package at.gv.egovernment.moa.sig.tsl.pki;

import at.gv.egovernment.moa.sig.tsl.database.AbstractDBService;
import at.gv.egovernment.moa.sig.tsl.database.IDBService;
import at.gv.egovernment.moa.sig.tsl.database.dao.DigitalIdContext;
import at.gv.egovernment.moa.sig.tsl.exception.TslDatabaseException;
import at.gv.egovernment.moa.sig.tsl.exception.TslProcessingException;
import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil;
import at.gv.egovernment.moa.sig.tsl.utils.TslCertificateUtils;
import iaik.logging.TransactionId;
import iaik.pki.store.truststore.TrustStore;
import iaik.pki.store.truststore.TrustStoreException;
import iaik.pki.store.truststore.TrustStoreResult;
import iaik.pki.store.truststore.TrustStoreResultImpl;
import iaik.x509.X509Certificate;
import java.net.URI;
import java.net.URISyntaxException;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Collections;
import java.util.Date;
import java.util.Set;
import java.util.regex.Pattern;
import org.apache.log4j.Logger;

/* loaded from: input_file:at/gv/egovernment/moa/sig/tsl/pki/TslTrustStore.class */
public class TslTrustStore implements TrustStore {
    private static Logger log = Logger.getLogger(TslTrustStore.class);
    private TslTrustStoreProfile trustStoreProfile;
    private TransactionId transactionId;
    IDBService dbService;

    public TslTrustStore(IDBService iDBService, TslTrustStoreProfile tslTrustStoreProfile, TransactionId transactionId) {
        this.dbService = null;
        this.trustStoreProfile = tslTrustStoreProfile;
        this.transactionId = transactionId;
        this.dbService = iDBService;
    }

    public TrustStoreResult isCertificateTrusted(X509Certificate x509Certificate, TransactionId transactionId) {
        return isCertificateTrusted(x509Certificate, null, transactionId);
    }

    public TrustStoreResult isCertificateTrusted(X509Certificate x509Certificate, Date date, TransactionId transactionId) {
        if (date == null) {
            log.info("TransId: " + transactionId.getLogID() + " | Certificate 'CheckAtDate' is null --> use CurrentDate");
            date = new Date();
        }
        log.debug("TransId: " + transactionId.getLogID() + " | Evaluate trust for certificate: " + x509Certificate.getSubjectDN().getName() + " at date: " + date);
        ResultSet resultSet = null;
        try {
            try {
                String fingerPrint = TslCertificateUtils.getFingerPrint(x509Certificate);
                PreparedStatement prepareStatement = this.dbService.connectToDatabase(AbstractDBService.MODE.READ_ONLY).prepareStatement(DigitalIdContext.EVALUATE_CERT);
                prepareStatement.setString(1, fingerPrint);
                prepareStatement.setDate(2, new java.sql.Date(date.getTime()));
                prepareStatement.setDate(3, new java.sql.Date(new Date().getTime()));
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery.next()) {
                    if (checkStatus(executeQuery.getString(DigitalIdContext.COLS.status.name()), transactionId) && checkStatusType(executeQuery.getString(DigitalIdContext.COLS.sType.name()), transactionId) && checkCountryCode(executeQuery.getString(DigitalIdContext.COLS.territory.name()), transactionId)) {
                        TrustStoreResultImpl trustStoreResultImpl = new TrustStoreResultImpl(true);
                        if (MiscUtil.isNotEmpty(executeQuery.getString(DigitalIdContext.COLS.sType.name()))) {
                            trustStoreResultImpl.addAdditionalInformation(executeQuery.getString(DigitalIdContext.COLS.sType.name()));
                        }
                        if (executeQuery != null) {
                            try {
                                executeQuery.close();
                            } catch (SQLException e) {
                                log.error("Close database connection FAILED.", e);
                            }
                        }
                        return trustStoreResultImpl;
                    }
                }
                log.debug("TransId: " + transactionId.getLogID() + " | Result 'FALSE' for certificate: " + x509Certificate.getSubjectDN().getName() + " Fingerprint: " + fingerPrint + " at date: " + date);
                TrustStoreResultImpl trustStoreResultImpl2 = new TrustStoreResultImpl(false);
                if (executeQuery != null) {
                    try {
                        executeQuery.close();
                    } catch (SQLException e2) {
                        log.error("Close database connection FAILED.", e2);
                    }
                }
                return trustStoreResultImpl2;
            } catch (TslDatabaseException | TslProcessingException | SQLException e3) {
                log.error("TransId: " + transactionId.getLogID() + " | Certificate trust evaluation has an internal errror.", e3);
                TrustStoreResultImpl trustStoreResultImpl3 = new TrustStoreResultImpl(false);
                if (0 != 0) {
                    try {
                        resultSet.close();
                    } catch (SQLException e4) {
                        log.error("Close database connection FAILED.", e4);
                    }
                }
                return trustStoreResultImpl3;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    resultSet.close();
                } catch (SQLException e5) {
                    log.error("Close database connection FAILED.", e5);
                }
            }
            throw th;
        }
    }

    public Set getTrustedCertificates(TransactionId transactionId) throws TrustStoreException {
        log.warn("Returning trusted certificates is not supported by this truststore.");
        return Collections.EMPTY_SET;
    }

    public boolean addCertificate(X509Certificate x509Certificate, TransactionId transactionId) throws TrustStoreException {
        log.warn("Adding certificates to TSL truststore is not supported.");
        return false;
    }

    public boolean removeCertificate(X509Certificate x509Certificate, TransactionId transactionId) throws TrustStoreException {
        log.warn("Remove certificates to TSL truststore is not supported.");
        return false;
    }

    public String getType() {
        return TslTrustStoreProfile.TRUSTSTORETYPE_IDENTIFIER;
    }

    private boolean checkCountryCode(String str, TransactionId transactionId) {
        if (this.trustStoreProfile.getCountryCodes() == null || this.trustStoreProfile.getCountryCodes().isEmpty()) {
            log.debug("No TSP CountryCodes set --> Allow all countries");
            return true;
        }
        if (MiscUtil.isEmpty(str)) {
            log.debug("TransId: " + transactionId.getLogID() + " | TSP countryCode from TSL is empty.");
            return false;
        }
        if (this.trustStoreProfile.getCountryCodes().contains(str)) {
            return true;
        }
        log.debug("TransId: " + transactionId.getLogID() + " | TSP CountryCode:" + str + " is not allowed by TrustProfile configuration");
        return false;
    }

    private boolean checkStatus(String str, TransactionId transactionId) {
        try {
            if (this.trustStoreProfile.getAllowedTSPStatus() == null || this.trustStoreProfile.getAllowedTSPStatus().isEmpty()) {
                log.debug("No TSP status set --> Allow all possible status URIs");
                return true;
            }
            if (MiscUtil.isEmpty(str)) {
                log.debug("TransId: " + transactionId.getLogID() + " | TSP status information from TSL is empty.");
                return false;
            }
            if (this.trustStoreProfile.getAllowedTSPStatus().contains(new URI(str))) {
                return true;
            }
            log.debug("TransId: " + transactionId.getLogID() + " | TSP status:" + str + " is not allowed by TrustProfile configuration");
            return false;
        } catch (URISyntaxException e) {
            log.warn("TransId: " + transactionId.getLogID() + " | TSP status:" + str + " is not a valid URI");
            return false;
        }
    }

    private boolean checkStatusType(String str, TransactionId transactionId) {
        if (this.trustStoreProfile.getAllowedTSPServiceTypes() == null) {
            log.debug("No TSP status-type set --> Allow all possible status URIs");
            return true;
        }
        if (MiscUtil.isEmpty(str)) {
            log.debug("TransId: " + transactionId.getLogID() + " | TSP status-type information from TSL is empty.");
            return false;
        }
        for (Pattern pattern : this.trustStoreProfile.getAllowedTSPServiceTypes()) {
            if (pattern.matcher(str).matches()) {
                log.debug("TransId: " + transactionId.getLogID() + " | TSP status-type:" + str + " matches TrustProfile configuration");
                return true;
            }
            log.trace("TransId: " + transactionId.getLogID() + " | TSP status-type:" + str + " does NOT match TrustProfile configuration pattern:" + pattern.pattern());
        }
        log.debug("TransId: " + transactionId.getLogID() + " | TSP status-type:" + str + " is not allowed by TrustProfile configuration");
        return false;
    }
}
