package eu.emi.security.authn.x509.helpers.trust;

import eu.emi.security.authn.x509.StoreUpdateListener;
import eu.emi.security.authn.x509.helpers.ObserversHandler;
import eu.emi.security.authn.x509.helpers.pkipath.PlainStoreUtils;
import eu.emi.security.authn.x509.impl.CertificateUtils;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLConnection;
import java.security.cert.CertificateEncodingException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Timer;

/* loaded from: input_file:eu/emi/security/authn/x509/helpers/trust/DirectoryTrustAnchorStore.class */
public class DirectoryTrustAnchorStore extends TimedTrustAnchorStoreBase {
    private final PlainStoreUtils utils;
    private final int connTimeout;
    private final String cacheDir;
    protected Set<TrustAnchorExt> anchors;
    protected Map<URL, TrustAnchorExt> locations2anchors;
    protected CertificateUtils.Encoding encoding;

    public DirectoryTrustAnchorStore(List<String> list, String str, int i, Timer timer, long j, CertificateUtils.Encoding encoding, ObserversHandler observersHandler) {
        this(list, str, i, timer, j, encoding, observersHandler, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DirectoryTrustAnchorStore(List<String> list, String str, int i, Timer timer, long j, CertificateUtils.Encoding encoding, ObserversHandler observersHandler, boolean z) {
        super(timer, j, observersHandler);
        this.utils = new PlainStoreUtils(str, "-cacert", list);
        if (i < 0) {
            throw new IllegalArgumentException("Remote connection timeout must be a non negative number");
        }
        this.connTimeout = i;
        this.cacheDir = str;
        this.anchors = new HashSet();
        this.locations2anchors = new HashMap();
        this.encoding = encoding;
        if (z) {
            return;
        }
        update();
        scheduleUpdate();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public X509Certificate[] loadCerts(URL url) throws IOException, URISyntaxException, CertificateEncodingException {
        boolean z = false;
        if (url.getProtocol().equalsIgnoreCase("file")) {
            z = true;
        }
        try {
            URLConnection openConnection = url.openConnection();
            if (!z) {
                openConnection.setConnectTimeout(this.connTimeout);
                openConnection.setReadTimeout(this.connTimeout);
            }
            X509Certificate[] loadCertificates = CertificateUtils.loadCertificates(new BufferedInputStream(openConnection.getInputStream()), getEncoding());
            this.observers.notifyObservers(url.toExternalForm(), StoreUpdateListener.CA_CERT, StoreUpdateListener.Severity.NOTIFICATION, null);
            if (!z && loadCertificates.length == 1) {
                this.utils.saveCacheFile(loadCertificates[0].getEncoded(), url);
            }
            return loadCertificates;
        } catch (IOException e) {
            if (z || this.cacheDir == null) {
                throw e;
            }
            File cacheFile = this.utils.getCacheFile(url);
            if (!cacheFile.exists()) {
                throw e;
            }
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(cacheFile));
            X509Certificate[] loadCertificates2 = CertificateUtils.loadCertificates(bufferedInputStream, getEncoding());
            bufferedInputStream.close();
            this.observers.notifyObservers(url.toExternalForm(), StoreUpdateListener.CA_CERT, StoreUpdateListener.Severity.WARNING, new IOException("Warning: CA certificate was not loaded from its URL, but its previous cached copy was loaded from disk file " + cacheFile.getPath(), e));
            return loadCertificates2;
        }
    }

    protected void reloadCerts(Collection<URL> collection) {
        HashSet hashSet = new HashSet();
        HashMap hashMap = new HashMap();
        for (URL url : collection) {
            try {
                for (X509Certificate x509Certificate : loadCerts(url)) {
                    checkValidity(url.toExternalForm(), x509Certificate, false);
                    TrustAnchorExt trustAnchorExt = new TrustAnchorExt(x509Certificate, null);
                    hashSet.add(trustAnchorExt);
                    hashMap.put(url, trustAnchorExt);
                }
            } catch (Exception e) {
                this.observers.notifyObservers(url.toExternalForm(), StoreUpdateListener.CA_CERT, StoreUpdateListener.Severity.ERROR, e);
            }
        }
        synchronized (this) {
            this.anchors.addAll(hashSet);
            this.locations2anchors.putAll(hashMap);
        }
    }

    private synchronized void removeStaleCas() {
        Iterator<Map.Entry<URL, TrustAnchorExt>> it = this.locations2anchors.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry<URL, TrustAnchorExt> next = it.next();
            if (!this.utils.isPresent(next.getKey())) {
                this.anchors.remove(next.getValue());
                it.remove();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // eu.emi.security.authn.x509.helpers.trust.TimedTrustAnchorStoreBase
    public void update() {
        this.utils.establishWildcardsLocations();
        removeStaleCas();
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(this.utils.getURLLocations());
        arrayList.addAll(this.utils.getResolvedWildcards());
        reloadCerts(arrayList);
    }

    @Override // eu.emi.security.authn.x509.helpers.trust.TrustAnchorStore
    public synchronized Set<TrustAnchor> getTrustAnchors() {
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.anchors);
        return hashSet;
    }

    @Override // eu.emi.security.authn.x509.helpers.trust.TrustAnchorStore
    public synchronized X509Certificate[] getTrustedCertificates() {
        X509Certificate[] x509CertificateArr = new X509Certificate[this.anchors.size()];
        int i = 0;
        Iterator<TrustAnchorExt> it = this.anchors.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            x509CertificateArr[i2] = it.next().getTrustedCert();
        }
        return x509CertificateArr;
    }

    public List<String> getLocations() {
        return this.utils.getLocations();
    }

    public int getConnTimeout() {
        return this.connTimeout;
    }

    public String getCacheDir() {
        return this.cacheDir;
    }

    public CertificateUtils.Encoding getEncoding() {
        return this.encoding;
    }
}
