package com.atlassian.bitbucket.internal.boot.web;

import com.atlassian.stash.internal.web.ApplicationStatusServlet;
import java.nio.charset.Charset;
import java.util.Arrays;
import java.util.Map;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.valves.ErrorReportValve;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.hsqldb.Tokens;
import org.springframework.beans.BeansException;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.server.WebServerFactory;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.core.Ordered;

@ConfigurationProperties(prefix = "server")
/* loaded from: input_file:WEB-INF/classes/com/atlassian/bitbucket/internal/boot/web/ExtendedServerProperties.class */
public class ExtendedServerProperties extends CommonConnectorProperties implements WebServerFactoryCustomizer, ApplicationContextAware, Ordered {
    private ApplicationContext applicationContext;
    private boolean requireSsl;

    public ExtendedServerProperties() {
        super("server");
    }

    @Override // org.springframework.boot.web.server.WebServerFactoryCustomizer
    public void customize(WebServerFactory webServerFactory) {
        if (webServerFactory instanceof TomcatServletWebServerFactory) {
            TomcatServletWebServerFactory tomcatServletWebServerFactory = (TomcatServletWebServerFactory) webServerFactory;
            tomcatServletWebServerFactory.addConnectorCustomizers(this);
            tomcatServletWebServerFactory.setProtocol(getConnectorProtocol());
            tomcatServletWebServerFactory.addContextCustomizers(context -> {
                if (this.requireSsl) {
                    addSecurityConstraints(context);
                }
                ErrorReportValve errorReportValve = new ErrorReportValve();
                errorReportValve.setShowServerInfo(false);
                errorReportValve.setShowReport(true);
                context.getParent().getPipeline().addValve(errorReportValve);
            });
            Map beansOfType = this.applicationContext.getBeansOfType(ConnectorProperties.class);
            if (beansOfType.isEmpty()) {
                return;
            }
            String serverHeader = tomcatServletWebServerFactory.getServerHeader();
            Charset uriEncoding = tomcatServletWebServerFactory.getUriEncoding();
            Stream map = beansOfType.values().stream().map(connectorProperties -> {
                Connector connector = new Connector(connectorProperties.getConnectorProtocol());
                connector.setProperty("bindOnInit", "false");
                if (serverHeader != null) {
                    connector.setAttribute("server", serverHeader);
                }
                if (uriEncoding != null) {
                    connector.setURIEncoding(uriEncoding.name());
                }
                connectorProperties.customize(connector);
                return connector;
            });
            tomcatServletWebServerFactory.getClass();
            map.forEach(connector -> {
                tomcatServletWebServerFactory.addAdditionalTomcatConnectors(connector);
            });
        }
    }

    @Override // org.springframework.core.Ordered
    public int getOrder() {
        return 1;
    }

    @Override // org.springframework.context.ApplicationContextAware
    public void setApplicationContext(@Nonnull ApplicationContext applicationContext) throws BeansException {
        this.applicationContext = applicationContext;
    }

    private static void addSecurityConstraints(Context context) {
        SecurityCollection createSecurityCollection = createSecurityCollection("/robots.txt", "/robots", "/robot.txt", "/robot");
        createSecurityCollection.addOmittedMethod("GET");
        SecurityCollection createSecurityCollection2 = createSecurityCollection("/robots.txt", "/robots", "/robot.txt", "/robot");
        createSecurityCollection2.addMethod("GET");
        SecurityCollection createSecurityCollection3 = createSecurityCollection(ApplicationStatusServlet.URL_PATTERN, new String[0]);
        SecurityCollection createSecurityCollection4 = createSecurityCollection(ApplicationStatusServlet.URL_PATTERN, new String[0]);
        ApplicationStatusServlet.ALLOWED_METHODS.forEach(str -> {
            createSecurityCollection4.addMethod(str);
            createSecurityCollection3.addOmittedMethod(str);
        });
        context.addConstraint(createSecurityConstraint("CONFIDENTIAL", createSecurityCollection, createSecurityCollection3, createSecurityCollection("/*", new String[0])));
        context.addConstraint(createSecurityConstraint(Tokens.T_NONE, createSecurityCollection2, createSecurityCollection4));
    }

    private static SecurityCollection createSecurityCollection(String str, String... strArr) {
        SecurityCollection securityCollection = new SecurityCollection();
        securityCollection.addPattern(str);
        Stream stream = Arrays.stream(strArr);
        securityCollection.getClass();
        stream.forEach(securityCollection::addPattern);
        return securityCollection;
    }

    private static SecurityConstraint createSecurityConstraint(String str, SecurityCollection... securityCollectionArr) {
        SecurityConstraint securityConstraint = new SecurityConstraint();
        Stream stream = Arrays.stream(securityCollectionArr);
        securityConstraint.getClass();
        stream.forEach(securityConstraint::addCollection);
        securityConstraint.setUserConstraint(str);
        return securityConstraint;
    }

    public boolean isRequireSsl() {
        return this.requireSsl;
    }

    public void setRequireSsl(boolean z) {
        this.requireSsl = z;
    }
}
