package org.xipki.ca.server.mgmt.api.conf;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.zip.ZipEntry;
import java.util.zip.ZipException;
import java.util.zip.ZipFile;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
import javax.xml.validation.SchemaFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.ca.api.NameId;
import org.xipki.ca.api.profile.CertValidity;
import org.xipki.ca.server.mgmt.api.CaEntry;
import org.xipki.ca.server.mgmt.api.CaHasRequestorEntry;
import org.xipki.ca.server.mgmt.api.CaMgmtException;
import org.xipki.ca.server.mgmt.api.CaStatus;
import org.xipki.ca.server.mgmt.api.CertprofileEntry;
import org.xipki.ca.server.mgmt.api.CmpControlEntry;
import org.xipki.ca.server.mgmt.api.CmpRequestorEntry;
import org.xipki.ca.server.mgmt.api.CmpResponderEntry;
import org.xipki.ca.server.mgmt.api.PublisherEntry;
import org.xipki.ca.server.mgmt.api.ValidityMode;
import org.xipki.ca.server.mgmt.api.conf.jaxb.CAConfType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasRequestorType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.CaType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.CmpcontrolType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.CrlsignerType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.FileOrBinaryType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.FileOrValueType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.NameValueType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.ObjectFactory;
import org.xipki.ca.server.mgmt.api.conf.jaxb.ProfileType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.PublisherType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.RequestorType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.ResponderType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.ScepType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.StringsType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.X509CaInfoType;
import org.xipki.ca.server.mgmt.api.x509.ScepEntry;
import org.xipki.ca.server.mgmt.api.x509.X509CaEntry;
import org.xipki.ca.server.mgmt.api.x509.X509CaUris;
import org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry;
import org.xipki.common.InvalidConfException;
import org.xipki.common.ObjectCreationException;
import org.xipki.common.util.Base64;
import org.xipki.common.util.IoUtil;
import org.xipki.common.util.ParamUtil;
import org.xipki.common.util.XmlUtil;
import org.xipki.security.SecurityFactory;
import org.xipki.security.SignerConf;
import org.xipki.security.exception.XiSecurityException;
import org.xipki.security.util.X509Util;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/xipki/ca/server/mgmt/api/conf/CaConf.class */
public class CaConf {
    private static final Logger LOG = LoggerFactory.getLogger(CaConf.class);
    private final Map<String, String> properties = new HashMap();
    private final Map<String, CmpControlEntry> cmpControls = new HashMap();
    private final Map<String, CmpResponderEntry> responders = new HashMap();
    private final Map<String, String> environments = new HashMap();
    private final Map<String, X509CrlSignerEntry> crlSigners = new HashMap();
    private final Map<String, CmpRequestorEntry> requestors = new HashMap();
    private final Map<String, PublisherEntry> publishers = new HashMap();
    private final Map<String, CertprofileEntry> certprofiles = new HashMap();
    private final Map<String, SingleCaConf> cas = new HashMap();
    private final Map<String, ScepEntry> sceps = new HashMap();

    public CaConf(String str, SecurityFactory securityFactory) throws IOException, InvalidConfException, CaMgmtException, JAXBException, SAXException {
        ParamUtil.requireNonBlank("confFilename", str);
        ParamUtil.requireNonNull("securityFactory", securityFactory);
        int lastIndexOf = str.lastIndexOf(46);
        String substring = lastIndexOf != -1 ? str.substring(lastIndexOf + 1) : null;
        File file = new File(str);
        ZipFile zipFile = null;
        InputStream inputStream = null;
        try {
            try {
                if ("xml".equalsIgnoreCase(substring)) {
                    LOG.info("read the configuration file {} as an XML file", str);
                    inputStream = new FileInputStream(file);
                } else if ("zip".equalsIgnoreCase(substring)) {
                    LOG.info("read the configuration file {} as a ZIP file", str);
                    zipFile = new ZipFile(file);
                    inputStream = zipFile.getInputStream(zipFile.getEntry("caconf.xml"));
                } else {
                    try {
                        LOG.info("try to read the configuration file {} as a ZIP file", str);
                        zipFile = new ZipFile(file);
                        inputStream = zipFile.getInputStream(zipFile.getEntry("caconf.xml"));
                    } catch (ZipException e) {
                        LOG.info("the configuration file {} is not a ZIP file, try as an XML file", str);
                        zipFile = null;
                        inputStream = new FileInputStream(file);
                    }
                }
                String path = zipFile == null ? null : file.getParentFile().getPath();
                JAXBContext newInstance = JAXBContext.newInstance(new Class[]{ObjectFactory.class});
                SchemaFactory newInstance2 = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema");
                URL resource = CaConf.class.getResource("/xsd/caconf.xsd");
                Unmarshaller createUnmarshaller = newInstance.createUnmarshaller();
                createUnmarshaller.setSchema(newInstance2.newSchema(resource));
                init((CAConfType) ((JAXBElement) createUnmarshaller.unmarshal(inputStream)).getValue(), path, zipFile, securityFactory);
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e2) {
                        LOG.info("could not clonse caConfStream", e2.getMessage());
                    }
                }
                if (zipFile != null) {
                    try {
                        zipFile.close();
                    } catch (IOException e3) {
                        LOG.info("could not clonse zipFile", e3.getMessage());
                    }
                }
            } catch (JAXBException e4) {
                throw XmlUtil.convert(e4);
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e5) {
                    LOG.info("could not clonse caConfStream", e5.getMessage());
                }
            }
            if (zipFile != null) {
                try {
                    zipFile.close();
                } catch (IOException e6) {
                    LOG.info("could not clonse zipFile", e6.getMessage());
                }
            }
            throw th;
        }
    }

    public static void marshal(CAConfType cAConfType, OutputStream outputStream) throws JAXBException, SAXException {
        ParamUtil.requireNonNull("jaxb", cAConfType);
        ParamUtil.requireNonNull("out", outputStream);
        try {
            JAXBContext newInstance = JAXBContext.newInstance(new Class[]{ObjectFactory.class});
            SchemaFactory newInstance2 = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema");
            URL resource = CaConf.class.getResource("/xsd/caconf.xsd");
            Marshaller createMarshaller = newInstance.createMarshaller();
            createMarshaller.setSchema(newInstance2.newSchema(resource));
            createMarshaller.marshal(new ObjectFactory().createCAConf(cAConfType), outputStream);
        } catch (JAXBException e) {
            throw XmlUtil.convert(e);
        }
    }

    private void init(CAConfType cAConfType, String str, ZipFile zipFile, SecurityFactory securityFactory) throws IOException, InvalidConfException, CaMgmtException {
        X509Certificate certificate;
        if (str != null) {
            this.properties.put("baseDir", str);
        }
        if (cAConfType.getProperties() != null) {
            for (NameValueType nameValueType : cAConfType.getProperties().getProperty()) {
                String name = nameValueType.getName();
                if (this.properties.containsKey(name)) {
                    throw new InvalidConfException("Property " + name + " already defined");
                }
                this.properties.put(name, nameValueType.getValue());
            }
        }
        if (cAConfType.getCmpcontrols() != null) {
            for (CmpcontrolType cmpcontrolType : cAConfType.getCmpcontrols().getCmpcontrol()) {
                addCmpControl(new CmpControlEntry(cmpcontrolType.getName(), getValue(cmpcontrolType.getConf(), zipFile)));
            }
        }
        if (cAConfType.getResponders() != null) {
            for (ResponderType responderType : cAConfType.getResponders().getResponder()) {
                addResponder(new CmpResponderEntry(responderType.getName(), expandConf(responderType.getType()), getValue(responderType.getConf(), zipFile), getBase64Binary(responderType.getCert(), zipFile)));
            }
        }
        if (cAConfType.getEnvironments() != null) {
            for (NameValueType nameValueType2 : cAConfType.getEnvironments().getEnvironment()) {
                addEnvironment(nameValueType2.getName(), expandConf(nameValueType2.getValue()));
            }
        }
        if (cAConfType.getCrlsigners() != null) {
            for (CrlsignerType crlsignerType : cAConfType.getCrlsigners().getCrlsigner()) {
                addCrlSigner(new X509CrlSignerEntry(crlsignerType.getName(), expandConf(crlsignerType.getSignerType()), getValue(crlsignerType.getSignerConf(), zipFile), getBase64Binary(crlsignerType.getSignerCert(), zipFile), expandConf(crlsignerType.getCrlControl())));
            }
        }
        if (cAConfType.getRequestors() != null) {
            for (RequestorType requestorType : cAConfType.getRequestors().getRequestor()) {
                addRequestor(new CmpRequestorEntry(new NameId((Integer) null, requestorType.getName()), getBase64Binary(requestorType.getCert(), zipFile)));
            }
        }
        if (cAConfType.getPublishers() != null) {
            for (PublisherType publisherType : cAConfType.getPublishers().getPublisher()) {
                addPublisher(new PublisherEntry(new NameId((Integer) null, publisherType.getName()), expandConf(publisherType.getType()), getValue(publisherType.getConf(), zipFile)));
            }
        }
        if (cAConfType.getProfiles() != null) {
            for (ProfileType profileType : cAConfType.getProfiles().getProfile()) {
                addProfile(new CertprofileEntry(new NameId((Integer) null, profileType.getName()), expandConf(profileType.getType()), getValue(profileType.getConf(), zipFile)));
            }
        }
        if (cAConfType.getCas() != null) {
            for (CaType caType : cAConfType.getCas().getCa()) {
                String name2 = caType.getName();
                GenSelfIssued genSelfIssued = null;
                X509CaEntry x509CaEntry = null;
                if (caType.getCaInfo() != null) {
                    X509CaInfoType x509Ca = caType.getCaInfo().getX509Ca();
                    if (x509Ca.getGenSelfIssued() != null) {
                        String str2 = null;
                        if (x509Ca.getCert() != null) {
                            if (x509Ca.getCert().getFile() == null) {
                                throw new InvalidConfException("cert.file of CA " + name2 + " must not be null");
                            }
                            str2 = expandConf(x509Ca.getCert().getFile());
                        }
                        byte[] binary = getBinary(x509Ca.getGenSelfIssued().getCsr(), zipFile);
                        BigInteger bigInteger = null;
                        String serialNumber = x509Ca.getGenSelfIssued().getSerialNumber();
                        if (serialNumber != null) {
                            String upperCase = serialNumber.toUpperCase();
                            bigInteger = upperCase.startsWith("0X") ? new BigInteger(upperCase.substring(2), 16) : new BigInteger(upperCase);
                        }
                        genSelfIssued = new GenSelfIssued(x509Ca.getGenSelfIssued().getProfile(), binary, bigInteger, str2);
                    }
                    x509CaEntry = new X509CaEntry(new NameId((Integer) null, name2), x509Ca.getSnSize(), x509Ca.getNextCrlNo(), expandConf(x509Ca.getSignerType()), getValue(x509Ca.getSignerConf(), zipFile), new X509CaUris(getStrings(x509Ca.getCacertUris()), getStrings(x509Ca.getOcspUris()), getStrings(x509Ca.getCrlUris()), getStrings(x509Ca.getDeltacrlUris())), x509Ca.getNumCrls() == null ? 30 : x509Ca.getNumCrls().intValue(), x509Ca.getExpirationPeriod() == null ? 365 : x509Ca.getExpirationPeriod().intValue());
                    x509CaEntry.setCmpControlName(x509Ca.getCmpcontrolName());
                    x509CaEntry.setCrlSignerName(x509Ca.getCrlsignerName());
                    x509CaEntry.setDuplicateKeyPermitted(x509Ca.isDuplicateKey());
                    x509CaEntry.setDuplicateSubjectPermitted(x509Ca.isDuplicateSubject());
                    if (x509Ca.getExtraControl() != null) {
                        x509CaEntry.setExtraControl(getValue(x509Ca.getExtraControl(), zipFile));
                    }
                    x509CaEntry.setKeepExpiredCertInDays(x509Ca.getKeepExpiredCertDays() == null ? -1 : x509Ca.getKeepExpiredCertDays().intValue());
                    x509CaEntry.setMaxValidity(CertValidity.getInstance(x509Ca.getMaxValidity()));
                    x509CaEntry.setPermission(x509Ca.getPermission());
                    x509CaEntry.setResponderName(x509Ca.getResponderName());
                    x509CaEntry.setSaveRequest(x509Ca.isSaveReq());
                    x509CaEntry.setStatus(CaStatus.forName(x509Ca.getStatus()));
                    if (x509Ca.getValidityMode() != null) {
                        x509CaEntry.setValidityMode(ValidityMode.forName(x509Ca.getValidityMode()));
                    }
                    if (x509Ca.getGenSelfIssued() == null) {
                        if (x509Ca.getCert() != null) {
                            try {
                                certificate = X509Util.parseCert(getBinary(x509Ca.getCert(), zipFile));
                            } catch (CertificateException e) {
                                throw new InvalidConfException("invalid certificate of CA " + name2, e);
                            }
                        } else {
                            try {
                                certificate = securityFactory.createSigner(expandConf(x509Ca.getSignerType()), new SignerConf(CaEntry.splitCaSignerConfs(getValue(x509Ca.getSignerConf(), zipFile)).get(0)[1]), (X509Certificate) null).getCertificate();
                            } catch (ObjectCreationException | XiSecurityException e2) {
                                throw new InvalidConfException("could not create CA signer for CA " + name2, e2);
                            }
                        }
                        x509CaEntry.setCertificate(certificate);
                    }
                }
                LinkedList linkedList = null;
                if (caType.getRequestors() != null) {
                    linkedList = new LinkedList();
                    for (CaHasRequestorType caHasRequestorType : caType.getRequestors().getRequestor()) {
                        CaHasRequestorEntry caHasRequestorEntry = new CaHasRequestorEntry(new NameId((Integer) null, caHasRequestorType.getRequestorName()));
                        caHasRequestorEntry.setRa(caHasRequestorType.isRa());
                        List<String> strings = getStrings(caHasRequestorType.getProfiles());
                        if (strings != null) {
                            caHasRequestorEntry.setProfiles(new HashSet(strings));
                        }
                        caHasRequestorEntry.setPermission(caHasRequestorType.getPermission());
                        linkedList.add(caHasRequestorEntry);
                    }
                }
                addSingleCa(new SingleCaConf(name2, genSelfIssued, x509CaEntry, getStrings(caType.getAliases()), getStrings(caType.getProfiles()), linkedList, getStrings(caType.getPublishers())));
            }
        }
        if (cAConfType.getSceps() != null) {
            for (ScepType scepType : cAConfType.getSceps().getScep()) {
                String name3 = scepType.getName();
                this.sceps.put(name3, new ScepEntry(name3, new NameId((Integer) null, scepType.getCaName()), true, scepType.getResponderType(), getValue(scepType.getResponderConf(), zipFile), null, new HashSet(getStrings(scepType.getProfiles())), scepType.getControl()));
            }
        }
    }

    public void addCmpControl(CmpControlEntry cmpControlEntry) {
        ParamUtil.requireNonNull("cmpControl", cmpControlEntry);
        this.cmpControls.put(cmpControlEntry.name(), cmpControlEntry);
    }

    public Set<String> getCmpControlNames() {
        return Collections.unmodifiableSet(this.cmpControls.keySet());
    }

    public CmpControlEntry getCmpControl(String str) {
        return this.cmpControls.get(ParamUtil.requireNonNull("name", str));
    }

    public void addResponder(CmpResponderEntry cmpResponderEntry) {
        ParamUtil.requireNonNull("responder", cmpResponderEntry);
        this.responders.put(cmpResponderEntry.name(), cmpResponderEntry);
    }

    public Set<String> getResponderNames() {
        return Collections.unmodifiableSet(this.responders.keySet());
    }

    public CmpResponderEntry getResponder(String str) {
        return this.responders.get(ParamUtil.requireNonNull("name", str));
    }

    public void addEnvironment(String str, String str2) {
        ParamUtil.requireNonBlank("name", str);
        ParamUtil.requireNonBlank("value", str2);
        this.environments.put(str, str2);
    }

    public Set<String> getEnvironmentNames() {
        return Collections.unmodifiableSet(this.environments.keySet());
    }

    public String getEnvironment(String str) {
        return this.environments.get(ParamUtil.requireNonNull("name", str));
    }

    public void addCrlSigner(X509CrlSignerEntry x509CrlSignerEntry) {
        ParamUtil.requireNonNull("crlSigner", x509CrlSignerEntry);
        this.crlSigners.put(x509CrlSignerEntry.name(), x509CrlSignerEntry);
    }

    public Set<String> getCrlSignerNames() {
        return Collections.unmodifiableSet(this.crlSigners.keySet());
    }

    public X509CrlSignerEntry getCrlSigner(String str) {
        return this.crlSigners.get(ParamUtil.requireNonNull("name", str));
    }

    public void addRequestor(CmpRequestorEntry cmpRequestorEntry) {
        ParamUtil.requireNonNull("requestor", cmpRequestorEntry);
        this.requestors.put(cmpRequestorEntry.ident().name(), cmpRequestorEntry);
    }

    public Set<String> getRequestorNames() {
        return Collections.unmodifiableSet(this.requestors.keySet());
    }

    public CmpRequestorEntry getRequestor(String str) {
        return this.requestors.get(ParamUtil.requireNonNull("name", str));
    }

    public void addPublisher(PublisherEntry publisherEntry) {
        ParamUtil.requireNonNull("publisher", publisherEntry);
        this.publishers.put(publisherEntry.ident().name(), publisherEntry);
    }

    public Set<String> getPublisherNames() {
        return Collections.unmodifiableSet(this.publishers.keySet());
    }

    public PublisherEntry getPublisher(String str) {
        return this.publishers.get(ParamUtil.requireNonNull("name", str));
    }

    public void addProfile(CertprofileEntry certprofileEntry) {
        ParamUtil.requireNonNull("profile", certprofileEntry);
        this.certprofiles.put(certprofileEntry.ident().name(), certprofileEntry);
    }

    public Set<String> getCertProfileNames() {
        return Collections.unmodifiableSet(this.certprofiles.keySet());
    }

    public CertprofileEntry getCertProfile(String str) {
        return this.certprofiles.get(ParamUtil.requireNonNull("name", str));
    }

    public void addSingleCa(SingleCaConf singleCaConf) {
        ParamUtil.requireNonNull("singleCa", singleCaConf);
        this.cas.put(singleCaConf.name(), singleCaConf);
    }

    public Set<String> getCaNames() {
        return Collections.unmodifiableSet(this.cas.keySet());
    }

    public SingleCaConf getCa(String str) {
        return this.cas.get(ParamUtil.requireNonNull("name", str));
    }

    public void addScep(ScepEntry scepEntry) {
        ParamUtil.requireNonNull("scep", scepEntry);
        this.sceps.put(scepEntry.name(), scepEntry);
    }

    public Set<String> getScepNames() {
        return Collections.unmodifiableSet(this.sceps.keySet());
    }

    public ScepEntry getScep(String str) {
        return this.sceps.get(ParamUtil.requireNonNull("name", str));
    }

    private String getValue(FileOrValueType fileOrValueType, ZipFile zipFile) throws IOException {
        InputStream fileInputStream;
        if (fileOrValueType == null) {
            return null;
        }
        if (fileOrValueType.getValue() != null) {
            return expandConf(fileOrValueType.getValue());
        }
        String expandConf = expandConf(fileOrValueType.getFile());
        if (zipFile != null) {
            fileInputStream = zipFile.getInputStream(new ZipEntry(expandConf));
            if (fileInputStream == null) {
                throw new IOException("could not find ZIP entry " + expandConf);
            }
        } else {
            fileInputStream = new FileInputStream(expandConf);
        }
        return expandConf(new String(IoUtil.read(fileInputStream), "UTF-8"));
    }

    private String getBase64Binary(FileOrBinaryType fileOrBinaryType, ZipFile zipFile) throws IOException {
        byte[] binary = getBinary(fileOrBinaryType, zipFile);
        if (binary == null) {
            return null;
        }
        return Base64.encodeToString(binary);
    }

    private byte[] getBinary(FileOrBinaryType fileOrBinaryType, ZipFile zipFile) throws IOException {
        InputStream fileInputStream;
        if (fileOrBinaryType == null) {
            return null;
        }
        if (fileOrBinaryType.getBinary() != null) {
            return fileOrBinaryType.getBinary();
        }
        String expandConf = expandConf(fileOrBinaryType.getFile());
        if (zipFile != null) {
            fileInputStream = zipFile.getInputStream(new ZipEntry(expandConf));
            if (fileInputStream == null) {
                throw new IOException("could not find ZIP entry " + expandConf);
            }
        } else {
            fileInputStream = new FileInputStream(expandConf);
        }
        return IoUtil.read(fileInputStream);
    }

    private List<String> getStrings(StringsType stringsType) {
        if (stringsType == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList(stringsType.getStr().size());
        Iterator<String> it = stringsType.getStr().iterator();
        while (it.hasNext()) {
            arrayList.add(expandConf(it.next()));
        }
        return arrayList;
    }

    private final String expandConf(String str) {
        if (str == null || !str.contains("${") || str.indexOf(125) == -1) {
            return str;
        }
        for (String str2 : this.properties.keySet()) {
            String str3 = "${" + str2 + "}";
            while (str.contains(str3)) {
                str = str.replace(str3, this.properties.get(str2));
            }
        }
        return str;
    }
}
