package ee.sk.digidoc.tsl;

import ee.sk.digidoc.DigiDocException;
import ee.sk.digidoc.factory.TrustServiceFactory;
import ee.sk.utils.ConfigManager;
import ee.sk.utils.ConvertUtils;
import java.io.File;
import java.io.FileInputStream;
import java.net.URL;
import java.security.Principal;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Vector;
import org.apache.log4j.Logger;

/* loaded from: input_file:ee/sk/digidoc/tsl/DigiDocTrustServiceFactory.class */
public class DigiDocTrustServiceFactory implements TrustServiceFactory {
    private static Logger m_logger = Logger.getLogger(DigiDocTrustServiceFactory.class);
    private List m_tsls;

    @Override // ee.sk.digidoc.factory.TrustServiceFactory
    public void init() throws DigiDocException {
        String stringProperty;
        try {
            ConfigManager instance = ConfigManager.instance();
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Reading local config file");
            }
            TrustServiceStatusList trustServiceStatusList = new TrustServiceStatusList();
            SchemeInformation schemeInformation = new SchemeInformation();
            schemeInformation.setVersionIdentifier(1);
            schemeInformation.setSequenceNumber(1);
            schemeInformation.setType(SchemeInformation.TYPE_LOCAL);
            trustServiceStatusList.setSchemeInformation(schemeInformation);
            this.m_tsls = new ArrayList();
            this.m_tsls.add(trustServiceStatusList);
            int intProperty = instance.getIntProperty("DIGIDOC_CAS", 0);
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("CA-s: " + intProperty);
            }
            for (int i = 1; i <= intProperty; i++) {
                TrustServiceProvider addTspProvider = addTspProvider(instance.getStringProperty("DIGIDOC_CA_" + i + "_NAME", null), instance.getStringProperty("DIGIDOC_CA_" + i + "_TRADENAME", null));
                int intProperty2 = instance.getIntProperty("DIGIDOC_CA_" + i + "_CERTS", 0);
                for (int i2 = 1; i2 <= intProperty2; i2++) {
                    String stringProperty2 = instance.getStringProperty("DIGIDOC_CA_" + i + "_CERT" + i2, null);
                    if (m_logger.isDebugEnabled()) {
                        m_logger.debug("CA" + i + " ca-cert" + i2 + " - " + stringProperty2);
                    }
                    try {
                        X509Certificate readCertificate = readCertificate(stringProperty2);
                        if (readCertificate != null && addTspProvider != null) {
                            addCATspService(addTspProvider, readCertificate);
                        }
                    } catch (Exception e) {
                        m_logger.warn("Failed to read CA cert: " + stringProperty2);
                    }
                }
                int intProperty3 = instance.getIntProperty("DIGIDOC_CA_" + i + "_OCSPS", 0);
                if (m_logger.isDebugEnabled()) {
                    m_logger.debug("OCSP-s: " + intProperty3);
                }
                for (int i3 = 1; i3 <= intProperty3; i3++) {
                    String stringProperty3 = instance.getStringProperty("DIGIDOC_CA_" + i + "_OCSP" + i3 + "_CERT", null);
                    if (m_logger.isDebugEnabled()) {
                        m_logger.debug("CA" + i + " ocsp-cert" + i3 + " - " + stringProperty3);
                    }
                    TSPService tSPService = null;
                    try {
                        X509Certificate readCertificate2 = readCertificate(stringProperty3);
                        if (readCertificate2 != null && addTspProvider != null) {
                            tSPService = addOcspTspService(addTspProvider, readCertificate2, instance.getStringProperty("DIGIDOC_CA_" + i + "_OCSP" + i3 + "_CN", null), instance.getStringProperty("DIGIDOC_CA_" + i + "_OCSP" + i3 + "_URL", null), instance.getStringProperty("DIGIDOC_CA_" + i + "_OCSP" + i3 + "_CN", null), instance.getStringProperty("DIGIDOC_CA_" + i + "_OCSP" + i3 + "_CA_CN", null));
                        }
                    } catch (Exception e2) {
                        m_logger.warn("Failed to read OCSP responder cert: " + stringProperty3);
                    }
                    int i4 = 1;
                    do {
                        stringProperty = instance.getStringProperty("DIGIDOC_CA_" + i + "_OCSP" + i3 + "_CERT_" + i4, null);
                        if (m_logger.isDebugEnabled()) {
                            m_logger.debug("CA" + i + " ocsp-cert" + i3 + "/" + i4 + " - " + stringProperty);
                        }
                        if (stringProperty != null && tSPService != null) {
                            try {
                                X509Certificate readCertificate3 = readCertificate(stringProperty);
                                if (readCertificate3 != null) {
                                    tSPService.addCertificate(readCertificate3);
                                }
                            } catch (Exception e3) {
                                m_logger.warn("Failed to read OCSP responder cert: " + stringProperty);
                            }
                        }
                        i4++;
                    } while (stringProperty != null);
                }
                if (m_logger.isDebugEnabled()) {
                    m_logger.debug("Local config: " + trustServiceStatusList);
                }
            }
            String stringProperty4 = instance.getStringProperty("DIGIDOC_TSL_DIR", null);
            if (stringProperty4 != null && stringProperty4.length() > 0) {
                File[] listFiles = new File(stringProperty4).listFiles();
                int i5 = 0;
                while (listFiles != null) {
                    if (i5 >= listFiles.length) {
                        break;
                    }
                    File file = listFiles[i5];
                    if (file.isFile() && file.canRead()) {
                        if (m_logger.isDebugEnabled()) {
                            m_logger.debug("Reading TSL: " + file.getAbsolutePath());
                        }
                        TslParser tslParser = new TslParser();
                        FileInputStream fileInputStream = new FileInputStream(file);
                        TrustServiceStatusList readTSL = tslParser.readTSL(fileInputStream);
                        fileInputStream.close();
                        if (readTSL != null) {
                            if (m_logger.isDebugEnabled()) {
                                m_logger.debug("Got TSL: " + readTSL);
                            }
                            this.m_tsls.add(readTSL);
                        }
                    }
                    i5++;
                }
            }
        } catch (DigiDocException e4) {
            m_logger.error("Error init TrustServiceFactory dd: " + e4);
            e4.printStackTrace();
            throw e4;
        } catch (Exception e5) {
            m_logger.error("Error init TrustServiceFactory: " + e5);
            e5.printStackTrace();
        }
    }

    private TrustServiceStatusList findTslByType(String str) {
        for (int i = 0; this.m_tsls != null && i < this.m_tsls.size(); i++) {
            TrustServiceStatusList trustServiceStatusList = (TrustServiceStatusList) this.m_tsls.get(i);
            if (trustServiceStatusList.getSchemeInformation() != null && trustServiceStatusList.getSchemeInformation().getType() != null && trustServiceStatusList.getSchemeInformation().getType().equals(str)) {
                return trustServiceStatusList;
            }
        }
        return null;
    }

    public TrustServiceProvider addTspProvider(String str, String str2) {
        TrustServiceStatusList findTslByType = findTslByType(SchemeInformation.TYPE_LOCAL);
        if (findTslByType == null) {
            return null;
        }
        TrustServiceProvider trustServiceProvider = new TrustServiceProvider();
        findTslByType.addTrustServiceProvider(trustServiceProvider);
        TSPInformation tSPInformation = new TSPInformation();
        tSPInformation.addName(new MultiLangString(null, str));
        tSPInformation.addTradeName(new MultiLangString(null, str2));
        trustServiceProvider.setTSPInformation(tSPInformation);
        return trustServiceProvider;
    }

    public TSPService addCATspService(TrustServiceProvider trustServiceProvider, X509Certificate x509Certificate) {
        TSPService tSPService = new TSPService();
        tSPService.setType(TSPService.TSP_TYPE_CA_QC);
        tSPService.addCertificate(x509Certificate);
        tSPService.addSubjectName(new MultiLangString(null, x509Certificate.getSubjectDN().getName()));
        tSPService.addName(new MultiLangString(null, ConvertUtils.getCommonName(x509Certificate.getSubjectDN().getName())));
        tSPService.setCn(ConvertUtils.getCommonName(x509Certificate.getSubjectDN().getName()));
        trustServiceProvider.addTSPService(tSPService);
        return tSPService;
    }

    public TSPService addOcspTspService(TrustServiceProvider trustServiceProvider, X509Certificate x509Certificate, String str, String str2, String str3, String str4) {
        TSPService tSPService = new TSPService();
        tSPService.setType(TSPService.TSP_TYPE_EXT_OCSP_QC);
        tSPService.addCertificate(x509Certificate);
        tSPService.addSubjectName(new MultiLangString(null, x509Certificate.getSubjectDN().getName()));
        tSPService.addName(new MultiLangString(null, str));
        tSPService.addServiceAccessPoint(str2);
        tSPService.setCn(str3);
        tSPService.setCaCn(str4);
        trustServiceProvider.addTSPService(tSPService);
        return tSPService;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v14, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r0v26, types: [java.io.InputStream] */
    private static X509Certificate readCertificate(String str) throws DigiDocException {
        X509Certificate x509Certificate = null;
        if (str != null) {
            try {
                FileInputStream openStream = str.startsWith("http") ? new URL(str).openStream() : str.startsWith("jar://") ? ConfigManager.instance().getClass().getClassLoader().getResourceAsStream(str.substring(6)) : new FileInputStream(str);
                x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(openStream);
                openStream.close();
                if (m_logger.isDebugEnabled()) {
                    m_logger.debug("Read cert: " + str + " - " + (x509Certificate != null ? "OK" : "NULL"));
                }
            } catch (Exception e) {
                DigiDocException.handleException(e, 10);
            }
        }
        return x509Certificate;
    }

    private X509Certificate findCaForCertInTsl(TrustServiceStatusList trustServiceStatusList, X509Certificate x509Certificate, Date date) {
        Principal issuerDN = x509Certificate.getIssuerDN();
        String name = x509Certificate.getSubjectDN().getName();
        for (int i = 0; i < trustServiceStatusList.getNumProviders(); i++) {
            TrustServiceProvider trustServiceProvider = trustServiceStatusList.getTrustServiceProvider(i);
            for (int i2 = 0; i2 < trustServiceProvider.getNumServices(); i2++) {
                TSPService tSPService = trustServiceProvider.getTSPService(i2);
                if (tSPService.isCA()) {
                    for (int i3 = 0; i3 < tSPService.getNumCertificates(); i3++) {
                        X509Certificate certificate = tSPService.getCertificate(i3);
                        if (certificate != null) {
                            Principal subjectDN = certificate.getSubjectDN();
                            String name2 = certificate.getSubjectDN().getName();
                            if (subjectDN.equals(issuerDN) && (date == null || (date != null && date.after(certificate.getNotBefore()) && date.before(certificate.getNotAfter())))) {
                                if (m_logger.isDebugEnabled()) {
                                    m_logger.debug("Found matching CA dn: " + name2);
                                }
                                try {
                                    x509Certificate.verify(certificate.getPublicKey());
                                    if (m_logger.isDebugEnabled()) {
                                        m_logger.debug("CA: " + name2 + " IS issuer of: " + name + " serial: " + certificate.getSerialNumber().toString());
                                    }
                                    return certificate;
                                } catch (Exception e) {
                                    if (m_logger.isDebugEnabled()) {
                                        m_logger.debug("CA: " + name2 + " IS NOT issuer of: " + name);
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
        return null;
    }

    private X509Certificate findOcspInTsl(TrustServiceStatusList trustServiceStatusList, String str) {
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Search OCSP by cn: " + str);
        }
        for (int i = 0; i < trustServiceStatusList.getNumProviders(); i++) {
            TrustServiceProvider trustServiceProvider = trustServiceStatusList.getTrustServiceProvider(i);
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("TSP: " + trustServiceProvider.getTSPInformation().getName(0));
            }
            for (int i2 = 0; i2 < trustServiceProvider.getNumServices(); i2++) {
                TSPService tSPService = trustServiceProvider.getTSPService(i2);
                if (m_logger.isDebugEnabled()) {
                    m_logger.debug("Service: " + tSPService.getCn() + " ocsp: " + tSPService.isOCSP() + " CA: " + tSPService.isCA());
                }
                if (tSPService.isOCSP() && tSPService.getCn() != null && tSPService.getCn().equalsIgnoreCase(str)) {
                    if (m_logger.isDebugEnabled()) {
                        m_logger.debug("Found OCSP: " + str);
                    }
                    return tSPService.getCertificate(0);
                }
            }
        }
        if (!m_logger.isDebugEnabled()) {
            return null;
        }
        m_logger.debug("Did not find ocsp for: " + str);
        return null;
    }

    private X509Certificate[] findOcspsInTsl(TrustServiceStatusList trustServiceStatusList, String str, String str2) {
        Vector vector = new Vector();
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Search OCSP by cn: " + str + " serial: " + str2);
        }
        for (int i = 0; i < trustServiceStatusList.getNumProviders(); i++) {
            TrustServiceProvider trustServiceProvider = trustServiceStatusList.getTrustServiceProvider(i);
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("TSP: " + trustServiceProvider.getTSPInformation().getName(0));
            }
            for (int i2 = 0; i2 < trustServiceProvider.getNumServices(); i2++) {
                TSPService tSPService = trustServiceProvider.getTSPService(i2);
                if (m_logger.isDebugEnabled()) {
                    m_logger.debug("Service: " + tSPService.getCn() + " ocsp: " + tSPService.isOCSP() + " CA: " + tSPService.isCA());
                }
                if (tSPService.isOCSP() && tSPService.getCn() != null && tSPService.getCn().equalsIgnoreCase(str)) {
                    if (m_logger.isDebugEnabled()) {
                        m_logger.debug("Found OCSP: " + str);
                    }
                    for (int i3 = 0; i3 < tSPService.getNumCertificates(); i3++) {
                        X509Certificate certificate = tSPService.getCertificate(i3);
                        if (str2 == null || (str2 != null && str2.equals(certificate.getSerialNumber().toString()))) {
                            if (m_logger.isDebugEnabled() && certificate != null) {
                                m_logger.debug("Found cert: " + certificate.getSubjectDN().toString() + " serial: " + certificate.getSerialNumber().toString());
                            }
                            vector.add(certificate);
                        }
                    }
                }
            }
        }
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Found: " + vector.size() + " certs for: " + str);
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[vector.size()];
        for (int i4 = 0; i4 < vector.size(); i4++) {
            x509CertificateArr[i4] = (X509Certificate) vector.elementAt(i4);
        }
        return x509CertificateArr;
    }

    @Override // ee.sk.digidoc.factory.TrustServiceFactory
    public X509Certificate findCaForCert(X509Certificate x509Certificate, boolean z) {
        return findCaForCert(x509Certificate, z, null);
    }

    @Override // ee.sk.digidoc.factory.TrustServiceFactory
    public X509Certificate findCaForCert(X509Certificate x509Certificate, boolean z, Date date) {
        X509Certificate findCaForCertInTsl;
        x509Certificate.getIssuerDN();
        String name = x509Certificate.getIssuerDN().getName();
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Search CA: " + name);
        }
        for (int i = 0; this.m_tsls != null && i < this.m_tsls.size(); i++) {
            TrustServiceStatusList trustServiceStatusList = (TrustServiceStatusList) this.m_tsls.get(i);
            if (((trustServiceStatusList.isLocal() && z) || !trustServiceStatusList.isLocal()) && (findCaForCertInTsl = findCaForCertInTsl(trustServiceStatusList, x509Certificate, date)) != null) {
                return findCaForCertInTsl;
            }
        }
        return null;
    }

    @Override // ee.sk.digidoc.factory.TrustServiceFactory
    public X509Certificate findOcspByCN(String str, boolean z) {
        X509Certificate findOcspInTsl;
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Search OCSP: " + str + " use-local: " + z);
        }
        for (int i = 0; this.m_tsls != null && i < this.m_tsls.size(); i++) {
            TrustServiceStatusList trustServiceStatusList = (TrustServiceStatusList) this.m_tsls.get(i);
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("TSL: " + trustServiceStatusList.getSchemeInformation().getSchemeName(0) + " local: " + trustServiceStatusList.isLocal());
            }
            if (((trustServiceStatusList.isLocal() && z) || !trustServiceStatusList.isLocal()) && (findOcspInTsl = findOcspInTsl(trustServiceStatusList, str)) != null) {
                return findOcspInTsl;
            }
        }
        return null;
    }

    @Override // ee.sk.digidoc.factory.TrustServiceFactory
    public X509Certificate[] findOcspsByCNAndNr(String str, boolean z, String str2) {
        X509Certificate[] x509CertificateArr = null;
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Search OCSP: " + str + " use-local: " + z + " serial: " + str2);
        }
        for (int i = 0; this.m_tsls != null && x509CertificateArr == null && i < this.m_tsls.size(); i++) {
            TrustServiceStatusList trustServiceStatusList = (TrustServiceStatusList) this.m_tsls.get(i);
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("TSL: " + trustServiceStatusList.getSchemeInformation().getSchemeName(0) + " local: " + trustServiceStatusList.isLocal());
            }
            if ((trustServiceStatusList.isLocal() && z) || !trustServiceStatusList.isLocal()) {
                x509CertificateArr = findOcspsInTsl(trustServiceStatusList, str, str2);
                findOcspInTsl(trustServiceStatusList, str);
            }
        }
        return x509CertificateArr;
    }

    @Override // ee.sk.digidoc.factory.TrustServiceFactory
    public String findOcspUrlForCert(X509Certificate x509Certificate, int i, boolean z) {
        String commonName = ConvertUtils.getCommonName(x509Certificate.getIssuerDN().getName());
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Search ocsp url for CA: " + commonName);
        }
        for (int i2 = 0; this.m_tsls != null && i2 < this.m_tsls.size(); i2++) {
            TrustServiceStatusList trustServiceStatusList = (TrustServiceStatusList) this.m_tsls.get(i2);
            if ((trustServiceStatusList.isLocal() && z) || !trustServiceStatusList.isLocal()) {
                for (int i3 = 0; i3 < trustServiceStatusList.getNumProviders(); i3++) {
                    TrustServiceProvider trustServiceProvider = trustServiceStatusList.getTrustServiceProvider(i3);
                    for (int i4 = 0; i4 < trustServiceProvider.getNumServices(); i4++) {
                        TSPService tSPService = trustServiceProvider.getTSPService(i4);
                        if (m_logger.isDebugEnabled()) {
                            m_logger.debug("Checking tsp service: " + commonName);
                        }
                        if (tSPService.isOCSP() && tSPService.getCaCn() != null && tSPService.getCaCn().equals(commonName)) {
                            if (m_logger.isDebugEnabled()) {
                                m_logger.debug("Found OCSP: " + commonName);
                            }
                            if (tSPService.getServiceAccessPoints() != null && i >= 0 && i < tSPService.getServiceAccessPoints().length) {
                                if (m_logger.isDebugEnabled()) {
                                    m_logger.debug("Found ocsp URL: " + tSPService.getServiceAccessPoints()[i]);
                                }
                                return tSPService.getServiceAccessPoints()[i];
                            }
                        }
                    }
                }
            }
        }
        String property = ConfigManager.instance().getProperty("DIGIDOC_OCSP_RESPONDER_URL");
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Using default URL: " + property);
        }
        return property;
    }
}
