package org.xipki.ocsp.server.impl.store.db;

import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.Set;
import java.util.concurrent.ScheduledThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.common.util.Base64;
import org.xipki.common.util.CollectionUtil;
import org.xipki.common.util.LogUtil;
import org.xipki.common.util.ParamUtil;
import org.xipki.common.util.StringUtil;
import org.xipki.datasource.DataSourceWrapper;
import org.xipki.datasource.springframework.dao.DataAccessException;
import org.xipki.ocsp.api.CertStatus;
import org.xipki.ocsp.api.CertStatusInfo;
import org.xipki.ocsp.api.OcspStore;
import org.xipki.ocsp.api.OcspStoreException;
import org.xipki.ocsp.api.RequestIssuer;
import org.xipki.security.CertRevocationInfo;
import org.xipki.security.CrlReason;
import org.xipki.security.HashAlgoType;
import org.xipki.security.util.X509Util;

/* loaded from: input_file:org/xipki/ocsp/server/impl/store/db/DbCertStatusStore.class */
public class DbCertStatusStore extends OcspStore {
    protected DataSourceWrapper datasource;
    private static final Logger LOG = LoggerFactory.getLogger(DbCertStatusStore.class);
    private final AtomicBoolean storeUpdateInProcess = new AtomicBoolean(false);
    private String sqlCsNoRit;
    private String sqlCs;
    private Map<HashAlgoType, String> sqlCsNoRitMap;
    private Map<HashAlgoType, String> sqlCsMap;
    private IssuerFilter issuerFilter;
    private IssuerStore issuerStore;
    private boolean initialized;
    private boolean initializationFailed;
    private ScheduledThreadPoolExecutor scheduledThreadPoolExecutor;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/xipki/ocsp/server/impl/store/db/DbCertStatusStore$SimpleIssuerEntry.class */
    public static class SimpleIssuerEntry {
        private final int id;
        private final Long revocationTimeMs;

        SimpleIssuerEntry(int i, Long l) {
            this.id = i;
            this.revocationTimeMs = l;
        }

        public boolean match(IssuerEntry issuerEntry) {
            if (this.id != issuerEntry.id()) {
                return false;
            }
            return this.revocationTimeMs == null ? issuerEntry.revocationInfo() == null : issuerEntry.revocationInfo() != null && this.revocationTimeMs.longValue() == issuerEntry.revocationInfo().revocationTime().getTime();
        }
    }

    /* loaded from: input_file:org/xipki/ocsp/server/impl/store/db/DbCertStatusStore$StoreUpdateService.class */
    private class StoreUpdateService implements Runnable {
        private StoreUpdateService() {
        }

        @Override // java.lang.Runnable
        public void run() {
            DbCertStatusStore.this.initIssuerStore();
        }
    }

    protected List<Runnable> getScheduledServices() {
        return Collections.emptyList();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void initIssuerStore() {
        if (this.storeUpdateInProcess.get()) {
            return;
        }
        this.storeUpdateInProcess.set(true);
        try {
            if (this.initialized) {
                PreparedStatement preparedStatement = preparedStatement("SELECT ID,REV,RT,S1C FROM ISSUER");
                ResultSet resultSet = null;
                try {
                    HashMap hashMap = new HashMap();
                    resultSet = preparedStatement.executeQuery();
                    while (resultSet.next()) {
                        if (this.issuerFilter.includeIssuerWithSha1Fp(resultSet.getString("S1C"))) {
                            int i = resultSet.getInt("ID");
                            hashMap.put(Integer.valueOf(i), new SimpleIssuerEntry(i, resultSet.getBoolean("REV") ? Long.valueOf(resultSet.getLong("RT") * 1000) : null));
                        }
                    }
                    Set keySet = hashMap.keySet();
                    Set ids = this.issuerStore != null ? this.issuerStore.ids() : Collections.emptySet();
                    boolean z = ids.size() == keySet.size() && ids.containsAll(keySet) && keySet.containsAll(ids);
                    if (z) {
                        Iterator it = keySet.iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            Integer num = (Integer) it.next();
                            if (((SimpleIssuerEntry) hashMap.get(num)).match(this.issuerStore.getIssuerForId(num.intValue()))) {
                                z = false;
                                break;
                            }
                        }
                    }
                    if (z) {
                        releaseDbResources(preparedStatement, resultSet);
                        return;
                    }
                    releaseDbResources(preparedStatement, resultSet);
                } catch (Throwable th) {
                    releaseDbResources(preparedStatement, resultSet);
                    throw th;
                }
            }
            PreparedStatement preparedStatement2 = preparedStatement("SELECT ID,NBEFORE,REV,RT,S1C,CERT,CRL_INFO FROM ISSUER");
            try {
                ResultSet executeQuery = preparedStatement2.executeQuery();
                LinkedList linkedList = new LinkedList();
                while (executeQuery.next()) {
                    if (this.issuerFilter.includeIssuerWithSha1Fp(executeQuery.getString("S1C"))) {
                        IssuerEntry issuerEntry = new IssuerEntry(executeQuery.getInt("ID"), X509Util.parseBase64EncodedCert(executeQuery.getString("CERT")));
                        String string = executeQuery.getString("CRL_INFO");
                        if (StringUtil.isNotBlank(string)) {
                            issuerEntry.setCrlInfo(new CrlInfo(string));
                        }
                        RequestIssuer requestIssuer = new RequestIssuer(HashAlgoType.SHA1, issuerEntry.getEncodedHash(HashAlgoType.SHA1));
                        Iterator it2 = linkedList.iterator();
                        while (it2.hasNext()) {
                            if (((IssuerEntry) it2.next()).matchHash(requestIssuer)) {
                                throw new Exception("found at least two issuers with the same subject and key");
                            }
                        }
                        if (executeQuery.getBoolean("REV")) {
                            issuerEntry.setRevocationInfo(new Date(executeQuery.getLong("RT") * 1000));
                        }
                        linkedList.add(issuerEntry);
                    }
                }
                this.initialized = false;
                this.issuerStore = new IssuerStore(linkedList);
                LOG.info("Updated issuers: {}", this.name);
                this.initializationFailed = false;
                this.initialized = true;
                releaseDbResources(preparedStatement2, executeQuery);
            } catch (Throwable th2) {
                releaseDbResources(preparedStatement2, null);
                throw th2;
            }
        } catch (Throwable th3) {
            this.storeUpdateInProcess.set(false);
            LogUtil.error(LOG, th3, "could not executing initIssuerStore()");
            this.initializationFailed = true;
            this.initialized = true;
        }
    }

    public CertStatusInfo getCertStatus(Date date, RequestIssuer requestIssuer, BigInteger bigInteger, boolean z, boolean z2, boolean z3, HashAlgoType hashAlgoType) throws OcspStoreException {
        String str;
        Date date2;
        CertStatusInfo goodCertStatusInfo;
        if (bigInteger.signum() != 1) {
            return CertStatusInfo.getUnknownCertStatusInfo(new Date(), (Date) null);
        }
        if (!this.initialized) {
            throw new OcspStoreException("initialization of CertStore is still in process");
        }
        if (this.initializationFailed) {
            throw new OcspStoreException("initialization of CertStore failed");
        }
        try {
            IssuerEntry issuerForFp = this.issuerStore.getIssuerForFp(requestIssuer);
            if (issuerForFp == null) {
                return null;
            }
            HashAlgoType hashAlgoType2 = null;
            if (z) {
                hashAlgoType2 = hashAlgoType == null ? requestIssuer.hashAlgorithm() : hashAlgoType;
                str = (z2 ? this.sqlCsMap : this.sqlCsNoRitMap).get(hashAlgoType2);
            } else {
                str = z2 ? this.sqlCs : this.sqlCsNoRit;
            }
            CrlInfo crlInfo = issuerForFp.crlInfo();
            Date date3 = null;
            if (crlInfo == null || !crlInfo.isUseCrlUpdates()) {
                date2 = new Date();
            } else {
                date2 = crlInfo.thisUpdate();
                if (crlInfo.nextUpdate().getTime() - System.currentTimeMillis() > 10000) {
                    date3 = crlInfo.nextUpdate();
                }
            }
            boolean z4 = true;
            boolean z5 = false;
            String str2 = null;
            boolean z6 = false;
            int i = 0;
            long j = 0;
            long j2 = 0;
            PreparedStatement prepareStatement = this.datasource.prepareStatement(this.datasource.getConnection(), str);
            try {
                try {
                    prepareStatement.setInt(1, issuerForFp.id());
                    prepareStatement.setString(2, bigInteger.toString(16));
                    ResultSet executeQuery = prepareStatement.executeQuery();
                    if (executeQuery.next()) {
                        z4 = false;
                        long time = date.getTime() / 1000;
                        if (0 == 0 && this.ignoreNotYetValidCert) {
                            long j3 = executeQuery.getLong("NBEFORE");
                            if (j3 != 0 && time < j3) {
                                z5 = true;
                            }
                        }
                        if (!z5 && this.ignoreExpiredCert) {
                            long j4 = executeQuery.getLong("NAFTER");
                            if (j4 != 0 && time > j4) {
                                z5 = true;
                            }
                        }
                        if (!z5) {
                            if (hashAlgoType2 != null) {
                                str2 = executeQuery.getString(hashAlgoType2.getShortName());
                            }
                            z6 = executeQuery.getBoolean("REV");
                            if (z6) {
                                i = executeQuery.getInt("RR");
                                j = executeQuery.getLong("RT");
                                if (z2) {
                                    j2 = executeQuery.getLong("RIT");
                                }
                            }
                        }
                    }
                    releaseDbResources(prepareStatement, executeQuery);
                    if (z4) {
                        goodCertStatusInfo = this.unknownSerialAsGood ? CertStatusInfo.getGoodCertStatusInfo(hashAlgoType2, (byte[]) null, date2, date3, (String) null) : CertStatusInfo.getUnknownCertStatusInfo(date2, date3);
                    } else if (z5) {
                        goodCertStatusInfo = CertStatusInfo.getIgnoreCertStatusInfo(date2, date3);
                    } else {
                        byte[] decodeFast = str2 == null ? null : Base64.decodeFast(str2);
                        if (z6) {
                            goodCertStatusInfo = CertStatusInfo.getRevokedCertStatusInfo(new CertRevocationInfo(i, new Date(j * 1000), (j2 == 0 || j2 == j) ? null : new Date(j2 * 1000)), hashAlgoType2, decodeFast, date2, date3, (String) null);
                        } else {
                            goodCertStatusInfo = CertStatusInfo.getGoodCertStatusInfo(hashAlgoType2, decodeFast, date2, date3, (String) null);
                        }
                    }
                    if (this.includeCrlId && crlInfo != null) {
                        goodCertStatusInfo.setCrlId(crlInfo.crlId());
                    }
                    if (this.includeArchiveCutoff && this.retentionInterval != 0) {
                        goodCertStatusInfo.setArchiveCutOff(this.retentionInterval < 0 ? issuerForFp.notBefore() : new Date(Math.max(issuerForFp.notBefore().getTime(), System.currentTimeMillis() - (86400000 * this.retentionInterval))));
                    }
                    if (!z3 || issuerForFp.revocationInfo() == null) {
                        return goodCertStatusInfo;
                    }
                    CertRevocationInfo revocationInfo = issuerForFp.revocationInfo();
                    CertStatus certStatus = goodCertStatusInfo.certStatus();
                    boolean z7 = false;
                    if (certStatus == CertStatus.GOOD || certStatus == CertStatus.UNKNOWN) {
                        z7 = true;
                    } else if (certStatus == CertStatus.REVOKED && goodCertStatusInfo.revocationInfo().revocationTime().after(revocationInfo.revocationTime())) {
                        z7 = true;
                    }
                    if (z7) {
                        goodCertStatusInfo = CertStatusInfo.getRevokedCertStatusInfo(revocationInfo.reason() == CrlReason.CA_COMPROMISE ? revocationInfo : new CertRevocationInfo(CrlReason.CA_COMPROMISE, revocationInfo.revocationTime(), revocationInfo.invalidityTime()), goodCertStatusInfo.certHashAlgo(), goodCertStatusInfo.certHash(), goodCertStatusInfo.thisUpdate(), goodCertStatusInfo.nextUpdate(), goodCertStatusInfo.certprofile());
                    }
                    return goodCertStatusInfo;
                } catch (Throwable th) {
                    releaseDbResources(prepareStatement, null);
                    throw th;
                }
            } catch (SQLException e) {
                throw this.datasource.translate(str, e);
            }
        } catch (DataAccessException e2) {
            throw new OcspStoreException(e2.getMessage(), e2);
        }
    }

    private PreparedStatement preparedStatement(String str) throws DataAccessException {
        return this.datasource.prepareStatement(this.datasource.getConnection(), str);
    }

    public boolean isHealthy() {
        if (!isInitialized() || isInitializationFailed()) {
            return false;
        }
        try {
            PreparedStatement preparedStatement = preparedStatement("SELECT ID FROM ISSUER");
            ResultSet resultSet = null;
            try {
                resultSet = preparedStatement.executeQuery();
                releaseDbResources(preparedStatement, resultSet);
                return true;
            } catch (Throwable th) {
                releaseDbResources(preparedStatement, resultSet);
                throw th;
            }
        } catch (Exception e) {
            LogUtil.error(LOG, e);
            return false;
        }
    }

    private void releaseDbResources(Statement statement, ResultSet resultSet) {
        this.datasource.releaseResources(statement, resultSet);
    }

    public void init(String str, DataSourceWrapper dataSourceWrapper) throws OcspStoreException {
        ParamUtil.requireNonNull("conf", str);
        this.datasource = (DataSourceWrapper) ParamUtil.requireNonNull("datasource", dataSourceWrapper);
        this.sqlCs = dataSourceWrapper.buildSelectFirstSql(1, "NBEFORE,NAFTER,REV,RR,RT,RIT FROM CERT WHERE IID=? AND SN=?");
        this.sqlCsNoRit = dataSourceWrapper.buildSelectFirstSql(1, "NBEFORE,NAFTER,REV,RR,RT FROM CERT WHERE IID=? AND SN=?");
        this.sqlCsMap = new HashMap();
        this.sqlCsNoRitMap = new HashMap();
        for (HashAlgoType hashAlgoType : new HashAlgoType[]{HashAlgoType.SHA1, HashAlgoType.SHA224, HashAlgoType.SHA256, HashAlgoType.SHA384, HashAlgoType.SHA512}) {
            this.sqlCsMap.put(hashAlgoType, dataSourceWrapper.buildSelectFirstSql(1, "NBEFORE,NAFTER,ID,REV,RR,RT,RIT," + hashAlgoType.getShortName() + " FROM CERT INNER JOIN CHASH ON CERT.IID=? AND CERT.SN=? AND CERT.ID=CHASH.CID"));
            this.sqlCsNoRitMap.put(hashAlgoType, dataSourceWrapper.buildSelectFirstSql(1, "NBEFORE,NAFTER,ID,REV,RR,RT," + hashAlgoType.getShortName() + " FROM CERT INNER JOIN CHASH ON CERT.IID=? AND CERT.SN=? AND CERT.ID=CHASH.CID"));
        }
        StoreConf storeConf = new StoreConf(str);
        try {
            this.issuerFilter = new IssuerFilter(CollectionUtil.isNonEmpty(storeConf.caCertsIncludes()) ? parseCerts(storeConf.caCertsIncludes()) : null, CollectionUtil.isNonEmpty(storeConf.caCertsExcludes()) ? parseCerts(storeConf.caCertsExcludes()) : null);
            initIssuerStore();
            if (this.scheduledThreadPoolExecutor != null) {
                this.scheduledThreadPoolExecutor.shutdownNow();
            }
            StoreUpdateService storeUpdateService = new StoreUpdateService();
            List<Runnable> scheduledServices = getScheduledServices();
            this.scheduledThreadPoolExecutor = new ScheduledThreadPoolExecutor(scheduledServices != null ? 1 + scheduledServices.size() : 1);
            Random random = new Random();
            this.scheduledThreadPoolExecutor.scheduleAtFixedRate(storeUpdateService, 60 + random.nextInt(60), 60L, TimeUnit.SECONDS);
            if (scheduledServices != null) {
                Iterator<Runnable> it = scheduledServices.iterator();
                while (it.hasNext()) {
                    this.scheduledThreadPoolExecutor.scheduleAtFixedRate(it.next(), 60 + random.nextInt(60), 60L, TimeUnit.SECONDS);
                }
            }
        } catch (CertificateException e) {
            throw new OcspStoreException(e.getMessage(), e);
        }
    }

    public void shutdown() throws OcspStoreException {
        if (this.scheduledThreadPoolExecutor != null) {
            this.scheduledThreadPoolExecutor.shutdown();
            this.scheduledThreadPoolExecutor = null;
        }
        if (this.datasource != null) {
            this.datasource.close();
        }
    }

    public boolean canResolveIssuer(RequestIssuer requestIssuer) {
        return null != this.issuerStore.getIssuerForFp(requestIssuer);
    }

    public X509Certificate getIssuerCert(RequestIssuer requestIssuer) {
        IssuerEntry issuerForFp = this.issuerStore.getIssuerForFp(requestIssuer);
        if (issuerForFp == null) {
            return null;
        }
        return issuerForFp.cert();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isInitialized() {
        return this.initialized;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isInitializationFailed() {
        return this.initializationFailed;
    }

    private static Set<X509Certificate> parseCerts(Set<String> set) throws OcspStoreException {
        HashSet hashSet = new HashSet(set.size());
        for (String str : set) {
            try {
                hashSet.add(X509Util.parseCert(str));
            } catch (IOException | CertificateException e) {
                throw new OcspStoreException("could not parse X.509 certificate from file " + str + ": " + e.getMessage(), e);
            }
        }
        return hashSet;
    }
}
