package org.wso2.carbon.core.transports.util;

import java.io.IOException;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.description.AxisService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.velocity.servlet.VelocityServlet;
import org.wso2.carbon.core.RegistryResources;
import org.wso2.carbon.core.internal.CarbonCoreDataHolder;
import org.wso2.carbon.core.transports.CarbonHttpRequest;
import org.wso2.carbon.core.transports.CarbonHttpResponse;
import org.wso2.carbon.core.transports.HttpGetRequestProcessor;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.core.util.KeyStoreUtil;
import org.wso2.carbon.registry.core.Association;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.registry.core.session.UserRegistry;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.core-4.4.2.jar:org/wso2/carbon/core/transports/util/CertProcessor.class */
public class CertProcessor implements HttpGetRequestProcessor {
    private static Log log = LogFactory.getLog(CertProcessor.class);
    private CarbonCoreDataHolder dataHolder = CarbonCoreDataHolder.getInstance();

    @Override // org.wso2.carbon.core.transports.HttpGetRequestProcessor
    public void process(CarbonHttpRequest carbonHttpRequest, CarbonHttpResponse carbonHttpResponse, ConfigurationContext configurationContext) throws Exception {
        String requestURI = carbonHttpRequest.getRequestURI();
        String serviceContextPath = configurationContext.getServiceContextPath();
        String substring = requestURI.substring(requestURI.indexOf(serviceContextPath) + serviceContextPath.length() + 1);
        AxisService serviceForActivation = configurationContext.getAxisConfiguration().getServiceForActivation(substring);
        OutputStream outputStream = carbonHttpResponse.getOutputStream();
        if (!serviceForActivation.isActive()) {
            carbonHttpResponse.addHeader("Content-Type", VelocityServlet.DEFAULT_CONTENT_TYPE);
            outputStream.write(("<h4>Service " + substring + " is inactive. Cannot retrieve certificate.</h4>").getBytes());
            outputStream.flush();
            return;
        }
        UserRegistry configSystemRegistry = this.dataHolder.getRegistryService().getConfigSystemRegistry();
        String str = "/repository/axis2/service-groups/" + serviceForActivation.getAxisServiceGroup().getServiceGroupName() + "/services/" + serviceForActivation.getName();
        Resource resource = configSystemRegistry.get(str);
        Association[] associations = configSystemRegistry.getAssociations(str, "service-keystore");
        KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(-1234);
        KeyStore keyStore = null;
        if (associations.length < 1) {
            boolean z = false;
            Association[] associations2 = configSystemRegistry.getAssociations(str, RegistryResources.Associations.EXPOSED_TRANSPORTS);
            int length = associations2.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Resource resource2 = configSystemRegistry.get(associations2[i].getDestinationPath());
                if (resource2.getProperty(RegistryResources.Transports.PROTOCOL_NAME).equals("https")) {
                    z = true;
                    break;
                } else {
                    resource2.discard();
                    i++;
                }
            }
            if (z || Boolean.valueOf(resource.getProperty(RegistryResources.ServiceProperties.EXPOSED_ON_ALL_TANSPORTS)).booleanValue()) {
                keyStore = keyStoreManager.getPrimaryKeyStore();
            }
        } else {
            String destinationPath = associations[0].getDestinationPath();
            keyStore = destinationPath.equals("/repository/security/key-stores/carbon-primary-ks") ? keyStoreManager.getPrimaryKeyStore() : keyStoreManager.getKeyStore(destinationPath.substring(destinationPath.lastIndexOf(47) + 1));
        }
        resource.discard();
        String str2 = null;
        if (keyStore != null) {
            str2 = KeyStoreUtil.getPrivateKeyAlias(keyStore);
        }
        if (str2 != null) {
            serializeCert(KeyStoreUtil.getCertificate(str2, keyStore), carbonHttpResponse, outputStream, substring);
            return;
        }
        carbonHttpResponse.addHeader("Content-Type", VelocityServlet.DEFAULT_CONTENT_TYPE);
        outputStream.write(("<h4>Service " + substring + " does not have a private key.</h4>").getBytes());
        outputStream.flush();
    }

    private void serializeCert(Certificate certificate, CarbonHttpResponse carbonHttpResponse, OutputStream outputStream, String str) throws AxisFault {
        try {
            try {
                carbonHttpResponse.addHeader("Content-Type", "application/octet-stream");
                carbonHttpResponse.addHeader("Content-Disposition", "filename=" + str + ".cert");
                outputStream.write(certificate.getEncoded());
            } finally {
                try {
                    outputStream.flush();
                } catch (IOException e) {
                    log.error("Faliour when serializing to stream", e);
                }
            }
        } catch (IOException e2) {
            log.error("Faliour when serializing to stream", e2);
            throw new AxisFault("Faliour when serializing to stream", e2);
        } catch (CertificateEncodingException e3) {
            log.error("Could not get encoded format of certificate", e3);
            throw new AxisFault("Could not get encoded format of certificate", e3);
        }
    }
}
