package eu.emi.security.authn.x509.helpers.trust;

import eu.emi.security.authn.x509.StoreUpdateListener;
import eu.emi.security.authn.x509.helpers.CachedElement;
import eu.emi.security.authn.x509.helpers.ObserversHandler;
import eu.emi.security.authn.x509.helpers.ns.LazyEuGridPmaNamespacesStore;
import eu.emi.security.authn.x509.helpers.ns.LazyGlobusNamespacesStore;
import eu.emi.security.authn.x509.helpers.ns.NamespacesStore;
import eu.emi.security.authn.x509.impl.CertificateUtils;
import eu.emi.security.authn.x509.impl.X500NameUtils;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.WeakHashMap;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:eu/emi/security/authn/x509/helpers/trust/LazyOpensslTrustAnchorStoreImpl.class */
public class LazyOpensslTrustAnchorStoreImpl extends AbstractTrustAnchorStore implements OpensslTrustAnchorStore {
    public static final String CERTS_REGEXP = "........\\.[0-9]+";
    protected CachedElement<Set<TrustAnchorExt>> cachedAnchors;
    protected Map<X500Principal, CachedElement<Set<TrustAnchorExt>>> cachedAnchorsPerIssuer;
    private boolean openssl1Mode;
    private NamespacesStore pmaNsStore;
    private NamespacesStore globusNsStore;
    private File baseDirectory;

    public LazyOpensslTrustAnchorStoreImpl(String str, long j, ObserversHandler observersHandler, boolean z) {
        super(j, observersHandler);
        this.baseDirectory = new File(str);
        this.openssl1Mode = z;
        this.cachedAnchorsPerIssuer = new WeakHashMap(150);
        this.pmaNsStore = new LazyEuGridPmaNamespacesStore(observersHandler, z, str, j);
        this.globusNsStore = new LazyGlobusNamespacesStore(observersHandler, z, str, j);
    }

    protected X509Certificate tryLoadCertInternal(File file) {
        try {
            X509Certificate loadCertificate = CertificateUtils.loadCertificate(new BufferedInputStream(new FileInputStream(file)), CertificateUtils.Encoding.PEM);
            this.observers.notifyObservers(file.getAbsolutePath(), StoreUpdateListener.CA_CERT, StoreUpdateListener.Severity.NOTIFICATION, null);
            return loadCertificate;
        } catch (Exception e) {
            this.observers.notifyObservers(file.getAbsolutePath(), StoreUpdateListener.CA_CERT, StoreUpdateListener.Severity.ERROR, e);
            return null;
        }
    }

    protected void tryLoadCert(File file, Set<TrustAnchorExt> set) {
        X509Certificate tryLoadCertInternal;
        String fileHash = OpensslTruststoreHelper.getFileHash(file.getPath(), OpensslTruststoreHelper.CERT_REGEXP);
        if (fileHash == null || (tryLoadCertInternal = tryLoadCertInternal(file)) == null || !fileHash.equalsIgnoreCase(OpensslTruststoreHelper.getOpenSSLCAHash(tryLoadCertInternal.getSubjectX500Principal(), this.openssl1Mode))) {
            return;
        }
        set.add(new TrustAnchorExt(tryLoadCertInternal, null));
    }

    @Override // eu.emi.security.authn.x509.helpers.trust.OpensslTrustAnchorStore
    public NamespacesStore getPmaNsStore() {
        return this.pmaNsStore;
    }

    @Override // eu.emi.security.authn.x509.helpers.trust.OpensslTrustAnchorStore
    public NamespacesStore getGlobusNsStore() {
        return this.globusNsStore;
    }

    private Set<TrustAnchorExt> loadTrustAnchors() {
        Collection<File> filesWithRegexp = OpensslTruststoreHelper.getFilesWithRegexp(CERTS_REGEXP, this.baseDirectory);
        HashSet hashSet = new HashSet(filesWithRegexp.size());
        Iterator<File> it = filesWithRegexp.iterator();
        while (it.hasNext()) {
            tryLoadCert(it.next(), hashSet);
        }
        return hashSet;
    }

    @Override // eu.emi.security.authn.x509.helpers.trust.TrustAnchorStore
    public Set<TrustAnchor> getTrustAnchors() {
        if (this.cachedAnchors == null || this.cachedAnchors.isExpired(getUpdateInterval())) {
            this.cachedAnchors = new CachedElement<>(loadTrustAnchors());
        }
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.cachedAnchors.getElement());
        return hashSet;
    }

    @Override // eu.emi.security.authn.x509.helpers.trust.TrustAnchorStore
    public X509Certificate[] getTrustedCertificates() {
        Set<TrustAnchor> trustAnchors = getTrustAnchors();
        X509Certificate[] x509CertificateArr = new X509Certificate[trustAnchors.size()];
        int i = 0;
        Iterator<TrustAnchor> it = trustAnchors.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            x509CertificateArr[i2] = it.next().getTrustedCert();
        }
        return x509CertificateArr;
    }

    @Override // eu.emi.security.authn.x509.helpers.trust.TrustAnchorStore
    public void dispose() {
    }

    public Set<TrustAnchor> getTrustAnchorsFor(X509Certificate[] x509CertificateArr) {
        HashSet hashSet = new HashSet();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            tryLoadTAFor(x509Certificate.getSubjectX500Principal(), hashSet);
        }
        tryLoadTAFor(x509CertificateArr[x509CertificateArr.length - 1].getIssuerX500Principal(), hashSet);
        return new HashSet(hashSet);
    }

    private void tryLoadTAFor(X500Principal x500Principal, Set<TrustAnchorExt> set) {
        CachedElement<Set<TrustAnchorExt>> cachedElement = this.cachedAnchorsPerIssuer.get(x500Principal);
        if (cachedElement != null && !cachedElement.isExpired(this.updateInterval)) {
            set.addAll(cachedElement.getElement());
            return;
        }
        HashSet hashSet = new HashSet();
        Iterator<File> it = OpensslTruststoreHelper.getFilesWithRegexp(OpensslTruststoreHelper.getOpenSSLCAHash(x500Principal, this.openssl1Mode) + "\\.[0-9]+", this.baseDirectory).iterator();
        while (it.hasNext()) {
            X509Certificate tryLoadCertInternal = tryLoadCertInternal(it.next());
            if (X500NameUtils.rfc3280Equal(tryLoadCertInternal.getSubjectX500Principal(), x500Principal)) {
                hashSet.add(new TrustAnchorExt(tryLoadCertInternal, null));
                X500Principal issuerX500Principal = tryLoadCertInternal.getIssuerX500Principal();
                if (!X500NameUtils.rfc3280Equal(issuerX500Principal, x500Principal)) {
                    tryLoadTAFor(issuerX500Principal, hashSet);
                }
            }
        }
        set.addAll(hashSet);
        this.cachedAnchorsPerIssuer.put(x500Principal, new CachedElement<>(hashSet));
    }
}
