package org.xipki.ocsp.server.store;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ScheduledThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import org.bouncycastle.crypto.ExtendedDigest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.datasource.DataSourceWrapper;
import org.xipki.ocsp.api.OcspStoreException;
import org.xipki.security.HashAlgo;
import org.xipki.security.asn1.CrlStreamParser;
import org.xipki.util.Args;
import org.xipki.util.ConfPairs;
import org.xipki.util.Curl;
import org.xipki.util.DateUtil;
import org.xipki.util.DefaultCurl;
import org.xipki.util.Hex;
import org.xipki.util.IoUtil;
import org.xipki.util.LogUtil;
import org.xipki.util.StringUtil;
import org.xipki.util.Validity;
import org.xipki.util.http.SslContextConf;

/* loaded from: input_file:org/xipki/ocsp/server/store/CrlDbCertStatusStore.class */
public class CrlDbCertStatusStore extends DbCertStatusStore {
    private static final Logger LOG = LoggerFactory.getLogger(CrlDbCertStatusStore.class);
    private static final String CT_PKIX_CRL = "application/pkix-crl";
    private String dir;
    private int sqlBatchCommit;
    private boolean ignoreExpiredCrls;
    private boolean crlUpdated;
    private Map<String, ?> sourceConf;
    private final CrlUpdateService storeUpdateService = new CrlUpdateService();
    private final Object lock = new Object();
    private final AtomicBoolean crlUpdateInProcess = new AtomicBoolean(false);
    private final ConcurrentHashMap<String, Curl> curls = new ConcurrentHashMap<>();
    private final ConcurrentHashMap<String, Long> curlsConfLastModified = new ConcurrentHashMap<>();
    private boolean firstTime = true;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/xipki/ocsp/server/store/CrlDbCertStatusStore$CompositeOutputStream.class */
    public static class CompositeOutputStream extends OutputStream {
        private final ExtendedDigest digest;
        private byte[] hashValue;
        private final OutputStream outputStream;

        public CompositeOutputStream(HashAlgo hashAlgo, OutputStream outputStream) {
            this.digest = hashAlgo == null ? null : hashAlgo.createDigest();
            this.outputStream = outputStream;
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr) throws IOException {
            if (this.digest != null) {
                this.digest.update(bArr, 0, bArr.length);
            }
            this.outputStream.write(bArr);
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) throws IOException {
            if (this.digest != null) {
                this.digest.update(bArr, i, i2);
            }
            this.outputStream.write(bArr, i, i2);
        }

        @Override // java.io.OutputStream, java.io.Flushable
        public void flush() throws IOException {
            this.outputStream.flush();
        }

        @Override // java.io.OutputStream, java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            this.outputStream.close();
        }

        @Override // java.io.OutputStream
        public void write(int i) throws IOException {
            if (this.digest != null) {
                this.digest.update((byte) i);
            }
            this.outputStream.write(i);
        }

        public byte[] getHashValue() {
            if (this.digest == null) {
                return null;
            }
            if (this.hashValue == null) {
                byte[] bArr = new byte[this.digest.getDigestSize()];
                this.digest.doFinal(bArr, 0);
                this.hashValue = bArr;
            }
            return this.hashValue;
        }
    }

    /* loaded from: input_file:org/xipki/ocsp/server/store/CrlDbCertStatusStore$CrlUpdateService.class */
    private class CrlUpdateService implements Runnable {
        private CrlUpdateService() {
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                CrlDbCertStatusStore.this.updateStore();
            } catch (Throwable th) {
                LogUtil.error(CrlDbCertStatusStore.LOG, th, "error while calling initializeStore() for store " + CrlDbCertStatusStore.this.name);
            }
        }
    }

    @Override // org.xipki.ocsp.server.store.DbCertStatusStore
    public void init(Map<String, ?> map, DataSourceWrapper dataSourceWrapper) throws OcspStoreException {
        new ConfPairs(map);
        this.sourceConf = (Map) Args.notNull(map, "sourceConf");
        this.dir = IoUtil.expandFilepath(getNonNullStrValue(map, "dir"), true);
        File file = new File(this.dir);
        if (!file.exists()) {
            throw new OcspStoreException("the dir " + this.dir + " does not exist");
        }
        if (!file.isDirectory()) {
            throw new OcspStoreException(this.dir + " is not a directory");
        }
        File[] listFiles = new File(this.dir).listFiles();
        boolean z = false;
        if (listFiles != null) {
            int length = listFiles.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                File file2 = listFiles[i];
                if (file2.isDirectory() && file2.getName().startsWith("crl-")) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        if (!z) {
            LOG.warn("Found no sub-directory starting with 'crl-' in " + this.dir);
        }
        String optionalStrValue = getOptionalStrValue(map, "sqlBatchCommit");
        this.sqlBatchCommit = StringUtil.isBlank(optionalStrValue) ? 1000 : (int) Double.parseDouble(optionalStrValue);
        String optionalStrValue2 = getOptionalStrValue(map, "ignoreExpiredCrls");
        this.ignoreExpiredCrls = StringUtil.isBlank(optionalStrValue2) || Boolean.parseBoolean(optionalStrValue2);
        this.datasource = dataSourceWrapper;
        String optionalStrValue3 = getOptionalStrValue(map, "startupDelay");
        int parseDouble = optionalStrValue3 == null ? 5 : (int) Double.parseDouble(optionalStrValue3);
        Runnable runnable = this::updateStore;
        ScheduledThreadPoolExecutor scheduledThreadPoolExecutor = new ScheduledThreadPoolExecutor(1);
        scheduledThreadPoolExecutor.schedule(runnable, parseDouble, TimeUnit.SECONDS);
        scheduledThreadPoolExecutor.shutdown();
    }

    private static String getNonNullStrValue(Map<String, ?> map, String str) {
        Object obj = map.get(str);
        if (obj == null) {
            throw new IllegalArgumentException("mandatory " + str + " is not specified in sourceConf");
        }
        return obj instanceof String ? (String) obj : obj.toString();
    }

    private static String getOptionalStrValue(Map<String, ?> map, String str) {
        Object obj = map.get(str);
        if (obj == null) {
            return null;
        }
        return obj instanceof String ? (String) obj : obj.toString();
    }

    protected boolean isIgnoreExpiredCrls() {
        return this.ignoreExpiredCrls;
    }

    @Override // org.xipki.ocsp.server.store.DbCertStatusStore
    protected List<Runnable> getScheduledServices() {
        return Collections.singletonList(this.storeUpdateService);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.xipki.ocsp.server.store.DbCertStatusStore
    public boolean isInitialized() {
        return this.crlUpdated && super.isInitialized();
    }

    private void updateStore() {
        File[] listFiles;
        boolean z;
        if (this.crlUpdateInProcess.get()) {
            return;
        }
        synchronized (this.lock) {
            try {
                this.crlUpdateInProcess.set(true);
                try {
                    listFiles = new File(this.dir).listFiles();
                    z = false;
                    if (listFiles != null) {
                        for (File file : listFiles) {
                            if (file.isDirectory() && file.getName().startsWith("crl-")) {
                                IoUtil.mkdirs(new File(file, ".generated"));
                                z = true;
                            }
                        }
                    }
                } catch (Throwable th) {
                    LogUtil.error(LOG, th, "error while executing updateStore()");
                    this.crlUpdated = true;
                    this.crlUpdateInProcess.set(false);
                }
                if (z) {
                    ArrayList arrayList = new ArrayList();
                    for (File file2 : listFiles) {
                        if (file2.isDirectory() && file2.getName().startsWith("crl-") && new File(file2, "crl.download").exists()) {
                            arrayList.add(file2);
                            try {
                                downloadCrl(file2);
                            } catch (Exception e) {
                                LogUtil.error(LOG, e, "error downloading CRL for path " + file2.getPath());
                            }
                        }
                    }
                    boolean z2 = false;
                    int length = listFiles.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        File file3 = listFiles[i];
                        if (file3.isDirectory() && file3.getName().startsWith("crl-")) {
                            if (new File(arrayList.contains(file3) ? new File(file3, ".generated") : file3, "UPDATEME").exists()) {
                                z2 = true;
                                break;
                            }
                        }
                        i++;
                    }
                    if (!z2) {
                        LOG.info("CertStore {} not changed", this.name);
                    } else if (new ImportCrl(this.datasource, this.dir, this.sqlBatchCommit, this.ignoreExpiredCrls).importCrlToOcspDb()) {
                        LOG.info("updated CertStore {} successfully", this.name);
                    } else {
                        LOG.error("updating CertStore {} failed", this.name);
                    }
                    if (this.firstTime) {
                        super.init(this.sourceConf, this.datasource);
                        this.firstTime = false;
                    } else if (z2) {
                        super.updateIssuerStore(true);
                    }
                    this.crlUpdated = true;
                    this.crlUpdateInProcess.set(false);
                }
            } finally {
                this.crlUpdated = true;
                this.crlUpdateInProcess.set(false);
            }
        }
    }

    private void downloadCrl(File file) throws Exception {
        if (!new File(file, "REMOVEME").exists() && null == loadProperties(new File(file, "REVOCATION")).getProperty("ca.revocation.time")) {
            File file2 = new File(file, ".generated");
            File file3 = new File(file2, "UPDATEME");
            if (file3.exists()) {
                return;
            }
            File file4 = new File(file2, "ca.crl.info");
            BigInteger bigInteger = null;
            File file5 = new File(file, "crl.download");
            File file6 = new File(file, "UPDATEME_NOW");
            boolean z = false;
            String str = null;
            byte[] bArr = null;
            if (!file4.exists()) {
                z = true;
            } else if (file6.exists()) {
                z = true;
            } else {
                Properties loadProperties = loadProperties(file4);
                Instant parseUtcTimeyyyyMMddhhmmss = DateUtil.parseUtcTimeyyyyMMddhhmmss(loadProperties.getProperty("nextupdate"));
                bigInteger = new BigInteger(loadProperties.getProperty("crlnumber"));
                String property = loadProperties.getProperty("hash");
                if (property != null && !property.isEmpty()) {
                    String[] split = property.split(" ");
                    str = split[0];
                    bArr = Hex.decode(split[1]);
                }
                Validity validity = Validity.getInstance(loadProperties(file5).getProperty("download.before.nextupdate"));
                if (validity.getValidity() < 1) {
                    LOG.error("invalid download.before.nextupdate {}", validity);
                } else if (validity.add(Instant.now()).isAfter(parseUtcTimeyyyyMMddhhmmss)) {
                    z = true;
                }
            }
            if (z) {
                Properties loadProperties2 = loadProperties(file5);
                String property2 = loadProperties2.getProperty("download.url");
                if (property2 == null) {
                    property2 = loadProperties2.getProperty("crldp");
                }
                if (StringUtil.isBlank(property2)) {
                    LOG.error("Neither download.url nor crldp in {} is specified, skip it", file5.getPath());
                    return;
                }
                String property3 = loadProperties2.getProperty("download.fp.url");
                String str2 = null;
                if (property3 != null) {
                    String[] split2 = property3.split(" ");
                    if (bArr != null && !str.equalsIgnoreCase(split2[0])) {
                        bArr = null;
                    }
                    str = split2[0];
                    str2 = split2[1];
                }
                String path = file.getPath();
                Curl curl = this.curls.get(path);
                File file7 = new File(file, "tls-trustanchor.pem");
                if (file7.exists()) {
                    if (curl != null) {
                        if (file7.lastModified() != this.curlsConfLastModified.get(path).longValue()) {
                            curl = null;
                            this.curlsConfLastModified.remove(path);
                            this.curls.remove(path);
                        }
                    }
                    if (curl == null) {
                        SslContextConf sslContextConf = new SslContextConf();
                        sslContextConf.setSslTrustanchors(file7.getPath());
                        curl = new DefaultCurl(sslContextConf);
                        this.curls.put(path, curl);
                        this.curlsConfLastModified.put(path, Long.valueOf(file7.lastModified()));
                    }
                } else if (curl == null) {
                    curl = new DefaultCurl((SslContextConf) null);
                    this.curls.put(path, curl);
                    this.curlsConfLastModified.put(path, 0L);
                }
                if (str2 != null) {
                    Curl.CurlResult curlGet = curl.curlGet(str2, false, (Map) null, (String) null);
                    if (curlGet.getContentLength() > 0 && Arrays.equals(bArr, curlGet.getContent())) {
                        LOG.info("Fingerprint of the CRL has not changed, skip downloading CRL");
                        return;
                    }
                }
                File file8 = new File(file2, "tmp-ca.crl");
                CompositeOutputStream compositeOutputStream = new CompositeOutputStream(str == null ? null : HashAlgo.getInstance(str), Files.newOutputStream(file8.toPath(), new OpenOption[0]));
                try {
                    Curl.CurlResult curlGet2 = curl.curlGet(property2, compositeOutputStream, false, (Map) null, (String) null);
                    compositeOutputStream.close();
                    String contentType = curlGet2.getContentType();
                    if (!CT_PKIX_CRL.equals(contentType)) {
                        LOG.error("Downloading CRL failed, expected content type {}, but received {}", CT_PKIX_CRL, contentType);
                        return;
                    }
                    if (curlGet2.getContentLength() < 10) {
                        byte[] errorContent = curlGet2.getErrorContent();
                        if (errorContent == null) {
                            LOG.error("Downloading CRL failed, CRL too short (len={}): ", Integer.valueOf(curlGet2.getContentLength()));
                            return;
                        } else {
                            LOG.error("Downloading CRL failed with error: {}", new String(errorContent));
                            return;
                        }
                    }
                    if (bigInteger == null || new CrlStreamParser(file8).getCrlNumber().compareTo(bigInteger) > 0) {
                        if (str != null) {
                            byte[] hashValue = compositeOutputStream.getHashValue();
                            if (hashValue == null) {
                                throw new IllegalStateException("should not reach here, crlHashValue is null");
                            }
                            IoUtil.save(new File(file2, "new-ca.crl.fp"), (str + " " + Hex.encode(hashValue)).getBytes(StandardCharsets.UTF_8));
                        }
                        IoUtil.renameTo(file8, new File(file2, "new-ca.crl"));
                        LOG.info(bigInteger == null ? "Downloaded CRL at first time" : "Downloaded CRL is newer than existing one");
                        file3.createNewFile();
                    } else {
                        IoUtil.deleteFile0(file8);
                        LOG.info("Downloaded CRL is not newer than existing one");
                    }
                    IoUtil.deleteFile0(file6);
                } catch (Throwable th) {
                    compositeOutputStream.close();
                    throw th;
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Properties loadProperties(File file) throws IOException {
        Properties properties = new Properties();
        if (file.exists() && file.isFile()) {
            InputStream newInputStream = Files.newInputStream(file.toPath(), new OpenOption[0]);
            try {
                properties.load(newInputStream);
                if (newInputStream != null) {
                    newInputStream.close();
                }
            } catch (Throwable th) {
                if (newInputStream != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        return properties;
    }
}
