package org.xipki.ca.server.impl.cmp;

import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpVersion;
import java.io.EOFException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.net.ssl.SSLSession;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.audit.AuditEvent;
import org.xipki.audit.AuditLevel;
import org.xipki.audit.AuditService;
import org.xipki.audit.AuditServiceRegister;
import org.xipki.audit.AuditStatus;
import org.xipki.ca.api.RequestType;
import org.xipki.ca.server.impl.CaAuditConstants;
import org.xipki.ca.server.impl.HttpRespAuditException;
import org.xipki.common.util.LogUtil;
import org.xipki.http.servlet.AbstractHttpServlet;
import org.xipki.http.servlet.ServletURI;
import org.xipki.http.servlet.SslReverseProxyMode;

/* loaded from: input_file:org/xipki/ca/server/impl/cmp/HttpCmpServlet.class */
public class HttpCmpServlet extends AbstractHttpServlet {
    private static final Logger LOG = LoggerFactory.getLogger(HttpCmpServlet.class);
    private static final String CT_REQUEST = "application/pkixcmp";
    private static final String CT_RESPONSE = "application/pkixcmp";
    private CmpResponderManager responderManager;
    private AuditServiceRegister auditServiceRegister;

    public boolean needsTlsSessionInfo() {
        return true;
    }

    public FullHttpResponse service(FullHttpRequest fullHttpRequest, ServletURI servletURI, SSLSession sSLSession, SslReverseProxyMode sslReverseProxyMode) throws Exception {
        HttpVersion protocolVersion = fullHttpRequest.protocolVersion();
        if (fullHttpRequest.method() != HttpMethod.POST) {
            return createErrorResponse(protocolVersion, HttpResponseStatus.METHOD_NOT_ALLOWED);
        }
        X509Certificate clientCert = getClientCert(fullHttpRequest, sSLSession, sslReverseProxyMode);
        AuditService auditService = this.auditServiceRegister.getAuditService();
        AuditEvent auditEvent = new AuditEvent(new Date());
        auditEvent.setApplicationName("CA");
        auditEvent.setName(CaAuditConstants.NAME_PERF);
        auditEvent.addEventData(CaAuditConstants.NAME_reqType, RequestType.CMP.name());
        AuditLevel auditLevel = AuditLevel.INFO;
        AuditStatus auditStatus = AuditStatus.SUCCESSFUL;
        try {
            try {
                try {
                    if (this.responderManager == null) {
                        LOG.error("responderManager in servlet not configured");
                        throw new HttpRespAuditException(HttpResponseStatus.INTERNAL_SERVER_ERROR, "responderManager in servlet not configured", AuditLevel.ERROR, AuditStatus.FAILED);
                    }
                    String str = fullHttpRequest.headers().get("Content-Type");
                    if (!"application/pkixcmp".equalsIgnoreCase(str)) {
                        throw new HttpRespAuditException(HttpResponseStatus.UNSUPPORTED_MEDIA_TYPE, "unsupported media type " + str, AuditLevel.INFO, AuditStatus.FAILED);
                    }
                    String str2 = null;
                    X509CaCmpResponder x509CaCmpResponder = null;
                    if (servletURI.path().length() > 1) {
                        String substring = servletURI.path().substring(1);
                        str2 = this.responderManager.getCaNameForAlias(substring);
                        if (str2 == null) {
                            str2 = substring.toUpperCase();
                        }
                        x509CaCmpResponder = this.responderManager.getX509CaResponder(str2);
                    }
                    if (str2 == null || x509CaCmpResponder == null || !x509CaCmpResponder.isOnService()) {
                        String str3 = str2 == null ? "no CA is specified" : x509CaCmpResponder == null ? "unknown CA '" + str2 + "'" : "CA '" + str2 + "' is out of service";
                        LOG.warn(str3);
                        throw new HttpRespAuditException(HttpResponseStatus.NOT_FOUND, str3, AuditLevel.INFO, AuditStatus.FAILED);
                    }
                    auditEvent.addEventData("CA", x509CaCmpResponder.getCa().caIdent().name());
                    try {
                        FullHttpResponse createOKResponse = createOKResponse(protocolVersion, "application/pkixcmp", x509CaCmpResponder.processPkiMessage(PKIMessage.getInstance(readContent(fullHttpRequest)), clientCert, auditEvent).getEncoded());
                        audit(auditService, auditEvent, auditLevel, auditStatus, null);
                        return createOKResponse;
                    } catch (Exception e) {
                        LogUtil.error(LOG, e, "could not parse the request (PKIMessage)");
                        throw new HttpRespAuditException(HttpResponseStatus.BAD_REQUEST, "bad request", AuditLevel.INFO, AuditStatus.FAILED);
                    }
                } catch (HttpRespAuditException e2) {
                    AuditStatus auditStatus2 = e2.auditStatus();
                    AuditLevel auditLevel2 = e2.auditLevel();
                    String auditMessage = e2.auditMessage();
                    FullHttpResponse createErrorResponse = createErrorResponse(protocolVersion, e2.httpStatus());
                    audit(auditService, auditEvent, auditLevel2, auditStatus2, auditMessage);
                    return createErrorResponse;
                }
            } catch (Throwable th) {
                if (th instanceof EOFException) {
                    LogUtil.warn(LOG, th, "connection reset by peer");
                } else {
                    LOG.error("Throwable thrown, this should not happen!", th);
                }
                AuditLevel auditLevel3 = AuditLevel.ERROR;
                AuditStatus auditStatus3 = AuditStatus.FAILED;
                FullHttpResponse createErrorResponse2 = createErrorResponse(protocolVersion, HttpResponseStatus.INTERNAL_SERVER_ERROR);
                audit(auditService, auditEvent, auditLevel3, auditStatus3, "internal error");
                return createErrorResponse2;
            }
        } catch (Throwable th2) {
            audit(auditService, auditEvent, auditLevel, auditStatus, null);
            throw th2;
        }
    }

    public void setResponderManager(CmpResponderManager cmpResponderManager) {
        this.responderManager = cmpResponderManager;
    }

    public void setAuditServiceRegister(AuditServiceRegister auditServiceRegister) {
        this.auditServiceRegister = auditServiceRegister;
    }

    private static void audit(AuditService auditService, AuditEvent auditEvent, AuditLevel auditLevel, AuditStatus auditStatus, String str) {
        if (auditLevel != null) {
            auditEvent.setLevel(auditLevel);
        }
        if (auditStatus != null) {
            auditEvent.setStatus(auditStatus);
        }
        if (str != null) {
            auditEvent.addEventData(CaAuditConstants.NAME_message, str);
        }
        auditEvent.finish();
        auditService.logEvent(auditEvent);
    }
}
