package se.swedenconnect.ca.engine.ca.issuer.impl;

import java.io.IOException;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.util.Date;
import java.util.List;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509CertificateHolder;
import se.swedenconnect.ca.engine.ca.issuer.CAService;
import se.swedenconnect.ca.engine.ca.issuer.CertificateIssuanceException;
import se.swedenconnect.ca.engine.ca.issuer.CertificateIssuer;
import se.swedenconnect.ca.engine.ca.issuer.CertificateIssuerModel;
import se.swedenconnect.ca.engine.ca.models.cert.CertNameModel;
import se.swedenconnect.ca.engine.ca.models.cert.CertificateModel;
import se.swedenconnect.ca.engine.ca.models.cert.CertificateModelBuilder;
import se.swedenconnect.ca.engine.ca.repository.CARepository;
import se.swedenconnect.ca.engine.ca.repository.CertificateRecord;
import se.swedenconnect.ca.engine.revocation.CertificateRevocationException;
import se.swedenconnect.ca.engine.revocation.crl.CRLIssuer;
import se.swedenconnect.ca.engine.revocation.ocsp.OCSPResponder;
import se.swedenconnect.ca.engine.utils.CAUtils;
import se.swedenconnect.security.credential.PkiCredential;

/* loaded from: input_file:se/swedenconnect/ca/engine/ca/issuer/impl/AbstractCAService.class */
public abstract class AbstractCAService<T extends CertificateModelBuilder> implements CAService {
    private final List<X509CertificateHolder> caCertificateChain;
    private final CARepository caRepository;

    public AbstractCAService(PkiCredential pkiCredential, CARepository cARepository) throws CertificateEncodingException {
        this.caCertificateChain = CAUtils.getCertificateHolderList(pkiCredential.getCertificateChain());
        this.caRepository = cARepository;
    }

    protected abstract CertificateIssuer getCertificateIssuer();

    protected abstract CRLIssuer getCrlIssuer();

    @Override // se.swedenconnect.ca.engine.ca.issuer.CAService
    public abstract OCSPResponder getOCSPResponder();

    protected abstract T getBaseCertificateModelBuilder(CertNameModel<?> certNameModel, PublicKey publicKey, X509CertificateHolder x509CertificateHolder, CertificateIssuerModel certificateIssuerModel) throws CertificateIssuanceException;

    @Override // se.swedenconnect.ca.engine.ca.issuer.CAService
    public T getCertificateModelBuilder(CertNameModel<?> certNameModel, PublicKey publicKey) throws CertificateIssuanceException {
        return getBaseCertificateModelBuilder(certNameModel, publicKey, getCaCertificate(), getCertificateIssuer().getCertificateIssuerModel());
    }

    @Override // se.swedenconnect.ca.engine.ca.issuer.CAService
    public X509CertificateHolder issueCertificate(CertificateModel certificateModel) throws CertificateIssuanceException {
        X509CertificateHolder issueCertificate = getCertificateIssuer().issueCertificate(certificateModel);
        try {
            this.caRepository.addCertificate(issueCertificate);
            return issueCertificate;
        } catch (IOException e) {
            throw new CertificateIssuanceException(e);
        }
    }

    @Override // se.swedenconnect.ca.engine.ca.issuer.CAService
    public void revokeCertificate(BigInteger bigInteger, Date date) throws CertificateRevocationException {
        revokeCertificate(bigInteger, 0, date);
    }

    @Override // se.swedenconnect.ca.engine.ca.issuer.CAService
    public void revokeCertificate(BigInteger bigInteger, int i, Date date) throws CertificateRevocationException {
        Date date2 = (date == null || date.after(new Date())) ? new Date() : date;
        CertificateRecord certificate = this.caRepository.getCertificate(bigInteger);
        if (certificate == null) {
            throw new CertificateRevocationException("Certificate serial number for revocation does not exist");
        }
        if (certificate.isRevoked()) {
            if (certificate.getReason().intValue() != 6) {
                throw new CertificateRevocationException("Certificate serial number for revocation has already been permanently revoked");
            }
            date2 = certificate.getRevocationTime();
        }
        this.caRepository.revokeCertificate(bigInteger, i, date2);
    }

    @Override // se.swedenconnect.ca.engine.ca.issuer.CAService
    public X509CRLHolder publishNewCrl() throws IOException {
        CRLIssuer crlIssuer = getCrlIssuer();
        if (crlIssuer == null) {
            return null;
        }
        X509CRLHolder issueCRL = crlIssuer.issueCRL();
        this.caRepository.getCRLRevocationDataProvider().publishNewCrl(issueCRL);
        return issueCRL;
    }

    @Override // se.swedenconnect.ca.engine.ca.issuer.CAService
    public X509CRLHolder getCurrentCrl() {
        return this.caRepository.getCRLRevocationDataProvider().getCurrentCrl();
    }

    @Override // se.swedenconnect.ca.engine.ca.issuer.CAService
    public X509CertificateHolder getCaCertificate() {
        return this.caCertificateChain.get(0);
    }

    @Override // se.swedenconnect.ca.engine.ca.issuer.CAService
    public List<X509CertificateHolder> getCACertificateChain() {
        return this.caCertificateChain;
    }

    @Override // se.swedenconnect.ca.engine.ca.issuer.CAService
    public CARepository getCaRepository() {
        return this.caRepository;
    }
}
