package koal.usap.client.pep.ldap.biz.pki;

import com.koal.security.pki.x509.Certificate;
import com.koal.security.pki.x509.CertificateList;
import java.io.File;
import java.io.FileOutputStream;
import java.io.Serializable;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import koal.common.file.FileUtil;
import koal.security.utils.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:koal/usap/client/pep/ldap/biz/pki/TrustCrlListCfg.class */
public class TrustCrlListCfg implements Serializable {
    private static final Logger logger = LoggerFactory.getLogger(TrustCrlListCfg.class);
    private static final long serialVersionUID = 1;
    protected String trustPath;
    protected Map<String, Map<String, String>> dnToCrlMap = new HashMap();
    public Set<String> dnSet = new HashSet();

    public void initConfig(String str) throws Exception {
        try {
            this.trustPath = str;
            File file = new File(this.trustPath);
            if (!file.exists()) {
                file.mkdirs();
            }
            if (file.isFile()) {
                throw new Exception("CRL存储目录不是目录：" + file.getAbsolutePath());
            }
            for (File file2 : file.listFiles()) {
                if (file2.isFile() && (file2.getName().endsWith(".crl") || file2.getName().endsWith(".CRL"))) {
                    try {
                        System.out.println("加载本地缓存黑名单：" + file2.getName());
                        CertificateList certificateList = new CertificateList();
                        certificateList.decode(FileUtil.readFileAsByteArray(file2.getAbsolutePath()));
                        String name = certificateList.getTbsCertList().getIssuer().toString();
                        if (new Date().after((Date) certificateList.getTbsCertList().getNextUpdate().getValue())) {
                            file2.delete();
                            this.dnSet.add(name);
                        } else {
                            Map<String, String> map = this.dnToCrlMap.get(name);
                            if (map == null) {
                                map = new HashMap();
                            }
                            int componentCount = certificateList.getTbsCertList().getRevokedCertificates().getComponentCount();
                            for (int i = 0; i < componentCount; i++) {
                                map.put(certificateList.getTbsCertList().getRevokedCertificates().getComponent(i).getUserCertificate().toString(), "");
                            }
                            this.dnToCrlMap.put(name, map);
                        }
                    } catch (Exception e) {
                        logger.error("解析CRL失败：" + file2.getAbsolutePath(), e);
                    }
                }
            }
            System.out.println("加载缓存黑名单结束");
        } catch (Exception e2) {
            throw e2;
        }
    }

    public boolean verifyCrl(Certificate certificate) throws Exception {
        if (certificate == null) {
            throw new Exception("待验证的证书不能为空");
        }
        String certificateSerialNumber = certificate.getSerialNumber().toString();
        Map<String, String> map = this.dnToCrlMap.get(certificate.getIssuer().toString());
        return map == null || !map.containsKey(certificateSerialNumber);
    }

    public boolean isExistCrl(Certificate certificate) throws Exception {
        if (certificate == null) {
            throw new Exception("待验证的证书不能为空");
        }
        return this.dnToCrlMap.containsKey(certificate.getIssuer().toString());
    }

    public void saveCrl(Map<String, String> map) throws Exception {
        int i = 1;
        for (String str : map.keySet()) {
            String str2 = map.get(str);
            CertificateList certificateList = new CertificateList();
            certificateList.decode(Base64.decode(str2));
            String name = certificateList.getTbsCertList().getIssuer().toString();
            File file = new File(this.trustPath + File.separator + name + "_" + str + ".crl");
            if (file.exists() && file.isFile()) {
                file.delete();
            }
            file.createNewFile();
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            System.out.println("保存第" + i + "个CRL：" + name + "_" + str);
            fileOutputStream.write(certificateList.encode());
            i++;
            fileOutputStream.close();
            Map<String, String> map2 = this.dnToCrlMap.get(name);
            if (map2 == null) {
                map2 = new HashMap();
            }
            int componentCount = certificateList.getTbsCertList().getRevokedCertificates().getComponentCount();
            for (int i2 = 0; i2 < componentCount; i2++) {
                map2.put(certificateList.getTbsCertList().getRevokedCertificates().getComponent(i2).getUserCertificate().toString(), "");
            }
            this.dnToCrlMap.put(name, map2);
        }
    }
}
