package pl.edu.icm.yadda.aas.keystore.impl;

import java.io.File;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.opensaml.lite.security.TrustLevel;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.Resource;
import pl.edu.icm.yadda.aas.credential.builder.CredentialDTO;
import pl.edu.icm.yadda.aas.credential.builder.ICredentialBuilder;
import pl.edu.icm.yadda.aas.keystore.IKeyStore;
import pl.edu.icm.yadda.aas.keystore.KeyQueryRequest;
import pl.edu.icm.yadda.aas.keystore.KeyQueryResponse;
import pl.edu.icm.yadda.aas.keystore.KeyStoreException;
import pl.edu.icm.yadda.aas.keystore.KeyStoreUtils;
import pl.edu.icm.yadda.common.utils.FileChangeTimestampBasedWatcher;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-4.4.14.jar:pl/edu/icm/yadda/aas/keystore/impl/TrustedX509CertsFileBasedKeystore.class */
public class TrustedX509CertsFileBasedKeystore<C> implements IKeyStore<C> {
    private String certDirLocation;
    private Map<String, C> credentials;
    private Map<String, String> auxFileNameToIdMap;
    private static ReentrantReadWriteLock rwLock = new ReentrantReadWriteLock();
    private ICredentialBuilder<C> credentialBuilder;
    protected final Logger log = LoggerFactory.getLogger(getClass());
    private TrustLevel globalTrustLevel = TrustLevel.DEFAULT_TRUST;
    private int checkIntervalSecs = 60;
    private FileChangeTimestampBasedWatcher watcher = null;

    public void init() {
        loadAllCredentials();
        ArrayList arrayList = new ArrayList();
        arrayList.add(new FileChangeTimestampBasedWatcher.FileChangeListener() { // from class: pl.edu.icm.yadda.aas.keystore.impl.TrustedX509CertsFileBasedKeystore.1
            @Override // pl.edu.icm.yadda.common.utils.FileChangeTimestampBasedWatcher.FileChangeListener
            public String getLocation() {
                return TrustedX509CertsFileBasedKeystore.this.certDirLocation;
            }

            @Override // pl.edu.icm.yadda.common.utils.FileChangeTimestampBasedWatcher.FileChangeListener
            public void notify(List<FileChangeTimestampBasedWatcher.FileStateChangedEntry> list) {
                for (FileChangeTimestampBasedWatcher.FileStateChangedEntry fileStateChangedEntry : list) {
                    if (fileStateChangedEntry.getChangeType() == FileChangeTimestampBasedWatcher.ChangeType.DELETED) {
                        TrustedX509CertsFileBasedKeystore.this.handleDeleted(fileStateChangedEntry.getAbsolutePath());
                    } else {
                        TrustedX509CertsFileBasedKeystore.this.handleCreatedOrModified(new File(fileStateChangedEntry.getAbsolutePath()));
                    }
                }
            }
        });
        this.watcher = new FileChangeTimestampBasedWatcher(this.checkIntervalSecs, arrayList);
        new Thread(this.watcher).start();
    }

    void handleDeleted(String str) {
        rwLock.writeLock().lock();
        try {
            String remove = this.auxFileNameToIdMap.remove(str);
            if (remove != null) {
                this.credentials.remove(remove);
                this.log.debug("removed certificate file: " + str + ", for cert id: " + remove);
            } else {
                this.log.warn("Cannot remove certificate " + str + " from map, no such entry stored. Checking if directory...");
                if (!str.endsWith("" + File.separatorChar)) {
                    str = str + File.separatorChar;
                }
                Iterator<String> it = this.auxFileNameToIdMap.keySet().iterator();
                while (it.hasNext()) {
                    String next = it.next();
                    if (next.startsWith(str)) {
                        String str2 = this.auxFileNameToIdMap.get(next);
                        it.remove();
                        this.credentials.remove(str2);
                        this.log.debug("removed certificate file: " + next + ", for cert id: " + str2);
                    }
                }
            }
            rwLock.writeLock().unlock();
        } catch (Throwable th) {
            rwLock.writeLock().unlock();
            throw th;
        }
    }

    void handleCreatedOrModified(File file) {
        rwLock.writeLock().lock();
        try {
            if (file.isDirectory()) {
                File[] listFiles = file.listFiles();
                if (listFiles != null) {
                    for (File file2 : listFiles) {
                        handleCreatedOrModified(file2);
                    }
                }
            } else {
                X509Certificate readCertificate = KeyStoreHelper.readCertificate(file);
                if (readCertificate != null) {
                    String generateEntityId = KeyStoreUtils.generateEntityId(readCertificate);
                    CredentialDTO credentialDTO = new CredentialDTO(generateEntityId);
                    credentialDTO.setEntityCert(readCertificate);
                    credentialDTO.setTrustLevel(this.globalTrustLevel);
                    C build = this.credentialBuilder.build(credentialDTO);
                    this.auxFileNameToIdMap.put(file.getAbsolutePath(), generateEntityId);
                    this.credentials.put(generateEntityId, build);
                    this.log.debug("added certificate file: " + file.getAbsolutePath() + ", for cert id: " + generateEntityId);
                } else {
                    this.log.debug("cannot load certificate, non certificate file: " + file.getAbsolutePath());
                }
            }
            rwLock.writeLock().unlock();
        } catch (Throwable th) {
            rwLock.writeLock().unlock();
            throw th;
        }
    }

    protected void loadAllCredentials() {
        File file = new File(this.certDirLocation);
        if (file.exists() && file.isDirectory()) {
            this.credentials = new HashMap();
            this.auxFileNameToIdMap = new HashMap();
            handleCreatedOrModified(file);
        } else {
            this.log.error("Cannot read certificates from directory: " + this.certDirLocation);
            this.credentials = new HashMap();
            this.auxFileNameToIdMap = new HashMap();
        }
    }

    public void destroy() {
        if (this.watcher != null) {
            this.watcher.setStopRunning(true);
        }
    }

    @Override // pl.edu.icm.yadda.aas.keystore.IKeyStore
    public Map<String, C> getAllCredentials() {
        rwLock.readLock().lock();
        try {
            HashMap hashMap = new HashMap(this.credentials);
            rwLock.readLock().unlock();
            return hashMap;
        } catch (Throwable th) {
            rwLock.readLock().unlock();
            throw th;
        }
    }

    @Override // pl.edu.icm.yadda.aas.keystore.IKeyStore
    public KeyQueryResponse<C> queryKeys(KeyQueryRequest keyQueryRequest) throws KeyStoreException {
        if (keyQueryRequest == null || keyQueryRequest.getAlias() == null) {
            return new KeyQueryResponse<>();
        }
        rwLock.readLock().lock();
        try {
            KeyQueryResponse<C> keyQueryResponse = new KeyQueryResponse<>(this.credentials.get(keyQueryRequest.getAlias()));
            rwLock.readLock().unlock();
            return keyQueryResponse;
        } catch (Throwable th) {
            rwLock.readLock().unlock();
            throw th;
        }
    }

    public void setCheckIntervalSecs(int i) {
        this.checkIntervalSecs = i;
    }

    public void setCertDirLocation(Resource resource) {
        try {
            this.certDirLocation = resource.getFile().getAbsolutePath();
        } catch (IOException e) {
            this.log.error("couldn't set certDirLocation, invalid path: " + resource.getFilename());
        }
    }

    public void setGlobalTrustLevel(TrustLevel trustLevel) {
        this.globalTrustLevel = trustLevel;
    }

    public void setCredentialBuilder(ICredentialBuilder<C> iCredentialBuilder) {
        this.credentialBuilder = iCredentialBuilder;
    }
}
