package org.ops4j.pax.web.service.undertow.internal;

import io.undertow.Handlers;
import io.undertow.Undertow;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.Credential;
import io.undertow.security.idm.IdentityManager;
import io.undertow.server.HttpHandler;
import io.undertow.server.handlers.PathHandler;
import io.undertow.server.handlers.accesslog.AccessLogHandler;
import io.undertow.server.handlers.accesslog.DefaultAccessLogReceiver;
import io.undertow.server.handlers.resource.FileResourceManager;
import io.undertow.server.handlers.resource.ResourceHandler;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.lang.reflect.Constructor;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CRL;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Dictionary;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.CopyOnWriteArraySet;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.UnmarshallerHandler;
import javax.xml.parsers.SAXParserFactory;
import org.ops4j.lang.NullArgumentException;
import org.ops4j.pax.swissbox.property.BundleContextPropertyResolver;
import org.ops4j.pax.web.service.spi.Configuration;
import org.ops4j.pax.web.service.spi.ConfigurationSource;
import org.ops4j.pax.web.service.spi.LifeCycle;
import org.ops4j.pax.web.service.spi.ServerController;
import org.ops4j.pax.web.service.spi.ServerControllerEx;
import org.ops4j.pax.web.service.spi.ServerEvent;
import org.ops4j.pax.web.service.spi.ServerListener;
import org.ops4j.pax.web.service.spi.model.ContainerInitializerModel;
import org.ops4j.pax.web.service.spi.model.ContextModel;
import org.ops4j.pax.web.service.spi.model.ErrorPageModel;
import org.ops4j.pax.web.service.spi.model.EventListenerModel;
import org.ops4j.pax.web.service.spi.model.FilterModel;
import org.ops4j.pax.web.service.spi.model.ResourceModel;
import org.ops4j.pax.web.service.spi.model.SecurityConstraintMappingModel;
import org.ops4j.pax.web.service.spi.model.ServletModel;
import org.ops4j.pax.web.service.spi.model.WelcomeFileModel;
import org.ops4j.pax.web.service.undertow.internal.configuration.ResolvingContentHandler;
import org.ops4j.pax.web.service.undertow.internal.configuration.model.SecurityRealm;
import org.ops4j.pax.web.service.undertow.internal.configuration.model.Server;
import org.ops4j.pax.web.service.undertow.internal.configuration.model.ServletContainer;
import org.ops4j.pax.web.service.undertow.internal.configuration.model.UndertowConfiguration;
import org.ops4j.pax.web.service.undertow.internal.configuration.model.UndertowSubsystem;
import org.ops4j.pax.web.service.undertow.internal.security.JaasIdentityManager;
import org.ops4j.pax.web.service.undertow.internal.security.PropertiesIdentityManager;
import org.ops4j.util.property.DictionaryPropertyResolver;
import org.osgi.framework.BundleContext;
import org.osgi.framework.FrameworkUtil;
import org.osgi.framework.wiring.BundleWiring;
import org.osgi.service.http.HttpContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.InputSource;
import org.xml.sax.XMLReader;
import org.xnio.Options;
import org.xnio.Sequence;
import org.xnio.SslClientAuthMode;
import org.xnio.XnioWorker;

/* loaded from: input_file:org/ops4j/pax/web/service/undertow/internal/ServerControllerImpl.class */
public class ServerControllerImpl implements ServerController, ServerControllerEx, IdentityManager {
    private static final Logger LOG = LoggerFactory.getLogger(ServerControllerImpl.class);
    private final BundleContext bundleContext;
    private Configuration configuration;
    private IdentityManager identityManager;
    private Undertow server;
    private XnioWorker xnioWorker;
    private JAXBContext jaxb = null;
    private final Set<ServerListener> listeners = new CopyOnWriteArraySet();
    private State state = State.Unconfigured;
    private final ContextAwarePathHandler path = new ContextAwarePathHandler((HttpHandler) Handlers.path());
    private final ConcurrentMap<HttpContext, Context> contextMap = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/ops4j/pax/web/service/undertow/internal/ServerControllerImpl$ConfigSource.class */
    public enum ConfigSource {
        XML,
        PROPERTIES,
        PID;

        public static ConfigSource kind(URL url) {
            String path;
            if (url != null && (path = url.getPath()) != null) {
                String name = new File(path).getName();
                return name.endsWith(".properties") ? PROPERTIES : name.endsWith(".xml") ? XML : PID;
            }
            return PID;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/ops4j/pax/web/service/undertow/internal/ServerControllerImpl$State.class */
    public enum State {
        Unconfigured,
        Stopped,
        Started
    }

    public ServerControllerImpl(BundleContext bundleContext) {
        this.bundleContext = bundleContext;
    }

    public synchronized void start() {
        LOG.debug("Starting server [{}]", this);
        assertState(State.Stopped);
        doStart();
        this.state = State.Started;
        notifyListeners(ServerEvent.STARTED);
    }

    public synchronized void stop() {
        LOG.debug("Stopping server [{}]", this);
        assertNotState(State.Unconfigured);
        if (this.state == State.Started) {
            doStop();
            this.state = State.Stopped;
        }
        notifyListeners(ServerEvent.STOPPED);
    }

    public synchronized void configure(Configuration configuration) {
        LOG.debug("Configuring server [{}] -> [{}] ", this, configuration);
        if (configuration == null) {
            throw new IllegalArgumentException("configuration == null");
        }
        this.configuration = configuration;
        switch (this.state) {
            case Unconfigured:
                this.state = State.Stopped;
                notifyListeners(ServerEvent.CONFIGURED);
                return;
            case Started:
                doStop();
                doStart();
                return;
            default:
                return;
        }
    }

    public void addListener(ServerListener serverListener) {
        if (serverListener == null) {
            throw new IllegalArgumentException("listener == null");
        }
        this.listeners.add(serverListener);
    }

    public void removeListener(ServerListener serverListener) {
        this.listeners.remove(serverListener);
    }

    public synchronized boolean isStarted() {
        return this.state == State.Started;
    }

    public synchronized boolean isConfigured() {
        return this.state != State.Unconfigured;
    }

    public Configuration getConfiguration() {
        return this.configuration;
    }

    public synchronized Integer getHttpPort() {
        Configuration configuration = this.configuration;
        if (configuration == null) {
            throw new IllegalStateException("Not configured");
        }
        return configuration.getHttpPort();
    }

    public synchronized Integer getHttpSecurePort() {
        Configuration configuration = this.configuration;
        if (configuration == null) {
            throw new IllegalStateException("Not configured");
        }
        return configuration.getHttpSecurePort();
    }

    void notifyListeners(ServerEvent serverEvent) {
        Iterator<ServerListener> it = this.listeners.iterator();
        while (it.hasNext()) {
            it.next().stateChanged(serverEvent);
        }
    }

    void doStart() {
        Undertow.Builder builder = Undertow.builder();
        HttpHandler httpHandler = this.path;
        URL detectUndertowConfiguration = detectUndertowConfiguration();
        switch (ConfigSource.kind(detectUndertowConfiguration)) {
            case XML:
                LOG.info("Using \"" + detectUndertowConfiguration + "\" to configure Undertow");
                httpHandler = configureUndertow(this.configuration, builder, httpHandler, detectUndertowConfiguration);
                break;
            case PROPERTIES:
                LOG.info("Using \"" + detectUndertowConfiguration + "\" to read additional configuration for Undertow");
                configureIdentityManager(detectUndertowConfiguration);
            case PID:
                LOG.info("Using \"org.ops4j.pax.url.web\" PID to configure Undertow");
                httpHandler = configureUndertow(this.configuration, builder, httpHandler);
                break;
        }
        builder.setHandler(httpHandler);
        this.server = builder.build();
        this.server.start();
    }

    private void configureIdentityManager(URL url) {
        try {
            Properties properties = new Properties();
            InputStream openStream = url.openStream();
            Throwable th = null;
            try {
                properties.load(openStream);
                if (openStream != null) {
                    if (0 != 0) {
                        try {
                            openStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        openStream.close();
                    }
                }
                LinkedHashMap linkedHashMap = new LinkedHashMap();
                for (Map.Entry entry : properties.entrySet()) {
                    linkedHashMap.put(entry.getKey().toString(), entry.getValue().toString());
                }
                this.identityManager = (IdentityManager) createConfigurationObject(linkedHashMap, "identityManager");
            } finally {
            }
        } catch (Exception e) {
            LOG.error("Exception while starting Undertow", e);
            throw new RuntimeException("Exception while starting Undertow", e);
        }
    }

    private HttpHandler configureUndertow(Configuration configuration, Undertow.Builder builder, HttpHandler httpHandler) {
        if (configuration.isLogNCSAFormatEnabled().booleanValue()) {
            String logNCSADirectory = configuration.getLogNCSADirectory();
            configuration.getLogNCSAFormat();
            this.xnioWorker = UndertowUtil.createWorker(((BundleWiring) FrameworkUtil.getBundle(ServerControllerImpl.class).adapt(BundleWiring.class)).getClassLoader());
            httpHandler = new AccessLogHandler(httpHandler, DefaultAccessLogReceiver.builder().setLogWriteExecutor(this.xnioWorker).setOutputDirectory(new File(logNCSADirectory).toPath()).setLogBaseName("request.").setLogNameSuffix("log").setRotate(true).build(), configuration.isLogNCSAExtended().booleanValue() ? "combined" : "common", AccessLogHandler.class.getClassLoader());
        }
        for (String str : configuration.getListeningAddresses()) {
            if (configuration.isHttpEnabled().booleanValue()) {
                LOG.info("Starting undertow http listener on " + str + ":" + configuration.getHttpPort());
                builder.addHttpListener(configuration.getHttpPort().intValue(), str);
            }
            if (configuration.isHttpSecureEnabled().booleanValue()) {
                LOG.info("Starting undertow https listener on " + str + ":" + configuration.getHttpSecurePort());
                builder.addHttpsListener(configuration.getHttpSecurePort().intValue(), str, buildSSLContext());
            }
        }
        return httpHandler;
    }

    private HttpHandler configureUndertow(Configuration configuration, Undertow.Builder builder, HttpHandler httpHandler, URL url) {
        Dictionary configuration2;
        try {
            if (this.jaxb == null) {
                this.jaxb = JAXBContext.newInstance("org.ops4j.pax.web.service.undertow.internal.configuration.model", UndertowConfiguration.class.getClassLoader());
            }
            UnmarshallerHandler unmarshallerHandler = this.jaxb.createUnmarshaller().getUnmarshallerHandler();
            Hashtable hashtable = new Hashtable();
            if ((configuration instanceof ConfigurationSource) && (configuration2 = ((ConfigurationSource) configuration).getConfiguration()) != null) {
                Enumeration keys = configuration2.keys();
                while (keys.hasMoreElements()) {
                    String str = (String) keys.nextElement();
                    hashtable.put(str, configuration2.get(str));
                }
            }
            if (hashtable.get("org.osgi.service.http.port") == null && configuration.getHttpPort() != null) {
                hashtable.put("org.osgi.service.http.port", Integer.toString(configuration.getHttpPort().intValue()));
            }
            if (hashtable.get("org.osgi.service.http.port.secure") == null && configuration.getHttpSecurePort() != null) {
                hashtable.put("org.osgi.service.http.port.secure", Integer.toString(configuration.getHttpSecurePort().intValue()));
            }
            final DictionaryPropertyResolver dictionaryPropertyResolver = new DictionaryPropertyResolver(hashtable, new BundleContextPropertyResolver(this.bundleContext));
            SAXParserFactory newInstance = SAXParserFactory.newInstance();
            newInstance.setNamespaceAware(true);
            XMLReader xMLReader = newInstance.newSAXParser().getXMLReader();
            xMLReader.setContentHandler(new ResolvingContentHandler(new Properties() { // from class: org.ops4j.pax.web.service.undertow.internal.ServerControllerImpl.1
                @Override // java.util.Properties
                public String getProperty(String str2) {
                    return dictionaryPropertyResolver.get(str2);
                }

                @Override // java.util.Properties
                public String getProperty(String str2, String str3) {
                    String str4 = dictionaryPropertyResolver.get(str2);
                    return str4 == null ? str3 : str4;
                }
            }, unmarshallerHandler));
            InputStream openStream = url.openStream();
            Throwable th = null;
            try {
                xMLReader.parse(new InputSource(openStream));
                if (openStream != null) {
                    if (0 != 0) {
                        try {
                            openStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        openStream.close();
                    }
                }
                UndertowConfiguration undertowConfiguration = (UndertowConfiguration) unmarshallerHandler.getResult();
                if (undertowConfiguration == null || undertowConfiguration.getSocketBindings().size() == 0 || undertowConfiguration.getInterfaces().size() == 0 || undertowConfiguration.getSubsystem() == null || undertowConfiguration.getSubsystem().getServer() == null) {
                    throw new IllegalArgumentException("Problem configuring Undertow server using \"" + url + "\": invalid XML");
                }
                undertowConfiguration.init();
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Undertow XML configuration: {}", undertowConfiguration);
                }
                Server.HttpListener httpListener = undertowConfiguration.getSubsystem().getServer().getHttpListener();
                Server.HttpsListener httpsListener = undertowConfiguration.getSubsystem().getServer().getHttpsListener();
                if (httpListener == null && httpsListener == null) {
                    throw new IllegalArgumentException("No listener configuration available in \"" + url + "\". Please configure http and/or https listeners.");
                }
                if (httpListener != null) {
                    UndertowConfiguration.BindingInfo bindingInfo = undertowConfiguration.bindingInfo(httpListener.getSocketBindingName());
                    for (String str2 : bindingInfo.getAddresses()) {
                        LOG.info("Starting undertow http listener on " + str2 + ":" + bindingInfo.getPort());
                        builder.addHttpListener(bindingInfo.getPort(), str2);
                    }
                }
                if (httpsListener != null) {
                    UndertowConfiguration.BindingInfo bindingInfo2 = undertowConfiguration.bindingInfo(httpsListener.getSocketBindingName());
                    SecurityRealm securityRealm = undertowConfiguration.securityRealm(httpsListener.getSecurityRealm());
                    if (securityRealm == null) {
                        throw new IllegalArgumentException("No security realm with name \"" + httpsListener.getSecurityRealm() + "\" available for \"" + httpsListener.getName() + "\" https listener.");
                    }
                    for (String str3 : bindingInfo2.getAddresses()) {
                        LOG.info("Starting undertow https listener on " + str3 + ":" + bindingInfo2.getPort());
                        builder.addHttpsListener(bindingInfo2.getPort(), str3, buildSSLContext(securityRealm));
                        builder.setSocketOption(Options.SSL_CLIENT_AUTH_MODE, SslClientAuthMode.valueOf(httpsListener.getVerifyClient()));
                        SecurityRealm.Engine engine = securityRealm.getIdentities().getSsl().getEngine();
                        if (engine != null) {
                            if (engine.getEnabledProtocols().size() > 0) {
                                builder.setSocketOption(Options.SSL_ENABLED_PROTOCOLS, Sequence.of(engine.getEnabledProtocols()));
                            }
                            if (engine.getEnabledCipherSuites().size() > 0) {
                                builder.setSocketOption(Options.SSL_ENABLED_CIPHER_SUITES, Sequence.of(engine.getEnabledCipherSuites()));
                            }
                        }
                    }
                }
                SecurityRealm securityRealm2 = undertowConfiguration.securityRealm("default");
                if (securityRealm2 != null) {
                    SecurityRealm.JaasAuth jaas = securityRealm2.getAuthentication().getJaas();
                    SecurityRealm.PropertiesAuth properties = securityRealm2.getAuthentication().getProperties();
                    if (jaas != null) {
                        String userPrincipalClassName = securityRealm2.getUserPrincipalClassName();
                        if (userPrincipalClassName == null || "".equals(userPrincipalClassName.trim())) {
                            userPrincipalClassName = "java.security.Principal";
                        }
                        this.identityManager = new JaasIdentityManager(jaas.getName(), userPrincipalClassName, new LinkedHashSet(securityRealm2.getRolePrincipalClassNames()));
                    } else if (properties != null) {
                        File file = new File(properties.getPath());
                        if (!file.isFile()) {
                            throw new IllegalArgumentException(file.getCanonicalPath() + " is not accessible. Can't load users/groups information.");
                        }
                        Properties properties2 = new Properties();
                        HashMap hashMap = new HashMap();
                        FileInputStream fileInputStream = new FileInputStream(file);
                        Throwable th3 = null;
                        try {
                            try {
                                properties2.load(fileInputStream);
                                for (String str4 : properties2.stringPropertyNames()) {
                                    hashMap.put(str4, properties2.getProperty(str4));
                                }
                                if (fileInputStream != null) {
                                    if (0 != 0) {
                                        try {
                                            fileInputStream.close();
                                        } catch (Throwable th4) {
                                            th3.addSuppressed(th4);
                                        }
                                    } else {
                                        fileInputStream.close();
                                    }
                                }
                                this.identityManager = new PropertiesIdentityManager(hashMap);
                            } finally {
                            }
                        } finally {
                        }
                    }
                }
                if (undertowConfiguration.getSubsystem().getServer().getHost() != null) {
                    for (Server.Host.Location location : undertowConfiguration.getSubsystem().getServer().getHost().getLocation()) {
                        String name = location.getName();
                        UndertowSubsystem.FileHandler handler = undertowConfiguration.handler(location.getHandler());
                        if (handler == null) {
                            throw new IllegalArgumentException("No handler with name \"" + location.getHandler() + "\" available for " + location.getName() + " location.");
                        }
                        File file2 = new File(handler.getPath());
                        if (!file2.isDirectory()) {
                            throw new IllegalArgumentException(file2.getCanonicalPath() + " is not accessible. Can't configure handler for " + location.getName() + " location.");
                        }
                        ResourceHandler resourceHandler = new ResourceHandler(new FileResourceManager(file2, 4096L));
                        if (undertowConfiguration.getSubsystem().getServletContainer() != null) {
                            resourceHandler.setWelcomeFiles(new String[0]);
                            Iterator<ServletContainer.WelcomeFile> it = undertowConfiguration.getSubsystem().getServletContainer().getWelcomeFiles().iterator();
                            while (it.hasNext()) {
                                resourceHandler.addWelcomeFiles(new String[]{it.next().getName()});
                            }
                        }
                        if (httpHandler instanceof PathHandler) {
                            if (LOG.isDebugEnabled()) {
                                LOG.debug("Adding resource handler for location \"" + name + "\" and base path \"" + file2.getCanonicalPath() + "\".");
                            }
                            ((PathHandler) httpHandler).addPrefixPath(name, resourceHandler);
                        }
                    }
                }
                if (undertowConfiguration.getSubsystem().getServer().getHost() != null) {
                    for (Server.Host.FilterRef filterRef : undertowConfiguration.getSubsystem().getServer().getHost().getFilterRef()) {
                        UndertowSubsystem.AbstractFilter filter = undertowConfiguration.filter(filterRef.getName());
                        if (filter == null) {
                            throw new IllegalArgumentException("No filter with name \"" + filterRef.getName() + "\" available.");
                        }
                        httpHandler = filter.configure(httpHandler);
                    }
                }
                if (undertowConfiguration.getSubsystem().getServer().getHost() != null && undertowConfiguration.getSubsystem().getServer().getHost().getAccessLog() != null) {
                    Server.Host.AccessLog accessLog = undertowConfiguration.getSubsystem().getServer().getHost().getAccessLog();
                    this.xnioWorker = UndertowUtil.createWorker(((BundleWiring) FrameworkUtil.getBundle(ServerControllerImpl.class).adapt(BundleWiring.class)).getClassLoader());
                    httpHandler = new AccessLogHandler(httpHandler, DefaultAccessLogReceiver.builder().setLogWriteExecutor(this.xnioWorker).setOutputDirectory(new File(accessLog.getDirectory()).toPath()).setLogBaseName(accessLog.getPrefix()).setLogNameSuffix(accessLog.getSuffix()).setRotate(Boolean.parseBoolean(accessLog.getRotate())).build(), accessLog.getPattern(), AccessLogHandler.class.getClassLoader());
                }
                return httpHandler;
            } finally {
            }
        } catch (Exception e) {
            throw new IllegalArgumentException("Problem configuring Undertow server using \"" + url + "\": " + e.getMessage(), e);
        }
    }

    private URL detectUndertowConfiguration() {
        URL configurationURL = this.configuration.getConfigurationURL();
        File configurationDir = this.configuration.getConfigurationDir();
        if (configurationURL == null && configurationDir != null) {
            try {
                if (configurationDir.isFile() && configurationDir.canRead()) {
                    configurationURL = configurationDir.toURI().toURL();
                } else if (configurationDir.isDirectory()) {
                    String[] strArr = {"undertow.xml", "undertow.properties"};
                    int length = strArr.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        File file = new File(configurationDir, strArr[i]);
                        if (file.isFile() && file.canRead()) {
                            configurationURL = file.toURI().toURL();
                            break;
                        }
                        i++;
                    }
                }
            } catch (MalformedURLException e) {
            }
        }
        if (configurationURL == null) {
            configurationURL = getClass().getResource("/undertow.xml");
        }
        if (configurationURL == null) {
            configurationURL = getClass().getResource("/undertow.properties");
        }
        return configurationURL;
    }

    private SSLContext buildSSLContext(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, boolean z, String str9, String str10, boolean z2, boolean z3, boolean z4, String str11) {
        try {
            KeyStore keyStore = getKeyStore(loadResource(str), str2 != null ? str2 : "JKS", str3);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ? KeyManagerFactory.getDefaultAlgorithm() : Security.getProperty("ssl.KeyManagerFactory.algorithm"));
            keyManagerFactory.init(keyStore, str4 == null ? null : str4.toCharArray());
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            TrustManager[] trustManagerArr = null;
            SecureRandom secureRandom = str10 == null ? null : SecureRandom.getInstance(str10);
            if (str6 != null) {
                KeyStore keyStore2 = getKeyStore(loadResource(str6), str7 != null ? str7 : "JKS", str8);
                String defaultAlgorithm = Security.getProperty("ssl.TrustManagerFactory.algorithm") == null ? TrustManagerFactory.getDefaultAlgorithm() : Security.getProperty("ssl.TrustManagerFactory.algorithm");
                Collection<? extends CRL> loadCRL = str9 == null ? null : loadCRL(str9);
                if (z && keyStore != null) {
                    if (str5 == null) {
                        ArrayList list = Collections.list(keyStore.aliases());
                        str5 = list.size() == 1 ? (String) list.get(0) : null;
                    }
                    Certificate certificate = str5 == null ? null : keyStore.getCertificate(str5);
                    if (certificate == null) {
                        throw new IllegalArgumentException("No certificate found in the keystore" + (str5 == null ? "" : " for alias \"" + str5 + "\""));
                    }
                    CertificateValidator certificateValidator = new CertificateValidator(keyStore2, loadCRL);
                    certificateValidator.setEnableCRLDP(z3);
                    certificateValidator.setEnableOCSP(z4);
                    certificateValidator.setOcspResponderURL(str11);
                    certificateValidator.validate(keyStore, certificate);
                }
                if (z2 && defaultAlgorithm.equalsIgnoreCase("PKIX")) {
                    PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore2, new X509CertSelector());
                    pKIXBuilderParameters.setRevocationEnabled(true);
                    if (loadCRL != null && !loadCRL.isEmpty()) {
                        pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(loadCRL)));
                    }
                    if (z3) {
                        System.setProperty("com.sun.security.enableCRLDP", "true");
                    }
                    if (z4) {
                        Security.setProperty("ocsp.enable", "true");
                        if (str11 != null) {
                            Security.setProperty("ocsp.responderURL", str11);
                        }
                    }
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm);
                    trustManagerFactory.init(new CertPathTrustManagerParameters(pKIXBuilderParameters));
                    trustManagerArr = trustManagerFactory.getTrustManagers();
                } else {
                    TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance(defaultAlgorithm);
                    trustManagerFactory2.init(keyStore2);
                    trustManagerArr = trustManagerFactory2.getTrustManagers();
                }
            }
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagers, trustManagerArr, secureRandom);
            return sSLContext;
        } catch (Exception e) {
            throw new IllegalArgumentException("Unable to build SSL context", e);
        }
    }

    private SSLContext buildSSLContext() {
        String sslPassword = this.configuration.getSslKeyPassword() == null ? this.configuration.getSslPassword() : this.configuration.getSslKeyPassword();
        return buildSSLContext(this.configuration.getSslKeystore(), this.configuration.getSslKeystoreType(), sslPassword, sslPassword, this.configuration.getSslKeyAlias(), this.configuration.getTrustStore(), this.configuration.getTrustStoreType(), this.configuration.getTrustStorePassword(), this.configuration.isValidateCerts().booleanValue(), this.configuration.getCrlPath(), null, this.configuration.isValidatePeerCerts().booleanValue(), this.configuration.isEnableCRLDP().booleanValue(), this.configuration.isEnableOCSP().booleanValue(), this.configuration.getOcspResponderURL());
    }

    private SSLContext buildSSLContext(SecurityRealm securityRealm) {
        if (securityRealm.getAuthentication() == null || securityRealm.getAuthentication().getTruststore() == null) {
            throw new IllegalArgumentException("No truststore configuration in security realm \"" + securityRealm.getName() + "\".");
        }
        if (securityRealm.getIdentities() == null || securityRealm.getIdentities().getSsl() == null || securityRealm.getIdentities().getSsl().getKeystore() == null) {
            throw new IllegalArgumentException("No keystore configuration in security realm \"" + securityRealm.getName() + "\".");
        }
        SecurityRealm.Keystore keystore = securityRealm.getIdentities().getSsl().getKeystore();
        SecurityRealm.Truststore truststore = securityRealm.getAuthentication().getTruststore();
        return buildSSLContext(keystore.getPath(), keystore.getProvider(), keystore.getPassword(), keystore.getKeyPassword(), keystore.getAlias(), truststore.getPath(), truststore.getProvider(), truststore.getPassword(), this.configuration.isValidateCerts().booleanValue(), this.configuration.getCrlPath(), null, this.configuration.isValidatePeerCerts().booleanValue(), this.configuration.isEnableCRLDP().booleanValue(), this.configuration.isEnableOCSP().booleanValue(), this.configuration.getOcspResponderURL());
    }

    private URL loadResource(String str) throws MalformedURLException {
        URL url;
        try {
            url = new URL(str);
        } catch (MalformedURLException e) {
            if (str.startsWith("ftp:") || str.startsWith("file:") || str.startsWith("jar:")) {
                throw e;
            }
            try {
                url = new File(str).getCanonicalFile().toURI().toURL();
            } catch (Exception e2) {
                throw e;
            }
        }
        return url;
    }

    private KeyStore getKeyStore(URL url, String str, String str2) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(str);
        InputStream openStream = url.openStream();
        Throwable th = null;
        try {
            try {
                keyStore.load(openStream, str2.toCharArray());
                if (openStream != null) {
                    if (0 != 0) {
                        try {
                            openStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        openStream.close();
                    }
                }
                return keyStore;
            } finally {
            }
        } catch (Throwable th3) {
            if (openStream != null) {
                if (th != null) {
                    try {
                        openStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    openStream.close();
                }
            }
            throw th3;
        }
    }

    private Object createConfigurationObject(Map<String, String> map, String str) throws Exception {
        String str2 = map.get(str);
        if (str2 == null) {
            return null;
        }
        Constructor<?> declaredConstructor = getClass().getClassLoader().loadClass(str2).getDeclaredConstructor(Map.class);
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (entry.getKey().startsWith(str + ".")) {
                hashMap.put(entry.getKey().substring(str.length() + 1), entry.getValue());
            }
        }
        return declaredConstructor.newInstance(hashMap);
    }

    void doStop() {
        if (this.xnioWorker != null) {
            this.xnioWorker.shutdown();
        }
        this.server.stop();
    }

    public synchronized LifeCycle getContext(ContextModel contextModel) {
        assertNotState(State.Unconfigured);
        return findOrCreateContext(contextModel);
    }

    public synchronized void removeContext(HttpContext httpContext) {
        assertNotState(State.Unconfigured);
        Context remove = this.contextMap.remove(httpContext);
        if (remove == null) {
            throw new IllegalStateException("Cannot remove the context because it does not exist: " + httpContext);
        }
        remove.destroy();
    }

    private void assertState(State state) {
        if (this.state != state) {
            throw new IllegalStateException("State is " + this.state + " but should be " + state);
        }
    }

    private void assertNotState(State state) {
        if (this.state == state) {
            throw new IllegalStateException("State should not be " + this.state);
        }
    }

    private Context findContext(ContextModel contextModel) {
        NullArgumentException.validateNotNull(contextModel, "contextModel");
        return this.contextMap.get(contextModel.getHttpContext());
    }

    private Context findOrCreateContext(ContextModel contextModel) {
        NullArgumentException.validateNotNull(contextModel, "contextModel");
        synchronized (this.contextMap) {
            if (this.contextMap.containsKey(contextModel.getHttpContext())) {
                return this.contextMap.get(contextModel.getHttpContext());
            }
            Context context = new Context(this, this.path, contextModel);
            context.setConfiguration(this.configuration);
            this.contextMap.put(contextModel.getHttpContext(), context);
            try {
                context.addServlet(new ResourceModel(contextModel, createResourceServlet(contextModel, "/", "default"), "/", "default"));
            } catch (ServletException e) {
                LOG.warn(e.getMessage(), e);
            }
            return context;
        }
    }

    public synchronized void addServlet(ServletModel servletModel) {
        assertNotState(State.Unconfigured);
        try {
            findOrCreateContext(servletModel.getContextModel()).addServlet(servletModel);
        } catch (ServletException e) {
            throw new RuntimeException("Unable to add servlet", e);
        }
    }

    public void removeServlet(ServletModel servletModel) {
        assertNotState(State.Unconfigured);
        try {
            Context findContext = findContext(servletModel.getContextModel());
            if (findContext != null) {
                findContext.removeServlet(servletModel);
            }
        } catch (ServletException e) {
            throw new RuntimeException("Unable to remove servlet", e);
        }
    }

    public void addEventListener(EventListenerModel eventListenerModel) {
        assertNotState(State.Unconfigured);
        try {
            findOrCreateContext(eventListenerModel.getContextModel()).addEventListener(eventListenerModel);
        } catch (ServletException e) {
            throw new RuntimeException("Unable to add event listener", e);
        }
    }

    public void removeEventListener(EventListenerModel eventListenerModel) {
        assertNotState(State.Unconfigured);
        try {
            findOrCreateContext(eventListenerModel.getContextModel()).removeEventListener(eventListenerModel);
        } catch (ServletException e) {
            throw new RuntimeException("Unable to add event listener", e);
        }
    }

    public void addFilter(FilterModel filterModel) {
        assertNotState(State.Unconfigured);
        try {
            findOrCreateContext(filterModel.getContextModel()).addFilter(filterModel);
        } catch (ServletException e) {
            throw new RuntimeException("Unable to add filter", e);
        }
    }

    public void removeFilter(FilterModel filterModel) {
        assertNotState(State.Unconfigured);
        try {
            findOrCreateContext(filterModel.getContextModel()).removeFilter(filterModel);
        } catch (ServletException e) {
            throw new RuntimeException("Unable to remove filter", e);
        }
    }

    public void addErrorPage(ErrorPageModel errorPageModel) {
        assertNotState(State.Unconfigured);
        try {
            findOrCreateContext(errorPageModel.getContextModel()).addErrorPage(errorPageModel);
        } catch (ServletException e) {
            throw new RuntimeException("Unable to add error page", e);
        }
    }

    public void removeErrorPage(ErrorPageModel errorPageModel) {
        assertNotState(State.Unconfigured);
        try {
            findOrCreateContext(errorPageModel.getContextModel()).removeErrorPage(errorPageModel);
        } catch (ServletException e) {
            throw new RuntimeException("Unable to remove error page", e);
        }
    }

    public void addWelcomFiles(WelcomeFileModel welcomeFileModel) {
        assertNotState(State.Unconfigured);
        try {
            findOrCreateContext(welcomeFileModel.getContextModel()).addWelcomeFile(welcomeFileModel);
        } catch (ServletException e) {
            throw new RuntimeException("Unable to add welcome files", e);
        }
    }

    public void removeWelcomeFiles(WelcomeFileModel welcomeFileModel) {
        assertNotState(State.Unconfigured);
        try {
            findOrCreateContext(welcomeFileModel.getContextModel()).removeWelcomeFile(welcomeFileModel);
        } catch (ServletException e) {
            throw new RuntimeException("Unable to add welcome files", e);
        }
    }

    public Servlet createResourceServlet(ContextModel contextModel, String str, String str2) {
        return new ResourceServlet(findOrCreateContext(contextModel), str, str2);
    }

    public void addSecurityConstraintMapping(SecurityConstraintMappingModel securityConstraintMappingModel) {
        assertNotState(State.Unconfigured);
        try {
            findOrCreateContext(securityConstraintMappingModel.getContextModel()).addSecurityConstraintMapping(securityConstraintMappingModel);
        } catch (ServletException e) {
            throw new RuntimeException("Unable to add welcome files", e);
        }
    }

    public void removeSecurityConstraintMapping(SecurityConstraintMappingModel securityConstraintMappingModel) {
        assertNotState(State.Unconfigured);
        try {
            findOrCreateContext(securityConstraintMappingModel.getContextModel()).removeSecurityConstraintMapping(securityConstraintMappingModel);
        } catch (ServletException e) {
            throw new RuntimeException("Unable to add welcome files", e);
        }
    }

    public void addContainerInitializerModel(ContainerInitializerModel containerInitializerModel) {
        assertNotState(State.Unconfigured);
        try {
            findOrCreateContext(containerInitializerModel.getContextModel()).addContainerInitializerModel(containerInitializerModel);
        } catch (ServletException e) {
            throw new RuntimeException("Unable to add welcome files", e);
        }
    }

    public Collection<? extends CRL> loadCRL(String str) throws Exception {
        Collection<? extends CRL> collection = null;
        if (str != null) {
            InputStream inputStream = null;
            try {
                inputStream = loadResource(str).openStream();
                collection = CertificateFactory.getInstance("X.509").generateCRLs(inputStream);
                if (inputStream != null) {
                    inputStream.close();
                }
            } catch (Throwable th) {
                if (inputStream != null) {
                    inputStream.close();
                }
                throw th;
            }
        }
        return collection;
    }

    public Account verify(Account account) {
        if (this.identityManager != null) {
            return this.identityManager.verify(account);
        }
        throw new IllegalStateException("No identity manager configured");
    }

    public Account verify(String str, Credential credential) {
        if (this.identityManager != null) {
            return this.identityManager.verify(str, credential);
        }
        throw new IllegalStateException("No identity manager configured");
    }

    public Account verify(Credential credential) {
        if (this.identityManager != null) {
            return this.identityManager.verify(credential);
        }
        throw new IllegalStateException("No identity manager configured");
    }
}
