package org.xipki.ca.server.mgmt;

import java.io.ByteArrayInputStream;
import java.io.Closeable;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.SocketException;
import java.time.Instant;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ScheduledThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.X509CRLHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.audit.AuditLevel;
import org.xipki.audit.AuditStatus;
import org.xipki.audit.Audits;
import org.xipki.audit.PciAuditEvent;
import org.xipki.ca.api.NameId;
import org.xipki.ca.api.mgmt.CaConfs;
import org.xipki.ca.api.mgmt.CaManager;
import org.xipki.ca.api.mgmt.CaMgmtException;
import org.xipki.ca.api.mgmt.CaProfileEntry;
import org.xipki.ca.api.mgmt.CaStatus;
import org.xipki.ca.api.mgmt.CaSystemStatus;
import org.xipki.ca.api.mgmt.CertListInfo;
import org.xipki.ca.api.mgmt.CertListOrderBy;
import org.xipki.ca.api.mgmt.CertWithRevocationInfo;
import org.xipki.ca.api.mgmt.RequestorInfo;
import org.xipki.ca.api.mgmt.entry.CaEntry;
import org.xipki.ca.api.mgmt.entry.CaHasRequestorEntry;
import org.xipki.ca.api.mgmt.entry.CertprofileEntry;
import org.xipki.ca.api.mgmt.entry.ChangeCaEntry;
import org.xipki.ca.api.mgmt.entry.KeypairGenEntry;
import org.xipki.ca.api.mgmt.entry.PublisherEntry;
import org.xipki.ca.api.mgmt.entry.RequestorEntry;
import org.xipki.ca.api.mgmt.entry.SignerEntry;
import org.xipki.ca.api.profile.CertprofileFactoryRegister;
import org.xipki.ca.api.publisher.CertPublisherFactoryRegister;
import org.xipki.ca.sdk.CaIdentifierRequest;
import org.xipki.ca.sdk.CertprofileInfoResponse;
import org.xipki.ca.sdk.X500NameType;
import org.xipki.ca.server.CaIdNameMap;
import org.xipki.ca.server.CaInfo;
import org.xipki.ca.server.CaServerConf;
import org.xipki.ca.server.CtLogPublicKeyFinder;
import org.xipki.ca.server.IdentifiedCertPublisher;
import org.xipki.ca.server.IdentifiedCertprofile;
import org.xipki.ca.server.KeypairGenEntryWrapper;
import org.xipki.ca.server.RequestorEntryWrapper;
import org.xipki.ca.server.SignerEntryWrapper;
import org.xipki.ca.server.UniqueIdGenerator;
import org.xipki.ca.server.X509Ca;
import org.xipki.ca.server.db.CaManagerQueryExecutor;
import org.xipki.ca.server.db.CertStore;
import org.xipki.ca.server.db.SystemEvent;
import org.xipki.datasource.DataAccessException;
import org.xipki.datasource.DataSourceConf;
import org.xipki.datasource.DataSourceFactory;
import org.xipki.datasource.DataSourceWrapper;
import org.xipki.license.api.CmLicense;
import org.xipki.password.PasswordResolverException;
import org.xipki.security.CertRevocationInfo;
import org.xipki.security.CrlReason;
import org.xipki.security.KeyCertBytesPair;
import org.xipki.security.KeypairGenerator;
import org.xipki.security.SecurityFactory;
import org.xipki.security.X509Cert;
import org.xipki.security.pkcs11.P11CryptServiceFactory;
import org.xipki.util.Args;
import org.xipki.util.CollectionUtil;
import org.xipki.util.FileOrValue;
import org.xipki.util.Hex;
import org.xipki.util.IoUtil;
import org.xipki.util.LogUtil;
import org.xipki.util.StringUtil;
import org.xipki.util.exception.InvalidConfException;
import org.xipki.util.exception.OperationException;

/* loaded from: input_file:WEB-INF/lib/ca-server-6.4.0.jar:org/xipki/ca/server/mgmt/CaManagerImpl.class */
public class CaManagerImpl implements CaManager, Closeable {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CaManagerImpl.class);
    private static final String EVENT_LOCK = "LOCK";
    private static final String EVENT_CACHANGE = "CA_CHANGE";
    final CaIdNameMap idNameMap = new CaIdNameMap();
    final Map<String, CaInfo> caInfos = new ConcurrentHashMap();
    final Map<String, SignerEntryWrapper> signers = new ConcurrentHashMap();
    final Map<String, SignerEntry> signerDbEntries = new ConcurrentHashMap();
    final Map<String, IdentifiedCertprofile> certprofiles = new ConcurrentHashMap();
    final Map<String, CertprofileEntry> certprofileDbEntries = new ConcurrentHashMap();
    final Map<String, IdentifiedCertPublisher> publishers = new ConcurrentHashMap();
    final Map<String, PublisherEntry> publisherDbEntries = new ConcurrentHashMap();
    final Map<String, RequestorEntryWrapper> requestors = new ConcurrentHashMap();
    final Map<String, RequestorEntry> requestorDbEntries = new ConcurrentHashMap();
    final Map<String, KeypairGenEntryWrapper> keypairGens = new ConcurrentHashMap();
    final Map<String, KeypairGenEntry> keypairGenDbEntries = new ConcurrentHashMap();
    final Map<String, Set<CaProfileEntry>> caHasProfiles = new ConcurrentHashMap();
    final Map<String, Set<String>> caHasPublishers = new ConcurrentHashMap();
    final Map<String, Set<CaHasRequestorEntry>> caHasRequestors = new ConcurrentHashMap();
    final Map<String, Integer> caAliases = new ConcurrentHashMap();
    final Map<String, X509Ca> x509cas = new ConcurrentHashMap();
    RequestorInfo byCaRequestor;
    boolean masterMode;
    boolean noLock;
    int shardId;
    Map<String, DataSourceWrapper> datasourceMap;
    CaServerConf caServerConf;
    CertprofileFactoryRegister certprofileFactoryRegister;
    CertPublisherFactoryRegister certPublisherFactoryRegister;
    CertStore certstore;
    SecurityFactory securityFactory;
    P11CryptServiceFactory p11CryptServiceFactory;
    CaManagerQueryExecutor queryExecutor;
    private final CmLicense license;
    private DataSourceWrapper caconfDatasource;
    private DataSourceWrapper certstoreDatasource;
    private final String lockInstanceId;
    private boolean caLockedByMe;
    private ScheduledThreadPoolExecutor persistentScheduledThreadPoolExecutor;
    private ScheduledThreadPoolExecutor scheduledThreadPoolExecutor;
    private final DataSourceFactory datasourceFactory;
    private CtLogPublicKeyFinder ctLogPublicKeyFinder;
    private boolean caSystemSetuped;
    private Instant lastStartTime;
    private boolean initializing;
    private final Ca2Manager ca2Manager;
    private final CertprofileManager certprofileManager;
    private final ConfLoader confLoader;
    private final PublisherManager publisherManager;
    private final RequestorManager requestorManager;
    private final SignerManager signerManager;
    private final KeypairGenManager keypairGenManager;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/ca-server-6.4.0.jar:org/xipki/ca/server/mgmt/CaManagerImpl$CaRestarter.class */
    public class CaRestarter implements Runnable {
        private boolean inProcess;

        private CaRestarter() {
        }

        @Override // java.lang.Runnable
        public void run() {
            if (this.inProcess) {
                return;
            }
            this.inProcess = true;
            try {
                try {
                    SystemEvent systemEvent = CaManagerImpl.this.queryExecutor.getSystemEvent(CaManagerImpl.EVENT_CACHANGE);
                    long eventTime = systemEvent == null ? 0L : systemEvent.getEventTime();
                    CaManagerImpl.LOG.info("check the restart CA system event: changed at={}, lastStartTime={}", Instant.ofEpochSecond(eventTime), CaManagerImpl.this.lastStartTime);
                    if (eventTime > CaManagerImpl.this.lastStartTime.getEpochSecond()) {
                        CaManagerImpl.LOG.info("received event to restart CA");
                        CaManagerImpl.this.restartCaSystem();
                    } else {
                        CaManagerImpl.LOG.debug("received no event to restart CA");
                    }
                    this.inProcess = false;
                } catch (Throwable th) {
                    LogUtil.error(CaManagerImpl.LOG, th, "ScheduledCaRestarter");
                    this.inProcess = false;
                }
            } catch (Throwable th2) {
                this.inProcess = false;
                throw th2;
            }
        }
    }

    public CaManagerImpl(CmLicense cmLicense) {
        LOG.info("XiPKI CA version {}", StringUtil.getVersion(getClass()));
        this.license = (CmLicense) Args.notNull(cmLicense, "license");
        this.datasourceFactory = new DataSourceFactory();
        String str = null;
        File file = new File("calock");
        if (file.exists()) {
            try {
                str = StringUtil.toUtf8String(IoUtil.read(file));
            } catch (IOException e) {
                LOG.error("could not read {}: {}", file.getName(), e.getMessage());
            }
        }
        if (str == null) {
            str = UUID.randomUUID().toString();
            try {
                IoUtil.save(file, StringUtil.toUtf8Bytes(str));
            } catch (IOException e2) {
                LOG.error("could not save {}: {}", file.getName(), e2.getMessage());
            }
        }
        String str2 = null;
        try {
            str2 = IoUtil.getHostAddress();
        } catch (SocketException e3) {
            LOG.warn("could not get host address: {}", e3.getMessage());
        }
        this.lockInstanceId = str2 == null ? str : str2 + "/" + str;
        this.ca2Manager = new Ca2Manager(this);
        this.certprofileManager = new CertprofileManager(this);
        this.confLoader = new ConfLoader(this);
        this.publisherManager = new PublisherManager(this);
        this.requestorManager = new RequestorManager(this);
        this.signerManager = new SignerManager(this);
        this.keypairGenManager = new KeypairGenManager(this);
    }

    public int getShardId() {
        return this.shardId;
    }

    public SecurityFactory getSecurityFactory() {
        return this.securityFactory;
    }

    public void setSecurityFactory(SecurityFactory securityFactory) {
        this.securityFactory = securityFactory;
    }

    public P11CryptServiceFactory getP11CryptServiceFactory() {
        return this.p11CryptServiceFactory;
    }

    public void setP11CryptServiceFactory(P11CryptServiceFactory p11CryptServiceFactory) {
        this.p11CryptServiceFactory = p11CryptServiceFactory;
    }

    public boolean isMasterMode() {
        return this.masterMode;
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public Set<String> getSupportedSignerTypes() {
        return this.securityFactory.getSupportedSignerTypes();
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public Set<String> getSupportedCertprofileTypes() {
        return this.certprofileFactoryRegister.getSupportedTypes();
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public Set<String> getSupportedPublisherTypes() {
        return this.certPublisherFactoryRegister.getSupportedTypes();
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public String getTokenInfoP11(String str, Integer num, boolean z) throws CaMgmtException {
        return this.signerManager.getTokenInfoP11(str, num, z);
    }

    private void init() throws CaMgmtException {
        if (this.securityFactory == null) {
            throw new IllegalStateException("securityFactory is not set");
        }
        if (this.datasourceFactory == null) {
            throw new IllegalStateException("datasourceFactory is not set");
        }
        if (this.certprofileFactoryRegister == null) {
            throw new IllegalStateException("certprofileFactoryRegister is not set");
        }
        if (this.certPublisherFactoryRegister == null) {
            throw new IllegalStateException("certPublisherFactoryRegister is not set");
        }
        if (this.caServerConf == null) {
            throw new IllegalStateException("caServerConf is not set");
        }
        this.masterMode = this.caServerConf.isMaster();
        LOG.info("ca.masterMode: {}", Boolean.valueOf(this.masterMode));
        this.noLock = this.caServerConf.isNoLock();
        LOG.info("ca.noLock: {}", Boolean.valueOf(this.noLock));
        this.shardId = this.caServerConf.getShardId();
        LOG.info("ca.shardId: {}", Integer.valueOf(this.shardId));
        this.caServerConf.initSsl();
        if (this.caServerConf.getCtLog() != null) {
            try {
                this.ctLogPublicKeyFinder = new CtLogPublicKeyFinder(this.caServerConf.getCtLog());
            } catch (Exception e) {
                throw new CaMgmtException("could not load CtLogPublicKeyFinder: " + e.getMessage(), e);
            }
        }
        if (this.datasourceMap == null) {
            ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
            for (DataSourceConf dataSourceConf : this.caServerConf.getDatasources()) {
                String name = dataSourceConf.getName();
                FileOrValue conf = dataSourceConf.getConf();
                concurrentHashMap.put(name, loadDatasource(name, conf));
                if (conf.getFile() != null) {
                    LOG.info("associate datasource {} to the file {}", name, conf.getFile());
                } else {
                    LOG.info("associate datasource {} to text value", name);
                }
            }
            this.certstoreDatasource = (DataSourceWrapper) concurrentHashMap.remove("ca");
            if (this.certstoreDatasource == null) {
                throw new CaMgmtException("no datasource named 'ca' configured");
            }
            this.caconfDatasource = (DataSourceWrapper) concurrentHashMap.remove("caconf");
            if (this.caconfDatasource == null) {
                this.caconfDatasource = this.certstoreDatasource;
            }
            this.queryExecutor = new CaManagerQueryExecutor(this.caconfDatasource);
            int dbSchemaVersion = this.queryExecutor.getDbSchemaVersion();
            LOG.info("dbSchemaVersion: {}", Integer.valueOf(dbSchemaVersion));
            if (dbSchemaVersion >= 8 && this.caconfDatasource == this.certstoreDatasource) {
                throw new CaMgmtException("no datasource named 'caconf' configured");
            }
            this.datasourceMap = concurrentHashMap;
        }
        UniqueIdGenerator uniqueIdGenerator = new UniqueIdGenerator(ZonedDateTime.of(2010, 1, 1, 0, 0, 0, 0, ZoneOffset.UTC).toEpochSecond(), this.shardId);
        if (this.masterMode) {
            if (!this.noLock) {
                lockCa();
            }
            List namesFromTable = this.queryExecutor.namesFromTable("REQUESTOR");
            for (String str : new String[]{RequestorInfo.NAME_BY_CA}) {
                boolean z = false;
                Iterator it = namesFromTable.iterator();
                while (true) {
                    if (it.hasNext()) {
                        if (str.equalsIgnoreCase((String) it.next())) {
                            z = true;
                            break;
                        }
                    } else {
                        break;
                    }
                }
                if (!z) {
                    this.queryExecutor.addEmbeddedRequestor(str);
                }
            }
        }
        boolean z2 = true;
        try {
            this.certstore = new CertStore(this.certstoreDatasource, this.caconfDatasource, uniqueIdGenerator, this.securityFactory.getPasswordResolver());
        } catch (DataAccessException e2) {
            z2 = false;
            LogUtil.error(LOG, e2, "error constructing CertStore");
        }
        try {
            this.ca2Manager.initCaAliases();
        } catch (CaMgmtException e3) {
            z2 = false;
            LogUtil.error(LOG, e3, "error initCaAliases");
        }
        try {
            this.certprofileManager.initCertprofiles();
        } catch (CaMgmtException e4) {
            z2 = false;
            LogUtil.error(LOG, e4, "error initCertprofiles");
        }
        try {
            this.publisherManager.initPublishers();
        } catch (CaMgmtException e5) {
            z2 = false;
            LogUtil.error(LOG, e5, "error initPublishers");
        }
        try {
            this.requestorManager.initRequestors();
        } catch (CaMgmtException e6) {
            z2 = false;
            LogUtil.error(LOG, e6, "error initRequestors");
        }
        try {
            this.signerManager.initSigners();
        } catch (CaMgmtException e7) {
            z2 = false;
            LogUtil.error(LOG, e7, "error initSigners");
        }
        try {
            this.keypairGenManager.initKeypairGens();
        } catch (CaMgmtException e8) {
            z2 = false;
            LogUtil.error(LOG, e8, "error initKeypairGens");
        }
        try {
            this.ca2Manager.initCas();
        } catch (CaMgmtException e9) {
            z2 = false;
            LogUtil.error(LOG, e9, "error initCas");
        }
        if (this.masterMode) {
            Iterator<CertprofileEntry> it2 = this.certprofileDbEntries.values().iterator();
            while (it2.hasNext()) {
                this.certstore.addCertProfile(it2.next().getIdent());
            }
            if (this.byCaRequestor != null) {
                this.certstore.addRequestor(this.byCaRequestor.getIdent());
            }
            Iterator<RequestorEntry> it3 = this.requestorDbEntries.values().iterator();
            while (it3.hasNext()) {
                this.certstore.addRequestor(it3.next().getIdent());
            }
            for (CaInfo caInfo : this.caInfos.values()) {
                this.certstore.addCa(caInfo.getIdent(), caInfo.getCert());
            }
        }
        if (!z2) {
            throw new CaMgmtException("error initializing CA system");
        }
    }

    public int getDbSchemaVersion() {
        return this.queryExecutor.getDbSchemaVersion();
    }

    private DataSourceWrapper loadDatasource(String str, FileOrValue fileOrValue) throws CaMgmtException {
        try {
            DataSourceWrapper createDataSource = this.datasourceFactory.createDataSource(str, fileOrValue, this.securityFactory.getPasswordResolver());
            createDataSource.returnConnection(createDataSource.getConnection());
            LOG.info("loaded datasource.{}", str);
            return createDataSource;
        } catch (DataAccessException | PasswordResolverException | IOException | RuntimeException e) {
            throw new CaMgmtException(e.getClass().getName() + " while parsing datasource " + str + ": " + e.getMessage(), e);
        }
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public CaSystemStatus getCaSystemStatus() {
        return this.caSystemSetuped ? this.masterMode ? CaSystemStatus.STARTED_AS_MASTER : CaSystemStatus.STARTED_AS_SLAVE : this.initializing ? CaSystemStatus.INITIALIZING : !this.caLockedByMe ? CaSystemStatus.LOCK_FAILED : CaSystemStatus.ERROR;
    }

    private void lockCa() throws CaMgmtException {
        SystemEvent systemEvent = this.queryExecutor.getSystemEvent(EVENT_LOCK);
        if (systemEvent != null) {
            String owner = systemEvent.getOwner();
            Instant ofEpochSecond = Instant.ofEpochSecond(systemEvent.getEventTime());
            if (!this.lockInstanceId.equals(owner)) {
                throw logAndCreateException("could not lock CA, it has been locked by " + owner + " since " + ofEpochSecond + ". In general this indicates that another CA software in master mode is accessing the database or the last shutdown of CA software in master mode is abnormal. If you know what you do, you can unlock it executing the ca:unlock command.");
            }
            LOG.info("CA has been locked by me since {}, re-lock it", ofEpochSecond);
        }
        this.queryExecutor.changeSystemEvent(new SystemEvent(EVENT_LOCK, this.lockInstanceId, Instant.now().getEpochSecond()));
        this.caLockedByMe = true;
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void unlockCa() throws CaMgmtException {
        if (!this.masterMode) {
            throw logAndCreateException("could not unlock CA in slave mode");
        }
        boolean z = false;
        try {
            this.queryExecutor.unlockCa();
            LOG.info("unlocked CA");
            z = true;
            auditLogPciEvent(true, "UNLOCK");
        } catch (Throwable th) {
            auditLogPciEvent(z, "UNLOCK");
            throw th;
        }
    }

    private void reset() {
        this.caSystemSetuped = false;
        this.ctLogPublicKeyFinder = null;
        this.signerManager.reset();
        this.requestorManager.reset();
        this.ca2Manager.reset();
        this.certprofileManager.reset();
        this.publisherManager.reset();
        this.keypairGenManager.reset();
        shutdownScheduledThreadPoolExecutor();
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void restartCa(String str) throws CaMgmtException {
        this.ca2Manager.restartCa(str);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void restartCaSystem() throws CaMgmtException {
        reset();
        boolean startCaSystem0 = startCaSystem0();
        auditLogPciEvent(startCaSystem0, EVENT_CACHANGE);
        if (!startCaSystem0) {
            throw logAndCreateException("could not restart CA system");
        }
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void notifyCaChange() throws CaMgmtException {
        try {
            this.queryExecutor.changeSystemEvent(new SystemEvent(EVENT_CACHANGE, this.lockInstanceId, Instant.now().getEpochSecond()));
            LOG.info("notified the change of CA system");
        } catch (CaMgmtException e) {
            LogUtil.warn(LOG, e, "could not notify slave CAs to restart");
            throw e;
        }
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void addDbSchema(String str, String str2) throws CaMgmtException {
        checkModificationOfDbSchema(str);
        this.queryExecutor.addDbSchema(str, str2);
        try {
            this.certstore.updateDbInfo(this.securityFactory.getPasswordResolver());
        } catch (DataAccessException e) {
            throw new CaMgmtException(e);
        }
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void changeDbSchema(String str, String str2) throws CaMgmtException {
        checkModificationOfDbSchema(str);
        this.queryExecutor.changeDbSchema(str, str2);
        try {
            this.certstore.updateDbInfo(this.securityFactory.getPasswordResolver());
        } catch (DataAccessException e) {
            throw new CaMgmtException(e);
        }
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void removeDbSchema(String str) throws CaMgmtException {
        checkModificationOfDbSchema(str);
        this.queryExecutor.removeDbSchema(str);
        try {
            this.certstore.updateDbInfo(this.securityFactory.getPasswordResolver());
        } catch (DataAccessException e) {
            throw new CaMgmtException(e);
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:5:0x004e. Please report as an issue. */
    @Override // org.xipki.ca.api.mgmt.CaManager
    public Map<String, String> getDbSchemas() throws CaMgmtException {
        Map<String, String> dbSchemas = this.queryExecutor.getDbSchemas();
        HashMap hashMap = new HashMap((dbSchemas.size() * 5) / 4);
        for (Map.Entry<String, String> entry : dbSchemas.entrySet()) {
            String key = entry.getKey();
            boolean z = -1;
            switch (key.hashCode()) {
                case -1766745784:
                    if (key.equals("VENDOR")) {
                        z = true;
                        break;
                    }
                    break;
                case -177967960:
                    if (key.equals("X500NAME_MAXLEN")) {
                        z = 2;
                        break;
                    }
                    break;
                case 1069590712:
                    if (key.equals("VERSION")) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                case true:
                case true:
                    break;
                default:
                    hashMap.put(entry.getKey(), entry.getValue());
                    break;
            }
        }
        return hashMap;
    }

    private static void checkModificationOfDbSchema(String str) throws CaMgmtException {
        if (StringUtil.orEqualsIgnoreCase(str, "VERSION", "VENDOR", "X500NAME_MAXLEN")) {
            throw new CaMgmtException("modification of reserved DBSCHEMA " + str + " is not allowed");
        }
    }

    public void startCaSystem() {
        boolean z = false;
        try {
            z = startCaSystem0();
        } catch (Throwable th) {
            LogUtil.error(LOG, th, "could not start CA system");
        }
        if (!z) {
            LOG.error("could not start CA system");
        }
        auditLogPciEvent(z, "START");
    }

    private boolean startCaSystem0() {
        if (this.caSystemSetuped) {
            return true;
        }
        this.initializing = true;
        shutdownScheduledThreadPoolExecutor();
        try {
            LOG.info("starting CA system");
            try {
                init();
                this.lastStartTime = Instant.now();
                this.x509cas.clear();
                this.scheduledThreadPoolExecutor = new ScheduledThreadPoolExecutor(10);
                this.scheduledThreadPoolExecutor.setRemoveOnCancelPolicy(true);
                LinkedList linkedList = new LinkedList();
                for (Map.Entry<String, CaInfo> entry : this.caInfos.entrySet()) {
                    String key = entry.getKey();
                    if (CaStatus.ACTIVE == entry.getValue().getStatus()) {
                        if (this.ca2Manager.startCa(key)) {
                            LOG.info("started CA {}", key);
                        } else {
                            linkedList.add(key);
                            LOG.error("could not start CA {}", key);
                        }
                    }
                }
                this.caSystemSetuped = true;
                StringBuilder sb = new StringBuilder();
                sb.append("started CA system");
                Set<String> caAliasNames = getCaAliasNames();
                HashSet hashSet = new HashSet(getCaNames());
                if (hashSet.size() > 0) {
                    sb.append(" with following CAs: ");
                    for (String str : caAliasNames) {
                        String caNameForAlias = getCaNameForAlias(str);
                        if (caNameForAlias != null) {
                            hashSet.remove(caNameForAlias);
                            sb.append(caNameForAlias).append(" (alias ").append(str).append("), ");
                        }
                    }
                    Iterator it = hashSet.iterator();
                    while (it.hasNext()) {
                        sb.append((String) it.next()).append(", ");
                    }
                    int length = sb.length();
                    sb.delete(length - 2, length);
                } else {
                    sb.append(": no CA is configured");
                }
                if (!linkedList.isEmpty()) {
                    sb.append(", and following CAs could not be started: ");
                    for (String str2 : caAliasNames) {
                        String caNameForAlias2 = getCaNameForAlias(str2);
                        if (linkedList.remove(caNameForAlias2)) {
                            sb.append(caNameForAlias2).append(" (alias ").append(str2).append("), ");
                        }
                    }
                    Iterator it2 = linkedList.iterator();
                    while (it2.hasNext()) {
                        sb.append((String) it2.next()).append(", ");
                    }
                    int length2 = sb.length();
                    sb.delete(length2 - 2, length2);
                }
                LOG.info("{}", sb);
                this.initializing = false;
                if (this.masterMode || this.persistentScheduledThreadPoolExecutor != null) {
                    return true;
                }
                this.persistentScheduledThreadPoolExecutor = new ScheduledThreadPoolExecutor(1);
                this.persistentScheduledThreadPoolExecutor.setRemoveOnCancelPolicy(true);
                this.persistentScheduledThreadPoolExecutor.scheduleAtFixedRate(new CaRestarter(), 300L, 300L, TimeUnit.SECONDS);
                return true;
            } catch (Exception e) {
                LogUtil.error(LOG, e, "error initializing CA system");
                this.initializing = false;
                if (!this.masterMode && this.persistentScheduledThreadPoolExecutor == null) {
                    this.persistentScheduledThreadPoolExecutor = new ScheduledThreadPoolExecutor(1);
                    this.persistentScheduledThreadPoolExecutor.setRemoveOnCancelPolicy(true);
                    this.persistentScheduledThreadPoolExecutor.scheduleAtFixedRate(new CaRestarter(), 300L, 300L, TimeUnit.SECONDS);
                }
                return false;
            }
        } catch (Throwable th) {
            this.initializing = false;
            if (!this.masterMode && this.persistentScheduledThreadPoolExecutor == null) {
                this.persistentScheduledThreadPoolExecutor = new ScheduledThreadPoolExecutor(1);
                this.persistentScheduledThreadPoolExecutor.setRemoveOnCancelPolicy(true);
                this.persistentScheduledThreadPoolExecutor.scheduleAtFixedRate(new CaRestarter(), 300L, 300L, TimeUnit.SECONDS);
            }
            throw th;
        }
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        LOG.info("stopping CA system");
        shutdownScheduledThreadPoolExecutor();
        if (this.persistentScheduledThreadPoolExecutor != null) {
            this.persistentScheduledThreadPoolExecutor.shutdown();
            while (!this.persistentScheduledThreadPoolExecutor.isTerminated()) {
                try {
                    Thread.sleep(100L);
                } catch (InterruptedException e) {
                    LOG.error("interrupted: {}", e.getMessage());
                }
            }
            this.persistentScheduledThreadPoolExecutor = null;
        }
        this.ca2Manager.close();
        if (this.caLockedByMe) {
            try {
                unlockCa();
            } catch (Throwable th) {
                LogUtil.error(LOG, th, "could not unlock CA system");
            }
        }
        HashMap hashMap = new HashMap(this.datasourceMap);
        hashMap.put("ca", this.certstoreDatasource);
        if (this.certstoreDatasource != this.caconfDatasource) {
            hashMap.put("caconf", this.caconfDatasource);
        }
        for (String str : hashMap.keySet()) {
            try {
                ((DataSourceWrapper) hashMap.get(str)).close();
            } catch (Exception e2) {
                LogUtil.warn(LOG, e2, "could not close datasource " + str);
            }
        }
        this.keypairGenManager.close();
        this.publisherManager.close();
        this.certprofileManager.close();
        File file = new File("calock");
        if (file.exists() && !file.delete()) {
            LOG.warn("could not delete file " + file.getAbsolutePath());
        }
        auditLogPciEvent(true, "SHUTDOWN");
        LOG.info("stopped CA system");
    }

    public ScheduledThreadPoolExecutor getScheduledThreadPoolExecutor() {
        return this.scheduledThreadPoolExecutor;
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public Set<String> getCertprofileNames() {
        return this.certprofileDbEntries.keySet();
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public Set<String> getKeypairGenNames() {
        return this.keypairGenDbEntries.keySet();
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public Set<String> getPublisherNames() {
        return this.publisherDbEntries.keySet();
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public Set<String> getRequestorNames() {
        return this.requestorDbEntries.keySet();
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public Set<String> getSignerNames() {
        return this.signerDbEntries.keySet();
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public Set<String> getCaNames() {
        return this.caInfos.keySet();
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public Set<String> getSuccessfulCaNames() {
        return this.ca2Manager.getSuccessfulCaNames();
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public Set<String> getFailedCaNames() {
        return this.ca2Manager.getFailedCaNames();
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public Set<String> getInactiveCaNames() {
        return this.ca2Manager.getInactiveCaNames();
    }

    public void commitNextCrlNo(NameId nameId, long j) throws OperationException {
        this.ca2Manager.commitNextCrlNo(nameId, j);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void addCa(CaEntry caEntry) throws CaMgmtException {
        this.ca2Manager.addCa(caEntry, this.certstore);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public CaEntry getCa(String str) {
        CaInfo caInfo = this.caInfos.get(Args.toNonBlankLower(str, "name"));
        if (caInfo == null) {
            return null;
        }
        return caInfo.getCaEntry();
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void changeCa(ChangeCaEntry changeCaEntry) throws CaMgmtException {
        this.ca2Manager.changeCa(changeCaEntry);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void removeCertprofileFromCa(String str, String str2) throws CaMgmtException {
        this.certprofileManager.removeCertprofileFromCa(str, str2);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void addCertprofileToCa(String str, String str2) throws CaMgmtException {
        this.certprofileManager.addCertprofileToCa(str, str2);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void removePublisherFromCa(String str, String str2) throws CaMgmtException {
        this.publisherManager.removePublisherFromCa(str, str2);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void addPublisherToCa(String str, String str2) throws CaMgmtException {
        this.publisherManager.addPublisherToCa(str, str2);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public Set<CaProfileEntry> getCertprofilesForCa(String str) {
        Set<CaProfileEntry> set = this.caHasProfiles.get(Args.toNonBlankLower(str, "caName"));
        if (CollectionUtil.isEmpty(set)) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        Iterator<CaProfileEntry> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next());
        }
        return hashSet;
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public Set<CaHasRequestorEntry> getRequestorsForCa(String str) {
        return this.caHasRequestors.get(Args.toNonBlankLower(str, "caName"));
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public RequestorEntry getRequestor(String str) {
        return this.requestorDbEntries.get(Args.toNonBlankLower(str, "name"));
    }

    public RequestorEntryWrapper getRequestorWrapper(String str) {
        return this.requestors.get(Args.toNonBlankLower(str, "name"));
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void addRequestor(RequestorEntry requestorEntry) throws CaMgmtException {
        this.requestorManager.addRequestor(requestorEntry);
        this.certstore.addRequestor(requestorEntry.getIdent());
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void removeRequestor(String str) throws CaMgmtException {
        assertMasterMode();
        this.certstore.removeRequestor(str);
        this.requestorManager.removeRequestor(str);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void changeRequestor(String str, String str2, String str3) throws CaMgmtException {
        this.requestorManager.changeRequestor(str, str2, str3);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void removeRequestorFromCa(String str, String str2) throws CaMgmtException {
        this.requestorManager.removeRequestorFromCa(str, str2);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void addRequestorToCa(CaHasRequestorEntry caHasRequestorEntry, String str) throws CaMgmtException {
        this.requestorManager.addRequestorToCa(caHasRequestorEntry, str);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public CertprofileEntry getCertprofile(String str) {
        return this.certprofileDbEntries.get(str.toLowerCase());
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void removeCertprofile(String str) throws CaMgmtException {
        assertMasterMode();
        this.certstore.removeCertProfile(str);
        this.certprofileManager.removeCertprofile(str);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void changeCertprofile(String str, String str2, String str3) throws CaMgmtException {
        this.certprofileManager.changeCertprofile(str, str2, str3);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void addCertprofile(CertprofileEntry certprofileEntry) throws CaMgmtException {
        this.certprofileManager.addCertprofile(certprofileEntry);
        this.certstore.addCertProfile(certprofileEntry.getIdent());
    }

    public CertprofileInfoResponse getCertprofileInfo(String str) throws OperationException {
        return this.certprofileManager.getCertprofileInfo(str);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public KeypairGenEntry getKeypairGen(String str) {
        return this.keypairGenDbEntries.get(str);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void removeKeypairGen(String str) throws CaMgmtException {
        this.keypairGenManager.removeKeypairGen(str);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void changeKeypairGen(String str, String str2, String str3) throws CaMgmtException {
        this.keypairGenManager.changeKeypairGen(str, str2, str3);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void addKeypairGen(KeypairGenEntry keypairGenEntry) throws CaMgmtException {
        this.keypairGenManager.addKeypairGen(keypairGenEntry);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void addSigner(SignerEntry signerEntry) throws CaMgmtException {
        this.signerManager.addSigner(signerEntry);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void removeSigner(String str) throws CaMgmtException {
        this.signerManager.removeSigner(str);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void changeSigner(String str, String str2, String str3, String str4) throws CaMgmtException {
        this.signerManager.changeSigner(str, str2, str3, str4);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public SignerEntry getSigner(String str) {
        return this.signerDbEntries.get(Args.toNonBlankLower(str, "name"));
    }

    public SignerEntryWrapper getSignerWrapper(String str) {
        return this.signers.get(Args.toNonBlankLower(str, "name"));
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void addPublisher(PublisherEntry publisherEntry) throws CaMgmtException {
        this.publisherManager.addPublisher(publisherEntry);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public List<PublisherEntry> getPublishersForCa(String str) {
        return this.publisherManager.getPublishersForCa(str);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public PublisherEntry getPublisher(String str) {
        return this.publisherDbEntries.get(Args.toNonBlankLower(str, "name"));
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void removePublisher(String str) throws CaMgmtException {
        this.publisherManager.removePublisher(str);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void changePublisher(String str, String str2, String str3) throws CaMgmtException {
        this.publisherManager.changePublisher(str, str2, str3);
    }

    public void setCaServerConf(CaServerConf caServerConf) {
        this.caServerConf = (CaServerConf) Args.notNull(caServerConf, "caServerConf");
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void addCaAlias(String str, String str2) throws CaMgmtException {
        checkName(str, "CA alias");
        this.ca2Manager.addCaAlias(str, str2);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void removeCaAlias(String str) throws CaMgmtException {
        this.ca2Manager.removeCaAlias(str);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public String getCaNameForAlias(String str) {
        return this.ca2Manager.getCaNameForAlias(str);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public Set<String> getAliasesForCa(String str) {
        return this.ca2Manager.getAliasesForCa(str);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public Set<String> getCaAliasNames() {
        return this.caAliases.keySet();
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void removeCa(String str) throws CaMgmtException {
        assertMasterMode();
        this.certstore.removeCa(str);
        this.ca2Manager.removeCa(str);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void republishCertificates(String str, List<String> list, int i) throws CaMgmtException {
        this.publisherManager.republishCertificates(str, list, i);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void revokeCa(String str, CertRevocationInfo certRevocationInfo) throws CaMgmtException {
        this.ca2Manager.revokeCa(str, certRevocationInfo);
        this.certstore.revokeCa(str, certRevocationInfo);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void unrevokeCa(String str) throws CaMgmtException {
        this.ca2Manager.unrevokeCa(str);
        this.certstore.unrevokeCa(str);
    }

    public void setCertprofileFactoryRegister(CertprofileFactoryRegister certprofileFactoryRegister) {
        this.certprofileFactoryRegister = certprofileFactoryRegister;
    }

    public void setCertPublisherFactoryRegister(CertPublisherFactoryRegister certPublisherFactoryRegister) {
        this.certPublisherFactoryRegister = certPublisherFactoryRegister;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void auditLogPciEvent(boolean z, String str) {
        PciAuditEvent pciAuditEvent = new PciAuditEvent();
        pciAuditEvent.setUserId("CA-SYSTEM");
        pciAuditEvent.setEventType(str);
        pciAuditEvent.setAffectedResource("CORE");
        pciAuditEvent.setStatus((z ? AuditStatus.SUCCESSFUL : AuditStatus.FAILED).name());
        pciAuditEvent.setLevel(z ? AuditLevel.INFO : AuditLevel.ERROR);
        Audits.getAuditService().logEvent(pciAuditEvent);
    }

    private void shutdownScheduledThreadPoolExecutor() {
        if (this.scheduledThreadPoolExecutor == null) {
            return;
        }
        this.scheduledThreadPoolExecutor.shutdown();
        this.scheduledThreadPoolExecutor = null;
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void revokeCertificate(String str, BigInteger bigInteger, CrlReason crlReason, Instant instant) throws CaMgmtException {
        this.ca2Manager.revokeCertificate(str, bigInteger, crlReason, instant);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void unsuspendCertificate(String str, BigInteger bigInteger) throws CaMgmtException {
        this.ca2Manager.unsuspendCertificate(str, bigInteger);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public void removeCertificate(String str, BigInteger bigInteger) throws CaMgmtException {
        this.ca2Manager.removeCertificate(str, bigInteger);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public X509Cert generateCertificate(String str, String str2, byte[] bArr, Instant instant, Instant instant2) throws CaMgmtException {
        return this.ca2Manager.generateCertificate(str, str2, bArr, instant, instant2);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public X509Cert generateCrossCertificate(String str, String str2, byte[] bArr, byte[] bArr2, Instant instant, Instant instant2) throws CaMgmtException {
        return this.ca2Manager.generateCrossCertificate(str, str2, bArr, bArr2, instant, instant2);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public KeyCertBytesPair generateKeyCert(String str, String str2, String str3, Instant instant, Instant instant2) throws CaMgmtException {
        return this.ca2Manager.generateKeyCert(str, str2, str3, instant, instant2);
    }

    public X509Ca getX509Ca(String str) throws CaMgmtException {
        return this.ca2Manager.getX509Ca(str);
    }

    public KeypairGenerator getKeypairGenerator(String str) {
        KeypairGenEntryWrapper keypairGenEntryWrapper = this.keypairGens.get(Args.toNonBlankLower(str, "keypairGenName"));
        if (keypairGenEntryWrapper == null) {
            return null;
        }
        return keypairGenEntryWrapper.getGenerator();
    }

    public IdentifiedCertprofile getIdentifiedCertprofile(String str) {
        return this.certprofiles.get(Args.toNonBlankLower(str, "profileName"));
    }

    public List<IdentifiedCertPublisher> getIdentifiedPublishersForCa(String str) {
        return this.publisherManager.getIdentifiedPublishersForCa(str);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public X509Cert generateRootCa(CaEntry caEntry, String str, String str2, String str3, Instant instant, Instant instant2) throws CaMgmtException {
        return this.ca2Manager.generateRootCa(caEntry, str, str2, str3, instant, instant2, this.certstore);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void assertMasterMode() throws CaMgmtException {
        if (!this.masterMode) {
            throw new CaMgmtException("operation not allowed in slave mode");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void assertMasterModeAndSetuped() throws CaMgmtException {
        assertMasterMode();
        if (!this.caSystemSetuped) {
            throw new CaMgmtException("CA system is not initialized yet.");
        }
    }

    public SignerEntryWrapper createSigner(SignerEntry signerEntry) throws CaMgmtException {
        return this.signerManager.createSigner(signerEntry);
    }

    public IdentifiedCertprofile createCertprofile(CertprofileEntry certprofileEntry) throws CaMgmtException {
        return this.certprofileManager.createCertprofile(certprofileEntry);
    }

    public IdentifiedCertPublisher createPublisher(PublisherEntry publisherEntry) throws CaMgmtException {
        return this.publisherManager.createPublisher(publisherEntry);
    }

    public KeypairGenEntryWrapper createKeypairGenerator(KeypairGenEntry keypairGenEntry) throws CaMgmtException {
        return this.keypairGenManager.createKeypairGen(keypairGenEntry);
    }

    public CaIdNameMap idNameMap() {
        return this.idNameMap;
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public X509CRLHolder generateCrlOnDemand(String str) throws CaMgmtException {
        return this.ca2Manager.generateCrlOnDemand(str);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public X509CRLHolder getCrl(String str, BigInteger bigInteger) throws CaMgmtException {
        return this.ca2Manager.getCrl(str, bigInteger);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public X509CRLHolder getCurrentCrl(String str) throws CaMgmtException {
        return this.ca2Manager.getCurrentCrl(str);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public CertWithRevocationInfo getCert(String str, BigInteger bigInteger) throws CaMgmtException {
        return this.ca2Manager.getCert(str, bigInteger);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public CertWithRevocationInfo getCert(X500Name x500Name, BigInteger bigInteger) throws CaMgmtException {
        return this.ca2Manager.getCert(x500Name, bigInteger);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public List<CertListInfo> listCertificates(String str, X500Name x500Name, Instant instant, Instant instant2, CertListOrderBy certListOrderBy, int i) throws CaMgmtException {
        return this.ca2Manager.listCertificates(str, x500Name, instant, instant2, certListOrderBy, i);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public Map<String, X509Cert> loadConf(byte[] bArr) throws CaMgmtException {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                Map<String, X509Cert> loadConf = this.confLoader.loadConf(byteArrayInputStream);
                byteArrayInputStream.close();
                return loadConf;
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public Map<String, X509Cert> loadConfAndClose(InputStream inputStream) throws CaMgmtException {
        return this.confLoader.loadConf(inputStream);
    }

    @Override // org.xipki.ca.api.mgmt.CaManager
    public InputStream exportConf(List<String> list) throws CaMgmtException, IOException {
        return this.confLoader.exportConf(list);
    }

    public CtLogPublicKeyFinder getCtLogPublicKeyFinder() {
        return this.ctLogPublicKeyFinder;
    }

    public CmLicense getLicense() {
        return this.license;
    }

    public X509Ca getCa(CaIdentifierRequest caIdentifierRequest) {
        X500NameType issuer = caIdentifierRequest.getIssuer();
        X500Name x500Name = null;
        if (issuer != null) {
            try {
                x500Name = issuer.toX500Name();
            } catch (IOException e) {
                return null;
            }
        }
        byte[] authorityKeyIdentifier = caIdentifierRequest.getAuthorityKeyIdentifier();
        byte[] issuerCertSha1Fp = caIdentifierRequest.getIssuerCertSha1Fp();
        if (x500Name == null && authorityKeyIdentifier == null && issuerCertSha1Fp == null) {
            return null;
        }
        Iterator<Map.Entry<String, X509Ca>> it = this.x509cas.entrySet().iterator();
        while (it.hasNext()) {
            X509Ca value = it.next().getValue();
            if (x500Name == null || x500Name.equals(value.getCaCert().getSubject())) {
                if (authorityKeyIdentifier == null || Arrays.equals(value.getCaCert().getSubjectKeyId(), authorityKeyIdentifier)) {
                    if (issuerCertSha1Fp == null || Hex.encode(issuerCertSha1Fp).equalsIgnoreCase(value.getHexSha1OfCert())) {
                        return value;
                    }
                }
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CaMgmtException logAndCreateException(String str) {
        LOG.error(str);
        return new CaMgmtException(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void checkName(String str, String str2) throws CaMgmtException {
        try {
            CaConfs.checkName(str, str2);
        } catch (InvalidConfException e) {
            throw new CaMgmtException(e.getMessage());
        }
    }
}
