package org.wso2.carbon.core.transports.util;

import java.io.IOException;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.description.AxisService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.framework.BundleContext;
import org.springframework.util.AntPathMatcher;
import org.wso2.carbon.core.CarbonConstants;
import org.wso2.carbon.core.RegistryResources;
import org.wso2.carbon.core.ServerManager;
import org.wso2.carbon.core.transports.HttpGetRequestProcessor;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.core.util.KeyStoreUtil;
import org.wso2.carbon.registry.service.RegistryService;
import org.wso2.registry.Association;
import org.wso2.registry.Registry;
import org.wso2.registry.Resource;

/* loaded from: input_file:org/wso2/carbon/core/transports/util/CertProcessor.class */
public class CertProcessor implements HttpGetRequestProcessor {
    private static Log log = LogFactory.getLog(CertProcessor.class);

    @Override // org.wso2.carbon.core.transports.HttpGetRequestProcessor
    public void process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ConfigurationContext configurationContext) throws Exception {
        String requestURI = httpServletRequest.getRequestURI();
        String serviceContextPath = configurationContext.getServiceContextPath();
        String substring = requestURI.substring(requestURI.indexOf(serviceContextPath) + serviceContextPath.length() + 1);
        AxisService serviceForActivation = configurationContext.getAxisConfiguration().getServiceForActivation(substring);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        if (!serviceForActivation.isActive()) {
            httpServletResponse.setContentType("text/html");
            outputStream.write(("<h4>Service " + substring + " is inactive. Cannot retrieve certificate.</h4>").getBytes());
            outputStream.flush();
            return;
        }
        ServerManager serverManager = ServerManager.getInstance();
        serverManager.getConfigContext();
        BundleContext bundleContext = serverManager.getBundleContext();
        Registry systemRegistry = ((RegistryService) bundleContext.getService(bundleContext.getServiceReference(RegistryService.class.getName()))).getSystemRegistry();
        String str = RegistryResources.SERVICE_GROUPS + serviceForActivation.getAxisServiceGroup().getServiceGroupName() + RegistryResources.SERVICES + serviceForActivation.getName();
        Resource resource = systemRegistry.get(str);
        Association[] associations = systemRegistry.getAssociations(str, RegistryResources.Associations.PRIVATE_KEYSTORE);
        KeyStoreManager keyStoreManager = KeyStoreManager.getInstance();
        KeyStore keyStore = null;
        if (associations.length < 1) {
            boolean z = false;
            Association[] associations2 = systemRegistry.getAssociations(str, RegistryResources.Associations.EXPOSED_TRANSPORTS);
            int length = associations2.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (systemRegistry.get(associations2[i].getDestinationPath()).getProperty(RegistryResources.Transports.PROTOCOL_NAME).equals(CarbonConstants.HTTPS_TRANSPORT)) {
                    z = true;
                    break;
                }
                i++;
            }
            if (z || Boolean.valueOf(resource.getProperty(RegistryResources.ServiceProperties.EXPOSED_ON_ALL_TANSPORTS)).booleanValue()) {
                keyStore = keyStoreManager.getPrimaryKeyStore();
            }
        } else {
            String destinationPath = associations[0].getDestinationPath();
            keyStore = destinationPath.equals(RegistryResources.SecurityManagement.PRIMARY_KEYSTORE_PHANTOM_RESOURCE) ? keyStoreManager.getPrimaryKeyStore() : keyStoreManager.getKeyStore(destinationPath.substring(destinationPath.lastIndexOf(AntPathMatcher.DEFAULT_PATH_SEPARATOR) + 1));
        }
        String str2 = null;
        if (keyStore != null) {
            str2 = KeyStoreUtil.getPrivateKeyAlias(keyStore);
        }
        if (str2 != null) {
            serializeCert(KeyStoreUtil.getCertificate(str2, keyStore), httpServletResponse, outputStream, substring);
            return;
        }
        httpServletResponse.setContentType("text/html");
        outputStream.write(("<h4>Service " + substring + " does not have a private key.</h4>").getBytes());
        outputStream.flush();
    }

    private void serializeCert(Certificate certificate, HttpServletResponse httpServletResponse, OutputStream outputStream, String str) throws AxisFault {
        try {
            try {
                try {
                    httpServletResponse.setContentType("application/octet-stream");
                    httpServletResponse.setHeader("Content-Disposition", "filename=" + str + ".cert");
                    outputStream.write(certificate.getEncoded());
                } catch (CertificateEncodingException e) {
                    log.error("Could not get encoded format of certificate", e);
                    throw new AxisFault("Could not get encoded format of certificate", e);
                }
            } catch (IOException e2) {
                log.error("Faliour when serializing to stream", e2);
                throw new AxisFault("Faliour when serializing to stream", e2);
            }
        } finally {
            try {
                outputStream.flush();
            } catch (IOException e3) {
                log.error("Faliour when serializing to stream", e3);
            }
        }
    }
}
