package com.xdja.pki.ra.service.manager.operator;

import com.xdja.ca.utils.DnUtil;
import com.xdja.ca.utils.SdkCertUtils;
import com.xdja.ca.vo.ManagerCertInfo;
import com.xdja.pki.ra.core.common.CommonVariable;
import com.xdja.pki.ra.core.common.OperatorCertCache;
import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.constant.Constants;
import com.xdja.pki.ra.core.pkcs7.SignedDataUtils;
import com.xdja.pki.ra.core.util.cert.CertDnVerifyUtils;
import com.xdja.pki.ra.core.util.cert.CertUtils;
import com.xdja.pki.ra.core.util.cert.RandomUtils;
import com.xdja.pki.ra.core.util.json.JsonUtils;
import com.xdja.pki.ra.manager.dao.AdminCertDao;
import com.xdja.pki.ra.manager.dao.AdminRoleDao;
import com.xdja.pki.ra.manager.dao.CaCertDao;
import com.xdja.pki.ra.manager.dao.RaCertDao;
import com.xdja.pki.ra.manager.dao.model.AdminCertDO;
import com.xdja.pki.ra.manager.dao.model.AdminRoleDO;
import com.xdja.pki.ra.manager.dao.model.CaCertDO;
import com.xdja.pki.ra.manager.dao.model.RaCertDO;
import com.xdja.pki.ra.manager.dto.AdminCertDTO;
import com.xdja.pki.ra.manager.page.PageInfo;
import com.xdja.pki.ra.manager.sdk.business.CaBusinessManager;
import com.xdja.pki.ra.manager.sdk.cmp.CertLifeCycleManager;
import com.xdja.pki.ra.service.manager.operator.bean.ManagerCertVO;
import com.xdja.pki.ra.service.manager.operator.bean.OperatorCertResp;
import com.xdja.pki.ra.service.manager.operator.bean.OperatorCertVO;
import com.xdja.pki.ra.service.manager.utils.CertContentInfoUtil;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.Provider;
import java.security.cert.X509Certificate;
import java.security.spec.RSAPublicKeySpec;
import java.sql.Timestamp;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.nist.NISTNamedCurves;
import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.BigIntegers;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.CollectionUtils;

@Service
/* loaded from: input_file:com/xdja/pki/ra/service/manager/operator/OperatorCertServiceImpl.class */
public class OperatorCertServiceImpl implements OperatorCertService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    AdminCertDao adminCertDao;

    @Autowired
    CertContentInfoUtil certContentInfoUtil;

    @Autowired
    CertLifeCycleManager certLifeCycleManager;

    @Autowired
    CaBusinessManager caBusinessManager;

    @Autowired
    CaCertDao caCertDao;

    @Autowired
    RaCertDao raCertDao;

    @Autowired
    AdminRoleDao adminRoleDao;

    public Result queryOperatorCertList(String str, int i, int i2) {
        OperatorCertResp operatorCertResp = new OperatorCertResp();
        Result result = new Result();
        PageInfo listPageAdminCert = this.adminCertDao.listPageAdminCert(str, i, i2);
        if (listPageAdminCert == null) {
            result.setError(ErrorEnum.QUERY_OPERATOR_CERT_LIST_ERROR);
            return result;
        }
        ArrayList arrayList = new ArrayList();
        List<AdminCertDTO> list = listPageAdminCert.getList();
        if (CollectionUtils.isEmpty(list)) {
            operatorCertResp.setRecordCount(0);
            operatorCertResp.setPageCount(0);
            operatorCertResp.setDatas(arrayList);
            result.setInfo(operatorCertResp);
            return result;
        }
        for (AdminCertDTO adminCertDTO : list) {
            OperatorCertVO operatorCertVO = new OperatorCertVO();
            BeanUtils.copyProperties(adminCertDTO, operatorCertVO);
            Timestamp effectiveTime = adminCertDTO.getEffectiveTime();
            Timestamp failureTime = adminCertDTO.getFailureTime();
            operatorCertVO.setEffectiveTime(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format((Date) effectiveTime));
            operatorCertVO.setFailureTime(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format((Date) failureTime));
            if (new Date().getTime() > failureTime.getTime()) {
                operatorCertVO.setCertStatus(Integer.valueOf(Constants.CERT_STATUS_EXPIRED_2));
            }
            arrayList.add(operatorCertVO);
        }
        operatorCertResp.setDatas(arrayList);
        operatorCertResp.setPageCount(listPageAdminCert.getPageCount());
        operatorCertResp.setRecordCount(listPageAdminCert.getRecordCount());
        result.setInfo(operatorCertResp);
        return result;
    }

    public Result getOperatorCertDetail(String str, int i) {
        Result result = new Result();
        AdminCertDO adminCertInfo = this.adminCertDao.getAdminCertInfo(str, i);
        if (adminCertInfo == null) {
            result.setError(ErrorEnum.GET_OPERATOR_CERT_INFO_EMPTY);
            return result;
        }
        try {
            result.setInfo(this.certContentInfoUtil.getCertContentInfo(CertUtils.getCertFromStr(adminCertInfo.getCertInfo())));
            return result;
        } catch (Exception e) {
            this.logger.error("证书详情格式读取异常", e);
            result.setError(ErrorEnum.CERT_DETAIL_FORMAT_ERROR);
            return result;
        }
    }

    public Result getOperatorCertInfo(String str) {
        Result result = new Result();
        AdminCertDO adminCertInfo = this.adminCertDao.getAdminCertInfo(str, Constants.CERT_TYPE_SIGN_2);
        if (adminCertInfo == null) {
            result.setError(ErrorEnum.GET_OPERATOR_CERT_INFO_EMPTY);
            return result;
        }
        OperatorCertVO operatorCertVO = new OperatorCertVO();
        BeanUtils.copyProperties(adminCertInfo, operatorCertVO);
        operatorCertVO.setCertValidity(Integer.valueOf((int) ((adminCertInfo.getFailureTime().getTime() - new Date().getTime()) / 86400000)));
        operatorCertVO.setEffectiveTime(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format((Date) adminCertInfo.getEffectiveTime()));
        operatorCertVO.setFailureTime(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format((Date) adminCertInfo.getFailureTime()));
        result.setInfo(operatorCertVO);
        return result;
    }

    public Result getOperatorCertBase64Info(String str) {
        Result result = new Result();
        new HashMap();
        try {
            Map adminCertBase64Info = this.adminCertDao.getAdminCertBase64Info(str);
            if (adminCertBase64Info == null) {
                result.setError(ErrorEnum.GET_OPERATOR_CERT_BASE64_INFO_EMPTY);
                return result;
            }
            String str2 = (String) adminCertBase64Info.get("signCert");
            String str3 = (String) adminCertBase64Info.get("encCert");
            ArrayList arrayList = new ArrayList();
            X509Certificate certFromStr = CertUtils.getCertFromStr(str2);
            String str4 = null;
            try {
                ArrayList arrayList2 = new ArrayList(CommonVariable.getTrustCaCerts());
                arrayList2.add(certFromStr);
                String createCertChainByCerts = SignedDataUtils.createCertChainByCerts(arrayList2);
                if (!Constants.KEY_ALG_NAME_NIST.equalsIgnoreCase(CommonVariable.getKeyAlgName())) {
                    X509Certificate certFromStr2 = CertUtils.getCertFromStr(str3);
                    arrayList2.remove(certFromStr);
                    arrayList2.add(certFromStr2);
                    str4 = SignedDataUtils.createCertChainByCerts(arrayList2);
                }
                result.setLogContent("，证书主体=" + certFromStr.getSubjectX500Principal().getName());
                HashMap hashMap = new HashMap();
                hashMap.put("name", "SignCert");
                hashMap.put("suffix", "p7b");
                hashMap.put("buffer", createCertChainByCerts.getBytes());
                arrayList.add(hashMap);
                if (StringUtils.isNotBlank(str4)) {
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put("name", "EncCert");
                    hashMap2.put("suffix", "p7b");
                    hashMap2.put("buffer", str4.getBytes());
                    arrayList.add(hashMap2);
                }
                result.setInfo(arrayList);
                return result;
            } catch (Exception e) {
                this.logger.error("sdk接口-封装证书链异常", e);
                result.setError(ErrorEnum.BUILD_TRAIN_CERT_P7b_IS_ERROR);
                return result;
            }
        } catch (Exception e2) {
            result.setError(ErrorEnum.GET_OPERATOR_CERT_BASE64_INFO_EMPTY);
            return result;
        }
    }

    public Result getRaOperatorCertTemp() {
        Result result = new Result();
        Result raOperatorCertTemp = this.caBusinessManager.getRaOperatorCertTemp();
        if (!raOperatorCertTemp.isSuccess()) {
            return raOperatorCertTemp;
        }
        result.setInfo((Map) raOperatorCertTemp.getInfo());
        return result;
    }

    public Result getOperatorCertMaxValidity(int i, String str) {
        Result result = new Result();
        Result raOperatorCertTemp = this.caBusinessManager.getRaOperatorCertTemp();
        if (!raOperatorCertTemp.isSuccess()) {
            return raOperatorCertTemp;
        }
        int intValue = ((Integer) ((Map) raOperatorCertTemp.getInfo()).get("maxDate")).intValue();
        CaCertDO newCaCertInfo = this.caCertDao.getNewCaCertInfo();
        if (newCaCertInfo == null) {
            result.setError(ErrorEnum.GET_CA_CERT_INFO_IS_EMPTY);
            return result;
        }
        int time = (int) ((newCaCertInfo.getFailureTime().getTime() - new Date().getTime()) / 86400000);
        int i2 = intValue < time ? intValue : time;
        this.logger.info("操作员可选证书有效期中，CA最大有效期:" + time + " 模板最大有效期:" + intValue);
        result.setInfo(Integer.valueOf(i2));
        return result;
    }

    @Transactional
    public Result insertOperatorCert(AdminCertDTO adminCertDTO) {
        Result result = new Result();
        String rAServiceDnName = getRAServiceDnName();
        if (StringUtils.isBlank(rAServiceDnName)) {
            result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        CaCertDO newCaCertInfo = this.caCertDao.getNewCaCertInfo();
        if (newCaCertInfo == null) {
            this.logger.info("获取CA证书信息为空");
            result.setError(ErrorEnum.GET_CA_CERT_INFO_IS_EMPTY);
            return result;
        }
        String certDn = newCaCertInfo.getCertDn();
        String uuid = RandomUtils.getUUID();
        Result issueManageCert = this.certLifeCycleManager.issueManageCert(adminCertDTO.getCardNo(), adminCertDTO.getSignP10(), adminCertDTO.getEncPubKey(), rAServiceDnName, certDn, uuid, adminCertDTO.getManagerTempNo(), adminCertDTO.getSignAlg(), adminCertDTO.getCertValidity(), adminCertDTO.getCertDn());
        if (!issueManageCert.isSuccess()) {
            this.logger.info("签发证书错误消息 ==== " + JsonUtils.object2Json(issueManageCert));
            result.setErrorBean(issueManageCert.getErrorBean());
            return result;
        }
        ManagerCertInfo managerCertInfo = (ManagerCertInfo) issueManageCert.getInfo();
        long time = new Date().getTime();
        List roles = adminCertDTO.getRoles();
        StringBuffer stringBuffer = new StringBuffer();
        Iterator it = roles.iterator();
        while (it.hasNext()) {
            int intValue = ((Integer) it.next()).intValue();
            if (intValue == Constants.ADMIN_ROLE_OPERATOR_INPUT_3) {
                stringBuffer.append("录入员、");
            } else if (intValue == Constants.ADMIN_ROLE_OPERATOR_AUDIT_4) {
                stringBuffer.append("审核员、");
            } else {
                if (intValue != Constants.ADMIN_ROLE_OPERATOR_ISSUE_5) {
                    this.logger.info("操作员角色类型错误");
                    result.setError(ErrorEnum.OPERATOR_ROLE_IS_ERROR);
                    return result;
                }
                stringBuffer.append("制证员、");
            }
        }
        String substring = stringBuffer.substring(0, stringBuffer.length() - 1);
        AdminCertDO adminCertDO = new AdminCertDO();
        BeanUtils.copyProperties(adminCertDTO, adminCertDO);
        adminCertDO.setAdminType(Integer.valueOf(Constants.ADMIN_TYPE_OPERATOR_3));
        adminCertDO.setCaCertId(newCaCertInfo.getId());
        adminCertDO.setCertInfo(managerCertInfo.getSignCert());
        adminCertDO.setPairCertIndex(Long.valueOf(time));
        adminCertDO.setCertType(Integer.valueOf(Constants.CERT_TYPE_SIGN_2));
        adminCertDO.setRoleInfo(substring);
        X509Certificate certFromStr = CertUtils.getCertFromStr(managerCertInfo.getSignCert());
        if (certFromStr == null) {
            this.logger.info("CA返回的管理员证书信息中，签名证书错误");
            result.setError(ErrorEnum.CA_RESPONSE_USER_SIGN_CERT_ERROR);
            return result;
        }
        adminCertDO.setCertSn(certFromStr.getSerialNumber().toString(16).toLowerCase());
        adminCertDO.setCertDn(certFromStr.getSubjectX500Principal().getName());
        this.logger.info("============== CA返回签发签名证书sn:" + adminCertDO.getCertSn());
        adminCertDO.setEncPubKey((String) null);
        try {
            int publicKeyLength = CertUtils.getPublicKeyLength(certFromStr);
            adminCertDO.setPrivateKeyLength(Integer.valueOf(publicKeyLength));
            try {
                String keyAlg = CertUtils.getKeyAlg(certFromStr);
                adminCertDO.setPublicKeyAlg(keyAlg);
                Date notBefore = certFromStr.getNotBefore();
                Date notAfter = certFromStr.getNotAfter();
                adminCertDO.setEffectiveTime(new Timestamp(notBefore.getTime()));
                adminCertDO.setFailureTime(new Timestamp(notAfter.getTime()));
                adminCertDO.setGmtCreate(new Timestamp(new Date().getTime()));
                adminCertDO.setGmtUpdate(new Timestamp(new Date().getTime()));
                AdminCertDO insertAdminCert = this.adminCertDao.insertAdminCert(adminCertDO);
                AdminCertDO adminCertDO2 = new AdminCertDO();
                BeanUtils.copyProperties(adminCertDTO, adminCertDO2);
                adminCertDO2.setAdminType(Integer.valueOf(Constants.ADMIN_TYPE_OPERATOR_3));
                adminCertDO2.setCaCertId(newCaCertInfo.getId());
                adminCertDO2.setCertInfo(managerCertInfo.getEncEncCert());
                adminCertDO2.setPairCertIndex(Long.valueOf(time));
                adminCertDO2.setCertType(Integer.valueOf(Constants.CERT_TYPE_ENC_3));
                adminCertDO2.setRoleInfo(substring);
                adminCertDO2.setCertDn(certFromStr.getSubjectX500Principal().getName());
                adminCertDO2.setEncPubKey(adminCertDTO.getEncPubKey());
                adminCertDO2.setPrivateKeyLength(Integer.valueOf(publicKeyLength));
                adminCertDO2.setPublicKeyAlg(keyAlg);
                adminCertDO2.setEffectiveTime(new Timestamp(notBefore.getTime()));
                adminCertDO2.setFailureTime(new Timestamp(notAfter.getTime()));
                adminCertDO2.setGmtCreate(new Timestamp(new Date().getTime()));
                adminCertDO2.setGmtUpdate(new Timestamp(new Date().getTime()));
                this.adminCertDao.insertAdminCert(adminCertDO2);
                Iterator it2 = roles.iterator();
                while (it2.hasNext()) {
                    this.adminRoleDao.insertAdminRole(new AdminRoleDO(insertAdminCert.getId(), Long.valueOf(((Integer) it2.next()).intValue()), new Timestamp(new Date().getTime()), new Timestamp(new Date().getTime())));
                }
                result.setInfo(new ManagerCertVO(managerCertInfo.getSignCert(), managerCertInfo.getEncEncCert(), uuid));
                return result;
            } catch (Exception e) {
                this.logger.error("获取证书密钥算法异常", e);
                result.setError(ErrorEnum.GET_CERT_ALG_NAME_LENGTH_EXCEPTION);
                return result;
            }
        } catch (Exception e2) {
            this.logger.error("获取证书公钥长度异常", e2);
            result.setError(ErrorEnum.GET_CERT_PUBLIC_KEY_LENGTH_EXCEPTION);
            return result;
        }
    }

    @Transactional
    public Result updateOperatorCert(AdminCertDTO adminCertDTO) {
        Result result = new Result();
        String rAServiceDnName = getRAServiceDnName();
        if (StringUtils.isBlank(rAServiceDnName)) {
            result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        CaCertDO newCaCertInfo = this.caCertDao.getNewCaCertInfo();
        if (newCaCertInfo == null) {
            this.logger.info("获取CA证书信息为空");
            result.setError(ErrorEnum.GET_CA_CERT_INFO_IS_EMPTY);
            return result;
        }
        String certDn = newCaCertInfo.getCertDn();
        String uuid = RandomUtils.getUUID();
        Map map = OperatorCertCache.getMap();
        map.put(uuid, adminCertDTO.getSignCertSn());
        this.logger.info("缓存的操作员sn信息 ===== " + JsonUtils.object2Json(map));
        Result updateManageCert = this.certLifeCycleManager.updateManageCert(adminCertDTO.getCardNo(), adminCertDTO.getSignP10(), adminCertDTO.getEncPubKey(), rAServiceDnName, certDn, uuid, adminCertDTO.getManagerTempNo(), adminCertDTO.getSignAlg(), adminCertDTO.getCertValidity(), adminCertDTO.getCertDn(), adminCertDTO.getSignCertSn(), adminCertDTO.isUpdateKey());
        if (!updateManageCert.isSuccess()) {
            this.logger.info("CA返回更新证书错误消息 ==== " + JsonUtils.object2Json(updateManageCert));
            result.setErrorBean(updateManageCert.getErrorBean());
            return result;
        }
        ManagerCertInfo managerCertInfo = (ManagerCertInfo) updateManageCert.getInfo();
        AdminCertDO adminCertInfo = this.adminCertDao.getAdminCertInfo(adminCertDTO.getSignCertSn(), Constants.CERT_TYPE_SIGN_2);
        if (adminCertInfo == null) {
            result.setError(ErrorEnum.GET_OPERATOR_CERT_INFO_EMPTY);
            return result;
        }
        long time = new Date().getTime();
        AdminCertDO adminCertDO = new AdminCertDO();
        BeanUtils.copyProperties(adminCertDTO, adminCertDO);
        adminCertDO.setAdminType(Integer.valueOf(Constants.ADMIN_TYPE_OPERATOR_3));
        adminCertDO.setCaCertId(newCaCertInfo.getId());
        adminCertDO.setCertInfo(managerCertInfo.getSignCert());
        adminCertDO.setPairCertIndex(Long.valueOf(time));
        adminCertDO.setCertType(Integer.valueOf(Constants.CERT_TYPE_SIGN_2));
        adminCertDO.setRoleInfo(adminCertInfo.getRoleInfo());
        X509Certificate certFromStr = CertUtils.getCertFromStr(managerCertInfo.getSignCert());
        if (certFromStr == null) {
            this.logger.info("CA返回的管理员证书信息中，签名证书错误");
            result.setError(ErrorEnum.CA_RESPONSE_USER_SIGN_CERT_ERROR);
            return result;
        }
        adminCertDO.setCertSn(certFromStr.getSerialNumber().toString(16).toLowerCase());
        adminCertDO.setCertDn(certFromStr.getSubjectX500Principal().getName());
        adminCertDO.setEncPubKey((String) null);
        try {
            int publicKeyLength = CertUtils.getPublicKeyLength(certFromStr);
            adminCertDO.setPrivateKeyLength(Integer.valueOf(publicKeyLength));
            try {
                String keyAlg = CertUtils.getKeyAlg(certFromStr);
                adminCertDO.setPublicKeyAlg(keyAlg);
                Date notBefore = certFromStr.getNotBefore();
                Date notAfter = certFromStr.getNotAfter();
                adminCertDO.setEffectiveTime(new Timestamp(notBefore.getTime()));
                adminCertDO.setFailureTime(new Timestamp(notAfter.getTime()));
                adminCertDO.setGmtCreate(new Timestamp(new Date().getTime()));
                adminCertDO.setGmtUpdate(new Timestamp(new Date().getTime()));
                AdminCertDO insertAdminCert = this.adminCertDao.insertAdminCert(adminCertDO);
                AdminCertDO adminCertDO2 = new AdminCertDO();
                BeanUtils.copyProperties(adminCertDTO, adminCertDO2);
                adminCertDO2.setAdminType(Integer.valueOf(Constants.ADMIN_TYPE_OPERATOR_3));
                adminCertDO2.setCaCertId(newCaCertInfo.getId());
                adminCertDO2.setCertInfo(managerCertInfo.getEncEncCert());
                adminCertDO2.setPairCertIndex(Long.valueOf(time));
                adminCertDO2.setCertType(Integer.valueOf(Constants.CERT_TYPE_ENC_3));
                adminCertDO2.setRoleInfo(adminCertInfo.getRoleInfo());
                adminCertDO2.setCertDn(certFromStr.getSubjectX500Principal().getName());
                adminCertDO2.setEncPubKey(adminCertDTO.getEncPubKey());
                adminCertDO2.setPrivateKeyLength(Integer.valueOf(publicKeyLength));
                adminCertDO2.setPublicKeyAlg(keyAlg);
                adminCertDO2.setEffectiveTime(new Timestamp(notBefore.getTime()));
                adminCertDO2.setFailureTime(new Timestamp(notAfter.getTime()));
                adminCertDO2.setGmtCreate(new Timestamp(new Date().getTime()));
                adminCertDO2.setGmtUpdate(new Timestamp(new Date().getTime()));
                this.adminCertDao.insertAdminCert(adminCertDO2);
                List<AdminRoleDO> queryAdminRoleList = this.adminRoleDao.queryAdminRoleList(adminCertInfo.getId().longValue());
                if (CollectionUtils.isEmpty(queryAdminRoleList)) {
                    result.setError(ErrorEnum.QUERY_ADMIN_ROLE_IS_EMPTY);
                    return result;
                }
                for (AdminRoleDO adminRoleDO : queryAdminRoleList) {
                    adminRoleDO.setAdminId(insertAdminCert.getId());
                    adminRoleDO.setRoleId(adminRoleDO.getRoleId());
                    adminRoleDO.setGmtCreate(new Timestamp(new Date().getTime()));
                    adminRoleDO.setGmtUpdate(new Timestamp(new Date().getTime()));
                    this.adminRoleDao.insertAdminRole(adminRoleDO);
                }
                result.setInfo(new ManagerCertVO(managerCertInfo.getSignCert(), managerCertInfo.getEncEncCert(), uuid));
                return result;
            } catch (Exception e) {
                this.logger.error("获取证书密钥算法异常", e);
                result.setError(ErrorEnum.GET_CERT_ALG_NAME_LENGTH_EXCEPTION);
                return result;
            }
        } catch (Exception e2) {
            this.logger.error("获取证书公钥长度异常", e2);
            result.setError(ErrorEnum.GET_CERT_PUBLIC_KEY_LENGTH_EXCEPTION);
            return result;
        }
    }

    public Result revokeOperatorCert(String str, String str2, int i, String str3) {
        Result result = new Result();
        String rAServiceDnName = getRAServiceDnName();
        if (StringUtils.isBlank(rAServiceDnName)) {
            result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        String cAServiceDnName = getCAServiceDnName();
        if (StringUtils.isBlank(cAServiceDnName)) {
            result.setError(ErrorEnum.GET_CA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        Result revokeManageCert = this.certLifeCycleManager.revokeManageCert(rAServiceDnName, cAServiceDnName, str, str2, i, str3);
        if (!revokeManageCert.isSuccess()) {
            this.logger.info("CA返回撤销证书错误消息 ==== " + JsonUtils.object2Json(revokeManageCert));
            result.setErrorBean(revokeManageCert.getErrorBean());
            return result;
        }
        try {
            this.adminCertDao.updateAdminCertStatus(Constants.CERT_STATUS_REVOKED_3, str);
            return result;
        } catch (Exception e) {
            this.logger.error("修改操作员证书状态异常{}", e);
            result.setError(ErrorEnum.UPDATE_OPERATOR_CERT_STATUS_EXCEPTION);
            return result;
        }
    }

    public Result updateOperatorCertStatus(int i, String str) {
        Result result = new Result();
        try {
            this.adminCertDao.updateAdminCertStatus(i, str);
            return result;
        } catch (Exception e) {
            result.setError(ErrorEnum.UPDATE_OPERATOR_CERT_STATUS_EXCEPTION);
            return result;
        }
    }

    @Transactional
    public Result genCertConfirm(String str, String str2, String str3, String str4) {
        Result result = new Result();
        String rAServiceDnName = getRAServiceDnName();
        if (StringUtils.isBlank(rAServiceDnName)) {
            result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        String cAServiceDnName = getCAServiceDnName();
        if (StringUtils.isBlank(cAServiceDnName)) {
            result.setError(ErrorEnum.GET_CA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        String encPubKeyBySignSn = this.adminCertDao.getEncPubKeyBySignSn(str2);
        if (StringUtils.isNotBlank(encPubKeyBySignSn)) {
            try {
                String base64String = Base64.toBase64String((Constants.KEY_ALG_NAME_SM2.equalsIgnoreCase(CommonVariable.getKeyAlgName()) ? SdkCertUtils.convertSM2PublicKey(encPubKeyBySignSn) : Constants.KEY_ALG_NAME_NIST.equalsIgnoreCase(CommonVariable.getKeyAlgName()) ? SdkCertUtils.convertECPublicKey(encPubKeyBySignSn, NISTNamedCurves.getName(SECObjectIdentifiers.secp256r1)) : KeyFactory.getInstance("RSA", (Provider) new BouncyCastleProvider()).generatePublic(new RSAPublicKeySpec(BigIntegers.fromUnsignedByteArray(Base64.decode(encPubKeyBySignSn)), BigInteger.valueOf(65537L)))).getEncoded());
                this.logger.info("证书请求时的公钥信息 ==== " + base64String);
                if (!Constants.KEY_ALG_NAME_NIST.equalsIgnoreCase(CommonVariable.getKeyAlgName())) {
                    this.logger.info("加密证书明文：" + str4);
                    String base64String2 = Base64.toBase64String(CertUtils.getCertFromStr(str4).getPublicKey().getEncoded());
                    this.logger.info("加密证书中的公钥信息 ==== " + base64String2);
                    if (!base64String.equalsIgnoreCase(base64String2)) {
                        this.logger.info("证书响应中的加密证书公钥和申请时的不一致");
                        result.setError(ErrorEnum.CERT_CONFIRM_PUB_KEY_NOT_SAME_REQ);
                        return result;
                    }
                }
            } catch (Exception e) {
                this.logger.error("获取证书请求时的公钥信息异常{}", e);
                result.setError(ErrorEnum.GET_CERT_PUBLIC_KEY_EXCEPTION);
                return result;
            }
        }
        Map map = OperatorCertCache.getMap();
        String str5 = (String) map.get(str);
        Result issueCertResp = this.certLifeCycleManager.issueCertResp(rAServiceDnName, cAServiceDnName, Constants.APPLY_USER_TYPE_ADMIN_2, str);
        if (!issueCertResp.isSuccess()) {
            map.remove(str);
            this.logger.info("签发管理员证书响应");
            result.setErrorBean(issueCertResp.getErrorBean());
            return result;
        }
        try {
            this.adminCertDao.updateAdminCertStatus(Constants.CERT_STATUS_REVOKED_3, str5);
            map.remove(str);
            try {
                this.adminCertDao.updateAdminCertStatus(Constants.CERT_STATUS_NORMAL_1, str2);
                if (!Constants.KEY_ALG_NAME_NIST.equalsIgnoreCase(CommonVariable.getKeyAlgName())) {
                    try {
                        this.adminCertDao.updateAdminEncCertInfoBySignSn(str2, str3, str4);
                    } catch (Exception e2) {
                        this.logger.error("修改操作员加密证书异常{}", e2);
                        throw new RuntimeException();
                    }
                }
                return result;
            } catch (Exception e3) {
                this.logger.error("修改操作员证书状态异常{}", e3);
                result.setError(ErrorEnum.UPDATE_OPERATOR_CERT_STATUS_EXCEPTION);
                return result;
            }
        } catch (Exception e4) {
            this.logger.error("修改操作员证书状态异常{}", e4);
            result.setError(ErrorEnum.UPDATE_OPERATOR_CERT_STATUS_EXCEPTION);
            return result;
        }
    }

    public Result verifyOperatorCertApplyDn(String str) {
        Result result = new Result();
        try {
            String x500Name = DnUtil.getRFC4519X500Name(str).toString();
            this.logger.info("格式化之后的操作员证书DN：" + x500Name);
            Result checkCertDnCnValue = checkCertDnCnValue(x500Name);
            if (!checkCertDnCnValue.isSuccess()) {
                this.logger.info("证书的DN的特殊符号校验有误");
                result.setError(checkCertDnCnValue.getError());
                return result;
            }
            Result check64 = CertDnVerifyUtils.check64(x500Name);
            if (!check64.isSuccess()) {
                this.logger.info("证书的DN关键字的值校验有误" + x500Name);
                result.setError(check64.getError());
                return result;
            }
            Result checkBlankSpace = CertDnVerifyUtils.checkBlankSpace(x500Name);
            if (!checkBlankSpace.isSuccess()) {
                this.logger.info("证书的DN关键字与值中有空格" + x500Name);
                result.setError(checkBlankSpace.getError());
                return result;
            }
            Result checkDnKeyword = CertDnVerifyUtils.checkDnKeyword(x500Name);
            if (checkDnKeyword.isSuccess()) {
                return result;
            }
            this.logger.info("申请DN中有系统不支持的关键字" + x500Name);
            result.setError(checkDnKeyword.getError());
            return result;
        } catch (Exception e) {
            this.logger.info("certDn不正确{}", e.getMessage());
            result.setError(ErrorEnum.CERT_APPLY_DN_IS_ERROR);
            return result;
        }
    }

    public Result genErrorMsgContent(String str, int i, String str2) {
        Result result = new Result();
        String rAServiceDnName = getRAServiceDnName();
        if (StringUtils.isBlank(rAServiceDnName)) {
            result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        String cAServiceDnName = getCAServiceDnName();
        if (StringUtils.isBlank(cAServiceDnName)) {
            result.setError(ErrorEnum.GET_CA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        OperatorCertCache.getMap().remove(str);
        Result sendErrorCMPMessage = this.certLifeCycleManager.sendErrorCMPMessage(rAServiceDnName, cAServiceDnName, Constants.APPLY_USER_TYPE_ADMIN_2, str, i, str2);
        if (sendErrorCMPMessage.isSuccess()) {
            return result;
        }
        this.logger.info("错误确认消息出错：" + JsonUtils.object2Json(sendErrorCMPMessage));
        result.setErrorBean(sendErrorCMPMessage.getErrorBean());
        return result;
    }

    private Result checkCertDnCnValue(String str) {
        Result result = new Result();
        Result raBaseDN = this.caBusinessManager.getRaBaseDN();
        if (!raBaseDN.isSuccess()) {
            return raBaseDN;
        }
        String str2 = (String) raBaseDN.getInfo();
        if (str.length() <= 3 || str.length() <= 3 + str2.length()) {
            result.setError(ErrorEnum.OPERATOR_CERT_DN_LENGTH_IS_ERROR);
            return result;
        }
        String substring = str.substring(3, (str.length() - str2.length()) - 1);
        this.logger.info("操作员DN值为 ========== " + substring);
        if (substring.contains(",") || substring.contains("=")) {
            this.logger.info("操作员DN中含有特殊符号");
            result.setError(ErrorEnum.OPERATOR_CERT_DN_VALUE_HAVE_ERROR_SYMBOL);
            return result;
        }
        if (!Pattern.compile("，").matcher(substring).find()) {
            return result;
        }
        this.logger.info("证书主体中包含中文逗号>>>certDn:" + str);
        result.setError(ErrorEnum.CERT_DN_HAVE_CHINESE_COMMA);
        return result;
    }

    private String getRAServiceDnName() {
        try {
            RaCertDO newRaCertInfo = this.raCertDao.getNewRaCertInfo();
            if (newRaCertInfo == null) {
                return null;
            }
            return CertUtils.getCertFromStr(newRaCertInfo.getCertInfo()).getSubjectX500Principal().getName();
        } catch (Exception e) {
            this.logger.error("获取RA服务器证书异常{}", e);
            return null;
        }
    }

    private String getCAServiceDnName() {
        try {
            CaCertDO newCaCertInfo = this.caCertDao.getNewCaCertInfo();
            if (newCaCertInfo == null) {
                return null;
            }
            return CertUtils.getCertFromStr(newCaCertInfo.getCertInfo()).getSubjectX500Principal().getName();
        } catch (Exception e) {
            this.logger.error("获取CA服务器证书异常{}", e);
            return null;
        }
    }
}
