package org.springframework.boot.web.embedded.jetty;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.util.function.Supplier;
import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.http2.HTTP2Cipher;
import org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.springframework.boot.web.server.Http2;
import org.springframework.boot.web.server.Ssl;
import org.springframework.boot.web.server.SslStoreProvider;
import org.springframework.boot.web.server.WebServerException;
import org.springframework.cloud.commons.httpclient.ApacheHttpClientConnectionManagerFactory;
import org.springframework.util.Assert;
import org.springframework.util.ClassUtils;
import org.springframework.util.ObjectUtils;
import org.springframework.util.ResourceUtils;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/spring-boot-2.0.5.RELEASE.jar:org/springframework/boot/web/embedded/jetty/SslServerCustomizer.class */
public class SslServerCustomizer implements JettyServerCustomizer {
    private final InetSocketAddress address;
    private final Ssl ssl;
    private final SslStoreProvider sslStoreProvider;
    private final Http2 http2;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SslServerCustomizer(InetSocketAddress inetSocketAddress, Ssl ssl, SslStoreProvider sslStoreProvider, Http2 http2) {
        this.address = inetSocketAddress;
        this.ssl = ssl;
        this.sslStoreProvider = sslStoreProvider;
        this.http2 = http2;
    }

    @Override // org.springframework.boot.web.embedded.jetty.JettyServerCustomizer
    public void customize(Server server) {
        SslContextFactory sslContextFactory = new SslContextFactory();
        configureSsl(sslContextFactory, this.ssl, this.sslStoreProvider);
        server.setConnectors(new Connector[]{createConnector(server, sslContextFactory, this.address)});
    }

    private ServerConnector createConnector(Server server, SslContextFactory sslContextFactory, InetSocketAddress inetSocketAddress) {
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setSendServerVersion(false);
        httpConfiguration.setSecureScheme(ApacheHttpClientConnectionManagerFactory.HTTPS_SCHEME);
        httpConfiguration.setSecurePort(inetSocketAddress.getPort());
        httpConfiguration.addCustomizer(new SecureRequestCustomizer());
        ServerConnector createServerConnector = createServerConnector(server, sslContextFactory, httpConfiguration);
        createServerConnector.setPort(inetSocketAddress.getPort());
        createServerConnector.setHost(inetSocketAddress.getHostString());
        return createServerConnector;
    }

    private ServerConnector createServerConnector(Server server, SslContextFactory sslContextFactory, HttpConfiguration httpConfiguration) {
        if (this.http2 == null || !this.http2.isEnabled()) {
            return createHttp11ServerConnector(server, httpConfiguration, sslContextFactory);
        }
        Assert.state(isAlpnPresent(), (Supplier<String>) () -> {
            return "The 'org.eclipse.jetty:jetty-alpn-server' dependency is required for HTTP/2 support.";
        });
        Assert.state(isConscryptPresent(), (Supplier<String>) () -> {
            return "The 'org.eclipse.jetty.http2:http2-server' and Conscrypt dependencies are required for HTTP/2 support.";
        });
        return createHttp2ServerConnector(server, httpConfiguration, sslContextFactory);
    }

    private ServerConnector createHttp11ServerConnector(Server server, HttpConfiguration httpConfiguration, SslContextFactory sslContextFactory) {
        return new ServerConnector(server, new ConnectionFactory[]{new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfiguration)});
    }

    private boolean isAlpnPresent() {
        return ClassUtils.isPresent("org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory", null);
    }

    private boolean isConscryptPresent() {
        return ClassUtils.isPresent("org.conscrypt.Conscrypt", null);
    }

    private ServerConnector createHttp2ServerConnector(Server server, HttpConfiguration httpConfiguration, SslContextFactory sslContextFactory) {
        ConnectionFactory hTTP2ServerConnectionFactory = new HTTP2ServerConnectionFactory(httpConfiguration);
        ConnectionFactory aLPNServerConnectionFactory = new ALPNServerConnectionFactory(new String[0]);
        aLPNServerConnectionFactory.setDefaultProtocol("h2");
        sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
        sslContextFactory.setProvider("Conscrypt");
        return new ServerConnector(server, new ConnectionFactory[]{new SslConnectionFactory(sslContextFactory, aLPNServerConnectionFactory.getProtocol()), aLPNServerConnectionFactory, hTTP2ServerConnectionFactory, new HttpConnectionFactory(httpConfiguration)});
    }

    protected void configureSsl(SslContextFactory sslContextFactory, Ssl ssl, SslStoreProvider sslStoreProvider) {
        sslContextFactory.setProtocol(ssl.getProtocol());
        configureSslClientAuth(sslContextFactory, ssl);
        configureSslPasswords(sslContextFactory, ssl);
        sslContextFactory.setCertAlias(ssl.getKeyAlias());
        if (!ObjectUtils.isEmpty((Object[]) ssl.getCiphers())) {
            sslContextFactory.setIncludeCipherSuites(ssl.getCiphers());
            sslContextFactory.setExcludeCipherSuites(new String[0]);
        }
        if (ssl.getEnabledProtocols() != null) {
            sslContextFactory.setIncludeProtocols(ssl.getEnabledProtocols());
        }
        if (sslStoreProvider == null) {
            configureSslKeyStore(sslContextFactory, ssl);
            configureSslTrustStore(sslContextFactory, ssl);
        } else {
            try {
                sslContextFactory.setKeyStore(sslStoreProvider.getKeyStore());
                sslContextFactory.setTrustStore(sslStoreProvider.getTrustStore());
            } catch (Exception e) {
                throw new IllegalStateException("Unable to set SSL store", e);
            }
        }
    }

    private void configureSslClientAuth(SslContextFactory sslContextFactory, Ssl ssl) {
        if (ssl.getClientAuth() == Ssl.ClientAuth.NEED) {
            sslContextFactory.setNeedClientAuth(true);
            sslContextFactory.setWantClientAuth(true);
        } else if (ssl.getClientAuth() == Ssl.ClientAuth.WANT) {
            sslContextFactory.setWantClientAuth(true);
        }
    }

    private void configureSslPasswords(SslContextFactory sslContextFactory, Ssl ssl) {
        if (ssl.getKeyStorePassword() != null) {
            sslContextFactory.setKeyStorePassword(ssl.getKeyStorePassword());
        }
        if (ssl.getKeyPassword() != null) {
            sslContextFactory.setKeyManagerPassword(ssl.getKeyPassword());
        }
    }

    private void configureSslKeyStore(SslContextFactory sslContextFactory, Ssl ssl) {
        try {
            sslContextFactory.setKeyStoreResource(Resource.newResource(ResourceUtils.getURL(ssl.getKeyStore())));
            if (ssl.getKeyStoreType() != null) {
                sslContextFactory.setKeyStoreType(ssl.getKeyStoreType());
            }
            if (ssl.getKeyStoreProvider() != null) {
                sslContextFactory.setKeyStoreProvider(ssl.getKeyStoreProvider());
            }
        } catch (IOException e) {
            throw new WebServerException("Could not find key store '" + ssl.getKeyStore() + "'", e);
        }
    }

    private void configureSslTrustStore(SslContextFactory sslContextFactory, Ssl ssl) {
        if (ssl.getTrustStorePassword() != null) {
            sslContextFactory.setTrustStorePassword(ssl.getTrustStorePassword());
        }
        if (ssl.getTrustStore() != null) {
            try {
                sslContextFactory.setTrustStoreResource(Resource.newResource(ResourceUtils.getURL(ssl.getTrustStore())));
            } catch (IOException e) {
                throw new WebServerException("Could not find trust store '" + ssl.getTrustStore() + "'", e);
            }
        }
        if (ssl.getTrustStoreType() != null) {
            sslContextFactory.setTrustStoreType(ssl.getTrustStoreType());
        }
        if (ssl.getTrustStoreProvider() != null) {
            sslContextFactory.setTrustStoreProvider(ssl.getTrustStoreProvider());
        }
    }
}
