package pl.edu.icm.yadda.aas.admin.servlet;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.io.StringReader;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ListIterator;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileItemFactory;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.commons.fileupload.servlet.ServletRequestContext;
import org.bouncycastle.openssl.PEMReader;
import org.bouncycastle.util.encoders.UrlBase64;
import org.opensaml.lite.security.TrustLevel;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import pl.edu.icm.yadda.aas.credential.builder.CredentialDTO;
import pl.edu.icm.yadda.aas.credential.builder.ICredentialBuilder;
import pl.edu.icm.yadda.aas.extractor.IExtractor;
import pl.edu.icm.yadda.aas.keystore.IEditableKeyStore;
import pl.edu.icm.yadda.aas.keystore.KeyQueryRequest;
import pl.edu.icm.yadda.aas.keystore.KeyQueryResponse;
import pl.edu.icm.yadda.aas.keystore.KeyStoreException;
import pl.edu.icm.yadda.aas.keystore.KeyStoreUtils;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-4.0.0.jar:pl/edu/icm/yadda/aas/admin/servlet/CertificateHandlerServlet.class */
public class CertificateHandlerServlet<C> extends HttpServlet {
    private static final long serialVersionUID = 6323575725389136399L;
    private IEditableKeyStore<C> keyStore;
    private FileItemFactory factory;
    private ICredentialBuilder<C> credentialBuilder;
    private IExtractor<C, X509Certificate> credentialCertificateExtractor;
    private IExtractor<C, PublicKey> credentialPublicKeyExtractor;
    public static final String BEAN_HANDLED_KEYS_STORE = "TrustedX509CertsStorageBasedKeystore";
    public static final String BEAN_CREDENTIAL_BUILDER = "X509TrustAwareCredentialBuilder";
    public static final String BEAN_CREDENTIAL_CERT_EXTR = "CredentialCertificateExtractor";
    public static final String BEAN_CREDENTIAL_PUBLKEY_EXTR = "CredentialPublicKeyExtractor";
    public static final String BEAN_CRL_MANAGER = "CRLManager";
    public static final String BEAN_DATETIME_PROVIDER = "_DateTimeProvider";
    private static final String PARAM_ACTION = "action";
    private static final String PARAM_RESOURCE = "resource";
    private static final String PARAM_TRUST_LEVEL = "trustLevel";
    private static final String ACTION_REGISTER = "register";
    private static final String ACTION_REMOVE_BY_PEM = "removeByPEM";
    private static final String ACTION_REMOVE_BY_ID = "removeById";
    private static final String ACTION_SHOW_BY_ID = "show";
    private static final String MSG_NO_ACTION_PARAMETER = "No action parameter specified!";
    private static final String MSG_UNSUPPORTED_ACTION_PARAMETER = "Unsupported action parameter specified!";
    private static final String MSG_NO_RESOURCE_PARAMETER = "No resource parameter specified!";
    private static final String MSG_INVALID_RESOURCE_PARAMETER = "Invalid resource parameter specified!";
    private static final String PEM_PREFIX = "-----BEGIN CERTIFICATE-----";
    private static final String PEM_SUFFIX = "-----END CERTIFICATE-----";
    protected final Logger log = LoggerFactory.getLogger(getClass());
    private boolean injectableInitialization = true;

    @Override // javax.servlet.GenericServlet, javax.servlet.Servlet
    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        if (!this.injectableInitialization && this.keyStore == null) {
            WebApplicationContext requiredWebApplicationContext = WebApplicationContextUtils.getRequiredWebApplicationContext(servletConfig.getServletContext());
            this.keyStore = (IEditableKeyStore) requiredWebApplicationContext.getBean(BEAN_HANDLED_KEYS_STORE);
            this.credentialBuilder = (ICredentialBuilder) requiredWebApplicationContext.getBean(BEAN_CREDENTIAL_BUILDER);
            this.credentialPublicKeyExtractor = (IExtractor) requiredWebApplicationContext.getBean(BEAN_CREDENTIAL_PUBLKEY_EXTR);
            this.credentialCertificateExtractor = (IExtractor) requiredWebApplicationContext.getBean(BEAN_CREDENTIAL_CERT_EXTR);
        }
        this.factory = new DiskFileItemFactory();
    }

    @Override // javax.servlet.http.HttpServlet
    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (ServletFileUpload.isMultipartContent(new ServletRequestContext(httpServletRequest))) {
            handleCertificateUpload(httpServletRequest, httpServletResponse);
        } else {
            handleCertificateManagement(httpServletRequest, httpServletResponse);
        }
    }

    protected void handleCertificateUpload(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            TrustLevel trustLevel = null;
            X509Certificate x509Certificate = null;
            ListIterator listIterator = new ServletFileUpload(this.factory).parseRequest(httpServletRequest).listIterator();
            while (listIterator.hasNext()) {
                FileItem fileItem = (FileItem) listIterator.next();
                this.log.debug("processing multipart: " + fileItem.getFieldName());
                if ("resource".equals(fileItem.getFieldName())) {
                    x509Certificate = getCertificateFromMultipart(fileItem);
                } else if (PARAM_TRUST_LEVEL.equals(fileItem.getFieldName())) {
                    trustLevel = getTrustLevelFromMultipart(fileItem);
                } else {
                    this.log.warn("unknown multipart element: " + fileItem.getFieldName());
                }
            }
            if (x509Certificate != null) {
                if (trustLevel == null) {
                    try {
                        this.log.warn("no trust level defined in multipart, setting to " + TrustLevel.DEFAULT_TRUST.toString());
                        trustLevel = TrustLevel.DEFAULT_TRUST;
                    } catch (KeyStoreException e) {
                        throw new ServletException(e);
                    }
                }
                String generateEntityId = KeyStoreUtils.generateEntityId(x509Certificate);
                CredentialDTO credentialDTO = new CredentialDTO(generateEntityId);
                credentialDTO.setEntityCert(x509Certificate);
                credentialDTO.setTrustLevel(trustLevel);
                C build = this.credentialBuilder.build(credentialDTO);
                this.log.debug("storing certificate in keystore: " + generateEntityId);
                this.keyStore.addCredential(build);
                putMessageToResponse("certificate succesfully stored with id: " + generateEntityId, httpServletResponse);
            } else {
                putMessageToResponse("Invalid resource parameter specified! Certificate multipart invalid or not found!", httpServletResponse);
            }
        } catch (FileUploadException e2) {
            throw new ServletException("exception uccured when processing uploaded file!", e2);
        }
    }

    protected X509Certificate getCertificateFromMultipart(FileItem fileItem) throws IOException {
        PEMReader pEMReader = null;
        try {
            pEMReader = new PEMReader(new BufferedReader(new InputStreamReader(fileItem.getInputStream())));
            X509Certificate x509Certificate = (X509Certificate) pEMReader.readObject();
            if (pEMReader != null) {
                pEMReader.close();
            }
            return x509Certificate;
        } catch (Throwable th) {
            if (pEMReader != null) {
                pEMReader.close();
            }
            throw th;
        }
    }

    protected TrustLevel getTrustLevelFromMultipart(FileItem fileItem) {
        return TrustLevel.valueOf(fileItem.getString());
    }

    protected void handleCertificateManagement(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter("action");
        if (parameter == null) {
            this.log.error(MSG_NO_ACTION_PARAMETER);
            httpServletResponse.sendError(400, MSG_NO_ACTION_PARAMETER);
            return;
        }
        if (parameter.equals(ACTION_REGISTER)) {
            String parameter2 = httpServletRequest.getParameter("resource");
            if (parameter2 == null) {
                this.log.error(MSG_NO_RESOURCE_PARAMETER);
                httpServletResponse.sendError(400, MSG_NO_RESOURCE_PARAMETER);
                return;
            }
            TrustLevel valueOf = httpServletRequest.getParameter(PARAM_TRUST_LEVEL) != null ? TrustLevel.valueOf(httpServletRequest.getParameter(PARAM_TRUST_LEVEL)) : TrustLevel.DEFAULT_TRUST;
            X509Certificate x509Certificate = (X509Certificate) new PEMReader(new StringReader(normalizePEM(parameter2))).readObject();
            if (x509Certificate == null) {
                putMessageToResponse("Invalid resource parameter specified! Bad certificate content: " + parameter2, httpServletResponse);
                return;
            }
            try {
                String generateEntityId = KeyStoreUtils.generateEntityId(x509Certificate);
                CredentialDTO credentialDTO = new CredentialDTO(generateEntityId);
                credentialDTO.setEntityCert(x509Certificate);
                credentialDTO.setTrustLevel(valueOf);
                C build = this.credentialBuilder.build(credentialDTO);
                this.log.debug("storing certificate in keystore: " + generateEntityId);
                this.keyStore.addCredential(build);
                putMessageToResponse("certificate succesfully stored with id: " + generateEntityId, httpServletResponse);
                return;
            } catch (KeyStoreException e) {
                throw new ServletException(e);
            }
        }
        if (parameter.equals(ACTION_REMOVE_BY_PEM)) {
            String parameter3 = httpServletRequest.getParameter("resource");
            if (parameter3 == null) {
                this.log.error(MSG_NO_RESOURCE_PARAMETER);
                httpServletResponse.sendError(400, MSG_NO_RESOURCE_PARAMETER);
                return;
            }
            X509Certificate x509Certificate2 = (X509Certificate) new PEMReader(new StringReader(normalizePEM(parameter3))).readObject();
            if (x509Certificate2 == null) {
                putMessageToResponse("Invalid resource parameter specified! Bad certificate content: " + parameter3, httpServletResponse);
                return;
            }
            try {
                CredentialDTO credentialDTO2 = new CredentialDTO(null);
                credentialDTO2.setEntityCert(x509Certificate2);
                C build2 = this.credentialBuilder.build(credentialDTO2);
                this.log.debug("removing certificate from keystore: " + parameter3);
                if (this.keyStore.removeCredential((IEditableKeyStore<C>) build2) != null) {
                    putMessageToResponse("certificate successfully removed", httpServletResponse);
                } else {
                    putMessageToResponse("no certificate removed, probably was not stored in keystore before", httpServletResponse);
                }
                return;
            } catch (KeyStoreException e2) {
                throw new ServletException(e2);
            }
        }
        if (parameter.equals(ACTION_REMOVE_BY_ID)) {
            String parameter4 = httpServletRequest.getParameter("resource");
            if (parameter4 == null) {
                this.log.error(MSG_NO_RESOURCE_PARAMETER);
                httpServletResponse.sendError(400, MSG_NO_RESOURCE_PARAMETER);
                return;
            }
            try {
                this.log.debug("removing certificate from keystore for id: " + parameter4);
                if (this.keyStore.removeCredential(parameter4) != null) {
                    putMessageToResponse("certificate for id: " + parameter4 + " successfully removed", httpServletResponse);
                } else {
                    putMessageToResponse("no certificate removed for " + parameter4 + ", probably was not stored in keystore before", httpServletResponse);
                }
                return;
            } catch (KeyStoreException e3) {
                throw new ServletException(e3);
            }
        }
        if (!parameter.equals(ACTION_SHOW_BY_ID)) {
            this.log.error(MSG_UNSUPPORTED_ACTION_PARAMETER);
            httpServletResponse.sendError(400, MSG_UNSUPPORTED_ACTION_PARAMETER);
            return;
        }
        String parameter5 = httpServletRequest.getParameter("resource");
        if (parameter5 == null) {
            this.log.error(MSG_NO_RESOURCE_PARAMETER);
            httpServletResponse.sendError(400, MSG_NO_RESOURCE_PARAMETER);
            return;
        }
        try {
            String str = new String(UrlBase64.decode(parameter5));
            KeyQueryResponse<C> queryKeys = this.keyStore.queryKeys(new KeyQueryRequest(str));
            if (queryKeys == null || queryKeys.getCredential() == null) {
                putMessageToResponse("no credential found for id: " + str, httpServletResponse);
            } else {
                X509Certificate extract = this.credentialCertificateExtractor.extract(queryKeys.getCredential());
                if (extract != null) {
                    putMessageToResponse(extract.toString(), httpServletResponse);
                } else {
                    PublicKey extract2 = this.credentialPublicKeyExtractor.extract(queryKeys.getCredential());
                    if (extract2 != null) {
                        putMessageToResponse(extract2.toString(), httpServletResponse);
                    } else {
                        putMessageToResponse("neither public key nor X509Certificate found in credential: " + str, httpServletResponse);
                    }
                }
            }
        } catch (KeyStoreException e4) {
            throw new ServletException(e4);
        }
    }

    protected String normalizePEM(String str) {
        if (str != null) {
            return str.startsWith(PEM_PREFIX) ? str : "-----BEGIN CERTIFICATE-----\n" + str + '\n' + PEM_SUFFIX;
        }
        return null;
    }

    @Override // javax.servlet.http.HttpServlet
    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doPost(httpServletRequest, httpServletResponse);
    }

    private void putMessageToResponse(String str, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setContentType("text/plain");
        httpServletResponse.setCharacterEncoding("utf-8");
        PrintWriter writer = httpServletResponse.getWriter();
        writer.write(str);
        writer.write(10);
    }

    public void setKeyStore(IEditableKeyStore<C> iEditableKeyStore) {
        this.keyStore = iEditableKeyStore;
    }

    public void setCredentialBuilder(ICredentialBuilder<C> iCredentialBuilder) {
        this.credentialBuilder = iCredentialBuilder;
    }

    public void setCredentialCertificateExtractor(IExtractor<C, X509Certificate> iExtractor) {
        this.credentialCertificateExtractor = iExtractor;
    }

    public void setCredentialPublicKeyExtractor(IExtractor<C, PublicKey> iExtractor) {
        this.credentialPublicKeyExtractor = iExtractor;
    }
}
