package org.xipki.ca.gateway.cmp.servlet;

import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.audit.AuditEvent;
import org.xipki.audit.AuditLevel;
import org.xipki.audit.AuditService;
import org.xipki.audit.AuditStatus;
import org.xipki.audit.Audits;
import org.xipki.ca.gateway.GatewayUtil;
import org.xipki.ca.gateway.cmp.CmpResponder;
import org.xipki.ca.gateway.servlet.HttpRespAuditException;
import org.xipki.ca.gateway.servlet.ServletHelper;
import org.xipki.ca.sdk.CaAuditConstants;
import org.xipki.security.X509Cert;
import org.xipki.util.Args;
import org.xipki.util.IoUtil;
import org.xipki.util.LogUtil;

/* loaded from: input_file:WEB-INF/classes/org/xipki/ca/gateway/cmp/servlet/HttpCmpServlet.class */
public class HttpCmpServlet extends HttpServlet {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) HttpCmpServlet.class);
    private static final String CT_REQUEST = "application/pkixcmp";
    private static final String CT_RESPONSE = "application/pkixcmp";
    private boolean logReqResp;
    private CmpResponder responder;

    public void setLogReqResp(boolean z) {
        this.logReqResp = z;
    }

    public void setResponder(CmpResponder cmpResponder) {
        this.responder = (CmpResponder) Args.notNull(cmpResponder, "responder");
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        AuditLevel auditLevel;
        AuditStatus auditStatus;
        String str;
        X509Cert tlsClientCert = ServletHelper.getTlsClientCert(httpServletRequest);
        AuditService auditService = Audits.getAuditService();
        AuditEvent auditEvent = new AuditEvent(new Date());
        auditEvent.setApplicationName("cmp-gw");
        try {
            try {
                String header = httpServletRequest.getHeader("Content-Type");
                if (!"application/pkixcmp".equalsIgnoreCase(header)) {
                    throw new HttpRespAuditException(415, "unsupported media type " + header, AuditLevel.INFO, AuditStatus.FAILED);
                }
                String servletPath = httpServletRequest.getServletPath();
                String lowerCase = servletPath.length() > 1 ? servletPath.substring(1).toLowerCase() : null;
                if (lowerCase == null) {
                    LOG.warn("no CA is specified");
                    throw new HttpRespAuditException(404, "no CA is specified", AuditLevel.INFO, AuditStatus.FAILED);
                }
                auditEvent.addEventData("ca", lowerCase);
                byte[] read = IoUtil.read((InputStream) httpServletRequest.getInputStream());
                try {
                    PKIMessage pKIMessage = PKIMessage.getInstance(read);
                    Map parameterMap = httpServletRequest.getParameterMap();
                    HashMap hashMap = new HashMap();
                    for (Map.Entry entry : parameterMap.entrySet()) {
                        hashMap.put(entry.getKey(), ((String[]) entry.getValue())[0]);
                    }
                    byte[] encoded = this.responder.processPkiMessage(lowerCase, pKIMessage, tlsClientCert, hashMap, auditEvent).getEncoded();
                    ServletHelper.logReqResp("CMP Gateway", LOG, this.logReqResp, true, httpServletRequest, read, encoded);
                    httpServletResponse.setContentType("application/pkixcmp");
                    httpServletResponse.setContentLength(encoded.length);
                    httpServletResponse.getOutputStream().write(encoded);
                    httpServletResponse.flushBuffer();
                    auditEvent.finish();
                    auditService.logEvent(auditEvent);
                    GatewayUtil.logAuditEvent(LOG, auditEvent);
                } catch (Exception e) {
                    LogUtil.error(LOG, e, "could not parse the request (PKIMessage)");
                    throw new HttpRespAuditException(400, "bad request", AuditLevel.INFO, AuditStatus.FAILED);
                }
            } catch (Throwable th) {
                int i = 500;
                if (th instanceof HttpRespAuditException) {
                    HttpRespAuditException httpRespAuditException = (HttpRespAuditException) th;
                    i = httpRespAuditException.getHttpStatus();
                    auditStatus = httpRespAuditException.getAuditStatus();
                    auditLevel = httpRespAuditException.getAuditLevel();
                    str = httpRespAuditException.getAuditMessage();
                } else {
                    auditLevel = AuditLevel.ERROR;
                    auditStatus = AuditStatus.FAILED;
                    str = "internal error";
                    if (th instanceof EOFException) {
                        LogUtil.warn(LOG, th, "connection reset by peer");
                    } else {
                        LOG.error("Throwable thrown, this should not happen!", th);
                    }
                }
                auditEvent.setStatus(auditStatus);
                auditEvent.setLevel(auditLevel);
                if (str != null) {
                    auditEvent.addEventData(CaAuditConstants.NAME_message, str);
                }
                httpServletResponse.sendError(i);
                httpServletResponse.flushBuffer();
                auditEvent.finish();
                auditService.logEvent(auditEvent);
                GatewayUtil.logAuditEvent(LOG, auditEvent);
            }
        } catch (Throwable th2) {
            httpServletResponse.flushBuffer();
            auditEvent.finish();
            auditService.logEvent(auditEvent);
            GatewayUtil.logAuditEvent(LOG, auditEvent);
            throw th2;
        }
    }
}
