package org.apache.atlas.web.service;

import java.io.IOException;
import java.util.List;
import org.apache.atlas.ApplicationProperties;
import org.apache.atlas.AtlasConfiguration;
import org.apache.atlas.AtlasException;
import org.apache.atlas.security.SecurityProperties;
import org.apache.commons.configuration.Configuration;
import org.apache.hadoop.security.alias.CredentialProvider;
import org.apache.hadoop.security.alias.CredentialProviderFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/atlas/web/service/SecureEmbeddedServer.class */
public class SecureEmbeddedServer extends EmbeddedServer {
    private static final Logger LOG = LoggerFactory.getLogger(SecureEmbeddedServer.class);

    public SecureEmbeddedServer(int i, String str) throws IOException {
        super(i, str);
    }

    @Override // org.apache.atlas.web.service.EmbeddedServer
    protected Connector getConnector(int i) throws IOException {
        Configuration configuration = getConfiguration();
        SslContextFactory sslContextFactory = new SslContextFactory();
        sslContextFactory.setKeyStorePath(configuration.getString("keystore.file", System.getProperty("keystore.file", "target/atlas.keystore")));
        sslContextFactory.setKeyStorePassword(getPassword(configuration, "keystore.password"));
        sslContextFactory.setKeyManagerPassword(getPassword(configuration, "password"));
        sslContextFactory.setTrustStore(configuration.getString("truststore.file", System.getProperty("truststore.file", "target/atlas.keystore")));
        sslContextFactory.setTrustStorePassword(getPassword(configuration, "truststore.password"));
        sslContextFactory.setWantClientAuth(configuration.getBoolean("client.auth.enabled", Boolean.getBoolean("client.auth.enabled")));
        List list = configuration.getList("atlas.ssl.exclude.cipher.suites", SecurityProperties.DEFAULT_CIPHER_SUITES);
        sslContextFactory.setExcludeCipherSuites((String[]) list.toArray(new String[list.size()]));
        sslContextFactory.setAllowRenegotiate(false);
        String[] stringArray = configuration.containsKey("atlas.ssl.exclude.protocols") ? configuration.getStringArray("atlas.ssl.exclude.protocols") : SecurityProperties.DEFAULT_EXCLUDE_PROTOCOLS;
        if (stringArray != null && stringArray.length > 0) {
            sslContextFactory.addExcludeProtocols(stringArray);
        }
        int i2 = AtlasConfiguration.WEBSERVER_REQUEST_BUFFER_SIZE.getInt();
        SslSelectChannelConnector sslSelectChannelConnector = new SslSelectChannelConnector(sslContextFactory);
        sslSelectChannelConnector.setPort(i);
        sslSelectChannelConnector.setServer(this.server);
        sslSelectChannelConnector.setRequestHeaderSize(i2);
        sslSelectChannelConnector.setResponseHeaderSize(i2);
        return sslSelectChannelConnector;
    }

    private String getPassword(Configuration configuration, String str) throws IOException {
        String string = configuration.getString("cert.stores.credential.provider.path");
        if (string == null) {
            throw new IOException("No credential provider path configured for storage of certificate store passwords");
        }
        LOG.info("Attempting to retrieve password from configured credential provider path");
        org.apache.hadoop.conf.Configuration configuration2 = new org.apache.hadoop.conf.Configuration();
        configuration2.set("hadoop.security.credential.provider.path", string);
        CredentialProvider.CredentialEntry credentialEntry = ((CredentialProvider) CredentialProviderFactory.getProviders(configuration2).get(0)).getCredentialEntry(str);
        if (credentialEntry == null) {
            throw new IOException(String.format("No credential entry found for %s. Please create an entry in the configured credential provider", str));
        }
        return String.valueOf(credentialEntry.getCredential());
    }

    protected Configuration getConfiguration() {
        try {
            return ApplicationProperties.get();
        } catch (AtlasException e) {
            throw new RuntimeException("Unable to load configuration: atlas-application.properties");
        }
    }
}
