package org.xipki.ocsp.server.impl.store.crl;

import java.io.File;
import java.io.FilenameFilter;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Date;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERGeneralizedTime;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.ocsp.CrlID;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.common.util.Base64;
import org.xipki.common.util.IoUtil;
import org.xipki.common.util.LogUtil;
import org.xipki.common.util.ParamUtil;
import org.xipki.common.util.StringUtil;
import org.xipki.datasource.DataSourceWrapper;
import org.xipki.datasource.springframework.dao.DataAccessException;
import org.xipki.ocsp.server.impl.store.db.CrlInfo;
import org.xipki.security.CertRevocationInfo;
import org.xipki.security.CrlReason;
import org.xipki.security.HashAlgoType;
import org.xipki.security.ObjectIdentifiers;
import org.xipki.security.util.X509Util;

/* loaded from: input_file:org/xipki/ocsp/server/impl/store/crl/ImportCrl.class */
public class ImportCrl {
    private static final Logger LOG = LoggerFactory.getLogger(ImportCrl.class);
    private static final String SQL_UPDATE_CERT_REV = "UPDATE CERT SET REV=?,RR=?,RT=?,RIT=?,LUPDATE=? WHERE ID=?";
    private static final String SQL_INSERT_CERT_REV = "INSERT INTO CERT (ID,IID,SN,REV,RR,RT,RIT,LUPDATE) VALUES(?,?,?,?,?,?,?,?)";
    private static final String SQL_DELETE_CERT = "DELETE FROM CERT WHERE IID=? AND SN=?";
    private static final String SQL_UPDATE_CERT = "UPDATE CERT SET LUPDATE=?,NBEFORE=?,NAFTER=?,PN=? WHERE ID=?";
    private static final String SQL_INSERT_CERT = "INSERT INTO CERT (ID,IID,SN,REV,RR,RT,RIT,LUPDATE,NBEFORE,NAFTER,PN) VALUES(?,?,?,?,?,?,?,?,?,?,?)";
    private static final String SQL_INSERT_CERTHASH = "INSERT INTO CHASH (CID,S1,S224,S256,S384,S512) VALUES(?,?,?,?,?,?)";
    private static final String CORE_SQL_SELECT_ID_CERT = "ID FROM CERT WHERE IID=? AND SN=?";
    private static final String CORESQL_SELECT_CID_CERTHASH = "1 FROM CHASH WHERE CID=?";
    private final String sqlSelectIdCert;
    private final String sqlSelectCidCertHash;
    private final X509CRL crl;
    private final X509Certificate caCert;
    private final BigInteger crlNumber;
    private final DataSourceWrapper datasource;
    private final boolean useCrlUpdates;
    private final BigInteger baseCrlNumber;
    private final boolean isDeltaCrl;
    private final CrlID crlId;
    private final X500Name caSubject;
    private final byte[] caSpki;
    private final String certsDirName;
    private final CertRevocationInfo caRevInfo;
    private PreparedStatement psDeleteCert;
    private PreparedStatement psInsertCert;
    private PreparedStatement psInsertCertRev;
    private PreparedStatement psInsertCertHash;
    private PreparedStatement psSelectCidCertHash;
    private PreparedStatement psSelectIdCert;
    private PreparedStatement psUpdateCert;
    private PreparedStatement psUpdateCertRev;

    public ImportCrl(DataSourceWrapper dataSourceWrapper, boolean z, X509CRL x509crl, String str, X509Certificate x509Certificate, X509Certificate x509Certificate2, CertRevocationInfo certRevocationInfo, String str2) throws ImportCrlException {
        this.datasource = (DataSourceWrapper) ParamUtil.requireNonNull("datasource", dataSourceWrapper);
        this.useCrlUpdates = z;
        this.crl = (X509CRL) ParamUtil.requireNonNull("crl", x509crl);
        this.caCert = (X509Certificate) ParamUtil.requireNonNull("caCert", x509Certificate);
        this.caSubject = X500Name.getInstance(x509Certificate.getSubjectX500Principal().getEncoded());
        try {
            this.caSpki = X509Util.extractSki(x509Certificate);
            this.certsDirName = str2;
            this.caRevInfo = certRevocationInfo;
            X500Principal issuerX500Principal = x509crl.getIssuerX500Principal();
            boolean z2 = true;
            if (!x509Certificate.getSubjectX500Principal().equals(issuerX500Principal)) {
                z2 = false;
                if (x509Certificate2 == null) {
                    throw new IllegalArgumentException("issuerCert must not be null");
                }
                if (!x509Certificate2.getSubjectX500Principal().equals(issuerX500Principal)) {
                    throw new IllegalArgumentException("issuerCert and CRL do not match");
                }
            }
            try {
                x509crl.verify((z2 ? x509Certificate : x509Certificate2).getPublicKey());
                byte[] extensionValue = x509crl.getExtensionValue(Extension.cRLNumber.getId());
                if (extensionValue == null) {
                    throw new IllegalArgumentException("CRL without CRLNumber is not supported");
                }
                ASN1Integer aSN1Integer = ASN1Integer.getInstance(DEROctetString.getInstance(extensionValue).getOctets());
                this.crlNumber = aSN1Integer.getPositiveValue();
                byte[] extensionValue2 = x509crl.getExtensionValue(Extension.deltaCRLIndicator.getId());
                this.isDeltaCrl = extensionValue2 != null;
                if (this.isDeltaCrl) {
                    LOG.info("The CRL a DeltaCRL");
                    this.baseCrlNumber = ASN1Integer.getInstance(DEROctetString.getInstance(extensionValue2).getOctets()).getPositiveValue();
                } else {
                    LOG.info("The CRL a full CRL");
                    this.baseCrlNumber = null;
                }
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                if (StringUtil.isNotBlank(str)) {
                    aSN1EncodableVector.add(new DERTaggedObject(true, 0, new DERIA5String(str, true)));
                }
                aSN1EncodableVector.add(new DERTaggedObject(true, 1, aSN1Integer));
                aSN1EncodableVector.add(new DERTaggedObject(true, 2, new DERGeneralizedTime(x509crl.getThisUpdate())));
                this.crlId = CrlID.getInstance(new DERSequence(aSN1EncodableVector));
                this.sqlSelectCidCertHash = dataSourceWrapper.buildSelectFirstSql(1, CORESQL_SELECT_CID_CERTHASH);
                this.sqlSelectIdCert = dataSourceWrapper.buildSelectFirstSql(1, CORE_SQL_SELECT_ID_CERT);
            } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CRLException e) {
                throw new ImportCrlException("could not verify signature of CRL", e);
            }
        } catch (CertificateEncodingException e2) {
            throw new ImportCrlException("could not extract AKI of CA certificate", e2);
        }
    }

    public boolean importCrlToOcspDb() {
        Connection connection = null;
        try {
            connection = this.datasource.getConnection();
            Date date = new Date();
            int importCa = importCa(connection);
            this.psDeleteCert = this.datasource.prepareStatement(connection, SQL_DELETE_CERT);
            this.psInsertCert = this.datasource.prepareStatement(connection, SQL_INSERT_CERT);
            this.psInsertCertRev = this.datasource.prepareStatement(connection, SQL_INSERT_CERT_REV);
            this.psInsertCertHash = this.datasource.prepareStatement(connection, SQL_INSERT_CERTHASH);
            this.psSelectCidCertHash = this.datasource.prepareStatement(connection, this.sqlSelectCidCertHash);
            this.psSelectIdCert = this.datasource.prepareStatement(connection, this.sqlSelectIdCert);
            this.psUpdateCert = this.datasource.prepareStatement(connection, SQL_UPDATE_CERT);
            this.psUpdateCertRev = this.datasource.prepareStatement(connection, SQL_UPDATE_CERT_REV);
            importEntries(connection, importCa);
            deleteEntriesNotUpdatedSince(connection, date);
            return true;
        } catch (Throwable th) {
            LogUtil.error(LOG, th, "could not import CRL to OCSP database");
            releaseResources(this.psDeleteCert, null);
            releaseResources(this.psInsertCert, null);
            releaseResources(this.psInsertCertRev, null);
            releaseResources(this.psInsertCertHash, null);
            releaseResources(this.psSelectCidCertHash, null);
            releaseResources(this.psSelectIdCert, null);
            releaseResources(this.psUpdateCert, null);
            releaseResources(this.psUpdateCertRev, null);
            if (connection == null) {
                return false;
            }
            this.datasource.returnConnection(connection);
            return false;
        }
    }

    private int importCa(Connection connection) throws DataAccessException, ImportCrlException {
        String str;
        int i;
        int i2;
        try {
            byte[] encoded = this.caCert.getEncoded();
            String base64Hash = HashAlgoType.SHA1.base64Hash(encoded);
            Integer num = null;
            CrlInfo crlInfo = null;
            try {
                try {
                    PreparedStatement prepareStatement = this.datasource.prepareStatement(connection, "SELECT ID,CRL_INFO FROM ISSUER WHERE S1C=?");
                    prepareStatement.setString(1, base64Hash);
                    ResultSet executeQuery = prepareStatement.executeQuery();
                    if (executeQuery.next()) {
                        num = Integer.valueOf(executeQuery.getInt("ID"));
                        String string = executeQuery.getString("CRL_INFO");
                        if (string == null) {
                            throw new ImportCrlException("RequestIssuer for the given CA of CRL exists, but not imported from CRL");
                        }
                        crlInfo = new CrlInfo(string);
                    }
                    releaseResources(prepareStatement, executeQuery);
                    boolean z = num == null;
                    if (z) {
                        if (this.isDeltaCrl) {
                            throw new ImportCrlException("Given CRL is a deltaCRL for the full CRL with number " + this.baseCrlNumber + ", please import this full CRL first.");
                        }
                        crlInfo = new CrlInfo(this.crlNumber, null, this.useCrlUpdates, this.crl.getThisUpdate(), this.crl.getNextUpdate(), this.crlId);
                    } else {
                        if (this.crlNumber.compareTo(crlInfo.crlNumber()) < 0) {
                            throw new ImportCrlException("Given CRL is not newer than existing CRL.");
                        }
                        if (this.isDeltaCrl) {
                            BigInteger baseCrlNumber = crlInfo.baseCrlNumber();
                            if (baseCrlNumber == null) {
                                baseCrlNumber = crlInfo.crlNumber();
                            }
                            if (!this.baseCrlNumber.equals(baseCrlNumber)) {
                                throw new ImportCrlException("Given CRL is a deltaCRL for the full CRL with number " + this.crlNumber + ", please import this full CRL first.");
                            }
                        }
                        crlInfo.setCrlNumber(this.crlNumber);
                        crlInfo.setBaseCrlNumber(this.isDeltaCrl ? this.baseCrlNumber : null);
                        crlInfo.setThisUpdate(this.crl.getThisUpdate());
                        crlInfo.setNextUpdate(this.crl.getNextUpdate());
                    }
                    try {
                        if (z) {
                            try {
                                num = Integer.valueOf(((int) this.datasource.getMax(connection, "ISSUER", "ID")) + 1);
                                str = "INSERT INTO ISSUER (ID,SUBJECT,NBEFORE,NAFTER,S1C,CERT,REV,RT,RIT,CRL_INFO) VALUES(?,?,?,?,?,?,?,?,?,?)";
                            } catch (SQLException e) {
                                throw this.datasource.translate((String) null, e);
                            }
                        } else {
                            str = "UPDATE ISSUER SET REV=?,RT=?,RIT=?,CRL_INFO=? WHERE ID=?";
                        }
                        PreparedStatement prepareStatement2 = this.datasource.prepareStatement(connection, str);
                        int i3 = 1;
                        if (z) {
                            String rfc4519Name = X509Util.getRfc4519Name(this.caCert.getSubjectX500Principal());
                            int i4 = 1 + 1;
                            prepareStatement2.setInt(1, num.intValue());
                            int i5 = i4 + 1;
                            prepareStatement2.setString(i4, rfc4519Name);
                            int i6 = i5 + 1;
                            prepareStatement2.setLong(i5, this.caCert.getNotBefore().getTime() / 1000);
                            int i7 = i6 + 1;
                            prepareStatement2.setLong(i6, this.caCert.getNotAfter().getTime() / 1000);
                            int i8 = i7 + 1;
                            prepareStatement2.setString(i7, base64Hash);
                            i3 = i8 + 1;
                            prepareStatement2.setString(i8, Base64.encodeToString(encoded));
                        }
                        int i9 = i3;
                        int i10 = i3 + 1;
                        prepareStatement2.setInt(i9, this.caRevInfo == null ? 0 : 1);
                        Date date = null;
                        Date date2 = null;
                        if (this.caRevInfo != null) {
                            date = this.caRevInfo.revocationTime();
                            date2 = this.caRevInfo.invalidityTime();
                        }
                        if (date != null) {
                            i = i10 + 1;
                            prepareStatement2.setLong(i10, date.getTime() / 1000);
                        } else {
                            i = i10 + 1;
                            prepareStatement2.setNull(i10, -5);
                        }
                        if (date2 != null) {
                            int i11 = i;
                            i2 = i + 1;
                            prepareStatement2.setLong(i11, date2.getTime() / 1000);
                        } else {
                            int i12 = i;
                            i2 = i + 1;
                            prepareStatement2.setNull(i12, -5);
                        }
                        try {
                            int i13 = i2;
                            int i14 = i2 + 1;
                            prepareStatement2.setString(i13, crlInfo.getEncoded());
                            if (!z) {
                                int i15 = i14 + 1;
                                prepareStatement2.setInt(i14, num.intValue());
                            }
                            prepareStatement2.executeUpdate();
                            int intValue = num.intValue();
                            releaseResources(prepareStatement2, null);
                            return intValue;
                        } catch (IOException e2) {
                            throw new ImportCrlException("could not encode the Crlinfo", e2);
                        }
                    } catch (Throwable th) {
                        releaseResources(null, null);
                        throw th;
                    }
                } catch (Throwable th2) {
                    releaseResources(null, null);
                    throw th2;
                }
            } catch (SQLException e3) {
                throw this.datasource.translate((String) null, e3);
            }
        } catch (CertificateEncodingException e4) {
            throw new ImportCrlException("could not encode CA certificate");
        }
    }

    private void importEntries(Connection connection, int i) throws DataAccessException, ImportCrlException {
        PreparedStatement preparedStatement;
        int i2;
        AtomicLong atomicLong = new AtomicLong(this.datasource.getMax(connection, "CERT", "ID"));
        Set<? extends X509CRLEntry> revokedCertificates = this.crl.getRevokedCertificates();
        if (revokedCertificates != null) {
            for (X509CRLEntry x509CRLEntry : revokedCertificates) {
                X500Principal certificateIssuer = x509CRLEntry.getCertificateIssuer();
                BigInteger serialNumber = x509CRLEntry.getSerialNumber();
                if (certificateIssuer != null && !this.caSubject.equals(certificateIssuer)) {
                    throw new ImportCrlException("invalid CRLEntry for certificate number " + serialNumber);
                }
                Date revocationDate = x509CRLEntry.getRevocationDate();
                Date date = null;
                byte[] extensionValue = x509CRLEntry.getExtensionValue(Extension.invalidityDate.getId());
                if (extensionValue != null) {
                    try {
                        date = DERGeneralizedTime.getInstance(extractCoreValue(extensionValue)).getDate();
                        if (revocationDate.equals(date)) {
                            date = null;
                        }
                    } catch (ParseException e) {
                        throw new ImportCrlException(e.getMessage(), e);
                    }
                }
                CrlReason fromReason = CrlReason.fromReason(x509CRLEntry.getRevocationReason());
                try {
                    if (fromReason == CrlReason.REMOVE_FROM_CRL) {
                        if (!this.isDeltaCrl) {
                            LOG.warn("ignore CRL entry with reason removeFromCRL in non-Delta CRL");
                        }
                        this.psDeleteCert.setInt(1, i);
                        this.psDeleteCert.setString(2, serialNumber.toString(16));
                        this.psDeleteCert.executeUpdate();
                    } else {
                        Long id = getId(i, serialNumber);
                        int i3 = 1;
                        if (id == null) {
                            id = Long.valueOf(atomicLong.incrementAndGet());
                            preparedStatement = this.psInsertCertRev;
                            int i4 = 1 + 1;
                            preparedStatement.setLong(1, id.longValue());
                            int i5 = i4 + 1;
                            preparedStatement.setInt(i4, i);
                            i3 = i5 + 1;
                            preparedStatement.setString(i5, serialNumber.toString(16));
                        } else {
                            preparedStatement = this.psUpdateCertRev;
                        }
                        int i6 = i3;
                        int i7 = i3 + 1;
                        preparedStatement.setInt(i6, 1);
                        int i8 = i7 + 1;
                        preparedStatement.setInt(i7, fromReason.code());
                        int i9 = i8 + 1;
                        preparedStatement.setLong(i8, revocationDate.getTime() / 1000);
                        if (date != null) {
                            i2 = i9 + 1;
                            preparedStatement.setLong(i9, date.getTime() / 1000);
                        } else {
                            i2 = i9 + 1;
                            preparedStatement.setNull(i9, -5);
                        }
                        int i10 = i2;
                        int i11 = i2 + 1;
                        preparedStatement.setLong(i10, System.currentTimeMillis() / 1000);
                        if (preparedStatement == this.psUpdateCertRev) {
                            int i12 = i11 + 1;
                            preparedStatement.setLong(i11, id.longValue());
                        }
                        preparedStatement.executeUpdate();
                    }
                } catch (SQLException e2) {
                    throw this.datasource.translate((String) null, e2);
                }
            }
        }
        byte[] extensionValue2 = this.crl.getExtensionValue(ObjectIdentifiers.id_xipki_ext_crlCertset.getId());
        if (extensionValue2 == null) {
            File file = new File(this.certsDirName);
            if (!file.exists()) {
                LOG.warn("the folder " + this.certsDirName + " does not exist, ignore it");
                return;
            }
            if (!file.isDirectory()) {
                LOG.warn("the path " + this.certsDirName + " does not point to a folder, ignore it");
                return;
            }
            if (!file.canRead()) {
                LOG.warn("the folder " + this.certsDirName + " must not be read, ignore it");
                return;
            }
            File[] listFiles = file.listFiles(new FilenameFilter() { // from class: org.xipki.ocsp.server.impl.store.crl.ImportCrl.1
                @Override // java.io.FilenameFilter
                public boolean accept(File file2, String str) {
                    return str.endsWith(".der") || str.endsWith(".crt");
                }
            });
            if (listFiles == null || listFiles.length == 0) {
                return;
            }
            for (File file2 : listFiles) {
                try {
                    addCertificate(atomicLong, i, Certificate.getInstance(IoUtil.read(file2)), null, "(file " + file2.getName() + ")");
                } catch (IOException | IllegalArgumentException e3) {
                    LOG.warn("could not parse certificate {}, ignore it", file2.getPath());
                }
            }
            return;
        }
        ASN1Set dERSet = DERSet.getInstance(extractCoreValue(extensionValue2));
        int size = dERSet.size();
        for (int i13 = 0; i13 < size; i13++) {
            ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(dERSet.getObjectAt(i13));
            BigInteger value = ASN1Integer.getInstance(aSN1Sequence.getObjectAt(0)).getValue();
            Certificate certificate = null;
            String str = null;
            int size2 = aSN1Sequence.size();
            for (int i14 = 1; i14 < size2; i14++) {
                ASN1TaggedObject dERTaggedObject = DERTaggedObject.getInstance(aSN1Sequence.getObjectAt(i14));
                switch (dERTaggedObject.getTagNo()) {
                    case 0:
                        certificate = Certificate.getInstance(dERTaggedObject.getObject());
                        break;
                    case 1:
                        str = DERUTF8String.getInstance(dERTaggedObject.getObject()).getString();
                        break;
                }
            }
            if (certificate != null) {
                if (!this.caSubject.equals(certificate.getIssuer())) {
                    LOG.warn("issuer not match (serial=" + LogUtil.formatCsn(value) + ") in CRL Extension Xipki-CertSet, ignore it");
                }
                if (!value.equals(certificate.getSerialNumber().getValue())) {
                    LOG.warn("serialNumber not match (serial=" + LogUtil.formatCsn(value) + ") in CRL Extension Xipki-CertSet, ignore it");
                }
            }
            addCertificate(atomicLong, i, certificate, str, "(issuer='" + certificate.getIssuer().toString() + "', serialNumber=" + certificate.getSerialNumber() + ")");
        }
    }

    private static byte[] extractCoreValue(byte[] bArr) {
        return ASN1OctetString.getInstance(bArr).getOctets();
    }

    private Long getId(int i, BigInteger bigInteger) throws DataAccessException {
        ResultSet resultSet = null;
        try {
            try {
                this.psSelectIdCert.setInt(1, i);
                this.psSelectIdCert.setString(2, bigInteger.toString(16));
                resultSet = this.psSelectIdCert.executeQuery();
                if (!resultSet.next()) {
                    releaseResources(null, resultSet);
                    return null;
                }
                Long valueOf = Long.valueOf(resultSet.getLong("ID"));
                releaseResources(null, resultSet);
                return valueOf;
            } catch (SQLException e) {
                throw this.datasource.translate(this.sqlSelectIdCert, e);
            }
        } catch (Throwable th) {
            releaseResources(null, resultSet);
            throw th;
        }
    }

    private void addCertificate(AtomicLong atomicLong, int i, Certificate certificate, String str, String str2) throws DataAccessException, ImportCrlException {
        String str3;
        PreparedStatement preparedStatement;
        int i2;
        if (!this.caSubject.equals(certificate.getIssuer())) {
            LOG.warn("certificate {} is not issued by the given CA, ignore it", str2);
            return;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            if (this.caSpki != null) {
                try {
                    byte[] extractAki = X509Util.extractAki(certificate);
                    if (extractAki == null || !Arrays.equals(this.caSpki, extractAki)) {
                        LOG.warn("certificate {} is not issued by the given CA, ignore it", str2);
                        return;
                    }
                } catch (CertificateEncodingException e) {
                    LogUtil.error(LOG, e, "invalid AuthorityKeyIdentifier of certificate {}" + str2 + ", ignore it");
                    return;
                }
            }
            LOG.info("Importing certificate {}", str2);
            Long id = getId(i, certificate.getSerialNumber().getPositiveValue());
            boolean z = id != null;
            if (z) {
                str3 = SQL_UPDATE_CERT;
                preparedStatement = this.psUpdateCert;
            } else {
                str3 = SQL_INSERT_CERT;
                preparedStatement = this.psInsertCert;
                id = Long.valueOf(atomicLong.incrementAndGet());
            }
            int i3 = 1;
            if (str3 == SQL_INSERT_CERT) {
                try {
                    int i4 = 1 + 1;
                    preparedStatement.setLong(1, id.longValue());
                    int i5 = i4 + 1;
                    preparedStatement.setInt(i4, i);
                    int i6 = i5 + 1;
                    preparedStatement.setString(i5, certificate.getSerialNumber().getPositiveValue().toString(16));
                    int i7 = i6 + 1;
                    preparedStatement.setInt(i6, 0);
                    int i8 = i7 + 1;
                    preparedStatement.setNull(i7, 5);
                    int i9 = i8 + 1;
                    preparedStatement.setNull(i8, -5);
                    i3 = i9 + 1;
                    preparedStatement.setNull(i9, -5);
                } catch (SQLException e2) {
                    throw this.datasource.translate(str3, e2);
                }
            }
            int i10 = i3;
            int i11 = i3 + 1;
            preparedStatement.setLong(i10, System.currentTimeMillis() / 1000);
            TBSCertificate tBSCertificate = certificate.getTBSCertificate();
            int i12 = i11 + 1;
            preparedStatement.setLong(i11, tBSCertificate.getStartDate().getDate().getTime() / 1000);
            int i13 = i12 + 1;
            preparedStatement.setLong(i12, tBSCertificate.getEndDate().getDate().getTime() / 1000);
            if (StringUtil.isBlank(str)) {
                i2 = i13 + 1;
                preparedStatement.setNull(i13, 12);
            } else {
                i2 = i13 + 1;
                preparedStatement.setString(i13, str);
            }
            if (str3 == SQL_UPDATE_CERT) {
                int i14 = i2;
                int i15 = i2 + 1;
                preparedStatement.setLong(i14, id.longValue());
            }
            preparedStatement.executeUpdate();
            boolean z2 = true;
            if (z) {
                String str4 = this.sqlSelectCidCertHash;
                PreparedStatement preparedStatement2 = this.psSelectCidCertHash;
                ResultSet resultSet = null;
                try {
                    try {
                        preparedStatement2.setLong(1, id.longValue());
                        resultSet = preparedStatement2.executeQuery();
                        if (resultSet.next()) {
                            z2 = false;
                        }
                        releaseResources(null, resultSet);
                    } catch (Throwable th) {
                        releaseResources(null, resultSet);
                        throw th;
                    }
                } catch (SQLException e3) {
                    throw this.datasource.translate(str4, e3);
                }
            }
            if (z2) {
                PreparedStatement preparedStatement3 = this.psInsertCertHash;
                try {
                    int i16 = 1 + 1;
                    preparedStatement3.setLong(1, id.longValue());
                    int i17 = i16 + 1;
                    preparedStatement3.setString(i16, HashAlgoType.SHA1.base64Hash(encoded));
                    int i18 = i17 + 1;
                    preparedStatement3.setString(i17, HashAlgoType.SHA224.base64Hash(encoded));
                    int i19 = i18 + 1;
                    preparedStatement3.setString(i18, HashAlgoType.SHA256.base64Hash(encoded));
                    int i20 = i19 + 1;
                    preparedStatement3.setString(i19, HashAlgoType.SHA384.base64Hash(encoded));
                    int i21 = i20 + 1;
                    preparedStatement3.setString(i20, HashAlgoType.SHA512.base64Hash(encoded));
                    preparedStatement3.executeUpdate();
                } catch (SQLException e4) {
                    throw this.datasource.translate(SQL_INSERT_CERTHASH, e4);
                }
            }
            LOG.info("Imported  certificate {}", str2);
        } catch (IOException e5) {
            throw new ImportCrlException("could not encode certificate {}" + str2, e5);
        }
    }

    private void deleteEntriesNotUpdatedSince(Connection connection, Date date) throws DataAccessException {
        String str = "DELETE FROM CERT WHERE LUPDATE<" + (date.getTime() / 1000);
        Statement createStatement = this.datasource.createStatement(connection);
        try {
            try {
                createStatement.executeUpdate(str);
                releaseResources(createStatement, null);
            } catch (SQLException e) {
                throw this.datasource.translate(str, e);
            }
        } catch (Throwable th) {
            releaseResources(createStatement, null);
            throw th;
        }
    }

    private void releaseResources(Statement statement, ResultSet resultSet) {
        this.datasource.releaseResources(statement, resultSet, false);
    }
}
