package org.xipki.ca.server.db;

import java.io.IOException;
import java.security.cert.CertificateException;
import java.sql.Timestamp;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.audit.services.MacAuditService;
import org.xipki.ca.api.CaUris;
import org.xipki.ca.api.NameId;
import org.xipki.ca.api.mgmt.CaManager;
import org.xipki.ca.api.mgmt.CaMgmtException;
import org.xipki.ca.api.mgmt.CaStatus;
import org.xipki.ca.api.mgmt.CrlControl;
import org.xipki.ca.api.mgmt.CtlogControl;
import org.xipki.ca.api.mgmt.RevokeSuspendedControl;
import org.xipki.ca.api.mgmt.entry.CaConfColumn;
import org.xipki.ca.api.mgmt.entry.CaEntry;
import org.xipki.ca.api.mgmt.entry.CaHasRequestorEntry;
import org.xipki.ca.api.mgmt.entry.CertprofileEntry;
import org.xipki.ca.api.mgmt.entry.ChangeCaEntry;
import org.xipki.ca.api.mgmt.entry.KeypairGenEntry;
import org.xipki.ca.api.mgmt.entry.PublisherEntry;
import org.xipki.ca.api.mgmt.entry.RequestorEntry;
import org.xipki.ca.api.mgmt.entry.SignerEntry;
import org.xipki.ca.sdk.CaAuditConstants;
import org.xipki.ca.server.CaInfo;
import org.xipki.ca.server.CaUtil;
import org.xipki.ca.server.IdentifiedCertPublisher;
import org.xipki.ca.server.IdentifiedCertprofile;
import org.xipki.ca.server.KeypairGenEntryWrapper;
import org.xipki.ca.server.RequestorEntryWrapper;
import org.xipki.ca.server.SignerEntryWrapper;
import org.xipki.ca.server.db.CaManagerQueryExecutorBase;
import org.xipki.ca.server.db.QueryExecutor;
import org.xipki.ca.server.mgmt.CaManagerImpl;
import org.xipki.ca.server.mgmt.CaProfileIdAliases;
import org.xipki.datasource.DataAccessException;
import org.xipki.datasource.DataSourceWrapper;
import org.xipki.password.PasswordResolver;
import org.xipki.security.CertRevocationInfo;
import org.xipki.security.ConcurrentContentSigner;
import org.xipki.security.SecurityFactory;
import org.xipki.security.SignerConf;
import org.xipki.security.X509Cert;
import org.xipki.security.XiSecurityException;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.Base64;
import org.xipki.util.CollectionUtil;
import org.xipki.util.ConfPairs;
import org.xipki.util.SqlUtil;
import org.xipki.util.StringUtil;
import org.xipki.util.exception.ObjectCreationException;
import org.xipki.util.exception.OperationException;

/* loaded from: input_file:WEB-INF/lib/ca-server-6.4.0.jar:org/xipki/ca/server/db/CaManagerQueryExecutor.class */
public class CaManagerQueryExecutor extends CaManagerQueryExecutorBase {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CaManagerQueryExecutor.class);
    private final String sqlSelectProfileId;
    private final String sqlSelectProfile;
    private final String sqlSelectPublisherId;
    private final String sqlSelectPublisher;
    private final String sqlSelectRequestorId;
    private final String sqlSelectRequestor;
    private final String sqlSelectSigner;
    private final String sqlSelectKeypairGen;
    private final String sqlSelectCaId;
    private final String sqlSelectCa;
    private final String sqlNextSelectCrlNo;
    private final String sqlSelectSystemEvent;
    private final Map<CaManagerQueryExecutorBase.Table, AtomicLong> cachedIdMap;

    public CaManagerQueryExecutor(DataSourceWrapper dataSourceWrapper) throws CaMgmtException {
        super(dataSourceWrapper);
        this.cachedIdMap = new HashMap();
        for (CaManagerQueryExecutorBase.Table table : CaManagerQueryExecutorBase.Table.values()) {
            this.cachedIdMap.put(table, new AtomicLong(0L));
        }
        this.sqlSelectProfileId = buildSelectFirstSql("ID FROM PROFILE WHERE NAME=?");
        this.sqlSelectCaId = buildSelectFirstSql("ID FROM CA WHERE NAME=?");
        this.sqlSelectPublisherId = buildSelectFirstSql("ID FROM PUBLISHER WHERE NAME=?");
        this.sqlSelectRequestorId = buildSelectFirstSql("ID FROM REQUESTOR WHERE NAME=?");
        this.sqlSelectProfile = buildSelectFirstSql("ID,TYPE,CONF FROM PROFILE WHERE NAME=?");
        this.sqlSelectPublisher = buildSelectFirstSql("ID,TYPE,CONF FROM PUBLISHER WHERE NAME=?");
        this.sqlSelectRequestor = buildSelectFirstSql("ID,TYPE,CONF FROM REQUESTOR WHERE NAME=?");
        this.sqlSelectSigner = buildSelectFirstSql("TYPE,CERT,CONF FROM SIGNER WHERE NAME=?");
        this.sqlSelectKeypairGen = buildSelectFirstSql("TYPE,CONF FROM KEYPAIR_GEN WHERE NAME=?");
        this.sqlSelectCa = buildSelectFirstSql("ID,STATUS,NEXT_CRLNO,CRL_SIGNER_NAME,SUBJECT,REV_INFO,SIGNER_TYPE,SIGNER_CONF,CERT,CERTCHAIN,CONF FROM CA WHERE NAME=?");
        this.sqlNextSelectCrlNo = buildSelectFirstSql("NEXT_CRLNO FROM CA WHERE ID=?");
        this.sqlSelectSystemEvent = buildSelectFirstSql("EVENT_TIME,EVENT_OWNER FROM SYSTEM_EVENT WHERE NAME=?");
        this.dbSchemaVersion = getDbSchemaVersion();
    }

    public SystemEvent getSystemEvent(String str) throws CaMgmtException {
        ResultRow execQuery1PrepStmt0 = execQuery1PrepStmt0(this.sqlSelectSystemEvent, col2Str(str));
        if (execQuery1PrepStmt0 == null) {
            return null;
        }
        return new SystemEvent(str, execQuery1PrepStmt0.getString("EVENT_OWNER"), getLong(execQuery1PrepStmt0, "EVENT_TIME"));
    }

    private void deleteSystemEvent(String str) throws CaMgmtException {
        execUpdatePrepStmt0("DELETE FROM SYSTEM_EVENT WHERE NAME=?", col2Str(str));
    }

    private void addSystemEvent(SystemEvent systemEvent) throws CaMgmtException {
        if (execUpdatePrepStmt0(SqlUtil.buildInsertSql("SYSTEM_EVENT", "NAME,EVENT_TIME,EVENT_TIME2,EVENT_OWNER"), col2Str(systemEvent.getName()), col2Long(Long.valueOf(systemEvent.getEventTime())), col2Timestamp(new Timestamp(systemEvent.getEventTime() * 1000)), col2Str(systemEvent.getOwner())) == 0) {
            throw new CaMgmtException("could not add system event " + systemEvent.getName());
        }
        LOG.info("added system event {}", systemEvent.getName());
    }

    public void changeSystemEvent(SystemEvent systemEvent) throws CaMgmtException {
        deleteSystemEvent(systemEvent.getName());
        addSystemEvent(systemEvent);
    }

    public Map<String, Integer> createCaAliases() throws CaMgmtException {
        HashMap hashMap = new HashMap();
        for (ResultRow resultRow : execQueryStmt0("SELECT NAME,CA_ID FROM CAALIAS")) {
            hashMap.put(resultRow.getString("NAME"), Integer.valueOf(getInt(resultRow, "CA_ID")));
        }
        return hashMap;
    }

    public CertprofileEntry createCertprofile(String str) throws CaMgmtException {
        ResultRow execQuery1PrepStmt0 = execQuery1PrepStmt0(this.sqlSelectProfile, col2Str(str));
        if (execQuery1PrepStmt0 == null) {
            throw new CaMgmtException("unknown CA " + str);
        }
        return new CertprofileEntry(new NameId(Integer.valueOf(getInt(execQuery1PrepStmt0, "ID")), str), execQuery1PrepStmt0.getString("TYPE"), execQuery1PrepStmt0.getString("CONF"));
    }

    public PublisherEntry createPublisher(String str) throws CaMgmtException {
        ResultRow execQuery1PrepStmt0 = execQuery1PrepStmt0(this.sqlSelectPublisher, col2Str(str));
        if (execQuery1PrepStmt0 == null) {
            throw new CaMgmtException("unkown Publisher " + str);
        }
        return new PublisherEntry(new NameId(Integer.valueOf(getInt(execQuery1PrepStmt0, "ID")), str), execQuery1PrepStmt0.getString("TYPE"), execQuery1PrepStmt0.getString("CONF"));
    }

    public Integer getRequestorId(String str) throws CaMgmtException {
        ResultRow execQuery1PrepStmt0 = execQuery1PrepStmt0(this.sqlSelectRequestorId, col2Str(str));
        if (execQuery1PrepStmt0 == null) {
            return null;
        }
        return Integer.valueOf(getInt(execQuery1PrepStmt0, "ID"));
    }

    public RequestorEntry createRequestor(String str) throws CaMgmtException {
        ResultRow execQuery1PrepStmt0 = execQuery1PrepStmt0(this.sqlSelectRequestor, col2Str(str));
        if (execQuery1PrepStmt0 == null) {
            throw new CaMgmtException("unknown Requestor " + str);
        }
        return new RequestorEntry(new NameId(Integer.valueOf(getInt(execQuery1PrepStmt0, "ID")), str), execQuery1PrepStmt0.getString("TYPE"), execQuery1PrepStmt0.getString("CONF"));
    }

    public SignerEntry createSigner(String str) throws CaMgmtException {
        ResultRow execQuery1PrepStmt0 = execQuery1PrepStmt0(this.sqlSelectSigner, col2Str(str));
        if (execQuery1PrepStmt0 == null) {
            throw new CaMgmtException("unknown signer " + str);
        }
        return new SignerEntry(str, execQuery1PrepStmt0.getString("TYPE"), execQuery1PrepStmt0.getString("CONF"), execQuery1PrepStmt0.getString("CERT"));
    }

    public KeypairGenEntry createKeypairGen(String str) throws CaMgmtException {
        ResultRow execQuery1PrepStmt0 = execQuery1PrepStmt0(this.sqlSelectKeypairGen, col2Str(str));
        if (execQuery1PrepStmt0 == null) {
            throw new CaMgmtException("unknown keypair generation " + str);
        }
        return new KeypairGenEntry(str, execQuery1PrepStmt0.getString("TYPE"), execQuery1PrepStmt0.getString("CONF"));
    }

    public CaInfo createCaInfo(String str, CertStore certStore) throws CaMgmtException {
        ResultRow execQuery1PrepStmt0 = execQuery1PrepStmt0(this.sqlSelectCa, col2Str(str));
        if (execQuery1PrepStmt0 == null) {
            throw new CaMgmtException("unknown CA " + str);
        }
        CaConfColumn decode = CaConfColumn.decode(execQuery1PrepStmt0.getString("CONF"));
        CaEntry caEntry = new CaEntry(new NameId(Integer.valueOf(getInt(execQuery1PrepStmt0, "ID")), str), decode.snSize(), getLong(execQuery1PrepStmt0, "NEXT_CRLNO"), execQuery1PrepStmt0.getString("SIGNER_TYPE"), execQuery1PrepStmt0.getString("SIGNER_CONF"), decode.caUris(), decode.getNumCrls(), decode.getExpirationPeriod());
        caEntry.setCert(generateCert(execQuery1PrepStmt0.getString("CERT")));
        List<X509Cert> generateCertchain = generateCertchain(execQuery1PrepStmt0.getString("CERTCHAIN"));
        if (CollectionUtil.isNotEmpty(generateCertchain)) {
            CaUtil.buildCertChain(caEntry.getCert(), generateCertchain);
            caEntry.setCertchain(generateCertchain);
        }
        caEntry.setStatus(CaStatus.forName(execQuery1PrepStmt0.getString("STATUS")));
        String string = execQuery1PrepStmt0.getString("CRL_SIGNER_NAME");
        if (StringUtil.isNotBlank(string)) {
            caEntry.setCrlSignerName(string);
        }
        String string2 = execQuery1PrepStmt0.getString("REV_INFO");
        caEntry.setRevocationInfo(string2 == null ? null : CertRevocationInfo.fromEncoded(string2));
        decode.fillCaEntry(caEntry);
        try {
            return new CaInfo(caEntry, decode, certStore);
        } catch (OperationException e) {
            throw new CaMgmtException(e);
        }
    }

    public Set<CaHasRequestorEntry> createCaHasRequestors(NameId nameId) throws CaMgmtException {
        Map<Integer, String> idNameMap = getIdNameMap("REQUESTOR");
        List<ResultRow> execQueryPrepStmt0 = execQueryPrepStmt0("SELECT REQUESTOR_ID,PERMISSION,PROFILES FROM CA_HAS_REQUESTOR WHERE CA_ID=?", col2Int(nameId.getId()));
        HashSet hashSet = new HashSet();
        for (ResultRow resultRow : execQueryPrepStmt0) {
            int i = getInt(resultRow, "REQUESTOR_ID");
            String str = idNameMap.get(Integer.valueOf(i));
            List<String> split = StringUtil.split(resultRow.getString("PROFILES"), ",");
            HashSet hashSet2 = split == null ? null : new HashSet(split);
            CaHasRequestorEntry caHasRequestorEntry = new CaHasRequestorEntry(new NameId(Integer.valueOf(i), str));
            caHasRequestorEntry.setPermission(getInt(resultRow, "PERMISSION"));
            caHasRequestorEntry.setProfiles(hashSet2);
            hashSet.add(caHasRequestorEntry);
        }
        return hashSet;
    }

    public Set<CaProfileIdAliases> createCaHasProfiles(NameId nameId) throws CaMgmtException {
        List<ResultRow> execQueryPrepStmt0 = execQueryPrepStmt0("SELECT PROFILE_ID,ALIASES FROM CA_HAS_PROFILE WHERE CA_ID=?", col2Int(nameId.getId()));
        HashSet hashSet = new HashSet();
        for (ResultRow resultRow : execQueryPrepStmt0) {
            hashSet.add(new CaProfileIdAliases(getInt(resultRow, "PROFILE_ID"), resultRow.getString("ALIASES")));
        }
        return hashSet;
    }

    public Set<Integer> createCaHasPublishers(NameId nameId) throws CaMgmtException {
        return createCaHasEntities("CA_HAS_PUBLISHER", "PUBLISHER_ID", nameId);
    }

    private Set<Integer> createCaHasEntities(String str, String str2, NameId nameId) throws CaMgmtException {
        List<ResultRow> execQueryPrepStmt0 = execQueryPrepStmt0("SELECT " + str2 + " FROM " + str + " WHERE CA_ID=?", col2Int(nameId.getId()));
        HashSet hashSet = new HashSet();
        Iterator<ResultRow> it = execQueryPrepStmt0.iterator();
        while (it.hasNext()) {
            hashSet.add(Integer.valueOf(getInt(it.next(), str2)));
        }
        return hashSet;
    }

    private long getNextId(CaManagerQueryExecutorBase.Table table) throws CaMgmtException {
        try {
            long max = this.datasource.getMax(null, table.name(), "ID");
            AtomicLong atomicLong = this.cachedIdMap.get(table);
            long max2 = Math.max(max, atomicLong.get()) + 1;
            atomicLong.set(max2);
            return max2;
        } catch (DataAccessException e) {
            throw new CaMgmtException(e);
        }
    }

    public void addCa(CaEntry caEntry) throws CaMgmtException {
        Args.notNull(caEntry, "caEntry");
        caEntry.getIdent().setId(Integer.valueOf((int) getNextId(CaManagerQueryExecutorBase.Table.CA)));
        String buildInsertSql = SqlUtil.buildInsertSql("CA", "ID,NAME,STATUS,NEXT_CRLNO,CRL_SIGNER_NAME,SUBJECT,SIGNER_TYPE,SIGNER_CONF,CERT,CERTCHAIN,CONF");
        byte[] encoded = caEntry.getCert().getEncoded();
        List<X509Cert> certchain = caEntry.getCertchain();
        List asModifiableList = CaUtil.asModifiableList(col2Int(caEntry.getIdent().getId()), col2Str(caEntry.getIdent().getName()), col2Str(caEntry.getStatus().getStatus()), col2Long(Long.valueOf(caEntry.getNextCrlNumber())), col2Str(caEntry.getCrlSignerName()), col2Str(X509Util.cutText(caEntry.getSubject(), getMaxX500nameLen())), col2Str(caEntry.getSignerType()), col2Str(caEntry.getSignerConf()), col2Str(Base64.encodeToString(encoded)), col2Str(CollectionUtil.isEmpty(certchain) ? null : CaUtil.encodeCertchain(CaUtil.buildCertChain(caEntry.getCert(), certchain))));
        CaConfColumn caConfColumn = new CaConfColumn();
        CaUris caUris = caEntry.getCaUris();
        if (caUris != null) {
            caConfColumn.setCacertUris(caUris.getCacertUris());
            caConfColumn.setCrlUris(caUris.getCrlUris());
            caConfColumn.setDeltaCrlUris(caUris.getDeltaCrlUris());
            caConfColumn.setOcspUris(caUris.getOcspUris());
        }
        CrlControl crlControl = caEntry.getCrlControl();
        if (crlControl != null) {
            caConfColumn.setCrlControl(crlControl.getConfPairs().asMap());
        }
        CtlogControl ctlogControl = caEntry.getCtlogControl();
        if (ctlogControl != null) {
            caConfColumn.setCtlogControl(ctlogControl.getConfPairs().asMap());
        }
        ConfPairs extraControl = caEntry.getExtraControl();
        if (extraControl != null) {
            caConfColumn.setExtraControl(extraControl.asMap());
        }
        RevokeSuspendedControl revokeSuspendedControl = caEntry.getRevokeSuspendedControl();
        if (revokeSuspendedControl != null) {
            caConfColumn.setRevokeSuspendedControl(revokeSuspendedControl.getConfPairs().asMap());
        }
        caConfColumn.setSnSize(caEntry.getSerialNoLen());
        if (caEntry.getMaxValidity() != null) {
            caConfColumn.setMaxValidity(caEntry.getMaxValidity().toString());
        }
        caConfColumn.setKeypairGenNames(caEntry.getKeypairGenNames());
        caConfColumn.setSaveCert(caEntry.isSaveCert());
        caConfColumn.setSaveKeypair(caEntry.isSaveKeypair());
        caConfColumn.setPermission(caEntry.getPermission());
        caConfColumn.setNumCrls(caEntry.getNumCrls());
        caConfColumn.setExpirationPeriod(caEntry.getExpirationPeriod());
        caConfColumn.setKeepExpiredCertDays(caEntry.getKeepExpiredCertInDays());
        if (caEntry.getValidityMode() != null) {
            caConfColumn.setValidityMode(caEntry.getValidityMode().name());
        }
        asModifiableList.add(col2Str(caConfColumn.encode()));
        if (execUpdatePrepStmt0(buildInsertSql, (QueryExecutor.SqlColumn2[]) asModifiableList.toArray(new QueryExecutor.SqlColumn2[0])) == 0) {
            throw new CaMgmtException("could not add CA " + caEntry.getIdent());
        }
        if (LOG.isInfoEnabled()) {
            LOG.info("added CA '{}':\n{}", caEntry.getIdent(), caEntry.toString(false, true));
        }
    }

    public void addCaAlias(String str, NameId nameId) throws CaMgmtException {
        notNulls(str, "aliasName", nameId, "ca");
        if (execUpdatePrepStmt0(SqlUtil.buildInsertSql("CAALIAS", "NAME,CA_ID"), col2Str(str), col2Int(nameId.getId())) == 0) {
            throw new CaMgmtException("could not add CA alias " + str);
        }
        LOG.info("added CA alias '{}' for CA '{}'", str, nameId);
    }

    public void addCertprofile(CertprofileEntry certprofileEntry) throws CaMgmtException {
        Args.notNull(certprofileEntry, "dbEntry");
        String buildInsertSql = SqlUtil.buildInsertSql("PROFILE", "ID,NAME,TYPE,CONF");
        certprofileEntry.getIdent().setId(Integer.valueOf((int) getNextId(CaManagerQueryExecutorBase.Table.PROFILE)));
        if (execUpdatePrepStmt0(buildInsertSql, col2Int(certprofileEntry.getIdent().getId()), col2Str(certprofileEntry.getIdent().getName()), col2Str(certprofileEntry.getType()), col2Str(certprofileEntry.getConf())) == 0) {
            throw new CaMgmtException("could not add certprofile " + certprofileEntry.getIdent());
        }
        LOG.info("added profile '{}':\n{}", certprofileEntry.getIdent(), certprofileEntry);
    }

    public void addCertprofileToCa(NameId nameId, NameId nameId2, List<String> list) throws CaMgmtException {
        String substring;
        notNulls(nameId, "profile", nameId2, "ca");
        String buildInsertSql = SqlUtil.buildInsertSql("CA_HAS_PROFILE", "CA_ID,PROFILE_ID,ALIASES");
        if (CollectionUtil.isEmpty(list)) {
            substring = null;
        } else if (list.size() == 1) {
            substring = list.get(0);
        } else {
            StringBuilder sb = new StringBuilder();
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                sb.append(it.next()).append(",");
            }
            substring = sb.substring(0, sb.length() - 1);
        }
        if (execUpdatePrepStmt0(buildInsertSql, col2Int(nameId2.getId()), col2Int(nameId.getId()), col2Str(substring)) == 0) {
            throw new CaMgmtException("could not add profile " + nameId + " (aliases " + list + ") to CA " + nameId2);
        }
        LOG.info("added profile '{}' (aliases {}) to CA '{}'", nameId, list, nameId2);
    }

    public void addPublisherToCa(NameId nameId, NameId nameId2) throws CaMgmtException {
        notNulls(nameId, "publisher", nameId2, "ca");
        addEntityToCa("publisher", nameId, nameId2, SqlUtil.buildInsertSql("CA_HAS_PUBLISHER", "CA_ID,PUBLISHER_ID"));
    }

    private void addEntityToCa(String str, NameId nameId, NameId nameId2, String str2) throws CaMgmtException {
        if (execUpdatePrepStmt0(str2, col2Int(nameId2.getId()), col2Int(nameId.getId())) == 0) {
            throw new CaMgmtException("could not add " + str + " " + nameId + " to CA " + nameId2);
        }
        LOG.info("added {} '{}' to CA '{}'", str, nameId, nameId2);
    }

    public void addRequestor(RequestorEntry requestorEntry) throws CaMgmtException {
        Args.notNull(requestorEntry, "dbEntry");
        requestorEntry.getIdent().setId(Integer.valueOf((int) getNextId(CaManagerQueryExecutorBase.Table.REQUESTOR)));
        if (execUpdatePrepStmt0(SqlUtil.buildInsertSql("REQUESTOR", "ID,NAME,TYPE,CONF"), col2Int(requestorEntry.getIdent().getId()), col2Str(requestorEntry.getIdent().getName()), col2Str(requestorEntry.getType()), col2Str(requestorEntry.getConf())) == 0) {
            throw new CaMgmtException("could not add requestor " + requestorEntry.getIdent());
        }
        if (LOG.isInfoEnabled()) {
            LOG.info("added requestor '{}':\n{}", requestorEntry.getIdent(), requestorEntry.toString(false));
        }
    }

    public NameId addEmbeddedRequestor(String str) throws CaMgmtException {
        String lowerCase = str.toLowerCase();
        String buildInsertSql = SqlUtil.buildInsertSql("REQUESTOR", "ID,NAME,TYPE,CONF");
        int nextId = (int) getNextId(CaManagerQueryExecutorBase.Table.REQUESTOR);
        if (execUpdatePrepStmt0(buildInsertSql, col2Int(Integer.valueOf(nextId)), col2Str(lowerCase), col2Str("EMBEDDED"), col2Str("DEFAULT")) == 0) {
            throw new CaMgmtException("could not add requestor " + lowerCase);
        }
        LOG.info("added requestor '{}'", lowerCase);
        return new NameId(Integer.valueOf(nextId), "EMBEDDED");
    }

    public void addRequestorToCa(CaHasRequestorEntry caHasRequestorEntry, NameId nameId) throws CaMgmtException {
        notNulls(caHasRequestorEntry, CaAuditConstants.NAME_requestor, nameId, "ca");
        String buildInsertSql = SqlUtil.buildInsertSql("CA_HAS_REQUESTOR", "CA_ID,REQUESTOR_ID,PERMISSION,PROFILES");
        String collectionAsString = StringUtil.collectionAsString(caHasRequestorEntry.getProfiles(), ",");
        NameId requestorIdent = caHasRequestorEntry.getRequestorIdent();
        if (execUpdatePrepStmt0(buildInsertSql, col2Int(nameId.getId()), col2Int(requestorIdent.getId()), col2Int(Integer.valueOf(caHasRequestorEntry.getPermission())), col2Str(collectionAsString)) == 0) {
            throw new CaMgmtException("could not add requestor " + requestorIdent + " to CA " + nameId);
        }
        LOG.info("added requestor '{}' to CA '{}': permission: {}; profile: {}", requestorIdent, nameId, Integer.valueOf(caHasRequestorEntry.getPermission()), collectionAsString);
    }

    public void addPublisher(PublisherEntry publisherEntry) throws CaMgmtException {
        Args.notNull(publisherEntry, "dbEntry");
        String buildInsertSql = SqlUtil.buildInsertSql("PUBLISHER", "ID,NAME,TYPE,CONF");
        publisherEntry.getIdent().setId(Integer.valueOf((int) getNextId(CaManagerQueryExecutorBase.Table.PUBLISHER)));
        if (execUpdatePrepStmt0(buildInsertSql, col2Int(publisherEntry.getIdent().getId()), col2Str(publisherEntry.getIdent().getName()), col2Str(publisherEntry.getType()), col2Str(publisherEntry.getConf())) == 0) {
            throw new CaMgmtException("could not add publisher " + publisherEntry.getIdent());
        }
        LOG.info("added publisher '{}':\n{}", publisherEntry.getIdent(), publisherEntry);
    }

    public void changeCa(ChangeCaEntry changeCaEntry, CaConfColumn caConfColumn, SecurityFactory securityFactory) throws CaMgmtException {
        notNulls(changeCaEntry, "changeCaEntry", securityFactory, "securityFactory");
        byte[] encodedCert = changeCaEntry.getEncodedCert();
        if (encodedCert != null) {
            try {
                if (this.datasource.columnExists(null, "CERT", "CA_ID", changeCaEntry.getIdent().getId())) {
                    throw new CaMgmtException("Cannot change certificate of CA which has issued certificates");
                }
            } catch (DataAccessException e) {
                throw new CaMgmtException(e);
            }
        }
        String signerType = changeCaEntry.getSignerType();
        String signerConf = changeCaEntry.getSignerConf();
        X509Cert x509Cert = null;
        if (signerType != null || signerConf != null || encodedCert != null || CollectionUtil.isNotEmpty(changeCaEntry.getEncodedCertchain())) {
            if (encodedCert != null) {
                x509Cert = CaUtil.parseCert(encodedCert);
            } else {
                ResultRow execQuery1PrepStmt0 = execQuery1PrepStmt0("SELECT CERT FROM CA WHERE ID=?", col2Int(changeCaEntry.getIdent().getId()));
                if (execQuery1PrepStmt0 == null) {
                    throw new CaMgmtException("unknown CA '" + changeCaEntry.getIdent());
                }
                x509Cert = CaUtil.parseCert(Base64.decode(execQuery1PrepStmt0.getString("CERT")));
            }
            if (signerType != null || signerConf != null || encodedCert != null) {
                ResultRow execQuery1PrepStmt02 = execQuery1PrepStmt0("SELECT SIGNER_TYPE,SIGNER_CONF FROM CA WHERE ID=?", col2Int(changeCaEntry.getIdent().getId()));
                if (execQuery1PrepStmt02 == null) {
                    throw new CaMgmtException("unknown CA '" + changeCaEntry.getIdent());
                }
                if (signerType == null) {
                    signerType = execQuery1PrepStmt02.getString("SIGNER_TYPE");
                }
                signerConf = signerConf == null ? execQuery1PrepStmt02.getString("SIGNER_CONF") : CaUtil.canonicalizeSignerConf(signerConf);
                try {
                    Iterator<CaEntry.CaSignerConf> it = CaEntry.splitCaSignerConfs(signerConf).iterator();
                    while (it.hasNext()) {
                        ConcurrentContentSigner createSigner = securityFactory.createSigner(signerType, new SignerConf(it.next().getConf()), x509Cert);
                        if (createSigner != null) {
                            createSigner.close();
                        }
                    }
                } catch (IOException | XiSecurityException | ObjectCreationException e2) {
                    throw new CaMgmtException("could not create signer for CA '" + changeCaEntry.getIdent() + "'" + e2.getMessage(), e2);
                }
            }
        }
        String str = null;
        String str2 = null;
        if (encodedCert != null) {
            try {
                str = X509Util.parseCert(encodedCert).getIssuerText();
                str2 = Base64.encodeToString(encodedCert);
            } catch (CertificateException e3) {
                throw new CaMgmtException("could not parse the certificate", e3);
            }
        }
        String str3 = null;
        if (changeCaEntry.getEncodedCertchain() != null) {
            if (changeCaEntry.getEncodedCertchain().size() == 0) {
                str3 = CaManager.NULL;
            } else {
                LinkedList linkedList = new LinkedList();
                Iterator<byte[]> it2 = changeCaEntry.getEncodedCertchain().iterator();
                while (it2.hasNext()) {
                    linkedList.add(CaUtil.parseCert(it2.next()));
                }
                str3 = CaUtil.encodeCertchain(CaUtil.buildCertChain(x509Cert, linkedList));
            }
        }
        List asModifiableList = CaUtil.asModifiableList(colStr("STATUS", changeCaEntry.getStatus() == null ? null : changeCaEntry.getStatus().name()), colStr("CRL_SIGNER_NAME", changeCaEntry.getCrlSignerName()), colStr("SUBJECT", str), colStr("SIGNER_TYPE", signerType), colStr("SIGNER_CONF", signerConf, false, true), colStr("CERT", str2), colStr("CERTCHAIN", str3));
        asModifiableList.add(buildChangeCaConfColumn(changeCaEntry, caConfColumn));
        changeIfNotNull("CA", colInt("ID", changeCaEntry.getIdent().getId()), (QueryExecutor.SqlColumn[]) asModifiableList.toArray(new QueryExecutor.SqlColumn[0]));
    }

    private QueryExecutor.SqlColumn buildChangeCaConfColumn(ChangeCaEntry changeCaEntry, CaConfColumn caConfColumn) {
        CaConfColumn copy = caConfColumn.copy();
        if (changeCaEntry.getMaxValidity() != null) {
            copy.setMaxValidity(changeCaEntry.getMaxValidity().toString());
        }
        String extraControl = changeCaEntry.getExtraControl();
        if (extraControl != null) {
            copy.setExtraControl(CaManager.NULL.equalsIgnoreCase(extraControl) ? null : new ConfPairs(extraControl).asMap());
        }
        if (changeCaEntry.getValidityMode() != null) {
            copy.setValidityMode(changeCaEntry.getValidityMode().name());
        }
        CaUris caUris = changeCaEntry.getCaUris();
        if (caUris != null) {
            List<String> cacertUris = caUris.getCacertUris();
            if (cacertUris != null) {
                copy.setCacertUris(cacertUris.isEmpty() ? null : cacertUris);
            }
            List<String> crlUris = caUris.getCrlUris();
            if (crlUris != null) {
                copy.setCrlUris(crlUris.isEmpty() ? null : crlUris);
            }
            List<String> deltaCrlUris = caUris.getDeltaCrlUris();
            if (deltaCrlUris != null) {
                copy.setDeltaCrlUris(deltaCrlUris.isEmpty() ? null : deltaCrlUris);
            }
            List<String> ocspUris = caUris.getOcspUris();
            if (ocspUris != null) {
                copy.setOcspUris(ocspUris.isEmpty() ? null : ocspUris);
            }
        }
        List<String> keypairGenNames = changeCaEntry.getKeypairGenNames();
        if (keypairGenNames != null) {
            copy.setKeypairGenNames((keypairGenNames.isEmpty() || keypairGenNames.get(0).equalsIgnoreCase(CaManager.NULL)) ? null : keypairGenNames);
        }
        if (changeCaEntry.getSerialNoLen() != null) {
            copy.setSnSize(changeCaEntry.getSerialNoLen().intValue());
        }
        String crlControl = changeCaEntry.getCrlControl();
        if (crlControl != null) {
            copy.setCrlControl(CaManager.NULL.equalsIgnoreCase(crlControl) ? null : new ConfPairs(crlControl).asMap());
        }
        String ctlogControl = changeCaEntry.getCtlogControl();
        if (ctlogControl != null) {
            copy.setCtlogControl(CaManager.NULL.equalsIgnoreCase(ctlogControl) ? null : new ConfPairs(ctlogControl).asMap());
        }
        Boolean saveCert = changeCaEntry.getSaveCert();
        if (saveCert != null) {
            copy.setSaveCert(saveCert.booleanValue());
        }
        Boolean saveKeypair = changeCaEntry.getSaveKeypair();
        if (saveKeypair != null) {
            copy.setSaveKeypair(saveKeypair.booleanValue());
        }
        Integer permission = changeCaEntry.getPermission();
        if (permission != null) {
            copy.setPermission(permission.intValue());
        }
        Integer numCrls = changeCaEntry.getNumCrls();
        if (numCrls != null) {
            copy.setNumCrls(numCrls.intValue());
        }
        Integer expirationPeriod = changeCaEntry.getExpirationPeriod();
        if (expirationPeriod != null) {
            copy.setExpirationPeriod(expirationPeriod.intValue());
        }
        Integer keepExpiredCertInDays = changeCaEntry.getKeepExpiredCertInDays();
        if (keepExpiredCertInDays != null) {
            copy.setKeepExpiredCertDays(keepExpiredCertInDays.intValue());
        }
        String revokeSuspendedControl = changeCaEntry.getRevokeSuspendedControl();
        if (revokeSuspendedControl != null) {
            copy.setRevokeSuspendedControl(CaManager.NULL.equalsIgnoreCase(revokeSuspendedControl) ? null : new ConfPairs(revokeSuspendedControl).asMap());
        }
        String encode = copy.encode();
        boolean z = false;
        if (encode.equals(caConfColumn.encode())) {
            encode = null;
        } else if (encode.contains(MacAuditService.KEY_PASSWORD)) {
            z = true;
        }
        return colStr("CONF", encode, z, false);
    }

    public void commitNextCrlNoIfLess(NameId nameId, long j) throws CaMgmtException {
        if (getLong(execQuery1PrepStmt0(this.sqlNextSelectCrlNo, col2Int(nameId.getId())), "NEXT_CRLNO") < j) {
            execUpdatePrepStmt0("UPDATE CA SET NEXT_CRLNO=? WHERE ID=?", col2Long(Long.valueOf(j)), col2Int(nameId.getId()));
        }
    }

    public IdentifiedCertprofile changeCertprofile(NameId nameId, String str, String str2, CaManagerImpl caManagerImpl) throws CaMgmtException {
        CertprofileEntry createCertprofile = createCertprofile(nameId.getName());
        IdentifiedCertprofile createCertprofile2 = caManagerImpl.createCertprofile(new CertprofileEntry(createCertprofile.getIdent(), str(str, createCertprofile.getType()), str(str2, createCertprofile.getConf())));
        if (createCertprofile2 == null) {
            throw new CaMgmtException("could not create certprofile object");
        }
        boolean z = true;
        try {
            changeIfNotNull("PROFILE", colInt("ID", nameId.getId()), colStr("TYPE", str), colStr("CONF", str2));
            z = false;
            if (0 != 0) {
                createCertprofile2.close();
            }
            return createCertprofile2;
        } catch (Throwable th) {
            if (z) {
                createCertprofile2.close();
            }
            throw th;
        }
    }

    public RequestorEntryWrapper changeRequestor(NameId nameId, String str, String str2, PasswordResolver passwordResolver) throws CaMgmtException {
        Args.notNull(nameId, "nameId");
        RequestorEntryWrapper requestorEntryWrapper = new RequestorEntryWrapper();
        requestorEntryWrapper.setDbEntry(new RequestorEntry(nameId, str, str2));
        if (requestorEntryWrapper.getDbEntry().faulty()) {
            throw new CaMgmtException("invalid requestor configuration");
        }
        changeIfNotNull("REQUESTOR", colInt("ID", nameId.getId()), colStr("TYPE", str), colStr("CONF", str2));
        return requestorEntryWrapper;
    }

    public SignerEntryWrapper changeSigner(String str, String str2, String str3, String str4, CaManagerImpl caManagerImpl) throws CaMgmtException {
        Args.notNull(caManagerImpl, "signerManager");
        SignerEntry createSigner = createSigner(Args.notBlank(str, "name"));
        String type = str2 == null ? createSigner.getType() : str2;
        if (str3 != null) {
            str3 = CaUtil.canonicalizeSignerConf(str3);
        }
        SignerEntryWrapper createSigner2 = caManagerImpl.createSigner(new SignerEntry(str, type, str3 == null ? createSigner.getConf() : str3, str4 == null ? createSigner.getBase64Cert() : str4));
        changeIfNotNull("SIGNER", colStr("NAME", str), colStr("TYPE", str2), colStr("CERT", str4), colStr("CONF", str3, false, true));
        return createSigner2;
    }

    public KeypairGenEntryWrapper changeKeypairGen(String str, String str2, String str3, CaManagerImpl caManagerImpl) throws CaMgmtException {
        Args.notNull(caManagerImpl, "manager");
        KeypairGenEntry createKeypairGen = createKeypairGen(Args.notBlank(str, "name"));
        KeypairGenEntryWrapper createKeypairGenerator = caManagerImpl.createKeypairGenerator(new KeypairGenEntry(str, str2 == null ? createKeypairGen.getType() : str2, str3 == null ? createKeypairGen.getConf() : str3));
        changeIfNotNull("KEYPAIR_GEN", colStr("NAME", str), colStr("TYPE", str2), colStr("CONF", str3, true, false));
        return createKeypairGenerator;
    }

    public IdentifiedCertPublisher changePublisher(String str, String str2, String str3, CaManagerImpl caManagerImpl) throws CaMgmtException {
        Args.notNull(caManagerImpl, "publisherManager");
        PublisherEntry createPublisher = createPublisher(Args.notBlank(str, "name"));
        IdentifiedCertPublisher createPublisher2 = caManagerImpl.createPublisher(new PublisherEntry(createPublisher.getIdent(), str2 == null ? createPublisher.getType() : str2, str3 == null ? createPublisher.getConf() : str3));
        changeIfNotNull("PUBLISHER", colStr("NAME", str), colStr("TYPE", str2), colStr("CONF", str3));
        return createPublisher2;
    }

    public void removeCa(String str) throws CaMgmtException {
        Args.notBlank(str, "caName");
        if (execUpdatePrepStmt0("DELETE FROM CA WHERE NAME=?", col2Str(str)) == 0) {
            throw new CaMgmtException("could not delete CA " + str);
        }
    }

    public void removeCaAlias(String str) throws CaMgmtException {
        Args.notBlank(str, "aliasName");
        if (execUpdatePrepStmt0("DELETE FROM CAALIAS WHERE NAME=?", col2Str(str)) == 0) {
            throw new CaMgmtException("could not remove CA Alias " + str);
        }
    }

    public void removeCertprofileFromCa(String str, String str2) throws CaMgmtException {
        Args.notBlank(str, "profileName");
        Args.notBlank(str2, "caName");
        removeEntityFromCa("profile", str, str2, this.sqlSelectProfileId, "DELETE FROM CA_HAS_PROFILE WHERE CA_ID=? AND PROFILE_ID=?");
    }

    public void removeRequestorFromCa(String str, String str2) throws CaMgmtException {
        Args.notBlank(str, "requestorName");
        Args.notBlank(str2, "caName");
        removeEntityFromCa(CaAuditConstants.NAME_requestor, str, str2, this.sqlSelectRequestorId, "DELETE FROM CA_HAS_REQUESTOR WHERE CA_ID=? AND REQUESTOR_ID=?");
    }

    public void removePublisherFromCa(String str, String str2) throws CaMgmtException {
        removeEntityFromCa("publisher", Args.notBlank(str, "publisherName"), Args.notBlank(str2, "caName"), this.sqlSelectPublisherId, "DELETE FROM CA_HAS_PUBLISHER WHERE CA_ID=? AND PUBLISHER_ID=?");
    }

    public void removeDbSchema(String str) throws CaMgmtException {
        Args.notBlank(str, "name");
        if (execUpdatePrepStmt0("DELETE FROM DBSCHEMA WHERE NAME=?", col2Str(str)) == 0) {
            throw new CaMgmtException("could not delete DBSCHEMA " + str);
        }
    }

    private void removeEntityFromCa(String str, String str2, String str3, String str4, String str5) throws CaMgmtException {
        Integer idForName = getIdForName(str4, str2);
        if (idForName == null) {
            throw new CaMgmtException(String.format("unknown %s %s ", str, str2));
        }
        if (execUpdatePrepStmt0(str5, col2Int(Integer.valueOf(getNonNullIdForName(this.sqlSelectCaId, str3))), col2Int(idForName)) == 0) {
            throw new CaMgmtException(String.format("could not remove %s from CA %s", str2, str3));
        }
    }

    public void revokeCa(String str, CertRevocationInfo certRevocationInfo) throws CaMgmtException {
        Args.notBlank(str, "caName");
        Args.notNull(certRevocationInfo, "revocationInfo");
        if (execUpdatePrepStmt0("UPDATE CA SET REV_INFO=? WHERE NAME=?", col2Str(certRevocationInfo.encode()), col2Str(str)) == 0) {
            throw new CaMgmtException("could not revoke CA " + str);
        }
    }

    public void addKeypairGen(KeypairGenEntry keypairGenEntry) throws CaMgmtException {
        Args.notNull(keypairGenEntry, "dbEntry");
        if (execUpdatePrepStmt0("INSERT INTO KEYPAIR_GEN (NAME,TYPE,CONF) VALUES (?,?,?)", col2Str(keypairGenEntry.getName()), col2Str(keypairGenEntry.getType()), col2Str(keypairGenEntry.getConf())) == 0) {
            throw new CaMgmtException("could not add keypair generation " + keypairGenEntry.getName());
        }
        LOG.info("added keypair generation: \n{}", keypairGenEntry.toString(true));
    }

    public void addSigner(SignerEntry signerEntry) throws CaMgmtException {
        Args.notNull(signerEntry, "dbEntry");
        if (execUpdatePrepStmt0(SqlUtil.buildInsertSql("SIGNER", "NAME,TYPE,CERT,CONF"), col2Str(signerEntry.getName()), col2Str(signerEntry.getType()), col2Str(signerEntry.getBase64Cert()), col2Str(signerEntry.getConf())) == 0) {
            throw new CaMgmtException("could not add signer " + signerEntry.getName());
        }
        LOG.info("added signer: {}", signerEntry.toString(false, true));
    }

    public void unlockCa() throws CaMgmtException {
        try {
            if (execUpdateStmt0("DELETE FROM SYSTEM_EVENT WHERE NAME='LOCK'") == 0) {
                LOG.info("CA system is not locked");
            } else {
                LOG.info("Unlocked CA system");
            }
        } catch (CaMgmtException e) {
            throw new CaMgmtException("could not unlock CA", e);
        }
    }

    public void unrevokeCa(String str) throws CaMgmtException {
        Args.notBlank(str, "caName");
        LOG.info("Unrevoking of CA '{}'", str);
        if (execUpdatePrepStmt0("UPDATE CA SET REV_INFO=? WHERE NAME=?", col2Str(null), col2Str(str)) == 0) {
            throw new CaMgmtException("could not unrevoke CA " + str);
        }
    }

    public void addDbSchema(String str, String str2) throws CaMgmtException {
        if (execUpdatePrepStmt0(SqlUtil.buildInsertSql("DBSCHEMA", "NAME,VALUE2"), col2Str(str), col2Str(str2)) == 0) {
            throw new CaMgmtException("could not add DBSCHEMA " + str);
        }
        LOG.info("added DBSCHEMA '{}'", str);
    }

    public void changeDbSchema(String str, String str2) throws CaMgmtException {
        if (execUpdatePrepStmt0("UPDATE DBSCHEMA SET VALUE2=? WHERE NAME=?", col2Str(str2), col2Str(str)) == 0) {
            throw new CaMgmtException("could not update DBSCHEMA " + str);
        }
        LOG.info("added DBSCHEMA '{}'", str);
    }

    public Map<String, String> getDbSchemas() throws CaMgmtException {
        try {
            QueryExecutor.DbSchemaInfo dbSchemaInfo = new QueryExecutor.DbSchemaInfo(this.datasource);
            Set<String> variableNames = dbSchemaInfo.getVariableNames();
            HashMap hashMap = new HashMap();
            for (String str : variableNames) {
                hashMap.put(str, dbSchemaInfo.variableValue(str));
            }
            return hashMap;
        } catch (DataAccessException e) {
            throw new CaMgmtException(e);
        }
    }

    private static X509Cert generateCert(String str) throws CaMgmtException {
        if (str == null) {
            return null;
        }
        return CaUtil.parseCert(Base64.decode(str));
    }

    private static List<X509Cert> generateCertchain(String str) throws CaMgmtException {
        if (StringUtil.isBlank(str)) {
            return null;
        }
        try {
            List<X509Cert> listCertificates = X509Util.listCertificates(str);
            if (CollectionUtil.isEmpty(listCertificates)) {
                return null;
            }
            return listCertificates;
        } catch (IOException | CertificateException e) {
            throw new CaMgmtException(e);
        }
    }

    private static int getInt(ResultRow resultRow, String str) {
        return resultRow.getInt(str);
    }

    private static long getLong(ResultRow resultRow, String str) {
        return resultRow.getLong(str);
    }

    @Override // org.xipki.ca.server.db.CaManagerQueryExecutorBase
    public /* bridge */ /* synthetic */ boolean deleteRowWithName(String str, String str2) throws CaMgmtException {
        return super.deleteRowWithName(str, str2);
    }

    @Override // org.xipki.ca.server.db.CaManagerQueryExecutorBase
    public /* bridge */ /* synthetic */ List namesFromTable(String str) throws CaMgmtException {
        return super.namesFromTable(str);
    }

    @Override // org.xipki.ca.server.db.CaManagerQueryExecutorBase
    public /* bridge */ /* synthetic */ int getMaxX500nameLen() {
        return super.getMaxX500nameLen();
    }

    @Override // org.xipki.ca.server.db.CaManagerQueryExecutorBase
    public /* bridge */ /* synthetic */ int getDbSchemaVersion() {
        return super.getDbSchemaVersion();
    }
}
