package org.xipki.ca.server.impl;

import java.io.BufferedOutputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.SocketException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ScheduledThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;
import javax.xml.bind.JAXBException;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extensions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.audit.AuditEvent;
import org.xipki.audit.AuditLevel;
import org.xipki.audit.AuditServiceRegister;
import org.xipki.audit.AuditStatus;
import org.xipki.audit.PciAuditEvent;
import org.xipki.ca.api.DfltEnvParameterResolver;
import org.xipki.ca.api.EnvParameterResolver;
import org.xipki.ca.api.NameId;
import org.xipki.ca.api.OperationException;
import org.xipki.ca.api.RequestType;
import org.xipki.ca.api.profile.CertValidity;
import org.xipki.ca.api.profile.CertprofileException;
import org.xipki.ca.api.profile.x509.X509CertprofileFactoryRegister;
import org.xipki.ca.api.publisher.CertPublisherException;
import org.xipki.ca.api.publisher.x509.X509CertPublisherFactoryRegister;
import org.xipki.ca.api.publisher.x509.X509CertificateInfo;
import org.xipki.ca.server.impl.X509SelfSignedCertBuilder;
import org.xipki.ca.server.impl.cmp.CmpRequestorEntryWrapper;
import org.xipki.ca.server.impl.cmp.CmpResponderEntryWrapper;
import org.xipki.ca.server.impl.cmp.CmpResponderManager;
import org.xipki.ca.server.impl.cmp.X509CaCmpResponder;
import org.xipki.ca.server.impl.ocsp.OcspCertPublisher;
import org.xipki.ca.server.impl.scep.Scep;
import org.xipki.ca.server.impl.scep.ScepManager;
import org.xipki.ca.server.impl.store.CertificateStore;
import org.xipki.ca.server.impl.store.X509CertWithRevocationInfo;
import org.xipki.ca.server.impl.util.PasswordHash;
import org.xipki.ca.server.mgmt.api.AddUserEntry;
import org.xipki.ca.server.mgmt.api.CaEntry;
import org.xipki.ca.server.mgmt.api.CaHasRequestorEntry;
import org.xipki.ca.server.mgmt.api.CaHasUserEntry;
import org.xipki.ca.server.mgmt.api.CaManager;
import org.xipki.ca.server.mgmt.api.CaMgmtException;
import org.xipki.ca.server.mgmt.api.CaStatus;
import org.xipki.ca.server.mgmt.api.CaSystemStatus;
import org.xipki.ca.server.mgmt.api.CertListInfo;
import org.xipki.ca.server.mgmt.api.CertListOrderBy;
import org.xipki.ca.server.mgmt.api.CertprofileEntry;
import org.xipki.ca.server.mgmt.api.ChangeCaEntry;
import org.xipki.ca.server.mgmt.api.ChangeUserEntry;
import org.xipki.ca.server.mgmt.api.CmpControl;
import org.xipki.ca.server.mgmt.api.CmpControlEntry;
import org.xipki.ca.server.mgmt.api.CmpRequestorEntry;
import org.xipki.ca.server.mgmt.api.CmpResponderEntry;
import org.xipki.ca.server.mgmt.api.PublisherEntry;
import org.xipki.ca.server.mgmt.api.UserEntry;
import org.xipki.ca.server.mgmt.api.conf.CaConf;
import org.xipki.ca.server.mgmt.api.conf.GenSelfIssued;
import org.xipki.ca.server.mgmt.api.conf.SingleCaConf;
import org.xipki.ca.server.mgmt.api.conf.jaxb.CAConfType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasRequestorType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.CaType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.CmpcontrolType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.CrlsignerType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.FileOrBinaryType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.FileOrValueType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.NameValueType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.ProfileType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.PublisherType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.RequestorType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.ResponderType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.ScepType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.StringsType;
import org.xipki.ca.server.mgmt.api.conf.jaxb.X509CaInfoType;
import org.xipki.ca.server.mgmt.api.x509.CertWithStatusInfo;
import org.xipki.ca.server.mgmt.api.x509.ChangeScepEntry;
import org.xipki.ca.server.mgmt.api.x509.RevokeSuspendedCertsControl;
import org.xipki.ca.server.mgmt.api.x509.ScepEntry;
import org.xipki.ca.server.mgmt.api.x509.X509CaEntry;
import org.xipki.ca.server.mgmt.api.x509.X509CaUris;
import org.xipki.ca.server.mgmt.api.x509.X509ChangeCrlSignerEntry;
import org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry;
import org.xipki.common.ConfPairs;
import org.xipki.common.InvalidConfException;
import org.xipki.common.ObjectCreationException;
import org.xipki.common.util.Base64;
import org.xipki.common.util.CollectionUtil;
import org.xipki.common.util.DateUtil;
import org.xipki.common.util.IoUtil;
import org.xipki.common.util.LogUtil;
import org.xipki.common.util.ParamUtil;
import org.xipki.common.util.StringUtil;
import org.xipki.datasource.DataSourceFactory;
import org.xipki.datasource.DataSourceWrapper;
import org.xipki.datasource.springframework.dao.DataAccessException;
import org.xipki.password.PasswordResolverException;
import org.xipki.security.CertRevocationInfo;
import org.xipki.security.ConcurrentContentSigner;
import org.xipki.security.CrlReason;
import org.xipki.security.SecurityFactory;
import org.xipki.security.SignerConf;
import org.xipki.security.exception.XiSecurityException;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/xipki/ca/server/impl/CaManagerImpl.class */
public class CaManagerImpl implements CaManager, CmpResponderManager, ScepManager {
    public static final String ENV_EPOCH = "EPOCH";
    private static final Logger LOG = LoggerFactory.getLogger(CaManagerImpl.class);
    private static final String EVENT_LOCK = "LOCK";
    private static final String EVENT_CACHAGNE = "CA_CHANGE";
    private final String lockInstanceId;
    private ByCaRequestorInfo byCaRequestor;
    private NameId byUserRequestorId;
    private boolean caLockedByMe;
    private boolean masterMode;
    private Map<String, DataSourceWrapper> datasources;
    private ScheduledThreadPoolExecutor persistentScheduledThreadPoolExecutor;
    private ScheduledThreadPoolExecutor scheduledThreadPoolExecutor;
    private String caConfFile;
    private boolean caSystemSetuped;
    private boolean responderInitialized;
    private boolean requestorsInitialized;
    private boolean caAliasesInitialized;
    private boolean certprofilesInitialized;
    private boolean publishersInitialized;
    private boolean crlSignersInitialized;
    private boolean cmpControlInitialized;
    private boolean casInitialized;
    private boolean environmentParametersInitialized;
    private boolean scepsInitialized;
    private Date lastStartTime;
    private AuditServiceRegister auditServiceRegister;
    private X509CertprofileFactoryRegister x509CertProfileFactoryRegister;
    private X509CertPublisherFactoryRegister x509CertPublisherFactoryRegister;
    private DataSourceWrapper datasource;
    private CertificateStore certstore;
    private SecurityFactory securityFactory;
    private CaManagerQueryExecutor queryExecutor;
    private boolean initializing;
    private final CaIdNameMap idNameMap = new CaIdNameMap();
    private final Map<String, X509CaInfo> caInfos = new ConcurrentHashMap();
    private Map<String, CmpResponderEntryWrapper> responders = new ConcurrentHashMap();
    private Map<String, CmpResponderEntry> responderDbEntries = new ConcurrentHashMap();
    private final Map<String, IdentifiedX509Certprofile> certprofiles = new ConcurrentHashMap();
    private final Map<String, CertprofileEntry> certprofileDbEntries = new ConcurrentHashMap();
    private final Map<String, IdentifiedX509CertPublisher> publishers = new ConcurrentHashMap();
    private final Map<String, PublisherEntry> publisherDbEntries = new ConcurrentHashMap();
    private final Map<String, CmpControl> cmpControls = new ConcurrentHashMap();
    private final Map<String, CmpControlEntry> cmpControlDbEntries = new ConcurrentHashMap();
    private final Map<String, CmpRequestorEntryWrapper> requestors = new ConcurrentHashMap();
    private final Map<String, CmpRequestorEntry> requestorDbEntries = new ConcurrentHashMap();
    private final Map<String, X509CrlSignerEntryWrapper> crlSigners = new ConcurrentHashMap();
    private final Map<String, X509CrlSignerEntry> crlSignerDbEntries = new ConcurrentHashMap();
    private final Map<String, Scep> sceps = new ConcurrentHashMap();
    private final Map<String, ScepEntry> scepDbEntries = new ConcurrentHashMap();
    private final Map<String, Set<String>> caHasProfiles = new ConcurrentHashMap();
    private final Map<String, Set<String>> caHasPublishers = new ConcurrentHashMap();
    private final Map<String, Set<CaHasRequestorEntry>> caHasRequestors = new ConcurrentHashMap();
    private final Map<String, Integer> caAliases = new ConcurrentHashMap();
    private final DfltEnvParameterResolver envParameterResolver = new DfltEnvParameterResolver();
    private final Map<String, X509CaCmpResponder> x509Responders = new ConcurrentHashMap();
    private final Map<String, X509Ca> x509cas = new ConcurrentHashMap();
    private final DataSourceFactory datasourceFactory = new DataSourceFactory();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/xipki/ca/server/impl/CaManagerImpl$CaRestarter.class */
    public class CaRestarter implements Runnable {
        private boolean inProcess;

        private CaRestarter() {
        }

        @Override // java.lang.Runnable
        public void run() {
            if (this.inProcess) {
                return;
            }
            this.inProcess = true;
            try {
                try {
                    SystemEvent systemEvent = CaManagerImpl.this.queryExecutor.getSystemEvent(CaManagerImpl.EVENT_CACHAGNE);
                    long eventTime = systemEvent == null ? 0L : systemEvent.eventTime();
                    CaManagerImpl.LOG.info("check the restart CA system event: changed at={}, lastStartTime={}", new Date(eventTime * 1000), CaManagerImpl.this.lastStartTime);
                    if (eventTime > CaManagerImpl.this.lastStartTime.getTime() / 1000) {
                        CaManagerImpl.LOG.info("received event to restart CA");
                        CaManagerImpl.this.restartCaSystem();
                    } else {
                        CaManagerImpl.LOG.debug("received no event to restart CA");
                    }
                    this.inProcess = false;
                } catch (Throwable th) {
                    LogUtil.error(CaManagerImpl.LOG, th, "ScheduledCaRestarter");
                    this.inProcess = false;
                }
            } catch (Throwable th2) {
                this.inProcess = false;
                throw th2;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/xipki/ca/server/impl/CaManagerImpl$CertsInQueuePublisher.class */
    public class CertsInQueuePublisher implements Runnable {
        private boolean inProcess;

        private CertsInQueuePublisher() {
        }

        @Override // java.lang.Runnable
        public void run() {
            if (this.inProcess || !CaManagerImpl.this.caSystemSetuped) {
                return;
            }
            this.inProcess = true;
            try {
                try {
                    CaManagerImpl.LOG.debug("publishing certificates in PUBLISHQUEUE");
                    for (String str : CaManagerImpl.this.x509cas.keySet()) {
                        if (((X509Ca) CaManagerImpl.this.x509cas.get(str)).publishCertsInQueue()) {
                            CaManagerImpl.LOG.info(" published certificates of CA {} in PUBLISHQUEUE", str);
                        } else {
                            CaManagerImpl.LOG.error("publishing certificates of CA {} in PUBLISHQUEUE failed", str);
                        }
                    }
                    this.inProcess = false;
                } catch (Throwable th) {
                    LogUtil.error(CaManagerImpl.LOG, th, "could not publish CertsInQueue");
                    this.inProcess = false;
                }
            } catch (Throwable th2) {
                this.inProcess = false;
                throw th2;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/xipki/ca/server/impl/CaManagerImpl$UnreferencedRequstCleaner.class */
    public class UnreferencedRequstCleaner implements Runnable {
        private boolean inProcess;

        private UnreferencedRequstCleaner() {
        }

        @Override // java.lang.Runnable
        public void run() {
            if (this.inProcess) {
                return;
            }
            this.inProcess = true;
            try {
                try {
                    CaManagerImpl.this.certstore.deleteUnreferencedRequests();
                    CaManagerImpl.LOG.info("deleted unreferenced requests");
                } catch (Throwable th) {
                    LogUtil.error(CaManagerImpl.LOG, th, "could not delete unreferenced requests");
                }
            } finally {
                this.inProcess = false;
            }
        }
    }

    public CaManagerImpl() throws InvalidConfException {
        String str = null;
        File file = new File("calock");
        if (file.exists()) {
            try {
                str = new String(IoUtil.read(file));
            } catch (IOException e) {
                LOG.error("could not read {}: {}", file.getName(), e.getMessage());
            }
        }
        if (str == null) {
            str = UUID.randomUUID().toString();
            try {
                IoUtil.save(file, str.getBytes());
            } catch (IOException e2) {
                LOG.error("could not save {}: {}", file.getName(), e2.getMessage());
            }
        }
        String str2 = null;
        try {
            str2 = IoUtil.getHostAddress();
        } catch (SocketException e3) {
            LOG.warn("could not get host address: {}", e3.getMessage());
        }
        this.lockInstanceId = str2 == null ? str : str2 + "/" + str;
    }

    public SecurityFactory securityFactory() {
        return this.securityFactory;
    }

    public void setSecurityFactory(SecurityFactory securityFactory) {
        this.securityFactory = securityFactory;
    }

    public DataSourceFactory dataSourceFactory() {
        return this.datasourceFactory;
    }

    public boolean isMasterMode() {
        return this.masterMode;
    }

    private void init() throws CaMgmtException {
        if (this.securityFactory == null) {
            throw new IllegalStateException("securityFactory is not set");
        }
        if (this.datasourceFactory == null) {
            throw new IllegalStateException("datasourceFactory is not set");
        }
        if (this.x509CertProfileFactoryRegister == null) {
            throw new IllegalStateException("x509CertProfileFactoryRegister is not set");
        }
        if (this.x509CertPublisherFactoryRegister == null) {
            throw new IllegalStateException("x509CertPublisherFactoryRegister is not set");
        }
        if (this.caConfFile == null) {
            throw new IllegalStateException("caConfFile is not set");
        }
        Properties properties = new Properties();
        try {
            properties.load(new FileInputStream(IoUtil.expandFilepath(this.caConfFile)));
            String property = properties.getProperty("ca.mode");
            if (property == null) {
                this.masterMode = true;
            } else if ("slave".equalsIgnoreCase(property)) {
                this.masterMode = false;
            } else {
                if (!"master".equalsIgnoreCase(property)) {
                    throw new CaMgmtException("invalid ca.mode '" + property + "'");
                }
                this.masterMode = true;
            }
            String property2 = properties.getProperty("ca.shardId");
            if (StringUtil.isBlank(property2)) {
                throw new CaMgmtException("ca.shardId is not set");
            }
            LOG.info("ca.shardId: {}", property2);
            try {
                int parseInt = Integer.parseInt(property2);
                if (parseInt < 0 || parseInt > 127) {
                    throw new CaMgmtException("ca.shardId is not in [0, 127]");
                }
                if (this.datasources == null) {
                    this.datasources = new ConcurrentHashMap();
                    for (String str : properties.keySet()) {
                        if (StringUtil.startsWithIgnoreCase(str, "datasource.")) {
                            String property3 = properties.getProperty(str);
                            try {
                                String substring = str.substring("datasource.".length());
                                DataSourceWrapper createDataSourceForFile = this.datasourceFactory.createDataSourceForFile(substring, property3, this.securityFactory.getPasswordResolver());
                                createDataSourceForFile.returnConnection(createDataSourceForFile.getConnection());
                                this.datasources.put(substring, createDataSourceForFile);
                            } catch (DataAccessException | PasswordResolverException | IOException | RuntimeException e) {
                                throw new CaMgmtException(e.getClass().getName() + " while parsing datasource " + property3 + ": " + e.getMessage(), e);
                            }
                        }
                    }
                    this.datasource = this.datasources.get("ca");
                }
                if (this.datasource == null) {
                    throw new CaMgmtException("no datasource named 'ca' configured");
                }
                this.queryExecutor = new CaManagerQueryExecutor(this.datasource);
                initEnvironmentParamters();
                String parameter = this.envParameterResolver.parameter(ENV_EPOCH);
                if (this.masterMode) {
                    try {
                        if (!lockCa(true)) {
                            throw new CaMgmtException("could not lock the CA database. In general this indicates that another CA software in active mode is accessing the database or the last shutdown of CA software in active mode is abnormal.");
                        }
                        if (parameter == null) {
                            parameter = this.queryExecutor.setEpoch(new Date(System.currentTimeMillis() - 86400000));
                            LOG.info("set environment {} to {}", ENV_EPOCH, parameter);
                        }
                        this.queryExecutor.addRequestorIfNeeded("BY-CA");
                        this.queryExecutor.addRequestorIfNeeded("BY-USER");
                    } catch (DataAccessException e2) {
                        throw new CaMgmtException("DataAccessException while locking CA", e2);
                    }
                } else if (parameter == null) {
                    throw new CaMgmtException("The CA system must be started first with ca.mode = master");
                }
                LOG.info("use EPOCH: {}", parameter);
                try {
                    this.certstore = new CertificateStore(this.datasource, new UniqueIdGenerator(DateUtil.parseUtcTimeyyyyMMdd(parameter).getTime(), parseInt));
                    initCaAliases();
                    initCertprofiles();
                    initPublishers();
                    initCmpControls();
                    initRequestors();
                    initResponders();
                    initCrlSigners();
                    initCas();
                    initSceps();
                } catch (DataAccessException e3) {
                    throw new CaMgmtException(e3.getMessage(), e3);
                }
            } catch (NumberFormatException e4) {
                throw new CaMgmtException("invalid ca.shardId '" + property2 + "'");
            }
        } catch (IOException e5) {
            throw new CaMgmtException("could not parse CA configuration" + this.caConfFile, e5);
        }
    }

    public CaSystemStatus getCaSystemStatus() {
        return this.caSystemSetuped ? this.masterMode ? CaSystemStatus.STARTED_AS_MASTER : CaSystemStatus.STARTED_AS_SLAVE : this.initializing ? CaSystemStatus.INITIALIZING : !this.caLockedByMe ? CaSystemStatus.LOCK_FAILED : CaSystemStatus.ERROR;
    }

    private boolean lockCa(boolean z) throws DataAccessException, CaMgmtException {
        SystemEvent systemEvent = this.queryExecutor.getSystemEvent(EVENT_LOCK);
        if (systemEvent != null) {
            String owner = systemEvent.owner();
            Date date = new Date(systemEvent.eventTime() * 1000);
            if (!this.lockInstanceId.equals(owner)) {
                LOG.error("could not lock CA, it has been locked by {} since {}", owner, date);
                return false;
            }
            if (!z) {
                return true;
            }
            LOG.info("CA has been locked by me since {}, re-lock it", date);
        }
        return this.queryExecutor.changeSystemEvent(new SystemEvent(EVENT_LOCK, this.lockInstanceId, System.currentTimeMillis() / 1000));
    }

    public boolean unlockCa() {
        if (!this.masterMode) {
            LOG.error("could not unlock CA in slave mode");
            return false;
        }
        this.caLockedByMe = false;
        boolean z = false;
        try {
            this.queryExecutor.unlockCa();
            z = true;
        } catch (CaMgmtException e) {
            LogUtil.warn(LOG, e, "error in unlockCa()");
        }
        if (z) {
            LOG.info("unlocked CA");
        } else {
            LOG.error("unlocking CA failed");
        }
        auditLogPciEvent(z, "UNLOCK");
        return z;
    }

    private void reset() {
        this.caSystemSetuped = false;
        this.responderInitialized = false;
        this.requestorsInitialized = false;
        this.caAliasesInitialized = false;
        this.certprofilesInitialized = false;
        this.publishersInitialized = false;
        this.crlSignersInitialized = false;
        this.cmpControlInitialized = false;
        this.casInitialized = false;
        this.environmentParametersInitialized = false;
        this.scepsInitialized = false;
        shutdownScheduledThreadPoolExecutor();
    }

    public boolean restartCaSystem() {
        reset();
        boolean startCaSystem0 = startCaSystem0();
        if (!startCaSystem0) {
            LOG.error("could not restart CA system");
        }
        auditLogPciEvent(startCaSystem0, EVENT_CACHAGNE);
        return startCaSystem0;
    }

    public boolean notifyCaChange() throws CaMgmtException {
        try {
            this.queryExecutor.changeSystemEvent(new SystemEvent(EVENT_CACHAGNE, this.lockInstanceId, System.currentTimeMillis() / 1000));
            LOG.info("notified the change of CA system");
            return true;
        } catch (CaMgmtException e) {
            LogUtil.warn(LOG, e, "could not notify slave CAs to restart");
            return false;
        }
    }

    public void startCaSystem() {
        boolean z = false;
        try {
            z = startCaSystem0();
        } catch (Throwable th) {
            LogUtil.error(LOG, th, "could not start CA system");
        }
        if (!z) {
            LOG.error("could not start CA system");
        }
        auditLogPciEvent(z, "START");
    }

    private boolean startCaSystem0() {
        if (this.caSystemSetuped) {
            return true;
        }
        this.initializing = true;
        shutdownScheduledThreadPoolExecutor();
        try {
            LOG.info("starting CA system");
            try {
                init();
                this.lastStartTime = new Date();
                this.x509cas.clear();
                this.x509Responders.clear();
                this.scheduledThreadPoolExecutor = new ScheduledThreadPoolExecutor(10);
                this.scheduledThreadPoolExecutor.setRemoveOnCancelPolicy(true);
                LinkedList linkedList = new LinkedList();
                LinkedList linkedList2 = new LinkedList();
                for (String str : this.caInfos.keySet()) {
                    if (CaStatus.ACTIVE == this.caInfos.get(str).caEntry().status()) {
                        if (startCa(str)) {
                            linkedList.add(str);
                            LOG.info("started CA {}", str);
                        } else {
                            linkedList2.add(str);
                            LOG.error("could not start CA {}", str);
                        }
                    }
                }
                this.caSystemSetuped = true;
                StringBuilder sb = new StringBuilder();
                sb.append("started CA system");
                Set<String> caAliasNames = getCaAliasNames();
                HashSet hashSet = new HashSet(getCaNames());
                if (hashSet.size() > 0) {
                    sb.append(" with following CAs: ");
                    for (String str2 : caAliasNames) {
                        String caNameForAlias = getCaNameForAlias(str2);
                        hashSet.remove(caNameForAlias);
                        sb.append(caNameForAlias).append(" (alias ").append(str2).append(")").append(", ");
                    }
                    Iterator it = hashSet.iterator();
                    while (it.hasNext()) {
                        sb.append((String) it.next()).append(", ");
                    }
                    int length = sb.length();
                    sb.delete(length - 2, length);
                    this.scheduledThreadPoolExecutor.scheduleAtFixedRate(new CertsInQueuePublisher(), 120L, 120L, TimeUnit.SECONDS);
                    this.scheduledThreadPoolExecutor.scheduleAtFixedRate(new UnreferencedRequstCleaner(), 60L, 86400L, TimeUnit.SECONDS);
                } else {
                    sb.append(": no CA is configured");
                }
                if (!linkedList2.isEmpty()) {
                    sb.append(", and following CAs could not be started: ");
                    for (String str3 : caAliasNames) {
                        String caNameForAlias2 = getCaNameForAlias(str3);
                        if (linkedList2.remove(caNameForAlias2)) {
                            sb.append(caNameForAlias2).append(" (alias ").append(str3).append(")");
                            sb.append(", ");
                        }
                    }
                    Iterator it2 = linkedList2.iterator();
                    while (it2.hasNext()) {
                        sb.append((String) it2.next()).append(", ");
                    }
                    int length2 = sb.length();
                    sb.delete(length2 - 2, length2);
                }
                LOG.info("{}", sb);
                this.initializing = false;
                if (this.masterMode || this.persistentScheduledThreadPoolExecutor != null) {
                    return true;
                }
                this.persistentScheduledThreadPoolExecutor = new ScheduledThreadPoolExecutor(1);
                this.persistentScheduledThreadPoolExecutor.setRemoveOnCancelPolicy(true);
                this.persistentScheduledThreadPoolExecutor.scheduleAtFixedRate(new CaRestarter(), 300L, 300L, TimeUnit.SECONDS);
                return true;
            } catch (Exception e) {
                LogUtil.error(LOG, e);
                this.initializing = false;
                if (!this.masterMode && this.persistentScheduledThreadPoolExecutor == null) {
                    this.persistentScheduledThreadPoolExecutor = new ScheduledThreadPoolExecutor(1);
                    this.persistentScheduledThreadPoolExecutor.setRemoveOnCancelPolicy(true);
                    this.persistentScheduledThreadPoolExecutor.scheduleAtFixedRate(new CaRestarter(), 300L, 300L, TimeUnit.SECONDS);
                }
                return false;
            }
        } catch (Throwable th) {
            this.initializing = false;
            if (!this.masterMode && this.persistentScheduledThreadPoolExecutor == null) {
                this.persistentScheduledThreadPoolExecutor = new ScheduledThreadPoolExecutor(1);
                this.persistentScheduledThreadPoolExecutor.setRemoveOnCancelPolicy(true);
                this.persistentScheduledThreadPoolExecutor.scheduleAtFixedRate(new CaRestarter(), 300L, 300L, TimeUnit.SECONDS);
            }
            throw th;
        }
    }

    private boolean startCa(String str) {
        X509CaInfo x509CaInfo = this.caInfos.get(str);
        String extraControl = x509CaInfo.caEntry().extraControl();
        if (StringUtil.isNotBlank(extraControl)) {
            ConfPairs confPairs = new ConfPairs(extraControl);
            String value = confPairs.value("revokeSuspendedCerts.enabled");
            boolean z = false;
            if (value != null) {
                z = Boolean.parseBoolean(value);
            }
            if (z) {
                String value2 = confPairs.value("revokeSuspendedCerts.targetReason");
                CrlReason forNameOrText = value2 == null ? CrlReason.CESSATION_OF_OPERATION : CrlReason.forNameOrText(value2);
                String value3 = confPairs.value("revokeSuspendedCerts.unchangedSince");
                x509CaInfo.setRevokeSuspendedCertsControl(new RevokeSuspendedCertsControl(forNameOrText, value3 == null ? new CertValidity(15, CertValidity.Unit.DAY) : CertValidity.getInstance(value3)));
            }
        }
        boolean isSignerRequired = x509CaInfo.isSignerRequired();
        String crlSignerName = x509CaInfo.crlSignerName();
        if (isSignerRequired && this.masterMode && crlSignerName != null) {
            X509CrlSignerEntryWrapper x509CrlSignerEntryWrapper = this.crlSigners.get(crlSignerName);
            try {
                x509CrlSignerEntryWrapper.dbEntry().setConfFaulty(true);
                x509CrlSignerEntryWrapper.initSigner(this.securityFactory);
                x509CrlSignerEntryWrapper.dbEntry().setConfFaulty(false);
            } catch (XiSecurityException | OperationException | InvalidConfException e) {
                LogUtil.error(LOG, e, "X09CrlSignerEntryWrapper.initSigner (name=" + crlSignerName + ")");
                return false;
            }
        }
        try {
            X509Ca x509Ca = new X509Ca(this, x509CaInfo, this.certstore);
            x509Ca.setAuditServiceRegister(this.auditServiceRegister);
            this.x509cas.put(str, x509Ca);
            this.x509Responders.put(str, new X509CaCmpResponder(this, str));
            return true;
        } catch (OperationException e2) {
            LogUtil.error(LOG, e2, "X509CA.<init> (ca=" + str + ")");
            return false;
        }
    }

    public void shutdown() {
        LOG.info("stopping CA system");
        shutdownScheduledThreadPoolExecutor();
        if (this.persistentScheduledThreadPoolExecutor != null) {
            this.persistentScheduledThreadPoolExecutor.shutdown();
            while (!this.persistentScheduledThreadPoolExecutor.isTerminated()) {
                try {
                    Thread.sleep(100L);
                } catch (InterruptedException e) {
                    LOG.error("interrupted: {}", e.getMessage());
                }
            }
            this.persistentScheduledThreadPoolExecutor = null;
        }
        for (String str : this.x509cas.keySet()) {
            try {
                this.x509cas.get(str).shutdown();
            } catch (Throwable th) {
                LOG.info("could not call ca.shutdown() for CA '{}': {}", str, th.getMessage());
            }
        }
        if (this.caLockedByMe) {
            unlockCa();
        }
        File file = new File("calock");
        if (file.exists()) {
            file.delete();
        }
        for (String str2 : this.datasources.keySet()) {
            try {
                this.datasources.get(str2).close();
            } catch (Exception e2) {
                LogUtil.warn(LOG, e2, "could not close datasource " + str2);
            }
        }
        auditLogPciEvent(true, "SHUTDOWN");
        LOG.info("stopped CA system");
    }

    @Override // org.xipki.ca.server.impl.cmp.CmpResponderManager
    public X509CaCmpResponder getX509CaResponder(String str) {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        return this.x509Responders.get(str.toUpperCase());
    }

    public ScheduledThreadPoolExecutor scheduledThreadPoolExecutor() {
        return this.scheduledThreadPoolExecutor;
    }

    public Set<String> getCertprofileNames() {
        return this.certprofileDbEntries.keySet();
    }

    public Set<String> getPublisherNames() {
        return this.publisherDbEntries.keySet();
    }

    public Set<String> getRequestorNames() {
        return this.requestorDbEntries.keySet();
    }

    public Set<String> getResponderNames() {
        return this.responderDbEntries.keySet();
    }

    public Set<String> getCrlSignerNames() {
        return this.crlSigners.keySet();
    }

    public Set<String> getCmpControlNames() {
        return this.cmpControlDbEntries.keySet();
    }

    public Set<String> getCaNames() {
        return this.caInfos.keySet();
    }

    public Set<String> getSuccessfulCaNames() {
        HashSet hashSet = new HashSet();
        for (String str : this.x509cas.keySet()) {
            if (CaStatus.ACTIVE == this.caInfos.get(str).status()) {
                hashSet.add(str);
            }
        }
        return hashSet;
    }

    public Set<String> getFailedCaNames() {
        HashSet hashSet = new HashSet();
        for (String str : this.caInfos.keySet()) {
            if (CaStatus.ACTIVE == this.caInfos.get(str).status() && !this.x509cas.containsKey(str)) {
                hashSet.add(str);
            }
        }
        return hashSet;
    }

    public Set<String> getInactiveCaNames() {
        HashSet hashSet = new HashSet();
        for (String str : this.caInfos.keySet()) {
            if (CaStatus.INACTIVE == this.caInfos.get(str).status()) {
                hashSet.add(str);
            }
        }
        return hashSet;
    }

    private void initRequestors() throws CaMgmtException {
        if (this.requestorsInitialized) {
            return;
        }
        this.idNameMap.clearRequestor();
        this.requestorDbEntries.clear();
        this.requestors.clear();
        for (String str : this.queryExecutor.namesFromTable("REQUESTOR")) {
            if ("BY-CA".equals(str)) {
                NameId nameId = new NameId(this.queryExecutor.getRequestorId(str), str);
                this.byCaRequestor = new ByCaRequestorInfo(nameId);
                this.idNameMap.addRequestor(nameId);
            } else if ("BY-USER".equals(str)) {
                this.byUserRequestorId = new NameId(this.queryExecutor.getRequestorId(str), str);
                this.idNameMap.addRequestor(this.byUserRequestorId);
            } else {
                CmpRequestorEntry createRequestor = this.queryExecutor.createRequestor(str);
                if (createRequestor != null) {
                    this.idNameMap.addRequestor(createRequestor.ident());
                    this.requestorDbEntries.put(str, createRequestor);
                    CmpRequestorEntryWrapper cmpRequestorEntryWrapper = new CmpRequestorEntryWrapper();
                    cmpRequestorEntryWrapper.setDbEntry(createRequestor);
                    this.requestors.put(str, cmpRequestorEntryWrapper);
                }
            }
        }
        this.requestorsInitialized = true;
    }

    private void initResponders() throws CaMgmtException {
        if (this.responderInitialized) {
            return;
        }
        this.responderDbEntries.clear();
        this.responders.clear();
        for (String str : this.queryExecutor.namesFromTable("RESPONDER")) {
            CmpResponderEntry createResponder = this.queryExecutor.createResponder(str);
            if (createResponder == null) {
                LOG.error("could not initialize Responder '{}'", str);
            } else {
                createResponder.setConfFaulty(true);
                this.responderDbEntries.put(str, createResponder);
                CmpResponderEntryWrapper createCmpResponder = createCmpResponder(createResponder);
                if (createCmpResponder != null) {
                    createResponder.setConfFaulty(false);
                    this.responders.put(str, createCmpResponder);
                }
            }
        }
        this.responderInitialized = true;
    }

    private void initEnvironmentParamters() throws CaMgmtException {
        if (this.environmentParametersInitialized) {
            return;
        }
        Map<String, String> createEnvParameters = this.queryExecutor.createEnvParameters();
        this.envParameterResolver.clear();
        for (String str : createEnvParameters.keySet()) {
            this.envParameterResolver.addParameter(str, createEnvParameters.get(str));
        }
        this.environmentParametersInitialized = true;
    }

    private void initCaAliases() throws CaMgmtException {
        if (this.caAliasesInitialized) {
            return;
        }
        Map<String, Integer> createCaAliases = this.queryExecutor.createCaAliases();
        this.caAliases.clear();
        for (String str : createCaAliases.keySet()) {
            this.caAliases.put(str, createCaAliases.get(str));
        }
        this.caAliasesInitialized = true;
    }

    private void initCertprofiles() throws CaMgmtException {
        if (this.certprofilesInitialized) {
            return;
        }
        Iterator<String> it = this.certprofiles.keySet().iterator();
        while (it.hasNext()) {
            shutdownCertprofile(this.certprofiles.get(it.next()));
        }
        this.certprofileDbEntries.clear();
        this.idNameMap.clearCertprofile();
        this.certprofiles.clear();
        for (String str : this.queryExecutor.namesFromTable("PROFILE")) {
            CertprofileEntry createCertprofile = this.queryExecutor.createCertprofile(str);
            if (createCertprofile == null) {
                LOG.error("could not initialize Certprofile '{}'", str);
            } else {
                this.idNameMap.addCertprofile(createCertprofile.ident());
                createCertprofile.setFaulty(true);
                this.certprofileDbEntries.put(str, createCertprofile);
                IdentifiedX509Certprofile createCertprofile2 = createCertprofile(createCertprofile);
                if (createCertprofile2 != null) {
                    createCertprofile.setFaulty(false);
                    this.certprofiles.put(str, createCertprofile2);
                }
            }
        }
        this.certprofilesInitialized = true;
    }

    private void initPublishers() throws CaMgmtException {
        if (this.publishersInitialized) {
            return;
        }
        Iterator<String> it = this.publishers.keySet().iterator();
        while (it.hasNext()) {
            shutdownPublisher(this.publishers.get(it.next()));
        }
        this.publishers.clear();
        this.publisherDbEntries.clear();
        this.idNameMap.clearPublisher();
        for (String str : this.queryExecutor.namesFromTable("PUBLISHER")) {
            PublisherEntry createPublisher = this.queryExecutor.createPublisher(str);
            if (createPublisher == null) {
                LOG.error("could not initialize publisher '{}'", str);
            } else {
                this.idNameMap.addPublisher(createPublisher.ident());
                createPublisher.setFaulty(true);
                this.publisherDbEntries.put(str, createPublisher);
                IdentifiedX509CertPublisher createPublisher2 = createPublisher(createPublisher);
                if (createPublisher2 != null) {
                    createPublisher.setFaulty(false);
                    this.publishers.put(str, createPublisher2);
                }
            }
        }
        this.publishersInitialized = true;
    }

    private void initCrlSigners() throws CaMgmtException {
        if (this.crlSignersInitialized) {
            return;
        }
        this.crlSigners.clear();
        this.crlSignerDbEntries.clear();
        for (String str : this.queryExecutor.namesFromTable("CRLSIGNER")) {
            X509CrlSignerEntry createCrlSigner = this.queryExecutor.createCrlSigner(str);
            if (createCrlSigner == null) {
                LOG.error("could not initialize CRL signer '{}'", str);
            } else {
                this.crlSignerDbEntries.put(str, createCrlSigner);
                this.crlSigners.put(str, createX509CrlSigner(createCrlSigner));
            }
        }
        this.crlSignersInitialized = true;
    }

    private void initCmpControls() throws CaMgmtException {
        if (this.cmpControlInitialized) {
            return;
        }
        this.cmpControls.clear();
        this.cmpControlDbEntries.clear();
        for (String str : this.queryExecutor.namesFromTable("CMPCONTROL")) {
            CmpControlEntry createCmpControl = this.queryExecutor.createCmpControl(str);
            if (createCmpControl != null) {
                createCmpControl.setFaulty(true);
                this.cmpControlDbEntries.put(str, createCmpControl);
                try {
                    CmpControl cmpControl = new CmpControl(createCmpControl);
                    createCmpControl.setFaulty(false);
                    this.cmpControls.put(str, cmpControl);
                } catch (InvalidConfException e) {
                    LogUtil.error(LOG, e, "could not initialize CMP control " + str + ", ignore it");
                }
            }
        }
        this.cmpControlInitialized = true;
    }

    private void initSceps() throws CaMgmtException {
        if (this.scepsInitialized) {
            return;
        }
        this.sceps.clear();
        this.scepDbEntries.clear();
        for (String str : this.queryExecutor.namesFromTable("SCEP")) {
            ScepEntry scep = this.queryExecutor.getScep(str, this.idNameMap);
            if (scep != null) {
                scep.setConfFaulty(true);
                this.scepDbEntries.put(str, scep);
                try {
                    Scep scep2 = new Scep(scep, this);
                    scep.setConfFaulty(false);
                    this.sceps.put(str, scep2);
                } catch (CaMgmtException e) {
                    LogUtil.error(LOG, e, "could not initialize SCEP entry " + str + ", ignore it");
                }
            }
        }
        this.scepsInitialized = true;
    }

    private void initCas() throws CaMgmtException {
        if (this.casInitialized) {
            return;
        }
        this.caInfos.clear();
        this.caHasRequestors.clear();
        this.caHasPublishers.clear();
        this.caHasProfiles.clear();
        this.idNameMap.clearCa();
        Iterator<String> it = this.queryExecutor.namesFromTable("CA").iterator();
        while (it.hasNext()) {
            createCa(it.next());
        }
        this.casInitialized = true;
    }

    private boolean createCa(String str) throws CaMgmtException {
        this.caInfos.remove(str);
        this.idNameMap.removeCa(str);
        this.caHasProfiles.remove(str);
        this.caHasPublishers.remove(str);
        this.caHasRequestors.remove(str);
        X509Ca remove = this.x509cas.remove(str);
        this.x509Responders.remove(str);
        if (remove != null) {
            remove.shutdown();
        }
        X509CaInfo createCaInfo = this.queryExecutor.createCaInfo(str, this.masterMode, this.certstore);
        this.caInfos.put(str, createCaInfo);
        this.idNameMap.addCa(createCaInfo.ident());
        this.caHasRequestors.put(str, this.queryExecutor.createCaHasRequestors(createCaInfo.ident()));
        Set<Integer> createCaHasProfiles = this.queryExecutor.createCaHasProfiles(createCaInfo.ident());
        HashSet hashSet = new HashSet();
        Iterator<Integer> it = createCaHasProfiles.iterator();
        while (it.hasNext()) {
            hashSet.add(this.idNameMap.certprofileName(it.next().intValue()));
        }
        this.caHasProfiles.put(str, hashSet);
        Set<Integer> createCaHasPublishers = this.queryExecutor.createCaHasPublishers(createCaInfo.ident());
        HashSet hashSet2 = new HashSet();
        Iterator<Integer> it2 = createCaHasPublishers.iterator();
        while (it2.hasNext()) {
            hashSet2.add(this.idNameMap.publisherName(it2.next().intValue()));
        }
        this.caHasPublishers.put(str, hashSet2);
        return true;
    }

    public void commitNextCrlNo(NameId nameId, long j) throws OperationException {
        try {
            this.queryExecutor.commitNextCrlNoIfLess(nameId, j);
        } catch (CaMgmtException e) {
            if (!(e.getCause() instanceof DataAccessException)) {
                throw new OperationException(OperationException.ErrorCode.SYSTEM_FAILURE, e.getMessage());
            }
            throw new OperationException(OperationException.ErrorCode.DATABASE_FAILURE, e.getMessage());
        } catch (RuntimeException e2) {
            throw new OperationException(OperationException.ErrorCode.SYSTEM_FAILURE, e2.getMessage());
        }
    }

    public ByUserRequestorInfo createByUserRequestor(CaHasUserEntry caHasUserEntry) {
        return new ByUserRequestorInfo(this.byUserRequestorId, caHasUserEntry);
    }

    public boolean addCa(CaEntry caEntry) throws CaMgmtException {
        ParamUtil.requireNonNull("caEntry", caEntry);
        asssertMasterMode();
        String name = caEntry.ident().name();
        if (this.caInfos.containsKey(name)) {
            throw new CaMgmtException("CA named " + name + " exists");
        }
        if (caEntry instanceof X509CaEntry) {
            try {
                X509CaEntry x509CaEntry = (X509CaEntry) caEntry;
                Iterator it = CaEntry.splitCaSignerConfs(x509CaEntry.signerConf()).iterator();
                while (it.hasNext()) {
                    ConcurrentContentSigner createSigner = this.securityFactory.createSigner(x509CaEntry.signerType(), new SignerConf(((String[]) it.next())[1]), x509CaEntry.certificate());
                    if (x509CaEntry.certificate() == null) {
                        if (createSigner.getCertificate() == null) {
                            throw new CaMgmtException("CA signer without certificate is not allowed");
                        }
                        x509CaEntry.setCertificate(createSigner.getCertificate());
                    }
                }
            } catch (XiSecurityException | ObjectCreationException e) {
                throw new CaMgmtException("could not create signer for new CA " + name + ": " + e.getMessage(), e);
            }
        }
        this.queryExecutor.addCa(caEntry);
        if (!createCa(name)) {
            LOG.error("could not create CA {}", name);
            return true;
        }
        if (startCa(name)) {
            LOG.info("started CA {}", name);
            return true;
        }
        LOG.error("could not start CA {}", name);
        return true;
    }

    /* renamed from: getCa, reason: merged with bridge method [inline-methods] */
    public X509CaEntry m1getCa(String str) {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        X509CaInfo x509CaInfo = this.caInfos.get(str.toUpperCase());
        if (x509CaInfo == null) {
            return null;
        }
        return x509CaInfo.caEntry();
    }

    public boolean changeCa(ChangeCaEntry changeCaEntry) throws CaMgmtException {
        ParamUtil.requireNonNull("entry", changeCaEntry);
        asssertMasterMode();
        String name = changeCaEntry.ident().name();
        NameId ca = this.idNameMap.ca(name);
        if (ca == null) {
            throw new CaMgmtException("No CA named " + name + " does not exist");
        }
        changeCaEntry.ident().setId(ca.id());
        boolean changeCa = this.queryExecutor.changeCa(changeCaEntry, this.securityFactory);
        if (!changeCa) {
            LOG.info("no change of CA '{}' is processed", name);
        } else if (createCa(name)) {
            if (CaStatus.ACTIVE != this.caInfos.get(name).caEntry().status()) {
                return changeCa;
            }
            if (startCa(name)) {
                LOG.info("started CA {}", name);
            } else {
                LOG.error("could not start CA {}", name);
            }
        } else {
            LOG.error("could not create CA {}", name);
        }
        return changeCa;
    }

    public boolean removeCertprofileFromCa(String str, String str2) throws CaMgmtException {
        Set<String> set;
        ParamUtil.requireNonBlank("profileName", str);
        ParamUtil.requireNonBlank("caName", str2);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        String upperCase2 = str2.toUpperCase();
        if (!this.queryExecutor.removeCertprofileFromCa(upperCase, upperCase2)) {
            return false;
        }
        if (!this.caHasProfiles.containsKey(upperCase2) || (set = this.caHasProfiles.get(upperCase2)) == null) {
            return true;
        }
        set.remove(upperCase);
        return true;
    }

    public boolean addCertprofileToCa(String str, String str2) throws CaMgmtException {
        ParamUtil.requireNonBlank("profileName", str);
        ParamUtil.requireNonBlank("caName", str2);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        String upperCase2 = str2.toUpperCase();
        NameId certprofile = this.idNameMap.certprofile(upperCase);
        if (certprofile == null) {
            LOG.warn("CertProfile {} does not exist", upperCase);
            return false;
        }
        Set<String> set = this.caHasProfiles.get(upperCase2);
        if (set == null) {
            set = new HashSet();
            this.caHasProfiles.put(upperCase2, set);
        } else if (set.contains(upperCase)) {
            LOG.warn("CertProfile {} already associated with CA {}", upperCase, upperCase2);
            return false;
        }
        if (!this.certprofiles.containsKey(upperCase)) {
            throw new CaMgmtException("certprofile '" + upperCase + "' is faulty");
        }
        this.queryExecutor.addCertprofileToCa(certprofile, this.idNameMap.ca(upperCase2));
        set.add(upperCase);
        return true;
    }

    public boolean removePublisherFromCa(String str, String str2) throws CaMgmtException {
        ParamUtil.requireNonBlank("publisherName", str);
        ParamUtil.requireNonBlank("caName", str2);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        String upperCase2 = str2.toUpperCase();
        if (!this.queryExecutor.removePublisherFromCa(upperCase, upperCase2)) {
            return false;
        }
        Set<String> set = this.caHasPublishers.get(upperCase2);
        if (set == null) {
            return true;
        }
        set.remove(upperCase);
        return true;
    }

    public boolean addPublisherToCa(String str, String str2) throws CaMgmtException {
        ParamUtil.requireNonBlank("publisherName", str);
        ParamUtil.requireNonBlank("caName", str2);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        String upperCase2 = str2.toUpperCase();
        if (this.idNameMap.publisher(upperCase) == null) {
            LOG.warn("Publisher {} does not exist", upperCase);
            return false;
        }
        Set<String> set = this.caHasPublishers.get(upperCase2);
        if (set == null) {
            set = new HashSet();
            this.caHasPublishers.put(upperCase2, set);
        } else if (set.contains(upperCase)) {
            LOG.warn("CertProfile {} already associated with CA {}", upperCase, upperCase2);
            return false;
        }
        IdentifiedX509CertPublisher identifiedX509CertPublisher = this.publishers.get(upperCase);
        if (identifiedX509CertPublisher == null) {
            throw new CaMgmtException("publisher '" + upperCase + "' is faulty");
        }
        this.queryExecutor.addPublisherToCa(this.idNameMap.publisher(upperCase), this.idNameMap.ca(upperCase2));
        set.add(upperCase);
        this.caHasPublishers.get(upperCase2).add(upperCase);
        identifiedX509CertPublisher.caAdded(this.caInfos.get(upperCase2).certificate());
        return true;
    }

    public Set<String> getCertprofilesForCa(String str) {
        ParamUtil.requireNonBlank("caName", str);
        return this.caHasProfiles.get(str.toUpperCase());
    }

    public Set<CaHasRequestorEntry> getRequestorsForCa(String str) {
        ParamUtil.requireNonBlank("caName", str);
        return this.caHasRequestors.get(str.toUpperCase());
    }

    public CmpRequestorEntry getRequestor(String str) {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        return this.requestorDbEntries.get(str.toUpperCase());
    }

    public CmpRequestorEntryWrapper cmpRequestorWrapper(String str) {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        return this.requestors.get(str.toUpperCase());
    }

    public boolean addRequestor(CmpRequestorEntry cmpRequestorEntry) throws CaMgmtException {
        ParamUtil.requireNonNull("dbEntry", cmpRequestorEntry);
        asssertMasterMode();
        String name = cmpRequestorEntry.ident().name();
        if (this.requestorDbEntries.containsKey(name)) {
            return false;
        }
        CmpRequestorEntryWrapper cmpRequestorEntryWrapper = new CmpRequestorEntryWrapper();
        cmpRequestorEntryWrapper.setDbEntry(cmpRequestorEntry);
        this.queryExecutor.addRequestor(cmpRequestorEntry);
        this.idNameMap.addRequestor(cmpRequestorEntry.ident());
        this.requestorDbEntries.put(name, cmpRequestorEntry);
        this.requestors.put(name, cmpRequestorEntryWrapper);
        return true;
    }

    public boolean removeRequestor(String str) throws CaMgmtException {
        ParamUtil.requireNonBlank("requestorName", str);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        Iterator<String> it = this.caHasRequestors.keySet().iterator();
        while (it.hasNext()) {
            removeRequestorFromCa(upperCase, it.next());
        }
        if (!this.queryExecutor.deleteRowWithName(upperCase, "REQUESTOR")) {
            return false;
        }
        this.idNameMap.removeRequestor(this.requestorDbEntries.get(upperCase).ident().id().intValue());
        this.requestorDbEntries.remove(upperCase);
        this.requestors.remove(upperCase);
        LOG.info("removed requestor '{}'", upperCase);
        return true;
    }

    public boolean changeRequestor(String str, String str2) throws CaMgmtException {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        if (str2 == null) {
            return false;
        }
        NameId requestor = this.idNameMap.requestor(upperCase);
        if (requestor == null) {
            throw new CaMgmtException("Requestor named " + upperCase + " does not exists");
        }
        CmpRequestorEntryWrapper changeRequestor = this.queryExecutor.changeRequestor(requestor, str2);
        if (changeRequestor == null) {
            return false;
        }
        this.requestorDbEntries.remove(upperCase);
        this.requestors.remove(upperCase);
        this.requestorDbEntries.put(upperCase, changeRequestor.dbEntry());
        this.requestors.put(upperCase, changeRequestor);
        return true;
    }

    public boolean removeRequestorFromCa(String str, String str2) throws CaMgmtException {
        ParamUtil.requireNonBlank("requestorName", str);
        ParamUtil.requireNonBlank("caName", str2);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        String upperCase2 = str2.toUpperCase();
        if (upperCase.equals("BY-CA") || upperCase.equals("BY-USER")) {
            throw new CaMgmtException("removing requestor " + upperCase + " is not permitted");
        }
        boolean removeRequestorFromCa = this.queryExecutor.removeRequestorFromCa(upperCase, upperCase2);
        if (removeRequestorFromCa && this.caHasRequestors.containsKey(upperCase2)) {
            Set<CaHasRequestorEntry> set = this.caHasRequestors.get(upperCase2);
            CaHasRequestorEntry caHasRequestorEntry = null;
            for (CaHasRequestorEntry caHasRequestorEntry2 : set) {
                if (caHasRequestorEntry2.requestorIdent().name().equals(upperCase)) {
                    caHasRequestorEntry = caHasRequestorEntry2;
                }
            }
            set.remove(caHasRequestorEntry);
        }
        return removeRequestorFromCa;
    }

    public boolean addRequestorToCa(CaHasRequestorEntry caHasRequestorEntry, String str) throws CaMgmtException {
        ParamUtil.requireNonNull(CaAuditConstants.NAME_requestor, caHasRequestorEntry);
        ParamUtil.requireNonBlank("caName", str);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        NameId requestorIdent = caHasRequestorEntry.requestorIdent();
        NameId requestor = this.idNameMap.requestor(requestorIdent.name());
        if (requestor == null) {
            LOG.warn("Requestor {} does not exist", requestorIdent.name());
            return false;
        }
        requestorIdent.setId(requestor.id());
        Set<CaHasRequestorEntry> set = this.caHasRequestors.get(upperCase);
        if (set == null) {
            set = new HashSet();
            this.caHasRequestors.put(upperCase, set);
        } else {
            Iterator<CaHasRequestorEntry> it = set.iterator();
            while (it.hasNext()) {
                if (it.next().requestorIdent().name().equals(requestorIdent.name())) {
                    LOG.warn("Requestor {} already associated with CA {}", requestorIdent.name(), upperCase);
                    return false;
                }
            }
        }
        set.add(caHasRequestorEntry);
        this.queryExecutor.addRequestorToCa(caHasRequestorEntry, this.idNameMap.ca(upperCase));
        this.caHasRequestors.get(upperCase).add(caHasRequestorEntry);
        return true;
    }

    public boolean removeUserFromCa(String str, String str2) throws CaMgmtException {
        ParamUtil.requireNonBlank("userName", str);
        ParamUtil.requireNonBlank("caName", str2);
        asssertMasterMode();
        return this.queryExecutor.removeUserFromCa(str.toUpperCase(), str2.toUpperCase());
    }

    public boolean addUserToCa(CaHasUserEntry caHasUserEntry, String str) throws CaMgmtException {
        ParamUtil.requireNonBlank("caName", str);
        asssertMasterMode();
        return this.queryExecutor.addUserToCa(caHasUserEntry, x509Ca(str.toUpperCase()).caIdent());
    }

    public Map<String, CaHasUserEntry> getCaHasUsers(String str) throws CaMgmtException {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_user, str);
        return this.queryExecutor.getCaHasUsers(str, this.idNameMap);
    }

    public CertprofileEntry getCertprofile(String str) {
        ParamUtil.requireNonBlank("profileName", str);
        return this.certprofileDbEntries.get(str.toUpperCase());
    }

    public boolean removeCertprofile(String str) throws CaMgmtException {
        ParamUtil.requireNonBlank("profileName", str);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        Iterator<String> it = this.caHasProfiles.keySet().iterator();
        while (it.hasNext()) {
            removeCertprofileFromCa(upperCase, it.next());
        }
        if (!this.queryExecutor.deleteRowWithName(upperCase, "PROFILE")) {
            return false;
        }
        LOG.info("removed profile '{}'", upperCase);
        this.idNameMap.removeCertprofile(this.certprofileDbEntries.get(upperCase).ident().id().intValue());
        this.certprofileDbEntries.remove(upperCase);
        shutdownCertprofile(this.certprofiles.remove(upperCase));
        return true;
    }

    public boolean changeCertprofile(String str, String str2, String str3) throws CaMgmtException {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        if (str2 == null && str3 == null) {
            return false;
        }
        NameId certprofile = this.idNameMap.certprofile(str);
        if (certprofile == null) {
            throw new CaMgmtException("Certprofile " + str + " does not exist");
        }
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        IdentifiedX509Certprofile changeCertprofile = this.queryExecutor.changeCertprofile(certprofile, str2, str3, this);
        if (changeCertprofile == null) {
            return false;
        }
        this.certprofileDbEntries.remove(upperCase);
        IdentifiedX509Certprofile remove = this.certprofiles.remove(upperCase);
        this.certprofileDbEntries.put(upperCase, changeCertprofile.dbEntry());
        this.certprofiles.put(upperCase, changeCertprofile);
        if (remove == null) {
            return true;
        }
        shutdownCertprofile(remove);
        return true;
    }

    public boolean addCertprofile(CertprofileEntry certprofileEntry) throws CaMgmtException {
        ParamUtil.requireNonNull("dbEntry", certprofileEntry);
        asssertMasterMode();
        String name = certprofileEntry.ident().name();
        if (this.certprofileDbEntries.containsKey(name)) {
            return false;
        }
        certprofileEntry.setFaulty(true);
        IdentifiedX509Certprofile createCertprofile = createCertprofile(certprofileEntry);
        if (createCertprofile == null) {
            return false;
        }
        certprofileEntry.setFaulty(false);
        this.certprofiles.put(name, createCertprofile);
        this.queryExecutor.addCertprofile(certprofileEntry);
        this.idNameMap.addCertprofile(certprofileEntry.ident());
        this.certprofileDbEntries.put(name, certprofileEntry);
        return true;
    }

    public boolean addResponder(CmpResponderEntry cmpResponderEntry) throws CaMgmtException {
        ParamUtil.requireNonNull("dbEntry", cmpResponderEntry);
        asssertMasterMode();
        String name = cmpResponderEntry.name();
        if (this.crlSigners.containsKey(name)) {
            return false;
        }
        CmpResponderEntryWrapper createCmpResponder = createCmpResponder(cmpResponderEntry);
        this.queryExecutor.addResponder(cmpResponderEntry);
        this.responders.put(name, createCmpResponder);
        this.responderDbEntries.put(name, cmpResponderEntry);
        return true;
    }

    public boolean removeResponder(String str) throws CaMgmtException {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        if (!this.queryExecutor.deleteRowWithName(upperCase, "RESPONDER")) {
            return false;
        }
        Iterator<String> it = this.caInfos.keySet().iterator();
        while (it.hasNext()) {
            X509CaInfo x509CaInfo = this.caInfos.get(it.next());
            if (upperCase.equals(x509CaInfo.responderName())) {
                x509CaInfo.setResponderName(null);
            }
        }
        this.responderDbEntries.remove(upperCase);
        this.responders.remove(upperCase);
        LOG.info("removed Responder '{}'", upperCase);
        return true;
    }

    public boolean changeResponder(String str, String str2, String str3, String str4) throws CaMgmtException {
        CmpResponderEntryWrapper changeResponder;
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        if ((str2 == null && str3 == null && str4 == null) || (changeResponder = this.queryExecutor.changeResponder(upperCase, str2, str3, str4, this)) == null) {
            return false;
        }
        this.responders.remove(upperCase);
        this.responderDbEntries.remove(upperCase);
        this.responderDbEntries.put(upperCase, changeResponder.dbEntry());
        this.responders.put(upperCase, changeResponder);
        return true;
    }

    public CmpResponderEntry getResponder(String str) {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        return this.responderDbEntries.get(str.toUpperCase());
    }

    public CmpResponderEntryWrapper cmpResponderWrapper(String str) {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        return this.responders.get(str.toUpperCase());
    }

    public boolean addCrlSigner(X509CrlSignerEntry x509CrlSignerEntry) throws CaMgmtException {
        ParamUtil.requireNonNull("dbEntry", x509CrlSignerEntry);
        asssertMasterMode();
        String name = x509CrlSignerEntry.name();
        if (this.crlSigners.containsKey(name)) {
            return false;
        }
        X509CrlSignerEntryWrapper createX509CrlSigner = createX509CrlSigner(x509CrlSignerEntry);
        X509CrlSignerEntry dbEntry = createX509CrlSigner.dbEntry();
        this.queryExecutor.addCrlSigner(dbEntry);
        this.crlSigners.put(name, createX509CrlSigner);
        this.crlSignerDbEntries.put(name, dbEntry);
        return true;
    }

    public boolean removeCrlSigner(String str) throws CaMgmtException {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        if (!this.queryExecutor.deleteRowWithName(upperCase, "CRLSIGNER")) {
            return false;
        }
        Iterator<String> it = this.caInfos.keySet().iterator();
        while (it.hasNext()) {
            X509CaInfo x509CaInfo = this.caInfos.get(it.next());
            if (upperCase.equals(x509CaInfo.crlSignerName())) {
                x509CaInfo.setCrlSignerName(null);
            }
        }
        this.crlSigners.remove(upperCase);
        this.crlSignerDbEntries.remove(upperCase);
        LOG.info("removed CRL signer '{}'", upperCase);
        return true;
    }

    public boolean changeCrlSigner(X509ChangeCrlSignerEntry x509ChangeCrlSignerEntry) throws CaMgmtException {
        ParamUtil.requireNonNull("dbEntry", x509ChangeCrlSignerEntry);
        asssertMasterMode();
        String name = x509ChangeCrlSignerEntry.name();
        X509CrlSignerEntryWrapper changeCrlSigner = this.queryExecutor.changeCrlSigner(name, x509ChangeCrlSignerEntry.signerType(), x509ChangeCrlSignerEntry.signerConf(), x509ChangeCrlSignerEntry.base64Cert(), x509ChangeCrlSignerEntry.crlControl(), this);
        if (changeCrlSigner == null) {
            return false;
        }
        this.crlSigners.remove(name);
        this.crlSignerDbEntries.remove(name);
        this.crlSignerDbEntries.put(name, changeCrlSigner.dbEntry());
        this.crlSigners.put(name, changeCrlSigner);
        return true;
    }

    public X509CrlSignerEntry getCrlSigner(String str) {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        return this.crlSignerDbEntries.get(str.toUpperCase());
    }

    public X509CrlSignerEntryWrapper crlSignerWrapper(String str) {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        return this.crlSigners.get(str.toUpperCase());
    }

    public boolean addPublisher(PublisherEntry publisherEntry) throws CaMgmtException {
        ParamUtil.requireNonNull("dbEntry", publisherEntry);
        asssertMasterMode();
        String name = publisherEntry.ident().name();
        if (this.publisherDbEntries.containsKey(name)) {
            return false;
        }
        publisherEntry.setFaulty(true);
        IdentifiedX509CertPublisher createPublisher = createPublisher(publisherEntry);
        if (createPublisher == null) {
            return false;
        }
        publisherEntry.setFaulty(false);
        this.queryExecutor.addPublisher(publisherEntry);
        this.idNameMap.addPublisher(publisherEntry.ident());
        this.publisherDbEntries.put(name, publisherEntry);
        this.publishers.put(name, createPublisher);
        return true;
    }

    public List<PublisherEntry> getPublishersForCa(String str) {
        ParamUtil.requireNonBlank("caName", str);
        Set<String> set = this.caHasPublishers.get(str.toUpperCase());
        if (set == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(set.size());
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            arrayList.add(this.publisherDbEntries.get(it.next()));
        }
        return arrayList;
    }

    public PublisherEntry getPublisher(String str) {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        return this.publisherDbEntries.get(str.toUpperCase());
    }

    public boolean removePublisher(String str) throws CaMgmtException {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        Iterator<String> it = this.caHasPublishers.keySet().iterator();
        while (it.hasNext()) {
            removePublisherFromCa(upperCase, it.next());
        }
        if (!this.queryExecutor.deleteRowWithName(upperCase, "PUBLISHER")) {
            return false;
        }
        LOG.info("removed publisher '{}'", upperCase);
        this.publisherDbEntries.remove(upperCase);
        shutdownPublisher(this.publishers.remove(upperCase));
        return true;
    }

    public boolean changePublisher(String str, String str2, String str3) throws CaMgmtException {
        IdentifiedX509CertPublisher changePublisher;
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        if ((str2 == null && str3 == null) || (changePublisher = this.queryExecutor.changePublisher(upperCase, str2, str3, this)) == null) {
            return false;
        }
        shutdownPublisher(this.publishers.remove(upperCase));
        this.publisherDbEntries.put(upperCase, changePublisher.dbEntry());
        this.publishers.put(upperCase, changePublisher);
        return true;
    }

    public CmpControlEntry getCmpControl(String str) {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        return this.cmpControlDbEntries.get(str.toUpperCase());
    }

    public CmpControl cmpControlObject(String str) {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        return this.cmpControls.get(str.toUpperCase());
    }

    public boolean addCmpControl(CmpControlEntry cmpControlEntry) throws CaMgmtException {
        ParamUtil.requireNonNull("dbEntry", cmpControlEntry);
        asssertMasterMode();
        String name = cmpControlEntry.name();
        if (this.cmpControlDbEntries.containsKey(name)) {
            return false;
        }
        try {
            CmpControl cmpControl = new CmpControl(cmpControlEntry);
            CmpControlEntry dbEntry = cmpControl.dbEntry();
            this.queryExecutor.addCmpControl(dbEntry);
            this.cmpControls.put(name, cmpControl);
            this.cmpControlDbEntries.put(name, dbEntry);
            return true;
        } catch (InvalidConfException e) {
            LogUtil.error(LOG, e, "could not add CMP control to certStore");
            return false;
        }
    }

    public boolean removeCmpControl(String str) throws CaMgmtException {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        if (!this.queryExecutor.deleteRowWithName(upperCase, "CMPCONTROL")) {
            return false;
        }
        Iterator<String> it = this.caInfos.keySet().iterator();
        while (it.hasNext()) {
            X509CaInfo x509CaInfo = this.caInfos.get(it.next());
            if (upperCase.equals(x509CaInfo.cmpControlName())) {
                x509CaInfo.setCmpControlName(null);
            }
        }
        this.cmpControlDbEntries.remove(upperCase);
        this.cmpControls.remove(upperCase);
        LOG.info("removed CMPControl '{}'", upperCase);
        return true;
    }

    public boolean changeCmpControl(String str, String str2) throws CaMgmtException {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        ParamUtil.requireNonBlank("conf", str2);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        CmpControl changeCmpControl = this.queryExecutor.changeCmpControl(upperCase, str2);
        if (changeCmpControl == null) {
            return false;
        }
        this.cmpControlDbEntries.put(upperCase, changeCmpControl.dbEntry());
        this.cmpControls.put(upperCase, changeCmpControl);
        return true;
    }

    public EnvParameterResolver envParameterResolver() {
        return this.envParameterResolver;
    }

    public Set<String> getEnvParamNames() {
        return this.envParameterResolver.allParameterNames();
    }

    public String getEnvParam(String str) {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        return this.envParameterResolver.parameter(str);
    }

    public boolean addEnvParam(String str, String str2) throws CaMgmtException {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        ParamUtil.requireNonBlank("value", str2);
        asssertMasterMode();
        if (this.envParameterResolver.parameter(str) != null) {
            return false;
        }
        this.queryExecutor.addEnvParam(str, str2);
        this.envParameterResolver.addParameter(str, str2);
        return true;
    }

    public boolean removeEnvParam(String str) throws CaMgmtException {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        asssertMasterMode();
        if (!this.queryExecutor.deleteRowWithName(str, "ENVIRONMENT")) {
            return false;
        }
        LOG.info("removed environment param '{}'", str);
        this.envParameterResolver.removeParamater(str);
        return true;
    }

    public boolean changeEnvParam(String str, String str2) throws CaMgmtException {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        ParamUtil.requireNonNull("value", str2);
        asssertMasterMode();
        assertNotNull("value", str2);
        if (this.envParameterResolver.parameter(str) == null) {
            throw new CaMgmtException("could not find environment paramter " + str);
        }
        if (!this.queryExecutor.changeEnvParam(str, str2)) {
            return false;
        }
        this.envParameterResolver.addParameter(str, str2);
        return true;
    }

    public String caConfFile() {
        return this.caConfFile;
    }

    public void setCaConfFile(String str) {
        this.caConfFile = str;
    }

    public boolean addCaAlias(String str, String str2) throws CaMgmtException {
        ParamUtil.requireNonBlank("aliasName", str);
        ParamUtil.requireNonBlank("caName", str2);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        X509Ca x509Ca = this.x509cas.get(str2.toUpperCase());
        if (x509Ca == null) {
            return false;
        }
        String upperCase2 = upperCase.toUpperCase();
        if (this.caAliases.get(upperCase2) != null) {
            return false;
        }
        this.queryExecutor.addCaAlias(upperCase2, x509Ca.caIdent());
        this.caAliases.put(upperCase2, x509Ca.caIdent().id());
        return true;
    }

    public boolean removeCaAlias(String str) throws CaMgmtException {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        if (!this.queryExecutor.removeCaAlias(upperCase)) {
            return false;
        }
        this.caAliases.remove(upperCase);
        return true;
    }

    @Override // org.xipki.ca.server.impl.cmp.CmpResponderManager
    public String getCaNameForAlias(String str) {
        ParamUtil.requireNonBlank("aliasName", str);
        Integer num = this.caAliases.get(str.toUpperCase());
        Iterator<String> it = this.x509cas.keySet().iterator();
        while (it.hasNext()) {
            X509Ca x509Ca = this.x509cas.get(it.next());
            if (x509Ca.caIdent().id() == num) {
                return x509Ca.caIdent().name();
            }
        }
        return null;
    }

    public Set<String> getAliasesForCa(String str) {
        ParamUtil.requireNonBlank("caName", str);
        String upperCase = str.toUpperCase();
        HashSet hashSet = new HashSet();
        X509Ca x509Ca = this.x509cas.get(upperCase);
        if (x509Ca == null) {
            return hashSet;
        }
        NameId caIdent = x509Ca.caIdent();
        for (String str2 : this.caAliases.keySet()) {
            if (this.caAliases.get(str2) == caIdent.id()) {
                hashSet.add(str2);
            }
        }
        return hashSet;
    }

    public Set<String> getCaAliasNames() {
        return this.caAliases.keySet();
    }

    public boolean removeCa(String str) throws CaMgmtException {
        ParamUtil.requireNonBlank("caName", str);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        if (!this.queryExecutor.removeCa(upperCase)) {
            return false;
        }
        LOG.info("removed CA '{}'", upperCase);
        this.caInfos.remove(upperCase);
        this.idNameMap.removeCa(upperCase);
        this.idNameMap.removeCa(upperCase);
        this.caHasProfiles.remove(upperCase);
        this.caHasPublishers.remove(upperCase);
        this.caHasRequestors.remove(upperCase);
        X509Ca remove = this.x509cas.remove(upperCase);
        this.x509Responders.remove(upperCase);
        if (remove == null) {
            return true;
        }
        remove.shutdown();
        return true;
    }

    public boolean republishCertificates(String str, List<String> list, int i) throws CaMgmtException {
        ParamUtil.requireNonBlank("caName", str);
        ParamUtil.requireMin("numThreads", i, 1);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        X509Ca x509Ca = this.x509cas.get(upperCase);
        if (x509Ca == null) {
            throw new CaMgmtException("could not find CA named " + upperCase);
        }
        if (x509Ca.republishCertificates(CollectionUtil.toUpperCaseList(list), i)) {
            return true;
        }
        throw new CaMgmtException("republishing certificates of CA " + upperCase + " failed");
    }

    public boolean revokeCa(String str, CertRevocationInfo certRevocationInfo) throws CaMgmtException {
        CrlReason reason;
        ParamUtil.requireNonBlank("caName", str);
        ParamUtil.requireNonNull("revocationInfo", certRevocationInfo);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        if (!this.x509cas.containsKey(upperCase)) {
            return false;
        }
        LOG.info("revoking CA '{}'", upperCase);
        X509Ca x509Ca = this.x509cas.get(upperCase);
        CertRevocationInfo revocationInfo = x509Ca.caInfo().revocationInfo();
        if (revocationInfo != null && (reason = revocationInfo.reason()) != CrlReason.CERTIFICATE_HOLD) {
            throw new CaMgmtException("CA " + upperCase + " has been revoked with reason " + reason.name());
        }
        if (!this.queryExecutor.revokeCa(upperCase, certRevocationInfo)) {
            return false;
        }
        try {
            x509Ca.revokeCa(certRevocationInfo, CaAuditConstants.MSGID_CA_mgmt);
            LOG.info("revoked CA '{}'", upperCase);
            auditLogPciEvent(true, "REVOKE CA " + upperCase);
            return true;
        } catch (OperationException e) {
            throw new CaMgmtException("could not revoke CA " + e.getMessage(), e);
        }
    }

    public boolean unrevokeCa(String str) throws CaMgmtException {
        ParamUtil.requireNonBlank("caName", str);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        if (!this.x509cas.containsKey(upperCase)) {
            throw new CaMgmtException("could not find CA named " + upperCase);
        }
        LOG.info("unrevoking of CA '{}'", upperCase);
        if (!this.queryExecutor.unrevokeCa(upperCase)) {
            return false;
        }
        try {
            this.x509cas.get(upperCase).unrevokeCa(CaAuditConstants.MSGID_CA_mgmt);
            LOG.info("unrevoked CA '{}'", upperCase);
            auditLogPciEvent(true, "UNREVOKE CA " + upperCase);
            return true;
        } catch (OperationException e) {
            throw new CaMgmtException("could not unrevoke of CA " + e.getMessage(), e);
        }
    }

    public void setX509CertProfileFactoryRegister(X509CertprofileFactoryRegister x509CertprofileFactoryRegister) {
        this.x509CertProfileFactoryRegister = x509CertprofileFactoryRegister;
    }

    public void setX509CertPublisherFactoryRegister(X509CertPublisherFactoryRegister x509CertPublisherFactoryRegister) {
        this.x509CertPublisherFactoryRegister = x509CertPublisherFactoryRegister;
    }

    public void setAuditServiceRegister(AuditServiceRegister auditServiceRegister) {
        this.auditServiceRegister = (AuditServiceRegister) ParamUtil.requireNonNull("serviceRegister", auditServiceRegister);
        Iterator<String> it = this.publishers.keySet().iterator();
        while (it.hasNext()) {
            this.publishers.get(it.next()).setAuditServiceRegister(this.auditServiceRegister);
        }
        Iterator<String> it2 = this.x509cas.keySet().iterator();
        while (it2.hasNext()) {
            this.x509cas.get(it2.next()).setAuditServiceRegister(auditServiceRegister);
        }
    }

    private void auditLogPciEvent(boolean z, String str) {
        PciAuditEvent pciAuditEvent = new PciAuditEvent(new Date());
        pciAuditEvent.setUserId("CA-SYSTEM");
        pciAuditEvent.setEventType(str);
        pciAuditEvent.setAffectedResource("CORE");
        if (z) {
            pciAuditEvent.setStatus(AuditStatus.SUCCESSFUL.name());
            pciAuditEvent.setLevel(AuditLevel.INFO);
        } else {
            pciAuditEvent.setStatus(AuditStatus.FAILED.name());
            pciAuditEvent.setLevel(AuditLevel.ERROR);
        }
        this.auditServiceRegister.getAuditService().logEvent(pciAuditEvent);
    }

    public boolean clearPublishQueue(String str, List<String> list) throws CaMgmtException {
        asssertMasterMode();
        List<String> upperCaseList = CollectionUtil.toUpperCaseList(list);
        if (str != null) {
            String upperCase = str.toUpperCase();
            X509Ca x509Ca = this.x509cas.get(upperCase);
            if (x509Ca == null) {
                throw new CaMgmtException("could not find CA named " + upperCase);
            }
            return x509Ca.clearPublishQueue(upperCaseList);
        }
        if (CollectionUtil.isNonEmpty(upperCaseList)) {
            throw new IllegalArgumentException("non-empty publisherNames is not allowed");
        }
        try {
            this.certstore.clearPublishQueue((NameId) null, (NameId) null);
            return true;
        } catch (OperationException e) {
            throw new CaMgmtException(e.getMessage(), e);
        }
    }

    private void shutdownScheduledThreadPoolExecutor() {
        if (this.scheduledThreadPoolExecutor == null) {
            return;
        }
        this.scheduledThreadPoolExecutor.shutdown();
        while (!this.scheduledThreadPoolExecutor.isTerminated()) {
            try {
                Thread.sleep(100L);
            } catch (InterruptedException e) {
                LOG.error("interrupted: {}", e.getMessage());
            }
        }
        this.scheduledThreadPoolExecutor = null;
    }

    public boolean revokeCertificate(String str, BigInteger bigInteger, CrlReason crlReason, Date date) throws CaMgmtException {
        ParamUtil.requireNonBlank("caName", str);
        ParamUtil.requireNonNull("serialNumber", bigInteger);
        asssertMasterMode();
        try {
            return x509Ca(str.toUpperCase()).revokeCertificate(bigInteger, crlReason, date, CaAuditConstants.MSGID_CA_mgmt) != null;
        } catch (OperationException e) {
            throw new CaMgmtException(e.getMessage(), e);
        }
    }

    public boolean unrevokeCertificate(String str, BigInteger bigInteger) throws CaMgmtException {
        ParamUtil.requireNonBlank("caName", str);
        ParamUtil.requireNonNull("serialNumber", bigInteger);
        try {
            return x509Ca(str.toUpperCase()).unrevokeCertificate(bigInteger, CaAuditConstants.MSGID_CA_mgmt) != null;
        } catch (OperationException e) {
            throw new CaMgmtException(e.getMessage(), e);
        }
    }

    public boolean removeCertificate(String str, BigInteger bigInteger) throws CaMgmtException {
        ParamUtil.requireNonBlank("caName", str);
        ParamUtil.requireNonNull("serialNumber", bigInteger);
        asssertMasterMode();
        X509Ca x509Ca = x509Ca(str.toUpperCase());
        if (x509Ca == null) {
            return false;
        }
        try {
            return x509Ca.removeCertificate(bigInteger, CaAuditConstants.MSGID_CA_mgmt) != null;
        } catch (OperationException e) {
            throw new CaMgmtException(e.getMessage(), e);
        }
    }

    public X509Certificate generateCertificate(String str, String str2, byte[] bArr, Date date, Date date2) throws CaMgmtException {
        ParamUtil.requireNonBlank("caName", str);
        ParamUtil.requireNonBlank("profileName", str2);
        ParamUtil.requireNonNull("encodedCsr", bArr);
        String upperCase = str.toUpperCase();
        String upperCase2 = str2.toUpperCase();
        AuditEvent auditEvent = new AuditEvent(new Date());
        auditEvent.setApplicationName("CA");
        auditEvent.setName(CaAuditConstants.NAME_PERF);
        auditEvent.addEventType("CAMGMT_CRL_GEN_ONDEMAND");
        X509Ca x509Ca = x509Ca(upperCase);
        try {
            CertificationRequest certificationRequest = CertificationRequest.getInstance(bArr);
            if (!this.securityFactory.verifyPopo(certificationRequest, cmpControlObject(x509Ca.caInfo().cmpControlName()).popoAlgoValidator())) {
                throw new CaMgmtException("could not validate POP for the CSR");
            }
            CertificationRequestInfo certificationRequestInfo = certificationRequest.getCertificationRequestInfo();
            Extensions extensions = null;
            ASN1Set attributes = certificationRequestInfo.getAttributes();
            for (int i = 0; i < attributes.size(); i++) {
                Attribute attribute = Attribute.getInstance(attributes.getObjectAt(i));
                if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attribute.getAttrType())) {
                    extensions = Extensions.getInstance(attribute.getAttributeValues()[0]);
                }
            }
            try {
                X509CertificateInfo generateCertificate = x509Ca.generateCertificate(new CertTemplateData(certificationRequestInfo.getSubject(), certificationRequestInfo.getSubjectPublicKeyInfo(), date, date2, extensions, upperCase2), this.byCaRequestor, RequestType.CA, (byte[]) null, CaAuditConstants.MSGID_CA_mgmt);
                if (x509Ca.caInfo().isSaveRequest()) {
                    try {
                        x509Ca.addRequestCert(x509Ca.addRequest(bArr), generateCertificate.cert().certId().longValue());
                    } catch (OperationException e) {
                        LogUtil.warn(LOG, e, "could not save request");
                    }
                }
                return generateCertificate.cert().cert();
            } catch (OperationException e2) {
                throw new CaMgmtException(e2.getMessage(), e2);
            }
        } catch (Exception e3) {
            throw new CaMgmtException("invalid CSR request. ERROR: " + e3.getMessage());
        }
    }

    public X509Ca x509Ca(String str) throws CaMgmtException {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        String upperCase = str.toUpperCase();
        X509Ca x509Ca = this.x509cas.get(upperCase);
        if (x509Ca == null) {
            throw new CaMgmtException("unknown CA " + upperCase);
        }
        return x509Ca;
    }

    public X509Ca x509Ca(NameId nameId) throws CaMgmtException {
        ParamUtil.requireNonNull("ident", nameId);
        X509Ca x509Ca = this.x509cas.get(nameId.name());
        if (x509Ca == null) {
            throw new CaMgmtException("unknown CA " + nameId);
        }
        return x509Ca;
    }

    public IdentifiedX509Certprofile identifiedCertprofile(String str) {
        ParamUtil.requireNonBlank("profileName", str);
        return this.certprofiles.get(str.toUpperCase());
    }

    public List<IdentifiedX509CertPublisher> identifiedPublishersForCa(String str) {
        ParamUtil.requireNonBlank("caName", str);
        String upperCase = str.toUpperCase();
        LinkedList linkedList = new LinkedList();
        Set<String> set = this.caHasPublishers.get(upperCase);
        if (set == null) {
            return linkedList;
        }
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            linkedList.add(this.publishers.get(it.next()));
        }
        return linkedList;
    }

    public X509Certificate generateRootCa(X509CaEntry x509CaEntry, String str, byte[] bArr, BigInteger bigInteger) throws CaMgmtException {
        ParamUtil.requireNonNull("caEntry", x509CaEntry);
        ParamUtil.requireNonBlank("certprofileName", str);
        ParamUtil.requireNonNull("encodedCsr", bArr);
        String upperCase = str.toUpperCase();
        int numCrls = x509CaEntry.numCrls();
        List crlUris = x509CaEntry.crlUris();
        List deltaCrlUris = x509CaEntry.deltaCrlUris();
        List ocspUris = x509CaEntry.ocspUris();
        List cacertUris = x509CaEntry.cacertUris();
        String signerType = x509CaEntry.signerType();
        asssertMasterMode();
        if (numCrls < 0) {
            System.err.println("invalid numCrls: " + numCrls);
            return null;
        }
        int expirationPeriod = x509CaEntry.expirationPeriod();
        if (expirationPeriod < 0) {
            System.err.println("invalid expirationPeriod: " + expirationPeriod);
            return null;
        }
        try {
            CertificationRequest certificationRequest = CertificationRequest.getInstance(bArr);
            IdentifiedX509Certprofile identifiedCertprofile = identifiedCertprofile(upperCase);
            if (identifiedCertprofile == null) {
                throw new CaMgmtException("unknown certprofile " + upperCase);
            }
            try {
                X509SelfSignedCertBuilder.GenerateSelfSignedResult generateSelfSigned = X509SelfSignedCertBuilder.generateSelfSigned(this.securityFactory, signerType, x509CaEntry.signerConf(), identifiedCertprofile, certificationRequest, bigInteger != null ? bigInteger : RandomSerialNumberGenerator.getInstance().nextSerialNumber(x509CaEntry.serialNoBitLen()), cacertUris, ocspUris, crlUris, deltaCrlUris);
                String signerConf = generateSelfSigned.getSignerConf();
                X509Certificate cert = generateSelfSigned.getCert();
                if ("PKCS12".equalsIgnoreCase(signerType) || "JKS".equalsIgnoreCase(signerType)) {
                    try {
                        signerConf = canonicalizeSignerConf(signerType, signerConf, new X509Certificate[]{cert}, this.securityFactory);
                    } catch (Exception e) {
                        throw new CaMgmtException(e.getClass().getName() + ": " + e.getMessage(), e);
                    }
                }
                X509CaUris x509CaUris = new X509CaUris(cacertUris, ocspUris, crlUris, deltaCrlUris);
                String name = x509CaEntry.ident().name();
                long nextCrlNumber = x509CaEntry.nextCrlNumber();
                CaStatus status = x509CaEntry.status();
                X509CaEntry x509CaEntry2 = new X509CaEntry(new NameId((Integer) null, name), x509CaEntry.serialNoBitLen(), nextCrlNumber, signerType, signerConf, x509CaUris, numCrls, expirationPeriod);
                x509CaEntry2.setCertificate(cert);
                x509CaEntry2.setCmpControlName(x509CaEntry.cmpControlName());
                x509CaEntry2.setCrlSignerName(x509CaEntry.crlSignerName());
                x509CaEntry2.setDuplicateKeyPermitted(x509CaEntry.isDuplicateKeyPermitted());
                x509CaEntry2.setDuplicateSubjectPermitted(x509CaEntry.isDuplicateSubjectPermitted());
                x509CaEntry2.setExtraControl(x509CaEntry.extraControl());
                x509CaEntry2.setKeepExpiredCertInDays(x509CaEntry.keepExpiredCertInDays());
                x509CaEntry2.setMaxValidity(x509CaEntry.maxValidity());
                x509CaEntry2.setPermission(x509CaEntry.permission());
                x509CaEntry2.setResponderName(x509CaEntry.responderName());
                x509CaEntry2.setSaveRequest(x509CaEntry.isSaveRequest());
                x509CaEntry2.setStatus(status);
                x509CaEntry2.setValidityMode(x509CaEntry.validityMode());
                addCa(x509CaEntry2);
                return cert;
            } catch (OperationException | InvalidConfException e2) {
                throw new CaMgmtException(e2.getClass().getName() + ": " + e2.getMessage(), e2);
            }
        } catch (Exception e3) {
            System.err.println("invalid encodedCsr");
            return null;
        }
    }

    private void asssertMasterMode() throws CaMgmtException {
        if (!this.masterMode) {
            throw new CaMgmtException("operation not allowed in slave mode");
        }
    }

    void shutdownCertprofile(IdentifiedX509Certprofile identifiedX509Certprofile) {
        if (identifiedX509Certprofile == null) {
            return;
        }
        try {
            identifiedX509Certprofile.shutdown();
        } catch (Exception e) {
            LogUtil.warn(LOG, e, "could not shutdown Certprofile " + identifiedX509Certprofile.ident());
        }
    }

    void shutdownPublisher(IdentifiedX509CertPublisher identifiedX509CertPublisher) {
        if (identifiedX509CertPublisher == null) {
            return;
        }
        try {
            identifiedX509CertPublisher.shutdown();
        } catch (Exception e) {
            LogUtil.warn(LOG, e, "could not shutdown CertPublisher " + identifiedX509CertPublisher.ident());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CmpResponderEntryWrapper createCmpResponder(CmpResponderEntry cmpResponderEntry) throws CaMgmtException {
        ParamUtil.requireNonNull("dbEntry", cmpResponderEntry);
        CmpResponderEntryWrapper cmpResponderEntryWrapper = new CmpResponderEntryWrapper();
        cmpResponderEntryWrapper.setDbEntry(cmpResponderEntry);
        try {
            cmpResponderEntryWrapper.initSigner(this.securityFactory);
            return cmpResponderEntryWrapper;
        } catch (ObjectCreationException e) {
            LOG.debug("createCmpResponder", e);
            throw new CaMgmtException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509CrlSignerEntryWrapper createX509CrlSigner(X509CrlSignerEntry x509CrlSignerEntry) throws CaMgmtException {
        ParamUtil.requireNonNull("dbEntry", x509CrlSignerEntry);
        X509CrlSignerEntryWrapper x509CrlSignerEntryWrapper = new X509CrlSignerEntryWrapper();
        try {
            x509CrlSignerEntryWrapper.setDbEntry(x509CrlSignerEntry);
            try {
                x509CrlSignerEntryWrapper.initSigner(this.securityFactory);
                return x509CrlSignerEntryWrapper;
            } catch (XiSecurityException | OperationException | InvalidConfException e) {
                String str = "could not create CRL signer " + x509CrlSignerEntry.name();
                LogUtil.error(LOG, e, str);
                if (e instanceof OperationException) {
                    throw new CaMgmtException(str + ": " + e.errorCode() + ", " + e.getMessage());
                }
                throw new CaMgmtException(str + ": " + e.getMessage());
            }
        } catch (InvalidConfException e2) {
            throw new CaMgmtException("InvalidConfException: " + e2.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public IdentifiedX509Certprofile createCertprofile(CertprofileEntry certprofileEntry) {
        ParamUtil.requireNonNull("dbEntry", certprofileEntry);
        try {
            IdentifiedX509Certprofile identifiedX509Certprofile = new IdentifiedX509Certprofile(certprofileEntry, this.x509CertProfileFactoryRegister.newCertprofile(certprofileEntry.type()));
            identifiedX509Certprofile.setEnvParameterResolver(this.envParameterResolver);
            identifiedX509Certprofile.validate();
            return identifiedX509Certprofile;
        } catch (ObjectCreationException | CertprofileException e) {
            LogUtil.error(LOG, e, "could not initialize Certprofile " + certprofileEntry.ident() + ", ignore it");
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public IdentifiedX509CertPublisher createPublisher(PublisherEntry publisherEntry) throws CaMgmtException {
        ParamUtil.requireNonNull("dbEntry", publisherEntry);
        String type = publisherEntry.type();
        try {
            IdentifiedX509CertPublisher identifiedX509CertPublisher = new IdentifiedX509CertPublisher(publisherEntry, "OCSP".equalsIgnoreCase(type) ? new OcspCertPublisher() : this.x509CertPublisherFactoryRegister.newPublisher(type));
            identifiedX509CertPublisher.initialize(this.securityFactory.getPasswordResolver(), this.datasources);
            return identifiedX509CertPublisher;
        } catch (ObjectCreationException | CertPublisherException | RuntimeException e) {
            LogUtil.error(LOG, e, "invalid configuration for the publisher " + publisherEntry.ident());
            return null;
        }
    }

    public boolean addUser(AddUserEntry addUserEntry) throws CaMgmtException {
        asssertMasterMode();
        return this.queryExecutor.addUser(addUserEntry);
    }

    public boolean changeUser(ChangeUserEntry changeUserEntry) throws CaMgmtException {
        asssertMasterMode();
        return this.queryExecutor.changeUser(changeUserEntry);
    }

    public boolean removeUser(String str) throws CaMgmtException {
        ParamUtil.requireNonBlank("username", str);
        asssertMasterMode();
        return this.queryExecutor.removeUser(str.toUpperCase());
    }

    public UserEntry getUser(String str) throws CaMgmtException {
        ParamUtil.requireNonBlank("username", str);
        return this.queryExecutor.getUser(str.toUpperCase());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CaIdNameMap idNameMap() {
        return this.idNameMap;
    }

    public X509CRL generateCrlOnDemand(String str) throws CaMgmtException {
        ParamUtil.requireNonBlank("caName", str);
        try {
            return x509Ca(str.toUpperCase()).generateCrlOnDemand(CaAuditConstants.MSGID_CA_mgmt);
        } catch (OperationException e) {
            throw new CaMgmtException(e.getMessage(), e);
        }
    }

    public X509CRL getCrl(String str, BigInteger bigInteger) throws CaMgmtException {
        ParamUtil.requireNonBlank("caName", str);
        ParamUtil.requireNonNull(CaAuditConstants.NAME_crlNumber, bigInteger);
        String upperCase = str.toUpperCase();
        try {
            X509CRL crl = x509Ca(upperCase).getCrl(bigInteger);
            if (crl == null) {
                LOG.warn("found no CRL for CA {} and crlNumber {}", upperCase, bigInteger);
            }
            return crl;
        } catch (OperationException e) {
            throw new CaMgmtException(e.getMessage(), e);
        }
    }

    public X509CRL getCurrentCrl(String str) throws CaMgmtException {
        ParamUtil.requireNonBlank("caName", str);
        String upperCase = str.toUpperCase();
        try {
            X509CRL currentCrl = x509Ca(upperCase).getCurrentCrl();
            if (currentCrl == null) {
                LOG.warn("found no CRL for CA {}", upperCase);
            }
            return currentCrl;
        } catch (OperationException e) {
            throw new CaMgmtException(e.getMessage(), e);
        }
    }

    public boolean addScep(ScepEntry scepEntry) throws CaMgmtException {
        ParamUtil.requireNonNull("dbEntry", scepEntry);
        asssertMasterMode();
        NameId ca = this.idNameMap.ca(scepEntry.caIdent().name());
        if (ca == null) {
            LOG.warn("CA {} does not exist", scepEntry.caIdent().name());
        }
        scepEntry.caIdent().setId(ca.id());
        Scep scep = new Scep(scepEntry, this);
        boolean addScep = this.queryExecutor.addScep(scepEntry);
        if (addScep) {
            String name = scepEntry.name();
            this.scepDbEntries.put(name, scepEntry);
            this.sceps.put(name, scep);
        }
        return addScep;
    }

    public boolean removeScep(String str) throws CaMgmtException {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        asssertMasterMode();
        String upperCase = str.toUpperCase();
        boolean removeScep = this.queryExecutor.removeScep(upperCase);
        if (removeScep) {
            this.scepDbEntries.remove(upperCase);
            this.sceps.remove(upperCase);
        }
        return removeScep;
    }

    public boolean changeScep(ChangeScepEntry changeScepEntry) throws CaMgmtException {
        ParamUtil.requireNonNull("scepEntry", changeScepEntry);
        asssertMasterMode();
        String name = changeScepEntry.name();
        NameId caIdent = changeScepEntry.caIdent();
        Boolean isActive = changeScepEntry.isActive();
        String responderType = changeScepEntry.responderType();
        String responderConf = changeScepEntry.responderConf();
        String base64Cert = changeScepEntry.base64Cert();
        String control = changeScepEntry.control();
        if (caIdent == null && responderType == null && responderConf == null && base64Cert == null && control == null) {
            return false;
        }
        if (caIdent != null && caIdent.id() == null) {
            String name2 = caIdent.name();
            caIdent = this.idNameMap.ca(name2);
            if (caIdent == null) {
                throw new CaMgmtException("Unknown CA '" + name2);
            }
        }
        Scep changeScep = this.queryExecutor.changeScep(name, caIdent, isActive, responderType, responderConf, base64Cert, changeScepEntry.certProfiles(), control, this);
        if (changeScep == null) {
            return false;
        }
        this.sceps.remove(name);
        this.scepDbEntries.remove(name);
        this.scepDbEntries.put(name, changeScep.dbEntry());
        this.sceps.put(name, changeScep);
        return true;
    }

    public ScepEntry getScepEntry(String str) {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        if (this.scepDbEntries == null) {
            return null;
        }
        return this.scepDbEntries.get(str.toUpperCase());
    }

    @Override // org.xipki.ca.server.impl.scep.ScepManager
    public Scep getScep(String str) {
        ParamUtil.requireNonBlank(CaAuditConstants.NAME_SCEP_name, str);
        if (this.sceps == null) {
            return null;
        }
        return this.sceps.get(str.toUpperCase());
    }

    public Set<String> getScepNames() {
        if (this.scepDbEntries == null) {
            return null;
        }
        return Collections.unmodifiableSet(this.scepDbEntries.keySet());
    }

    private static void assertNotNull(String str, String str2) {
        if ("NULL".equalsIgnoreCase(str2)) {
            throw new IllegalArgumentException(str + " must not be NULL");
        }
    }

    private static String canonicalizeSignerConf(String str, String str2, X509Certificate[] x509CertificateArr, SecurityFactory securityFactory) throws Exception {
        byte[] decode;
        if (!str2.contains("file:") && !str2.contains("base64:")) {
            return str2;
        }
        ConfPairs confPairs = new ConfPairs(str2);
        String value = confPairs.value("keystore");
        String value2 = confPairs.value("password");
        String value3 = confPairs.value("key-label");
        if (StringUtil.startsWithIgnoreCase(value, "file:")) {
            decode = IoUtil.read(value.substring("file:".length()));
        } else {
            if (!StringUtil.startsWithIgnoreCase(value, "base64:")) {
                return str2;
            }
            decode = Base64.decode(value.substring("base64:".length()));
        }
        confPairs.putPair("keystore", "base64:" + Base64.encodeToString(securityFactory.extractMinimalKeyStore(str, decode, value3, securityFactory.getPasswordResolver().resolvePassword(value2), x509CertificateArr)));
        return confPairs.getEncoded();
    }

    public CertWithStatusInfo getCert(String str, BigInteger bigInteger) throws CaMgmtException {
        ParamUtil.requireNonBlank("caName", str);
        ParamUtil.requireNonNull("serialNumber", bigInteger);
        try {
            X509CertWithRevocationInfo certWithRevocationInfo = x509Ca(str.toUpperCase()).getCertWithRevocationInfo(bigInteger);
            return certWithRevocationInfo != null ? certWithRevocationInfo.toCertWithStatusInfo() : new CertWithStatusInfo();
        } catch (CertificateException | OperationException e) {
            throw new CaMgmtException(e.getMessage(), e);
        }
    }

    public byte[] getCertRequest(String str, BigInteger bigInteger) throws CaMgmtException {
        ParamUtil.requireNonBlank("caName", str);
        ParamUtil.requireNonNull("serialNumber", bigInteger);
        try {
            return x509Ca(str.toUpperCase()).getCertRequest(bigInteger);
        } catch (OperationException e) {
            throw new CaMgmtException(e.getMessage(), e);
        }
    }

    public List<CertListInfo> listCertificates(String str, X500Name x500Name, Date date, Date date2, CertListOrderBy certListOrderBy, int i) throws CaMgmtException {
        ParamUtil.requireNonBlank("caName", str);
        ParamUtil.requireRange("numEntries", i, 1, PasswordHash.PBKDF2_ITERATIONS);
        try {
            return x509Ca(str.toUpperCase()).listCertificates(x500Name, date, date2, certListOrderBy, i);
        } catch (OperationException e) {
            throw new CaMgmtException(e.getMessage(), e);
        }
    }

    public boolean loadConf(CaConf caConf) throws CaMgmtException {
        ParamUtil.requireNonNull("conf", caConf);
        for (String str : caConf.getCmpControlNames()) {
            CmpControlEntry cmpControl = caConf.getCmpControl(str);
            CmpControlEntry cmpControlEntry = this.cmpControlDbEntries.get(str);
            if (cmpControlEntry != null) {
                if (!cmpControl.equals(cmpControlEntry)) {
                    String str2 = "CMP control " + str + " existed, could not re-added it";
                    LOG.error(str2);
                    throw new CaMgmtException(str2);
                }
                LOG.info("ignore existed CMP control {}", str);
            } else {
                if (!addCmpControl(cmpControl)) {
                    String str3 = "could not add CMP control " + str;
                    LOG.error(str3);
                    throw new CaMgmtException(str3);
                }
                LOG.info("added CMP control {}", str);
            }
        }
        for (String str4 : caConf.getResponderNames()) {
            CmpResponderEntry responder = caConf.getResponder(str4);
            CmpResponderEntry cmpResponderEntry = this.responderDbEntries.get(str4);
            if (cmpResponderEntry != null) {
                if (!responder.equals(cmpResponderEntry)) {
                    String str5 = "CMP responder " + str4 + " existed, could not re-added it";
                    LOG.error(str5);
                    throw new CaMgmtException(str5);
                }
                LOG.info("ignore existed CMP responder {}", str4);
            } else {
                if (!addResponder(responder)) {
                    String str6 = "could not add CMP responder " + str4;
                    LOG.error(str6);
                    throw new CaMgmtException(str6);
                }
                LOG.info("added CMP responder {}", str4);
            }
        }
        for (String str7 : caConf.getEnvironmentNames()) {
            String environment = caConf.getEnvironment(str7);
            String parameter = this.envParameterResolver.parameter(str7);
            if (parameter != null) {
                if (!environment.equals(parameter)) {
                    String str8 = "environment parameter " + str7 + " existed, could not re-added it";
                    LOG.error(str8);
                    throw new CaMgmtException(str8);
                }
                LOG.info("ignore existed environment parameter {}", str7);
            } else {
                if (!addEnvParam(str7, environment)) {
                    String str9 = "could not add environment parameter " + str7;
                    LOG.error(str9);
                    throw new CaMgmtException(str9);
                }
                LOG.info("could not add environment parameter {}", str7);
            }
        }
        for (String str10 : caConf.getCrlSignerNames()) {
            X509CrlSignerEntry crlSigner = caConf.getCrlSigner(str10);
            X509CrlSignerEntry x509CrlSignerEntry = this.crlSignerDbEntries.get(str10);
            if (x509CrlSignerEntry != null) {
                if (!crlSigner.equals(x509CrlSignerEntry)) {
                    String str11 = "CRL signer " + str10 + " existed, could not re-added it";
                    LOG.error(str11);
                    throw new CaMgmtException(str11);
                }
                LOG.info("ignore existed CRL signer {}", str10);
            } else {
                if (!addCrlSigner(crlSigner)) {
                    String str12 = "could not add CRL signer " + str10;
                    LOG.error(str12);
                    throw new CaMgmtException(str12);
                }
                LOG.info("added CRL signer {}", str10);
            }
        }
        for (String str13 : caConf.getCrlSignerNames()) {
            X509CrlSignerEntry crlSigner2 = caConf.getCrlSigner(str13);
            X509CrlSignerEntry x509CrlSignerEntry2 = this.crlSignerDbEntries.get(str13);
            if (x509CrlSignerEntry2 != null) {
                if (!crlSigner2.equals(x509CrlSignerEntry2)) {
                    String str14 = "CRL signer " + str13 + " existed, could not re-added it";
                    LOG.error(str14);
                    throw new CaMgmtException(str14);
                }
                LOG.info("ignore existed CRL signer {}", str13);
            } else {
                if (!addCrlSigner(crlSigner2)) {
                    String str15 = "could not add CRL signer " + str13;
                    LOG.error(str15);
                    throw new CaMgmtException(str15);
                }
                LOG.info("added CRL signer {}", str13);
            }
        }
        for (String str16 : caConf.getRequestorNames()) {
            CmpRequestorEntry requestor = caConf.getRequestor(str16);
            CmpRequestorEntry cmpRequestorEntry = this.requestorDbEntries.get(str16);
            if (cmpRequestorEntry != null) {
                if (!requestor.equals(cmpRequestorEntry)) {
                    String str17 = "CMP requestor " + str16 + " existed, could not re-added it";
                    LOG.error(str17);
                    throw new CaMgmtException(str17);
                }
                LOG.info("ignore existed CMP requestor {}", str16);
            } else {
                if (!addRequestor(requestor)) {
                    String str18 = "could not add CMP requestor " + str16;
                    LOG.error(str18);
                    throw new CaMgmtException(str18);
                }
                LOG.info("added CMP requestor {}", str16);
            }
        }
        for (String str19 : caConf.getPublisherNames()) {
            PublisherEntry publisher = caConf.getPublisher(str19);
            PublisherEntry publisherEntry = this.publisherDbEntries.get(str19);
            if (publisherEntry != null) {
                if (!publisher.equals(publisherEntry)) {
                    String str20 = "publisher " + str19 + " existed, could not re-added it";
                    LOG.error(str20);
                    throw new CaMgmtException(str20);
                }
                LOG.info("ignore existed publisher {}", str19);
            } else {
                if (!addPublisher(publisher)) {
                    String str21 = "could not add publisher " + str19;
                    LOG.error(str21);
                    throw new CaMgmtException(str21);
                }
                LOG.info("added publisher {}", str19);
            }
        }
        for (String str22 : caConf.getCertProfileNames()) {
            CertprofileEntry certProfile = caConf.getCertProfile(str22);
            CertprofileEntry certprofileEntry = this.certprofileDbEntries.get(str22);
            if (certprofileEntry != null) {
                if (!certProfile.equals(certprofileEntry)) {
                    String str23 = "certProfile " + str22 + " existed, could not re-added it";
                    LOG.error(str23);
                    throw new CaMgmtException(str23);
                }
                LOG.info("ignore existed certProfile {}", str22);
            } else {
                if (!addCertprofile(certProfile)) {
                    String str24 = "could not add certProfile " + str22;
                    LOG.error(str24);
                    throw new CaMgmtException(str24);
                }
                LOG.info("added certProfile {}", str22);
            }
        }
        for (String str25 : caConf.getCertProfileNames()) {
            CertprofileEntry certProfile2 = caConf.getCertProfile(str25);
            CertprofileEntry certprofileEntry2 = this.certprofileDbEntries.get(str25);
            if (certprofileEntry2 != null) {
                if (!certProfile2.equals(certprofileEntry2)) {
                    String str26 = "certProfile " + str25 + " existed, could not re-added it";
                    LOG.error(str26);
                    throw new CaMgmtException(str26);
                }
                LOG.info("ignore existed certProfile {}", str25);
            } else {
                if (!addCertprofile(certProfile2)) {
                    String str27 = "could not add certProfile " + str25;
                    LOG.error(str27);
                    throw new CaMgmtException(str27);
                }
                LOG.info("added certProfile {}", str25);
            }
        }
        for (String str28 : caConf.getCaNames()) {
            SingleCaConf ca = caConf.getCa(str28);
            GenSelfIssued genSelfIssued = ca.genSelfIssued();
            CaEntry caEntry = ca.caEntry();
            if (caEntry != null) {
                if (!(caEntry instanceof X509CaEntry)) {
                    throw new CaMgmtException("Unsupported CaEntry " + str28 + " (only X509CaEntry is supported");
                }
                X509CaEntry x509CaEntry = (X509CaEntry) caEntry;
                if (this.caInfos.containsKey(str28)) {
                    X509CaEntry caEntry2 = this.caInfos.get(str28).caEntry();
                    if (x509CaEntry.certificate() == null && genSelfIssued != null) {
                        try {
                            x509CaEntry.setCertificate(this.securityFactory.createSigner(x509CaEntry.signerType(), new SignerConf(x509CaEntry.signerConf()), (X509Certificate) null).getCertificate());
                        } catch (ObjectCreationException e) {
                            throw new CaMgmtException("could not create signer for CA " + str28, e);
                        }
                    }
                    if (!x509CaEntry.equals(caEntry2, true)) {
                        String str29 = "CA " + str28 + " existed, could not re-added it";
                        LOG.error(str29);
                        throw new CaMgmtException(str29);
                    }
                    LOG.info("ignore existed CA {}", str28);
                } else if (genSelfIssued != null) {
                    X509Certificate generateRootCa = generateRootCa(x509CaEntry, genSelfIssued.profile(), genSelfIssued.csr(), genSelfIssued.serialNumber());
                    LOG.info("generated root CA {}", str28);
                    String certFilename = genSelfIssued.certFilename();
                    if (certFilename != null) {
                        try {
                            IoUtil.save(certFilename, generateRootCa.getEncoded());
                            LOG.info("saved generated certificate of root CA {} to {}", str28, certFilename);
                        } catch (IOException e2) {
                            LogUtil.error(LOG, e2, "error while saving certificate of root CA " + str28 + " to " + certFilename);
                        } catch (CertificateEncodingException e3) {
                            LogUtil.error(LOG, e3, "could not encode certificate of CA " + str28);
                        }
                    }
                } else {
                    if (!addCa(x509CaEntry)) {
                        String str30 = "could not add CA " + str28;
                        LOG.error(str30);
                        throw new CaMgmtException(str30);
                    }
                    LOG.info("added CA {}", str28);
                }
            }
            if (ca.aliases() != null) {
                Set<String> aliasesForCa = getAliasesForCa(str28);
                for (String str31 : ca.aliases()) {
                    if (aliasesForCa != null && aliasesForCa.contains(str31)) {
                        LOG.info("ignored adding existing CA alias {} to CA {}", str31, str28);
                    } else {
                        if (!addCaAlias(str31, str28)) {
                            String str32 = "could not associate alias " + str31 + " to CA " + str28;
                            LOG.error(str32);
                            throw new CaMgmtException(str32);
                        }
                        LOG.info("associated alias {} to CA {}", str31, str28);
                    }
                }
            }
            if (ca.profileNames() != null) {
                Set<String> set = this.caHasProfiles.get(str28);
                for (String str33 : ca.profileNames()) {
                    if (set != null && set.contains(str33)) {
                        LOG.info("ignored adding certprofile {} to CA {}", str33, str28);
                    } else {
                        if (!addCertprofileToCa(str33, str28)) {
                            String str34 = "could not add certprofile " + str33 + " to CA " + str28;
                            LOG.error(str34);
                            throw new CaMgmtException(str34);
                        }
                        LOG.info("added certprofile {} to CA {}", str33, str28);
                    }
                }
            }
            if (ca.publisherNames() != null) {
                Set<String> set2 = this.caHasPublishers.get(str28);
                for (String str35 : ca.publisherNames()) {
                    if (set2 != null && set2.contains(str35)) {
                        LOG.info("ignored adding publisher {} to CA {}", str35, str28);
                    } else {
                        if (!addPublisherToCa(str35, str28)) {
                            String str36 = "could not add publisher " + str35 + " to CA " + str28;
                            LOG.error(str36);
                            throw new CaMgmtException(str36);
                        }
                        LOG.info("added publisher {} to CA {}", str35, str28);
                    }
                }
            }
            if (ca.requestors() != null) {
                Set<CaHasRequestorEntry> set3 = this.caHasRequestors.get(str28);
                for (CaHasRequestorEntry caHasRequestorEntry : ca.requestors()) {
                    String name = caHasRequestorEntry.requestorIdent().name();
                    CaHasRequestorEntry caHasRequestorEntry2 = null;
                    if (set3 != null) {
                        Iterator<CaHasRequestorEntry> it = set3.iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            CaHasRequestorEntry next = it.next();
                            if (next.requestorIdent().name().equals(name)) {
                                caHasRequestorEntry2 = next;
                                break;
                            }
                        }
                    }
                    if (caHasRequestorEntry2 != null) {
                        if (!caHasRequestorEntry.equals(caHasRequestorEntry2)) {
                            String str37 = "could not add requestor " + name + " to CA" + str28;
                            LOG.error(str37);
                            throw new CaMgmtException(str37);
                        }
                        LOG.info("ignored adding requestor {} to CA {}", name, str28);
                    } else {
                        if (!addRequestorToCa(caHasRequestorEntry, str28)) {
                            String str38 = "could not add publisher " + name + " to CA " + str28;
                            LOG.error(str38);
                            throw new CaMgmtException(str38);
                        }
                        LOG.info("added publisher {} to CA {}", name, str28);
                    }
                }
            }
        }
        for (String str39 : caConf.getScepNames()) {
            ScepEntry scep = caConf.getScep(str39);
            ScepEntry scepEntry = this.scepDbEntries.get(str39);
            if (scepEntry != null) {
                if (!scep.equals(scepEntry)) {
                    String str40 = "SCEP " + str39 + " existed, could not re-added it";
                    LOG.error(str40);
                    throw new CaMgmtException(str40);
                }
                LOG.error("ignore existed SCEP {}", str39);
            } else {
                if (!addScep(scep)) {
                    String str41 = "could not add SCEP " + str39;
                    LOG.error(str41);
                    throw new CaMgmtException(str41);
                }
                LOG.info("added SCEP {}", str39);
            }
        }
        return true;
    }

    public boolean exportConf(String str, List<String> list) throws CaMgmtException, IOException {
        ArrayList arrayList;
        if (list == null) {
            arrayList = null;
        } else {
            arrayList = new ArrayList(list.size());
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
        }
        File file = new File(str);
        if (file.exists()) {
            throw new IOException("File " + str + " exists.");
        }
        CAConfType cAConfType = new CAConfType();
        cAConfType.setVersion(1);
        ZipOutputStream zipOutputStream = getZipOutputStream(file);
        try {
            HashSet hashSet = new HashSet();
            HashSet hashSet2 = new HashSet();
            HashSet hashSet3 = new HashSet();
            HashSet hashSet4 = new HashSet();
            HashSet hashSet5 = new HashSet();
            HashSet hashSet6 = new HashSet();
            HashSet hashSet7 = new HashSet();
            if (CollectionUtil.isNonEmpty(this.x509cas)) {
                LinkedList linkedList = new LinkedList();
                for (String str2 : this.x509cas.keySet()) {
                    if (arrayList == null || arrayList.contains(str2)) {
                        hashSet.add(str2);
                        CaType caType = new CaType();
                        caType.setName(str2);
                        Set<String> aliasesForCa = getAliasesForCa(str2);
                        if (CollectionUtil.isNonEmpty(aliasesForCa)) {
                            caType.setAliases(createStrings(aliasesForCa));
                        }
                        Set<String> set = this.caHasProfiles.get(str2);
                        if (CollectionUtil.isNonEmpty(set)) {
                            hashSet5.addAll(set);
                            caType.setProfiles(createStrings(set));
                        }
                        Set<String> set2 = this.caHasPublishers.get(str2);
                        if (CollectionUtil.isNonEmpty(set2)) {
                            hashSet6.addAll(set2);
                            caType.setPublishers(createStrings(set2));
                        }
                        Set<CaHasRequestorEntry> set3 = this.caHasRequestors.get(str2);
                        if (CollectionUtil.isNonEmpty(set3)) {
                            caType.setRequestors(new CaType.Requestors());
                            for (CaHasRequestorEntry caHasRequestorEntry : set3) {
                                String name = caHasRequestorEntry.requestorIdent().name();
                                hashSet4.add(name);
                                CaHasRequestorType caHasRequestorType = new CaHasRequestorType();
                                caHasRequestorType.setRequestorName(name);
                                caHasRequestorType.setRa(caHasRequestorEntry.isRa());
                                caHasRequestorType.setProfiles(createStrings(caHasRequestorEntry.profiles()));
                                caHasRequestorType.setPermission(caHasRequestorEntry.permission());
                                caType.getRequestors().getRequestor().add(caHasRequestorType);
                            }
                        }
                        X509CaEntry caEntry = this.x509cas.get(str2).caInfo().caEntry();
                        X509CaInfoType x509CaInfoType = new X509CaInfoType();
                        x509CaInfoType.setCacertUris(createStrings(caEntry.cacertUris()));
                        try {
                            x509CaInfoType.setCert(createFileOrBinary(zipOutputStream, caEntry.certificate().getEncoded(), "files/ca-" + str2 + "-cert.der"));
                            if (caEntry.cmpControlName() != null) {
                                hashSet2.add(caEntry.cmpControlName());
                                x509CaInfoType.setCmpcontrolName(caEntry.cmpControlName());
                            }
                            if (caEntry.crlSignerName() != null) {
                                hashSet7.add(caEntry.crlSignerName());
                                x509CaInfoType.setCrlsignerName(caEntry.crlSignerName());
                            }
                            x509CaInfoType.setCrlUris(createStrings(caEntry.crlUris()));
                            x509CaInfoType.setDeltacrlUris(createStrings(caEntry.deltaCrlUris()));
                            x509CaInfoType.setDuplicateKey(caEntry.isDuplicateKeyPermitted());
                            x509CaInfoType.setDuplicateSubject(caEntry.isDuplicateSubjectPermitted());
                            x509CaInfoType.setExpirationPeriod(Integer.valueOf(caEntry.expirationPeriod()));
                            x509CaInfoType.setExtraControl(createFileOrValue(zipOutputStream, caEntry.extraControl(), "files/ca-" + str2 + "-extracontrol.conf"));
                            x509CaInfoType.setKeepExpiredCertDays(Integer.valueOf(caEntry.keepExpiredCertInDays()));
                            x509CaInfoType.setMaxValidity(caEntry.maxValidity().toString());
                            x509CaInfoType.setNextCrlNo(caEntry.nextCrlNumber());
                            x509CaInfoType.setNumCrls(Integer.valueOf(caEntry.numCrls()));
                            x509CaInfoType.setOcspUris(createStrings(caEntry.ocspUris()));
                            x509CaInfoType.setPermission(caEntry.permission());
                            if (caEntry.responderName() != null) {
                                hashSet3.add(caEntry.responderName());
                                x509CaInfoType.setResponderName(caEntry.responderName());
                            }
                            x509CaInfoType.setSaveReq(caEntry.isSaveRequest());
                            x509CaInfoType.setSignerConf(createFileOrValue(zipOutputStream, caEntry.signerConf(), "files/ca-" + str2 + "-signerconf.conf"));
                            x509CaInfoType.setSignerType(caEntry.signerType());
                            x509CaInfoType.setSnSize(caEntry.serialNoBitLen());
                            x509CaInfoType.setStatus(caEntry.status().status());
                            x509CaInfoType.setValidityMode(caEntry.validityMode().name());
                            caType.setCaInfo(new CaType.CaInfo());
                            caType.getCaInfo().setX509Ca(x509CaInfoType);
                            linkedList.add(caType);
                        } catch (CertificateEncodingException e) {
                            throw new CaMgmtException("could not encode CA certificate " + str2);
                        }
                    }
                }
                if (!linkedList.isEmpty()) {
                    cAConfType.setCas(new CAConfType.Cas());
                    cAConfType.getCas().getCa().addAll(linkedList);
                }
            }
            if (CollectionUtil.isNonEmpty(this.cmpControlDbEntries)) {
                LinkedList linkedList2 = new LinkedList();
                for (String str3 : this.cmpControlDbEntries.keySet()) {
                    if (hashSet2.contains(str3)) {
                        CmpcontrolType cmpcontrolType = new CmpcontrolType();
                        CmpControlEntry cmpControlEntry = this.cmpControlDbEntries.get(str3);
                        cmpcontrolType.setName(str3);
                        cmpcontrolType.setConf(createFileOrValue(zipOutputStream, cmpControlEntry.conf(), "files/cmpcontrol-" + str3 + ".conf"));
                        linkedList2.add(cmpcontrolType);
                    }
                }
                if (!linkedList2.isEmpty()) {
                    cAConfType.setCmpcontrols(new CAConfType.Cmpcontrols());
                    cAConfType.getCmpcontrols().getCmpcontrol().addAll(linkedList2);
                }
            }
            if (CollectionUtil.isNonEmpty(this.responderDbEntries)) {
                LinkedList linkedList3 = new LinkedList();
                for (String str4 : this.responderDbEntries.keySet()) {
                    if (hashSet3.contains(str4)) {
                        CmpResponderEntry cmpResponderEntry = this.responderDbEntries.get(str4);
                        ResponderType responderType = new ResponderType();
                        responderType.setName(str4);
                        responderType.setType(cmpResponderEntry.type());
                        responderType.setConf(createFileOrValue(zipOutputStream, cmpResponderEntry.conf(), "files/responder-" + str4 + ".conf"));
                        responderType.setCert(createFileOrBase64Value(zipOutputStream, cmpResponderEntry.base64Cert(), "files/responder-" + str4 + ".der"));
                        linkedList3.add(responderType);
                    }
                }
                if (!linkedList3.isEmpty()) {
                    cAConfType.setResponders(new CAConfType.Responders());
                    cAConfType.getResponders().getResponder().addAll(linkedList3);
                }
            }
            Set<String> allParameterNames = this.envParameterResolver.allParameterNames();
            if (CollectionUtil.isNonEmpty(allParameterNames)) {
                LinkedList linkedList4 = new LinkedList();
                for (String str5 : allParameterNames) {
                    if (!ENV_EPOCH.equalsIgnoreCase(str5)) {
                        NameValueType nameValueType = new NameValueType();
                        nameValueType.setName(str5);
                        nameValueType.setValue(this.envParameterResolver.parameter(str5));
                        linkedList4.add(nameValueType);
                    }
                }
                if (!linkedList4.isEmpty()) {
                    cAConfType.setEnvironments(new CAConfType.Environments());
                    cAConfType.getEnvironments().getEnvironment().addAll(linkedList4);
                }
            }
            if (CollectionUtil.isNonEmpty(this.crlSignerDbEntries)) {
                LinkedList linkedList5 = new LinkedList();
                for (String str6 : this.crlSignerDbEntries.keySet()) {
                    if (hashSet7.contains(str6)) {
                        X509CrlSignerEntry x509CrlSignerEntry = this.crlSignerDbEntries.get(str6);
                        CrlsignerType crlsignerType = new CrlsignerType();
                        crlsignerType.setName(str6);
                        crlsignerType.setSignerType(x509CrlSignerEntry.type());
                        crlsignerType.setSignerConf(createFileOrValue(zipOutputStream, x509CrlSignerEntry.conf(), "files/crlsigner-" + str6 + ".conf"));
                        crlsignerType.setSignerCert(createFileOrBase64Value(zipOutputStream, x509CrlSignerEntry.base64Cert(), "files/crlsigner-" + str6 + ".der"));
                        crlsignerType.setCrlControl(x509CrlSignerEntry.crlControl());
                        linkedList5.add(crlsignerType);
                    }
                }
                if (!linkedList5.isEmpty()) {
                    cAConfType.setCrlsigners(new CAConfType.Crlsigners());
                    cAConfType.getCrlsigners().getCrlsigner().addAll(linkedList5);
                }
            }
            if (CollectionUtil.isNonEmpty(this.requestorDbEntries)) {
                LinkedList linkedList6 = new LinkedList();
                for (String str7 : this.requestorDbEntries.keySet()) {
                    if (hashSet4.contains(str7)) {
                        CmpRequestorEntry cmpRequestorEntry = this.requestorDbEntries.get(str7);
                        RequestorType requestorType = new RequestorType();
                        requestorType.setName(str7);
                        requestorType.setCert(createFileOrBase64Value(zipOutputStream, cmpRequestorEntry.base64Cert(), "files/requestor-" + str7 + ".der"));
                        linkedList6.add(requestorType);
                    }
                }
                if (!linkedList6.isEmpty()) {
                    cAConfType.setRequestors(new CAConfType.Requestors());
                    cAConfType.getRequestors().getRequestor().addAll(linkedList6);
                }
            }
            if (CollectionUtil.isNonEmpty(this.publisherDbEntries)) {
                LinkedList linkedList7 = new LinkedList();
                for (String str8 : this.publisherDbEntries.keySet()) {
                    if (hashSet6.contains(str8)) {
                        PublisherEntry publisherEntry = this.publisherDbEntries.get(str8);
                        PublisherType publisherType = new PublisherType();
                        publisherType.setName(str8);
                        publisherType.setType(publisherEntry.type());
                        publisherType.setConf(createFileOrValue(zipOutputStream, publisherEntry.conf(), "files/publisher-" + str8 + ".conf"));
                        linkedList7.add(publisherType);
                    }
                }
                if (!linkedList7.isEmpty()) {
                    cAConfType.setPublishers(new CAConfType.Publishers());
                    cAConfType.getPublishers().getPublisher().addAll(linkedList7);
                }
            }
            if (CollectionUtil.isNonEmpty(this.certprofileDbEntries)) {
                LinkedList linkedList8 = new LinkedList();
                for (String str9 : this.certprofileDbEntries.keySet()) {
                    if (hashSet5.contains(str9)) {
                        CertprofileEntry certprofileEntry = this.certprofileDbEntries.get(str9);
                        ProfileType profileType = new ProfileType();
                        profileType.setName(str9);
                        profileType.setType(certprofileEntry.type());
                        profileType.setConf(createFileOrValue(zipOutputStream, certprofileEntry.conf(), "files/certprofile-" + str9 + ".conf"));
                        linkedList8.add(profileType);
                    }
                }
                if (!linkedList8.isEmpty()) {
                    cAConfType.setProfiles(new CAConfType.Profiles());
                    cAConfType.getProfiles().getProfile().addAll(linkedList8);
                }
            }
            if (CollectionUtil.isNonEmpty(this.scepDbEntries)) {
                LinkedList linkedList9 = new LinkedList();
                for (String str10 : this.scepDbEntries.keySet()) {
                    ScepEntry scepEntry = this.scepDbEntries.get(str10);
                    String name2 = scepEntry.caIdent().name();
                    if (hashSet.contains(name2)) {
                        ScepType scepType = new ScepType();
                        scepType.setName(str10);
                        scepType.setCaName(name2);
                        scepType.setResponderType(scepEntry.responderType());
                        scepType.setResponderConf(createFileOrValue(zipOutputStream, scepEntry.responderConf(), "files/scep-" + str10 + ".conf"));
                        scepType.setResponderCert(createFileOrBase64Value(zipOutputStream, scepEntry.base64Cert(), "files/scep-" + str10 + ".der"));
                        scepType.setProfiles(createStrings(scepEntry.certProfiles()));
                        scepType.setControl(scepEntry.control());
                        linkedList9.add(scepType);
                    }
                }
                if (!linkedList9.isEmpty()) {
                    cAConfType.setSceps(new CAConfType.Sceps());
                    cAConfType.getSceps().getScep().addAll(linkedList9);
                }
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                try {
                    CaConf.marshal(cAConfType, byteArrayOutputStream);
                    byteArrayOutputStream.flush();
                    zipOutputStream.putNextEntry(new ZipEntry("caconf.xml"));
                    try {
                        zipOutputStream.write(byteArrayOutputStream.toByteArray());
                        zipOutputStream.closeEntry();
                        return true;
                    } catch (Throwable th) {
                        zipOutputStream.closeEntry();
                        throw th;
                    }
                } catch (Throwable th2) {
                    byteArrayOutputStream.flush();
                    throw th2;
                }
            } catch (JAXBException | SAXException e2) {
                LogUtil.error(LOG, e2, "could not marshal CAConf");
                throw new CaMgmtException("could not marshal CAConf: " + e2.getMessage(), e2);
            }
        } finally {
            zipOutputStream.close();
        }
    }

    private static FileOrValueType createFileOrValue(ZipOutputStream zipOutputStream, String str, String str2) throws IOException {
        if (StringUtil.isBlank(str)) {
            return null;
        }
        FileOrValueType fileOrValueType = new FileOrValueType();
        if (str.length() < 256) {
            fileOrValueType.setValue(str);
        } else {
            fileOrValueType.setFile(str2);
            zipOutputStream.putNextEntry(new ZipEntry(str2));
            try {
                zipOutputStream.write(str.getBytes("UTF-8"));
                zipOutputStream.closeEntry();
            } catch (Throwable th) {
                zipOutputStream.closeEntry();
                throw th;
            }
        }
        return fileOrValueType;
    }

    private static FileOrBinaryType createFileOrBase64Value(ZipOutputStream zipOutputStream, String str, String str2) throws IOException {
        if (StringUtil.isBlank(str)) {
            return null;
        }
        return createFileOrBinary(zipOutputStream, Base64.decode(str), str2);
    }

    private static FileOrBinaryType createFileOrBinary(ZipOutputStream zipOutputStream, byte[] bArr, String str) throws IOException {
        if (bArr == null || bArr.length == 0) {
            return null;
        }
        FileOrBinaryType fileOrBinaryType = new FileOrBinaryType();
        if (bArr.length < 256) {
            fileOrBinaryType.setBinary(bArr);
        } else {
            fileOrBinaryType.setFile(str);
            zipOutputStream.putNextEntry(new ZipEntry(str));
            try {
                zipOutputStream.write(bArr);
                zipOutputStream.closeEntry();
            } catch (Throwable th) {
                zipOutputStream.closeEntry();
                throw th;
            }
        }
        return fileOrBinaryType;
    }

    private static ZipOutputStream getZipOutputStream(File file) throws FileNotFoundException {
        ParamUtil.requireNonNull("zipFile", file);
        ZipOutputStream zipOutputStream = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(file), 1048576));
        zipOutputStream.setLevel(1);
        return zipOutputStream;
    }

    private static StringsType createStrings(Collection<String> collection) {
        if (CollectionUtil.isEmpty(collection)) {
            return null;
        }
        StringsType stringsType = new StringsType();
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            stringsType.getStr().add(it.next());
        }
        return stringsType;
    }
}
