package se.signatureservice.support.trustlist;

import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.service.http.commons.CommonsDataLoader;
import eu.europa.esig.dss.service.http.commons.FileCacheDataLoader;
import eu.europa.esig.dss.spi.client.http.DSSFileLoader;
import eu.europa.esig.dss.spi.client.http.IgnoreDataLoader;
import eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource;
import eu.europa.esig.dss.spi.x509.CertificateSource;
import eu.europa.esig.dss.spi.x509.CommonCertificateSource;
import eu.europa.esig.dss.spi.x509.KeyStoreCertificateSource;
import eu.europa.esig.dss.tsl.alerts.LOTLAlert;
import eu.europa.esig.dss.tsl.alerts.TLAlert;
import eu.europa.esig.dss.tsl.alerts.detections.LOTLLocationChangeDetection;
import eu.europa.esig.dss.tsl.alerts.detections.OJUrlChangeDetection;
import eu.europa.esig.dss.tsl.alerts.detections.TLExpirationDetection;
import eu.europa.esig.dss.tsl.alerts.detections.TLSignatureErrorDetection;
import eu.europa.esig.dss.tsl.alerts.handlers.log.LogLOTLLocationChangeAlertHandler;
import eu.europa.esig.dss.tsl.alerts.handlers.log.LogOJUrlChangeAlertHandler;
import eu.europa.esig.dss.tsl.alerts.handlers.log.LogTLExpirationAlertHandler;
import eu.europa.esig.dss.tsl.alerts.handlers.log.LogTLSignatureErrorAlertHandler;
import eu.europa.esig.dss.tsl.cache.CacheCleaner;
import eu.europa.esig.dss.tsl.function.OfficialJournalSchemeInformationURI;
import eu.europa.esig.dss.tsl.job.TLValidationJob;
import eu.europa.esig.dss.tsl.source.LOTLSource;
import eu.europa.esig.dss.tsl.sync.ExpirationAndSignatureCheckStrategy;
import java.io.File;
import java.io.IOException;
import java.util.Arrays;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:se/signatureservice/support/trustlist/TrustedListsCertificateSourceBuilder.class */
public class TrustedListsCertificateSourceBuilder extends CommonCertificateSource {
    private static final Logger log = LoggerFactory.getLogger(TrustedListsCertificateSourceBuilder.class);
    private final String lotlURL;
    private final String ojURL;
    private final Boolean useOfflineLoader;
    private final Boolean acceptExpiredTrustedList;
    private final Boolean acceptInvalidTrustedList;
    private final String cacheDirectoryPath;
    private final long expirationTimeOnlineLoader;
    private final long expirationTimeOfflineLoader;
    private final String certificateSourceKeyStore;
    private final String certificateSourceKeyStoreType;
    private final String certificateSourceKeyStorePassword;
    private final TrustedListsCertificateSource trustedListsCertificateSource;
    private final TLValidationJob job;
    private final KeyStoreCertificateSource keyStoreCertificateSource;

    public TrustedListsCertificateSourceBuilder(String str, String str2, Boolean bool, Boolean bool2, Boolean bool3, String str3, long j, long j2, String str4, String str5, String str6, KeyStoreCertificateSource keyStoreCertificateSource) {
        this.lotlURL = str;
        this.ojURL = str2;
        this.useOfflineLoader = bool;
        this.acceptExpiredTrustedList = bool2;
        this.acceptInvalidTrustedList = bool3;
        this.cacheDirectoryPath = str3;
        this.expirationTimeOnlineLoader = j;
        this.expirationTimeOfflineLoader = j2;
        this.certificateSourceKeyStore = str4;
        this.certificateSourceKeyStoreType = str5;
        this.certificateSourceKeyStorePassword = str6;
        this.keyStoreCertificateSource = keyStoreCertificateSource;
        this.job = validationJob();
        this.trustedListsCertificateSource = new TrustedListsCertificateSource();
        this.job.setTrustedListCertificateSource(this.trustedListsCertificateSource);
        log.info("Using " + (bool.booleanValue() ? "OfflineLoader." : "OnlineLoader."));
        if (this.useOfflineLoader.booleanValue()) {
            this.job.offlineRefresh();
        } else {
            this.job.onlineRefresh();
        }
    }

    public TrustedListsCertificateSourceBuilder(String str, String str2, boolean z, String str3, long j, long j2) {
        this(str, str2, Boolean.valueOf(z), false, false, str3, j, j2, null, null, null, null);
    }

    public TrustedListsCertificateSource getTrustedListsCertificateSource() {
        return this.trustedListsCertificateSource;
    }

    public KeyStoreCertificateSource getKeyStoreCertificateSource() {
        return this.keyStoreCertificateSource;
    }

    private TrustedListsCertificateSource trustedCertificateSource() {
        return new TrustedListsCertificateSource();
    }

    public TLValidationJob getTLValidationJob() {
        return this.job;
    }

    private TLValidationJob validationJob() {
        TLValidationJob tLValidationJob = new TLValidationJob();
        tLValidationJob.setOfflineDataLoader(offlineLoader());
        tLValidationJob.setOnlineDataLoader(onlineLoader());
        tLValidationJob.setTrustedListCertificateSource(trustedCertificateSource());
        ExpirationAndSignatureCheckStrategy expirationAndSignatureCheckStrategy = new ExpirationAndSignatureCheckStrategy();
        expirationAndSignatureCheckStrategy.setAcceptExpiredListOfTrustedLists(this.acceptExpiredTrustedList.booleanValue());
        expirationAndSignatureCheckStrategy.setAcceptExpiredTrustedList(this.acceptExpiredTrustedList.booleanValue());
        expirationAndSignatureCheckStrategy.setAcceptInvalidListOfTrustedLists(this.acceptInvalidTrustedList.booleanValue());
        expirationAndSignatureCheckStrategy.setAcceptInvalidTrustedList(this.acceptInvalidTrustedList.booleanValue());
        tLValidationJob.setSynchronizationStrategy(expirationAndSignatureCheckStrategy);
        tLValidationJob.setCacheCleaner(cacheCleaner());
        LOTLSource europeanLOTL = europeanLOTL();
        tLValidationJob.setListOfTrustedListSources(new LOTLSource[]{europeanLOTL});
        tLValidationJob.setLOTLAlerts(Arrays.asList(ojUrlAlert(europeanLOTL), lotlLocationAlert(europeanLOTL)));
        tLValidationJob.setTLAlerts(Arrays.asList(tlSigningAlert(), tlExpirationDetection()));
        return tLValidationJob;
    }

    private LOTLSource europeanLOTL() {
        LOTLSource lOTLSource = new LOTLSource();
        lOTLSource.setUrl((String) Objects.requireNonNull(this.lotlURL));
        if (this.certificateSourceKeyStore == null || this.certificateSourceKeyStoreType == null || this.certificateSourceKeyStorePassword == null) {
            log.info("Using Default Official Journal Keystore for TL validation.");
            lOTLSource.setCertificateSource(officialJournalContentKeyStore());
        } else {
            lOTLSource.setCertificateSource(certificateSourceKeyStore());
        }
        if (this.ojURL != null) {
            log.info("Setting CertificatesAnnouncementPredicate with: " + this.ojURL);
            lOTLSource.setSigningCertificatesAnnouncementPredicate(new OfficialJournalSchemeInformationURI(this.ojURL));
        }
        lOTLSource.setPivotSupport(true);
        return lOTLSource;
    }

    public CertificateSource officialJournalContentKeyStore() {
        try {
            return new KeyStoreCertificateSource(TrustedListsCertificateSourceBuilder.class.getResourceAsStream("lotl/oj-keystore.p12"), "PKCS12", "dss-password");
        } catch (NullPointerException e) {
            throw new DSSException("Unable to load the keystore", e);
        }
    }

    private CertificateSource certificateSourceKeyStore() {
        try {
            log.info("Using KeyStoreCertificateSource for LOTL/TL validation. Keystore: " + this.certificateSourceKeyStore + ", KeyStoreType: " + this.certificateSourceKeyStoreType + ", KeyStorePassword: " + this.certificateSourceKeyStorePassword);
            return new KeyStoreCertificateSource(this.certificateSourceKeyStore, this.certificateSourceKeyStoreType, this.certificateSourceKeyStorePassword);
        } catch (IOException e) {
            throw new DSSException("Unable to load the keystore", e);
        }
    }

    private DSSFileLoader offlineLoader() {
        FileCacheDataLoader fileCacheDataLoader = new FileCacheDataLoader();
        fileCacheDataLoader.setCacheExpirationTime(this.expirationTimeOfflineLoader < 0 ? -1L : this.expirationTimeOfflineLoader * 60000);
        fileCacheDataLoader.setDataLoader(new IgnoreDataLoader());
        fileCacheDataLoader.setFileCacheDirectory(tlCacheDirectory());
        return fileCacheDataLoader;
    }

    private DSSFileLoader onlineLoader() {
        FileCacheDataLoader fileCacheDataLoader = new FileCacheDataLoader();
        fileCacheDataLoader.setCacheExpirationTime(this.expirationTimeOnlineLoader < 0 ? -1L : this.expirationTimeOnlineLoader * 60000);
        fileCacheDataLoader.setDataLoader(new CommonsDataLoader());
        fileCacheDataLoader.setFileCacheDirectory(tlCacheDirectory());
        return fileCacheDataLoader;
    }

    private File tlCacheDirectory() {
        File file = this.cacheDirectoryPath != null ? new File(this.cacheDirectoryPath) : new File(new File(System.getProperty("java.io.tmpdir")), "dss-tsl-loader");
        if (file.mkdirs()) {
            log.info("TL Cache folder : {}", file.getAbsolutePath());
        }
        return file;
    }

    private CacheCleaner cacheCleaner() {
        CacheCleaner cacheCleaner = new CacheCleaner();
        cacheCleaner.setCleanMemory(true);
        cacheCleaner.setCleanFileSystem(true);
        cacheCleaner.setDSSFileLoader(this.useOfflineLoader.booleanValue() ? offlineLoader() : onlineLoader());
        return cacheCleaner;
    }

    private TLAlert tlSigningAlert() {
        return new TLAlert(new TLSignatureErrorDetection(), new LogTLSignatureErrorAlertHandler());
    }

    private TLAlert tlExpirationDetection() {
        return new TLAlert(new TLExpirationDetection(), new LogTLExpirationAlertHandler());
    }

    private LOTLAlert ojUrlAlert(LOTLSource lOTLSource) {
        return new LOTLAlert(new OJUrlChangeDetection(lOTLSource), new LogOJUrlChangeAlertHandler());
    }

    private LOTLAlert lotlLocationAlert(LOTLSource lOTLSource) {
        return new LOTLAlert(new LOTLLocationChangeDetection(lOTLSource), new LogLOTLLocationChangeAlertHandler());
    }
}
