package eu.contrail.security;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.xalan.xsltc.trax.TransformerFactoryImpl;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.eclipse.persistence.internal.helper.Helper;
import org.ow2.contrail.federation.federationdb.jpa.entities.User;

/* loaded from: input_file:WEB-INF/classes/eu/contrail/security/HostCertServlet.class */
public class HostCertServlet extends HttpServlet {
    private String hoursString;
    private int hours;
    private static ServletContext ctx;
    private static PrivateKey issuerKey;
    private static String issuerKeyPairFilename;
    private char[] issuerKeyPairPassword;
    private static X509Certificate issuerCertificate;
    private static String issuerCertificateFilename;
    private static String issuerName;
    private String daysString;
    private int days;
    private static BigInteger bigSerial;
    private boolean debug = false;
    private final int DEFAULT_LIFETIME_HOURS = 6;
    private int paramsMissing = 0;

    private PKCS10CertificationRequest getCSR(HttpServletRequest httpServletRequest, SecurityCommons securityCommons) throws IOException {
        PKCS10CertificationRequest pKCS10CertificationRequest = null;
        String parameter = httpServletRequest.getParameter("certificate_request");
        if (parameter == null) {
            if (this.debug) {
                ctx.log(String.format("Request Parameter %s is NULL", "certificate_request"));
            }
        } else if (parameter.length() != 0) {
            pKCS10CertificationRequest = securityCommons.readCSR(new ByteArrayInputStream(parameter.getBytes()));
        }
        return pKCS10CertificationRequest;
    }

    protected void processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        SecurityCommons securityCommons = new SecurityCommons();
        String pathInfo = httpServletRequest.getPathInfo();
        if (this.debug && pathInfo != null && !"".equals(pathInfo.trim())) {
            ctx.log(String.format("HCS: PathInfo = %s.", pathInfo));
        }
        User user = (User) httpServletRequest.getAttribute("user");
        if (user == null) {
            httpServletResponse.sendError(502);
            if (this.debug) {
                ctx.log("HCS: User object attribute is NULL - should have been set by BasicAuthFilter");
            }
            httpServletResponse.sendError(400, "Missing authorization");
            return;
        }
        if (this.debug) {
            ctx.log(String.format("HCS: Username %s", user.getUsername()));
        }
        PrintWriter printWriter = null;
        try {
            try {
                try {
                    try {
                        try {
                            try {
                                try {
                                    try {
                                        try {
                                            PKCS10CertificationRequest csr = getCSR(httpServletRequest, securityCommons);
                                            if (csr == null) {
                                                if (this.debug) {
                                                    ctx.log("HCS: BLAST. Read CSR == NULL");
                                                }
                                                httpServletResponse.sendError(400, "The request is missing the parameter 'certificate_request'");
                                                if (0 != 0) {
                                                    try {
                                                        printWriter.close();
                                                        return;
                                                    } catch (Exception e) {
                                                        return;
                                                    }
                                                }
                                                return;
                                            }
                                            try {
                                                csr.verify();
                                                String x509Name = csr.getCertificationRequestInfo().getSubject().toString();
                                                ctx.log("HCS: about to createUserCert");
                                                X509Certificate createHostCertificate = securityCommons.createHostCertificate(csr.getPublicKey(), x509Name, bigSerial, issuerCertificate, issuerKey, "SHA1withRSA", new Date(), this.days, this.hours, 0);
                                                if (createHostCertificate == null) {
                                                    if (this.debug) {
                                                        ctx.log("HCS: Certificate from String == NULL");
                                                    }
                                                    httpServletResponse.sendError(500, "Failed to create a certificate");
                                                    if (0 != 0) {
                                                        try {
                                                            printWriter.close();
                                                            return;
                                                        } catch (Exception e2) {
                                                            return;
                                                        }
                                                    }
                                                    return;
                                                }
                                                if (this.debug) {
                                                    ctx.log("HCS: About to write cert");
                                                }
                                                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                                                securityCommons.writeCertificate(new OutputStreamWriter(byteArrayOutputStream), createHostCertificate);
                                                String byteArrayOutputStream2 = byteArrayOutputStream.toString();
                                                httpServletResponse.setContentType("text/plain");
                                                httpServletResponse.setContentLength(byteArrayOutputStream2.length());
                                                PrintWriter writer = httpServletResponse.getWriter();
                                                writer.write(byteArrayOutputStream2);
                                                bigSerial = bigSerial.add(BigInteger.ONE);
                                                if (writer != null) {
                                                    try {
                                                        writer.close();
                                                    } catch (Exception e3) {
                                                    }
                                                }
                                            } catch (InvalidKeyException e4) {
                                                if (this.debug) {
                                                    ctx.log("HCS: Cannot verify CSR - InvalidKeyException - ignoring request");
                                                }
                                                httpServletResponse.sendError(400, "HCS: Cannot verify CSR - InvalidKeyException - ignoring request");
                                                if (0 != 0) {
                                                    try {
                                                        printWriter.close();
                                                    } catch (Exception e5) {
                                                    }
                                                }
                                            } catch (SignatureException e6) {
                                                if (this.debug) {
                                                    ctx.log("HCS: Cannot verify CSR - SignatureException - ignoring request");
                                                }
                                                httpServletResponse.sendError(400, "HCS: Cannot verify CSR - SignatureException - ignoring request");
                                                if (0 != 0) {
                                                    try {
                                                        printWriter.close();
                                                    } catch (Exception e7) {
                                                    }
                                                }
                                            } catch (Exception e8) {
                                                String str = "HCS: " + e8.getLocalizedMessage();
                                                ctx.log(str);
                                                httpServletResponse.sendError(400, str);
                                                if (0 != 0) {
                                                    try {
                                                        printWriter.close();
                                                    } catch (Exception e9) {
                                                    }
                                                }
                                            }
                                        } catch (Throwable th) {
                                            if (0 != 0) {
                                                try {
                                                    printWriter.close();
                                                } catch (Exception e10) {
                                                }
                                            }
                                            throw th;
                                        }
                                    } catch (CertificateException e11) {
                                        ctx.log(e11.getLocalizedMessage());
                                        throw new ServletException(e11.getLocalizedMessage());
                                    }
                                } catch (NoSuchAlgorithmException e12) {
                                    ctx.log(e12.getLocalizedMessage());
                                    throw new ServletException(e12.getLocalizedMessage());
                                }
                            } catch (InvalidKeyException e13) {
                                ctx.log(e13.getLocalizedMessage());
                                throw new ServletException(e13.getLocalizedMessage());
                            }
                        } catch (OperatorCreationException e14) {
                            ctx.log(e14.getLocalizedMessage());
                            throw new ServletException(e14.getLocalizedMessage());
                        }
                    } catch (IOException e15) {
                        ctx.log(e15.getLocalizedMessage());
                        if (0 != 0) {
                            try {
                                printWriter.close();
                            } catch (Exception e16) {
                            }
                        }
                    }
                } catch (Exception e17) {
                    ctx.log(e17.getLocalizedMessage());
                    e17.printStackTrace((PrintWriter) null);
                    if (0 != 0) {
                        try {
                            printWriter.close();
                        } catch (Exception e18) {
                        }
                    }
                }
            } catch (NullPointerException e19) {
                ctx.log(e19.getLocalizedMessage());
                e19.printStackTrace((PrintWriter) null);
                throw new ServletException(e19.getLocalizedMessage());
            }
        } catch (NoSuchProviderException e20) {
            ctx.log(e20.getLocalizedMessage());
            throw new ServletException(e20.getLocalizedMessage());
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletResponse.sendError(405, "Use POST instead");
        if (ctx != null) {
            ctx.log("Ignoring GET request");
        }
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        processRequest(httpServletRequest, httpServletResponse);
    }

    public String getServletInfo() {
        return "User CA Servlet";
    }

    private void getInitParams(ServletConfig servletConfig) {
        this.debug = Boolean.valueOf(servletConfig.getInitParameter(TransformerFactoryImpl.DEBUG)).booleanValue();
        issuerKeyPairFilename = servletConfig.getInitParameter("issuerKeyPairFilename");
        if (issuerKeyPairFilename == null) {
            this.paramsMissing++;
            ctx.log("Cannot read property issuerKeyPairFilename.");
        } else if (this.debug) {
            ctx.log(String.format("issuerKeyPairFilename = %s.", issuerKeyPairFilename));
        }
        String initParameter = servletConfig.getInitParameter("issuerKeyPairPassword");
        if (initParameter != null) {
            this.issuerKeyPairPassword = initParameter.toCharArray();
        } else {
            this.paramsMissing++;
            ctx.log("Cannot read property issuerKeyPairPassword.");
        }
        if (this.debug) {
            ServletContext servletContext = ctx;
            Object[] objArr = new Object[1];
            objArr[0] = this.issuerKeyPairPassword == null ? "not set." : "set, but not logged here.";
            servletContext.log(String.format("issuerKeyPairPassword is %s", objArr));
        }
        issuerCertificateFilename = servletConfig.getInitParameter("issuerCertificateFilename");
        if (issuerCertificateFilename == null) {
            this.paramsMissing++;
            ctx.log("Cannot read property issuerCertificateFilename.");
        } else if (this.debug) {
            ctx.log(String.format("issuerCertificateFilename = %s.", issuerCertificateFilename));
        }
        this.hoursString = servletConfig.getInitParameter("certLifetimeHours");
        if (this.hoursString == null) {
            this.hours = 0;
        } else {
            this.hours = Integer.valueOf(this.hoursString).intValue();
            this.hours = Math.max(this.hours, 0);
        }
        this.daysString = servletConfig.getInitParameter("certLifetimeDays");
        if (this.daysString == null) {
            this.days = 0;
        } else {
            this.days = Integer.valueOf(this.daysString).intValue();
            this.days = Math.max(this.days, 0);
        }
        if (this.debug) {
            ctx.log(String.format("HCS: certificate duration is %d days, %d hours", Integer.valueOf(this.days), Integer.valueOf(this.hours)));
        }
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        SecurityCommons securityCommons = new SecurityCommons();
        ctx = servletConfig.getServletContext();
        ctx.log("Starting (Filtered) UserCertServlet");
        bigSerial = BigInteger.valueOf(System.currentTimeMillis());
        Security.addProvider(new BouncyCastleProvider());
        getInitParams(servletConfig);
        if (this.paramsMissing != 0) {
            ctx.log(String.format("Missing %d parameter values", Integer.valueOf(this.paramsMissing)));
            return;
        }
        try {
            issuerKey = securityCommons.readPrivateKey(issuerKeyPairFilename, this.issuerKeyPairPassword);
            if (issuerKey == null) {
                ctx.log(String.format("Couldn't read %s.%n", issuerKeyPairFilename));
                ctx.log(String.format("Check the passphrase or permissions on %s.%n", issuerKeyPairFilename));
                throw new ServletException(String.format("Couldn't read %s", issuerKeyPairFilename));
            }
            issuerCertificate = securityCommons.getCertFromStream(new FileInputStream(issuerCertificateFilename));
            if (issuerCertificate == null) {
                ctx.log(String.format("Couldn't read %s.%n", issuerCertificateFilename));
                throw new ServletException(String.format("Couldn't read %s", issuerCertificateFilename));
            }
            issuerName = issuerCertificate.getSubjectDN().getName();
            issuerName = StringUtils.replace(issuerName, Helper.DEFAULT_DATABASE_DELIMITER, "");
            issuerName = securityCommons.reverse(issuerName, ",");
            if (this.debug) {
                ctx.log(String.format("Issuer name = %s.", issuerName));
            }
            this.hoursString = servletConfig.getInitParameter("certLifetimeHours");
            if (this.hoursString == null) {
                this.hours = 6;
            } else {
                this.hours = Integer.valueOf(this.hoursString).intValue();
            }
            if (this.debug) {
                ctx.log(String.format("Certificate lifetime = %d hours.", Integer.valueOf(this.hours)));
            }
        } catch (NullPointerException e) {
            ctx.log("NPE");
            e.printStackTrace();
            ctx.log(e.getLocalizedMessage());
        } catch (MalformedURLException e2) {
            ctx.log(e2.getLocalizedMessage());
        } catch (IOException e3) {
            ctx.log(e3.getLocalizedMessage());
        } catch (NoSuchAlgorithmException e4) {
            ctx.log("Fatal: Cannot find algorithm to read key pair. Check location of BouncyCastle JARs");
        } catch (CertificateException e5) {
            ctx.log(e5.getLocalizedMessage());
        }
    }
}
