package org.xipki.ca.server.db;

import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.time.Instant;
import java.util.Arrays;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.xipki.ca.api.mgmt.CaMgmtException;
import org.xipki.ca.server.db.QueryExecutor;
import org.xipki.datasource.DataAccessException;
import org.xipki.datasource.DataSourceWrapper;
import org.xipki.password.PasswordResolver;
import org.xipki.password.PasswordResolverException;
import org.xipki.security.CertRevocationInfo;
import org.xipki.security.HashAlgo;
import org.xipki.security.X509Cert;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.Hex;
import org.xipki.util.SqlUtil;
import org.xipki.util.exception.ErrorCode;
import org.xipki.util.exception.OperationException;

/* loaded from: input_file:WEB-INF/lib/ca-server-6.4.0.jar:org/xipki/ca/server/db/CertStoreBase.class */
public class CertStoreBase extends QueryExecutor {
    protected final String SQL_ADD_CERT;
    protected static final String SQL_REVOKE_CERT = "UPDATE CERT SET LUPDATE=?,REV=?,RT=?,RIT=?,RR=? WHERE ID=?";
    protected static final String SQL_REVOKE_SUSPENDED_CERT = "UPDATE CERT SET LUPDATE=?,RR=? WHERE ID=?";
    protected static final String SQL_MAX_CRLNO = "SELECT MAX(CRL_NO) FROM CRL WHERE CA_ID=?";
    protected static final String SQL_MAX_FULL_CRLNO = "SELECT MAX(CRL_NO) FROM CRL WHERE CA_ID=? AND DELTACRL = 0";
    protected static final String SQL_MAX_THISUPDAATE_CRL = "SELECT MAX(THISUPDATE) FROM CRL WHERE CA_ID=? AND DELTACRL=?";
    protected final String SQL_ADD_CRL;
    protected static final String SQL_REMOVE_CERT_FOR_ID = "DELETE FROM CERT WHERE ID=?";
    protected final int dbSchemaVersion;
    protected final int maxX500nameLen;
    protected final String keypairEncAlg = "AES/GCM/NoPadding";
    protected final int keypairEncAlgId = 1;
    protected String keypairEncProvider;
    protected String keypairEncKeyId;
    protected SecretKey keypairEncKey;
    protected final DataSourceWrapper caConfDatasource;

    /* JADX INFO: Access modifiers changed from: protected */
    public CertStoreBase(DataSourceWrapper dataSourceWrapper, DataSourceWrapper dataSourceWrapper2, PasswordResolver passwordResolver) throws DataAccessException, CaMgmtException {
        super(dataSourceWrapper);
        this.keypairEncAlg = "AES/GCM/NoPadding";
        this.keypairEncAlgId = 1;
        this.caConfDatasource = (DataSourceWrapper) Args.notNull(dataSourceWrapper2, "caConfDatasource");
        QueryExecutor.DbSchemaInfo dbSchemaInfo = new QueryExecutor.DbSchemaInfo(dataSourceWrapper);
        String variableValue = dbSchemaInfo.variableValue("VENDOR");
        if (variableValue != null && !variableValue.equalsIgnoreCase("XIPKI")) {
            throw new CaMgmtException("unsupported vendor " + variableValue);
        }
        this.dbSchemaVersion = Integer.parseInt(dbSchemaInfo.variableValue("VERSION"));
        if (this.dbSchemaVersion < 7) {
            throw new CaMgmtException("dbSchemaVersion < 7 unsupported: " + this.dbSchemaVersion);
        }
        this.maxX500nameLen = Integer.parseInt(dbSchemaInfo.variableValue("X500NAME_MAXLEN"));
        this.SQL_ADD_CERT = SqlUtil.buildInsertSql("CERT", "ID,LUPDATE,SN,SUBJECT,FP_S,FP_RS,FP_SAN,NBEFORE,NAFTER,REV,PID,CA_ID,RID,EE,TID,SHA1,REQ_SUBJECT,CRL_SCOPE,CERT,PRIVATE_KEY");
        this.SQL_ADD_CRL = SqlUtil.buildInsertSql("CRL", "ID,CA_ID,CRL_NO,THISUPDATE,NEXTUPDATE,DELTACRL,BASECRL_NO,CRL_SCOPE,SHA1,CRL");
        updateDbInfo(passwordResolver);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v5, types: [byte[], byte[][]] */
    public void updateDbInfo(PasswordResolver passwordResolver) throws DataAccessException, CaMgmtException {
        String variableValue = new QueryExecutor.DbSchemaInfo(this.caConfDatasource).variableValue("KEYPAIR_ENC_KEY");
        if (variableValue != null) {
            try {
                byte[] decode = Hex.decode(passwordResolver.resolvePassword(variableValue));
                int length = decode.length;
                if (length != 16 && length != 24 && length != 32) {
                    throw new CaMgmtException("error resolving KEYPAIR_ENC_KEY");
                }
                this.keypairEncKey = new SecretKeySpec(decode, "AES");
                this.keypairEncKeyId = Hex.encode(Arrays.copyOf(HashAlgo.SHA1.hash(new byte[]{decode}), 8));
                try {
                    Cipher.getInstance("AES/GCM/NoPadding", "SunJCE");
                    this.keypairEncProvider = "SunJCE";
                } catch (NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException e) {
                    try {
                        this.keypairEncProvider = Cipher.getInstance("AES/GCM/NoPadding").getProvider().getName();
                    } catch (NoSuchAlgorithmException | NoSuchPaddingException e2) {
                        throw new IllegalStateException("Unsupported cipher AES/GCM/NoPadding");
                    }
                }
            } catch (PasswordResolverException e3) {
                throw new CaMgmtException("error resolving KEYPAIR_ENC_KEY", e3);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static CertRevocationInfo buildCertRevInfo(ResultRow resultRow) {
        if (!resultRow.getBoolean("REV")) {
            return null;
        }
        long j = resultRow.getLong("RT");
        long j2 = resultRow.getLong("RIT");
        return new CertRevocationInfo(resultRow.getInt("RR"), Instant.ofEpochSecond(j), j2 == 0 ? null : Instant.ofEpochSecond(j2));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public long getMax(String str, String str2) throws OperationException {
        try {
            return this.datasource.getMax(null, str, str2);
        } catch (DataAccessException e) {
            throw new OperationException(ErrorCode.DATABASE_FAILURE, e.getMessage());
        }
    }

    protected int execUpdateStmt0(String str) throws OperationException {
        try {
            return execUpdateStmt(str);
        } catch (DataAccessException e) {
            throw new OperationException(ErrorCode.DATABASE_FAILURE, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int execUpdatePrepStmt0(String str, QueryExecutor.SqlColumn2... sqlColumn2Arr) throws OperationException {
        try {
            return execUpdatePrepStmt(str, sqlColumn2Arr);
        } catch (DataAccessException e) {
            throw new OperationException(ErrorCode.DATABASE_FAILURE, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ResultRow execQuery1PrepStmt0(String str, QueryExecutor.SqlColumn2... sqlColumn2Arr) throws OperationException {
        try {
            return execQuery1PrepStmt(str, sqlColumn2Arr);
        } catch (DataAccessException e) {
            throw new OperationException(ErrorCode.DATABASE_FAILURE, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<ResultRow> execQueryPrepStmt0(String str, QueryExecutor.SqlColumn2... sqlColumn2Arr) throws OperationException {
        try {
            return execQueryPrepStmt(str, sqlColumn2Arr);
        } catch (DataAccessException e) {
            throw new OperationException(ErrorCode.DATABASE_FAILURE, e);
        }
    }

    protected PreparedStatement buildPrepStmt0(String str, QueryExecutor.SqlColumn2... sqlColumn2Arr) throws OperationException {
        try {
            return buildPrepStmt(str, sqlColumn2Arr);
        } catch (DataAccessException e) {
            throw new OperationException(ErrorCode.DATABASE_FAILURE, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public long execQueryLongPrepStmt(String str, QueryExecutor.SqlColumn2... sqlColumn2Arr) throws OperationException {
        PreparedStatement buildPrepStmt0 = buildPrepStmt0(str, sqlColumn2Arr);
        ResultSet resultSet = null;
        try {
            try {
                resultSet = buildPrepStmt0.executeQuery();
                long j = resultSet.next() ? resultSet.getLong(1) : 0L;
                this.datasource.releaseResources(buildPrepStmt0, resultSet);
                return j;
            } catch (SQLException e) {
                throw new OperationException(ErrorCode.DATABASE_FAILURE, this.datasource.translate(str, e));
            }
        } catch (Throwable th) {
            this.datasource.releaseResources(buildPrepStmt0, resultSet);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PreparedStatement prepareStatement(String str) throws OperationException {
        try {
            return this.datasource.prepareStatement(str);
        } catch (DataAccessException e) {
            throw new OperationException(ErrorCode.DATABASE_FAILURE, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String buildArraySql(DataSourceWrapper dataSourceWrapper, String str, int i) {
        return dataSourceWrapper.buildSelectFirstSql(i, str + " IN (?" + ",?".repeat(Math.max(0, i - 1)) + ")");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509Cert parseCert(byte[] bArr) throws OperationException {
        try {
            return X509Util.parseCert(bArr);
        } catch (CertificateException e) {
            throw new OperationException(ErrorCode.SYSTEM_FAILURE, e);
        }
    }
}
