package com.djrapitops.plan.delivery.webserver.http;

import com.djrapitops.plan.delivery.webserver.ResponseResolver;
import com.djrapitops.plan.delivery.webserver.configuration.WebserverConfiguration;
import com.djrapitops.plan.delivery.webserver.configuration.WebserverLogMessages;
import com.djrapitops.plan.exceptions.EnableException;
import com.djrapitops.plan.utilities.java.ThreadContextClassLoaderSwap;
import java.io.EOFException;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import net.playeranalytics.plugin.server.PluginLogger;
import plan.javax.inject.Inject;
import plan.javax.inject.Singleton;
import plan.org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
import plan.org.eclipse.jetty.http2.server.HTTP2CServerConnectionFactory;
import plan.org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory;
import plan.org.eclipse.jetty.server.HttpConfiguration;
import plan.org.eclipse.jetty.server.HttpConnectionFactory;
import plan.org.eclipse.jetty.server.SecureRequestCustomizer;
import plan.org.eclipse.jetty.server.Server;
import plan.org.eclipse.jetty.server.ServerConnector;
import plan.org.eclipse.jetty.util.URIUtil;
import plan.org.eclipse.jetty.util.ssl.SslContextFactory;

@Singleton
/* loaded from: input_file:com/djrapitops/plan/delivery/webserver/http/JettyWebserver.class */
public class JettyWebserver implements WebServer {
    private final PluginLogger logger;
    private final WebserverConfiguration webserverConfiguration;
    private final LegacyJettySSLContextLoader legacyJettySSLContextLoader;
    private final JettyRequestHandler jettyRequestHandler;
    private final ResponseResolver responseResolver;
    private final WebserverLogMessages webserverLogMessages;
    private int port;
    private boolean usingHttps;
    private Server webserver;

    @Inject
    public JettyWebserver(PluginLogger pluginLogger, WebserverConfiguration webserverConfiguration, LegacyJettySSLContextLoader legacyJettySSLContextLoader, JettyRequestHandler jettyRequestHandler, ResponseResolver responseResolver) {
        this.logger = pluginLogger;
        this.webserverConfiguration = webserverConfiguration;
        this.webserverLogMessages = webserverConfiguration.getWebserverLogMessages();
        this.legacyJettySSLContextLoader = legacyJettySSLContextLoader;
        this.jettyRequestHandler = jettyRequestHandler;
        this.responseResolver = responseResolver;
    }

    @Override // com.djrapitops.plan.delivery.webserver.http.WebServer, com.djrapitops.plan.SubSystem
    public void enable() {
        if (isEnabled()) {
            return;
        }
        if (this.webserverConfiguration.isWebserverDisabled()) {
            this.webserverLogMessages.warnWebserverDisabledByConfig();
            return;
        }
        this.webserver = new Server();
        this.webserver.setStopAtShutdown(true);
        this.port = this.webserverConfiguration.getPort();
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        Optional<SslContextFactory.Server> sslContextFactory = getSslContextFactory();
        sslContextFactory.ifPresent(server -> {
            httpConfiguration.setSecureScheme(URIUtil.HTTPS);
            httpConfiguration.setSecurePort(this.port);
            SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer();
            secureRequestCustomizer.setSniHostCheck(false);
            secureRequestCustomizer.setSniRequired(false);
            httpConfiguration.addCustomizer(secureRequestCustomizer);
            this.usingHttps = true;
        });
        HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpConfiguration);
        HTTP2CServerConnectionFactory hTTP2CServerConnectionFactory = new HTTP2CServerConnectionFactory(httpConfiguration);
        hTTP2CServerConnectionFactory.setConnectProtocolEnabled(true);
        ServerConnector serverConnector = (ServerConnector) sslContextFactory.map(server2 -> {
            HTTP2ServerConnectionFactory hTTP2ServerConnectionFactory = new HTTP2ServerConnectionFactory(httpConfiguration);
            hTTP2ServerConnectionFactory.setConnectProtocolEnabled(true);
            return new ServerConnector(this.webserver, server2, getAlpnServerConnectionFactory(httpConnectionFactory.getProtocol()), httpConnectionFactory, hTTP2ServerConnectionFactory, hTTP2CServerConnectionFactory);
        }).orElseGet(() -> {
            if (this.webserverConfiguration.isProxyModeHttps()) {
                this.webserverLogMessages.authenticationUsingProxy();
            } else {
                this.webserverLogMessages.authenticationNotPossible();
            }
            return new ServerConnector(this.webserver, httpConnectionFactory, hTTP2CServerConnectionFactory);
        });
        serverConnector.setPort(this.port);
        String internalIP = this.webserverConfiguration.getInternalIP();
        serverConnector.setHost(internalIP);
        this.webserver.addConnector(serverConnector);
        this.webserver.setHandler(this.jettyRequestHandler);
        try {
            this.webserver.start();
            this.webserverLogMessages.infoWebserverEnabled(getPort());
            sslContextFactory.map((v0) -> {
                return v0.getKeyStore();
            }).ifPresent(this::logCertificateExpiryInformation);
            this.responseResolver.registerPages();
            this.webserverConfiguration.getAllowedIpList().prepare();
        } catch (IOException e) {
            if (!e.getMessage().contains("Failed to bind")) {
                throw new EnableException("Failed to start Jetty webserver: " + e.toString(), e);
            }
            throw new EnableException("Failed to start Jetty webserver: " + e.getMessage().replace("0.0.0.0", "") + ("0.0.0.0".equals(internalIP) ? ", is the port (" + this.port + ") in use?" : ", is the Internal_IP (" + internalIP + ") invalid? (Use 0.0.0.0 for automatic)"), e);
        } catch (Exception e2) {
            throw new EnableException("Failed to start Jetty webserver: " + e2.toString(), e2);
        }
    }

    private void logCertificateExpiryInformation(KeyStore keyStore) {
        try {
            Certificate certificate = keyStore.getCertificate(this.webserverConfiguration.getAlias());
            if (certificate instanceof X509Certificate) {
                long time = ((X509Certificate) certificate).getNotAfter().getTime();
                long currentTimeMillis = time - System.currentTimeMillis();
                this.webserverLogMessages.certificateExpiryIn(time);
                if (currentTimeMillis < TimeUnit.DAYS.toMillis(7L)) {
                    this.webserverLogMessages.certificateExpiryIsNear(currentTimeMillis);
                }
            }
        } catch (KeyStoreException e) {
        }
    }

    private ALPNServerConnectionFactory getAlpnServerConnectionFactory(String str) {
        return (ALPNServerConnectionFactory) ThreadContextClassLoaderSwap.performOperation(getClass().getClassLoader(), () -> {
            try {
                Class.forName("plan.org.eclipse.jetty.alpn.java.server.JDK9ServerALPNProcessor");
                ALPNServerConnectionFactory aLPNServerConnectionFactory = new ALPNServerConnectionFactory("h2", "h2c", "http/1.1");
                aLPNServerConnectionFactory.setDefaultProtocol(str);
                return aLPNServerConnectionFactory;
            } catch (ClassNotFoundException | IllegalStateException e) {
                this.logger.warn("JDK9ServerALPNProcessor not found. ALPN (HTTP/2 upgrade protocol) is not available.");
                return null;
            }
        });
    }

    private Optional<SslContextFactory.Server> getSslContextFactory() {
        if (this.webserverConfiguration.isProxyModeHttps()) {
            return Optional.empty();
        }
        String keyStorePath = this.webserverConfiguration.getKeyStorePath();
        if (!new File(keyStorePath).exists()) {
            this.webserverLogMessages.keystoreFileNotFound(keyStorePath);
            return Optional.empty();
        }
        String keyStorePassword = this.webserverConfiguration.getKeyStorePassword();
        String keyManagerPassword = this.webserverConfiguration.getKeyManagerPassword();
        String alias = this.webserverConfiguration.getAlias();
        if (!keyStorePath.endsWith(".jks") || !"DefaultPlanCert".equals(alias)) {
            if (!verifyAliasIsInKeystore(keyStorePath, keyStorePassword, alias)) {
                return Optional.empty();
            }
            SslContextFactory.Server server = new SslContextFactory.Server();
            server.setSniRequired(false);
            server.setKeyStorePath(keyStorePath);
            server.setKeyStorePassword(keyStorePassword);
            server.setKeyManagerPassword(keyManagerPassword);
            server.setCertAlias(alias);
            return Optional.of(server);
        }
        this.logger.warn("You're using self-signed PlanCert.jks certificate included with Plan.jar (Considered legacy since 5.5), it has expired and can cause issues.");
        this.logger.info("Create new self-signed certificate using openssl:");
        this.logger.info("    openssl req -x509 -newkey rsa:4096 -keyout myKey.pem -out cert.pem -days 3650");
        this.logger.info("    openssl pkcs12 -export -out keyStore.p12 -inkey myKey.pem -in cert.pem -name alias -passout pass:<password> -passin pass:<password>");
        this.logger.info("Then change config settings to match.");
        this.logger.info("  SSL_certificate:");
        this.logger.info("      KeyStore_path: keyStore.p12");
        this.logger.info("      Key_pass: <password>");
        this.logger.info("      Store_pass: <password>");
        this.logger.info("      Alias: alias");
        return this.legacyJettySSLContextLoader.load(keyStorePath, keyStorePassword, keyManagerPassword, alias);
    }

    private boolean verifyAliasIsInKeystore(String str, String str2, String str3) {
        String str4 = str.endsWith(".p12") ? "PKCS12" : "JKS";
        try {
            try {
                FileInputStream fileInputStream = new FileInputStream(str);
                try {
                    KeyStore keyStore = KeyStore.getInstance(str4);
                    keyStore.load(fileInputStream, str2.toCharArray());
                    if (keyStore.getCertificate(str3) != null) {
                        fileInputStream.close();
                        return true;
                    }
                    this.webserverLogMessages.invalidCertificateMissingAlias(str3, str);
                    fileInputStream.close();
                    return false;
                } catch (Throwable th) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (EOFException e) {
                this.webserverLogMessages.wrongCertFileFormat();
                return false;
            }
        } catch (IOException | NoSuchAlgorithmException e2) {
            this.webserverLogMessages.keystoreLoadingError(e2);
            return false;
        } catch (KeyStoreException | CertificateException e3) {
            this.webserverLogMessages.unableToLoadKeystore(e3, str);
            return false;
        }
    }

    @Override // com.djrapitops.plan.delivery.webserver.http.WebServer
    public boolean isEnabled() {
        return this.webserver != null && (this.webserver.isStarting() || this.webserver.isStarted());
    }

    @Override // com.djrapitops.plan.delivery.webserver.http.WebServer, com.djrapitops.plan.SubSystem
    public void disable() {
        try {
            if (this.webserver != null) {
                this.webserver.stop();
                this.webserver.destroy();
            }
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
        } catch (Exception e2) {
            throw new IllegalStateException(e2);
        }
    }

    @Override // com.djrapitops.plan.delivery.webserver.http.WebServer
    public String getProtocol() {
        return isUsingHTTPS() ? URIUtil.HTTPS : URIUtil.HTTP;
    }

    @Override // com.djrapitops.plan.delivery.webserver.http.WebServer
    public boolean isUsingHTTPS() {
        return this.usingHttps || this.webserverConfiguration.isProxyModeHttps();
    }

    @Override // com.djrapitops.plan.delivery.webserver.http.WebServer
    public boolean isAuthRequired() {
        return isUsingHTTPS() && this.webserverConfiguration.isAuthenticationEnabled();
    }

    @Override // com.djrapitops.plan.delivery.webserver.http.WebServer
    public int getPort() {
        return this.port;
    }
}
