package org.cloudfoundry.router.jakarta;

import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Logger;

/* loaded from: input_file:org/cloudfoundry/router/jakarta/ClientCertificateMapper.class */
final class ClientCertificateMapper implements Filter {
    static final String ATTRIBUTE = "jakarta.servlet.request.X509Certificate";
    static final String HEADER = "X-Forwarded-Client-Cert";
    private final Logger logger = Logger.getLogger(getClass().getName());
    private final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (servletRequest instanceof HttpServletRequest) {
            try {
                List<X509Certificate> certificates = getCertificates((HttpServletRequest) servletRequest);
                if (!certificates.isEmpty()) {
                    servletRequest.setAttribute(ATTRIBUTE, certificates.toArray(new X509Certificate[0]));
                }
            } catch (CertificateException e) {
                this.logger.warning("Unable to parse certificates in X-Forwarded-Client-Cert");
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void init(FilterConfig filterConfig) {
    }

    private byte[] decodeHeader(String str) {
        try {
            return Base64.getDecoder().decode(str);
        } catch (IllegalArgumentException e) {
            try {
                return URLDecoder.decode(str, "utf-8").getBytes();
            } catch (UnsupportedEncodingException e2) {
                throw new IllegalArgumentException("Header contains value that is neither base64 nor url encoded");
            }
        }
    }

    private List<X509Certificate> getCertificates(HttpServletRequest httpServletRequest) throws CertificateException, IOException {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = getRawCertificates(httpServletRequest).iterator();
        while (it.hasNext()) {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decodeHeader(it.next()));
            try {
                arrayList.add((X509Certificate) this.certificateFactory.generateCertificate(byteArrayInputStream));
                byteArrayInputStream.close();
            } catch (Throwable th) {
                try {
                    byteArrayInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
        return arrayList;
    }

    private List<String> getRawCertificates(HttpServletRequest httpServletRequest) {
        Enumeration headers = httpServletRequest.getHeaders(HEADER);
        if (headers == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        while (headers.hasMoreElements()) {
            String str = (String) headers.nextElement();
            if (hasMultipleCertificates(str)) {
                arrayList.addAll(Arrays.asList(str.split(",")));
            } else {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    private boolean hasMultipleCertificates(String str) {
        return str.indexOf(44) != -1;
    }
}
