package org.nhindirect.stagent.cert.impl;

import com.google.inject.Inject;
import com.google.inject.internal.Nullable;
import java.io.File;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.jcs.JCS;
import org.apache.jcs.access.exception.CacheException;
import org.apache.jcs.engine.behavior.ICompositeCacheAttributes;
import org.apache.jcs.engine.behavior.IElementAttributes;
import org.nhindirect.stagent.CryptoExtensions;
import org.nhindirect.stagent.cert.CacheableCertStore;
import org.nhindirect.stagent.cert.CertCacheFactory;
import org.nhindirect.stagent.cert.CertStoreCachePolicy;
import org.nhindirect.stagent.cert.CertificateStore;
import org.nhindirect.stagent.cert.Thumbprint;
import org.nhindirect.stagent.options.OptionsManager;
import org.nhindirect.stagent.options.OptionsParameter;

/* loaded from: input_file:org/nhindirect/stagent/cert/impl/LDAPCertificateStore.class */
public class LDAPCertificateStore extends CertificateStore implements CacheableCertStore {
    private static final Log LOGGER = LogFactory.getFactory().getInstance(LDAPCertificateStore.class);
    private static final String CACHE_NAME = "LDAP_REMOTE_CERT_CACHE";
    protected static final int DEFAULT_LDAP_MAX_CAHCE_ITEMS = 1000;
    protected static final int DEFAULT_LDAP_TTL = 3600;
    protected CertificateStore localStoreDelegate;
    protected JCS cache;
    protected CertStoreCachePolicy cachePolicy;
    protected LdapCertUtil ldapCertUtil;

    /* loaded from: input_file:org/nhindirect/stagent/cert/impl/LDAPCertificateStore$DefaultLDAPCachePolicy.class */
    public static class DefaultLDAPCachePolicy implements CertStoreCachePolicy {
        protected final int maxItems = OptionsParameter.getParamValueAsInteger(OptionsManager.getInstance().getParameter(OptionsParameter.LDAP_CERT_RESOLVER_MAX_CACHE_SIZE), LDAPCertificateStore.DEFAULT_LDAP_MAX_CAHCE_ITEMS);
        protected final int subjectTTL = OptionsParameter.getParamValueAsInteger(OptionsManager.getInstance().getParameter(OptionsParameter.LDAP_CERT_RESOLVER_CACHE_TTL), LDAPCertificateStore.DEFAULT_LDAP_TTL);

        @Override // org.nhindirect.stagent.cert.CertStoreCachePolicy
        public int getMaxItems() {
            return this.maxItems;
        }

        @Override // org.nhindirect.stagent.cert.CertStoreCachePolicy
        public int getSubjectTTL() {
            return this.subjectTTL;
        }
    }

    public LDAPCertificateStore() {
        createCache();
    }

    @Inject
    public LDAPCertificateStore(LdapCertUtilImpl ldapCertUtilImpl, @Nullable CertificateStore certificateStore, CertStoreCachePolicy certStoreCachePolicy) {
        this((LdapCertUtil) ldapCertUtilImpl, certificateStore, certStoreCachePolicy);
    }

    public LDAPCertificateStore(LdapCertUtil ldapCertUtil, CertificateStore certificateStore, CertStoreCachePolicy certStoreCachePolicy) {
        this.ldapCertUtil = ldapCertUtil;
        this.cachePolicy = certStoreCachePolicy;
        createCache();
        if (certificateStore != null) {
            this.localStoreDelegate = certificateStore;
            loadBootStrap();
        }
    }

    protected synchronized JCS getCache() {
        if (this.cache == null) {
            createCache();
        }
        return this.cache;
    }

    private void createCache() {
        try {
            this.cache = CertCacheFactory.getInstance().getCertCache(CACHE_NAME, this.cachePolicy == null ? getDefaultPolicy() : this.cachePolicy);
            if (this.cachePolicy == null) {
                this.cachePolicy = getDefaultPolicy();
            }
        } catch (CacheException e) {
            LOGGER.warn("LDAPCertificateStore - Could not create certificate cache LDAP_REMOTE_CERT_CACHE", e);
        }
    }

    private void applyCachePolicy(CertStoreCachePolicy certStoreCachePolicy) {
        if (getCache() != null) {
            try {
                ICompositeCacheAttributes cacheAttributes = this.cache.getCacheAttributes();
                cacheAttributes.setMaxObjects(certStoreCachePolicy.getMaxItems());
                cacheAttributes.setUseLateral(false);
                cacheAttributes.setUseRemote(false);
                this.cache.setCacheAttributes(cacheAttributes);
                IElementAttributes defaultElementAttributes = this.cache.getDefaultElementAttributes();
                defaultElementAttributes.setMaxLifeSeconds(certStoreCachePolicy.getSubjectTTL());
                defaultElementAttributes.setIsEternal(false);
                defaultElementAttributes.setIsLateral(false);
                defaultElementAttributes.setIsRemote(false);
                this.cache.setDefaultElementAttributes(defaultElementAttributes);
            } catch (CacheException e) {
            }
        }
    }

    private CertStoreCachePolicy getDefaultPolicy() {
        return new DefaultLDAPCachePolicy();
    }

    protected CertificateStore createDefaultLocalStore() {
        return new KeyStoreCertificateStore(new File("NHINKeyStore"), "nH!NdK3yStor3", "31visl!v3s");
    }

    @Override // org.nhindirect.stagent.cert.CertificateStore, org.nhindirect.stagent.cert.X509Store
    public void add(X509Certificate x509Certificate) {
        if (contains(x509Certificate)) {
            throw new IllegalArgumentException("Cert already contained in store.  Use update() to update a certificate");
        }
    }

    @Override // org.nhindirect.stagent.cert.CertificateStore, org.nhindirect.stagent.cert.X509Store
    public boolean contains(X509Certificate x509Certificate) {
        String subjectAddress = CryptoExtensions.getSubjectAddress(x509Certificate);
        Collection<X509Certificate> allCertificates = (subjectAddress == null || subjectAddress.isEmpty()) ? getAllCertificates() : getCertificates(subjectAddress);
        if (allCertificates == null) {
            return false;
        }
        Thumbprint thumbprint = Thumbprint.toThumbprint(x509Certificate);
        Iterator<X509Certificate> it = allCertificates.iterator();
        while (it.hasNext()) {
            if (Thumbprint.toThumbprint(it.next()).equals(thumbprint)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.nhindirect.stagent.cert.CertificateStore, org.nhindirect.stagent.cert.X509Store
    public Collection<X509Certificate> getCertificates(String str) {
        Collection<X509Certificate> ldapSearch;
        int indexOf = str.indexOf("EMAILADDRESS=");
        String substring = indexOf > -1 ? str.substring(indexOf + "EMAILADDRESS=".length()) : str;
        JCS cache = getCache();
        if (cache != null) {
            ldapSearch = (Collection) cache.get(substring);
            if (ldapSearch == null || ldapSearch.size() == 0) {
                ldapSearch = this.ldapCertUtil.ldapSearch(substring);
                if (ldapSearch == null || ldapSearch.size() <= 0) {
                    if (this.localStoreDelegate != null) {
                        ldapSearch = this.localStoreDelegate.getCertificates(substring);
                    }
                } else if (!str.contains("*")) {
                    try {
                        cache.putSafe(substring, ldapSearch);
                    } catch (CacheException e) {
                        LOGGER.error("Error adding certificates to the cache: " + e.getMessage(), e);
                    }
                    if (this.localStoreDelegate != null) {
                        addOrUpdateLocalStoreDelegate(ldapSearch);
                    }
                }
                if (ldapSearch == null || ldapSearch.size() == 0) {
                    LOGGER.info("getCertificates(String subjectName) - Could not find an LDAP certificate for subject " + str);
                }
            }
        } else {
            ldapSearch = this.ldapCertUtil.ldapSearch(substring);
            if (this.localStoreDelegate != null) {
                if (ldapSearch == null || ldapSearch.size() == 0) {
                    ldapSearch = this.localStoreDelegate.getCertificates(substring);
                } else if (!str.contains("*")) {
                    addOrUpdateLocalStoreDelegate(ldapSearch);
                }
            }
            if (ldapSearch == null || ldapSearch.size() == 0) {
                LOGGER.info("getCertificates(String subjectName) - Could not find an LDAP certificate for subject " + str);
            }
        }
        return ldapSearch;
    }

    protected void addOrUpdateLocalStoreDelegate(Collection<X509Certificate> collection) {
        if (this.localStoreDelegate == null || collection == null || this.localStoreDelegate == null) {
            return;
        }
        for (X509Certificate x509Certificate : collection) {
            if (this.localStoreDelegate.contains(x509Certificate)) {
                this.localStoreDelegate.update(x509Certificate);
            } else {
                this.localStoreDelegate.add(x509Certificate);
            }
        }
    }

    @Override // org.nhindirect.stagent.cert.CertificateStore, org.nhindirect.stagent.cert.X509Store
    public Collection<X509Certificate> getAllCertificates() {
        return getCertificates("*");
    }

    @Override // org.nhindirect.stagent.cert.CertificateStore, org.nhindirect.stagent.cert.X509Store
    public void remove(X509Certificate x509Certificate) {
    }

    @Override // org.nhindirect.stagent.cert.CacheableCertStore
    public void flush(boolean z) {
        JCS cache = getCache();
        if (cache != null) {
            try {
                cache.clear();
            } catch (CacheException e) {
                LOGGER.warn("Failed to clear cache LDAP_REMOTE_CERT_CACHE");
            }
        }
    }

    @Override // org.nhindirect.stagent.cert.CacheableCertStore
    public void loadBootStrap() {
        getCache();
    }

    @Override // org.nhindirect.stagent.cert.CacheableCertStore
    public void loadBootStrap(CertificateStore certificateStore) {
        getCache();
    }

    @Override // org.nhindirect.stagent.cert.CacheableCertStore
    public void setBootStrap(CertificateStore certificateStore) {
        getCache();
    }

    @Override // org.nhindirect.stagent.cert.CacheableCertStore
    public void setCachePolicy(CertStoreCachePolicy certStoreCachePolicy) {
        this.cachePolicy = certStoreCachePolicy;
        applyCachePolicy(certStoreCachePolicy);
    }
}
