package org.xipki.ca.server.netty;

import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpVersion;
import java.io.EOFException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.net.ssl.SSLSession;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.audit.AuditEvent;
import org.xipki.audit.AuditLevel;
import org.xipki.audit.AuditService;
import org.xipki.audit.AuditServiceRegister;
import org.xipki.audit.AuditStatus;
import org.xipki.ca.api.RequestType;
import org.xipki.ca.server.api.CmpResponder;
import org.xipki.ca.server.api.ResponderManager;
import org.xipki.http.servlet.AbstractHttpServlet;
import org.xipki.http.servlet.ServletURI;
import org.xipki.http.servlet.SslReverseProxyMode;
import org.xipki.util.LogUtil;

/* loaded from: input_file:org/xipki/ca/server/netty/HttpCmpServlet.class */
public class HttpCmpServlet extends AbstractHttpServlet {
    private static final Logger LOG = LoggerFactory.getLogger(HttpCmpServlet.class);
    private static final String CT_REQUEST = "application/pkixcmp";
    private static final String CT_RESPONSE = "application/pkixcmp";
    private ResponderManager responderManager;
    private AuditServiceRegister auditServiceRegister;

    public boolean needsTlsSessionInfo() {
        return true;
    }

    public FullHttpResponse service(FullHttpRequest fullHttpRequest, ServletURI servletURI, SSLSession sSLSession, SslReverseProxyMode sslReverseProxyMode) throws Exception {
        AuditLevel auditLevel;
        AuditStatus auditStatus;
        String str;
        HttpVersion protocolVersion = fullHttpRequest.protocolVersion();
        if (fullHttpRequest.method() != HttpMethod.POST) {
            return createErrorResponse(protocolVersion, HttpResponseStatus.METHOD_NOT_ALLOWED);
        }
        X509Certificate clientCert = getClientCert(fullHttpRequest, sSLSession, sslReverseProxyMode);
        AuditService auditService = this.auditServiceRegister.getAuditService();
        AuditEvent auditEvent = new AuditEvent(new Date());
        auditEvent.setApplicationName("ca");
        auditEvent.setName("perf");
        auditEvent.addEventData("req_type", RequestType.CMP.name());
        try {
            try {
                if (this.responderManager == null) {
                    LOG.error("responderManager in servlet not configured");
                    throw new HttpRespAuditException(HttpResponseStatus.INTERNAL_SERVER_ERROR, "responderManager in servlet not configured", AuditLevel.ERROR, AuditStatus.FAILED);
                }
                String str2 = fullHttpRequest.headers().get("Content-Type");
                if (!"application/pkixcmp".equalsIgnoreCase(str2)) {
                    throw new HttpRespAuditException(HttpResponseStatus.UNSUPPORTED_MEDIA_TYPE, "unsupported media type " + str2, AuditLevel.INFO, AuditStatus.FAILED);
                }
                String str3 = null;
                CmpResponder cmpResponder = null;
                if (servletURI.getPath().length() > 1) {
                    String substring = servletURI.getPath().substring(1);
                    str3 = this.responderManager.getCaNameForAlias(substring);
                    if (str3 == null) {
                        str3 = substring.toLowerCase();
                    }
                    cmpResponder = this.responderManager.getX509CaResponder(str3);
                }
                if (str3 == null || cmpResponder == null || !cmpResponder.isOnService()) {
                    String str4 = str3 == null ? "no CA is specified" : cmpResponder == null ? "unknown CA '" + str3 + "'" : "CA '" + str3 + "' is out of service";
                    LOG.warn(str4);
                    throw new HttpRespAuditException(HttpResponseStatus.NOT_FOUND, str4, AuditLevel.INFO, AuditStatus.FAILED);
                }
                auditEvent.addEventData("ca", cmpResponder.getCaName());
                try {
                    byte[] encoded = cmpResponder.processPkiMessage(PKIMessage.getInstance(readContent(fullHttpRequest)), clientCert, servletURI.getParameters(), auditEvent).getEncoded();
                    if (auditEvent.getStatus() == null) {
                        auditEvent.setStatus(AuditStatus.SUCCESSFUL);
                    }
                    FullHttpResponse createOKResponse = createOKResponse(protocolVersion, "application/pkixcmp", encoded);
                    auditEvent.finish();
                    auditService.logEvent(auditEvent);
                    return createOKResponse;
                } catch (Exception e) {
                    LogUtil.error(LOG, e, "could not parse the request (PKIMessage)");
                    throw new HttpRespAuditException(HttpResponseStatus.BAD_REQUEST, "bad request", AuditLevel.INFO, AuditStatus.FAILED);
                }
            } catch (Throwable th) {
                if (th instanceof HttpRespAuditException) {
                    HttpRespAuditException httpRespAuditException = (HttpRespAuditException) th;
                    auditStatus = httpRespAuditException.getAuditStatus();
                    auditLevel = httpRespAuditException.getAuditLevel();
                    str = httpRespAuditException.getAuditMessage();
                } else {
                    auditLevel = AuditLevel.ERROR;
                    auditStatus = AuditStatus.FAILED;
                    str = "internal error";
                    if (th instanceof EOFException) {
                        LogUtil.warn(LOG, th, "connection reset by peer");
                    } else {
                        LOG.error("Throwable thrown, this should not happen!", th);
                    }
                }
                auditEvent.setStatus(auditStatus);
                auditEvent.setLevel(auditLevel);
                if (str != null) {
                    auditEvent.addEventData("message", str);
                }
                FullHttpResponse createErrorResponse = createErrorResponse(protocolVersion, HttpResponseStatus.INTERNAL_SERVER_ERROR);
                auditEvent.finish();
                auditService.logEvent(auditEvent);
                return createErrorResponse;
            }
        } catch (Throwable th2) {
            auditEvent.finish();
            auditService.logEvent(auditEvent);
            throw th2;
        }
    }

    public void setResponderManager(ResponderManager responderManager) {
        this.responderManager = responderManager;
    }

    public void setAuditServiceRegister(AuditServiceRegister auditServiceRegister) {
        this.auditServiceRegister = auditServiceRegister;
    }
}
