package org.astrogrid.security.delegation;

import ca.nrc.cadc.auth.SSLUtil;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/astrogrid/security/delegation/CertificateProcessor.class */
public class CertificateProcessor extends ResourceProcessor {
    private static final Logger log = Logger.getLogger(CertificateProcessor.class);

    @Override // org.astrogrid.security.delegation.ResourceProcessor
    public void service(HttpServletRequest httpServletRequest, DelegationUri delegationUri, HttpServletResponse httpServletResponse) throws IOException {
        if (httpServletRequest.getMethod().equals("GET")) {
            sendCertificate(delegationUri.getUser(), httpServletResponse);
        } else if (httpServletRequest.getMethod().equals("PUT")) {
            receiveCertificate(httpServletRequest, delegationUri.getUser(), httpServletResponse);
        } else {
            httpServletResponse.setHeader("Accept", "GET");
            httpServletResponse.sendError(405);
        }
    }

    private void sendCertificate(String str, HttpServletResponse httpServletResponse) throws IOException {
        if (!Delegations.getInstance().hasCertificate(str)) {
            httpServletResponse.sendError(404);
        } else {
            httpServletResponse.setContentType("text/plain");
            Delegations.getInstance().writeCertificate(str, httpServletResponse.getWriter());
        }
    }

    private void receiveCertificate(HttpServletRequest httpServletRequest, String str, HttpServletResponse httpServletResponse) throws IOException {
        int read;
        if (!Delegations.getInstance().isKnown(str)) {
            httpServletResponse.sendError(404);
            return;
        }
        try {
            int i = 0;
            byte[] bArr = new byte[10000];
            while (i < 10000 && (read = httpServletRequest.getInputStream().read(bArr, i, 10000 - i)) != -1) {
                i += read;
            }
            if (i == 10000) {
                throw new CertificateException("Certificate to read too large (>10000 bytes)");
            }
            Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X509").generateCertificates(new BufferedInputStream(new ByteArrayInputStream(SSLUtil.getCertificates(bArr))));
            try {
                Delegations.getInstance().setCertificates(str, (X509Certificate[]) generateCertificates.toArray(new X509Certificate[generateCertificates.size()]));
                log.info("Received a certificate for " + ((X509Certificate) generateCertificates.iterator().next()).getSubjectX500Principal() + " (" + str + ").");
            } catch (InvalidKeyException e) {
                throw new RuntimeException(e);
            }
        } catch (CertificateException e2) {
            System.out.println(e2);
            httpServletResponse.sendError(400, "Failed to parse the certificate: " + e2);
        }
    }
}
