package org.xipki.ca.server.netty;

import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpVersion;
import java.io.EOFException;
import javax.net.ssl.SSLSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.ca.server.api.CmpResponder;
import org.xipki.ca.server.api.ResponderManager;
import org.xipki.http.servlet.AbstractHttpServlet;
import org.xipki.http.servlet.ServletURI;
import org.xipki.http.servlet.SslReverseProxyMode;
import org.xipki.util.HealthCheckResult;
import org.xipki.util.LogUtil;
import org.xipki.util.ParamUtil;

/* loaded from: input_file:org/xipki/ca/server/netty/HealthCheckServlet.class */
public class HealthCheckServlet extends AbstractHttpServlet {
    private static final Logger LOG = LoggerFactory.getLogger(HealthCheckServlet.class);
    private static final String CT_RESPONSE = "application/json";
    private ResponderManager responderManager;

    public void setResponderManager(ResponderManager responderManager) {
        this.responderManager = (ResponderManager) ParamUtil.requireNonNull("responderManager", responderManager);
    }

    public FullHttpResponse service(FullHttpRequest fullHttpRequest, ServletURI servletURI, SSLSession sSLSession, SslReverseProxyMode sslReverseProxyMode) throws Exception {
        FullHttpResponse service0 = service0(fullHttpRequest, servletURI, sSLSession);
        service0.headers().add("Access-Control-Allow-Origin", "*");
        return service0;
    }

    private FullHttpResponse service0(FullHttpRequest fullHttpRequest, ServletURI servletURI, SSLSession sSLSession) {
        HttpVersion protocolVersion = fullHttpRequest.protocolVersion();
        if (fullHttpRequest.method() != HttpMethod.GET) {
            return createErrorResponse(protocolVersion, HttpResponseStatus.METHOD_NOT_ALLOWED);
        }
        try {
            if (this.responderManager == null) {
                LOG.error("responderManager in servlet is not configured");
                return createErrorResponse(protocolVersion, HttpResponseStatus.INTERNAL_SERVER_ERROR);
            }
            String str = null;
            CmpResponder cmpResponder = null;
            if (servletURI.getPath().length() > 1) {
                String substring = servletURI.getPath().substring(1);
                str = this.responderManager.getCaNameForAlias(substring);
                if (str == null) {
                    str = substring.toLowerCase();
                }
                cmpResponder = this.responderManager.getX509CaResponder(str);
            }
            if (str == null || cmpResponder == null || !cmpResponder.isOnService()) {
                LOG.warn(str == null ? "no CA is specified" : cmpResponder == null ? "unknown CA '" + str + "'" : "CA '" + str + "' is out of service");
                return createErrorResponse(protocolVersion, HttpResponseStatus.NOT_FOUND);
            }
            HealthCheckResult healthCheck = cmpResponder.healthCheck();
            return createResponse(protocolVersion, healthCheck.isHealthy() ? HttpResponseStatus.OK : HttpResponseStatus.INTERNAL_SERVER_ERROR, CT_RESPONSE, healthCheck.toJsonMessage(true).getBytes());
        } catch (Throwable th) {
            if (th instanceof EOFException) {
                LogUtil.warn(LOG, th, "connection reset by peer");
            } else {
                LOG.error("Throwable thrown, this should not happen!", th);
            }
            return createErrorResponse(protocolVersion, HttpResponseStatus.INTERNAL_SERVER_ERROR);
        }
    }
}
