package org.nhindirect.gateway.smtp.config.cert.impl;

import java.io.ByteArrayInputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.jcs.JCS;
import org.apache.jcs.access.exception.CacheException;
import org.apache.jcs.engine.behavior.ICompositeCacheAttributes;
import org.apache.jcs.engine.behavior.IElementAttributes;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.nhind.config.Certificate;
import org.nhind.config.CertificateGetOptions;
import org.nhind.config.ConfigurationServiceProxy;
import org.nhindirect.stagent.CryptoExtensions;
import org.nhindirect.stagent.NHINDException;
import org.nhindirect.stagent.cert.CacheableCertStore;
import org.nhindirect.stagent.cert.CertCacheFactory;
import org.nhindirect.stagent.cert.CertStoreCachePolicy;
import org.nhindirect.stagent.cert.CertificateStore;
import org.nhindirect.stagent.cert.X509CertificateEx;
import org.nhindirect.stagent.options.OptionsManager;
import org.nhindirect.stagent.options.OptionsParameter;

/* loaded from: input_file:org/nhindirect/gateway/smtp/config/cert/impl/ConfigServiceCertificateStore.class */
public class ConfigServiceCertificateStore extends CertificateStore implements CacheableCertStore {
    public static final String WS_CERT_RESOLVER_MAX_CACHE_SIZE = "WS_CERT_RESOLVER_MAX_CACHE_SIZE";
    public static final String WS_CERT_RESOLVER_CACHE_TTL = "WS_CERT_RESOLVER_CACHE_TTL";
    public static final String WS_CERT_RESOLVER_SO_TIMEOUT = "WS_CERT_RESOLVER_SO_TIMEOUT";
    public static final String WS_CERT_RESOLVER_CONNECTION_TIMEOUT = "WS_CERT_RESOLVER_CONNECTION_TIMEOUT";
    public static final int DEFAULT_WS_CONNECTION_TIMEOUT = 30000;
    public static final int DEFAULT_WS_SO_TIMEOUT = 10000;
    protected static final int DEFAULT_WS_MAX_CAHCE_ITEMS = 1000;
    protected static final int DEFAULT_WS_TTL = 3600;
    private static final Log LOGGER = LogFactory.getFactory().getInstance(ConfigServiceCertificateStore.class);
    private static final String CACHE_NAME = "CONFIG_SERVICE_CERT_CACHE";
    protected CertificateStore localStoreDelegate;
    protected JCS cache;
    protected CertStoreCachePolicy cachePolicy;
    protected ConfigurationServiceProxy proxy;

    /* loaded from: input_file:org/nhindirect/gateway/smtp/config/cert/impl/ConfigServiceCertificateStore$DefaultConfigStoreCachePolicy.class */
    public static class DefaultConfigStoreCachePolicy implements CertStoreCachePolicy {
        protected final int maxItems = OptionsParameter.getParamValueAsInteger(OptionsManager.getInstance().getParameter(ConfigServiceCertificateStore.WS_CERT_RESOLVER_MAX_CACHE_SIZE), ConfigServiceCertificateStore.DEFAULT_WS_MAX_CAHCE_ITEMS);
        protected final int subjectTTL = OptionsParameter.getParamValueAsInteger(OptionsManager.getInstance().getParameter(ConfigServiceCertificateStore.WS_CERT_RESOLVER_CACHE_TTL), ConfigServiceCertificateStore.DEFAULT_WS_TTL);

        public int getMaxItems() {
            return this.maxItems;
        }

        public int getSubjectTTL() {
            return this.subjectTTL;
        }
    }

    public static synchronized void initJVMParams() {
        HashMap hashMap = new HashMap();
        hashMap.put(WS_CERT_RESOLVER_MAX_CACHE_SIZE, "org.nhindirect.stagent.cert.wsresolver.MaxCacheSize");
        hashMap.put(WS_CERT_RESOLVER_SO_TIMEOUT, "org.nhindirect.stagent.cert.wsresolver.SOTimeout");
        hashMap.put(WS_CERT_RESOLVER_CACHE_TTL, "org.nhindirect.stagent.cert.wsresolver.CacheTTL");
        hashMap.put(WS_CERT_RESOLVER_CONNECTION_TIMEOUT, "org.nhindirect.stagent.cert.wsresolver.ConnectionTimeout");
        OptionsManager.addInitParameters(hashMap);
    }

    public ConfigServiceCertificateStore(ConfigurationServiceProxy configurationServiceProxy) {
        setConfigurationServiceProxy(configurationServiceProxy);
        createCache();
    }

    public ConfigServiceCertificateStore(ConfigurationServiceProxy configurationServiceProxy, CertificateStore certificateStore, CertStoreCachePolicy certStoreCachePolicy) {
        this.cachePolicy = certStoreCachePolicy;
        createCache();
        if (certificateStore != null) {
            this.localStoreDelegate = certificateStore;
            loadBootStrap();
        }
        setConfigurationServiceProxy(configurationServiceProxy);
    }

    public void setConfigurationServiceProxy(ConfigurationServiceProxy configurationServiceProxy) {
        this.proxy = configurationServiceProxy;
    }

    protected synchronized JCS getCache() {
        if (this.cache == null) {
            createCache();
        }
        return this.cache;
    }

    private void createCache() {
        try {
            this.cache = CertCacheFactory.getInstance().getCertCache(CACHE_NAME, this.cachePolicy == null ? getDefaultPolicy() : this.cachePolicy);
            if (this.cachePolicy == null) {
                this.cachePolicy = getDefaultPolicy();
            }
        } catch (CacheException e) {
        }
    }

    private void applyCachePolicy(CertStoreCachePolicy certStoreCachePolicy) {
        if (getCache() != null) {
            try {
                ICompositeCacheAttributes cacheAttributes = this.cache.getCacheAttributes();
                cacheAttributes.setMaxObjects(certStoreCachePolicy.getMaxItems());
                cacheAttributes.setUseLateral(false);
                cacheAttributes.setUseRemote(false);
                this.cache.setCacheAttributes(cacheAttributes);
                IElementAttributes defaultElementAttributes = this.cache.getDefaultElementAttributes();
                defaultElementAttributes.setMaxLifeSeconds(certStoreCachePolicy.getSubjectTTL());
                defaultElementAttributes.setIsEternal(false);
                defaultElementAttributes.setIsLateral(false);
                defaultElementAttributes.setIsRemote(false);
                this.cache.setDefaultElementAttributes(defaultElementAttributes);
            } catch (CacheException e) {
            }
        }
    }

    private CertStoreCachePolicy getDefaultPolicy() {
        return new DefaultConfigStoreCachePolicy();
    }

    public boolean contains(X509Certificate x509Certificate) {
        throw new UnsupportedOperationException("Contains is not supported.");
    }

    public void add(X509Certificate x509Certificate) {
        throw new UnsupportedOperationException("Add is not supported.");
    }

    public void remove(X509Certificate x509Certificate) {
        throw new UnsupportedOperationException("Remove is not supported.");
    }

    public Collection<X509Certificate> getCertificates(String str) {
        Collection<X509Certificate> lookupFromConfigStore;
        int indexOf = str.indexOf("EMAILADDRESS=");
        String substring = indexOf > -1 ? str.substring(indexOf + "EMAILADDRESS=".length()) : str;
        JCS cache = getCache();
        if (cache != null) {
            lookupFromConfigStore = (Collection) cache.get(substring);
            if (lookupFromConfigStore == null || lookupFromConfigStore.size() == 0) {
                lookupFromConfigStore = lookupFromConfigStore(substring);
                if (lookupFromConfigStore == null || lookupFromConfigStore.size() == 0) {
                    LOGGER.info("getCertificates(String subjectName) - Could not find a ConfigService certificate for subject " + str);
                }
            }
        } else {
            lookupFromConfigStore = lookupFromConfigStore(substring);
            if (lookupFromConfigStore.size() == 0) {
                if (this.localStoreDelegate != null) {
                    lookupFromConfigStore = this.localStoreDelegate.getCertificates(substring);
                    if (lookupFromConfigStore == null || lookupFromConfigStore.size() == 0) {
                        LOGGER.info("getCertificates(String subjectName) - Could not find a ConfigService certificate for subject " + str);
                    }
                } else {
                    LOGGER.info("getCertificates(String subjectName) - Could not find a ConfigService certificate for subject " + str);
                }
            }
        }
        return lookupFromConfigStore;
    }

    private Collection<X509Certificate> lookupFromConfigStore(String str) {
        try {
            Certificate[] certificatesForOwner = this.proxy.getCertificatesForOwner(str, (CertificateGetOptions) null);
            if (certificatesForOwner == null || certificatesForOwner.length == 0) {
                int indexOf = str.indexOf("@");
                try {
                    certificatesForOwner = this.proxy.getCertificatesForOwner(indexOf > -1 ? str.substring(indexOf + 1) : str, (CertificateGetOptions) null);
                } catch (Exception e) {
                    throw new NHINDException("WebService error getting certificates by domain: " + e.getMessage(), e);
                }
            }
            if (certificatesForOwner == null || certificatesForOwner.length == 0) {
                return Collections.emptyList();
            }
            ArrayList arrayList = new ArrayList();
            for (Certificate certificate : certificatesForOwner) {
                X509Certificate certFromData = certFromData(certificate.getData());
                arrayList.add(certFromData);
                if (this.localStoreDelegate != null) {
                    if (this.localStoreDelegate.contains(certFromData)) {
                        this.localStoreDelegate.update(certFromData);
                    } else {
                        this.localStoreDelegate.add(certFromData);
                    }
                }
            }
            try {
                if (this.cache != null) {
                    this.cache.put(str, arrayList);
                }
            } catch (CacheException e2) {
            }
            return arrayList;
        } catch (Exception e3) {
            throw new NHINDException("WebService error getting certificates by subject: " + e3.getMessage(), e3);
        }
    }

    public Collection<X509Certificate> getAllCertificates() {
        try {
            Certificate[] listCertificates = this.proxy.listCertificates(0L, 36863, (CertificateGetOptions) null);
            flush(true);
            if (listCertificates == null || listCertificates.length == 0) {
                return Collections.emptyList();
            }
            ArrayList arrayList = new ArrayList();
            for (Certificate certificate : listCertificates) {
                X509Certificate certFromData = certFromData(certificate.getData());
                arrayList.add(certFromData);
                try {
                    if (this.cache != null) {
                        this.cache.put(certificate.getOwner(), arrayList);
                    }
                } catch (CacheException e) {
                }
                if (this.localStoreDelegate != null) {
                    if (this.localStoreDelegate.contains(certFromData)) {
                        this.localStoreDelegate.update(certFromData);
                    } else {
                        this.localStoreDelegate.add(certFromData);
                    }
                }
            }
            return arrayList;
        } catch (Exception e2) {
            throw new NHINDException("WebService error getting all certificates: " + e2.getMessage(), e2);
        }
    }

    private X509Certificate certFromData(byte[] bArr) {
        X509CertificateEx x509CertificateEx = null;
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12", CryptoExtensions.getJCEProviderName());
                keyStore.load(byteArrayInputStream, "".toCharArray());
                Enumeration<String> aliases = keyStore.aliases();
                if (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    X509CertificateEx x509CertificateEx2 = (X509Certificate) keyStore.getCertificate(nextElement);
                    Key key = keyStore.getKey(nextElement, "".toCharArray());
                    if (key == null || !(key instanceof PrivateKey)) {
                        x509CertificateEx = x509CertificateEx2;
                    } else {
                        x509CertificateEx = X509CertificateEx.fromX509Certificate(x509CertificateEx2, (PrivateKey) key);
                    }
                }
            } catch (Exception e) {
            }
            if (x509CertificateEx == null) {
                byteArrayInputStream.reset();
                byteArrayInputStream = new ByteArrayInputStream(bArr);
                x509CertificateEx = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
            }
            byteArrayInputStream.close();
            return x509CertificateEx;
        } catch (Exception e2) {
            throw new NHINDException("Data cannot be converted to a valid X.509 Certificate", e2);
        }
    }

    public void flush(boolean z) {
        if (this.cache != null) {
            try {
                this.cache.clear();
            } catch (CacheException e) {
            }
            if (!z || this.localStoreDelegate == null) {
                return;
            }
            this.localStoreDelegate.remove(this.localStoreDelegate.getAllCertificates());
        }
    }

    public void loadBootStrap() {
        if (this.localStoreDelegate == null) {
            throw new IllegalStateException("The boot strap store has not been set.");
        }
        JCS cache = getCache();
        if (cache != null) {
            HashMap hashMap = new HashMap();
            for (X509Certificate x509Certificate : this.localStoreDelegate.getAllCertificates()) {
            }
            for (Map.Entry entry : hashMap.entrySet()) {
                try {
                    cache.put(entry.getKey(), entry.getValue());
                } catch (CacheException e) {
                }
            }
        }
    }

    public void loadBootStrap(CertificateStore certificateStore) {
        if (certificateStore == null) {
            throw new IllegalArgumentException();
        }
        this.localStoreDelegate = certificateStore;
        loadBootStrap();
    }

    public void setBootStrap(CertificateStore certificateStore) {
        loadBootStrap(certificateStore);
    }

    public void setCachePolicy(CertStoreCachePolicy certStoreCachePolicy) {
        this.cachePolicy = certStoreCachePolicy;
        applyCachePolicy(certStoreCachePolicy);
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
        initJVMParams();
    }
}
