package org.xipki.ca.mgmt.db.diffdb;

import java.io.File;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.datasource.DataAccessException;
import org.xipki.datasource.DataSourceWrapper;
import org.xipki.security.HashAlgo;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.Base64;
import org.xipki.util.ProcessLog;
import org.xipki.util.StringUtil;

/* loaded from: input_file:org/xipki/ca/mgmt/db/diffdb/DigestDiff.class */
class DigestDiff {
    private static final Logger LOG = LoggerFactory.getLogger(DigestDiff.class);
    private final DataSourceWrapper refDatasource;
    private final boolean revokedOnly;
    private final DataSourceWrapper targetDatasource;
    private final DbControl refDbControl;
    private final DbControl targetDbControl;
    private final HashAlgo certhashAlgo;
    private Set<byte[]> includeCaCerts;
    private final String reportDirName;
    private final AtomicBoolean stopMe;
    private final int numPerSelect;
    private final int numTargetThreads;

    public DigestDiff(DataSourceWrapper dataSourceWrapper, DataSourceWrapper dataSourceWrapper2, String str, boolean z, AtomicBoolean atomicBoolean, int i, int i2) throws IOException, DataAccessException {
        this.refDatasource = (DataSourceWrapper) Args.notNull(dataSourceWrapper, "refDatasource");
        this.revokedOnly = z;
        this.targetDatasource = (DataSourceWrapper) Args.notNull(dataSourceWrapper2, "targetDatasource");
        this.reportDirName = (String) Args.notNull(str, "reportDirName");
        this.stopMe = (AtomicBoolean) Args.notNull(atomicBoolean, "stopMe");
        this.numPerSelect = Args.positive(i, "numPerSelect");
        this.refDbControl = detectDbControl(dataSourceWrapper);
        this.targetDbControl = detectDbControl(dataSourceWrapper2);
        if (this.refDbControl == DbControl.XIPKI_OCSP_v4) {
            HashAlgo detectOcspDbCerthashAlgo = detectOcspDbCerthashAlgo(dataSourceWrapper);
            HashAlgo detectOcspDbCerthashAlgo2 = detectOcspDbCerthashAlgo(dataSourceWrapper2);
            if (detectOcspDbCerthashAlgo != detectOcspDbCerthashAlgo2) {
                throw new IllegalArgumentException(StringUtil.concatObjects("Could not compare OCSP datasources with different CERTHASH_ALGO: refDataSource (", new Object[]{detectOcspDbCerthashAlgo, ") and targetDataSource (", detectOcspDbCerthashAlgo2, ")"}));
            }
            this.certhashAlgo = detectOcspDbCerthashAlgo;
        } else {
            if (this.refDbControl != DbControl.XIPKI_CA_v4) {
                throw new IllegalStateException("should not reach here, unknown dbContro " + this.refDbControl);
            }
            this.certhashAlgo = HashAlgo.SHA1;
        }
        this.numTargetThreads = Math.min(i2, dataSourceWrapper2.getMaximumPoolSize() - 1);
        if (this.numTargetThreads != i2) {
            LOG.info("reduce the numTargetThreads from {} to {}", Integer.valueOf(this.numTargetThreads), Integer.valueOf(this.numTargetThreads));
        }
    }

    public Set<byte[]> isIncludeCaCerts() {
        return this.includeCaCerts;
    }

    public void setIncludeCaCerts(Set<byte[]> set) {
        this.includeCaCerts = set;
    }

    public void diff() throws Exception {
        String str;
        Map<Integer, byte[]> cas = getCas(this.targetDatasource, this.targetDbControl);
        LinkedList linkedList = new LinkedList();
        if (this.refDbControl == DbControl.XIPKI_OCSP_v4) {
            str = "SELECT ID FROM ISSUER";
        } else {
            if (this.refDbControl != DbControl.XIPKI_CA_v4) {
                throw new IllegalStateException("invalid refDbControl " + this.refDbControl);
            }
            str = "SELECT ID FROM CA";
        }
        Statement statement = null;
        try {
            statement = this.refDatasource.createStatement();
            ResultSet resultSet = null;
            try {
                try {
                    resultSet = statement.executeQuery(str);
                    while (resultSet.next()) {
                        linkedList.add(Integer.valueOf(resultSet.getInt(1)));
                    }
                    this.refDatasource.releaseResources(statement, resultSet);
                    this.refDatasource.releaseResources(statement, (ResultSet) null);
                    int i = (this.numTargetThreads * 3) / 2;
                    Iterator it = linkedList.iterator();
                    while (it.hasNext()) {
                        diffSingleCa(RefDigestReader.getInstance(this.refDatasource, this.refDbControl, this.certhashAlgo, ((Integer) it.next()).intValue(), i, this.numPerSelect, this.stopMe), cas);
                    }
                } catch (SQLException e) {
                    throw this.refDatasource.translate(str, e);
                }
            } catch (Throwable th) {
                this.refDatasource.releaseResources(statement, resultSet);
                throw th;
            }
        } catch (Throwable th2) {
            this.refDatasource.releaseResources(statement, (ResultSet) null);
            throw th2;
        }
    }

    private void diffSingleCa(RefDigestReader refDigestReader, Map<Integer, byte[]> map) throws CertificateException, IOException, InterruptedException {
        X509Certificate caCert = refDigestReader.getCaCert();
        byte[] encoded = caCert.getEncoded();
        if (this.includeCaCerts != null && !this.includeCaCerts.isEmpty()) {
            boolean z = false;
            Iterator<byte[]> it = this.includeCaCerts.iterator();
            while (true) {
                if (it.hasNext()) {
                    if (Arrays.equals(it.next(), encoded)) {
                        z = true;
                        break;
                    }
                } else {
                    break;
                }
            }
            if (!z) {
                System.out.println("skipped CA " + refDigestReader.getCaSubjectName());
            }
        }
        String commonName = X509Util.getCommonName(caCert.getSubjectX500Principal());
        File file = new File(this.reportDirName, "ca-" + commonName);
        int i = 2;
        while (file.exists()) {
            int i2 = i;
            i++;
            file = new File(this.reportDirName, "ca-" + commonName + "-" + i2);
        }
        DigestDiffReporter digestDiffReporter = new DigestDiffReporter(file.getPath(), encoded);
        Integer num = null;
        for (Integer num2 : map.keySet()) {
            if (Arrays.equals(encoded, map.get(num2))) {
                num = num2;
            }
        }
        if (num == null) {
            digestDiffReporter.addNoCaMatch();
            refDigestReader.close();
            digestDiffReporter.close();
            return;
        }
        TargetDigestRetriever targetDigestRetriever = null;
        try {
            try {
                try {
                    digestDiffReporter.start();
                    ProcessLog processLog = new ProcessLog(refDigestReader.getTotalAccount());
                    System.out.println("Processing certificates of CA \n\t'" + refDigestReader.getCaSubjectName() + "'");
                    processLog.printHeader();
                    targetDigestRetriever = new TargetDigestRetriever(this.revokedOnly, processLog, refDigestReader, digestDiffReporter, this.targetDatasource, this.targetDbControl, this.certhashAlgo, num.intValue(), this.numPerSelect, this.numTargetThreads, this.stopMe);
                    targetDigestRetriever.awaitTerminiation();
                    processLog.printTrailer();
                    digestDiffReporter.close();
                    refDigestReader.close();
                    if (targetDigestRetriever != null) {
                        targetDigestRetriever.close();
                    }
                } catch (Exception e) {
                    digestDiffReporter.addError("Exception thrown: " + e.getClass().getName() + ": " + e.getMessage());
                    LOG.error("exception in diffSingleCa", e);
                    digestDiffReporter.close();
                    refDigestReader.close();
                    if (targetDigestRetriever != null) {
                        targetDigestRetriever.close();
                    }
                }
            } catch (InterruptedException e2) {
                throw e2;
            }
        } catch (Throwable th) {
            digestDiffReporter.close();
            refDigestReader.close();
            if (targetDigestRetriever != null) {
                targetDigestRetriever.close();
            }
            throw th;
        }
    }

    private static Map<Integer, byte[]> getCas(DataSourceWrapper dataSourceWrapper, DbControl dbControl) throws DataAccessException {
        String str;
        if (dbControl == DbControl.XIPKI_CA_v4) {
            str = "SELECT ID,CERT FROM CA";
        } else {
            if (dbControl != DbControl.XIPKI_OCSP_v4) {
                throw new IllegalArgumentException("unknown dbControl " + dbControl);
            }
            str = "SELECT ID,CERT FROM ISSUER";
        }
        Statement createStatement = dataSourceWrapper.createStatement();
        HashMap hashMap = new HashMap(5);
        ResultSet resultSet = null;
        try {
            try {
                resultSet = createStatement.executeQuery(str);
                while (resultSet.next()) {
                    hashMap.put(Integer.valueOf(resultSet.getInt("ID")), Base64.decodeFast(resultSet.getString("CERT")));
                }
                dataSourceWrapper.releaseResources(createStatement, resultSet);
                return hashMap;
            } catch (SQLException e) {
                throw dataSourceWrapper.translate(str, e);
            }
        } catch (Throwable th) {
            dataSourceWrapper.releaseResources(createStatement, resultSet);
            throw th;
        }
    }

    public static DbControl detectDbControl(DataSourceWrapper dataSourceWrapper) throws DataAccessException {
        Connection connection = dataSourceWrapper.getConnection();
        try {
            if (dataSourceWrapper.tableExists(connection, "CA")) {
                DbControl dbControl = DbControl.XIPKI_CA_v4;
                dataSourceWrapper.returnConnection(connection);
                return dbControl;
            }
            if (!dataSourceWrapper.tableExists(connection, "ISSUER")) {
                throw new IllegalArgumentException("unknown database schema");
            }
            DbControl dbControl2 = DbControl.XIPKI_OCSP_v4;
            dataSourceWrapper.returnConnection(connection);
            return dbControl2;
        } catch (Throwable th) {
            dataSourceWrapper.returnConnection(connection);
            throw th;
        }
    }

    public static HashAlgo detectOcspDbCerthashAlgo(DataSourceWrapper dataSourceWrapper) throws DataAccessException {
        return HashAlgo.getNonNullInstance((String) dataSourceWrapper.getFirstValue((Connection) null, "DBSCHEMA", "VALUE2", "NAME='CERTHASH_ALGO'", String.class));
    }
}
