package ca.nrc.cadc.cred.server;

import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.log.ServletLogInfo;
import java.io.IOException;
import java.security.AccessControlException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.astrogrid.security.delegation.DelegationServlet;

/* loaded from: input_file:ca/nrc/cadc/cred/server/CadcDelegationServlet.class */
public class CadcDelegationServlet extends DelegationServlet {
    private static final long serialVersionUID = 2740612605831268729L;
    private static Logger LOGGER = Logger.getLogger(CadcDelegationServlet.class);
    public static final String SU_DNS = "suDNs";
    private Set<X500Principal> suDNs = new HashSet();

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        try {
            CredConfig credConfig = (CredConfig) new InitialContext().lookup(CredConfig.JDNI_KEY);
            LOGGER.info("JDNI config: " + credConfig);
            if (credConfig != null) {
                for (X500Principal x500Principal : credConfig.getDelegateUsers()) {
                    this.suDNs.add(x500Principal);
                    LOGGER.info("SU: " + x500Principal + " " + credConfig.proxyMaxDaysValid);
                }
            }
        } catch (NamingException e) {
            LOGGER.debug("BUG: unable to lookup CredConfig with key cred-runtime-config", e);
            String initParameter = servletConfig.getInitParameter(SU_DNS);
            if (initParameter != null) {
                for (String str : initParameter.split("\n")) {
                    X500Principal x500Principal2 = new X500Principal(str.replaceAll("\"", "").trim());
                    this.suDNs.add(x500Principal2);
                    LOGGER.info("SU: " + x500Principal2.getName());
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.astrogrid.security.delegation.DelegationServlet
    public void service(final HttpServletRequest httpServletRequest, final HttpServletResponse httpServletResponse) throws IOException {
        ServletLogInfo servletLogInfo = new ServletLogInfo(httpServletRequest);
        LOGGER.info(servletLogInfo.start());
        long currentTimeMillis = System.currentTimeMillis();
        try {
            try {
                Subject createSubject = createSubject(httpServletRequest);
                servletLogInfo.setSubject(createSubject);
                Subject.doAs(createSubject, new PrivilegedExceptionAction<Object>() { // from class: ca.nrc.cadc.cred.server.CadcDelegationServlet.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws IOException {
                        CadcDelegationServlet.this.handleService(httpServletRequest, httpServletResponse);
                        return null;
                    }
                });
                servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                LOGGER.info(servletLogInfo.end());
            } catch (Throwable th) {
                th = th;
                LOGGER.debug(th);
                if (th instanceof PrivilegedActionException) {
                    th = ((PrivilegedActionException) th).getCause();
                    LOGGER.debug(th);
                }
                servletLogInfo.setMessage(th.getMessage());
                servletLogInfo.setSuccess(false);
                if (th instanceof AccessControlException) {
                    httpServletResponse.setStatus(401);
                    httpServletResponse.getWriter().println("Unauthorized");
                } else if (th instanceof IllegalArgumentException) {
                    httpServletResponse.setStatus(400);
                    httpServletResponse.getWriter().println("Bad Request: " + th.getMessage());
                } else {
                    httpServletResponse.setStatus(500);
                    httpServletResponse.getWriter().println("Internal Error: " + th.getMessage());
                }
                servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                LOGGER.info(servletLogInfo.end());
            }
        } catch (Throwable th2) {
            servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
            LOGGER.info(servletLogInfo.end());
            throw th2;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void handleService(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        super.service(httpServletRequest, httpServletResponse);
    }

    private Subject createSubject(HttpServletRequest httpServletRequest) {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
        if (x509CertificateArr != null && x509CertificateArr.length > 0) {
            Arrays.asList(x509CertificateArr);
        }
        Subject subject = AuthenticationUtil.getSubject(httpServletRequest, false);
        Subject subject2 = subject;
        String parameter = httpServletRequest.getParameter("DN");
        if (parameter != null) {
            boolean z = false;
            for (X500Principal x500Principal : subject.getPrincipals(X500Principal.class)) {
                Iterator<X500Principal> it = this.suDNs.iterator();
                while (it.hasNext()) {
                    if (AuthenticationUtil.equals(x500Principal, it.next())) {
                        z = true;
                    }
                }
            }
            if (!z) {
                throw new AccessControlException("create certficate for " + parameter);
            }
            X500Principal x500Principal2 = new X500Principal(parameter);
            subject2 = new Subject();
            subject2.getPrincipals().add(x500Principal2);
            LOGGER.debug("Superuser ... access on behalf of user " + parameter);
        }
        return subject2;
    }
}
