package org.ops4j.pax.web.service.jetty.internal;

import java.lang.management.ManagementFactory;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import java.util.concurrent.Executor;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
import org.eclipse.jetty.http.HttpScheme;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.http2.HTTP2Cipher;
import org.eclipse.jetty.http2.server.HTTP2CServerConnectionFactory;
import org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory;
import org.eclipse.jetty.io.ByteBufferPool;
import org.eclipse.jetty.jmx.MBeanContainer;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.ForwardedRequestCustomizer;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.MultiPartFormDataCompliance;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.eclipse.jetty.util.thread.Scheduler;
import org.ops4j.pax.web.service.spi.config.Configuration;
import org.ops4j.pax.web.service.spi.config.SecurityConfiguration;
import org.ops4j.pax.web.service.spi.config.ServerConfiguration;
import org.ops4j.pax.web.service.spi.servlet.OsgiServletContextClassLoader;
import org.osgi.framework.Bundle;
import org.osgi.framework.FrameworkUtil;
import org.osgi.framework.wiring.BundleWiring;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/ops4j/pax/web/service/jetty/internal/JettyFactory.class */
public class JettyFactory {
    private static final Logger LOG = LoggerFactory.getLogger(JettyFactory.class);
    private final Bundle paxWebJettyBundle;
    private final ClassLoader classLoader;
    private boolean alpnAvailable;
    private boolean http2Available;

    /* JADX INFO: Access modifiers changed from: package-private */
    public JettyFactory(Bundle bundle, ClassLoader classLoader) {
        this.paxWebJettyBundle = bundle;
        this.classLoader = classLoader;
        discovery();
    }

    private void discovery() {
        try {
            this.classLoader.loadClass("org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory");
            this.alpnAvailable = true;
        } catch (ClassNotFoundException e) {
            this.alpnAvailable = false;
        }
        try {
            this.classLoader.loadClass("org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory");
            this.classLoader.loadClass("org.eclipse.jetty.http2.server.HTTP2CServerConnectionFactory");
            this.http2Available = true;
        } catch (ClassNotFoundException e2) {
            this.http2Available = false;
        }
    }

    public QueuedThreadPool createThreadPool(Configuration configuration) {
        ServerConfiguration server = configuration.server();
        Integer serverMaxThreads = server.getServerMaxThreads();
        if (serverMaxThreads == null) {
            serverMaxThreads = 200;
        }
        Integer serverMinThreads = server.getServerMinThreads();
        if (serverMinThreads == null) {
            serverMinThreads = Integer.valueOf(Math.min(8, serverMaxThreads.intValue()));
        }
        Integer serverIdleTimeout = server.getServerIdleTimeout();
        if (serverIdleTimeout == null) {
            serverIdleTimeout = 60000;
        }
        String serverThreadNamePrefix = server.getServerThreadNamePrefix();
        QueuedThreadPool queuedThreadPool = new QueuedThreadPool(serverMaxThreads.intValue(), serverMinThreads.intValue(), serverIdleTimeout.intValue());
        if (serverThreadNamePrefix != null) {
            queuedThreadPool.setName(serverThreadNamePrefix);
        }
        try {
            ServerConnector.class.getClassLoader().loadClass("org.eclipse.jetty.util.FutureCallback");
        } catch (Exception e) {
        }
        ClassLoader classLoader = QueuedThreadPool.class.getClassLoader();
        for (int i = 1; i <= 3; i++) {
            try {
                classLoader.loadClass("org.eclipse.jetty.util.thread.QueuedThreadPool$" + i);
            } catch (Exception e2) {
            }
        }
        return queuedThreadPool;
    }

    public Connector createDefaultConnector(Server server, Map<String, HttpConfiguration> map, String str, Configuration configuration) {
        ServerConfiguration server2 = configuration.server();
        HttpConfiguration orCreateHttpConfiguration = getOrCreateHttpConfiguration(map, server2);
        ServerConnector serverConnector = new ServerConnector(server);
        serverConnector.clearConnectionFactories();
        serverConnector.setHost(str);
        serverConnector.setPort(server2.getHttpPort().intValue());
        serverConnector.setName(server2.getHttpConnectorName());
        if (server2.getConnectorIdleTimeout() != null) {
            serverConnector.setIdleTimeout(server2.getConnectorIdleTimeout().intValue());
        }
        serverConnector.addConnectionFactory(new HttpConnectionFactory(orCreateHttpConfiguration));
        if (this.http2Available) {
            LOG.info("HTTP/2 ClearText support available, adding \"h2c\" protocol support to default connector");
            serverConnector.addConnectionFactory(new HTTP2CServerConnectionFactory(orCreateHttpConfiguration));
        }
        LOG.info("Default Jetty connector created: {}", serverConnector);
        return serverConnector;
    }

    public Connector createSecureConnector(Server server, Map<String, HttpConfiguration> map, String str, Configuration configuration) {
        ServerConfiguration server2 = configuration.server();
        SecurityConfiguration security = configuration.security();
        HttpConfiguration orCreateHttpConfiguration = getOrCreateHttpConfiguration(map, server2);
        if (orCreateHttpConfiguration.getCustomizer(SecureRequestCustomizer.class) == null) {
            orCreateHttpConfiguration.addCustomizer(new SecureRequestCustomizer());
        }
        SslContextFactory.Server server3 = new SslContextFactory.Server();
        if (security.getSslProvider() != null) {
            server3.setProvider(security.getSslProvider());
        }
        if (this.http2Available) {
            server3.setCipherComparator(HTTP2Cipher.COMPARATOR);
        }
        String sslKeystore = security.getSslKeystore();
        if (sslKeystore == null) {
            throw new IllegalArgumentException("Location of server keystore is not specified (org.ops4j.pax.web.ssl.keystore property).");
        }
        server3.setKeyStorePath(sslKeystore);
        if (security.getSslKeystorePassword() == null) {
            throw new IllegalArgumentException("Missing server keystore password.");
        }
        if (security.getSslKeyPassword() == null) {
            throw new IllegalArgumentException("Missing private key password.");
        }
        server3.setKeyStorePassword(security.getSslKeystorePassword());
        server3.setKeyManagerPassword(security.getSslKeyPassword());
        if (security.getSslKeyManagerFactoryAlgorithm() != null) {
            server3.setKeyManagerFactoryAlgorithm(security.getSslKeyManagerFactoryAlgorithm());
        }
        if (security.getSslKeyAlias() != null) {
            server3.setCertAlias(security.getSslKeyAlias());
        }
        if (security.getSslKeystoreType() != null) {
            server3.setKeyStoreType(security.getSslKeystoreType());
        }
        if (security.getSslKeystoreProvider() != null && !"".equals(security.getSslKeystoreProvider().trim())) {
            server3.setKeyStoreProvider(security.getSslKeystoreProvider());
        }
        server3.setTrustStorePath(security.getTruststore());
        if (security.getTruststore() != null) {
            if (security.getTruststorePassword() == null) {
                throw new IllegalArgumentException("Missing server truststore password.");
            }
            server3.setTrustStorePassword(security.getTruststorePassword());
        }
        if (security.getTruststoreType() != null) {
            server3.setTrustStoreType(security.getTruststoreType());
        }
        if (security.getTruststoreProvider() != null && !"".equals(security.getTruststoreProvider().trim())) {
            server3.setTrustStoreProvider(security.getTruststoreProvider());
        }
        if (security.getTrustManagerFactoryAlgorithm() != null) {
            server3.setTrustManagerFactoryAlgorithm(security.getTrustManagerFactoryAlgorithm());
        }
        if (security.isClientAuthWanted() != null) {
            server3.setWantClientAuth(security.isClientAuthWanted().booleanValue());
        }
        if (security.isClientAuthNeeded() != null) {
            server3.setNeedClientAuth(security.isClientAuthNeeded().booleanValue());
        }
        server3.setTrustAll(false);
        server3.setHostnameVerifier((HostnameVerifier) null);
        String[] strArr = new String[0];
        String[] strArr2 = new String[0];
        try {
            SSLParameters supportedSSLParameters = SSLContext.getDefault().getSupportedSSLParameters();
            supportedSSLParameters.getProtocols();
            supportedSSLParameters.getCipherSuites();
            if (security.getProtocolsIncluded() != null) {
                server3.setIncludeProtocols(security.getProtocolsIncluded());
            }
            if (security.getProtocolsExcluded() != null) {
                server3.setExcludeProtocols(security.getProtocolsExcluded());
            }
            if (security.getCiphersuiteIncluded() != null) {
                server3.setIncludeCipherSuites(security.getCiphersuiteIncluded());
            }
            if (security.getCiphersuiteExcluded() != null) {
                server3.setExcludeCipherSuites(security.getCiphersuiteExcluded());
            }
            if (security.getSslProtocol() != null) {
                server3.setProtocol(security.getSslProtocol());
            }
            if (security.getSecureRandomAlgorithm() != null) {
                server3.setSecureRandomAlgorithm(security.getSecureRandomAlgorithm());
            }
            server3.setUseCipherSuitesOrder(true);
            if (security.isSslRenegotiationAllowed() != null) {
                server3.setRenegotiationAllowed(security.isSslRenegotiationAllowed().booleanValue());
            }
            if (security.getSslRenegotiationLimit() != null) {
                server3.setRenegotiationLimit(security.getSslRenegotiationLimit().intValue());
            }
            if (security.getSslSessionsEnabled() != null) {
                server3.setSessionCachingEnabled(security.getSslSessionsEnabled().booleanValue());
            }
            if (security.getSslSessionCacheSize() != null) {
                server3.setSslSessionCacheSize(security.getSslSessionCacheSize().intValue());
            }
            if (security.getSslSessionTimeout() != null) {
                server3.setSslSessionTimeout(security.getSslSessionTimeout().intValue());
            }
            if (security.isValidateCerts() != null) {
                server3.setValidateCerts(security.isValidateCerts().booleanValue());
            }
            if (security.isValidatePeerCerts() != null) {
                server3.setValidatePeerCerts(security.isValidatePeerCerts().booleanValue());
            }
            if (security.getCrlPath() != null && !"".equals(security.getCrlPath().trim())) {
                server3.setCrlPath(security.getCrlPath());
            }
            if (security.isEnableOCSP() != null) {
                server3.setEnableOCSP(security.isEnableOCSP().booleanValue());
            }
            if (security.isEnableCRLDP() != null) {
                server3.setEnableCRLDP(security.isEnableCRLDP().booleanValue());
            }
            if (security.getOcspResponderURL() != null && !"".equals(security.getOcspResponderURL().trim())) {
                server3.setOcspResponderURL(security.getOcspResponderURL());
            }
            if (security.getMaxCertPathLength() != null) {
                server3.setMaxCertPathLength(security.getMaxCertPathLength().intValue());
            }
            ServerConnector serverConnector = new ServerConnector(server, (Executor) null, (Scheduler) null, (ByteBufferPool) null, -1, -1, new ConnectionFactory[0]);
            serverConnector.clearConnectionFactories();
            serverConnector.setHost(str);
            serverConnector.setPort(server2.getHttpSecurePort().intValue());
            serverConnector.setName(server2.getHttpSecureConnectorName());
            if (server2.getConnectorIdleTimeout() != null) {
                serverConnector.setIdleTimeout(server2.getConnectorIdleTimeout().intValue());
            }
            if (this.alpnAvailable) {
                LOG.info("ALPN support available, adding \"alpn\" protocol support to secure connector");
                serverConnector.addConnectionFactory(new SslConnectionFactory(server3, "ALPN"));
                ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
                try {
                    ClassLoader osgiServletContextClassLoader = new OsgiServletContextClassLoader();
                    Bundle bundle = FrameworkUtil.getBundle(getClass());
                    if (bundle != null) {
                        osgiServletContextClassLoader.addBundle(bundle);
                        for (Bundle bundle2 : bundle.getBundleContext().getBundles()) {
                            String symbolicName = bundle2.getSymbolicName();
                            if ("org.eclipse.jetty.io".equals(symbolicName) || "org.eclipse.jetty.alpn.java.server".equals(symbolicName) || "org.eclipse.jetty.alpn.openjdk8.server".equals(symbolicName)) {
                                osgiServletContextClassLoader.addBundles(new Bundle[]{bundle2});
                            }
                        }
                        Thread.currentThread().setContextClassLoader(osgiServletContextClassLoader);
                    }
                    ALPNServerConnectionFactory aLPNServerConnectionFactory = new ALPNServerConnectionFactory(new String[0]);
                    aLPNServerConnectionFactory.setDefaultProtocol(HttpVersion.HTTP_1_1.asString());
                    serverConnector.addConnectionFactory(aLPNServerConnectionFactory);
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                } catch (Throwable th) {
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                    throw th;
                }
            } else {
                LOG.info("No ALPN support available, no way to upgrade to HTTP/2 over SSL, no \"h2\" protocol support added.");
                serverConnector.addConnectionFactory(new SslConnectionFactory(server3, HttpVersion.HTTP_1_1.asString()));
            }
            if (this.http2Available) {
                LOG.info("HTTP/2 support available, adding \"h2\" protocol support to secure connector");
                serverConnector.addConnectionFactory(new HTTP2ServerConnectionFactory(orCreateHttpConfiguration));
            }
            serverConnector.addConnectionFactory(new HttpConnectionFactory(orCreateHttpConfiguration));
            LOG.info("Secure Jetty connector created: {}", serverConnector);
            return serverConnector;
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalArgumentException("Problem checking supported protocols and ciphers suites: " + e.getMessage(), e);
        }
    }

    private HttpConfiguration getOrCreateHttpConfiguration(Map<String, HttpConfiguration> map, ServerConfiguration serverConfiguration) {
        HttpConfiguration httpConfiguration;
        if (map.size() > 0) {
            httpConfiguration = map.values().iterator().next();
            if (map.size() > 1) {
                LOG.warn("More than one HttpConfiguration found in external Jetty configuration. Using {}.", httpConfiguration);
            }
        } else {
            httpConfiguration = new HttpConfiguration();
            httpConfiguration.setSendXPoweredBy(false);
            httpConfiguration.setSendServerVersion(false);
        }
        if (httpConfiguration.getSecureScheme() == null) {
            httpConfiguration.setSecureScheme(HttpScheme.HTTPS.asString());
        }
        if (httpConfiguration.getSecurePort() <= 0) {
            httpConfiguration.setSecurePort(serverConfiguration.getHttpSecurePort().intValue());
        }
        if (httpConfiguration.getOutputBufferSize() <= 0) {
            httpConfiguration.setOutputBufferSize(32768);
        }
        httpConfiguration.setMultiPartFormDataCompliance(MultiPartFormDataCompliance.RFC7578);
        if (serverConfiguration.checkForwardedHeaders() != null && serverConfiguration.checkForwardedHeaders().booleanValue()) {
            httpConfiguration.addCustomizer(new ForwardedRequestCustomizer());
        }
        return httpConfiguration;
    }

    public MBeanContainer enableJmxIfPossible(Server server) {
        try {
            ClassLoader classLoader = this.classLoader;
            if (this.paxWebJettyBundle != null) {
                classLoader = ((BundleWiring) this.paxWebJettyBundle.adapt(BundleWiring.class)).getClassLoader();
            }
            classLoader.loadClass("javax.management.JMX");
            classLoader.loadClass("org.eclipse.jetty.jmx.MBeanContainer");
            LOG.info("Adding JMX support to Jetty server");
            MBeanContainer mBeanContainer = new MBeanContainer(ManagementFactory.getPlatformMBeanServer());
            server.addBean(mBeanContainer);
            return mBeanContainer;
        } catch (Throwable th) {
            LOG.info("No JMX available. Skipping Jetty JMX configuration.");
            return null;
        }
    }
}
