package org.cesecore.certificates.ca.internal;

import java.io.PrintWriter;
import java.io.StringWriter;
import java.io.Writer;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.log4j.Logger;
import org.cesecore.certificates.certificate.HashID;
import org.cesecore.config.OcspConfiguration;
import org.cesecore.util.Base64;
import org.cesecore.util.CertTools;

/* loaded from: input_file:org/cesecore/certificates/ca/internal/CaCertificateCache.class */
public enum CaCertificateCache {
    INSTANCE;

    private final Logger log = Logger.getLogger(CaCertificateCache.class);
    private Map<Integer, X509Certificate> certsFromSubjectDN = new HashMap();
    private Map<Integer, Set<X509Certificate>> certsFromIssuerDN = new HashMap();
    private Map<Integer, X509Certificate> certsFromSubjectKeyIdentifier = new HashMap();
    private Set<X509Certificate> rootCertificates = new HashSet();
    private long certValidTo = 0;

    CaCertificateCache() {
    }

    public X509Certificate findLatestBySubjectDN(HashID hashID) {
        X509Certificate x509Certificate = this.certsFromSubjectDN.get(hashID.getKey());
        if (x509Certificate == null && this.log.isDebugEnabled()) {
            this.log.debug("Certificate not found from SubjectDN HashId in certsFromSubjectDN map. HashID=" + hashID.getB64());
        }
        return x509Certificate;
    }

    public X509Certificate[] findLatestByIssuerDN(HashID hashID) {
        Set<X509Certificate> set = this.certsFromIssuerDN.get(hashID.getKey());
        if (set != null && !set.isEmpty()) {
            return (X509Certificate[]) set.toArray(new X509Certificate[set.size()]);
        }
        if (!this.log.isDebugEnabled()) {
            return null;
        }
        this.log.debug("Certificate not found from IssuerDN HashId in certsFromIssuerDN map. HashID=" + hashID.getB64());
        return null;
    }

    public X509Certificate[] getRootCertificates() {
        return (X509Certificate[]) this.rootCertificates.toArray(new X509Certificate[0]);
    }

    public X509Certificate findBySubjectKeyIdentifier(HashID hashID) {
        X509Certificate x509Certificate = this.certsFromSubjectKeyIdentifier.get(hashID.getKey());
        if (x509Certificate == null && this.log.isDebugEnabled()) {
            this.log.debug("Certificate not found from SubjectKeyIdentifier HashId in certsFromSubjectKeyIdentifier map. HashID=" + hashID.getB64());
        }
        return x509Certificate;
    }

    public boolean isCacheExpired() {
        return this.certValidTo < System.currentTimeMillis();
    }

    public synchronized void loadCertificates(Collection<Certificate> collection) {
        if (this.log.isDebugEnabled()) {
            this.log.debug("Loaded " + (collection == null ? "0" : Integer.toString(collection.size())) + " ca certificates");
        }
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        HashMap hashMap3 = new HashMap();
        HashSet hashSet = new HashSet();
        for (Certificate certificate : collection) {
            if (certificate instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) certificate;
                try {
                    hashMap3.put(HashID.getFromKeyID(x509Certificate).getKey(), x509Certificate);
                    Integer key = HashID.getFromSubjectDN(x509Certificate).getKey();
                    X509Certificate x509Certificate2 = (X509Certificate) hashMap.get(key);
                    if (x509Certificate2 != null ? CertTools.getNotBefore(x509Certificate).after(CertTools.getNotBefore(x509Certificate2)) : true) {
                        hashMap.put(key, x509Certificate);
                        Integer key2 = HashID.getFromIssuerDN(x509Certificate).getKey();
                        if (key2.equals(key)) {
                            hashSet.add(x509Certificate);
                            hashSet.remove(x509Certificate2);
                        } else {
                            Set set = (Set) hashMap2.get(key2);
                            if (set == null) {
                                set = new HashSet();
                                hashMap2.put(key2, set);
                            }
                            set.add(x509Certificate);
                            set.remove(x509Certificate2);
                        }
                    }
                } catch (Throwable th) {
                    if (this.log.isDebugEnabled()) {
                        StringWriter stringWriter = new StringWriter();
                        PrintWriter printWriter = new PrintWriter(stringWriter);
                        printWriter.println("Erroneous certificate fetched from database.");
                        printWriter.println("The public key can not be extracted from the certificate.");
                        printWriter.println("Here follows a base64 encoding of the certificate:");
                        try {
                            String str = new String(Base64.encode(x509Certificate.getEncoded()));
                            printWriter.println(CertTools.BEGIN_CERTIFICATE);
                            printWriter.println(str);
                            printWriter.println(CertTools.END_CERTIFICATE);
                        } catch (CertificateEncodingException e) {
                            printWriter.println("Not possible to encode certificate.");
                        }
                        printWriter.flush();
                        this.log.debug(stringWriter.toString());
                    }
                }
            } else {
                this.log.debug("Not adding CA certificate of type: " + certificate.getType());
            }
        }
        if (this.log.isDebugEnabled()) {
            StringWriter stringWriter2 = new StringWriter();
            PrintWriter printWriter2 = new PrintWriter((Writer) stringWriter2, true);
            printWriter2.println("Found the following CA certificates :");
            Iterator it = hashMap3.entrySet().iterator();
            while (it.hasNext()) {
                Certificate certificate2 = (Certificate) ((Map.Entry) it.next()).getValue();
                printWriter2.print(CertTools.getSubjectDN(certificate2));
                printWriter2.print(',');
                printWriter2.println(CertTools.getSerialNumberAsString(certificate2));
            }
            this.log.debug(stringWriter2);
        }
        this.certsFromSubjectKeyIdentifier = hashMap3;
        this.certsFromIssuerDN = hashMap2;
        this.certsFromSubjectDN = hashMap;
        this.rootCertificates = hashSet;
        this.certValidTo = System.currentTimeMillis() + OcspConfiguration.getSigningCertsValidTimeInMilliseconds();
    }
}
