package eu.europa.esig.dss.spi.x509.aia;

import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.spi.CertificateExtensionsUtils;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.utils.Utils;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/dss-spi-6.1.jar:eu/europa/esig/dss/spi/x509/aia/RepositoryAIASource.class */
public abstract class RepositoryAIASource implements AIASource {
    private static final long serialVersionUID = -8629948836670094079L;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) RepositoryAIASource.class);
    protected AIASource proxiedSource;

    public void setProxySource(AIASource aIASource) {
        this.proxiedSource = aIASource;
    }

    @Override // eu.europa.esig.dss.spi.x509.aia.AIASource
    public Set<CertificateToken> getCertificatesByAIA(CertificateToken certificateToken) {
        return getCertificatesByAIA(certificateToken, false);
    }

    public Set<CertificateToken> getCertificatesByAIA(CertificateToken certificateToken, boolean z) {
        Objects.requireNonNull(certificateToken, "CertificateToken shall be provided!");
        List<String> cAIssuersAccessUrls = CertificateExtensionsUtils.getCAIssuersAccessUrls(certificateToken);
        if (Utils.isCollectionEmpty(cAIssuersAccessUrls)) {
            LOG.info("There is no AIA extension for certificate download.");
            return Collections.emptySet();
        }
        List<String> initCertificateAIAKeys = initCertificateAIAKeys(cAIssuersAccessUrls);
        if (z) {
            LOG.info("Cache is skipped to retrieve the certificates by AIA for the certificate with Id '{}'", certificateToken.getDSSIdAsString());
        } else {
            Set<CertificateToken> extractAIAFromCacheSource = extractAIAFromCacheSource(initCertificateAIAKeys);
            if (Utils.isCollectionNotEmpty(extractAIAFromCacheSource)) {
                LOG.info("Certificate tokens with AIA '{}' have been loaded from the cache", cAIssuersAccessUrls);
                return extractAIAFromCacheSource;
            }
        }
        return extractAndInsertCertificatesFromProxiedSource(certificateToken, initCertificateAIAKeys);
    }

    private Set<CertificateToken> extractAndInsertCertificatesFromProxiedSource(CertificateToken certificateToken, List<String> list) {
        if (this.proxiedSource == null) {
            LOG.warn("Proxied AIASource is not provided!");
            return Collections.emptySet();
        }
        List<String> existingAIAKeys = getExistingAIAKeys();
        for (String str : list) {
            if (existingAIAKeys.contains(str)) {
                LOG.info("AIA Certificates with key '{}' have been removed from DB", str);
                removeCertificates(str);
            }
        }
        HashSet hashSet = new HashSet();
        Set<CertificateToken> certificatesByAIA = this.proxiedSource.getCertificatesByAIA(certificateToken);
        if (Utils.isCollectionNotEmpty(certificatesByAIA)) {
            for (CertificateToken certificateToken2 : certificatesByAIA) {
                String certificateTokenAIAUrl = getCertificateTokenAIAUrl(certificateToken2);
                if (certificateTokenAIAUrl == null) {
                    LOG.warn("Not able to find AIA CA issuers URL for certificate '{}'. CA issuers will not be added to the cache.", certificateToken.getDSSIdAsString());
                    return certificatesByAIA;
                }
                insertCertificate(getAIAKey(certificateTokenAIAUrl), certificateToken2);
                hashSet.add(certificateToken2);
            }
            LOG.info("CA issuers for a certificate with Id '{}' are added into the cache", certificateToken.getDSSIdAsString());
        }
        return hashSet;
    }

    protected String getCertificateTokenAIAUrl(CertificateToken certificateToken) {
        String sourceURL = certificateToken.getSourceURL();
        if (sourceURL == null) {
            List<String> cAIssuersAccessUrls = CertificateExtensionsUtils.getCAIssuersAccessUrls(certificateToken);
            if (cAIssuersAccessUrls.size() == 0) {
                LOG.warn("No AIA distribution points have been found for this certificate Token with ID {} ", certificateToken.getDSSIdAsString());
            } else if (cAIssuersAccessUrls.size() == 1) {
                sourceURL = cAIssuersAccessUrls.get(0);
            } else {
                sourceURL = cAIssuersAccessUrls.get(0);
                LOG.debug("There are multiple AIA distribution points for certificate token with ID {} , the first url will be used as Jdbc revocation source key", certificateToken.getDSSIdAsString());
            }
        }
        return sourceURL;
    }

    protected abstract List<String> getExistingAIAKeys();

    protected List<String> initCertificateAIAKeys(List<String> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(getAIAKey(it.next()));
        }
        return arrayList;
    }

    protected String getAIAKey(String str) {
        return DSSUtils.getSHA1Digest(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getUniqueCertificateAiaId(CertificateToken certificateToken, String str) {
        return DSSUtils.getSHA1Digest(certificateToken.getDSSIdAsString() + str);
    }

    private Set<CertificateToken> extractAIAFromCacheSource(List<String> list) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            linkedHashSet.addAll(findCertificates(it.next()));
        }
        return linkedHashSet;
    }

    protected abstract Set<CertificateToken> findCertificates(String str);

    protected abstract void insertCertificate(String str, CertificateToken certificateToken);

    protected abstract void removeCertificates(String str);
}
