package by.avest.certstore.db;

import by.avest.certstore.MultipleX509CRLSelector;
import by.avest.certstore.Util;
import by.avest.certstore.db.jdbc.JDBCConnection;
import by.avest.certstore.db.jdbc.Utilities;
import by.avest.certstore.db.util.AvX500Name;
import by.avest.crypto.AvPKIExtensions;
import by.avest.crypto.x509.extensions.ExtensionFactory;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.ConnectException;
import java.security.InvalidAlgorithmParameterException;
import java.security.cert.CRLException;
import java.security.cert.CRLSelector;
import java.security.cert.CertSelector;
import java.security.cert.CertStoreException;
import java.security.cert.CertStoreParameters;
import java.security.cert.CertStoreSpi;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.Extension;
import sun.security.x509.PKIXExtensions;
import sun.security.x509.X500Name;

/* loaded from: input_file:by/avest/certstore/db/DatabaseCertStore.class */
public class DatabaseCertStore extends CertStoreSpi {
    private static final SimpleDateFormat SDF = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
    private JDBCConnection jdbcConnection;
    private Connection connection;

    public DatabaseCertStore(CertStoreParameters certStoreParameters) throws InvalidAlgorithmParameterException {
        super(certStoreParameters);
        if (Util.isDebug()) {
            Util.log(Util.getClassName(this) + ".new(" + certStoreParameters + ")");
        }
        if (!(certStoreParameters instanceof DatabaseCertStoreParameters)) {
            throw new InvalidAlgorithmParameterException("Parameter must be a by.avest.store.db.DatabaseCertStoreException instance.");
        }
        DatabaseCertStoreParameters databaseCertStoreParameters = (DatabaseCertStoreParameters) certStoreParameters;
        this.jdbcConnection = new JDBCConnection(databaseCertStoreParameters.getDriver(), databaseCertStoreParameters.getUrl(), databaseCertStoreParameters.getUser(), databaseCertStoreParameters.getPassword());
    }

    @Override // java.security.cert.CertStoreSpi
    public Collection<X509CRL> engineGetCRLs(CRLSelector cRLSelector) throws CertStoreException {
        if (Util.isDebug()) {
            Util.log(Util.getClassName(this) + ".engineGetCRLs(" + Util.getClassName(cRLSelector) + ")");
        }
        try {
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            if (cRLSelector instanceof X509CRLSelector) {
                linkedHashSet.addAll(getCRLs((X509CRLSelector) cRLSelector));
            } else {
                if (!(cRLSelector instanceof MultipleX509CRLSelector)) {
                    throw new CertStoreException("only java.security.cert.X509CRLSelector or by.avest.certstore.MultipleX509CRLSelector supported");
                }
                Iterator<X509CRLSelector> it = ((MultipleX509CRLSelector) cRLSelector).iterator();
                while (it.hasNext()) {
                    linkedHashSet.addAll(getCRLs(it.next()));
                }
            }
            if (Util.isDebug()) {
                Util.log(Util.getClassName(this) + ".engineGetCRLs(), result: " + linkedHashSet.size());
            }
            return linkedHashSet;
        } finally {
            close();
        }
    }

    private Collection<X509CRL> getCRLs(X509CRLSelector x509CRLSelector) throws CertStoreException {
        System.currentTimeMillis();
        if (Util.isDebug()) {
            Util.log("preparing selector: " + by.avest.certstore.X509CRLSelector.toString(x509CRLSelector));
        }
        boolean z = false;
        Date dateAndTime = x509CRLSelector.getDateAndTime();
        if (dateAndTime != null) {
            Util.log("byDate");
            z = true;
        }
        boolean z2 = false;
        Collection<Object> issuerNames = x509CRLSelector.getIssuerNames();
        if (issuerNames != null && issuerNames.size() > 0) {
            Util.log("byName");
            z2 = true;
        }
        boolean z3 = false;
        X509Certificate certificateChecking = x509CRLSelector.getCertificateChecking();
        if (certificateChecking != null) {
            if (issuerNames == null) {
                issuerNames = new LinkedHashSet(1);
            } else {
                issuerNames.clear();
            }
            issuerNames.add(certificateChecking.getIssuerDN().getName());
            Util.log("byCert");
            z3 = true;
            z2 = true;
            if (!z) {
                z = true;
                dateAndTime = new Date();
            }
        }
        if (!z && !z2) {
            Util.log("no date or name, returning empty list");
            return Collections.emptyList();
        }
        try {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("SELECT m.CertID, m.IssuerID, b.Blob ");
            stringBuffer.append("FROM (CERTMAIN m JOIN CERTBLOB b ON m.CertID=b.CertID) ");
            if (z2) {
                stringBuffer.append("LEFT JOIN CERTNAME n ON m.IssuerID=n.NameID ");
            }
            stringBuffer.append("WHERE (m.CertType=2 OR m.CertType=12)");
            if (z || z2) {
                stringBuffer.append(" AND (");
                ArrayList arrayList = new ArrayList();
                if (z) {
                    arrayList.add("m.NotBefore<=?");
                    arrayList.add("m.NotAfter>?");
                }
                if (z2) {
                    ArrayList arrayList2 = new ArrayList();
                    for (int i = 0; i < issuerNames.size(); i++) {
                        arrayList2.add("n.CName=?");
                    }
                    StringBuffer stringBuffer2 = new StringBuffer("(");
                    appendList(stringBuffer2, arrayList2, " OR ");
                    stringBuffer2.append(")");
                    arrayList.add(stringBuffer2.toString());
                }
                appendList(stringBuffer, arrayList, " AND ");
                stringBuffer.append(") ");
                if (z3) {
                    stringBuffer.append("ORDER BY m.NotBefore DESC ");
                }
            }
            String stringBuffer3 = stringBuffer.toString();
            if (Util.isDebug()) {
                Util.log("preparing query: " + stringBuffer3);
            }
            PreparedStatement prepareStatement = getConnection().prepareStatement(stringBuffer3);
            int i2 = 1;
            if (z) {
                try {
                    if (Util.isDebug()) {
                        Util.log("adding date: " + getDate(dateAndTime));
                    }
                    if (this.jdbcConnection.isOracleDb()) {
                        int i3 = 1 + 1;
                        prepareStatement.setDate(1, new java.sql.Date(dateAndTime.getTime()));
                        i2 = i3 + 1;
                        prepareStatement.setDate(i3, new java.sql.Date(dateAndTime.getTime()));
                    } else {
                        int i4 = 1 + 1;
                        prepareStatement.setString(1, getDate(dateAndTime));
                        i2 = i4 + 1;
                        prepareStatement.setString(i4, getDate(dateAndTime));
                    }
                } catch (Throwable th) {
                    prepareStatement.close();
                    throw th;
                }
            }
            if (z2) {
                for (Object obj : issuerNames) {
                    AvX500Name avX500Name = new AvX500Name(obj instanceof String ? new X500Name((String) obj) : new X500Name((byte[]) obj));
                    if (Util.isDebug()) {
                        Util.log("adding avname: " + avX500Name.toString());
                    }
                    int i5 = i2;
                    i2++;
                    prepareStatement.setString(i5, avX500Name.toString());
                }
            }
            Util.log("executing query");
            ResultSet executeQuery = prepareStatement.executeQuery();
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
                LinkedHashSet linkedHashSet = new LinkedHashSet();
                while (true) {
                    if (!executeQuery.next()) {
                        break;
                    }
                    int i6 = executeQuery.getInt("CertID");
                    int i7 = executeQuery.getInt("IssuerID");
                    X509CRL x509crl = (X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(Utilities.retrieveBlob("Blob", executeQuery)));
                    if (Util.isDebug()) {
                        Util.debug(x509crl);
                    }
                    boolean match = x509CRLSelector.match(x509crl);
                    if (Util.isDebug()) {
                        Util.log("selector match: " + match);
                    }
                    if (match) {
                        linkedHashSet.add(x509crl);
                        if (z3) {
                            if (Util.isDebug()) {
                                Util.log("we need just 1 actual CRL (byCert)");
                            }
                            ensureCRLIsActual(certificateFactory, x509crl, i6, i7);
                        }
                    }
                }
                if (Util.isDebug()) {
                    Util.log("found CRLs: " + linkedHashSet.size());
                }
                prepareStatement.close();
                return linkedHashSet;
            } finally {
                executeQuery.close();
            }
        } catch (CertStoreException e) {
            throw e;
        } catch (Exception e2) {
            throw new CertStoreException("Error occured during statement execution", e2);
        }
    }

    /* JADX WARN: Finally extract failed */
    private void ensureCRLIsActual(CertificateFactory certificateFactory, X509CRL x509crl, int i, int i2) throws SQLException, CertStoreException, IOException, CRLException, CertificateException {
        Util.log("checking that selected CRL is most actual (CRLNumber of next CRL must be +1)");
        BigInteger cRLNumber = getCRLNumber(x509crl);
        if (cRLNumber == null) {
            Util.log("selected CRL has no CRLNumber extension, check could not be completed!");
            return;
        }
        if (Util.isDebug()) {
            Util.log("preparing query: SELECT b.Blob FROM CERTMAIN m JOIN CERTBLOB b ON m.CertID=b.CertID WHERE (m.CertType=2 OR m.CertType=12) AND m.NotBefore>=? AND m.CertID<>? AND m.IssuerID=? ORDER BY m.NotBefore ASC");
        }
        PreparedStatement prepareStatement = getConnection().prepareStatement("SELECT b.Blob FROM CERTMAIN m JOIN CERTBLOB b ON m.CertID=b.CertID WHERE (m.CertType=2 OR m.CertType=12) AND m.NotBefore>=? AND m.CertID<>? AND m.IssuerID=? ORDER BY m.NotBefore ASC");
        try {
            Date thisUpdate = x509crl.getThisUpdate();
            if (Util.isDebug()) {
                Util.log("adding date: " + getDate(thisUpdate));
            }
            if (this.jdbcConnection.isOracleDb()) {
                prepareStatement.setDate(1, new java.sql.Date(thisUpdate.getTime()));
            } else {
                prepareStatement.setString(1, getDate(thisUpdate));
            }
            if (Util.isDebug()) {
                Util.log("adding cert id: " + i);
            }
            prepareStatement.setInt(2, i);
            if (Util.isDebug()) {
                Util.log("adding issuer id: " + i2);
            }
            prepareStatement.setInt(3, i2);
            Util.log("executing query");
            ResultSet executeQuery = prepareStatement.executeQuery();
            try {
                if (!executeQuery.next()) {
                    Util.log("next CRL is absent, so the selected CRL is the latest");
                    executeQuery.close();
                    prepareStatement.close();
                    return;
                }
                X509CRL x509crl2 = (X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(Utilities.retrieveBlob("Blob", executeQuery)));
                if (Util.isDebug()) {
                    Util.debug(x509crl);
                }
                BigInteger cRLNumber2 = getCRLNumber(x509crl2);
                if (cRLNumber2 == null) {
                    Util.log("found CRL has no CRLNumber extension, check could not be completed!");
                    executeQuery.close();
                    prepareStatement.close();
                } else {
                    if (!cRLNumber.add(BigInteger.ONE).equals(cRLNumber2)) {
                        throw new CertStoreException("could not find actual CRL: database is missing CRL with next CRLNumber");
                    }
                    Util.log("selected CRL is actual, check CRL signature");
                    X509Certificate issuerCertificate = getIssuerCertificate(certificateFactory, i2, x509crl2.getThisUpdate());
                    if (issuerCertificate == null) {
                        throw new CertStoreException("could not check CRL signature: issuer certificate is missing");
                    }
                    try {
                        x509crl.verify(issuerCertificate.getPublicKey());
                        executeQuery.close();
                    } catch (Exception e) {
                        throw new CertStoreException("could not verify CRL signature", e);
                    }
                }
            } catch (Throwable th) {
                executeQuery.close();
                throw th;
            }
        } finally {
            prepareStatement.close();
        }
    }

    private X509Certificate getIssuerCertificate(CertificateFactory certificateFactory, int i, Date date) throws SQLException, CertStoreException, IOException, CertificateException {
        if (Util.isDebug()) {
            Util.log("preparing query: SELECT b.Blob FROM CERTMAIN m JOIN CERTBLOB b ON m.CertID=b.CertID WHERE (m.CertType=1 OR m.CertType=11) AND m.NotBefore>=? AND m.NotAfter<=?  AND m.SubjectID=? ORDER BY m.NotBefore DESC");
        }
        PreparedStatement prepareStatement = getConnection().prepareStatement("SELECT b.Blob FROM CERTMAIN m JOIN CERTBLOB b ON m.CertID=b.CertID WHERE (m.CertType=1 OR m.CertType=11) AND m.NotBefore>=? AND m.NotAfter<=?  AND m.SubjectID=? ORDER BY m.NotBefore DESC");
        try {
            if (Util.isDebug()) {
                Util.log("adding date: " + getDate(date));
            }
            if (this.jdbcConnection.isOracleDb()) {
                prepareStatement.setDate(1, new java.sql.Date(date.getTime()));
                prepareStatement.setDate(2, new java.sql.Date(date.getTime()));
            } else {
                prepareStatement.setString(1, getDate(date));
                prepareStatement.setString(2, getDate(date));
            }
            if (Util.isDebug()) {
                Util.log("adding issuer id: " + i);
            }
            prepareStatement.setInt(3, i);
            Util.log("executing query");
            ResultSet executeQuery = prepareStatement.executeQuery();
            try {
                if (!executeQuery.next()) {
                    prepareStatement.close();
                    return null;
                }
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(Utilities.retrieveBlob("Blob", executeQuery)));
                executeQuery.close();
                prepareStatement.close();
                return x509Certificate;
            } finally {
                executeQuery.close();
            }
        } catch (Throwable th) {
            prepareStatement.close();
            throw th;
        }
    }

    private BigInteger getCRLNumber(X509CRL x509crl) throws IOException {
        ObjectIdentifier objectIdentifier = PKIXExtensions.CRLNumber_Id;
        byte[] extensionValue = x509crl.getExtensionValue(objectIdentifier.toString());
        if (extensionValue == null) {
            objectIdentifier = AvPKIExtensions.NmcCrlNumberId;
            extensionValue = x509crl.getExtensionValue(objectIdentifier.toString());
        }
        if (extensionValue == null) {
            return null;
        }
        return ExtensionFactory.newExtension(new Extension(objectIdentifier, false, extensionValue)).getNumber();
    }

    @Override // java.security.cert.CertStoreSpi
    public Collection<X509Certificate> engineGetCertificates(CertSelector certSelector) throws CertStoreException {
        if (Util.isDebug()) {
            Util.log(Util.getClassName(this) + ".engineGetCertificates(" + Util.getClassName(certSelector) + ")");
        }
        return Collections.emptyList();
    }

    private String getDate(Date date) {
        return SDF.format(date);
    }

    private void appendList(StringBuffer stringBuffer, List<String> list, String str) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            stringBuffer.append(it.next());
            if (it.hasNext()) {
                stringBuffer.append(str);
            }
        }
    }

    private Connection open() throws CertStoreException {
        try {
            Util.log("opening JDBC connection");
            return this.jdbcConnection.openConnection();
        } catch (Exception e) {
            if (!(e.getCause() instanceof ConnectException)) {
                throw new CertStoreException("Error opening database connection", e);
            }
            CertStoreException certStoreException = new CertStoreException("Database is not accessible, check your configuration");
            certStoreException.initCause(e);
            throw certStoreException;
        }
    }

    private Connection getConnection() throws CertStoreException {
        if (this.connection == null) {
            this.connection = open();
        }
        return this.connection;
    }

    private void close() {
        if (this.connection != null) {
            try {
                Util.log("closing JDBC connection");
                this.connection.close();
            } catch (SQLException e) {
            }
            this.connection = null;
        }
    }
}
