package org.eclipse.kura.jetty.customizer;

import java.security.KeyStore;
import java.security.cert.CRL;
import java.security.cert.CertPathValidator;
import java.security.cert.CertStore;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.X509CertSelector;
import java.util.Collection;
import java.util.Dictionary;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.function.Function;
import javax.net.ssl.KeyManager;
import org.eclipse.equinox.http.jetty.JettyCustomizer;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.ForwardedRequestCustomizer;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.gzip.GzipHandler;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.util.ssl.SslContextFactory;

/* loaded from: input_file:org/eclipse/kura/jetty/customizer/KuraJettyCustomizer.class */
public class KuraJettyCustomizer extends JettyCustomizer {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/kura/jetty/customizer/KuraJettyCustomizer$BaseSslContextFactory.class */
    public static class BaseSslContextFactory extends SslContextFactory.Server {
        private Optional<Function<String, List<KeyManager>>> keyManagersProvider;
        private Optional<CertStore> crlStore;

        private BaseSslContextFactory() {
            this.keyManagersProvider = Optional.empty();
            this.crlStore = Optional.empty();
        }

        public void setCRLStore(CertStore certStore) {
            this.crlStore = Optional.of(certStore);
        }

        public Optional<CertStore> getCRLStore() {
            return this.crlStore;
        }

        public void setKeyManagersProvider(Function<String, List<KeyManager>> function) {
            this.keyManagersProvider = Optional.of(function);
        }

        protected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception {
            return this.keyManagersProvider.isPresent() ? (KeyManager[]) this.keyManagersProvider.get().apply(getKeyManagerFactoryAlgorithm()).toArray(new KeyManager[0]) : super.getKeyManagers(keyStore);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/kura/jetty/customizer/KuraJettyCustomizer$ClientAuthSslContextFactoryImpl.class */
    public static final class ClientAuthSslContextFactoryImpl extends BaseSslContextFactory {
        private final Dictionary<String, ?> settings;

        private ClientAuthSslContextFactoryImpl(Dictionary<String, ?> dictionary) {
            super();
            this.settings = dictionary;
            setValidatePeerCerts(((Boolean) KuraJettyCustomizer.getOrDefault(dictionary, "org.eclipse.kura.revocation.check.enabled", true)).booleanValue());
        }

        protected PKIXBuilderParameters newPKIXBuilderParameters(KeyStore keyStore, Collection<? extends CRL> collection) throws Exception {
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
            boolean booleanValue = ((Boolean) KuraJettyCustomizer.getOrDefault(this.settings, "org.eclipse.kura.revocation.check.enabled", true)).booleanValue();
            pKIXBuilderParameters.setMaxPathLength(getMaxCertPathLength());
            pKIXBuilderParameters.setRevocationEnabled(booleanValue);
            PKIXRevocationChecker pKIXRevocationChecker = (PKIXRevocationChecker) CertPathValidator.getInstance("PKIX").getRevocationChecker();
            pKIXRevocationChecker.setOptions((EnumSet) KuraJettyCustomizer.getOrDefault(this.settings, "org.eclipse.kura.revocation.checker.options", EnumSet.noneOf(PKIXRevocationChecker.Option.class)));
            pKIXBuilderParameters.addCertPathChecker(pKIXRevocationChecker);
            if (getPkixCertPathChecker() != null) {
                pKIXBuilderParameters.addCertPathChecker(getPkixCertPathChecker());
            }
            Optional<CertStore> cRLStore = getCRLStore();
            if (cRLStore.isPresent()) {
                pKIXBuilderParameters.addCertStore(cRLStore.get());
            } else if (collection != null && !collection.isEmpty()) {
                pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(collection)));
            }
            return pKIXBuilderParameters;
        }
    }

    public Object customizeContext(Object obj, Dictionary<String, ?> dictionary) {
        if (!(obj instanceof ServletContextHandler)) {
            return obj;
        }
        ServletContextHandler servletContextHandler = (ServletContextHandler) obj;
        servletContextHandler.getServer().setErrorHandler(new KuraErrorHandler());
        GzipHandler gzipHandler = new GzipHandler();
        gzipHandler.setCompressionLevel(9);
        servletContextHandler.setGzipHandler(gzipHandler);
        servletContextHandler.setErrorHandler(new KuraErrorHandler());
        servletContextHandler.getSessionHandler().getSessionCookieConfig().setHttpOnly(true);
        return obj;
    }

    public Object customizeHttpConnector(Object obj, Dictionary<String, ?> dictionary) {
        if (!(obj instanceof ServerConnector)) {
            return obj;
        }
        ServerConnector serverConnector = (ServerConnector) obj;
        Set set = (Set) dictionary.get("org.eclipse.kura.http.ports");
        if (set == null) {
            return null;
        }
        Iterator it = set.iterator();
        while (it.hasNext()) {
            int intValue = ((Integer) it.next()).intValue();
            ServerConnector serverConnector2 = new ServerConnector(serverConnector.getServer(), new ConnectionFactory[]{new HttpConnectionFactory(new HttpConfiguration())});
            customizeConnector(serverConnector2, intValue);
            serverConnector.getServer().addConnector(serverConnector2);
        }
        return null;
    }

    public Object customizeHttpsConnector(Object obj, Dictionary<String, ?> dictionary) {
        if (!(obj instanceof ServerConnector)) {
            return obj;
        }
        ServerConnector serverConnector = (ServerConnector) obj;
        Set set = (Set) dictionary.get("org.eclipse.kura.https.ports");
        Set set2 = (Set) dictionary.get("org.eclipse.kura.https.client.auth.ports");
        if (set != null) {
            Iterator it = set.iterator();
            while (it.hasNext()) {
                createSslConnector(serverConnector.getServer(), dictionary, ((Integer) it.next()).intValue(), false).ifPresent(serverConnector2 -> {
                    serverConnector.getServer().addConnector(serverConnector2);
                });
            }
        }
        if (set2 == null) {
            return null;
        }
        Iterator it2 = set2.iterator();
        while (it2.hasNext()) {
            createSslConnector(serverConnector.getServer(), dictionary, ((Integer) it2.next()).intValue(), true).ifPresent(serverConnector3 -> {
                serverConnector.getServer().addConnector(serverConnector3);
            });
        }
        return null;
    }

    private Optional<ServerConnector> createSslConnector(Server server, Dictionary<String, ?> dictionary, int i, boolean z) {
        BaseSslContextFactory clientAuthSslContextFactoryImpl = z ? new ClientAuthSslContextFactoryImpl(dictionary) : new BaseSslContextFactory();
        Object obj = dictionary.get("org.eclipse.kura.keystore.provider");
        Object obj2 = dictionary.get("org.eclipse.kura.keymanager.provider");
        Object obj3 = dictionary.get("org.eclipse.kura.crl.store");
        Optional optional = getOptional(dictionary, "ssl.keystore", String.class);
        Optional optional2 = getOptional(dictionary, "ssl.password", String.class);
        if ((obj instanceof Callable) && (obj2 instanceof Function)) {
            try {
                KeyStore keyStore = (KeyStore) ((Callable) obj).call();
                clientAuthSslContextFactoryImpl.setKeyStore(keyStore);
                clientAuthSslContextFactoryImpl.setTrustStore(keyStore);
                clientAuthSslContextFactoryImpl.setKeyManagersProvider((Function) obj2);
                if (obj3 instanceof CertStore) {
                    clientAuthSslContextFactoryImpl.setCRLStore((CertStore) obj3);
                }
            } catch (Exception e) {
                return Optional.empty();
            }
        } else {
            if (!optional.isPresent() || !optional2.isPresent()) {
                return Optional.empty();
            }
            clientAuthSslContextFactoryImpl.setKeyStorePath((String) optional.get());
            clientAuthSslContextFactoryImpl.setKeyStorePassword((String) optional2.get());
            clientAuthSslContextFactoryImpl.setKeyStoreType("JKS");
        }
        clientAuthSslContextFactoryImpl.setProtocol("TLS");
        clientAuthSslContextFactoryImpl.setTrustManagerFactoryAlgorithm("PKIX");
        clientAuthSslContextFactoryImpl.setWantClientAuth(z);
        clientAuthSslContextFactoryImpl.setNeedClientAuth(z);
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.addCustomizer(new SecureRequestCustomizer());
        ServerConnector serverConnector = new ServerConnector(server, new ConnectionFactory[]{new SslConnectionFactory(clientAuthSslContextFactoryImpl, "http/1.1"), new HttpConnectionFactory(httpConfiguration)});
        customizeConnector(serverConnector, i);
        return Optional.of(serverConnector);
    }

    private void customizeConnector(ServerConnector serverConnector, int i) {
        serverConnector.setPort(i);
        for (HttpConnectionFactory httpConnectionFactory : serverConnector.getConnectionFactories()) {
            if (httpConnectionFactory instanceof HttpConnectionFactory) {
                httpConnectionFactory.getHttpConfiguration().setSendServerVersion(false);
            }
        }
        addCustomizer(serverConnector, new ForwardedRequestCustomizer());
    }

    private void addCustomizer(ServerConnector serverConnector, HttpConfiguration.Customizer customizer) {
        for (HttpConnectionFactory httpConnectionFactory : serverConnector.getConnectionFactories()) {
            if (httpConnectionFactory instanceof HttpConnectionFactory) {
                HttpConnectionFactory httpConnectionFactory2 = httpConnectionFactory;
                httpConnectionFactory2.getHttpConfiguration().setSendServerVersion(false);
                List customizers = httpConnectionFactory2.getHttpConfiguration().getCustomizers();
                if (customizers == null) {
                    customizers = new LinkedList();
                    httpConnectionFactory2.getHttpConfiguration().setCustomizers(customizers);
                }
                customizers.add(customizer);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static <T> T getOrDefault(Dictionary<String, ?> dictionary, String str, T t) {
        T t2 = (T) dictionary.get(str);
        return t.getClass().isInstance(t2) ? t2 : t;
    }

    private static <T> Optional<T> getOptional(Dictionary<String, ?> dictionary, String str, Class<T> cls) {
        Object obj = dictionary.get(str);
        return cls.isInstance(obj) ? Optional.of(obj) : Optional.empty();
    }
}
