package winstone;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Locale;
import java.util.Map;
import java.util.logging.Level;
import java.util.stream.Stream;
import javax.net.ssl.KeyManagerFactory;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import winstone.cmdline.Option;

/* loaded from: input_file:executable/winstone.jar:winstone/AbstractSecuredConnectorFactory.class */
public abstract class AbstractSecuredConnectorFactory implements ConnectorFactory {
    protected static final WinstoneResourceBundle SSL_RESOURCES = new WinstoneResourceBundle("winstone.LocalStrings");
    protected KeyStore keystore;
    protected String keystorePassword;

    /* JADX INFO: Access modifiers changed from: protected */
    public void configureSsl(Map<String, String> map, Server server) throws IOException {
        try {
            File file = Option.HTTPS_KEY_STORE.get(map);
            String str = Option.HTTPS_KEY_STORE_PASSWORD.get(map);
            if (file == null) {
                throw new WinstoneException(MessageFormat.format("Please set --{0}", Option.HTTPS_KEY_STORE));
            }
            if (!file.exists() || !file.isFile()) {
                throw new WinstoneException(SSL_RESOURCES.getString("HttpsListener.KeyStoreNotFound", file.getPath()));
            }
            this.keystorePassword = str;
            this.keystore = KeyStore.getInstance(KeyStore.getDefaultType());
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                this.keystore.load(fileInputStream, this.keystorePassword.toCharArray());
                fileInputStream.close();
            } finally {
            }
        } catch (GeneralSecurityException e) {
            throw new IOException("Failed to handle keys", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SslContextFactory.Server getSSLContext(Map<String, String> map) {
        try {
            String str = Option.HTTPS_PRIVATE_KEY_PASSWORD.get(map, this.keystorePassword);
            KeyManagerFactory.getInstance(Option.HTTPS_KEY_MANAGER_TYPE.get(map)).init(this.keystore, this.keystorePassword.toCharArray());
            Logger.log(Level.FINEST, SSL_RESOURCES, "HttpsListener.KeyCount", this.keystore.size());
            Enumeration<String> aliases = this.keystore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Logger.log(Level.FINEST, SSL_RESOURCES, "HttpsListener.KeyFound", nextElement, String.valueOf(this.keystore.getCertificate(nextElement)));
            }
            SslContextFactory.Server server = new SslContextFactory.Server();
            server.setKeyStore(this.keystore);
            server.setKeyStorePassword(this.keystorePassword);
            server.setKeyManagerPassword(str);
            server.setKeyManagerFactoryAlgorithm(Option.HTTPS_KEY_MANAGER_TYPE.get(map));
            server.setCertAlias(Option.HTTPS_CERTIFICATE_ALIAS.get(map));
            String str2 = Option.HTTPS_EXCLUDE_PROTOCOLS.get(map);
            if (str2 != null && str2.length() > 0) {
                server.setExcludeProtocols((String[]) Stream.of((Object[]) str2.split(",")).map((v0) -> {
                    return v0.trim();
                }).toArray(i -> {
                    return new String[i];
                }));
            }
            String str3 = Option.HTTPS_EXCLUDE_CIPHER_SUITES.get(map);
            if (str3 != null && str3.length() > 0) {
                server.setExcludeCipherSuites(str3.split(","));
            }
            Logger.log(Level.INFO, SSL_RESOURCES, "HttpsListener.ExcludeProtocols", Arrays.asList(server.getExcludeProtocols()));
            Logger.log(Level.INFO, SSL_RESOURCES, "HttpsListener.ExcludeCiphers", Arrays.asList(server.getExcludeCipherSuites()));
            String lowerCase = Option.HTTPS_VERIFY_CLIENT.get(map).toLowerCase(Locale.ROOT);
            boolean z = -1;
            switch (lowerCase.hashCode()) {
                case -79017120:
                    if (lowerCase.equals("optional")) {
                        z = 2;
                        break;
                    }
                    break;
                case 119527:
                    if (lowerCase.equals("yes")) {
                        z = false;
                        break;
                    }
                    break;
                case 3569038:
                    if (lowerCase.equals("true")) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                case true:
                    server.setNeedClientAuth(true);
                    break;
                case true:
                    server.setWantClientAuth(true);
                    break;
                default:
                    server.setNeedClientAuth(false);
                    break;
            }
            return server;
        } catch (Throwable th) {
            throw new WinstoneException(SSL_RESOURCES.getString("HttpsListener.ErrorGettingContext"), th);
        }
    }
}
