package org.ops4j.pax.web.service.tomcat.internal;

import java.io.File;
import java.security.NoSuchAlgorithmException;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import org.apache.catalina.Executor;
import org.apache.catalina.Server;
import org.apache.catalina.Service;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.core.StandardServer;
import org.apache.catalina.core.StandardThreadExecutor;
import org.apache.catalina.filters.CorsFilter;
import org.apache.catalina.servlets.WebdavStatus;
import org.apache.catalina.startup.Catalina;
import org.apache.catalina.startup.ConnectorCreateRule;
import org.apache.catalina.startup.ContextConfig;
import org.apache.coyote.http11.Constants;
import org.apache.coyote.http2.Http2Protocol;
import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.digester.Digester;
import org.apache.tomcat.util.digester.Rule;
import org.ops4j.pax.web.service.spi.config.Configuration;
import org.ops4j.pax.web.service.spi.config.SecurityConfiguration;
import org.ops4j.pax.web.service.spi.config.ServerConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.Attributes;
import org.xml.sax.helpers.AttributesImpl;

/* loaded from: input_file:org/ops4j/pax/web/service/tomcat/internal/TomcatFactory.class */
public class TomcatFactory {
    private static final Logger LOG = LoggerFactory.getLogger(TomcatFactory.class);
    private final ClassLoader classLoader;
    private boolean alpnAvailable;
    private boolean http2Available;

    /* loaded from: input_file:org/ops4j/pax/web/service/tomcat/internal/TomcatFactory$BaseDirsRule.class */
    private static class BaseDirsRule extends Rule {
        BaseDirsRule(Digester digester) {
            this.digester = digester;
        }

        public void begin(String str, String str2, Attributes attributes) throws Exception {
            Object peek = this.digester.peek();
            if (peek instanceof StandardServer) {
                String value = attributes.getValue("catalinaHome");
                if (value != null && !"".equals(value)) {
                    boolean z = false;
                    File file = new File(value);
                    if (file.isFile()) {
                        TomcatFactory.LOG.warn("Can't set catalina home to {}. It is an existing file.", value);
                    } else if (file.isDirectory()) {
                        z = true;
                    } else if (file.mkdirs()) {
                        z = true;
                    } else {
                        TomcatFactory.LOG.warn("Can't set catalina home to {}. Can't create directory.", value);
                    }
                    if (z) {
                        ((StandardServer) peek).setCatalinaHome(new File(value));
                    }
                }
                String value2 = attributes.getValue("catalinaBase");
                if (value2 != null && !"".equals(value2)) {
                    boolean z2 = false;
                    File file2 = new File(value2);
                    if (file2.isFile()) {
                        TomcatFactory.LOG.warn("Can't set catalina base to {}. It is an existing file.", value2);
                    } else if (file2.isDirectory()) {
                        z2 = true;
                    } else if (file2.mkdirs()) {
                        z2 = true;
                    } else {
                        TomcatFactory.LOG.warn("Can't set catalina base to {}. Can't create directory.", value2);
                    }
                    if (z2) {
                        ((StandardServer) peek).setCatalinaBase(new File(value2));
                    }
                }
            }
            super.begin(str, str2, attributes);
        }
    }

    /* loaded from: input_file:org/ops4j/pax/web/service/tomcat/internal/TomcatFactory$PaxWebCatalina.class */
    private static class PaxWebCatalina extends Catalina {
        PaxWebCatalina() {
        }

        @Override // org.apache.catalina.startup.Catalina
        public Digester createStartDigester() {
            Digester createStartDigester = super.createStartDigester();
            createStartDigester.setClassLoader(PaxWebCatalina.class.getClassLoader());
            return createStartDigester;
        }
    }

    /* loaded from: input_file:org/ops4j/pax/web/service/tomcat/internal/TomcatFactory$PaxWebCatalinaContextConfig.class */
    private static class PaxWebCatalinaContextConfig extends ContextConfig {
        PaxWebCatalinaContextConfig() {
        }

        @Override // org.apache.catalina.startup.ContextConfig
        public Digester createContextDigester() {
            return super.createContextDigester();
        }
    }

    /* loaded from: input_file:org/ops4j/pax/web/service/tomcat/internal/TomcatFactory$PaxWebConnectorCreateRule.class */
    private static class PaxWebConnectorCreateRule extends ConnectorCreateRule {
        PaxWebConnectorCreateRule(Digester digester) {
            this.digester = digester;
        }

        @Override // org.apache.catalina.startup.ConnectorCreateRule
        public void begin(String str, String str2, Attributes attributes) throws Exception {
            String value = attributes.getValue("protocol");
            if (value == null || Constants.HTTP_11.equals(value) || "org.apache.coyote.http11.Http11NioProtocol".equals(value) || "org.apache.coyote.http11.Http11Nio2Protocol".equals(value)) {
                int index = attributes.getIndex("protocol");
                attributes = new AttributesImpl(attributes);
                ((AttributesImpl) attributes).setValue(index, "org.ops4j.pax.web.service.tomcat.internal.PaxWebHttp11Nio2Protocol");
            }
            Service service = (Service) this.digester.peek();
            Executor executor = null;
            String value2 = attributes.getValue("executor");
            if (value2 != null) {
                executor = service.getExecutor(value2);
            }
            PaxWebConnector paxWebConnector = new PaxWebConnector(attributes.getValue("protocol"));
            if (executor != null) {
                paxWebConnector.getProtocolHandler().setExecutor(executor);
            }
            String value3 = attributes.getValue("sslImplementationName");
            if (value3 != null) {
                ((PaxWebHttp11Nio2Protocol) paxWebConnector.getProtocolHandler()).setSslImplementationName(value3);
            }
            this.digester.push(paxWebConnector);
        }
    }

    /* loaded from: input_file:org/ops4j/pax/web/service/tomcat/internal/TomcatFactory$PaxWebConnectorSetName.class */
    private static class PaxWebConnectorSetName extends Rule {
        private final ServerConfiguration serverConfiguration;

        PaxWebConnectorSetName(Digester digester, ServerConfiguration serverConfiguration) {
            this.digester = digester;
            this.serverConfiguration = serverConfiguration;
        }

        public void begin(String str, String str2, Attributes attributes) throws Exception {
            Object peek = this.digester.peek();
            if (peek instanceof Connector) {
                String value = attributes.getValue("name");
                if (value == null || "".equals(value.trim())) {
                    value = ((Connector) peek).getSecure() ? this.serverConfiguration.getHttpSecureConnectorName() : this.serverConfiguration.getHttpConnectorName();
                }
                ((PaxWebHttp11Nio2Protocol) ((Connector) peek).getProtocolHandler()).setPaxWebConnectorName(value);
            }
        }
    }

    /* loaded from: input_file:org/ops4j/pax/web/service/tomcat/internal/TomcatFactory$ServerHolder.class */
    public static class ServerHolder {
        private Server server;

        public Server getServer() {
            return this.server;
        }

        public void setServer(Server server) {
            this.server = server;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TomcatFactory(ClassLoader classLoader) {
        this.classLoader = classLoader;
        discovery();
    }

    private void discovery() {
        this.alpnAvailable = JreCompat.isJre9Available();
        try {
            this.classLoader.loadClass("org.apache.coyote.http2.Http2Protocol");
            this.http2Available = true;
        } catch (ClassNotFoundException e) {
            this.http2Available = false;
        }
    }

    public Executor createThreadPool(Configuration configuration) {
        ServerConfiguration server = configuration.server();
        Integer serverMaxThreads = server.getServerMaxThreads();
        if (serverMaxThreads == null) {
            serverMaxThreads = Integer.valueOf(WebdavStatus.SC_OK);
        }
        Integer serverMinThreads = server.getServerMinThreads();
        if (serverMinThreads == null) {
            serverMinThreads = Integer.valueOf(Math.min(8, serverMaxThreads.intValue()));
        }
        Integer serverIdleTimeout = server.getServerIdleTimeout();
        if (serverIdleTimeout == null) {
            serverIdleTimeout = Integer.valueOf(Constants.DEFAULT_CONNECTION_TIMEOUT);
        }
        String serverThreadNamePrefix = server.getServerThreadNamePrefix();
        StandardThreadExecutor standardThreadExecutor = new StandardThreadExecutor();
        standardThreadExecutor.setName("default");
        standardThreadExecutor.setMaxThreads(serverMaxThreads.intValue());
        standardThreadExecutor.setMinSpareThreads(serverMinThreads.intValue());
        standardThreadExecutor.setMaxIdleTime(serverIdleTimeout.intValue());
        if (serverThreadNamePrefix != null) {
            standardThreadExecutor.setNamePrefix(serverThreadNamePrefix);
        }
        return standardThreadExecutor;
    }

    public Connector createDefaultConnector(Server server, String str, Executor executor, Configuration configuration) {
        ServerConfiguration server2 = configuration.server();
        PaxWebConnector paxWebConnector = new PaxWebConnector("org.ops4j.pax.web.service.tomcat.internal.PaxWebHttp11Nio2Protocol");
        paxWebConnector.setProperty("PaxWebConnectorName", server2.getHttpConnectorName());
        paxWebConnector.setProperty("address", str);
        paxWebConnector.setPort(server2.getHttpPort().intValue());
        paxWebConnector.setScheme("http");
        paxWebConnector.setSecure(false);
        if (server2.isHttpSecureEnabled().booleanValue()) {
            paxWebConnector.setRedirectPort(server2.getHttpSecurePort().intValue());
        }
        PaxWebHttp11Nio2Protocol paxWebHttp11Nio2Protocol = (PaxWebHttp11Nio2Protocol) paxWebConnector.getProtocolHandler();
        paxWebHttp11Nio2Protocol.setConnector(paxWebConnector);
        paxWebConnector.setXpoweredBy(false);
        paxWebConnector.setAllowTrace(false);
        paxWebHttp11Nio2Protocol.setServer(null);
        paxWebHttp11Nio2Protocol.setServerRemoveAppProvidedValues(true);
        if (server2.getConnectorIdleTimeout() != null) {
            paxWebConnector.setProperty("connectionTimeout", server2.getConnectorIdleTimeout().toString());
        }
        if (this.http2Available) {
            LOG.info("HTTP/2 ClearText support available, adding \"h2c\" protocol support to default connector");
            paxWebConnector.addUpgradeProtocol(new Http2Protocol());
        }
        LOG.info("Default Tomcat connector created: {}", paxWebConnector);
        return paxWebConnector;
    }

    public Connector createSecureConnector(Server server, String str, Executor executor, Configuration configuration) {
        ServerConfiguration server2 = configuration.server();
        SecurityConfiguration security = configuration.security();
        PaxWebConnector paxWebConnector = new PaxWebConnector("org.ops4j.pax.web.service.tomcat.internal.PaxWebHttp11Nio2Protocol");
        paxWebConnector.setProperty("PaxWebConnectorName", server2.getHttpSecureConnectorName());
        paxWebConnector.setProperty("address", str);
        paxWebConnector.setPort(server2.getHttpSecurePort().intValue());
        paxWebConnector.setScheme("https");
        paxWebConnector.setSecure(true);
        paxWebConnector.setProperty("SSLEnabled", CorsFilter.DEFAULT_DECORATE_REQUEST);
        PaxWebHttp11Nio2Protocol paxWebHttp11Nio2Protocol = (PaxWebHttp11Nio2Protocol) paxWebConnector.getProtocolHandler();
        paxWebHttp11Nio2Protocol.setConnector(paxWebConnector);
        paxWebHttp11Nio2Protocol.setSslImplementationName("org.apache.tomcat.util.net.jsse.JSSEImplementation");
        paxWebConnector.setXpoweredBy(false);
        paxWebConnector.setAllowTrace(false);
        paxWebHttp11Nio2Protocol.setServer(null);
        paxWebHttp11Nio2Protocol.setServerRemoveAppProvidedValues(true);
        if (server2.getConnectorIdleTimeout() != null) {
            paxWebConnector.setProperty("connectionTimeout", server2.getConnectorIdleTimeout().toString());
        }
        String sslKeystore = security.getSslKeystore();
        if (sslKeystore != null) {
            paxWebHttp11Nio2Protocol.setKeystoreFile(sslKeystore);
        }
        if (security.getSslKeystorePassword() != null) {
            paxWebHttp11Nio2Protocol.setKeystorePass(security.getSslKeystorePassword());
        }
        if (security.getSslKeyPassword() != null) {
            paxWebHttp11Nio2Protocol.setKeyPass(security.getSslKeyPassword());
        }
        if (security.getSslKeyManagerFactoryAlgorithm() != null) {
            LOG.debug("Not supported SSL Key Algorithm parameter");
        }
        if (security.getSslKeyAlias() != null) {
            paxWebHttp11Nio2Protocol.setKeyAlias(security.getSslKeyAlias());
        }
        if (security.getSslKeystoreType() != null) {
            paxWebHttp11Nio2Protocol.setKeystoreType(security.getSslKeystoreType());
        }
        if (security.getSslKeystoreProvider() != null && !"".equals(security.getSslKeystoreProvider().trim())) {
            paxWebHttp11Nio2Protocol.setKeystoreProvider(security.getSslKeystoreProvider());
        }
        String truststore = security.getTruststore();
        if (truststore != null) {
            paxWebHttp11Nio2Protocol.setTruststoreFile(truststore);
        }
        if (security.getTruststorePassword() != null) {
            paxWebHttp11Nio2Protocol.setTruststorePass(security.getTruststorePassword());
        }
        if (security.getTruststoreType() != null) {
            paxWebHttp11Nio2Protocol.setTruststoreType(security.getTruststoreType());
        }
        if (security.getTruststoreProvider() != null && !"".equals(security.getTruststoreProvider().trim())) {
            paxWebHttp11Nio2Protocol.setTruststoreProvider(security.getTruststoreProvider());
        }
        if (security.getTrustManagerFactoryAlgorithm() != null) {
            paxWebHttp11Nio2Protocol.setTruststoreAlgorithm(security.getTrustManagerFactoryAlgorithm());
        }
        if (security.isClientAuthWanted() != null && security.isClientAuthWanted().booleanValue()) {
            paxWebHttp11Nio2Protocol.setClientAuth("want");
        }
        if (security.isClientAuthNeeded() != null && security.isClientAuthNeeded().booleanValue()) {
            paxWebHttp11Nio2Protocol.setClientAuth("require");
        }
        String[] strArr = new String[0];
        String[] strArr2 = new String[0];
        try {
            SSLParameters supportedSSLParameters = SSLContext.getDefault().getSupportedSSLParameters();
            supportedSSLParameters.getProtocols();
            supportedSSLParameters.getCipherSuites();
            if (security.getProtocolsIncluded().length > 0) {
                paxWebHttp11Nio2Protocol.setSslEnabledProtocols(String.join(",", security.getProtocolsIncluded()));
            }
            if (security.getCiphersuiteIncluded().length > 0) {
                paxWebHttp11Nio2Protocol.setSSLCipherSuite(String.join(":", security.getCiphersuiteIncluded()));
            }
            if (security.getSslProtocol() != null) {
                paxWebHttp11Nio2Protocol.setSSLProtocol(security.getSslProtocol());
            }
            if (security.getSecureRandomAlgorithm() != null) {
                LOG.debug("Not supported Secure Random Algorithm parameter");
            }
            paxWebHttp11Nio2Protocol.setUseServerCipherSuitesOrder(true);
            if (security.isSslRenegotiationAllowed() != null) {
                LOG.debug("Not supported SSL Renegotiation Allowed parameter");
            }
            if (security.getSslRenegotiationLimit() != null) {
                LOG.debug("Not supported SSL Renegotiation Limit parameter");
            }
            if (security.getSslSessionsEnabled() != null && !security.getSslSessionsEnabled().booleanValue()) {
                paxWebHttp11Nio2Protocol.setSessionCacheSize(0);
            } else if (security.getSslSessionCacheSize() != null) {
                paxWebHttp11Nio2Protocol.setSessionCacheSize(security.getSslSessionCacheSize().intValue());
            }
            if (security.getSslSessionTimeout() != null) {
                paxWebHttp11Nio2Protocol.setSessionTimeout(security.getSslSessionTimeout().intValue());
            }
            if (this.http2Available) {
                LOG.info("HTTP/2 support available, adding \"h2\" protocol support to secure connector");
                paxWebConnector.addUpgradeProtocol(new Http2Protocol());
            }
            LOG.info("Secure Tomcat connector created: {}", paxWebConnector);
            return paxWebConnector;
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalArgumentException("Problem checking supported protocols and ciphers suites: " + e.getMessage(), e);
        }
    }

    public Digester createServerDigester(Configuration configuration) {
        Digester createStartDigester = new PaxWebCatalina().createStartDigester();
        createStartDigester.getRules().match("", "Server").add(new BaseDirsRule(createStartDigester));
        List match = createStartDigester.getRules().match("", "Server/Service/Connector");
        int i = 0;
        Iterator it = match.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (((Rule) it.next()) instanceof ConnectorCreateRule) {
                it.remove();
                break;
            }
            i++;
        }
        match.add(i, new PaxWebConnectorCreateRule(createStartDigester));
        match.add(new PaxWebConnectorSetName(createStartDigester, configuration.server()));
        return createStartDigester;
    }

    public Digester createContextDigester() {
        return new PaxWebCatalinaContextConfig().createContextDigester();
    }
}
