package org.xipki.ca.dbtool.port.ocsp;

import java.io.File;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.zip.ZipFile;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.ca.dbtool.jaxb.ca.CAConfigurationType;
import org.xipki.ca.dbtool.jaxb.ca.CaHasPublisherType;
import org.xipki.ca.dbtool.jaxb.ca.CaType;
import org.xipki.ca.dbtool.jaxb.ca.CertStoreType;
import org.xipki.ca.dbtool.jaxb.ca.ProfileType;
import org.xipki.ca.dbtool.jaxb.ca.PublisherType;
import org.xipki.ca.dbtool.port.DbPortFileNameIterator;
import org.xipki.ca.dbtool.port.DbPorter;
import org.xipki.ca.dbtool.xmlio.ca.CertType;
import org.xipki.ca.dbtool.xmlio.ca.CertsReader;
import org.xipki.common.ConfPairs;
import org.xipki.common.ProcessLog;
import org.xipki.common.util.Base64;
import org.xipki.common.util.IoUtil;
import org.xipki.common.util.LogUtil;
import org.xipki.common.util.ParamUtil;
import org.xipki.common.util.XmlUtil;
import org.xipki.datasource.DataSourceWrapper;
import org.xipki.datasource.springframework.dao.DataAccessException;
import org.xipki.dbtool.InvalidInputException;
import org.xipki.security.HashAlgoType;
import org.xipki.security.util.X509Util;

/* loaded from: input_file:org/xipki/ca/dbtool/port/ocsp/OcspCertStoreFromCaDbImporter.class */
class OcspCertStoreFromCaDbImporter extends AbstractOcspCertStoreDbImporter {
    private static final Logger LOG = LoggerFactory.getLogger(OcspCertStoreFromCaDbImporter.class);
    private final Unmarshaller unmarshaller;
    private final String publisherName;
    private final boolean resume;
    private final int numCertsPerCommit;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/xipki/ca/dbtool/port/ocsp/OcspCertStoreFromCaDbImporter$ImportStatements.class */
    public static final class ImportStatements {
        final PreparedStatement psCert;
        final PreparedStatement psCerthash;
        final PreparedStatement psRawCert;

        ImportStatements(PreparedStatement preparedStatement, PreparedStatement preparedStatement2, PreparedStatement preparedStatement3) {
            this.psCert = preparedStatement;
            this.psCerthash = preparedStatement2;
            this.psRawCert = preparedStatement3;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OcspCertStoreFromCaDbImporter(DataSourceWrapper dataSourceWrapper, Unmarshaller unmarshaller, String str, String str2, int i, boolean z, AtomicBoolean atomicBoolean, boolean z2) throws Exception {
        super(dataSourceWrapper, str, atomicBoolean, z2);
        this.unmarshaller = (Unmarshaller) ParamUtil.requireNonNull("unmarshaller", unmarshaller);
        ParamUtil.requireNonBlank("publisherName", str2);
        this.publisherName = str2.toUpperCase();
        this.numCertsPerCommit = ParamUtil.requireMin("numCertsPerCommit", i, 1);
        File file = new File(this.baseDir, DbPorter.IMPORT_TO_OCSP_PROCESS_LOG_FILENAME);
        if (z) {
            if (!file.exists()) {
                throw new InvalidInputException("could not process with '--resume' option");
            }
        } else if (file.exists()) {
            throw new InvalidInputException("please either specify '--resume' option or delete the file " + file.getPath() + " first");
        }
        this.resume = z;
    }

    public void importToDb() throws Exception {
        try {
            CertStoreType certStoreType = (CertStoreType) ((JAXBElement) this.unmarshaller.unmarshal(new File(this.baseDir, DbPorter.FILENAME_CA_CERTSTORE))).getValue();
            if (certStoreType.getVersion() > 1) {
                throw new InvalidInputException("could not import CertStore greater than 1: " + certStoreType.getVersion());
            }
            try {
                CAConfigurationType cAConfigurationType = (CAConfigurationType) ((JAXBElement) this.unmarshaller.unmarshal(new File(this.baseDir + File.separator + DbPorter.FILENAME_CA_CONFIGURATION))).getValue();
                if (cAConfigurationType.getVersion() > 1) {
                    throw new InvalidInputException("could not import CA Configuration greater than 1: " + certStoreType.getVersion());
                }
                System.out.println("importing CA certstore to OCSP database");
                try {
                    if (!this.resume) {
                        dropIndexes();
                    }
                    PublisherType publisherType = null;
                    Iterator<PublisherType> it = cAConfigurationType.getPublishers().getPublisher().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        PublisherType next = it.next();
                        if (this.publisherName.equals(next.getName())) {
                            publisherType = next;
                            break;
                        }
                    }
                    if (publisherType == null) {
                        throw new InvalidInputException("unknown publisher " + this.publisherName);
                    }
                    String type = publisherType.getType();
                    if (!"ocsp".equalsIgnoreCase(type)) {
                        throw new InvalidInputException("Unkwown publisher type " + type);
                    }
                    String value = new ConfPairs(value(publisherType.getConf())).value("publish.goodcerts");
                    boolean z = value != null ? !Boolean.parseBoolean(value) : false;
                    HashSet hashSet = new HashSet();
                    for (CaHasPublisherType caHasPublisherType : cAConfigurationType.getCaHasPublishers().getCaHasPublisher()) {
                        if (caHasPublisherType.getPublisherId() == publisherType.getId()) {
                            hashSet.add(Integer.valueOf(caHasPublisherType.getCaId()));
                        }
                    }
                    LinkedList linkedList = new LinkedList();
                    for (CaType caType : cAConfigurationType.getCas().getCa()) {
                        if (hashSet.contains(Integer.valueOf(caType.getId()))) {
                            linkedList.add(caType);
                        }
                    }
                    if (linkedList.isEmpty()) {
                        System.out.println("No CA has publisher " + this.publisherName);
                        return;
                    }
                    HashMap hashMap = new HashMap();
                    for (ProfileType profileType : cAConfigurationType.getProfiles().getProfile()) {
                        hashMap.put(Integer.valueOf(profileType.getId()), profileType.getName());
                    }
                    List<Integer> issuerIds = this.resume ? getIssuerIds(linkedList) : importIssuer(linkedList);
                    File file = new File(this.baseDir, DbPorter.IMPORT_TO_OCSP_PROCESS_LOG_FILENAME);
                    importCert(certStoreType, hashMap, z, issuerIds, file);
                    recoverIndexes();
                    file.delete();
                    System.out.println(" imported OCSP certstore to database");
                } catch (Exception e) {
                    System.err.println("could not import OCSP certstore to database");
                    throw e;
                }
            } catch (JAXBException e2) {
                throw XmlUtil.convert(e2);
            }
        } catch (JAXBException e3) {
            throw XmlUtil.convert(e3);
        }
    }

    private List<Integer> getIssuerIds(List<CaType> list) throws IOException {
        LinkedList linkedList = new LinkedList();
        for (CaType caType : list) {
            byte[] binary = binary(caType.getCert());
            CaType caType2 = null;
            Iterator<CaType> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                CaType next = it.next();
                if (Arrays.equals(binary, binary(next.getCert()))) {
                    caType2 = next;
                    break;
                }
            }
            if (caType2 != null) {
                linkedList.add(Integer.valueOf(caType.getId()));
            }
        }
        return linkedList;
    }

    private List<Integer> importIssuer(List<CaType> list) throws DataAccessException, CertificateException, IOException {
        System.out.println("importing table ISSUER");
        PreparedStatement prepareStatement = prepareStatement("INSERT INTO ISSUER (ID,SUBJECT,NBEFORE,NAFTER,S1C,REV,RR,RT,RIT,CERT) VALUES (?,?,?,?,?,?,?,?,?,?)");
        LinkedList linkedList = new LinkedList();
        try {
            Iterator<CaType> it = list.iterator();
            while (it.hasNext()) {
                importIssuer0(it.next(), "INSERT INTO ISSUER (ID,SUBJECT,NBEFORE,NAFTER,S1C,REV,RR,RT,RIT,CERT) VALUES (?,?,?,?,?,?,?,?,?,?)", prepareStatement, list, linkedList);
            }
            System.out.println(" imported table ISSUER");
            return linkedList;
        } finally {
            releaseResources(prepareStatement, null);
        }
    }

    private void importIssuer0(CaType caType, String str, PreparedStatement preparedStatement, List<CaType> list, List<Integer> list2) throws IOException, DataAccessException, CertificateException {
        try {
            byte[] binary = binary(caType.getCert());
            CaType caType2 = null;
            Iterator<CaType> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                CaType next = it.next();
                if (Arrays.equals(binary, binary(next.getCert()))) {
                    caType2 = next;
                    break;
                }
            }
            if (caType2 == null) {
                return;
            }
            list2.add(Integer.valueOf(caType.getId()));
            try {
                Certificate certificate = Certificate.getInstance(binary);
                int i = 1 + 1;
                preparedStatement.setInt(1, caType.getId());
                int i2 = i + 1;
                preparedStatement.setString(i, X509Util.cutX500Name(certificate.getSubject(), this.maxX500nameLen));
                int i3 = i2 + 1;
                preparedStatement.setLong(i2, certificate.getTBSCertificate().getStartDate().getDate().getTime() / 1000);
                int i4 = i3 + 1;
                preparedStatement.setLong(i3, certificate.getTBSCertificate().getEndDate().getDate().getTime() / 1000);
                int i5 = i4 + 1;
                preparedStatement.setString(i4, HashAlgoType.SHA1.base64Hash(binary));
                int i6 = i5 + 1;
                setBoolean(preparedStatement, i5, caType2.isRevoked());
                int i7 = i6 + 1;
                setInt(preparedStatement, i6, caType2.getRevReason());
                int i8 = i7 + 1;
                setLong(preparedStatement, i7, caType2.getRevTime());
                int i9 = i8 + 1;
                setLong(preparedStatement, i8, caType2.getRevInvTime());
                int i10 = i9 + 1;
                preparedStatement.setString(i9, Base64.encodeToString(binary));
                preparedStatement.execute();
            } catch (Exception e) {
                LogUtil.error(LOG, e, "could not parse certificate of issuer " + caType.getId());
                if (!(e instanceof CertificateException)) {
                    throw new CertificateException(e.getMessage(), e);
                }
                throw ((CertificateException) e);
            }
        } catch (CertificateException e2) {
            System.err.println("could not import issuer with id=" + caType.getId());
            throw e2;
        } catch (SQLException e3) {
            System.err.println("could not import issuer with id=" + caType.getId());
            throw translate(str, e3);
        }
    }

    private void importCert(CertStoreType certStoreType, Map<Integer, String> map, boolean z, List<Integer> list, File file) throws Exception {
        byte[] read;
        int i = 0;
        long j = 1;
        if (file.exists() && (read = IoUtil.read(file)) != null && read.length > 2) {
            String str = new String(read);
            if (str.trim().equalsIgnoreCase("certs.finished")) {
                return;
            }
            StringTokenizer stringTokenizer = new StringTokenizer(str, ":");
            i = Integer.parseInt(stringTokenizer.nextToken());
            j = Long.parseLong(stringTokenizer.nextToken()) + 1;
        }
        deleteCertGreatherThan(j - 1, LOG);
        long countCerts = certStoreType.getCountCerts() - i;
        ProcessLog processLog = new ProcessLog(countCerts);
        ProcessLog processLog2 = new ProcessLog(countCerts);
        System.out.println(importingText() + "certificates from ID " + j);
        processLog.printHeader();
        PreparedStatement prepareStatement = prepareStatement("INSERT INTO CERT (ID,IID,SN,LUPDATE,NBEFORE,NAFTER,REV,RR,RT,RIT,PN) VALUES (?,?,?,?,?,?,?,?,?,?,?)");
        PreparedStatement prepareStatement2 = prepareStatement("INSERT INTO CHASH (CID,S1,S224,S256,S384,S512) VALUES (?,?,?,?,?,?)");
        PreparedStatement prepareStatement3 = prepareStatement("INSERT INTO CRAW (CID,SUBJECT,CERT) VALUES (?,?,?)");
        ImportStatements importStatements = new ImportStatements(prepareStatement, prepareStatement2, prepareStatement3);
        DbPorter.CaDbEntryType caDbEntryType = DbPorter.CaDbEntryType.CERT;
        DbPortFileNameIterator dbPortFileNameIterator = new DbPortFileNameIterator(this.baseDir + File.separator + caDbEntryType.dirName() + ".mf");
        while (dbPortFileNameIterator.hasNext()) {
            try {
                String str2 = this.baseDir + File.separator + caDbEntryType.dirName() + File.separator + dbPortFileNameIterator.next();
                int indexOf = str2.indexOf(45);
                int indexOf2 = str2.indexOf(".zip");
                try {
                    if (indexOf == -1 || indexOf2 == -1) {
                        LOG.warn("invalid file name '{}', but will still be processed", str2);
                    } else {
                        try {
                        } catch (Exception e) {
                            LOG.warn("invalid file name '{}', but will still be processed", str2);
                        }
                        if (Integer.parseInt(str2.substring(indexOf + 1, indexOf2)) < j) {
                        }
                    }
                    j = importCert0(importStatements, str2, map, z, list, j, file, processLog, i, processLog2) + 1;
                } catch (Exception e2) {
                    System.err.println("\ncould not import certificates from file " + str2 + ".\nplease continue with the option '--resume'");
                    LOG.error("Exception", e2);
                    throw e2;
                }
            } finally {
                releaseResources(prepareStatement, null);
                releaseResources(prepareStatement2, null);
                releaseResources(prepareStatement3, null);
                dbPortFileNameIterator.close();
            }
        }
        processLog.printTrailer();
        DbPorter.echoToFile("certs.finished", file);
        System.out.println("processed " + processLog.numProcessed() + " and " + importedText() + processLog2.numProcessed() + " certificates");
    }

    private long importCert0(ImportStatements importStatements, String str, Map<Integer, String> map, boolean z, List<Integer> list, long j, File file, ProcessLog processLog, int i, ProcessLog processLog2) throws Exception {
        ZipFile zipFile = new ZipFile(new File(str));
        try {
            CertsReader certsReader = new CertsReader(zipFile.getInputStream(zipFile.getEntry("overview.xml")));
            disableAutoCommit();
            PreparedStatement preparedStatement = importStatements.psCert;
            PreparedStatement preparedStatement2 = importStatements.psCerthash;
            PreparedStatement preparedStatement3 = importStatements.psRawCert;
            int i2 = 0;
            int i3 = 0;
            long j2 = 0;
            while (certsReader.hasNext()) {
                try {
                    if (this.stopMe.get()) {
                        throw new InterruptedException("interrupted by the user");
                    }
                    CertType certType = (CertType) certsReader.next();
                    long longValue = certType.id().longValue();
                    j2 = longValue;
                    if (longValue >= j) {
                        i2++;
                        if (!z || certType.rev().booleanValue()) {
                            int intValue = certType.caId().intValue();
                            if (list.contains(Integer.valueOf(intValue))) {
                                i3++;
                                String file2 = certType.file();
                                byte[] read = IoUtil.read(zipFile.getInputStream(zipFile.getEntry(file2)));
                                try {
                                    TBSCertificate tBSCertificate = Certificate.getInstance(read).getTBSCertificate();
                                    try {
                                        int i4 = 1 + 1;
                                        preparedStatement.setLong(1, longValue);
                                        int i5 = i4 + 1;
                                        preparedStatement.setInt(i4, intValue);
                                        int i6 = i5 + 1;
                                        preparedStatement.setString(i5, tBSCertificate.getSerialNumber().getPositiveValue().toString(16));
                                        int i7 = i6 + 1;
                                        preparedStatement.setLong(i6, certType.update().longValue());
                                        int i8 = i7 + 1;
                                        preparedStatement.setLong(i7, tBSCertificate.getStartDate().getDate().getTime() / 1000);
                                        int i9 = i8 + 1;
                                        preparedStatement.setLong(i8, tBSCertificate.getEndDate().getDate().getTime() / 1000);
                                        int i10 = i9 + 1;
                                        setBoolean(preparedStatement, i9, certType.rev().booleanValue());
                                        int i11 = i10 + 1;
                                        setInt(preparedStatement, i10, certType.rr());
                                        int i12 = i11 + 1;
                                        setLong(preparedStatement, i11, certType.rt());
                                        int i13 = i12 + 1;
                                        setLong(preparedStatement, i12, certType.rit());
                                        int i14 = i13 + 1;
                                        preparedStatement.setString(i13, map.get(Integer.valueOf(certType.pid().intValue())));
                                        preparedStatement.addBatch();
                                        try {
                                            int i15 = 1 + 1;
                                            preparedStatement2.setLong(1, longValue);
                                            int i16 = i15 + 1;
                                            preparedStatement2.setString(i15, HashAlgoType.SHA1.base64Hash(read));
                                            int i17 = i16 + 1;
                                            preparedStatement2.setString(i16, HashAlgoType.SHA224.base64Hash(read));
                                            int i18 = i17 + 1;
                                            preparedStatement2.setString(i17, HashAlgoType.SHA256.base64Hash(read));
                                            int i19 = i18 + 1;
                                            preparedStatement2.setString(i18, HashAlgoType.SHA384.base64Hash(read));
                                            int i20 = i19 + 1;
                                            preparedStatement2.setString(i19, HashAlgoType.SHA512.base64Hash(read));
                                            preparedStatement2.addBatch();
                                            try {
                                                int i21 = 1 + 1;
                                                preparedStatement3.setLong(1, longValue);
                                                int i22 = i21 + 1;
                                                preparedStatement3.setString(i21, X509Util.cutX500Name(tBSCertificate.getSubject(), this.maxX500nameLen));
                                                int i23 = i22 + 1;
                                                preparedStatement3.setString(i22, Base64.encodeToString(read));
                                                preparedStatement3.addBatch();
                                            } catch (SQLException e) {
                                                throw translate("INSERT INTO CRAW (CID,SUBJECT,CERT) VALUES (?,?,?)", e);
                                            }
                                        } catch (SQLException e2) {
                                            throw translate("INSERT INTO CHASH (CID,S1,S224,S256,S384,S512) VALUES (?,?,?,?,?,?)", e2);
                                        }
                                    } catch (SQLException e3) {
                                        throw translate("INSERT INTO CERT (ID,IID,SN,LUPDATE,NBEFORE,NAFTER,REV,RR,RT,RIT,PN) VALUES (?,?,?,?,?,?,?,?,?,?,?)", e3);
                                    }
                                } catch (RuntimeException e4) {
                                    LOG.error("could not parse certificate in file {}", file2);
                                    LOG.debug("could not parse certificate in file " + file2, e4);
                                    throw new CertificateException(e4.getMessage(), e4);
                                }
                            }
                        }
                        boolean z2 = !certsReader.hasNext();
                        if (i3 > 0 && (i3 % this.numCertsPerCommit == 0 || z2)) {
                            if (this.evaulateOnly) {
                                preparedStatement.clearBatch();
                                preparedStatement2.clearBatch();
                                preparedStatement3.clearBatch();
                            } else {
                                String str2 = null;
                                try {
                                    preparedStatement.executeBatch();
                                    preparedStatement2.executeBatch();
                                    preparedStatement3.executeBatch();
                                    str2 = null;
                                    commit("(commit import cert to OCSP)");
                                } catch (Throwable th) {
                                    rollback();
                                    deleteCertGreatherThan(j2, LOG);
                                    if (th instanceof SQLException) {
                                        throw translate(str2, (SQLException) th);
                                    }
                                    if (th instanceof Exception) {
                                        throw ((Exception) th);
                                    }
                                    throw new Exception(th);
                                }
                            }
                            j2 = longValue;
                            processLog.addNumProcessed(i2);
                            processLog2.addNumProcessed(i3);
                            i2 = 0;
                            i3 = 0;
                            echoToFile((i + processLog.numProcessed()) + ":" + j2, file);
                            processLog.printStatus();
                        } else if (z2) {
                            j2 = longValue;
                            processLog.addNumProcessed(i2);
                            processLog2.addNumProcessed(i3);
                            i2 = 0;
                            i3 = 0;
                            echoToFile((i + processLog.numProcessed()) + ":" + j2, file);
                            processLog.printStatus();
                        }
                    }
                } finally {
                    recoverAutoCommit();
                    zipFile.close();
                }
            }
            return j2;
        } catch (Exception e5) {
            try {
                zipFile.close();
            } catch (Exception e6) {
                LOG.error("could not close ZIP file {}: {}", str, e6.getMessage());
                LOG.debug("could not close ZIP file " + str, e6);
            }
            throw e5;
        }
    }
}
