package org.nhindirect.stagent.cert.impl;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.lang.ref.SoftReference;
import java.net.URL;
import java.net.URLConnection;
import java.security.MessageDigest;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.provider.AnnotatedException;
import org.nhindirect.stagent.DefaultNHINDAgent;
import org.nhindirect.stagent.NHINDException;
import org.nhindirect.stagent.cert.RevocationManager;
import org.nhindirect.stagent.options.OptionsManager;
import org.nhindirect.stagent.options.OptionsParameter;

/* loaded from: input_file:org/nhindirect/stagent/cert/impl/CRLRevocationManager.class */
public class CRLRevocationManager implements RevocationManager {
    private static final int CRL_FETCH_TIMEOUT = 3000;
    private static final String DEFAULT_CRL_CACHE_LOCATION = "CrlCache";
    private static CertificateFactory certificateFactory;
    protected static final CRLRevocationManager INSTANCE;
    protected static File crlCacheLocation;
    private static final Log LOGGER = LogFactory.getFactory().getInstance(DefaultNHINDAgent.class);
    protected static final Map<String, SoftReference<X509CRL>> cache = new HashMap();

    public static CRLRevocationManager getInstance() {
        return INSTANCE;
    }

    public Set<CRL> getCRLCollection() {
        Set<CRL> unmodifiableSet;
        synchronized (cache) {
            HashSet hashSet = new HashSet();
            Iterator<SoftReference<X509CRL>> it = cache.values().iterator();
            while (it.hasNext()) {
                X509CRL x509crl = it.next().get();
                if (x509crl != null) {
                    hashSet.add(x509crl);
                }
            }
            unmodifiableSet = Collections.unmodifiableSet(hashSet);
        }
        return unmodifiableSet;
    }

    protected X509CRL loadCRLs(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return null;
        }
        try {
            CRLDistPoint cRLDistPoint = CRLDistPoint.getInstance(getExtensionValue(x509Certificate, X509Extensions.CRLDistributionPoints.getId()));
            if (cRLDistPoint != null) {
                for (DistributionPoint distributionPoint : cRLDistPoint.getDistributionPoints()) {
                    String obj = distributionPoint.getDistributionPoint().getName().toString();
                    if (obj.startsWith("General")) {
                        obj = getNameString(obj);
                    }
                    X509CRL crlFromUri = getCrlFromUri(obj);
                    if (crlFromUri != null) {
                        return crlFromUri;
                    }
                }
            }
            return null;
        } catch (Exception e) {
            if (!LOGGER.isWarnEnabled()) {
                return null;
            }
            LOGGER.warn("Unable to handle CDP CRL(s): " + e.getMessage());
            return null;
        }
    }

    @Override // org.nhindirect.stagent.cert.RevocationManager
    public boolean isRevoked(X509Certificate x509Certificate) {
        X509CRL loadCRLs = loadCRLs(x509Certificate);
        if (loadCRLs == null) {
            LOGGER.warn("CRL is NULL in isRevoked check");
            return false;
        }
        if (!loadCRLs.isRevoked(x509Certificate)) {
            return false;
        }
        LOGGER.warn("Certificate for " + x509Certificate.getSubjectDN().getName() + " is revoked by CRL");
        return true;
    }

    protected X509CRL getCrlFromUri(String str) {
        if (str == null || str.trim().length() == 0) {
            return null;
        }
        X509CRL x509crl = null;
        synchronized (cache) {
            SoftReference<X509CRL> softReference = cache.get(str);
            if (softReference != null) {
                x509crl = softReference.get();
                if ((x509crl != null && x509crl.getNextUpdate().before(new Date())) || x509crl == null) {
                    cache.remove(str);
                    if (x509crl != null) {
                        removeCrlCacheFile(str);
                        x509crl = null;
                    }
                }
            }
        }
        if (x509crl == null) {
            String cacheFileName = getCacheFileName(str);
            if (!cacheFileName.isEmpty()) {
                File file = new File(cacheFileName);
                InputStream inputStream = null;
                try {
                    try {
                        if (file.exists()) {
                            synchronized (cache) {
                                FileInputStream openInputStream = FileUtils.openInputStream(file);
                                x509crl = (X509CRL) certificateFactory.generateCRL(openInputStream);
                                IOUtils.closeQuietly(openInputStream);
                                inputStream = null;
                                if (x509crl == null || !x509crl.getNextUpdate().before(new Date())) {
                                    cache.put(str, new SoftReference<>(x509crl));
                                } else {
                                    cache.remove(str);
                                    removeCrlCacheFile(str);
                                    x509crl = null;
                                }
                            }
                        }
                        if (inputStream != null) {
                            IOUtils.closeQuietly(inputStream);
                        }
                    } catch (Throwable th) {
                        if (inputStream != null) {
                            IOUtils.closeQuietly(inputStream);
                        }
                        throw th;
                    }
                } catch (CRLException e) {
                    synchronized (cache) {
                        LOGGER.warn("CRL cache file " + cacheFileName + " appears to be corrupt.  Deleting file.", e);
                        IOUtils.closeQuietly(inputStream);
                        removeCrlCacheFile(str);
                        if (inputStream != null) {
                            IOUtils.closeQuietly(inputStream);
                        }
                    }
                } catch (Throwable th2) {
                    LOGGER.warn("Failed to load CRL from cache file " + cacheFileName, th2);
                    if (inputStream != null) {
                        IOUtils.closeQuietly(inputStream);
                    }
                }
            }
        }
        if (x509crl == null) {
            try {
                URLConnection openConnection = new URL(str).openConnection();
                openConnection.setConnectTimeout(CRL_FETCH_TIMEOUT);
                InputStream inputStream2 = openConnection.getInputStream();
                try {
                    try {
                        x509crl = (X509CRL) certificateFactory.generateCRL(inputStream2);
                        IOUtils.closeQuietly(inputStream2);
                    } catch (Throwable th3) {
                        LOGGER.warn("Failed to load CRL from URL " + str, th3);
                        IOUtils.closeQuietly(inputStream2);
                    }
                    if (x509crl != null) {
                        synchronized (cache) {
                            cache.put(str, new SoftReference<>(x509crl));
                            writeCRLCacheFile(str, x509crl);
                        }
                    }
                } catch (Throwable th4) {
                    IOUtils.closeQuietly(inputStream2);
                    throw th4;
                }
            } catch (Exception e2) {
                LOGGER.warn("Unable to retrieve or parse CRL from URI " + str);
            }
        }
        return x509crl;
    }

    protected String getNameString(String str) {
        String trim = str.trim();
        int indexOf = trim.indexOf("http");
        if (indexOf > -1) {
            trim = trim.substring(indexOf);
        } else {
            int indexOf2 = trim.indexOf("ldap");
            if (indexOf2 > -1) {
                trim = trim.substring(indexOf2);
            } else {
                int indexOf3 = trim.indexOf("file");
                if (indexOf3 > -1) {
                    trim = trim.substring(indexOf3);
                }
            }
        }
        return trim;
    }

    protected void writeCRLCacheFile(String str, X509CRL x509crl) {
        String cacheFileName = getCacheFileName(str);
        if (cacheFileName.isEmpty()) {
            return;
        }
        File file = new File(cacheFileName);
        try {
            try {
                if (!file.exists() || file.delete()) {
                    FileUtils.writeByteArrayToFile(file, x509crl.getEncoded());
                    IOUtils.closeQuietly((OutputStream) null);
                } else {
                    LOGGER.warn("Could not delete old CRL cache file for URI " + str + "  File may become stale");
                    IOUtils.closeQuietly((OutputStream) null);
                }
            } catch (Throwable th) {
                LOGGER.warn("Failed to write CRL to cache file " + cacheFileName, th);
                IOUtils.closeQuietly((OutputStream) null);
            }
        } catch (Throwable th2) {
            IOUtils.closeQuietly((OutputStream) null);
            throw th2;
        }
    }

    protected void removeCrlCacheFile(String str) {
        String cacheFileName = getCacheFileName(str);
        if (cacheFileName.isEmpty()) {
            return;
        }
        File file = new File(cacheFileName);
        try {
            if (file.exists() && !file.delete()) {
                LOGGER.warn("Could not delete CRL cache file " + file.getAbsolutePath());
            }
        } catch (Throwable th) {
            LOGGER.warn("Could not delete CRL cache file " + file.getAbsolutePath(), th);
        }
    }

    protected static String getCacheFileName(String str) {
        if (crlCacheLocation == null) {
            return "";
        }
        String str2 = "";
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update(str.getBytes("UTF-8"));
            str2 = crlCacheLocation.getAbsolutePath() + File.separator + createDigestStringRep(messageDigest.digest()) + ".cache";
        } catch (Throwable th) {
            LOGGER.warn("Failed to create cacheURI digest for URI " + str, th);
        }
        return str2;
    }

    protected static String createDigestStringRep(byte[] bArr) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        for (byte b : bArr) {
            stringBuffer.append(cArr[(b & 240) >> 4]);
            stringBuffer.append(cArr[b & 15]);
        }
        return stringBuffer.toString();
    }

    public void flush() {
        synchronized (cache) {
            cache.clear();
            if (crlCacheLocation != null) {
                try {
                    FileUtils.cleanDirectory(crlCacheLocation);
                } catch (IOException e) {
                    LOGGER.warn("Failed to clean CRL cache directory " + crlCacheLocation.getAbsolutePath() + " during flush operation.", e);
                }
            }
        }
    }

    protected static void initCRLCacheLocation() {
        OptionsParameter parameter = OptionsManager.getInstance().getParameter(OptionsParameter.CRL_CACHE_LOCATION);
        String paramValue = (parameter == null || parameter.getParamValue() == null || parameter.getParamValue().isEmpty()) ? DEFAULT_CRL_CACHE_LOCATION : parameter.getParamValue();
        try {
            crlCacheLocation = new File(paramValue);
            if (!crlCacheLocation.exists()) {
                FileUtils.forceMkdir(crlCacheLocation);
            } else if (!crlCacheLocation.isDirectory()) {
                LOGGER.warn("Configured CRL cache location " + paramValue + " already exists and is not a directory. CRL file caching will be disable");
                crlCacheLocation = null;
            }
        } catch (Throwable th) {
            LOGGER.warn("Failed to initialize CRL cache location " + paramValue + " CRL file caching will be disable", th);
            crlCacheLocation = null;
        }
    }

    protected static DERObject getExtensionValue(X509Extension x509Extension, String str) throws AnnotatedException {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return getObject(str, extensionValue);
    }

    private static DERObject getObject(String str, byte[] bArr) throws AnnotatedException {
        try {
            return new ASN1InputStream(new ASN1InputStream(bArr).readObject().getOctets()).readObject();
        } catch (Exception e) {
            throw new NHINDException("exception processing extension " + str, e);
        }
    }

    public static boolean isCRLDispPointDefined(X509Certificate x509Certificate) {
        boolean z = false;
        try {
            CRLDistPoint cRLDistPoint = CRLDistPoint.getInstance(getExtensionValue(x509Certificate, X509Extensions.CRLDistributionPoints.getId()));
            if (cRLDistPoint != null && cRLDistPoint.getDistributionPoints() != null) {
                if (cRLDistPoint.getDistributionPoints().length > 0) {
                    z = true;
                }
            }
        } catch (Exception e) {
        }
        return z;
    }

    static {
        try {
            certificateFactory = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            LOGGER.error("Failed to create certificate factory for CRL management ", e);
            e.printStackTrace();
        }
        initCRLCacheLocation();
        INSTANCE = new CRLRevocationManager();
    }
}
