) {
                this.logger.info("CMP恢复证书失败：证书过期signSn=" + str + ",afterTime=" + certBySn.getNotAfterTime());
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXPIRED);
            }
            if (certBySn.getStatus().intValue() == 2) {
                this.logger.debug("CMP恢复证书失败：证书被冻结signSN=[{}]", str);
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_FREEZE);
            }
            try {
                CertDataDO queryCertDataById = this.certDataDao.queryCertDataById(certBySn.getId());
                CertDataDO queryCertDataById2 = this.certDataDao.queryCertDataById(certBySn.getPairCertId());
                Date date = new Date();
                Date notAfter = CertUtils.getCertFromStr(queryCertDataById2.getData()).getNotAfter();
                this.logger.debug("开始处理证书密钥恢复请求，dn=" + x500Name);
                RACertResponseVO recoveryUserCert = recoveryUserCert(caInfo, publicKey, x500Name, certBySn, queryCertDataById, queryCertDataById2, date, notAfter, l, templateById.getSignAlg());
                this.logger.debug("证书密钥恢复请求处理完成，dn=" + x500Name);
                CMPReqCacheVO cMPReqCacheVO = new CMPReqCacheVO(CertUtil.getSNByCertStr(recoveryUserCert.getSignCert()), (String) null, num, false);
                cMPReqCacheVO.setRecoveryKey(true);
                Constants.CMP_REQ_INFO.put(str2, cMPReqCacheVO);
                this.logger.debug("cmp请求id信息写入缓存成功，reqId=" + str2 + ",signSn=" + CertUtil.getSNByCertStr(recoveryUserCert.getSignCert()) + ",encSn=" + CertUtil.getSNByCertStr(recoveryUserCert.getEncCert()));
                this.logger.info("CMP用户证书恢复成功，reqId=" + str2 + ",signCert=" + recoveryUserCert.getSignCert() + ",encCert=" + recoveryUserCert.getEncCert() + ",encPriKey=" + recoveryUserCert.getEncPriKey());
                this.logger.info("恢复用户证书成功：signCert=" + recoveryUserCert.getSignCert() + ",encCert=" + recoveryUserCert.getEncCert() + ",encPriKey=" + recoveryUserCert.getEncPriKey());
                return Result.success(recoveryUserCert);
            } catch (Exception e) {
                this.logger.debug("CMP恢复用户证书失败：reqId=" + str2 + ",dn=" + x500Name.toString(), e);
                throw new ServiceException("恢复用户证书失败", e);
            }
        } catch (Exception e2) {
            this.logger.debug("CMP恢复用户证书失败：reqId=" + str2 + ",dn=" + x500Name.toString(), e2);
            throw new ServiceException("恢复用户证书失败", e2);
        }
    }

    private String getApplyKeySn(String str) {
        RevokedCertDO certBySn = this.revokeCertDao.getCertBySn(str);
        if (null == certBySn.getOldCertId()) {
            return RevokedCertDO.IS_REVOKE_KEY.YES_REGOKE_KEY.value == certBySn.getIsRevokeKey().intValue() ? "" : certBySn.getSn();
        }
        RevokedCertDO certById = this.revokeCertDao.getCertById(certBySn.getOldCertId().longValue());
        return (null == certById || RevokedCertDO.IS_REVOKE_KEY.YES_REGOKE_KEY.value == certById.getIsRevokeKey().intValue()) ? certBySn.getSn() : getApplyKeySn(certById.getSn());
    }

    public Result getServerCertInfoBySignSn(String str, Integer num) {
        try {
            this.logger.debug("收到RA获取服务器证书信息请求，signSn=" + str);
            Integer valueOf = Integer.valueOf(null == num ? AlgTypeEnum.SM2.value : num.intValue());
            Map queryServerCertInfoBySignSn = this.raCertDao.queryServerCertInfoBySignSn(str, valueOf);
            if (null != queryServerCertInfoBySignSn) {
                RAServerCertVO rAServerCertVO = new RAServerCertVO();
                rAServerCertVO.setRaId(Long.valueOf(queryServerCertInfoBySignSn.get("raId").toString()));
                rAServerCertVO.setStatus(Integer.valueOf(queryServerCertInfoBySignSn.get("status").toString()));
                rAServerCertVO.setServerCert(queryServerCertInfoBySignSn.get("certData").toString());
                this.logger.debug("RA获取服务器证书信息请求处理成功：" + rAServerCertVO);
                return Result.success(rAServerCertVO);
            }
            if (null != this.revokeManagerCertDao.getRevokManagerCertsBySn(str, valueOf)) {
                this.logger.debug("获取RA服务器证书信息失败：证书已经被撤销，signSn=[{}]", str);
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_REVOKED);
            }
            if (null != this.outDateManagerCertDao.getOutDateManagerCertsBySn(str, valueOf)) {
                this.logger.debug("获取RA服务器证书信息失败：证书已经过期，signSn=[{}]", str);
                return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXPIRED);
            }
            this.logger.debug("获取RA服务器证书信息失败：没有找到证书信息，signSN=[{}]", str);
            return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXCEPTION);
        } catch (Exception e) {
            throw new ServiceException("根据RA服务器证书SN和算法获取证书信息异常", e);
        }
    }

    public Result doAckCertIssueStatus(String str) {
        this.logger.info("CMP收到证书写卡成功状态确认消息处理请求，reqID=" + str);
        try {
            CMPReqCacheVO cMPReqCacheVO = (CMPReqCacheVO) Constants.CMP_REQ_INFO.get(str);
            if (null == cMPReqCacheVO) {
                return Result.failure(ErrorEnum.ADMIN_CERT_ACK_ERROR);
            }
            this.logger.info("CMP收到证书状态确认消息开始：reqID=" + str + ",signSn=" + cMPReqCacheVO.getSignSn());
            if (!cMPReqCacheVO.isRecoveryKey()) {
                this.certDao.updatePriCertStatus(cMPReqCacheVO.getSignSn(), cMPReqCacheVO.getEncSn());
                Constants.CMP_REQ_INFO.remove(str);
                this.logger.info("CMP收到证书状态确认消息处理成功：reqID=" + str + ",signSn=" + cMPReqCacheVO.getSignSn() + ",encSn=" + cMPReqCacheVO.getEncSn());
                CertDO certBySignSn = this.certDao.getCertBySignSn(cMPReqCacheVO.getSignSn(), cMPReqCacheVO.getKeyAlg());
                if (null == certBySignSn) {
                    this.logger.error("未获取到待确认的证书信息");
                    return Result.failure(ErrorEnum.DO_NOT_GET_NOT_CONFIRMED_CERT);
                }
                this.taskDataService.savePublishCert(certBySignSn.getId(), certBySignSn.getPairCertId(), 1);
                if (null != certBySignSn.getOldCertId()) {
                    this.logger.debug("证书更新发起签发确认，老证书id=" + certBySignSn.getOldCertId());
                    doRevokeUserCert(this.certDao.getCertById(certBySignSn.getOldCertId()).getSn(), cMPReqCacheVO.getKeyAlg(), cMPReqCacheVO.isRevokePwd(), 4, "证书更新", false);
                }
                this.logger.debug("证书确认的证书类型:[{}]", certBySignSn.getType());
                if (CertDO.CertTypeEnum.ENC.value != certBySignSn.getType().intValue()) {
                    this.taskDataService.deleteNoConfirmCertSync(certBySignSn.getId(), (Long) null);
                } else {
                    this.taskDataService.deleteNoConfirmCertSync(certBySignSn.getPairCertId(), (Long) null);
                }
                return Result.success();
            }
            this.certDao.updateRecoverySignCertStatus(cMPReqCacheVO.getSignSn());
            Constants.CMP_REQ_INFO.remove(str);
            CertDO certBySn = this.certDao.getCertBySn(cMPReqCacheVO.getSignSn(), cMPReqCacheVO.getKeyAlg());
            if (null == certBySn) {
                this.logger.error("未获取到待确认的证书信息");
                return Result.failure(ErrorEnum.DO_NOT_GET_NOT_CONFIRMED_CERT);
            }
            this.taskDataService.savePublishCert(certBySn.getId(), certBySn.getPairCertId(), 1);
            CertDO certByPairCertId = this.certDao.getCertByPairCertId(certBySn.getPairCertId());
            CertDO certById = this.certDao.getCertById(certByPairCertId.getPairCertId());
            this.certDao.updateOldCertPairInfo(certByPairCertId.getSn(), (Long) null, (String) null);
            this.certDao.updateOldCertPairInfo(certById.getSn(), certBySn.getId(), certBySn.getSn());
            if (null != certBySn.getOldCertId() && !doRevokeUserCert(this.certDao.getCertById(certBySn.getOldCertId()).getSn(), cMPReqCacheVO.getKeyAlg(), false, 4, "密钥恢复", true).isSuccess()) {
                this.logger.info("撤销恢复密钥前的签名证书信息失败");
                Result.failure(ErrorEnum.ADMIN_CERT_ACK_ERROR);
            }
            this.taskDataService.deleteNoConfirmCertSync(certBySn.getId(), (Long) null);
            return Result.success();
        } catch (Exception e) {
            this.logger.debug("确认cmp证书写卡状态失败", e);
            throw new ServiceException("确认cmp证书写卡状态异常", e);
        }
    }

    public Result doErrorAckCertIssueStatus(String str, ErrorMsgContent errorMsgContent) {
        this.logger.info("CMP收到证书写卡失败状态确认消息处理请求，reqID=" + str);
        try {
            CMPReqCacheVO cMPReqCacheVO = (CMPReqCacheVO) Constants.CMP_REQ_INFO.get(str);
            if (null != cMPReqCacheVO) {
                this.logger.error("CMP协议返回异常确认消息[{}]", "[ErrorMsgContent:errorCode=" + errorMsgContent.getErrorCode() + ",errorMsg=" + errorMsgContent.getErrorDetails().getStringAt(0).getString());
                this.certDao.updatePriCertStatus(cMPReqCacheVO.getSignSn(), cMPReqCacheVO.getEncSn());
                CertDO certBySn = this.certDao.getCertBySn(cMPReqCacheVO.getSignSn(), Constants.BASE_ALG_TYPE);
                this.taskDataService.savePublishCert(certBySn.getId(), certBySn.getPairCertId(), 1);
                if (CertDO.CertTypeEnum.ENC.value != certBySn.getType().intValue()) {
                    this.taskDataService.deleteNoConfirmCertSync(certBySn.getId(), (Long) null);
                } else {
                    this.taskDataService.deleteNoConfirmCertSync(certBySn.getPairCertId(), (Long) null);
                }
                new Result();
                if ((cMPReqCacheVO.isRecoveryKey() ? doRevokeUserCert(cMPReqCacheVO.getSignSn(), Integer.valueOf(AlgTypeEnum.SM2.value), false, 0, "证书写卡失败", true) : doRevokeUserCert(cMPReqCacheVO.getSignSn(), Integer.valueOf(AlgTypeEnum.SM2.value), false, 0, "证书写卡失败", false)).isSuccess()) {
                    Constants.CMP_REQ_INFO.remove(str);
                    return Result.success();
                }
                this.logger.error("处理证书写卡失败状态上报时，撤销证书失败，reqId=[{}],signSn=[{}]", str, cMPReqCacheVO.getSignSn());
            }
            return Result.failure(ErrorEnum.ADMIN_CERT_ACK_ERROR);
        } catch (Exception e) {
            this.logger.error("确认cmp证书写卡状态失败", e);
            throw new ServiceException("确认cmp证书写卡状态失败", e);
        }
    }

    public Result getCertLastUpdateTime(String str, Integer num, Integer num2) {
        try {
            X509Certificate rootCert = this.initService.getCaInfo(num).getRootCert();
            Integer num3 = 0;
            if (Constants.RA_USER_CERT_TYPE.intValue() == num2.intValue()) {
                CertDO certBySn = this.certDao.getCertBySn(str, num);
                new Result();
                if (null == certBySn) {
                    if (null != this.revokeCertDao.getRevokeCertBySn(str, num)) {
                        this.logger.debug("CMP更新证书失败：证书已经被撤销，signSn=[{}]", str);
                        return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_REVOKED);
                    }
                    if (null != this.outdateCertDao.getOutDateCertBySn(str, num)) {
                        this.logger.debug("CMP更新证书失败：证书已经过期，signSn=[{}]", str);
                        return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXPIRED);
                    }
                    this.logger.debug("CMP更新证书失败：没有找到正常状态的证书(还需要证书正确状态为已确认)，signSN=[{}]", str);
                    return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXCEPTION);
                }
                num3 = Integer.valueOf(IssueTimeUtil.getMaxIssueTime(this.templateDao.getTemplateById(certBySn.getTemplateId()).getMaxValidity(), rootCert.getNotAfter(), certBySn.getKeyNotAfterTime()).intValue());
            } else if (Constants.RA_MANAGER_CERT_TYPE.intValue() == num2.intValue()) {
                ManageCertDO managerCertsBySn = this.managerCertDao.getManagerCertsBySn(str, num.intValue());
                if (null == managerCertsBySn) {
                    if (null != this.revokeManagerCertDao.getRevokManagerCertsBySn(str, num)) {
                        this.logger.debug("获取RA管理员证书信息失败：证书已经被撤销，signSn=[{}]", str);
                        return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_REVOKED);
                    }
                    if (null != this.outDateManagerCertDao.getOutDateManagerCertsBySn(str, num)) {
                        this.logger.debug("获取RA管理员证书信息失败：证书已经过期，signSn=[{}]", str);
                        return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXPIRED);
                    }
                    this.logger.debug("获取RA管理员证书信息失败：没有找到正常状态的证书(管理员证书还需要证书正确状态为已确认)，signSN=[{}]", str);
                    return Result.failure(ErrorEnum.CERT_ISSUE_STATUE_EXCEPTION);
                }
                num3 = IssueTimeUtil.getMaxIssueTime(this.templateDao.getTemplateById(managerCertsBySn.getTemplateId()).getMaxValidity(), rootCert.getNotAfter());
            }
            HashMap hashMap = new HashMap();
            hashMap.put("maxIssueTime", num3);
            return Result.success(hashMap);
        } catch (Exception e) {
            this.logger.error("获取证书签发时间异常", e);
            throw new ServiceException("获取证书签发时间异常", e);
        }
    }

    private RACertResponseVO updateUserCertInfo(CaInfoVO caInfoVO, X500Name x500Name, CertDataDO certDataDO, CertDataDO certDataDO2, Date date, Date date2, CertDO certDO, Long l, TemplateDO templateDO, UserCertSnVO userCertSnVO) throws Exception {
        X509Certificate x509Certificate;
        Long id;
        X509Certificate certFromStr = CertUtil.getCertFromStr(certDataDO.getData());
        List genExtensions = CertUtil.genExtensions(certFromStr);
        BigInteger signSn = userCertSnVO.getSignSn();
        Long l2 = null;
        if (this.certDao.isOpenCrl(certDO.getSn())) {
            l2 = certDO.getTemplateId();
        }
        X509Certificate genX509Certificate = this.hsmService.genX509Certificate(x500Name.toString(), signSn, date, date2, caInfoVO, certFromStr.getPublicKey(), ExtensionUtil.updateExtension(genExtensions, this.crlTemplateService.getLdapOcspUrl(signSn, x500Name.toString(), caInfoVO, false, l2, certDO.getCrlTempId()), x500Name.toString(), certFromStr.getPublicKey()), templateDO.getSignAlg());
        X509Certificate x509Certificate2 = null;
        if (null != certDataDO2) {
            BigInteger encSn = userCertSnVO.getEncSn();
            X509Certificate certFromStr2 = CertUtil.getCertFromStr(certDataDO2.getData());
            x509Certificate2 = this.hsmService.genX509Certificate(x500Name.toString(), encSn, date, date2, caInfoVO, certFromStr2.getPublicKey(), ExtensionUtil.updateExtension(CertUtil.genExtensions(certFromStr2), this.crlTemplateService.getLdapOcspUrl(encSn, x500Name.toString(), caInfoVO, false, l2, certDO.getCrlTempId()), x500Name.toString(), certFromStr2.getPublicKey()), templateDO.getSignAlg());
        }
        TemplateInfoVO templateInfoVO = new TemplateInfoVO();
        templateInfoVO.setKeyAlg(certDO.getPublicKeyAlg());
        templateInfoVO.setKeySize(certDO.getPrivateKeySize());
        templateInfoVO.setSignAlg(certDO.getSignAlg());
        templateInfoVO.setId(certDO.getTemplateId());
        templateInfoVO.setOpenCrl(Boolean.valueOf(this.templateUserCertDao.queryBySn(certDO.getSn()).isOpenCrl()));
        X509Certificate x509Certificate3 = null;
        Long l3 = null;
        if (certDO.getType().intValue() == UserCertTypeEnum.SIGNCERT.value) {
            x509Certificate = genX509Certificate;
            x509Certificate3 = x509Certificate2;
            id = certDO.getId();
            l3 = certDO.getPairCertId();
        } else if (certDO.getType().intValue() == UserCertTypeEnum.ENCCERT.value) {
            x509Certificate = x509Certificate2;
            x509Certificate3 = genX509Certificate;
            l3 = certDO.getId();
            id = certDO.getPairCertId();
        } else {
            x509Certificate = genX509Certificate;
            id = certDO.getId();
        }
        if (certDO.getType().intValue() == UserCertTypeEnum.SINGLECERT.value) {
            saveRaUserCert(caInfoVO, x509Certificate, templateInfoVO, l, id);
        } else {
            saveRaUserCert(caInfoVO, x509Certificate, x509Certificate3, templateInfoVO, l, id, l3);
        }
        return new RACertResponseVO(x509Certificate, x509Certificate3, "");
    }

    private RACertResponseVO updateUserCertPwd(CaInfoVO caInfoVO, PublicKey publicKey, X500Name x500Name, CertDO certDO, CertDataDO certDataDO, CertDataDO certDataDO2, Date date, Date date2, Long l, TemplateDO templateDO, UserCertSnVO userCertSnVO) {
        X509Certificate x509Certificate;
        Long id;
        PublicKey publicKey2;
        try {
            X509Certificate certFromStr = CertUtil.getCertFromStr(certDataDO.getData());
            X509Certificate x509Certificate2 = null;
            if (null != certDataDO2) {
                x509Certificate2 = CertUtil.getCertFromStr(certDataDO2.getData());
            }
            X509Certificate x509Certificate3 = null;
            Long l2 = null;
            if (certDO.getType().intValue() == UserCertTypeEnum.SIGNCERT.value) {
                x509Certificate = certFromStr;
                x509Certificate3 = x509Certificate2;
                id = certDO.getId();
                l2 = certDO.getPairCertId();
            } else if (certDO.getType().intValue() == UserCertTypeEnum.ENCCERT.value) {
                x509Certificate = x509Certificate2;
                x509Certificate3 = certFromStr;
                l2 = certDO.getId();
                id = certDO.getPairCertId();
            } else {
                x509Certificate = certFromStr;
                id = certDO.getId();
            }
            TemplateInfoVO templateInfoVO = new TemplateInfoVO();
            templateInfoVO.setKeyAlg(certDO.getPublicKeyAlg());
            templateInfoVO.setKeySize(certDO.getPrivateKeySize());
            templateInfoVO.setSignAlg(certDO.getSignAlg());
            templateInfoVO.setId(certDO.getTemplateId());
            templateInfoVO.setOpenCrl(Boolean.valueOf(this.templateUserCertDao.queryBySn(certDO.getSn()).isOpenCrl()));
            List genExtensions = CertUtil.genExtensions(x509Certificate);
            BigInteger signSn = userCertSnVO.getSignSn();
            Long l3 = null;
            if (templateDO.getOpenCrl().booleanValue()) {
                l3 = templateDO.getId();
            }
            X509Certificate genX509Certificate = this.hsmService.genX509Certificate(x500Name.toString(), signSn, date, date2, caInfoVO, publicKey, ExtensionUtil.updateExtension(genExtensions, this.crlTemplateService.getLdapOcspUrl(signSn, x500Name.toString(), caInfoVO, false, l3, certDO.getCrlTempId()), x500Name.toString(), publicKey), templateDO.getSignAlg());
            String str = "";
            BigInteger encSn = userCertSnVO.getEncSn();
            if (templateDO.getCertPatterm().intValue() == CertPattermEnum.DOUBLE_CERT.id) {
                if (Constants.IS_KM) {
                    KmsService kmsService = null;
                    int kmSystemType = this.configFileService.getConfigInfo().getKmSystemType();
                    if (kmSystemType == 1) {
                        kmsService = (KmsService) SpringBeanUtil.getBean("kmsSansecService");
                    } else if (kmSystemType == 2) {
                        kmsService = (KmsService) SpringBeanUtil.getBean("kmsXdjaHttpService");
                    }
                    this.logger.debug("开始密管系统申请公私钥");
                    ResponseBean applyEncKey = kmsService.applyEncKey(caInfoVO, encSn, publicKey, date, caInfoVO.getRootCert().getNotAfter(), x500Name.toString(), (String) null, (String) null, templateDO.getKeySize().intValue(), "SM4", "SM3");
                    publicKey2 = StringUtils.isNotBlank(applyEncKey.getPublicKeyStr()) ? CertUtils.getPublicKeyBySubjectPublicInfo(applyEncKey.getPublicKeyStr()) : applyEncKey.getEncPublicKey();
                    str = applyEncKey.getPrivateKeyStr();
                    this.logger.debug("向密管系统申请公私钥结束");
                } else {
                    this.logger.debug("开始向KmSoft申请公私钥");
                    RetKeyRespond applyKey = kmSoft.applyKey(templateDO.getKeyAlg(), templateDO.getKeySize().intValue(), x500Name.toString(), signSn, publicKey);
                    publicKey2 = applyKey.getPublicKey();
                    str = Base64.toBase64String(applyKey.getEncryptedPrivateKey().getDEREncoded());
                    this.logger.info("向KM申请加密公私钥成功，encPrivate" + Base64.toBase64String(applyKey.getEncryptedPrivateKey().getDEREncoded()) + ",public=" + new String(Base64.encode(applyKey.getPublicKey().getEncoded())));
                }
                x509Certificate3 = this.hsmService.genX509Certificate(x500Name.toString(), encSn, date, date2, caInfoVO, publicKey2, ExtensionUtil.updateExtension(CertUtil.genExtensions(x509Certificate3), this.crlTemplateService.getLdapOcspUrl(encSn, x500Name.toString(), caInfoVO, false, l3, certDO.getCrlTempId()), x500Name.toString(), publicKey2), templateDO.getSignAlg());
                saveRaUserCert(caInfoVO, genX509Certificate, x509Certificate3, templateInfoVO, l, id, l2);
            } else {
                saveRaUserCert(caInfoVO, genX509Certificate, templateInfoVO, l, id);
            }
            return new RACertResponseVO(genX509Certificate, x509Certificate3, str);
        } catch (Exception e) {
            throw new ServiceException("更新用户证书失败", e);
        }
    }

    public void saveRaUserCert(CaInfoVO caInfoVO, X509Certificate x509Certificate, X509Certificate x509Certificate2, TemplateInfoVO templateInfoVO, Long l, Long l2, Long l3) throws Exception {
        CertDO certDO = new CertDO();
        CertDataDO certDataDO = new CertDataDO();
        CertDataDO certDataDO2 = new CertDataDO();
        X509Certificate rootCert = caInfoVO.getRootCert();
        certDataDO.setData(CertUtil.writeObject(x509Certificate));
        certDataDO.setGmtCreate(x509Certificate.getNotBefore());
        Date date = new Date();
        certDO.setId(Long.valueOf(this.certIdDao.getMaxId(date)));
        certDO.setFrozenNum(0);
        certDO.setCaCertId(caInfoVO.getCertId());
        certDO.setConfirmationStatus(Constants.ISSUE_CERT_NO_ACK);
        certDO.setSn(x509Certificate.getSerialNumber().toString(16));
        certDO.setSubject(CertUtil.getSubjectByX509Cert(x509Certificate));
        certDO.setIssuer(CertUtil.getIssuerByX509Cert(x509Certificate));
        certDO.setPublicKeyAlg(templateInfoVO.getKeyAlg());
        certDO.setPrivateKeySize(templateInfoVO.getKeySize());
        certDO.setNotBeforeTime(x509Certificate.getNotBefore());
        certDO.setNotAfterTime(x509Certificate.getNotAfter());
        certDO.setKeyNotAfterTime(rootCert.getNotAfter());
        certDO.setKeyNotBeforeTime(x509Certificate.getNotBefore());
        certDO.setSignAlg(templateInfoVO.getSignAlg());
        certDO.setType(Integer.valueOf(UserCertTypeEnum.SIGNCERT.value));
        if (null != l2) {
            certDO.setOldCertId(l2);
        }
        certDO.setStatus(1);
        certDO.setTemplateId(templateInfoVO.getId());
        certDO.setPairCertSn(x509Certificate2.getSerialNumber().toString(16));
        certDO.setConfirmationStatus(Constants.ISSUE_CERT_NO_ACK);
        certDO.setGmtCreate(x509Certificate.getNotBefore());
        certDataDO2.setData(CertUtil.writeObject(x509Certificate2));
        certDataDO2.setGmtCreate(x509Certificate.getNotBefore());
        long crlTempIdByCertTempId = this.templateDao.getCrlTempIdByCertTempId(templateInfoVO.getId().longValue());
        if (crlTempIdByCertTempId != -1) {
            this.crlTemplateService.increamCertCount(Long.valueOf(crlTempIdByCertTempId));
            CrlTemplateDO crlTemplateById = this.crlTemplateDao.getCrlTemplateById(Long.valueOf(crlTempIdByCertTempId));
            certDO.setCrlTempId(Long.valueOf(crlTempIdByCertTempId));
            certDO.setSegmentNo(String.valueOf(crlTemplateById.getCertCount().intValue() / crlTemplateById.getCrlMaxCertNumber().intValue()));
        }
        CertDO save = this.certDao.save(certDO);
        certDataDO.setId(save.getId());
        save.setSn(x509Certificate2.getSerialNumber().toString(16));
        save.setPairCertId(save.getId());
        save.setType(Integer.valueOf(UserCertTypeEnum.ENCCERT.value));
        if (null != l3) {
            save.setOldCertId(l3);
        }
        save.setPairCertSn(x509Certificate.getSerialNumber().toString(16));
        save.setId(Long.valueOf(this.certIdDao.getMaxId(date)));
        CertDO save2 = this.certDao.save(save);
        if (crlTempIdByCertTempId != -1) {
            this.crlTemplateService.increamCertCount(Long.valueOf(crlTempIdByCertTempId));
            save2.setCrlTempId(Long.valueOf(crlTempIdByCertTempId));
            CrlTemplateDO crlTemplateById2 = this.crlTemplateDao.getCrlTemplateById(Long.valueOf(crlTempIdByCertTempId));
            save2.setSegmentNo(String.valueOf(crlTemplateById2.getCertCount().intValue() / crlTemplateById2.getCrlMaxCertNumber().intValue()));
        }
        certDataDO2.setId(save2.getId());
        this.certDao.updatePairCertId(save2.getPairCertId(), save2.getId());
        ArrayList arrayList = new ArrayList();
        arrayList.add(certDataDO2);
        arrayList.add(certDataDO);
        this.certDataDao.saveBatch(arrayList);
        RaCertDO raCertDO = new RaCertDO();
        RaCertDO raCertDO2 = new RaCertDO();
        raCertDO.setRaId(l);
        raCertDO.setCertId(save2.getId());
        raCertDO.setGmtCreate(x509Certificate2.getNotBefore());
        raCertDO2.setCertId(save2.getPairCertId());
        raCertDO2.setRaId(l);
        raCertDO2.setGmtCreate(x509Certificate2.getNotBefore());
        TemplateUserCertDO templateUserCertDO = new TemplateUserCertDO();
        templateUserCertDO.setOpenCrl(templateInfoVO.getOpenCrl().booleanValue());
        templateUserCertDO.setTemplateId(templateInfoVO.getId());
        templateUserCertDO.setId((Long) null);
        templateUserCertDO.setSn(x509Certificate.getSerialNumber().toString(16));
        this.templateUserCertDao.insert(templateUserCertDO);
        templateUserCertDO.setId((Long) null);
        templateUserCertDO.setSn(x509Certificate2.getSerialNumber().toString(16));
        this.templateUserCertDao.insert(templateUserCertDO);
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(raCertDO);
        arrayList2.add(raCertDO2);
        this.raCertDao.saveBatch(arrayList2);
        this.taskDataService.saveCertConfirmStatus(certDataDO.getId(), (Long) null);
    }

    public void saveRaUserCert(CaInfoVO caInfoVO, X509Certificate x509Certificate, TemplateInfoVO templateInfoVO, Long l, Long l2) throws Exception {
        CertDO certDO = new CertDO();
        CertDataDO certDataDO = new CertDataDO();
        X509Certificate rootCert = caInfoVO.getRootCert();
        certDataDO.setData(CertUtil.writeObject(x509Certificate));
        certDataDO.setGmtCreate(x509Certificate.getNotBefore());
        Date date = new Date();
        certDO.setFrozenNum(0);
        certDO.setId(Long.valueOf(this.certIdDao.getMaxId(date)));
        certDO.setCaCertId(caInfoVO.getCertId());
        certDO.setConfirmationStatus(Constants.ISSUE_CERT_NO_ACK);
        certDO.setSn(x509Certificate.getSerialNumber().toString(16));
        certDO.setSubject(CertUtil.getSubjectByX509Cert(x509Certificate));
        certDO.setIssuer(CertUtil.getIssuerByX509Cert(x509Certificate));
        certDO.setPublicKeyAlg(templateInfoVO.getKeyAlg());
        certDO.setPrivateKeySize(templateInfoVO.getKeySize());
        certDO.setNotBeforeTime(x509Certificate.getNotBefore());
        certDO.setNotAfterTime(x509Certificate.getNotAfter());
        certDO.setKeyNotAfterTime(rootCert.getNotAfter());
        certDO.setKeyNotBeforeTime(x509Certificate.getNotBefore());
        certDO.setSignAlg(templateInfoVO.getSignAlg());
        certDO.setType(Integer.valueOf(UserCertTypeEnum.SINGLECERT.value));
        if (null != l2) {
            certDO.setOldCertId(l2);
        }
        certDO.setStatus(1);
        certDO.setTemplateId(templateInfoVO.getId());
        certDO.setPairCertSn((String) null);
        certDO.setConfirmationStatus(Constants.ISSUE_CERT_NO_ACK);
        certDO.setGmtCreate(x509Certificate.getNotBefore());
        long crlTempIdByCertTempId = this.templateDao.getCrlTempIdByCertTempId(templateInfoVO.getId().longValue());
        if (crlTempIdByCertTempId != -1) {
            this.crlTemplateService.increamCertCount(Long.valueOf(crlTempIdByCertTempId));
            certDO.setCrlTempId(Long.valueOf(crlTempIdByCertTempId));
            CrlTemplateDO crlTemplateById = this.crlTemplateDao.getCrlTemplateById(Long.valueOf(crlTempIdByCertTempId));
            certDO.setSegmentNo(String.valueOf(crlTemplateById.getCertCount().intValue() / crlTemplateById.getCrlMaxCertNumber().intValue()));
        }
        this.certDao.save(certDO);
        certDataDO.setId(certDO.getId());
        ArrayList arrayList = new ArrayList();
        arrayList.add(certDataDO);
        this.certDataDao.saveBatch(arrayList);
        RaCertDO raCertDO = new RaCertDO();
        raCertDO.setRaId(l);
        raCertDO.setCertId(certDO.getId());
        raCertDO.setGmtCreate(x509Certificate.getNotBefore());
        TemplateUserCertDO templateUserCertDO = new TemplateUserCertDO();
        templateUserCertDO.setOpenCrl(templateInfoVO.getOpenCrl().booleanValue());
        templateUserCertDO.setTemplateId(templateInfoVO.getId());
        templateUserCertDO.setId((Long) null);
        templateUserCertDO.setSn(x509Certificate.getSerialNumber().toString(16));
        this.logger.info("========================" + JsonUtils.object2Json(this.templateUserCertDao.insert(templateUserCertDO)));
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(raCertDO);
        this.raCertDao.saveBatch(arrayList2);
        this.taskDataService.saveCertConfirmStatus(certDataDO.getId(), (Long) null);
    }

    private RACertResponseVO recoveryUserCert(CaInfoVO caInfoVO, PublicKey publicKey, X500Name x500Name, CertDO certDO, CertDataDO certDataDO, CertDataDO certDataDO2, Date date, Date date2, Long l, String str) {
        String base64String;
        try {
            X509Certificate certFromStr = CertUtil.getCertFromStr(certDataDO.getData());
            X509Certificate certFromStr2 = CertUtil.getCertFromStr(certDataDO2.getData());
            Long id = certDO.getId();
            Long pairCertId = certDO.getPairCertId();
            CertDO certById = this.certDao.getCertById(pairCertId);
            List genExtensions = CertUtil.genExtensions(certFromStr);
            BigInteger maxSn = this.certSnDao.getMaxSn(date);
            X509Certificate genX509Certificate = this.hsmService.genX509Certificate(x500Name.toString(), maxSn, date, date2, caInfoVO, publicKey, ExtensionUtil.updateExtension(genExtensions, this.crlTemplateService.getLdapOcspUrl(maxSn, x500Name.toString(), caInfoVO, false, certDO.getTemplateId(), certDO.getCrlTempId()), x500Name.toString(), publicKey), str);
            this.logger.info("开始向KM申请加密公私钥，dn=" + x500Name.toString() + ",signSn=" + maxSn);
            Object obj = Constants.ENC_PRIVATE_MAP.get(certFromStr2.getSerialNumber().toString(16));
            this.logger.info("恢复密钥的加密证书sn为：" + certFromStr2.getSerialNumber().toString(16));
            this.logger.info("恢复密钥对应的密钥为：" + obj);
            KmsService kmsService = null;
            if (Constants.IS_KM) {
                int kmSystemType = this.configFileService.getConfigInfo().getKmSystemType();
                if (kmSystemType == 1) {
                    kmsService = (KmsService) SpringBeanUtil.getBean("kmsSansecService");
                } else if (kmSystemType == 2) {
                    kmsService = (KmsService) SpringBeanUtil.getBean("kmsXdjaHttpService");
                }
                this.logger.info("开始密管系统恢复公私钥");
                BigInteger serialNumber = certFromStr2.getSerialNumber();
                if (null != certById.getOldCertId()) {
                    RevokedCertDO certById2 = this.revokeCertDao.getCertById(certById.getOldCertId().longValue());
                    this.logger.debug("老的证书id：" + certById.getOldCertId());
                    this.logger.debug("老的老的加密证书sn:" + certById2.getSn());
                    String applyKeySn = getApplyKeySn(certById2.getSn());
                    if (StringUtils.isNotBlank(applyKeySn)) {
                        serialNumber = new BigInteger(applyKeySn, 16);
                    }
                }
                this.logger.debug("向KM进行恢复密钥实际使用的证书sn为：" + serialNumber.toString(16));
                base64String = new String(kmsService.restoreEncKey(caInfoVO, serialNumber, publicKey).getPrivateKeyStr().getBytes());
                this.logger.debug("向密管系统恢复公私钥结束");
            } else {
                this.logger.debug("revokeSignCert[{}]", JSON.toJSONString(certDO));
                if (null != obj) {
                    this.logger.debug("恢复密钥时临时公钥:publickey=[{}]", publicKey);
                    base64String = Base64.toBase64String(kmSoft.restoreKey(certDO.getPublicKeyAlg(), certDO.getPrivateKeySize().intValue(), x500Name.toString(), maxSn, publicKey, (PrivateKey) obj).getEncryptedPrivateKey().getDEREncoded());
                    this.logger.debug("向密管系统恢复公私钥结束:map。 signAndEvlopedDataBase64=" + base64String);
                } else {
                    this.logger.debug("开始向KmSoft恢复公私钥");
                    RetKeyRespond applyKey = kmSoft.applyKey(certDO.getPublicKeyAlg(), certDO.getPrivateKeySize().intValue(), x500Name.toString(), maxSn, publicKey);
                    applyKey.getPublicKey();
                    base64String = Base64.toBase64String(applyKey.getEncryptedPrivateKey().getDEREncoded());
                    this.logger.debug("向密管系统恢复公私钥结束:hard。signAndEvlopedDataBase64=" + base64String);
                }
            }
            TemplateInfoVO templateInfoVO = new TemplateInfoVO();
            templateInfoVO.setKeyAlg(certDO.getPublicKeyAlg());
            templateInfoVO.setKeySize(certDO.getPrivateKeySize());
            templateInfoVO.setSignAlg(certDO.getSignAlg());
            templateInfoVO.setId(certDO.getTemplateId());
            templateInfoVO.setOpenCrl(Boolean.valueOf(this.templateUserCertDao.queryBySn(certFromStr.getSerialNumber().toString(16)).isOpenCrl()));
            RACertResponseVO rACertResponseVO = new RACertResponseVO(genX509Certificate, certFromStr2, base64String);
            saveRaSignUserCert(caInfoVO, genX509Certificate, certFromStr2, templateInfoVO, l, id, pairCertId);
            return rACertResponseVO;
        } catch (Exception e) {
            throw new ServiceException("恢复用户证书失败", e);
        }
    }

    public void saveRaSignUserCert(CaInfoVO caInfoVO, X509Certificate x509Certificate, X509Certificate x509Certificate2, TemplateInfoVO templateInfoVO, Long l, Long l2, Long l3) throws Exception {
        CertDO certDO = new CertDO();
        X509Certificate rootCert = caInfoVO.getRootCert();
        certDO.setId(Long.valueOf(this.certIdDao.getMaxId(new Date())));
        certDO.setCaCertId(caInfoVO.getCertId());
        certDO.setConfirmationStatus(Constants.ISSUE_CERT_NO_ACK);
        certDO.setSn(x509Certificate.getSerialNumber().toString(16));
        certDO.setSubject(CertUtil.getSubjectByX509Cert(x509Certificate));
        certDO.setIssuer(CertUtil.getIssuerByX509Cert(x509Certificate));
        certDO.setPublicKeyAlg(templateInfoVO.getKeyAlg());
        certDO.setPrivateKeySize(templateInfoVO.getKeySize());
        certDO.setNotBeforeTime(x509Certificate.getNotBefore());
        certDO.setNotAfterTime(x509Certificate.getNotAfter());
        certDO.setFrozenNum(0);
        certDO.setKeyNotAfterTime(rootCert.getNotAfter());
        certDO.setKeyNotBeforeTime(x509Certificate.getNotBefore());
        certDO.setSignAlg(templateInfoVO.getSignAlg());
        certDO.setType(Integer.valueOf(UserCertTypeEnum.SIGNCERT.value));
        if (null != l2) {
            certDO.setOldCertId(l2);
        }
        certDO.setStatus(1);
        certDO.setTemplateId(templateInfoVO.getId());
        certDO.setPairCertId(l3);
        certDO.setPairCertSn(x509Certificate2.getSerialNumber().toString(16));
        certDO.setConfirmationStatus(Constants.ISSUE_CERT_NO_ACK);
        certDO.setGmtCreate(x509Certificate.getNotBefore());
        CertDO save = this.certDao.save(certDO);
        long crlTempIdByCertTempId = this.templateDao.getCrlTempIdByCertTempId(templateInfoVO.getId().longValue());
        if (crlTempIdByCertTempId != -1) {
            this.crlTemplateService.increamCertCount(Long.valueOf(crlTempIdByCertTempId));
            save.setCrlTempId(Long.valueOf(crlTempIdByCertTempId));
            CrlTemplateDO crlTemplateById = this.crlTemplateDao.getCrlTemplateById(Long.valueOf(crlTempIdByCertTempId));
            save.setSegmentNo(String.valueOf(crlTemplateById.getCertCount().intValue() / crlTemplateById.getCrlMaxCertNumber().intValue()));
        }
        CertDataDO certDataDO = new CertDataDO();
        certDataDO.setData(CertUtil.writeObject(x509Certificate));
        certDataDO.setGmtCreate(x509Certificate.getNotBefore());
        certDataDO.setId(save.getId());
        ArrayList arrayList = new ArrayList();
        arrayList.add(certDataDO);
        this.certDataDao.saveBatch(arrayList);
        TemplateUserCertDO templateUserCertDO = new TemplateUserCertDO();
        templateUserCertDO.setOpenCrl(templateInfoVO.getOpenCrl().booleanValue());
        templateUserCertDO.setTemplateId(templateInfoVO.getId());
        templateUserCertDO.setId((Long) null);
        templateUserCertDO.setSn(x509Certificate.getSerialNumber().toString(16));
        this.templateUserCertDao.insert(templateUserCertDO);
        templateUserCertDO.setId((Long) null);
        templateUserCertDO.setSn(x509Certificate2.getSerialNumber().toString(16));
        this.templateUserCertDao.insert(templateUserCertDO);
        RaCertDO raCertDO = new RaCertDO();
        raCertDO.setRaId(l);
        raCertDO.setCertId(save.getId());
        raCertDO.setGmtCreate(x509Certificate2.getNotBefore());
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(raCertDO);
        this.raCertDao.saveBatch(arrayList2);
        this.taskDataService.saveCertConfirmStatus(certDataDO.getId(), (Long) null);
    }
}
