package com.xdja.pki.ra.openapi.normal.handler;

import com.xdja.ca.constant.SdkConstants;
import com.xdja.ca.vo.UserCertInfo;
import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.constant.Constants;
import com.xdja.pki.ra.core.util.cert.PKICertHelper;
import com.xdja.pki.ra.core.util.json.JsonUtils;
import com.xdja.pki.ra.manager.dao.CertApplyDao;
import com.xdja.pki.ra.openapi.core.BaseCMPInfo;
import com.xdja.pki.ra.openapi.core.common.FreeText;
import com.xdja.pki.ra.openapi.core.common.PKIMessageException;
import com.xdja.pki.ra.openapi.core.constant.SdkCommonVariable;
import com.xdja.pki.ra.openapi.core.handler.ICmpMessageHandler;
import com.xdja.pki.ra.openapi.core.helper.PKIMessageHelper;
import com.xdja.pki.ra.service.manager.certapply.CertApplyManagerService;
import com.xdja.pki.ra.service.manager.certapply.bean.ApplyVariable;
import com.xdja.pki.ra.service.manager.customer.CustomerSysService;
import java.io.IOException;
import java.security.PublicKey;
import java.util.Map;
import javax.annotation.Resource;
import org.bouncycastle.asn1.cmp.KeyRecRepContent;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIFreeText;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.crmf.CertReqMessages;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Component("cmpNormalRecoveryCertReqHandler")
/* loaded from: input_file:WEB-INF/lib/ra-openapi-normal-0.0.1-SNAPSHOT.jar:com/xdja/pki/ra/openapi/normal/handler/CmpNormalRecoveryCertReqHandler.class */
public class CmpNormalRecoveryCertReqHandler implements ICmpMessageHandler {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) CmpNormalRecoveryCertReqHandler.class);

    @Resource
    private CertApplyManagerService certApplyManagerService;

    @Resource
    private CustomerSysService customerSysService;

    @Resource
    private CertApplyDao certApplyDao;

    @Override // com.xdja.pki.ra.openapi.core.handler.ICmpMessageHandler
    public Result handleMessage(PKIMessage pKIMessage, boolean z) throws PKIMessageException, IOException {
        byte[] encoded;
        logger.info("[CmpNormalRecoveryCertReqHandler#handleMessage] RA接收normal更新处理 ========== 【开始】");
        Result result = new Result();
        logger.info("RA恢复处理 ========== 1. 获取PkiMessage消息结构");
        PKIMessage pkiMessage = getPkiMessage(pKIMessage);
        PKIHeader pkiHeader = getPkiHeader(pkiMessage);
        GeneralName generalName = GeneralName.getInstance(pkiHeader.getSender());
        GeneralName recipient = pkiHeader.getRecipient();
        try {
            byte[] octets = pkiHeader.getRecipNonce() == null ? null : pkiHeader.getRecipNonce().getOctets();
            byte[] octets2 = pkiHeader.getSenderNonce() == null ? null : pkiHeader.getSenderNonce().getOctets();
            String str = pkiHeader.getTransactionID() == null ? null : new String(pkiHeader.getTransactionID().getOctets());
            AlgorithmIdentifier protectionAlg = pkiHeader.getProtectionAlg();
            FreeText freeText = null;
            PKIFreeText freeText2 = pkiHeader.getFreeText();
            if (freeText2 != null) {
                freeText = (FreeText) JsonUtils.json2Object(freeText2.getStringAt(0).getString(), FreeText.class);
                if (freeText == null) {
                    logger.info("RA恢复处理 ========== PKI消息体中不包含申请信息");
                    result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 23, octets, octets2, str, PKIMessageHelper.genFailKeyRecRepContent(-1L, ErrorEnum.PKI_MESSAGE_NOT_CONTENT_REVOKE_INFO.code, ErrorEnum.PKI_MESSAGE_NOT_CONTENT_REVOKE_INFO.desc), null));
                    return result;
                }
            }
            String applyNo = freeText.getApplyNo();
            Integer keyFormat = freeText.getKeyFormat();
            String obj = generalName.getName().toString();
            BaseCMPInfo baseCMPInfo = (BaseCMPInfo) SdkCommonVariable.getHeaderMap().get(str);
            if (baseCMPInfo == null) {
                logger.info("RA恢复处理 ========== 不存在对应的事务ID tranId:{}", str);
                result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 23, octets, octets2, str, PKIMessageHelper.genFailKeyRecRepContent(-1L, ErrorEnum.CMP_TRAN_ID_IS_NOT_EXIST.code, ErrorEnum.CMP_TRAN_ID_IS_NOT_EXIST.desc), null));
                return result;
            }
            long signRequestId = getSignRequestId(pkiMessage);
            baseCMPInfo.setRequestId(signRequestId);
            Result sysCertBySysNumber = this.customerSysService.getSysCertBySysNumber(obj, freeText.getSignSn());
            if (!sysCertBySysNumber.isSuccess()) {
                logger.info("RA恢复处理 ========== 通过第三方系统标识确认第三方的证书错误 原因：{}", JsonUtils.object2Json(sysCertBySysNumber));
                result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 23, octets, octets2, str, PKIMessageHelper.genFailKeyRecRepContent(-1L, ErrorEnum.GET_CERT_INFO_BY_SYSNUMBER_ERROR.code, ErrorEnum.GET_CERT_INFO_BY_SYSNUMBER_ERROR.desc), null));
                return result;
            }
            PublicKey publicKey = (PublicKey) sysCertBySysNumber.getInfo();
            logger.info("RA恢复处理 ========== 3. 验证cmp消息的header和签名的正确性");
            Result checkCmpHeaderAndSign = PKIMessageHelper.checkCmpHeaderAndSign(publicKey, pkiHeader, pkiMessage.getProtection().getBytes(), PKIMessageHelper.getProtectedBytes(pKIMessage), protectionAlg, null);
            if (!checkCmpHeaderAndSign.isSuccess()) {
                logger.info("RA恢复处理 ========== 验证cmp消息的header和签名错误 原因：{}", JsonUtils.object2Json(checkCmpHeaderAndSign));
                result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 23, octets, octets2, str, PKIMessageHelper.genFailKeyRecRepContent(-1L, checkCmpHeaderAndSign.getError().code, checkCmpHeaderAndSign.getError().desc), null));
                return result;
            }
            PKIBody body = pKIMessage.getBody();
            if (body == null) {
                logger.info("RA恢复处理 ========== 没有对应的PKI消息体");
                result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 23, octets, octets2, str, PKIMessageHelper.genFailKeyRecRepContent(signRequestId, ErrorEnum.NO_PKI_BODY_FOR_RECEIVED.code, ErrorEnum.NO_PKI_BODY_FOR_RECEIVED.desc), null));
                return result;
            }
            if (body.getType() != 9) {
                logger.info("RA恢复处理 ========== PKI消息体的类型不是9");
                result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 23, octets, octets2, str, PKIMessageHelper.genFailKeyRecRepContent(signRequestId, ErrorEnum.ISSUE_CERT_PKI_BODY_TAG_NOT_0_OR_2.code, ErrorEnum.ISSUE_CERT_PKI_BODY_TAG_NOT_0_OR_2.desc), null));
                return result;
            }
            try {
                SubjectPublicKeyInfo publicKey2 = CertReqMessages.getInstance(body.getContent()).toCertReqMsgArray()[0].getCertReq().getCertTemplate().getPublicKey();
                if (publicKey2 == null) {
                    encoded = null;
                    logger.info("RA恢复处理 ========== PKI消息体中公钥信息获取失败");
                } else {
                    encoded = PKICertHelper.getPublicKeyFromSubjectPublicKey(publicKey2, "BC").getEncoded();
                }
                logger.info("RA恢复处理 ========== 更新申请的applyNo：{}  第三方系统-唯一标识:{} ", applyNo, obj);
                Map<String, String> normalMap = ApplyVariable.getNormalMap();
                normalMap.put(str, applyNo);
                logger.info("RA恢复处理 ========== RA缓存applyNo和normalTranID的对应关系 normalMap:{} ", JsonUtils.object2Json(normalMap));
                Map<String, String> raMap = ApplyVariable.getRaMap();
                raMap.put(applyNo, str);
                logger.info("RA恢复处理 ========== RA缓存normalTranID和applyNo的对应关系 raMap:{} ", JsonUtils.object2Json(raMap));
                logger.info("RA恢复处理 ========== 4. 发起恢复用户双证书请求");
                Result certApplyCarry = this.certApplyManagerService.certApplyCarry(obj, Integer.valueOf(Constants.CERT_APPLY_TYPE_RECOVERY_4), applyNo, freeText.getDoubleCode(), encoded, keyFormat);
                if (!certApplyCarry.isSuccess()) {
                    logger.info("RA恢复处理 ========== 4.1.恢复用户双证书请求错误:{} ", JsonUtils.object2Json(certApplyCarry));
                    result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 23, octets, octets2, str, PKIMessageHelper.genFailKeyRecRepContent(signRequestId, certApplyCarry.getErrorBean().getErrCode(), certApplyCarry.getErrorBean().getErrMsg()), null));
                    return result;
                }
                logger.info("RA恢复处理 ========== CA返回的证书恢复请求的响应结果 >>>>>>>{} ", JsonUtils.object2Json(certApplyCarry));
                if (certApplyCarry.getInfo() == null) {
                    logger.info("RA恢复处理 ========== 4.2. 恢复用户证书暂无返回证书信息");
                    result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 23, octets, octets2, str, PKIMessageHelper.genFailKeyRecRepContent(signRequestId, ErrorEnum.ISSUE_USER_CERT_NO_CERT_INFO.code, ErrorEnum.ISSUE_USER_CERT_NO_CERT_INFO.desc), null));
                    return result;
                }
                UserCertInfo userCertInfo = (UserCertInfo) certApplyCarry.getInfo();
                try {
                    Integer certPatterm = this.certApplyDao.getCertPatterm(applyNo);
                    if (null == userCertInfo.getSignCert()) {
                        logger.info("RA恢复处理 ========== 4.3. 用户证书或加密证书为空");
                        result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 10, octets, octets2, str, PKIMessageHelper.genFailKeyRecRepContent(signRequestId, ErrorEnum.SIGN_CERT_OR_ENC_CERT_IS_EMPTY.code, ErrorEnum.SIGN_CERT_OR_ENC_CERT_IS_EMPTY.desc), null));
                        return result;
                    }
                    if (SdkConstants.CERT_TYPE_SINGLE_1 != certPatterm.intValue() && null == userCertInfo.getEncCert()) {
                        logger.info("RA恢复处理 ========== 4.3. 用户证书或加密证书为空");
                        result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 10, octets, octets2, str, PKIMessageHelper.genFailKeyRecRepContent(signRequestId, ErrorEnum.SIGN_CERT_OR_ENC_CERT_IS_EMPTY.code, ErrorEnum.SIGN_CERT_OR_ENC_CERT_IS_EMPTY.desc), null));
                        return result;
                    }
                    logger.info("密钥恢复申请处理 ========== 5. 将密钥恢复对象证书KeyRecRepContent结构体");
                    try {
                        KeyRecRepContent genKeyRecRepContent = PKIMessageHelper.genKeyRecRepContent(userCertInfo);
                        logger.info("RA恢复处理 ========== 6. 封装PKIMessage结构体");
                        result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 10, octets, octets2, str, genKeyRecRepContent, null));
                        logger.info("RA恢复处理 ========== 【结束】");
                        return result;
                    } catch (Exception e) {
                        logger.error("封装密钥恢复返回对象KeyRecRepContent异常", (Throwable) e);
                        result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 23, octets, octets2, str, PKIMessageHelper.genFailKeyRecRepContent(signRequestId, ErrorEnum.GEN_KEY_RECOVERY_REP_EXCEPTION.code, ErrorEnum.GEN_KEY_RECOVERY_REP_EXCEPTION.desc), null));
                        return result;
                    }
                } catch (Exception e2) {
                    logger.info("获取签发证书申请基本信息为空");
                    result.setError(ErrorEnum.GET_ISSUE_APPLY_INFO_IS_EMPTY);
                    return result;
                }
            } catch (Exception e3) {
                logger.info("RA恢复处理 ========== PKI消息体中公钥信息获取异常");
                result.setInfo(PKIMessageHelper.generatePKIMessage(generalName, recipient, 23, octets, octets2, str, PKIMessageHelper.genFailKeyRecRepContent(signRequestId, ErrorEnum.GET_PKI_MESSAGE_PUBLIC_KEY_EXCEPTION.code, ErrorEnum.GET_PKI_MESSAGE_PUBLIC_KEY_EXCEPTION.desc), null));
                return result;
            }
        } catch (Exception e4) {
            logger.info("RA恢复处理 ========== No header in response message.");
            throw new PKIMessageException("RA恢复处理 ========== No header in response message.", e4);
        }
    }

    private PKIMessage getPkiMessage(PKIMessage pKIMessage) throws PKIMessageException {
        PKIMessage pKIMessage2 = PKIMessage.getInstance(pKIMessage);
        if (pKIMessage2 != null) {
            return pKIMessage2;
        }
        logger.info("RA恢复处理========== No pkiMessage response message.");
        throw new PKIMessageException("RA恢复处理========== No pkiMessage response message.");
    }

    private PKIHeader getPkiHeader(PKIMessage pKIMessage) throws PKIMessageException {
        PKIHeader pKIHeader = null;
        logger.info("RA恢复处理 ========== 2. 获取PkiMessage消息头PKIHeader");
        try {
            pKIHeader = pKIMessage.getHeader();
        } catch (Exception e) {
            logger.info("RA恢复处理 opani========", (Throwable) e);
        }
        if (pKIHeader != null) {
            return pKIHeader;
        }
        logger.info("RA恢复处理========== No header in response message.");
        throw new PKIMessageException("RA恢复处理========== No header in response message.");
    }

    private long getSignRequestId(PKIMessage pKIMessage) {
        return pKIMessage.getBody().getContent().toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().longValue();
    }
}
