package org.xipki.ca.mgmt.db.port;

import java.io.File;
import java.io.IOException;
import java.io.PrintStream;
import java.nio.file.Paths;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Optional;
import java.util.StringTokenizer;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.zip.ZipFile;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.ca.api.mgmt.CaConfType;
import org.xipki.ca.api.mgmt.CaJson;
import org.xipki.ca.mgmt.db.port.CaCertstore;
import org.xipki.ca.mgmt.db.port.DbPorter;
import org.xipki.datasource.DataAccessException;
import org.xipki.datasource.DataSourceWrapper;
import org.xipki.security.HashAlgo;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.Base64;
import org.xipki.util.ConfPairs;
import org.xipki.util.DateUtil;
import org.xipki.util.IoUtil;
import org.xipki.util.LogUtil;
import org.xipki.util.ProcessLog;
import org.xipki.util.StringUtil;

/* loaded from: input_file:org/xipki/ca/mgmt/db/port/OcspCertStoreFromCaDbImporter.class */
class OcspCertStoreFromCaDbImporter extends AbstractOcspCertstoreDbImporter {
    private static final Logger LOG = LoggerFactory.getLogger(OcspCertStoreFromCaDbImporter.class);
    private final String publisherName;
    private final boolean resume;
    private final int numCertsPerCommit;

    /* JADX INFO: Access modifiers changed from: package-private */
    public OcspCertStoreFromCaDbImporter(DataSourceWrapper dataSourceWrapper, String str, String str2, int i, boolean z, AtomicBoolean atomicBoolean) throws Exception {
        super(dataSourceWrapper, str, atomicBoolean);
        this.publisherName = Args.toNonBlankLower(str2, "publisherName");
        this.numCertsPerCommit = Args.positive(i, "numCertsPerCommit");
        File file = new File(this.baseDir, DbPorter.IMPORT_TO_OCSP_PROCESS_LOG_FILENAME);
        if (z) {
            if (!file.exists()) {
                throw new Exception("could not process with '--resume' option");
            }
        } else if (file.exists()) {
            throw new Exception("please either specify '--resume' or delete the file " + file.getPath() + " first");
        }
        this.resume = z;
    }

    public void importToDb() throws Exception {
        CaCertstore caCertstore = (CaCertstore) CaJson.parseObject(Paths.get(this.baseDir, DbPorter.FILENAME_CA_CERTSTORE), CaCertstore.class);
        caCertstore.validate();
        if (caCertstore.getVersion() > 2) {
            throw new Exception("could not import CertStore greater than 2: " + caCertstore.getVersion());
        }
        CaConfType.CaSystem caSystem = (CaConfType.CaSystem) CaJson.parseObject(Paths.get(this.baseDir, DbPorter.FILENAME_CA_CONFIGURATION), CaConfType.CaSystem.class);
        caSystem.validate();
        System.out.println("importing CA certstore to OCSP database");
        try {
            CaConfType.NameTypeConf nameTypeConf = null;
            Iterator it = caSystem.getPublishers().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                CaConfType.NameTypeConf nameTypeConf2 = (CaConfType.NameTypeConf) it.next();
                if (this.publisherName.equals(nameTypeConf2.getName())) {
                    nameTypeConf = nameTypeConf2;
                    break;
                }
            }
            if (nameTypeConf == null) {
                throw new Exception("unknown publisher " + this.publisherName);
            }
            String type = nameTypeConf.getType();
            if (!"ocsp".equalsIgnoreCase(type)) {
                throw new Exception("Unkwown publisher type " + type);
            }
            String value = new ConfPairs(readContent(nameTypeConf.getConf())).value("publish.goodcerts");
            boolean z = value != null ? !Boolean.parseBoolean(value) : false;
            HashSet hashSet = new HashSet();
            for (CaConfType.Ca ca : caSystem.getCas()) {
                if (ca.getPublishers().contains(this.publisherName)) {
                    hashSet.add(ca.getId());
                }
            }
            LinkedList linkedList = new LinkedList();
            for (CaConfType.Ca ca2 : caSystem.getCas()) {
                if (hashSet.contains(ca2.getId())) {
                    linkedList.add(ca2);
                }
            }
            if (linkedList.isEmpty()) {
                System.out.println("No CA has publisher " + this.publisherName);
                return;
            }
            List<Integer> issuerIds = this.resume ? getIssuerIds(linkedList) : importIssuer(linkedList);
            File file = new File(this.baseDir, DbPorter.IMPORT_TO_OCSP_PROCESS_LOG_FILENAME);
            importCert(caCertstore, z, issuerIds, file);
            IoUtil.deleteFile0(file);
            System.out.println(" imported OCSP certstore to database");
        } catch (Exception e) {
            System.err.println("could not import OCSP certstore to database");
            throw e;
        }
    }

    private List<Integer> getIssuerIds(List<CaConfType.Ca> list) throws IOException {
        LinkedList linkedList = new LinkedList();
        for (CaConfType.Ca ca : list) {
            byte[] readContent = ca.getCaInfo().getCert() == null ? null : readContent(ca.getCaInfo().getCert());
            CaConfType.Ca ca2 = null;
            Iterator<CaConfType.Ca> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                CaConfType.Ca next = it.next();
                if (Arrays.equals(readContent, next.getCaInfo().getCert() == null ? null : readContent(next.getCaInfo().getCert()))) {
                    ca2 = next;
                    break;
                }
            }
            if (ca2 != null) {
                linkedList.add(ca.getId());
            }
        }
        return linkedList;
    }

    private List<Integer> importIssuer(List<CaConfType.Ca> list) throws DataAccessException, CertificateException, IOException {
        System.out.print("    importing table ISSUER ... ");
        String str = SQL_ADD_ISSUER;
        PreparedStatement prepareStatement = prepareStatement(str);
        LinkedList linkedList = new LinkedList();
        try {
            Iterator<CaConfType.Ca> it = list.iterator();
            while (it.hasNext()) {
                importIssuer0(it.next(), str, prepareStatement, linkedList);
            }
            releaseResources(prepareStatement, null);
            System.out.println(1 != 0 ? "SUCCESSFUL" : "FAILED");
            return linkedList;
        } catch (Throwable th) {
            releaseResources(prepareStatement, null);
            System.out.println(0 != 0 ? "SUCCESSFUL" : "FAILED");
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r3v4, types: [byte[], byte[][]] */
    private void importIssuer0(CaConfType.Ca ca, String str, PreparedStatement preparedStatement, List<Integer> list) throws IOException, DataAccessException, CertificateException {
        try {
            byte[] readContent = readContent(ca.getCaInfo().getCert());
            list.add(ca.getId());
            try {
                Certificate certificate = Certificate.getInstance(readContent);
                String str2 = null;
                if (ca.getCaInfo().getRevocationInfo() != null) {
                    str2 = ca.getCaInfo().getRevocationInfo().encode();
                }
                int i = 1 + 1;
                preparedStatement.setInt(1, ca.getId().intValue());
                int i2 = i + 1;
                preparedStatement.setString(i, X509Util.cutX500Name(certificate.getSubject(), this.maxX500nameLen));
                int i3 = i2 + 1;
                preparedStatement.setLong(i2, DateUtil.toEpochSecond(certificate.getTBSCertificate().getStartDate().getDate()));
                int i4 = i3 + 1;
                preparedStatement.setLong(i3, DateUtil.toEpochSecond(certificate.getTBSCertificate().getEndDate().getDate()));
                int i5 = i4 + 1;
                preparedStatement.setString(i4, HashAlgo.SHA1.base64Hash((byte[][]) new byte[]{readContent}));
                int i6 = i5 + 1;
                preparedStatement.setString(i5, str2);
                preparedStatement.setString(i6, Base64.encodeToString(readContent));
                preparedStatement.setNull(i6 + 1, 4);
                preparedStatement.execute();
            } catch (RuntimeException e) {
                LogUtil.error(LOG, e, "could not parse certificate of issuer " + ca.getId());
                throw new CertificateException(e.getMessage(), e);
            }
        } catch (CertificateException e2) {
            System.err.println("could not import issuer with id=" + ca.getId());
            throw e2;
        } catch (SQLException e3) {
            System.err.println("could not import issuer with id=" + ca.getId());
            throw translate(str, e3);
        }
    }

    private void importCert(CaCertstore caCertstore, boolean z, List<Integer> list, File file) throws Exception {
        HashAlgo certHashAlgo = getCertHashAlgo();
        int i = 0;
        long j = 1;
        if (file.exists()) {
            byte[] read = IoUtil.read(file);
            if (read.length > 2) {
                String utf8String = StringUtil.toUtf8String(read);
                if (utf8String.trim().equalsIgnoreCase("certs.finished")) {
                    return;
                }
                StringTokenizer stringTokenizer = new StringTokenizer(utf8String, ":");
                i = Integer.parseInt(stringTokenizer.nextToken());
                j = 1 + Long.parseLong(stringTokenizer.nextToken());
            }
        }
        deleteCertGreaterThan(j - 1, LOG);
        long countCerts = caCertstore.getCountCerts() - i;
        ProcessLog processLog = new ProcessLog(countCerts);
        ProcessLog processLog2 = new ProcessLog(countCerts);
        System.out.println("importing certificates from ID " + j);
        processLog.printHeader();
        PreparedStatement prepareStatement = prepareStatement(SQL_ADD_CERT);
        try {
            DbPorter.DbPortFileNameIterator dbPortFileNameIterator = new DbPorter.DbPortFileNameIterator(this.baseDir + File.separator + DbPorter.CaDbEntryType.CERT.getDirName() + ".mf");
            while (dbPortFileNameIterator.hasNext()) {
                try {
                    String str = this.baseDir + File.separator + DbPorter.CaDbEntryType.CERT.getDirName() + File.separator + dbPortFileNameIterator.next();
                    int indexOf = str.indexOf(45);
                    int indexOf2 = str.indexOf(".zip");
                    try {
                        if (indexOf == -1 || indexOf2 == -1) {
                            LOG.warn("invalid file name '{}', but will still be processed", str);
                        } else {
                            try {
                            } catch (Exception e) {
                                LOG.warn("invalid file name '{}', but will still be processed", str);
                            }
                            if (Integer.parseInt(str.substring(indexOf + 1, indexOf2)) < j) {
                            }
                        }
                        j = importCert0(certHashAlgo, prepareStatement, str, z, list, j, file, processLog, i, processLog2) + 1;
                    } catch (Exception e2) {
                        System.err.println("\ncould not import certificates from file " + str + ".\nplease continue with the option '--resume'");
                        LOG.error("Exception", e2);
                        throw e2;
                    }
                } finally {
                }
            }
            dbPortFileNameIterator.close();
            processLog.printTrailer();
            DbPorter.echoToFile("certs.finished", file);
            PrintStream printStream = System.out;
            long numProcessed = processLog.numProcessed();
            processLog2.numProcessed();
            printStream.println("processed " + numProcessed + " and imported " + printStream + " certificates");
        } finally {
            releaseResources(prepareStatement, null);
        }
    }

    /* JADX WARN: Type inference failed for: r1v16, types: [byte[], byte[][]] */
    private long importCert0(HashAlgo hashAlgo, PreparedStatement preparedStatement, String str, boolean z, List<Integer> list, long j, File file, ProcessLog processLog, int i, ProcessLog processLog2) throws Exception {
        ZipFile zipFile = new ZipFile(new File(str));
        try {
            CaCertstore.Certs certs = (CaCertstore.Certs) CaJson.parseObjectAndClose(zipFile.getInputStream(zipFile.getEntry("overview.json")), CaCertstore.Certs.class);
            certs.validate();
            disableAutoCommit();
            try {
                int i2 = 0;
                int i3 = 0;
                long j2 = 0;
                List<CaCertstore.Cert> certs2 = certs.getCerts();
                int size = certs2.size();
                int i4 = 0;
                while (i4 < size) {
                    if (this.stopMe.get()) {
                        throw new InterruptedException("interrupted by the user");
                    }
                    CaCertstore.Cert cert = certs2.get(i4);
                    long longValue = cert.getId().longValue();
                    j2 = longValue;
                    if (longValue >= j) {
                        i2++;
                        if (!z || (cert.getRev() != null && cert.getRev().intValue() == 1)) {
                            int intValue = cert.getCaId().intValue();
                            if (list.contains(Integer.valueOf(intValue))) {
                                i3++;
                                String file2 = cert.getFile();
                                byte[] readAllBytesAndClose = IoUtil.readAllBytesAndClose(zipFile.getInputStream(zipFile.getEntry(file2)));
                                String base64Hash = hashAlgo.base64Hash((byte[][]) new byte[]{readAllBytesAndClose});
                                try {
                                    TBSCertificate tBSCertificate = Certificate.getInstance(readAllBytesAndClose).getTBSCertificate();
                                    String cutX500Name = X509Util.cutX500Name(tBSCertificate.getSubject(), this.maxX500nameLen);
                                    try {
                                        int i5 = 1 + 1;
                                        preparedStatement.setLong(1, longValue);
                                        int i6 = i5 + 1;
                                        preparedStatement.setInt(i5, intValue);
                                        int i7 = i6 + 1;
                                        preparedStatement.setString(i6, tBSCertificate.getSerialNumber().getPositiveValue().toString(16));
                                        int i8 = i7 + 1;
                                        preparedStatement.setLong(i7, cert.getUpdate().longValue());
                                        int i9 = i8 + 1;
                                        preparedStatement.setLong(i8, DateUtil.toEpochSecond(tBSCertificate.getStartDate().getDate()));
                                        int i10 = i9 + 1;
                                        preparedStatement.setLong(i9, DateUtil.toEpochSecond(tBSCertificate.getEndDate().getDate()));
                                        int i11 = i10 + 1;
                                        setInt(preparedStatement, i10, cert.getRev());
                                        int i12 = i11 + 1;
                                        setInt(preparedStatement, i11, cert.getRr());
                                        int i13 = i12 + 1;
                                        setLong(preparedStatement, i12, cert.getRt());
                                        int i14 = i13 + 1;
                                        setLong(preparedStatement, i13, cert.getRit());
                                        int i15 = i14 + 1;
                                        preparedStatement.setString(i14, base64Hash);
                                        preparedStatement.setString(i15, cutX500Name);
                                        preparedStatement.setNull(i15 + 1, 4);
                                        preparedStatement.addBatch();
                                    } catch (SQLException e) {
                                        throw translate(SQL_ADD_CERT, e);
                                    }
                                } catch (RuntimeException e2) {
                                    LogUtil.error(LOG, e2, "could not parse certificate in file " + file2);
                                    throw new CertificateException(e2.getMessage(), e2);
                                }
                            }
                        }
                        boolean z2 = i4 == size - 1;
                        if (i3 > 0 && (i3 % this.numCertsPerCommit == 0 || z2)) {
                            try {
                                preparedStatement.executeBatch();
                                commit("(commit import cert to OCSP)");
                                processLog.addNumProcessed(i2);
                                processLog2.addNumProcessed(i3);
                                i2 = 0;
                                i3 = 0;
                                long numProcessed = i + processLog.numProcessed();
                                echoToFile(numProcessed + ":" + numProcessed, file);
                                processLog.printStatus();
                            } catch (Throwable th) {
                                rollback();
                                deleteCertGreaterThan(j2, LOG);
                                if (th instanceof SQLException) {
                                    throw translate(SQL_ADD_CERT, (SQLException) th);
                                }
                                if (th instanceof Exception) {
                                    throw ((Exception) th);
                                }
                                throw new Exception(th);
                            }
                        } else if (z2) {
                            processLog.addNumProcessed(i2);
                            processLog2.addNumProcessed(i3);
                            i2 = 0;
                            i3 = 0;
                            long numProcessed2 = i + processLog.numProcessed();
                            echoToFile(numProcessed2 + ":" + numProcessed2, file);
                            processLog.printStatus();
                        }
                    }
                    i4++;
                }
                return j2;
            } finally {
                recoverAutoCommit();
                zipFile.close();
            }
        } catch (Exception e3) {
            try {
                zipFile.close();
            } catch (Exception e4) {
                LOG.error("could not close ZIP file {}: {}", str, e4.getMessage());
                LOG.debug("could not close ZIP file " + str, e4);
            }
            throw e3;
        }
    }

    private HashAlgo getCertHashAlgo() throws DataAccessException {
        try {
            return HashAlgo.getInstance((String) Optional.ofNullable(this.dbSchemaInfo.getVariableValue("CERTHASH_ALGO")).orElseThrow(() -> {
                return new DataAccessException("Column with NAME='CERTHASH_ALGO' is not defined in table DBSCHEMA");
            }));
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalArgumentException(e);
        }
    }
}
