package eu.europa.esig.dss.tsl.service;

import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.DSSUtils;
import eu.europa.esig.dss.client.http.DataLoader;
import eu.europa.esig.dss.tsl.TSLLoaderResult;
import eu.europa.esig.dss.tsl.TSLParserResult;
import eu.europa.esig.dss.tsl.TSLPointer;
import eu.europa.esig.dss.tsl.TSLService;
import eu.europa.esig.dss.tsl.TSLServiceProvider;
import eu.europa.esig.dss.tsl.TSLValidationModel;
import eu.europa.esig.dss.tsl.TSLValidationResult;
import eu.europa.esig.dss.x509.CertificateToken;
import eu.europa.esig.dss.x509.KeyStoreCertificateSource;
import java.io.File;
import java.io.FileInputStream;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import javax.annotation.PostConstruct;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/tsl/service/TSLValidationJob.class */
public class TSLValidationJob {
    private static final Logger logger = LoggerFactory.getLogger(TSLValidationJob.class);
    private DataLoader dataLoader;
    private TSLRepository repository;
    private String lotlCode;
    private String lotlUrl;
    private KeyStoreCertificateSource dssKeyStore;
    private List<String> filterTerritories;
    private ExecutorService executorService = Executors.newCachedThreadPool();
    private boolean checkLOTLSignature = true;
    private boolean checkTSLSignatures = true;

    public void setExecutorService(ExecutorService executorService) {
        this.executorService = executorService;
    }

    public void setDataLoader(DataLoader dataLoader) {
        this.dataLoader = dataLoader;
    }

    public void setRepository(TSLRepository tSLRepository) {
        this.repository = tSLRepository;
    }

    public void setLotlCode(String str) {
        this.lotlCode = str;
    }

    public void setLotlUrl(String str) {
        this.lotlUrl = str;
    }

    public void setDssKeyStore(KeyStoreCertificateSource keyStoreCertificateSource) {
        this.dssKeyStore = keyStoreCertificateSource;
    }

    public void setCheckLOTLSignature(boolean z) {
        this.checkLOTLSignature = z;
    }

    public void setCheckTSLSignatures(boolean z) {
        this.checkTSLSignatures = z;
    }

    public void setFilterTerritories(List<String> list) {
        this.filterTerritories = list;
    }

    @PostConstruct
    public void initRepository() {
        logger.info("Initialization of the TSL repository ...");
        int i = 0;
        List<File> storedFiles = this.repository.getStoredFiles();
        if (CollectionUtils.isNotEmpty(storedFiles)) {
            ArrayList arrayList = new ArrayList();
            for (File file : storedFiles) {
                try {
                    arrayList.add(this.executorService.submit(new TSLParser(new FileInputStream(file))));
                } catch (Exception e) {
                    logger.error("Unable to parse file '" + file.getAbsolutePath() + "' : " + e.getMessage(), e);
                }
            }
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                try {
                    TSLParserResult tSLParserResult = (TSLParserResult) ((Future) it.next()).get();
                    loadMissingCertificates(tSLParserResult);
                    this.repository.addParsedResultFromCacheToMap(tSLParserResult);
                    i++;
                } catch (Exception e2) {
                    logger.error("Unable to get parsing result : " + e2.getMessage(), e2);
                }
            }
            TSLValidationModel byCountry = this.repository.getByCountry(this.lotlCode);
            if (this.checkLOTLSignature && byCountry != null) {
                try {
                    byCountry.setValidationResult(validateLOTL(byCountry));
                } catch (Exception e3) {
                    logger.error("Unable to validate the LOTL : " + e3.getMessage(), e3);
                }
            }
            if (this.checkTSLSignatures && byCountry != null && byCountry.getParseResult() != null) {
                List<TSLPointer> pointers = byCountry.getParseResult().getPointers();
                ArrayList arrayList2 = new ArrayList();
                for (Map.Entry<String, TSLValidationModel> entry : this.repository.getAllMapTSLValidationModels().entrySet()) {
                    String key = entry.getKey();
                    if (!this.lotlCode.equals(key)) {
                        arrayList2.add(this.executorService.submit(new TSLValidator(new File(entry.getValue().getFilepath()), key, this.dssKeyStore, getPotentialSigners(pointers, key))));
                    }
                }
                storeValidationResults(arrayList2);
            }
            this.repository.synchronize();
        }
        logger.info(i + " loaded TSL from cached files in the repository");
    }

    public void refresh() {
        logger.debug("TSL Validation Job is starting ...");
        try {
            TSLLoaderResult tSLLoaderResult = (TSLLoaderResult) this.executorService.submit(new TSLLoader(this.dataLoader, this.lotlCode, this.lotlUrl)).get();
            if (tSLLoaderResult.getContent() == null) {
                logger.error("Unable to load the LOTL: content is empty");
                throw new DSSException("Unable to load the LOTL: content is empty");
            }
            TSLValidationModel storeInCache = !this.repository.isLastVersion(tSLLoaderResult) ? this.repository.storeInCache(tSLLoaderResult) : this.repository.getByCountry(tSLLoaderResult.getCountryCode());
            TSLParserResult parseResult = storeInCache.getParseResult();
            if (parseResult == null) {
                try {
                    parseResult = parseLOTL(storeInCache);
                    storeInCache.setParseResult(parseResult);
                } catch (Exception e) {
                    logger.error("Unable to parse the LOTL : " + e.getMessage(), e);
                    return;
                }
            }
            if (this.checkLOTLSignature && storeInCache.getValidationResult() == null) {
                try {
                    storeInCache.setValidationResult(validateLOTL(storeInCache));
                } catch (Exception e2) {
                    logger.error("Unable to validate the LOTL : " + e2.getMessage(), e2);
                }
            }
            analyzeCountryPointers(parseResult.getPointers());
            this.repository.synchronize();
            logger.debug("TSL Validation Job is finishing ...");
        } catch (Exception e3) {
            logger.error("Unable to load the LOTL : " + e3.getMessage(), e3);
            throw new DSSException("Unable to load the LOTL : " + e3.getMessage());
        }
    }

    private void analyzeCountryPointers(List<TSLPointer> list) {
        ArrayList arrayList = new ArrayList();
        for (TSLPointer tSLPointer : list) {
            if (CollectionUtils.isEmpty(this.filterTerritories) || this.filterTerritories.contains(tSLPointer.getTerritory())) {
                arrayList.add(this.executorService.submit(new TSLLoader(this.dataLoader, tSLPointer.getTerritory(), tSLPointer.getUrl())));
            }
        }
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            try {
                TSLLoaderResult tSLLoaderResult = (TSLLoaderResult) ((Future) it.next()).get();
                if (tSLLoaderResult.getContent() == null || tSLLoaderResult.getContent().length == 0) {
                    logger.error("Failed to load TSl for country '" + tSLLoaderResult.getCountryCode() + "' from '" + tSLLoaderResult.getUrl() + "'");
                } else {
                    TSLValidationModel storeInCache = !this.repository.isLastVersion(tSLLoaderResult) ? this.repository.storeInCache(tSLLoaderResult) : this.repository.getByCountry(tSLLoaderResult.getCountryCode());
                    if (storeInCache.getParseResult() == null) {
                        arrayList2.add(this.executorService.submit(new TSLParser(new FileInputStream(storeInCache.getFilepath()))));
                    }
                    if (this.checkTSLSignatures && storeInCache.getValidationResult() == null) {
                        arrayList3.add(this.executorService.submit(new TSLValidator(new File(storeInCache.getFilepath()), tSLLoaderResult.getCountryCode(), this.dssKeyStore, getPotentialSigners(list, tSLLoaderResult.getCountryCode()))));
                    }
                }
            } catch (Exception e) {
                logger.error("Unable to load/parse TSL : " + e.getMessage(), e);
            }
        }
        Iterator it2 = arrayList2.iterator();
        while (it2.hasNext()) {
            try {
                TSLParserResult tSLParserResult = (TSLParserResult) ((Future) it2.next()).get();
                loadMissingCertificates(tSLParserResult);
                this.repository.updateParseResult(tSLParserResult);
            } catch (Exception e2) {
                logger.error("Unable to get parsing result : " + e2.getMessage(), e2);
            }
        }
        storeValidationResults(arrayList3);
    }

    private void storeValidationResults(List<Future<TSLValidationResult>> list) {
        Iterator<Future<TSLValidationResult>> it = list.iterator();
        while (it.hasNext()) {
            try {
                this.repository.updateValidationResult(it.next().get());
            } catch (Exception e) {
                logger.error("Unable to get validation result : " + e.getMessage(), e);
            }
        }
    }

    private void loadMissingCertificates(TSLParserResult tSLParserResult) {
        if ("ES".equals(tSLParserResult.getTerritory())) {
            List<TSLServiceProvider> serviceProviders = tSLParserResult.getServiceProviders();
            if (CollectionUtils.isNotEmpty(serviceProviders)) {
                Iterator<TSLServiceProvider> it = serviceProviders.iterator();
                while (it.hasNext()) {
                    List<TSLService> services = it.next().getServices();
                    if (CollectionUtils.isNotEmpty(services)) {
                        for (TSLService tSLService : services) {
                            List<String> certificateUrls = tSLService.getCertificateUrls();
                            if (CollectionUtils.isNotEmpty(certificateUrls)) {
                                for (String str : certificateUrls) {
                                    try {
                                        CertificateToken loadCertificate = DSSUtils.loadCertificate(this.dataLoader.get(str));
                                        if (loadCertificate != null) {
                                            tSLService.getCertificates().add(loadCertificate);
                                        }
                                    } catch (Exception e) {
                                        logger.warn("Cannot load certificate from url '" + str + "' : " + e.getMessage());
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }

    private List<CertificateToken> getPotentialSigners(List<TSLPointer> list, String str) {
        if (CollectionUtils.isNotEmpty(list)) {
            for (TSLPointer tSLPointer : list) {
                if (StringUtils.equals(str, tSLPointer.getTerritory())) {
                    return tSLPointer.getPotentialSigners();
                }
            }
        }
        return Collections.emptyList();
    }

    private TSLValidationResult validateLOTL(TSLValidationModel tSLValidationModel) throws Exception {
        return (TSLValidationResult) this.executorService.submit(new TSLValidator(new File(tSLValidationModel.getFilepath()), this.lotlCode, this.dssKeyStore)).get();
    }

    private TSLParserResult parseLOTL(TSLValidationModel tSLValidationModel) throws Exception {
        return (TSLParserResult) this.executorService.submit(new TSLParser(new FileInputStream(tSLValidationModel.getFilepath()))).get();
    }
}
