package eu.europa.esig.dss.client.crl;

import eu.europa.esig.dss.DSSASN1Utils;
import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.DSSUtils;
import eu.europa.esig.dss.SignatureAlgorithm;
import eu.europa.esig.dss.crl.CRLValidity;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.x509.CertificateToken;
import eu.europa.esig.dss.x509.crl.CRLSource;
import eu.europa.esig.dss.x509.crl.CRLToken;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.sql.Timestamp;
import java.util.Date;
import java.util.List;
import javax.sql.DataSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/client/crl/JdbcCacheCRLSource.class */
public class JdbcCacheCRLSource implements CRLSource {
    private static final Logger LOG = LoggerFactory.getLogger(JdbcCacheCRLSource.class);
    private static final String SQL_INIT_CHECK_EXISTENCE = "SELECT COUNT(*) FROM CACHED_CRL";
    private static final String SQL_INIT_CREATE_TABLE = "CREATE TABLE CACHED_CRL (ID CHAR(40), DATA LONGVARBINARY, SIGNATURE_ALGORITHM VARCHAR(20), THIS_UPDATE TIMESTAMP, NEXT_UPDATE TIMESTAMP, EXPIRED_CERTS_ON_CRL TIMESTAMP, ISSUER LONGVARBINARY, ISSUER_PRINCIPAL_MATCH BOOLEAN, SIGNATURE_INTACT BOOLEAN, CRL_SIGN_KEY_USAGE BOOLEAN, UNKNOWN_CRITICAL_EXTENSION BOOLEAN, SIGNATURE_INVALID_REASON VARCHAR(256))";
    private static final String SQL_FIND_QUERY = "SELECT * FROM CACHED_CRL WHERE ID = ?";
    private static final String SQL_FIND_QUERY_ID = "ID";
    private static final String SQL_FIND_QUERY_DATA = "DATA";
    private static final String SQL_FIND_QUERY_ISSUER = "ISSUER";
    private static final String SQL_FIND_QUERY_THIS_UPDATE = "THIS_UPDATE";
    private static final String SQL_FIND_QUERY_NEXT_UPDATE = "NEXT_UPDATE";
    private static final String SQL_FIND_QUERY_EXPIRED_CERTS_ON_CRL = "EXPIRED_CERTS_ON_CRL";
    private static final String SQL_FIND_QUERY_SIGNATURE_ALGO = "SIGNATURE_ALGORITHM";
    private static final String SQL_FIND_QUERY_ISSUER_PRINCIPAL_MATCH = "ISSUER_PRINCIPAL_MATCH";
    private static final String SQL_FIND_QUERY_SIGNATURE_INTACT = "SIGNATURE_INTACT";
    private static final String SQL_FIND_QUERY_CRL_SIGN_KEY_USAGE = "CRL_SIGN_KEY_USAGE";
    private static final String SQL_FIND_QUERY_UNKNOWN_CRITICAL_EXTENSION = "UNKNOWN_CRITICAL_EXTENSION";
    private static final String SQL_FIND_QUERY_SIGNATURE_INVALID_REASON = "SIGNATURE_INVALID_REASON";
    private static final String SQL_FIND_INSERT = "INSERT INTO CACHED_CRL (ID, DATA, SIGNATURE_ALGORITHM, THIS_UPDATE, NEXT_UPDATE, EXPIRED_CERTS_ON_CRL, ISSUER, ISSUER_PRINCIPAL_MATCH, SIGNATURE_INTACT, CRL_SIGN_KEY_USAGE, UNKNOWN_CRITICAL_EXTENSION, SIGNATURE_INVALID_REASON) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
    private static final String SQL_FIND_UPDATE = "UPDATE CACHED_CRL SET DATA = ?, SIGNATURE_ALGORITHM = ?, THIS_UPDATE = ?, NEXT_UPDATE = ?, EXPIRED_CERTS_ON_CRL = ?, ISSUER = ?, ISSUER_PRINCIPAL_MATCH = ?, SIGNATURE_INTACT = ?, CRL_SIGN_KEY_USAGE = ?, UNKNOWN_CRITICAL_EXTENSION = ?, SIGNATURE_INVALID_REASON = ?  WHERE ID = ?";
    private OnlineCRLSource cachedSource;
    private DataSource dataSource;

    public CRLToken findCrl(CertificateToken certificateToken) throws DSSException {
        if (certificateToken == null || certificateToken.getIssuerToken() == null) {
            return null;
        }
        List crlUrls = DSSASN1Utils.getCrlUrls(certificateToken);
        if (Utils.isCollectionEmpty(crlUrls)) {
            return null;
        }
        String str = (String) crlUrls.get(0);
        LOG.info("CRL's URL for " + certificateToken.getAbbreviation() + " : " + str);
        try {
            String sHA1Digest = DSSUtils.getSHA1Digest(str);
            CRLValidity findCrlInDB = findCrlInDB(sHA1Digest);
            if (findCrlInDB != null && findCrlInDB.getNextUpdate().after(new Date())) {
                LOG.debug("CRL in cache");
                CRLToken cRLToken = new CRLToken(certificateToken, findCrlInDB);
                cRLToken.setSourceURL(str);
                if (cRLToken.isValid()) {
                    return cRLToken;
                }
            }
            CRLToken findCrl = this.cachedSource.findCrl(certificateToken);
            if (findCrl != null && findCrl.isValid()) {
                if (findCrlInDB == null) {
                    LOG.info("CRL '{}' not in cache", str);
                    insertCrlInDb(sHA1Digest, findCrl.getCrlValidity());
                } else {
                    LOG.debug("CRL '{}' expired", str);
                    updateCrlInDb(sHA1Digest, findCrl.getCrlValidity());
                }
            }
            return findCrl;
        } catch (SQLException e) {
            LOG.info("Error with the cache data store", e);
            return null;
        }
    }

    public void setCachedSource(OnlineCRLSource onlineCRLSource) {
        this.cachedSource = onlineCRLSource;
    }

    private void initDao() throws Exception {
        if (tableExists()) {
            return;
        }
        createTable();
    }

    private void createTable() throws SQLException {
        Connection connection = null;
        Statement statement = null;
        try {
            connection = getDataSource().getConnection();
            statement = connection.createStatement();
            statement.executeQuery(SQL_INIT_CREATE_TABLE);
            connection.commit();
            closeQuietly(connection, statement, null);
        } catch (Throwable th) {
            closeQuietly(connection, statement, null);
            throw th;
        }
    }

    private boolean tableExists() {
        boolean z;
        Connection connection = null;
        Statement statement = null;
        try {
            connection = getDataSource().getConnection();
            statement = connection.createStatement();
            statement.executeQuery(SQL_INIT_CHECK_EXISTENCE);
            z = true;
            closeQuietly(connection, statement, null);
        } catch (SQLException e) {
            z = false;
            closeQuietly(connection, statement, null);
        } catch (Throwable th) {
            closeQuietly(connection, statement, null);
            throw th;
        }
        return z;
    }

    private CRLValidity findCrlInDB(String str) throws SQLException {
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            connection = getDataSource().getConnection();
            preparedStatement = connection.prepareStatement(SQL_FIND_QUERY);
            preparedStatement.setString(1, str);
            resultSet = preparedStatement.executeQuery();
            if (!resultSet.next()) {
                closeQuietly(connection, preparedStatement, resultSet);
                return null;
            }
            CRLValidity cRLValidity = new CRLValidity();
            cRLValidity.setKey(resultSet.getString(SQL_FIND_QUERY_ID));
            cRLValidity.setCrlEncoded(resultSet.getBytes(SQL_FIND_QUERY_DATA));
            cRLValidity.setSignatureAlgorithm(SignatureAlgorithm.valueOf(resultSet.getString(SQL_FIND_QUERY_SIGNATURE_ALGO)));
            cRLValidity.setThisUpdate(resultSet.getTimestamp(SQL_FIND_QUERY_THIS_UPDATE));
            cRLValidity.setNextUpdate(resultSet.getTimestamp(SQL_FIND_QUERY_NEXT_UPDATE));
            cRLValidity.setExpiredCertsOnCRL(resultSet.getTimestamp(SQL_FIND_QUERY_EXPIRED_CERTS_ON_CRL));
            cRLValidity.setIssuerToken(DSSUtils.loadCertificate(resultSet.getBytes(SQL_FIND_QUERY_ISSUER)));
            cRLValidity.setCrlSignKeyUsage(resultSet.getBoolean(SQL_FIND_QUERY_CRL_SIGN_KEY_USAGE));
            cRLValidity.setUnknownCriticalExtension(resultSet.getBoolean(SQL_FIND_QUERY_UNKNOWN_CRITICAL_EXTENSION));
            cRLValidity.setIssuerX509PrincipalMatches(resultSet.getBoolean(SQL_FIND_QUERY_ISSUER_PRINCIPAL_MATCH));
            cRLValidity.setSignatureIntact(resultSet.getBoolean(SQL_FIND_QUERY_SIGNATURE_INTACT));
            cRLValidity.setSignatureInvalidityReason(resultSet.getString(SQL_FIND_QUERY_SIGNATURE_INVALID_REASON));
            closeQuietly(connection, preparedStatement, resultSet);
            return cRLValidity;
        } catch (Throwable th) {
            closeQuietly(connection, preparedStatement, resultSet);
            throw th;
        }
    }

    private void insertCrlInDb(String str, CRLValidity cRLValidity) throws SQLException {
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        try {
            connection = getDataSource().getConnection();
            preparedStatement = connection.prepareStatement(SQL_FIND_INSERT);
            preparedStatement.setString(1, str);
            preparedStatement.setBytes(2, cRLValidity.getCrlEncoded());
            preparedStatement.setString(3, cRLValidity.getSignatureAlgorithm().name());
            if (cRLValidity.getThisUpdate() != null) {
                preparedStatement.setTimestamp(4, new Timestamp(cRLValidity.getThisUpdate().getTime()));
            } else {
                preparedStatement.setNull(4, 93);
            }
            if (cRLValidity.getNextUpdate() != null) {
                preparedStatement.setTimestamp(5, new Timestamp(cRLValidity.getNextUpdate().getTime()));
            } else {
                preparedStatement.setNull(5, 93);
            }
            if (cRLValidity.getExpiredCertsOnCRL() != null) {
                preparedStatement.setTimestamp(6, new Timestamp(cRLValidity.getExpiredCertsOnCRL().getTime()));
            } else {
                preparedStatement.setNull(6, 93);
            }
            preparedStatement.setBytes(7, cRLValidity.getIssuerToken().getEncoded());
            preparedStatement.setBoolean(8, cRLValidity.isIssuerX509PrincipalMatches());
            preparedStatement.setBoolean(9, cRLValidity.isSignatureIntact());
            preparedStatement.setBoolean(10, cRLValidity.isCrlSignKeyUsage());
            preparedStatement.setBoolean(11, cRLValidity.isUnknownCriticalExtension());
            preparedStatement.setString(12, cRLValidity.getSignatureInvalidityReason());
            preparedStatement.executeUpdate();
            closeQuietly(connection, preparedStatement, null);
        } catch (Throwable th) {
            closeQuietly(connection, preparedStatement, null);
            throw th;
        }
    }

    private void updateCrlInDb(String str, CRLValidity cRLValidity) throws SQLException {
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        try {
            connection = getDataSource().getConnection();
            preparedStatement = connection.prepareStatement(SQL_FIND_UPDATE);
            preparedStatement.setBytes(1, cRLValidity.getCrlEncoded());
            preparedStatement.setString(2, cRLValidity.getSignatureAlgorithm().name());
            if (cRLValidity.getThisUpdate() != null) {
                preparedStatement.setTimestamp(3, new Timestamp(cRLValidity.getThisUpdate().getTime()));
            } else {
                preparedStatement.setNull(3, 93);
            }
            if (cRLValidity.getNextUpdate() != null) {
                preparedStatement.setTimestamp(4, new Timestamp(cRLValidity.getNextUpdate().getTime()));
            } else {
                preparedStatement.setNull(4, 93);
            }
            if (cRLValidity.getExpiredCertsOnCRL() != null) {
                preparedStatement.setTimestamp(5, new Timestamp(cRLValidity.getExpiredCertsOnCRL().getTime()));
            } else {
                preparedStatement.setNull(5, 93);
            }
            preparedStatement.setBytes(6, cRLValidity.getIssuerToken().getEncoded());
            preparedStatement.setBoolean(7, cRLValidity.isIssuerX509PrincipalMatches());
            preparedStatement.setBoolean(8, cRLValidity.isSignatureIntact());
            preparedStatement.setBoolean(9, cRLValidity.isCrlSignKeyUsage());
            preparedStatement.setBoolean(10, cRLValidity.isUnknownCriticalExtension());
            preparedStatement.setString(11, cRLValidity.getSignatureInvalidityReason());
            preparedStatement.setString(12, str);
            preparedStatement.executeUpdate();
            closeQuietly(connection, preparedStatement, null);
        } catch (Throwable th) {
            closeQuietly(connection, preparedStatement, null);
            throw th;
        }
    }

    private DataSource getDataSource() {
        return this.dataSource;
    }

    public void setDataSource(DataSource dataSource) throws Exception {
        this.dataSource = dataSource;
        initDao();
    }

    private void closeQuietly(Connection connection, Statement statement, ResultSet resultSet) {
        if (resultSet != null) {
            try {
                resultSet.close();
            } catch (SQLException e) {
                return;
            }
        }
        if (statement != null) {
            statement.close();
        }
        if (connection != null) {
            connection.close();
        }
    }
}
