package eu.europa.esig.dss.spi.x509;

import eu.europa.esig.dss.enumerations.CertificateSourceType;
import eu.europa.esig.dss.model.Digest;
import eu.europa.esig.dss.model.identifier.EntityIdentifier;
import eu.europa.esig.dss.model.identifier.KeyIdentifier;
import eu.europa.esig.dss.model.identifier.X500NameIdentifier;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.model.x509.X500PrincipalHelper;
import eu.europa.esig.dss.utils.Utils;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/dss-spi-6.2.jar:eu/europa/esig/dss/spi/x509/CommonCertificateSource.class */
public class CommonCertificateSource implements CertificateSource {
    private static final long serialVersionUID = -5031898106342793626L;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CommonCertificateSource.class);
    protected final transient CertificateTokenRefMatcher certificateMatcher = new CertificateTokenRefMatcher();
    private Map<EntityIdentifier, EquivalentCertificatesEntity> entitiesByEntityKey = new HashMap();
    private Map<KeyIdentifier, EquivalentCertificatesEntity> entitiesByPublicKey = new HashMap();
    private Map<X500NameIdentifier, Set<CertificateToken>> tokensBySubject = new HashMap();

    @Override // eu.europa.esig.dss.spi.x509.CertificateSource
    public CertificateToken addCertificate(CertificateToken certificateToken) {
        Objects.requireNonNull(certificateToken, "The certificate must be filled");
        if (LOG.isTraceEnabled()) {
            LOG.trace("Certificate to add: {} | {}", certificateToken.getIssuerX500Principal(), certificateToken.getSerialNumber());
        }
        synchronized (this.entitiesByEntityKey) {
            EntityIdentifier entityKey = certificateToken.getEntityKey();
            EquivalentCertificatesEntity equivalentCertificatesEntity = this.entitiesByEntityKey.get(entityKey);
            if (equivalentCertificatesEntity == null) {
                LOG.trace("Entity key {} is not in the pool", entityKey);
                this.entitiesByEntityKey.put(entityKey, new EquivalentCertificatesEntity(certificateToken));
            } else {
                LOG.trace("Entity key {} is already in the pool", entityKey);
                equivalentCertificatesEntity.addEquivalentCertificate(certificateToken);
            }
        }
        synchronized (this.entitiesByPublicKey) {
            KeyIdentifier keyIdentifier = new KeyIdentifier(certificateToken.getPublicKey());
            EquivalentCertificatesEntity equivalentCertificatesEntity2 = this.entitiesByPublicKey.get(keyIdentifier);
            if (equivalentCertificatesEntity2 == null) {
                LOG.trace("Key identifier {} is not in the pool", keyIdentifier);
                this.entitiesByPublicKey.put(keyIdentifier, new EquivalentCertificatesEntity(certificateToken));
            } else {
                LOG.trace("Key identifier {} is already in the pool", keyIdentifier);
                equivalentCertificatesEntity2.addEquivalentCertificate(certificateToken);
            }
        }
        synchronized (this.tokensBySubject) {
            this.tokensBySubject.computeIfAbsent(new X500NameIdentifier(certificateToken.getSubject().getPrincipal()), x500NameIdentifier -> {
                return new HashSet();
            }).add(certificateToken);
        }
        return certificateToken;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeCertificate(CertificateToken certificateToken) {
        Objects.requireNonNull(certificateToken, "The certificate must be filled");
        if (LOG.isTraceEnabled()) {
            LOG.trace("Certificate to remove: {} | {}", certificateToken.getIssuerX500Principal(), certificateToken.getSerialNumber());
        }
        synchronized (this.entitiesByEntityKey) {
            EntityIdentifier entityKey = certificateToken.getEntityKey();
            EquivalentCertificatesEntity equivalentCertificatesEntity = this.entitiesByEntityKey.get(entityKey);
            if (equivalentCertificatesEntity == null) {
                LOG.trace("Entity key {} is not in the pool", entityKey);
            } else {
                LOG.trace("Entity key {} is in the pool", entityKey);
                if (equivalentCertificatesEntity.getEquivalentCertificates().size() == 1) {
                    LOG.trace("Remove the entity key {} from the pool", entityKey);
                    this.entitiesByEntityKey.remove(entityKey);
                } else {
                    LOG.trace("Remove the token {} from the pool", certificateToken.getAbbreviation());
                    equivalentCertificatesEntity.removeEquivalentCertificate(certificateToken);
                }
            }
        }
        synchronized (this.entitiesByPublicKey) {
            KeyIdentifier keyIdentifier = new KeyIdentifier(certificateToken.getPublicKey());
            EquivalentCertificatesEntity equivalentCertificatesEntity2 = this.entitiesByPublicKey.get(keyIdentifier);
            if (equivalentCertificatesEntity2 == null) {
                LOG.trace("Key identifier {} is not in the pool", keyIdentifier);
            } else {
                LOG.trace("Key identifier {} is in the pool", keyIdentifier);
                if (equivalentCertificatesEntity2.getEquivalentCertificates().size() == 1) {
                    LOG.trace("Remove the Key identifier {} from the pool", keyIdentifier);
                    this.entitiesByPublicKey.remove(keyIdentifier);
                } else {
                    LOG.trace("Remove the token {} from the pool", certificateToken.getAbbreviation());
                    equivalentCertificatesEntity2.removeEquivalentCertificate(certificateToken);
                }
            }
        }
        synchronized (this.tokensBySubject) {
            X500NameIdentifier x500NameIdentifier = new X500NameIdentifier(certificateToken.getSubject().getPrincipal());
            Set<CertificateToken> set = this.tokensBySubject.get(x500NameIdentifier);
            if (Utils.isCollectionEmpty(set)) {
                LOG.trace("RDN {} is not in the pool", x500NameIdentifier);
            } else if (set.size() == 1) {
                this.tokensBySubject.remove(x500NameIdentifier);
            } else {
                set.remove(certificateToken);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void reset() {
        this.entitiesByEntityKey = new HashMap();
        this.entitiesByPublicKey = new HashMap();
        this.tokensBySubject = new HashMap();
    }

    @Override // eu.europa.esig.dss.spi.x509.CertificateSource
    public boolean isKnown(CertificateToken certificateToken) {
        EquivalentCertificatesEntity equivalentCertificatesEntity = this.entitiesByEntityKey.get(certificateToken.getEntityKey());
        if (equivalentCertificatesEntity != null) {
            return Utils.containsAny(equivalentCertificatesEntity.getEquivalentCertificates(), getBySubject(certificateToken.getSubject()));
        }
        return false;
    }

    @Override // eu.europa.esig.dss.spi.x509.CertificateSource
    public List<CertificateToken> getCertificates() {
        ArrayList arrayList = new ArrayList();
        Iterator<EquivalentCertificatesEntity> it = this.entitiesByEntityKey.values().iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().getEquivalentCertificates());
        }
        return Collections.unmodifiableList(arrayList);
    }

    @Override // eu.europa.esig.dss.spi.x509.CertificateSource
    public List<CertificateSourceEntity> getEntities() {
        return new ArrayList(this.entitiesByEntityKey.values());
    }

    @Override // eu.europa.esig.dss.spi.x509.CertificateSource
    public Set<CertificateToken> getByPublicKey(PublicKey publicKey) {
        EquivalentCertificatesEntity equivalentCertificatesEntity = this.entitiesByPublicKey.get(new KeyIdentifier(publicKey));
        return equivalentCertificatesEntity != null ? equivalentCertificatesEntity.getEquivalentCertificates() : Collections.emptySet();
    }

    @Override // eu.europa.esig.dss.spi.x509.CertificateSource
    public Set<CertificateToken> getByEntityKey(EntityIdentifier entityIdentifier) {
        EquivalentCertificatesEntity equivalentCertificatesEntity = this.entitiesByEntityKey.get(entityIdentifier);
        return equivalentCertificatesEntity != null ? equivalentCertificatesEntity.getEquivalentCertificates() : Collections.emptySet();
    }

    @Override // eu.europa.esig.dss.spi.x509.CertificateSource
    public Set<CertificateToken> getBySki(byte[] bArr) {
        for (EquivalentCertificatesEntity equivalentCertificatesEntity : this.entitiesByPublicKey.values()) {
            if (Arrays.equals(equivalentCertificatesEntity.getSki(), bArr)) {
                return equivalentCertificatesEntity.getEquivalentCertificates();
            }
        }
        return Collections.emptySet();
    }

    @Override // eu.europa.esig.dss.spi.x509.CertificateSource
    public Set<CertificateToken> getBySubject(X500PrincipalHelper x500PrincipalHelper) {
        Set<CertificateToken> set = this.tokensBySubject.get(new X500NameIdentifier(x500PrincipalHelper.getPrincipal()));
        return set != null ? set : Collections.emptySet();
    }

    @Override // eu.europa.esig.dss.spi.x509.CertificateSource
    public Set<CertificateToken> getBySignerIdentifier(SignerIdentifier signerIdentifier) {
        HashSet hashSet = new HashSet();
        Iterator<EquivalentCertificatesEntity> it = this.entitiesByEntityKey.values().iterator();
        while (it.hasNext()) {
            for (CertificateToken certificateToken : it.next().getEquivalentCertificates()) {
                if (signerIdentifier.isRelatedToCertificate(certificateToken)) {
                    hashSet.add(certificateToken);
                }
            }
        }
        return hashSet;
    }

    @Override // eu.europa.esig.dss.spi.x509.CertificateSource
    public Set<CertificateToken> getByCertificateDigest(Digest digest) {
        HashSet hashSet = new HashSet();
        Iterator<EquivalentCertificatesEntity> it = this.entitiesByEntityKey.values().iterator();
        while (it.hasNext()) {
            for (CertificateToken certificateToken : it.next().getEquivalentCertificates()) {
                if (Arrays.equals(digest.getValue(), certificateToken.getDigest(digest.getAlgorithm()))) {
                    hashSet.add(certificateToken);
                }
            }
        }
        return hashSet;
    }

    @Override // eu.europa.esig.dss.spi.x509.CertificateSource
    public Set<CertificateToken> findTokensFromCertRef(CertificateRef certificateRef) {
        HashSet hashSet = new HashSet();
        Iterator<EquivalentCertificatesEntity> it = this.entitiesByEntityKey.values().iterator();
        while (it.hasNext()) {
            for (CertificateToken certificateToken : it.next().getEquivalentCertificates()) {
                if (doesCertificateReferenceMatch(certificateToken, certificateRef)) {
                    hashSet.add(certificateToken);
                }
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean doesCertificateReferenceMatch(CertificateToken certificateToken, CertificateRef certificateRef) {
        return this.certificateMatcher.match(certificateToken, certificateRef);
    }

    public int getNumberOfCertificates() {
        return getCertificates().size();
    }

    public int getNumberOfEntities() {
        return this.entitiesByEntityKey.size();
    }

    @Override // eu.europa.esig.dss.spi.x509.CertificateSource
    public CertificateSourceType getCertificateSourceType() {
        return CertificateSourceType.OTHER;
    }

    @Override // eu.europa.esig.dss.spi.x509.CertificateSource
    public boolean isTrusted(CertificateToken certificateToken) {
        return false;
    }

    @Override // eu.europa.esig.dss.spi.x509.CertificateSource
    public boolean isTrustedAtTime(CertificateToken certificateToken, Date date) {
        return isTrusted(certificateToken);
    }

    @Override // eu.europa.esig.dss.spi.x509.CertificateSource
    public boolean isAllSelfSigned() {
        Iterator<CertificateToken> it = getCertificates().iterator();
        while (it.hasNext()) {
            if (!it.next().isSelfSigned()) {
                return false;
            }
        }
        return true;
    }

    @Override // eu.europa.esig.dss.spi.x509.CertificateSource
    public boolean isCertificateSourceEqual(CertificateSource certificateSource) {
        return new HashSet(getCertificates()).equals(new HashSet(certificateSource.getCertificates()));
    }

    @Override // eu.europa.esig.dss.spi.x509.CertificateSource
    public boolean isCertificateSourceEquivalent(CertificateSource certificateSource) {
        return new HashSet(getEntities()).equals(new HashSet(certificateSource.getEntities()));
    }
}
