package org.xipki.ocsp.servlet;

import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.time.Clock;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.ocsp.api.OcspRespWithCacheInfo;
import org.xipki.ocsp.api.OcspServer;
import org.xipki.ocsp.api.Responder;
import org.xipki.ocsp.api.ResponderAndPath;
import org.xipki.security.HashAlgo;
import org.xipki.util.Args;
import org.xipki.util.Base64;
import org.xipki.util.Base64Url;
import org.xipki.util.Hex;
import org.xipki.util.HttpConstants;
import org.xipki.util.IoUtil;
import org.xipki.util.LogUtil;
import org.xipki.util.StringUtil;

/* loaded from: input_file:WEB-INF/classes/org/xipki/ocsp/servlet/OcspServlet.class */
public class OcspServlet extends HttpServlet {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) OcspServlet.class);
    private static final long DFLT_CACHE_MAX_AGE = 60;
    private static final String CT_REQUEST = "application/ocsp-request";
    private static final String CT_RESPONSE = "application/ocsp-response";
    private boolean logReqResp;
    private OcspServer server;

    public void setLogReqResp(boolean z) {
        this.logReqResp = z;
    }

    public void setServer(OcspServer ocspServer) {
        this.server = (OcspServer) Args.notNull(ocspServer, "server");
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        try {
            try {
                ResponderAndPath responderForPath = this.server.getResponderForPath((String) httpServletRequest.getAttribute(HttpConstants.ATTR_XIPKI_PATH));
                if (responderForPath == null) {
                    sendError(httpServletResponse, 404);
                    httpServletResponse.flushBuffer();
                    return;
                }
                if (!CT_REQUEST.equalsIgnoreCase(httpServletRequest.getHeader("Content-Type"))) {
                    sendError(httpServletResponse, 415);
                    httpServletResponse.flushBuffer();
                    return;
                }
                Responder responder = responderForPath.getResponder();
                byte[] read = IoUtil.read((InputStream) httpServletRequest.getInputStream());
                if (read.length > responder.getMaxRequestSize()) {
                    sendError(httpServletResponse, 413);
                    httpServletResponse.flushBuffer();
                    return;
                }
                OcspRespWithCacheInfo answer = this.server.answer(responder, read, false);
                if (answer == null || answer.getResponse() == null) {
                    LOG.error("processRequest returned null, this should not happen");
                    sendError(httpServletResponse, 500);
                    httpServletResponse.flushBuffer();
                    return;
                }
                byte[] response = answer.getResponse();
                if (this.logReqResp && LOG.isDebugEnabled()) {
                    LOG.debug("HTTP POST OCSP path: {}\nRequest:\n{}\nResponse:\n{}", httpServletRequest.getRequestURI(), LogUtil.base64Encode(read), LogUtil.base64Encode(response));
                }
                httpServletResponse.setStatus(200);
                httpServletResponse.setContentType(CT_RESPONSE);
                httpServletResponse.setContentLength(response.length);
                httpServletResponse.getOutputStream().write(response);
                httpServletResponse.flushBuffer();
            } catch (Throwable th) {
                if (th instanceof EOFException) {
                    LogUtil.warn(LOG, th, "Connection reset by peer");
                } else {
                    LOG.error("Throwable thrown, this should not happen!", th);
                }
                sendError(httpServletResponse, 500);
                httpServletResponse.flushBuffer();
            }
        } catch (Throwable th2) {
            httpServletResponse.flushBuffer();
            throw th2;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r7v1, types: [byte[], byte[][]] */
    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String str = (String) httpServletRequest.getAttribute(HttpConstants.ATTR_XIPKI_PATH);
        ResponderAndPath responderForPath = this.server.getResponderForPath(str);
        if (responderForPath == null) {
            sendError(httpServletResponse, 404);
            return;
        }
        String servletPath = responderForPath.getServletPath();
        Responder responder = responderForPath.getResponder();
        if (!responder.supportsHttpGet()) {
            sendError(httpServletResponse, 405);
            return;
        }
        int length = servletPath.length();
        if (str.length() - length <= 10) {
            sendError(httpServletResponse, 400);
            return;
        }
        if (str.charAt(length) == '/') {
            length++;
        }
        String substring = str.substring(length);
        try {
            try {
                if (substring.length() > responder.getMaxRequestSize()) {
                    sendError(httpServletResponse, 414);
                    httpServletResponse.flushBuffer();
                    return;
                }
                byte[] base64Decode = base64Decode(StringUtil.toUtf8Bytes(substring));
                if (base64Decode == null) {
                    sendError(httpServletResponse, 400);
                    httpServletResponse.flushBuffer();
                    return;
                }
                OcspRespWithCacheInfo answer = this.server.answer(responder, base64Decode, true);
                if (answer == null || answer.getResponse() == null) {
                    LOG.error("processRequest returned null, this should not happen");
                    sendError(httpServletResponse, 500);
                    httpServletResponse.flushBuffer();
                    return;
                }
                byte[] response = answer.getResponse();
                if (this.logReqResp && LOG.isDebugEnabled()) {
                    LOG.debug("HTTP GET OCSP path: {}\nResponse:\n{}", httpServletRequest.getRequestURI(), LogUtil.base64Encode(response));
                }
                OcspRespWithCacheInfo.ResponseCacheInfo cacheInfo = answer.getCacheInfo();
                if (cacheInfo != null) {
                    response = answer.getResponse();
                    httpServletResponse.addDateHeader("Date", Clock.systemUTC().millis());
                    httpServletResponse.addDateHeader("Last-Modified", cacheInfo.getGeneratedAt());
                    Long nextUpdate = cacheInfo.getNextUpdate();
                    if (nextUpdate != null) {
                        httpServletResponse.addDateHeader("Expires", nextUpdate.longValue());
                    }
                    httpServletResponse.addHeader("ETag", StringUtil.concat("\"", HashAlgo.SHA1.hexHash(new byte[]{response}), "\""));
                    long longValue = responder.getCacheMaxAge() != null ? responder.getCacheMaxAge().longValue() : 60L;
                    if (nextUpdate != null) {
                        longValue = Math.min(longValue, (nextUpdate.longValue() - cacheInfo.getGeneratedAt()) / 1000);
                    }
                    httpServletResponse.addHeader("Cache-Control", StringUtil.concat("max-age=", Long.toString(longValue), ",public,no-transform,must-revalidate"));
                }
                httpServletResponse.setContentLength(response.length);
                httpServletResponse.setContentType(CT_RESPONSE);
                httpServletResponse.getOutputStream().write(response);
                httpServletResponse.flushBuffer();
            } catch (Throwable th) {
                if (th instanceof EOFException) {
                    LogUtil.warn(LOG, th, "Connection reset by peer");
                } else {
                    LOG.error("Throwable thrown, this should not happen!", th);
                }
                sendError(httpServletResponse, 500);
                httpServletResponse.flushBuffer();
            }
        } catch (Throwable th2) {
            httpServletResponse.flushBuffer();
            throw th2;
        }
    }

    private static void sendError(HttpServletResponse httpServletResponse, int i) {
        httpServletResponse.setStatus(i);
        httpServletResponse.setContentLength(0);
    }

    private static byte[] base64Decode(byte[] bArr) {
        int length = bArr.length;
        if (Base64.containsOnlyBase64Chars(bArr, 0, length)) {
            return Base64.decodeFast(bArr);
        }
        if (Base64Url.containsOnlyBase64UrlChars(bArr, 0, length)) {
            return Base64Url.decodeFast(bArr);
        }
        int i = 0;
        int i2 = 0;
        while (i2 < length - 2) {
            if (bArr[i2] == 37) {
                i++;
                i2 += 2;
            }
            i2++;
        }
        if (i == 0) {
            return null;
        }
        byte[] bArr2 = new byte[length - (i * 2)];
        int i3 = 0;
        for (int i4 = 0; i4 < bArr2.length; i4++) {
            if (bArr[i3] == 37) {
                bArr2[i4] = Hex.decodeSingle(bArr, i3 + 1);
                i3 += 2;
            } else {
                bArr2[i4] = bArr[i3];
            }
            i3++;
        }
        if (Base64.containsOnlyBase64Chars(bArr2, 0, length)) {
            return Base64.decodeFast(bArr2);
        }
        if (Base64Url.containsOnlyBase64UrlChars(bArr2, 0, length)) {
            return Base64Url.decodeFast(bArr2);
        }
        return null;
    }
}
