package eu.europa.esig.dss.spi.x509.aia;

import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.spi.CertificateExtensionsUtils;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.client.http.DataLoader;
import eu.europa.esig.dss.spi.client.http.NativeHTTPDataLoader;
import eu.europa.esig.dss.spi.client.http.Protocol;
import eu.europa.esig.dss.spi.exception.DSSExternalResourceException;
import eu.europa.esig.dss.utils.Utils;
import java.io.ByteArrayInputStream;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/dss-spi-6.2.jar:eu/europa/esig/dss/spi/x509/aia/DefaultAIASource.class */
public class DefaultAIASource implements AIASource {
    private static final long serialVersionUID = 3968373722847675203L;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) DefaultAIASource.class);
    private DataLoader dataLoader;
    private Collection<Protocol> acceptedProtocols;

    public DefaultAIASource() {
        this(new NativeHTTPDataLoader());
    }

    public DefaultAIASource(DataLoader dataLoader) {
        this.acceptedProtocols = Arrays.asList(Protocol.values());
        Objects.requireNonNull(dataLoader, "dataLoader cannot be null!");
        this.dataLoader = dataLoader;
    }

    public void setDataLoader(DataLoader dataLoader) {
        Objects.requireNonNull(dataLoader, "dataLoader cannot be null!");
        this.dataLoader = dataLoader;
    }

    public void setAcceptedProtocols(Collection<Protocol> collection) {
        this.acceptedProtocols = collection;
    }

    @Override // eu.europa.esig.dss.spi.x509.aia.AIASource
    public Set<CertificateToken> getCertificatesByAIA(CertificateToken certificateToken) {
        Objects.requireNonNull(certificateToken, "CertificateToken cannot be null!");
        Objects.requireNonNull(this.dataLoader, "DataLoader is not provided!");
        for (String str : getCAIssuersUrls(certificateToken)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Trying to retrieve CA issuers from URL '{}'...", str);
            }
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(executeCAIssuersRequest(str));
                try {
                    List<CertificateToken> loadCertificateFromP7c = DSSUtils.loadCertificateFromP7c(byteArrayInputStream);
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("{} certificate(s) loaded from '{}'", Integer.valueOf(loadCertificateFromP7c.size()), str);
                    }
                    Iterator<CertificateToken> it = loadCertificateFromP7c.iterator();
                    while (it.hasNext()) {
                        it.next().setSourceURL(str);
                    }
                    LinkedHashSet linkedHashSet = new LinkedHashSet(loadCertificateFromP7c);
                    byteArrayInputStream.close();
                    return linkedHashSet;
                } finally {
                }
            } catch (Exception e) {
                LOG.warn("Unable to retrieve AIA certificates with URL '{}' : {}", str, e.getMessage());
            }
        }
        return Collections.emptySet();
    }

    protected List<String> getCAIssuersUrls(CertificateToken certificateToken) {
        List<String> cAIssuersAccessUrls = CertificateExtensionsUtils.getCAIssuersAccessUrls(certificateToken);
        if (!Utils.isCollectionEmpty(cAIssuersAccessUrls)) {
            return filterURLs(cAIssuersAccessUrls);
        }
        LOG.info("There is no AIA extension for certificate download.");
        return Collections.emptyList();
    }

    private List<String> filterURLs(List<String> list) {
        return (List) list.stream().filter(this::isUrlAccepted).collect(Collectors.toList());
    }

    protected byte[] executeCAIssuersRequest(String str) {
        byte[] bArr = this.dataLoader.get(str);
        if (!Utils.isArrayNotEmpty(bArr)) {
            throw new DSSExternalResourceException(String.format("AIA DataLoader for certificate with url '%s' responded with an empty byte array!", str));
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Base64 content : {}", Utils.toBase64(bArr));
        }
        return bArr;
    }

    private boolean isUrlAccepted(String str) {
        if (!Utils.isCollectionNotEmpty(this.acceptedProtocols)) {
            return false;
        }
        Iterator<Protocol> it = this.acceptedProtocols.iterator();
        while (it.hasNext()) {
            if (it.next().isTheSame(str)) {
                return true;
            }
        }
        return false;
    }
}
