package org.xipki.ca.qa;

import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import javax.xml.validation.SchemaFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.ca.api.profile.CertprofileException;
import org.xipki.ca.qa.jaxb.FileOrValueType;
import org.xipki.ca.qa.jaxb.ObjectFactory;
import org.xipki.ca.qa.jaxb.QAConfType;
import org.xipki.ca.qa.jaxb.X509CertprofileType;
import org.xipki.ca.qa.jaxb.X509IssuerType;
import org.xipki.common.util.IoUtil;
import org.xipki.common.util.LogUtil;
import org.xipki.common.util.ParamUtil;
import org.xipki.common.util.StringUtil;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/xipki/ca/qa/QaSystemManagerImpl.class */
public class QaSystemManagerImpl implements QaSystemManager {
    private static final Logger LOG = LoggerFactory.getLogger(QaSystemManagerImpl.class);
    private String confFile;
    private Map<String, X509CertprofileQa> x509ProfileMap = new HashMap();
    private Map<String, X509IssuerInfo> x509IssuerInfoMap = new HashMap();
    private AtomicBoolean initialized = new AtomicBoolean(false);
    private final Unmarshaller jaxbUnmarshaller = JAXBContext.newInstance(new Class[]{ObjectFactory.class}).createUnmarshaller();

    public QaSystemManagerImpl() throws JAXBException, SAXException {
        this.jaxbUnmarshaller.setSchema(SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema").newSchema(QaSystemManagerImpl.class.getResource("/xsd/caqa-conf.xsd")));
    }

    public String confFile() {
        return this.confFile;
    }

    public void setConfFile(String str) {
        this.confFile = ParamUtil.requireNonBlank("confFile", str);
    }

    public boolean isInitialized() {
        return this.initialized.get();
    }

    public void init() {
        boolean z;
        if (StringUtil.isBlank(this.confFile)) {
            throw new IllegalStateException("confFile must not be null and empty");
        }
        LOG.info("initializing ...");
        if (this.initialized.get()) {
            LOG.info("already initialized, skipping ...");
            return;
        }
        try {
            QAConfType parseQaConf = parseQaConf(new FileInputStream(this.confFile));
            if (parseQaConf.getX509Issuers() != null) {
                for (X509IssuerType x509IssuerType : parseQaConf.getX509Issuers().getX509Issuer()) {
                    try {
                        byte[] readData = readData(x509IssuerType.getCert());
                        String validityMode = x509IssuerType.getValidityMode();
                        if (StringUtil.isBlank(validityMode) || "CUTOFF".equalsIgnoreCase(validityMode)) {
                            z = true;
                        } else {
                            if (!"LAX".equalsIgnoreCase(validityMode)) {
                                LOG.error("invalid validityMode {}", validityMode);
                                return;
                            }
                            z = false;
                        }
                        try {
                            this.x509IssuerInfoMap.put(x509IssuerType.getName(), new X509IssuerInfo(x509IssuerType.getCaIssuerUrl(), x509IssuerType.getOcspUrl(), x509IssuerType.getCrlUrl(), x509IssuerType.getDeltaCrlUrl(), readData, z));
                            LOG.info("configured X509 issuer {}", x509IssuerType.getName());
                        } catch (CertificateException e) {
                            LogUtil.error(LOG, e, "could not parse certificate of issuer " + x509IssuerType.getName());
                        }
                    } catch (IOException e2) {
                        LogUtil.error(LOG, e2, "could not read the certificate bytes of issuer " + x509IssuerType.getName());
                    }
                }
            }
            if (parseQaConf.getX509Certprofiles() != null) {
                for (X509CertprofileType x509CertprofileType : parseQaConf.getX509Certprofiles().getX509Certprofile()) {
                    String name = x509CertprofileType.getName();
                    try {
                        this.x509ProfileMap.put(name, new X509CertprofileQa(readData(x509CertprofileType)));
                        LOG.info("configured X509 certificate profile {}", name);
                    } catch (IOException | CertprofileException e3) {
                        LogUtil.error(LOG, e3, "could not parse QA certificate profile " + name);
                    }
                }
            }
            this.initialized.set(true);
            LOG.info("initialized");
        } catch (IOException | JAXBException | SAXException e4) {
            LogUtil.error(LOG, e4, "could not parse the QA configuration");
        }
    }

    public void shutdown() {
    }

    @Override // org.xipki.ca.qa.QaSystemManager
    public Set<String> issuerNames() {
        return Collections.unmodifiableSet(this.x509IssuerInfoMap.keySet());
    }

    @Override // org.xipki.ca.qa.QaSystemManager
    public X509IssuerInfo getIssuer(String str) {
        ParamUtil.requireNonNull("issuerName", str);
        return this.x509IssuerInfoMap.get(str);
    }

    @Override // org.xipki.ca.qa.QaSystemManager
    public Set<String> certprofileNames() {
        return Collections.unmodifiableSet(this.x509ProfileMap.keySet());
    }

    @Override // org.xipki.ca.qa.QaSystemManager
    public X509CertprofileQa getCertprofile(String str) {
        ParamUtil.requireNonNull("certprofileName", str);
        return this.x509ProfileMap.get(str);
    }

    private QAConfType parseQaConf(InputStream inputStream) throws IOException, JAXBException, SAXException {
        try {
            JAXBElement jAXBElement = (JAXBElement) this.jaxbUnmarshaller.unmarshal(inputStream);
            if (jAXBElement.getValue() instanceof QAConfType) {
                return (QAConfType) jAXBElement.getValue();
            }
            throw new SAXException("invalid root element type");
        } finally {
            inputStream.close();
        }
    }

    private static byte[] readData(FileOrValueType fileOrValueType) throws IOException {
        byte[] value = fileOrValueType.getValue();
        if (value == null) {
            value = IoUtil.read(fileOrValueType.getFile());
        }
        return value;
    }
}
