package org.xipki.ca.server.publisher;

import java.security.NoSuchAlgorithmException;
import java.util.Map;
import org.apache.logging.log4j.core.lookup.StructuredDataLookup;
import org.bouncycastle.cert.X509CRLHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.audit.AuditEvent;
import org.xipki.audit.AuditLevel;
import org.xipki.audit.AuditStatus;
import org.xipki.audit.Audits;
import org.xipki.audit.extra.DatabaseMacAuditService;
import org.xipki.ca.api.CertWithDbId;
import org.xipki.ca.api.CertificateInfo;
import org.xipki.ca.api.publisher.CertPublisher;
import org.xipki.ca.api.publisher.CertPublisherException;
import org.xipki.ca.sdk.CaAuditConstants;
import org.xipki.datasource.DataAccessException;
import org.xipki.datasource.DataSourceWrapper;
import org.xipki.password.PasswordResolver;
import org.xipki.security.CertRevocationInfo;
import org.xipki.security.X509Cert;
import org.xipki.util.Args;
import org.xipki.util.ConfPairs;

/* loaded from: input_file:WEB-INF/lib/ca-server-6.4.0.jar:org/xipki/ca/server/publisher/OcspCertPublisher.class */
public class OcspCertPublisher extends CertPublisher {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) OcspCertPublisher.class);
    private OcspStoreQueryExecutor queryExecutor;
    private boolean publishsGoodCert = true;
    private DataSourceWrapper datasource;

    @Override // org.xipki.ca.api.publisher.CertPublisher
    public void initialize(String str, PasswordResolver passwordResolver, Map<String, DataSourceWrapper> map) throws CertPublisherException {
        Args.notNull(str, "conf");
        String value = new ConfPairs(str).value("publish.goodcerts");
        this.publishsGoodCert = value == null || Boolean.parseBoolean(value);
        String value2 = new ConfPairs(str).value(DatabaseMacAuditService.KEY_DATASOURCE);
        DataSourceWrapper dataSourceWrapper = null;
        if (value2 != null) {
            dataSourceWrapper = map.get(value2);
        }
        if (dataSourceWrapper == null) {
            throw new CertPublisherException("no datasource named '" + value2 + "' is specified");
        }
        try {
            this.queryExecutor = new OcspStoreQueryExecutor(dataSourceWrapper, this.publishsGoodCert);
        } catch (NoSuchAlgorithmException | DataAccessException e) {
            throw new CertPublisherException(e.getMessage(), e);
        }
    }

    @Override // org.xipki.ca.api.publisher.CertPublisher
    public boolean caAdded(X509Cert x509Cert) {
        try {
            this.queryExecutor.addIssuer(x509Cert);
            return true;
        } catch (Exception e) {
            logAndAudit(x509Cert.getSubjectText(), x509Cert, null, e, "could not publish issuer");
            return false;
        }
    }

    @Override // org.xipki.ca.api.publisher.CertPublisher
    public boolean certificateAdded(CertificateInfo certificateInfo) {
        X509Cert issuerCert = certificateInfo.getIssuerCert();
        CertWithDbId cert = certificateInfo.getCert();
        try {
            this.queryExecutor.addCert(issuerCert, cert, certificateInfo.getRevocationInfo());
            return true;
        } catch (Exception e) {
            logAndAudit(issuerCert.getSubjectText(), cert.getCert(), cert.getCertId(), e, "could not save certificate");
            return false;
        }
    }

    @Override // org.xipki.ca.api.publisher.CertPublisher
    public boolean certificateRevoked(X509Cert x509Cert, CertWithDbId certWithDbId, String str, CertRevocationInfo certRevocationInfo) {
        try {
            this.queryExecutor.revokeCert(x509Cert, certWithDbId, certRevocationInfo);
            return true;
        } catch (Exception e) {
            logAndAudit(x509Cert.getSubjectText(), certWithDbId.getCert(), certWithDbId.getCertId(), e, "could not publish revoked certificate");
            return false;
        }
    }

    @Override // org.xipki.ca.api.publisher.CertPublisher
    public boolean certificateUnrevoked(X509Cert x509Cert, CertWithDbId certWithDbId) {
        try {
            this.queryExecutor.unrevokeCert(x509Cert, certWithDbId);
            return true;
        } catch (Exception e) {
            logAndAudit(x509Cert.getSubjectText(), certWithDbId.getCert(), certWithDbId.getCertId(), e, "could not publish unrevocation of certificate");
            return false;
        }
    }

    private void logAndAudit(String str, X509Cert x509Cert, Long l, Exception exc, String str2) {
        String subjectText = x509Cert.getSubjectText();
        String serialNumberHex = x509Cert.getSerialNumberHex();
        LOG.error("{} (issuser='{}': subject='{}', serialNumber={}). Message: {}", str2, str, subjectText, serialNumberHex, exc.getMessage());
        LOG.debug("error", (Throwable) exc);
        AuditEvent auditEvent = new AuditEvent();
        auditEvent.setApplicationName("CAPublisher");
        auditEvent.setLevel(AuditLevel.ERROR);
        auditEvent.setStatus(AuditStatus.FAILED);
        if (l != null) {
            auditEvent.addEventData(StructuredDataLookup.ID_KEY, l);
        }
        auditEvent.addEventData(CaAuditConstants.NAME_issuer, str);
        auditEvent.addEventData(CaAuditConstants.NAME_subject, subjectText);
        auditEvent.addEventData(CaAuditConstants.NAME_serial, serialNumberHex);
        auditEvent.addEventData("message", str2);
        Audits.getAuditService().logEvent(auditEvent);
    }

    @Override // org.xipki.ca.api.publisher.CertPublisher
    public boolean crlAdded(X509Cert x509Cert, X509CRLHolder x509CRLHolder) {
        return true;
    }

    @Override // org.xipki.ca.api.publisher.CertPublisher
    public boolean isHealthy() {
        return this.queryExecutor.isHealthy();
    }

    @Override // org.xipki.ca.api.publisher.CertPublisher
    public boolean caRevoked(X509Cert x509Cert, CertRevocationInfo certRevocationInfo) {
        try {
            this.queryExecutor.revokeCa(x509Cert, certRevocationInfo);
            return true;
        } catch (Exception e) {
            logAndAudit(x509Cert.getIssuerText(), x509Cert, null, e, "could not publish revocation of CA");
            return false;
        }
    }

    @Override // org.xipki.ca.api.publisher.CertPublisher
    public boolean caUnrevoked(X509Cert x509Cert) {
        try {
            this.queryExecutor.unrevokeCa(x509Cert);
            return true;
        } catch (Exception e) {
            logAndAudit(x509Cert.getIssuerText(), x509Cert, null, e, "could not publish unrevocation of CA");
            return false;
        }
    }

    @Override // org.xipki.ca.api.publisher.CertPublisher
    public boolean certificateRemoved(X509Cert x509Cert, CertWithDbId certWithDbId) {
        try {
            this.queryExecutor.removeCert(x509Cert, certWithDbId);
            return true;
        } catch (Exception e) {
            logAndAudit(x509Cert.getIssuerText(), x509Cert, null, e, "could not publish removal of certificate");
            return false;
        }
    }

    @Override // org.xipki.ca.api.publisher.CertPublisher
    public boolean publishsGoodCert() {
        return this.publishsGoodCert;
    }
}
