package com.xdja.ra.sdk;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.xdja.pki.apache.client.core.ClientErrorEnum;
import com.xdja.pki.apache.client.core.ClientKeyStoreConfig;
import com.xdja.pki.apache.client.result.AdaptClientResult;
import com.xdja.pki.apache.client.result.RAClientResult;
import com.xdja.pki.apache.client.utils.ApacheClientHttpUtils;
import com.xdja.pki.core.json.JsonUtils;
import com.xdja.ra.asn1.NISTObjectIdentifiers;
import com.xdja.ra.asn1.RsaObjectIdentifiers;
import com.xdja.ra.asn1.SM2ObjectIdentifiers;
import com.xdja.ra.bean.BaseCMPInfo;
import com.xdja.ra.bean.DoubleCode;
import com.xdja.ra.bean.ErrorMsg;
import com.xdja.ra.bean.Result;
import com.xdja.ra.bean.UserCertReq;
import com.xdja.ra.constant.SdkCommonVariable;
import com.xdja.ra.constant.SdkConstants;
import com.xdja.ra.error.ErrorEnum;
import com.xdja.ra.helper.PKIMessageHelper;
import com.xdja.ra.utils.SdkJsonUtils;
import com.xdja.ra.utils.SdkP10Utils;
import com.xdja.ra.vo.FreeText;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ThreadLocalRandom;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.cmp.CertConfirmContent;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.crmf.CertReqMessages;
import org.bouncycastle.asn1.crmf.CertRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;

/* loaded from: input_file:com/xdja/ra/sdk/RaCmpApi.class */
public class RaCmpApi {
    private Logger logger = LoggerFactory.getLogger(getClass());
    private static final Object LOCK_CERT_REQ_ID = "certReqId";

    public Result sendCertReqMessage(int i, String str, String str2, String str3, String str4, UserCertReq userCertReq, Integer num, ClientKeyStoreConfig clientKeyStoreConfig) {
        long nanoTime;
        int i2;
        this.logger.debug("签发/更新/恢复申请 ======== 【开始】申请类型为{}，申请事务Id为{}, normalName为{}，normalSignAlgOid为{}, applyNo为{} ", new Object[]{Integer.valueOf(i), str, str2, str3, str4});
        Result result = new Result();
        this.logger.debug("签发/更新/恢复申请 ======== 0.参与校验");
        if (StringUtils.isAnyBlank(new CharSequence[]{str, str3, str2, str4})) {
            this.logger.warn("=============== 参数中transId, normalSignAlgOid,normalName,applyNo存在空值");
            return Result.failure(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
        }
        try {
            ASN1ObjectIdentifier protectionAlg = getProtectionAlg(str3);
            this.logger.debug("签发/更新/恢复申请 ======== 1.向RA获取随机数");
            ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
            concurrentHashMap.put("transId", str);
            try {
                try {
                    RAClientResult clientResponse = AdaptClientResult.getClientResponse(ApacheClientHttpUtils.sendApacheClientRequest((byte[]) null, concurrentHashMap, (Map) null, SDKService.config.getRaBaseUrl() + "/v1/normal/ra/random", "application/pkixcmp", SDKService.config.getSignName(), SDKService.config.isHttps(), "get", SDKService.config.isUseHsm(), clientKeyStoreConfig));
                    if (!clientResponse.isSuccess().booleanValue()) {
                        result.setErrorMsg(new ErrorMsg(clientResponse.getErrorMsg().getErrorCode(), clientResponse.getErrorMsg().getErrorMsg()));
                        return result;
                    }
                    byte[] bArr = (byte[]) clientResponse.getInfo();
                    if (bArr == null) {
                        this.logger.error("============== RA返回数据为空");
                        return Result.failure(ErrorEnum.RA_OPEN_API_RETURN_INFO_IS_EMPTY);
                    }
                    this.logger.debug("签发/更新/恢复申请 ======== 2.1封装CertRequest结构体");
                    byte[] bArr2 = null;
                    try {
                        if (userCertReq.getSignP10Str() != null) {
                            if (!SdkP10Utils.verifyP10Info(userCertReq.getSignP10Str())) {
                                this.logger.error("非正确格式的P10");
                                return Result.failure(ErrorEnum.P10_GET_PUBLIC_ERROR);
                            }
                            this.logger.info("正确格式的P10");
                            bArr2 = SdkP10Utils.p10ToPublicKey(userCertReq.getSignP10Str()).getEncoded();
                        }
                        CertRequest[] certRequestArr = new CertRequest[1];
                        synchronized (LOCK_CERT_REQ_ID) {
                            nanoTime = System.nanoTime() + ThreadLocalRandom.current().nextLong(0L, 9999999L) + 90000000;
                        }
                        try {
                            certRequestArr[0] = PKIMessageHelper.genCertRequest(bArr2, protectionAlg, nanoTime, 2);
                            this.logger.debug("签发申请 ======== 3.封装CertReqMessages结构体");
                            try {
                                CertReqMessages genCertReqMessages = PKIMessageHelper.genCertReqMessages(certRequestArr);
                                this.logger.debug("签发/更新/恢复申请 ======== 4.normal产生十六字节随机数");
                                byte[] bArr3 = new byte[16];
                                try {
                                    new SecureRandom().nextBytes(bArr3);
                                    Map<String, Object> headerMap = SdkCommonVariable.getHeaderMap();
                                    headerMap.put(str, new BaseCMPInfo(bArr3, bArr, str, nanoTime, 0));
                                    if (this.logger.isDebugEnabled()) {
                                        this.logger.debug("RASDK put baseCMPInfo:[{}]", JsonUtils.object2Json(headerMap));
                                    }
                                    SdkCommonVariable.getApplyMap().put(str4, str);
                                    this.logger.debug("签发/更新/恢复申请 ======== 5.封装PKIMessage结构体");
                                    FreeText freeText = new FreeText();
                                    freeText.setApplyNo(str4);
                                    DoubleCode doubleCode = new DoubleCode();
                                    doubleCode.setAuthCode(userCertReq.getAuthCode());
                                    doubleCode.setRefCode(userCertReq.getRefCode());
                                    freeText.setSignSn(SDKService.config.getUserCertSn().toLowerCase());
                                    freeText.setDoubleCode(doubleCode);
                                    freeText.setKeyFormat(num);
                                    try {
                                        if (i == 1) {
                                            i2 = 2;
                                        } else if (i == 2) {
                                            i2 = 7;
                                        } else {
                                            if (i != 4) {
                                                this.logger.error("[RaCmpApi#sendCertReqMessage] 不支持的申请类型{}", Integer.valueOf(i));
                                                throw new RuntimeException("不支持的申请类型");
                                            }
                                            i2 = 9;
                                        }
                                        PKIMessage genPKIMessage = PKIMessageHelper.genPKIMessage(SDKService.config.getPrivateKey(), str2, i2, bArr, bArr3, str, genCertReqMessages, protectionAlg, JSON.toJSONString(freeText), SDKService.config.getSystemCert());
                                        this.logger.debug("签发/更新/恢复申请 ======== 6.发送证书申请 请求");
                                        try {
                                            RAClientResult clientResponse2 = AdaptClientResult.getClientResponse(ApacheClientHttpUtils.sendApacheClientRequest(genPKIMessage.getEncoded(), (Map) null, (Map) null, SDKService.config.getRaBaseUrl() + "/v1/normal/cmp", "application/pkixcmp", SDKService.config.getSignName(), SDKService.config.isHttps(), "post", SDKService.config.isUseHsm(), clientKeyStoreConfig));
                                            Result result2 = new Result();
                                            BeanUtils.copyProperties(clientResponse2, result2);
                                            if (!result2.isSuccess().booleanValue()) {
                                                result.setErrorMsg(result2.getErrorMsg());
                                                return result;
                                            }
                                            byte[] bArr4 = (byte[]) result2.getInfo();
                                            if (bArr4 == null) {
                                                this.logger.error("============== 接收RA返回的数据内容为空");
                                                return Result.failure(ErrorEnum.RA_OPEN_API_RETURN_INFO_IS_EMPTY);
                                            }
                                            this.logger.debug("签发/更新/恢复申请 ======== 7.检查RA返回消息");
                                            Result checkCmpHeaderAndSign = PKIMessageHelper.checkCmpHeaderAndSign(bArr4, str, bArr3);
                                            if (!checkCmpHeaderAndSign.isSuccess().booleanValue()) {
                                                this.logger.error("签发/更新/恢复申请 ======== 7.1 解析RA返回的头和签名错误");
                                                result.setErrorMsg(checkCmpHeaderAndSign.getErrorMsg());
                                                return result;
                                            }
                                            this.logger.debug("签发/更新/恢复申请 ======== 8.获取RA返回的证书信息");
                                            Result resolveVarietyRepMessage = PKIMessageHelper.resolveVarietyRepMessage(bArr4, str, num.intValue());
                                            if (resolveVarietyRepMessage.isSuccess().booleanValue()) {
                                                this.logger.debug("签发/更新/恢复申请 ======== 【结束】申请事务Id为：{} ", str);
                                                return Result.success(resolveVarietyRepMessage.getInfo());
                                            }
                                            this.logger.error("签发/更新/恢复申请 ======== 8.1 获取RA返回的证书信息错误");
                                            result.setErrorMsg(resolveVarietyRepMessage.getErrorMsg());
                                            return result;
                                        } catch (Exception e) {
                                            this.logger.error(" ============= 发送证书申请Http请求异常", e);
                                            return Result.failure(ErrorEnum.SEND_HTTP_MESSAGE_EXCEPTION);
                                        }
                                    } catch (Exception e2) {
                                        this.logger.error(" =============== 封装PKIMessage异常", e2);
                                        return Result.failure(ErrorEnum.MAKE_PKI_MESSAGE_EXCEPTION);
                                    }
                                } catch (Exception e3) {
                                    this.logger.error(" ============== 生成normalSenderNonce随机数异常:", e3);
                                    return Result.failure(ErrorEnum.GET_RANDOM_BY_SECURERANDOM_EXCEPTION);
                                }
                            } catch (Exception e4) {
                                this.logger.error(" ============== 封装certRequestMessage异常:", e4);
                                return Result.failure(ErrorEnum.MAKE_CERT_REQUEST_MESSAGE_EXCEPTION);
                            }
                        } catch (Exception e5) {
                            this.logger.error(" ===============  封装【签名】certRequest异常:", e5);
                            return Result.failure(ErrorEnum.MAKE_CERT_REQUEST_EXCEPTION);
                        }
                    } catch (IllegalArgumentException e6) {
                        return Result.failure(ErrorEnum.P10_GET_PUBLIC_ERROR);
                    }
                } catch (IOException e7) {
                    this.logger.error("请求返回数据解析异常", e7);
                    result.setErrorMsg(new ErrorMsg(Integer.valueOf(ClientErrorEnum.RESOLVE_CLIENT_RESULT_EXCEPTION.code), ClientErrorEnum.RESOLVE_CLIENT_RESULT_EXCEPTION.desc));
                    return result;
                }
            } catch (Exception e8) {
                this.logger.error("===============  获取CMP请求随机数异常", e8.getMessage());
                return Result.failure(ErrorEnum.GET_CMP_RANDOM_IS_EXCEPTION);
            }
        } catch (Exception e9) {
            return Result.failure(ErrorEnum.PROTECTION_ALG_IS_NOT_SUPPORT);
        }
    }

    public Result sendConfirmMessage(String str, String str2, String str3, ClientKeyStoreConfig clientKeyStoreConfig) {
        this.logger.debug("发送证书 签发和更新的 确认消息 ======== 【开始】申请编号为：{} ", str3);
        Result result = new Result();
        this.logger.debug("确认消息 ======== 0.参与校验");
        if (StringUtils.isAnyBlank(new CharSequence[]{str, str2, str3})) {
            this.logger.debug("=============== 参数中normalSignAlgOid,applyNo,normalName存在空值");
            return Result.failure(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
        }
        try {
            ASN1ObjectIdentifier protectionAlg = getProtectionAlg(str);
            Map<String, String> applyMap = SdkCommonVariable.getApplyMap();
            this.logger.debug("=============== sendCertReqMessage.normalMap: ", SdkJsonUtils.object2Json(applyMap));
            Map<String, Object> headerMap = SdkCommonVariable.getHeaderMap();
            if (headerMap == null || applyMap == null) {
                this.logger.error(" ================== 本地缓存CMP数据为空");
                return Result.failure(ErrorEnum.LOCAL_CMP_CACHE_IS_EMPTY);
            }
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("RASDK get baseCMPInfo:[{}]", JsonUtils.object2Json(headerMap));
            }
            try {
                String str4 = applyMap.get(str3);
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("发送证书 签发和更新的 确认消息 ======== 事务Id为：{} ", str4);
                }
                BaseCMPInfo baseCMPInfo = (BaseCMPInfo) headerMap.get(str4);
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug(" =================== sendCertConfirmContent.baseCMPInfo>> transId: " + str4 + ">>" + JSONObject.toJSONString(baseCMPInfo));
                }
                if (baseCMPInfo == null) {
                    this.logger.error(" ================== 未找到RA发送的该transId:{}", str4);
                    return Result.failure(ErrorEnum.CANNOT_GET_TRANS_ID_FORM_LOCAL_CACHE);
                }
                byte[] recipientNonce = baseCMPInfo.getRecipientNonce();
                byte[] senderNonce = baseCMPInfo.getSenderNonce();
                long requestId = baseCMPInfo.getRequestId();
                this.logger.debug("确认消息 ======== 1.封装CertConfirmContent结构体");
                FreeText freeText = new FreeText();
                freeText.setApplyNo(str3);
                freeText.setSignSn(SDKService.config.getUserCertSn().toLowerCase());
                try {
                    CertConfirmContent genCertConfirmContent = PKIMessageHelper.genCertConfirmContent(str4, requestId);
                    this.logger.debug("确认消息 ======== 2.封装PkiMessage结构体");
                    try {
                        PKIMessage genPKIMessage = PKIMessageHelper.genPKIMessage(SDKService.config.getPrivateKey(), str2, 24, recipientNonce, senderNonce, str4, genCertConfirmContent, protectionAlg, JSON.toJSONString(freeText), SDKService.config.getSystemCert());
                        this.logger.debug("确认消息 ======== 3.发送证书证书确认消息");
                        try {
                            try {
                                RAClientResult clientResponse = AdaptClientResult.getClientResponse(ApacheClientHttpUtils.sendApacheClientRequest(genPKIMessage.getEncoded(), (Map) null, (Map) null, SDKService.config.getRaBaseUrl() + "/v1/normal/cmp", "application/pkixcmp", SDKService.config.getSignName(), SDKService.config.isHttps(), "post", SDKService.config.isUseHsm(), clientKeyStoreConfig));
                                if (!clientResponse.isSuccess().booleanValue()) {
                                    result.setErrorMsg(new ErrorMsg(clientResponse.getErrorMsg().getErrorCode(), clientResponse.getErrorMsg().getErrorMsg()));
                                    return result;
                                }
                                result.setInfo(clientResponse.getInfo());
                                this.logger.debug("sendConfirmMessage.sendCmpHttpPost.result>>>>:{}", SdkJsonUtils.object2Json(result));
                                headerMap.remove(str4);
                                applyMap.remove(str3);
                                this.logger.debug("发送证书 签发和更新的 确认消息 ========  【结束】申请事务Id为：{}", str4);
                                return result;
                            } catch (IOException e) {
                                this.logger.error("请求返回数据解析异常", e);
                                result.setErrorMsg(new ErrorMsg(Integer.valueOf(ClientErrorEnum.RESOLVE_CLIENT_RESULT_EXCEPTION.code), ClientErrorEnum.RESOLVE_CLIENT_RESULT_EXCEPTION.desc));
                                return result;
                            }
                        } catch (Exception e2) {
                            this.logger.error(" ============= 发送确认消息Http请求异常", e2);
                            return Result.failure(ErrorEnum.SEND_HTTP_MESSAGE_EXCEPTION);
                        }
                    } catch (Exception e3) {
                        this.logger.error("封装PKIMessage异常", e3);
                        return Result.failure(ErrorEnum.MAKE_PKI_MESSAGE_EXCEPTION);
                    }
                } catch (Exception e4) {
                    this.logger.error("封装CertConfirmContent异常", e4);
                    return Result.failure(ErrorEnum.MAKE_CERT_CONFIRM_CONTENT_EXCEPTION);
                }
            } catch (Exception e5) {
                return Result.failure(ErrorEnum.LOCAL_CMP_CACHE_IS_EMPTY);
            }
        } catch (Exception e6) {
            return Result.failure(ErrorEnum.PROTECTION_ALG_IS_NOT_SUPPORT);
        }
    }

    public Result sendErrorMessage(String str, String str2, String str3, String str4, int i, ClientKeyStoreConfig clientKeyStoreConfig) {
        this.logger.debug("发送错误消息 ======== 【开始】申请编号为：{} ", str);
        Result result = new Result();
        this.logger.debug("错误消息 ======== 0.参与校验");
        if (StringUtils.isAnyBlank(new CharSequence[]{str, str2, str3})) {
            this.logger.debug("=============== applyNo,normalSignAlgOid,normalName存在空值");
            return Result.failure(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
        }
        try {
            ASN1ObjectIdentifier protectionAlg = getProtectionAlg(str2);
            Map<String, String> applyMap = SdkCommonVariable.getApplyMap();
            Map<String, Object> headerMap = SdkCommonVariable.getHeaderMap();
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("RASDK get baseCMPInfo:[{}]", JsonUtils.object2Json(headerMap));
            }
            if (headerMap == null || applyMap == null) {
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug(" ================== 本地缓存CMP数据为空");
                }
                return Result.failure(ErrorEnum.LOCAL_CMP_CACHE_IS_EMPTY);
            }
            String str5 = applyMap.get(str);
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("发送错误消息 ======== 事务Id为：{} ", str5);
            }
            BaseCMPInfo baseCMPInfo = (BaseCMPInfo) headerMap.get(str5);
            if (this.logger.isDebugEnabled()) {
                this.logger.debug(" =================== sendCertConfirmContent.baseCMPInfo>> transId: " + str5 + ">>" + JSONObject.toJSONString(baseCMPInfo));
            }
            if (baseCMPInfo == null) {
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug(" ================== 未找到RA发送的该transId:" + str5);
                }
                return Result.failure(ErrorEnum.CANNOT_GET_TRANS_ID_FORM_LOCAL_CACHE);
            }
            Result genErrorPKIMsg = PKIMessageHelper.genErrorPKIMsg(str3, SDKService.config.getPrivateKey(), SDKService.config.getTrustCert(), SDKService.config.getSystemCert(), str4, i, baseCMPInfo.getRecipientNonce(), baseCMPInfo.getSenderNonce(), str5, SDKService.config.getRaBaseUrl() + "/v1/normal/cmp", protectionAlg, clientKeyStoreConfig);
            if (!genErrorPKIMsg.isSuccess().booleanValue()) {
                result.setErrorMsg(genErrorPKIMsg.getErrorMsg());
                return result;
            }
            headerMap.remove(str5);
            applyMap.remove(str);
            this.logger.debug("发送证书 错误消息 ========  【结束】申请事务Id为：{}", str5);
            return result;
        } catch (Exception e) {
            return Result.failure(ErrorEnum.PROTECTION_ALG_IS_NOT_SUPPORT);
        }
    }

    public ASN1ObjectIdentifier getProtectionAlg(String str) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier;
        if (SdkConstants.SIGN_ALG_NAME_SM3_WHIT_SM2.equals(str)) {
            aSN1ObjectIdentifier = SM2ObjectIdentifiers.sm2SignWithSm3;
        } else if (SdkConstants.SIGN_ALG_NAME_SHA1_WHIT_RSA.equals(str)) {
            aSN1ObjectIdentifier = RsaObjectIdentifiers.sha1WithRSA;
        } else if (SdkConstants.SIGN_ALG_NAME_SHA256_WHIT_RSA.equals(str)) {
            aSN1ObjectIdentifier = RsaObjectIdentifiers.sha256WithRSA;
        } else {
            if (!SdkConstants.SIGN_ALG_NAME_NISTP256.equals(str)) {
                this.logger.debug("===============  pkiMessage保护算法不支持：{}", str);
                throw new RuntimeException("不支持的请求方法");
            }
            aSN1ObjectIdentifier = NISTObjectIdentifiers.nistSignAlgorithm;
        }
        return aSN1ObjectIdentifier;
    }
}
