package org.apereo.cas.adaptors.x509.authentication.revocation.checker;

import com.google.common.base.Throwables;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import javax.annotation.PostConstruct;
import javax.annotation.PreDestroy;
import javax.security.auth.x500.X500Principal;
import org.apereo.cas.adaptors.x509.authentication.CRLFetcher;
import org.apereo.cas.adaptors.x509.authentication.ResourceCRLFetcher;
import org.apereo.cas.adaptors.x509.authentication.revocation.policy.RevocationPolicy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.Resource;

/* loaded from: input_file:org/apereo/cas/adaptors/x509/authentication/revocation/checker/ResourceCRLRevocationChecker.class */
public class ResourceCRLRevocationChecker extends AbstractCRLRevocationChecker {
    private static final int DEFAULT_REFRESH_INTERVAL = 3600;
    private static final Logger LOGGER = LoggerFactory.getLogger(ResourceCRLRevocationChecker.class);
    private ScheduledExecutorService scheduler;
    private final int refreshInterval;
    private final CRLFetcher fetcher;
    private Map<X500Principal, X509CRL> crlIssuerMap;
    private final Collection<Resource> resources;

    public ResourceCRLRevocationChecker(boolean z, RevocationPolicy<Void> revocationPolicy, RevocationPolicy<X509CRL> revocationPolicy2, int i, CRLFetcher cRLFetcher, Collection<Resource> collection) {
        super(z, revocationPolicy, revocationPolicy2);
        this.scheduler = Executors.newScheduledThreadPool(1);
        this.crlIssuerMap = Collections.synchronizedMap(new HashMap());
        this.refreshInterval = i;
        this.fetcher = cRLFetcher;
        this.resources = collection;
    }

    public ResourceCRLRevocationChecker(Resource resource, RevocationPolicy<Void> revocationPolicy, RevocationPolicy<X509CRL> revocationPolicy2) {
        this(false, revocationPolicy, revocationPolicy2, DEFAULT_REFRESH_INTERVAL, new ResourceCRLFetcher(), Collections.singleton(resource));
    }

    public ResourceCRLRevocationChecker(Resource[] resourceArr, RevocationPolicy<X509CRL> revocationPolicy) {
        this(false, null, revocationPolicy, DEFAULT_REFRESH_INTERVAL, new ResourceCRLFetcher(), Arrays.asList(resourceArr));
    }

    public ResourceCRLRevocationChecker(Resource resource) {
        this(Collections.singleton(resource));
    }

    public ResourceCRLRevocationChecker(Collection<Resource> collection) {
        this(new ResourceCRLFetcher(), collection, DEFAULT_REFRESH_INTERVAL);
    }

    public ResourceCRLRevocationChecker(Resource... resourceArr) {
        this(new ResourceCRLFetcher(), Arrays.asList(resourceArr), DEFAULT_REFRESH_INTERVAL);
    }

    public ResourceCRLRevocationChecker(CRLFetcher cRLFetcher, Collection<Resource> collection, int i) {
        this(false, null, null, i, cRLFetcher, collection);
    }

    @PostConstruct
    public void init() {
        if (validateConfiguration()) {
            try {
                addCrls(this.fetcher.fetch(getResources()));
                try {
                    this.scheduler.scheduleAtFixedRate(() -> {
                        try {
                            addCrls(getFetcher().fetch(getResources()));
                        } catch (Exception e) {
                            LOGGER.debug(e.getMessage(), e);
                        }
                    }, this.refreshInterval, this.refreshInterval, TimeUnit.SECONDS);
                } catch (Exception e) {
                    throw Throwables.propagate(e);
                }
            } catch (Exception e2) {
                throw Throwables.propagate(e2);
            }
        }
    }

    private boolean validateConfiguration() {
        if (this.resources == null || this.resources.isEmpty()) {
            LOGGER.debug("[{}] is not configured with resources. Skipping configuration...", getClass().getSimpleName());
            return false;
        }
        if (this.fetcher == null) {
            LOGGER.debug("[{}] is not configured with a CRL fetcher. Skipping configuration...", getClass().getSimpleName());
            return false;
        }
        if (getExpiredCRLPolicy() == null) {
            LOGGER.debug("[{}] is not configured with a CRL expiration policy. Skipping configuration...", getClass().getSimpleName());
            return false;
        }
        if (getUnavailableCRLPolicy() != null) {
            return true;
        }
        LOGGER.debug("[{}] is not configured with a CRL unavailable policy. Skipping configuration...", getClass().getSimpleName());
        return false;
    }

    private void addCrls(Collection<X509CRL> collection) {
        collection.forEach(x509crl -> {
            addCRL(x509crl.getIssuerX500Principal(), x509crl);
        });
    }

    protected CRLFetcher getFetcher() {
        return this.fetcher;
    }

    protected Collection<Resource> getResources() {
        return this.resources;
    }

    @Override // org.apereo.cas.adaptors.x509.authentication.revocation.checker.AbstractCRLRevocationChecker
    protected boolean addCRL(Object obj, X509CRL x509crl) {
        LOGGER.debug("Adding CRL for issuer [{}]", obj);
        this.crlIssuerMap.put((X500Principal) obj, x509crl);
        return this.crlIssuerMap.containsKey(obj);
    }

    @Override // org.apereo.cas.adaptors.x509.authentication.revocation.checker.AbstractCRLRevocationChecker
    protected Collection<X509CRL> getCRLs(X509Certificate x509Certificate) {
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        if (this.crlIssuerMap.containsKey(issuerX500Principal)) {
            return Collections.singleton(this.crlIssuerMap.get(issuerX500Principal));
        }
        LOGGER.warn("Could not locate CRL for issuer principal [{}]", issuerX500Principal);
        return Collections.emptyList();
    }

    @PreDestroy
    public void shutdown() {
        this.scheduler.shutdown();
    }
}
