package com.prosysopc.ua.stack.cert;

import com.prosysopc.ua.stack.transport.security.Cert;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CopyOnWriteArraySet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;

/* loaded from: input_file:BOOT-INF/lib/prosys-opc-ua-java-sdk-client-4.6.0-1594.jar:com/prosysopc/ua/stack/cert/PkiDirectoryCertificateStore.class */
public class PkiDirectoryCertificateStore implements CertificateStore {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) PkiDirectoryCertificateStore.class);
    private static final String gY = ".der";
    private static final String gZ = "0123456789ABCDEF";
    private final Map<String, Cert> ha;
    private final Map<String, Cert> hb;
    private final Set<X509CRL> hc;
    private final Map<Cert, String> hd;
    private final File he;
    private final File hf;
    private final File hg;
    private final File hh;
    private boolean hi;
    private final List<DefaultCertificateStoreListener> listeners;

    public PkiDirectoryCertificateStore() {
        this("PKI/CA", "certs", "rejected", "crl");
    }

    public PkiDirectoryCertificateStore(String str) {
        this(str, "certs", "rejected", "crl");
    }

    public PkiDirectoryCertificateStore(String str, String str2, String str3, String str4) {
        this.ha = new ConcurrentHashMap();
        this.hb = new ConcurrentHashMap();
        this.hc = new CopyOnWriteArraySet();
        this.hd = new ConcurrentHashMap();
        this.hi = true;
        this.listeners = new ArrayList();
        this.he = new File(str);
        this.hh = new File(str, str2);
        this.hg = new File(str, str3);
        this.hf = new File(str, str4);
        init();
    }

    @Override // com.prosysopc.ua.stack.cert.CertificateStore
    public void addCertificate(ValidationResult validationResult, Cert cert) {
        if (validationResult == null) {
            throw new IllegalArgumentException("type cannot be null");
        }
        if (cert == null) {
            throw new IllegalArgumentException("certificate cannot be null");
        }
        switch (validationResult) {
            case AcceptPermanently:
                addTrustedCertificate(cert);
                return;
            case AcceptOnce:
                if (this.hi) {
                    addRejectedCertificate(cert);
                    return;
                }
                return;
            case Reject:
                addRejectedCertificate(cert);
                return;
            default:
                throw new IllegalArgumentException("encountered unknown type parameter: " + validationResult);
        }
    }

    public void addListener(DefaultCertificateStoreListener defaultCertificateStoreListener) {
        if (defaultCertificateStoreListener == null || this.listeners.contains(defaultCertificateStoreListener)) {
            return;
        }
        this.listeners.add(defaultCertificateStoreListener);
    }

    public synchronized void addRejectedCertificate(Cert cert) {
        a(this.ha, this.hg, cert);
        b(this.hb, this.hh, cert);
        logger.info("Certificate '{}' added to rejected certificates.", e(cert));
        c(cert);
    }

    public synchronized void addRevocationList(X509CRL x509crl) {
        this.hc.add(x509crl);
        a(x509crl);
    }

    public synchronized void addTrustedCertificate(Cert cert) {
        logger.debug("addTrustedCertificate");
        a(this.hb, this.hh, cert);
        b(this.ha, this.hg, cert);
        logger.info("Certificate '{}' added to trusted certificates.", e(cert));
        d(cert);
    }

    public synchronized void clear(boolean z) {
        if (z) {
            for (File file : this.hh.listFiles()) {
                file.delete();
            }
            for (File file2 : this.hg.listFiles()) {
                file2.delete();
            }
            for (File file3 : this.hf.listFiles()) {
                file3.delete();
            }
        }
        this.hb.clear();
        this.ha.clear();
        this.hd.clear();
    }

    public File getBaseDir() {
        return this.he;
    }

    public File getFileForCert(Cert cert) {
        if (cert == null) {
            return null;
        }
        if (this.hb.containsKey(e(cert))) {
            return a(this.hh, cert);
        }
        if (this.ha.containsKey(e(cert))) {
            return a(this.hg, cert);
        }
        return null;
    }

    @Override // com.prosysopc.ua.stack.cert.CertificateStore
    public synchronized Set<Cert> getRejectedCerts() {
        init();
        HashSet hashSet = new HashSet();
        Iterator<Map.Entry<String, Cert>> it = this.ha.entrySet().iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getValue());
        }
        return Collections.unmodifiableSet(hashSet);
    }

    public File getRejectedDir() {
        return this.hg;
    }

    public File getRevocationDir() {
        return this.hf;
    }

    @Override // com.prosysopc.ua.stack.cert.CertificateStore
    public synchronized Set<X509CRL> getRevocationLists() {
        init();
        HashSet hashSet = new HashSet();
        Iterator<X509CRL> it = this.hc.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next());
        }
        return Collections.unmodifiableSet(hashSet);
    }

    @Override // com.prosysopc.ua.stack.cert.CertificateStore
    public synchronized Set<Cert> getTrustedCerts() {
        init();
        HashSet hashSet = new HashSet();
        Iterator<Map.Entry<String, Cert>> it = this.hb.entrySet().iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getValue());
        }
        return Collections.unmodifiableSet(hashSet);
    }

    public File getTrustedDir() {
        return this.hh;
    }

    public boolean isStoreAcceptOnceCertificates() {
        return this.hi;
    }

    public synchronized void refresh() {
        init();
    }

    public void removeListener(DefaultCertificateStoreListener defaultCertificateStoreListener) {
        if (defaultCertificateStoreListener != null) {
            this.listeners.remove(defaultCertificateStoreListener);
        }
    }

    public void setStoreAcceptOnceCertificates(boolean z) {
        this.hi = z;
    }

    private void c(Cert cert) {
        Iterator<DefaultCertificateStoreListener> it = this.listeners.iterator();
        while (it.hasNext()) {
            it.next().onRejectedCertificateAdded(cert);
        }
    }

    private void a(X509CRL x509crl) {
        Iterator<DefaultCertificateStoreListener> it = this.listeners.iterator();
        while (it.hasNext()) {
            it.next().onRevokedListAdded(x509crl);
        }
    }

    private void d(Cert cert) {
        Iterator<DefaultCertificateStoreListener> it = this.listeners.iterator();
        while (it.hasNext()) {
            it.next().onTrustedCertificateAdded(cert);
        }
    }

    private String e(Cert cert) {
        return a(cert.getEncodedThumbprint());
    }

    private File a(File file, Cert cert) {
        String str = this.hd.get(cert);
        return str != null ? new File(file, str) : new File(file, e(cert) + ".der");
    }

    private String a(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder(2 * bArr.length);
        for (byte b : bArr) {
            sb.append(gZ.charAt((b & 240) >> 4)).append(gZ.charAt(b & 15));
        }
        return sb.toString();
    }

    private synchronized void init() {
        clear(false);
        a(this.hb, this.hh, this.ha);
        a(this.ha, this.hg, this.hb);
        aR();
    }

    private void a(Map<String, Cert> map, File file, Map<String, Cert> map2) {
        if (!file.exists()) {
            file.mkdirs();
        }
        if (file.isDirectory()) {
            for (File file2 : file.listFiles()) {
                try {
                    Cert load = Cert.load(file2);
                    this.hd.put(load, file2.getName());
                    a(map, file, load);
                    logger.debug("Initialized cert from file: {}", file2);
                    if (map2 != null) {
                        map2.remove(e(load));
                    }
                } catch (IOException e) {
                    logger.info("File '{}' is not a certificate: {}", file2, e.getMessage());
                } catch (CertificateException e2) {
                    logger.info("File '{}' is not a valid certificate: {}", file2, e2.getMessage());
                }
            }
        }
    }

    private void b(File file) {
        try {
            X509CRL x509crl = (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(new FileInputStream(file));
            this.hc.add(x509crl);
            logger.info("CRL initialized from " + file + ": " + (x509crl.getRevokedCertificates() == null ? "no revoked certificates" : x509crl.getRevokedCertificates().size() + " certificates revoked"));
        } catch (Exception e) {
            logger.warn("Could not read CRL file {: {}", file, e.getMessage());
        }
    }

    private void aR() {
        if (!this.hf.exists()) {
            this.hf.mkdirs();
        }
        if (!this.hf.isDirectory()) {
            logger.warn("revocationDir: {} is not a directory", this.hf.getAbsolutePath());
            return;
        }
        for (File file : this.hf.listFiles()) {
            if (file.getName().endsWith(".crl")) {
                b(file);
            } else {
                logger.warn("Revocation folder contains something else than .crl file, found: {}", file.getAbsolutePath());
            }
        }
    }

    private void a(Map<String, Cert> map, File file, Cert cert) {
        String e = e(cert);
        logger.debug("listAdd: cert={}; dir={}", e, file);
        if (!map.containsKey(e)) {
            try {
                File a = a(file, cert);
                if (!a.exists()) {
                    cert.save(a);
                }
            } catch (IOException e2) {
                logger.error("Cannot write to directory " + file, (Throwable) e2);
            }
            map.put(e, cert);
        }
        logger.debug("certificates.size()={}", Integer.valueOf(map.size()));
    }

    private void b(Map<String, Cert> map, File file, Cert cert) {
        logger.debug("removeCertificate: cert={} dir={}", e(cert), file);
        logger.debug("certificates.size()={}", Integer.valueOf(map.size()));
        a(file, cert).delete();
        Cert remove = map.remove(e(cert));
        if (logger.isDebugEnabled()) {
            logger.debug("c=" + (remove == null ? BeanDefinitionParserDelegate.NULL_ELEMENT : remove.getEncodedThumbprint()));
            logger.debug("certificates.size()={}", Integer.valueOf(map.size()));
        }
    }
}
