package org.xipki.ocsp.server.servlet;

import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.license.api.LicenseFactory;
import org.xipki.ocsp.server.OcspConf;
import org.xipki.ocsp.server.OcspServerImpl;
import org.xipki.password.PasswordResolverException;
import org.xipki.security.Securities;
import org.xipki.security.util.X509Util;
import org.xipki.util.CollectionUtil;
import org.xipki.util.LogUtil;
import org.xipki.util.XipkiBaseDir;
import org.xipki.util.exception.InvalidConfException;
import org.xipki.util.exception.ServletException0;
import org.xipki.util.http.XiHttpFilter;
import org.xipki.util.http.XiHttpRequest;
import org.xipki.util.http.XiHttpResponse;

/* loaded from: input_file:org/xipki/ocsp/server/servlet/OcspHttpFilter.class */
public class OcspHttpFilter implements XiHttpFilter {
    private static final Logger LOG = LoggerFactory.getLogger(OcspHttpFilter.class);
    private static final String DFLT_CONF_FILE = "etc/ocsp/ocsp.json";
    private final Securities securities;
    private final LicenseFactory licenseFactory;
    private final OcspServerImpl server;
    private final HealthCheckServlet healthServlet;
    private final HttpOcspServlet ocspServlet;
    private final boolean remoteMgmtEnabled;
    private HttpMgmtServlet mgmtServlet;

    public OcspHttpFilter(String str) throws ServletException0 {
        XipkiBaseDir.init();
        try {
            OcspConf readConfFromFile = OcspConf.readConfFromFile(DFLT_CONF_FILE);
            boolean isLogReqResp = readConfFromFile.isLogReqResp();
            LOG.info("logReqResp: {}", Boolean.valueOf(isLogReqResp));
            this.securities = new Securities();
            try {
                this.securities.init(readConfFromFile.getSecurity());
                LOG.info("Use licenseFactory: {}", str);
                try {
                    this.licenseFactory = (LicenseFactory) Class.forName(str).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
                    OcspServerImpl ocspServerImpl = new OcspServerImpl(this.licenseFactory.createOcspLicense());
                    ocspServerImpl.setSecurityFactory(this.securities.getSecurityFactory());
                    ocspServerImpl.setConfFile(readConfFromFile.getServerConf());
                    try {
                        ocspServerImpl.init();
                    } catch (InvalidConfException | PasswordResolverException e) {
                        LogUtil.error(LOG, e, "could not start OCSP server");
                    }
                    this.server = ocspServerImpl;
                    this.healthServlet = new HealthCheckServlet();
                    this.healthServlet.setServer(this.server);
                    this.ocspServlet = new HttpOcspServlet();
                    this.ocspServlet.setServer(this.server);
                    this.ocspServlet.setLogReqResp(isLogReqResp);
                    OcspConf.RemoteMgmt remoteMgmt = readConfFromFile.getRemoteMgmt();
                    this.remoteMgmtEnabled = remoteMgmt != null && remoteMgmt.isEnabled();
                    LOG.info("remote management is {}", this.remoteMgmtEnabled ? "enabled" : "disabled");
                    if (this.remoteMgmtEnabled && CollectionUtil.isNotEmpty(remoteMgmt.getCerts())) {
                        List list = null;
                        try {
                            list = X509Util.parseCerts(remoteMgmt.getCerts());
                        } catch (InvalidConfException e2) {
                            LogUtil.error(LOG, e2, "could not parse client certificates, disable the remote management");
                        }
                        if (CollectionUtil.isEmpty(list)) {
                            LOG.error("could not find any valid client certificates, disable the remote management");
                            return;
                        }
                        this.mgmtServlet = new HttpMgmtServlet();
                        this.mgmtServlet.setMgmtCerts(CollectionUtil.listToSet(list));
                        this.mgmtServlet.setOcspServer(this.server);
                    }
                } catch (ClassNotFoundException | IllegalAccessException | InstantiationException | NoSuchMethodException | InvocationTargetException e3) {
                    throw new ServletException0("could not initialize LicenseFactory", e3);
                }
            } catch (IOException | InvalidConfException e4) {
                throw new ServletException0("could not initialize Securities", e4);
            }
        } catch (IOException | InvalidConfException e5) {
            throw new ServletException0("could not parse OCSP configuration file " + DFLT_CONF_FILE, e5);
        }
    }

    public void destroy() {
        if (this.securities != null) {
            this.securities.close();
        }
        if (this.server != null) {
            this.server.close();
        }
        if (this.licenseFactory != null) {
            this.licenseFactory.close();
        }
    }

    public void doFilter(XiHttpRequest xiHttpRequest, XiHttpResponse xiHttpResponse) throws IOException {
        String requestURI = xiHttpRequest.getRequestURI();
        String contextPath = xiHttpRequest.getContextPath();
        String substring = requestURI.length() == contextPath.length() ? "/" : requestURI.substring(contextPath.length());
        if (substring.startsWith("/health/")) {
            xiHttpRequest.setAttribute("xipki_path", substring.substring(7));
            this.healthServlet.service(xiHttpRequest, xiHttpResponse);
        } else if (!substring.startsWith("/mgmt/")) {
            xiHttpRequest.setAttribute("xipki_path", substring);
            this.ocspServlet.service(xiHttpRequest, xiHttpResponse);
        } else if (this.mgmtServlet == null) {
            xiHttpResponse.sendError(403);
        } else {
            xiHttpRequest.setAttribute("xipki_path", substring.substring(5));
            this.mgmtServlet.service(xiHttpRequest, xiHttpResponse);
        }
    }
}
