package winstone;

import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.Reader;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.RSAPrivateKeySpec;
import java.text.MessageFormat;
import java.util.Enumeration;
import java.util.Map;
import javax.net.ssl.KeyManagerFactory;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.nio.SelectChannelConnector;
import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;
import org.eclipse.jetty.util.B64Code;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.netbeans.lib.cvsclient.command.commit.CommitInformation;
import sun.security.util.DerInputStream;
import sun.security.util.DerValue;
import sun.security.x509.CertAndKeyGen;
import sun.security.x509.X500Name;
import winstone.cmdline.Option;

/* loaded from: input_file:winstone.jar:winstone/HttpsConnectorFactory.class */
public class HttpsConnectorFactory implements ConnectorFactory {
    private static final WinstoneResourceBundle SSL_RESOURCES = new WinstoneResourceBundle("winstone.LocalStrings");
    private KeyStore keystore;
    private String keystorePassword;

    @Override // winstone.ConnectorFactory
    public boolean start(Map map, Server server) throws IOException {
        int i = Option.HTTPS_PORT.get(map);
        String str = Option.HTTPS_LISTEN_ADDRESS.get(map);
        Option.HTTPS_DO_HOSTNAME_LOOKUPS.get(map);
        int i2 = Option.HTTPS_KEEP_ALIVE_TIMEOUT.get(map);
        if (i < 0) {
            return false;
        }
        try {
            File file = Option.HTTPS_CERTIFICATE.get(map);
            File file2 = Option.HTTPS_PRIVATE_KEY.get(map);
            File file3 = Option.HTTPS_KEY_STORE.get(map);
            String str2 = Option.HTTPS_KEY_STORE_PASSWORD.get(map);
            if ((file != null) ^ (file2 != null)) {
                throw new WinstoneException(MessageFormat.format("--{0} and --{1} need to be used together", Option.HTTPS_CERTIFICATE, Option.HTTPS_PRIVATE_KEY));
            }
            if (file3 != null && file2 != null) {
                throw new WinstoneException(MessageFormat.format("--{0} and --{1} are mutually exclusive", Option.HTTPS_KEY_STORE, Option.HTTPS_PRIVATE_KEY));
            }
            if (file3 != null) {
                if (!file3.exists() || !file3.isFile()) {
                    throw new WinstoneException(SSL_RESOURCES.getString("HttpsListener.KeyStoreNotFound", file3.getPath()));
                }
                this.keystorePassword = str2;
                this.keystore = KeyStore.getInstance("JKS");
                this.keystore.load(new FileInputStream(file3), this.keystorePassword.toCharArray());
            } else if (file != null) {
                Certificate generateCertificate = CertificateFactory.getInstance("X509").generateCertificate(new FileInputStream(file));
                PrivateKey readPEMRSAPrivateKey = readPEMRSAPrivateKey(new FileReader(file2));
                this.keystorePassword = "changeit";
                this.keystore = KeyStore.getInstance("JKS");
                this.keystore.load(null);
                this.keystore.setKeyEntry("hudson", readPEMRSAPrivateKey, this.keystorePassword.toCharArray(), new Certificate[]{generateCertificate});
            } else {
                this.keystorePassword = "changeit";
                System.out.println("Using one-time self-signed certificate");
                CertAndKeyGen certAndKeyGen = new CertAndKeyGen("RSA", "SHA1WithRSA", (String) null);
                certAndKeyGen.generate(1024);
                PrivateKey privateKey = certAndKeyGen.getPrivateKey();
                X509Certificate selfCertificate = certAndKeyGen.getSelfCertificate(new X500Name("Test site", CommitInformation.UNKNOWN, CommitInformation.UNKNOWN, CommitInformation.UNKNOWN), 315360000L);
                this.keystore = KeyStore.getInstance("JKS");
                this.keystore.load(null);
                this.keystore.setKeyEntry("hudson", privateKey, this.keystorePassword.toCharArray(), new Certificate[]{selfCertificate});
            }
            SelectChannelConnector createConnector = createConnector(map);
            createConnector.setPort(i);
            createConnector.setHost(str);
            createConnector.setForwarded(true);
            createConnector.setMaxIdleTime(i2);
            createConnector.setRequestHeaderSize(Option.REQUEST_HEADER_SIZE.get(map));
            createConnector.setRequestBufferSize(Option.REQUEST_BUFFER_SIZE.get(map));
            server.addConnector(createConnector);
            return true;
        } catch (GeneralSecurityException e) {
            throw ((IOException) new IOException("Failed to handle keys").initCause(e));
        }
    }

    private SelectChannelConnector createConnector(Map map) {
        SslContextFactory sSLContext = getSSLContext(map);
        if (!Option.HTTPS_SPDY.get(map)) {
            return new SslSelectChannelConnector(sSLContext);
        }
        try {
            sSLContext.setIncludeProtocols("TLSv1");
            return (SelectChannelConnector) Class.forName("org.eclipse.jetty.spdy.http.HTTPSPDYServerConnector").getConstructor(SslContextFactory.class).newInstance(sSLContext);
        } catch (Exception e) {
            throw new Error("Failed to enable SPDY connector", e);
        } catch (NoClassDefFoundError e2) {
            if (e2.getMessage().contains("org/eclipse/jetty/npn")) {
                throw new WinstoneException(SSL_RESOURCES.getString("HttpsListener.MissingNPN"), e2);
            }
            throw e2;
        }
    }

    private static PrivateKey readPEMRSAPrivateKey(Reader reader) throws IOException, GeneralSecurityException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            BufferedReader bufferedReader = new BufferedReader(reader);
            boolean z = false;
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    DerValue[] sequence = new DerInputStream(byteArrayOutputStream.toByteArray()).getSequence(0);
                    return KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateKeySpec(sequence[1].getBigInteger(), sequence[3].getBigInteger()));
                }
                if (readLine.startsWith("-----")) {
                    z = !z;
                } else if (z) {
                    byteArrayOutputStream.write(B64Code.decode(readLine));
                }
            }
        } finally {
            reader.close();
        }
    }

    SslContextFactory getSSLContext(Map map) {
        try {
            String str = Option.HTTPS_PRIVATE_KEY_PASSWORD.get(map, this.keystorePassword);
            KeyManagerFactory.getInstance(Option.HTTPS_KEY_MANAGER_TYPE.get(map)).init(this.keystore, this.keystorePassword.toCharArray());
            Logger.log(Logger.FULL_DEBUG, SSL_RESOURCES, "HttpsListener.KeyCount", this.keystore.size() + "");
            Enumeration<String> aliases = this.keystore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Logger.log(Logger.FULL_DEBUG, SSL_RESOURCES, "HttpsListener.KeyFound", nextElement, this.keystore.getCertificate(nextElement) + "");
            }
            SslContextFactory sslContextFactory = new SslContextFactory();
            sslContextFactory.setKeyStore(this.keystore);
            sslContextFactory.setKeyStorePassword(this.keystorePassword);
            sslContextFactory.setKeyManagerPassword(str);
            sslContextFactory.setSslKeyManagerFactoryAlgorithm(Option.HTTPS_KEY_MANAGER_TYPE.get(map));
            sslContextFactory.setCertAlias(Option.HTTPS_CERTIFICATE_ALIAS.get(map));
            sslContextFactory.setExcludeProtocols("SSLv3");
            sslContextFactory.setNeedClientAuth(Option.HTTPS_VERIFY_CLIENT.get(map));
            return sslContextFactory;
        } catch (Throwable th) {
            throw new WinstoneException(SSL_RESOURCES.getString("HttpsListener.ErrorGettingContext"), th);
        }
    }
}
