package eu.europa.esig.dss.test;

import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.service.crl.JdbcCacheCRLSource;
import eu.europa.esig.dss.service.crl.OnlineCRLSource;
import eu.europa.esig.dss.service.http.commons.CommonsDataLoader;
import eu.europa.esig.dss.service.http.commons.FileCacheDataLoader;
import eu.europa.esig.dss.service.http.commons.OCSPDataLoader;
import eu.europa.esig.dss.service.http.commons.TimestampDataLoader;
import eu.europa.esig.dss.service.http.proxy.ProxyConfig;
import eu.europa.esig.dss.service.ocsp.JdbcCacheOCSPSource;
import eu.europa.esig.dss.service.ocsp.OnlineOCSPSource;
import eu.europa.esig.dss.service.tsp.OnlineTSPSource;
import eu.europa.esig.dss.service.x509.aia.JdbcCacheAIASource;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.client.http.DataLoader;
import eu.europa.esig.dss.spi.client.jdbc.JdbcCacheConnector;
import eu.europa.esig.dss.spi.x509.CertificateSource;
import eu.europa.esig.dss.spi.x509.CommonTrustedCertificateSource;
import eu.europa.esig.dss.spi.x509.KeyStoreCertificateSource;
import eu.europa.esig.dss.spi.x509.aia.AIASource;
import eu.europa.esig.dss.spi.x509.aia.DefaultAIASource;
import eu.europa.esig.dss.spi.x509.tsp.CompositeTSPSource;
import eu.europa.esig.dss.spi.x509.tsp.TSPSource;
import eu.europa.esig.dss.token.AbstractKeyStoreTokenConnection;
import eu.europa.esig.dss.token.KSPrivateKeyEntry;
import eu.europa.esig.dss.token.KeyStoreSignatureTokenConnection;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.CommonCertificateVerifier;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.InputStream;
import java.security.KeyStore;
import java.sql.SQLException;
import java.util.Date;
import java.util.HashMap;
import java.util.Properties;
import org.h2.jdbcx.JdbcDataSource;

/* loaded from: input_file:eu/europa/esig/dss/test/PKIFactoryAccess.class */
public abstract class PKIFactoryAccess {
    private static final String PKI_FACTORY_HOST;
    private static final String PKI_FACTORY_KEYSTORE_PASSWORD;
    private static final JdbcDataSource dataSource;
    private static final String KEYSTORE_ROOT_PATH = "/keystore/";
    private static final String CERT_ROOT_PATH = "/crt/";
    private static final String CERT_EXTENSION = ".crt";
    private static final String TSA_ROOT_PATH = "/tsa/";
    private static final String GOOD_TSA = "good-tsa";
    private static final String PSS_GOOD_TSA = "pss-good-tsa";
    private static final String RSASSA_PSS_GOOD_TSA = "rsassa-pss-good-tsa";
    private static final String SHA3_GOOD_TSA = "sha3-good-tsa";
    private static final String REVOKED_TSA = "revoked-tsa";
    private static final String EE_GOOD_TSA = "ee-good-tsa";
    private static final String GOOD_TSA_CROSS_CERTIF = "cc-good-tsa-crossed";
    private static final String SELF_SIGNED_TSA = "self-signed-tsa";
    private static final String FAIL_GOOD_TSA = "fail/good-tsa";
    private static final String ERROR500_GOOD_TSA = "error-500/good-tsa";
    private static final String KEYSTORE_TYPE = "PKCS12";
    private static final String TRUSTSTORE_TYPE = "JKS";
    protected static final String GOOD_USER = "good-user";
    protected static final String PSS_GOOD_USER = "pss-good-user";
    protected static final String RSASSA_PSS_GOOD_USER = "rsassa-pss-good-user";
    protected static final String ED25519_GOOD_USER = "Ed25519-good-user";
    protected static final String ED448_GOOD_USER = "Ed448-good-user";
    protected static final String UNTRUSTED_USER = "untrusted-user";
    protected static final String GOOD_USER_WRONG_AIA = "good-user-wrong-aia";
    protected static final String GOOD_USER_OCSP_ERROR_500 = "good-user-ocsp-error-500";
    protected static final String GOOD_USER_OCSP_FAIL = "good-user-ocsp-fail";
    protected static final String GOOD_USER_UNKNOWN = "good-user-suspended";
    protected static final String GOOD_USER_CROSS_CERTIF = "cc-good-user-crossed";
    protected static final String GOOD_USER_WITH_PSEUDO = "good-user-with-pseudo";
    protected static final String GOOD_USER_WITH_CRL_AND_OCSP = "good-user-crl-ocsp";
    protected static final String GOOD_USER_WITH_OCSP_CERT_ID_DIGEST = "good-user-ocsp-certid-digest";
    protected static final String GOOD_USER_WITH_PEM_CRL = "good-user-pem-crl";
    protected static final String REVOKED_USER = "revoked-user";
    protected static final String EXPIRED_USER = "expired-user";
    protected static final String NOT_YET_VALID_USER = "not-yet-valid-user";
    protected static final String DSA_USER = "good-dsa-user";
    protected static final String ECDSA_USER = "good-ecdsa-user";
    protected static final String ECDSA_384_USER = "good-ecdsa-384-user";
    protected static final String ECDSA_521_USER = "good-ecdsa-521-user";
    protected static final String RSA_SHA3_USER = "sha3-good-user";
    protected static final String SELF_SIGNED_USER = "self-signed";
    protected static final String EE_GOOD_USER = "ee-good-user";
    protected static final String OCSP_SKIP_USER = "ocsp-skip-user";
    protected static final String OCSP_SKIP_USER_WITH_CRL = "ocsp-skip-user-with-crl";
    protected static final String OCSP_SKIP_CA = "ocsp-skip-valid-ca";
    protected static final String OCSP_EXPIRED_RESPONDER_USER = "ocsp-skip-expired-ocsp-user";
    protected static final String OCSP_NOT_YET_VALID_CA_USER = "ocsp-skip-not-yet-valid-ca-user";
    protected static final String ROOT_CA = "root-ca";
    private static final String DEFAULT_TSA_DATE_FORMAT = "yyyy-MM-dd-HH-mm";
    private static final int TIMEOUT_MS = 10000;

    protected abstract String getSigningAlias();

    /* JADX INFO: Access modifiers changed from: protected */
    public CertificateVerifier getEmptyCertificateVerifier() {
        return new CommonCertificateVerifier();
    }

    protected CertificateVerifier getCompleteCertificateVerifier() {
        CommonCertificateVerifier commonCertificateVerifier = new CommonCertificateVerifier();
        commonCertificateVerifier.setAIASource(cacheAIASource());
        commonCertificateVerifier.setCrlSource(cacheCRLSource());
        commonCertificateVerifier.setOcspSource(cacheOCSPSource());
        commonCertificateVerifier.setTrustedCertSources(new CertificateSource[]{getTrustedCertificateSource()});
        return commonCertificateVerifier;
    }

    protected CertificateVerifier getCertificateVerifierWithoutTrustSources() {
        CommonCertificateVerifier commonCertificateVerifier = new CommonCertificateVerifier();
        commonCertificateVerifier.setAIASource(cacheAIASource());
        commonCertificateVerifier.setCrlSource(cacheCRLSource());
        commonCertificateVerifier.setOcspSource(cacheOCSPSource());
        return commonCertificateVerifier;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CertificateVerifier getOfflineCertificateVerifier() {
        CommonCertificateVerifier commonCertificateVerifier = new CommonCertificateVerifier();
        commonCertificateVerifier.setAIASource((AIASource) null);
        commonCertificateVerifier.setTrustedCertSources(new CertificateSource[]{getTrustedCertificateSource()});
        return commonCertificateVerifier;
    }

    private AIASource cacheAIASource() {
        JdbcCacheAIASource jdbcCacheAIASource = new JdbcCacheAIASource();
        jdbcCacheAIASource.setProxySource(onlineAIASource());
        jdbcCacheAIASource.setJdbcCacheConnector(new JdbcCacheConnector(dataSource));
        try {
            jdbcCacheAIASource.initTable();
            return jdbcCacheAIASource;
        } catch (SQLException e) {
            throw new DSSException("Cannot initialize table for AIA certificate source.", e);
        }
    }

    private DefaultAIASource onlineAIASource() {
        DefaultAIASource defaultAIASource = new DefaultAIASource();
        defaultAIASource.setDataLoader(getFileCacheDataLoader());
        return defaultAIASource;
    }

    private JdbcCacheCRLSource cacheCRLSource() {
        JdbcCacheCRLSource jdbcCacheCRLSource = new JdbcCacheCRLSource();
        jdbcCacheCRLSource.setProxySource(onlineCrlSource());
        jdbcCacheCRLSource.setJdbcCacheConnector(new JdbcCacheConnector(dataSource));
        jdbcCacheCRLSource.setDefaultNextUpdateDelay(259200L);
        try {
            jdbcCacheCRLSource.initTable();
            return jdbcCacheCRLSource;
        } catch (SQLException e) {
            throw new DSSException("Cannot initialize table for CRL source.", e);
        }
    }

    private OnlineCRLSource onlineCrlSource() {
        OnlineCRLSource onlineCRLSource = new OnlineCRLSource();
        onlineCRLSource.setDataLoader(getFileCacheDataLoader());
        return onlineCRLSource;
    }

    private JdbcCacheOCSPSource cacheOCSPSource() {
        JdbcCacheOCSPSource jdbcCacheOCSPSource = new JdbcCacheOCSPSource();
        jdbcCacheOCSPSource.setProxySource(onlineOcspSource());
        jdbcCacheOCSPSource.setJdbcCacheConnector(new JdbcCacheConnector(dataSource));
        jdbcCacheOCSPSource.setDefaultNextUpdateDelay(10800L);
        try {
            jdbcCacheOCSPSource.initTable();
            return jdbcCacheOCSPSource;
        } catch (SQLException e) {
            throw new DSSException("Cannot initialize table for OCSP source.", e);
        }
    }

    private OnlineOCSPSource onlineOcspSource() {
        OnlineOCSPSource onlineOCSPSource = new OnlineOCSPSource();
        OCSPDataLoader oCSPDataLoader = new OCSPDataLoader();
        oCSPDataLoader.setTimeoutConnection(TIMEOUT_MS);
        oCSPDataLoader.setTimeoutSocket(TIMEOUT_MS);
        oCSPDataLoader.setProxyConfig(getProxyConfig());
        onlineOCSPSource.setDataLoader(oCSPDataLoader);
        return onlineOCSPSource;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CertificateToken getSigningCert() {
        return getPrivateKeyEntry().getCertificate();
    }

    protected CertificateToken[] getCertificateChain() {
        return getPrivateKeyEntry().getCertificateChain();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KSPrivateKeyEntry getPrivateKeyEntry() {
        return getToken().getKey(getSigningAlias());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractKeyStoreTokenConnection getToken() {
        return new KeyStoreSignatureTokenConnection(getKeystoreContent(getKeystoreName()), KEYSTORE_TYPE, new KeyStore.PasswordProtection(PKI_FACTORY_KEYSTORE_PASSWORD.toCharArray()));
    }

    protected String getKeystoreName() {
        return DSSUtils.encodeURI(getSigningAlias() + ".p12");
    }

    private byte[] getKeystoreContent(String str) {
        return getFileCacheDataLoader().get(PKI_FACTORY_HOST + KEYSTORE_ROOT_PATH + str);
    }

    protected CertificateSource getTrustedCertificateSource() {
        CommonTrustedCertificateSource commonTrustedCertificateSource = new CommonTrustedCertificateSource();
        commonTrustedCertificateSource.importAsTrusted(getTrustAnchors());
        return commonTrustedCertificateSource;
    }

    private KeyStoreCertificateSource getTrustAnchors() {
        return new KeyStoreCertificateSource(new ByteArrayInputStream(getKeystoreContent("trust-anchors.jks")), TRUSTSTORE_TYPE, PKI_FACTORY_KEYSTORE_PASSWORD);
    }

    protected KeyStoreCertificateSource getSHA3PKITrustAnchors() {
        return new KeyStoreCertificateSource(new ByteArrayInputStream(getKeystoreContent("sha3-pki.jks")), TRUSTSTORE_TYPE, PKI_FACTORY_KEYSTORE_PASSWORD);
    }

    protected KeyStoreCertificateSource getBelgiumTrustAnchors() {
        return new KeyStoreCertificateSource(new ByteArrayInputStream(getKeystoreContent("belgium.jks")), TRUSTSTORE_TYPE, PKI_FACTORY_KEYSTORE_PASSWORD);
    }

    protected DataLoader getFileCacheDataLoader() {
        FileCacheDataLoader fileCacheDataLoader = new FileCacheDataLoader();
        CommonsDataLoader commonsDataLoader = new CommonsDataLoader();
        commonsDataLoader.setProxyConfig(getProxyConfig());
        commonsDataLoader.setTimeoutConnection(TIMEOUT_MS);
        commonsDataLoader.setTimeoutSocket(TIMEOUT_MS);
        fileCacheDataLoader.setDataLoader(commonsDataLoader);
        fileCacheDataLoader.setFileCacheDirectory(new File("target"));
        fileCacheDataLoader.setCacheExpirationTime(3600000L);
        return fileCacheDataLoader;
    }

    protected TSPSource getCompositeTsa() {
        CompositeTSPSource compositeTSPSource = new CompositeTSPSource();
        HashMap hashMap = new HashMap();
        hashMap.put(FAIL_GOOD_TSA, getFailGoodTsa());
        hashMap.put(GOOD_TSA, getGoodTsa());
        hashMap.put(EE_GOOD_TSA, getAlternateGoodTsa());
        compositeTSPSource.setTspSources(hashMap);
        return compositeTSPSource;
    }

    protected TSPSource getGoodTsa() {
        return getOnlineTSPSource(GOOD_TSA);
    }

    protected TSPSource getPSSGoodTsa() {
        return getOnlineTSPSource(PSS_GOOD_TSA);
    }

    protected TSPSource getRSASSAPSSGoodTsa() {
        return getOnlineTSPSource(RSASSA_PSS_GOOD_TSA);
    }

    protected TSPSource getSHA3GoodTsa() {
        return getOnlineTSPSource(SHA3_GOOD_TSA);
    }

    protected TSPSource getRevokedTsa() {
        return getOnlineTSPSource(REVOKED_TSA);
    }

    protected TSPSource getFailGoodTsa() {
        return getOnlineTSPSource(FAIL_GOOD_TSA);
    }

    protected TSPSource getError500GoodTsa() {
        return getOnlineTSPSource(ERROR500_GOOD_TSA);
    }

    protected TSPSource getAlternateGoodTsa() {
        return getOnlineTSPSource(EE_GOOD_TSA);
    }

    protected TSPSource getGoodTsaCrossCertification() {
        return getOnlineTSPSource(GOOD_TSA_CROSS_CERTIF);
    }

    protected TSPSource getSelfSignedTsa() {
        return getOnlineTSPSource(SELF_SIGNED_TSA);
    }

    private OnlineTSPSource getOnlineTSPSource(String str) {
        return getTSPSourceByUrl(getTsaUrl(str));
    }

    protected TSPSource getGoodTsaByTime(Date date) {
        return getOnlineTSPSourceByNameAndTime(GOOD_TSA, date);
    }

    protected OnlineTSPSource getOnlineTSPSourceByNameAndTime(String str, Date date) {
        return getTSPSourceByUrl(getTsaUrl(str, date));
    }

    private OnlineTSPSource getTSPSourceByUrl(String str) {
        OnlineTSPSource onlineTSPSource = new OnlineTSPSource(str);
        TimestampDataLoader timestampDataLoader = new TimestampDataLoader();
        timestampDataLoader.setTimeoutConnection(TIMEOUT_MS);
        timestampDataLoader.setTimeoutSocket(TIMEOUT_MS);
        timestampDataLoader.setProxyConfig(getProxyConfig());
        onlineTSPSource.setDataLoader(timestampDataLoader);
        return onlineTSPSource;
    }

    private String getTsaUrl(String str) {
        return PKI_FACTORY_HOST + TSA_ROOT_PATH + str;
    }

    private String getTsaUrl(String str, Date date) {
        return PKI_FACTORY_HOST + TSA_ROOT_PATH + DSSUtils.formatDateWithCustomFormat(date, DEFAULT_TSA_DATE_FORMAT) + "/" + str;
    }

    protected CertificateToken getCertificate(String str) {
        return DSSUtils.loadCertificate(getFileCacheDataLoader().get(PKI_FACTORY_HOST + CERT_ROOT_PATH + getCertificateName(str)));
    }

    protected String getCertificateName(String str) {
        return DSSUtils.encodeURI(str + CERT_EXTENSION);
    }

    protected CertificateToken getCertificateByPrimaryKey(String str, long j) {
        return DSSUtils.loadCertificate(getFileCacheDataLoader().get(PKI_FACTORY_HOST + CERT_ROOT_PATH + getCertificateNameByPrimaryKey(str, j)));
    }

    protected String getCertificateNameByPrimaryKey(String str, long j) {
        return DSSUtils.encodeURI(str + "/" + j + CERT_EXTENSION);
    }

    protected ProxyConfig getProxyConfig() {
        return null;
    }

    static {
        try {
            InputStream resourceAsStream = PKIFactoryAccess.class.getResourceAsStream("/pki-factory.properties");
            try {
                Properties properties = new Properties();
                properties.load(resourceAsStream);
                PKI_FACTORY_HOST = properties.getProperty("pki.factory.host");
                PKI_FACTORY_KEYSTORE_PASSWORD = properties.getProperty("pki.factory.keystore.password");
                dataSource = new JdbcDataSource();
                dataSource.setUrl("jdbc:h2:mem:test;DB_CLOSE_DELAY=-1");
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
            } finally {
            }
        } catch (Exception e) {
            throw new RuntimeException("Unable to initialize from pki-factory.properties", e);
        }
    }
}
