package eu.europa.esig.dss.tsl.runnable;

import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.spi.client.http.DSSFileLoader;
import eu.europa.esig.dss.spi.x509.CertificateSource;
import eu.europa.esig.dss.tsl.cache.CacheKey;
import eu.europa.esig.dss.tsl.cache.access.CacheAccessByKey;
import eu.europa.esig.dss.tsl.cache.access.CacheAccessFactory;
import eu.europa.esig.dss.tsl.cache.access.ReadOnlyCacheAccess;
import eu.europa.esig.dss.tsl.dto.ParsingCacheDTO;
import eu.europa.esig.dss.tsl.dto.ValidationCacheDTO;
import eu.europa.esig.dss.tsl.source.LOTLSource;
import eu.europa.esig.dss.tsl.validation.TLValidatorTask;
import eu.europa.esig.dss.utils.Utils;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/tsl/runnable/LOTLWithPivotsAnalysis.class */
public class LOTLWithPivotsAnalysis extends AbstractAnalysis implements Runnable {
    private static final Logger LOG = LoggerFactory.getLogger(LOTLWithPivotsAnalysis.class);
    private final CacheAccessFactory cacheAccessFactory;
    private final LOTLSource lotlSource;
    private final DSSFileLoader dssFileLoader;
    private final CountDownLatch latch;

    public LOTLWithPivotsAnalysis(CacheAccessFactory cacheAccessFactory, LOTLSource lOTLSource, DSSFileLoader dSSFileLoader, CountDownLatch countDownLatch) {
        super(cacheAccessFactory.getCacheAccess(lOTLSource.getCacheKey()), dSSFileLoader);
        this.cacheAccessFactory = cacheAccessFactory;
        this.lotlSource = lOTLSource;
        this.dssFileLoader = dSSFileLoader;
        this.latch = countDownLatch;
    }

    @Override // java.lang.Runnable
    public void run() {
        DSSDocument download = download(this.lotlSource.getUrl());
        if (download != null) {
            lotlParsing(download, this.lotlSource);
            validation(download, getCurrentCertificateSource());
        }
        this.latch.countDown();
    }

    private CertificateSource getCurrentCertificateSource() {
        CertificateSource certificateSource;
        CertificateSource certificateSource2 = this.lotlSource.getCertificateSource();
        ParsingCacheDTO parsingReadOnlyResult = getCacheAccessByKey().getParsingReadOnlyResult();
        if (parsingReadOnlyResult != null) {
            List<String> pivotUrls = parsingReadOnlyResult.getPivotUrls();
            if (Utils.isCollectionEmpty(pivotUrls)) {
                LOG.trace("No pivot LOTL found");
                certificateSource = certificateSource2;
            } else {
                certificateSource = getCurrentCertificateSourceFromPivots(certificateSource2, pivotUrls);
            }
        } else {
            LOG.warn("Unable to retrieve the parsing result for the current LOTL (allowed signing certificates set from the configuration)");
            certificateSource = certificateSource2;
        }
        return certificateSource;
    }

    private CertificateSource getCurrentCertificateSourceFromPivots(CertificateSource certificateSource, List<String> list) {
        Map<String, PivotProcessingResult> downloadAndParseAllPivots = downloadAndParseAllPivots(list);
        ReadOnlyCacheAccess readOnlyCacheAccess = this.cacheAccessFactory.getReadOnlyCacheAccess();
        CertificateSource certificateSource2 = certificateSource;
        for (String str : Utils.reverseList(list)) {
            CacheKey cacheKey = new CacheKey(str);
            PivotProcessingResult pivotProcessingResult = downloadAndParseAllPivots.get(str);
            if (pivotProcessingResult != null) {
                validationPivot(this.cacheAccessFactory.getCacheAccess(cacheKey), pivotProcessingResult.getPivot(), certificateSource2);
                ValidationCacheDTO validationCacheDTO = readOnlyCacheAccess.getValidationCacheDTO(cacheKey);
                if (validationCacheDTO == null) {
                    LOG.warn("No validation result found for Pivot LOTL '{}'", str);
                } else if (validationCacheDTO.isValid()) {
                    certificateSource2 = pivotProcessingResult.getCertificateSource();
                } else {
                    LOG.warn("Pivot LOTL '{}' is not valid ({}/{})", new Object[]{str, validationCacheDTO.getIndication(), validationCacheDTO.getSubIndication()});
                }
            } else {
                LOG.warn("No processing result for Pivot LOTL '{}'", str);
            }
        }
        return certificateSource2;
    }

    private void validationPivot(CacheAccessByKey cacheAccessByKey, DSSDocument dSSDocument, CertificateSource certificateSource) {
        if (cacheAccessByKey.isValidationRefreshNeeded()) {
            try {
                LOG.debug("Validating the Pivot LOTL with cache key '{}'...", cacheAccessByKey.getCacheKey().getKey());
                cacheAccessByKey.update(new TLValidatorTask(dSSDocument, certificateSource).get());
            } catch (Exception e) {
                LOG.error("Cannot validate the Pivot LOTL with the cache key '{}' : {}", cacheAccessByKey.getCacheKey().getKey(), e.getMessage());
                cacheAccessByKey.validationError(e);
            }
        }
    }

    private Map<String, PivotProcessingResult> downloadAndParseAllPivots(List<String> list) {
        ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(list.size());
        HashMap hashMap = new HashMap();
        for (String str : list) {
            CacheAccessByKey cacheAccess = this.cacheAccessFactory.getCacheAccess(new CacheKey(str));
            LOTLSource lOTLSource = new LOTLSource();
            lOTLSource.setUrl(str);
            lOTLSource.setLotlPredicate(this.lotlSource.getLotlPredicate());
            lOTLSource.setTlPredicate(this.lotlSource.getTlPredicate());
            lOTLSource.setPivotSupport(this.lotlSource.isPivotSupport());
            hashMap.put(str, newFixedThreadPool.submit(new PivotProcessing(lOTLSource, cacheAccess, this.dssFileLoader)));
        }
        HashMap hashMap2 = new HashMap();
        for (Map.Entry entry : hashMap.entrySet()) {
            try {
                hashMap2.put((String) entry.getKey(), (PivotProcessingResult) ((Future) entry.getValue()).get());
            } catch (InterruptedException e) {
                LOG.error(String.format("Unable to retrieve the PivotProcessingResult for url '%s'", entry.getKey()), e);
                Thread.currentThread().interrupt();
            } catch (ExecutionException e2) {
                LOG.error(String.format("Unable to retrieve the PivotProcessingResult for url '%s'", entry.getKey()), e2);
            }
        }
        shutdownAndAwaitTermination(newFixedThreadPool);
        return hashMap2;
    }

    private void shutdownAndAwaitTermination(ExecutorService executorService) {
        executorService.shutdown();
        try {
            if (!executorService.awaitTermination(10L, TimeUnit.SECONDS)) {
                shutdownNowAndAwaitTermination(executorService);
            }
        } catch (InterruptedException e) {
            shutdownNowAndAwaitTermination(executorService);
            Thread.currentThread().interrupt();
        }
    }

    private void shutdownNowAndAwaitTermination(ExecutorService executorService) {
        executorService.shutdownNow();
        try {
            if (!executorService.awaitTermination(10L, TimeUnit.SECONDS)) {
                LOG.warn("More than 10s to terminate the service executor");
            }
        } catch (InterruptedException e) {
            LOG.warn("Unable to interrupt the service executor", e);
            Thread.currentThread().interrupt();
        }
    }
}
