package org.apache.oozie.server;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.inject.Inject;
import java.io.IOException;
import java.util.Arrays;
import java.util.Objects;
import org.apache.hadoop.conf.Configuration;
import org.apache.oozie.service.ConfigurationService;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/oozie/server/SSLServerConnectorFactory.class */
class SSLServerConnectorFactory {
    private static final Logger LOG = LoggerFactory.getLogger(SSLServerConnectorFactory.class);
    public static final String OOZIE_HTTPS_KEYSTORE_PASS = "oozie.https.keystore.pass";
    public static final String OOZIE_HTTPS_KEYSTORE_FILE = "oozie.https.keystore.file";
    public static final String OOZIE_HTTPS_EXCLUDE_PROTOCOLS = "oozie.https.exclude.protocols";
    public static final String OOZIE_HTTPS_INCLUDE_PROTOCOLS = "oozie.https.include.protocols";
    public static final String OOZIE_HTTPS_INCLUDE_CIPHER_SUITES = "oozie.https.include.cipher.suites";
    public static final String OOZIE_HTTPS_EXCLUDE_CIPHER_SUITES = "oozie.https.exclude.cipher.suites";
    public static final String OOZIE_HSTS_MAX_AGE_SECONDS = "oozie.hsts.max.age.seconds";
    public static final String SERVER_KEYSTORE_PASSWORD = "ssl.server.keystore.password";
    public static final String SERVER_KEYSTORE_LOCATION = "ssl.server.keystore.location";

    @VisibleForTesting
    static final long OOZIE_DEFAULT_HSTS_MAX_AGE = 31536000;
    private SslContextFactory sslContextFactory;
    private Configuration conf;
    private Configuration sslServerConf;

    @Inject
    public SSLServerConnectorFactory(SslContextFactory sslContextFactory) {
        this.sslContextFactory = (SslContextFactory) Objects.requireNonNull(sslContextFactory, "sslContextFactory is null");
    }

    public ServerConnector createSecureServerConnector(int i, Configuration configuration, Configuration configuration2, Server server) {
        this.conf = (Configuration) Objects.requireNonNull(configuration, "conf is null");
        this.sslServerConf = configuration2;
        Objects.requireNonNull(server, "server is null");
        Preconditions.checkState(i >= 1 && i <= 65535, String.format("Invalid port number specified: '%d'. It should be between 1 and 65535.", Integer.valueOf(i)));
        setIncludeProtocols();
        setExcludeProtocols();
        setIncludeCipherSuites();
        setExludeCipherSuites();
        setKeyStoreFile();
        setKeystorePass();
        ServerConnector serverConnector = new ServerConnector(server, new ConnectionFactory[]{new SslConnectionFactory(this.sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(getHttpsConfiguration())});
        serverConnector.setPort(i);
        LOG.info(String.format("Secure server connector created, listening on port %d", Integer.valueOf(i)));
        return serverConnector;
    }

    private void setExludeCipherSuites() {
        String[] split = this.conf.get(OOZIE_HTTPS_EXCLUDE_CIPHER_SUITES).split(",");
        this.sslContextFactory.setExcludeCipherSuites(split);
        LOG.info(String.format("SSL context - excluding cipher suites: %s", Arrays.toString(split)));
    }

    private void setIncludeCipherSuites() {
        String str = this.conf.get(OOZIE_HTTPS_INCLUDE_CIPHER_SUITES);
        if (str == null || str.isEmpty()) {
            return;
        }
        String[] split = str.split(",");
        this.sslContextFactory.setIncludeCipherSuites(split);
        LOG.info(String.format("SSL context - including cipher suites: %s", Arrays.toString(split)));
    }

    private void setIncludeProtocols() {
        String[] split = this.conf.get(OOZIE_HTTPS_INCLUDE_PROTOCOLS).split(",");
        this.sslContextFactory.setIncludeProtocols(split);
        LOG.info(String.format("SSL context - including protocols: %s", Arrays.toString(split)));
    }

    private void setExcludeProtocols() {
        String str = this.conf.get(OOZIE_HTTPS_EXCLUDE_PROTOCOLS);
        if (str == null || str.isEmpty()) {
            return;
        }
        String[] split = str.split(",");
        this.sslContextFactory.setExcludeProtocols(split);
        LOG.info(String.format("SSL context - excluding protocols: %s", Arrays.toString(split)));
    }

    private void setKeystorePass() {
        String password = ConfigurationService.getPassword(this.conf, OOZIE_HTTPS_KEYSTORE_PASS);
        if ((password == null || password.equals("")) && this.sslServerConf != null) {
            try {
                password = new String(this.sslServerConf.getPassword(SERVER_KEYSTORE_PASSWORD));
            } catch (IOException e) {
                LOG.error("Can't get keystore password: " + e);
            }
        }
        Objects.requireNonNull(password, "keystorePass is null");
        this.sslContextFactory.setKeyStorePassword(password);
    }

    private void setKeyStoreFile() {
        String str = this.conf.get(OOZIE_HTTPS_KEYSTORE_FILE);
        if ((str == null || str.equals("")) && this.sslServerConf != null) {
            str = this.sslServerConf.get(SERVER_KEYSTORE_LOCATION);
        }
        Objects.requireNonNull(str, "keystoreFile is null");
        this.sslContextFactory.setKeyStorePath(str);
    }

    private HttpConfiguration getHttpsConfiguration() {
        HttpConfiguration defaultHttpConfiguration = new HttpConfigurationWrapper(this.conf).getDefaultHttpConfiguration();
        defaultHttpConfiguration.setSecureScheme("https");
        defaultHttpConfiguration.addCustomizer(new SecureRequestCustomizer(true, this.conf.getLong(OOZIE_HSTS_MAX_AGE_SECONDS, OOZIE_DEFAULT_HSTS_MAX_AGE), false));
        return defaultHttpConfiguration;
    }
}
