package eu.europa.esig.dss.spi.x509.revocation;

import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.model.x509.revocation.Revocation;
import eu.europa.esig.dss.spi.x509.revocation.OnlineRevocationSource;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/spi/x509/revocation/RepositoryRevocationSource.class */
public abstract class RepositoryRevocationSource<R extends Revocation> implements RevocationSource<R> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) RepositoryRevocationSource.class);
    private static final long serialVersionUID = 8116937707098957391L;
    protected OnlineRevocationSource<R> proxiedSource;
    private Long defaultNextUpdateDelay;
    private Long maxNextUpdateDelay;
    private boolean removeExpired = true;

    protected abstract List<String> initRevocationTokenKeys(CertificateToken certificateToken);

    protected abstract RevocationToken<R> findRevocation(String str, CertificateToken certificateToken, CertificateToken certificateToken2);

    protected abstract void insertRevocation(String str, RevocationToken<R> revocationToken);

    protected abstract void updateRevocation(String str, RevocationToken<R> revocationToken);

    protected abstract void removeRevocation(String str);

    public void setDefaultNextUpdateDelay(Long l) {
        this.defaultNextUpdateDelay = l == null ? null : Long.valueOf(l.longValue() * 1000);
    }

    public void setMaxNextUpdateDelay(Long l) {
        this.maxNextUpdateDelay = l == null ? null : Long.valueOf(l.longValue() * 1000);
    }

    public void setProxySource(OnlineRevocationSource<R> onlineRevocationSource) {
        this.proxiedSource = onlineRevocationSource;
    }

    public void setRemoveExpired(boolean z) {
        this.removeExpired = z;
    }

    @Override // eu.europa.esig.dss.spi.x509.revocation.RevocationSource, eu.europa.esig.dss.spi.x509.revocation.crl.CRLSource
    public RevocationToken<R> getRevocationToken(CertificateToken certificateToken, CertificateToken certificateToken2) {
        return getRevocationToken(certificateToken, certificateToken2, false);
    }

    public RevocationToken<R> getRevocationToken(CertificateToken certificateToken, CertificateToken certificateToken2, boolean z) {
        if (certificateToken == null || certificateToken2 == null) {
            LOG.warn("Certificate token or issuer's certificate token is null. Cannot get a revocation token!");
            return null;
        }
        List<String> initRevocationTokenKeys = initRevocationTokenKeys(certificateToken);
        if (z) {
            LOG.info("Cache is skipped to retrieve the revocation token for certificate with Id '{}'", certificateToken.getDSSIdAsString());
        } else {
            RevocationToken<R> extractRevocationFromCacheSource = extractRevocationFromCacheSource(certificateToken, certificateToken2, initRevocationTokenKeys);
            if (extractRevocationFromCacheSource != null) {
                return extractRevocationFromCacheSource;
            }
        }
        return extractAndInsertRevocationTokenFromProxiedSource(certificateToken, certificateToken2, initRevocationTokenKeys);
    }

    private RevocationToken<R> extractRevocationFromCacheSource(CertificateToken certificateToken, CertificateToken certificateToken2, List<String> list) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String next = it.next();
            RevocationToken<R> findRevocation = findRevocation(next, certificateToken, certificateToken2);
            if (findRevocation == null) {
                it.remove();
            } else {
                if (isNotExpired(findRevocation, certificateToken2)) {
                    LOG.info("Revocation token for certificate with Id '{}' has been loaded from the cache", certificateToken.getDSSIdAsString());
                    return findRevocation;
                }
                LOG.debug("Revocation token is expired");
                if (this.removeExpired) {
                    removeRevocation(next);
                    it.remove();
                }
            }
        }
        return null;
    }

    private RevocationToken<R> extractAndInsertRevocationTokenFromProxiedSource(CertificateToken certificateToken, CertificateToken certificateToken2, List<String> list) {
        if (this.proxiedSource == null) {
            LOG.warn("Proxied revocation source is not initialized for the called RevocationSource!");
            return null;
        }
        RevocationToken<R> revocationToken = null;
        OnlineRevocationSource.RevocationTokenAndUrl<R> revocationTokenAndUrl = this.proxiedSource.getRevocationTokenAndUrl(certificateToken, certificateToken2);
        if (revocationTokenAndUrl != null) {
            revocationToken = revocationTokenAndUrl.getRevocationToken();
            if (revocationToken.isValid()) {
                String revocationTokenKey = getRevocationTokenKey(certificateToken, revocationTokenAndUrl.getUrlString());
                if (list.contains(revocationTokenKey)) {
                    updateRevocation(revocationTokenKey, revocationToken);
                    LOG.info("Revocation token for certificate '{}' is updated in the cache", certificateToken.getDSSIdAsString());
                } else {
                    insertRevocation(revocationTokenKey, revocationToken);
                    LOG.info("Revocation token for certificate '{}' is added into the cache", certificateToken.getDSSIdAsString());
                }
            }
        }
        return revocationToken;
    }

    protected abstract String getRevocationTokenKey(CertificateToken certificateToken, String str);

    private boolean isNotExpired(RevocationToken<R> revocationToken, CertificateToken certificateToken) {
        Date date = new Date();
        Date nextUpdate = revocationToken.getNextUpdate();
        if (nextUpdate == null) {
            CertificateToken issuerCertificateToken = revocationToken.getIssuerCertificateToken();
            if (issuerCertificateToken == null) {
                issuerCertificateToken = certificateToken;
            }
            if (!issuerCertificateToken.isValidOn(date)) {
                return false;
            }
        }
        Date thisUpdate = revocationToken.getThisUpdate();
        if (nextUpdate == null && this.defaultNextUpdateDelay != null && thisUpdate != null) {
            nextUpdate = new Date(thisUpdate.getTime() + this.defaultNextUpdateDelay.longValue());
        }
        if (nextUpdate == null) {
            return false;
        }
        if (this.maxNextUpdateDelay != null && thisUpdate != null) {
            Date date2 = new Date(thisUpdate.getTime() + this.maxNextUpdateDelay.longValue());
            if (nextUpdate.after(date2)) {
                nextUpdate = date2;
            }
        }
        return nextUpdate.after(date);
    }
}
