package org.zowe.apiml.filter;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.tomcat.util.codec.binary.Base64;
import org.springframework.web.filter.OncePerRequestFilter;
import org.zowe.commons.attls.InboundAttls;

/* loaded from: input_file:BOOT-INF/lib/apiml-tomcat-common-2.4.2.jar:org/zowe/apiml/filter/AttlsFilter.class */
public class AttlsFilter extends OncePerRequestFilter {
    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        try {
            if (InboundAttls.getCertificate() != null && InboundAttls.getCertificate().length > 0) {
                try {
                    populateRequestWithCertificate(httpServletRequest, InboundAttls.getCertificate());
                    InboundAttls.clean();
                } catch (Throwable th) {
                    InboundAttls.clean();
                    throw th;
                }
            }
        } catch (Exception e) {
            this.logger.error("Not possible to get certificate from AT-TLS context", e);
            AttlsErrorHandler.handleError(httpServletResponse, "Exception reading certificate");
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public void populateRequestWithCertificate(HttpServletRequest httpServletRequest, byte[] bArr) throws CertificateException {
        httpServletRequest.setAttribute("javax.servlet.request.X509Certificate", new X509Certificate[]{(X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(("-----BEGIN CERTIFICATE-----\n" + new String(Base64.encodeBase64(bArr)) + "\n-----END CERTIFICATE-----").getBytes()))});
    }
}
