package org.xipki.ca.server.publisher;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509CRL;
import java.util.Date;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.audit.AuditEvent;
import org.xipki.audit.AuditLevel;
import org.xipki.audit.AuditStatus;
import org.xipki.audit.Audits;
import org.xipki.ca.api.CertWithDbId;
import org.xipki.ca.api.CertificateInfo;
import org.xipki.ca.api.publisher.CertPublisher;
import org.xipki.ca.api.publisher.CertPublisherException;
import org.xipki.ca.server.CaAuditConstants;
import org.xipki.datasource.DataAccessException;
import org.xipki.datasource.DataSourceFactory;
import org.xipki.datasource.DataSourceWrapper;
import org.xipki.password.PasswordResolver;
import org.xipki.password.PasswordResolverException;
import org.xipki.security.CertRevocationInfo;
import org.xipki.security.X509Cert;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.ConfPairs;
import org.xipki.util.FileOrValue;
import org.xipki.util.LogUtil;

/* loaded from: input_file:org/xipki/ca/server/publisher/OcspCertPublisher.class */
public class OcspCertPublisher extends CertPublisher {
    private static final Logger LOG = LoggerFactory.getLogger(OcspCertPublisher.class);
    private OcspStoreQueryExecutor queryExecutor;
    private boolean asyn;
    private boolean publishsGoodCert = true;
    private DataSourceWrapper datasource;

    public void initialize(String str, PasswordResolver passwordResolver, Map<String, FileOrValue> map) throws CertPublisherException {
        Args.notNull(str, "conf");
        ConfPairs confPairs = new ConfPairs(str);
        String value = confPairs.value("publish.goodcerts");
        this.publishsGoodCert = value == null ? true : Boolean.parseBoolean(value);
        String value2 = confPairs.value("asyn");
        this.asyn = value2 == null ? false : Boolean.parseBoolean(value2);
        String value3 = new ConfPairs(str).value("datasource");
        FileOrValue fileOrValue = null;
        if (value3 != null) {
            fileOrValue = map.get(value3);
        }
        if (fileOrValue == null) {
            throw new CertPublisherException("no datasource named '" + value3 + "' is specified");
        }
        this.datasource = loadDatasource(value3, fileOrValue, passwordResolver);
        try {
            this.queryExecutor = new OcspStoreQueryExecutor(this.datasource, this.publishsGoodCert);
        } catch (NoSuchAlgorithmException | DataAccessException e) {
            throw new CertPublisherException(e.getMessage(), e);
        }
    }

    private DataSourceWrapper loadDatasource(String str, FileOrValue fileOrValue, PasswordResolver passwordResolver) throws CertPublisherException {
        try {
            DataSourceWrapper createDataSource = new DataSourceFactory().createDataSource(str, fileOrValue, passwordResolver);
            createDataSource.returnConnection(createDataSource.getConnection());
            LOG.info("loaded datasource.{}", str);
            return createDataSource;
        } catch (DataAccessException | PasswordResolverException | IOException | RuntimeException e) {
            throw new CertPublisherException(e.getClass().getName() + " while parsing datasource " + str + ": " + e.getMessage(), e);
        }
    }

    public boolean caAdded(X509Cert x509Cert) {
        try {
            this.queryExecutor.addIssuer(x509Cert);
            return true;
        } catch (Exception e) {
            logAndAudit(x509Cert.getSubject(), x509Cert, e, "could not publish issuer");
            return false;
        }
    }

    public boolean certificateAdded(CertificateInfo certificateInfo) {
        X509Cert issuerCert = certificateInfo.getIssuerCert();
        CertWithDbId cert = certificateInfo.getCert();
        try {
            this.queryExecutor.addCert(issuerCert, cert, certificateInfo.getRevocationInfo());
            return true;
        } catch (Exception e) {
            logAndAudit(issuerCert.getSubject(), cert, e, "could not save certificate");
            return false;
        }
    }

    public boolean certificateRevoked(X509Cert x509Cert, CertWithDbId certWithDbId, String str, CertRevocationInfo certRevocationInfo) {
        try {
            this.queryExecutor.revokeCert(x509Cert, certWithDbId, certRevocationInfo);
            return true;
        } catch (Exception e) {
            logAndAudit(x509Cert.getSubject(), certWithDbId, e, "could not publish revoked certificate");
            return false;
        }
    }

    public boolean certificateUnrevoked(X509Cert x509Cert, CertWithDbId certWithDbId) {
        try {
            this.queryExecutor.unrevokeCert(x509Cert, certWithDbId);
            return true;
        } catch (Exception e) {
            logAndAudit(x509Cert.getSubject(), certWithDbId, e, "could not publish unrevocation of certificate");
            return false;
        }
    }

    private void logAndAudit(String str, X509Cert x509Cert, Exception exc, String str2) {
        Long certId;
        String subject = x509Cert.getSubject();
        String formatCsn = LogUtil.formatCsn(x509Cert.getCert().getSerialNumber());
        LOG.error("{} (issuser='{}': subject='{}', serialNumber={}). Message: {}", new Object[]{str2, str, subject, formatCsn, exc.getMessage()});
        LOG.debug(CaAuditConstants.Cmp.TYPE_error, exc);
        AuditEvent auditEvent = new AuditEvent(new Date());
        auditEvent.setApplicationName("CAPublisher");
        auditEvent.setName("SYSTEM");
        auditEvent.setLevel(AuditLevel.ERROR);
        auditEvent.setStatus(AuditStatus.FAILED);
        if ((x509Cert instanceof CertWithDbId) && (certId = ((CertWithDbId) x509Cert).getCertId()) != null) {
            auditEvent.addEventData(CaAuditConstants.NAME_id, certId);
        }
        auditEvent.addEventData(CaAuditConstants.NAME_issuer, str);
        auditEvent.addEventData(CaAuditConstants.NAME_subject, subject);
        auditEvent.addEventData(CaAuditConstants.NAME_serial, formatCsn);
        auditEvent.addEventData(CaAuditConstants.NAME_message, str2);
        Audits.getAuditService().logEvent(auditEvent);
    }

    public boolean crlAdded(X509Cert x509Cert, X509CRL x509crl) {
        return true;
    }

    public boolean isHealthy() {
        return this.queryExecutor.isHealthy();
    }

    public boolean caRevoked(X509Cert x509Cert, CertRevocationInfo certRevocationInfo) {
        try {
            this.queryExecutor.revokeCa(x509Cert, certRevocationInfo);
            return true;
        } catch (Exception e) {
            logAndAudit(X509Util.getRfc4519Name(x509Cert.getCert().getIssuerX500Principal()), x509Cert, e, "could not publish revocation of CA");
            return false;
        }
    }

    public boolean caUnrevoked(X509Cert x509Cert) {
        try {
            this.queryExecutor.unrevokeCa(x509Cert);
            return true;
        } catch (Exception e) {
            logAndAudit(X509Util.getRfc4519Name(x509Cert.getCert().getIssuerX500Principal()), x509Cert, e, "could not publish unrevocation of CA");
            return false;
        }
    }

    public boolean certificateRemoved(X509Cert x509Cert, CertWithDbId certWithDbId) {
        try {
            this.queryExecutor.removeCert(x509Cert, certWithDbId);
            return true;
        } catch (Exception e) {
            logAndAudit(X509Util.getRfc4519Name(x509Cert.getCert().getIssuerX500Principal()), x509Cert, e, "could not publish removal of certificate");
            return false;
        }
    }

    public boolean isAsyn() {
        return this.asyn;
    }

    public boolean publishsGoodCert() {
        return this.publishsGoodCert;
    }

    public void close() {
        if (this.datasource != null) {
            this.datasource.close();
        }
    }
}
