package com.xdja.pki.ra.openapi.tbox.cmp.handler;

import com.xdja.ca.constant.SdkCommonVariable;
import com.xdja.ca.utils.SdkCertUtils;
import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.util.json.JsonUtils;
import com.xdja.pki.ra.openapi.core.BaseCMPInfo;
import com.xdja.pki.ra.openapi.core.common.PKIMessageException;
import com.xdja.pki.ra.openapi.core.handler.ICmpMessageHandler;
import com.xdja.pki.ra.openapi.core.helper.PKIMessageHelper;
import com.xdja.pki.ra.service.manager.certapply.CertApplyService;
import com.xdja.pki.ra.service.manager.certapply.bean.ApplyVariable;
import java.security.PublicKey;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.cmp.ErrorMsgContent;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

@Component("cmpErrorMsgHandler")
/* loaded from: input_file:WEB-INF/lib/ra-openapi-tbox-0.0.1-SNAPSHOT.jar:com/xdja/pki/ra/openapi/tbox/cmp/handler/CmpErrorMsgHandler.class */
public class CmpErrorMsgHandler implements ICmpMessageHandler {
    protected Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    CertApplyService certApplyService;

    @Override // com.xdja.pki.ra.openapi.core.handler.ICmpMessageHandler
    @Transactional
    public Result handleMessage(PKIMessage pKIMessage, boolean z) throws PKIMessageException {
        this.logger.info("RA证书错误消息 ========== 【开始】");
        Result result = new Result();
        this.logger.info("RA证书错误消息 ========== 1. 获取PkiMessage消息结构");
        PKIMessage pKIMessage2 = PKIMessage.getInstance(pKIMessage);
        if (pKIMessage2 == null) {
            this.logger.info("RA证书错误消息 ========== No pkiMessage response message.");
            throw new PKIMessageException("RA证书错误消息 ========== No pkiMessage response message.");
        }
        this.logger.info("RA证书错误消息 ========== 2. 获取PkiMessage消息头PKIHeader");
        PKIHeader header = pKIMessage2.getHeader();
        if (header == null) {
            this.logger.info("RA证书错误消息 ========== No header in response message.");
            throw new PKIMessageException("RA证书错误消息 ========== No header in response message.");
        }
        header.getSender();
        header.getRecipient();
        byte[] bArr = new byte[0];
        byte[] bArr2 = new byte[0];
        try {
            byte[] octets = header.getRecipNonce() == null ? null : header.getRecipNonce().getOctets();
            byte[] octets2 = header.getSenderNonce() == null ? null : header.getSenderNonce().getOctets();
            String str = header.getTransactionID() == null ? null : new String(header.getTransactionID().getOctets());
            AlgorithmIdentifier protectionAlg = header.getProtectionAlg();
            if (octets == null || octets2 == null || protectionAlg == null || StringUtils.isBlank(str)) {
                this.logger.info("RA证书错误消息 ========== 错误消息接口中必填项有空值");
                throw new PKIMessageException("RA证书错误消息 ========== 错误消息接口中必填项有空值");
            }
            Map headerMap = SdkCommonVariable.getHeaderMap();
            BaseCMPInfo baseCMPInfo = (BaseCMPInfo) headerMap.get(str);
            if (baseCMPInfo == null) {
                this.logger.info("RA证书错误消息 ========== 不存在对应的事务ID tranId:{}", str);
                result.setError(ErrorEnum.CMP_TRAN_ID_IS_NOT_EXIST);
                return result;
            }
            PublicKey publicKey = null;
            if (pKIMessage2.getExtraCerts() != null) {
                try {
                    publicKey = SdkCertUtils.convertDerCertToCert(pKIMessage2.getExtraCerts()[0].getEncoded()).getPublicKey();
                } catch (Exception e) {
                    this.logger.error("RA证书错误消息 ========== 消息体中未包含验证证书");
                    result.setError(ErrorEnum.THE_PKIMESSAGE_HEADER_NO_EXTRACERTS);
                    return result;
                }
            }
            this.logger.info("RA证书错误消息 ========== 3. 验证cmp消息的header和签名的正确性");
            Result checkCmpHeaderAndSign = PKIMessageHelper.checkCmpHeaderAndSign(publicKey, header, pKIMessage2.getProtection().getBytes(), PKIMessageHelper.getProtectedBytes(pKIMessage), protectionAlg, baseCMPInfo.getSharedKey());
            if (!checkCmpHeaderAndSign.isSuccess()) {
                this.logger.info("RA证书错误消息 ========== 3.1 验证cmp消息的header和签名错误 原因：" + JsonUtils.object2Json(checkCmpHeaderAndSign));
                result.setError(checkCmpHeaderAndSign.getError());
                return result;
            }
            PKIBody body = pKIMessage2.getBody();
            if (body == null) {
                this.logger.info("RA证书错误消息 ========== 没有对应的PKI消息体");
                result.setError(ErrorEnum.NO_PKI_BODY_FOR_RECEIVED);
                return result;
            }
            if (body.getType() != 23) {
                this.logger.info("RA证书错误消息 ========== PKI消息体的类型不是23");
                result.setError(ErrorEnum.ERROR_MSG_PKI_BODY_TAG_NOT_23);
                return result;
            }
            Map<String, String> tboxMap = ApplyVariable.getTboxMap();
            String str2 = tboxMap.get(str);
            ErrorMsgContent content = body.getContent();
            try {
                int intValue = content.getErrorCode() == null ? 111111 : content.getErrorCode().getValue().intValue();
                String string = content.getErrorDetails() == null ? "RA自定义Tbox返回的错误消息" : content.getErrorDetails().getStringAt(0).getString();
                this.logger.info("RA证书错误消息 ========== 错误码:" + intValue + " 错误消息：" + string);
                Result genErrorMsgContent = this.certApplyService.genErrorMsgContent(str2, intValue, string, true);
                if (!genErrorMsgContent.isSuccess()) {
                    this.logger.info("RA证书错误消息 ==========  证书确认消息请求错误" + JsonUtils.object2Json(genErrorMsgContent));
                    result.setError(ErrorEnum.RA_SERVICE_RETURN_ISSUE_CERT_ERRORMSG_ERROR);
                    return result;
                }
                this.logger.info("RA证书错误消息 ========== 【结束】");
                tboxMap.remove(str);
                headerMap.remove(str);
                ApplyVariable.getRaMap().remove(str2);
                result.setInfo(null);
                return result;
            } catch (Exception e2) {
                this.logger.error("RA证书错误消息 ========== 解析Tbox的错误消息时异常", (Throwable) e2);
                result.setError(ErrorEnum.TBOX_ERROR_MES_REQ_PARAMS_ERROR);
                return result;
            }
        } catch (Exception e3) {
            this.logger.info("RA证书错误消息 ========== No header in response message.");
            throw new PKIMessageException("RA证书错误消息 ========== No header in response message.", e3);
        }
    }
}
