package org.apache.nifi.registry.jetty.connector;

import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.Set;
import java.util.stream.Collectors;
import javax.net.ssl.SSLContext;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.jetty.configuration.connector.ApplicationLayerProtocol;
import org.apache.nifi.jetty.configuration.connector.StandardServerConnectorFactory;
import org.apache.nifi.registry.properties.NiFiRegistryProperties;
import org.apache.nifi.security.ssl.StandardKeyStoreBuilder;
import org.apache.nifi.security.ssl.StandardSslContextBuilder;
import org.apache.nifi.security.util.TlsPlatform;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.util.ssl.SslContextFactory;

/* loaded from: input_file:org/apache/nifi/registry/jetty/connector/ApplicationServerConnectorFactory.class */
public class ApplicationServerConnectorFactory extends StandardServerConnectorFactory {
    private static final int HEADER_SIZE = 16384;
    private static final String CIPHER_SUITE_SEPARATOR_PATTERN = ",\\s*";
    private static final String DEFAULT_HOST = null;
    private final String includeCipherSuites;
    private final String excludeCipherSuites;
    private final String host;
    private SslContextFactory.Server sslContextFactory;

    public ApplicationServerConnectorFactory(Server server, NiFiRegistryProperties niFiRegistryProperties) {
        super(server, getPort(niFiRegistryProperties));
        this.host = getHost(niFiRegistryProperties);
        this.includeCipherSuites = niFiRegistryProperties.getHttpsCipherSuitesInclude();
        this.excludeCipherSuites = niFiRegistryProperties.getHttpsCipherSuitesExclude();
        if (niFiRegistryProperties.isHTTPSConfigured()) {
            if (niFiRegistryProperties.getNeedClientAuth()) {
                setNeedClientAuth(true);
            } else {
                setWantClientAuth(true);
            }
            setSslContext(buildSslContext(niFiRegistryProperties));
            setApplicationLayerProtocols(niFiRegistryProperties);
            setIncludeSecurityProtocols((String[]) TlsPlatform.getPreferredProtocols().toArray(new String[0]));
        }
    }

    public ServerConnector getServerConnector() {
        ServerConnector serverConnector = super.getServerConnector();
        serverConnector.setHost(this.host);
        return serverConnector;
    }

    protected SslContextFactory.Server getSslContextFactory() {
        if (this.sslContextFactory == null) {
            this.sslContextFactory = super.getSslContextFactory();
            if (StringUtils.isNotBlank(this.includeCipherSuites)) {
                this.sslContextFactory.setIncludeCipherSuites(getCipherSuites(this.includeCipherSuites));
            }
            if (StringUtils.isNotBlank(this.excludeCipherSuites)) {
                this.sslContextFactory.setExcludeCipherSuites(getCipherSuites(this.excludeCipherSuites));
            }
        }
        return this.sslContextFactory;
    }

    protected HttpConfiguration getHttpConfiguration() {
        HttpConfiguration httpConfiguration = super.getHttpConfiguration();
        httpConfiguration.setRequestHeaderSize(HEADER_SIZE);
        httpConfiguration.setResponseHeaderSize(HEADER_SIZE);
        return httpConfiguration;
    }

    private String[] getCipherSuites(String str) {
        return str.split(CIPHER_SUITE_SEPARATOR_PATTERN);
    }

    private SSLContext buildSslContext(NiFiRegistryProperties niFiRegistryProperties) {
        KeyStore buildKeyStore = buildKeyStore(niFiRegistryProperties);
        char[] keyPassword = getKeyPassword(niFiRegistryProperties);
        return new StandardSslContextBuilder().keyStore(buildKeyStore).keyPassword(keyPassword).trustStore(buildTrustStore(niFiRegistryProperties)).build();
    }

    private char[] getKeyPassword(NiFiRegistryProperties niFiRegistryProperties) {
        return niFiRegistryProperties.getProperty("nifi.registry.security.keyPasswd", getRequiredProperty(niFiRegistryProperties, "nifi.registry.security.keystorePasswd")).toCharArray();
    }

    private KeyStore buildKeyStore(NiFiRegistryProperties niFiRegistryProperties) {
        return buildStore(getRequiredProperty(niFiRegistryProperties, "nifi.registry.security.keystore"), getRequiredProperty(niFiRegistryProperties, "nifi.registry.security.keystoreType"), getRequiredProperty(niFiRegistryProperties, "nifi.registry.security.keystorePasswd"));
    }

    private KeyStore buildTrustStore(NiFiRegistryProperties niFiRegistryProperties) {
        return buildStore(getRequiredProperty(niFiRegistryProperties, "nifi.registry.security.truststore"), getRequiredProperty(niFiRegistryProperties, "nifi.registry.security.truststoreType"), getRequiredProperty(niFiRegistryProperties, "nifi.registry.security.truststorePasswd"));
    }

    private KeyStore buildStore(String str, String str2, String str3) {
        try {
            InputStream newInputStream = Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0]);
            try {
                KeyStore build = new StandardKeyStoreBuilder().type(str2).password(str3.toCharArray()).inputStream(newInputStream).build();
                if (newInputStream != null) {
                    newInputStream.close();
                }
                return build;
            } finally {
            }
        } catch (IOException e) {
            throw new IllegalStateException(String.format("Store Path [%s] read failed", str), e);
        }
    }

    private String getRequiredProperty(NiFiRegistryProperties niFiRegistryProperties, String str) {
        String property = niFiRegistryProperties.getProperty(str);
        if (property == null || property.isEmpty()) {
            throw new IllegalStateException(String.format("Required Property [%s] not configured", str));
        }
        return property;
    }

    private void setApplicationLayerProtocols(NiFiRegistryProperties niFiRegistryProperties) {
        Set webHttpsApplicationProtocols = niFiRegistryProperties.getWebHttpsApplicationProtocols();
        setApplicationLayerProtocols((Set) Arrays.stream(ApplicationLayerProtocol.values()).filter(applicationLayerProtocol -> {
            return webHttpsApplicationProtocols.contains(applicationLayerProtocol.getProtocol());
        }).collect(Collectors.toSet()));
    }

    private static String getHost(NiFiRegistryProperties niFiRegistryProperties) {
        return (String) StringUtils.defaultIfEmpty(niFiRegistryProperties.isHTTPSConfigured() ? niFiRegistryProperties.getHttpsHost() : niFiRegistryProperties.getHttpHost(), DEFAULT_HOST);
    }

    private static int getPort(NiFiRegistryProperties niFiRegistryProperties) {
        Integer sslPort = niFiRegistryProperties.getSslPort();
        Integer port = niFiRegistryProperties.getPort();
        if (ObjectUtils.allNull(new Object[]{sslPort, port})) {
            throw new IllegalStateException("Invalid port configuration: Neither nifi.registry.web.https.port nor nifi.registry.web.http.port specified");
        }
        if (ObjectUtils.allNotNull(new Object[]{sslPort, port})) {
            throw new IllegalStateException("Invalid port configuration: Both nifi.registry.web.https.port and nifi.registry.web.http.port specified");
        }
        return ((Integer) ObjectUtils.defaultIfNull(sslPort, port)).intValue();
    }
}
