package com.huawei.cdc.service.rest;

import com.huawei.cdc.service.util.ValidationConstants;
import com.huawei.hadoop.security.crypter.CrypterUtil;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.util.Properties;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.jetty.JettyServerCustomizer;
import org.springframework.boot.web.embedded.jetty.JettyServletWebServerFactory;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/huawei/cdc/service/rest/JettyServerConfig.class */
public class JettyServerConfig implements WebServerFactoryCustomizer<JettyServletWebServerFactory> {

    @Value("${server.ssl.enabled}")
    private boolean sslEnabled;

    @Value("${server.ssl.key-store}")
    private String keystoreFile;

    @Value("${server.ssl.key-store-type}")
    private String keystoreType;

    @Value("${server.port}")
    private int serverPort;

    @Value("${server.https.port}")
    private int serverHttpsPort;

    @Value("${server.ssl.trust-store}")
    private String truststoreFile;

    @Value("${server.ssl.trust-store-type}")
    private String truststoreType;

    @Value("${server.ssl.ciphers}")
    private String[] includeCiphers;

    @Value("${server.ssl.enabled-protocols}")
    private String[] enabledProtocol;

    @Value("${http.and.https}")
    private boolean supportHttpAndHttps;

    @Value("${server.address}")
    private String serverAddress;
    private String dycrptKeystorePass = null;
    private String dycrptTruststorePass = null;
    private static final String STRING_ASTERISK = "*********";
    private static final Logger log = LoggerFactory.getLogger(JettyServerConfig.class);
    private static final String[] ENABLED_PROTOCOLS = {"TLSv1.2"};
    private static final String[] DEFAULT_CIPHER = {"TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"};

    public void customize(JettyServletWebServerFactory jettyServletWebServerFactory) {
        jettyServletWebServerFactory.addServerCustomizers(new JettyServerCustomizer[]{server -> {
            if (this.sslEnabled) {
                HttpConfiguration httpConfiguration = new HttpConfiguration();
                httpConfiguration.addCustomizer(new SecureRequestCustomizer());
                Connector serverConnector = new ServerConnector(server, new ConnectionFactory[]{new SslConnectionFactory(getSSLConfig(), HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfiguration)});
                serverConnector.setPort(this.serverHttpsPort);
                serverConnector.setHost(this.serverAddress);
                if (this.supportHttpAndHttps) {
                    Connector serverConnector2 = new ServerConnector(server);
                    serverConnector2.setPort(this.serverPort);
                    serverConnector2.setHost(this.serverAddress);
                    server.setConnectors(new Connector[]{serverConnector, serverConnector2});
                } else {
                    server.setConnectors(new Connector[]{serverConnector});
                }
            } else {
                Connector serverConnector3 = new ServerConnector(server);
                serverConnector3.setPort(this.serverPort);
                if (this.serverAddress != null && !this.serverAddress.isEmpty()) {
                    serverConnector3.setHost(this.serverAddress);
                }
                server.setConnectors(new Connector[]{serverConnector3});
            }
            for (Connector connector : server.getConnectors()) {
                for (HttpConnectionFactory httpConnectionFactory : connector.getConnectionFactories()) {
                    if (httpConnectionFactory instanceof HttpConnectionFactory) {
                        httpConnectionFactory.getHttpConfiguration().setSendServerVersion(false);
                    }
                }
            }
        }});
    }

    private SslContextFactory.Server getSSLConfig() {
        if (this.includeCiphers == null) {
            this.includeCiphers = DEFAULT_CIPHER;
        }
        if (this.enabledProtocol == null) {
            this.enabledProtocol = ENABLED_PROTOCOLS;
        }
        decryptJksPass();
        SslContextFactory.Server server = new SslContextFactory.Server();
        server.setKeyStorePath(this.keystoreFile);
        server.setKeyStorePassword(this.dycrptKeystorePass);
        server.setKeyStoreType(this.keystoreType);
        server.setTrustStorePath(this.truststoreFile);
        server.setTrustStoreType(this.truststoreType);
        server.setTrustStorePassword(this.dycrptTruststorePass);
        server.setIncludeProtocols(this.enabledProtocol);
        server.setIncludeCipherSuites(this.includeCiphers);
        this.dycrptKeystorePass = STRING_ASTERISK;
        this.dycrptTruststorePass = STRING_ASTERISK;
        return server;
    }

    private void decryptJksPass() {
        FileInputStream fileInputStream;
        Throwable th;
        String str = System.getenv("CERT_PWD_PATH");
        try {
            if (!Files.exists(Paths.get(str, new String[0]), new LinkOption[0])) {
                log.error("Certificate key file not found.");
                throw new FileNotFoundException("Certificate key file not found.");
            }
            try {
                fileInputStream = new FileInputStream(new File(str));
                th = null;
            } catch (IOException e) {
                log.error("decrypt jks pass failed", e);
            }
            try {
                try {
                    Properties properties = new Properties();
                    properties.load(fileInputStream);
                    String decrypt = CrypterUtil.decrypt(properties.getProperty(ValidationConstants.PASS));
                    this.dycrptKeystorePass = decrypt;
                    this.dycrptTruststorePass = decrypt;
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } catch (Throwable th4) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th4;
            }
        } catch (FileNotFoundException e2) {
            log.error("Certificate key file not found.");
        }
    }
}
