package org.xipki.ocsp.server.impl;

import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.handler.codec.http.HttpHeaders;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpVersion;
import java.io.EOFException;
import javax.net.ssl.SSLSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.common.util.Base64;
import org.xipki.common.util.LogUtil;
import org.xipki.common.util.ParamUtil;
import org.xipki.http.servlet.AbstractHttpServlet;
import org.xipki.http.servlet.ServletURI;
import org.xipki.http.servlet.SslReverseProxyMode;
import org.xipki.ocsp.server.impl.OcspRespWithCacheInfo;
import org.xipki.security.HashAlgoType;

/* loaded from: input_file:org/xipki/ocsp/server/impl/HttpOcspServlet.class */
public class HttpOcspServlet extends AbstractHttpServlet {
    private static final Logger LOG = LoggerFactory.getLogger(HttpOcspServlet.class);
    private static final String CT_REQUEST = "application/ocsp-request";
    private static final String CT_RESPONSE = "application/ocsp-response";
    private OcspServer server;

    public void setServer(OcspServer ocspServer) {
        this.server = (OcspServer) ParamUtil.requireNonNull("server", ocspServer);
    }

    public FullHttpResponse service(FullHttpRequest fullHttpRequest, ServletURI servletURI, SSLSession sSLSession, SslReverseProxyMode sslReverseProxyMode) throws Exception {
        if (this.server == null) {
            LOG.error("responder in servlet not configured");
            return createErrorResponse(fullHttpRequest.protocolVersion(), HttpResponseStatus.INTERNAL_SERVER_ERROR);
        }
        HttpMethod method = fullHttpRequest.method();
        return HttpMethod.POST.equals(method) ? servicePost(fullHttpRequest, servletURI, sSLSession, sslReverseProxyMode) : HttpMethod.GET.equals(method) ? serviceGet(fullHttpRequest, servletURI, sSLSession, sslReverseProxyMode) : createErrorResponse(fullHttpRequest.protocolVersion(), HttpResponseStatus.METHOD_NOT_ALLOWED);
    }

    private FullHttpResponse servicePost(FullHttpRequest fullHttpRequest, ServletURI servletURI, SSLSession sSLSession, SslReverseProxyMode sslReverseProxyMode) throws Exception {
        HttpVersion protocolVersion = fullHttpRequest.protocolVersion();
        Responder responder = this.server.getResponder(servletURI);
        if (responder == null) {
            return createErrorResponse(protocolVersion, HttpResponseStatus.NOT_FOUND);
        }
        try {
            if (!CT_REQUEST.equalsIgnoreCase(fullHttpRequest.headers().get("Content-Type"))) {
                return createErrorResponse(protocolVersion, HttpResponseStatus.UNSUPPORTED_MEDIA_TYPE);
            }
            if (fullHttpRequest.content().readableBytes() > responder.requestOption().maxRequestSize()) {
                return createErrorResponse(protocolVersion, HttpResponseStatus.REQUEST_ENTITY_TOO_LARGE);
            }
            OcspRespWithCacheInfo answer = this.server.answer(responder, readContent(fullHttpRequest), false);
            if (answer != null && answer.response() != null) {
                return createOKResponse(protocolVersion, CT_RESPONSE, answer.response());
            }
            LOG.error("processRequest returned null, this should not happen");
            return createErrorResponse(protocolVersion, HttpResponseStatus.INTERNAL_SERVER_ERROR);
        } catch (Throwable th) {
            if (th instanceof EOFException) {
                LogUtil.warn(LOG, th, "Connection reset by peer");
            } else {
                LOG.error("Throwable thrown, this should not happen!", th);
            }
            return createErrorResponse(protocolVersion, HttpResponseStatus.INTERNAL_SERVER_ERROR);
        }
    }

    private FullHttpResponse serviceGet(FullHttpRequest fullHttpRequest, ServletURI servletURI, SSLSession sSLSession, SslReverseProxyMode sslReverseProxyMode) throws Exception {
        HttpVersion protocolVersion = fullHttpRequest.protocolVersion();
        Object[] servletPathAndResponder = this.server.getServletPathAndResponder(servletURI);
        if (servletPathAndResponder == null) {
            return createErrorResponse(protocolVersion, HttpResponseStatus.NOT_FOUND);
        }
        String path = servletURI.path();
        String str = (String) servletPathAndResponder[0];
        Responder responder = (Responder) servletPathAndResponder[1];
        if (!responder.requestOption().supportsHttpGet()) {
            return createErrorResponse(protocolVersion, HttpResponseStatus.METHOD_NOT_ALLOWED);
        }
        int length = str.length();
        if (path.length() - length <= 10) {
            return createErrorResponse(protocolVersion, HttpResponseStatus.BAD_REQUEST);
        }
        if (path.charAt(length) == '/') {
            length++;
        }
        String substring = servletURI.path().substring(length);
        try {
            if (substring.length() > responder.requestOption().maxRequestSize()) {
                return createErrorResponse(protocolVersion, HttpResponseStatus.REQUEST_ENTITY_TOO_LARGE);
            }
            OcspRespWithCacheInfo answer = this.server.answer(responder, Base64.decode(substring), true);
            if (answer == null || answer.response() == null) {
                return createErrorResponse(protocolVersion, HttpResponseStatus.INTERNAL_SERVER_ERROR);
            }
            FullHttpResponse createOKResponse = createOKResponse(protocolVersion, CT_RESPONSE, answer.response());
            OcspRespWithCacheInfo.ResponseCacheInfo cacheInfo = answer.cacheInfo();
            if (cacheInfo != null) {
                byte[] response = answer.response();
                long currentTimeMillis = System.currentTimeMillis();
                HttpHeaders headers = createOKResponse.headers();
                headers.add("Date", Long.valueOf(currentTimeMillis));
                headers.add("Last-Modified", Long.valueOf(cacheInfo.thisUpdate()));
                if (cacheInfo.nextUpdate() != null) {
                    headers.add("Expires", cacheInfo.nextUpdate());
                }
                headers.add("ETag", new StringBuilder(42).append('\\').append(HashAlgoType.SHA1.hexHash(response)).append('\\').toString());
                long longValue = responder.responseOption().cacheMaxAge() != null ? responder.responseOption().cacheMaxAge().longValue() : 60L;
                if (cacheInfo.nextUpdate() != null) {
                    longValue = Math.min(longValue, (cacheInfo.nextUpdate().longValue() - cacheInfo.thisUpdate()) / 1000);
                }
                headers.add("Cache-Control", new StringBuilder(55).append("max-age=").append(longValue).append(",public,no-transform,must-revalidate").toString());
            }
            return createOKResponse;
        } catch (Throwable th) {
            if (th instanceof EOFException) {
                LogUtil.warn(LOG, th, "Connection reset by peer");
            } else {
                LOG.error("Throwable thrown, this should not happen!", th);
            }
            return createErrorResponse(protocolVersion, HttpResponseStatus.INTERNAL_SERVER_ERROR);
        }
    }
}
