package org.xipki.ocsp.servlet;

import java.io.IOException;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.ocsp.api.mgmt.MgmtMessage;
import org.xipki.ocsp.server.OcspServerImpl;
import org.xipki.password.PasswordResolverException;
import org.xipki.security.X509Cert;
import org.xipki.util.Args;
import org.xipki.util.HttpConstants;
import org.xipki.util.exception.InvalidConfException;

/* loaded from: input_file:WEB-INF/classes/org/xipki/ocsp/servlet/HttpMgmtServlet.class */
public class HttpMgmtServlet extends HttpServlet {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) HttpMgmtServlet.class);
    private static final String CT_RESPONSE = "application/json";
    private Set<X509Cert> mgmtCerts;
    private OcspServerImpl ocspServer;

    /* loaded from: input_file:WEB-INF/classes/org/xipki/ocsp/servlet/HttpMgmtServlet$MyException.class */
    private static final class MyException extends Exception {
        private final int status;

        public MyException(int i, String str) {
            super(str);
            this.status = i;
        }

        public int getStatus() {
            return this.status;
        }
    }

    public void setMgmtCerts(Set<X509Cert> set) {
        this.mgmtCerts = new HashSet(Args.notEmpty((Set) set, "mgmtCerts"));
    }

    public void setOcspServer(OcspServerImpl ocspServerImpl) {
        this.ocspServer = (OcspServerImpl) Args.notNull(ocspServerImpl, "ocspServer");
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            try {
                try {
                    X509Cert tlsClientCert = TlsHelper.getTlsClientCert(httpServletRequest);
                    if (tlsClientCert == null) {
                        throw new MyException(401, "remote management is not permitted if TLS client certificate is not present");
                    }
                    if (!this.mgmtCerts.contains(tlsClientCert)) {
                        throw new MyException(401, "remote management is not permitted to the client without valid certificate");
                    }
                    String str = (String) httpServletRequest.getAttribute(HttpConstants.ATTR_XIPKI_PATH);
                    if (str == null || str.length() < 2) {
                        throw new MyException(404, "no action is specified");
                    }
                    String substring = str.substring(1);
                    MgmtMessage.MgmtAction ofName = MgmtMessage.MgmtAction.ofName(substring);
                    if (ofName == null) {
                        throw new MyException(404, "unknown action '" + substring + "'");
                    }
                    if (ofName != MgmtMessage.MgmtAction.restartServer) {
                        throw new MyException(404, "unsupported action " + ofName);
                    }
                    try {
                        this.ocspServer.init(true);
                        httpServletResponse.setContentType(CT_RESPONSE);
                        httpServletResponse.setStatus(200);
                        httpServletResponse.setContentLength(0);
                        httpServletResponse.flushBuffer();
                    } catch (PasswordResolverException | InvalidConfException e) {
                        LOG.warn(ofName + ": could not restart OCSP server", (Throwable) e);
                        throw new MyException(500, "could not build the CaEntry: " + e.getMessage());
                    }
                } catch (MyException e2) {
                    httpServletResponse.setHeader(HttpConstants.HEADER_XIPKI_ERROR, e2.getMessage());
                    httpServletResponse.sendError(e2.getStatus());
                    httpServletResponse.flushBuffer();
                }
            } catch (Throwable th) {
                LOG.error("Throwable thrown, this should not happen!", th);
                httpServletResponse.sendError(500);
                httpServletResponse.flushBuffer();
            }
        } catch (Throwable th2) {
            httpServletResponse.flushBuffer();
            throw th2;
        }
    }
}
