package org.xipki.ca.server.servlet;

import com.fasterxml.jackson.core.JsonPointer;
import com.fasterxml.jackson.core.io.doubleparser.FastDoubleMath;
import com.fasterxml.jackson.databind.deser.std.StdKeyDeserializer;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateException;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.logging.log4j.core.lookup.Interpolator;
import org.apache.logging.log4j.util.Chars;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.X509CRLHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.ca.api.mgmt.CaManager;
import org.xipki.ca.api.mgmt.CaMgmtException;
import org.xipki.ca.api.mgmt.CaProfileEntry;
import org.xipki.ca.api.mgmt.CertWithRevocationInfo;
import org.xipki.ca.api.mgmt.MgmtMessage;
import org.xipki.ca.api.mgmt.MgmtRequest;
import org.xipki.ca.api.mgmt.MgmtResponse;
import org.xipki.ca.api.mgmt.entry.CaEntry;
import org.xipki.ca.api.mgmt.entry.CertprofileEntry;
import org.xipki.ca.api.mgmt.entry.KeypairGenEntry;
import org.xipki.ca.api.mgmt.entry.PublisherEntry;
import org.xipki.ca.api.mgmt.entry.RequestorEntry;
import org.xipki.ca.api.mgmt.entry.SignerEntry;
import org.xipki.security.KeyCertBytesPair;
import org.xipki.security.X509Cert;
import org.xipki.security.asn1.Asn1StreamParser;
import org.xipki.security.util.JSON;
import org.xipki.security.util.TlsHelper;
import org.xipki.util.Args;
import org.xipki.util.ConfPairs;
import org.xipki.util.HttpConstants;
import org.xipki.util.IoUtil;
import org.xipki.util.cbor.CborConstants;
import org.xipki.util.exception.InvalidConfException;
import org.xipki.util.http.HttpResponse;
import org.xipki.util.http.HttpStatusCode;
import org.xipki.util.http.XiHttpRequest;
import org.xipki.util.http.XiHttpResponse;

/* loaded from: input_file:WEB-INF/lib/ca-server-6.4.0.jar:org/xipki/ca/server/servlet/HttpMgmtServlet.class */
class HttpMgmtServlet {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) HttpMgmtServlet.class);
    private static final String CT_RESPONSE = "application/json";
    private Set<X509Cert> mgmtCerts;
    private CaManager caManager;

    /* renamed from: org.xipki.ca.server.servlet.HttpMgmtServlet$1, reason: invalid class name */
    /* loaded from: input_file:WEB-INF/lib/ca-server-6.4.0.jar:org/xipki/ca/server/servlet/HttpMgmtServlet$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction = new int[MgmtMessage.MgmtAction.values().length];

        static {
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.addCa.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.addCaAlias.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.addCertprofile.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.addCertprofileToCa.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.addPublisher.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.addPublisherToCa.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.addRequestor.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.addRequestorToCa.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.addSigner.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.changeCa.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.changeCertprofile.ordinal()] = 11;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.changePublisher.ordinal()] = 12;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.changeRequestor.ordinal()] = 13;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.changeSigner.ordinal()] = 14;
            } catch (NoSuchFieldError e14) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.exportConf.ordinal()] = 15;
            } catch (NoSuchFieldError e15) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.generateCertificate.ordinal()] = 16;
            } catch (NoSuchFieldError e16) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.generateCrossCertificate.ordinal()] = 17;
            } catch (NoSuchFieldError e17) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.generateKeyCert.ordinal()] = 18;
            } catch (NoSuchFieldError e18) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.generateCrlOnDemand.ordinal()] = 19;
            } catch (NoSuchFieldError e19) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.generateRootCa.ordinal()] = 20;
            } catch (NoSuchFieldError e20) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getAliasesForCa.ordinal()] = 21;
            } catch (NoSuchFieldError e21) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getCa.ordinal()] = 22;
            } catch (NoSuchFieldError e22) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getCaAliasNames.ordinal()] = 23;
            } catch (NoSuchFieldError e23) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getCaNameForAlias.ordinal()] = 24;
            } catch (NoSuchFieldError e24) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getCaNames.ordinal()] = 25;
            } catch (NoSuchFieldError e25) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getCaSystemStatus.ordinal()] = 26;
            } catch (NoSuchFieldError e26) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getCert.ordinal()] = 27;
            } catch (NoSuchFieldError e27) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getCertprofile.ordinal()] = 28;
            } catch (NoSuchFieldError e28) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getCertprofileNames.ordinal()] = 29;
            } catch (NoSuchFieldError e29) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getCertprofilesForCa.ordinal()] = 30;
            } catch (NoSuchFieldError e30) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getCrl.ordinal()] = 31;
            } catch (NoSuchFieldError e31) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getCurrentCrl.ordinal()] = 32;
            } catch (NoSuchFieldError e32) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getFailedCaNames.ordinal()] = 33;
            } catch (NoSuchFieldError e33) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getInactiveCaNames.ordinal()] = 34;
            } catch (NoSuchFieldError e34) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getPublisher.ordinal()] = 35;
            } catch (NoSuchFieldError e35) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getPublisherNames.ordinal()] = 36;
            } catch (NoSuchFieldError e36) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getPublishersForCa.ordinal()] = 37;
            } catch (NoSuchFieldError e37) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getRequestor.ordinal()] = 38;
            } catch (NoSuchFieldError e38) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getRequestorNames.ordinal()] = 39;
            } catch (NoSuchFieldError e39) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getRequestorsForCa.ordinal()] = 40;
            } catch (NoSuchFieldError e40) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getSigner.ordinal()] = 41;
            } catch (NoSuchFieldError e41) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getSignerNames.ordinal()] = 42;
            } catch (NoSuchFieldError e42) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getSuccessfulCaNames.ordinal()] = 43;
            } catch (NoSuchFieldError e43) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getSupportedCertprofileTypes.ordinal()] = 44;
            } catch (NoSuchFieldError e44) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getSupportedPublisherTypes.ordinal()] = 45;
            } catch (NoSuchFieldError e45) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getSupportedSignerTypes.ordinal()] = 46;
            } catch (NoSuchFieldError e46) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.listCertificates.ordinal()] = 47;
            } catch (NoSuchFieldError e47) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.loadConf.ordinal()] = 48;
            } catch (NoSuchFieldError e48) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.notifyCaChange.ordinal()] = 49;
            } catch (NoSuchFieldError e49) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.removeCa.ordinal()] = 50;
            } catch (NoSuchFieldError e50) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.removeCaAlias.ordinal()] = 51;
            } catch (NoSuchFieldError e51) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.removeCertificate.ordinal()] = 52;
            } catch (NoSuchFieldError e52) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.removeCertprofile.ordinal()] = 53;
            } catch (NoSuchFieldError e53) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.removeCertprofileFromCa.ordinal()] = 54;
            } catch (NoSuchFieldError e54) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.removePublisher.ordinal()] = 55;
            } catch (NoSuchFieldError e55) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.removePublisherFromCa.ordinal()] = 56;
            } catch (NoSuchFieldError e56) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.removeRequestor.ordinal()] = 57;
            } catch (NoSuchFieldError e57) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.removeRequestorFromCa.ordinal()] = 58;
            } catch (NoSuchFieldError e58) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.removeSigner.ordinal()] = 59;
            } catch (NoSuchFieldError e59) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.republishCertificates.ordinal()] = 60;
            } catch (NoSuchFieldError e60) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.restartCa.ordinal()] = 61;
            } catch (NoSuchFieldError e61) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.restartCaSystem.ordinal()] = 62;
            } catch (NoSuchFieldError e62) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.revokeCa.ordinal()] = 63;
            } catch (NoSuchFieldError e63) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.revokeCertficate.ordinal()] = 64;
            } catch (NoSuchFieldError e64) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.revokeCertificate.ordinal()] = 65;
            } catch (NoSuchFieldError e65) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.tokenInfoP11.ordinal()] = 66;
            } catch (NoSuchFieldError e66) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.unlockCa.ordinal()] = 67;
            } catch (NoSuchFieldError e67) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.unrevokeCa.ordinal()] = 68;
            } catch (NoSuchFieldError e68) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.unsuspendCertificate.ordinal()] = 69;
            } catch (NoSuchFieldError e69) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.addDbSchema.ordinal()] = 70;
            } catch (NoSuchFieldError e70) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.changeDbSchema.ordinal()] = 71;
            } catch (NoSuchFieldError e71) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.removeDbSchema.ordinal()] = 72;
            } catch (NoSuchFieldError e72) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getDbSchemas.ordinal()] = 73;
            } catch (NoSuchFieldError e73) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.addKeypairGen.ordinal()] = 74;
            } catch (NoSuchFieldError e74) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.changeKeypairGen.ordinal()] = 75;
            } catch (NoSuchFieldError e75) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.removeKeypairGen.ordinal()] = 76;
            } catch (NoSuchFieldError e76) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getKeypairGenNames.ordinal()] = 77;
            } catch (NoSuchFieldError e77) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[MgmtMessage.MgmtAction.getKeypairGen.ordinal()] = 78;
            } catch (NoSuchFieldError e78) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/ca-server-6.4.0.jar:org/xipki/ca/server/servlet/HttpMgmtServlet$MyException.class */
    public static final class MyException extends Exception {
        private final int status;

        public MyException(int i, String str) {
            super(str);
            this.status = i;
        }

        public int getStatus() {
            return this.status;
        }
    }

    public void setMgmtCerts(Set<X509Cert> set) {
        this.mgmtCerts = new HashSet(Args.notEmpty((Set) set, "mgmtCerts"));
    }

    public void setCaManager(CaManager caManager) {
        this.caManager = (CaManager) Args.notNull(caManager, "caManager");
    }

    public void service(XiHttpRequest xiHttpRequest, XiHttpResponse xiHttpResponse) throws IOException {
        if (!"POST".equalsIgnoreCase(xiHttpRequest.getMethod())) {
            xiHttpResponse.setStatus(HttpStatusCode.SC_METHOD_NOT_ALLOWED);
        }
        try {
            X509Cert tlsClientCert = TlsHelper.getTlsClientCert(xiHttpRequest);
            if (tlsClientCert == null) {
                throw new MyException(HttpStatusCode.SC_UNAUTHORIZED, "remote management is not permitted if TLS client certificate is not present");
            }
            if (!this.mgmtCerts.contains(tlsClientCert)) {
                throw new MyException(HttpStatusCode.SC_UNAUTHORIZED, "remote management is not permitted to the client without valid certificate");
            }
            String str = (String) xiHttpRequest.getAttribute(HttpConstants.ATTR_XIPKI_PATH);
            if (str == null || str.length() < 2) {
                throw new MyException(HttpStatusCode.SC_NOT_FOUND, "no action is specified");
            }
            String substring = str.substring(1);
            MgmtMessage.MgmtAction ofName = MgmtMessage.MgmtAction.ofName(substring);
            if (ofName == null) {
                throw new MyException(HttpStatusCode.SC_NOT_FOUND, "unknown action '" + substring + "'");
            }
            MgmtMessage mgmtMessage = null;
            InputStream inputStream = xiHttpRequest.getInputStream();
            switch (AnonymousClass1.$SwitchMap$org$xipki$ca$api$mgmt$MgmtMessage$MgmtAction[ofName.ordinal()]) {
                case 1:
                    try {
                        this.caManager.addCa(((MgmtRequest.AddCa) parse(inputStream, MgmtRequest.AddCa.class)).getCaEntry().toCaEntry());
                        break;
                    } catch (CertificateException | InvalidConfException e) {
                        LOG.error(ofName + ": could not build the CaEntry", (Throwable) e);
                        throw new MyException(400, "could not build the CaEntry: " + e.getMessage());
                    }
                case 2:
                    MgmtRequest.AddCaAlias addCaAlias = (MgmtRequest.AddCaAlias) parse(inputStream, MgmtRequest.AddCaAlias.class);
                    this.caManager.addCaAlias(addCaAlias.getAliasName(), addCaAlias.getCaName());
                    break;
                case 3:
                    this.caManager.addCertprofile(((MgmtRequest.AddCertprofile) parse(inputStream, MgmtRequest.AddCertprofile.class)).getCertprofileEntry());
                    break;
                case 4:
                    MgmtRequest.AddCertprofileToCa addCertprofileToCa = (MgmtRequest.AddCertprofileToCa) parse(inputStream, MgmtRequest.AddCertprofileToCa.class);
                    this.caManager.addCertprofileToCa(addCertprofileToCa.getProfileName(), addCertprofileToCa.getCaName());
                    break;
                case 5:
                    this.caManager.addPublisher(((MgmtRequest.AddPublisher) parse(inputStream, MgmtRequest.AddPublisher.class)).getPublisherEntry());
                    break;
                case 6:
                    MgmtRequest.AddPublisherToCa addPublisherToCa = (MgmtRequest.AddPublisherToCa) parse(inputStream, MgmtRequest.AddPublisherToCa.class);
                    this.caManager.addPublisherToCa(addPublisherToCa.getPublisherName(), addPublisherToCa.getCaName());
                    break;
                case 7:
                    this.caManager.addRequestor(((MgmtRequest.AddRequestor) parse(inputStream, MgmtRequest.AddRequestor.class)).getRequestorEntry());
                    break;
                case 8:
                    MgmtRequest.AddRequestorToCa addRequestorToCa = (MgmtRequest.AddRequestorToCa) parse(inputStream, MgmtRequest.AddRequestorToCa.class);
                    this.caManager.addRequestorToCa(addRequestorToCa.getRequestor(), addRequestorToCa.getCaName());
                    break;
                case 9:
                    this.caManager.addSigner(((MgmtRequest.AddSigner) parse(inputStream, MgmtRequest.AddSigner.class)).getSignerEntry().toSignerEntry());
                    break;
                case 10:
                    this.caManager.changeCa(((MgmtRequest.ChangeCa) parse(inputStream, MgmtRequest.ChangeCa.class)).getChangeCaEntry());
                    break;
                case 11:
                    MgmtRequest.ChangeTypeConfEntity changeTypeConfEntity = (MgmtRequest.ChangeTypeConfEntity) parse(inputStream, MgmtRequest.ChangeTypeConfEntity.class);
                    this.caManager.changeCertprofile(changeTypeConfEntity.getName(), changeTypeConfEntity.getType(), changeTypeConfEntity.getConf());
                    break;
                case 12:
                    MgmtRequest.ChangeTypeConfEntity changeTypeConfEntity2 = (MgmtRequest.ChangeTypeConfEntity) parse(inputStream, MgmtRequest.ChangeTypeConfEntity.class);
                    this.caManager.changePublisher(changeTypeConfEntity2.getName(), changeTypeConfEntity2.getType(), changeTypeConfEntity2.getConf());
                    break;
                case 13:
                    MgmtRequest.ChangeTypeConfEntity changeTypeConfEntity3 = (MgmtRequest.ChangeTypeConfEntity) parse(inputStream, MgmtRequest.ChangeTypeConfEntity.class);
                    this.caManager.changeRequestor(changeTypeConfEntity3.getName(), changeTypeConfEntity3.getType(), changeTypeConfEntity3.getConf());
                    break;
                case StdKeyDeserializer.TYPE_URL /* 14 */:
                    MgmtRequest.ChangeSigner changeSigner = (MgmtRequest.ChangeSigner) parse(inputStream, MgmtRequest.ChangeSigner.class);
                    this.caManager.changeSigner(changeSigner.getName(), changeSigner.getType(), changeSigner.getConf(), changeSigner.getBase64Cert());
                    break;
                case StdKeyDeserializer.TYPE_CLASS /* 15 */:
                    mgmtMessage = new MgmtResponse.ByteArray(IoUtil.readAllBytesAndClose(this.caManager.exportConf(((MgmtRequest.ExportConf) parse(inputStream, MgmtRequest.ExportConf.class)).getCaNames())));
                    break;
                case 16:
                    MgmtRequest.GenerateCert generateCert = (MgmtRequest.GenerateCert) parse(inputStream, MgmtRequest.GenerateCert.class);
                    mgmtMessage = toByteArray(this.caManager.generateCertificate(generateCert.getCaName(), generateCert.getProfileName(), generateCert.getEncodedCsr(), generateCert.getNotBefore(), generateCert.getNotAfter()));
                    break;
                case StdKeyDeserializer.TYPE_BYTE_ARRAY /* 17 */:
                    MgmtRequest.GenerateCrossCertificate generateCrossCertificate = (MgmtRequest.GenerateCrossCertificate) parse(inputStream, MgmtRequest.GenerateCrossCertificate.class);
                    mgmtMessage = toByteArray(this.caManager.generateCrossCertificate(generateCrossCertificate.getCaName(), generateCrossCertificate.getProfileName(), generateCrossCertificate.getEncodedCsr(), generateCrossCertificate.getEncodedTargetCert(), generateCrossCertificate.getNotBefore(), generateCrossCertificate.getNotAfter()));
                    break;
                case 18:
                    MgmtRequest.GenerateKeyCert generateKeyCert = (MgmtRequest.GenerateKeyCert) parse(inputStream, MgmtRequest.GenerateKeyCert.class);
                    KeyCertBytesPair generateKeyCert2 = this.caManager.generateKeyCert(generateKeyCert.getCaName(), generateKeyCert.getProfileName(), generateKeyCert.getSubject(), generateKeyCert.getNotBefore(), generateKeyCert.getNotAfter());
                    mgmtMessage = new MgmtResponse.KeyCertBytes(generateKeyCert2.getKey(), generateKeyCert2.getCert());
                    break;
                case 19:
                    mgmtMessage = toByteArray(ofName, this.caManager.generateCrlOnDemand(getNameFromRequest(inputStream)));
                    break;
                case 20:
                    MgmtRequest.GenerateRootCa generateRootCa = (MgmtRequest.GenerateRootCa) parse(inputStream, MgmtRequest.GenerateRootCa.class);
                    try {
                        mgmtMessage = toByteArray(this.caManager.generateRootCa(generateRootCa.getCaEntry().toCaEntry(), generateRootCa.getCertprofileName(), generateRootCa.getSubject(), generateRootCa.getSerialNumber(), generateRootCa.getNotBefore(), generateRootCa.getNotAfter()));
                        break;
                    } catch (CertificateException | InvalidConfException e2) {
                        LOG.error(ofName + ": could not build the CaEntry", (Throwable) e2);
                        throw new MyException(400, "could not build the CaEntry: " + e2.getMessage());
                    }
                case 21:
                    mgmtMessage = new MgmtResponse.StringSet(this.caManager.getAliasesForCa(getNameFromRequest(inputStream)));
                    break;
                case 22:
                    String nameFromRequest = getNameFromRequest(inputStream);
                    CaEntry ca = this.caManager.getCa(nameFromRequest);
                    if (ca == null) {
                        throw new CaMgmtException("Unknown CA " + nameFromRequest);
                    }
                    mgmtMessage = new MgmtResponse.GetCa(new MgmtMessage.CaEntryWrapper(ca));
                    break;
                case 23:
                    mgmtMessage = new MgmtResponse.StringSet(this.caManager.getCaAliasNames());
                    break;
                case 24:
                    mgmtMessage = new MgmtResponse.StringResponse(this.caManager.getCaNameForAlias(getNameFromRequest(inputStream)));
                    break;
                case 25:
                    mgmtMessage = new MgmtResponse.StringSet(this.caManager.getCaNames());
                    break;
                case 26:
                    mgmtMessage = new MgmtResponse.GetCaSystemStatus(this.caManager.getCaSystemStatus());
                    break;
                case 27:
                    MgmtRequest.GetCert getCert = (MgmtRequest.GetCert) parse(inputStream, MgmtRequest.GetCert.class);
                    CertWithRevocationInfo cert = getCert.getCaName() != null ? this.caManager.getCert(getCert.getCaName(), getCert.getSerialNumber()) : this.caManager.getCert(X500Name.getInstance(getCert.getEncodedIssuerDn()), getCert.getSerialNumber());
                    if (cert != null) {
                        mgmtMessage = new MgmtResponse.GetCert(new MgmtResponse.CertWithRevocationInfoWrapper(cert));
                        break;
                    } else {
                        mgmtMessage = new MgmtResponse.GetCert(null);
                        break;
                    }
                case 28:
                    String nameFromRequest2 = getNameFromRequest(inputStream);
                    CertprofileEntry certprofile = this.caManager.getCertprofile(nameFromRequest2);
                    if (certprofile == null) {
                        throw new CaMgmtException("Unknown Certprofile " + nameFromRequest2);
                    }
                    mgmtMessage = new MgmtResponse.GetCertprofile(certprofile);
                    break;
                case 29:
                    mgmtMessage = new MgmtResponse.StringSet(this.caManager.getCertprofileNames());
                    break;
                case 30:
                    Set<CaProfileEntry> certprofilesForCa = this.caManager.getCertprofilesForCa(getNameFromRequest(inputStream));
                    HashSet hashSet = new HashSet();
                    Iterator<CaProfileEntry> it = certprofilesForCa.iterator();
                    while (it.hasNext()) {
                        hashSet.add(it.next().getEncoded());
                    }
                    mgmtMessage = new MgmtResponse.StringSet(hashSet);
                    break;
                case CborConstants.BREAK /* 31 */:
                    MgmtRequest.GetCrl getCrl = (MgmtRequest.GetCrl) parse(inputStream, MgmtRequest.GetCrl.class);
                    X509CRLHolder crl = this.caManager.getCrl(getCrl.getCaName(), getCrl.getCrlNumber());
                    if (crl == null) {
                        throw new CaMgmtException("Found no CRL for CA " + getCrl.getCaName() + " with CRL number 0x" + getCrl.getCrlNumber().toString(16));
                    }
                    mgmtMessage = toByteArray(ofName, crl);
                    break;
                case 32:
                    String nameFromRequest3 = getNameFromRequest(inputStream);
                    X509CRLHolder currentCrl = this.caManager.getCurrentCrl(nameFromRequest3);
                    if (currentCrl == null) {
                        throw new CaMgmtException("No current CRL for CA " + nameFromRequest3);
                    }
                    mgmtMessage = toByteArray(ofName, currentCrl);
                    break;
                case 33:
                    mgmtMessage = new MgmtResponse.StringSet(this.caManager.getFailedCaNames());
                    break;
                case 34:
                    mgmtMessage = new MgmtResponse.StringSet(this.caManager.getInactiveCaNames());
                    break;
                case CborConstants.TAG_REGEXP /* 35 */:
                    String nameFromRequest4 = getNameFromRequest(inputStream);
                    PublisherEntry publisher = this.caManager.getPublisher(nameFromRequest4);
                    if (publisher == null) {
                        throw new CaMgmtException("Unknown publisher " + nameFromRequest4);
                    }
                    mgmtMessage = new MgmtResponse.GetPublisher(publisher);
                    break;
                case 36:
                    mgmtMessage = new MgmtResponse.StringSet(this.caManager.getPublisherNames());
                    break;
                case 37:
                    mgmtMessage = new MgmtResponse.GetPublischersForCa(this.caManager.getPublishersForCa(getNameFromRequest(inputStream)));
                    break;
                case 38:
                    String nameFromRequest5 = getNameFromRequest(inputStream);
                    RequestorEntry requestor = this.caManager.getRequestor(nameFromRequest5);
                    if (requestor == null) {
                        throw new CaMgmtException("Unknown requestor " + nameFromRequest5);
                    }
                    mgmtMessage = new MgmtResponse.GetRequestor(requestor);
                    break;
                case Chars.QUOTE /* 39 */:
                    mgmtMessage = new MgmtResponse.StringSet(this.caManager.getRequestorNames());
                    break;
                case 40:
                    mgmtMessage = new MgmtResponse.GetRequestorsForCa(this.caManager.getRequestorsForCa(getNameFromRequest(inputStream)));
                    break;
                case 41:
                    String nameFromRequest6 = getNameFromRequest(inputStream);
                    SignerEntry signer = this.caManager.getSigner(nameFromRequest6);
                    if (signer == null) {
                        throw new CaMgmtException("Unknown signer " + nameFromRequest6);
                    }
                    mgmtMessage = new MgmtResponse.GetSigner(new MgmtMessage.SignerEntryWrapper(signer));
                    break;
                case 42:
                    mgmtMessage = new MgmtResponse.StringSet(this.caManager.getSignerNames());
                    break;
                case 43:
                    mgmtMessage = new MgmtResponse.StringSet(this.caManager.getSuccessfulCaNames());
                    break;
                case ConfPairs.TOKEN_TERM /* 44 */:
                    mgmtMessage = new MgmtResponse.StringSet(this.caManager.getSupportedCertprofileTypes());
                    break;
                case 45:
                    mgmtMessage = new MgmtResponse.StringSet(this.caManager.getSupportedPublisherTypes());
                    break;
                case 46:
                    mgmtMessage = new MgmtResponse.StringSet(this.caManager.getSupportedSignerTypes());
                    break;
                case JsonPointer.SEPARATOR /* 47 */:
                    MgmtRequest.ListCertificates listCertificates = (MgmtRequest.ListCertificates) parse(inputStream, MgmtRequest.ListCertificates.class);
                    mgmtMessage = new MgmtResponse.ListCertificates(this.caManager.listCertificates(listCertificates.getCaName(), X500Name.getInstance(listCertificates.getEncodedSubjectDnPattern()), listCertificates.getValidFrom(), listCertificates.getValidTo(), listCertificates.getOrderBy(), listCertificates.getNumEntries()));
                    break;
                case Asn1StreamParser.TAG_CONSTRUCTED_SEQUENCE /* 48 */:
                    Map<String, X509Cert> loadConf = this.caManager.loadConf(((MgmtRequest.LoadConf) parse2(inputStream, MgmtRequest.LoadConf.class)).getConfBytes());
                    if (loadConf != null && !loadConf.isEmpty()) {
                        HashMap hashMap = new HashMap(loadConf.size());
                        for (Map.Entry<String, X509Cert> entry : loadConf.entrySet()) {
                            hashMap.put(entry.getKey(), entry.getValue().getEncoded());
                        }
                        mgmtMessage = new MgmtResponse.LoadConf(hashMap);
                        break;
                    } else {
                        mgmtMessage = new MgmtResponse.LoadConf(null);
                        break;
                    }
                case Asn1StreamParser.TAG_CONSTRUCTED_SET /* 49 */:
                    this.caManager.notifyCaChange();
                    break;
                case 50:
                    this.caManager.removeCa(getNameFromRequest(inputStream));
                    break;
                case 51:
                    this.caManager.removeCaAlias(getNameFromRequest(inputStream));
                    break;
                case 52:
                    MgmtRequest.RemoveCertificate removeCertificate = (MgmtRequest.RemoveCertificate) parse(inputStream, MgmtRequest.RemoveCertificate.class);
                    this.caManager.removeCertificate(removeCertificate.getCaName(), removeCertificate.getSerialNumber());
                    break;
                case FastDoubleMath.DOUBLE_SIGNIFICAND_WIDTH /* 53 */:
                    this.caManager.removeCertprofile(getNameFromRequest(inputStream));
                    break;
                case 54:
                    MgmtRequest.RemoveEntityFromCa removeEntityFromCa = (MgmtRequest.RemoveEntityFromCa) parse(inputStream, MgmtRequest.RemoveEntityFromCa.class);
                    this.caManager.removeCertprofileFromCa(removeEntityFromCa.getEntityName(), removeEntityFromCa.getCaName());
                    break;
                case 55:
                    this.caManager.removePublisher(getNameFromRequest(inputStream));
                    break;
                case 56:
                    MgmtRequest.RemoveEntityFromCa removeEntityFromCa2 = (MgmtRequest.RemoveEntityFromCa) parse(inputStream, MgmtRequest.RemoveEntityFromCa.class);
                    this.caManager.removePublisherFromCa(removeEntityFromCa2.getEntityName(), removeEntityFromCa2.getCaName());
                    break;
                case 57:
                    this.caManager.removeRequestor(getNameFromRequest(inputStream));
                    break;
                case Interpolator.PREFIX_SEPARATOR /* 58 */:
                    MgmtRequest.RemoveEntityFromCa removeEntityFromCa3 = (MgmtRequest.RemoveEntityFromCa) parse(inputStream, MgmtRequest.RemoveEntityFromCa.class);
                    this.caManager.removeRequestorFromCa(removeEntityFromCa3.getEntityName(), removeEntityFromCa3.getCaName());
                    break;
                case 59:
                    this.caManager.removeSigner(getNameFromRequest(inputStream));
                    break;
                case 60:
                    MgmtRequest.RepublishCertificates republishCertificates = (MgmtRequest.RepublishCertificates) parse(inputStream, MgmtRequest.RepublishCertificates.class);
                    this.caManager.republishCertificates(republishCertificates.getCaName(), republishCertificates.getPublisherNames(), republishCertificates.getNumThreads());
                    break;
                case 61:
                    this.caManager.restartCa(getNameFromRequest(inputStream));
                    break;
                case 62:
                    this.caManager.restartCaSystem();
                    break;
                case 63:
                    MgmtRequest.RevokeCa revokeCa = (MgmtRequest.RevokeCa) parse(inputStream, MgmtRequest.RevokeCa.class);
                    this.caManager.revokeCa(revokeCa.getCaName(), revokeCa.getRevocationInfo());
                    break;
                case 64:
                case 65:
                    MgmtRequest.RevokeCertificate revokeCertificate = (MgmtRequest.RevokeCertificate) parse(inputStream, MgmtRequest.RevokeCertificate.class);
                    this.caManager.revokeCertificate(revokeCertificate.getCaName(), revokeCertificate.getSerialNumber(), revokeCertificate.getReason(), revokeCertificate.getInvalidityTime());
                    break;
                case 66:
                    MgmtRequest.TokenInfoP11 tokenInfoP11 = (MgmtRequest.TokenInfoP11) parse(inputStream, MgmtRequest.TokenInfoP11.class);
                    mgmtMessage = new MgmtResponse.StringResponse(this.caManager.getTokenInfoP11(tokenInfoP11.getModuleName(), tokenInfoP11.getSlotIndex(), tokenInfoP11.isVerbose()));
                    break;
                case 67:
                    this.caManager.unlockCa();
                    break;
                case 68:
                    this.caManager.unrevokeCa(getNameFromRequest(inputStream));
                    break;
                case 69:
                    MgmtRequest.UnsuspendCertificate unsuspendCertificate = (MgmtRequest.UnsuspendCertificate) parse(inputStream, MgmtRequest.UnsuspendCertificate.class);
                    this.caManager.unsuspendCertificate(unsuspendCertificate.getCaName(), unsuspendCertificate.getSerialNumber());
                    break;
                case 70:
                    MgmtRequest.AddOrChangeDbSchema addOrChangeDbSchema = (MgmtRequest.AddOrChangeDbSchema) parse(inputStream, MgmtRequest.AddOrChangeDbSchema.class);
                    this.caManager.addDbSchema(addOrChangeDbSchema.getName(), addOrChangeDbSchema.getValue());
                    break;
                case 71:
                    MgmtRequest.AddOrChangeDbSchema addOrChangeDbSchema2 = (MgmtRequest.AddOrChangeDbSchema) parse(inputStream, MgmtRequest.AddOrChangeDbSchema.class);
                    this.caManager.changeDbSchema(addOrChangeDbSchema2.getName(), addOrChangeDbSchema2.getValue());
                    break;
                case 72:
                    this.caManager.removeDbSchema(getNameFromRequest(inputStream));
                    break;
                case 73:
                    mgmtMessage = new MgmtResponse.GetDbSchemas(this.caManager.getDbSchemas());
                    break;
                case 74:
                    this.caManager.addKeypairGen(((MgmtRequest.AddKeypairGen) parse(inputStream, MgmtRequest.AddKeypairGen.class)).getEntry());
                    break;
                case 75:
                    MgmtRequest.ChangeTypeConfEntity changeTypeConfEntity4 = (MgmtRequest.ChangeTypeConfEntity) parse(inputStream, MgmtRequest.ChangeTypeConfEntity.class);
                    this.caManager.changeKeypairGen(changeTypeConfEntity4.getName(), changeTypeConfEntity4.getType(), changeTypeConfEntity4.getConf());
                    break;
                case 76:
                    this.caManager.removeKeypairGen(getNameFromRequest(inputStream));
                    break;
                case 77:
                    mgmtMessage = new MgmtResponse.StringSet(this.caManager.getKeypairGenNames());
                    break;
                case 78:
                    String nameFromRequest7 = getNameFromRequest(inputStream);
                    KeypairGenEntry keypairGen = this.caManager.getKeypairGen(nameFromRequest7);
                    if (keypairGen == null) {
                        throw new CaMgmtException("Unknown KeypairGen " + nameFromRequest7);
                    }
                    mgmtMessage = new MgmtResponse.GetKeypairGen(keypairGen);
                    break;
                default:
                    throw new MyException(HttpStatusCode.SC_NOT_FOUND, "unsupported action " + substring);
            }
            new HttpResponse(HttpStatusCode.SC_OK, CT_RESPONSE, null, mgmtMessage == null ? new byte[0] : JSON.toJSONBytes(mgmtMessage)).fillResponse(xiHttpResponse);
        } catch (CaMgmtException e3) {
            LOG.error("CaMgmtException", (Throwable) e3);
            new HttpResponse(500, null, Collections.singletonMap(HttpConstants.HEADER_XIPKI_ERROR, e3.getMessage()), null).fillResponse(xiHttpResponse);
        } catch (MyException e4) {
            new HttpResponse(e4.getStatus(), null, Collections.singletonMap(HttpConstants.HEADER_XIPKI_ERROR, e4.getMessage()), null).fillResponse(xiHttpResponse);
        } catch (Throwable th) {
            LOG.error("Throwable thrown, this should not happen!", th);
            new HttpResponse(500).fillResponse(xiHttpResponse);
        }
    }

    private static MgmtResponse.ByteArray toByteArray(X509Cert x509Cert) {
        return x509Cert == null ? new MgmtResponse.ByteArray(null) : new MgmtResponse.ByteArray(x509Cert.getEncoded());
    }

    private static MgmtResponse.ByteArray toByteArray(MgmtMessage.MgmtAction mgmtAction, X509CRLHolder x509CRLHolder) throws MyException {
        if (x509CRLHolder == null) {
            return new MgmtResponse.ByteArray(null);
        }
        try {
            return new MgmtResponse.ByteArray(x509CRLHolder.getEncoded());
        } catch (IOException e) {
            LOG.error(mgmtAction + ": could not encode the generated CRL", (Throwable) e);
            throw new MyException(500, "could not encode the generated CRL");
        }
    }

    private static String getNameFromRequest(InputStream inputStream) throws CaMgmtException {
        return ((MgmtRequest.Name) parse(inputStream, MgmtRequest.Name.class)).getName();
    }

    private static <T extends MgmtRequest> T parse(InputStream inputStream, Class<T> cls) throws CaMgmtException {
        try {
            try {
                if (!LOG.isDebugEnabled()) {
                    T t = (T) JSON.parseObject(inputStream, cls);
                    if (inputStream != null) {
                        inputStream.close();
                    }
                    return t;
                }
                byte[] readAllBytes = IoUtil.readAllBytes(inputStream);
                LOG.debug("received request ({}): {}", cls.getName(), new String(readAllBytes));
                T t2 = (T) JSON.parseObject(readAllBytes, cls);
                if (inputStream != null) {
                    inputStream.close();
                }
                return t2;
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (IOException | RuntimeException e) {
            LOG.error("cannot parse request " + cls + " from InputStream", e);
            throw new CaMgmtException(e);
        }
    }

    private static <T extends MgmtRequest> T parse2(InputStream inputStream, Class<T> cls) throws CaMgmtException {
        try {
            try {
                T t = (T) JSON.parseObject(inputStream, cls);
                if (inputStream != null) {
                    inputStream.close();
                }
                return t;
            } finally {
            }
        } catch (IOException | RuntimeException e) {
            LOG.error("cannot parse request " + cls + " from InputStream", e);
            throw new CaMgmtException(e);
        }
    }
}
