package org.xipki.ocsp.server;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.parser.Feature;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.datasource.DataSourceWrapper;
import org.xipki.ocsp.api.OcspStore;
import org.xipki.ocsp.api.OcspStoreException;
import org.xipki.ocsp.server.OcspServerConf;
import org.xipki.ocsp.server.store.CaDbCertStatusStore;
import org.xipki.ocsp.server.store.CrlDbCertStatusStore;
import org.xipki.ocsp.server.store.DbCertStatusStore;
import org.xipki.ocsp.server.store.ejbca.EjbcaCertStatusStore;
import org.xipki.ocsp.server.type.ExtendedExtension;
import org.xipki.ocsp.server.type.OID;
import org.xipki.security.CertpathValidationModel;
import org.xipki.security.SecurityFactory;
import org.xipki.security.SignerConf;
import org.xipki.security.X509Cert;
import org.xipki.security.util.X509Util;
import org.xipki.util.CollectionUtil;
import org.xipki.util.FileOrBinary;
import org.xipki.util.FileOrValue;
import org.xipki.util.InvalidConfException;
import org.xipki.util.IoUtil;
import org.xipki.util.LogUtil;
import org.xipki.util.ObjectCreationException;
import org.xipki.util.StringUtil;
import org.xipki.util.Validity;

/* loaded from: input_file:WEB-INF/lib/ocsp-server-5.3.14.jar:org/xipki/ocsp/server/OcspServerUtil.class */
public class OcspServerUtil {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) OcspServerUtil.class);
    private static final String STORE_TYPE_XIPKI_DB = "xipki-db";
    private static final String STORE_TYPE_XIPKI_CA_DB = "xipki-ca-db";
    private static final String STORE_TYPE_CRL = "crl";
    private static final String STORE_TYPE_EJBCA_DB = "ejbca-db";

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ResponseSigner initSigner(OcspServerConf.Signer signer, SecurityFactory securityFactory) throws InvalidConfException {
        X509Cert[] x509CertArr = null;
        X509Cert x509Cert = null;
        if (signer.getCert() != null) {
            x509Cert = parseCert(signer.getCert());
        }
        if (x509Cert != null) {
            HashSet hashSet = null;
            if (signer.getCaCerts() != null) {
                hashSet = new HashSet();
                Iterator<FileOrBinary> it = signer.getCaCerts().iterator();
                while (it.hasNext()) {
                    hashSet.add(parseCert(it.next()));
                }
            }
            try {
                x509CertArr = X509Util.buildCertPath(x509Cert, hashSet);
            } catch (CertPathBuilderException e) {
                throw new InvalidConfException(e);
            }
        }
        String type = signer.getType();
        String key = signer.getKey();
        List<String> algorithms = signer.getAlgorithms();
        ArrayList arrayList = new ArrayList(algorithms.size());
        Iterator<String> it2 = algorithms.iterator();
        while (it2.hasNext()) {
            try {
                arrayList.add(securityFactory.createSigner(type, new SignerConf("algo=" + it2.next() + "," + key), x509CertArr));
            } catch (ObjectCreationException e2) {
                throw new InvalidConfException(e2.getMessage(), e2);
            }
        }
        try {
            return new ResponseSigner(arrayList);
        } catch (IOException | CertificateException e3) {
            throw new InvalidConfException(e3.getMessage(), e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OcspStore newStore(OcspServerConf.Store store, Map<String, DataSourceWrapper> map) throws InvalidConfException {
        OcspStore ocspStore;
        try {
            String type = store.getSource().getType();
            if (type != null) {
                type = type.trim().toLowerCase();
            }
            if (StringUtil.isBlank(type)) {
                throw new ObjectCreationException("OCSP store type is not specified");
            }
            if (STORE_TYPE_XIPKI_DB.equals(type)) {
                ocspStore = new DbCertStatusStore();
            } else if (STORE_TYPE_CRL.equals(type)) {
                ocspStore = new CrlDbCertStatusStore();
            } else if (STORE_TYPE_XIPKI_CA_DB.equals(type)) {
                ocspStore = new CaDbCertStatusStore();
            } else if (STORE_TYPE_EJBCA_DB.equals(type)) {
                ocspStore = new EjbcaCertStatusStore();
            } else {
                if (!type.startsWith("java:")) {
                    throw new ObjectCreationException("unknown OCSP store type " + type);
                }
                try {
                    ocspStore = (OcspStore) Class.forName(type.substring("java:".length()).trim(), false, OcspServerUtil.class.getClassLoader()).newInstance();
                } catch (ClassCastException | ClassNotFoundException | IllegalAccessException | InstantiationException e) {
                    throw new InvalidConfException("ObjectCreationException of store " + store.getName() + ":" + e.getMessage(), e);
                }
            }
            ocspStore.setName(store.getName());
            Integer retentionInterval = store.getRetentionInterval();
            ocspStore.setRetentionInterval(retentionInterval == null ? -1 : retentionInterval.intValue());
            ocspStore.setUnknownCertBehaviour(store.getUnknownCertBehaviour());
            ocspStore.setIncludeArchiveCutoff(getBoolean(store.getIncludeArchiveCutoff(), true));
            ocspStore.setIncludeCrlId(getBoolean(store.getIncludeCrlId(), true));
            ocspStore.setIgnoreExpiredCert(getBoolean(store.getIgnoreExpiredCert(), true));
            ocspStore.setIgnoreNotYetValidCert(getBoolean(store.getIgnoreNotYetValidCert(), true));
            ocspStore.setNextUpdatePeriodLimit(store.getMinNextUpdatePeriod() == null ? null : Validity.getInstance(store.getMinNextUpdatePeriod()), store.getMaxNextUpdatePeriod() == null ? null : Validity.getInstance(store.getMaxNextUpdatePeriod()));
            if ("NEVER".equalsIgnoreCase(store.getUpdateInterval())) {
                ocspStore.setUpdateInterval(null);
            } else {
                String updateInterval = store.getUpdateInterval();
                ocspStore.setUpdateInterval(Validity.getInstance(StringUtil.isBlank(updateInterval) ? "5m" : updateInterval));
            }
            String datasource = store.getSource().getDatasource();
            DataSourceWrapper dataSourceWrapper = null;
            if (datasource != null) {
                dataSourceWrapper = map.get(datasource);
                if (dataSourceWrapper == null) {
                    throw new InvalidConfException("datasource named '" + datasource + "' not defined");
                }
            }
            try {
                ocspStore.init(store.getSource().getConf(), dataSourceWrapper);
                return ocspStore;
            } catch (OcspStoreException e2) {
                throw new InvalidConfException("CertStatusStoreException of store " + store.getName() + ":" + e2.getMessage(), e2);
            }
        } catch (ObjectCreationException e3) {
            throw new InvalidConfException("ObjectCreationException of store " + store.getName() + ":" + e3.getMessage(), e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean canBuildCertpath(X509Cert[] x509CertArr, RequestOption requestOption, Date date) {
        X509Cert x509Cert = x509CertArr[0];
        Set<X509Cert> trustAnchors = requestOption.getTrustAnchors();
        HashSet hashSet = new HashSet(trustAnchors);
        if (CollectionUtil.isNotEmpty(requestOption.getCerts())) {
            hashSet.addAll(requestOption.getCerts());
        }
        try {
            X509Cert[] buildCertPath = X509Util.buildCertPath(x509Cert, hashSet);
            CertpathValidationModel certpathValidationModel = requestOption.getCertpathValidationModel();
            if (certpathValidationModel == null || certpathValidationModel == CertpathValidationModel.PKIX) {
                for (X509Cert x509Cert2 : buildCertPath) {
                    if (x509Cert2.getNotBefore().after(date) || x509Cert2.getNotAfter().before(date)) {
                        return false;
                    }
                }
            } else if (certpathValidationModel != CertpathValidationModel.CHAIN) {
                throw new IllegalStateException("invalid CertpathValidationModel " + certpathValidationModel.name());
            }
            for (int length = buildCertPath.length - 1; length >= 0; length--) {
                X509Cert x509Cert3 = buildCertPath[length];
                Iterator<X509Cert> it = trustAnchors.iterator();
                while (it.hasNext()) {
                    if (it.next().equals(x509Cert3)) {
                        return true;
                    }
                }
            }
            return false;
        } catch (CertPathBuilderException e) {
            LogUtil.warn(LOG, e);
            return false;
        }
    }

    private static boolean getBoolean(Boolean bool, boolean z) {
        return bool == null ? z : bool.booleanValue();
    }

    private static InputStream getInputStream(FileOrBinary fileOrBinary) throws IOException {
        return fileOrBinary.getFile() != null ? Files.newInputStream(Paths.get(IoUtil.expandFilepath(fileOrBinary.getFile(), true), new String[0]), new OpenOption[0]) : new ByteArrayInputStream(fileOrBinary.getBinary());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static InputStream getInputStream(FileOrValue fileOrValue) throws IOException {
        return fileOrValue.getFile() != null ? Files.newInputStream(Paths.get(IoUtil.expandFilepath(fileOrValue.getFile(), true), new String[0]), new OpenOption[0]) : new ByteArrayInputStream(StringUtil.toUtf8Bytes(fileOrValue.getValue()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void closeStream(InputStream inputStream) {
        if (inputStream == null) {
            return;
        }
        try {
            inputStream.close();
        } catch (IOException e) {
            LOG.warn("could not close stream: {}", e.getMessage());
        }
    }

    private static X509Cert parseCert(FileOrBinary fileOrBinary) throws InvalidConfException {
        String str;
        InputStream inputStream = null;
        try {
            try {
                inputStream = getInputStream(fileOrBinary);
                X509Cert parseCert = X509Util.parseCert(inputStream);
                closeStream(inputStream);
                return parseCert;
            } catch (IOException | CertificateException e) {
                str = "could not parse certificate";
                throw new InvalidConfException(fileOrBinary.getFile() != null ? str + " from file " + fileOrBinary.getFile() : "could not parse certificate");
            }
        } catch (Throwable th) {
            closeStream(inputStream);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OcspServerConf parseConf(String str) throws InvalidConfException {
        try {
            InputStream newInputStream = Files.newInputStream(Paths.get(IoUtil.expandFilepath(str, true), new String[0]), new OpenOption[0]);
            Throwable th = null;
            try {
                OcspServerConf ocspServerConf = (OcspServerConf) JSON.parseObject(newInputStream, OcspServerConf.class, new Feature[0]);
                ocspServerConf.validate();
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                return ocspServerConf;
            } catch (Throwable th3) {
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                throw th3;
            }
        } catch (IOException | RuntimeException e) {
            throw new InvalidConfException("parse profile failed, message: " + e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ExtendedExtension removeExtension(List<ExtendedExtension> list, OID oid) {
        ExtendedExtension extendedExtension = null;
        Iterator<ExtendedExtension> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            ExtendedExtension next = it.next();
            if (oid == next.getExtnType()) {
                extendedExtension = next;
                break;
            }
        }
        if (extendedExtension != null) {
            list.remove(extendedExtension);
        }
        return extendedExtension;
    }
}
