package org.xipki.ca.server.publisher;

import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.ca.api.CertWithDbId;
import org.xipki.ca.api.OperationException;
import org.xipki.ca.server.CaAuditConstants;
import org.xipki.datasource.DataAccessException;
import org.xipki.datasource.DataSourceWrapper;
import org.xipki.security.CertRevocationInfo;
import org.xipki.security.HashAlgo;
import org.xipki.security.X509Cert;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.Base64;
import org.xipki.util.LogUtil;

/* loaded from: input_file:org/xipki/ca/server/publisher/OcspStoreQueryExecutor.class */
class OcspStoreQueryExecutor {
    private static final String SQL_ADD_REVOKED_CERT = "INSERT INTO CERT (ID,LUPDATE,SN,NBEFORE,NAFTER,REV,IID,HASH,SUBJECT,RT,RIT,RR) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)";
    private static final String SQL_ADD_CERT = "INSERT INTO CERT (ID,LUPDATE,SN,NBEFORE,NAFTER,REV,IID,HASH,SUBJECT) VALUES (?,?,?,?,?,?,?,?,?)";
    private static final Logger LOG = LoggerFactory.getLogger(OcspStoreQueryExecutor.class);
    private final DataSourceWrapper datasource;
    private final String sqlCertRegistered;
    private final IssuerStore issuerStore = initIssuerStore();
    private final boolean publishGoodCerts;
    private final int dbSchemaVersion;
    private final int maxX500nameLen;
    private final HashAlgo certhashAlgo;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/xipki/ca/server/publisher/OcspStoreQueryExecutor$IssuerEntry.class */
    public static class IssuerEntry {
        private final int id;
        private final byte[] cert;

        IssuerEntry(int i, String str) {
            this.id = i;
            this.cert = Base64.decode(str);
        }

        int getId() {
            return this.id;
        }

        boolean matchCert(byte[] bArr) {
            return Arrays.equals(this.cert, bArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/xipki/ca/server/publisher/OcspStoreQueryExecutor$IssuerStore.class */
    public static class IssuerStore {
        private final List<IssuerEntry> entries;

        IssuerStore(List<IssuerEntry> list) {
            Args.notNull(list, "entries");
            this.entries = new ArrayList(list.size());
            Iterator<IssuerEntry> it = list.iterator();
            while (it.hasNext()) {
                addIdentityEntry(it.next());
            }
        }

        final void addIdentityEntry(IssuerEntry issuerEntry) {
            Args.notNull(issuerEntry, "entry");
            Iterator<IssuerEntry> it = this.entries.iterator();
            while (it.hasNext()) {
                if (it.next().getId() == issuerEntry.getId()) {
                    throw new IllegalArgumentException("issuer with the same id " + issuerEntry.getId() + " already available");
                }
            }
            this.entries.add(issuerEntry);
        }

        Integer getIdForCert(byte[] bArr) {
            Args.notNull(bArr, "encodedCert");
            for (IssuerEntry issuerEntry : this.entries) {
                if (issuerEntry.matchCert(bArr)) {
                    return Integer.valueOf(issuerEntry.getId());
                }
            }
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OcspStoreQueryExecutor(DataSourceWrapper dataSourceWrapper, boolean z) throws DataAccessException, NoSuchAlgorithmException {
        this.datasource = (DataSourceWrapper) Args.notNull(dataSourceWrapper, "datasource");
        this.publishGoodCerts = z;
        this.sqlCertRegistered = dataSourceWrapper.buildSelectFirstSql(1, "ID FROM CERT WHERE SN=? AND IID=?");
        HashMap hashMap = new HashMap();
        try {
            try {
                Statement createStatement = dataSourceWrapper.createStatement();
                if (createStatement == null) {
                    throw new DataAccessException("could not create statement");
                }
                ResultSet executeQuery = createStatement.executeQuery("SELECT NAME,VALUE2 FROM DBSCHEMA");
                while (executeQuery.next()) {
                    hashMap.put(executeQuery.getString("NAME"), executeQuery.getString("VALUE2"));
                }
                dataSourceWrapper.releaseResources(createStatement, executeQuery);
                this.dbSchemaVersion = Integer.parseInt((String) hashMap.get("VERSION"));
                this.maxX500nameLen = Integer.parseInt((String) hashMap.get("X500NAME_MAXLEN"));
                this.certhashAlgo = HashAlgo.getNonNullInstance((String) hashMap.get("CERTHASH_ALGO"));
            } catch (SQLException e) {
                throw dataSourceWrapper.translate("SELECT NAME,VALUE2 FROM DBSCHEMA", e);
            }
        } catch (Throwable th) {
            dataSourceWrapper.releaseResources((Statement) null, (ResultSet) null);
            throw th;
        }
    }

    private IssuerStore initIssuerStore() throws DataAccessException {
        PreparedStatement prepareStatement = this.datasource.prepareStatement("SELECT ID,CERT FROM ISSUER");
        ResultSet resultSet = null;
        try {
            try {
                resultSet = prepareStatement.executeQuery();
                LinkedList linkedList = new LinkedList();
                while (resultSet.next()) {
                    linkedList.add(new IssuerEntry(resultSet.getInt("ID"), resultSet.getString("CERT")));
                }
                IssuerStore issuerStore = new IssuerStore(linkedList);
                this.datasource.releaseResources(prepareStatement, resultSet);
                return issuerStore;
            } catch (SQLException e) {
                throw this.datasource.translate("SELECT ID,CERT FROM ISSUER", e);
            }
        } catch (Throwable th) {
            this.datasource.releaseResources(prepareStatement, resultSet);
            throw th;
        }
    }

    void addCert(X509Cert x509Cert, CertWithDbId certWithDbId) throws DataAccessException, OperationException {
        addCert(x509Cert, certWithDbId, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addCert(X509Cert x509Cert, CertWithDbId certWithDbId, CertRevocationInfo certRevocationInfo) throws DataAccessException, OperationException {
        addOrUpdateCert(x509Cert, certWithDbId, certRevocationInfo);
    }

    /* JADX WARN: Type inference failed for: r1v4, types: [byte[], byte[][]] */
    private void addOrUpdateCert(X509Cert x509Cert, CertWithDbId certWithDbId, CertRevocationInfo certRevocationInfo) throws DataAccessException, OperationException {
        int i;
        Args.notNull(x509Cert, CaAuditConstants.NAME_issuer);
        boolean z = certRevocationInfo != null;
        int issuerId = getIssuerId(x509Cert);
        BigInteger serialNumber = certWithDbId.getCert().getSerialNumber();
        Long certId = getCertId(issuerId, serialNumber);
        if (this.publishGoodCerts || z || certId == null) {
            if (certId != null) {
                updateRegisteredCert(certId.longValue(), certRevocationInfo);
                return;
            }
            String str = z ? SQL_ADD_REVOKED_CERT : SQL_ADD_CERT;
            long longValue = certWithDbId.getCertId().longValue();
            String base64Hash = this.certhashAlgo.base64Hash((byte[][]) new byte[]{certWithDbId.getEncodedCert()});
            X509Certificate cert = certWithDbId.getCert();
            long time = cert.getNotBefore().getTime() / 1000;
            long time2 = cert.getNotAfter().getTime() / 1000;
            String cutText = X509Util.cutText(certWithDbId.getSubject(), this.maxX500nameLen);
            PreparedStatement prepareStatement = this.datasource.prepareStatement(str);
            try {
                try {
                    int i2 = 1 + 1;
                    prepareStatement.setLong(1, longValue);
                    int i3 = i2 + 1;
                    prepareStatement.setLong(i2, System.currentTimeMillis() / 1000);
                    int i4 = i3 + 1;
                    prepareStatement.setString(i3, serialNumber.toString(16));
                    int i5 = i4 + 1;
                    prepareStatement.setLong(i4, time);
                    int i6 = i5 + 1;
                    prepareStatement.setLong(i5, time2);
                    int i7 = i6 + 1;
                    setBoolean(prepareStatement, i6, z);
                    int i8 = i7 + 1;
                    prepareStatement.setInt(i7, issuerId);
                    int i9 = i8 + 1;
                    prepareStatement.setString(i8, base64Hash);
                    int i10 = i9 + 1;
                    prepareStatement.setString(i9, cutText);
                    if (z) {
                        int i11 = i10 + 1;
                        prepareStatement.setLong(i10, certRevocationInfo.getRevocationTime().getTime() / 1000);
                        if (certRevocationInfo.getInvalidityTime() != null) {
                            i = i11 + 1;
                            prepareStatement.setLong(i11, certRevocationInfo.getInvalidityTime().getTime() / 1000);
                        } else {
                            i = i11 + 1;
                            prepareStatement.setNull(i11, -5);
                        }
                        int i12 = i;
                        int i13 = i + 1;
                        prepareStatement.setInt(i12, certRevocationInfo.getReason() == null ? 0 : certRevocationInfo.getReason().getCode());
                    }
                    try {
                        prepareStatement.executeUpdate();
                    } catch (Throwable th) {
                        this.datasource.deleteFromTable((Connection) null, "CERT", "ID", longValue);
                        if (!(th instanceof SQLException)) {
                            throw new OperationException(OperationException.ErrorCode.SYSTEM_FAILURE, th);
                        }
                        LOG.error("datasource {} could not add certificate with id {}: {}", new Object[]{this.datasource.getName(), Long.valueOf(longValue), th.getMessage()});
                        throw this.datasource.translate(str, (SQLException) th);
                    }
                } catch (SQLException e) {
                    throw this.datasource.translate((String) null, e);
                }
            } finally {
                this.datasource.releaseResources(prepareStatement, (ResultSet) null);
            }
        }
    }

    private void updateRegisteredCert(long j, CertRevocationInfo certRevocationInfo) throws DataAccessException {
        int i;
        int i2;
        boolean z = certRevocationInfo != null;
        PreparedStatement prepareStatement = this.datasource.prepareStatement("UPDATE CERT SET LUPDATE=?,REV=?,RT=?,RIT=?,RR=? WHERE ID=?");
        try {
            try {
                int i3 = 1 + 1;
                prepareStatement.setLong(1, System.currentTimeMillis() / 1000);
                int i4 = i3 + 1;
                setBoolean(prepareStatement, i3, z);
                if (z) {
                    int i5 = i4 + 1;
                    prepareStatement.setLong(i4, certRevocationInfo.getRevocationTime().getTime() / 1000);
                    if (certRevocationInfo.getInvalidityTime() != null) {
                        i2 = i5 + 1;
                        prepareStatement.setLong(i5, certRevocationInfo.getInvalidityTime().getTime() / 1000);
                    } else {
                        i2 = i5 + 1;
                        prepareStatement.setNull(i5, 4);
                    }
                    int i6 = i2;
                    i = i2 + 1;
                    prepareStatement.setInt(i6, certRevocationInfo.getReason().getCode());
                } else {
                    int i7 = i4 + 1;
                    prepareStatement.setNull(i4, 4);
                    int i8 = i7 + 1;
                    prepareStatement.setNull(i7, 4);
                    i = i8 + 1;
                    prepareStatement.setNull(i8, 4);
                }
                int i9 = i;
                int i10 = i + 1;
                prepareStatement.setLong(i9, j);
                prepareStatement.executeUpdate();
                this.datasource.releaseResources(prepareStatement, (ResultSet) null);
            } catch (SQLException e) {
                throw this.datasource.translate("UPDATE CERT SET LUPDATE=?,REV=?,RT=?,RIT=?,RR=? WHERE ID=?", e);
            }
        } catch (Throwable th) {
            this.datasource.releaseResources(prepareStatement, (ResultSet) null);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void revokeCert(X509Cert x509Cert, CertWithDbId certWithDbId, CertRevocationInfo certRevocationInfo) throws DataAccessException, OperationException {
        addOrUpdateCert(x509Cert, certWithDbId, certRevocationInfo);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void unrevokeCert(X509Cert x509Cert, CertWithDbId certWithDbId) throws DataAccessException {
        BigInteger serialNumber;
        Long certId;
        PreparedStatement prepareStatement;
        Args.notNull(x509Cert, CaAuditConstants.NAME_issuer);
        Args.notNull(certWithDbId, "cert");
        Integer idForCert = this.issuerStore.getIdForCert(x509Cert.getEncodedCert());
        if (idForCert == null || (certId = getCertId(idForCert.intValue(), (serialNumber = certWithDbId.getCert().getSerialNumber()))) == null) {
            return;
        }
        if (!this.publishGoodCerts) {
            prepareStatement = this.datasource.prepareStatement("DELETE FROM CERT WHERE IID=? AND SN=?");
            try {
                try {
                    prepareStatement.setInt(1, idForCert.intValue());
                    prepareStatement.setString(2, serialNumber.toString(16));
                    prepareStatement.executeUpdate();
                    this.datasource.releaseResources(prepareStatement, (ResultSet) null);
                    return;
                } catch (SQLException e) {
                    throw this.datasource.translate("DELETE FROM CERT WHERE IID=? AND SN=?", e);
                }
            } finally {
            }
        }
        prepareStatement = this.datasource.prepareStatement("UPDATE CERT SET LUPDATE=?,REV=?,RT=?,RIT=?,RR=? WHERE ID=?");
        try {
            try {
                int i = 1 + 1;
                prepareStatement.setLong(1, System.currentTimeMillis() / 1000);
                int i2 = i + 1;
                setBoolean(prepareStatement, i, false);
                int i3 = i2 + 1;
                prepareStatement.setNull(i2, 4);
                int i4 = i3 + 1;
                prepareStatement.setNull(i3, 4);
                int i5 = i4 + 1;
                prepareStatement.setNull(i4, 4);
                int i6 = i5 + 1;
                prepareStatement.setLong(i5, certId.longValue());
                prepareStatement.executeUpdate();
                this.datasource.releaseResources(prepareStatement, (ResultSet) null);
            } catch (SQLException e2) {
                throw this.datasource.translate("UPDATE CERT SET LUPDATE=?,REV=?,RT=?,RIT=?,RR=? WHERE ID=?", e2);
            }
        } finally {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void removeCert(X509Cert x509Cert, CertWithDbId certWithDbId) throws DataAccessException {
        Args.notNull(x509Cert, CaAuditConstants.NAME_issuer);
        Args.notNull(certWithDbId, "cert");
        Integer idForCert = this.issuerStore.getIdForCert(x509Cert.getEncodedCert());
        if (idForCert == null) {
            return;
        }
        PreparedStatement prepareStatement = this.datasource.prepareStatement("DELETE FROM CERT WHERE IID=? AND SN=?");
        try {
            try {
                prepareStatement.setInt(1, idForCert.intValue());
                prepareStatement.setString(2, certWithDbId.getCert().getSerialNumber().toString(16));
                prepareStatement.executeUpdate();
                this.datasource.releaseResources(prepareStatement, (ResultSet) null);
            } catch (SQLException e) {
                throw this.datasource.translate("DELETE FROM CERT WHERE IID=? AND SN=?", e);
            }
        } catch (Throwable th) {
            this.datasource.releaseResources(prepareStatement, (ResultSet) null);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void revokeCa(X509Cert x509Cert, CertRevocationInfo certRevocationInfo) throws DataAccessException {
        Args.notNull(x509Cert, "caCert");
        Args.notNull(certRevocationInfo, "revInfo");
        int issuerId = getIssuerId(x509Cert);
        PreparedStatement prepareStatement = this.datasource.prepareStatement("UPDATE ISSUER SET REV_INFO=? WHERE ID=?");
        try {
            try {
                prepareStatement.setString(1, certRevocationInfo.getEncoded());
                prepareStatement.setInt(2, issuerId);
                prepareStatement.executeUpdate();
                this.datasource.releaseResources(prepareStatement, (ResultSet) null);
            } catch (SQLException e) {
                throw this.datasource.translate("UPDATE ISSUER SET REV_INFO=? WHERE ID=?", e);
            }
        } catch (Throwable th) {
            this.datasource.releaseResources(prepareStatement, (ResultSet) null);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void unrevokeCa(X509Cert x509Cert) throws DataAccessException {
        int issuerId = getIssuerId(x509Cert);
        PreparedStatement prepareStatement = this.datasource.prepareStatement("UPDATE ISSUER SET REV_INFO=? WHERE ID=?");
        try {
            try {
                prepareStatement.setNull(1, 12);
                prepareStatement.setInt(2, issuerId);
                prepareStatement.executeUpdate();
                this.datasource.releaseResources(prepareStatement, (ResultSet) null);
            } catch (SQLException e) {
                throw this.datasource.translate("UPDATE ISSUER SET REV_INFO=? WHERE ID=?", e);
            }
        } catch (Throwable th) {
            this.datasource.releaseResources(prepareStatement, (ResultSet) null);
            throw th;
        }
    }

    private int getIssuerId(X509Cert x509Cert) throws DataAccessException {
        Args.notNull(x509Cert, "issuerCert");
        Integer idForCert = this.issuerStore.getIdForCert(x509Cert.getEncodedCert());
        if (idForCert == null) {
            throw new IllegalStateException("could not find issuer, please start XiPKI in master mode first the restart this XiPKI system");
        }
        return idForCert.intValue();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Type inference failed for: r1v3, types: [byte[], byte[][]] */
    public void addIssuer(X509Cert x509Cert) throws DataAccessException {
        if (this.issuerStore.getIdForCert(x509Cert.getEncodedCert()) != null) {
            return;
        }
        String base64Hash = HashAlgo.SHA1.base64Hash((byte[][]) new byte[]{x509Cert.getEncodedCert()});
        int max = ((int) this.datasource.getMax((Connection) null, "ISSUER", "ID")) + 1;
        byte[] encodedCert = x509Cert.getEncodedCert();
        long time = x509Cert.getCert().getNotBefore().getTime() / 1000;
        long time2 = x509Cert.getCert().getNotAfter().getTime() / 1000;
        PreparedStatement prepareStatement = this.datasource.prepareStatement("INSERT INTO ISSUER (ID,SUBJECT,NBEFORE,NAFTER,S1C,CERT) VALUES (?,?,?,?,?,?)");
        try {
            try {
                String encodeToString = Base64.encodeToString(encodedCert);
                String subject = x509Cert.getSubject();
                int i = 1 + 1;
                prepareStatement.setInt(1, max);
                int i2 = i + 1;
                prepareStatement.setString(i, subject);
                int i3 = i2 + 1;
                prepareStatement.setLong(i2, time);
                int i4 = i3 + 1;
                prepareStatement.setLong(i3, time2);
                int i5 = i4 + 1;
                prepareStatement.setString(i4, base64Hash);
                int i6 = i5 + 1;
                prepareStatement.setString(i5, encodeToString);
                prepareStatement.execute();
                this.issuerStore.addIdentityEntry(new IssuerEntry(max, encodeToString));
                this.datasource.releaseResources(prepareStatement, (ResultSet) null);
            } catch (SQLException e) {
                throw this.datasource.translate("INSERT INTO ISSUER (ID,SUBJECT,NBEFORE,NAFTER,S1C,CERT) VALUES (?,?,?,?,?,?)", e);
            }
        } catch (Throwable th) {
            this.datasource.releaseResources(prepareStatement, (ResultSet) null);
            throw th;
        }
    }

    private Long getCertId(int i, BigInteger bigInteger) throws DataAccessException {
        String str = this.sqlCertRegistered;
        ResultSet resultSet = null;
        PreparedStatement prepareStatement = this.datasource.prepareStatement(str);
        try {
            try {
                prepareStatement.setString(1, bigInteger.toString(16));
                prepareStatement.setInt(2, i);
                resultSet = prepareStatement.executeQuery();
                Long valueOf = resultSet.next() ? Long.valueOf(resultSet.getLong("ID")) : null;
                this.datasource.releaseResources(prepareStatement, resultSet);
                return valueOf;
            } catch (SQLException e) {
                throw this.datasource.translate(str, e);
            }
        } catch (Throwable th) {
            this.datasource.releaseResources(prepareStatement, resultSet);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isHealthy() {
        try {
            ResultSet resultSet = null;
            PreparedStatement prepareStatement = this.datasource.prepareStatement("SELECT ID FROM ISSUER");
            try {
                resultSet = prepareStatement.executeQuery();
                this.datasource.releaseResources(prepareStatement, resultSet);
                return true;
            } catch (Throwable th) {
                this.datasource.releaseResources(prepareStatement, resultSet);
                throw th;
            }
        } catch (Exception e) {
            LogUtil.error(LOG, e);
            return false;
        }
    }

    private static void setBoolean(PreparedStatement preparedStatement, int i, boolean z) throws SQLException {
        preparedStatement.setInt(i, z ? 1 : 0);
    }
}
