package com.ftc.appmod;

import com.ftc.dom.util.DOMUtil;
import com.ftc.gss.SKSCRL;
import com.ftc.gss.SKSCertificate;
import com.ftc.tools.Cfg;
import com.ftc.xml.dsig.Base64;
import com.ftc.xml.dsig.SignatureVerifyException;
import com.ftc.xml.dsig.VerifyMS;
import com.sun.net.ssl.TrustManagerFactory;
import com.sun.net.ssl.X509TrustManager;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.sql.SQLException;
import java.util.Date;
import java.util.Hashtable;
import java.util.Vector;
import org.apache.log4j.Category;
import org.w3c.dom.Element;

/* loaded from: input_file:com/ftc/appmod/ObjectMgr.class */
public class ObjectMgr {
    private static Category syslog;
    private static DBAccess sksdb;
    private DBAccess db;
    private Retriever retriever;
    static Class class$com$ftc$appmod$ObjectMgr;

    public void saveDocument(EDIDocument eDIDocument) throws DAOException, DuplicateDocumentException {
        if (syslog.isDebugEnabled()) {
            syslog.debug(new StringBuffer().append("saveDocument: <- ").append(eDIDocument).toString());
        }
        try {
            this.db.saveDocument(eDIDocument);
        } catch (SQLException e) {
            if (e.getMessage().indexOf("unique constraint") == -1 || e.getMessage().indexOf("violated") == -1) {
                syslog.error(new StringBuffer().append("saveDocument:").append(e).toString());
                throw new DAOException(e.toString());
            }
            syslog.warn(new StringBuffer().append("saveDocument:Duplicate document:").append(eDIDocument.getDocID()).toString());
            if (Cfg.getProperty("allowDuplicateDocument", "false").equals("false")) {
                throw new DuplicateDocumentException();
            }
        }
    }

    public void updateDocumentStatus(EDIDocument eDIDocument) throws DAOException {
        try {
            this.db.updateDocumentStatus(eDIDocument);
        } catch (SQLException e) {
            syslog.error(new StringBuffer().append("updateDocumentStatus:").append(e).toString());
            throw new DAOException(e.toString());
        }
    }

    public ObjectMgr() throws DAOException {
        try {
            this.db = (DBAccess) Class.forName(Cfg.getProperty("persMgr", "com.ftc.appmod.OraPooledDBAccessMgr")).newInstance();
        } catch (Exception e) {
            syslog.error(new StringBuffer().append("::ObjectMgr:Can't instantiate:").append(e).toString(), e);
            throw new DAOException(e.getMessage());
        }
    }

    public Subject findClientByCertificate(AppCertificate appCertificate) throws ObjectNotFoundException, DAOException {
        Subject findSubjectByCertificate = findSubjectByCertificate(appCertificate);
        if (findSubjectByCertificate.getApplicationUserID() != null && !findSubjectByCertificate.getApplicationUserID().trim().equals("")) {
            return findSubjectByCertificate;
        }
        syslog.warn("findClientByCertificate:No application ID - prohibited.");
        throw new ObjectNotFoundException("No client with such certificate.");
    }

    public Subject createClient(String str, String str2) throws DAOException, ObjectNotFoundException {
        try {
            EDIDocument findDocument = this.db.findDocument(str);
            if (findDocument == null) {
                throw new ObjectNotFoundException("No such document with request.");
            }
            Subject findClient = this.db.findClient(findDocument.getCertificate());
            if (findClient == null) {
                throw new ObjectNotFoundException("No such client found.");
            }
            findClient.setApplicationUserID(str2);
            this.db.updateSubject(findClient);
            return findClient;
        } catch (SQLException e) {
            syslog.error(new StringBuffer().append("createClient:").append(e).toString());
            throw new DAOException(e.getMessage());
        }
    }

    public Subject findSubjectByCertificate(AppCertificate appCertificate) throws DAOException, ObjectNotFoundException {
        try {
            Subject findClientByIssuerAndSubject = this.db.findClientByIssuerAndSubject(appCertificate);
            if (findClientByIssuerAndSubject == null) {
                throw new ObjectNotFoundException("No subject with such certificate.");
            }
            return findClientByIssuerAndSubject;
        } catch (SQLException e) {
            syslog.error(new StringBuffer().append("findSubjectByCertificate:").append(e).toString());
            throw new DAOException(e.getMessage());
        }
    }

    public Subject createSubject(AppCertificate appCertificate) throws DAOException, DuplicateClientException {
        try {
            Subject findClient = this.db.findClient(appCertificate);
            if (findClient != null) {
                syslog.error(new StringBuffer().append("createSubject:Duplicate client:").append(findClient).toString());
                throw new DuplicateClientException();
            }
            Subject subject = new Subject(-1, null, null, false, appCertificate);
            int createSubject = this.db.createSubject(subject);
            if (createSubject != -1) {
                subject.setUserID(createSubject);
                return subject;
            }
            syslog.error("createSubject:Can't create client.");
            throw new DAOException("Can't create client.");
        } catch (SQLException e) {
            syslog.error(new StringBuffer().append("createSubject:").append(e).toString());
            throw new DAOException(e.getMessage());
        }
    }

    public AppCertificate[] createCertificates(VerifyMS verifyMS, Element element) throws DAOException, AppmodDataFormatException, SignatureVerifyException {
        if (syslog.isDebugEnabled()) {
            syslog.debug(new StringBuffer().append("createCertificates <- ").append(DOMUtil.toString(element)).toString());
        }
        verifyMS.verify(element);
        syslog.debug("createCertificates:signature verified");
        Certificate[] certificates = verifyMS.getCertificates();
        for (Certificate certificate : certificates) {
            if (certificate instanceof X509Certificate) {
                try {
                    X509Certificate[] x509CertificateArr = {(X509Certificate) certificate};
                    X509TrustManager x509TrustManager = (X509TrustManager) System.getProperties().get("com.ftc.appmod.TrustManager");
                    if (x509TrustManager == null) {
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
                        KeyStore keyStore = KeyStore.getInstance("JKS");
                        keyStore.load(new FileInputStream(new StringBuffer().append(Cfg.getProperty("jksCAD")).append(File.separator).append("jks.store").toString()), Cfg.getProperty("jksPassword", "").toCharArray());
                        trustManagerFactory.init(keyStore);
                        x509TrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
                        System.getProperties().put("com.ftc.appmod.TrustManager", x509TrustManager);
                    }
                    syslog.debug("createCertificate:Try validate certificates");
                    new X509Certificate[1][0] = x509CertificateArr[0];
                    if (!x509TrustManager.isClientTrusted(x509CertificateArr)) {
                        throw new SignatureVerifyException("Untrusted certificate.");
                    }
                } catch (Exception e) {
                    throw new SignatureVerifyException(new StringBuffer().append("Can't verify certificate:").append(e.getMessage()).toString());
                }
            }
        }
        AppCertificate[] appCertificateArr = new AppCertificate[certificates.length];
        for (int i = 0; i < certificates.length; i++) {
            appCertificateArr[i] = new AppCertificate(certificates[i]);
        }
        Vector vector = new Vector();
        CertificateCache certificateCache = CertificateCache.getInstance();
        for (int i2 = 0; i2 < certificates.length; i2++) {
            AppCertificate appCertificate = appCertificateArr[i2];
            try {
                if (appCertificate.getSubjectName() != null && appCertificate.getIssuerName() != null) {
                    AppCertificate appCertificate2 = certificateCache.get(new StringBuffer().append(appCertificate.getSubjectName()).append(appCertificate.getIssuerName()).append(appCertificate.getSerialNumber()).append(appCertificate.getVersion()).toString());
                    if (appCertificate2 != null) {
                        vector.add(appCertificate2);
                    } else {
                        AppCertificate findCertificate = this.db.findCertificate(appCertificate.getSubjectName(), appCertificate.getIssuerName(), appCertificate.getSerialNumber(), appCertificate.getVersion());
                        if (findCertificate != null) {
                            vector.add(findCertificate);
                            certificateCache.put(findCertificate);
                        }
                    }
                }
                if (appCertificate.getPublicKey() != null && appCertificate.getSubjectName() != null && appCertificate.getIssuerName() != null && appCertificate.getSerialNumber() != null) {
                    int createCertificate = this.db.createCertificate(appCertificate);
                    if (createCertificate == -1) {
                        syslog.error("createCertificate:Can't find just created certificate.");
                        throw new DAOException("Can't find created certificate.");
                    }
                    appCertificate.setCertID(createCertificate);
                    vector.add(appCertificate);
                    certificateCache.put(appCertificate);
                } else if (appCertificate.getIssuerName() == null || appCertificate.getSerialNumber() == null || appCertificate.getSerialNumber().equals("0")) {
                    if (!(certificates[i2] instanceof SKSCertificate)) {
                        throw new AppmodDataFormatException("No valid certificate info found.");
                    }
                    Hashtable retrieve = new Retriever(appCertificate.getCertificateRetrievalURL()).retrieve(appCertificate.getSubjectName(), appCertificate.getIssuerName(), appCertificate.getVersion());
                    if (retrieve.size() == 0) {
                        throw new AppmodDataFormatException("No valid SKS certificate found.");
                    }
                    appCertificate.setValue(Base64.encode((byte[]) retrieve.get("usercertificate")));
                    appCertificate.setSerialNumber((String) retrieve.get("serialnumber"));
                    int createCertificate2 = this.db.createCertificate(appCertificate);
                    if (createCertificate2 == -1) {
                        throw new DAOException("Can't find created certificate.");
                    }
                    appCertificate.setCertID(createCertificate2);
                    vector.add(appCertificate);
                    certificateCache.put(appCertificate);
                } else {
                    Hashtable retrieve2 = new Retriever(appCertificate.getCertificateRetrievalURL()).retrieve(appCertificate.getIssuerName(), appCertificate.getSerialNumber());
                    if (retrieve2.size() == 0) {
                        throw new AppmodDataFormatException("No valid X509 certificate found.");
                    }
                    appCertificate.setValue(Base64.encode((byte[]) retrieve2.get("usercertificate")));
                    appCertificate.setSubjectName((String) retrieve2.get("owner"));
                    int createCertificate3 = this.db.createCertificate(appCertificate);
                    if (createCertificate3 == -1) {
                        throw new DAOException("Can't find created certificate.");
                    }
                    appCertificate.setCertID(createCertificate3);
                    vector.add(appCertificate);
                    certificateCache.put(appCertificate);
                }
            } catch (SQLException e2) {
                syslog.error(new StringBuffer().append("createCertificate:").append(e2).toString());
                throw new DAOException(e2.getMessage());
            }
        }
        AppCertificate[] appCertificateArr2 = new AppCertificate[vector.size()];
        for (int i3 = 0; i3 < vector.size(); i3++) {
            appCertificateArr2[i3] = (AppCertificate) vector.elementAt(i3);
        }
        return appCertificateArr2;
    }

    public static Hashtable getCertificateProperties(String str, String str2, String str3, String str4) throws ObjectNotFoundException {
        AppCertificate findCertificate;
        Hashtable hashtable = new Hashtable();
        syslog.debug(new StringBuffer().append("getCertificateProperties: <- url=").append(str).append(", subject=").append(str2).append(", issuer=").append(str3).append(", version=").append(str4).append(":").toString());
        String property = Cfg.getProperty("caDN.1");
        int indexOf = str2.indexOf(property);
        String substring = indexOf >= 0 ? str2.substring(indexOf + property.length() + 1) : str2;
        if (substring == null || property == null || str4 == null) {
            syslog.warn("getCertificateProperties:null value(s).");
            throw new ObjectNotFoundException("No valid certificate found.");
        }
        try {
            boolean z = (Cfg.getProperty("caCRLSleep") == null || Cfg.getProperty("caCRLSleep").equals("0")) ? false : true;
            if (sksdb == null) {
                sksdb = (DBAccess) Class.forName(Cfg.getProperty("persMgr", "com.ftc.appmod.OraPooledDBAccessMgr")).newInstance();
            }
            if (!z || (findCertificate = sksdb.findCertificate(substring, property, null, str4)) == null) {
                Hashtable retrieve = new Retriever(str).retrieve(substring, property, str4);
                if (retrieve.size() == 0 && retrieve.size() == 0) {
                    throw new ObjectNotFoundException("No valid certificate found.");
                }
                if (z) {
                    sksdb.createCertificate(new AppCertificate(0, Base64.encode(new byte[1]), (String) retrieve.get("serialnumber"), new Date(), new Date(), substring, property, null, Base64.encode((byte[]) retrieve.get("usercertificate")), str4, null, str));
                }
                return retrieve;
            }
            try {
                if (((SKSCRL) CertificateFactory.getInstance("SKS").generateCRL(new ByteArrayInputStream(new byte[1]))).isRevoked(findCertificate)) {
                    syslog.warn("getCertificateProperties: Revoked certificate (found in CRL)!");
                    throw new ObjectNotFoundException("Certificate in CRL.");
                }
                hashtable.put("usercertificate", Base64.decode(findCertificate.getValue()));
                return hashtable;
            } catch (Exception e) {
                syslog.error(new StringBuffer().append("getCertificate:Check CRL:").append(e).toString());
                return hashtable;
            }
        } catch (ClassNotFoundException e2) {
            syslog.error(new StringBuffer().append("getCertificateProperties:").append(e2).toString());
            return hashtable;
        } catch (IllegalAccessException e3) {
            syslog.error(new StringBuffer().append("getCertificateProperties:").append(e3).toString());
            return hashtable;
        } catch (InstantiationException e4) {
            syslog.error(new StringBuffer().append("getCertificateProperties:").append(e4).toString());
            return hashtable;
        } catch (LinkageError e5) {
            syslog.error(new StringBuffer().append("getCertificateProperties:").append(e5).toString());
            return hashtable;
        } catch (SecurityException e6) {
            syslog.error(new StringBuffer().append("getCertificateProperties:").append(e6).toString());
            return hashtable;
        } catch (SQLException e7) {
            syslog.error(new StringBuffer().append("getCertificateProperties:").append(e7).toString());
            return hashtable;
        }
    }

    public void cancelCertificate(String str) throws CertificateException {
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str));
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (bufferedInputStream.available() > 0) {
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(bufferedInputStream);
                if (syslog.isDebugEnabled()) {
                    syslog.debug(new StringBuffer().append("cancelCertificate: cert=").append(x509Certificate).toString());
                }
                this.db.putCRLEntry(new StringBuffer().append("").append(x509Certificate.getSubjectDN()).toString(), new StringBuffer().append("").append(x509Certificate.getIssuerDN()).toString(), new StringBuffer().append("").append(x509Certificate.getSerialNumber()).toString(), null);
            }
        } catch (IOException e) {
            syslog.error(new StringBuffer().append("cancelCertificate: Can't generate certificate:").append(e).toString());
            e.printStackTrace();
            throw new CertificateException(new StringBuffer().append("ObjectMgr::cancelCertificate: Can't generate certificate:").append(e).toString());
        } catch (SQLException e2) {
            syslog.error(new StringBuffer().append("cancelCertificate: Can't put certificate in CRL:").append(e2).toString(), e2);
            throw new CertificateException(new StringBuffer().append("ObjectMgr::cancelCertificate: Can't put certificate in CRL:").append(e2).toString());
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ftc$appmod$ObjectMgr == null) {
            cls = class$("com.ftc.appmod.ObjectMgr");
            class$com$ftc$appmod$ObjectMgr = cls;
        } else {
            cls = class$com$ftc$appmod$ObjectMgr;
        }
        syslog = Category.getInstance(cls.getName());
        sksdb = null;
    }
}
