package com.xdja.ca.sdk;

import ch.qos.logback.core.joran.util.beans.BeanUtil;
import com.alibaba.fastjson.JSON;
import com.xdja.ca.asn1.NISTObjectIdentifiers;
import com.xdja.ca.asn1.RsaObjectIdentifiers;
import com.xdja.ca.asn1.SM2ObjectIdentifiers;
import com.xdja.ca.bean.BaseCMPInfo;
import com.xdja.ca.constant.SdkCommonVariable;
import com.xdja.ca.constant.SdkConstants;
import com.xdja.ca.error.ErrorEnum;
import com.xdja.ca.helper.CmpMessageHelper;
import com.xdja.ca.utils.ClientHttpUtils;
import com.xdja.ca.utils.SdkJsonUtils;
import com.xdja.ca.vo.FreeText;
import com.xdja.ca.vo.RevokeCertInfo;
import com.xdja.ca.vo.TempInfo;
import com.xdja.ca.vo.UpdateCertInfo;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import javax.naming.NamingException;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.cmp.CertConfirmContent;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.cmp.RevReqContent;
import org.bouncycastle.asn1.crmf.CertReqMessages;
import org.bouncycastle.asn1.crmf.CertRequest;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/ca-sdk-0.0.1-SNAPSHOT.jar:com/xdja/ca/sdk/CmpApi.class */
public class CmpApi {
    private Logger logger = LoggerFactory.getLogger(getClass());
    private int keyIndex;
    private String pwd;
    private X509Certificate caCert;
    private X509Certificate[] caCerts;
    private String caServiceIp;
    private int caServicePort;
    private String raSignSn;
    private String caBaseUrl;
    private boolean isHttps;
    private boolean isUseHsm;
    private String protectAlgName;
    private byte[] raSignPriKey;

    public CmpApi(int i, String str, X509Certificate[] x509CertificateArr, X509Certificate x509Certificate, String str2, int i2, String str3, String str4, boolean z, boolean z2) {
        this.keyIndex = i;
        this.pwd = str;
        this.caCerts = x509CertificateArr;
        this.caCert = x509Certificate;
        this.caServiceIp = str2;
        this.caServicePort = i2;
        this.caBaseUrl = str2 + ":" + i2 + "/ca-openapi";
        this.raSignSn = str3;
        this.protectAlgName = str4;
        this.isHttps = z;
        this.isUseHsm = z2;
    }

    public CmpApi(byte[] bArr, X509Certificate[] x509CertificateArr, X509Certificate x509Certificate, String str, int i, String str2, String str3, boolean z, boolean z2) {
        this.raSignPriKey = bArr;
        this.caCerts = x509CertificateArr;
        this.caCert = x509Certificate;
        this.caServiceIp = str;
        this.caServicePort = i;
        this.caBaseUrl = str + ":" + i + "/ca-openapi";
        this.raSignSn = str2;
        this.protectAlgName = str3;
        this.isHttps = z;
        this.isUseHsm = z2;
    }

    public SdkResult sendIssuerCertReqMessages(int i, String str, String str2, String str3, int i2, TempInfo tempInfo, String str4, String str5, String str6, String str7, Integer num) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier;
        byte[] decode;
        byte[] decode2;
        this.logger.info("签发申请 ======== 【开始】申请事务Id为:{} ，用户类型为:{},raDN为:{},caDN为:{},申请有效期为:{},模板信息为:{},签名公钥为:{},加密公钥为:{},申请签名算法为:{},申请证书主体为:{}", str, Integer.valueOf(i), str2, str3, Integer.valueOf(i2), SdkJsonUtils.object2Json(tempInfo), str4, str5, str6, str7);
        SdkResult sdkResult = new SdkResult();
        this.logger.info("签发申请 ======== 0.参与校验");
        if (i != SdkConstants.APPLY_USER_TYPE_NORMAL_USER_1 && i != SdkConstants.APPLY_USER_TYPE_ADMIN_2) {
            this.logger.error("=============== 请求用户类型错误");
            sdkResult.setError(ErrorEnum.APPLY_USER_TYPE_IS_ERROR);
            return sdkResult;
        }
        if (i2 <= 0) {
            this.logger.error("=============== 参数中证书有效期不可以小于等于0");
            sdkResult.setError(ErrorEnum.CERT_VALIDITY_CANNOT_LESS_ZERO);
            return sdkResult;
        }
        if (tempInfo == null || StringUtils.isAnyBlank(str, str2, str3, str4, str6, str7, tempInfo.tempNo)) {
            this.logger.error("=============== 参数中tempNo,transId,raDN,caDN,signPubKey,protectionAlg,certDN存在空值");
            sdkResult.setError(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
            return sdkResult;
        }
        this.logger.info("签发申请 ======== 1.向CA获取随机数");
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("transId", str);
            SdkResult sendApacheClientRequest = ClientHttpUtils.sendApacheClientRequest(this.keyIndex, this.pwd, this.raSignPriKey, null, hashMap, this.caBaseUrl + "/v1/cmp", "application/pkixcmp", this.raSignSn, this.caCerts, this.protectAlgName, this.isHttps, this.isUseHsm, BeanUtil.PREFIX_GETTER_GET);
            if (!sendApacheClientRequest.isSuccess()) {
                sdkResult.setErrorBean(sendApacheClientRequest.getErrorBean());
                return sdkResult;
            }
            byte[] bArr = (byte[]) sendApacheClientRequest.getInfo();
            if (bArr == null) {
                this.logger.error("============== CA返回数据为空");
                sdkResult.setError(ErrorEnum.CA_OPEN_API_RETURN_INFO_IS_EMPTY);
                return sdkResult;
            }
            if ("SM3withSM2".equalsIgnoreCase(str6)) {
                aSN1ObjectIdentifier = SM2ObjectIdentifiers.sm2SignWithSm3;
            } else if ("sha-1WithRSA".equalsIgnoreCase(str6)) {
                aSN1ObjectIdentifier = RsaObjectIdentifiers.sha1WithRSA;
            } else if ("sha256WithRSA".equalsIgnoreCase(str6)) {
                aSN1ObjectIdentifier = RsaObjectIdentifiers.sha256WithRSA;
            } else {
                if (!"SHA256WithECDSA".equalsIgnoreCase(str6)) {
                    this.logger.error("===============  证书签名算法不支持：" + str6);
                    sdkResult.setError(ErrorEnum.CERT_SIGN_ALG_IS_NOT_SUPPORT);
                    return sdkResult;
                }
                aSN1ObjectIdentifier = NISTObjectIdentifiers.nistSignAlgorithm;
            }
            long nanoTime = System.nanoTime();
            this.logger.info("签发申请 ======== 2.封装CertRequest结构体");
            CertRequest[] certRequestArr = null;
            if (i == SdkConstants.APPLY_USER_TYPE_NORMAL_USER_1) {
                certRequestArr = new CertRequest[1];
                if (str4 == null) {
                    decode2 = null;
                } else {
                    try {
                        decode2 = Base64.decode(str4);
                    } catch (Exception e) {
                        this.logger.error(" ===============  封装【签名】certRequest异常:{}", (Throwable) e);
                        sdkResult.setError(ErrorEnum.MAKE_CERT_REQUEST_EXCEPTION);
                        return sdkResult;
                    }
                }
                certRequestArr[0] = CmpMessageHelper.genCertRequest(i2, str7, decode2, aSN1ObjectIdentifier, nanoTime, SdkConstants.CERT_TYPE_SIGN_2);
            } else if (i == SdkConstants.APPLY_USER_TYPE_ADMIN_2) {
                certRequestArr = new CertRequest[2];
                if (str4 == null) {
                    decode = null;
                } else {
                    try {
                        decode = Base64.decode(str4);
                    } catch (Exception e2) {
                        this.logger.error(" ============= 封装【签名】certRequest异常:{}", (Throwable) e2);
                        sdkResult.setError(ErrorEnum.MAKE_CERT_REQUEST_EXCEPTION);
                        return sdkResult;
                    }
                }
                certRequestArr[0] = CmpMessageHelper.genCertRequest(i2, str7, decode, aSN1ObjectIdentifier, nanoTime, SdkConstants.CERT_TYPE_SIGN_2);
                try {
                    certRequestArr[1] = CmpMessageHelper.genCertRequest(i2, str7, Base64.decode(str5), aSN1ObjectIdentifier, -1L, SdkConstants.CERT_TYPE_ENC_3);
                } catch (Exception e3) {
                    this.logger.error("============= 封装【加密】certRequest异常:{}", (Throwable) e3);
                    sdkResult.setError(ErrorEnum.MAKE_CERT_REQUEST_EXCEPTION);
                    return sdkResult;
                }
            }
            this.logger.info("签发申请 ======== 3.封装CertReqMessages结构体");
            try {
                CertReqMessages genCertReqMessages = CmpMessageHelper.genCertReqMessages(certRequestArr);
                try {
                    byte[] genRandomByHsm = CmpMessageHelper.genRandomByHsm(new byte[16].length);
                    FreeText freeText = new FreeText();
                    freeText.setApplyUserType(i);
                    freeText.setTempInfo(tempInfo);
                    freeText.setRaSignSn(this.raSignSn);
                    freeText.setKeyFormat(num);
                    SdkCommonVariable.getHeaderMap().put(str, new BaseCMPInfo(genRandomByHsm, bArr, str, nanoTime, 0));
                    this.logger.info("签发申请 ======== 4.封装PKIMessage结构体");
                    try {
                        PKIMessage genPKIMessage = CmpMessageHelper.genPKIMessage(this.keyIndex, this.pwd, this.raSignPriKey, this.caCert, str2, str3, 0, bArr, genRandomByHsm, str, genCertReqMessages, JSON.toJSONString(freeText), this.isUseHsm);
                        this.logger.info("签发申请 ======== 5.发送证书申请请求");
                        try {
                            SdkResult sendApacheClientRequest2 = ClientHttpUtils.sendApacheClientRequest(this.keyIndex, this.pwd, this.raSignPriKey, genPKIMessage.getEncoded(), null, this.caBaseUrl + "/v1/cmp", "application/pkixcmp", this.raSignSn, this.caCerts, this.protectAlgName, this.isHttps, this.isUseHsm, "post");
                            if (!sendApacheClientRequest2.isSuccess()) {
                                sdkResult.setErrorBean(sendApacheClientRequest2.getErrorBean());
                                return sdkResult;
                            }
                            byte[] bArr2 = (byte[]) sendApacheClientRequest2.getInfo();
                            if (bArr2 == null) {
                                this.logger.info("============== 接收CA返回的数据内容为空");
                                sdkResult.setError(ErrorEnum.CA_OPEN_API_RETURN_INFO_IS_EMPTY);
                                return sdkResult;
                            }
                            this.logger.info("签发申请 ======== 6.检查CA返回消息的header和签名信息");
                            try {
                                SdkResult checkCmpHeaderAndSign = CmpMessageHelper.checkCmpHeaderAndSign(bArr2, str2, str3, genRandomByHsm, str, this.caCert, this.isUseHsm);
                                if (!checkCmpHeaderAndSign.isSuccess()) {
                                    sdkResult.setErrorBean(checkCmpHeaderAndSign.getErrorBean());
                                    this.logger.error("签发申请 ======== 6.1 解析CA返回的头和签名错误");
                                    return sdkResult;
                                }
                                this.logger.info("签发申请 ======== 7.获取CA返回的证书信息");
                                SdkResult resolveVarietyRepMessage = CmpMessageHelper.resolveVarietyRepMessage(this.raSignPriKey, this.caCert, i, SdkConstants.CERT_APPLY_TYPE_ISSUE_1, bArr2, str, str7, this.raSignSn, this.keyIndex, this.pwd, this.isUseHsm);
                                if (resolveVarietyRepMessage.isSuccess()) {
                                    sdkResult.setInfo(resolveVarietyRepMessage.getInfo());
                                    this.logger.info("签发申请 ======== 【结束】申请事务Id为：{} ", str);
                                    return sdkResult;
                                }
                                this.logger.error("签发申请 ======== 7.1 解析CA返回的消息体错误");
                                sdkResult.setErrorBean(resolveVarietyRepMessage.getErrorBean());
                                return sdkResult;
                            } catch (NamingException e4) {
                                this.logger.error(" ============= 检查CA返回消息的header和签名信息:{}", e4);
                                sdkResult.setError(ErrorEnum.CERT_DN_IS_NOT_FORMAT);
                                return sdkResult;
                            }
                        } catch (Exception e5) {
                            this.logger.error(" ============= 发送Http请求异常:{}", (Throwable) e5);
                            sdkResult.setError(ErrorEnum.SEND_HTTP_MESSAGE_EXCEPTION);
                            return sdkResult;
                        }
                    } catch (Exception e6) {
                        this.logger.error(" =============== 封装PKIMessage异常:{}", (Throwable) e6);
                        sdkResult.setError(ErrorEnum.MAKE_PKI_MESSAGE_EXCEPTION);
                        return sdkResult;
                    }
                } catch (Exception e7) {
                    this.logger.error(" ============== 通过密码机获取随机数异常:{}", (Throwable) e7);
                    sdkResult.setError(ErrorEnum.GET_RANDOM_BY_HSM_EXCEPTION);
                    return sdkResult;
                }
            } catch (Exception e8) {
                this.logger.error(" ============== 封装certRequestMessage异常:{}", (Throwable) e8);
                sdkResult.setError(ErrorEnum.MAKE_CERT_REQUEST_MESSAGE_EXCEPTION);
                return sdkResult;
            }
        } catch (Exception e9) {
            this.logger.error("===============  获取CMP请求随机数异常{}", (Throwable) e9);
            sdkResult.setError(ErrorEnum.GET_CMP_RANDOM_IS_EXCEPTION);
            return sdkResult;
        }
    }

    public SdkResult sendUpdateCertReqMessages(int i, String str, String str2, String str3, int i2, TempInfo tempInfo, UpdateCertInfo updateCertInfo, String str4, String str5, Integer num) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier;
        this.logger.info("更新申请 ======== 【开始】申请事务Id为:{} ，用户类型为:{},raDN为:{},caDN为:{},申请有效期为:{},模板信息为:{},待更新内容为:{},待更新证书签名sn为:{},申请证书主体为:{}", str, Integer.valueOf(i), str2, str3, Integer.valueOf(i2), SdkJsonUtils.object2Json(tempInfo), SdkJsonUtils.object2Json(updateCertInfo), str4, str5);
        SdkResult sdkResult = new SdkResult();
        this.logger.info("更新申请 ======== 0.参与校验");
        if (i != SdkConstants.APPLY_USER_TYPE_NORMAL_USER_1 && i != SdkConstants.APPLY_USER_TYPE_ADMIN_2) {
            this.logger.info("请求用户类型错误");
            sdkResult.setError(ErrorEnum.APPLY_USER_TYPE_IS_ERROR);
            return sdkResult;
        }
        if (i2 < 0) {
            this.logger.info("=============== 参数中证书有效期不可以小于0");
            sdkResult.setError(ErrorEnum.CERT_VALIDITY_CANNOT_LESS_ZERO);
            return sdkResult;
        }
        if (tempInfo == null || updateCertInfo == null || StringUtils.isAnyBlank(str, str2, str3, updateCertInfo.getSignAlg(), str5, tempInfo.tempNo)) {
            this.logger.info("=============== 参数中tempNo,transId,raDN,caDN,signAlg,certDN存在空值");
            sdkResult.setError(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
            return sdkResult;
        }
        this.logger.info("更新申请 ======== 1.向CA获取随机数");
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("transId", str);
            SdkResult sendApacheClientRequest = ClientHttpUtils.sendApacheClientRequest(this.keyIndex, this.pwd, this.raSignPriKey, null, hashMap, this.caBaseUrl + "/v1/cmp", "application/pkixcmp", this.raSignSn, this.caCerts, this.protectAlgName, this.isHttps, this.isUseHsm, BeanUtil.PREFIX_GETTER_GET);
            if (!sendApacheClientRequest.isSuccess()) {
                sdkResult.setErrorBean(sendApacheClientRequest.getErrorBean());
                return sdkResult;
            }
            byte[] bArr = (byte[]) sendApacheClientRequest.getInfo();
            if (bArr == null) {
                this.logger.info("============== CA返回数据为空");
                sdkResult.setError(ErrorEnum.CA_OPEN_API_RETURN_INFO_IS_EMPTY);
                return sdkResult;
            }
            byte[] bArr2 = null;
            if (updateCertInfo != null) {
                bArr2 = updateCertInfo.getSignPublicKey() == null ? null : Base64.decode(updateCertInfo.getSignPublicKey());
            }
            String signAlg = updateCertInfo.getSignAlg();
            if ("SM3withSM2".equalsIgnoreCase(signAlg)) {
                aSN1ObjectIdentifier = SM2ObjectIdentifiers.sm2SignWithSm3;
            } else if ("sha-1WithRSA".equalsIgnoreCase(signAlg)) {
                aSN1ObjectIdentifier = RsaObjectIdentifiers.sha1WithRSA;
            } else if ("sha256WithRSA".equalsIgnoreCase(signAlg)) {
                aSN1ObjectIdentifier = RsaObjectIdentifiers.sha256WithRSA;
            } else {
                if (!"SHA256WithECDSA".equalsIgnoreCase(signAlg)) {
                    this.logger.info("===============  证书签名算法不支持：" + signAlg);
                    sdkResult.setError(ErrorEnum.CERT_SIGN_ALG_IS_NOT_SUPPORT);
                    return sdkResult;
                }
                aSN1ObjectIdentifier = NISTObjectIdentifiers.nistSignAlgorithm;
            }
            long nanoTime = System.nanoTime();
            this.logger.info("更新申请 ======== 2.封装CertRequset结构体");
            CertRequest[] certRequestArr = null;
            if (i == SdkConstants.APPLY_USER_TYPE_NORMAL_USER_1) {
                certRequestArr = new CertRequest[1];
                try {
                    certRequestArr[0] = CmpMessageHelper.genCertRequest(i2, str5, bArr2, aSN1ObjectIdentifier, nanoTime, SdkConstants.CERT_TYPE_SIGN_2);
                } catch (Exception e) {
                    this.logger.error(" ================= 封装【签名】certRequest异常:{}", (Throwable) e);
                    sdkResult.setError(ErrorEnum.MAKE_CERT_REQUEST_EXCEPTION);
                    return sdkResult;
                }
            } else if (i == SdkConstants.APPLY_USER_TYPE_ADMIN_2) {
                certRequestArr = new CertRequest[2];
                try {
                    certRequestArr[0] = CmpMessageHelper.genCertRequest(i2, str5, bArr2, aSN1ObjectIdentifier, nanoTime, SdkConstants.CERT_TYPE_SIGN_2);
                    try {
                        certRequestArr[1] = CmpMessageHelper.genCertRequest(i2, str5, StringUtils.isBlank(updateCertInfo.getEncPublicKey()) ? null : Base64.decode(updateCertInfo.getEncPublicKey()), aSN1ObjectIdentifier, nanoTime, SdkConstants.CERT_TYPE_ENC_3);
                    } catch (Exception e2) {
                        this.logger.error(" ============== 封装【加密】certRequest异常:{}", (Throwable) e2);
                        sdkResult.setError(ErrorEnum.MAKE_CERT_REQUEST_EXCEPTION);
                        return sdkResult;
                    }
                } catch (Exception e3) {
                    this.logger.error(" ================ 封装【签名】certRequest异常:{}", (Throwable) e3);
                    sdkResult.setError(ErrorEnum.MAKE_CERT_REQUEST_EXCEPTION);
                    return sdkResult;
                }
            }
            this.logger.info("更新申请 ======== 3.封装CertReqMessages结构体");
            try {
                CertReqMessages genCertReqMessages = CmpMessageHelper.genCertReqMessages(certRequestArr);
                try {
                    byte[] genRandomByHsm = CmpMessageHelper.genRandomByHsm(new byte[16].length);
                    FreeText freeText = new FreeText();
                    freeText.setApplyUserType(i);
                    freeText.setTempInfo(tempInfo);
                    freeText.setSignSn(str4);
                    freeText.setRaSignSn(this.raSignSn);
                    freeText.setKeyFormat(num);
                    SdkCommonVariable.getHeaderMap().put(str, new BaseCMPInfo(genRandomByHsm, bArr, str, nanoTime, 0));
                    this.logger.info("更新申请 ======== 4.封装PKIMessage结构体");
                    try {
                        PKIMessage genPKIMessage = CmpMessageHelper.genPKIMessage(this.keyIndex, this.pwd, this.raSignPriKey, this.caCert, str2, str3, 7, bArr, genRandomByHsm, str, genCertReqMessages, JSON.toJSONString(freeText), this.isUseHsm);
                        this.logger.info("更新申请 ======== 5.发送证书更新请求");
                        try {
                            SdkResult sendApacheClientRequest2 = ClientHttpUtils.sendApacheClientRequest(this.keyIndex, this.pwd, this.raSignPriKey, genPKIMessage.getEncoded(), null, this.caBaseUrl + "/v1/cmp", "application/pkixcmp", this.raSignSn, this.caCerts, this.protectAlgName, this.isHttps, this.isUseHsm, "post");
                            if (!sendApacheClientRequest2.isSuccess()) {
                                sdkResult.setErrorBean(sendApacheClientRequest2.getErrorBean());
                                return sdkResult;
                            }
                            byte[] bArr3 = (byte[]) sendApacheClientRequest2.getInfo();
                            if (bArr3 == null) {
                                this.logger.info("============== 接收CA返回的数据内容为空");
                                sdkResult.setError(ErrorEnum.CA_OPEN_API_RETURN_INFO_IS_EMPTY);
                                return sdkResult;
                            }
                            this.logger.info("更新申请 ======== 6.检查CA返回消息的header和签名信息");
                            try {
                                SdkResult checkCmpHeaderAndSign = CmpMessageHelper.checkCmpHeaderAndSign(bArr3, str2, str3, genRandomByHsm, str, this.caCert, this.isUseHsm);
                                if (!checkCmpHeaderAndSign.isSuccess()) {
                                    this.logger.info("更新申请 ======== 6.1 解析CA返回的头和签名错误");
                                    sdkResult.setErrorBean(checkCmpHeaderAndSign.getErrorBean());
                                    return sdkResult;
                                }
                                this.logger.info("更新申请 ======== 7.获取CA返回body中的更新后的证书信息");
                                SdkResult resolveVarietyRepMessage = CmpMessageHelper.resolveVarietyRepMessage(this.raSignPriKey, this.caCert, i, SdkConstants.CERT_APPLY_TYPE_UPDATE_2, bArr3, str, str5, this.raSignSn, this.keyIndex, this.pwd, this.isUseHsm);
                                if (resolveVarietyRepMessage.isSuccess()) {
                                    sdkResult.setInfo(resolveVarietyRepMessage.getInfo());
                                    this.logger.info("更新申请 ======== 【结束】申请事务Id为：{} ", str);
                                    return sdkResult;
                                }
                                this.logger.info("更新申请 ======== 7.1 解析CA返回的消息体错误");
                                sdkResult.setErrorBean(resolveVarietyRepMessage.getErrorBean());
                                return sdkResult;
                            } catch (NamingException e4) {
                                this.logger.error(" ============= 检查CA返回消息的header和签名信息:{}", e4);
                                sdkResult.setError(ErrorEnum.CERT_DN_IS_NOT_FORMAT);
                                return sdkResult;
                            }
                        } catch (Exception e5) {
                            this.logger.error(" ============= 发送Http请求异常:{}", (Throwable) e5);
                            sdkResult.setError(ErrorEnum.SEND_HTTP_MESSAGE_EXCEPTION);
                            return sdkResult;
                        }
                    } catch (Exception e6) {
                        this.logger.error(" =============== 封装PKIMessage异常:{}", (Throwable) e6);
                        sdkResult.setError(ErrorEnum.MAKE_PKI_MESSAGE_EXCEPTION);
                        return sdkResult;
                    }
                } catch (Exception e7) {
                    this.logger.error(" ============== 通过密码机获取随机数异常:{}", (Throwable) e7);
                    sdkResult.setError(ErrorEnum.GET_RANDOM_BY_HSM_EXCEPTION);
                    return sdkResult;
                }
            } catch (Exception e8) {
                this.logger.error("封装certRequestMessage异常：{}", (Throwable) e8);
                sdkResult.setError(ErrorEnum.MAKE_CERT_REQUEST_MESSAGE_EXCEPTION);
                return sdkResult;
            }
        } catch (Exception e9) {
            this.logger.error("===============  获取CMP请求随机数异常{}", (Throwable) e9);
            sdkResult.setError(ErrorEnum.GET_CMP_RANDOM_IS_EXCEPTION);
            return sdkResult;
        }
    }

    public SdkResult sendRevokeCertReqMessages(int i, String str, String str2, String str3, String str4, String str5, int i2, String str6) {
        this.logger.info("撤销/冻结/解冻申请 ======== 【开始】申请事务Id为:{},用户类型为:{},raDN为:{},caDN为:{},待撤销签名证书sn为:{},待撤销证书主体为:{},撤销类型为:{},撤销原因为:{}", str, Integer.valueOf(i), str2, str3, str4, str5, Integer.valueOf(i2), str6);
        SdkResult sdkResult = new SdkResult();
        this.logger.info("撤销/冻结/解冻申请 ======== 0.参与校验");
        if (i != SdkConstants.APPLY_USER_TYPE_NORMAL_USER_1 && i != SdkConstants.APPLY_USER_TYPE_ADMIN_2) {
            this.logger.info("=============== 请求用户类型错误");
            sdkResult.setError(ErrorEnum.APPLY_USER_TYPE_IS_ERROR);
            return sdkResult;
        }
        if (StringUtils.isAnyBlank(str, str2, str3, str4)) {
            this.logger.info("=============== 参数中transId,raDN,caDN,signSn存在空值");
            sdkResult.setError(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
            return sdkResult;
        }
        this.logger.info("撤销/冻结/解冻申请 ======== 1.向CA获取随机数");
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("transId", str);
            SdkResult sendApacheClientRequest = ClientHttpUtils.sendApacheClientRequest(this.keyIndex, this.pwd, this.raSignPriKey, null, hashMap, this.caBaseUrl + "/v1/cmp", "application/pkixcmp", this.raSignSn, this.caCerts, this.protectAlgName, this.isHttps, this.isUseHsm, BeanUtil.PREFIX_GETTER_GET);
            if (!sendApacheClientRequest.isSuccess()) {
                sdkResult.setErrorBean(sendApacheClientRequest.getErrorBean());
                return sdkResult;
            }
            byte[] bArr = (byte[]) sendApacheClientRequest.getInfo();
            this.logger.info("撤销/冻结/解冻申请 ======== 2.封装RevReqContent结构体");
            try {
                RevReqContent genRevReqContent = CmpMessageHelper.genRevReqContent(str3, str5, str4);
                try {
                    byte[] genRandomByHsm = CmpMessageHelper.genRandomByHsm(new byte[16].length);
                    FreeText freeText = new FreeText();
                    freeText.setApplyUserType(i);
                    freeText.setRevokeCertInfo(new RevokeCertInfo(i2, str6));
                    freeText.setRaSignSn(this.raSignSn);
                    this.logger.info("撤销/冻结/解冻申请 ======== 3.封装PkiMessage结构体");
                    try {
                        PKIMessage genPKIMessage = CmpMessageHelper.genPKIMessage(this.keyIndex, this.pwd, this.raSignPriKey, this.caCert, str2, str3, 11, bArr, genRandomByHsm, str, genRevReqContent, JSON.toJSONString(freeText), this.isUseHsm);
                        this.logger.info("撤销/冻结/解冻申请 ======== 4.发送证书撤销请求");
                        try {
                            SdkResult sendApacheClientRequest2 = ClientHttpUtils.sendApacheClientRequest(this.keyIndex, this.pwd, this.raSignPriKey, genPKIMessage.getEncoded(), null, this.caBaseUrl + "/v1/cmp", "application/pkixcmp", this.raSignSn, this.caCerts, this.protectAlgName, this.isHttps, this.isUseHsm, "post");
                            if (!sendApacheClientRequest2.isSuccess()) {
                                sdkResult.setErrorBean(sendApacheClientRequest2.getErrorBean());
                                return sdkResult;
                            }
                            byte[] bArr2 = (byte[]) sendApacheClientRequest2.getInfo();
                            if (bArr2 == null) {
                                this.logger.info("============== 接收CA返回的数据内容为空");
                                sdkResult.setError(ErrorEnum.CA_OPEN_API_RETURN_INFO_IS_EMPTY);
                                return sdkResult;
                            }
                            this.logger.info("撤销/冻结/解冻申请 ======== 5.检查CA返回消息的header和签名信息");
                            try {
                                SdkResult checkCmpHeaderAndSign = CmpMessageHelper.checkCmpHeaderAndSign(bArr2, str2, str3, genRandomByHsm, str, this.caCert, this.isUseHsm);
                                if (!checkCmpHeaderAndSign.isSuccess()) {
                                    this.logger.info("撤销/冻结/解冻申请 ======== 5.1 解析CA返回的头和签名错误");
                                    sdkResult.setErrorBean(checkCmpHeaderAndSign.getErrorBean());
                                    return sdkResult;
                                }
                                this.logger.info("撤销/冻结/解冻申请 ======== 6.获取CA返回body中的撤销后的信息");
                                SdkResult resolveVarietyRepMessage = CmpMessageHelper.resolveVarietyRepMessage(this.raSignPriKey, this.caCert, i, SdkConstants.CERT_APPLY_TYPE_REVOKE_3, bArr2, str, str5, this.raSignSn, this.keyIndex, this.pwd, this.isUseHsm);
                                if (resolveVarietyRepMessage.isSuccess()) {
                                    sdkResult.setInfo(resolveVarietyRepMessage.getInfo());
                                    this.logger.info("撤销/冻结/解冻申请 ======== 【结束】申请事务Id为：{} ", str);
                                    return sdkResult;
                                }
                                if (i2 == SdkConstants.REV_REASON_CERTIFICATE_HOLD_6) {
                                    if (ErrorEnum.RA_CERT_ISSUE_STATUS_FROZEND.code == resolveVarietyRepMessage.getErrorBean().getErrCode()) {
                                        this.logger.info("冻结申请 ======== RA申请撤销的证书已被冻结");
                                    } else {
                                        this.logger.info("冻结申请 ======== 6.1 解析CA返回的消息体错误");
                                        sdkResult.setErrorBean(resolveVarietyRepMessage.getErrorBean());
                                    }
                                } else if (i2 == SdkConstants.REV_REASON_REMOVE_FROM_CRL_8) {
                                    if (ErrorEnum.RA_CERT_ISSUE_STATUE_NORMAL.code == resolveVarietyRepMessage.getErrorBean().getErrCode()) {
                                        this.logger.info("解冻申请 ======== RA申请撤销的证书已被解冻");
                                    } else {
                                        this.logger.info("解冻申请 ======== 6.1 解析CA返回的消息体错误");
                                        sdkResult.setErrorBean(resolveVarietyRepMessage.getErrorBean());
                                    }
                                } else if (ErrorEnum.RA_CERT_ISSUE_STATUS_REVOKED.code == resolveVarietyRepMessage.getErrorBean().getErrCode()) {
                                    this.logger.info("撤销申请 ======== RA申请撤销的证书已被撤销");
                                } else {
                                    this.logger.info("撤销申请 ======== 6.1 解析CA返回的消息体错误");
                                    sdkResult.setErrorBean(resolveVarietyRepMessage.getErrorBean());
                                }
                                sdkResult.setInfo(resolveVarietyRepMessage.getInfo());
                                this.logger.info("撤销/冻结/解冻申请 ======== 【结束】申请事务Id为：{} ", str);
                                return sdkResult;
                            } catch (NamingException e) {
                                this.logger.error(" ============= 检查CA返回消息的header和签名信息:{}", e);
                                sdkResult.setError(ErrorEnum.CERT_DN_IS_NOT_FORMAT);
                                return sdkResult;
                            }
                        } catch (Exception e2) {
                            this.logger.error(" ============= 发送Http请求异常:{}", (Throwable) e2);
                            sdkResult.setError(ErrorEnum.SEND_HTTP_MESSAGE_EXCEPTION);
                            return sdkResult;
                        }
                    } catch (Exception e3) {
                        this.logger.error("封装PKIMessage异常：{}", (Throwable) e3);
                        sdkResult.setError(ErrorEnum.MAKE_PKI_MESSAGE_EXCEPTION);
                        return sdkResult;
                    }
                } catch (Exception e4) {
                    this.logger.error(" ============== 通过密码机获取随机数异常:{}", (Throwable) e4);
                    sdkResult.setError(ErrorEnum.GET_RANDOM_BY_HSM_EXCEPTION);
                    return sdkResult;
                }
            } catch (Exception e5) {
                this.logger.error("封装RevReqContent异常{}", (Throwable) e5);
                sdkResult.setError(ErrorEnum.MAKE_REV_REQ_CONTENT_EXCEPTION);
                return sdkResult;
            }
        } catch (Exception e6) {
            this.logger.error("===============  获取CMP请求随机数异常{}", (Throwable) e6);
            sdkResult.setError(ErrorEnum.GET_CMP_RANDOM_IS_EXCEPTION);
            return sdkResult;
        }
    }

    public SdkResult sendRecoveryCertReqMessages(String str, String str2, String str3, String str4, String str5, String str6, String str7, Integer num) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier;
        byte[] decode;
        this.logger.info("恢复申请 ======== 【开始】申请事务Id为:{},raDN为:{},caDN为:{},签名公钥为:{},签名算法为:{},申请证书主体为:{},待恢复的签名证书sn:{}", str, str2, str3, str4, str5, str6, str7);
        SdkResult sdkResult = new SdkResult();
        this.logger.info("恢复申请 ======== 0.参与校验");
        if (StringUtils.isAnyBlank(str, str2, str3, str4, str5, str6)) {
            this.logger.info("=============== 参数中transId,raDN,caDN,signPubKey,signAlg,certDN存在空值");
            sdkResult.setError(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
            return sdkResult;
        }
        this.logger.info("恢复申请 ======== 1.向CA获取随机数");
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("transId", str);
            SdkResult sendApacheClientRequest = ClientHttpUtils.sendApacheClientRequest(this.keyIndex, this.pwd, this.raSignPriKey, null, hashMap, this.caBaseUrl + "/v1/cmp", "application/pkixcmp", this.raSignSn, this.caCerts, this.protectAlgName, this.isHttps, this.isUseHsm, BeanUtil.PREFIX_GETTER_GET);
            if (!sendApacheClientRequest.isSuccess()) {
                sdkResult.setErrorBean(sendApacheClientRequest.getErrorBean());
                return sdkResult;
            }
            byte[] bArr = (byte[]) sendApacheClientRequest.getInfo();
            if (bArr == null) {
                this.logger.info("============== CA返回数据为空");
                sdkResult.setError(ErrorEnum.CA_OPEN_API_RETURN_INFO_IS_EMPTY);
                return sdkResult;
            }
            if ("SM3withSM2".equalsIgnoreCase(str5)) {
                aSN1ObjectIdentifier = SM2ObjectIdentifiers.sm2SignWithSm3;
            } else if ("sha-1WithRSA".equalsIgnoreCase(str5)) {
                aSN1ObjectIdentifier = RsaObjectIdentifiers.sha1WithRSA;
            } else if ("sha256WithRSA".equalsIgnoreCase(str5)) {
                aSN1ObjectIdentifier = RsaObjectIdentifiers.sha256WithRSA;
            } else {
                if (!"SHA256WithECDSA".equalsIgnoreCase(str5)) {
                    this.logger.error("===============  证书签名算法不支持：" + str5);
                    sdkResult.setError(ErrorEnum.CERT_SIGN_ALG_IS_NOT_SUPPORT);
                    return sdkResult;
                }
                aSN1ObjectIdentifier = NISTObjectIdentifiers.nistSignAlgorithm;
            }
            long currentTimeMillis = System.currentTimeMillis();
            this.logger.info("恢复申请 ======== 2.封装CertRequest结构体");
            CertRequest[] certRequestArr = new CertRequest[1];
            if (str4 == null) {
                decode = null;
            } else {
                try {
                    decode = Base64.decode(str4);
                } catch (Exception e) {
                    this.logger.error(" ===============  封装【签名】certRequest异常:{}", (Throwable) e);
                    sdkResult.setError(ErrorEnum.MAKE_CERT_REQUEST_EXCEPTION);
                    return sdkResult;
                }
            }
            certRequestArr[0] = CmpMessageHelper.genCertRequest(0, str6, decode, aSN1ObjectIdentifier, currentTimeMillis, SdkConstants.CERT_TYPE_SIGN_2);
            this.logger.info("恢复申请 ======== 3.封装CertReqMessages结构体");
            try {
                CertReqMessages genCertReqMessages = CmpMessageHelper.genCertReqMessages(certRequestArr);
                try {
                    byte[] genRandomByHsm = CmpMessageHelper.genRandomByHsm(new byte[16].length);
                    FreeText freeText = new FreeText();
                    freeText.setRaSignSn(this.raSignSn);
                    freeText.setSignSn(str7);
                    freeText.setKeyFormat(num);
                    Map<String, Object> headerMap = SdkCommonVariable.getHeaderMap();
                    headerMap.put(str, new BaseCMPInfo(genRandomByHsm, bArr, str, currentTimeMillis, 0));
                    this.logger.info("=============== sendRecoveryCertReqMessages.baseCMPInfo.map>> transId: " + str + " ========== " + SdkJsonUtils.object2Json(headerMap));
                    this.logger.info("恢复申请 ======== 4.封装PKIMessage结构体");
                    try {
                        PKIMessage genPKIMessage = CmpMessageHelper.genPKIMessage(this.keyIndex, this.pwd, this.raSignPriKey, this.caCert, str2, str3, 9, bArr, genRandomByHsm, str, genCertReqMessages, JSON.toJSONString(freeText), this.isUseHsm);
                        this.logger.info("恢复申请 ======== 5.发送证书恢复申请请求");
                        try {
                            SdkResult sendApacheClientRequest2 = ClientHttpUtils.sendApacheClientRequest(this.keyIndex, this.pwd, this.raSignPriKey, genPKIMessage.getEncoded(), null, this.caBaseUrl + "/v1/cmp", "application/pkixcmp", this.raSignSn, this.caCerts, this.protectAlgName, this.isHttps, this.isUseHsm, "post");
                            if (!sendApacheClientRequest2.isSuccess()) {
                                sdkResult.setErrorBean(sendApacheClientRequest2.getErrorBean());
                                return sdkResult;
                            }
                            byte[] bArr2 = (byte[]) sendApacheClientRequest2.getInfo();
                            if (bArr2 == null) {
                                this.logger.info("============== 接收CA返回的数据内容为空");
                                sdkResult.setError(ErrorEnum.CA_OPEN_API_RETURN_INFO_IS_EMPTY);
                                return sdkResult;
                            }
                            this.logger.info("恢复申请 ======== 6.检查CA返回消息的header和签名信息");
                            try {
                                SdkResult checkCmpHeaderAndSign = CmpMessageHelper.checkCmpHeaderAndSign(bArr2, str2, str3, genRandomByHsm, str, this.caCert, this.isUseHsm);
                                if (!checkCmpHeaderAndSign.isSuccess()) {
                                    this.logger.info("恢复申请 ======== 6.1 解析CA返回的头和签名错误");
                                    sdkResult.setErrorBean(checkCmpHeaderAndSign.getErrorBean());
                                    return sdkResult;
                                }
                                this.logger.info("恢复申请 ======== 7.获取CA返回的证书信息");
                                SdkResult resolveVarietyRepMessage = CmpMessageHelper.resolveVarietyRepMessage(this.raSignPriKey, this.caCert, SdkConstants.APPLY_USER_TYPE_NORMAL_USER_1, SdkConstants.CERT_APPLY_TYPE_RECOVERY_4, bArr2, str, str6, this.raSignSn, this.keyIndex, this.pwd, this.isUseHsm);
                                if (resolveVarietyRepMessage.isSuccess()) {
                                    sdkResult.setInfo(resolveVarietyRepMessage.getInfo());
                                    this.logger.info("恢复申请 ======== 【结束】申请事务Id为：{} ", str);
                                    return sdkResult;
                                }
                                this.logger.info("恢复申请 ======== 7.1 解析CA返回的消息体错误");
                                sdkResult.setErrorBean(resolveVarietyRepMessage.getErrorBean());
                                return sdkResult;
                            } catch (NamingException e2) {
                                this.logger.error(" ============= 检查CA返回消息的header和签名信息:{}", e2);
                                sdkResult.setError(ErrorEnum.CERT_DN_IS_NOT_FORMAT);
                                return sdkResult;
                            }
                        } catch (Exception e3) {
                            this.logger.error(" ============= 发送Http请求异常:{}", (Throwable) e3);
                            sdkResult.setError(ErrorEnum.SEND_HTTP_MESSAGE_EXCEPTION);
                            return sdkResult;
                        }
                    } catch (Exception e4) {
                        this.logger.error(" =============== 封装PKIMessage异常:{}", (Throwable) e4);
                        sdkResult.setError(ErrorEnum.MAKE_PKI_MESSAGE_EXCEPTION);
                        return sdkResult;
                    }
                } catch (Exception e5) {
                    this.logger.error(" ============== 通过密码机获取随机数异常:{}", (Throwable) e5);
                    sdkResult.setError(ErrorEnum.GET_RANDOM_BY_HSM_EXCEPTION);
                    return sdkResult;
                }
            } catch (Exception e6) {
                this.logger.error(" ============== 封装certRequestMessage异常:{}", (Throwable) e6);
                sdkResult.setError(ErrorEnum.MAKE_CERT_REQUEST_MESSAGE_EXCEPTION);
                return sdkResult;
            }
        } catch (Exception e7) {
            this.logger.error("===============  获取CMP请求随机数异常{}", (Throwable) e7);
            sdkResult.setError(ErrorEnum.GET_CMP_RANDOM_IS_EXCEPTION);
            return sdkResult;
        }
    }

    public SdkResult sendCertConfirmContent(int i, String str, String str2, String str3, X509Certificate x509Certificate) {
        this.logger.info("发送证书 签发和更新的 确认消息 ======== 【开始】申请事务Id为：{} ", str);
        SdkResult sdkResult = new SdkResult();
        if (i != SdkConstants.APPLY_USER_TYPE_NORMAL_USER_1 && i != SdkConstants.APPLY_USER_TYPE_ADMIN_2) {
            this.logger.info(" ================ 请求用户类型错误");
            sdkResult.setError(ErrorEnum.APPLY_USER_TYPE_IS_ERROR);
            return sdkResult;
        }
        if (StringUtils.isAnyBlank(str, str2, str3, str3)) {
            this.logger.info("=============== 参数中transId,raDN,caDN,caDN存在空值");
            sdkResult.setError(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
            return sdkResult;
        }
        Map<String, Object> headerMap = SdkCommonVariable.getHeaderMap();
        if (headerMap == null) {
            sdkResult.setError(ErrorEnum.LOCAL_CMP_CACHE_IS_EMPTY);
            return sdkResult;
        }
        BaseCMPInfo baseCMPInfo = (BaseCMPInfo) headerMap.get(str);
        if (baseCMPInfo == null) {
            this.logger.info(" ================== 未找到RA发从的该transId:" + str);
            sdkResult.setError(ErrorEnum.CANNOT_GET_TRANS_ID_FORM_LOCAL_CACHE);
            return sdkResult;
        }
        byte[] recipientNonce = baseCMPInfo.getRecipientNonce();
        byte[] senderNonce = baseCMPInfo.getSenderNonce();
        long requestId = baseCMPInfo.getRequestId();
        this.logger.info("发送证书 签发和更新的 确认消息 ======== 1.封装CertConfirmContent结构体");
        try {
            CertConfirmContent genCertConfirmContent = CmpMessageHelper.genCertConfirmContent(str, requestId);
            FreeText freeText = new FreeText();
            freeText.setApplyUserType(i);
            freeText.setRaSignSn(this.raSignSn);
            this.logger.info("发送证书 签发和更新的 确认消息 ======== 2.封装PkiMessage结构体");
            try {
                PKIMessage genPKIMessage = CmpMessageHelper.genPKIMessage(this.keyIndex, this.pwd, this.raSignPriKey, x509Certificate, str2, str3, 24, recipientNonce, senderNonce, str, genCertConfirmContent, SdkJsonUtils.object2Json(freeText), this.isUseHsm);
                this.logger.info("发送证书 签发和更新的 确认消息 ======== 3.发送证书证书确认消息");
                try {
                    SdkResult sendApacheClientRequest = ClientHttpUtils.sendApacheClientRequest(this.keyIndex, this.pwd, this.raSignPriKey, genPKIMessage.getEncoded(), null, this.caBaseUrl + "/v1/cmp", "application/pkixcmp", this.raSignSn, this.caCerts, this.protectAlgName, this.isHttps, this.isUseHsm, "post");
                    if (!sendApacheClientRequest.isSuccess()) {
                        sdkResult.setErrorBean(sendApacheClientRequest.getErrorBean());
                        return sdkResult;
                    }
                    this.logger.info("sendCertConfirmContent.sendCmpHttpPost.result>>>>" + SdkJsonUtils.object2Json(sdkResult));
                    headerMap.remove(str);
                    this.logger.info("发送证书 签发和更新的 确认消息 ========  【结束】申请事务Id为：{}", str);
                    return sdkResult;
                } catch (Exception e) {
                    this.logger.info(" ============= 发送Http请求异常:{}", (Throwable) e);
                    sdkResult.setError(ErrorEnum.SEND_HTTP_MESSAGE_EXCEPTION);
                    return sdkResult;
                }
            } catch (Exception e2) {
                this.logger.info("封装PKIMessage异常：{}", (Throwable) e2);
                sdkResult.setError(ErrorEnum.MAKE_PKI_MESSAGE_EXCEPTION);
                return sdkResult;
            }
        } catch (Exception e3) {
            this.logger.info("封装CertConfirmContent异常{}", (Throwable) e3);
            sdkResult.setError(ErrorEnum.MAKE_CERT_CONFIRM_CONTENT_EXCEPTION);
            return sdkResult;
        }
    }

    public SdkResult sendErrorMsgContent(int i, String str, String str2, String str3, int i2, String str4) {
        this.logger.info("发送错误消息 ======== 【开始】申请事务Id为：{} ", str);
        SdkResult sdkResult = new SdkResult();
        this.logger.info("发送错误消息 ======== 参与校验");
        if (i != SdkConstants.APPLY_USER_TYPE_NORMAL_USER_1 && i != SdkConstants.APPLY_USER_TYPE_ADMIN_2) {
            this.logger.info("请求用户类型错误");
            sdkResult.setError(ErrorEnum.APPLY_USER_TYPE_IS_ERROR);
            return sdkResult;
        }
        if (StringUtils.isAnyBlank(str, str2, str3)) {
            this.logger.info("=============== 参数中transId,raDN,caDN存在空值");
            sdkResult.setError(ErrorEnum.MISSING_REQUIRED_PARAMETERS);
            return sdkResult;
        }
        Map<String, Object> headerMap = SdkCommonVariable.getHeaderMap();
        if (headerMap == null) {
            this.logger.info("本地缓存数据为空");
            sdkResult.setError(ErrorEnum.LOCAL_CMP_CACHE_IS_EMPTY);
            return sdkResult;
        }
        BaseCMPInfo baseCMPInfo = (BaseCMPInfo) headerMap.get(str);
        if (baseCMPInfo == null) {
            this.logger.info(" ================== 未找到RA发从的该transId:" + str);
            sdkResult.setError(ErrorEnum.CANNOT_GET_TRANS_ID_FORM_LOCAL_CACHE);
            return sdkResult;
        }
        SdkResult genErrorPKIMsg = CmpMessageHelper.genErrorPKIMsg(this.keyIndex, this.pwd, this.raSignPriKey, this.caCert, this.caCerts, this.raSignSn, i, str4, i2, str2, str3, baseCMPInfo.getRecipientNonce(), baseCMPInfo.getSenderNonce(), str, this.caBaseUrl + "/v1/cmp", this.protectAlgName, this.isHttps, this.isUseHsm);
        if (!genErrorPKIMsg.isSuccess()) {
            sdkResult.setErrorBean(genErrorPKIMsg.getErrorBean());
        }
        headerMap.remove(str);
        this.logger.info("发送错误消息 ======== 【结束】申请事务Id为：{} ", str);
        return sdkResult;
    }

    public SdkResult getRaBaseDN() {
        SdkResult sdkResult = new SdkResult();
        try {
            SdkResult sendApacheClientRequest = ClientHttpUtils.sendApacheClientRequest(this.keyIndex, this.pwd, this.raSignPriKey, null, null, this.caBaseUrl + "/v1/api/ra/baseDn", null, this.raSignSn, this.caCerts, this.protectAlgName, this.isHttps, this.isUseHsm, BeanUtil.PREFIX_GETTER_GET);
            if (sendApacheClientRequest.isSuccess()) {
                sdkResult.setInfo(new String((byte[]) sendApacheClientRequest.getInfo()));
                return sdkResult;
            }
            sdkResult.setErrorBean(sendApacheClientRequest.getErrorBean());
            return sdkResult;
        } catch (Exception e) {
            this.logger.error("===============  获取RA系统BaseDN异常{}", (Throwable) e);
            sdkResult.setError(ErrorEnum.CONNECT_CA_OPEN_API_REFUSED);
            return sdkResult;
        }
    }

    public SdkResult getCertStatus(String str) {
        SdkResult sdkResult = new SdkResult();
        try {
            SdkResult sendApacheClientRequest = ClientHttpUtils.sendApacheClientRequest(this.keyIndex, this.pwd, this.raSignPriKey, null, null, this.caBaseUrl + ("/v1/api/cert/status/" + str), null, this.raSignSn, this.caCerts, this.protectAlgName, this.isHttps, this.isUseHsm, BeanUtil.PREFIX_GETTER_GET);
            if (sendApacheClientRequest.isSuccess()) {
                sdkResult.setInfo(new String((byte[]) sendApacheClientRequest.getInfo()));
                return sdkResult;
            }
            sdkResult.setErrorBean(sendApacheClientRequest.getErrorBean());
            return sdkResult;
        } catch (Exception e) {
            this.logger.error("===============  获取证书状态异常{}", (Throwable) e);
            sdkResult.setError(ErrorEnum.CONNECT_CA_OPEN_API_REFUSED);
            return sdkResult;
        }
    }

    public SdkResult downloadCertByteInfo(String str) {
        SdkResult sdkResult = new SdkResult();
        try {
            SdkResult sendApacheClientRequest = ClientHttpUtils.sendApacheClientRequest(this.keyIndex, this.pwd, this.raSignPriKey, null, null, this.caBaseUrl + ("/v1/api/cert/download/" + str), null, this.raSignSn, this.caCerts, this.protectAlgName, this.isHttps, this.isUseHsm, BeanUtil.PREFIX_GETTER_GET);
            if (sendApacheClientRequest.isSuccess()) {
                sdkResult.setInfo(new String((byte[]) sendApacheClientRequest.getInfo()));
                return sdkResult;
            }
            sdkResult.setErrorBean(sendApacheClientRequest.getErrorBean());
            return sdkResult;
        } catch (Exception e) {
            this.logger.error("===============  下载用户证书异常{}", (Throwable) e);
            sdkResult.setError(ErrorEnum.CONNECT_CA_OPEN_API_REFUSED);
            return sdkResult;
        }
    }

    public SdkResult getCertDetailInfo(String str) {
        SdkResult sdkResult = new SdkResult();
        try {
            SdkResult sendApacheClientRequest = ClientHttpUtils.sendApacheClientRequest(this.keyIndex, this.pwd, this.raSignPriKey, null, null, this.caBaseUrl + ("/v1/api/cert/detail/" + str), null, this.raSignSn, this.caCerts, this.protectAlgName, this.isHttps, this.isUseHsm, BeanUtil.PREFIX_GETTER_GET);
            if (sendApacheClientRequest.isSuccess()) {
                sdkResult.setInfo(new String((byte[]) sendApacheClientRequest.getInfo()));
                return sdkResult;
            }
            sdkResult.setErrorBean(sendApacheClientRequest.getErrorBean());
            return sdkResult;
        } catch (Exception e) {
            this.logger.error("===============  获取证书详情异常{}", (Throwable) e);
            sdkResult.setError(ErrorEnum.CONNECT_CA_OPEN_API_REFUSED);
            return sdkResult;
        }
    }

    public SdkResult getCertTemplateList() {
        SdkResult sdkResult = new SdkResult();
        try {
            SdkResult sendApacheClientRequest = ClientHttpUtils.sendApacheClientRequest(this.keyIndex, this.pwd, this.raSignPriKey, null, null, this.caBaseUrl + "/v1/api/template/list", null, this.raSignSn, this.caCerts, this.protectAlgName, this.isHttps, this.isUseHsm, BeanUtil.PREFIX_GETTER_GET);
            if (sendApacheClientRequest.isSuccess()) {
                sdkResult.setInfo(new String((byte[]) sendApacheClientRequest.getInfo()));
                return sdkResult;
            }
            sdkResult.setErrorBean(sendApacheClientRequest.getErrorBean());
            return sdkResult;
        } catch (Exception e) {
            this.logger.error("===============  获取证书模板列表异常{}", (Throwable) e);
            sdkResult.setError(ErrorEnum.CONNECT_CA_OPEN_API_REFUSED);
            return sdkResult;
        }
    }

    public SdkResult getCertTemplateDetailInfo(String str) {
        SdkResult sdkResult = new SdkResult();
        try {
            SdkResult sendApacheClientRequest = ClientHttpUtils.sendApacheClientRequest(this.keyIndex, this.pwd, this.raSignPriKey, null, null, this.caBaseUrl + ("/v1/api/template/detail/" + str), null, this.raSignSn, this.caCerts, this.protectAlgName, this.isHttps, this.isUseHsm, BeanUtil.PREFIX_GETTER_GET);
            if (sendApacheClientRequest.isSuccess()) {
                sdkResult.setInfo(new String((byte[]) sendApacheClientRequest.getInfo()));
                return sdkResult;
            }
            sdkResult.setErrorBean(sendApacheClientRequest.getErrorBean());
            return sdkResult;
        } catch (Exception e) {
            this.logger.error("===============  获取证书模板详情异常{}", (Throwable) e);
            sdkResult.setError(ErrorEnum.CONNECT_CA_OPEN_API_REFUSED);
            return sdkResult;
        }
    }

    public SdkResult getRaOperatorCertTemp() {
        SdkResult sdkResult = new SdkResult();
        try {
            SdkResult sendApacheClientRequest = ClientHttpUtils.sendApacheClientRequest(this.keyIndex, this.pwd, this.raSignPriKey, null, null, this.caBaseUrl + "/v1/api/template/manage", null, this.raSignSn, this.caCerts, this.protectAlgName, this.isHttps, this.isUseHsm, BeanUtil.PREFIX_GETTER_GET);
            if (sendApacheClientRequest.isSuccess()) {
                sdkResult.setInfo(new String((byte[]) sendApacheClientRequest.getInfo()));
                return sdkResult;
            }
            sdkResult.setErrorBean(sendApacheClientRequest.getErrorBean());
            return sdkResult;
        } catch (Exception e) {
            this.logger.error("===============  获取管理员证书模板详情异常{}", (Throwable) e);
            sdkResult.setError(ErrorEnum.CONNECT_CA_OPEN_API_REFUSED);
            return sdkResult;
        }
    }

    public SdkResult raAdminLoginAuthen(String str) {
        SdkResult sdkResult = new SdkResult();
        HashMap hashMap = new HashMap();
        hashMap.put("sn", str);
        try {
            SdkResult sendApacheClientRequest = ClientHttpUtils.sendApacheClientRequest(this.keyIndex, this.pwd, this.raSignPriKey, SdkJsonUtils.object2Json(hashMap).getBytes(), null, this.caBaseUrl + "/v1/api/ra/login", "application/json", this.raSignSn, this.caCerts, this.protectAlgName, this.isHttps, this.isUseHsm, "post");
            if (sendApacheClientRequest.isSuccess()) {
                sdkResult.setInfo(new String((byte[]) sendApacheClientRequest.getInfo()));
                return sdkResult;
            }
            sdkResult.setErrorBean(sendApacheClientRequest.getErrorBean());
            return sdkResult;
        } catch (Exception e) {
            this.logger.error("===============  管理员登录认证异常{}", (Throwable) e);
            sdkResult.setError(ErrorEnum.CONNECT_CA_OPEN_API_REFUSED);
            return sdkResult;
        }
    }

    public SdkResult sendCaServerMessages(String str, int i, String str2, X509Certificate[] x509CertificateArr) {
        this.logger.info("测试CA服务连通性================");
        SdkResult sdkResult = new SdkResult();
        String str3 = str + ":" + i + "/ca-openapi/v1/api/interface/test";
        HashMap hashMap = new HashMap();
        hashMap.put("certChainHash", str2);
        try {
            SdkResult sendApacheClientRequestInit = ClientHttpUtils.sendApacheClientRequestInit(null, hashMap, str3, null, this.protectAlgName, this.isHttps, BeanUtil.PREFIX_GETTER_GET);
            if (sendApacheClientRequestInit.isSuccess()) {
                return sdkResult;
            }
            if (sendApacheClientRequestInit.getErrorBean().errCode == 11451) {
                return sendApacheClientRequestInit;
            }
            sdkResult.setError(ErrorEnum.TEST_CA_SERVER_CONNECT_ERROR);
            return sdkResult;
        } catch (Exception e) {
            this.logger.error("===============  获取CA系统运行状态异常{}", (Throwable) e);
            sdkResult.setError(ErrorEnum.CONNECT_CA_OPEN_API_REFUSED);
            return sdkResult;
        }
    }
}
