package io.micronaut.servlet.tomcat;

import io.micronaut.context.ApplicationContext;
import io.micronaut.context.annotation.Factory;
import io.micronaut.context.annotation.Primary;
import io.micronaut.context.annotation.Requires;
import io.micronaut.core.annotation.NonNull;
import io.micronaut.core.annotation.Nullable;
import io.micronaut.core.io.ResourceResolver;
import io.micronaut.core.util.CollectionUtils;
import io.micronaut.http.HttpVersion;
import io.micronaut.http.ssl.ClientAuthentication;
import io.micronaut.http.ssl.SslConfiguration;
import io.micronaut.inject.qualifiers.Qualifiers;
import io.micronaut.servlet.engine.DefaultMicronautServlet;
import io.micronaut.servlet.engine.MicronautServletConfiguration;
import io.micronaut.servlet.engine.initializer.MicronautServletInitializer;
import io.micronaut.servlet.engine.server.ServletServerFactory;
import io.micronaut.servlet.engine.server.ServletStaticResourceConfiguration;
import io.micronaut.web.router.Router;
import jakarta.inject.Named;
import jakarta.inject.Singleton;
import jakarta.servlet.ServletContainerInitializer;
import java.io.File;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.core.ContainerBase;
import org.apache.catalina.core.StandardThreadExecutor;
import org.apache.catalina.startup.Tomcat;
import org.apache.coyote.http2.Http2Protocol;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;

@Factory
/* loaded from: input_file:io/micronaut/servlet/tomcat/TomcatFactory.class */
public class TomcatFactory extends ServletServerFactory {
    private static final String HTTPS = "HTTPS";
    private static final String CLIENT_AUTH = "clientAuth";
    private final Router router;

    /* JADX INFO: Access modifiers changed from: protected */
    public TomcatFactory(ResourceResolver resourceResolver, TomcatConfiguration tomcatConfiguration, SslConfiguration sslConfiguration, ApplicationContext applicationContext, List<ServletStaticResourceConfiguration> list) {
        super(resourceResolver, tomcatConfiguration, sslConfiguration, applicationContext, list);
        this.router = (Router) applicationContext.findBean(Router.class).orElse(null);
    }

    /* renamed from: getServerConfiguration, reason: merged with bridge method [inline-methods] */
    public TomcatConfiguration m9getServerConfiguration() {
        return (TomcatConfiguration) super.getServerConfiguration();
    }

    protected Tomcat tomcatServer(Connector connector, MicronautServletConfiguration micronautServletConfiguration) {
        return tomcatServer(connector, (Connector) getApplicationContext().getBean(Connector.class, Qualifiers.byName(HTTPS)), micronautServletConfiguration, getApplicationContext().getBeansOfType(ServletContainerInitializer.class));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Singleton
    @Primary
    public Tomcat tomcatServer(Connector connector, @Named("HTTPS") @Nullable Connector connector2, MicronautServletConfiguration micronautServletConfiguration, Collection<ServletContainerInitializer> collection) {
        micronautServletConfiguration.setAsyncFileServingEnabled(false);
        Tomcat newTomcat = newTomcat();
        if (micronautServletConfiguration.getMaxThreads() != null) {
            StandardThreadExecutor standardThreadExecutor = new StandardThreadExecutor();
            standardThreadExecutor.setName("tomcatThreadPool");
            standardThreadExecutor.setMaxThreads(micronautServletConfiguration.getMaxThreads().intValue());
            if (micronautServletConfiguration.getMinThreads() != null) {
                standardThreadExecutor.setMinSpareThreads(micronautServletConfiguration.getMinThreads().intValue());
            }
            newTomcat.getService().addExecutor(standardThreadExecutor);
            if (connector != null) {
                connector.getProtocolHandler().setExecutor(standardThreadExecutor);
            }
            if (connector2 != null) {
                connector2.getProtocolHandler().setExecutor(standardThreadExecutor);
            }
        }
        configureServletInitializer(newTomcatContext(newTomcat), collection);
        configureConnectors(newTomcat, connector, connector2);
        m9getServerConfiguration().getAccessLogConfiguration().ifPresent(accessLogConfiguration -> {
            if (accessLogConfiguration.isEnabled()) {
                for (ContainerBase containerBase : newTomcat.getHost().findChildren()) {
                    if (containerBase instanceof ContainerBase) {
                        containerBase.addValve(accessLogConfiguration);
                    }
                }
            }
        });
        return newTomcat;
    }

    protected void configureServletInitializer(Context context, Collection<ServletContainerInitializer> collection) {
        Iterator<ServletContainerInitializer> it = collection.iterator();
        while (it.hasNext()) {
            MicronautServletInitializer micronautServletInitializer = (ServletContainerInitializer) it.next();
            if (micronautServletInitializer instanceof MicronautServletInitializer) {
                MicronautServletInitializer micronautServletInitializer2 = micronautServletInitializer;
                getStaticResourceConfigurations().forEach(servletStaticResourceConfiguration -> {
                    micronautServletInitializer2.addMicronautServletMapping(servletStaticResourceConfiguration.getMapping());
                });
                context.addServletContainerInitializer(micronautServletInitializer, Set.of(DefaultMicronautServlet.class));
            } else {
                context.addServletContainerInitializer(micronautServletInitializer, Set.of());
            }
        }
    }

    protected void configureConnectors(@NonNull Tomcat tomcat, @NonNull Connector connector, @Nullable Connector connector2) {
        TomcatConfiguration m9getServerConfiguration = m9getServerConfiguration();
        if (m9getServerConfiguration().getHttpVersion() == HttpVersion.HTTP_2_0) {
            connector.addUpgradeProtocol(new Http2Protocol());
        }
        if (connector2 == null) {
            tomcat.setConnector(connector);
            applyAdditionalPorts(tomcat, connector);
        } else {
            tomcat.getService().addConnector(connector2);
            if (m9getServerConfiguration.isDualProtocol()) {
                tomcat.getService().addConnector(connector);
            }
            applyAdditionalPorts(tomcat, connector2);
        }
    }

    private void applyAdditionalPorts(Tomcat tomcat, Connector connector) {
        if (this.router != null) {
            Set<Integer> exposedPorts = this.router.getExposedPorts();
            if (CollectionUtils.isNotEmpty(exposedPorts)) {
                for (Integer num : exposedPorts) {
                    if (!num.equals(Integer.valueOf(connector.getLocalPort()))) {
                        Connector cloneConnectorSettings = cloneConnectorSettings(connector);
                        cloneConnectorSettings.setPort(num.intValue());
                        tomcat.getService().addConnector(cloneConnectorSettings);
                    }
                }
            }
        }
    }

    private static Connector cloneConnectorSettings(Connector connector) {
        Connector connector2 = new Connector(connector.getProtocol());
        for (SSLHostConfig sSLHostConfig : connector.getProtocolHandler().findSslHostConfigs()) {
            connector2.addSslHostConfig(sSLHostConfig);
            connector2.setSecure(true);
            connector2.setScheme("https");
            connector2.setProperty(CLIENT_AUTH, "false");
            connector2.setProperty("sslProtocol", "TLS");
            connector2.setProperty("SSLEnabled", "true");
        }
        connector2.setAllowBackslash(connector.getAllowBackslash());
        connector2.setAllowTrace(connector.getAllowTrace());
        connector2.setAsyncTimeout(connector.getAsyncTimeout());
        connector2.setDiscardFacades(connector.getDiscardFacades());
        connector2.setEnableLookups(connector.getEnableLookups());
        connector2.setSecure(connector.getSecure());
        connector2.setScheme(connector.getScheme());
        connector2.setEnforceEncodingInGetWriter(connector.getEnforceEncodingInGetWriter());
        connector2.setMaxCookieCount(connector.getMaxCookieCount());
        connector2.setMaxPostSize(connector.getMaxPostSize());
        connector2.setMaxParameterCount(connector.getMaxParameterCount());
        connector2.setMaxSavePostSize(connector.getMaxSavePostSize());
        connector2.setParseBodyMethods(connector.getParseBodyMethods());
        connector2.setRejectSuspiciousURIs(connector.getRejectSuspiciousURIs());
        connector2.setUseIPVHosts(connector.getUseIPVHosts());
        return connector2;
    }

    @NonNull
    protected Context newTomcatContext(@NonNull Tomcat tomcat) {
        String contextPath = getContextPath();
        Context addContext = tomcat.addContext((contextPath == null || contextPath.equals("/")) ? "" : contextPath, "/");
        File file = new File(addContext.getDocBase());
        if (!file.isAbsolute()) {
            file = new File(addContext.getParent().getAppBaseFile(), file.getPath());
        }
        file.mkdirs();
        return addContext;
    }

    @NonNull
    protected Tomcat newTomcat() {
        Tomcat tomcat = new Tomcat();
        tomcat.getHost().setAutoDeploy(false);
        tomcat.setHostname(getConfiguredHost());
        return tomcat;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Singleton
    @Primary
    public Connector tomcatConnector() {
        Connector tomcatConnector = m9getServerConfiguration().getTomcatConnector();
        tomcatConnector.setPort(getConfiguredPort().intValue());
        return tomcatConnector;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Singleton
    @Named(HTTPS)
    @Requires(property = "micronaut.ssl.enabled", value = "true")
    public Connector sslConnector(SslConfiguration sslConfiguration) {
        String str = (String) sslConfiguration.getProtocol().orElse("TLS");
        int port = sslConfiguration.getPort();
        if (port == 8443 && getEnvironment().getActiveNames().contains("test")) {
            port = 0;
        }
        Connector connector = new Connector();
        SSLHostConfig sSLHostConfig = new SSLHostConfig();
        SSLHostConfigCertificate sSLHostConfigCertificate = new SSLHostConfigCertificate(sSLHostConfig, SSLHostConfigCertificate.Type.UNDEFINED);
        sSLHostConfig.addCertificate(sSLHostConfigCertificate);
        connector.addSslHostConfig(sSLHostConfig);
        connector.setPort(port);
        connector.setSecure(true);
        connector.setScheme("https");
        connector.setProperty(CLIENT_AUTH, "false");
        connector.setProperty("sslProtocol", str);
        connector.setProperty("SSLEnabled", "true");
        sslConfiguration.getCiphers().ifPresent(strArr -> {
            sSLHostConfig.setCiphers(String.join(",", strArr));
        });
        sslConfiguration.getClientAuthentication().ifPresent(clientAuthentication -> {
            connector.setProperty(CLIENT_AUTH, clientAuthentication == ClientAuthentication.WANT ? "want" : "true");
        });
        SslConfiguration.KeyStoreConfiguration keyStore = sslConfiguration.getKeyStore();
        Optional password = keyStore.getPassword();
        Objects.requireNonNull(sSLHostConfigCertificate);
        password.ifPresent(sSLHostConfigCertificate::setCertificateKeystorePassword);
        Optional path = keyStore.getPath();
        Objects.requireNonNull(sSLHostConfigCertificate);
        path.ifPresent(sSLHostConfigCertificate::setCertificateKeystoreFile);
        Optional provider = keyStore.getProvider();
        Objects.requireNonNull(sSLHostConfigCertificate);
        provider.ifPresent(sSLHostConfigCertificate::setCertificateKeystorePassword);
        Optional type = keyStore.getType();
        Objects.requireNonNull(sSLHostConfigCertificate);
        type.ifPresent(sSLHostConfigCertificate::setCertificateKeystoreType);
        SslConfiguration.TrustStoreConfiguration trustStore = sslConfiguration.getTrustStore();
        Optional password2 = trustStore.getPassword();
        Objects.requireNonNull(sSLHostConfig);
        password2.ifPresent(sSLHostConfig::setTruststorePassword);
        Optional path2 = trustStore.getPath();
        Objects.requireNonNull(sSLHostConfig);
        path2.ifPresent(sSLHostConfig::setTruststoreFile);
        Optional provider2 = trustStore.getProvider();
        Objects.requireNonNull(sSLHostConfig);
        provider2.ifPresent(sSLHostConfig::setTruststoreProvider);
        Optional type2 = trustStore.getType();
        Objects.requireNonNull(sSLHostConfig);
        type2.ifPresent(sSLHostConfig::setTruststoreType);
        SslConfiguration.KeyConfiguration key = sslConfiguration.getKey();
        Optional alias = key.getAlias();
        Objects.requireNonNull(sSLHostConfigCertificate);
        alias.ifPresent(sSLHostConfigCertificate::setCertificateKeyAlias);
        Optional password3 = key.getPassword();
        Objects.requireNonNull(sSLHostConfigCertificate);
        password3.ifPresent(sSLHostConfigCertificate::setCertificateKeyPassword);
        return connector;
    }
}
