package org.nhindirect.gateway.smtp.config.cert.impl;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import org.apache.jcs.JCS;
import org.apache.jcs.access.exception.CacheException;
import org.apache.jcs.engine.behavior.ICompositeCacheAttributes;
import org.apache.jcs.engine.behavior.IElementAttributes;
import org.nhind.config.rest.CertificateService;
import org.nhindirect.common.crypto.CryptoExtensions;
import org.nhindirect.common.crypto.KeyStoreProtectionManager;
import org.nhindirect.common.options.OptionsManager;
import org.nhindirect.common.options.OptionsParameter;
import org.nhindirect.config.model.Certificate;
import org.nhindirect.stagent.NHINDException;
import org.nhindirect.stagent.cert.CacheableCertStore;
import org.nhindirect.stagent.cert.CertCacheFactory;
import org.nhindirect.stagent.cert.CertStoreCachePolicy;
import org.nhindirect.stagent.cert.CertificateStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/gateway-8.0.0.jar:org/nhindirect/gateway/smtp/config/cert/impl/ConfigServiceRESTCertificateStore.class */
public class ConfigServiceRESTCertificateStore extends CertificateStore implements CacheableCertStore {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ConfigServiceRESTCertificateStore.class);
    public static final String WS_CERT_RESOLVER_MAX_CACHE_SIZE = "WS_CERT_RESOLVER_MAX_CACHE_SIZE";
    public static final String WS_CERT_RESOLVER_CACHE_TTL = "WS_CERT_RESOLVER_CACHE_TTL";
    protected static final int DEFAULT_WS_MAX_CAHCE_ITEMS = 1000;
    protected static final int DEFAULT_WS_TTL = 3600;
    private static final String CACHE_NAME = "CONFIG_SERVICE_CERT_CACHE";
    protected JCS cache;
    protected CertStoreCachePolicy cachePolicy;
    protected CertificateService certService;
    protected KeyStoreProtectionManager mgr;

    /* loaded from: input_file:BOOT-INF/lib/gateway-8.0.0.jar:org/nhindirect/gateway/smtp/config/cert/impl/ConfigServiceRESTCertificateStore$DefaultConfigStoreCachePolicy.class */
    public static class DefaultConfigStoreCachePolicy implements CertStoreCachePolicy {
        protected final int maxItems = OptionsParameter.getParamValueAsInteger(OptionsManager.getInstance().getParameter(ConfigServiceRESTCertificateStore.WS_CERT_RESOLVER_MAX_CACHE_SIZE), 1000);
        protected final int subjectTTL = OptionsParameter.getParamValueAsInteger(OptionsManager.getInstance().getParameter(ConfigServiceRESTCertificateStore.WS_CERT_RESOLVER_CACHE_TTL), ConfigServiceRESTCertificateStore.DEFAULT_WS_TTL);

        @Override // org.nhindirect.stagent.cert.CertStoreCachePolicy
        public int getMaxItems() {
            return this.maxItems;
        }

        @Override // org.nhindirect.stagent.cert.CertStoreCachePolicy
        public int getSubjectTTL() {
            return this.subjectTTL;
        }
    }

    public static synchronized void initJVMParams() {
        HashMap hashMap = new HashMap();
        hashMap.put(WS_CERT_RESOLVER_MAX_CACHE_SIZE, "org.nhindirect.stagent.cert.wsresolver.MaxCacheSize");
        hashMap.put(WS_CERT_RESOLVER_CACHE_TTL, "org.nhindirect.stagent.cert.wsresolver.CacheTTL");
        OptionsManager.addInitParameters(hashMap);
    }

    public ConfigServiceRESTCertificateStore(CertificateService certificateService) {
        setCertificateService(certificateService);
        createCache();
    }

    public ConfigServiceRESTCertificateStore(CertificateService certificateService, CertificateStore certificateStore, CertStoreCachePolicy certStoreCachePolicy) {
        this(certificateService, certificateStore, certStoreCachePolicy, null);
    }

    public ConfigServiceRESTCertificateStore(CertificateService certificateService, CertificateStore certificateStore, CertStoreCachePolicy certStoreCachePolicy, KeyStoreProtectionManager keyStoreProtectionManager) {
        this.cachePolicy = certStoreCachePolicy;
        createCache();
        setCertificateService(certificateService);
        setKeyStoreProectionManager(keyStoreProtectionManager);
    }

    public void setCertificateService(CertificateService certificateService) {
        this.certService = certificateService;
    }

    public void setKeyStoreProectionManager(KeyStoreProtectionManager keyStoreProtectionManager) {
        this.mgr = keyStoreProtectionManager;
    }

    protected synchronized JCS getCache() {
        if (this.cache == null) {
            createCache();
        }
        return this.cache;
    }

    private void createCache() {
        try {
            this.cache = CertCacheFactory.getInstance().getCertCache(CACHE_NAME, this.cachePolicy == null ? getDefaultPolicy() : this.cachePolicy);
            if (this.cachePolicy == null) {
                this.cachePolicy = getDefaultPolicy();
            }
        } catch (CacheException e) {
        }
    }

    private void applyCachePolicy(CertStoreCachePolicy certStoreCachePolicy) {
        if (getCache() != null) {
            try {
                ICompositeCacheAttributes cacheAttributes = this.cache.getCacheAttributes();
                cacheAttributes.setMaxObjects(certStoreCachePolicy.getMaxItems());
                cacheAttributes.setUseLateral(false);
                cacheAttributes.setUseRemote(false);
                this.cache.setCacheAttributes(cacheAttributes);
                IElementAttributes defaultElementAttributes = this.cache.getDefaultElementAttributes();
                defaultElementAttributes.setMaxLifeSeconds(certStoreCachePolicy.getSubjectTTL());
                defaultElementAttributes.setIsEternal(false);
                defaultElementAttributes.setIsLateral(false);
                defaultElementAttributes.setIsRemote(false);
                this.cache.setDefaultElementAttributes(defaultElementAttributes);
            } catch (CacheException e) {
            }
        }
    }

    private CertStoreCachePolicy getDefaultPolicy() {
        return new DefaultConfigStoreCachePolicy();
    }

    @Override // org.nhindirect.stagent.cert.CertificateStore, org.nhindirect.stagent.cert.X509Store
    public boolean contains(X509Certificate x509Certificate) {
        throw new UnsupportedOperationException("Contains is not supported.");
    }

    @Override // org.nhindirect.stagent.cert.CertificateStore, org.nhindirect.stagent.cert.X509Store
    public void add(X509Certificate x509Certificate) {
        throw new UnsupportedOperationException("Add is not supported.");
    }

    @Override // org.nhindirect.stagent.cert.CertificateStore, org.nhindirect.stagent.cert.X509Store
    public void remove(X509Certificate x509Certificate) {
        throw new UnsupportedOperationException("Remove is not supported.");
    }

    @Override // org.nhindirect.stagent.cert.CertificateStore, org.nhindirect.stagent.cert.X509Store
    public Collection<X509Certificate> getCertificates(String str) {
        Collection<X509Certificate> lookupFromConfigStore;
        int indexOf = str.indexOf("EMAILADDRESS=");
        String substring = indexOf > -1 ? str.substring(indexOf + "EMAILADDRESS=".length()) : str;
        JCS cache = getCache();
        if (cache != null) {
            lookupFromConfigStore = (Collection) cache.get(substring);
            if (lookupFromConfigStore == null || lookupFromConfigStore.size() == 0) {
                lookupFromConfigStore = lookupFromConfigStore(substring);
                if (lookupFromConfigStore == null || lookupFromConfigStore.size() == 0) {
                    log.info("getCertificates(String subjectName) - Could not find a ConfigService certificate for subject " + str);
                }
            }
        } else {
            lookupFromConfigStore = lookupFromConfigStore(substring);
            if (lookupFromConfigStore.size() == 0) {
                log.info("getCertificates(String subjectName) - Could not find a ConfigService certificate for subject " + str);
            }
        }
        return lookupFromConfigStore;
    }

    private Collection<X509Certificate> lookupFromConfigStore(String str) {
        try {
            Collection<Certificate> certificatesByOwner = this.certService.getCertificatesByOwner(str);
            if (certificatesByOwner == null || certificatesByOwner.isEmpty()) {
                int indexOf = str.indexOf("@");
                try {
                    certificatesByOwner = this.certService.getCertificatesByOwner(indexOf > -1 ? str.substring(indexOf + 1) : str);
                } catch (Exception e) {
                    throw new NHINDException("WebService error getting certificates by domain: " + e.getMessage(), e);
                }
            }
            if (certificatesByOwner == null || certificatesByOwner.isEmpty()) {
                return Collections.emptyList();
            }
            ArrayList arrayList = new ArrayList();
            Iterator<Certificate> it = certificatesByOwner.iterator();
            while (it.hasNext()) {
                arrayList.add(CertStoreUtils.certFromData(this.mgr, it.next().getData()));
            }
            try {
                if (this.cache != null) {
                    this.cache.put(str, arrayList);
                }
            } catch (CacheException e2) {
            }
            return arrayList;
        } catch (Exception e3) {
            throw new NHINDException("WebService error getting certificates by subject: " + e3.getMessage(), e3);
        }
    }

    @Override // org.nhindirect.stagent.cert.CertificateStore, org.nhindirect.stagent.cert.X509Store
    public Collection<X509Certificate> getAllCertificates() {
        try {
            Collection<Certificate> allCertificates = this.certService.getAllCertificates();
            flush(true);
            if (allCertificates == null || allCertificates.isEmpty()) {
                return Collections.emptyList();
            }
            ArrayList arrayList = new ArrayList();
            for (Certificate certificate : allCertificates) {
                arrayList.add(CertStoreUtils.certFromData(this.mgr, certificate.getData()));
                try {
                    if (this.cache != null) {
                        this.cache.put(certificate.getOwner(), arrayList);
                    }
                } catch (CacheException e) {
                }
            }
            return arrayList;
        } catch (Exception e2) {
            throw new NHINDException("WebService error getting all certificates: " + e2.getMessage(), e2);
        }
    }

    @Override // org.nhindirect.stagent.cert.CacheableCertStore
    public void flush(boolean z) {
        if (this.cache != null) {
            try {
                this.cache.clear();
            } catch (CacheException e) {
            }
        }
    }

    @Override // org.nhindirect.stagent.cert.CacheableCertStore
    public void loadBootStrap() {
    }

    @Override // org.nhindirect.stagent.cert.CacheableCertStore
    public void loadBootStrap(CertificateStore certificateStore) {
    }

    @Override // org.nhindirect.stagent.cert.CacheableCertStore
    public void setBootStrap(CertificateStore certificateStore) {
    }

    @Override // org.nhindirect.stagent.cert.CacheableCertStore
    public void setCachePolicy(CertStoreCachePolicy certStoreCachePolicy) {
        this.cachePolicy = certStoreCachePolicy;
        applyCachePolicy(certStoreCachePolicy);
    }

    static {
        initJVMParams();
        CryptoExtensions.registerJCEProviders();
    }
}
