package org.sonatype.tests.http.server.jetty.impl;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.HashLoginService;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.handler.DefaultHandler;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.server.nio.BlockingChannelConnector;
import org.eclipse.jetty.server.ssl.SslConnector;
import org.eclipse.jetty.server.ssl.SslSocketConnector;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.B64Code;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.security.Password;
import org.sonatype.tests.http.server.api.Behaviour;
import org.sonatype.tests.http.server.api.ServerProvider;
import org.sonatype.tests.http.server.api.TestServlet;
import org.sonatype.tests.http.server.jetty.behaviour.Content;
import org.sonatype.tests.http.server.jetty.behaviour.Pause;
import org.sonatype.tests.http.server.jetty.behaviour.Redirect;
import org.sonatype.tests.http.server.jetty.behaviour.Stutter;
import org.sonatype.tests.http.server.jetty.behaviour.Truncate;
import org.sonatype.tests.http.server.jetty.util.FileUtil;

/* loaded from: input_file:org/sonatype/tests/http/server/jetty/impl/JettyServerProvider.class */
public class JettyServerProvider implements ServerProvider {
    protected Server server;
    protected boolean ssl;
    private ServletContextHandler webappContext;
    private String sslKeystorePassword;
    private String sslKeystore;
    private String sslTruststore;
    private String sslTruststorePassword;
    private boolean sslNeedClientAuth;
    private HashLoginService loginService;
    private String authType;
    protected int port = -1;
    private final String host = "localhost";
    private ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();

    /* loaded from: input_file:org/sonatype/tests/http/server/jetty/impl/JettyServerProvider$CertificateHolder.class */
    public static class CertificateHolder {
        private PrivateKey key;
        private Certificate[] chain;

        public Certificate getCertificate() {
            return this.chain[0];
        }

        public Certificate[] getChain() {
            return this.chain;
        }

        @Deprecated
        public CertificateHolder(PrivateKey privateKey, Certificate certificate) {
            this.key = privateKey;
            this.chain = new Certificate[]{certificate};
        }

        public CertificateHolder(Certificate[] certificateArr) {
            this.chain = certificateArr;
        }

        @Deprecated
        public PrivateKey getKey() {
            return this.key;
        }
    }

    /* loaded from: input_file:org/sonatype/tests/http/server/jetty/impl/JettyServerProvider$CustomTrustManager.class */
    public static final class CustomTrustManager implements X509TrustManager {
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    public void setSSL(String str, String str2) {
        this.ssl = true;
        this.sslKeystore = str;
        this.sslKeystorePassword = str2;
    }

    public void setPort(int i) {
        this.port = i;
    }

    public void initServer() throws Exception {
        this.server = createServer();
    }

    public boolean isStarted() {
        return this.server != null && this.server.isStarted();
    }

    public void setSSLTruststore(String str, String str2) {
        this.sslTruststore = str;
        this.sslTruststorePassword = str2;
    }

    public void setSSLNeedClientAuth(boolean z) {
        this.sslNeedClientAuth = z;
    }

    public void getServer() throws Exception {
        if (this.server != null) {
            initServer();
        }
    }

    public Server createServer() throws URISyntaxException {
        Server server = new Server();
        server.setConnectors(new Connector[]{this.ssl ? sslConnector() : connector()});
        initWebappContext(server);
        return server;
    }

    public void addAuthentication(String str, String str2) {
        if (this.server == null) {
            try {
                initServer();
            } catch (Exception e) {
                throw new IllegalStateException(e);
            }
        }
        initAuthentication(str, str2);
    }

    private void initAuthentication(String str, String str2) {
        this.authType = str2;
        Constraint constraint = new Constraint();
        if (str2 == null) {
            str2 = "BASIC";
        }
        constraint.setName(str2);
        constraint.setRoles(new String[]{"users"});
        constraint.setAuthenticate(true);
        ConstraintMapping constraintMapping = new ConstraintMapping();
        constraintMapping.setConstraint(constraint);
        constraintMapping.setPathSpec(str);
        this.securityHandler.setRealmName("Test Server");
        this.securityHandler.setAuthMethod(str2);
        this.securityHandler.setStrict(true);
        if ("DIGEST".equals(str2)) {
            this.securityHandler.setAuthenticator(new FixedDigestAuthenticator());
        }
        if (str2.endsWith("CERT")) {
            for (SslConnector sslConnector : this.server.getConnectors()) {
                if (!(sslConnector instanceof SslConnector)) {
                    throw new UnsupportedOperationException("Cannot use Client Side Certificate Auth without SSL.");
                }
                sslConnector.setNeedClientAuth(true);
            }
        }
        this.securityHandler.setConstraintMappings(new ConstraintMapping[]{constraintMapping});
        this.loginService = new HashLoginService("Test Server");
        this.securityHandler.setLoginService(this.loginService);
        this.webappContext.setSecurityHandler(this.securityHandler);
    }

    public void addUser(String str, Object obj) {
        if (this.authType == null) {
            throw new IllegalStateException("no authentication method set.");
        }
        if (!(obj instanceof CertificateHolder)) {
            this.loginService.putUser(str, new Password(obj.toString()), new String[]{"users"});
        } else {
            if (!this.authType.endsWith("CERT")) {
                throw new UnsupportedOperationException("Cannot add certificate with non-CERT-authentication");
            }
            try {
                addCertificate(str, (CertificateHolder) obj);
            } catch (Exception e) {
                throw new IllegalStateException(e.getMessage(), e);
            }
        }
    }

    public void addCertificate(String str, CertificateHolder certificateHolder) throws Exception {
        for (SslConnector sslConnector : this.server.getConnectors()) {
            if (sslConnector instanceof SslConnector) {
                SslConnector sslConnector2 = sslConnector;
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                FileInputStream fileInputStream = null;
                try {
                    try {
                        fileInputStream = new FileInputStream(resourceFile(this.sslKeystore));
                    } catch (Exception e) {
                        fileInputStream = new FileInputStream(this.sslKeystore);
                    }
                    KeyStore keyStore = KeyStore.getInstance("JKS");
                    keyStore.load(fileInputStream, this.sslKeystorePassword == null ? null : this.sslKeystorePassword.toString().toCharArray());
                    keyStore.setCertificateEntry(str, certificateHolder.getCertificate());
                    Certificate[] chain = certificateHolder.getChain();
                    for (int i = 1; i < chain.length; i++) {
                        keyStore.setCertificateEntry(str + "chain" + i, chain[i]);
                    }
                    keyManagerFactory.init(keyStore, this.sslKeystorePassword == null ? null : this.sslKeystorePassword.toString().toCharArray());
                    KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
                    SSLContext sSLContext = SSLContext.getInstance("TLS");
                    sSLContext.init(keyManagers, new TrustManager[]{new CustomTrustManager()}, null);
                    sslConnector2.setSslContext(sSLContext);
                    if (!(certificateHolder.getCertificate() instanceof X509Certificate)) {
                        throw new IllegalArgumentException("Unsupported Certificate Type (need X509Certificate): " + certificateHolder.getCertificate().getClass());
                    }
                    X509Certificate x509Certificate = (X509Certificate) certificateHolder.getCertificate();
                    Principal subjectDN = x509Certificate.getSubjectDN();
                    if (subjectDN == null) {
                        subjectDN = x509Certificate.getIssuerDN();
                    }
                    addUser(subjectDN == null ? "clientcert" : subjectDN.getName(), String.valueOf(B64Code.encode(x509Certificate.getSignature())));
                } finally {
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                }
            }
        }
    }

    public void addDefaultServices() {
        addServlet(new ErrorServlet());
        addBehaviour("/content/*", new Content());
        addBehaviour("/stutter/*", new Stutter());
        addBehaviour("/pause/*", new Pause(), new Content());
        addBehaviour("/truncate/*", new Truncate());
        addBehaviour("/timeout/*", new Pause());
        addBehaviour("/redirect/*", new Redirect(), new Content());
    }

    public void addServlet(TestServlet testServlet) {
        if (this.webappContext == null) {
            try {
                initServer();
            } catch (Exception e) {
                throw new IllegalStateException(e);
            }
        }
        this.webappContext.getServletHandler().addServletWithMapping(new ServletHolder(testServlet), testServlet.getPath());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initWebappContext(Server server) throws URISyntaxException {
        this.webappContext = new ServletContextHandler();
        this.webappContext.setContextPath("/");
        HandlerCollection handlerCollection = new HandlerCollection();
        handlerCollection.setHandlers(new Handler[]{this.webappContext, new DefaultHandler()});
        server.setHandler(handlerCollection);
    }

    private String resourceFile(String str) throws Exception {
        URL resource = getClass().getResource("/" + str);
        if (resource == null) {
            throw new IllegalStateException("cannot find resource: " + str);
        }
        if ("file".equals(resource.getProtocol())) {
            return new File(new URI(resource.toExternalForm())).getAbsolutePath();
        }
        InputStream inputStream = null;
        FileOutputStream fileOutputStream = null;
        File createTempFile = FileUtil.createTempFile("");
        try {
            inputStream = resource.openStream();
            fileOutputStream = new FileOutputStream(createTempFile);
            byte[] bArr = new byte[16000];
            while (true) {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    break;
                }
                fileOutputStream.write(bArr, 0, read);
            }
            if (inputStream != null) {
                inputStream.close();
            }
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            return createTempFile.getAbsolutePath();
        } catch (Throwable th) {
            if (inputStream != null) {
                inputStream.close();
            }
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            throw th;
        }
    }

    protected Connector connector() {
        BlockingChannelConnector blockingChannelConnector = new BlockingChannelConnector();
        blockingChannelConnector.setHost("localhost");
        if (this.port != -1) {
            blockingChannelConnector.setPort(this.port);
        }
        return blockingChannelConnector;
    }

    protected Connector sslConnector() {
        String str;
        String str2;
        SslSocketConnector sslSocketConnector = new SslSocketConnector();
        try {
            str = resourceFile(this.sslKeystore);
        } catch (Exception e) {
            str = this.sslKeystore;
        }
        sslSocketConnector.setHost("localhost");
        if (this.port != -1) {
            sslSocketConnector.setPort(this.port);
        }
        sslSocketConnector.setKeystore(str);
        sslSocketConnector.setPassword(this.sslKeystorePassword);
        sslSocketConnector.setKeyPassword(this.sslKeystorePassword);
        if (this.sslTruststore != null) {
            try {
                str2 = resourceFile(this.sslTruststore);
            } catch (Exception e2) {
                str2 = this.sslTruststore;
            }
            sslSocketConnector.setTruststore(str2);
            sslSocketConnector.setTrustPassword(this.sslTruststorePassword);
        }
        sslSocketConnector.setNeedClientAuth(this.sslNeedClientAuth);
        return sslSocketConnector;
    }

    public void start() throws Exception {
        if (this.server == null) {
            initServer();
        }
        this.server.start();
        int i = 0;
        synchronized (this.server) {
            while (i < 3000) {
                if (this.server.isStarted()) {
                    break;
                }
                this.server.wait(10L);
                i += 10;
            }
            this.server.wait(10L);
        }
        if (!this.server.isStarted()) {
            throw new IllegalStateException("Server didn't start in: " + i + "ms.");
        }
        this.port = this.server.getConnectors()[0].getLocalPort();
    }

    public void addBehaviour(String str, Behaviour... behaviourArr) {
        addServlet(new BehaviourServlet(str, behaviourArr));
    }

    public void stop() throws Exception {
        this.server.stop();
        int i = 0;
        while (i < 3000 && this.server.isStarted()) {
            this.server.wait(10L);
            i += 10;
        }
        if (this.server.isStarted()) {
            throw new IllegalStateException("Server didn't stop in: " + i + "ms.");
        }
    }

    public URL getUrl() throws MalformedURLException {
        return new URL(this.ssl ? "https" : "http", "localhost", this.port, "");
    }

    public ServletContextHandler getWebappContext() {
        return this.webappContext;
    }

    public void setWebappContext(ServletContextHandler servletContextHandler) {
        this.webappContext = servletContextHandler;
    }

    public int getPort() {
        return this.port;
    }

    public ConstraintSecurityHandler getSecurityHandler() {
        return this.securityHandler;
    }

    public void setSecurityHandler(ConstraintSecurityHandler constraintSecurityHandler) {
        this.securityHandler = constraintSecurityHandler;
    }
}
