package eu.europa.esig.dss.spi.x509.revocation;

import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.model.x509.revocation.Revocation;
import eu.europa.esig.dss.utils.Utils;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/dss-spi-6.1.jar:eu/europa/esig/dss/spi/x509/revocation/RepositoryRevocationSource.class */
public abstract class RepositoryRevocationSource<R extends Revocation> implements RevocationSource<R>, MultipleRevocationSource<R> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) RepositoryRevocationSource.class);
    private static final long serialVersionUID = 8116937707098957391L;
    protected RevocationSource<R> proxiedSource;
    private Long defaultNextUpdateDelay;
    private Long maxNextUpdateDelay;
    private boolean removeExpired = true;

    protected abstract List<String> initRevocationTokenKeys(CertificateToken certificateToken);

    protected abstract List<RevocationToken<R>> findRevocations(String str, CertificateToken certificateToken, CertificateToken certificateToken2);

    protected abstract void insertRevocation(String str, RevocationToken<R> revocationToken);

    protected abstract void updateRevocation(String str, RevocationToken<R> revocationToken);

    protected abstract void removeRevocation(String str);

    public void setDefaultNextUpdateDelay(Long l) {
        this.defaultNextUpdateDelay = l == null ? null : Long.valueOf(l.longValue() * 1000);
    }

    public void setMaxNextUpdateDelay(Long l) {
        this.maxNextUpdateDelay = l == null ? null : Long.valueOf(l.longValue() * 1000);
    }

    public void setProxySource(RevocationSource<R> revocationSource) {
        this.proxiedSource = revocationSource;
    }

    public void setRemoveExpired(boolean z) {
        this.removeExpired = z;
    }

    @Override // eu.europa.esig.dss.spi.x509.revocation.RevocationSource
    public RevocationToken<R> getRevocationToken(CertificateToken certificateToken, CertificateToken certificateToken2) {
        return getRevocationToken(certificateToken, certificateToken2, false);
    }

    public RevocationToken<R> getRevocationToken(CertificateToken certificateToken, CertificateToken certificateToken2, boolean z) {
        List<RevocationToken<R>> revocationTokens = getRevocationTokens(certificateToken, certificateToken2, z);
        if (!Utils.isCollectionNotEmpty(revocationTokens)) {
            return null;
        }
        if (Utils.collectionSize(revocationTokens) == 1) {
            return revocationTokens.iterator().next();
        }
        LOG.info("More than one revocation token has been found for certificate with Id '{}'. Return the latest revocation data.", certificateToken.getDSSIdAsString());
        return getLatestRevocationData(revocationTokens);
    }

    @Override // eu.europa.esig.dss.spi.x509.revocation.MultipleRevocationSource
    public List<RevocationToken<R>> getRevocationTokens(CertificateToken certificateToken, CertificateToken certificateToken2) {
        return getRevocationTokens(certificateToken, certificateToken2, false);
    }

    public List<RevocationToken<R>> getRevocationTokens(CertificateToken certificateToken, CertificateToken certificateToken2, boolean z) {
        if (certificateToken == null || certificateToken2 == null) {
            LOG.warn("Certificate token or issuer's certificate token is null. Cannot get a revocation token!");
            return Collections.emptyList();
        }
        List<String> initRevocationTokenKeys = initRevocationTokenKeys(certificateToken);
        if (z) {
            LOG.info("Cache is skipped to retrieve the revocation token for certificate with Id '{}'", certificateToken.getDSSIdAsString());
        } else {
            Map<String, List<RevocationToken<R>>> extractRevocationFromCacheSource = extractRevocationFromCacheSource(certificateToken, certificateToken2, initRevocationTokenKeys);
            initRevocationTokenKeys = extractRevocationFromCacheSource.keySet();
            if (Utils.isMapNotEmpty(extractRevocationFromCacheSource)) {
                return (List) extractRevocationFromCacheSource.values().stream().flatMap((v0) -> {
                    return v0.stream();
                }).collect(Collectors.toList());
            }
        }
        RevocationToken<R> extractAndInsertRevocationTokenFromProxiedSource = extractAndInsertRevocationTokenFromProxiedSource(certificateToken, certificateToken2, initRevocationTokenKeys);
        return extractAndInsertRevocationTokenFromProxiedSource != null ? Collections.singletonList(extractAndInsertRevocationTokenFromProxiedSource) : Collections.emptyList();
    }

    private Map<String, List<RevocationToken<R>>> extractRevocationFromCacheSource(CertificateToken certificateToken, CertificateToken certificateToken2, Collection<String> collection) {
        HashMap hashMap = new HashMap();
        for (String str : collection) {
            List<RevocationToken<R>> findRevocations = findRevocations(str, certificateToken, certificateToken2);
            if (Utils.isCollectionNotEmpty(findRevocations)) {
                List list = (List) findRevocations.stream().filter(revocationToken -> {
                    return isNotExpired(revocationToken, certificateToken2);
                }).collect(Collectors.toList());
                if (Utils.isCollectionNotEmpty(list)) {
                    hashMap.put(str, list);
                } else {
                    LOG.debug("Revocation token is expired in the cache for certificate with Id '{}'", certificateToken.getDSSIdAsString());
                    if (this.removeExpired) {
                        removeRevocation(str);
                    }
                }
            }
        }
        if (Utils.isMapNotEmpty(hashMap)) {
            LOG.info("Revocation token for certificate with Id '{}' has been loaded from the cache", certificateToken.getDSSIdAsString());
        }
        return hashMap;
    }

    private RevocationToken<R> getLatestRevocationData(Collection<RevocationToken<R>> collection) {
        RevocationToken<R> revocationToken = null;
        if (Utils.isCollectionNotEmpty(collection)) {
            for (RevocationToken<R> revocationToken2 : collection) {
                if (revocationToken == null || (revocationToken2.getThisUpdate() != null && revocationToken.getThisUpdate().before(revocationToken2.getThisUpdate()))) {
                    revocationToken = revocationToken2;
                }
            }
        }
        return revocationToken;
    }

    private RevocationToken<R> extractAndInsertRevocationTokenFromProxiedSource(CertificateToken certificateToken, CertificateToken certificateToken2, Collection<String> collection) {
        if (this.proxiedSource == null) {
            LOG.warn("Proxied revocation source is not initialized for the called RevocationSource!");
            return null;
        }
        RevocationToken<R> revocationToken = this.proxiedSource.getRevocationToken(certificateToken, certificateToken2);
        if (revocationToken != null) {
            if (revocationToken.isValid()) {
                String revocationSourceUrl = getRevocationSourceUrl(certificateToken, revocationToken);
                if (revocationSourceUrl == null) {
                    LOG.warn("Not able to find revocation source URL for certificate '{}'. Revocation will not be added to the cache", certificateToken.getDSSIdAsString());
                    return revocationToken;
                }
                String revocationTokenKey = getRevocationTokenKey(certificateToken, revocationSourceUrl);
                if (collection.contains(revocationTokenKey)) {
                    updateRevocation(revocationTokenKey, revocationToken);
                    LOG.info("Revocation token for certificate '{}' is updated in the cache", certificateToken.getDSSIdAsString());
                } else {
                    insertRevocation(revocationTokenKey, revocationToken);
                    LOG.info("Revocation token for certificate '{}' is added into the cache", certificateToken.getDSSIdAsString());
                }
            } else {
                LOG.warn("The extracted revocation token with Id '{}' is invalid! Reason: {}", revocationToken.getDSSIdAsString(), revocationToken.getInvalidityReason());
            }
        }
        return revocationToken;
    }

    protected String getRevocationSourceUrl(CertificateToken certificateToken, RevocationToken<R> revocationToken) {
        String sourceURL = revocationToken.getSourceURL();
        if (sourceURL == null) {
            List<String> revocationAccessUrls = getRevocationAccessUrls(certificateToken);
            if (revocationAccessUrls.size() == 0) {
                LOG.warn("No revocation distribution points have been found for this certificate Token with ID {} ", certificateToken.getDSSIdAsString());
            } else if (revocationAccessUrls.size() == 1) {
                sourceURL = revocationAccessUrls.get(0);
            } else {
                sourceURL = revocationAccessUrls.get(0);
                LOG.debug("There are multiple revocation distribution points for certificate token with ID {}, the first url will be used as Jdbc revocation source key", certificateToken.getDSSIdAsString());
            }
        }
        return sourceURL;
    }

    protected abstract List<String> getRevocationAccessUrls(CertificateToken certificateToken);

    protected abstract String getRevocationTokenKey(CertificateToken certificateToken, String str);

    protected boolean isNotExpired(RevocationToken<R> revocationToken, CertificateToken certificateToken) {
        Date date = new Date();
        Date nextUpdate = revocationToken.getNextUpdate();
        if (nextUpdate == null) {
            CertificateToken issuerCertificateToken = revocationToken.getIssuerCertificateToken();
            if (issuerCertificateToken == null) {
                issuerCertificateToken = certificateToken;
            }
            if (!issuerCertificateToken.isValidOn(date)) {
                return false;
            }
        }
        Date thisUpdate = revocationToken.getThisUpdate();
        if (nextUpdate == null && this.defaultNextUpdateDelay != null && thisUpdate != null) {
            nextUpdate = new Date(thisUpdate.getTime() + this.defaultNextUpdateDelay.longValue());
        }
        if (nextUpdate == null) {
            return false;
        }
        if (this.maxNextUpdateDelay != null && thisUpdate != null) {
            Date date2 = new Date(thisUpdate.getTime() + this.maxNextUpdateDelay.longValue());
            if (nextUpdate.after(date2)) {
                nextUpdate = date2;
            }
        }
        return nextUpdate.after(date);
    }
}
