package org.jscep.server;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.jscep.asn1.IssuerAndSubject;
import org.jscep.message.PkcsPkiEnvelopeDecoder;
import org.jscep.message.PkiMessage;
import org.jscep.message.PkiMessageDecoder;
import org.jscep.request.Operation;
import org.jscep.response.Capability;
import org.jscep.transaction.MessageType;
import org.jscep.util.LoggingUtil;

/* loaded from: input_file:org/jscep/server/ScepServlet.class */
public abstract class ScepServlet extends HttpServlet {
    private static final String GET = "GET";
    private static final String POST = "POST";
    private static final String MSG_PARAM = "message";
    private static final String OP_PARAM = "operation";
    private static Logger LOGGER = LoggingUtil.getLogger(ScepServlet.class);
    private static final long serialVersionUID = 1;

    public void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        LOGGER.entering(getClass().getName(), "service");
        try {
            Operation operation = getOperation(httpServletRequest);
            if (operation == null) {
                httpServletResponse.setStatus(400);
                PrintWriter writer = httpServletResponse.getWriter();
                writer.write("Missing \"operation\" parameter.");
                writer.flush();
                return;
            }
            LOGGER.fine("Incoming Operation: " + operation);
            String method = httpServletRequest.getMethod();
            if (operation == Operation.PKIOperation) {
                if (!method.equals(POST) && !method.equals(GET)) {
                    httpServletResponse.setStatus(405);
                    httpServletResponse.addHeader("Allow", "GET, POST");
                    return;
                }
            } else if (!method.equals(GET)) {
                httpServletResponse.setStatus(405);
                httpServletResponse.addHeader("Allow", GET);
                return;
            }
            LOGGER.fine("Method " + method + " Allowed for Operation: " + operation);
            if (operation == Operation.GetCACaps) {
                doGetCaCaps(httpServletRequest, httpServletResponse);
            } else if (operation == Operation.GetCACert) {
                doGetCaCert(httpServletRequest, httpServletResponse);
            } else if (operation == Operation.GetNextCACert) {
                doGetNextCaCert(httpServletRequest, httpServletResponse);
            } else {
                httpServletResponse.setHeader("Content-Type", "application/x-pki-message");
                try {
                    PkiMessage decode = new PkiMessageDecoder(new PkcsPkiEnvelopeDecoder(getPrivate())).decode(new CMSSignedData(httpServletRequest.getInputStream()));
                    MessageType messageType = decode.getMessageType();
                    ASN1Sequence messageData = decode.getMessageData();
                    if (messageType == MessageType.GetCert) {
                        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(messageData);
                        try {
                            httpServletResponse.getOutputStream().write(doGetCert(issuerAndSerialNumber.getName(), issuerAndSerialNumber.getCertificateSerialNumber().getValue()).getEncoded());
                        } catch (CertificateEncodingException e) {
                            throw new ServletException(e);
                        }
                    } else if (messageType == MessageType.GetCertInitial) {
                        IssuerAndSubject issuerAndSubject = new IssuerAndSubject(messageData);
                        doGetCertInitial(issuerAndSubject.getIssuer(), issuerAndSubject.getSubject());
                    } else if (messageType != MessageType.GetCRL && messageType == MessageType.PKCSReq) {
                    }
                } catch (CMSException e2) {
                    throw new ServletException(e2);
                }
            }
            LOGGER.exiting(getClass().getName(), "service");
        } catch (IllegalArgumentException e3) {
            httpServletResponse.setStatus(400);
            PrintWriter writer2 = httpServletResponse.getWriter();
            writer2.write("Invalid \"operation\" parameter.");
            writer2.flush();
        }
    }

    private void doGetNextCaCert(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setHeader("Content-Type", "application/x-x509-next-ca-cert");
    }

    private void doGetCaCert(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (doGetCaCertificate(httpServletRequest.getParameter(MSG_PARAM)).size() == 1) {
            httpServletResponse.setHeader("Content-Type", "application/x-x509-ca-cert");
        } else {
            httpServletResponse.setHeader("Content-Type", "application/x-x509-ca-ra-cert");
        }
    }

    private ContentInfo getContentInfo(InputStream inputStream) throws IOException {
        try {
            return ContentInfo.getInstance(ASN1Object.fromByteArray(getBytes(inputStream)));
        } catch (ClassCastException e) {
            throw new IOException(e);
        }
    }

    private byte[] getBytes(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        while (true) {
            int read = inputStream.read();
            if (read == -1) {
                byteArrayOutputStream.close();
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(read);
        }
    }

    private Operation getOperation(HttpServletRequest httpServletRequest) {
        if (httpServletRequest.getParameter(OP_PARAM) == null) {
            return null;
        }
        return Operation.valueOf(httpServletRequest.getParameter(OP_PARAM));
    }

    private void doGetCaCaps(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setHeader("Content-Type", "text/plain");
        Iterator<Capability> it = doCapabilities(httpServletRequest.getParameter(MSG_PARAM)).iterator();
        while (it.hasNext()) {
            httpServletResponse.getWriter().write(it.next().toString());
            httpServletResponse.getWriter().write(10);
        }
        httpServletResponse.getWriter().close();
    }

    protected abstract Set<Capability> doCapabilities(String str);

    protected abstract List<X509Certificate> doGetCaCertificate(String str);

    protected abstract List<X509Certificate> getNextCaCertificate(String str);

    protected abstract X509Certificate doGetCert(X509Name x509Name, BigInteger bigInteger);

    protected abstract X509Certificate doGetCertInitial(X509Name x509Name, X509Name x509Name2);

    protected abstract X509CRL doGetCrl(X500Principal x500Principal, BigInteger bigInteger);

    protected abstract List<X509Certificate> doEnroll(CertificationRequest certificationRequest);

    protected abstract PrivateKey getPrivate();
}
