package org.xipki.ocsp.server.store;

import java.io.Closeable;
import java.math.BigInteger;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.ScheduledThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import org.bouncycastle.crypto.Digest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.datasource.DataAccessException;
import org.xipki.datasource.DataSourceWrapper;
import org.xipki.ocsp.api.OcspRespWithCacheInfo;
import org.xipki.ocsp.api.RequestIssuer;
import org.xipki.security.AlgorithmCode;
import org.xipki.security.HashAlgo;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.Base64;
import org.xipki.util.InvalidConfException;
import org.xipki.util.LogUtil;
import org.xipki.util.StringUtil;
import org.xipki.util.Validity;
import org.xipki.util.concurrent.ConcurrentBag;
import org.xipki.util.concurrent.ConcurrentBagEntry;

/* loaded from: input_file:org/xipki/ocsp/server/store/ResponseCacher.class */
public class ResponseCacher implements Closeable {
    private static final Logger LOG = LoggerFactory.getLogger(ResponseCacher.class);
    private static final long SEC_PER_WEEK = 604800;
    private static final String SQL_ADD_ISSUER = "INSERT INTO ISSUER (ID,S1C,CERT) VALUES (?,?,?)";
    private static final String SQL_SELECT_ISSUER_ID = "SELECT ID FROM ISSUER";
    private static final String SQL_DELETE_ISSUER = "DELETE FROM ISSUER WHERE ID=?";
    private static final String SQL_SELECT_ISSUER = "SELECT ID,CERT FROM ISSUER";
    private static final String SQL_DELETE_EXPIRED_RESP = "DELETE FROM OCSP WHERE THIS_UPDATE<?";
    private static final String SQL_ADD_RESP = "INSERT INTO OCSP (ID,IID,IDENT,THIS_UPDATE,NEXT_UPDATE,RESP) VALUES (?,?,?,?,?,?)";
    private static final String SQL_UPDATE_RESP = "UPDATE OCSP SET THIS_UPDATE=?,NEXT_UPDATE=?,RESP=? WHERE ID=?";
    private final String sqlSelectIssuerCert;
    private final String sqlSelectOcsp;
    private final boolean master;
    private final int validity;
    private DataSourceWrapper datasource;
    private ScheduledThreadPoolExecutor scheduledThreadPoolExecutor;
    private ScheduledFuture<?> responseCleaner;
    private ScheduledFuture<?> issuerUpdater;
    private IssuerStore issuerStore = new IssuerStore();
    private final AtomicBoolean onService = new AtomicBoolean(false);
    private final ConcurrentBag<ConcurrentBagEntry<Digest>> idDigesters = new ConcurrentBag<>();

    /* loaded from: input_file:org/xipki/ocsp/server/store/ResponseCacher$ExpiredResponsesCleaner.class */
    private class ExpiredResponsesCleaner implements Runnable {
        private final Object lock;
        private final AtomicBoolean inProcess;

        private ExpiredResponsesCleaner() {
            this.lock = new Object();
            this.inProcess = new AtomicBoolean(false);
        }

        @Override // java.lang.Runnable
        public void run() {
            if (this.inProcess.get()) {
                return;
            }
            synchronized (this.lock) {
                this.inProcess.set(true);
                long currentTimeMillis = (System.currentTimeMillis() / 1000) - ResponseCacher.this.validity;
                try {
                    try {
                        ResponseCacher.LOG.info("removed {} response with thisUpdate < {}", Integer.valueOf(ResponseCacher.this.removeExpiredResponses(currentTimeMillis)), Long.valueOf(currentTimeMillis));
                        this.inProcess.set(false);
                    } catch (Throwable th) {
                        LogUtil.error(ResponseCacher.LOG, th, "could not remove expired responses");
                        this.inProcess.set(false);
                    }
                } catch (Throwable th2) {
                    this.inProcess.set(false);
                    throw th2;
                }
            }
        }
    }

    /* loaded from: input_file:org/xipki/ocsp/server/store/ResponseCacher$IssuerUpdater.class */
    private class IssuerUpdater implements Runnable {
        private IssuerUpdater() {
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                ResponseCacher.this.updateCacheStore();
            } catch (Throwable th) {
                LogUtil.error(ResponseCacher.LOG, th, "error while calling updateCacheStore()");
            }
        }
    }

    public ResponseCacher(DataSourceWrapper dataSourceWrapper, boolean z, Validity validity) {
        this.datasource = (DataSourceWrapper) Args.notNull(dataSourceWrapper, "datasource");
        this.master = z;
        this.validity = (int) (((Validity) Args.notNull(validity, "validity")).approxMinutes() * 60);
        this.sqlSelectIssuerCert = dataSourceWrapper.buildSelectFirstSql(1, "CERT FROM ISSUER WHERE ID=?");
        this.sqlSelectOcsp = dataSourceWrapper.buildSelectFirstSql(1, "IID,IDENT,THIS_UPDATE,NEXT_UPDATE,RESP FROM OCSP WHERE ID=?");
        for (int i = 0; i < 20; i++) {
            this.idDigesters.add(new ConcurrentBagEntry(HashAlgo.SHA1.createDigest()));
        }
    }

    public boolean isOnService() {
        return this.onService.get() && this.issuerStore != null;
    }

    public void init() {
        updateCacheStore();
        this.scheduledThreadPoolExecutor = new ScheduledThreadPoolExecutor(1);
        this.scheduledThreadPoolExecutor.setRemoveOnCancelPolicy(true);
        this.responseCleaner = this.scheduledThreadPoolExecutor.scheduleAtFixedRate(new ExpiredResponsesCleaner(), 348L, 600L, TimeUnit.SECONDS);
        this.issuerUpdater = this.scheduledThreadPoolExecutor.scheduleAtFixedRate(new IssuerUpdater(), 448L, 600L, TimeUnit.SECONDS);
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        if (this.datasource != null) {
            this.datasource.close();
            this.datasource = null;
        }
        if (this.responseCleaner != null) {
            this.responseCleaner.cancel(false);
            this.responseCleaner = null;
        }
        if (this.issuerUpdater != null) {
            this.issuerUpdater.cancel(false);
            this.issuerUpdater = null;
        }
        if (this.scheduledThreadPoolExecutor != null) {
            this.scheduledThreadPoolExecutor.shutdown();
            while (!this.scheduledThreadPoolExecutor.isTerminated()) {
                try {
                    Thread.sleep(100L);
                } catch (InterruptedException e) {
                    LOG.error("interrupted: {}", e.getMessage());
                }
            }
            this.scheduledThreadPoolExecutor = null;
        }
    }

    public Integer getIssuerId(RequestIssuer requestIssuer) {
        IssuerEntry issuerForFp = this.issuerStore.getIssuerForFp(requestIssuer);
        if (issuerForFp == null) {
            return null;
        }
        return Integer.valueOf(issuerForFp.getId());
    }

    /* JADX WARN: Type inference failed for: r1v1, types: [byte[], byte[][]] */
    public synchronized Integer storeIssuer(X509Certificate x509Certificate) throws CertificateException, InvalidConfException, DataAccessException {
        if (!this.master) {
            throw new IllegalStateException("storeIssuer is not permitted in slave mode");
        }
        for (Integer num : this.issuerStore.getIds()) {
            if (this.issuerStore.getIssuerForId(num.intValue()).getCert().equals(x509Certificate)) {
                return num;
            }
        }
        byte[] encoded = x509Certificate.getEncoded();
        String base64Hash = HashAlgo.SHA1.base64Hash((byte[][]) new byte[]{encoded});
        int max = ((int) this.datasource.getMax((Connection) null, "ISSUER", "ID")) + 1;
        try {
            try {
                try {
                    PreparedStatement prepareStatement = this.datasource.prepareStatement(SQL_ADD_ISSUER);
                    int i = 1 + 1;
                    prepareStatement.setInt(1, max);
                    int i2 = i + 1;
                    prepareStatement.setString(i, base64Hash);
                    int i3 = i2 + 1;
                    prepareStatement.setString(i2, Base64.encodeToString(encoded));
                    prepareStatement.execute();
                    this.issuerStore.addIssuer(new IssuerEntry(max, x509Certificate));
                    Integer valueOf = Integer.valueOf(max);
                    this.datasource.releaseResources(prepareStatement, (ResultSet) null);
                    return valueOf;
                } catch (Throwable th) {
                    this.datasource.releaseResources((Statement) null, (ResultSet) null);
                    throw th;
                }
            } catch (SQLException e) {
                throw this.datasource.translate(SQL_ADD_ISSUER, e);
            }
        } catch (DataAccessException e2) {
            if (e2.getReason().isDescendantOrSelfOf(DataAccessException.Reason.DuplicateKey)) {
                return Integer.valueOf(max);
            }
            throw e2;
        }
    }

    public OcspRespWithCacheInfo getOcspResponse(int i, BigInteger bigInteger, AlgorithmCode algorithmCode) throws DataAccessException {
        String str = this.sqlSelectOcsp;
        byte[] buildIdent = buildIdent(bigInteger, algorithmCode);
        long deriveId = deriveId(i, buildIdent);
        PreparedStatement prepareStatement = this.datasource.prepareStatement(str);
        ResultSet resultSet = null;
        try {
            try {
                prepareStatement.setLong(1, deriveId);
                resultSet = prepareStatement.executeQuery();
                if (!resultSet.next()) {
                    this.datasource.releaseResources(prepareStatement, resultSet);
                    return null;
                }
                if (resultSet.getInt("IID") != i) {
                    this.datasource.releaseResources(prepareStatement, resultSet);
                    return null;
                }
                if (!Base64.encodeToString(buildIdent).equals(resultSet.getString("IDENT"))) {
                    this.datasource.releaseResources(prepareStatement, resultSet);
                    return null;
                }
                long j = resultSet.getLong("NEXT_UPDATE");
                if (j != 0 && j < (System.currentTimeMillis() / 1000) + 600) {
                    this.datasource.releaseResources(prepareStatement, resultSet);
                    return null;
                }
                long j2 = resultSet.getLong("THIS_UPDATE");
                byte[] decodeFast = Base64.decodeFast(resultSet.getString("RESP"));
                OcspRespWithCacheInfo.ResponseCacheInfo responseCacheInfo = new OcspRespWithCacheInfo.ResponseCacheInfo(j2);
                if (j != 0) {
                    responseCacheInfo.setNextUpdate(Long.valueOf(j));
                }
                OcspRespWithCacheInfo ocspRespWithCacheInfo = new OcspRespWithCacheInfo(decodeFast, responseCacheInfo);
                this.datasource.releaseResources(prepareStatement, resultSet);
                return ocspRespWithCacheInfo;
            } catch (SQLException e) {
                throw this.datasource.translate(str, e);
            }
        } catch (Throwable th) {
            this.datasource.releaseResources(prepareStatement, resultSet);
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    public void storeOcspResponse(int i, BigInteger bigInteger, long j, Long l, AlgorithmCode algorithmCode, byte[] bArr) {
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        if (l == null) {
            l = Long.valueOf(currentTimeMillis + SEC_PER_WEEK);
        }
        if (l.longValue() - currentTimeMillis < this.validity) {
            return;
        }
        byte[] buildIdent = buildIdent(bigInteger, algorithmCode);
        String encodeToString = Base64.encodeToString(buildIdent);
        try {
            long deriveId = deriveId(i, buildIdent);
            Connection connection = this.datasource.getConnection();
            try {
                PreparedStatement prepareStatement = this.datasource.prepareStatement(connection, SQL_ADD_RESP);
                String encodeToString2 = Base64.encodeToString(bArr);
                Boolean bool = null;
                try {
                    try {
                        int i2 = 1 + 1;
                        prepareStatement.setLong(1, deriveId);
                        int i3 = i2 + 1;
                        prepareStatement.setInt(i2, i);
                        int i4 = i3 + 1;
                        prepareStatement.setString(i3, encodeToString);
                        int i5 = i4 + 1;
                        prepareStatement.setLong(i4, j);
                        int i6 = i5 + 1;
                        prepareStatement.setLong(i5, l.longValue());
                        int i7 = i6 + 1;
                        prepareStatement.setString(i6, encodeToString2);
                        prepareStatement.execute();
                        this.datasource.releaseResources(prepareStatement, (ResultSet) null, false);
                    } catch (Throwable th) {
                        this.datasource.releaseResources(prepareStatement, (ResultSet) null, false);
                        throw th;
                    }
                } catch (SQLException e) {
                    DataAccessException translate = this.datasource.translate(SQL_ADD_RESP, e);
                    if (!translate.getReason().isDescendantOrSelfOf(DataAccessException.Reason.DataIntegrityViolation)) {
                        throw translate;
                    }
                    bool = Boolean.TRUE;
                    this.datasource.releaseResources(prepareStatement, (ResultSet) null, false);
                }
                if (bool == null) {
                    LOG.debug("added cached OCSP response iid={}, ident={}", Integer.valueOf(i), encodeToString);
                    this.datasource.returnConnection(connection);
                    return;
                }
                PreparedStatement prepareStatement2 = this.datasource.prepareStatement(connection, SQL_UPDATE_RESP);
                try {
                    try {
                        int i8 = 1 + 1;
                        prepareStatement2.setLong(1, j);
                        int i9 = i8 + 1;
                        prepareStatement2.setLong(i8, l.longValue());
                        int i10 = i9 + 1;
                        prepareStatement2.setString(i9, encodeToString2);
                        int i11 = i10 + 1;
                        prepareStatement2.setLong(i10, deriveId);
                        prepareStatement2.executeUpdate();
                        this.datasource.releaseResources(prepareStatement2, (ResultSet) null, false);
                        this.datasource.returnConnection(connection);
                    } catch (SQLException e2) {
                        throw this.datasource.translate(SQL_UPDATE_RESP, e2);
                    }
                } catch (Throwable th2) {
                    this.datasource.releaseResources(prepareStatement2, (ResultSet) null, false);
                    throw th2;
                }
            } catch (Throwable th3) {
                this.datasource.returnConnection(connection);
                throw th3;
            }
        } catch (DataAccessException e3) {
            LOG.info("could not cache OCSP response iid={}, ident={}", Integer.valueOf(i), encodeToString);
            if (LOG.isDebugEnabled()) {
                LOG.debug("could not cache OCSP response iid=" + i + ", ident=" + encodeToString, e3);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public int removeExpiredResponses(long j) throws DataAccessException {
        PreparedStatement preparedStatement = null;
        try {
            try {
                preparedStatement = this.datasource.prepareStatement(SQL_DELETE_EXPIRED_RESP);
                preparedStatement.setLong(1, j);
                int executeUpdate = preparedStatement.executeUpdate();
                this.datasource.releaseResources(preparedStatement, (ResultSet) null);
                return executeUpdate;
            } catch (SQLException e) {
                throw this.datasource.translate(SQL_DELETE_EXPIRED_RESP, e);
            }
        } catch (Throwable th) {
            this.datasource.releaseResources(preparedStatement, (ResultSet) null);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void updateCacheStore() {
        boolean updateCacheStore0 = updateCacheStore0();
        this.onService.set(updateCacheStore0);
        if (updateCacheStore0) {
            LOG.info("OCSP response cacher is on service");
        } else {
            LOG.error("OCSP response cacher is out of service");
        }
    }

    /* JADX WARN: Finally extract failed */
    private boolean updateCacheStore0() {
        try {
            if (this.issuerStore == null) {
                return initIssuerStore();
            }
            PreparedStatement preparedStatement = null;
            ResultSet resultSet = null;
            HashSet<Integer> hashSet = new HashSet();
            try {
                try {
                    preparedStatement = this.datasource.prepareStatement(SQL_SELECT_ISSUER_ID);
                    resultSet = preparedStatement.executeQuery();
                    while (resultSet.next()) {
                        hashSet.add(Integer.valueOf(resultSet.getInt("ID")));
                    }
                    this.datasource.releaseResources(preparedStatement, resultSet, true);
                    ResultSet resultSet2 = null;
                    hashSet.removeAll(this.issuerStore.getIds());
                    if (hashSet.isEmpty()) {
                        return true;
                    }
                    PreparedStatement prepareStatement = this.datasource.prepareStatement(this.sqlSelectIssuerCert);
                    try {
                        for (Integer num : hashSet) {
                            try {
                                try {
                                    prepareStatement.setInt(1, num.intValue());
                                    resultSet2 = prepareStatement.executeQuery();
                                    resultSet2.next();
                                    this.issuerStore.addIssuer(new IssuerEntry(num.intValue(), X509Util.parseCert(StringUtil.toUtf8Bytes(resultSet2.getString("CERT")))));
                                    LOG.info("added issuer {}", num);
                                    this.datasource.releaseResources((Statement) null, resultSet2, false);
                                } catch (Throwable th) {
                                    this.datasource.releaseResources((Statement) null, resultSet2, false);
                                    throw th;
                                }
                            } catch (SQLException e) {
                                LogUtil.error(LOG, this.datasource.translate(this.sqlSelectIssuerCert, e), "could not executing updateCacheStore()");
                                this.datasource.releaseResources((Statement) null, resultSet2, false);
                                this.datasource.releaseResources(prepareStatement, (ResultSet) null, true);
                                return false;
                            } catch (Exception e2) {
                                LogUtil.error(LOG, e2, "could not executing updateCacheStore()");
                                this.datasource.releaseResources((Statement) null, resultSet2, false);
                                this.datasource.releaseResources(prepareStatement, (ResultSet) null, true);
                                return false;
                            }
                        }
                        this.datasource.releaseResources(prepareStatement, (ResultSet) null, true);
                        return true;
                    } catch (Throwable th2) {
                        this.datasource.releaseResources(prepareStatement, (ResultSet) null, true);
                        throw th2;
                    }
                } catch (Throwable th3) {
                    this.datasource.releaseResources((Statement) null, (ResultSet) null, true);
                    throw th3;
                }
            } catch (SQLException e3) {
                LogUtil.error(LOG, this.datasource.translate(SQL_SELECT_ISSUER_ID, e3), "could not executing updateCacheStore()");
                this.datasource.releaseResources(preparedStatement, resultSet, true);
                return false;
            } catch (Exception e4) {
                LogUtil.error(LOG, e4, "could not executing updateCacheStore()");
                this.datasource.releaseResources(preparedStatement, resultSet, true);
                return false;
            }
        } catch (DataAccessException e5) {
            LogUtil.error(LOG, e5, "could not executing updateCacheStore()");
            return false;
        } catch (CertificateException e6) {
            LogUtil.error(LOG, e6, "could not executing updateCacheStore()");
            return true;
        }
    }

    private boolean initIssuerStore() throws DataAccessException, CertificateException {
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                preparedStatement = this.datasource.prepareStatement(SQL_SELECT_ISSUER);
                resultSet = preparedStatement.executeQuery();
                LinkedList linkedList = new LinkedList();
                PreparedStatement preparedStatement2 = null;
                while (resultSet.next()) {
                    int i = resultSet.getInt("ID");
                    X509Certificate parseCert = X509Util.parseCert(StringUtil.toUtf8Bytes(resultSet.getString("CERT")));
                    IssuerEntry issuerEntry = new IssuerEntry(i, parseCert);
                    RequestIssuer requestIssuer = new RequestIssuer(HashAlgo.SHA1, issuerEntry.getEncodedHash(HashAlgo.SHA1));
                    boolean z = false;
                    Iterator it = linkedList.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        if (((IssuerEntry) it.next()).matchHash(requestIssuer)) {
                            z = true;
                            break;
                        }
                    }
                    String name = parseCert.getSubjectX500Principal().getName();
                    if (z) {
                        if (preparedStatement2 == null) {
                            preparedStatement2 = this.datasource.prepareStatement(SQL_DELETE_ISSUER);
                        }
                        preparedStatement2.setInt(1, i);
                        preparedStatement2.executeUpdate();
                        LOG.warn("Delete duplicated issuer {}: {}", Integer.valueOf(i), name);
                    } else {
                        LOG.info("added issuer {}: {}", Integer.valueOf(i), name);
                        linkedList.add(issuerEntry);
                    }
                }
                this.issuerStore.setIssuers(linkedList);
                LOG.info("Updated issuers");
                this.datasource.releaseResources(preparedStatement, resultSet, false);
                return true;
            } catch (SQLException e) {
                throw this.datasource.translate(SQL_SELECT_ISSUER, e);
            }
        } catch (Throwable th) {
            this.datasource.releaseResources(preparedStatement, resultSet, false);
            throw th;
        }
    }

    private static byte[] buildIdent(BigInteger bigInteger, AlgorithmCode algorithmCode) {
        byte[] byteArray = bigInteger.toByteArray();
        byte[] bArr = new byte[1 + byteArray.length];
        bArr[0] = algorithmCode.getCode();
        System.arraycopy(byteArray, 0, bArr, 1, byteArray.length);
        return bArr;
    }

    private long deriveId(int i, byte[] bArr) {
        ConcurrentBagEntry concurrentBagEntry = null;
        try {
            concurrentBagEntry = (ConcurrentBagEntry) this.idDigesters.borrow(2L, TimeUnit.SECONDS);
        } catch (InterruptedException e) {
        }
        boolean z = concurrentBagEntry == null;
        if (z) {
            concurrentBagEntry = new ConcurrentBagEntry(HashAlgo.SHA1.createDigest());
        }
        byte[] bArr2 = new byte[20];
        try {
            Digest digest = (Digest) concurrentBagEntry.value();
            digest.reset();
            digest.update(int2Bytes(i), 0, 2);
            digest.update(bArr, 0, bArr.length);
            digest.doFinal(bArr2, 0);
            if (z) {
                this.idDigesters.add(concurrentBagEntry);
            } else {
                this.idDigesters.requite(concurrentBagEntry);
            }
            return ((127 & bArr2[0]) << 56) | ((255 & bArr2[1]) << 48) | ((255 & bArr2[2]) << 40) | ((255 & bArr2[3]) << 32) | ((255 & bArr2[4]) << 24) | ((255 & bArr2[5]) << 16) | ((255 & bArr2[6]) << 8) | (255 & bArr2[7]);
        } catch (Throwable th) {
            if (z) {
                this.idDigesters.add(concurrentBagEntry);
            } else {
                this.idDigesters.requite(concurrentBagEntry);
            }
            throw th;
        }
    }

    private static byte[] int2Bytes(int i) {
        if (i <= -1 || i >= 65535) {
            throw new IllegalArgumentException("value is out of the range [0, 65535]: " + i);
        }
        return new byte[]{(byte) (i >> 8), (byte) i};
    }
}
