package org.ejbca.core.model.ca.publisher;

import java.security.cert.Certificate;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.HashMap;
import java.util.Properties;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.x509.Extension;
import org.cesecore.authentication.tokens.AuthenticationToken;
import org.cesecore.certificates.endentity.ExtendedInformation;
import org.cesecore.keys.util.KeyTools;
import org.cesecore.util.Base64;
import org.cesecore.util.CertTools;
import org.ejbca.core.model.InternalEjbcaResources;
import org.ejbca.util.JDBCUtil;

/* loaded from: input_file:org/ejbca/core/model/ca/publisher/ValidationAuthorityPublisher.class */
public class ValidationAuthorityPublisher extends BasePublisher implements ICustomPublisher {
    private static final long serialVersionUID = -8046305645562531532L;
    private static final Logger log = Logger.getLogger(ValidationAuthorityPublisher.class);
    private static final InternalEjbcaResources intres = InternalEjbcaResources.getInstance();
    public static final float LATEST_VERSION = 1.0f;
    public static final int TYPE_VAPUBLISHER = 5;
    protected static final String DATASOURCE = "dataSource";
    protected static final String PROTECT = "protect";
    protected static final String STORECERT = "storeCert";
    protected static final String STORECRL = "storeCRL";
    protected static final String ONLYPUBLISHREVOKED = "onlyPublishRevoked";
    public static final String DEFAULT_DATASOURCE = "java:/OcspDS";
    public static final boolean DEFAULT_PROTECT = false;
    private static final String insertCertificateSQL = "INSERT INTO CertificateData (base64Cert,subjectDN,issuerDN,cAFingerprint,serialNumber,status,type,username,expireDate,revocationDate,revocationReason,tag,certificateProfileId,updateTime,subjectKeyId,fingerprint,rowVersion) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0)";
    private static final String updateCertificateSQL = "UPDATE CertificateData SET base64Cert=?,subjectDN=?,issuerDN=?,cAFingerprint=?,serialNumber=?,status=?,type=?,username=?,expireDate=?,revocationDate=?,revocationReason=?,tag=?,certificateProfileId=?,updateTime=?,subjectKeyId=?,rowVersion=(rowVersion+1) WHERE fingerprint=?";
    private static final String deleteCertificateSQL = "DELETE FROM CertificateData WHERE fingerprint=?";
    private static final String insertCRLSQL = "INSERT INTO CRLData (base64Crl,cAFingerprint,cRLNumber,deltaCRLIndicator,issuerDN,thisUpdate,nextUpdate,fingerprint,rowVersion) VALUES (?,?,?,?,?,?,?,?,0)";
    private static final String updateCRLSQL = "UPDATE CRLData SET base64Crl=?,cAFingerprint=?,cRLNumber=?,deltaCRLIndicator=?,issuerDN=?,thisUpdate=?,nextUpdate=?,rowVersion=(rowVersion+1) WHERE fingerprint=?";

    /* loaded from: input_file:org/ejbca/core/model/ca/publisher/ValidationAuthorityPublisher$DoNothingPreparer.class */
    protected class DoNothingPreparer implements JDBCUtil.Preparer {
        protected DoNothingPreparer() {
        }

        @Override // org.ejbca.util.JDBCUtil.Preparer
        public void prepare(PreparedStatement preparedStatement) {
        }

        @Override // org.ejbca.util.JDBCUtil.Preparer
        public String getInfoString() {
            return null;
        }
    }

    /* loaded from: input_file:org/ejbca/core/model/ca/publisher/ValidationAuthorityPublisher$StoreCRLPreparer.class */
    private class StoreCRLPreparer implements JDBCUtil.Preparer {
        private final String base64Crl;
        private final String cAFingerprint;
        private final int cRLNumber;
        private final int deltaCRLIndicator;
        private final String issuerDN;
        private final String fingerprint;
        private final long thisUpdate;
        private final long nextUpdate;

        StoreCRLPreparer(byte[] bArr, String str, int i, String str2) throws PublisherException {
            try {
                X509CRL cRLfromByteArray = CertTools.getCRLfromByteArray(bArr);
                this.deltaCRLIndicator = cRLfromByteArray.getExtensionValue(Extension.deltaCRLIndicator.getId()) != null ? 1 : -1;
                this.issuerDN = str2;
                this.cRLNumber = i;
                this.cAFingerprint = str;
                this.base64Crl = new String(Base64.encode(bArr));
                this.fingerprint = CertTools.getFingerprintAsString(bArr);
                this.thisUpdate = cRLfromByteArray.getThisUpdate().getTime();
                this.nextUpdate = cRLfromByteArray.getNextUpdate().getTime();
                if (ValidationAuthorityPublisher.log.isDebugEnabled()) {
                    ValidationAuthorityPublisher.log.debug("Publishing CRL with fingerprint " + this.fingerprint + ", number " + i + " to external CRL store for the CA " + this.issuerDN + (this.deltaCRLIndicator > 0 ? ". It is a delta CRL." : "."));
                }
            } catch (Exception e) {
                String localizedMessage = ValidationAuthorityPublisher.intres.getLocalizedMessage("publisher.errorldapdecode", "CRL");
                ValidationAuthorityPublisher.log.error(localizedMessage, e);
                throw new PublisherException(localizedMessage);
            }
        }

        @Override // org.ejbca.util.JDBCUtil.Preparer
        public void prepare(PreparedStatement preparedStatement) throws Exception {
            preparedStatement.setString(1, this.base64Crl);
            preparedStatement.setString(2, this.cAFingerprint);
            preparedStatement.setInt(3, this.cRLNumber);
            preparedStatement.setInt(4, this.deltaCRLIndicator);
            preparedStatement.setString(5, this.issuerDN);
            preparedStatement.setLong(6, this.thisUpdate);
            preparedStatement.setLong(7, this.nextUpdate);
            preparedStatement.setString(8, this.fingerprint);
        }

        @Override // org.ejbca.util.JDBCUtil.Preparer
        public String getInfoString() {
            return "Store CRL:, Issuer:" + this.issuerDN + ", Number: " + this.cRLNumber + ", Is delta: " + (this.deltaCRLIndicator > 0);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/ejbca/core/model/ca/publisher/ValidationAuthorityPublisher$StoreCertPreparer.class */
    public class StoreCertPreparer implements JDBCUtil.Preparer {
        private final Certificate incert;
        private final String username;
        private final String cafp;
        private final int status;
        private final int type;
        private final long revocationDate;
        private final int reason;
        private final String tag;
        private final int certificateProfileId;
        private final long updateTime;
        boolean isDelete = false;

        StoreCertPreparer(Certificate certificate, String str, String str2, int i, long j, int i2, int i3, String str3, int i4, long j2) {
            this.incert = certificate;
            this.username = str;
            this.cafp = str2;
            this.status = i;
            this.revocationDate = j;
            this.reason = i2;
            this.type = i3;
            this.tag = str3;
            this.certificateProfileId = i4;
            this.updateTime = j2;
        }

        @Override // org.ejbca.util.JDBCUtil.Preparer
        public void prepare(PreparedStatement preparedStatement) throws Exception {
            if (this.isDelete) {
                prepareDelete(preparedStatement);
            } else {
                prepareNewUpdate(preparedStatement);
            }
        }

        private void prepareDelete(PreparedStatement preparedStatement) throws Exception {
            preparedStatement.setString(1, CertTools.getFingerprintAsString(this.incert));
        }

        private void prepareNewUpdate(PreparedStatement preparedStatement) throws Exception {
            preparedStatement.setString(1, ValidationAuthorityPublisher.this.getStoreCert() ? new String(Base64.encode(this.incert.getEncoded(), true)) : null);
            preparedStatement.setString(2, CertTools.getSubjectDN(this.incert));
            preparedStatement.setString(3, CertTools.getIssuerDN(this.incert));
            preparedStatement.setString(4, this.cafp);
            preparedStatement.setString(5, ((X509Certificate) this.incert).getSerialNumber().toString());
            preparedStatement.setInt(6, this.status);
            preparedStatement.setInt(7, this.type);
            preparedStatement.setString(8, this.username);
            preparedStatement.setLong(9, ((X509Certificate) this.incert).getNotAfter().getTime());
            preparedStatement.setLong(10, this.revocationDate);
            preparedStatement.setInt(11, this.reason);
            preparedStatement.setString(12, this.tag);
            preparedStatement.setInt(13, this.certificateProfileId);
            preparedStatement.setLong(14, this.updateTime);
            String fingerprintAsString = CertTools.getFingerprintAsString(this.incert);
            String str = null;
            try {
                str = new String(Base64.encode(KeyTools.createSubjectKeyId(this.incert.getPublicKey()).getKeyIdentifier(), false));
            } catch (Exception e) {
                ValidationAuthorityPublisher.log.warn("Error constructing subjectKeyId for certificate, using null: " + fingerprintAsString);
            }
            preparedStatement.setString(15, str);
            preparedStatement.setString(16, fingerprintAsString);
        }

        @Override // org.ejbca.util.JDBCUtil.Preparer
        public String getInfoString() {
            return "Store:, Username: " + this.username + ", Issuer:" + CertTools.getIssuerDN(this.incert) + ", Serno: " + CertTools.getSerialNumberAsString(this.incert) + ", Subject: " + CertTools.getSubjectDN(this.incert);
        }
    }

    public ValidationAuthorityPublisher() {
        this.data.put("type", 5);
        setDataSource(DEFAULT_DATASOURCE);
        setProtect(false);
    }

    public void setDataSource(String str) {
        this.data.put(DATASOURCE, str);
    }

    public void setProtect(boolean z) {
        this.data.put(PROTECT, Boolean.valueOf(z));
    }

    public String getDataSource() {
        return (String) this.data.get(DATASOURCE);
    }

    public boolean getProtect() {
        return ((Boolean) this.data.get(PROTECT)).booleanValue();
    }

    public void setStoreCert(boolean z) {
        this.data.put(STORECERT, Boolean.valueOf(z));
    }

    public boolean getStoreCert() {
        Object obj = this.data.get(STORECERT);
        if (obj == null) {
            return true;
        }
        return ((Boolean) obj).booleanValue();
    }

    public void setOnlyPublishRevoked(boolean z) {
        this.data.put(ONLYPUBLISHREVOKED, Boolean.valueOf(z));
    }

    public boolean getOnlyPublishRevoked() {
        Object obj = this.data.get(ONLYPUBLISHREVOKED);
        if (obj == null) {
            return false;
        }
        return ((Boolean) obj).booleanValue();
    }

    public void setStoreCRL(boolean z) {
        this.data.put(STORECRL, Boolean.valueOf(z));
    }

    public boolean getStoreCRL() {
        Object obj = this.data.get(STORECRL);
        if (obj == null) {
            return false;
        }
        return ((Boolean) obj).booleanValue();
    }

    @Override // org.ejbca.core.model.ca.publisher.ICustomPublisher
    public void init(Properties properties) {
        setDataSource(properties.getProperty(DATASOURCE));
        log.debug("dataSource='" + getDataSource() + "'.");
        setProtect(StringUtils.equalsIgnoreCase(properties.getProperty(PROTECT, "false"), "true"));
        log.debug("protect='" + getProtect() + "'.");
        setStoreCert(StringUtils.equalsIgnoreCase(properties.getProperty(STORECERT, "true"), "true"));
        log.debug("storeCert='" + getStoreCert() + "'.");
    }

    private void updateCert(StoreCertPreparer storeCertPreparer) throws Exception {
        if (JDBCUtil.execute(updateCertificateSQL, storeCertPreparer, getDataSource()) == 1) {
            return;
        }
        JDBCUtil.execute(insertCertificateSQL, storeCertPreparer, getDataSource());
    }

    private void deleteCert(StoreCertPreparer storeCertPreparer) throws Exception {
        storeCertPreparer.isDelete = true;
        JDBCUtil.execute(deleteCertificateSQL, storeCertPreparer, getDataSource());
    }

    private void newCert(StoreCertPreparer storeCertPreparer) throws Exception {
        try {
            JDBCUtil.execute(insertCertificateSQL, storeCertPreparer, getDataSource());
        } catch (SQLException e) {
            if (log.isDebugEnabled()) {
                log.debug(intres.getLocalizedMessage("publisher.entryexists", e.getMessage()));
            }
            if (JDBCUtil.execute(updateCertificateSQL, storeCertPreparer, getDataSource()) != 1) {
                throw e;
            }
        }
    }

    @Override // org.ejbca.core.model.ca.publisher.BasePublisher
    public boolean willPublishCertificate(int i, int i2) {
        if (!getOnlyPublishRevoked() || i == 40 || i2 == 8) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("Will publish certificate. Status: " + i + ", revocationReason: " + i2);
            return true;
        }
        if (!log.isDebugEnabled()) {
            return false;
        }
        log.debug("Will not publish certificate. Status: " + i + ", revocationReason: " + i2);
        return false;
    }

    @Override // org.ejbca.core.model.ca.publisher.BasePublisher
    public boolean storeCertificate(AuthenticationToken authenticationToken, Certificate certificate, String str, String str2, String str3, String str4, int i, int i2, long j, int i3, String str5, int i4, long j2, ExtendedInformation extendedInformation) throws PublisherException {
        if (log.isDebugEnabled()) {
            log.debug("Publishing certificate with fingerprint " + CertTools.getFingerprintAsString(certificate) + ", status " + i + ", type " + i2 + " to external VA.");
        }
        StoreCertPreparer storeCertPreparer = new StoreCertPreparer(certificate, str, str4, i, j, i3, i2, str5, i4, j2);
        try {
            if (!getOnlyPublishRevoked()) {
                if (i == 40) {
                    updateCert(storeCertPreparer);
                    return true;
                }
                newCert(storeCertPreparer);
                return true;
            }
            if (i == 40) {
                newCert(storeCertPreparer);
                return true;
            }
            if (i3 == 8) {
                deleteCert(storeCertPreparer);
                return true;
            }
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("Not publishing certificate with status " + i + ", type " + i2 + " to external VA, we only publish revoked certificates.");
            return true;
        } catch (Throwable th) {
            throwPublisherException(th, storeCertPreparer);
            return false;
        }
    }

    @Override // org.ejbca.core.model.ca.publisher.BasePublisher
    public boolean storeCRL(AuthenticationToken authenticationToken, byte[] bArr, String str, int i, String str2) throws PublisherException {
        if (!getStoreCRL()) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("No CRL published. The VA publisher is not configured to do it.");
            return true;
        }
        StoreCRLPreparer storeCRLPreparer = new StoreCRLPreparer(bArr, str, i, str2);
        try {
            JDBCUtil.execute(insertCRLSQL, storeCRLPreparer, getDataSource());
            return true;
        } catch (SQLException e) {
            if (log.isDebugEnabled()) {
                log.debug(intres.getLocalizedMessage("publisher.entryexists", e.getMessage()), e);
            }
            try {
                JDBCUtil.execute(updateCRLSQL, storeCRLPreparer, getDataSource());
                return true;
            } catch (Exception e2) {
                throwPublisherException(e2, storeCRLPreparer);
                return true;
            }
        } catch (Throwable th) {
            throwPublisherException(th, storeCRLPreparer);
            return true;
        }
    }

    void throwPublisherException(Throwable th, JDBCUtil.Preparer preparer) throws PublisherException {
        String localizedMessage = intres.getLocalizedMessage("publisher.errorvapubl", getDataSource(), preparer.getInfoString());
        log.error(localizedMessage, th);
        PublisherException publisherException = new PublisherException(localizedMessage);
        publisherException.initCause(th);
        throw publisherException;
    }

    @Override // org.ejbca.core.model.ca.publisher.BasePublisher
    public void testConnection() throws PublisherConnectionException {
        try {
            JDBCUtil.execute("select 1 from CertificateData where fingerprint='XX'", new DoNothingPreparer(), getDataSource());
        } catch (Exception e) {
            log.error("Connection test failed: ", e);
            PublisherConnectionException publisherConnectionException = new PublisherConnectionException("Connection in init failed: " + e.getMessage());
            publisherConnectionException.initCause(e);
            throw publisherConnectionException;
        }
    }

    @Override // org.ejbca.core.model.ca.publisher.BasePublisher
    public Object clone() throws CloneNotSupportedException {
        ValidationAuthorityPublisher validationAuthorityPublisher = new ValidationAuthorityPublisher();
        HashMap hashMap = (HashMap) validationAuthorityPublisher.saveData();
        for (Object obj : this.data.keySet()) {
            hashMap.put(obj, this.data.get(obj));
        }
        validationAuthorityPublisher.loadData(hashMap);
        return validationAuthorityPublisher;
    }

    @Override // org.ejbca.core.model.ca.publisher.BasePublisher
    public float getLatestVersion() {
        return 1.0f;
    }
}
