package org.xipki.scep.serveremulator;

import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.util.Arrays;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSAbsentContent;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.scep.exception.MessageDecodingException;
import org.xipki.scep.message.CaCaps;
import org.xipki.scep.message.NextCaMessage;
import org.xipki.scep.serveremulator.AuditEvent;
import org.xipki.scep.transaction.CaCapability;
import org.xipki.scep.transaction.Operation;
import org.xipki.scep.util.ScepUtil;

/* loaded from: input_file:org/xipki/scep/serveremulator/ScepServlet.class */
public class ScepServlet extends HttpServlet {
    private static final long serialVersionUID = 7442535012222114067L;
    private static final Logger LOG = LoggerFactory.getLogger(ScepServlet.class);
    private static final String CT_RESPONSE = "application/x-pki-message";
    private ScepResponder responder;

    public ScepServlet(ScepResponder scepResponder) {
        this.responder = (ScepResponder) ScepUtil.requireNonNull("responder", scepResponder);
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        boolean z;
        String str;
        byte[] encoded;
        String method = httpServletRequest.getMethod();
        if ("GET".equals(method)) {
            z = false;
        } else {
            if (!"POST".equals(method)) {
                httpServletResponse.sendError(405);
                return;
            }
            z = true;
        }
        AuditEvent auditEvent = new AuditEvent();
        auditEvent.setName(ScepAuditConstants.NAME_PERF);
        auditEvent.putEventData(ScepAuditConstants.NAME_servletPath, httpServletRequest.getServletPath());
        AuditEvent.AuditLevel auditLevel = AuditEvent.AuditLevel.INFO;
        String str2 = null;
        try {
            try {
                CaCaps caCaps = this.responder.caCaps();
                if (z && !caCaps.containsCapability(CaCapability.POSTPKIOperation)) {
                    LOG.error("HTTP POST is not supported");
                    AuditEvent.AuditLevel auditLevel2 = AuditEvent.AuditLevel.ERROR;
                    httpServletResponse.sendError(400);
                    if (auditEvent.level() != AuditEvent.AuditLevel.ERROR) {
                        auditEvent.setLevel(auditLevel2);
                    }
                    if ("HTTP POST is not supported" != 0) {
                        auditEvent.putEventData("error", "HTTP POST is not supported");
                    }
                    auditEvent.log(LOG);
                    return;
                }
                String parameter = httpServletRequest.getParameter(ScepAuditConstants.NAME_operation);
                auditEvent.putEventData(ScepAuditConstants.NAME_operation, parameter);
                if ("PKIOperation".equalsIgnoreCase(parameter)) {
                    try {
                        try {
                            sendToResponse(httpServletResponse, CT_RESPONSE, this.responder.servicePkiOperation(new CMSSignedData(z ? ScepUtil.read(httpServletRequest.getInputStream()) : Base64.decode(httpServletRequest.getParameter("message"))), auditEvent).getEncoded());
                        } catch (MessageDecodingException e) {
                            LOG.error("could not decrypt and/or verify the request", e);
                            AuditEvent.AuditLevel auditLevel3 = AuditEvent.AuditLevel.ERROR;
                            httpServletResponse.sendError(400);
                            if (auditEvent.level() != AuditEvent.AuditLevel.ERROR) {
                                auditEvent.setLevel(auditLevel3);
                            }
                            if ("could not decrypt and/or verify the request" != 0) {
                                auditEvent.putEventData("error", "could not decrypt and/or verify the request");
                            }
                            auditEvent.log(LOG);
                            return;
                        } catch (CaException e2) {
                            LOG.error("system internal error", e2);
                            AuditEvent.AuditLevel auditLevel4 = AuditEvent.AuditLevel.ERROR;
                            httpServletResponse.sendError(500);
                            if (auditEvent.level() != AuditEvent.AuditLevel.ERROR) {
                                auditEvent.setLevel(auditLevel4);
                            }
                            if ("system internal error" != 0) {
                                auditEvent.putEventData("error", "system internal error");
                            }
                            auditEvent.log(LOG);
                            return;
                        }
                    } catch (Exception e3) {
                        LOG.error("invalid request", LOG);
                        AuditEvent.AuditLevel auditLevel5 = AuditEvent.AuditLevel.ERROR;
                        httpServletResponse.sendError(400);
                        if (auditEvent.level() != AuditEvent.AuditLevel.ERROR) {
                            auditEvent.setLevel(auditLevel5);
                        }
                        if ("invalid request" != 0) {
                            auditEvent.putEventData("error", "invalid request");
                        }
                        auditEvent.log(LOG);
                        return;
                    }
                } else if (Operation.GetCACaps.code().equalsIgnoreCase(parameter)) {
                    sendToResponse(httpServletResponse, "text/plain", this.responder.caCaps().bytes());
                } else if (Operation.GetCACert.code().equalsIgnoreCase(parameter)) {
                    if (this.responder.raEmulator() == null) {
                        str = "application/x-x509-ca-cert";
                        encoded = this.responder.caEmulator().caCertBytes();
                    } else {
                        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
                        try {
                            cMSSignedDataGenerator.addCertificate(new X509CertificateHolder(this.responder.caEmulator().caCert()));
                            str = "application/x-x509-ca-ra-cert";
                            cMSSignedDataGenerator.addCertificate(new X509CertificateHolder(this.responder.raEmulator().raCert()));
                            encoded = cMSSignedDataGenerator.generate(new CMSAbsentContent()).getEncoded();
                        } catch (CMSException e4) {
                            LOG.error("system internal error", e4);
                            AuditEvent.AuditLevel auditLevel6 = AuditEvent.AuditLevel.ERROR;
                            httpServletResponse.sendError(500);
                            if (auditEvent.level() != AuditEvent.AuditLevel.ERROR) {
                                auditEvent.setLevel(auditLevel6);
                            }
                            if ("system internal error" != 0) {
                                auditEvent.putEventData("error", "system internal error");
                            }
                            auditEvent.log(LOG);
                            return;
                        }
                    }
                    sendToResponse(httpServletResponse, str, encoded);
                } else if (!Operation.GetNextCACert.code().equalsIgnoreCase(parameter)) {
                    str2 = "unknown SCEP operation '" + parameter + "'";
                    auditLevel = AuditEvent.AuditLevel.ERROR;
                    httpServletResponse.sendError(400);
                } else {
                    if (this.responder.nextCaAndRa() == null) {
                        String str3 = "SCEP operation '" + parameter + "' is not permitted";
                        AuditEvent.AuditLevel auditLevel7 = AuditEvent.AuditLevel.ERROR;
                        httpServletResponse.sendError(403);
                        if (auditEvent.level() != AuditEvent.AuditLevel.ERROR) {
                            auditEvent.setLevel(auditLevel7);
                        }
                        if (str3 != null) {
                            auditEvent.putEventData("error", str3);
                        }
                        auditEvent.log(LOG);
                        return;
                    }
                    try {
                        NextCaMessage nextCaMessage = new NextCaMessage();
                        nextCaMessage.setCaCert(ScepUtil.toX509Cert(this.responder.nextCaAndRa().caCert()));
                        if (this.responder.nextCaAndRa().raCert() != null) {
                            nextCaMessage.setRaCerts(Arrays.asList(ScepUtil.toX509Cert(this.responder.nextCaAndRa().raCert())));
                        }
                        sendToResponse(httpServletResponse, "application/x-x509-next-ca-cert", this.responder.encode(nextCaMessage).getEncoded());
                    } catch (Exception e5) {
                        LOG.error("system internal error", LOG);
                        str2 = "system internal error";
                        auditLevel = AuditEvent.AuditLevel.ERROR;
                        httpServletResponse.sendError(500);
                    }
                }
                if (auditEvent.level() != AuditEvent.AuditLevel.ERROR) {
                    auditEvent.setLevel(auditLevel);
                }
                if (str2 != null) {
                    auditEvent.putEventData("error", str2);
                }
                auditEvent.log(LOG);
            } catch (Throwable th) {
                if (auditEvent.level() != AuditEvent.AuditLevel.ERROR) {
                    auditEvent.setLevel(auditLevel);
                }
                if (0 != 0) {
                    auditEvent.putEventData("error", null);
                }
                auditEvent.log(LOG);
                throw th;
            }
        } catch (EOFException e6) {
            LOG.warn("connection reset by peer", e6);
            httpServletResponse.sendError(500);
            if (auditEvent.level() != AuditEvent.AuditLevel.ERROR) {
                auditEvent.setLevel(auditLevel);
            }
            if (0 != 0) {
                auditEvent.putEventData("error", null);
            }
            auditEvent.log(LOG);
        } catch (Throwable th2) {
            LOG.error("Throwable thrown, this should not happen!", th2);
            AuditEvent.AuditLevel auditLevel8 = AuditEvent.AuditLevel.ERROR;
            httpServletResponse.sendError(500);
            if (auditEvent.level() != AuditEvent.AuditLevel.ERROR) {
                auditEvent.setLevel(auditLevel8);
            }
            if ("internal error" != 0) {
                auditEvent.putEventData("error", "internal error");
            }
            auditEvent.log(LOG);
        }
    }

    private void sendToResponse(HttpServletResponse httpServletResponse, String str, byte[] bArr) throws IOException {
        httpServletResponse.setContentType(str);
        httpServletResponse.setContentLength(bArr.length);
        httpServletResponse.getOutputStream().write(bArr);
    }

    protected PKIMessage generatePkiMessage(InputStream inputStream) throws IOException {
        ScepUtil.requireNonNull("is", inputStream);
        ASN1InputStream aSN1InputStream = new ASN1InputStream(inputStream);
        try {
            return PKIMessage.getInstance(aSN1InputStream.readObject());
        } finally {
            try {
                aSN1InputStream.close();
            } catch (Exception e) {
                LOG.error("could not close stream: {}", e.getMessage());
            }
        }
    }
}
