package eu.europa.esig.dss.tsl.service;

import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.FileDocument;
import eu.europa.esig.dss.client.http.DataLoader;
import eu.europa.esig.dss.tsl.OtherTrustedList;
import eu.europa.esig.dss.tsl.TSLLoaderResult;
import eu.europa.esig.dss.tsl.TSLParserResult;
import eu.europa.esig.dss.tsl.TSLPointer;
import eu.europa.esig.dss.tsl.TSLValidationModel;
import eu.europa.esig.dss.tsl.TSLValidationResult;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.x509.CertificateToken;
import eu.europa.esig.dss.x509.KeyStoreCertificateSource;
import java.io.File;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/tsl/service/TSLValidationJob.class */
public class TSLValidationJob {
    private static final Logger LOG = LoggerFactory.getLogger(TSLValidationJob.class);
    private DataLoader dataLoader;
    private TSLRepository repository;
    private String lotlCode;
    private String lotlUrl;
    private String lotlRootSchemeInfoUri;
    private String ojUrl;
    private KeyStoreCertificateSource ojContentKeyStore;
    private List<String> filterTerritories;
    private List<OtherTrustedList> otherTrustedLists;
    private ExecutorService executorService = Executors.newCachedThreadPool();
    private boolean checkLOTLSignature = true;
    private boolean checkTSLSignatures = true;

    public void setExecutorService(ExecutorService executorService) {
        if (this.executorService != null && !this.executorService.isShutdown()) {
            this.executorService.shutdownNow();
        }
        this.executorService = executorService;
    }

    public void setDataLoader(DataLoader dataLoader) {
        this.dataLoader = dataLoader;
    }

    public void setRepository(TSLRepository tSLRepository) {
        this.repository = tSLRepository;
    }

    public void setLotlCode(String str) {
        this.lotlCode = str;
    }

    public void setLotlUrl(String str) {
        this.lotlUrl = str;
    }

    public void setLotlRootSchemeInfoUri(String str) {
        this.lotlRootSchemeInfoUri = str;
    }

    public void setOjUrl(String str) {
        this.ojUrl = str;
    }

    public void setOjContentKeyStore(KeyStoreCertificateSource keyStoreCertificateSource) {
        this.ojContentKeyStore = keyStoreCertificateSource;
    }

    public void setCheckLOTLSignature(boolean z) {
        this.checkLOTLSignature = z;
    }

    public void setCheckTSLSignatures(boolean z) {
        this.checkTSLSignatures = z;
    }

    public void setFilterTerritories(List<String> list) {
        this.filterTerritories = list;
    }

    public void setOtherTrustedLists(List<OtherTrustedList> list) {
        this.otherTrustedLists = list;
    }

    public void initRepository() {
        LOG.info("Initialization of the TSL repository ...");
        int i = 0;
        List<File> storedFiles = this.repository.getStoredFiles();
        if (Utils.isCollectionNotEmpty(storedFiles)) {
            ArrayList arrayList = new ArrayList();
            for (File file : storedFiles) {
                try {
                    arrayList.add(this.executorService.submit(new TSLParser(new FileDocument(file))));
                } catch (Exception e) {
                    LOG.error("Unable to parse file '" + file.getAbsolutePath() + "' : " + e.getMessage(), e);
                }
            }
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                try {
                    this.repository.addParsedResultFromCacheToMap((TSLParserResult) ((Future) it.next()).get());
                    i++;
                } catch (Exception e2) {
                    LOG.error("Unable to get parsing result : " + e2.getMessage(), e2);
                }
            }
            TSLValidationModel byCountry = this.repository.getByCountry(this.lotlCode);
            if (this.checkLOTLSignature && byCountry != null) {
                try {
                    byCountry.setValidationResult(validateLOTL(byCountry, this.ojContentKeyStore.getCertificates()));
                } catch (Exception e3) {
                    LOG.error("Unable to validate the LOTL : " + e3.getMessage(), e3);
                }
            }
            if (this.checkTSLSignatures && byCountry != null && byCountry.getParseResult() != null) {
                List<TSLPointer> pointers = byCountry.getParseResult().getPointers();
                ArrayList arrayList2 = new ArrayList();
                for (Map.Entry<String, TSLValidationModel> entry : this.repository.getAllMapTSLValidationModels().entrySet()) {
                    String key = entry.getKey();
                    if (!this.lotlCode.equals(key)) {
                        TSLValidationModel value = entry.getValue();
                        OtherTrustedList nonEUTrustedList = getNonEUTrustedList(key);
                        arrayList2.add(this.executorService.submit(new TSLValidator(new FileDocument(value.getFilepath()), key, nonEUTrustedList != null ? nonEUTrustedList.getTrustStore().getCertificates() : getPotentialSigners(pointers, key))));
                    }
                }
                storeValidationResults(arrayList2);
            }
            this.repository.synchronize();
        }
        LOG.info("{} loaded TSL from cached files in the repository", Integer.valueOf(i));
    }

    private OtherTrustedList getNonEUTrustedList(String str) {
        if (!Utils.isCollectionNotEmpty(this.otherTrustedLists)) {
            return null;
        }
        for (OtherTrustedList otherTrustedList : this.otherTrustedLists) {
            if (Utils.areStringsEqual(str, otherTrustedList.getCountryCode())) {
                return otherTrustedList;
            }
        }
        return null;
    }

    public void refresh() {
        LOG.debug("TSL Validation Job is starting ...");
        try {
            TSLLoaderResult tSLLoaderResult = (TSLLoaderResult) this.executorService.submit(new TSLLoader(this.dataLoader, this.lotlCode, this.lotlUrl)).get();
            if (tSLLoaderResult.getContent() == null) {
                LOG.error("Unable to load the LOTL: content is empty");
                throw new DSSException("Unable to load the LOTL: content is empty");
            }
            boolean z = !this.repository.isLastCountryVersion(tSLLoaderResult);
            TSLValidationModel storeInCache = z ? this.repository.storeInCache(tSLLoaderResult) : this.repository.getByCountry(tSLLoaderResult.getCountryCode());
            TSLParserResult parseResult = storeInCache.getParseResult();
            if (parseResult == null) {
                try {
                    parseResult = parseLOTL(storeInCache);
                    storeInCache.setParseResult(parseResult);
                } catch (Exception e) {
                    LOG.error("Unable to parse the LOTL : " + e.getMessage(), e);
                    return;
                }
            }
            if (!isLatestOjKeystore(parseResult)) {
                LOG.warn("OJ keystore is out-dated !");
            }
            checkLOTLLocation(parseResult);
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(this.ojContentKeyStore.getCertificates());
            if (isPivotLOTL(parseResult)) {
                extractAllowedLotlSignersFromPivots(parseResult, arrayList);
            }
            if (this.checkLOTLSignature && (storeInCache.getValidationResult() == null || !storeInCache.getValidationResult().isValid())) {
                try {
                    storeInCache.setValidationResult(validateLOTL(storeInCache, arrayList));
                } catch (Exception e2) {
                    LOG.error("Unable to validate the LOTL : " + e2.getMessage(), e2);
                }
            }
            analyzeCountryPointers(parseResult.getPointers(), z);
            analyzeNonEUCountryPointers();
            this.repository.synchronize();
            LOG.debug("TSL Validation Job is finishing ...");
        } catch (Exception e3) {
            LOG.error("Unable to load the LOTL : " + e3.getMessage(), e3);
            throw new DSSException("Unable to load the LOTL : " + e3.getMessage(), e3);
        }
    }

    private void checkLOTLLocation(TSLParserResult tSLParserResult) {
        for (TSLPointer tSLPointer : tSLParserResult.getPointers()) {
            if (Utils.areStringsEqual(this.lotlCode, tSLPointer.getTerritory())) {
                if (Utils.areStringsEqual(this.lotlUrl, tSLPointer.getUrl())) {
                    return;
                }
                LOG.warn("The LOTL URL has been changed ! Please update your properties (new value : {})", tSLPointer.getUrl());
                return;
            }
        }
    }

    private void extractAllowedLotlSignersFromPivots(TSLParserResult tSLParserResult, List<CertificateToken> list) {
        TSLLoaderResult tSLLoaderResult;
        LinkedList linkedList = new LinkedList();
        Iterator<String> it = getPivotUris(tSLParserResult).iterator();
        while (it.hasNext()) {
            linkedList.add(this.executorService.submit(new TSLLoader(this.dataLoader, this.lotlCode, it.next())));
        }
        Iterator it2 = linkedList.iterator();
        while (it2.hasNext()) {
            try {
                tSLLoaderResult = (TSLLoaderResult) ((Future) it2.next()).get();
            } catch (Exception e) {
                LOG.error("Unable to validate the pivot LOTL : " + e.getMessage(), e);
            }
            if (tSLLoaderResult != null && tSLLoaderResult.getContent() != null) {
                TSLValidationModel storePivotInCache = !this.repository.isLastPivotVersion(tSLLoaderResult) ? this.repository.storePivotInCache(tSLLoaderResult) : this.repository.getPivotByUrl(tSLLoaderResult.getUrl());
                if (storePivotInCache.getFilepath() == null) {
                    LOG.warn("No file found for url '{}'", tSLLoaderResult.getUrl());
                } else {
                    FileDocument fileDocument = new FileDocument(storePivotInCache.getFilepath());
                    TSLParserResult parseResult = storePivotInCache.getParseResult();
                    if (parseResult == null) {
                        parseResult = (TSLParserResult) this.executorService.submit(new TSLParser(fileDocument)).get();
                    }
                    TSLValidationResult validationResult = storePivotInCache.getValidationResult();
                    if (this.checkLOTLSignature && validationResult == null) {
                        validationResult = (TSLValidationResult) this.executorService.submit(new TSLValidator(fileDocument, tSLLoaderResult.getCountryCode(), list)).get();
                    }
                    if (validationResult.isValid()) {
                        List<CertificateToken> certificatesForLOTLPointer = getCertificatesForLOTLPointer(tSLLoaderResult, parseResult);
                        list.clear();
                        list.addAll(certificatesForLOTLPointer);
                    } else {
                        LOG.warn("Pivot '{}' is not valid", tSLLoaderResult.getUrl());
                    }
                }
            }
        }
    }

    private List<CertificateToken> getCertificatesForLOTLPointer(TSLLoaderResult tSLLoaderResult, TSLParserResult tSLParserResult) {
        for (TSLPointer tSLPointer : tSLParserResult.getPointers()) {
            if (Utils.areStringsEqual(tSLPointer.getTerritory(), this.lotlCode)) {
                return tSLPointer.getPotentialSigners();
            }
        }
        LOG.warn("No LOTL pointer in pivot '{}'", tSLLoaderResult.getUrl());
        return new ArrayList();
    }

    private boolean isLatestOjKeystore(TSLParserResult tSLParserResult) {
        return tSLParserResult.getEnglishSchemeInformationURIs().contains(this.ojUrl);
    }

    private boolean isPivotLOTL(TSLParserResult tSLParserResult) {
        return Utils.isCollectionNotEmpty(getPivotUris(tSLParserResult));
    }

    private List<String> getPivotUris(TSLParserResult tSLParserResult) {
        LinkedList linkedList = new LinkedList();
        Iterator descendingIterator = ((LinkedList) tSLParserResult.getEnglishSchemeInformationURIs()).descendingIterator();
        while (descendingIterator.hasNext()) {
            String str = (String) descendingIterator.next();
            if (this.lotlRootSchemeInfoUri != null && !Utils.areStringsEqual(this.ojUrl, str) && !str.startsWith(this.lotlRootSchemeInfoUri)) {
                linkedList.add(str);
            }
        }
        return linkedList;
    }

    private void analyzeCountryPointers(List<TSLPointer> list, boolean z) {
        ArrayList arrayList = new ArrayList();
        for (TSLPointer tSLPointer : list) {
            if (Utils.isCollectionEmpty(this.filterTerritories) || this.filterTerritories.contains(tSLPointer.getTerritory())) {
                arrayList.add(this.executorService.submit(new TSLLoader(this.dataLoader, tSLPointer.getTerritory(), tSLPointer.getUrl())));
            }
        }
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            try {
                TSLLoaderResult tSLLoaderResult = (TSLLoaderResult) ((Future) it.next()).get();
                if (tSLLoaderResult.getContent() == null || tSLLoaderResult.getContent().length == 0) {
                    LOG.error("Failed to load TSl for country '" + tSLLoaderResult.getCountryCode() + "' from '" + tSLLoaderResult.getUrl() + "'");
                } else if (tSLLoaderResult != null) {
                    TSLValidationModel storeInCache = !this.repository.isLastCountryVersion(tSLLoaderResult) ? this.repository.storeInCache(tSLLoaderResult) : this.repository.getByCountry(tSLLoaderResult.getCountryCode());
                    if (storeInCache.getFilepath() == null) {
                        LOG.warn("No file found for url '{}'", tSLLoaderResult.getUrl());
                    } else {
                        FileDocument fileDocument = new FileDocument(storeInCache.getFilepath());
                        if (storeInCache.getParseResult() == null) {
                            arrayList2.add(this.executorService.submit(new TSLParser(fileDocument)));
                        }
                        if (this.checkTSLSignatures && (storeInCache.getValidationResult() == null || z)) {
                            arrayList3.add(this.executorService.submit(new TSLValidator(fileDocument, tSLLoaderResult.getCountryCode(), getPotentialSigners(list, tSLLoaderResult.getCountryCode()))));
                        }
                    }
                }
            } catch (Exception e) {
                LOG.error("Unable to load/parse TSL : " + e.getMessage(), e);
            }
        }
        storeParseResults(arrayList2);
        storeValidationResults(arrayList3);
    }

    private void analyzeNonEUCountryPointers() {
        if (Utils.isCollectionNotEmpty(this.otherTrustedLists)) {
            ArrayList arrayList = new ArrayList();
            for (OtherTrustedList otherTrustedList : this.otherTrustedLists) {
                TSLPointer tSLPointer = new TSLPointer();
                tSLPointer.setTerritory(otherTrustedList.getCountryCode());
                tSLPointer.setUrl(otherTrustedList.getUrl());
                tSLPointer.setPotentialSigners(otherTrustedList.getTrustStore().getCertificates());
                arrayList.add(tSLPointer);
            }
            analyzeCountryPointers(arrayList, false);
        }
    }

    private void storeParseResults(List<Future<TSLParserResult>> list) {
        Iterator<Future<TSLParserResult>> it = list.iterator();
        while (it.hasNext()) {
            try {
                this.repository.updateParseResult(it.next().get());
            } catch (Exception e) {
                LOG.error("Unable to get parsing result : " + e.getMessage(), e);
            }
        }
    }

    private void storeValidationResults(List<Future<TSLValidationResult>> list) {
        Iterator<Future<TSLValidationResult>> it = list.iterator();
        while (it.hasNext()) {
            try {
                this.repository.updateValidationResult(it.next().get());
            } catch (Exception e) {
                LOG.error("Unable to get validation result : " + e.getMessage(), e);
            }
        }
    }

    private List<CertificateToken> getPotentialSigners(List<TSLPointer> list, String str) {
        if (Utils.isCollectionNotEmpty(list)) {
            for (TSLPointer tSLPointer : list) {
                if (Utils.areStringsEqual(str, tSLPointer.getTerritory())) {
                    return tSLPointer.getPotentialSigners();
                }
            }
        }
        return Collections.emptyList();
    }

    private TSLValidationResult validateLOTL(TSLValidationModel tSLValidationModel, List<CertificateToken> list) throws Exception {
        tSLValidationModel.setLotl(true);
        return (TSLValidationResult) this.executorService.submit(new TSLValidator(new FileDocument(tSLValidationModel.getFilepath()), this.lotlCode, list)).get();
    }

    private TSLParserResult parseLOTL(TSLValidationModel tSLValidationModel) throws Exception {
        return (TSLParserResult) this.executorService.submit(new TSLParser(new FileDocument(tSLValidationModel.getFilepath()))).get();
    }
}
