package org.xipki.ocsp.server.impl.store.crl;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import java.util.Properties;
import java.util.concurrent.atomic.AtomicBoolean;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.common.util.DateUtil;
import org.xipki.common.util.IoUtil;
import org.xipki.common.util.LogUtil;
import org.xipki.common.util.ParamUtil;
import org.xipki.common.util.StringUtil;
import org.xipki.datasource.DataSourceWrapper;
import org.xipki.ocsp.api.OcspStoreException;
import org.xipki.ocsp.server.impl.store.db.DbCertStatusStore;
import org.xipki.security.CertRevocationInfo;
import org.xipki.security.CrlReason;
import org.xipki.security.util.X509Util;

/* loaded from: input_file:org/xipki/ocsp/server/impl/store/crl/CrlDbCertStatusStore.class */
public class CrlDbCertStatusStore extends DbCertStatusStore {
    public static final String KEY_CA_REVOCATION_TIME = "ca.revocation.time";
    public static final String KEY_CA_INVALIDITY_TIME = "ca.invalidity.time";
    private static final Logger LOG = LoggerFactory.getLogger(CrlDbCertStatusStore.class);
    private final AtomicBoolean crlUpdateInProcess = new AtomicBoolean(false);
    private X509Certificate caCert;
    private X509Certificate issuerCert;
    private String crlFilename;
    private String crlUrl;
    private String certsDirName;
    private boolean useUpdateDatesFromCrl;
    private boolean crlUpdated;
    private boolean crlUpdateFailed;

    /* loaded from: input_file:org/xipki/ocsp/server/impl/store/crl/CrlDbCertStatusStore$CrlUpdateService.class */
    private class CrlUpdateService implements Runnable {
        private CrlUpdateService() {
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                CrlDbCertStatusStore.this.initializeStore(CrlDbCertStatusStore.this.datasource);
            } catch (Throwable th) {
                LogUtil.error(CrlDbCertStatusStore.LOG, th, "error while calling initializeStore() for store " + CrlDbCertStatusStore.this.name);
            }
        }
    }

    @Override // org.xipki.ocsp.server.impl.store.db.DbCertStatusStore
    public void init(String str, DataSourceWrapper dataSourceWrapper) throws OcspStoreException {
        ParamUtil.requireNonBlank("conf", str);
        this.datasource = (DataSourceWrapper) ParamUtil.requireNonNull("datasource", dataSourceWrapper);
        StoreConf storeConf = new StoreConf(str);
        this.crlFilename = IoUtil.expandFilepath(storeConf.crlFile());
        this.crlUrl = storeConf.crlUrl();
        this.certsDirName = storeConf.certsDir() == null ? null : IoUtil.expandFilepath(storeConf.certsDir());
        this.caCert = parseCert(storeConf.caCertFile());
        if (storeConf.issuerCertFile() != null) {
            this.issuerCert = parseCert(storeConf.issuerCertFile());
        } else {
            this.issuerCert = null;
        }
        this.useUpdateDatesFromCrl = storeConf.isUseUpdateDatesFromCrl();
        initializeStore(dataSourceWrapper);
        super.init(str, dataSourceWrapper);
    }

    @Override // org.xipki.ocsp.server.impl.store.db.DbCertStatusStore
    protected List<Runnable> getScheduledServices() {
        return Arrays.asList(new CrlUpdateService());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.xipki.ocsp.server.impl.store.db.DbCertStatusStore
    public boolean isInitialized() {
        return this.crlUpdated && super.isInitialized();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.xipki.ocsp.server.impl.store.db.DbCertStatusStore
    public boolean isInitializationFailed() {
        return this.crlUpdateFailed || super.isInitializationFailed();
    }

    private static X509Certificate parseCert(String str) throws OcspStoreException {
        try {
            return X509Util.parseCert(str);
        } catch (IOException | CertificateException e) {
            throw new OcspStoreException("could not parse X.509 certificate from file " + str + ": " + e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void initializeStore(DataSourceWrapper dataSourceWrapper) {
        if (this.crlUpdateInProcess.get()) {
            return;
        }
        this.crlUpdateInProcess.set(true);
        Boolean bool = null;
        File file = new File(this.crlFilename + ".UPDATEME");
        try {
            if (!file.exists()) {
                LOG.info("The CRL will not be updated. Create new file {} to force the update", file.getAbsolutePath());
                this.crlUpdated = true;
                this.crlUpdateFailed = false;
                return;
            }
            try {
                if (!new File(this.crlFilename).exists()) {
                    LOG.warn("CRL File {} does not exist", this.crlFilename);
                    file.delete();
                    this.crlUpdateInProcess.set(false);
                    if (0 != 0) {
                        if (bool.booleanValue()) {
                            LOG.info("UPDATE_CRL: successful");
                            return;
                        } else {
                            LOG.warn("UPDATE_CRL: failed");
                            return;
                        }
                    }
                    return;
                }
                LOG.info("UPDATE_CERTSTORE: a newer CRL is available");
                X509CRL parseCrl = X509Util.parseCrl(this.crlFilename);
                File file2 = new File(this.crlFilename + ".revocation");
                CertRevocationInfo certRevocationInfo = null;
                if (file2.exists()) {
                    Properties properties = new Properties();
                    FileInputStream fileInputStream = new FileInputStream(file2);
                    try {
                        properties.load(fileInputStream);
                        fileInputStream.close();
                        String property = properties.getProperty(KEY_CA_REVOCATION_TIME);
                        if (StringUtil.isNotBlank(property)) {
                            Date parseUtcTimeyyyyMMddhhmmss = DateUtil.parseUtcTimeyyyyMMddhhmmss(property);
                            Date date = null;
                            String property2 = properties.getProperty(KEY_CA_INVALIDITY_TIME);
                            if (StringUtil.isNotBlank(property2)) {
                                date = DateUtil.parseUtcTimeyyyyMMddhhmmss(property2);
                            }
                            certRevocationInfo = new CertRevocationInfo(CrlReason.UNSPECIFIED, parseUtcTimeyyyyMMddhhmmss, date);
                        }
                    } catch (Throwable th) {
                        fileInputStream.close();
                        throw th;
                    }
                }
                Boolean valueOf = Boolean.valueOf(new ImportCrl(dataSourceWrapper, this.useUpdateDatesFromCrl, parseCrl, this.crlUrl, this.caCert, this.issuerCert, certRevocationInfo, this.certsDirName).importCrlToOcspDb());
                this.crlUpdated = true;
                if (valueOf.booleanValue()) {
                    this.crlUpdateFailed = false;
                    LOG.info("updated CertStore {} successfully", this.name);
                } else {
                    this.crlUpdateFailed = true;
                    LOG.error("updating CertStore {} failed", this.name);
                }
                file.delete();
                this.crlUpdateInProcess.set(false);
                if (valueOf != null) {
                    if (valueOf.booleanValue()) {
                        LOG.info("UPDATE_CRL: successful");
                    } else {
                        LOG.warn("UPDATE_CRL: failed");
                    }
                }
            } catch (Throwable th2) {
                LogUtil.error(LOG, th2, "could not execute initializeStore()");
                this.crlUpdateFailed = true;
                this.crlUpdated = true;
                file.delete();
                this.crlUpdateInProcess.set(false);
                if (0 != 0) {
                    if (bool.booleanValue()) {
                        LOG.info("UPDATE_CRL: successful");
                    } else {
                        LOG.warn("UPDATE_CRL: failed");
                    }
                }
            }
        } catch (Throwable th3) {
            file.delete();
            this.crlUpdateInProcess.set(false);
            if (0 != 0) {
                if (bool.booleanValue()) {
                    LOG.info("UPDATE_CRL: successful");
                } else {
                    LOG.warn("UPDATE_CRL: failed");
                }
            }
            throw th3;
        }
    }
}
