package eu.contrail.security;

import eu.contrail.security.servercommons.SAML;
import eu.contrail.security.servercommons.UserSAML;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.security.auth.x500.X500Principal;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.xalan.xsltc.trax.TransformerFactoryImpl;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.ow2.contrail.federation.federationdb.jpa.entities.User;

/* loaded from: input_file:WEB-INF/classes/eu/contrail/security/UserCertServlet.class */
public class UserCertServlet extends HttpServlet {
    private static final long serialVersionUID = -1;
    private static final int DEFAULT_LIFETIME_DAYS = 365;
    private static final int DEFAULT_LIFETIME_HOURS = 6;
    private static String daysString;
    private static String hoursString;
    private static int days;
    private static int hours;
    private static ServletContext ctx;
    private static PrivateKey issuerKey;
    private static String issuerKeyPairFilename;
    private static char[] issuerKeyPairPassword;
    private static X509Certificate issuerCertificate;
    private static String issuerCertificateFilename;
    private static String issuerName;
    private static BigInteger bigSerial;
    private static boolean debug = true;
    private static int paramsMissing = 0;

    private PKCS10CertificationRequest getCSR(HttpServletRequest httpServletRequest, SecurityCommons securityCommons) throws IOException {
        PKCS10CertificationRequest pKCS10CertificationRequest = null;
        String parameter = httpServletRequest.getParameter("certificate_request");
        if (parameter == null) {
            if (debug) {
                ctx.log(String.format("UCS: Request Parameter %s is NULL", "certificate_request"));
            }
        } else if (parameter.length() != 0) {
            pKCS10CertificationRequest = securityCommons.readCSR(new ByteArrayInputStream(parameter.getBytes("UTF-8")));
        }
        return pKCS10CertificationRequest;
    }

    protected void processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        SecurityCommons securityCommons = new SecurityCommons();
        String pathInfo = httpServletRequest.getPathInfo();
        if (debug) {
            ctx.log(String.format("processing request", pathInfo));
            if (pathInfo != null && !"".equals(pathInfo.trim())) {
                ctx.log(String.format("UCS: PathInfo = %s.", pathInfo));
            }
        }
        User user = (User) httpServletRequest.getAttribute("user");
        if (user == null) {
            httpServletResponse.sendError(401);
            ctx.log("UCS: User object attribute is NULL - should have been set by BasicAuthFilter");
            httpServletResponse.sendError(400, "Missing authorization");
            return;
        }
        if (debug) {
            ctx.log(String.format("UCS: Username %s", user.getUsername()));
        }
        String uuid = user.getUuid();
        String uuid2 = user.getUuid();
        ctx.log("UCS: UUID " + uuid2);
        PrintWriter printWriter = null;
        try {
            try {
                try {
                    try {
                        try {
                            try {
                                try {
                                    PKCS10CertificationRequest csr = getCSR(httpServletRequest, securityCommons);
                                    if (csr == null) {
                                        if (debug) {
                                            ctx.log("UCS: CSR == NULL");
                                        }
                                        httpServletResponse.sendError(400, "The request is missing the parameter 'certificate_request'");
                                        if (0 != 0) {
                                            printWriter.close();
                                            return;
                                        }
                                        return;
                                    }
                                    try {
                                        csr.verify();
                                        if (debug) {
                                            ctx.log("UCS: about to createUserCert ");
                                        }
                                        X509Certificate createUserCertificateWithSAML = securityCommons.createUserCertificateWithSAML(csr.getPublicKey(), new X500Principal(issuerName + "," + String.format("CN=%s, CN=%s", uuid, user.getUsername())), uuid2, bigSerial, issuerCertificate, issuerKey, "SHA1withRSA", days, hours, 0, SecurityCommons.CONTRAIL_ATTRIBUTE_ASSERTION, false, new UserSAML().getSAMLforUser(user, new SAML()));
                                        if (createUserCertificateWithSAML == null) {
                                            if (debug) {
                                                ctx.log("UCS: generated ertificate is NULL");
                                            }
                                            httpServletResponse.sendError(500, "Failed to create a certificate");
                                            if (0 != 0) {
                                                printWriter.close();
                                                return;
                                            }
                                            return;
                                        }
                                        if (debug) {
                                            ctx.log("UCS: About to write cert");
                                        }
                                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                                        securityCommons.writeCertificate(new OutputStreamWriter(byteArrayOutputStream, "UTF-8"), createUserCertificateWithSAML);
                                        String byteArrayOutputStream2 = byteArrayOutputStream.toString("UTF-8");
                                        httpServletResponse.setContentType("text/plain");
                                        httpServletResponse.setContentLength(byteArrayOutputStream2.length());
                                        PrintWriter writer = httpServletResponse.getWriter();
                                        writer.write(byteArrayOutputStream2);
                                        synchronized (new Object()) {
                                            bigSerial = bigSerial.add(BigInteger.ONE);
                                        }
                                        if (writer != null) {
                                            writer.close();
                                        }
                                    } catch (InvalidKeyException e) {
                                        if (debug) {
                                            ctx.log("UCS: Cannot verify CSR - InvalidKeyException - ignoring request");
                                        }
                                        httpServletResponse.sendError(400, "UCS: Cannot verify CSR - InvalidKeyException - ignoring request");
                                        if (0 != 0) {
                                            printWriter.close();
                                        }
                                    } catch (SignatureException e2) {
                                        if (debug) {
                                            ctx.log("UCS: Cannot verify CSR - SignatureException - ignoring request");
                                        }
                                        httpServletResponse.sendError(400, "UCS: Cannot verify CSR - SignatureException - ignoring request");
                                        if (0 != 0) {
                                            printWriter.close();
                                        }
                                    } catch (Exception e3) {
                                        String str = "UCS: " + e3.getLocalizedMessage();
                                        ctx.log(str);
                                        httpServletResponse.sendError(400, str);
                                        if (0 != 0) {
                                            printWriter.close();
                                        }
                                    }
                                } catch (OperatorCreationException e4) {
                                    ctx.log(e4.getLocalizedMessage());
                                    throw new ServletException(e4.getLocalizedMessage());
                                }
                            } catch (IOException e5) {
                                ctx.log(e5.getLocalizedMessage());
                                if (0 != 0) {
                                    printWriter.close();
                                }
                            }
                        } catch (NullPointerException e6) {
                            ctx.log(e6.getLocalizedMessage());
                            e6.printStackTrace((PrintWriter) null);
                            throw new ServletException(e6.getLocalizedMessage());
                        }
                    } catch (NoSuchAlgorithmException e7) {
                        ctx.log(e7.getLocalizedMessage());
                        throw new ServletException(e7.getLocalizedMessage());
                    }
                } catch (InvalidKeyException e8) {
                    ctx.log(e8.getLocalizedMessage());
                    throw new ServletException(e8.getLocalizedMessage());
                }
            } catch (NoSuchProviderException e9) {
                ctx.log(e9.getLocalizedMessage());
                throw new ServletException(e9.getLocalizedMessage());
            } catch (CertificateException e10) {
                ctx.log(e10.getLocalizedMessage());
                throw new ServletException(e10.getLocalizedMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                printWriter.close();
            }
            throw th;
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletResponse.sendError(405, "Use POST instead");
        if (ctx != null) {
            ctx.log("Ignoring GET request");
        }
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        processRequest(httpServletRequest, httpServletResponse);
    }

    public String getServletInfo() {
        return "User CA Servlet";
    }

    private static void getInitParams(ServletConfig servletConfig) {
        debug = Boolean.valueOf(servletConfig.getInitParameter(TransformerFactoryImpl.DEBUG)).booleanValue();
        ctx.log(String.format("DEBUG set to %s", Boolean.valueOf(debug)));
        issuerKeyPairFilename = servletConfig.getInitParameter("issuerKeyPairFilename");
        if (issuerKeyPairFilename == null) {
            paramsMissing++;
            ctx.log("UCS: Cannot read property issuerKeyPairFilename.");
        } else if (debug) {
            ctx.log(String.format("UCS: issuerKeyPairFilename = %s.", issuerKeyPairFilename));
        }
        String initParameter = servletConfig.getInitParameter("issuerKeyPairPassword");
        if (initParameter != null) {
            issuerKeyPairPassword = initParameter.toCharArray();
        } else {
            ctx.log("UCS: Cannot read property issuerKeyPairPassword.");
        }
        if (debug) {
            ServletContext servletContext = ctx;
            Object[] objArr = new Object[1];
            objArr[0] = issuerKeyPairPassword == null ? "not set." : "set, but not logged here.";
            servletContext.log(String.format("UCS: issuerKeyPairPassword is %s", objArr));
        }
        issuerCertificateFilename = servletConfig.getInitParameter("issuerCertificateFilename");
        if (issuerCertificateFilename == null) {
            paramsMissing++;
            ctx.log("UCS: Cannot read property issuerCertificateFilename.");
        } else if (debug) {
            ctx.log(String.format("UCS: issuerCertificateFilename = %s.", issuerCertificateFilename));
        }
        hoursString = servletConfig.getInitParameter("certLifetimeHours");
        if (hoursString == null) {
            hours = -1;
        } else {
            try {
                hours = Integer.valueOf(hoursString).intValue();
            } catch (NumberFormatException e) {
                hours = -1;
            }
        }
        daysString = servletConfig.getInitParameter("certLifetimeDays");
        if (daysString == null) {
            days = -1;
        } else {
            try {
                days = Integer.valueOf(daysString).intValue();
            } catch (NumberFormatException e2) {
                days = -1;
            }
        }
        if (days <= 0 || hours <= 0) {
            hours = 0;
            days = DEFAULT_LIFETIME_DAYS;
        }
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        SecurityCommons securityCommons = new SecurityCommons();
        ctx = servletConfig.getServletContext();
        ctx.log("UCS: Starting");
        bigSerial = BigInteger.valueOf(System.currentTimeMillis());
        Security.addProvider(new BouncyCastleProvider());
        getInitParams(servletConfig);
        if (paramsMissing != 0) {
            ctx.log(String.format("Missing %d parameter values", Integer.valueOf(paramsMissing)));
            return;
        }
        try {
            if (!new File(issuerKeyPairFilename).canRead()) {
                ctx.log(String.format("UCS: File permissions on %s do not allow reading.", issuerKeyPairFilename));
            }
            issuerKey = securityCommons.readPrivateKey(issuerKeyPairFilename, issuerKeyPairPassword);
            if (issuerKey == null) {
                ctx.log(String.format("UCS: Couldn't read %s.%n", issuerKeyPairFilename));
                ctx.log(String.format("UCS: Check the passphrase or permissions on %s.%n", issuerKeyPairFilename));
                throw new ServletException(String.format("UCS: Couldn't read %s", issuerKeyPairFilename));
            }
            ctx.log(String.format("UCS: Parsed Key OK - format %s.", issuerKey.getAlgorithm()));
            issuerCertificate = securityCommons.getCertFromStream(new FileInputStream(issuerCertificateFilename));
            if (issuerCertificate == null) {
                System.err.print("UCS: Can't read cert");
                ctx.log(String.format("UCS: Couldn't read %s.%n", issuerCertificateFilename));
                throw new ServletException(String.format("UCS: Couldn't read %s", issuerCertificateFilename));
            }
            issuerName = issuerCertificate.getSubjectDN().getName();
            issuerName = securityCommons.reverse(issuerName, ",");
            if (debug) {
                ctx.log(String.format("UCS: Issuer name = %s.", issuerName));
            }
            if (debug) {
                ctx.log(String.format("UCS: Certificate lifetime = %d days, %d hours", Integer.valueOf(days), Integer.valueOf(hours)));
            }
        } catch (MalformedURLException e) {
            ctx.log(e.getLocalizedMessage());
        } catch (IOException e2) {
            ctx.log(e2.getLocalizedMessage());
        } catch (NullPointerException e3) {
            ctx.log("NPE");
            e3.printStackTrace();
            ctx.log(e3.getLocalizedMessage());
        } catch (NoSuchAlgorithmException e4) {
            ctx.log("UCS: Fatal: Cannot find algorithm to read key pair. Check location of BouncyCastle JARs");
        } catch (CertificateException e5) {
            ctx.log(e5.getLocalizedMessage());
        }
    }
}
