package com.itrus.cvm;

import com.itrus.cert.X509CRL;
import com.itrus.util.LdapUtils;
import com.itrus.util.RegexUtils;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.cert.CRLException;
import java.util.Date;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* compiled from: CRLContext.java */
/* loaded from: input_file:com/itrus/cvm/CRLDownloadThread.class */
class CRLDownloadThread extends Thread {
    private static Log log = LogFactory.getLog("ITRUS-CVM");
    private CRLContext m_CRLContext;

    public CRLDownloadThread(CRLContext cRLContext) {
        this.m_CRLContext = null;
        this.m_CRLContext = cRLContext;
    }

    private X509CRL downloadCRLInPolicy() {
        String caAlias = this.m_CRLContext.getCaAlias();
        this.m_CRLContext.setDownloading();
        int[] retryPolicy = this.m_CRLContext.getRetryPolicy();
        int length = retryPolicy.length;
        for (int i = 0; i <= length; i++) {
            log.info("(" + caAlias + ")一共尝试" + (length + 1) + "次，这是第" + (i + 1) + "次下载。");
            X509CRL downloadCRL = downloadCRL();
            if (downloadCRL != null) {
                log.info("(" + caAlias + ")下载CRL成功。");
                this.m_CRLContext.setX509CRL(downloadCRL);
                this.m_CRLContext.setDownloaded();
                return downloadCRL;
            }
            if (i < length) {
                try {
                    log.info("(" + caAlias + ")" + retryPolicy[i] + "秒后会重新尝试下载。");
                    Thread.sleep(retryPolicy[i] * 1000);
                } catch (InterruptedException e) {
                    log.warn("(" + caAlias + ")CRL重试更新线程被中断，间隔时间为" + retryPolicy[i] + "秒。异常:" + e.getMessage());
                }
            }
        }
        return null;
    }

    @Override // java.lang.Thread, java.lang.Runnable
    public void run() {
        if (1 == this.m_CRLContext.getStatus()) {
            return;
        }
        String caAlias = this.m_CRLContext.getCaAlias();
        while (this.m_CRLContext.isTimingDownload()) {
            try {
                X509CRL downloadCRLInPolicy = downloadCRLInPolicy();
                if (downloadCRLInPolicy != null) {
                    long time = downloadCRLInPolicy.getNextUpdate().getTime() - new Date().getTime();
                    try {
                        log.info("(" + caAlias + ")将于[" + downloadCRLInPolicy.getNextUpdate().toString() + "]再进行下载。");
                        Thread.sleep(time);
                    } catch (InterruptedException e) {
                        log.error("(" + caAlias + ")CRL更新线程被中断，间隔时间为" + (time / 1000) + "秒。异常:" + e.getMessage());
                    }
                }
                log.debug("本轮重试下载失败，进入下一轮重试下载。");
            } finally {
                this.m_CRLContext.setDownloaded();
            }
        }
        if (downloadCRLInPolicy() == null) {
            log.warn("(" + caAlias + ")经过多次尝试，均没能下载到有效的CRL！下载线程终止，等待下次激活。");
        }
    }

    private X509CRL downloadCRL() {
        String crlUrl;
        X509CRL x509crl = null;
        String caAlias = this.m_CRLContext.getCaAlias();
        if (this.m_CRLContext.getCrlUrl() == null || !this.m_CRLContext.getCrlUrl().startsWith("ldap://")) {
            crlUrl = this.m_CRLContext.getCrlUrl();
            if (crlUrl != null) {
                log.debug("(" + caAlias + ")从指定的URL下载CRL。");
            } else {
                crlUrl = this.m_CRLContext.getUserCrlUrl();
                log.debug("(" + caAlias + ")从用户证书的URL地址。");
            }
            try {
                x509crl = X509CRL.getInstanceFromURL(crlUrl);
            } catch (Exception e) {
                log.warn("(" + caAlias + ")从[" + crlUrl + "]下载CRL时发生异常：" + e.getMessage());
            }
        } else {
            crlUrl = this.m_CRLContext.getCrlUrl();
            String str = "certificateRevocationList;binary";
            if (RegexUtils.matches(this.m_CRLContext.getCrlUrl(), "^ldap://.*/.*@.+")) {
                str = RegexUtils.exceptMatches(crlUrl, "^ldap://.*/.*@");
                crlUrl = RegexUtils.exceptMatches(crlUrl, "@" + str);
            }
            try {
                x509crl = X509CRL.getInstance(LdapUtils.getEntryBinaryAttr(crlUrl, str));
            } catch (Exception e2) {
                log.warn("(" + caAlias + ")从[" + crlUrl + "]下载CRL时发生异常：" + e2.getMessage());
            }
        }
        if (x509crl == null) {
            return null;
        }
        if (!this.m_CRLContext.isNotCheckCRL() && !this.m_CRLContext.isCRLIssuedByLegalCA(x509crl, this.m_CRLContext.getCaCert())) {
            log.warn("(" + caAlias + ")从" + crlUrl + "下载到的CRL不是由指定的CA所颁发！");
            return null;
        }
        if (!x509crl.isOnValidPeriod()) {
            log.warn("(" + caAlias + ")从" + crlUrl + "下载到的CRL已过期！ThisUpdate:" + x509crl.getThisUpdate() + ", NextUpdate:" + x509crl.getNextUpdate());
            return null;
        }
        log.info("(" + caAlias + ")从" + crlUrl + "下载到了有效的CRL文件！");
        try {
            saveCRLToFile(x509crl, this.m_CRLContext.getCrlFilePath());
            log.info("(" + caAlias + ")CRL文件写入成功！" + this.m_CRLContext.getCrlFilePath());
        } catch (Exception e3) {
            log.warn(e3, e3);
        }
        return x509crl;
    }

    private void saveCRLToFile(X509CRL x509crl, String str) throws IOException, CRLException, InterruptedException {
        byte[] encoded = x509crl.getEncoded();
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        fileOutputStream.write(encoded);
        fileOutputStream.close();
    }
}
