package com.atlassian.bitbucket.internal.boot.web;

import com.atlassian.bitbucket.Product;
import com.atlassian.stash.internal.ApplicationConstants;
import com.google.common.primitives.Ints;
import java.io.FileNotFoundException;
import java.net.InetAddress;
import java.util.function.Consumer;
import org.apache.catalina.connector.Connector;
import org.apache.coyote.AbstractProtocol;
import org.apache.coyote.ProtocolHandler;
import org.apache.coyote.ajp.AbstractAjpProtocol;
import org.apache.coyote.http11.AbstractHttp11JsseProtocol;
import org.apache.coyote.http11.AbstractHttp11Protocol;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.codehaus.janino.Descriptor;
import org.springframework.beans.propertyeditors.CustomBooleanEditor;
import org.springframework.boot.context.properties.NestedConfigurationProperty;
import org.springframework.boot.context.properties.PropertyMapper;
import org.springframework.boot.web.server.Compression;
import org.springframework.boot.web.server.Ssl;
import org.springframework.boot.web.server.WebServerException;
import org.springframework.util.ResourceUtils;
import org.springframework.util.StringUtils;
import org.springframework.util.unit.DataSize;

/* loaded from: input_file:WEB-INF/classes/com/atlassian/bitbucket/internal/boot/web/ConnectorProperties.class */
public class ConnectorProperties extends CommonConnectorProperties {
    private final int connectorNumber;

    @NestedConfigurationProperty
    private final Compression compression;

    @NestedConfigurationProperty
    private final Ssl ssl;
    private InetAddress address;
    private Integer connectionTimeout;
    private DataSize maxHttpHeaderSize;
    private DataSize maxHttpPostSize;
    private Integer port;

    public ConnectorProperties(int i) {
        super("server.additional-connector." + i);
        this.connectorNumber = i;
        this.compression = new Compression();
        this.ssl = new Ssl();
        this.ssl.setEnabled(false);
    }

    @Override // com.atlassian.bitbucket.internal.boot.web.CommonConnectorProperties, org.springframework.boot.web.embedded.tomcat.TomcatConnectorCustomizer
    public void customize(Connector connector) {
        super.customize(connector);
        connector.setPort(this.port.intValue());
        DataSize dataSize = this.maxHttpPostSize;
        connector.getClass();
        applyIfPositive(dataSize, (v1) -> {
            r1.setMaxPostSize(v1);
        });
        ProtocolHandler protocolHandler = connector.getProtocolHandler();
        if (protocolHandler instanceof AbstractProtocol) {
            AbstractProtocol abstractProtocol = (AbstractProtocol) protocolHandler;
            if (this.address != null) {
                abstractProtocol.setAddress(this.address);
            }
            if (this.connectionTimeout != null) {
                abstractProtocol.setConnectionTimeout(this.connectionTimeout.intValue());
            }
        }
        if (protocolHandler instanceof AbstractHttp11Protocol) {
            AbstractHttp11Protocol<?> abstractHttp11Protocol = (AbstractHttp11Protocol) protocolHandler;
            if (this.compression.getEnabled()) {
                configureCompression(abstractHttp11Protocol);
            }
            DataSize dataSize2 = this.maxHttpHeaderSize;
            abstractHttp11Protocol.getClass();
            applyIfPositive(dataSize2, (v1) -> {
                r1.setMaxHttpHeaderSize(v1);
            });
        }
        if (this.ssl.isEnabled()) {
            if (!(protocolHandler instanceof AbstractHttp11JsseProtocol)) {
                if (protocolHandler instanceof AbstractAjpProtocol) {
                    throw new IllegalStateException("SSL cannot be enabled on AJP/1.3 connectors. Remove " + getPrefix() + ".ssl.enabled=true from " + ApplicationConstants.CONFIG_FILE + " and restart " + Product.NAME);
                }
                return;
            }
            connector.setScheme("https");
            connector.setSecure(true);
            AbstractHttp11JsseProtocol<?> abstractHttp11JsseProtocol = (AbstractHttp11JsseProtocol) protocolHandler;
            configureSsl(abstractHttp11JsseProtocol);
            configureSslKeyStore(abstractHttp11JsseProtocol);
            configureSslTrustStore(abstractHttp11JsseProtocol);
        }
    }

    public String toString() {
        StringBuilder append = new StringBuilder("AdditionalConnector[").append(this.connectorNumber).append(": ").append(this.port);
        if (isAjp()) {
            append.append(" (AJP/1.3)");
        } else {
            append.append(" (HTTP").append(this.ssl.isEnabled() ? Descriptor.SHORT : "").append("/1.1)");
        }
        return append.append("]").toString();
    }

    private static void applyIfPositive(DataSize dataSize, Consumer<Integer> consumer) {
        PropertyMapper.get().from((PropertyMapper) dataSize).whenNonNull().asInt((v0) -> {
            return v0.toBytes();
        }).when(num -> {
            return num.intValue() > 0;
        }).to(consumer);
    }

    private void configureCompression(AbstractHttp11Protocol<?> abstractHttp11Protocol) {
        abstractHttp11Protocol.setCompressibleMimeType(StringUtils.arrayToCommaDelimitedString(this.compression.getMimeTypes()));
        abstractHttp11Protocol.setCompression(CustomBooleanEditor.VALUE_ON);
        abstractHttp11Protocol.setCompressionMinSize(Ints.saturatedCast(this.compression.getMinResponseSize().toBytes()));
        String[] excludedUserAgents = this.compression.getExcludedUserAgents();
        if (excludedUserAgents == null || excludedUserAgents.length <= 0) {
            return;
        }
        abstractHttp11Protocol.setNoCompressionUserAgents(StringUtils.arrayToCommaDelimitedString(excludedUserAgents));
    }

    private void configureSsl(AbstractHttp11JsseProtocol<?> abstractHttp11JsseProtocol) {
        abstractHttp11JsseProtocol.setSSLEnabled(true);
        abstractHttp11JsseProtocol.setCiphers(org.apache.commons.lang3.StringUtils.trimToNull(StringUtils.arrayToCommaDelimitedString(this.ssl.getCiphers())));
        abstractHttp11JsseProtocol.setKeyAlias(this.ssl.getKeyAlias());
        abstractHttp11JsseProtocol.setKeyPass(this.ssl.getKeyPassword());
        abstractHttp11JsseProtocol.setSslProtocol(this.ssl.getProtocol());
        Ssl.ClientAuth clientAuth = this.ssl.getClientAuth();
        if (clientAuth == Ssl.ClientAuth.NEED) {
            abstractHttp11JsseProtocol.setClientAuth("true");
        } else if (clientAuth == Ssl.ClientAuth.WANT) {
            abstractHttp11JsseProtocol.setClientAuth("want");
        }
        String arrayToCommaDelimitedString = StringUtils.arrayToCommaDelimitedString(this.ssl.getEnabledProtocols());
        if (arrayToCommaDelimitedString.isEmpty()) {
            return;
        }
        for (SSLHostConfig sSLHostConfig : abstractHttp11JsseProtocol.findSslHostConfigs()) {
            sSLHostConfig.setProtocols(arrayToCommaDelimitedString);
        }
    }

    private void configureSslKeyStore(AbstractHttp11JsseProtocol<?> abstractHttp11JsseProtocol) {
        try {
            abstractHttp11JsseProtocol.setKeystoreFile(ResourceUtils.getURL(this.ssl.getKeyStore()).toString());
            abstractHttp11JsseProtocol.setKeystorePass(this.ssl.getKeyStorePassword());
            abstractHttp11JsseProtocol.setKeystoreProvider(this.ssl.getKeyStoreProvider());
            abstractHttp11JsseProtocol.setKeystoreType(this.ssl.getKeyStoreType());
        } catch (FileNotFoundException e) {
            throw new WebServerException("\"" + getPrefix() + ".ssl.key-store=" + this.ssl.getKeyStore() + "\" references a path which does not exist", e);
        }
    }

    private void configureSslTrustStore(AbstractHttp11JsseProtocol<?> abstractHttp11JsseProtocol) {
        if (this.ssl.getTrustStore() != null) {
            try {
                abstractHttp11JsseProtocol.setTruststoreFile(ResourceUtils.getURL(this.ssl.getTrustStore()).toString());
                abstractHttp11JsseProtocol.setTruststorePass(this.ssl.getTrustStorePassword());
                abstractHttp11JsseProtocol.setTruststoreProvider(this.ssl.getTrustStoreProvider());
                abstractHttp11JsseProtocol.setTruststoreType(this.ssl.getTrustStoreType());
            } catch (FileNotFoundException e) {
                throw new WebServerException("\"" + getPrefix() + ".ssl.trust-store=" + this.ssl.getTrustStore() + "\" references a path which does not exist", e);
            }
        }
    }

    public InetAddress getAddress() {
        return this.address;
    }

    public Compression getCompression() {
        return this.compression;
    }

    public Integer getConnectionTimeout() {
        return this.connectionTimeout;
    }

    public DataSize getMaxHttpHeaderSize() {
        return this.maxHttpHeaderSize;
    }

    public DataSize getMaxHttpPostSize() {
        return this.maxHttpPostSize;
    }

    public Integer getPort() {
        return this.port;
    }

    public Ssl getSsl() {
        return this.ssl;
    }

    public void setAddress(InetAddress inetAddress) {
        this.address = inetAddress;
    }

    public void setConnectionTimeout(Integer num) {
        this.connectionTimeout = num;
    }

    public void setMaxHttpHeaderSize(DataSize dataSize) {
        this.maxHttpHeaderSize = dataSize;
    }

    public void setMaxHttpPostSize(DataSize dataSize) {
        this.maxHttpPostSize = dataSize;
    }

    public void setPort(Integer num) {
        this.port = num;
    }
}
