package com.cvicse.inforsuite.util.jfinal.ssl;

import com.cvicse.bixi.ProtocolHandler;
import com.cvicse.bixi.connector.Connector;
import com.cvicse.bixi.http11.AbstractHttp11JsseProtocol;
import com.cvicse.bixi.http11.Http11NioProtocol;
import com.cvicse.inforsuite.util.jfinal.ssl.JfinalSsl;
import com.cvicse.inforsuite.util.jfinal.util.JfinalAssert;
import com.cvicse.inforsuite.util.jfinal.util.JfinalResourceUtils;
import com.cvicse.inforsuite.util.jfinal.util.JfinalStringUtils;
import com.cvicse.inforsuite.util.jfinal.util.JfinalWebServerException;
import com.cvicse.inforsuite.util.net.SSLHostConfig;
import com.cvicse.inforsuite.util.net.SSLHostConfigCertificate;
import java.io.FileNotFoundException;

/* loaded from: input_file:com/cvicse/inforsuite/util/jfinal/ssl/JfinalSslConnectorCustomizer.class */
public class JfinalSslConnectorCustomizer {
    private final JfinalSsl ssl;
    private final JfinalSslStoreProvider sslStoreProvider;

    public JfinalSslConnectorCustomizer(JfinalSsl jfinalSsl, JfinalSslStoreProvider jfinalSslStoreProvider) {
        JfinalAssert.notNull(jfinalSsl, "Ssl configuration should not be null");
        this.ssl = jfinalSsl;
        this.sslStoreProvider = jfinalSslStoreProvider;
    }

    public void customize(Connector connector) {
        ProtocolHandler protocolHandler = connector.getProtocolHandler();
        JfinalAssert.state(protocolHandler instanceof AbstractHttp11JsseProtocol, "To use SSL, the connector's protocol handler must be an AbstractHttp11JsseProtocol subclass");
        configureSsl((AbstractHttp11JsseProtocol) protocolHandler, this.ssl, this.sslStoreProvider);
        connector.setScheme("https");
        connector.setSecure(true);
    }

    protected void configureSsl(AbstractHttp11JsseProtocol<?> abstractHttp11JsseProtocol, JfinalSsl jfinalSsl, JfinalSslStoreProvider jfinalSslStoreProvider) {
        abstractHttp11JsseProtocol.setSSLEnabled(true);
        SSLHostConfig sSLHostConfig = new SSLHostConfig();
        sSLHostConfig.setHostName(abstractHttp11JsseProtocol.getDefaultSSLHostConfigName());
        sSLHostConfig.setSslProtocol(jfinalSsl.getProtocol());
        abstractHttp11JsseProtocol.addSslHostConfig(sSLHostConfig);
        configureSslClientAuth(sSLHostConfig, jfinalSsl);
        SSLHostConfigCertificate sSLHostConfigCertificate = new SSLHostConfigCertificate(sSLHostConfig, SSLHostConfigCertificate.Type.UNDEFINED);
        if (jfinalSsl.getKeyStorePassword() != null) {
            sSLHostConfigCertificate.setCertificateKeystorePassword(jfinalSsl.getKeyStorePassword());
        }
        if (jfinalSsl.getKeyPassword() != null) {
            sSLHostConfigCertificate.setCertificateKeyPassword(jfinalSsl.getKeyPassword());
        }
        if (jfinalSsl.getKeyAlias() != null) {
            sSLHostConfigCertificate.setCertificateKeyAlias(jfinalSsl.getKeyAlias());
        }
        sSLHostConfig.addCertificate(sSLHostConfigCertificate);
        String arrayToCommaDelimitedString = JfinalStringUtils.arrayToCommaDelimitedString(jfinalSsl.getCiphers());
        if (JfinalStringUtils.hasText(arrayToCommaDelimitedString)) {
            sSLHostConfig.setCiphers(arrayToCommaDelimitedString);
        }
        configureEnabledProtocols(abstractHttp11JsseProtocol, jfinalSsl);
        if (jfinalSslStoreProvider != null) {
            configureSslStoreProvider(abstractHttp11JsseProtocol, sSLHostConfig, sSLHostConfigCertificate, jfinalSslStoreProvider);
        } else {
            configureSslKeyStore(sSLHostConfigCertificate, jfinalSsl);
            configureSslTrustStore(sSLHostConfig, jfinalSsl);
        }
    }

    private void configureEnabledProtocols(AbstractHttp11JsseProtocol<?> abstractHttp11JsseProtocol, JfinalSsl jfinalSsl) {
        if (jfinalSsl.getEnabledProtocols() != null) {
            for (SSLHostConfig sSLHostConfig : abstractHttp11JsseProtocol.findSslHostConfigs()) {
                sSLHostConfig.setProtocols(JfinalStringUtils.arrayToCommaDelimitedString(jfinalSsl.getEnabledProtocols()));
            }
        }
    }

    private void configureSslClientAuth(SSLHostConfig sSLHostConfig, JfinalSsl jfinalSsl) {
        if (jfinalSsl.getClientAuth() == JfinalSsl.ClientAuth.NEED) {
            sSLHostConfig.setCertificateVerification("required");
        } else if (jfinalSsl.getClientAuth() == JfinalSsl.ClientAuth.WANT) {
            sSLHostConfig.setCertificateVerification("optional");
        }
    }

    protected void configureSslStoreProvider(AbstractHttp11JsseProtocol<?> abstractHttp11JsseProtocol, SSLHostConfig sSLHostConfig, SSLHostConfigCertificate sSLHostConfigCertificate, JfinalSslStoreProvider jfinalSslStoreProvider) {
        JfinalAssert.isInstanceOf((Class<?>) Http11NioProtocol.class, abstractHttp11JsseProtocol, "SslStoreProvider can only be used with Http11NioProtocol");
        try {
            if (jfinalSslStoreProvider.getKeyStore() != null) {
                sSLHostConfigCertificate.setCertificateKeystore(jfinalSslStoreProvider.getKeyStore());
            }
            if (jfinalSslStoreProvider.getTrustStore() != null) {
                sSLHostConfig.setTrustStore(jfinalSslStoreProvider.getTrustStore());
            }
        } catch (Exception e) {
            throw new JfinalWebServerException("Could not load store: " + e.getMessage(), e);
        }
    }

    private void configureSslKeyStore(SSLHostConfigCertificate sSLHostConfigCertificate, JfinalSsl jfinalSsl) {
        try {
            sSLHostConfigCertificate.setCertificateKeystoreFile(JfinalResourceUtils.getURL(jfinalSsl.getKeyStore()).toString());
            if (jfinalSsl.getKeyStoreType() != null) {
                sSLHostConfigCertificate.setCertificateKeystoreType(jfinalSsl.getKeyStoreType());
            }
            if (jfinalSsl.getKeyStoreProvider() != null) {
                sSLHostConfigCertificate.setCertificateKeystoreProvider(jfinalSsl.getKeyStoreProvider());
            }
        } catch (Exception e) {
            throw new JfinalWebServerException("Could not load key store '" + jfinalSsl.getKeyStore() + "'", e);
        }
    }

    private void configureSslTrustStore(SSLHostConfig sSLHostConfig, JfinalSsl jfinalSsl) {
        if (jfinalSsl.getTrustStore() != null) {
            try {
                sSLHostConfig.setTruststoreFile(JfinalResourceUtils.getURL(jfinalSsl.getTrustStore()).toString());
            } catch (FileNotFoundException e) {
                throw new JfinalWebServerException("Could not load trust store: " + e.getMessage(), e);
            }
        }
        if (jfinalSsl.getTrustStorePassword() != null) {
            sSLHostConfig.setTruststorePassword(jfinalSsl.getTrustStorePassword());
        }
        if (jfinalSsl.getTrustStoreType() != null) {
            sSLHostConfig.setTruststoreType(jfinalSsl.getTrustStoreType());
        }
        if (jfinalSsl.getTrustStoreProvider() != null) {
            sSLHostConfig.setTruststoreProvider(jfinalSsl.getTrustStoreProvider());
        }
    }
}
