package net.bluemind.smime.cacerts.service.internal;

import java.security.cert.X509Certificate;
import java.sql.SQLException;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import javax.sql.DataSource;
import net.bluemind.core.api.fault.ErrorCode;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.container.model.Container;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.core.container.service.internal.RBACManager;
import net.bluemind.core.rest.BmContext;
import net.bluemind.core.rest.IServiceProvider;
import net.bluemind.smime.cacerts.api.ISmimeCACert;
import net.bluemind.smime.cacerts.api.ISmimeRevocation;
import net.bluemind.smime.cacerts.api.RevocationResult;
import net.bluemind.smime.cacerts.api.SmimeCacert;
import net.bluemind.smime.cacerts.api.SmimeCacertInfos;
import net.bluemind.smime.cacerts.api.SmimeCertClient;
import net.bluemind.smime.cacerts.api.SmimeRevocation;
import net.bluemind.smime.cacerts.persistence.SmimeRevocationStore;
import net.bluemind.smime.cacerts.service.IInCoreSmimeRevocation;
import net.bluemind.utils.CertificateUtils;

/* loaded from: input_file:net/bluemind/smime/cacerts/service/internal/SmimeRevocationService.class */
public class SmimeRevocationService implements ISmimeRevocation {
    private BmContext bmContext;
    private Container container;
    private RBACManager rbacManager;
    private final String domainUid;
    private SmimeRevocationStore storeService;

    public SmimeRevocationService(BmContext bmContext, DataSource dataSource, Container container) {
        this.bmContext = bmContext;
        this.container = container;
        this.domainUid = container.domainUid;
        this.storeService = new SmimeRevocationStore(dataSource, container);
        this.rbacManager = RBACManager.forContext(bmContext).forDomain(this.domainUid);
    }

    public Set<RevocationResult> areRevoked(List<SmimeCertClient> list) throws ServerFault {
        if (this.bmContext.getSecurityContext().isAnonymous()) {
            throw new ServerFault("User is not logged in", ErrorCode.PERMISSION_DENIED);
        }
        return (Set) list.stream().map(smimeCertClient -> {
            try {
                SmimeRevocation byCertClient = this.storeService.getByCertClient(smimeCertClient);
                if (byCertClient == null) {
                    byCertClient = SmimeRevocation.create(smimeCertClient.serialNumber, smimeCertClient.issuer);
                }
                return byCertClient;
            } catch (SQLException e) {
                throw new ServerFault(e.getMessage(), ErrorCode.SQL_ERROR);
            }
        }).distinct().map(this::createRevocationResult).collect(Collectors.toSet());
    }

    private RevocationResult createRevocationResult(SmimeRevocation smimeRevocation) {
        return smimeRevocation.revocationDate == null ? RevocationResult.notRevoked(smimeRevocation) : RevocationResult.revoked(smimeRevocation);
    }

    public void refreshDomainRevocations() throws ServerFault {
        this.rbacManager.check(new String[]{"manageDomainSmime"});
        IServiceProvider provider = this.bmContext.provider();
        List all = ((ISmimeCACert) provider.instance(ISmimeCACert.class, new String[]{this.container.uid})).all();
        IInCoreSmimeRevocation iInCoreSmimeRevocation = (IInCoreSmimeRevocation) provider.instance(IInCoreSmimeRevocation.class, new String[]{this.container.domainUid});
        iInCoreSmimeRevocation.getClass();
        all.forEach(iInCoreSmimeRevocation::refreshRevocations);
    }

    public void refreshRevocations(String str) throws ServerFault {
        this.rbacManager.check(new String[]{"manageDomainSmime"});
        ItemValue<SmimeCacert> complete = ((ISmimeCACert) this.bmContext.provider().instance(ISmimeCACert.class, new String[]{this.container.uid})).getComplete(str);
        if (complete == null) {
            throw new ServerFault(String.format("S/MIME cacert item %s not found", str));
        }
        ((IInCoreSmimeRevocation) this.bmContext.provider().instance(IInCoreSmimeRevocation.class, new String[]{this.container.domainUid})).refreshRevocations(complete);
    }

    public SmimeCacertInfos fetch(ItemValue<SmimeCacert> itemValue) {
        this.rbacManager.check(new String[]{"manageDomainSmime"});
        try {
            List list = this.storeService.get(itemValue);
            X509Certificate certificate = CertificateUtils.getCertificate(((SmimeCacert) itemValue.value).cert.getBytes());
            return SmimeCacertInfos.create(itemValue.uid, certificate.getIssuerX500Principal().getName(), certificate.getSubjectX500Principal().getName(), list);
        } catch (SQLException e) {
            throw new ServerFault(e.getMessage(), ErrorCode.SQL_ERROR);
        }
    }
}
