package net.e6tech.elements.web.cxf.jetty;

import java.io.IOException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.Collections;
import java.util.LinkedHashSet;
import javax.net.ssl.KeyManager;
import javax.net.ssl.TrustManager;
import net.e6tech.elements.security.JavaKeyStore;
import net.e6tech.elements.security.SelfSignedCert;
import net.e6tech.elements.web.cxf.CXFServer;
import org.apache.cxf.configuration.jsse.TLSServerParameters;
import org.apache.cxf.configuration.security.ClientAuthentication;
import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngine;
import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory;

/* loaded from: input_file:net/e6tech/elements/web/cxf/jetty/JettySSL.class */
public class JettySSL {
    public void initialize(CXFServer cXFServer) throws GeneralSecurityException, IOException {
        KeyManager[] keyManagers;
        TrustManager[] trustManagers;
        String keyStoreFile = cXFServer.getKeyStoreFile();
        SelfSignedCert selfSignedCert = cXFServer.getSelfSignedCert();
        KeyStore keyStore = cXFServer.getKeyStore();
        if (keyStoreFile == null && selfSignedCert == null && keyStore == null) {
            return;
        }
        if (keyStore == null && keyStoreFile == null) {
            keyManagers = selfSignedCert.getKeyManagers();
            trustManagers = selfSignedCert.getTrustManagers();
        } else {
            JavaKeyStore javaKeyStore = keyStore != null ? new JavaKeyStore(keyStore) : new JavaKeyStore(keyStoreFile, cXFServer.getKeyStorePassword(), cXFServer.getKeyStoreFormat());
            if (cXFServer.getKeyManagerPassword() == null) {
                cXFServer.setKeyManagerPassword(cXFServer.getKeyStorePassword());
            }
            javaKeyStore.init(cXFServer.getKeyManagerPassword());
            keyManagers = javaKeyStore.getKeyManagers();
            trustManagers = javaKeyStore.getTrustManagers();
        }
        TLSServerParameters tLSServerParameters = new TLSServerParameters();
        tLSServerParameters.setKeyManagers(keyManagers);
        tLSServerParameters.setTrustManagers(trustManagers);
        ClientAuthentication clientAuthentication = getClientAuthentication(cXFServer);
        if (clientAuthentication.isRequired() == null) {
            clientAuthentication.setRequired(false);
        }
        if (clientAuthentication.isWant() == null) {
            clientAuthentication.setWant(false);
        }
        tLSServerParameters.setClientAuthentication(clientAuthentication);
        JettyHTTPServerEngineFactory jettyHTTPServerEngineFactory = new JettyHTTPServerEngineFactory();
        for (URL url : cXFServer.getURLs()) {
            if ("https".equals(url.getProtocol())) {
                JettyHTTPServerEngine retrieveJettyHTTPServerEngine = jettyHTTPServerEngineFactory.retrieveJettyHTTPServerEngine(url.getPort());
                TLSServerParameters tlsServerParameters = retrieveJettyHTTPServerEngine == null ? null : retrieveJettyHTTPServerEngine.getTlsServerParameters();
                if (tlsServerParameters != null) {
                    LinkedHashSet linkedHashSet = new LinkedHashSet();
                    if (tlsServerParameters.getKeyManagers() != null) {
                        Collections.addAll(linkedHashSet, tlsServerParameters.getKeyManagers());
                    }
                    if (keyManagers != null) {
                        Collections.addAll(linkedHashSet, keyManagers);
                    }
                    LinkedHashSet linkedHashSet2 = new LinkedHashSet();
                    if (tlsServerParameters.getTrustManagers() != null) {
                        Collections.addAll(linkedHashSet2, tlsServerParameters.getTrustManagers());
                    }
                    if (trustManagers != null) {
                        Collections.addAll(linkedHashSet2, trustManagers);
                    }
                    tlsServerParameters.setKeyManagers((KeyManager[]) linkedHashSet.toArray(new KeyManager[0]));
                    tlsServerParameters.setTrustManagers((TrustManager[]) linkedHashSet2.toArray(new TrustManager[0]));
                    ClientAuthentication clientAuthentication2 = getClientAuthentication(cXFServer);
                    if (clientAuthentication2.isRequired() != null || clientAuthentication2.isWant() != null) {
                        tlsServerParameters.setClientAuthentication(clientAuthentication2);
                    }
                    customize(cXFServer, tlsServerParameters);
                } else {
                    jettyHTTPServerEngineFactory.setTLSServerParametersForPort(url.getPort(), tLSServerParameters);
                    customize(cXFServer, tLSServerParameters);
                }
            }
        }
    }

    protected ClientAuthentication getClientAuthentication(CXFServer cXFServer) {
        ClientAuthentication clientAuthentication = new ClientAuthentication();
        String clientAuth = cXFServer.getClientAuth();
        if ("true".equalsIgnoreCase(clientAuth) || "yes".equalsIgnoreCase(clientAuth) || "require".equalsIgnoreCase(clientAuth) || "required".equalsIgnoreCase(clientAuth)) {
            clientAuthentication.setRequired(true);
        } else if ("optional".equalsIgnoreCase(clientAuth) || "want".equalsIgnoreCase(clientAuth)) {
            clientAuthentication.setWant(true);
        } else if (!"false".equalsIgnoreCase(clientAuth) && !"no".equalsIgnoreCase(clientAuth) && !"none".equalsIgnoreCase(clientAuth) && clientAuth != null) {
            throw new IllegalArgumentException("Invalid ClientAuth value: " + clientAuth);
        }
        return clientAuthentication;
    }

    protected void customize(CXFServer cXFServer, TLSServerParameters tLSServerParameters) {
    }
}
