package org.xipki.ca.api.mgmt;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.parser.Feature;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.ca.api.CaUris;
import org.xipki.ca.api.NameId;
import org.xipki.ca.api.RestAPIConstants;
import org.xipki.ca.api.mgmt.CaConfType;
import org.xipki.ca.api.mgmt.MgmtEntry;
import org.xipki.security.SecurityFactory;
import org.xipki.security.SignerConf;
import org.xipki.security.XiSecurityException;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.Base64;
import org.xipki.util.CollectionUtil;
import org.xipki.util.ConfPairs;
import org.xipki.util.FileOrBinary;
import org.xipki.util.FileOrValue;
import org.xipki.util.InvalidConfException;
import org.xipki.util.IoUtil;
import org.xipki.util.ObjectCreationException;
import org.xipki.util.Validity;

/* loaded from: input_file:org/xipki/ca/api/mgmt/CaConf.class */
public class CaConf {
    private static final Logger LOG = LoggerFactory.getLogger(CaConf.class);
    private final Map<String, String> properties = new HashMap();
    private final Map<String, MgmtEntry.Signer> signers = new HashMap();
    private final Map<String, MgmtEntry.Requestor> requestors = new HashMap();
    private final Map<String, Object> users = new HashMap();
    private final Map<String, MgmtEntry.Publisher> publishers = new HashMap();
    private final Map<String, MgmtEntry.Certprofile> certprofiles = new HashMap();
    private final Map<String, SingleCa> cas = new HashMap();

    /* loaded from: input_file:org/xipki/ca/api/mgmt/CaConf$GenSelfIssued.class */
    public static class GenSelfIssued {
        private final String profile;
        private final byte[] csr;
        private final BigInteger serialNumber;
        private final String certOutputFormat;

        public GenSelfIssued(String str, byte[] bArr, BigInteger bigInteger, String str2) {
            this.profile = Args.notBlank(str, RestAPIConstants.PARAM_profile);
            this.csr = (byte[]) Args.notNull(bArr, "csr");
            this.serialNumber = bigInteger;
            this.certOutputFormat = str2;
        }

        public String getProfile() {
            return this.profile;
        }

        public byte[] getCsr() {
            return this.csr;
        }

        public BigInteger getSerialNumber() {
            return this.serialNumber;
        }

        public String getCertOutputFormat() {
            return this.certOutputFormat;
        }
    }

    /* loaded from: input_file:org/xipki/ca/api/mgmt/CaConf$SingleCa.class */
    public static class SingleCa {
        private final String name;
        private final GenSelfIssued genSelfIssued;
        private final MgmtEntry.Ca caEntry;
        private final List<String> aliases;
        private final List<String> profileNames;
        private final List<MgmtEntry.CaHasRequestor> requestors;
        private final List<MgmtEntry.CaHasUser> users;
        private final List<String> publisherNames;

        public SingleCa(String str, GenSelfIssued genSelfIssued, MgmtEntry.Ca ca, List<String> list, List<String> list2, List<MgmtEntry.CaHasRequestor> list3, List<MgmtEntry.CaHasUser> list4, List<String> list5) {
            this.name = Args.notBlank(str, "name");
            if (genSelfIssued != null) {
                if (ca == null) {
                    throw new IllegalArgumentException("caEntry may not be null if genSelfIssued is non-null");
                }
                if ((ca instanceof MgmtEntry.Ca) && ca.getCert() != null) {
                    throw new IllegalArgumentException("caEntry.cert may not be null if genSelfIssued is non-null");
                }
            }
            this.genSelfIssued = genSelfIssued;
            this.caEntry = ca;
            this.aliases = list;
            this.profileNames = list2;
            this.requestors = list3;
            this.users = list4;
            this.publisherNames = list5;
        }

        public String getName() {
            return this.name;
        }

        public MgmtEntry.Ca getCaEntry() {
            return this.caEntry;
        }

        public List<String> getAliases() {
            return this.aliases;
        }

        public GenSelfIssued getGenSelfIssued() {
            return this.genSelfIssued;
        }

        public List<String> getProfileNames() {
            return this.profileNames;
        }

        public List<MgmtEntry.CaHasRequestor> getRequestors() {
            return this.requestors;
        }

        public List<MgmtEntry.CaHasUser> getUsers() {
            return this.users;
        }

        public List<String> getPublisherNames() {
            return this.publisherNames;
        }
    }

    public CaConf(File file, SecurityFactory securityFactory) throws IOException, InvalidConfException, CaMgmtException {
        Args.notNull(securityFactory, "securityFactory");
        init(Files.newInputStream(IoUtil.expandFilepath((File) Args.notNull(file, "confFile")).toPath(), new OpenOption[0]), securityFactory);
    }

    public CaConf(InputStream inputStream, SecurityFactory securityFactory) throws IOException, InvalidConfException, CaMgmtException {
        Args.notNull(inputStream, "confFileZipStream");
        Args.notNull(securityFactory, "securityFactory");
        init(inputStream, securityFactory);
    }

    private final void init(InputStream inputStream, SecurityFactory securityFactory) throws IOException, InvalidConfException, CaMgmtException {
        ZipInputStream zipInputStream = new ZipInputStream(inputStream);
        try {
            HashMap hashMap = new HashMap();
            while (true) {
                ZipEntry nextEntry = zipInputStream.getNextEntry();
                if (nextEntry == null) {
                    break;
                }
                hashMap.put(nextEntry.getName(), read(zipInputStream));
            }
            CaConfType.CaSystem caSystem = (CaConfType.CaSystem) JSON.parseObject(hashMap.get("caconf.json"), CaConfType.CaSystem.class, new Feature[0]);
            caSystem.validate();
            init0(caSystem, hashMap, securityFactory);
        } finally {
            try {
                inputStream.close();
            } catch (IOException e) {
                LOG.info("could not clonse zipFileStream", e.getMessage());
            }
            try {
                zipInputStream.close();
            } catch (IOException e2) {
                LOG.info("could not clonse zipStream", e2.getMessage());
            }
        }
    }

    private final void init0(CaConfType.CaSystem caSystem, Map<String, byte[]> map, SecurityFactory securityFactory) throws IOException, InvalidConfException, CaMgmtException {
        CaUris caUris;
        X509Certificate certificate;
        if (caSystem.getProperties() != null) {
            this.properties.putAll(caSystem.getProperties());
        }
        if (caSystem.getSigners() != null) {
            for (CaConfType.Signer signer : caSystem.getSigners()) {
                addSigner(new MgmtEntry.Signer(signer.getName(), expandConf(signer.getType()), getValue(signer.getConf(), map), getBase64Binary(signer.getCert(), map)));
            }
        }
        if (caSystem.getRequestors() != null) {
            for (CaConfType.Requestor requestor : caSystem.getRequestors()) {
                addRequestor(new MgmtEntry.Requestor(new NameId(null, requestor.getName()), requestor.getType(), requestor.getConf() != null ? getValue(requestor.getConf(), map) : getBase64Binary(requestor.getBinaryConf(), map)));
            }
        }
        if (caSystem.getUsers() != null) {
            for (CaConfType.User user : caSystem.getUsers()) {
                boolean isActive = user.isActive();
                String password = user.getPassword();
                if (password != null) {
                    addUser(new MgmtEntry.AddUser(new NameId(null, user.getName()), isActive, password));
                } else {
                    addUser(new MgmtEntry.User(new NameId(null, user.getName()), isActive, user.getHashedPassword()));
                }
            }
        }
        if (caSystem.getPublishers() != null) {
            for (CaConfType.NameTypeConf nameTypeConf : caSystem.getPublishers()) {
                addPublisher(new MgmtEntry.Publisher(new NameId(null, nameTypeConf.getName()), expandConf(nameTypeConf.getType()), getValue(nameTypeConf.getConf(), map)));
            }
        }
        if (caSystem.getProfiles() != null) {
            for (CaConfType.NameTypeConf nameTypeConf2 : caSystem.getProfiles()) {
                addProfile(new MgmtEntry.Certprofile(new NameId(null, nameTypeConf2.getName()), expandConf(nameTypeConf2.getType()), getValue(nameTypeConf2.getConf(), map)));
            }
        }
        if (caSystem.getCas() != null) {
            for (CaConfType.Ca ca : caSystem.getCas()) {
                String name = ca.getName();
                GenSelfIssued genSelfIssued = null;
                MgmtEntry.Ca ca2 = null;
                if (ca.getCaInfo() != null) {
                    CaConfType.CaInfo caInfo = ca.getCaInfo();
                    if (caInfo.getGenSelfIssued() != null) {
                        if (caInfo.getCert() != null) {
                            throw new InvalidConfException("cert.file of CA " + name + " may not be set");
                        }
                        byte[] binary = getBinary(caInfo.getGenSelfIssued().getCsr(), map);
                        String serialNumber = caInfo.getGenSelfIssued().getSerialNumber();
                        genSelfIssued = new GenSelfIssued(caInfo.getGenSelfIssued().getProfile(), binary, serialNumber != null ? (serialNumber.startsWith("0x") || serialNumber.startsWith("0X")) ? new BigInteger(serialNumber.substring(2), 16) : new BigInteger(serialNumber) : null, caInfo.getGenSelfIssued().getCertOutform());
                    }
                    if (caInfo.getCaUris() == null) {
                        caUris = CaUris.EMPTY_INSTANCE;
                    } else {
                        CaConfType.CaUris caUris2 = caInfo.getCaUris();
                        caUris = new CaUris(caUris2.getCacertUris(), caUris2.getOcspUris(), caUris2.getCrlUris(), caUris2.getDeltacrlUris());
                    }
                    ca2 = new MgmtEntry.Ca(new NameId(null, name), caInfo.getSnSize(), caInfo.getNextCrlNo(), expandConf(caInfo.getSignerType()), getValue(caInfo.getSignerConf(), map), caUris, caInfo.getNumCrls() == null ? 30 : caInfo.getNumCrls().intValue(), caInfo.getExpirationPeriod() == null ? 365 : caInfo.getExpirationPeriod().intValue());
                    if (CollectionUtil.isNotEmpty(caInfo.getCmpControl())) {
                        ca2.setCmpControl(new CmpControl(new ConfPairs(caInfo.getCmpControl()).getEncoded()));
                    }
                    if (caInfo.getCrlControl() != null) {
                        ca2.setCrlControl(new CrlControl(new ConfPairs(caInfo.getCrlControl()).getEncoded()));
                    }
                    if (caInfo.getScepControl() != null) {
                        ca2.setScepControl(new ScepControl(new ConfPairs(caInfo.getScepControl()).getEncoded()));
                    }
                    if (caInfo.getCtlogControl() != null) {
                        ca2.setCtlogControl(new CtlogControl(new ConfPairs(caInfo.getCtlogControl()).getEncoded()));
                    }
                    ca2.setCmpResponderName(caInfo.getCmpResponderName());
                    ca2.setScepResponderName(caInfo.getScepResponderName());
                    ca2.setCrlSignerName(caInfo.getCrlSignerName());
                    ca2.setDuplicateKeyPermitted(caInfo.isDuplicateKey());
                    ca2.setDuplicateSubjectPermitted(caInfo.isDuplicateSubject());
                    if (caInfo.getExtraControl() != null) {
                        ca2.setExtraControl(new ConfPairs(caInfo.getExtraControl()).unmodifiable());
                    }
                    ca2.setKeepExpiredCertInDays(caInfo.getKeepExpiredCertDays() == null ? -1 : caInfo.getKeepExpiredCertDays().intValue());
                    ca2.setMaxValidity(Validity.getInstance(caInfo.getMaxValidity()));
                    ca2.setPermission(getIntPermission(caInfo.getPermissions()));
                    if (caInfo.getProtocolSupport() != null) {
                        ca2.setProtocolSupport(new ProtocolSupport(caInfo.getProtocolSupport()));
                    }
                    if (caInfo.getDhpocControl() != null) {
                        ca2.setDhpocControl(getValue(caInfo.getDhpocControl(), map));
                    }
                    if (caInfo.getRevokeSuspendedControl() != null) {
                        ca2.setRevokeSuspendedControl(new RevokeSuspendedControl(new ConfPairs(caInfo.getRevokeSuspendedControl())));
                    }
                    ca2.setSaveRequest(caInfo.isSaveReq());
                    ca2.setStatus(CaStatus.forName(caInfo.getStatus()));
                    if (caInfo.getValidityMode() != null) {
                        ca2.setValidityMode(ValidityMode.forName(caInfo.getValidityMode()));
                    }
                    if (caInfo.getGenSelfIssued() == null) {
                        if (caInfo.getCert() != null) {
                            try {
                                certificate = X509Util.parseCert(getBinary(caInfo.getCert(), map));
                            } catch (CertificateException e) {
                                throw new InvalidConfException("invalid certificate of CA " + name, e);
                            }
                        } else {
                            try {
                                certificate = securityFactory.createSigner(expandConf(caInfo.getSignerType()), new SignerConf(MgmtEntry.Ca.splitCaSignerConfs(getValue(caInfo.getSignerConf(), map)).get(0)[1]), (X509Certificate) null).getCertificate();
                            } catch (ObjectCreationException | XiSecurityException e2) {
                                throw new InvalidConfException("could not create CA signer for CA " + name, e2);
                            }
                        }
                        ca2.setCert(certificate);
                        if (CollectionUtil.isNotEmpty(caInfo.getCertchain())) {
                            LinkedList linkedList = new LinkedList();
                            Iterator<FileOrBinary> it = caInfo.getCertchain().iterator();
                            while (it.hasNext()) {
                                try {
                                    linkedList.add(X509Util.parseCert(getBinary(it.next(), map)));
                                } catch (CertificateException e3) {
                                    throw new InvalidConfException("invalid certchain for CA " + name, e3);
                                }
                            }
                            ca2.setCertchain(linkedList);
                        }
                    }
                }
                LinkedList linkedList2 = null;
                if (ca.getRequestors() != null) {
                    linkedList2 = new LinkedList();
                    for (CaConfType.CaHasRequestor caHasRequestor : ca.getRequestors()) {
                        MgmtEntry.CaHasRequestor caHasRequestor2 = new MgmtEntry.CaHasRequestor(new NameId(null, caHasRequestor.getRequestorName()));
                        caHasRequestor2.setRa(caHasRequestor.isRa());
                        if (caHasRequestor.getProfiles() != null && !caHasRequestor.getProfiles().isEmpty()) {
                            caHasRequestor2.setProfiles(new HashSet(caHasRequestor.getProfiles()));
                        }
                        caHasRequestor2.setPermission(getIntPermission(caHasRequestor.getPermissions()));
                        linkedList2.add(caHasRequestor2);
                    }
                }
                LinkedList linkedList3 = null;
                if (ca.getUsers() != null) {
                    linkedList3 = new LinkedList();
                    for (CaConfType.CaHasUser caHasUser : ca.getUsers()) {
                        MgmtEntry.CaHasUser caHasUser2 = new MgmtEntry.CaHasUser(new NameId(null, caHasUser.getUserName()));
                        caHasUser2.setPermission(getIntPermission(caHasUser.getPermissions()));
                        if (caHasUser.getProfiles() != null && !caHasUser.getProfiles().isEmpty()) {
                            caHasUser2.setProfiles(new HashSet(caHasUser.getProfiles()));
                        }
                        linkedList3.add(caHasUser2);
                    }
                }
                List<String> list = null;
                if (ca.getAliases() != null && !ca.getAliases().isEmpty()) {
                    list = ca.getAliases();
                }
                List<String> list2 = null;
                if (ca.getProfiles() != null && !ca.getProfiles().isEmpty()) {
                    list2 = ca.getProfiles();
                }
                List<String> list3 = null;
                if (ca.getPublishers() != null && !ca.getPublishers().isEmpty()) {
                    list3 = ca.getPublishers();
                }
                addSingleCa(new SingleCa(name, genSelfIssued, ca2, list, list2, linkedList2, linkedList3, list3));
            }
        }
    }

    public void addSigner(MgmtEntry.Signer signer) {
        Args.notNull(signer, "signer");
        this.signers.put(signer.getName(), signer);
    }

    public Set<String> getSignerNames() {
        return Collections.unmodifiableSet(this.signers.keySet());
    }

    public MgmtEntry.Signer getSigner(String str) {
        return this.signers.get(Args.notNull(str, "name"));
    }

    public void addRequestor(MgmtEntry.Requestor requestor) {
        Args.notNull(requestor, "requestor");
        this.requestors.put(requestor.getIdent().getName(), requestor);
    }

    public void addUser(MgmtEntry.User user) {
        Args.notNull(user, "user");
        this.users.put(user.getIdent().getName(), user);
    }

    public void addUser(MgmtEntry.AddUser addUser) {
        Args.notNull(addUser, "user");
        this.users.put(addUser.getIdent().getName(), addUser);
    }

    public Set<String> getRequestorNames() {
        return Collections.unmodifiableSet(this.requestors.keySet());
    }

    public MgmtEntry.Requestor getRequestor(String str) {
        return this.requestors.get(Args.notNull(str, "name"));
    }

    public Set<String> getUserNames() {
        return Collections.unmodifiableSet(this.users.keySet());
    }

    public Object getUser(String str) {
        return this.users.get(Args.notNull(str, "name"));
    }

    public void addPublisher(MgmtEntry.Publisher publisher) {
        Args.notNull(publisher, "publisher");
        this.publishers.put(publisher.getIdent().getName(), publisher);
    }

    public Set<String> getPublisherNames() {
        return Collections.unmodifiableSet(this.publishers.keySet());
    }

    public MgmtEntry.Publisher getPublisher(String str) {
        return this.publishers.get(Args.notNull(str, "name"));
    }

    public void addProfile(MgmtEntry.Certprofile certprofile) {
        Args.notNull(certprofile, RestAPIConstants.PARAM_profile);
        this.certprofiles.put(certprofile.getIdent().getName(), certprofile);
    }

    public Set<String> getCertprofileNames() {
        return Collections.unmodifiableSet(this.certprofiles.keySet());
    }

    public MgmtEntry.Certprofile getCertprofile(String str) {
        return this.certprofiles.get(Args.notNull(str, "name"));
    }

    public void addSingleCa(SingleCa singleCa) {
        Args.notNull(singleCa, "singleCa");
        this.cas.put(singleCa.getName(), singleCa);
    }

    public Set<String> getCaNames() {
        return Collections.unmodifiableSet(this.cas.keySet());
    }

    public SingleCa getCa(String str) {
        return this.cas.get(Args.notNull(str, "name"));
    }

    private String getValue(FileOrValue fileOrValue, Map<String, byte[]> map) throws IOException {
        if (fileOrValue == null) {
            return null;
        }
        if (fileOrValue.getValue() != null) {
            return expandConf(fileOrValue.getValue());
        }
        String file = fileOrValue.getFile();
        byte[] bArr = map.get(file);
        if (bArr == null) {
            throw new IOException("could not find ZIP entry " + file);
        }
        return expandConf(new String(bArr, "UTF-8"));
    }

    private String getBase64Binary(FileOrBinary fileOrBinary, Map<String, byte[]> map) throws IOException {
        byte[] binary = getBinary(fileOrBinary, map);
        if (binary == null) {
            return null;
        }
        return Base64.encodeToString(binary);
    }

    private static byte[] read(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[2048];
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    private byte[] getBinary(FileOrBinary fileOrBinary, Map<String, byte[]> map) throws IOException {
        if (fileOrBinary == null) {
            return null;
        }
        if (fileOrBinary.getBinary() != null) {
            return fileOrBinary.getBinary();
        }
        String file = fileOrBinary.getFile();
        byte[] bArr = map.get(file);
        if (bArr == null) {
            throw new IOException("could not find ZIP entry " + file);
        }
        return bArr;
    }

    private String expandConf(String str) {
        if (str == null || !str.contains("${") || str.indexOf(125) == -1) {
            return str;
        }
        for (String str2 : this.properties.keySet()) {
            String str3 = "${" + str2 + "}";
            while (str.contains(str3)) {
                str = str.replace(str3, this.properties.get(str2));
            }
        }
        return str;
    }

    private static int getIntPermission(List<String> list) throws InvalidConfException {
        int i = 0;
        for (String str : list) {
            Integer permissionForText = PermissionConstants.getPermissionForText(str);
            if (permissionForText == null) {
                throw new InvalidConfException("invalid permission " + str);
            }
            i |= permissionForText.intValue();
        }
        return i;
    }
}
