package io.quarkus.vertx.http.runtime.options;

import io.quarkus.credentials.runtime.CredentialsProviderFinder;
import io.quarkus.runtime.LaunchMode;
import io.quarkus.runtime.configuration.ConfigurationException;
import io.quarkus.runtime.util.ClassPathUtils;
import io.quarkus.vertx.http.runtime.HttpBuildTimeConfig;
import io.quarkus.vertx.http.runtime.HttpConfiguration;
import io.quarkus.vertx.http.runtime.ServerSslConfig;
import io.quarkus.vertx.http.runtime.management.ManagementInterfaceBuildTimeConfig;
import io.quarkus.vertx.http.runtime.management.ManagementInterfaceConfiguration;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.http.Http2Settings;
import io.vertx.core.http.HttpServerOptions;
import io.vertx.core.http.HttpVersion;
import io.vertx.core.net.JdkSSLEngineOptions;
import io.vertx.core.net.KeyStoreOptions;
import io.vertx.core.net.PemKeyCertOptions;
import io.vertx.core.net.TrafficShapingOptions;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.TimeUnit;

/* loaded from: input_file:io/quarkus/vertx/http/runtime/options/HttpServerOptionsUtils.class */
public class HttpServerOptionsUtils {
    public static HttpServerOptions createSslOptions(HttpBuildTimeConfig httpBuildTimeConfig, HttpConfiguration httpConfiguration, LaunchMode launchMode, List<String> list) throws IOException {
        if (!httpConfiguration.hostEnabled) {
            return null;
        }
        ServerSslConfig serverSslConfig = httpConfiguration.ssl;
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        if (serverSslConfig.certificate.keyFiles.isPresent()) {
            arrayList.addAll(serverSslConfig.certificate.keyFiles.get());
        }
        if (serverSslConfig.certificate.files.isPresent()) {
            arrayList2.addAll(serverSslConfig.certificate.files.get());
        }
        Map of = Map.of();
        if (serverSslConfig.certificate.credentialsProvider.isPresent()) {
            of = CredentialsProviderFinder.find(serverSslConfig.certificate.credentialsProviderName.orElse(null)).getCredentials(serverSslConfig.certificate.credentialsProvider.get());
        }
        Optional<Path> optional = serverSslConfig.certificate.keyStoreFile;
        Optional<String> credential = getCredential(serverSslConfig.certificate.keyStorePassword, of, serverSslConfig.certificate.keyStorePasswordKey);
        Optional<String> credential2 = getCredential(serverSslConfig.certificate.keyStoreKeyPassword, of, serverSslConfig.certificate.keyStoreKeyPasswordKey);
        Optional<Path> optional2 = serverSslConfig.certificate.trustStoreFile;
        Optional<String> credential3 = getCredential(serverSslConfig.certificate.trustStorePassword, of, serverSslConfig.certificate.trustStorePasswordKey);
        HttpServerOptions httpServerOptions = new HttpServerOptions();
        if (JdkSSLEngineOptions.isAlpnAvailable()) {
            httpServerOptions.setUseAlpn(httpConfiguration.http2);
            if (httpConfiguration.http2) {
                httpServerOptions.setAlpnVersions(Arrays.asList(HttpVersion.HTTP_2, HttpVersion.HTTP_1_1));
            }
        }
        setIdleTimeout(httpConfiguration, httpServerOptions);
        if (!arrayList2.isEmpty() && !arrayList.isEmpty()) {
            createPemKeyCertOptions(arrayList2, arrayList, httpServerOptions);
        } else if (optional.isPresent()) {
            httpServerOptions.setKeyCertOptions(createKeyStoreOptions(optional.get(), credential.orElse("password"), serverSslConfig.certificate.keyStoreFileType, serverSslConfig.certificate.keyStoreProvider, serverSslConfig.certificate.keyStoreKeyAlias, credential2));
        }
        if (optional2.isPresent()) {
            if (!credential3.isPresent()) {
                throw new IllegalArgumentException("No trust store password provided");
            }
            httpServerOptions.setTrustOptions(createKeyStoreOptions(optional2.get(), credential3.get(), serverSslConfig.certificate.trustStoreFileType, serverSslConfig.certificate.trustStoreProvider, serverSslConfig.certificate.trustStoreCertAlias, Optional.empty()));
        }
        Iterator<String> it = serverSslConfig.cipherSuites.orElse(Collections.emptyList()).iterator();
        while (it.hasNext()) {
            httpServerOptions.addEnabledCipherSuite(it.next());
        }
        httpServerOptions.setEnabledSecureTransportProtocols(serverSslConfig.protocols);
        httpServerOptions.setSsl(true);
        httpServerOptions.setSni(serverSslConfig.sni);
        int determineSslPort = httpConfiguration.determineSslPort(launchMode);
        httpServerOptions.setPort(determineSslPort == 0 ? -2 : determineSslPort);
        httpServerOptions.setClientAuth(httpBuildTimeConfig.tlsClientAuth);
        applyCommonOptions(httpServerOptions, httpBuildTimeConfig, httpConfiguration, list);
        return httpServerOptions;
    }

    public static HttpServerOptions createSslOptionsForManagementInterface(ManagementInterfaceBuildTimeConfig managementInterfaceBuildTimeConfig, ManagementInterfaceConfiguration managementInterfaceConfiguration, LaunchMode launchMode, List<String> list) throws IOException {
        if (!managementInterfaceConfiguration.hostEnabled) {
            return null;
        }
        ServerSslConfig serverSslConfig = managementInterfaceConfiguration.ssl;
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        if (serverSslConfig.certificate.keyFiles.isPresent()) {
            arrayList.addAll(serverSslConfig.certificate.keyFiles.get());
        }
        if (serverSslConfig.certificate.files.isPresent()) {
            arrayList2.addAll(serverSslConfig.certificate.files.get());
        }
        Map of = Map.of();
        if (serverSslConfig.certificate.credentialsProvider.isPresent()) {
            of = CredentialsProviderFinder.find(serverSslConfig.certificate.credentialsProviderName.orElse(null)).getCredentials(serverSslConfig.certificate.credentialsProvider.get());
        }
        Optional<Path> optional = serverSslConfig.certificate.keyStoreFile;
        Optional<String> credential = getCredential(serverSslConfig.certificate.keyStorePassword, of, serverSslConfig.certificate.keyStorePasswordKey);
        Optional<String> credential2 = getCredential(serverSslConfig.certificate.keyStoreKeyPassword, of, serverSslConfig.certificate.keyStoreKeyPasswordKey);
        Optional<Path> optional2 = serverSslConfig.certificate.trustStoreFile;
        Optional<String> credential3 = getCredential(serverSslConfig.certificate.trustStorePassword, of, serverSslConfig.certificate.trustStorePasswordKey);
        HttpServerOptions httpServerOptions = new HttpServerOptions();
        if (JdkSSLEngineOptions.isAlpnAvailable()) {
            httpServerOptions.setUseAlpn(true);
            httpServerOptions.setAlpnVersions(Arrays.asList(HttpVersion.HTTP_2, HttpVersion.HTTP_1_1));
        }
        httpServerOptions.setIdleTimeout((int) managementInterfaceConfiguration.idleTimeout.toMillis());
        httpServerOptions.setIdleTimeoutUnit(TimeUnit.MILLISECONDS);
        if (!arrayList2.isEmpty() && !arrayList.isEmpty()) {
            createPemKeyCertOptions(arrayList2, arrayList, httpServerOptions);
        } else if (optional.isPresent()) {
            httpServerOptions.setKeyCertOptions(createKeyStoreOptions(optional.get(), credential.orElse("password"), serverSslConfig.certificate.keyStoreFileType, serverSslConfig.certificate.keyStoreProvider, serverSslConfig.certificate.keyStoreKeyAlias, credential2));
        }
        if (optional2.isPresent()) {
            if (!credential3.isPresent()) {
                throw new IllegalArgumentException("No trust store password provided");
            }
            httpServerOptions.setTrustOptions(createKeyStoreOptions(optional2.get(), credential3.get(), serverSslConfig.certificate.trustStoreFileType, serverSslConfig.certificate.trustStoreProvider, serverSslConfig.certificate.trustStoreCertAlias, Optional.empty()));
        }
        Iterator<String> it = serverSslConfig.cipherSuites.orElse(Collections.emptyList()).iterator();
        while (it.hasNext()) {
            httpServerOptions.addEnabledCipherSuite(it.next());
        }
        httpServerOptions.setEnabledSecureTransportProtocols(serverSslConfig.protocols);
        httpServerOptions.setSsl(true);
        httpServerOptions.setSni(serverSslConfig.sni);
        int determinePort = managementInterfaceConfiguration.determinePort(launchMode);
        httpServerOptions.setPort(determinePort == 0 ? -2 : determinePort);
        httpServerOptions.setClientAuth(managementInterfaceBuildTimeConfig.tlsClientAuth);
        applyCommonOptionsForManagementInterface(httpServerOptions, managementInterfaceBuildTimeConfig, managementInterfaceConfiguration, list);
        return httpServerOptions;
    }

    private static Optional<String> getCredential(Optional<String> optional, Map<String, String> map, Optional<String> optional2) {
        return optional.isPresent() ? optional : optional2.isPresent() ? Optional.ofNullable(map.get(optional2.get())) : Optional.empty();
    }

    public static void applyCommonOptions(HttpServerOptions httpServerOptions, HttpBuildTimeConfig httpBuildTimeConfig, HttpConfiguration httpConfiguration, List<String> list) {
        httpServerOptions.setHost(httpConfiguration.host);
        setIdleTimeout(httpConfiguration, httpServerOptions);
        httpServerOptions.setMaxHeaderSize(httpConfiguration.limits.maxHeaderSize.asBigInteger().intValueExact());
        httpServerOptions.setMaxChunkSize(httpConfiguration.limits.maxChunkSize.asBigInteger().intValueExact());
        httpServerOptions.setMaxFormAttributeSize(httpConfiguration.limits.maxFormAttributeSize.asBigInteger().intValueExact());
        httpServerOptions.setWebSocketSubProtocols(list);
        httpServerOptions.setReusePort(httpConfiguration.soReusePort);
        httpServerOptions.setTcpQuickAck(httpConfiguration.tcpQuickAck);
        httpServerOptions.setTcpCork(httpConfiguration.tcpCork);
        httpServerOptions.setAcceptBacklog(httpConfiguration.acceptBacklog);
        httpServerOptions.setTcpFastOpen(httpConfiguration.tcpFastOpen);
        httpServerOptions.setCompressionSupported(httpBuildTimeConfig.enableCompression);
        if (httpBuildTimeConfig.compressionLevel.isPresent()) {
            httpServerOptions.setCompressionLevel(httpBuildTimeConfig.compressionLevel.getAsInt());
        }
        httpServerOptions.setDecompressionSupported(httpBuildTimeConfig.enableDecompression);
        httpServerOptions.setMaxInitialLineLength(httpConfiguration.limits.maxInitialLineLength);
        httpServerOptions.setHandle100ContinueAutomatically(httpConfiguration.handle100ContinueAutomatically);
        if (httpConfiguration.http2) {
            Http2Settings http2Settings = new Http2Settings();
            if (httpConfiguration.limits.headerTableSize.isPresent()) {
                http2Settings.setHeaderTableSize(httpConfiguration.limits.headerTableSize.getAsLong());
            }
            http2Settings.setPushEnabled(httpConfiguration.http2PushEnabled);
            if (httpConfiguration.limits.maxConcurrentStreams.isPresent()) {
                http2Settings.setMaxConcurrentStreams(httpConfiguration.limits.maxConcurrentStreams.getAsLong());
            }
            if (httpConfiguration.initialWindowSize.isPresent()) {
                http2Settings.setInitialWindowSize(httpConfiguration.initialWindowSize.getAsInt());
            }
            if (httpConfiguration.limits.maxFrameSize.isPresent()) {
                http2Settings.setMaxFrameSize(httpConfiguration.limits.maxFrameSize.getAsInt());
            }
            if (httpConfiguration.limits.maxHeaderListSize.isPresent()) {
                http2Settings.setMaxHeaderListSize(httpConfiguration.limits.maxHeaderListSize.getAsLong());
            }
            httpServerOptions.setInitialSettings(http2Settings);
        }
        httpServerOptions.setUseProxyProtocol(httpConfiguration.proxy.useProxyProtocol);
        configureTrafficShapingIfEnabled(httpServerOptions, httpConfiguration);
    }

    private static void configureTrafficShapingIfEnabled(HttpServerOptions httpServerOptions, HttpConfiguration httpConfiguration) {
        if (httpConfiguration.trafficShaping.enabled) {
            TrafficShapingOptions trafficShapingOptions = new TrafficShapingOptions();
            if (httpConfiguration.trafficShaping.checkInterval.isPresent()) {
                trafficShapingOptions.setCheckIntervalForStats(httpConfiguration.trafficShaping.checkInterval.get().toSeconds());
                trafficShapingOptions.setCheckIntervalForStatsTimeUnit(TimeUnit.SECONDS);
            }
            if (httpConfiguration.trafficShaping.maxDelay.isPresent()) {
                trafficShapingOptions.setMaxDelayToWait(httpConfiguration.trafficShaping.maxDelay.get().toSeconds());
                trafficShapingOptions.setMaxDelayToWaitUnit(TimeUnit.SECONDS);
            }
            if (httpConfiguration.trafficShaping.inboundGlobalBandwidth.isPresent()) {
                trafficShapingOptions.setInboundGlobalBandwidth(httpConfiguration.trafficShaping.inboundGlobalBandwidth.get().asLongValue());
            }
            if (httpConfiguration.trafficShaping.outboundGlobalBandwidth.isPresent()) {
                trafficShapingOptions.setOutboundGlobalBandwidth(httpConfiguration.trafficShaping.outboundGlobalBandwidth.get().asLongValue());
            }
            if (httpConfiguration.trafficShaping.peakOutboundGlobalBandwidth.isPresent()) {
                trafficShapingOptions.setPeakOutboundGlobalBandwidth(httpConfiguration.trafficShaping.peakOutboundGlobalBandwidth.get().asLongValue());
            }
            httpServerOptions.setTrafficShapingOptions(trafficShapingOptions);
        }
    }

    public static void applyCommonOptionsForManagementInterface(HttpServerOptions httpServerOptions, ManagementInterfaceBuildTimeConfig managementInterfaceBuildTimeConfig, ManagementInterfaceConfiguration managementInterfaceConfiguration, List<String> list) {
        httpServerOptions.setHost(managementInterfaceConfiguration.host.orElse("0.0.0.0"));
        httpServerOptions.setIdleTimeout((int) managementInterfaceConfiguration.idleTimeout.toMillis());
        httpServerOptions.setIdleTimeoutUnit(TimeUnit.MILLISECONDS);
        httpServerOptions.setMaxHeaderSize(managementInterfaceConfiguration.limits.maxHeaderSize.asBigInteger().intValueExact());
        httpServerOptions.setMaxChunkSize(managementInterfaceConfiguration.limits.maxChunkSize.asBigInteger().intValueExact());
        httpServerOptions.setMaxFormAttributeSize(managementInterfaceConfiguration.limits.maxFormAttributeSize.asBigInteger().intValueExact());
        httpServerOptions.setMaxInitialLineLength(managementInterfaceConfiguration.limits.maxInitialLineLength);
        httpServerOptions.setWebSocketSubProtocols(list);
        httpServerOptions.setAcceptBacklog(managementInterfaceConfiguration.acceptBacklog);
        httpServerOptions.setCompressionSupported(managementInterfaceBuildTimeConfig.enableCompression);
        if (managementInterfaceBuildTimeConfig.compressionLevel.isPresent()) {
            httpServerOptions.setCompressionLevel(managementInterfaceBuildTimeConfig.compressionLevel.getAsInt());
        }
        httpServerOptions.setDecompressionSupported(managementInterfaceBuildTimeConfig.enableDecompression);
        httpServerOptions.setHandle100ContinueAutomatically(managementInterfaceConfiguration.handle100ContinueAutomatically);
        httpServerOptions.setUseProxyProtocol(managementInterfaceConfiguration.proxy.useProxyProtocol);
    }

    private static KeyStoreOptions createKeyStoreOptions(Path path, String str, Optional<String> optional, Optional<String> optional2, Optional<String> optional3, Optional<String> optional4) throws IOException {
        return new KeyStoreOptions().setPassword(str).setValue(Buffer.buffer(getFileContent(path))).setType((optional.isPresent() ? optional.get().toLowerCase() : findKeystoreFileType(path)).toUpperCase()).setProvider(optional2.orElse(null)).setAlias(optional3.orElse(null)).setAliasPassword(optional4.orElse(null));
    }

    private static byte[] getFileContent(Path path) throws IOException {
        byte[] doRead;
        InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(ClassPathUtils.toResourceName(path));
        if (resourceAsStream != null) {
            try {
                doRead = doRead(resourceAsStream);
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
            } catch (Throwable th) {
                if (resourceAsStream != null) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } else {
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            try {
                doRead = doRead(newInputStream);
                if (newInputStream != null) {
                    newInputStream.close();
                }
            } catch (Throwable th3) {
                if (newInputStream != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                }
                throw th3;
            }
        }
        return doRead;
    }

    private static void createPemKeyCertOptions(List<Path> list, List<Path> list2, HttpServerOptions httpServerOptions) throws IOException {
        if (list.size() != list2.size()) {
            throw new ConfigurationException("Invalid certificate configuration - `files` and `keyFiles` must have the same number of elements");
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        Iterator<Path> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(Buffer.buffer(getFileContent(it.next())));
        }
        Iterator<Path> it2 = list2.iterator();
        while (it2.hasNext()) {
            arrayList2.add(Buffer.buffer(getFileContent(it2.next())));
        }
        httpServerOptions.setPemKeyCertOptions(new PemKeyCertOptions().setCertValues(arrayList).setKeyValues(arrayList2));
    }

    private static String findKeystoreFileType(Path path) {
        String path2 = path.toString();
        return (path2.endsWith(".p12") || path2.endsWith(".pkcs12") || path2.endsWith(".pfx")) ? "pkcs12" : "jks";
    }

    private static byte[] doRead(InputStream inputStream) throws IOException {
        return inputStream.readAllBytes();
    }

    private static void setIdleTimeout(HttpConfiguration httpConfiguration, HttpServerOptions httpServerOptions) {
        httpServerOptions.setIdleTimeout((int) httpConfiguration.idleTimeout.toMillis());
        httpServerOptions.setIdleTimeoutUnit(TimeUnit.MILLISECONDS);
    }
}
