package ca.nrc.cadc.cred.util;

import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.SSLUtil;
import ca.nrc.cadc.auth.ServletPrincipalExtractor;
import ca.nrc.cadc.auth.X509CertificateChain;
import ca.nrc.cadc.cred.client.CredUtil;
import ca.nrc.cadc.log.ServletLogInfo;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.Principal;
import java.util.Set;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.x500.X500Principal;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;

/* loaded from: input_file:ca/nrc/cadc/cred/util/CredInjectionServlet.class */
public class CredInjectionServlet extends HttpServlet {
    private static final String AUTHORIZED_DN = "authorized_dn";
    private static final String AUTHORIZED_UID = "authorized_uid";
    private String authorizedDN;
    private String authorizedUID;
    private static final Logger log = Logger.getLogger(CredInjectionServlet.class);
    private static final double MAX_CERT_SIZE_BYTES = Math.pow(2.0d, 16.0d);

    public void init(ServletConfig servletConfig) throws ServletException {
        this.authorizedDN = servletConfig.getInitParameter(AUTHORIZED_DN);
        this.authorizedDN = this.authorizedDN.replace("\"", "");
        this.authorizedDN = AuthenticationUtil.canonizeDistinguishedName(this.authorizedDN);
        this.authorizedUID = servletConfig.getInitParameter(AUTHORIZED_UID);
        this.authorizedUID = this.authorizedUID.replace("\"", "");
        if (this.authorizedDN == null && this.authorizedUID == null) {
            throw new ExceptionInInitializerError("No authorized users configured to inject credentials.");
        }
    }

    public void doPut(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        ServletLogInfo servletLogInfo = new ServletLogInfo(httpServletRequest);
        long currentTimeMillis = System.currentTimeMillis();
        log.info(servletLogInfo.start());
        try {
            try {
                Set<Principal> principals = new ServletPrincipalExtractor(httpServletRequest).getPrincipals();
                if (principals == null || principals.size() == 0) {
                    httpServletResponse.setStatus(401);
                    servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                    log.info(servletLogInfo.end());
                    return;
                }
                boolean z = false;
                for (Principal principal : principals) {
                    if ((principal instanceof X500Principal) && AuthenticationUtil.canonizeDistinguishedName(principal.getName()).equals(this.authorizedDN)) {
                        z = true;
                    }
                    if ((principal instanceof HttpPrincipal) && principal.getName().equals(this.authorizedUID)) {
                        z = true;
                    }
                }
                if (z) {
                    storeInJNDI(uploadCert(httpServletRequest));
                    servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                    log.info(servletLogInfo.end());
                } else {
                    httpServletResponse.setStatus(403);
                    servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                    log.info(servletLogInfo.end());
                }
            } catch (Throwable th) {
                String str = "Unexpected error: " + th.getMessage();
                log.error(str, th);
                servletLogInfo.setSuccess(false);
                servletLogInfo.setMessage(str);
                if (httpServletResponse.isCommitted()) {
                    log.warn("Response already committed.");
                } else {
                    try {
                        httpServletResponse.getWriter().write(str);
                    } catch (IOException e) {
                        log.warn("Failed to write message to response", e);
                    }
                    httpServletResponse.setStatus(500);
                }
                servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                log.info(servletLogInfo.end());
            }
        } catch (Throwable th2) {
            servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
            log.info(servletLogInfo.end());
            throw th2;
        }
    }

    private X509CertificateChain uploadCert(HttpServletRequest httpServletRequest) throws Exception {
        byte[] bArr = new byte[1024];
        ServletInputStream inputStream = httpServletRequest.getInputStream();
        int i = 0;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        while (true) {
            int read = inputStream.read(bArr, 0, 1024);
            if (read <= 0) {
                byteArrayOutputStream.flush();
                log.debug("Uploaded cert: " + byteArrayOutputStream.toString());
                return SSLUtil.readPemCertificateAndKey(byteArrayOutputStream.toByteArray());
            }
            i += read;
            if (i > MAX_CERT_SIZE_BYTES) {
                throw new IllegalArgumentException("Certificate chain too big.");
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    private void storeInJNDI(X509CertificateChain x509CertificateChain) throws NamingException {
        InitialContext initialContext = new InitialContext();
        try {
            initialContext.unbind(CredUtil.SERVOPS_JNDI_NAME);
            log.debug("Unbound previously bound certificate.");
        } catch (NamingException e) {
            log.debug("No certificate to unbind");
        }
        initialContext.bind(CredUtil.SERVOPS_JNDI_NAME, x509CertificateChain);
        log.debug("Stored certificate in JNDI.");
    }
}
