package org.xipki.ocsp.server.servlet;

import java.io.IOException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.ocsp.api.mgmt.MgmtMessage;
import org.xipki.ocsp.server.OcspServerImpl;
import org.xipki.password.PasswordResolverException;
import org.xipki.security.X509Cert;
import org.xipki.security.util.TlsHelper;
import org.xipki.util.Args;
import org.xipki.util.exception.InvalidConfException;
import org.xipki.util.http.HttpResponse;
import org.xipki.util.http.XiHttpRequest;
import org.xipki.util.http.XiHttpResponse;

/* loaded from: input_file:org/xipki/ocsp/server/servlet/HttpMgmtServlet.class */
class HttpMgmtServlet {
    private static final Logger LOG = LoggerFactory.getLogger(HttpMgmtServlet.class);
    private static final String CT_RESPONSE = "application/json";
    private Set<X509Cert> mgmtCerts;
    private OcspServerImpl ocspServer;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/xipki/ocsp/server/servlet/HttpMgmtServlet$MyException.class */
    public static final class MyException extends Exception {
        private final int status;

        public MyException(int i, String str) {
            super(str);
            this.status = i;
        }

        public int getStatus() {
            return this.status;
        }
    }

    public void setMgmtCerts(Set<X509Cert> set) {
        this.mgmtCerts = new HashSet(Args.notEmpty(set, "mgmtCerts"));
    }

    public void setOcspServer(OcspServerImpl ocspServerImpl) {
        this.ocspServer = (OcspServerImpl) Args.notNull(ocspServerImpl, "ocspServer");
    }

    public void service(XiHttpRequest xiHttpRequest, XiHttpResponse xiHttpResponse) throws IOException {
        if (!"POST".equalsIgnoreCase(xiHttpRequest.getMethod())) {
            xiHttpResponse.setStatus(405);
        }
        doPost(xiHttpRequest).fillResponse(xiHttpResponse);
    }

    private HttpResponse doPost(XiHttpRequest xiHttpRequest) {
        try {
            X509Cert tlsClientCert = TlsHelper.getTlsClientCert(xiHttpRequest);
            if (tlsClientCert == null) {
                throw new MyException(401, "remote management is not permitted if TLS client certificate is not present");
            }
            if (!this.mgmtCerts.contains(tlsClientCert)) {
                throw new MyException(401, "remote management is not permitted to the client without valid certificate");
            }
            String str = (String) xiHttpRequest.getAttribute("xipki_path");
            if (str == null || str.length() < 2) {
                throw new MyException(404, "no action is specified");
            }
            String substring = str.substring(1);
            MgmtMessage.MgmtAction ofName = MgmtMessage.MgmtAction.ofName(substring);
            if (ofName == null) {
                throw new MyException(404, "unknown action '" + substring + "'");
            }
            if (ofName != MgmtMessage.MgmtAction.restartServer) {
                throw new MyException(404, "unsupported action " + ofName);
            }
            try {
                this.ocspServer.init(true);
                return new HttpResponse(200, CT_RESPONSE, (Map) null, new byte[0]);
            } catch (InvalidConfException | PasswordResolverException e) {
                LOG.warn(ofName + ": could not restart OCSP server", e);
                throw new MyException(500, "could not restart OCSP server: " + e.getMessage());
            }
        } catch (MyException e2) {
            return new HttpResponse(e2.getStatus(), (String) null, Collections.singletonMap("x-xipki-error", e2.getMessage()), (byte[]) null);
        } catch (Throwable th) {
            LOG.error("Throwable thrown, this should not happen!", th);
            return new HttpResponse(500);
        }
    }
}
