package at.gv.egovernment.moa.sig.tsl.impl;

import at.gv.egovernment.moa.sig.tsl.TslConstants;
import at.gv.egovernment.moa.sig.tsl.api.ITslConfiguration;
import at.gv.egovernment.moa.sig.tsl.api.ITslService;
import at.gv.egovernment.moa.sig.tsl.database.DatabaseServiceFactory;
import at.gv.egovernment.moa.sig.tsl.database.IDBService;
import at.gv.egovernment.moa.sig.tsl.engine.SecuredSAXParserFactoryImpl;
import at.gv.egovernment.moa.sig.tsl.engine.TslEngine;
import at.gv.egovernment.moa.sig.tsl.engine.data.BinaryHashCache;
import at.gv.egovernment.moa.sig.tsl.engine.data.ITslEndEntityResult;
import at.gv.egovernment.moa.sig.tsl.engine.data.ITslEvaluationResult;
import at.gv.egovernment.moa.sig.tsl.engine.data.PointerToNationalTsl;
import at.gv.egovernment.moa.sig.tsl.engine.data.TSLEvaluationResult;
import at.gv.egovernment.moa.sig.tsl.engine.data.TSLProcessingResultElement;
import at.gv.egovernment.moa.sig.tsl.exception.TslDatabaseException;
import at.gv.egovernment.moa.sig.tsl.exception.TslException;
import at.gv.egovernment.moa.sig.tsl.exception.TslInitializationException;
import at.gv.egovernment.moa.sig.tsl.exception.TslPKIException;
import at.gv.egovernment.moa.sig.tsl.exception.TslProcessingException;
import at.gv.egovernment.moa.sig.tsl.pki.TslTrustStoreHandler;
import at.gv.egovernment.moa.sig.tsl.pki.TslTrustStoreProfile;
import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil;
import iaik.asn1.ObjectID;
import iaik.logging.impl.TransactionIdImpl;
import iaik.pki.store.certstore.CertStoreParameters;
import iaik.pki.store.certstore.directory.DefaultDirectoryCertStoreParameters;
import iaik.pki.store.truststore.TrustStoreException;
import iaik.pki.store.truststore.TrustStoreFactory;
import iaik.utils.RFC2253NameParser;
import iaik.x509.X509Certificate;
import iaik.xml.crypto.XSecProvider;
import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:at/gv/egovernment/moa/sig/tsl/impl/TslServiceImpl.class */
public class TslServiceImpl implements ITslService {
    private static final Logger log = LoggerFactory.getLogger(TslServiceImpl.class);
    private boolean isInitialized = false;
    private ITslConfiguration config = null;
    private IDBService dbService = null;

    @Override // at.gv.egovernment.moa.sig.tsl.api.ITslService
    public void initialize(ITslConfiguration iTslConfiguration) throws TslInitializationException {
        if (this.isInitialized) {
            log.info("TSL service with ID:" + iTslConfiguration.getServiceID() + " is already initialized.");
            return;
        }
        this.config = iTslConfiguration;
        BinaryHashCache.getInstance().initialize(iTslConfiguration.getPathToTslHashCacheDirectory());
        File file = new File(iTslConfiguration.getPathToSQLiteDatabaseFile());
        try {
            log.debug("Create SQLite databaise file ... ");
            file.delete();
            file.createNewFile();
            System.setProperty("javax.xml.parsers.SAXParserFactory", SecuredSAXParserFactoryImpl.class.getName());
            log.debug("### SURNAME registered as " + ObjectID.surName + " ###");
            RFC2253NameParser.register("SURNAME", ObjectID.surName);
            log.debug("### G registered as " + ObjectID.givenName + " ###");
            RFC2253NameParser.register("G", ObjectID.givenName);
            XSecProvider.addAsProvider(false);
            try {
                this.dbService = DatabaseServiceFactory.buildDatabaseService(file);
                if (this.dbService == null) {
                    log.error("Can not build database interaction service!");
                    throw new TslInitializationException("Can not build database interaction service!");
                }
                this.isInitialized = true;
            } catch (TslDatabaseException e) {
                throw new TslInitializationException("Can not build database interaction service!", e);
            }
        } catch (IOException e2) {
            throw new TslInitializationException("Could not create database file", e2);
        }
    }

    @Override // at.gv.egovernment.moa.sig.tsl.api.ITslService
    public void updateTSLInformation() throws TslException {
        checkIfInitialized();
        log.debug("Starting update process for TSL service with ID:" + this.config.getServiceID() + " ...");
        TslEngine tslEngine = new TslEngine(this.config, this.dbService);
        try {
            Iterator<PointerToNationalTsl> it = tslEngine.processEUTSL().iterator();
            boolean hasNext = it.hasNext();
            while (hasNext) {
                HashMap hashMap = new HashMap();
                while (it.hasNext()) {
                    PointerToNationalTsl next = it.next();
                    try {
                        List<PointerToNationalTsl> processNationalTSL = tslEngine.processNationalTSL(next);
                        if (processNationalTSL != null && !processNationalTSL.isEmpty()) {
                            for (PointerToNationalTsl pointerToNationalTsl : processNationalTSL) {
                                if (!hashMap.containsKey(pointerToNationalTsl.getUrl().toString())) {
                                    hashMap.put(pointerToNationalTsl.getUrl().toString(), pointerToNationalTsl);
                                }
                            }
                        }
                    } catch (TslProcessingException e) {
                        log.warn("National TSL from " + next.getCountryCode() + " can NOT be USED. Reason:" + e.getMessage());
                    }
                }
                if (hashMap.isEmpty()) {
                    hasNext = false;
                } else {
                    it = hashMap.values().iterator();
                }
            }
        } catch (TslException e2) {
            log.info("EU-TSL has an processing error. Clean-up database ... ");
        }
        this.dbService.cleanUPCertificatesWhichNotOnTSLAnyMore();
    }

    @Override // at.gv.egovernment.moa.sig.tsl.api.ITslService
    public ITslEndEntityResult evaluate(List<X509Certificate> list, TslConstants.X509Model x509Model) throws TslException {
        return evaluate(list, new Date(), x509Model);
    }

    @Override // at.gv.egovernment.moa.sig.tsl.api.ITslService
    public ITslEndEntityResult evaluate(List<X509Certificate> list, Date date, TslConstants.X509Model x509Model) throws TslException {
        checkIfInitialized();
        log.debug("Starting certificate evaluation by using TSL information ... ");
        Map.Entry<X509Certificate, ITslEvaluationResult> next = new TslEngine(this.config, this.dbService).evaluate(x509Model, list, date, new Date()).entrySet().iterator().next();
        ITslEvaluationResult value = next.getValue();
        if (value == null) {
            log.info("Certificate: {} is NOT on the TSL", next.getKey().getSubjectDN());
            return null;
        }
        if (value instanceof TSLEvaluationResult.TSLResultRow.TSLEndEntityResult) {
            log.info("Certificate: {} is on the TSL", next.getKey().getSubjectDN());
            return (ITslEndEntityResult) value;
        }
        if (value instanceof TSLEvaluationResult) {
            log.info("Certificate: {} is NOT on the TSL", next.getKey().getSubjectDN());
            return null;
        }
        log.error("TSL evaluation results as an unsupported class type: {}", value.getClass().getName());
        throw new TslException("TSL evaluation results as an unsupported class type");
    }

    @Override // at.gv.egovernment.moa.sig.tsl.api.ITslService
    public CertStoreParameters getCertStoreWithTSLCertificates() throws TslException {
        checkIfInitialized();
        DefaultDirectoryCertStoreParameters defaultDirectoryCertStoreParameters = new DefaultDirectoryCertStoreParameters("TSL-" + this.config.getServiceID(), this.config.getPathToTslHashCacheDirectory(), false, true);
        log.debug("Build CertStore from TSL certificate hashcache directory");
        return defaultDirectoryCertStoreParameters;
    }

    @Override // at.gv.egovernment.moa.sig.tsl.api.ITslService
    public TslTrustStoreProfile buildTrustStoreProfile(List<String> list, List<URI> list2, List<Pattern> list3, String str) throws TslPKIException {
        if (list2 != null) {
            for (URI uri : list2) {
                if (!TslConstants.SERVICE_STATUS_URI_TO_SHORT.containsKey(uri)) {
                    log.warn("TSP Status: " + uri + " is unkown.");
                    throw new TslPKIException("TSP Status: " + uri + " is unkown.");
                }
            }
        } else {
            log.info("TSP status is empty or null --> Allow all TSP status for TrustStore with Id:" + str);
        }
        if (list == null || list.isEmpty()) {
            log.info("CountryCodes are empty or null --> Allow all TSP countries for TrustStore with Id:" + str);
        }
        if (list3 == null || list3.isEmpty()) {
            log.info("TSP service-type is null --> Allow all TSP service-types for TrustStore with Id:" + str);
            list3 = Arrays.asList(Pattern.compile(TslConstants.DEFAULT_REGEX_PATTERN_ALLOW_ALL));
        }
        if (MiscUtil.isEmpty(str)) {
            throw new TslPKIException("TrustStoreId is empty or null");
        }
        TslTrustStoreProfile tslTrustStoreProfile = new TslTrustStoreProfile(list, list2, list3, str);
        try {
            TrustStoreFactory.getInstance(tslTrustStoreProfile, new TransactionIdImpl("TSL-TrustStore initialization"));
        } catch (TrustStoreException e) {
            log.debug("Register TSL TrustStore handler ...");
            TrustStoreFactory.addTrustStoreHandler(new TslTrustStoreHandler(this.dbService));
        }
        return tslTrustStoreProfile;
    }

    @Override // at.gv.egovernment.moa.sig.tsl.api.ITslService
    public List<TSLProcessingResultElement> getCurrentTSLClientStatus() {
        log.debug("Evaluate status for this TSL client ... ");
        return new TslEngine(this.config, this.dbService).getCurrentTSLClientStatus();
    }

    @Override // at.gv.egovernment.moa.sig.tsl.api.ITslService
    @Deprecated
    public List<URI> evaluateQualifier(List<X509Certificate> list, Date date) throws TslException {
        ITslEndEntityResult evaluate = evaluate(list, date, TslConstants.PKIX_MODEL);
        log.debug("Starting certificate 'Qualifier' evaluation by using TSL information ... ");
        if (evaluate != null) {
            return evaluate.getEvaluatedQualifier();
        }
        return null;
    }

    @Override // at.gv.egovernment.moa.sig.tsl.api.ITslService
    @Deprecated
    public List<URI> evaluateQualifier(List<X509Certificate> list) throws TslException {
        return evaluateQualifier(list, new Date());
    }

    @Override // at.gv.egovernment.moa.sig.tsl.api.ITslService
    @Deprecated
    public URI evaluateServiceTypeIdentifier(List<X509Certificate> list, Date date) throws TslException {
        ITslEndEntityResult evaluate = evaluate(list, date, TslConstants.PKIX_MODEL);
        log.debug("Starting certificate 'ServiceType' evaluation by using TSL information ... ");
        if (evaluate != null) {
            return evaluate.getEvaluatedServiceTypeIdentifier();
        }
        return null;
    }

    @Override // at.gv.egovernment.moa.sig.tsl.api.ITslService
    @Deprecated
    public URI evaluateServiceTypeIdentifier(List<X509Certificate> list) throws TslException {
        return evaluateServiceTypeIdentifier(list, new Date());
    }

    private void checkIfInitialized() throws TslException {
        if (this.isInitialized) {
            return;
        }
        log.error("TSL service is not initialized!");
        throw new TslException("TSL service is not initialized!");
    }
}
