package org.xipki.ca.server.impl;

import java.math.BigInteger;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.bouncycastle.asn1.cmp.CMPCertificate;
import org.bouncycastle.asn1.x509.Certificate;
import org.xipki.ca.api.NameId;
import org.xipki.ca.api.OperationException;
import org.xipki.ca.api.profile.CertValidity;
import org.xipki.ca.server.impl.store.CertificateStore;
import org.xipki.ca.server.mgmt.api.CaEntry;
import org.xipki.ca.server.mgmt.api.CaStatus;
import org.xipki.ca.server.mgmt.api.PermissionConstants;
import org.xipki.ca.server.mgmt.api.ValidityMode;
import org.xipki.ca.server.mgmt.api.x509.RevokeSuspendedCertsControl;
import org.xipki.ca.server.mgmt.api.x509.X509CaEntry;
import org.xipki.common.util.CollectionUtil;
import org.xipki.common.util.ParamUtil;
import org.xipki.security.CertRevocationInfo;
import org.xipki.security.ConcurrentContentSigner;
import org.xipki.security.SecurityFactory;
import org.xipki.security.SignerConf;
import org.xipki.security.X509Cert;
import org.xipki.security.exception.XiSecurityException;

/* loaded from: input_file:org/xipki/ca/server/impl/X509CaInfo.class */
public class X509CaInfo {
    private static final long MS_PER_DAY = 86400000;
    private final X509CaEntry caEntry;
    private long noNewCertificateAfter;
    private BigInteger serialNumber;
    private Date notBefore;
    private Date notAfter;
    private boolean selfSigned;
    private CMPCertificate certInCmpFormat;
    private PublicCaInfo publicCaInfo;
    private CertificateStore certStore;
    private RandomSerialNumberGenerator randomSnGenerator;
    private Map<String, ConcurrentContentSigner> signers;
    private ConcurrentContentSigner dfltSigner;
    private RevokeSuspendedCertsControl revokeSuspendedCertsControl;

    public X509CaInfo(X509CaEntry x509CaEntry, CertificateStore certificateStore) throws OperationException {
        this.caEntry = (X509CaEntry) ParamUtil.requireNonNull("caEntry", x509CaEntry);
        this.certStore = (CertificateStore) ParamUtil.requireNonNull("certStore", certificateStore);
        X509Certificate certificate = x509CaEntry.certificate();
        this.notBefore = certificate.getNotBefore();
        this.notAfter = certificate.getNotAfter();
        this.serialNumber = certificate.getSerialNumber();
        this.selfSigned = certificate.getIssuerX500Principal().equals(certificate.getSubjectX500Principal());
        try {
            this.certInCmpFormat = new CMPCertificate(Certificate.getInstance(certificate.getEncoded()));
            this.publicCaInfo = new PublicCaInfo(certificate, x509CaEntry.cacertUris(), x509CaEntry.ocspUris(), x509CaEntry.crlUris(), x509CaEntry.deltaCrlUris());
            this.noNewCertificateAfter = this.notAfter.getTime() - (MS_PER_DAY * x509CaEntry.expirationPeriod());
            this.randomSnGenerator = RandomSerialNumberGenerator.getInstance();
        } catch (CertificateEncodingException e) {
            throw new OperationException(OperationException.ErrorCode.SYSTEM_FAILURE, "could not encode the CA certificate");
        }
    }

    public PublicCaInfo publicCaInfo() {
        return this.publicCaInfo;
    }

    public String subject() {
        return this.caEntry.subject();
    }

    public Date notBefore() {
        return this.notBefore;
    }

    public Date notAfter() {
        return this.notAfter;
    }

    public BigInteger serialNumber() {
        return this.serialNumber;
    }

    public boolean isSelfSigned() {
        return this.selfSigned;
    }

    public CMPCertificate certInCmpFormat() {
        return this.certInCmpFormat;
    }

    public long noNewCertificateAfter() {
        return this.noNewCertificateAfter;
    }

    public X509CaEntry caEntry() {
        return this.caEntry;
    }

    public NameId ident() {
        return this.caEntry.ident();
    }

    public List<String> crlUris() {
        return this.caEntry.crlUris();
    }

    public String crlUrisAsString() {
        return this.caEntry.crlUrisAsString();
    }

    public List<String> deltaCrlUris() {
        return this.caEntry.deltaCrlUris();
    }

    public String deltaCrlUrisAsString() {
        return this.caEntry.deltaCrlUrisAsString();
    }

    public List<String> ocspUris() {
        return this.caEntry.ocspUris();
    }

    public String ocspUrisAsString() {
        return this.caEntry.ocspUrisAsString();
    }

    public CertValidity maxValidity() {
        return this.caEntry.maxValidity();
    }

    public void setMaxValidity(CertValidity certValidity) {
        this.caEntry.setMaxValidity(certValidity);
    }

    public X509Cert certificate() {
        return this.publicCaInfo.caCertificate();
    }

    public String signerConf() {
        return this.caEntry.signerConf();
    }

    public String crlSignerName() {
        return this.caEntry.crlSignerName();
    }

    public void setCrlSignerName(String str) {
        this.caEntry.setCrlSignerName(str);
    }

    public String cmpControlName() {
        return this.caEntry.cmpControlName();
    }

    public void setCmpControlName(String str) {
        this.caEntry.setCmpControlName(str);
    }

    public String responderName() {
        return this.caEntry.responderName();
    }

    public void setResponderName(String str) {
        this.caEntry.setResponderName(str);
    }

    public int numCrls() {
        return this.caEntry.numCrls();
    }

    public CaStatus status() {
        return this.caEntry.status();
    }

    public void setStatus(CaStatus caStatus) {
        this.caEntry.setStatus(caStatus);
    }

    public String signerType() {
        return this.caEntry.signerType();
    }

    public String toString() {
        return this.caEntry.toString(false);
    }

    public String toString(boolean z) {
        return this.caEntry.toString(z);
    }

    public boolean isDuplicateKeyPermitted() {
        return this.caEntry.isDuplicateKeyPermitted();
    }

    public void setDuplicateKeyPermitted(boolean z) {
        this.caEntry.setDuplicateKeyPermitted(z);
    }

    public boolean isDuplicateSubjectPermitted() {
        return this.caEntry.isDuplicateSubjectPermitted();
    }

    public void setDuplicateSubjectPermitted(boolean z) {
        this.caEntry.setDuplicateSubjectPermitted(z);
    }

    public boolean isSaveRequest() {
        return this.caEntry.isSaveRequest();
    }

    public void setSaveRequest(boolean z) {
        this.caEntry.setSaveRequest(z);
    }

    public ValidityMode validityMode() {
        return this.caEntry.validityMode();
    }

    public void setValidityMode(ValidityMode validityMode) {
        this.caEntry.setValidityMode(validityMode);
    }

    public int permission() {
        return this.caEntry.permission();
    }

    public void setPermission(int i) {
        this.caEntry.setPermission(i);
    }

    public CertRevocationInfo revocationInfo() {
        return this.caEntry.revocationInfo();
    }

    public void setRevocationInfo(CertRevocationInfo certRevocationInfo) {
        this.caEntry.setRevocationInfo(certRevocationInfo);
    }

    public int expirationPeriod() {
        return this.caEntry.expirationPeriod();
    }

    public void setKeepExpiredCertInDays(int i) {
        this.caEntry.setKeepExpiredCertInDays(i);
    }

    public int leepExpiredCertInDays() {
        return this.caEntry.keepExpiredCertInDays();
    }

    public Date crlBaseTime() {
        return this.caEntry.crlBaseTime();
    }

    public BigInteger nextSerial() throws OperationException {
        return this.randomSnGenerator.nextSerialNumber(this.caEntry.serialNoBitLen());
    }

    public BigInteger nextCrlNumber() throws OperationException {
        long nextCrlNumber = this.caEntry.nextCrlNumber();
        long maxCrlNumber = this.certStore.getMaxCrlNumber(this.caEntry.ident());
        if (nextCrlNumber <= maxCrlNumber) {
            nextCrlNumber = maxCrlNumber + 1;
        }
        this.caEntry.setNextCrlNumber(nextCrlNumber + 1);
        return BigInteger.valueOf(nextCrlNumber);
    }

    public ConcurrentContentSigner getSigner(List<String> list) {
        if (CollectionUtil.isEmpty(list)) {
            return this.dfltSigner;
        }
        for (String str : list) {
            if (this.signers.containsKey(str)) {
                return this.signers.get(str);
            }
        }
        return null;
    }

    public boolean initSigner(SecurityFactory securityFactory) throws XiSecurityException {
        if (this.signers != null) {
            return true;
        }
        this.dfltSigner = null;
        List<String[]> splitCaSignerConfs = CaEntry.splitCaSignerConfs(this.caEntry.signerConf());
        HashMap hashMap = new HashMap();
        for (String[] strArr : splitCaSignerConfs) {
            String str = strArr[0];
            try {
                ConcurrentContentSigner createSigner = securityFactory.createSigner(this.caEntry.signerType(), new SignerConf(strArr[1]), this.caEntry.certificate());
                if (this.dfltSigner == null) {
                    this.dfltSigner = createSigner;
                }
                hashMap.put(str, createSigner);
            } catch (Throwable th) {
                Iterator it = hashMap.values().iterator();
                while (it.hasNext()) {
                    ((ConcurrentContentSigner) it.next()).shutdown();
                }
                hashMap.clear();
                throw new XiSecurityException("could not initialize the CA signer");
            }
        }
        this.signers = Collections.unmodifiableMap(hashMap);
        return true;
    }

    public boolean isSignerRequired() {
        int permission = this.caEntry.permission();
        return PermissionConstants.contains(permission, 128) || PermissionConstants.contains(permission, 1) || PermissionConstants.contains(permission, 32) || PermissionConstants.contains(permission, 16);
    }

    public RevokeSuspendedCertsControl revokeSuspendedCertsControl() {
        return this.revokeSuspendedCertsControl;
    }

    public void setRevokeSuspendedCertsControl(RevokeSuspendedCertsControl revokeSuspendedCertsControl) {
        this.revokeSuspendedCertsControl = revokeSuspendedCertsControl;
    }
}
