package winstone;

import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.Reader;
import java.lang.reflect.Method;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.RSAPrivateKeySpec;
import java.text.MessageFormat;
import java.util.Enumeration;
import java.util.Map;
import java.util.logging.Level;
import javax.net.ssl.KeyManagerFactory;
import org.eclipse.jetty.server.ForwardedRequestCustomizer;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.util.B64Code;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import winstone.cmdline.Option;

/* loaded from: input_file:winstone/HttpsConnectorFactory.class */
public class HttpsConnectorFactory implements ConnectorFactory {
    private static final WinstoneResourceBundle SSL_RESOURCES = new WinstoneResourceBundle("winstone.LocalStrings");
    private KeyStore keystore;
    private String keystorePassword;

    @Override // winstone.ConnectorFactory
    public boolean start(Map map, Server server) throws IOException {
        Object newInstance;
        int i = Option.HTTPS_PORT.get(map);
        String str = Option.HTTPS_LISTEN_ADDRESS.get(map);
        int i2 = Option.HTTPS_KEEP_ALIVE_TIMEOUT.get(map);
        if (i < 0) {
            return false;
        }
        try {
            File file = Option.HTTPS_CERTIFICATE.get(map);
            File file2 = Option.HTTPS_PRIVATE_KEY.get(map);
            File file3 = Option.HTTPS_KEY_STORE.get(map);
            String str2 = Option.HTTPS_KEY_STORE_PASSWORD.get(map);
            if ((file != null) ^ (file2 != null)) {
                throw new WinstoneException(MessageFormat.format("--{0} and --{1} need to be used together", Option.HTTPS_CERTIFICATE, Option.HTTPS_PRIVATE_KEY));
            }
            if (file3 != null && file2 != null) {
                throw new WinstoneException(MessageFormat.format("--{0} and --{1} are mutually exclusive", Option.HTTPS_KEY_STORE, Option.HTTPS_PRIVATE_KEY));
            }
            if (file3 != null) {
                if (!file3.exists() || !file3.isFile()) {
                    throw new WinstoneException(SSL_RESOURCES.getString("HttpsListener.KeyStoreNotFound", file3.getPath()));
                }
                this.keystorePassword = str2;
                this.keystore = KeyStore.getInstance("JKS");
                this.keystore.load(new FileInputStream(file3), this.keystorePassword.toCharArray());
            } else if (file != null) {
                Certificate generateCertificate = CertificateFactory.getInstance("X509").generateCertificate(new FileInputStream(file));
                PrivateKey readPEMRSAPrivateKey = readPEMRSAPrivateKey(new FileReader(file2));
                this.keystorePassword = "changeit";
                this.keystore = KeyStore.getInstance("JKS");
                this.keystore.load(null);
                this.keystore.setKeyEntry("hudson", readPEMRSAPrivateKey, this.keystorePassword.toCharArray(), new Certificate[]{generateCertificate});
            } else {
                this.keystorePassword = "changeit";
                System.out.println("Using one-time self-signed certificate");
                try {
                    try {
                        newInstance = Class.forName("sun.security.x509.CertAndKeyGen").getDeclaredConstructor(String.class, String.class, String.class).newInstance("RSA", "SHA1WithRSA", null);
                    } catch (ClassNotFoundException e) {
                        newInstance = Class.forName("sun.security.tools.keytool.CertAndKeyGen").getDeclaredConstructor(String.class, String.class, String.class).newInstance("RSA", "SHA1WithRSA", null);
                    }
                    newInstance.getClass().getDeclaredMethod("generate", Integer.TYPE).invoke(newInstance, 1024);
                    PrivateKey privateKey = (PrivateKey) newInstance.getClass().getMethod("getPrivateKey", new Class[0]).invoke(newInstance, new Object[0]);
                    Class<?> cls = Class.forName("sun.security.x509.X500Name");
                    X509Certificate x509Certificate = (X509Certificate) newInstance.getClass().getMethod("getSelfCertificate", cls, Long.TYPE).invoke(newInstance, cls.getConstructor(String.class, String.class, String.class, String.class).newInstance("Test site", "Unknown", "Unknown", "Unknown"), 315360000L);
                    Logger.log(Level.WARNING, SSL_RESOURCES, "HttpsConnectorFactory.SelfSigned");
                    this.keystore = KeyStore.getInstance("JKS");
                    this.keystore.load(null);
                    this.keystore.setKeyEntry("hudson", privateKey, this.keystorePassword.toCharArray(), new Certificate[]{x509Certificate});
                } catch (Exception e2) {
                    throw new WinstoneException(SSL_RESOURCES.getString("HttpsConnectorFactory.SelfSignedError"), e2);
                }
            }
            ServerConnector createConnector = createConnector(server, map);
            createConnector.setPort(i);
            createConnector.setHost(str);
            createConnector.setIdleTimeout(i2);
            HttpConfiguration httpConfiguration = ((HttpConnectionFactory) createConnector.getConnectionFactory(HttpConnectionFactory.class)).getHttpConfiguration();
            httpConfiguration.addCustomizer(new ForwardedRequestCustomizer());
            httpConfiguration.setRequestHeaderSize(Option.REQUEST_HEADER_SIZE.get(map));
            server.addConnector(createConnector);
            return true;
        } catch (GeneralSecurityException e3) {
            throw ((IOException) new IOException("Failed to handle keys").initCause(e3));
        }
    }

    private ServerConnector createConnector(Server server, Map map) {
        return new ServerConnector(server, getSSLContext(map));
    }

    private static PrivateKey readPEMRSAPrivateKey(Reader reader) throws IOException, GeneralSecurityException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            BufferedReader bufferedReader = new BufferedReader(reader);
            boolean z = false;
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    try {
                        Class<?> cls = Class.forName("sun.security.util.DerInputStream");
                        Object[] objArr = (Object[]) cls.getMethod("getSequence", Integer.TYPE).invoke(cls.getConstructor(byte[].class).newInstance(byteArrayOutputStream.toByteArray()), 0);
                        Method method = objArr[0].getClass().getMethod("getBigInteger", new Class[0]);
                        BigInteger bigInteger = (BigInteger) method.invoke(objArr[1], new Object[0]);
                        BigInteger bigInteger2 = (BigInteger) method.invoke(objArr[3], new Object[0]);
                        Logger.log(Level.WARNING, SSL_RESOURCES, "HttpsConnectorFactory.LoadPrivateKey");
                        return KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateKeySpec(bigInteger, bigInteger2));
                    } catch (Exception e) {
                        throw new WinstoneException(SSL_RESOURCES.getString("HttpsConnectorFactory.LoadPrivateKeyError"), e);
                    }
                }
                if (readLine.startsWith("-----")) {
                    z = !z;
                } else if (z) {
                    byteArrayOutputStream.write(B64Code.decode(readLine));
                }
            }
        } finally {
            reader.close();
        }
    }

    SslContextFactory getSSLContext(Map map) {
        try {
            String str = Option.HTTPS_PRIVATE_KEY_PASSWORD.get(map, this.keystorePassword);
            KeyManagerFactory.getInstance(Option.HTTPS_KEY_MANAGER_TYPE.get(map)).init(this.keystore, this.keystorePassword.toCharArray());
            Logger.log(Logger.FULL_DEBUG, SSL_RESOURCES, "HttpsListener.KeyCount", this.keystore.size() + "");
            Enumeration<String> aliases = this.keystore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Logger.log(Logger.FULL_DEBUG, SSL_RESOURCES, "HttpsListener.KeyFound", nextElement, this.keystore.getCertificate(nextElement) + "");
            }
            SslContextFactory sslContextFactory = new SslContextFactory();
            sslContextFactory.setKeyStore(this.keystore);
            sslContextFactory.setKeyStorePassword(this.keystorePassword);
            sslContextFactory.setKeyManagerPassword(str);
            sslContextFactory.setKeyManagerFactoryAlgorithm(Option.HTTPS_KEY_MANAGER_TYPE.get(map));
            sslContextFactory.setCertAlias(Option.HTTPS_CERTIFICATE_ALIAS.get(map));
            sslContextFactory.setExcludeProtocols("SSLv3", "SSLv2", "SSLv2Hello");
            sslContextFactory.setNeedClientAuth(Option.HTTPS_VERIFY_CLIENT.get(map));
            return sslContextFactory;
        } catch (Throwable th) {
            throw new WinstoneException(SSL_RESOURCES.getString("HttpsListener.ErrorGettingContext"), th);
        }
    }
}
