package org.xipki.ca.server;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.cert.X509CRLHolder;
import org.xipki.ca.api.CertWithDbId;
import org.xipki.ca.api.CertificateInfo;
import org.xipki.ca.api.NameId;
import org.xipki.ca.api.mgmt.CaStatus;
import org.xipki.ca.api.mgmt.CertWithRevocationInfo;
import org.xipki.ca.server.db.CertStore;
import org.xipki.ca.server.mgmt.CaManagerImpl;
import org.xipki.security.CertRevocationInfo;
import org.xipki.security.X509Cert;
import org.xipki.util.Args;
import org.xipki.util.Base64;
import org.xipki.util.CollectionUtil;
import org.xipki.util.LogUtil;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/ca-server-6.4.0.jar:org/xipki/ca/server/X509PublisherModule.class */
public class X509PublisherModule extends X509CaModule {
    private final CertStore certstore;
    private final CaIdNameMap caIdNameMap;
    private final CaManagerImpl caManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509PublisherModule(CaManagerImpl caManagerImpl, CaInfo caInfo, CertStore certStore) {
        super(caInfo);
        this.caManager = (CaManagerImpl) Args.notNull(caManagerImpl, "caManager");
        this.caIdNameMap = caManagerImpl.idNameMap();
        this.certstore = (CertStore) Args.notNull(certStore, "certstore");
        Iterator<IdentifiedCertPublisher> it = publishers().iterator();
        while (it.hasNext()) {
            it.next().caAdded(this.caCert);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int publishCert(CertificateInfo certificateInfo, boolean z) {
        boolean z2;
        if (((CertificateInfo) Args.notNull(certificateInfo, "certInfo")).isAlreadyIssued()) {
            return 0;
        }
        if (!this.certstore.addCert(certificateInfo, z)) {
            return 1;
        }
        ArrayList arrayList = null;
        for (IdentifiedCertPublisher identifiedCertPublisher : publishers()) {
            try {
                z2 = identifiedCertPublisher.certificateAdded(certificateInfo);
            } catch (RuntimeException e) {
                z2 = false;
            }
            if (!z2) {
                if (arrayList == null) {
                    arrayList = new ArrayList(1);
                }
                arrayList.add(identifiedCertPublisher.getIdent().getName());
            }
        }
        if (arrayList == null) {
            return 0;
        }
        if (!this.LOG.isWarnEnabled()) {
            return 2;
        }
        this.LOG.warn("could not publish to publishers {}: {}", arrayList, Base64.encodeToString(certificateInfo.getCert().getCert().getEncoded(), true));
        return 2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean republishCerts(List<String> list, int i) {
        List<IdentifiedCertPublisher> arrayList;
        if (list == null) {
            arrayList = publishers();
        } else {
            arrayList = new ArrayList(list.size());
            for (String str : list) {
                IdentifiedCertPublisher identifiedCertPublisher = null;
                Iterator<IdentifiedCertPublisher> it = publishers().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    IdentifiedCertPublisher next = it.next();
                    if (next.getIdent().getName().equals(str)) {
                        identifiedCertPublisher = next;
                        break;
                    }
                }
                if (identifiedCertPublisher == null) {
                    throw new IllegalArgumentException("could not find publisher " + str + " for CA " + this.caIdent.getName());
                }
                arrayList.add(identifiedCertPublisher);
            }
        }
        if (CollectionUtil.isEmpty(arrayList)) {
            return true;
        }
        CaStatus status = this.caInfo.getStatus();
        this.caInfo.setStatus(CaStatus.INACTIVE);
        boolean z = true;
        Iterator<IdentifiedCertPublisher> it2 = arrayList.iterator();
        while (it2.hasNext()) {
            if (it2.next().publishsGoodCert()) {
                z = false;
                break;
            }
        }
        try {
            for (IdentifiedCertPublisher identifiedCertPublisher2 : arrayList) {
                if (!identifiedCertPublisher2.caAdded(this.caCert)) {
                    this.LOG.error("republish CA certificate {} to publisher {} failed", this.caIdent.getName(), identifiedCertPublisher2.getIdent().getName());
                    this.caInfo.setStatus(status);
                    return false;
                }
            }
            if (this.caInfo.getRevocationInfo() != null) {
                for (IdentifiedCertPublisher identifiedCertPublisher3 : arrayList) {
                    if (!identifiedCertPublisher3.caRevoked(this.caCert, this.caInfo.getRevocationInfo())) {
                        this.LOG.error("republishing CA revocation to publisher {} failed", identifiedCertPublisher3.getIdent().getName());
                        this.caInfo.setStatus(status);
                        return false;
                    }
                }
            }
            boolean republish = new CertRepublisher(this.caIdent, this.caCert, this.caIdNameMap, this.certstore, arrayList, z, i).republish();
            this.caInfo.setStatus(status);
            return republish;
        } catch (Throwable th) {
            this.caInfo.setStatus(status);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void publishCrl(X509CRLHolder x509CRLHolder) {
        try {
            this.certstore.addCrl(this.caIdent, x509CRLHolder);
            for (IdentifiedCertPublisher identifiedCertPublisher : publishers()) {
                try {
                    identifiedCertPublisher.crlAdded(this.caCert, x509CRLHolder);
                } catch (RuntimeException e) {
                    LogUtil.error(this.LOG, e, "could not publish CRL to the publisher " + identifiedCertPublisher.getIdent());
                }
            }
        } catch (Exception e2) {
            this.LOG.error("could not add CRL ca={}, thisUpdate={}: {}, ", this.caIdent.getName(), x509CRLHolder.getThisUpdate(), e2.getMessage());
            this.LOG.debug("Exception", (Throwable) e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean publishCertRemoved(CertWithDbId certWithDbId) {
        boolean z;
        boolean z2 = true;
        for (IdentifiedCertPublisher identifiedCertPublisher : publishers()) {
            try {
                z = identifiedCertPublisher.certificateRemoved(this.caCert, certWithDbId);
            } catch (RuntimeException e) {
                z = false;
                LogUtil.warn(this.LOG, e, "could not remove certificate from the publisher " + identifiedCertPublisher.getIdent());
            }
            if (!z) {
                z2 = false;
                X509Cert cert = certWithDbId.getCert();
                if (this.LOG.isErrorEnabled()) {
                    this.LOG.error("removing certificate issuer='{}', serial={}, subject='{}' from publisher {} failed.", cert.getIssuerText(), cert.getSerialNumberHex(), cert.getSubjectText(), identifiedCertPublisher.getIdent());
                }
            }
        }
        return z2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void publishCertRevoked(CertWithRevocationInfo certWithRevocationInfo) {
        boolean z;
        for (IdentifiedCertPublisher identifiedCertPublisher : publishers()) {
            try {
                z = identifiedCertPublisher.certificateRevoked(this.caCert, certWithRevocationInfo.getCert(), certWithRevocationInfo.getCertprofile(), certWithRevocationInfo.getRevInfo());
            } catch (RuntimeException e) {
                z = false;
            }
            if (!z) {
                this.LOG.error("could not publish revocation of certificate to the publisher {}", identifiedCertPublisher.getIdent());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void publishCertUnrevoked(CertWithDbId certWithDbId) {
        boolean z;
        ArrayList arrayList = null;
        for (IdentifiedCertPublisher identifiedCertPublisher : publishers()) {
            try {
                z = identifiedCertPublisher.certificateUnrevoked(this.caCert, certWithDbId);
            } catch (RuntimeException e) {
                z = false;
            }
            if (!z) {
                if (arrayList == null) {
                    arrayList = new ArrayList(1);
                }
                arrayList.add(identifiedCertPublisher.getIdent().getName());
            }
        }
        if (arrayList == null) {
            return;
        }
        this.LOG.error("could not publishCertUnrevoked of certificate {} to publishers {}", certWithDbId.getCertId(), arrayList);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean publishCaRevoked(CertRevocationInfo certRevocationInfo) {
        boolean z = true;
        for (IdentifiedCertPublisher identifiedCertPublisher : publishers()) {
            NameId ident = identifiedCertPublisher.getIdent();
            if (identifiedCertPublisher.caRevoked(this.caCert, certRevocationInfo)) {
                this.LOG.info("published event caRevoked of CA {} to publisher {}", this.caIdent.getName(), ident.getName());
            } else {
                z = false;
                this.LOG.error("could not publish event caRevoked of CA {} to publisher {}", this.caIdent.getName(), ident.getName());
            }
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean publishCaUnrevoked() {
        boolean z = true;
        for (IdentifiedCertPublisher identifiedCertPublisher : publishers()) {
            NameId ident = identifiedCertPublisher.getIdent();
            if (identifiedCertPublisher.caUnrevoked(this.caCert)) {
                this.LOG.info("published event caUnrevoked of CA {} to publisher {}", this.caIdent.getName(), ident.getName());
            } else {
                z = false;
                this.LOG.error("could not publish event caUnrevoked of CA {} to publisher {}", this.caIdent.getName(), ident.getName());
            }
        }
        return z;
    }

    private List<IdentifiedCertPublisher> publishers() {
        return this.caManager.getIdentifiedPublishersForCa(this.caIdent.getName());
    }
}
