package de.trustable.ca3s.cert.bundle;

import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import java.util.Set;
import java.util.Timer;
import java.util.TimerTask;
import org.apache.commons.pool2.impl.BaseObjectPoolConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/CertificateBundle-1.1.1.jar:de/trustable/ca3s/cert/bundle/TimedRenewalCertMap.class */
public class TimedRenewalCertMap {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) TimedRenewalCertMap.class);
    private HashMap<String, KeyCertBundle> bundleSet;
    private BundleFactory bundleFactory;
    private BundleFactory bundleFactoryFallback;
    private long minValiditySeconds;

    public TimedRenewalCertMap(BundleFactory bundleFactory) {
        this(bundleFactory, null);
    }

    public TimedRenewalCertMap(BundleFactory bundleFactory, BundleFactory bundleFactory2) {
        this.bundleSet = new HashMap<>();
        this.minValiditySeconds = 86400L;
        LOG.debug("cTor TimedRenewalCertMap(bundleFac, bundleFallback)");
        this.bundleFactory = bundleFactory;
        this.bundleFactoryFallback = bundleFactory2;
        new Timer("Timer").scheduleAtFixedRate(new TimerTask() { // from class: de.trustable.ca3s.cert.bundle.TimedRenewalCertMap.1
            @Override // java.util.TimerTask, java.lang.Runnable
            public void run() {
                TimedRenewalCertMap.this.refreshFallbackBundles();
                Date date = new Date(System.currentTimeMillis() + (TimedRenewalCertMap.this.minValiditySeconds * 1000));
                Date date2 = new Date();
                TimedRenewalCertMap.LOG.info("Task 'renewal' started on " + date2 + ", refreshing #{} certificates expiring before {}", Integer.valueOf(TimedRenewalCertMap.this.bundleSet.size()), date);
                for (KeyCertBundle keyCertBundle : TimedRenewalCertMap.this.bundleSet.values()) {
                    String alias = keyCertBundle.getAlias();
                    Date notAfter = keyCertBundle.getCertificate().getNotAfter();
                    TimedRenewalCertMap.LOG.debug("checking renewal for alias '{}', expiring on {} ", alias, notAfter);
                    if (date2.after(notAfter)) {
                        TimedRenewalCertMap.LOG.error("renewal in time FAILED for alias '{}', expired on {} !", alias, notAfter);
                    }
                    if (date.after(notAfter)) {
                        TimedRenewalCertMap.LOG.info("renewal required for alias '{}', expiring on {} ", alias, notAfter);
                        try {
                            TimedRenewalCertMap.this.putNewBundle(alias);
                        } catch (GeneralSecurityException e) {
                            TimedRenewalCertMap.LOG.warn("renewal for alias '{}' expiring on {} failed : {}", alias, notAfter, e.getMessage());
                            TimedRenewalCertMap.LOG.debug("certificate renewal failed", (Throwable) e);
                        }
                    }
                }
            }
        }, BaseObjectPoolConfig.DEFAULT_MIN_EVICTABLE_IDLE_TIME_MILLIS, BaseObjectPoolConfig.DEFAULT_MIN_EVICTABLE_IDLE_TIME_MILLIS);
    }

    void refreshFallbackBundles() {
        for (KeyCertBundle keyCertBundle : this.bundleSet.values()) {
            String alias = keyCertBundle.getAlias();
            if (keyCertBundle.isFallbackCert() && this.bundleFactory != null) {
                LOG.info("forcing renewal of fallback bundle for alias '{}'", alias);
                try {
                    KeyCertBundle newKeyBundle = this.bundleFactory.newKeyBundle(alias, this.minValiditySeconds);
                    if (newKeyBundle != null) {
                        this.bundleSet.put(alias, newKeyBundle);
                        LOG.debug("default bundle factory created new bundle.");
                    }
                } catch (GeneralSecurityException e) {
                    LOG.warn("fallback renewal for alias '{}' failed : {}", alias, e.getMessage());
                    LOG.debug("certificate renewal failed", (Throwable) e);
                }
            }
        }
    }

    public KeyCertBundle findBundleForAlias(String str) {
        if (!this.bundleSet.containsKey(str)) {
            if (this.bundleSet.isEmpty()) {
                LOG.debug("findBundleForAlias('{}') initial call to empty map, filling with new bundle", str);
            } else {
                LOG.warn("findBundleForAlias('{}') failed to find KeyCertBundle", str);
            }
            try {
                putNewBundle(str);
            } catch (GeneralSecurityException e) {
                LOG.warn("creation / renewal for alias '{}' failed : {}", str, e.getMessage());
                LOG.debug("certificate creation / renewal failed", (Throwable) e);
            }
        }
        KeyCertBundle keyCertBundle = this.bundleSet.get(str);
        if (keyCertBundle != null) {
            LOG.info("findBundleForAlias('{}') returns {}", str, keyCertBundle.getCertificate().getSubjectX500Principal().getName());
        }
        return keyCertBundle;
    }

    public static void pause(int i) {
        try {
            Thread.sleep(i);
        } catch (InterruptedException e) {
            System.err.format("IOException: %s%n", e);
        }
    }

    public Set<String> aliases() {
        return this.bundleSet.keySet();
    }

    public boolean containsAlias(String str) {
        return this.bundleSet.containsKey(str);
    }

    public int size() {
        return this.bundleSet.size();
    }

    public String getAliasForCertificate(Certificate certificate) {
        for (KeyCertBundle keyCertBundle : this.bundleSet.values()) {
            if (keyCertBundle.getCertificate().equals(certificate)) {
                return keyCertBundle.getAlias();
            }
        }
        return null;
    }

    public void put(String str, Certificate[] certificateArr, Certificate certificate, Key key) {
        this.bundleSet.put(str, new KeyCertBundle(str, (X509Certificate[]) certificateArr, (X509Certificate) certificateArr[0], key));
    }

    public BundleFactory getBundleFactory() {
        return this.bundleFactory;
    }

    public BundleFactory getBundleFactoryFallback() {
        return this.bundleFactoryFallback;
    }

    public void setBundleFactory(BundleFactory bundleFactory) {
        this.bundleFactory = bundleFactory;
        refreshFallbackBundles();
    }

    public void setBundleFactoryFallback(BundleFactory bundleFactory) {
        this.bundleFactoryFallback = bundleFactory;
    }

    public void putNewBundle(String str) throws GeneralSecurityException {
        KeyCertBundle newKeyBundle;
        boolean z = this.bundleFactoryFallback != null;
        if (this.bundleFactory != null) {
            try {
                KeyCertBundle newKeyBundle2 = this.bundleFactory.newKeyBundle(str, this.minValiditySeconds);
                if (newKeyBundle2 != null) {
                    this.bundleSet.put(str, newKeyBundle2);
                    LOG.debug("default bundle factory created new bundle.");
                    z = false;
                }
            } catch (GeneralSecurityException e) {
                LOG.debug("default bundle factory threw Exception {} while creating new bundle.", e.getLocalizedMessage());
                if (!z) {
                    throw e;
                }
            }
        }
        if (!z || (newKeyBundle = this.bundleFactoryFallback.newKeyBundle(str, this.minValiditySeconds)) == null) {
            return;
        }
        newKeyBundle.setFallbackCert(true);
        this.bundleSet.put(str, newKeyBundle);
        LOG.debug("fallback bundle factory created new bundle.");
    }
}
