package org.vaadin.addons.sitekit.jetty;

import java.security.KeyStore;
import java.security.cert.CRL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.vaadin.addons.sitekit.cache.UserClientCertificateCache;
import org.vaadin.addons.sitekit.example.ExampleSiteMain;
import org.vaadin.addons.sitekit.site.DefaultSiteUI;
import org.vaadin.addons.sitekit.util.CertificateUtil;
import org.vaadin.addons.sitekit.util.PropertiesUtil;

/* loaded from: input_file:org/vaadin/addons/sitekit/jetty/JettyUtil.class */
public class JettyUtil {

    /* loaded from: input_file:org/vaadin/addons/sitekit/jetty/JettyUtil$JettySiteSslContextFactory.class */
    public static class JettySiteSslContextFactory extends SslContextFactory {
        protected TrustManager[] getTrustManagers(KeyStore keyStore, Collection<? extends CRL> collection) throws Exception {
            TrustManagerFactory.getInstance("PKIX").init(keyStore);
            return new TrustManager[]{new X509TrustManager() { // from class: org.vaadin.addons.sitekit.jetty.JettyUtil.JettySiteSslContextFactory.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    if (x509CertificateArr.length != 1) {
                        throw new CertificateException("Certificate paths not supported.");
                    }
                    if (UserClientCertificateCache.getUserByCertificate(x509CertificateArr[0], true) == null) {
                        throw new CertificateException("Unknown certificate.");
                    }
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    throw new CertificateException("Unsupported operation.");
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            }};
        }
    }

    public static Server newServer(int i, int i2, boolean z) throws Exception {
        UserClientCertificateCache.init(DefaultSiteUI.getEntityManagerFactory());
        String property = PropertiesUtil.getProperty(ExampleSiteMain.PERSISTENCE_UNIT, "key-store-path");
        String property2 = PropertiesUtil.getProperty(ExampleSiteMain.PERSISTENCE_UNIT, "key-store-password");
        String property3 = PropertiesUtil.getProperty(ExampleSiteMain.PERSISTENCE_UNIT, "server-certificate-entry-alias");
        String property4 = PropertiesUtil.getProperty(ExampleSiteMain.PERSISTENCE_UNIT, "server-certificate-entry-password");
        String property5 = PropertiesUtil.getProperty(ExampleSiteMain.PERSISTENCE_UNIT, "server-certificate-self-sign-host-name");
        String property6 = PropertiesUtil.getProperty(ExampleSiteMain.PERSISTENCE_UNIT, "server-certificate-self-sign-ip-address");
        Server server = new Server();
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setSecureScheme("https");
        httpConfiguration.setSecurePort(i2);
        httpConfiguration.setOutputBufferSize(32768);
        httpConfiguration.setRequestHeaderSize(8192);
        httpConfiguration.setResponseHeaderSize(8192);
        httpConfiguration.setSendServerVersion(false);
        httpConfiguration.setSendDateHeader(false);
        if (i > 0) {
            ServerConnector serverConnector = new ServerConnector(server, new ConnectionFactory[]{new HttpConnectionFactory(httpConfiguration)});
            serverConnector.setPort(i);
            serverConnector.setIdleTimeout(30000L);
            server.addConnector(serverConnector);
        }
        if (i2 > 0) {
            CertificateUtil.ensureServerCertificateExists(property5, property6, property3, property4, property, property2);
            JettySiteSslContextFactory newSslSocketFactory = newSslSocketFactory(property3, property, property2, property4, z);
            HttpConfiguration httpConfiguration2 = new HttpConfiguration(httpConfiguration);
            httpConfiguration2.addCustomizer(new SecureRequestCustomizer());
            ServerConnector serverConnector2 = new ServerConnector(server, new ConnectionFactory[]{new SslConnectionFactory(newSslSocketFactory, "http/1.1"), new HttpConnectionFactory(httpConfiguration2)});
            serverConnector2.setPort(8443);
            serverConnector2.setIdleTimeout(30000L);
            server.addConnector(serverConnector2);
        }
        return server;
    }

    private static JettySiteSslContextFactory newSslSocketFactory(String str, String str2, String str3, String str4, boolean z) throws Exception {
        JettySiteSslContextFactory jettySiteSslContextFactory = new JettySiteSslContextFactory();
        jettySiteSslContextFactory.setCertAlias(str);
        jettySiteSslContextFactory.setNeedClientAuth(z);
        jettySiteSslContextFactory.setWantClientAuth(true);
        jettySiteSslContextFactory.setKeyStoreType("BKS");
        jettySiteSslContextFactory.setKeyStorePath(str2);
        jettySiteSslContextFactory.setKeyStorePassword(str3);
        jettySiteSslContextFactory.setKeyManagerPassword(str4);
        jettySiteSslContextFactory.setExcludeCipherSuites(new String[]{"SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"});
        jettySiteSslContextFactory.setRenegotiationAllowed(false);
        return jettySiteSslContextFactory;
    }
}
