package com.xdja.pki.ra.service.manager.certapply;

import com.xdja.ca.pkcs7.Pkcs7Utils;
import com.xdja.ca.utils.DnUtil;
import com.xdja.ca.utils.SdkP10Utils;
import com.xdja.ca.vo.UserCertInfo;
import com.xdja.pki.core.exception.ServiceException;
import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import com.xdja.pki.gmssl.crypto.sdf.SdfPrivateKey;
import com.xdja.pki.gmssl.keystore.utils.GMSSLKeyStoreUtils;
import com.xdja.pki.ra.cache.CertTempCache;
import com.xdja.pki.ra.cache.RaSdkCache;
import com.xdja.pki.ra.core.asn1.NISTObjectIdentifiers;
import com.xdja.pki.ra.core.asn1.RsaObjectIdentifiers;
import com.xdja.pki.ra.core.asn1.SM2ObjectIdentifiers;
import com.xdja.pki.ra.core.common.CommonVariable;
import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ApplyTypeEnum;
import com.xdja.pki.ra.core.commonenum.DoubleCodeUseEnum;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.config.Config;
import com.xdja.pki.ra.core.constant.Constants;
import com.xdja.pki.ra.core.constant.PathConstants;
import com.xdja.pki.ra.core.pkcs7.SignedDataUtils;
import com.xdja.pki.ra.core.util.cert.CertDnVerifyUtils;
import com.xdja.pki.ra.core.util.cert.CertUtils;
import com.xdja.pki.ra.core.util.cert.HsmUtils;
import com.xdja.pki.ra.core.util.cert.KeyStoreUtils;
import com.xdja.pki.ra.core.util.cert.KeyUtils;
import com.xdja.pki.ra.core.util.file.FileUtils;
import com.xdja.pki.ra.core.util.json.JsonUtils;
import com.xdja.pki.ra.manager.dao.ApplyRecordDao;
import com.xdja.pki.ra.manager.dao.BaseUserDao;
import com.xdja.pki.ra.manager.dao.CaCertDao;
import com.xdja.pki.ra.manager.dao.CertApplyDao;
import com.xdja.pki.ra.manager.dao.CertTempDao;
import com.xdja.pki.ra.manager.dao.DoubleCodeDao;
import com.xdja.pki.ra.manager.dao.FreezeApplyDao;
import com.xdja.pki.ra.manager.dao.IssueApplyDao;
import com.xdja.pki.ra.manager.dao.RecoveryApplyDao;
import com.xdja.pki.ra.manager.dao.RevokeApplyDao;
import com.xdja.pki.ra.manager.dao.UpdateApplyDao;
import com.xdja.pki.ra.manager.dao.UserCertDao;
import com.xdja.pki.ra.manager.dao.model.ApplyRecordDO;
import com.xdja.pki.ra.manager.dao.model.BaseUserDO;
import com.xdja.pki.ra.manager.dao.model.BksIndexDO;
import com.xdja.pki.ra.manager.dao.model.CaCertDO;
import com.xdja.pki.ra.manager.dao.model.CertApplyDO;
import com.xdja.pki.ra.manager.dao.model.CertTempDO;
import com.xdja.pki.ra.manager.dao.model.DoubleCodeDO;
import com.xdja.pki.ra.manager.dao.model.UserCertDO;
import com.xdja.pki.ra.manager.dto.CertApplyDTO;
import com.xdja.pki.ra.manager.dto.FreezeApplyDTO;
import com.xdja.pki.ra.manager.dto.IssueApplyDTO;
import com.xdja.pki.ra.manager.dto.RecoveryApplyDTO;
import com.xdja.pki.ra.manager.dto.RevokeApplyDTO;
import com.xdja.pki.ra.manager.dto.UpdateApplyDTO;
import com.xdja.pki.ra.manager.dto.UserCertDTO;
import com.xdja.pki.ra.manager.page.PageInfo;
import com.xdja.pki.ra.manager.sdk.business.BaseDn;
import com.xdja.pki.ra.manager.sdk.business.CaBusinessManager;
import com.xdja.pki.ra.manager.sdk.cmp.CertLifeCycleManager;
import com.xdja.pki.ra.manager.sdk.cmp.bean.CertLifeInfo;
import com.xdja.pki.ra.service.manager.certapply.bean.ApplyRecordVO;
import com.xdja.pki.ra.service.manager.certapply.bean.CertApplyResp;
import com.xdja.pki.ra.service.manager.certapply.bean.CertApplyVO;
import com.xdja.pki.ra.service.manager.login.bean.CurrentAdminInfo;
import com.xdja.pki.ra.service.manager.system.SystemService;
import com.xdja.pki.ra.service.manager.usercert.UserCertService;
import com.xdja.pki.security.bean.Operator;
import com.xdja.pki.security.util.OperatorUtil;
import java.io.File;
import java.io.FileOutputStream;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.sql.Timestamp;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.naming.NamingException;
import org.apache.commons.collections4.MapUtils;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.DataAccessException;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.CollectionUtils;

@Service
/* loaded from: input_file:com/xdja/pki/ra/service/manager/certapply/CertApplyServiceImpl.class */
public class CertApplyServiceImpl implements CertApplyService {
    private Logger logger = LoggerFactory.getLogger(CertApplyServiceImpl.class);

    @Autowired
    CertApplyDao certApplyDao;

    @Autowired
    ApplyRecordDao applyRecordDao;

    @Autowired
    CertLifeCycleManager certLifeCycleManager;

    @Autowired
    UserCertDao userCertDao;

    @Autowired
    CaCertDao caCertDao;

    @Autowired
    IssueApplyDao issueApplyDao;

    @Autowired
    UpdateApplyDao updateApplyDao;

    @Autowired
    RevokeApplyDao revokeApplyDao;

    @Autowired
    RecoveryApplyDao recoveryApplyDao;

    @Autowired
    CertApplyService certApplyService;

    @Autowired
    UserCertService userCertService;

    @Autowired
    CaBusinessManager caBusinessManager;

    @Autowired
    BaseUserDao baseUserDao;

    @Autowired
    DoubleCodeDao doubleCodeDao;

    @Autowired
    FreezeApplyDao freezeApplyDao;

    @Autowired
    SystemService systemService;

    @Autowired
    RaSdkCache raSdkCache;

    @Autowired
    CertTempDao certTempDao;

    @Autowired
    CertTempCache certTempCache;

    public Result updateCertApplyInfo(String str, String str2, int i, Long l) {
        Result result = new Result();
        CertApplyDO certApplyInfo = this.certApplyDao.getCertApplyInfo(str2);
        if (null == certApplyInfo) {
            this.logger.info("========================待更新申请信息为空");
            result.setError(ErrorEnum.UPDATE_CERT_APPLY_INFO_FAIL);
            return result;
        }
        if (StringUtils.isNotBlank(str)) {
            certApplyInfo.setCertDn(str == null ? certApplyInfo.getCertDn() : str);
        }
        certApplyInfo.setApplyStatus(Integer.valueOf(i));
        certApplyInfo.setGmtUpdate(new Timestamp(System.currentTimeMillis()));
        if (l != null) {
            certApplyInfo.setTempId(l);
        }
        if (this.certApplyDao.updateCertApply(certApplyInfo) > 0) {
            return result;
        }
        this.logger.info("更新申请基本信息失败");
        result.setError(ErrorEnum.UPDATE_CERT_APPLY_INFO_FAIL);
        return result;
    }

    public Result insertCertApplyRecordScep(int i, int i2, String str, String str2, int i3, String str3, int i4, boolean z, boolean z2) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("记录申请操作和结果到apply_record表中 applyNo:[{}]", str);
        }
        Result result = new Result();
        ApplyRecordDO applyRecordDO = new ApplyRecordDO();
        applyRecordDO.setAdminId(0L);
        applyRecordDO.setAdminCertDn(str2);
        if (z) {
            applyRecordDO.setAdminId(0L);
            applyRecordDO.setAdminCertDn("自动审核");
        }
        applyRecordDO.setApplyNo(str);
        applyRecordDO.setOperateType(Integer.valueOf(i2));
        applyRecordDO.setApplyType(Integer.valueOf(i));
        applyRecordDO.setApplyStatus(Integer.valueOf(i3));
        applyRecordDO.setOperateResult(Integer.valueOf(i4));
        applyRecordDO.setRemark(str3 == null ? "" : str3);
        applyRecordDO.setGmtUpdate(new Timestamp(System.currentTimeMillis()));
        applyRecordDO.setGmtCreate(new Timestamp(System.currentTimeMillis()));
        try {
            this.applyRecordDao.addApplyRecord(applyRecordDO);
        } catch (Exception e) {
            this.logger.error("applyNo{}，记录申请操作异常{}", str, e.getMessage());
        }
        return result;
    }

    public Result insertCertApplyRecord(int i, int i2, String str, String str2, int i3, String str3, int i4, boolean z, boolean z2) {
        String str4;
        Result result = new Result();
        ApplyRecordDO applyRecordDO = new ApplyRecordDO();
        if (z2) {
            applyRecordDO.setAdminId(0L);
            if ("V2X" == str2 || StringUtils.isBlank(str2)) {
                str4 = "V2X";
            } else {
                try {
                    str4 = this.certApplyDao.getSystemCertDn(str2);
                } catch (DataAccessException e) {
                    this.logger.info("通过在线签发系统标识未获取到系统证书主体认定为V2X");
                    str4 = "V2X";
                }
                if (StringUtils.isBlank(str4)) {
                    str4 = "V2X";
                }
            }
            applyRecordDO.setAdminCertDn(str4);
        } else {
            Operator operator = OperatorUtil.getOperator();
            if (operator == null || operator.getCurrUser() == null) {
                result.setError(ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN);
                return result;
            }
            CurrentAdminInfo currentAdminInfo = (CurrentAdminInfo) operator.getCurrUser();
            long longValue = currentAdminInfo.getId().longValue();
            String certDn = currentAdminInfo.getCertDn();
            applyRecordDO.setAdminId(Long.valueOf(longValue));
            applyRecordDO.setAdminCertDn(certDn);
        }
        if (z) {
            applyRecordDO.setAdminId(0L);
            applyRecordDO.setAdminCertDn("自动审核");
        }
        applyRecordDO.setApplyNo(str);
        applyRecordDO.setOperateType(Integer.valueOf(i2));
        applyRecordDO.setApplyType(Integer.valueOf(i));
        applyRecordDO.setApplyStatus(Integer.valueOf(i3));
        applyRecordDO.setOperateResult(Integer.valueOf(i4));
        applyRecordDO.setRemark(str3 == null ? "" : str3);
        applyRecordDO.setGmtUpdate(new Timestamp(System.currentTimeMillis()));
        applyRecordDO.setGmtCreate(new Timestamp(System.currentTimeMillis()));
        try {
            this.applyRecordDao.addApplyRecord(applyRecordDO);
        } catch (Exception e2) {
            this.logger.error("applyNo{}，记录申请操作异常{}", str, e2.getMessage());
        }
        return result;
    }

    @Deprecated
    public Result updateCertApplyStatus(int i, int i2, String str, int i3, String str2, int i4) {
        Result result = new Result();
        Operator operator = OperatorUtil.getOperator();
        if (operator == null || operator.getCurrUser() == null) {
            result.setError(ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN);
            return result;
        }
        CurrentAdminInfo currentAdminInfo = (CurrentAdminInfo) operator.getCurrUser();
        long longValue = currentAdminInfo.getId().longValue();
        String certDn = currentAdminInfo.getCertDn();
        ApplyRecordDO applyRecordDO = new ApplyRecordDO();
        applyRecordDO.setApplyNo(str);
        applyRecordDO.setOperateType(Integer.valueOf(i2));
        applyRecordDO.setApplyType(Integer.valueOf(i));
        applyRecordDO.setApplyStatus(Integer.valueOf(i3));
        applyRecordDO.setAdminId(Long.valueOf(longValue));
        applyRecordDO.setAdminCertDn(certDn);
        applyRecordDO.setOperateResult(Integer.valueOf(i4));
        applyRecordDO.setRemark(str2);
        applyRecordDO.setGmtUpdate(new Timestamp(System.currentTimeMillis()));
        applyRecordDO.setGmtCreate(new Timestamp(System.currentTimeMillis()));
        if (this.applyRecordDao.addApplyRecord(applyRecordDO) != null) {
            return result;
        }
        this.logger.info("添加申请记录失败");
        result.setError(ErrorEnum.INSERT_APPLY_RECORD_FAIL);
        throw new RuntimeException();
    }

    public Result listUserApply(String str, String str2, int i, int i2, int i3, int i4) {
        CertApplyResp certApplyResp = new CertApplyResp();
        Result result = new Result();
        PageInfo listPageUserCert = this.certApplyDao.listPageUserCert(str, str2, i, i2, i3, i4);
        if (listPageUserCert == null) {
            result.setError(ErrorEnum.QUERY_CERT_APPLY_LIST_ERROR);
            return result;
        }
        ArrayList arrayList = new ArrayList();
        List<CertApplyDTO> list = listPageUserCert.getList();
        if (CollectionUtils.isEmpty(list)) {
            certApplyResp.setRecordCount(0);
            certApplyResp.setPageCount(0);
            certApplyResp.setDatas(arrayList);
            result.setInfo(certApplyResp);
            return result;
        }
        for (CertApplyDTO certApplyDTO : list) {
            CertApplyVO certApplyVO = new CertApplyVO();
            BeanUtils.copyProperties(certApplyDTO, certApplyVO);
            UserCertDTO certListInfo = this.userCertDao.getCertListInfo(certApplyDTO.getSystemFlag(), certApplyDTO.getTempId());
            certApplyVO.setSystemName(certListInfo.getSystemName());
            certApplyVO.setCertPatterm(certListInfo.getCertPatterm());
            certApplyVO.setTempNo(certListInfo.getTempNo());
            certApplyVO.setUserCA(certListInfo.getUserCA());
            certApplyVO.setGmtCreate(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format((Date) certApplyDTO.getGmtCreate()));
            arrayList.add(certApplyVO);
        }
        certApplyResp.setDatas(arrayList);
        certApplyResp.setPageCount(listPageUserCert.getPageCount());
        certApplyResp.setRecordCount(listPageUserCert.getRecordCount());
        result.setInfo(certApplyResp);
        return result;
    }

    public Result verifyUserCertApplyDn(String str) {
        Result result = new Result();
        try {
            X500Name rFC4519X500Name = DnUtil.getRFC4519X500Name(str);
            String x500Name = rFC4519X500Name.toString();
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("格式化之后的申请DN:{}", x500Name);
            }
            Result checkDn = CertDnVerifyUtils.checkDn(rFC4519X500Name);
            if (!checkDn.isSuccess()) {
                result.setError(checkDn.getError());
                return result;
            }
            Result checkCertDnSort = CertDnVerifyUtils.checkCertDnSort(rFC4519X500Name);
            if (checkCertDnSort.isSuccess()) {
                return result;
            }
            this.logger.error("证书的DN的类型先后顺序有误:{}", JsonUtils.object2Json(checkCertDnSort.getError()));
            result.setError(checkCertDnSort.getError());
            return result;
        } catch (Exception e) {
            this.logger.error("certDn异常", e);
            result.setError(ErrorEnum.CERT_APPLY_DN_IS_ERROR);
            return result;
        }
    }

    public Result verifyUserCertApplyDn(String str, long j, String str2) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("证书DN的校验规则,certDn:[{}] userId:[{}] applyNo:[{}]", new Object[]{str, Long.valueOf(j), str2});
        }
        Result verifyUserCertApplyDn = verifyUserCertApplyDn(str);
        if (!verifyUserCertApplyDn.isSuccess()) {
            return verifyUserCertApplyDn;
        }
        if (this.userCertDao.getUserCertByUserIdAndCertDN(str, j) >= 1) {
            this.logger.error("有多个的证书的DN信息同[{}]一致", str);
            verifyUserCertApplyDn.setError(ErrorEnum.USER_CERT_DN_HAVE_SAME_APPLY_CERT_DN);
            return verifyUserCertApplyDn;
        }
        if (this.certApplyDao.getCertApplyCountByCertDn(str, j) < 1) {
            return verifyUserCertApplyDn;
        }
        if (StringUtils.isNotBlank(str2) && str.equalsIgnoreCase(this.certApplyDao.getCertDnByApplyNo(str2))) {
            return verifyUserCertApplyDn;
        }
        this.logger.error("已存在相同证书主体的用户申请:{}", str);
        verifyUserCertApplyDn.setError(ErrorEnum.CERT_APPLY_CERT_DN_IS_EXIST);
        return verifyUserCertApplyDn;
    }

    public Result verifyUserCertApply(String str, int i) {
        Result result = new Result();
        if (i == 2) {
            if (this.updateApplyDao.getUnClosedUpdateApplyNum(str) > 0) {
                result.setError(ErrorEnum.SIGN_SN_HAS_UPDATE_APPLY_NOT_CLOSED);
                return result;
            }
        } else if (i == 3) {
            if (this.revokeApplyDao.getUnClosedRevokeApplyNum(str) > 0) {
                result.setError(ErrorEnum.SIGN_SN_HAS_REVOKE_APPLY_NOT_CLOSED);
                return result;
            }
        } else if (i == 4) {
            if (this.recoveryApplyDao.getUnClosedRecoveryApplyNum(str) > 0) {
                result.setError(ErrorEnum.SIGN_SN_HAS_RECOVERY_APPLY_NOT_CLOSED);
                return result;
            }
            if (this.userCertDao.getUserCertBaseInfoBySignSn(str).getCertType().intValue() == 1) {
                this.logger.info("单证不支持密钥恢复");
                result.setError(ErrorEnum.SINGLE_CERT_NOT_RECOVERY_APPLY);
                return result;
            }
        } else if ((i == 5 || i == 6) && this.freezeApplyDao.getUnClosedFreezeApplyNum(str) > 0) {
            this.logger.info("该sn已存在未结束的冻结解冻申请");
            result.setError(ErrorEnum.SIGN_SN_HAS_FREEZE_APPLY_NOT_CLOSED);
            return result;
        }
        return result;
    }

    @Transactional
    public Result issueCert(String str, IssueApplyDTO issueApplyDTO, byte[] bArr, String str2) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("systemFlag:[{}]", str);
        }
        Result result = new Result();
        Integer num = 1;
        String applyNo = issueApplyDTO.getApplyNo();
        String rAServiceDnName = getRAServiceDnName();
        String cAServiceDnName = getCAServiceDnName();
        String incCaCmpTransId = this.raSdkCache.getIncCaCmpTransId();
        this.raSdkCache.cacheCaTransId(applyNo, incCaCmpTransId);
        Result issueUserCert = this.certLifeCycleManager.issueUserCert(applyNo, (String) null, bArr, rAServiceDnName, cAServiceDnName, incCaCmpTransId, issueApplyDTO.getTempNo(), issueApplyDTO.getTempParas(), issueApplyDTO.getSignAlg(), issueApplyDTO.getCertValidity().intValue(), issueApplyDTO.getCertDn(), (Integer) null);
        if (issueUserCert.isSuccess()) {
            UserCertInfo userCertInfo = (UserCertInfo) issueUserCert.getInfo();
            Result insertUserCertInfo = insertUserCertInfo(issueApplyDTO.getUserId().longValue(), issueApplyDTO.getApplyId().longValue(), issueApplyDTO.getTempId().longValue(), issueApplyDTO.getTempNo(), issueApplyDTO.getSignAlg(), issueApplyDTO.getPrivateKeyLength().intValue(), userCertInfo);
            if (insertUserCertInfo.isSuccess()) {
                result.setInfo(userCertInfo);
                return result;
            }
            this.logger.info("将用户证书插入数据库失败");
            result.setError(insertUserCertInfo.getError());
            return result;
        }
        Result updateCertApplyInfo = this.certApplyService.updateCertApplyInfo(issueApplyDTO.getCertDn(), applyNo, 4, issueApplyDTO.getTempId());
        if (updateCertApplyInfo.getCode() != 0) {
            this.logger.info("操作签发失败:{}", JsonUtils.object2Json(updateCertApplyInfo));
            throw new RuntimeException();
        }
        if (str.equals("V2X")) {
            this.certApplyService.insertCertApplyRecord(num.intValue(), 5, applyNo, str, 4, issueUserCert.getErrorBean().getErrMsg(), 7, false, true);
        } else {
            this.certApplyService.insertCertApplyRecordScep(num.intValue(), 5, applyNo, str2, 4, issueUserCert.getErrorBean().getErrMsg(), 7, false, true);
        }
        this.logger.error("调用CA，签发证书失败:{} ", issueUserCert.getErrorBean().getErrMsg());
        result.setErrorBean(issueUserCert.getErrorBean());
        return result;
    }

    public Result updateCert(UpdateApplyDTO updateApplyDTO, byte[] bArr) {
        byte[] bArr2;
        Result result = new Result();
        Integer num = 2;
        String applyNo = updateApplyDTO.getApplyNo();
        String rAServiceDnName = getRAServiceDnName();
        String cAServiceDnName = getCAServiceDnName();
        String incCaCmpTransId = this.raSdkCache.getIncCaCmpTransId();
        this.raSdkCache.cacheCaTransId(applyNo, incCaCmpTransId);
        if (!updateApplyDTO.getUpdateKey().booleanValue()) {
            this.logger.info("在线更新申请不更新秘钥");
            bArr2 = null;
        } else {
            if (bArr == null) {
                this.logger.info("更新密钥时，必须上传p10文件");
                result.setError(ErrorEnum.UPDATE_KEY_NEED_P10_FILE);
                return result;
            }
            this.logger.info("在线更新申请更新秘钥");
            bArr2 = bArr;
        }
        Result updateUserCert = this.certLifeCycleManager.updateUserCert(applyNo, (String) null, bArr2, rAServiceDnName, cAServiceDnName, incCaCmpTransId, updateApplyDTO.getTempNo(), updateApplyDTO.getTempParas(), updateApplyDTO.getSignAlg(), updateApplyDTO.getCertValidity().intValue(), updateApplyDTO.getCertDn(), updateApplyDTO.getSignSn(), updateApplyDTO.getUpdateKey().booleanValue(), (Integer) null);
        if (updateUserCert.isSuccess()) {
            UserCertInfo userCertInfo = (UserCertInfo) updateUserCert.getInfo();
            if (insertUserCertInfo(updateApplyDTO.getUserId().longValue(), updateApplyDTO.getApplyId().longValue(), updateApplyDTO.getTempId().longValue(), updateApplyDTO.getTempNo(), updateApplyDTO.getSignAlg(), updateApplyDTO.getPrivateKeyLength().intValue(), userCertInfo).isSuccess()) {
                result.setInfo(userCertInfo);
                return result;
            }
            this.logger.info("将用户证书插入数据库失败");
            throw new ServiceException("用户证书插入数据库失败");
        }
        Result updateCertApplyInfo = this.certApplyService.updateCertApplyInfo(updateApplyDTO.getCertDn(), applyNo, 4, updateApplyDTO.getTempId());
        if (updateCertApplyInfo.getCode() != 0) {
            this.logger.info("操作签发失败:{}", JsonUtils.object2Json(updateCertApplyInfo));
            throw new ServiceException("证书更新失败");
        }
        this.certApplyService.insertCertApplyRecord(num.intValue(), 5, applyNo, (String) null, 4, updateApplyDTO.getApplyReason(), 7, false, true);
        this.logger.info("调用CA，更新证书失败 ");
        result.setErrorBean(updateUserCert.getErrorBean());
        return result;
    }

    /* JADX WARN: Finally extract failed */
    public Result issueUserCert(Integer num, String str, Integer num2, int i, String str2, String str3, String str4, byte[] bArr, int i2, boolean z, boolean z2, Map<String, Object> map, Integer num3) {
        SdfPrivateKey sdfPrivateKey;
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("certApplyCarry applyType:[{}] applyNo:[{}]", Integer.valueOf(i), str2);
        }
        Result result = new Result();
        if (!z) {
            Operator operator = OperatorUtil.getOperator();
            if (operator == null || operator.getCurrUser() == null) {
                this.logger.warn("[CertApplyServiceImpl#issueUserCert] applyNo:{} can't find current login admin", str2);
                result.setError(ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN);
                return result;
            }
            if (!((CurrentAdminInfo) operator.getCurrUser()).getRoleList().contains(5)) {
                this.logger.warn("[CertApplyServiceImpl#issueUserCert]applyNo:{}current login admin role is error", str2);
                result.setError(ErrorEnum.CURRENT_ADMIN_ROLE_IS_ERROR);
                return result;
            }
        }
        String rAServiceDnName = getRAServiceDnName();
        if (StringUtils.isBlank(rAServiceDnName)) {
            this.logger.info("获取RA服务器证书DN名字错误");
            result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        String cAServiceDnName = getCAServiceDnName();
        if (StringUtils.isBlank(cAServiceDnName)) {
            this.logger.info("获取CA服务器证书DN名字错误");
            result.setError(ErrorEnum.GET_CA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        CertApplyDO certApplyInfo = this.certApplyDao.getCertApplyInfo(str2);
        if (certApplyInfo == null) {
            this.logger.info("不存在当前申请编号对应的申请记录 applyNo:{}", str2);
            result.setError(ErrorEnum.CANNOT_FIND_APPLY_BY_NO);
            return result;
        }
        if ("RSA".equalsIgnoreCase(CommonVariable.getKeyAlgName()) && Constants.KEY_FORMAT_0016_2.equals(num3)) {
            this.logger.info("RSA算法不提供0016的私钥格式 keyAlgName:{}", CommonVariable.getKeyAlgName());
            result.setError(ErrorEnum.RSA_ALG_CANNOT_BUILD_0016_KEY_FORMAT);
            return result;
        }
        result.setLogContent("，证书主体=" + certApplyInfo.getCertDn());
        int intValue = certApplyInfo.getApplyStatus().intValue();
        if (3 != intValue) {
            this.logger.info("当前申请状态不可发起签发 applyStatus:{}", Integer.valueOf(intValue));
            result.setError(ErrorEnum.APPLY_STATUS_NOT_SUPPORT_ISSUE_CERT);
            return result;
        }
        String incCaCmpTransId = this.raSdkCache.getIncCaCmpTransId();
        this.raSdkCache.cacheCaTransId(str2, incCaCmpTransId);
        String str5 = null;
        if (i == 1) {
            Result issueApplyHandler = issueApplyHandler(num2, str2, str3, str4, bArr, rAServiceDnName, cAServiceDnName, incCaCmpTransId, i2, z, z2, map, num3);
            if (!issueApplyHandler.isSuccess()) {
                this.logger.info("签发证书申请处理失败");
                result.setErrorBean(issueApplyHandler.getErrorBean());
                return result;
            }
            result.setInfo(issueApplyHandler.getInfo());
        } else if (i == 2) {
            Result updateApplyHandler = updateApplyHandler(num2, str2, str3, str4, bArr, rAServiceDnName, cAServiceDnName, incCaCmpTransId, i2, z, z2, map, num3);
            if (!updateApplyHandler.isSuccess()) {
                this.logger.info("更新证书申请处理失败");
                result.setErrorBean(updateApplyHandler.getErrorBean());
                return result;
            }
            result.setInfo(updateApplyHandler.getInfo());
            str5 = this.updateApplyDao.getUpdateApplyInfoByApplyNo(str2).getSignSn();
        } else if (i == 4) {
            Result recoveryApplyHandler = recoveryApplyHandler(num2, str2, str3, str4, bArr, rAServiceDnName, cAServiceDnName, incCaCmpTransId, i2, z, num3);
            if (!recoveryApplyHandler.isSuccess()) {
                this.logger.info("恢复证书申请处理失败");
                result.setErrorBean(recoveryApplyHandler.getErrorBean());
                return result;
            }
            result.setInfo(recoveryApplyHandler.getInfo());
            str5 = this.recoveryApplyDao.getRecoveryApplyInfoByApplyNo(str2).getSignSn();
        }
        this.logger.info("UserCertInfo>>>>>>result:{}", JsonUtils.object2Json(result));
        UserCertInfo userCertInfo = (UserCertInfo) result.getInfo();
        if (i2 == 1 || z) {
            result.setInfo(userCertInfo);
            return result;
        }
        try {
            Integer certPatterm = this.certApplyDao.getCertPatterm(str2);
            ArrayList arrayList = new ArrayList();
            if (StringUtils.isNotBlank(userCertInfo.getEncPriKey())) {
                HashMap hashMap = new HashMap();
                hashMap.put("name", "EncPrivateKey");
                hashMap.put("suffix", "pem");
                hashMap.put("buffer", userCertInfo.getEncPriKey().getBytes());
                arrayList.add(hashMap);
            }
            String extraCertsP7b = userCertInfo.getExtraCertsP7b();
            if (num2.intValue() == 4) {
                HashMap hashMap2 = new HashMap();
                hashMap2.put("name", "UserCert");
                if (certPatterm.intValue() != 1) {
                    HashMap hashMap3 = new HashMap();
                    hashMap3.put("name", "EncCert");
                    hashMap3.put("suffix", "p7b");
                    hashMap3.put("buffer", userCertInfo.getEncCert().getBytes());
                    arrayList.add(hashMap3);
                    hashMap2.put("name", "SignCert");
                }
                hashMap2.put("suffix", "p7b");
                hashMap2.put("buffer", userCertInfo.getSignCert().getBytes());
                arrayList.add(hashMap2);
                HashMap hashMap4 = new HashMap();
                hashMap4.put("name", "CACert");
                hashMap4.put("suffix", "p7b");
                hashMap4.put("buffer", extraCertsP7b.getBytes());
                arrayList.add(hashMap4);
            } else {
                FileOutputStream fileOutputStream = null;
                FileOutputStream fileOutputStream2 = null;
                try {
                    if (num == null) {
                        try {
                            BksIndexDO bksIndex = this.certApplyDao.getBksIndex(str5);
                            if (null != bksIndex) {
                                num = bksIndex.getBksIndex();
                                str = HsmUtils.getDecrypt(bksIndex.getBksPassword());
                            } else {
                                String[] split = FileUtils.read(PathConstants.USER_CERT_KEYSTORE_FILE_PATH + "/" + str5 + "/index.txt").split("-");
                                num = Integer.valueOf(split[0]);
                                str = split.length == 2 ? HsmUtils.getDecrypt(split[1]) : null;
                            }
                        } catch (Exception e) {
                            this.logger.error("使用密码机生成keyStore失败", e);
                            result.setError(ErrorEnum.USE_HSM_GENERATE_BKS_KEYSTORE_ERROR);
                            if (0 != 0) {
                                try {
                                    fileOutputStream.close();
                                } catch (Exception e2) {
                                    this.logger.error("关闭流异常", e2);
                                    return result;
                                }
                            }
                            if (0 != 0) {
                                fileOutputStream2.close();
                            }
                            return result;
                        }
                    }
                    X509Certificate certFromStr = CertUtils.getCertFromStr(userCertInfo.getSignCert());
                    String lowerCase = certFromStr.getSerialNumber().toString(16).toLowerCase();
                    HashMap hashMap5 = new HashMap();
                    hashMap5.put("name", "CACert");
                    hashMap5.put("suffix", "p7b");
                    hashMap5.put("buffer", extraCertsP7b.getBytes());
                    arrayList.add(hashMap5);
                    if (certPatterm.intValue() != 1) {
                        HashMap hashMap6 = new HashMap();
                        hashMap6.put("name", "EncCert");
                        hashMap6.put("suffix", "cer");
                        hashMap6.put("buffer", userCertInfo.getEncCert().getBytes());
                        arrayList.add(hashMap6);
                        X509Certificate certFromStr2 = CertUtils.getCertFromStr(userCertInfo.getEncCert());
                        if (StringUtils.isNotBlank(str)) {
                            sdfPrivateKey = new SdfPrivateKey(num.intValue(), str.getBytes());
                        } else {
                            sdfPrivateKey = new SdfPrivateKey(num.intValue());
                            str = "";
                        }
                        File file = new File(PathConstants.USER_CERT_KEYSTORE_FILE_PATH + "/" + str2);
                        if (file.exists() && !file.delete()) {
                            result.setError(ErrorEnum.USE_HSM_GENERATE_BKS_KEYSTORE_ERROR);
                            if (0 != 0) {
                                try {
                                    fileOutputStream.close();
                                } catch (Exception e3) {
                                    this.logger.error("关闭流异常", e3);
                                }
                            }
                            if (0 != 0) {
                                fileOutputStream2.close();
                            }
                            return result;
                        }
                        if (!file.mkdirs()) {
                            result.setError(ErrorEnum.USE_HSM_GENERATE_BKS_KEYSTORE_ERROR);
                            if (0 != 0) {
                                try {
                                    fileOutputStream.close();
                                } catch (Exception e4) {
                                    this.logger.error("关闭流异常", e4);
                                }
                            }
                            if (0 != 0) {
                                fileOutputStream2.close();
                            }
                            return result;
                        }
                        String stringRandom = KeyStoreUtils.getStringRandom(8);
                        List resolveCertChain = Pkcs7Utils.resolveCertChain(extraCertsP7b);
                        KeyStore generateGMSSLKeyStoreWithType = GMSSLKeyStoreUtils.generateGMSSLKeyStoreWithType(stringRandom, resolveCertChain, str2 + "_sign", sdfPrivateKey, certFromStr, str2 + "_enc", sdfPrivateKey, certFromStr2, "BKS");
                        fileOutputStream = new FileOutputStream(PathConstants.USER_CERT_KEYSTORE_FILE_PATH + "/" + str2 + "/signAndEncCert_" + stringRandom + ".bks");
                        generateGMSSLKeyStoreWithType.store(fileOutputStream, stringRandom.toCharArray());
                        fileOutputStream.close();
                        HashMap hashMap7 = new HashMap();
                        hashMap7.put("name", "signAndEncCert_" + stringRandom);
                        hashMap7.put("suffix", "bks");
                        hashMap7.put("buffer", FileUtils.readByBinary(PathConstants.USER_CERT_KEYSTORE_FILE_PATH + str2 + "/signAndEncCert_" + stringRandom + ".bks"));
                        arrayList.add(hashMap7);
                        KeyStore generateGMSSLTrustStoreWithBKS = GMSSLKeyStoreUtils.generateGMSSLTrustStoreWithBKS((X509Certificate[]) resolveCertChain.toArray(new X509Certificate[resolveCertChain.size()]));
                        if (null == generateGMSSLTrustStoreWithBKS) {
                            result.setError(ErrorEnum.USE_HSM_GENERATE_BKS_KEYSTORE_ERROR);
                            if (null != fileOutputStream) {
                                try {
                                    fileOutputStream.close();
                                } catch (Exception e5) {
                                    this.logger.error("关闭流异常", e5);
                                }
                            }
                            if (0 != 0) {
                                fileOutputStream2.close();
                            }
                            return result;
                        }
                        String stringRandom2 = KeyStoreUtils.getStringRandom(8);
                        fileOutputStream2 = new FileOutputStream(PathConstants.USER_CERT_KEYSTORE_FILE_PATH + "/" + str2 + "/ca_" + stringRandom2 + ".bks");
                        generateGMSSLTrustStoreWithBKS.store(fileOutputStream2, stringRandom2.toCharArray());
                        fileOutputStream2.close();
                        HashMap hashMap8 = new HashMap();
                        hashMap8.put("name", "ca_" + stringRandom2);
                        hashMap8.put("suffix", "bks");
                        hashMap8.put("buffer", FileUtils.readByBinary(PathConstants.USER_CERT_KEYSTORE_FILE_PATH + str2 + "/ca_" + stringRandom2 + ".bks"));
                        arrayList.add(hashMap8);
                        FileUtils.deleteFile(new File(PathConstants.USER_CERT_KEYSTORE_FILE_PATH + "/" + str2));
                        BksIndexDO bksIndexDO = new BksIndexDO();
                        bksIndexDO.setBksIndex(num);
                        if (Constants.DATA_IS_ENCRYPTION_1.equals(CommonVariable.getIsEncrypt())) {
                            str = HsmUtils.getEncrypt(str);
                        }
                        bksIndexDO.setBksPassword(str);
                        bksIndexDO.setSignSn(lowerCase);
                        bksIndexDO.setGmtCreate(new Timestamp(System.currentTimeMillis()));
                        bksIndexDO.setGmtModified(new Timestamp(System.currentTimeMillis()));
                        this.certApplyDao.insertBksIndex(bksIndexDO);
                    }
                    if (null != fileOutputStream) {
                        try {
                            fileOutputStream.close();
                        } catch (Exception e6) {
                            this.logger.error("关闭流异常", e6);
                        }
                    }
                    if (null != fileOutputStream2) {
                        fileOutputStream2.close();
                    }
                } catch (Throwable th) {
                    if (0 != 0) {
                        try {
                            fileOutputStream.close();
                        } catch (Exception e7) {
                            this.logger.error("关闭流异常", e7);
                            throw th;
                        }
                    }
                    if (0 != 0) {
                        fileOutputStream2.close();
                    }
                    throw th;
                }
            }
            result.setInfo(arrayList);
            return result;
        } catch (Exception e8) {
            this.logger.info("获取签发证书申请基本信息为空");
            result.setError(ErrorEnum.GET_ISSUE_APPLY_INFO_IS_EMPTY);
            return result;
        }
    }

    public Result issueUserCertByKeyStore(int i, String str, int i2, boolean z, Integer num) {
        Result result = new Result();
        if (!z) {
            Operator operator = OperatorUtil.getOperator();
            if (operator == null || operator.getCurrUser() == null) {
                result.setError(ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN);
                return result;
            }
            if (!((CurrentAdminInfo) operator.getCurrUser()).getRoleList().contains(5)) {
                result.setError(ErrorEnum.CURRENT_ADMIN_ROLE_IS_ERROR);
                return result;
            }
        }
        String rAServiceDnName = getRAServiceDnName();
        if (StringUtils.isBlank(rAServiceDnName)) {
            this.logger.error("获取RA服务器证书DN名字错误");
            result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        String cAServiceDnName = getCAServiceDnName();
        if (StringUtils.isBlank(cAServiceDnName)) {
            this.logger.error("获取CA服务器证书DN名字错误");
            result.setError(ErrorEnum.GET_CA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        CertApplyDO certApplyInfo = this.certApplyDao.getCertApplyInfo(str);
        if (certApplyInfo == null) {
            this.logger.info("不存在当前申请编号对应的申请记录 applyNo:" + str);
            result.setError(ErrorEnum.CANNOT_FIND_APPLY_BY_NO);
            return result;
        }
        result.setLogContent("，证书主体=" + certApplyInfo.getCertDn());
        int intValue = certApplyInfo.getApplyStatus().intValue();
        if (3 != intValue) {
            this.logger.info("当前申请状态不可发起签发 applyStatus:" + intValue);
            result.setError(ErrorEnum.APPLY_STATUS_NOT_SUPPORT_ISSUE_CERT);
            return result;
        }
        String incCaCmpTransId = this.raSdkCache.getIncCaCmpTransId();
        this.raSdkCache.cacheCaTransId(str, incCaCmpTransId);
        if (i2 == 1) {
            Result issueApplyHandlerByKeyStore = issueApplyHandlerByKeyStore(str, rAServiceDnName, cAServiceDnName, incCaCmpTransId, i, z, num);
            if (!issueApplyHandlerByKeyStore.isSuccess()) {
                this.logger.info("签发证书申请处理失败");
                result.setErrorBean(issueApplyHandlerByKeyStore.getErrorBean());
                return result;
            }
            result.setInfo(issueApplyHandlerByKeyStore.getInfo());
        } else if (i2 == 2) {
            Result updateApplyHandlerByKeyStore = updateApplyHandlerByKeyStore(str, rAServiceDnName, cAServiceDnName, incCaCmpTransId, i, z, num);
            if (!updateApplyHandlerByKeyStore.isSuccess()) {
                this.logger.info("更新证书申请处理失败");
                result.setErrorBean(updateApplyHandlerByKeyStore.getErrorBean());
                return result;
            }
            result.setInfo(updateApplyHandlerByKeyStore.getInfo());
        } else if (i2 == 4) {
            Result recoveryApplyHandlerByKeyStore = recoveryApplyHandlerByKeyStore(str, rAServiceDnName, cAServiceDnName, incCaCmpTransId, i, z, num);
            if (!recoveryApplyHandlerByKeyStore.isSuccess()) {
                this.logger.info("恢复证书申请处理失败");
                result.setErrorBean(recoveryApplyHandlerByKeyStore.getErrorBean());
                return result;
            }
            result.setInfo(recoveryApplyHandlerByKeyStore.getInfo());
        }
        try {
            Integer certPatterm = this.certApplyDao.getCertPatterm(str);
            Map map = (Map) result.getInfo();
            Object obj = "jks";
            if (i == 1) {
                obj = "p12";
            } else if (i == 2) {
                obj = "jks";
            } else if (i == 3) {
                obj = "bks";
            }
            ArrayList arrayList = new ArrayList();
            HashMap hashMap = new HashMap();
            hashMap.put("name", "UserCert_" + new String((byte[]) map.get("signStorePwd")));
            if (certPatterm.intValue() != 1) {
                HashMap hashMap2 = new HashMap();
                hashMap2.put("name", "EncCert_" + new String((byte[]) map.get("encStorePwd")));
                hashMap2.put("suffix", obj);
                hashMap2.put("buffer", (byte[]) map.get("encStore"));
                arrayList.add(hashMap2);
                HashMap hashMap3 = new HashMap();
                hashMap3.put("name", "signAndEncCert_" + new String((byte[]) map.get("signAndEncPwd")));
                hashMap3.put("suffix", obj);
                hashMap3.put("buffer", (byte[]) map.get("signAndEncStore"));
                arrayList.add(hashMap3);
                hashMap.put("name", "SignCert_" + new String((byte[]) map.get("signStorePwd")));
            }
            hashMap.put("suffix", obj);
            hashMap.put("buffer", (byte[]) map.get("signStore"));
            arrayList.add(hashMap);
            HashMap hashMap4 = new HashMap();
            hashMap4.put("name", "CACert");
            hashMap4.put("suffix", "p7b");
            hashMap4.put("buffer", map.get("caCert"));
            arrayList.add(hashMap4);
            HashMap hashMap5 = new HashMap();
            hashMap5.put("name", "ca_" + new String((byte[]) map.get("caPwd")));
            hashMap5.put("suffix", obj);
            hashMap5.put("buffer", (byte[]) map.get("keyStoreCA"));
            arrayList.add(hashMap5);
            result.setInfo(arrayList);
            return result;
        } catch (Exception e) {
            this.logger.info("获取签发证书申请基本信息为空");
            result.setError(ErrorEnum.GET_ISSUE_APPLY_INFO_IS_EMPTY);
            return result;
        }
    }

    public Result formatUserCertInfo(String str) {
        Result result = new Result();
        UserCertInfo userCertInfo = (UserCertInfo) JsonUtils.json2Object(str, UserCertInfo.class);
        ArrayList arrayList = new ArrayList();
        HashMap hashMap = new HashMap();
        hashMap.put("name", "SignCert");
        hashMap.put("suffix", "p7b");
        hashMap.put("buffer", userCertInfo.getSignCert().getBytes());
        arrayList.add(hashMap);
        HashMap hashMap2 = new HashMap();
        hashMap2.put("name", "EncCert");
        hashMap2.put("suffix", "p7b");
        hashMap2.put("buffer", userCertInfo.getEncCert().getBytes());
        arrayList.add(hashMap2);
        HashMap hashMap3 = new HashMap();
        hashMap3.put("name", "EncPrivateKey");
        hashMap3.put("suffix", "pem");
        hashMap3.put("buffer", userCertInfo.getEncPriKey().getBytes());
        arrayList.add(hashMap3);
        result.setInfo(arrayList);
        return result;
    }

    public Result listApplyRecord(String str) {
        Result result = new Result();
        List<ApplyRecordDO> listApplyRecord = this.applyRecordDao.listApplyRecord(str);
        if (CollectionUtils.isEmpty(listApplyRecord)) {
            this.logger.info(str + " 该sn不存在申请记录");
            result.setError(ErrorEnum.SIGN_NO_NOT_HAVE_APPLY_RECORD);
            return result;
        }
        ArrayList arrayList = new ArrayList();
        for (ApplyRecordDO applyRecordDO : listApplyRecord) {
            ApplyRecordVO applyRecordVO = new ApplyRecordVO();
            BeanUtils.copyProperties(applyRecordDO, applyRecordVO);
            applyRecordVO.setGmtCreate(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format((Date) applyRecordDO.getGmtCreate()));
            applyRecordVO.setRemark(applyRecordDO.getRemark() == null ? "" : applyRecordDO.getRemark());
            arrayList.add(applyRecordVO);
        }
        result.setInfo(arrayList);
        return result;
    }

    public Result checkUserCertApply(String str, String str2, int i, boolean z, String str3, boolean z2) {
        int i2;
        int i3;
        int i4;
        int i5;
        int i6;
        int i7;
        int i8;
        Result result = new Result();
        String rAServiceDnName = getRAServiceDnName();
        if (StringUtils.isBlank(rAServiceDnName)) {
            this.logger.error("获取RA服务器证书DN名字错误");
            result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        String cAServiceDnName = getCAServiceDnName();
        if (StringUtils.isBlank(cAServiceDnName)) {
            this.logger.error("获取CA服务器证书DN名字错误");
            result.setError(ErrorEnum.GET_CA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        if (!z2) {
            Operator operator = OperatorUtil.getOperator();
            if (operator == null || operator.getCurrUser() == null) {
                result.setError(ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN);
                return result;
            }
            if (!((CurrentAdminInfo) operator.getCurrUser()).getRoleList().contains(4)) {
                result.setError(ErrorEnum.CURRENT_ADMIN_ROLE_IS_ERROR);
                return result;
            }
        }
        CertApplyDO certApplyInfo = this.certApplyDao.getCertApplyInfo(str, Integer.valueOf(i));
        if (certApplyInfo == null) {
            this.logger.info("该申请类型下不存在当前申请编号对应的申请记录 applyNo:{}", str);
            result.setError(ErrorEnum.CANNOT_FIND_APPLY_BY_NO);
            return result;
        }
        BaseUserDO baseUserInfo = this.baseUserDao.getBaseUserInfo(certApplyInfo.getUserId().longValue());
        if (baseUserInfo.getId() != null) {
            result.setLogContent("，用户ID=" + baseUserInfo.getId());
        }
        result.setLogContent(result.getLogContent() + "，证书主体=" + certApplyInfo.getCertDn());
        if (1 != certApplyInfo.getApplyStatus().intValue()) {
            this.logger.info("当前申请状态不是待审核状态 status:{}", certApplyInfo.getApplyStatus());
            result.setError(ErrorEnum.CERT_APPLY_TYPE_IS_NOT_NO_CHECK_1);
            return result;
        }
        if (!z) {
            Result updateCertApplyInfo = this.certApplyService.updateCertApplyInfo((String) null, str, 2, (Long) null);
            if (!updateCertApplyInfo.isSuccess()) {
                return updateCertApplyInfo;
            }
            this.certApplyService.insertCertApplyRecord(i, 3, str, str2, 2, str3, 3, false, z2);
            return updateCertApplyInfo;
        }
        if (3 == i) {
            try {
                RevokeApplyDTO revokeApplyInfoByApplyNo = this.revokeApplyDao.getRevokeApplyInfoByApplyNo(str);
                this.certApplyService.insertCertApplyRecord(3, 3, str, str2, 0, str3, 4, false, z2);
                Result revokeUserCert = this.certLifeCycleManager.revokeUserCert(str, rAServiceDnName, cAServiceDnName, revokeApplyInfoByApplyNo.getSignSn(), revokeApplyInfoByApplyNo.getCertDn(), revokeApplyInfoByApplyNo.getRevokeReason().intValue(), revokeApplyInfoByApplyNo.getApplyReason());
                if (revokeUserCert.isSuccess()) {
                    i8 = 7;
                    this.certApplyService.insertCertApplyRecord(3, 4, str, str2, 7, revokeApplyInfoByApplyNo.getApplyReason(), 6, false, z2);
                    Result updateUserCertStatus = this.userCertService.updateUserCertStatus(3, revokeApplyInfoByApplyNo.getSignSn());
                    if (!updateUserCertStatus.isSuccess()) {
                        this.logger.info("更新证书状态错误::{} ", JsonUtils.object2Json(updateUserCertStatus));
                        result.setError(updateUserCertStatus.getError());
                        throw new RuntimeException();
                    }
                } else {
                    this.logger.info("发起证书撤销失败 errorCode:{} ", Integer.valueOf(revokeUserCert.getErrorBean().getErrCode()));
                    result.setErrorBean(revokeUserCert.getErrorBean());
                    i8 = 6;
                    this.certApplyService.insertCertApplyRecord(3, 4, str, str2, 6, "证书撤销失败code:" + revokeUserCert.getErrorBean().getErrCode(), 5, false, z2);
                }
                Result updateCertApplyInfo2 = this.certApplyService.updateCertApplyInfo((String) null, str, i8, (Long) null);
                if (!updateCertApplyInfo2.isSuccess()) {
                    result.setError(updateCertApplyInfo2.getError());
                    return result;
                }
            } catch (EmptyResultDataAccessException e) {
                this.logger.info("getRevokeApplyInfo.applyNo:{} 查询撤销证书申请实体为空", str);
                this.logger.info("获取撤销证书申请详细信息为空");
                result.setError(ErrorEnum.GET_REVOKE_APPLY_INFO_IS_EMPTY);
                return result;
            }
        } else if (5 == i || 6 == i) {
            FreezeApplyDTO freezeApplyInfoByApplyNo = this.freezeApplyDao.getFreezeApplyInfoByApplyNo(str);
            if (freezeApplyInfoByApplyNo == null) {
                this.logger.info(ErrorEnum.GET_FREEZE_UNFREEZE_APPLY_INFO_IS_EMPTY.desc);
                result.setError(ErrorEnum.GET_FREEZE_UNFREEZE_APPLY_INFO_IS_EMPTY);
                return result;
            }
            this.certApplyService.insertCertApplyRecord(freezeApplyInfoByApplyNo.getApplyType().intValue(), 3, str, str2, 0, str3, 4, false, z2);
            CertLifeInfo certLifeInfo = new CertLifeInfo();
            certLifeInfo.setApplyNo(str);
            certLifeInfo.setRaDN(rAServiceDnName);
            certLifeInfo.setCaDN(cAServiceDnName);
            certLifeInfo.setSignSn(freezeApplyInfoByApplyNo.getSignSn());
            certLifeInfo.setUserCertDN(freezeApplyInfoByApplyNo.getCertDn());
            Result freezeUserCert = this.certLifeCycleManager.freezeUserCert(certLifeInfo, i, freezeApplyInfoByApplyNo.getApplyReason());
            if (freezeUserCert.isSuccess()) {
                if (i == ApplyTypeEnum.FREEZE_APPLY.id) {
                    i2 = 9;
                    i3 = 6;
                    i4 = 10;
                    i5 = 4;
                } else {
                    i2 = 11;
                    i3 = 7;
                    i4 = 12;
                    i5 = 1;
                }
                this.certApplyService.insertCertApplyRecord(i, i3, str, str2, i2, freezeApplyInfoByApplyNo.getApplyReason(), i4, false, z2);
                Result updateUserCertStatus2 = this.userCertService.updateUserCertStatus(i5, freezeApplyInfoByApplyNo.getSignSn());
                if (!updateUserCertStatus2.isSuccess()) {
                    this.logger.info("冻结解冻证书状态错误::{} ", JsonUtils.object2Json(updateUserCertStatus2));
                    result.setError(updateUserCertStatus2.getError());
                    throw new RuntimeException();
                }
            } else {
                this.logger.info("发起证书冻结解冻失败 errorCode:{} ", Integer.valueOf(freezeUserCert.getErrorBean().getErrCode()));
                result.setErrorBean(freezeUserCert.getErrorBean());
                if (i == ApplyTypeEnum.FREEZE_APPLY.id) {
                    i2 = 8;
                    i6 = 6;
                    i7 = 9;
                } else {
                    i2 = 10;
                    i6 = 7;
                    i7 = 11;
                }
                this.certApplyService.insertCertApplyRecord(i, i6, str, str2, i2, "证书冻结/解冻失败code:" + freezeUserCert.getErrorBean().getErrCode(), i7, false, z2);
            }
            Result updateCertApplyInfo3 = this.certApplyService.updateCertApplyInfo((String) null, str, i2, (Long) null);
            if (!updateCertApplyInfo3.isSuccess()) {
                result.setError(updateCertApplyInfo3.getError());
                return result;
            }
        } else if (3 != i) {
            if (baseUserInfo == null || baseUserInfo.getStatus().intValue() == 1) {
                this.logger.info("当前申请状态不是待审核状态 status:{}", certApplyInfo.getApplyStatus());
                result.setError(ErrorEnum.USER_STATUS_CANNOT_CHECK_PASS);
                return result;
            }
            result = this.certApplyService.updateCertApplyInfo((String) null, str, 3, (Long) null);
            if (!result.isSuccess()) {
                return result;
            }
            if (!baseUserInfo.getSystemFlag().equals("RA") && !z2) {
                DoubleCodeDO doubleCodeDO = new DoubleCodeDO();
                doubleCodeDO.setRefCode(baseUserInfo.getId());
                doubleCodeDO.setAuthCode(str);
                doubleCodeDO.setIsUse(Integer.valueOf(DoubleCodeUseEnum.NOT_USE.id));
                this.doubleCodeDao.InsertDouble(doubleCodeDO);
            }
            this.certApplyService.insertCertApplyRecord(i, 3, str, str2, 3, str3, 4, false, z2);
        }
        return result;
    }

    @Transactional
    public Result issueUserCertRespScep(String str, String str2) {
        Result result = new Result();
        String rAServiceDnName = getRAServiceDnName();
        if (StringUtils.isBlank(rAServiceDnName)) {
            this.logger.error("获取RA服务器证书DN名字错误");
            result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        String cAServiceDnName = getCAServiceDnName();
        if (StringUtils.isBlank(cAServiceDnName)) {
            this.logger.error("获取CA服务器证书DN名字错误");
            result.setError(ErrorEnum.GET_CA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        String caTransId = this.raSdkCache.getCaTransId(str);
        if (caTransId == null) {
            this.logger.info("获取本地缓存申请信息为空");
            result.setError(ErrorEnum.GET_LOCAL_CACHE_APPLY_INFO_IS_EMPTY);
            return result;
        }
        CertApplyDO certApplyInfo = this.certApplyDao.getCertApplyInfo(str);
        if (certApplyInfo == null) {
            this.logger.info("不存在当前申请编号对应的申请记录 applyNo:" + str);
            result.setError(ErrorEnum.CANNOT_FIND_APPLY_BY_NO);
            return result;
        }
        Result issueCertResp = this.certLifeCycleManager.issueCertResp(rAServiceDnName, cAServiceDnName, 1, caTransId);
        if (!issueCertResp.isSuccess()) {
            Result updateCertApplyInfo = this.certApplyService.updateCertApplyInfo(certApplyInfo.getCertDn(), str, 4, certApplyInfo.getTempId());
            if (updateCertApplyInfo.getCode() != 0) {
                this.logger.info("操作签发证书确认消息失败:" + JsonUtils.object2Json(updateCertApplyInfo));
                throw new RuntimeException();
            }
            this.certApplyService.insertCertApplyRecordScep(certApplyInfo.getApplyType().intValue(), 5, str, str2, 4, issueCertResp.getErrorBean().getErrMsg(), 7, false, true);
            this.logger.info("签发证书确认消息出错");
            result.setErrorBean(issueCertResp.getErrorBean());
            return result;
        }
        try {
            Result updateUserCertStatus = this.userCertService.updateUserCertStatus(1, (String) this.certApplyDao.getCertSnByApplyNo(str).get(0));
            if (!updateUserCertStatus.isSuccess()) {
                result.setError(updateUserCertStatus.getError());
                return result;
            }
            this.certApplyService.insertCertApplyRecordScep(1, 5, str, str2, 5, "用户证书-成功签发", 8, false, true);
            Result updateCertApplyInfo2 = this.certApplyService.updateCertApplyInfo(certApplyInfo.getCertDn(), str, 5, certApplyInfo.getTempId());
            if (updateCertApplyInfo2.getCode() == 0) {
                return result;
            }
            this.logger.info("操作签发失败:" + JsonUtils.object2Json(updateCertApplyInfo2));
            throw new RuntimeException();
        } catch (Exception e) {
            this.logger.error("根据申请编号{}，未找到对应的签发证书sn", str);
            result.setError(ErrorEnum.CANNOT_GET_CERT_SN_BY_APPLY_NO);
            return result;
        }
    }

    @Transactional
    public Result issueUserCertResp(String str, String str2, boolean z) {
        Result result = new Result();
        String rAServiceDnName = getRAServiceDnName();
        if (StringUtils.isBlank(rAServiceDnName)) {
            this.logger.error("获取RA服务器证书DN名字错误");
            result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        String cAServiceDnName = getCAServiceDnName();
        if (StringUtils.isBlank(cAServiceDnName)) {
            this.logger.error("获取CA服务器证书DN名字错误");
            result.setError(ErrorEnum.GET_CA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        if (!z) {
            Operator operator = OperatorUtil.getOperator();
            if (operator == null || operator.getCurrUser() == null) {
                result.setError(ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN);
                return result;
            }
            if (!((CurrentAdminInfo) operator.getCurrUser()).getRoleList().contains(5)) {
                result.setError(ErrorEnum.CURRENT_ADMIN_ROLE_IS_ERROR);
                return result;
            }
        }
        String caTransId = this.raSdkCache.getCaTransId(str);
        CertApplyDO certApplyInfo = this.certApplyDao.getCertApplyInfo(str);
        if (caTransId == null) {
            if (certApplyInfo == null) {
                this.logger.info("不存在当前申请编号对应的申请记录 applyNo:{}", str);
                result.setError(ErrorEnum.CANNOT_FIND_APPLY_BY_NO);
                return result;
            }
            Result updateCertApplyInfo = this.certApplyService.updateCertApplyInfo(certApplyInfo.getCertDn(), str, 4, certApplyInfo.getTempId());
            if (updateCertApplyInfo.getCode() != 0) {
                if (this.logger.isInfoEnabled()) {
                    this.logger.info("操作签发证书确认消息失败:{}", JsonUtils.object2Json(updateCertApplyInfo));
                }
                throw new ServiceException("操作签发证书确认消息失败!");
            }
            this.certApplyService.insertCertApplyRecord(certApplyInfo.getApplyType().intValue(), 5, str, str2, 4, ErrorEnum.GET_LOCAL_CACHE_APPLY_INFO_IS_EMPTY.desc, 7, false, z);
            this.logger.error("获取本地缓存申请信息为空");
            result.setError(ErrorEnum.GET_LOCAL_CACHE_APPLY_INFO_IS_EMPTY);
            return result;
        }
        Result issueCertResp = this.certLifeCycleManager.issueCertResp(rAServiceDnName, cAServiceDnName, 1, caTransId);
        if (!issueCertResp.isSuccess()) {
            Result updateCertApplyInfo2 = this.certApplyService.updateCertApplyInfo(certApplyInfo.getCertDn(), str, 4, certApplyInfo.getTempId());
            if (updateCertApplyInfo2.getCode() != 0) {
                if (this.logger.isInfoEnabled()) {
                    this.logger.info("操作签发证书确认消息失败:{}", JsonUtils.object2Json(updateCertApplyInfo2));
                }
                throw new ServiceException("操作签发证书确认消息失败!");
            }
            this.certApplyService.insertCertApplyRecord(certApplyInfo.getApplyType().intValue(), 5, str, str2, 4, issueCertResp.getErrorBean().getErrMsg(), 7, false, z);
            this.logger.error("签发证书确认消息出错");
            result.setErrorBean(issueCertResp.getErrorBean());
            return result;
        }
        StringBuilder sb = new StringBuilder();
        if (2 == certApplyInfo.getApplyType().intValue()) {
            UpdateApplyDTO updateApplyDTO = null;
            try {
                updateApplyDTO = this.updateApplyDao.getUpdateApplyInfoByApplyNo(str);
            } catch (EmptyResultDataAccessException e) {
                this.logger.info("getUpdateApplyInfoByApplyNo.applyNo:{} 查询更新证书申请实体为空", str);
            }
            if (updateApplyDTO == null) {
                this.logger.info("获取更新证书申请基本信息为空");
                result.setError(ErrorEnum.GET_UPDATE_APPLY_INFO_IS_EMPTY);
                return result;
            }
            try {
                this.userCertDao.updateDoubleUserCertStatus(3, updateApplyDTO.getSignSn());
                try {
                    Result updateUserCertStatus = this.userCertService.updateUserCertStatus(1, (String) this.certApplyDao.getCertSnByApplyNo(str).get(0));
                    if (!updateUserCertStatus.isSuccess()) {
                        result.setError(updateUserCertStatus.getError());
                        return result;
                    }
                } catch (Exception e2) {
                    this.logger.error("根据申请编号{}，未找到对应的签发证书sn", str);
                    result.setError(ErrorEnum.CANNOT_GET_CERT_SN_BY_APPLY_NO);
                    return result;
                }
            } catch (Exception e3) {
                this.logger.error("更新用户证书状态异常", e3);
                throw new ServiceException("更新用户证书状态异常");
            }
        } else if (4 == certApplyInfo.getApplyType().intValue()) {
            RecoveryApplyDTO recoveryApplyDTO = null;
            try {
                recoveryApplyDTO = this.recoveryApplyDao.getRecoveryApplyInfoByApplyNo(str);
            } catch (EmptyResultDataAccessException e4) {
                this.logger.info("getIssueApplyInfoByApplyNo.applyNo:" + str + " 查询恢复证书申请实体为空");
            }
            if (recoveryApplyDTO == null) {
                this.logger.info("获取恢复证书申请基本信息为空");
                result.setError(ErrorEnum.GET_RECOVERY_APPLY_INFO_IS_EMPTY);
                return result;
            }
            UserCertDO userCertBaseInfo = this.userCertDao.getUserCertBaseInfo(recoveryApplyDTO.getSignSn());
            UserCertDO userCertBaseInfo2 = this.userCertDao.getUserCertBaseInfo(recoveryApplyDTO.getEncSn());
            try {
                List certSnByApplyNo = this.certApplyDao.getCertSnByApplyNo(str);
                UserCertDO userCertBaseInfo3 = this.userCertDao.getUserCertBaseInfo((String) certSnByApplyNo.get(0));
                userCertBaseInfo2.setPairCertIndex(userCertBaseInfo3.getPairCertIndex());
                userCertBaseInfo2.setApplyId(userCertBaseInfo3.getApplyId());
                this.userCertDao.updateUserCert(userCertBaseInfo2);
                userCertBaseInfo.setCertStatus(3);
                userCertBaseInfo.setIsRecovery(1);
                this.userCertDao.updateUserCert(userCertBaseInfo);
                userCertBaseInfo3.setCertStatus(1);
                this.userCertDao.updateUserCert(userCertBaseInfo3);
                sb.append("，证书的SN=" + ((String) certSnByApplyNo.get(0)));
            } catch (Exception e5) {
                this.logger.error("根据申请编号{}，未找到对应的签发证书sn", str);
                result.setError(ErrorEnum.CANNOT_GET_CERT_SN_BY_APPLY_NO);
                return result;
            }
        } else {
            try {
                List certSnByApplyNo2 = this.certApplyDao.getCertSnByApplyNo(str);
                Result updateUserCertStatus2 = this.userCertService.updateUserCertStatus(1, (String) certSnByApplyNo2.get(0));
                if (!updateUserCertStatus2.isSuccess()) {
                    result.setError(updateUserCertStatus2.getError());
                    return result;
                }
                sb.append("，证书的SN=" + ((String) certSnByApplyNo2.get(0)));
            } catch (Exception e6) {
                this.logger.error("根据申请编号{}，未找到对应的签发证书sn", str);
                result.setError(ErrorEnum.CANNOT_GET_CERT_SN_BY_APPLY_NO);
                return result;
            }
        }
        this.certApplyService.insertCertApplyRecord(1, 5, str, str2, 5, "用户证书-成功签发", 8, false, z);
        result.setLogContent(sb.toString());
        result.setLogContent(sb.append("，证书主体=" + certApplyInfo.getCertDn()).toString());
        Result updateCertApplyInfo3 = this.certApplyService.updateCertApplyInfo(certApplyInfo.getCertDn(), str, 5, certApplyInfo.getTempId());
        if (updateCertApplyInfo3.getCode() == 0) {
            return result;
        }
        this.logger.info("操作签发失败:" + JsonUtils.object2Json(updateCertApplyInfo3));
        throw new RuntimeException();
    }

    public Result getUserCertStatus(String str) {
        Result result = new Result();
        try {
            String str2 = (String) this.certApplyDao.getCertSnByApplyNo(str).get(0);
            Result certStatus = this.caBusinessManager.getCertStatus(str2);
            if (!certStatus.isSuccess()) {
                return certStatus;
            }
            int intValue = ((Integer) certStatus.getInfo()).intValue();
            if (intValue != 0) {
                try {
                    this.userCertDao.updateDoubleUserCertStatus(intValue, str2);
                } catch (Exception e) {
                    this.logger.error("更新用户证书状态异常", e);
                    result.setError(ErrorEnum.UPDATE_USER_CERT_STATUS_EXCEPTION);
                    return result;
                }
            }
            result.setInfo(Integer.valueOf(intValue));
            return result;
        } catch (Exception e2) {
            this.logger.error("根据申请编号{}，未找到对应的签发证书sn", str);
            result.setError(ErrorEnum.CANNOT_GET_CERT_SN_BY_APPLY_NO);
            return result;
        }
    }

    public Result genErrorMsgContent(String str, int i, String str2, boolean z) {
        Result result = new Result();
        if (!z) {
            Operator operator = OperatorUtil.getOperator();
            if (operator == null || operator.getCurrUser() == null) {
                result.setError(ErrorEnum.CANNOT_FIND_CURRENT_LOGIN_ADMIN);
                return result;
            }
            if (!((CurrentAdminInfo) operator.getCurrUser()).getRoleList().contains(5)) {
                result.setError(ErrorEnum.CURRENT_ADMIN_ROLE_IS_ERROR);
                return result;
            }
        }
        String rAServiceDnName = getRAServiceDnName();
        if (StringUtils.isBlank(rAServiceDnName)) {
            this.logger.error("获取RA服务器证书DN名字错误");
            result.setError(ErrorEnum.GET_RA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        String cAServiceDnName = getCAServiceDnName();
        if (StringUtils.isBlank(cAServiceDnName)) {
            this.logger.error("获取CA服务器证书DN名字错误");
            result.setError(ErrorEnum.GET_CA_SERVICE_DN_NAME_ERROR);
            return result;
        }
        String caTransId = this.raSdkCache.getCaTransId(str);
        if (caTransId == null) {
            this.logger.info("获取本地缓存申请信息为空");
            result.setError(ErrorEnum.GET_LOCAL_CACHE_APPLY_INFO_IS_EMPTY);
            return result;
        }
        CertApplyDO certApplyInfo = this.certApplyDao.getCertApplyInfo(str);
        if (certApplyInfo == null) {
            this.logger.info("不存在当前申请编号对应的申请记录 applyNo:" + str);
            result.setError(ErrorEnum.CANNOT_FIND_APPLY_BY_NO);
            return result;
        }
        Result sendErrorCMPMessage = this.certLifeCycleManager.sendErrorCMPMessage(rAServiceDnName, cAServiceDnName, 1, caTransId, i, str2);
        if (sendErrorCMPMessage.isSuccess()) {
            Result updateCertApplyInfo = this.certApplyService.updateCertApplyInfo(certApplyInfo.getCertDn(), str, 4, certApplyInfo.getTempId());
            if (updateCertApplyInfo.getCode() != 0) {
                this.logger.info("操作签发证书确认消息失败:" + JsonUtils.object2Json(updateCertApplyInfo));
                throw new RuntimeException();
            }
            this.certApplyService.insertCertApplyRecord(certApplyInfo.getApplyType().intValue(), 5, str, (String) null, 4, str2, 7, false, z);
            return result;
        }
        Result updateCertApplyInfo2 = this.certApplyService.updateCertApplyInfo(certApplyInfo.getCertDn(), str, 4, certApplyInfo.getTempId());
        if (updateCertApplyInfo2.getCode() != 0) {
            this.logger.info("操作签发证书确认消息失败:" + JsonUtils.object2Json(updateCertApplyInfo2));
            throw new RuntimeException();
        }
        this.certApplyService.insertCertApplyRecord(certApplyInfo.getApplyType().intValue(), 5, str, (String) null, 4, sendErrorCMPMessage.getErrorBean().getErrMsg(), 7, false, z);
        this.logger.info("错误确认消息出错：" + JsonUtils.object2Json(sendErrorCMPMessage));
        result.setErrorBean(sendErrorCMPMessage.getErrorBean());
        return result;
    }

    public Result defaultContainer(String str) {
        Result result = new Result();
        try {
            Config configFile = this.systemService.getConfigFile("config.json");
            configFile.setDefaultContainer(str);
            this.systemService.updateConfigFile(configFile);
            return result;
        } catch (Exception e) {
            this.logger.error("保存默认容器操作异常", e);
            result.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
            return result;
        }
    }

    public Result getDefaultContainer() {
        Result result = new Result();
        try {
            Config configFile = this.systemService.getConfigFile("config.json");
            if (null == configFile) {
                this.logger.error("获取配置文件为空");
                result.setError(ErrorEnum.GET_DEFAULT_CONTAINER_IS_EMPTY);
                return result;
            }
            this.logger.info("默认容器为 ： " + configFile.getDefaultContainer());
            result.setInfo(configFile);
            return result;
        } catch (Exception e) {
            result.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
            return result;
        }
    }

    public Result getBaseDn(String str) {
        String str2 = null;
        try {
            str2 = this.certApplyDao.getBaseDnByTempNo(str);
        } catch (DataAccessException e) {
            this.logger.info("通过模板编号未获取到模板baseDn");
        }
        Result raBaseDn = getRaBaseDn();
        return !raBaseDn.isSuccess() ? raBaseDn : Result.success(new BaseDn(raBaseDn.getInfo().toString(), str2));
    }

    public Result getRaBaseDn() {
        String raBaseDn = CommonVariable.getRaBaseDn();
        if (!StringUtils.isBlank(raBaseDn)) {
            return Result.success(raBaseDn);
        }
        Result result = new Result();
        try {
            Config configFile = this.systemService.getConfigFile("config.json");
            String raBaseDn2 = configFile.getRaBaseDn();
            if (StringUtils.isNotBlank(raBaseDn2)) {
                return Result.success(raBaseDn2);
            }
            Result raBaseDN = this.caBusinessManager.getRaBaseDN();
            if (!raBaseDN.isSuccess()) {
                return raBaseDN;
            }
            String str = (String) raBaseDN.getInfo();
            configFile.setRaBaseDn(str);
            this.systemService.updateConfigFile(configFile);
            CommonVariable.setConfig(configFile);
            CommonVariable.setRaBaseDn(str);
            return Result.success(str);
        } catch (Exception e) {
            this.logger.error("写入raBaseDn服务操作config.json异常", e);
            result.setError(ErrorEnum.CONFIG_JSON_FILE_OPERATION_ERROR);
            return result;
        }
    }

    private Result insertUserCertInfo(long j, long j2, long j3, String str, String str2, int i, UserCertInfo userCertInfo) {
        Result result = new Result();
        String signCert = userCertInfo.getSignCert();
        if (StringUtils.isBlank(signCert)) {
            this.logger.info("CA返回的用户证书信息中，签名证书为空");
            result.setError(ErrorEnum.CA_RESPONSE_USER_SIGN_CERT_INFO_IS_EMPTY);
            return result;
        }
        X509Certificate certFromStr = CertUtils.getCertFromStr(signCert);
        if (certFromStr == null) {
            this.logger.info("CA返回的用户证书信息中，签名证书错误");
            result.setError(ErrorEnum.CA_RESPONSE_USER_SIGN_CERT_ERROR);
            return result;
        }
        long incPairCertIndex = this.raSdkCache.getIncPairCertIndex();
        UserCertDO userCertDO = new UserCertDO();
        userCertDO.setPairCertIndex(Long.valueOf(incPairCertIndex));
        if (StringUtils.isBlank(userCertInfo.getEncCert())) {
            userCertDO.setCertType(1);
        } else {
            userCertDO.setCertType(2);
        }
        userCertDO.setCertStatus(0);
        userCertDO.setUserId(Long.valueOf(j));
        userCertDO.setApplyId(Long.valueOf(j2));
        userCertDO.setTempId(Long.valueOf(j3));
        userCertDO.setTempNo(str);
        userCertDO.setSignAlg(str2);
        userCertDO.setPrivateKeyLength(Integer.valueOf(i));
        CaCertDO newCaCertInfo = this.caCertDao.getNewCaCertInfo();
        if (newCaCertInfo == null) {
            this.logger.info("获取CA证书信息为空");
            result.setError(ErrorEnum.GET_CA_CERT_INFO_IS_EMPTY);
            return result;
        }
        userCertDO.setCaCertId(newCaCertInfo.getId());
        userCertDO.setCertSn(certFromStr.getSerialNumber().toString(16).toLowerCase());
        userCertDO.setCertDn(CertUtils.getSubjectByX509Cert(certFromStr));
        Date notBefore = certFromStr.getNotBefore();
        Date notAfter = certFromStr.getNotAfter();
        userCertDO.setEffectiveTime(new Timestamp(notBefore.getTime()));
        userCertDO.setFailureTime(new Timestamp(notAfter.getTime()));
        int time = (int) ((notAfter.getTime() - notBefore.getTime()) / 86400000);
        userCertDO.setCertValidity(Integer.valueOf(time));
        int time2 = (int) ((newCaCertInfo.getFailureTime().getTime() - notBefore.getTime()) / 86400000);
        userCertDO.setEncKeyValidity(Integer.valueOf(time2));
        Date date = new Date();
        userCertDO.setGmtCreate(new Timestamp(date.getTime()));
        userCertDO.setGmtUpdate(new Timestamp(date.getTime()));
        UserCertDO insertUserCertInfo = this.userCertDao.insertUserCertInfo(userCertDO);
        String encCert = userCertInfo.getEncCert();
        if (StringUtils.isNotBlank(encCert)) {
            UserCertDO userCertDO2 = new UserCertDO();
            userCertDO2.setPairCertIndex(Long.valueOf(incPairCertIndex));
            userCertDO2.setCertType(3);
            userCertDO2.setCertStatus(0);
            userCertDO2.setUserId(Long.valueOf(j));
            userCertDO2.setApplyId(Long.valueOf(j2));
            userCertDO2.setTempId(Long.valueOf(j3));
            userCertDO2.setTempNo(str);
            userCertDO2.setSignAlg(str2);
            userCertDO2.setPrivateKeyLength(Integer.valueOf(i));
            userCertDO2.setCaCertId(newCaCertInfo.getId());
            userCertDO2.setEffectiveTime(new Timestamp(notBefore.getTime()));
            userCertDO2.setFailureTime(new Timestamp(notAfter.getTime()));
            userCertDO2.setCertValidity(Integer.valueOf(time));
            userCertDO2.setEncKeyValidity(Integer.valueOf(time2));
            X509Certificate certFromStr2 = CertUtils.getCertFromStr(encCert);
            if (certFromStr2 == null) {
                this.logger.info("CA返回的用户证书信息中，加密证书错误");
                result.setError(ErrorEnum.CA_RESPONSE_USER_ENC_CERT_ERROR);
                return result;
            }
            userCertDO2.setGmtCreate(new Timestamp(date.getTime()));
            userCertDO2.setGmtUpdate(new Timestamp(date.getTime()));
            userCertDO2.setCertSn(certFromStr2.getSerialNumber().toString(16).toLowerCase());
            userCertDO2.setSignCertSn(insertUserCertInfo.getCertSn());
            try {
                userCertDO2.setCertDn(CertUtils.getSubjectByX509Cert(certFromStr2));
                this.userCertDao.insertUserCertInfo(userCertDO2);
            } catch (Exception e) {
                this.logger.info("手动处理manager层的插入异常");
                this.userCertDao.deleteUserCert(insertUserCertInfo.getId().longValue());
            }
        }
        return result;
    }

    private Result issueApplyHandler(Integer num, String str, String str2, String str3, byte[] bArr, String str4, String str5, String str6, int i, boolean z, boolean z2, Map<String, Object> map, Integer num2) {
        byte[] bArr2;
        PublicKey publicKeyBySubjectPublicInfo;
        Result result = new Result();
        try {
            IssueApplyDTO issueApplyInfoByApplyNo = this.issueApplyDao.getIssueApplyInfoByApplyNo(str);
            int intValue = issueApplyInfoByApplyNo.getCertValidity().intValue();
            String signAlg = issueApplyInfoByApplyNo.getSignAlg();
            String tempNo = issueApplyInfoByApplyNo.getTempNo();
            String str7 = null;
            if (StringUtils.isNotBlank(issueApplyInfoByApplyNo.getTempParas())) {
                str7 = issueApplyInfoByApplyNo.getTempParas();
            }
            String chooseUserCertDn = chooseUserCertDn(map, issueApplyInfoByApplyNo.getCertDn());
            try {
                if (z) {
                    bArr2 = bArr;
                    publicKeyBySubjectPublicInfo = CertUtils.getPublicKeyBySubjectPublicInfo(Base64.toBase64String(bArr));
                } else {
                    publicKeyBySubjectPublicInfo = SdkP10Utils.p10ToPublicKey(new String(bArr));
                    bArr2 = publicKeyBySubjectPublicInfo.getEncoded();
                }
                result = checkApplyMsgEqualP10(publicKeyBySubjectPublicInfo, tempNo);
                if (!result.isSuccess()) {
                    return result;
                }
                Result issueUserCert = this.certLifeCycleManager.issueUserCert(str, str3, bArr2, str4, str5, str6, tempNo, str7, signAlg, intValue, chooseUserCertDn, num2);
                if (!issueUserCert.isSuccess()) {
                    Result updateCertApplyInfo = this.certApplyService.updateCertApplyInfo(issueApplyInfoByApplyNo.getCertDn(), str, 4, issueApplyInfoByApplyNo.getTempId());
                    if (updateCertApplyInfo.getCode() != 0) {
                        this.logger.info("操作签发失败:{}", JsonUtils.object2Json(updateCertApplyInfo));
                        throw new RuntimeException();
                    }
                    this.certApplyService.insertCertApplyRecord(1, 5, str, str2, 4, issueUserCert.getErrorBean().getErrMsg(), 7, false, z);
                    this.logger.error("调用CA，签发证书失败");
                    result.setErrorBean(issueUserCert.getErrorBean());
                    return result;
                }
                UserCertInfo userCertInfo = (UserCertInfo) issueUserCert.getInfo();
                Result insertUserCertInfo = insertUserCertInfo(issueApplyInfoByApplyNo.getUserId().longValue(), issueApplyInfoByApplyNo.getApplyId().longValue(), issueApplyInfoByApplyNo.getTempId().longValue(), issueApplyInfoByApplyNo.getTempNo(), signAlg, issueApplyInfoByApplyNo.getPrivateKeyLength().intValue(), userCertInfo);
                if (!insertUserCertInfo.isSuccess()) {
                    this.logger.info("将用户证书插入数据库失败");
                    result.setError(insertUserCertInfo.getError());
                    return result;
                }
                if (i == 1 || z || num.intValue() == 5) {
                    result.setInfo(userCertInfo);
                    return result;
                }
                try {
                    List resolveCertChain = Pkcs7Utils.resolveCertChain(userCertInfo.getExtraCertsP7b());
                    X509Certificate certFromStr = CertUtils.getCertFromStr(userCertInfo.getSignCert());
                    resolveCertChain.add(certFromStr);
                    userCertInfo.setSignCert(SignedDataUtils.createCertChainByCerts(resolveCertChain));
                    if (issueApplyInfoByApplyNo.getCertPatterm().intValue() != 1) {
                        resolveCertChain.remove(certFromStr);
                        resolveCertChain.add(CertUtils.getCertFromStr(userCertInfo.getEncCert()));
                        userCertInfo.setEncCert(SignedDataUtils.createCertChainByCerts(resolveCertChain));
                    }
                    result.setInfo(userCertInfo);
                    return result;
                } catch (Exception e) {
                    this.logger.error("sdk接口-封装证书链异常", e);
                    result.setError(ErrorEnum.BUILD_TRAIN_CERT_P7b_IS_ERROR);
                    return result;
                }
            } catch (Exception e2) {
                this.logger.error("从P10中获取公钥信息异常", e2);
                result.setError(ErrorEnum.GET_PUBLIC_KEY_FROM_P10_EXCEPTION);
                return result;
            }
        } catch (Exception e3) {
            this.logger.info("获取签发证书申请基本信息为空");
            result.setError(ErrorEnum.GET_ISSUE_APPLY_INFO_IS_EMPTY);
            return result;
        }
    }

    private Result updateApplyHandler(Integer num, String str, String str2, String str3, byte[] bArr, String str4, String str5, String str6, int i, boolean z, boolean z2, Map<String, Object> map, Integer num2) {
        Result result = new Result();
        UpdateApplyDTO updateApplyDTO = null;
        try {
            updateApplyDTO = this.updateApplyDao.getUpdateApplyInfoByApplyNo(str);
        } catch (EmptyResultDataAccessException e) {
            this.logger.info("查询更新证书申请实体为空 getUpdateApplyInfo.applyNo:{}", str);
        }
        if (updateApplyDTO == null) {
            this.logger.info("获取更新证书申请基本信息为空");
            result.setError(ErrorEnum.GET_UPDATE_APPLY_INFO_IS_EMPTY);
            return result;
        }
        int i2 = 0;
        if (updateApplyDTO.getUpdateValidity().booleanValue()) {
            i2 = updateApplyDTO.getCertValidity().intValue();
        }
        String tempNo = updateApplyDTO.getTempNo();
        String str7 = null;
        if (StringUtils.isNotBlank(updateApplyDTO.getTempParas())) {
            str7 = updateApplyDTO.getTempParas();
        }
        byte[] bArr2 = null;
        PublicKey publicKey = null;
        if (z) {
            if (!updateApplyDTO.getUpdateKey().booleanValue()) {
                this.logger.info("在线更新申请不更新秘钥");
                bArr2 = null;
            } else {
                if (bArr == null) {
                    this.logger.info("更新密钥时，必须上传p10文件");
                    result.setError(ErrorEnum.UPDATE_KEY_NEED_P10_FILE);
                    return result;
                }
                this.logger.info("在线更新申请更新秘钥");
                bArr2 = bArr;
                publicKey = CertUtils.getPublicKeyBySubjectPublicInfo(Base64.toBase64String(bArr));
            }
        } else if (updateApplyDTO.getUpdateKey().booleanValue()) {
            try {
                publicKey = SdkP10Utils.p10ToPublicKey(new String(bArr));
                if (publicKey == null) {
                    this.logger.info("更新密钥时，必须上传p10文件");
                    result.setError(ErrorEnum.UPDATE_KEY_NEED_P10_FILE);
                    return result;
                }
                bArr2 = publicKey.getEncoded();
            } catch (Exception e2) {
                this.logger.info("从P10中获取公钥信息异常", e2);
                result.setError(ErrorEnum.GET_PUBLIC_KEY_FROM_P10_EXCEPTION);
                return result;
            }
        }
        if (null != publicKey) {
            result = checkApplyMsgEqualP10(publicKey, tempNo);
            if (!result.isSuccess()) {
                return result;
            }
        }
        Result updateUserCert = this.certLifeCycleManager.updateUserCert(str, str3, bArr2, str4, str5, str6, tempNo, str7, updateApplyDTO.getSignAlg(), i2, chooseUserCertDn(map, updateApplyDTO.getCertDn()), updateApplyDTO.getSignSn(), updateApplyDTO.getUpdateKey().booleanValue(), num2);
        if (!updateUserCert.isSuccess()) {
            Result updateCertApplyInfo = this.certApplyService.updateCertApplyInfo(updateApplyDTO.getCertDn(), str, 4, updateApplyDTO.getTempId());
            if (updateCertApplyInfo.getCode() != 0) {
                this.logger.info("操作签发失败:" + JsonUtils.object2Json(updateCertApplyInfo));
                throw new RuntimeException();
            }
            this.certApplyService.insertCertApplyRecord(2, 5, str, str2, 4, updateApplyDTO.getApplyReason(), 7, false, z);
            this.logger.info("调用CA，更新证书失败");
            result.setErrorBean(updateUserCert.getErrorBean());
            return result;
        }
        UserCertInfo userCertInfo = (UserCertInfo) updateUserCert.getInfo();
        if (!insertUserCertInfo(updateApplyDTO.getUserId().longValue(), updateApplyDTO.getApplyId().longValue(), updateApplyDTO.getTempId().longValue(), updateApplyDTO.getTempNo(), updateApplyDTO.getSignAlg(), updateApplyDTO.getPrivateKeyLength().intValue(), userCertInfo).isSuccess()) {
            this.logger.info("将用户证书插入数据库失败");
            throw new RuntimeException();
        }
        if (i == 1 || z || num.intValue() == 5) {
            result.setInfo(userCertInfo);
            return result;
        }
        try {
            List resolveCertChain = Pkcs7Utils.resolveCertChain(userCertInfo.getExtraCertsP7b());
            X509Certificate certFromStr = CertUtils.getCertFromStr(userCertInfo.getSignCert());
            resolveCertChain.add(certFromStr);
            userCertInfo.setSignCert(SignedDataUtils.createCertChainByCerts(resolveCertChain));
            if (updateApplyDTO.getCertPatterm().intValue() != 1) {
                resolveCertChain.remove(certFromStr);
                resolveCertChain.add(CertUtils.getCertFromStr(userCertInfo.getEncCert()));
                userCertInfo.setEncCert(SignedDataUtils.createCertChainByCerts(resolveCertChain));
            }
            result.setInfo(userCertInfo);
            return result;
        } catch (Exception e3) {
            this.logger.error("sdk接口-封装证书链异常", e3);
            result.setError(ErrorEnum.BUILD_TRAIN_CERT_P7b_IS_ERROR);
            return result;
        }
    }

    private Result recoveryApplyHandler(Integer num, String str, String str2, String str3, byte[] bArr, String str4, String str5, String str6, int i, boolean z, Integer num2) {
        PublicKey p10ToPublicKey;
        byte[] encoded;
        Result result = new Result();
        try {
            RecoveryApplyDTO recoveryApplyInfoByApplyNo = this.recoveryApplyDao.getRecoveryApplyInfoByApplyNo(str);
            if (z) {
                encoded = bArr;
                p10ToPublicKey = CertUtils.getPublicKeyBySubjectPublicInfo(Base64.toBase64String(bArr));
            } else {
                try {
                    p10ToPublicKey = SdkP10Utils.p10ToPublicKey(new String(bArr));
                    encoded = p10ToPublicKey.getEncoded();
                } catch (Exception e) {
                    this.logger.info("从P10中获取公钥信息异常", e);
                    result.setError(ErrorEnum.GET_PUBLIC_KEY_FROM_P10_EXCEPTION);
                    return result;
                }
            }
            Result checkApplyMsgEqualP10 = checkApplyMsgEqualP10(p10ToPublicKey, recoveryApplyInfoByApplyNo.getTempNo());
            if (!checkApplyMsgEqualP10.isSuccess()) {
                return checkApplyMsgEqualP10;
            }
            String signAlg = recoveryApplyInfoByApplyNo.getSignAlg();
            Result recoveryUserCert = this.certLifeCycleManager.recoveryUserCert(str, str4, str5, encoded, recoveryApplyInfoByApplyNo.getSignSn(), str6, signAlg, recoveryApplyInfoByApplyNo.getCertDn(), num2);
            if (!recoveryUserCert.isSuccess()) {
                Result updateCertApplyInfo = this.certApplyService.updateCertApplyInfo(recoveryApplyInfoByApplyNo.getCertDn(), str, 4, Long.valueOf(recoveryApplyInfoByApplyNo.getTempId()));
                if (updateCertApplyInfo.getCode() != 0) {
                    this.logger.info("操作恢复失败:{}", JsonUtils.object2Json(updateCertApplyInfo));
                    throw new RuntimeException();
                }
                this.certApplyService.insertCertApplyRecord(4, 5, str, str2, 4, recoveryUserCert.getErrorBean().getErrMsg(), 7, false, z);
                this.logger.info("调用CA，签发证书失败");
                checkApplyMsgEqualP10.setErrorBean(recoveryUserCert.getErrorBean());
                return checkApplyMsgEqualP10;
            }
            UserCertInfo userCertInfo = (UserCertInfo) recoveryUserCert.getInfo();
            Result insertUserCertInfoByRecovery = insertUserCertInfoByRecovery(recoveryApplyInfoByApplyNo.getUserId(), recoveryApplyInfoByApplyNo.getApplyId(), recoveryApplyInfoByApplyNo.getTempId(), recoveryApplyInfoByApplyNo.getTempNo(), signAlg, recoveryApplyInfoByApplyNo.getPrivateKeyLength(), userCertInfo);
            if (!insertUserCertInfoByRecovery.isSuccess()) {
                this.logger.info("将用户证书插入数据库失败");
                checkApplyMsgEqualP10.setError(insertUserCertInfoByRecovery.getError());
                return checkApplyMsgEqualP10;
            }
            if (i == 1 || z || num.intValue() == 5) {
                checkApplyMsgEqualP10.setInfo(userCertInfo);
                return checkApplyMsgEqualP10;
            }
            try {
                List resolveCertChain = Pkcs7Utils.resolveCertChain(userCertInfo.getExtraCertsP7b());
                X509Certificate certFromStr = CertUtils.getCertFromStr(userCertInfo.getSignCert());
                resolveCertChain.add(certFromStr);
                userCertInfo.setSignCert(SignedDataUtils.createCertChainByCerts(resolveCertChain));
                resolveCertChain.remove(certFromStr);
                resolveCertChain.add(CertUtils.getCertFromStr(userCertInfo.getEncCert()));
                userCertInfo.setEncCert(SignedDataUtils.createCertChainByCerts(resolveCertChain));
                checkApplyMsgEqualP10.setInfo(userCertInfo);
                return checkApplyMsgEqualP10;
            } catch (Exception e2) {
                this.logger.error("sdk接口-封装证书链异常", e2);
                checkApplyMsgEqualP10.setError(ErrorEnum.BUILD_TRAIN_CERT_P7b_IS_ERROR);
                return checkApplyMsgEqualP10;
            }
        } catch (Exception e3) {
            this.logger.info("获取恢复证书申请基本信息为空");
            result.setError(ErrorEnum.GET_ISSUE_APPLY_INFO_IS_EMPTY);
            return result;
        }
    }

    private String chooseUserCertDn(Map<String, Object> map, String str) {
        String str2;
        if (MapUtils.isNotEmpty(map) && map.containsKey("certDn")) {
            str2 = (String) map.get("certDn");
            try {
                str2 = DnUtil.getRFC4519X500Name(str2).toString();
            } catch (NamingException e) {
                this.logger.info("离线签发使用用户自定义的DN格式异常", e);
            }
            this.logger.info("[CertApplyServiceImpl#chooseUserCertDn] 离线形式的签发证书，使用用户传入的自定义 certDn ={} 制证", str2);
        } else {
            str2 = str;
            this.logger.info("[CertApplyServiceImpl#chooseUserCertDn] 使用申请书中 certDn ={} 制证", str2);
        }
        return str2;
    }

    private Result checkApplyMsgEqualP10(PublicKey publicKey, String str) {
        String str2;
        this.logger.info("开始校验申请中的公钥信息和模板要求是否一致");
        Result result = new Result();
        CertTempDO certTempInfoByTempNo = this.certTempCache.getCertTempInfoByTempNo(str);
        String publicKeyAlg = certTempInfoByTempNo.getPublicKeyAlg();
        Integer privateKeyLength = certTempInfoByTempNo.getPrivateKeyLength();
        SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
        ASN1Encodable parameters = subjectPublicKeyInfo.getAlgorithmId().getParameters();
        if ("RSA".equals(publicKey.getAlgorithm())) {
            str2 = "RSA";
        } else {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier(parameters.toString());
            if (aSN1ObjectIdentifier.equals(SM2ObjectIdentifiers.sm2256)) {
                str2 = "SM2";
            } else {
                if (!aSN1ObjectIdentifier.equals(NISTObjectIdentifiers.nist256)) {
                    this.logger.info("不支持的签名算法");
                    result.setError(ErrorEnum.NOT_SUPPORTED_SIGN_ALG);
                    return result;
                }
                str2 = "NIST";
            }
        }
        this.logger.info("申请书中的用户算法为:{}", str2);
        if (!str2.equalsIgnoreCase(publicKeyAlg)) {
            this.logger.info("用户证书算法和当前模板公钥算法不一致");
            result.setError(ErrorEnum.USER_CERT_KEY_ALG_NOT_SAME_WITH_TEMP);
            return result;
        }
        try {
            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(new DERBitString(subjectPublicKeyInfo).getBytes());
            if (str2.equalsIgnoreCase("SM2") || str2.equalsIgnoreCase("NIST")) {
                this.logger.info("证书密钥算法长度为:{}", Integer.valueOf(KeyFactory.getInstance("EC", "BC").generatePublic(x509EncodedKeySpec).getW().getAffineX().bitLength()));
                if (privateKeyLength.intValue() != 256) {
                    this.logger.error("用户证书秘钥算法长度和模板秘钥长度不一致");
                    result.setError(ErrorEnum.USER_CERT_KEY_ALG_LENGTH_NOT_SAME_WITH_TEMP);
                    return result;
                }
            } else {
                if (privateKeyLength.intValue() != KeyFactory.getInstance("RSA", "BC").generatePublic(x509EncodedKeySpec).getModulus().bitLength()) {
                    this.logger.info("用户证书秘钥算法长度和模板秘钥长度不一致");
                    result.setError(ErrorEnum.USER_CERT_KEY_ALG_LENGTH_NOT_SAME_WITH_TEMP);
                    return result;
                }
            }
            return Result.success();
        } catch (Exception e) {
            this.logger.info("[CertApplyServiceImpl#checkApplyMsgEqualP10] 申请信息和P10一致性校验 IOException", e);
            result.setError(ErrorEnum.GET_PUBLIC_KEY_FROM_P10_EXCEPTION);
            return result;
        }
    }

    private Result issueApplyHandlerByKeyStore(String str, String str2, String str3, String str4, int i, boolean z, Integer num) {
        Result result = new Result();
        try {
            IssueApplyDTO issueApplyInfoByApplyNo = this.issueApplyDao.getIssueApplyInfoByApplyNo(str);
            int intValue = issueApplyInfoByApplyNo.getCertValidity().intValue();
            String signAlg = issueApplyInfoByApplyNo.getSignAlg();
            String tempNo = issueApplyInfoByApplyNo.getTempNo();
            String tempParas = StringUtils.isNotBlank(issueApplyInfoByApplyNo.getTempParas()) ? issueApplyInfoByApplyNo.getTempParas() : null;
            String certDn = issueApplyInfoByApplyNo.getCertDn();
            String keyAlg = issueApplyInfoByApplyNo.getKeyAlg();
            int intValue2 = issueApplyInfoByApplyNo.getPrivateKeyLength().intValue();
            this.logger.info("密钥算法：" + keyAlg + " 密钥长度：" + intValue2);
            try {
                KeyPair genKeyPair = KeyUtils.genKeyPair(keyAlg, intValue2);
                Result issueUserCert = this.certLifeCycleManager.issueUserCert(str, (String) null, genKeyPair.getPublic().getEncoded(), str2, str3, str4, tempNo, tempParas, signAlg, intValue, certDn, num);
                if (!issueUserCert.isSuccess()) {
                    Result updateCertApplyInfo = this.certApplyService.updateCertApplyInfo(issueApplyInfoByApplyNo.getCertDn(), str, 4, issueApplyInfoByApplyNo.getTempId());
                    if (updateCertApplyInfo.getCode() != 0) {
                        this.logger.info("操作签发失败:" + JsonUtils.object2Json(updateCertApplyInfo));
                        throw new RuntimeException();
                    }
                    this.certApplyService.insertCertApplyRecord(1, 5, str, (String) null, 4, issueUserCert.getErrorBean().getErrMsg(), 7, false, z);
                    this.logger.error("调用CA，签发证书失败");
                    result.setErrorBean(issueUserCert.getErrorBean());
                    return result;
                }
                UserCertInfo userCertInfo = (UserCertInfo) issueUserCert.getInfo();
                Result insertUserCertInfo = insertUserCertInfo(issueApplyInfoByApplyNo.getUserId().longValue(), issueApplyInfoByApplyNo.getApplyId().longValue(), issueApplyInfoByApplyNo.getTempId().longValue(), issueApplyInfoByApplyNo.getTempNo(), signAlg, issueApplyInfoByApplyNo.getPrivateKeyLength().intValue(), userCertInfo);
                if (!insertUserCertInfo.isSuccess()) {
                    this.logger.info("将用户证书插入数据库失败");
                    result.setError(insertUserCertInfo.getError());
                    return result;
                }
                PrivateKey privateKey = null;
                if (issueApplyInfoByApplyNo.getCertPatterm().intValue() != 1) {
                    try {
                        this.logger.info("签名私钥：{}", Base64.toBase64String(genKeyPair.getPrivate().getEncoded()));
                        this.logger.info("私钥信封：{}", userCertInfo.getEncPriKey());
                        String dataFromSignedAndEnvelopedDataByBc = CertUtils.getDataFromSignedAndEnvelopedDataByBc(genKeyPair.getPrivate().getEncoded(), userCertInfo.getEncPriKey().getBytes(), CommonVariable.getKeyAlgName());
                        this.logger.info("加密私钥：{}", dataFromSignedAndEnvelopedDataByBc);
                        byte[] decode = Base64.decode(dataFromSignedAndEnvelopedDataByBc);
                        if (CommonVariable.getKeyAlgName().equalsIgnoreCase("SM2")) {
                            byte[] bArr = new byte[32];
                            System.arraycopy(decode, 32, bArr, 0, 32);
                            privateKey = GMSSLX509Utils.convertSM2PrivateKey(bArr);
                        } else if (CommonVariable.getKeyAlgName().equalsIgnoreCase("RSA")) {
                            privateKey = KeyFactory.getInstance(RsaObjectIdentifiers.rsaEncryption.getId(), (Provider) new BouncyCastleProvider()).generatePrivate(new PKCS8EncodedKeySpec(decode));
                        } else {
                            byte[] bArr2 = new byte[32];
                            System.arraycopy(decode, 32, bArr2, 0, 32);
                            privateKey = GMSSLX509Utils.convertPrivateKeyEncode(bArr2);
                        }
                    } catch (Exception e) {
                        this.logger.error("从P7b格式中获取加密私钥失败", e);
                        result.setError(ErrorEnum.GET_ENC_PUBLIC_KEY_FROM_P7B_FAIL);
                        return result;
                    }
                }
                try {
                    List sortCerts = CertUtils.sortCerts(Pkcs7Utils.resolveCertChain(userCertInfo.getExtraCertsP7b()));
                    X509Certificate[] x509CertificateArr = new X509Certificate[sortCerts.size()];
                    sortCerts.toArray(x509CertificateArr);
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        if (this.logger.isDebugEnabled()) {
                            this.logger.debug("caCert.length {}", Integer.valueOf(x509CertificateArr.length));
                            this.logger.debug("caCert issuer{}", CertUtils.getIssuerByX509Cert(x509Certificate));
                            this.logger.debug("caCert subjcet:{}", CertUtils.getSubjectByX509Cert(x509Certificate));
                        }
                    }
                    X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length + 1];
                    x509CertificateArr2[0] = CertUtils.getCertFromStr(userCertInfo.getSignCert());
                    for (int i2 = 1; i2 < x509CertificateArr2.length; i2++) {
                        x509CertificateArr2[i2] = x509CertificateArr[i2 - 1];
                    }
                    for (X509Certificate x509Certificate2 : x509CertificateArr2) {
                        if (this.logger.isDebugEnabled()) {
                            this.logger.debug("signCert.length {}", Integer.valueOf(x509CertificateArr2.length));
                            this.logger.debug("signCert issuer{}", CertUtils.getIssuerByX509Cert(x509Certificate2));
                            this.logger.debug("signCert subjcet:{}", CertUtils.getSubjectByX509Cert(x509Certificate2));
                        }
                    }
                    X509Certificate[] x509CertificateArr3 = null;
                    if (issueApplyInfoByApplyNo.getCertPatterm().intValue() != 1) {
                        x509CertificateArr3 = new X509Certificate[x509CertificateArr.length + 1];
                        x509CertificateArr3[0] = CertUtils.getCertFromStr(userCertInfo.getEncCert());
                        for (int i3 = 1; i3 < x509CertificateArr3.length; i3++) {
                            x509CertificateArr3[i3] = x509CertificateArr[i3 - 1];
                        }
                    }
                    result.setInfo(KeyStoreUtils.generateDoubleCertByKeyStore(false, x509CertificateArr2, x509CertificateArr3, genKeyPair.getPrivate(), privateKey, i, str, PathConstants.USER_CERT_KEYSTORE_FILE_PATH, x509CertificateArr));
                    return result;
                } catch (Exception e2) {
                    this.logger.error("生成用户keyStore类型证书失败", e2);
                    result.setError(ErrorEnum.GEN_USER_CERT_KEY_STORE_FILE_FAIL);
                    return result;
                }
            } catch (Exception e3) {
                this.logger.info("生成用户签名公私钥失败");
                result.setError(ErrorEnum.GEN_USER_CERT_SIGN_KEY_FAIL);
                return result;
            }
        } catch (Exception e4) {
            this.logger.info("获取签发证书申请基本信息为空");
            result.setError(ErrorEnum.GET_ISSUE_APPLY_INFO_IS_EMPTY);
            return result;
        }
    }

    private Result updateApplyHandlerByKeyStore(String str, String str2, String str3, String str4, int i, boolean z, Integer num) {
        String str5;
        int i2;
        Result result = new Result();
        UpdateApplyDTO updateApplyDTO = null;
        try {
            updateApplyDTO = this.updateApplyDao.getUpdateApplyInfoByApplyNo(str);
        } catch (EmptyResultDataAccessException e) {
            this.logger.info("getUpdateApplyInfo.applyNo:" + str + " 查询更新证书申请实体为空");
        }
        if (updateApplyDTO == null) {
            this.logger.info("获取更新证书申请基本信息为空");
            result.setError(ErrorEnum.GET_UPDATE_APPLY_INFO_IS_EMPTY);
            return result;
        }
        int intValue = updateApplyDTO.getCertValidity().intValue();
        String tempNo = updateApplyDTO.getTempNo();
        String tempParas = StringUtils.isNotBlank(updateApplyDTO.getTempParas()) ? updateApplyDTO.getTempParas() : null;
        if ("SM3withSM2".equalsIgnoreCase(updateApplyDTO.getSignAlg())) {
            str5 = "SM2";
            i2 = 256;
        } else if ("SHA256withECDSA".equalsIgnoreCase(updateApplyDTO.getSignAlg())) {
            str5 = "NISTP256";
            i2 = 256;
        } else {
            str5 = "RSA";
            i2 = 2048;
        }
        try {
            KeyPair genKeyPair = KeyUtils.genKeyPair(str5, i2);
            Result updateUserCert = this.certLifeCycleManager.updateUserCert(str, (String) null, genKeyPair.getPublic().getEncoded(), str2, str3, str4, tempNo, tempParas, updateApplyDTO.getSignAlg(), intValue, updateApplyDTO.getCertDn(), updateApplyDTO.getSignSn(), updateApplyDTO.getUpdateKey().booleanValue(), num);
            if (!updateUserCert.isSuccess()) {
                Result updateCertApplyInfo = this.certApplyService.updateCertApplyInfo(updateApplyDTO.getCertDn(), str, 4, updateApplyDTO.getTempId());
                if (updateCertApplyInfo.getCode() != 0) {
                    this.logger.info("操作签发失败:" + JsonUtils.object2Json(updateCertApplyInfo));
                    throw new RuntimeException();
                }
                this.certApplyService.insertCertApplyRecord(2, 5, str, (String) null, 4, updateApplyDTO.getApplyReason(), 7, false, z);
                this.logger.info("调用CA，更新证书失败");
                result.setErrorBean(updateUserCert.getErrorBean());
                return result;
            }
            UserCertInfo userCertInfo = (UserCertInfo) updateUserCert.getInfo();
            if (!insertUserCertInfo(updateApplyDTO.getUserId().longValue(), updateApplyDTO.getApplyId().longValue(), updateApplyDTO.getTempId().longValue(), updateApplyDTO.getTempNo(), updateApplyDTO.getSignAlg(), updateApplyDTO.getPrivateKeyLength().intValue(), userCertInfo).isSuccess()) {
                this.logger.info("将用户证书插入数据库失败");
                throw new RuntimeException();
            }
            if (userCertInfo.getEncPriKey() == null) {
                this.logger.info("CA未返回加密私钥信封");
                throw new RuntimeException();
            }
            PrivateKey privateKey = null;
            if (updateApplyDTO.getCertPatterm().intValue() != 1) {
                try {
                    byte[] decode = Base64.decode(CertUtils.getDataFromSignedAndEnvelopedDataByBc(genKeyPair.getPrivate().getEncoded(), userCertInfo.getEncPriKey().getBytes(), CommonVariable.getKeyAlgName()));
                    if (CommonVariable.getKeyAlgName().equalsIgnoreCase("SM2")) {
                        byte[] bArr = new byte[32];
                        System.arraycopy(decode, 32, bArr, 0, 32);
                        privateKey = GMSSLX509Utils.convertSM2PrivateKey(bArr);
                    } else if (CommonVariable.getKeyAlgName().equalsIgnoreCase("RSA")) {
                        privateKey = KeyFactory.getInstance(RsaObjectIdentifiers.rsaEncryption.getId(), (Provider) new BouncyCastleProvider()).generatePrivate(new PKCS8EncodedKeySpec(decode));
                    } else {
                        byte[] bArr2 = new byte[32];
                        System.arraycopy(decode, 32, bArr2, 0, 32);
                        privateKey = GMSSLX509Utils.convertPrivateKeyEncode(bArr2);
                    }
                } catch (Exception e2) {
                    this.logger.error("从P7b格式中获取加密私钥失败", e2);
                    result.setError(ErrorEnum.GET_ENC_PUBLIC_KEY_FROM_P7B_FAIL);
                    return result;
                }
            }
            try {
                List sortCerts = CertUtils.sortCerts(Pkcs7Utils.resolveCertChain(userCertInfo.getExtraCertsP7b()));
                X509Certificate[] x509CertificateArr = new X509Certificate[sortCerts.size()];
                sortCerts.toArray(x509CertificateArr);
                X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length + 1];
                x509CertificateArr2[0] = CertUtils.getCertFromStr(userCertInfo.getSignCert());
                for (int i3 = 1; i3 < x509CertificateArr2.length; i3++) {
                    x509CertificateArr2[i3] = x509CertificateArr[i3 - 1];
                }
                X509Certificate[] x509CertificateArr3 = null;
                if (updateApplyDTO.getCertPatterm().intValue() != 1) {
                    x509CertificateArr3 = new X509Certificate[x509CertificateArr.length + 1];
                    x509CertificateArr3[0] = CertUtils.getCertFromStr(userCertInfo.getEncCert());
                    for (int i4 = 1; i4 < x509CertificateArr3.length; i4++) {
                        x509CertificateArr3[i4] = x509CertificateArr[i4 - 1];
                    }
                }
                result.setInfo(KeyStoreUtils.generateDoubleCertByKeyStore(false, x509CertificateArr2, x509CertificateArr3, genKeyPair.getPrivate(), privateKey, i, str, PathConstants.USER_CERT_KEYSTORE_FILE_PATH, x509CertificateArr));
                return result;
            } catch (Exception e3) {
                this.logger.error("生成用户keyStore类型证书失败", e3);
                result.setError(ErrorEnum.GEN_USER_CERT_KEY_STORE_FILE_FAIL);
                return result;
            }
        } catch (Exception e4) {
            this.logger.error("生成用户签名公私钥失败", e4);
            result.setError(ErrorEnum.GEN_USER_CERT_SIGN_KEY_FAIL);
            return result;
        }
    }

    private Result recoveryApplyHandlerByKeyStore(String str, String str2, String str3, String str4, int i, boolean z, Integer num) {
        String str5;
        PrivateKey convertPrivateKeyEncode;
        Result result = new Result();
        try {
            RecoveryApplyDTO recoveryApplyInfoByApplyNo = this.recoveryApplyDao.getRecoveryApplyInfoByApplyNo(str);
            if (recoveryApplyInfoByApplyNo == null) {
                this.logger.info("获取恢复证书申请基本信息为空");
                result.setError(ErrorEnum.GET_RECOVERY_APPLY_INFO_IS_EMPTY);
                return result;
            }
            String signAlg = recoveryApplyInfoByApplyNo.getSignAlg();
            String certDn = recoveryApplyInfoByApplyNo.getCertDn();
            int i2 = 256;
            if ("SM3withSM2".equalsIgnoreCase(signAlg)) {
                str5 = "SM2";
            } else if ("SHA256withECDSA".equalsIgnoreCase(signAlg)) {
                str5 = "NISTP256";
            } else {
                str5 = "RSA";
                i2 = recoveryApplyInfoByApplyNo.getPrivateKeyLength();
            }
            try {
                KeyPair genKeyPair = KeyUtils.genKeyPair(str5, i2);
                Result recoveryUserCert = this.certLifeCycleManager.recoveryUserCert(str, str2, str3, genKeyPair.getPublic().getEncoded(), recoveryApplyInfoByApplyNo.getSignSn(), str4, signAlg, certDn, num);
                if (!recoveryUserCert.isSuccess()) {
                    Result updateCertApplyInfo = this.certApplyService.updateCertApplyInfo(recoveryApplyInfoByApplyNo.getCertDn(), str, 4, Long.valueOf(recoveryApplyInfoByApplyNo.getTempId()));
                    if (updateCertApplyInfo.getCode() != 0) {
                        this.logger.info("操作恢复失败:" + JsonUtils.object2Json(updateCertApplyInfo));
                        throw new RuntimeException();
                    }
                    this.certApplyService.insertCertApplyRecord(4, 5, str, (String) null, 4, recoveryUserCert.getErrorBean().getErrMsg(), 7, false, z);
                    this.logger.error("调用CA，签发证书失败");
                    result.setErrorBean(recoveryUserCert.getErrorBean());
                    return result;
                }
                UserCertInfo userCertInfo = (UserCertInfo) recoveryUserCert.getInfo();
                Result insertUserCertInfoByRecovery = insertUserCertInfoByRecovery(recoveryApplyInfoByApplyNo.getUserId(), recoveryApplyInfoByApplyNo.getApplyId(), recoveryApplyInfoByApplyNo.getTempId(), recoveryApplyInfoByApplyNo.getTempNo(), signAlg, recoveryApplyInfoByApplyNo.getPrivateKeyLength(), userCertInfo);
                if (!insertUserCertInfoByRecovery.isSuccess()) {
                    this.logger.info("将用户证书插入数据库失败");
                    result.setError(insertUserCertInfoByRecovery.getError());
                    return result;
                }
                if (userCertInfo.getEncPriKey() == null) {
                    this.logger.info("CA未返回加密私钥信封");
                    throw new RuntimeException();
                }
                try {
                    this.logger.info("签名私钥：" + Base64.toBase64String(genKeyPair.getPrivate().getEncoded()) + " 私钥信封：" + userCertInfo.getEncPriKey());
                    String dataFromSignedAndEnvelopedDataByBc = CertUtils.getDataFromSignedAndEnvelopedDataByBc(genKeyPair.getPrivate().getEncoded(), userCertInfo.getEncPriKey().getBytes(), CommonVariable.getKeyAlgName());
                    this.logger.info("加密私钥：" + dataFromSignedAndEnvelopedDataByBc);
                    byte[] decode = Base64.decode(dataFromSignedAndEnvelopedDataByBc);
                    if (CommonVariable.getKeyAlgName().equalsIgnoreCase("SM2")) {
                        byte[] bArr = new byte[32];
                        System.arraycopy(decode, 32, bArr, 0, 32);
                        convertPrivateKeyEncode = GMSSLX509Utils.convertSM2PrivateKey(bArr);
                    } else if (CommonVariable.getKeyAlgName().equalsIgnoreCase("RSA")) {
                        convertPrivateKeyEncode = KeyFactory.getInstance(RsaObjectIdentifiers.rsaEncryption.getId(), (Provider) new BouncyCastleProvider()).generatePrivate(new PKCS8EncodedKeySpec(decode));
                    } else {
                        byte[] bArr2 = new byte[32];
                        System.arraycopy(decode, 32, bArr2, 0, 32);
                        convertPrivateKeyEncode = GMSSLX509Utils.convertPrivateKeyEncode(bArr2);
                    }
                    try {
                        List sortCerts = CertUtils.sortCerts(Pkcs7Utils.resolveCertChain(userCertInfo.getExtraCertsP7b()));
                        X509Certificate[] x509CertificateArr = new X509Certificate[sortCerts.size()];
                        sortCerts.toArray(x509CertificateArr);
                        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length + 1];
                        x509CertificateArr2[0] = CertUtils.getCertFromStr(userCertInfo.getSignCert());
                        for (int i3 = 1; i3 < x509CertificateArr2.length; i3++) {
                            x509CertificateArr2[i3] = x509CertificateArr[i3 - 1];
                        }
                        X509Certificate[] x509CertificateArr3 = new X509Certificate[x509CertificateArr.length + 1];
                        x509CertificateArr3[0] = CertUtils.getCertFromStr(userCertInfo.getEncCert());
                        for (int i4 = 1; i4 < x509CertificateArr3.length; i4++) {
                            x509CertificateArr3[i4] = x509CertificateArr[i4 - 1];
                        }
                        result.setInfo(KeyStoreUtils.generateDoubleCertByKeyStore(false, x509CertificateArr2, x509CertificateArr3, genKeyPair.getPrivate(), convertPrivateKeyEncode, i, str, PathConstants.USER_CERT_KEYSTORE_FILE_PATH, x509CertificateArr));
                        return result;
                    } catch (Exception e) {
                        this.logger.error("生成用户keyStore类型证书失败", e);
                        result.setError(ErrorEnum.GEN_USER_CERT_KEY_STORE_FILE_FAIL);
                        return result;
                    }
                } catch (Exception e2) {
                    this.logger.error("从P7b格式中获取加密私钥失败", e2);
                    result.setError(ErrorEnum.GET_ENC_PUBLIC_KEY_FROM_P7B_FAIL);
                    return result;
                }
            } catch (Exception e3) {
                this.logger.error("生成用户签名公私钥失败", e3);
                result.setError(ErrorEnum.GEN_USER_CERT_SIGN_KEY_FAIL);
                return result;
            }
        } catch (Exception e4) {
            this.logger.info("获取恢复证书申请基本信息为空");
            result.setError(ErrorEnum.GET_RECOVERY_APPLY_INFO_IS_EMPTY);
            return result;
        }
    }

    private Result insertUserCertInfoByRecovery(long j, long j2, long j3, String str, String str2, int i, UserCertInfo userCertInfo) {
        Result result = new Result();
        String signCert = userCertInfo.getSignCert();
        if (StringUtils.isBlank(signCert)) {
            this.logger.info("CA返回的用户证书信息中，签名证书为空");
            result.setError(ErrorEnum.CA_RESPONSE_USER_SIGN_CERT_INFO_IS_EMPTY);
            return result;
        }
        long incPairCertIndex = this.raSdkCache.getIncPairCertIndex();
        UserCertDO userCertDO = new UserCertDO();
        userCertDO.setPairCertIndex(Long.valueOf(incPairCertIndex));
        userCertDO.setCertType(2);
        userCertDO.setCertStatus(0);
        userCertDO.setUserId(Long.valueOf(j));
        userCertDO.setApplyId(Long.valueOf(j2));
        userCertDO.setTempId(Long.valueOf(j3));
        userCertDO.setTempNo(str);
        userCertDO.setSignAlg(str2);
        userCertDO.setPrivateKeyLength(Integer.valueOf(i));
        CaCertDO newCaCertInfo = this.caCertDao.getNewCaCertInfo();
        if (newCaCertInfo == null) {
            this.logger.info("获取CA证书信息为空");
            result.setError(ErrorEnum.GET_CA_CERT_INFO_IS_EMPTY);
            return result;
        }
        userCertDO.setCaCertId(newCaCertInfo.getId());
        X509Certificate certFromStr = CertUtils.getCertFromStr(signCert);
        if (certFromStr == null) {
            this.logger.info("CA返回的用户证书信息中，签名证书错误");
            result.setError(ErrorEnum.CA_RESPONSE_USER_SIGN_CERT_ERROR);
            return result;
        }
        userCertDO.setCertSn(certFromStr.getSerialNumber().toString(16).toLowerCase());
        userCertDO.setCertDn(CertUtils.getSubjectByX509Cert(certFromStr));
        Date notBefore = certFromStr.getNotBefore();
        Date notAfter = certFromStr.getNotAfter();
        userCertDO.setEffectiveTime(new Timestamp(notBefore.getTime()));
        userCertDO.setFailureTime(new Timestamp(notAfter.getTime()));
        userCertDO.setCertValidity(Integer.valueOf((int) ((notAfter.getTime() - notBefore.getTime()) / 86400000)));
        userCertDO.setEncKeyValidity(Integer.valueOf((int) ((newCaCertInfo.getFailureTime().getTime() - notBefore.getTime()) / 86400000)));
        Date date = new Date();
        userCertDO.setGmtCreate(new Timestamp(date.getTime()));
        userCertDO.setGmtUpdate(new Timestamp(date.getTime()));
        this.userCertDao.insertUserCertInfo(userCertDO);
        return result;
    }

    private String getRAServiceDnName() {
        return CertUtils.getSubjectByX509Cert(CommonVariable.getRaServiceCert());
    }

    private String getCAServiceDnName() {
        return CertUtils.getSubjectByX509Cert(CommonVariable.getCaServiceCert());
    }
}
