package com.netflix.spinnaker.kork.tomcat;

import com.netflix.spinnaker.kork.tomcat.x509.SslExtensionConfigurationProperties;
import org.apache.catalina.connector.Connector;
import org.apache.coyote.http11.Http11NioProtocol;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.embedded.tomcat.TomcatConnectorCustomizer;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.server.Ssl;
import org.springframework.boot.web.server.WebServerFactory;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@EnableConfigurationProperties({TomcatConfigurationProperties.class, SslExtensionConfigurationProperties.class})
@Configuration
/* loaded from: input_file:com/netflix/spinnaker/kork/tomcat/TomcatConfiguration.class */
class TomcatConfiguration {
    private final Logger log = LoggerFactory.getLogger(getClass());

    /* loaded from: input_file:com/netflix/spinnaker/kork/tomcat/TomcatConfiguration$CustomizableTomcatServletWebServerFactory.class */
    private static class CustomizableTomcatServletWebServerFactory extends TomcatServletWebServerFactory {
        private CustomizableTomcatServletWebServerFactory() {
        }

        void customizeSslConnector(Connector connector) {
            super.customizeConnector(connector);
        }
    }

    TomcatConfiguration() {
    }

    @Bean
    TomcatConnectorCustomizer defaultTomcatConnectorCustomizer(TomcatConfigurationProperties tomcatConfigurationProperties, SslExtensionConfigurationProperties sslExtensionConfigurationProperties) {
        return new DefaultTomcatConnectorCustomizer(tomcatConfigurationProperties, sslExtensionConfigurationProperties);
    }

    @Bean
    @ConditionalOnExpression("${server.ssl.enabled:false}")
    WebServerFactoryCustomizer containerCustomizer(final DefaultTomcatConnectorCustomizer defaultTomcatConnectorCustomizer, final TomcatConfigurationProperties tomcatConfigurationProperties) {
        System.setProperty("jdk.tls.rejectClientInitiatedRenegotiation", "true");
        System.setProperty("jdk.tls.ephemeralDHKeySize", "2048");
        return new WebServerFactoryCustomizer() { // from class: com.netflix.spinnaker.kork.tomcat.TomcatConfiguration.1
            public void customize(WebServerFactory webServerFactory) {
                TomcatServletWebServerFactory tomcatServletWebServerFactory = (TomcatServletWebServerFactory) webServerFactory;
                tomcatServletWebServerFactory.addConnectorCustomizers(new TomcatConnectorCustomizer[]{defaultTomcatConnectorCustomizer});
                if (tomcatConfigurationProperties.getLegacyServerPort() > 0) {
                    TomcatConfiguration.this.log.info("Creating legacy connector on port {}", Integer.valueOf(tomcatConfigurationProperties.getLegacyServerPort()));
                    Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
                    connector.setScheme("http");
                    connector.setPort(tomcatConfigurationProperties.getLegacyServerPort());
                    TomcatConfiguration.applyCompressionSettings(connector, tomcatServletWebServerFactory);
                    tomcatServletWebServerFactory.addAdditionalTomcatConnectors(new Connector[]{connector});
                }
                if (tomcatConfigurationProperties.getApiPort() > 0) {
                    TomcatConfiguration.this.log.info("Creating api connector on port {}", Integer.valueOf(tomcatConfigurationProperties.getApiPort()));
                    Connector connector2 = new Connector("org.apache.coyote.http11.Http11NioProtocol");
                    connector2.setScheme("https");
                    connector2.setSecure(true);
                    connector2.setPort(tomcatConfigurationProperties.getApiPort());
                    TomcatConfiguration.applyCompressionSettings(connector2, tomcatServletWebServerFactory);
                    Ssl copySslConfigurationWithClientAuth = defaultTomcatConnectorCustomizer.copySslConfigurationWithClientAuth(tomcatServletWebServerFactory);
                    CustomizableTomcatServletWebServerFactory customizableTomcatServletWebServerFactory = new CustomizableTomcatServletWebServerFactory();
                    BeanUtils.copyProperties(tomcatServletWebServerFactory, customizableTomcatServletWebServerFactory);
                    customizableTomcatServletWebServerFactory.setPort(tomcatConfigurationProperties.getApiPort());
                    customizableTomcatServletWebServerFactory.setSsl(copySslConfigurationWithClientAuth);
                    customizableTomcatServletWebServerFactory.customizeSslConnector(connector2);
                    defaultTomcatConnectorCustomizer.customize(connector2);
                    tomcatServletWebServerFactory.addAdditionalTomcatConnectors(new Connector[]{connector2});
                }
            }
        };
    }

    private static void applyCompressionSettings(Connector connector, TomcatServletWebServerFactory tomcatServletWebServerFactory) {
        Http11NioProtocol protocolHandler = connector.getProtocolHandler();
        if (!tomcatServletWebServerFactory.getCompression().getEnabled()) {
            protocolHandler.setCompression("off");
            return;
        }
        protocolHandler.setCompression("on");
        protocolHandler.setCompressibleMimeType(String.join(",", tomcatServletWebServerFactory.getCompression().getMimeTypes()));
        protocolHandler.setCompressionMinSize((int) tomcatServletWebServerFactory.getCompression().getMinResponseSize().toBytes());
    }
}
