package com.xdja.pki.ra.openapi.tbox.cmp.handler;

import com.xdja.ca.utils.SdkCertUtils;
import com.xdja.pki.ra.cache.RaSdkCache;
import com.xdja.pki.ra.cache.bean.BaseCMPInfo;
import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.util.json.JsonUtils;
import com.xdja.pki.ra.openapi.core.common.PKIMessageException;
import com.xdja.pki.ra.openapi.core.handler.ICmpMessageHandler;
import com.xdja.pki.ra.openapi.core.helper.PKIMessageHelper;
import com.xdja.pki.ra.service.manager.certapply.CertApplyService;
import java.security.PublicKey;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

@Component("cmpConfirmReqHandler")
/* loaded from: input_file:com/xdja/pki/ra/openapi/tbox/cmp/handler/CmpConfirmReqHandler.class */
public class CmpConfirmReqHandler implements ICmpMessageHandler {
    private final Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    CertApplyService certApplyService;

    @Autowired
    RaSdkCache raSdkCache;

    @Transactional
    public Result handleMessage(PKIMessage pKIMessage, boolean z) throws PKIMessageException {
        this.logger.info("RA证书确认消息 ========== 【开始】");
        Result result = new Result();
        this.logger.info("RA证书确认消息 ========== 1. 获取PkiMessage消息结构");
        PKIMessage pKIMessage2 = PKIMessage.getInstance(pKIMessage);
        if (pKIMessage2 == null) {
            this.logger.info("RA证书确认消息 ========== No pkiMessage response message.");
            throw new PKIMessageException("RA证书确认消息 ========== No pkiMessage response message.");
        }
        this.logger.info("RA证书确认消息 ========== 2. 获取PkiMessage消息头PKIHeader");
        PKIHeader header = pKIMessage2.getHeader();
        if (header == null) {
            this.logger.info("RA证书确认消息 ========== No header in response message.");
            throw new PKIMessageException("RA证书确认消息 ========== No header in response message.");
        }
        header.getSender();
        header.getRecipient();
        byte[] bArr = new byte[0];
        byte[] bArr2 = new byte[0];
        try {
            byte[] octets = header.getRecipNonce() == null ? null : header.getRecipNonce().getOctets();
            byte[] octets2 = header.getSenderNonce() == null ? null : header.getSenderNonce().getOctets();
            String str = header.getTransactionID() == null ? null : new String(header.getTransactionID().getOctets());
            AlgorithmIdentifier protectionAlg = header.getProtectionAlg();
            if (octets == null || octets2 == null || protectionAlg == null || StringUtils.isBlank(str)) {
                this.logger.info("RA证书确认消息 ========== 确认消息接口中必填项有空值");
                throw new PKIMessageException("RA证书确认消息 ========== 确认消息接口中必填项有空值");
            }
            BaseCMPInfo raOpenApiCmpInfo = this.raSdkCache.getRaOpenApiCmpInfo(str);
            if (raOpenApiCmpInfo == null) {
                this.logger.info("RA证书确认消息 ========== 不存在对应的事务ID tranId:{}", str);
                result.setError(ErrorEnum.CMP_TRAN_ID_IS_NOT_EXIST);
                return result;
            }
            PublicKey publicKey = null;
            if (pKIMessage2.getExtraCerts() != null) {
                try {
                    publicKey = SdkCertUtils.convertDerCertToCert(pKIMessage2.getExtraCerts()[0].getEncoded()).getPublicKey();
                } catch (Exception e) {
                    this.logger.error("RA证书确认消息 ========== 消息体中未包含验证证书");
                    result.setError(ErrorEnum.THE_PKIMESSAGE_HEADER_NO_EXTRACERTS);
                    return result;
                }
            }
            DERBitString protection = pKIMessage2.getProtection();
            byte[] protectedBytes = PKIMessageHelper.getProtectedBytes(pKIMessage);
            this.logger.info("RA证书确认消息 ========== 3. 验证cmp消息的header和签名的正确性");
            Result checkCmpHeaderAndSign = PKIMessageHelper.checkCmpHeaderAndSign(publicKey, header, protection.getBytes(), protectedBytes, protectionAlg, raOpenApiCmpInfo.getSharedKey());
            if (!checkCmpHeaderAndSign.isSuccess()) {
                this.logger.info("RA证书确认消息 ========== 3.1 验证cmp消息的header和签名错误 原因：{}", JsonUtils.object2Json(checkCmpHeaderAndSign));
                result.setError(checkCmpHeaderAndSign.getError());
                return result;
            }
            PKIBody body = pKIMessage2.getBody();
            if (body == null) {
                this.logger.info("RA证书确认消息 ========== 没有对应的PKI消息体");
                result.setError(ErrorEnum.NO_PKI_BODY_FOR_RECEIVED);
                return result;
            }
            if (body.getType() != 24) {
                this.logger.info("RA证书确认消息 ========== PKI消息体的类型不是24");
                result.setError(ErrorEnum.CONFIRM_CERT_PKI_BODY_TAG_NOT_24);
                return result;
            }
            if (body.getContent() == null) {
                this.logger.info("RA证书确认消息 ========== PKI消息中CertConfirmContent为空");
                result.setError(ErrorEnum.PKI_BODY_CERT_CONFIRM_CONTENT_IS_EMPTY);
                return result;
            }
            this.logger.info("RA证书确认消息 ========== RA接收到TBox发送的关于请求事务id为[{}}]的消息确认请求", str);
            Result issueUserCertResp = this.certApplyService.issueUserCertResp(this.raSdkCache.removeTboxTransId(str), "V2X", true);
            if (issueUserCertResp.isSuccess()) {
                this.logger.info("RA证书确认消息 ========== 【结束】");
                this.raSdkCache.removeRaOpenApiCmpInfo(str);
                return result;
            }
            this.logger.info("RA证书确认消息 ==========  RA证书确认消息请求错误：{}", JsonUtils.object2Json(issueUserCertResp));
            result.setError(ErrorEnum.RA_SERVICE_RETURN_ISSUE_CERT_CONFIRM_ERROR);
            return result;
        } catch (Exception e2) {
            this.logger.info("RA证书确认消息 ========== No header in response message.");
            throw new PKIMessageException("RA证书确认消息 ========== No header in response message.", e2);
        }
    }
}
