package org.xipki.ca.server.mgmt;

import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.ca.api.CertprofileValidator;
import org.xipki.ca.api.NameId;
import org.xipki.ca.api.mgmt.CaMgmtException;
import org.xipki.ca.api.mgmt.CaProfileEntry;
import org.xipki.ca.api.mgmt.entry.CertprofileEntry;
import org.xipki.ca.api.profile.Certprofile;
import org.xipki.ca.api.profile.CertprofileException;
import org.xipki.ca.api.profile.KeyParametersOption;
import org.xipki.ca.sdk.CertprofileInfoResponse;
import org.xipki.ca.sdk.KeyType;
import org.xipki.ca.server.IdentifiedCertprofile;
import org.xipki.util.Args;
import org.xipki.util.CollectionUtil;
import org.xipki.util.LogUtil;
import org.xipki.util.TripleState;
import org.xipki.util.exception.ErrorCode;
import org.xipki.util.exception.ObjectCreationException;
import org.xipki.util.exception.OperationException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/ca-server-6.4.0.jar:org/xipki/ca/server/mgmt/CertprofileManager.class */
public class CertprofileManager {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CertprofileManager.class);
    private boolean certprofilesInitialized;
    private final CaManagerImpl manager;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertprofileManager(CaManagerImpl caManagerImpl) {
        this.manager = (CaManagerImpl) Args.notNull(caManagerImpl, "manager");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void reset() {
        this.certprofilesInitialized = false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void close() {
        Iterator<String> it = this.manager.certprofiles.keySet().iterator();
        while (it.hasNext()) {
            shutdownCertprofile(this.manager.certprofiles.get(it.next()));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void initCertprofiles() throws CaMgmtException {
        if (this.certprofilesInitialized) {
            return;
        }
        Iterator<String> it = this.manager.certprofiles.keySet().iterator();
        while (it.hasNext()) {
            shutdownCertprofile(this.manager.certprofiles.get(it.next()));
        }
        this.manager.certprofileDbEntries.clear();
        this.manager.idNameMap.clearCertprofile();
        this.manager.certprofiles.clear();
        for (String str : this.manager.queryExecutor.namesFromTable("PROFILE")) {
            CertprofileEntry createCertprofile = this.manager.queryExecutor.createCertprofile(str);
            this.manager.idNameMap.addCertprofile(createCertprofile.getIdent());
            createCertprofile.setFaulty(true);
            this.manager.certprofileDbEntries.put(str, createCertprofile);
            IdentifiedCertprofile createCertprofile2 = createCertprofile(createCertprofile);
            createCertprofile.setFaulty(false);
            this.manager.certprofiles.put(str, createCertprofile2);
            LOG.info("loaded certprofile {}", str);
        }
        this.certprofilesInitialized = true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void removeCertprofileFromCa(String str, String str2) throws CaMgmtException {
        Set<CaProfileEntry> set;
        this.manager.assertMasterMode();
        String nonBlankLower = Args.toNonBlankLower(str, "profileName");
        String nonBlankLower2 = Args.toNonBlankLower(str2, "caName");
        this.manager.queryExecutor.removeCertprofileFromCa(nonBlankLower, nonBlankLower2);
        if (!this.manager.caHasProfiles.containsKey(nonBlankLower2) || (set = this.manager.caHasProfiles.get(nonBlankLower2)) == null) {
            return;
        }
        CaProfileEntry caProfileEntry = null;
        for (CaProfileEntry caProfileEntry2 : set) {
            if (caProfileEntry2.getProfileName().equals(nonBlankLower)) {
                caProfileEntry = caProfileEntry2;
            }
        }
        if (caProfileEntry != null) {
            set.remove(caProfileEntry);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addCertprofileToCa(String str, String str2) throws CaMgmtException {
        this.manager.assertMasterMode();
        try {
            CaProfileEntry decode = CaProfileEntry.decode(str);
            String nonBlankLower = Args.toNonBlankLower(decode.getProfileName(), "profileName");
            String nonBlankLower2 = Args.toNonBlankLower(str2, "caName");
            NameId certprofile = this.manager.idNameMap.getCertprofile(nonBlankLower);
            if (certprofile == null) {
                throw this.manager.logAndCreateException("unknown Certprofile " + nonBlankLower);
            }
            NameId ca = this.manager.idNameMap.getCa(nonBlankLower2);
            if (ca == null) {
                throw this.manager.logAndCreateException("unknown CA " + nonBlankLower2);
            }
            Set<CaProfileEntry> set = this.manager.caHasProfiles.get(nonBlankLower2);
            if (set == null) {
                set = new HashSet();
                this.manager.caHasProfiles.put(nonBlankLower2, set);
            } else {
                Iterator<CaProfileEntry> it = set.iterator();
                while (it.hasNext()) {
                    String containedNameOrAlias = it.next().containedNameOrAlias(decode);
                    if (containedNameOrAlias != null) {
                        throw this.manager.logAndCreateException("Certprofile (name or alias) '" + containedNameOrAlias + "' already associated with CA " + nonBlankLower2);
                    }
                }
            }
            this.manager.queryExecutor.addCertprofileToCa(certprofile, ca, decode.getProfileAliases());
            set.add(decode);
        } catch (Exception e) {
            throw new CaMgmtException("invalid syntax of profileNameAndAlias '" + str + "'", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void removeCertprofile(String str) throws CaMgmtException {
        this.manager.assertMasterMode();
        String nonBlankLower = Args.toNonBlankLower(str, "name");
        for (String str2 : this.manager.caHasProfiles.keySet()) {
            if (this.manager.caHasProfiles.get(str2).contains(nonBlankLower)) {
                removeCertprofileFromCa(nonBlankLower, str2);
            }
        }
        if (!this.manager.queryExecutor.deleteRowWithName(nonBlankLower, "PROFILE")) {
            throw new CaMgmtException("unknown profile " + nonBlankLower);
        }
        LOG.info("removed profile '{}'", nonBlankLower);
        this.manager.idNameMap.removeCertprofile(this.manager.certprofileDbEntries.get(nonBlankLower).getIdent().getId().intValue());
        this.manager.certprofileDbEntries.remove(nonBlankLower);
        shutdownCertprofile(this.manager.certprofiles.remove(nonBlankLower));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void changeCertprofile(String str, String str2, String str3) throws CaMgmtException {
        this.manager.assertMasterMode();
        String nonBlankLower = Args.toNonBlankLower(str, "name");
        if (str2 == null && str3 == null) {
            throw new IllegalArgumentException("type and conf cannot be both null");
        }
        NameId certprofile = this.manager.idNameMap.getCertprofile(nonBlankLower);
        if (certprofile == null) {
            throw this.manager.logAndCreateException("unknown Certprofile " + nonBlankLower);
        }
        if (str2 != null) {
            str2 = str2.toLowerCase();
        }
        IdentifiedCertprofile changeCertprofile = this.manager.queryExecutor.changeCertprofile(certprofile, str2, str3, this.manager);
        this.manager.certprofileDbEntries.remove(nonBlankLower);
        IdentifiedCertprofile remove = this.manager.certprofiles.remove(nonBlankLower);
        this.manager.certprofileDbEntries.put(nonBlankLower, changeCertprofile.getDbEntry());
        this.manager.certprofiles.put(nonBlankLower, changeCertprofile);
        if (remove != null) {
            shutdownCertprofile(remove);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addCertprofile(CertprofileEntry certprofileEntry) throws CaMgmtException {
        this.manager.assertMasterMode();
        String name = ((CertprofileEntry) Args.notNull(certprofileEntry, "certprofileEntry")).getIdent().getName();
        CaManagerImpl.checkName(name, "certprofile name");
        if (this.manager.certprofileDbEntries.containsKey(name)) {
            throw new CaMgmtException("Certprofile '" + name + "' exists");
        }
        certprofileEntry.setFaulty(true);
        IdentifiedCertprofile createCertprofile = createCertprofile(certprofileEntry);
        if (createCertprofile == null) {
            throw new CaMgmtException("could not create Certprofile object");
        }
        certprofileEntry.setFaulty(false);
        this.manager.certprofiles.put(name, createCertprofile);
        this.manager.queryExecutor.addCertprofile(certprofileEntry);
        this.manager.idNameMap.addCertprofile(certprofileEntry.getIdent());
        this.manager.certprofileDbEntries.put(name, certprofileEntry);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertprofileInfoResponse getCertprofileInfo(String str) throws OperationException {
        IdentifiedCertprofile identifiedCertprofile = this.manager.getIdentifiedCertprofile(str);
        if (identifiedCertprofile == null) {
            throw new OperationException(ErrorCode.UNKNOWN_CERT_PROFILE);
        }
        Certprofile certprofile = identifiedCertprofile.getCertprofile();
        Map<ASN1ObjectIdentifier, Certprofile.ExtensionControl> extensionControls = certprofile.getExtensionControls();
        LinkedList linkedList = new LinkedList();
        LinkedList linkedList2 = new LinkedList();
        for (Map.Entry<ASN1ObjectIdentifier, Certprofile.ExtensionControl> entry : extensionControls.entrySet()) {
            TripleState inRequest = entry.getValue().getInRequest();
            if (inRequest != null && inRequest != TripleState.forbidden) {
                if (entry.getValue().isRequired() && inRequest == TripleState.required) {
                    linkedList.add(entry.getKey().getId());
                } else {
                    linkedList2.add(entry.getKey().getId());
                }
            }
        }
        String[] strArr = linkedList.isEmpty() ? null : (String[]) linkedList.toArray(new String[0]);
        String[] strArr2 = linkedList2.isEmpty() ? null : (String[]) linkedList2.toArray(new String[0]);
        KeyType[] keyTypeArr = null;
        Map<ASN1ObjectIdentifier, KeyParametersOption> keyAlgorithms = certprofile.getKeyAlgorithms();
        if (keyAlgorithms != null) {
            LinkedList linkedList3 = new LinkedList();
            for (Map.Entry<ASN1ObjectIdentifier, KeyParametersOption> entry2 : keyAlgorithms.entrySet()) {
                KeyParametersOption value = entry2.getValue();
                String[] strArr3 = null;
                if (value instanceof KeyParametersOption.ECParamatersOption) {
                    Set<ASN1ObjectIdentifier> curveOids = ((KeyParametersOption.ECParamatersOption) value).getCurveOids();
                    if (CollectionUtil.isNotEmpty(curveOids)) {
                        LinkedList linkedList4 = new LinkedList();
                        Iterator<ASN1ObjectIdentifier> it = curveOids.iterator();
                        while (it.hasNext()) {
                            linkedList4.add(it.next().getId());
                        }
                        strArr3 = (String[]) linkedList4.toArray(new String[0]);
                    }
                }
                linkedList3.add(new KeyType(entry2.getKey().getId(), strArr3));
            }
            if (!linkedList3.isEmpty()) {
                keyTypeArr = (KeyType[]) linkedList3.toArray(new KeyType[0]);
            }
        }
        return new CertprofileInfoResponse(strArr, strArr2, keyTypeArr);
    }

    void shutdownCertprofile(IdentifiedCertprofile identifiedCertprofile) {
        if (identifiedCertprofile == null) {
            return;
        }
        try {
            identifiedCertprofile.close();
        } catch (Exception e) {
            LogUtil.warn(LOG, e, "could not shutdown Certprofile " + identifiedCertprofile.getIdent());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public IdentifiedCertprofile createCertprofile(CertprofileEntry certprofileEntry) throws CaMgmtException {
        String type = ((CertprofileEntry) Args.notNull(certprofileEntry, "entry")).getType();
        if (!this.manager.certprofileFactoryRegister.canCreateProfile(type)) {
            throw new CaMgmtException("unsupported cert profile type " + type);
        }
        try {
            Certprofile newCertprofile = this.manager.certprofileFactoryRegister.newCertprofile(type);
            IdentifiedCertprofile identifiedCertprofile = new IdentifiedCertprofile(certprofileEntry, newCertprofile);
            try {
                CertprofileValidator.validate(newCertprofile);
            } catch (CertprofileException e) {
                LogUtil.warn(LOG, e, "validating certprofile " + certprofileEntry.getIdent().getName() + " failed");
            }
            return identifiedCertprofile;
        } catch (CertprofileException | ObjectCreationException e2) {
            String str = "could not initialize Certprofile " + certprofileEntry.getIdent();
            LogUtil.error(LOG, e2, str);
            throw new CaMgmtException(str, e2);
        }
    }
}
