package org.xipki.ca.gateway.cmp.servlet;

import java.io.EOFException;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.audit.AuditEvent;
import org.xipki.audit.AuditLevel;
import org.xipki.audit.AuditService;
import org.xipki.audit.AuditStatus;
import org.xipki.audit.Audits;
import org.xipki.ca.gateway.GatewayUtil;
import org.xipki.ca.gateway.HttpRespAuditException;
import org.xipki.ca.gateway.cmp.BaseCmpResponder;
import org.xipki.ca.gateway.cmp.CmpResponder;
import org.xipki.security.X509Cert;
import org.xipki.security.util.TlsHelper;
import org.xipki.util.Args;
import org.xipki.util.IoUtil;
import org.xipki.util.LogUtil;
import org.xipki.util.http.HttpResponse;
import org.xipki.util.http.XiHttpRequest;
import org.xipki.util.http.XiHttpResponse;

/* loaded from: input_file:org/xipki/ca/gateway/cmp/servlet/CmpHttpServlet.class */
class CmpHttpServlet {
    private static final Logger LOG = LoggerFactory.getLogger(CmpHttpServlet.class);
    private static final String CT_REQUEST = "application/pkixcmp";
    private static final String CT_RESPONSE = "application/pkixcmp";
    private boolean logReqResp;
    private CmpResponder responder;

    public void setLogReqResp(boolean z) {
        this.logReqResp = z;
    }

    public void setResponder(CmpResponder cmpResponder) {
        this.responder = (CmpResponder) Args.notNull(cmpResponder, "responder");
    }

    public void service(XiHttpRequest xiHttpRequest, XiHttpResponse xiHttpResponse) throws IOException {
        if ("POST".equalsIgnoreCase(xiHttpRequest.getMethod())) {
            doPost(xiHttpRequest).fillResponse(xiHttpResponse);
        } else {
            xiHttpResponse.setStatus(405);
        }
    }

    private HttpResponse doPost(XiHttpRequest xiHttpRequest) throws IOException {
        AuditLevel auditLevel;
        AuditStatus auditStatus;
        String str;
        X509Cert tlsClientCert = TlsHelper.getTlsClientCert(xiHttpRequest);
        AuditService auditService = Audits.getAuditService();
        AuditEvent auditEvent = new AuditEvent();
        auditEvent.setApplicationName("cmp-gw");
        try {
            try {
                String header = xiHttpRequest.getHeader("Content-Type");
                if (!"application/pkixcmp".equalsIgnoreCase(header)) {
                    throw new HttpRespAuditException(415, "unsupported media type " + header, AuditLevel.INFO, AuditStatus.FAILED);
                }
                String str2 = null;
                String servletPath = xiHttpRequest.getServletPath();
                if (servletPath.length() > 1) {
                    str2 = servletPath.substring(1).toLowerCase();
                }
                if (str2 == null) {
                    LOG.warn("no CA is specified");
                    throw new HttpRespAuditException(404, "no CA is specified", AuditLevel.INFO, AuditStatus.FAILED);
                }
                auditEvent.addEventData("ca", str2);
                byte[] readAllBytes = IoUtil.readAllBytes(xiHttpRequest.getInputStream());
                try {
                    PKIMessage pKIMessage = PKIMessage.getInstance(readAllBytes);
                    String header2 = xiHttpRequest.getHeader(BaseCmpResponder.HTTP_HEADER_certprofile);
                    String header3 = xiHttpRequest.getHeader(BaseCmpResponder.HTTP_HEADER_groupenroll);
                    HashMap hashMap = null;
                    if (header2 != null || header3 != null) {
                        hashMap = new HashMap(3);
                        if (header2 != null) {
                            hashMap.put(BaseCmpResponder.HTTP_HEADER_certprofile, header2);
                        }
                        if (header3 != null) {
                            hashMap.put(BaseCmpResponder.HTTP_HEADER_groupenroll, header3);
                        }
                    }
                    byte[] encoded = this.responder.processPkiMessage(str2, pKIMessage, tlsClientCert, hashMap, auditEvent).getEncoded();
                    HttpResponse httpResponse = new HttpResponse(200, "application/pkixcmp", (Map) null, encoded);
                    LogUtil.logReqResp("CMP Gateway", LOG, this.logReqResp, true, xiHttpRequest.getRequestURI(), readAllBytes, encoded);
                    auditEvent.finish();
                    auditService.logEvent(auditEvent);
                    GatewayUtil.logAuditEvent(LOG, auditEvent);
                    return httpResponse;
                } catch (Exception e) {
                    LogUtil.error(LOG, e, "could not parse the request (PKIMessage)");
                    throw new HttpRespAuditException(400, "bad request", AuditLevel.INFO, AuditStatus.FAILED);
                }
            } catch (Throwable th) {
                LogUtil.logReqResp("CMP Gateway", LOG, this.logReqResp, true, xiHttpRequest.getRequestURI(), (byte[]) null, (byte[]) null);
                auditEvent.finish();
                auditService.logEvent(auditEvent);
                GatewayUtil.logAuditEvent(LOG, auditEvent);
                throw th;
            }
        } catch (Throwable th2) {
            int i = 500;
            if (th2 instanceof HttpRespAuditException) {
                HttpRespAuditException httpRespAuditException = th2;
                i = httpRespAuditException.getHttpStatus();
                auditStatus = httpRespAuditException.getAuditStatus();
                auditLevel = httpRespAuditException.getAuditLevel();
                str = httpRespAuditException.getAuditMessage();
            } else {
                auditLevel = AuditLevel.ERROR;
                auditStatus = AuditStatus.FAILED;
                str = "internal error";
                if (th2 instanceof EOFException) {
                    LogUtil.warn(LOG, th2, "connection reset by peer");
                } else {
                    LOG.error("Throwable thrown, this should not happen!", th2);
                }
            }
            auditEvent.setStatus(auditStatus);
            auditEvent.setLevel(auditLevel);
            if (str != null) {
                auditEvent.addEventData("message", str);
            }
            HttpResponse httpResponse2 = new HttpResponse(i);
            LogUtil.logReqResp("CMP Gateway", LOG, this.logReqResp, true, xiHttpRequest.getRequestURI(), (byte[]) null, (byte[]) null);
            auditEvent.finish();
            auditService.logEvent(auditEvent);
            GatewayUtil.logAuditEvent(LOG, auditEvent);
            return httpResponse2;
        }
    }
}
