package org.apache.atlas.web.service;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.atlas.ApplicationProperties;
import org.apache.atlas.AtlasConfiguration;
import org.apache.atlas.AtlasException;
import org.apache.atlas.security.SecurityProperties;
import org.apache.atlas.security.SecurityUtil;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.lang.StringUtils;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/atlas/web/service/SecureEmbeddedServer.class */
public class SecureEmbeddedServer extends EmbeddedServer {
    public static final String ATLAS_KEYSTORE_FILE_TYPE_DEFAULT = "jks";
    public static final String ATLAS_TRUSTSTORE_FILE_TYPE_DEFAULT = "jks";
    public static final String ATLAS_TLS_CONTEXT_ALGO_TYPE = "TLS";
    private static final Logger LOG = LoggerFactory.getLogger(SecureEmbeddedServer.class);
    public static final String ATLAS_TLS_KEYMANAGER_DEFAULT_ALGO_TYPE = KeyManagerFactory.getDefaultAlgorithm();
    public static final String ATLAS_TLS_TRUSTMANAGER_DEFAULT_ALGO_TYPE = TrustManagerFactory.getDefaultAlgorithm();

    public SecureEmbeddedServer(String str, int i, String str2) throws IOException {
        super(str, i, str2);
    }

    @Override // org.apache.atlas.web.service.EmbeddedServer
    protected Connector getConnector(String str, int i) throws IOException {
        Configuration configuration = getConfiguration();
        SSLContext sSLContext = getSSLContext();
        if (sSLContext != null) {
            SSLContext.setDefault(sSLContext);
        }
        SslContextFactory.Server server = new SslContextFactory.Server();
        server.setKeyStoreType(configuration.getString("keystore.type", "jks"));
        server.setKeyStorePath(configuration.getString("keystore.file", System.getProperty("keystore.file", "target/atlas.keystore")));
        server.setKeyStorePassword(SecurityUtil.getPassword(configuration, "keystore.password"));
        server.setKeyManagerPassword(SecurityUtil.getPassword(configuration, "password"));
        server.setTrustStoreType(configuration.getString("truststore.type", "jks"));
        server.setTrustStorePath(configuration.getString("truststore.file", System.getProperty("truststore.file", "target/atlas.keystore")));
        server.setTrustStorePassword(SecurityUtil.getPassword(configuration, "truststore.password"));
        server.setWantClientAuth(configuration.getBoolean("client.auth.enabled", Boolean.getBoolean("client.auth.enabled")));
        List list = configuration.getList("atlas.ssl.exclude.cipher.suites", SecurityProperties.DEFAULT_CIPHER_SUITES);
        server.setExcludeCipherSuites((String[]) list.toArray(new String[list.size()]));
        server.setRenegotiationAllowed(false);
        String[] stringArray = configuration.containsKey("atlas.ssl.exclude.protocols") ? configuration.getStringArray("atlas.ssl.exclude.protocols") : SecurityProperties.DEFAULT_EXCLUDE_PROTOCOLS;
        if (stringArray != null && stringArray.length > 0) {
            server.addExcludeProtocols(stringArray);
        }
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setSecureScheme("https");
        int i2 = AtlasConfiguration.WEBSERVER_REQUEST_BUFFER_SIZE.getInt();
        httpConfiguration.setSecurePort(i);
        httpConfiguration.setRequestHeaderSize(i2);
        httpConfiguration.setResponseHeaderSize(i2);
        httpConfiguration.setSendServerVersion(false);
        httpConfiguration.setSendDateHeader(false);
        HttpConfiguration httpConfiguration2 = new HttpConfiguration(httpConfiguration);
        httpConfiguration2.addCustomizer(new SecureRequestCustomizer());
        httpConfiguration2.setSendServerVersion(false);
        ServerConnector serverConnector = new ServerConnector(this.server, new ConnectionFactory[]{new SslConnectionFactory(server, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfiguration2)});
        serverConnector.setPort(i);
        this.server.addConnector(serverConnector);
        return serverConnector;
    }

    protected Configuration getConfiguration() {
        try {
            return ApplicationProperties.get();
        } catch (AtlasException e) {
            throw new RuntimeException("Unable to load configuration: atlas-application.properties");
        }
    }

    private SSLContext getSSLContext() {
        KeyManager[] keyManagers = getKeyManagers();
        TrustManager[] trustManagers = getTrustManagers();
        SSLContext sSLContext = null;
        if (trustManagers != null) {
            try {
                sSLContext = SSLContext.getInstance(ATLAS_TLS_CONTEXT_ALGO_TYPE);
                sSLContext.init(keyManagers, trustManagers, new SecureRandom());
            } catch (KeyManagementException e) {
                LOG.error("Unable to initials the SSLContext. Reason: " + e.toString());
            } catch (NoSuchAlgorithmException e2) {
                LOG.error("SSL algorithm is not available in the environment. Reason: " + e2.toString());
            }
        }
        return sSLContext;
    }

    private KeyManager[] getKeyManagers() {
        KeyManager[] keyManagerArr = null;
        try {
            String string = getConfiguration().getString("keystore.file", System.getProperty("keystore.file", "target/atlas.keystore"));
            String password = SecurityUtil.getPassword(getConfiguration(), "keystore.password");
            if (StringUtils.isNotEmpty(string) && StringUtils.isNotEmpty(password)) {
                try {
                    try {
                        try {
                            try {
                                try {
                                    try {
                                        InputStream fileInputStream = getFileInputStream(string);
                                        if (fileInputStream != null) {
                                            KeyStore keyStore = KeyStore.getInstance(getConfiguration().getString("keystore.type", "jks"));
                                            keyStore.load(fileInputStream, password.toCharArray());
                                            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(ATLAS_TLS_KEYMANAGER_DEFAULT_ALGO_TYPE);
                                            keyManagerFactory.init(keyStore, password.toCharArray());
                                            keyManagerArr = keyManagerFactory.getKeyManagers();
                                        } else {
                                            LOG.error("Unable to obtain keystore from file [" + string + "]");
                                        }
                                        close(fileInputStream, string);
                                    } catch (Throwable th) {
                                        close(null, string);
                                        throw th;
                                    }
                                } catch (FileNotFoundException e) {
                                    LOG.error("Unable to find the necessary TLS Keystore Files", e);
                                    close(null, string);
                                }
                            } catch (KeyStoreException e2) {
                                LOG.error("Unable to obtain from KeyStore :" + e2.getMessage(), e2);
                                close(null, string);
                            }
                        } catch (NoSuchAlgorithmException e3) {
                            LOG.error("SSL algorithm is NOT available in the environment", e3);
                            close(null, string);
                        }
                    } catch (CertificateException e4) {
                        LOG.error("Unable to obtain the requested certification ", e4);
                        close(null, string);
                    }
                } catch (IOException e5) {
                    LOG.error("Unable to read the necessary TLS Keystore Files", e5);
                    close(null, string);
                } catch (UnrecoverableKeyException e6) {
                    LOG.error("Unable to recover the key from keystore", e6);
                    close(null, string);
                }
            }
        } catch (IOException e7) {
            LOG.error(e7.getMessage());
        }
        return keyManagerArr;
    }

    private TrustManager[] getTrustManagers() {
        TrustManager[] trustManagerArr = null;
        try {
            String string = getConfiguration().getString("truststore.file", System.getProperty("truststore.file", "target/atlas.keystore"));
            String password = SecurityUtil.getPassword(getConfiguration(), "truststore.password");
            if (StringUtils.isNotEmpty(string) && StringUtils.isNotEmpty(password)) {
                try {
                    try {
                        try {
                            InputStream fileInputStream = getFileInputStream(string);
                            if (fileInputStream != null) {
                                KeyStore keyStore = KeyStore.getInstance(getConfiguration().getString("truststore.type", "jks"));
                                keyStore.load(fileInputStream, password.toCharArray());
                                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(ATLAS_TLS_TRUSTMANAGER_DEFAULT_ALGO_TYPE);
                                trustManagerFactory.init(keyStore);
                                trustManagerArr = trustManagerFactory.getTrustManagers();
                            } else {
                                LOG.error("Unable to obtain truststore from file [" + string + "]");
                            }
                            close(fileInputStream, string);
                        } catch (Throwable th) {
                            close(null, string);
                            throw th;
                        }
                    } catch (KeyStoreException e) {
                        LOG.error("Unable to obtain from KeyStore", e);
                        close(null, string);
                    } catch (CertificateException e2) {
                        LOG.error("Unable to obtain the requested certification :" + e2.getMessage(), e2);
                        close(null, string);
                    }
                } catch (FileNotFoundException e3) {
                    LOG.error("Unable to find the necessary TLS TrustStore File:" + string, e3);
                    close(null, string);
                } catch (IOException e4) {
                    LOG.error("Unable to read the necessary TLS TrustStore Files :" + string, e4);
                    close(null, string);
                } catch (NoSuchAlgorithmException e5) {
                    LOG.error("SSL algorithm is NOT available in the environment :" + e5.getMessage(), e5);
                    close(null, string);
                }
            }
        } catch (IOException e6) {
            LOG.error(e6.getMessage());
        }
        return trustManagerArr;
    }

    private InputStream getFileInputStream(String str) throws IOException {
        InputStream inputStream = null;
        if (StringUtils.isNotEmpty(str)) {
            File file = new File(str);
            inputStream = file.exists() ? new FileInputStream(file) : ClassLoader.getSystemResourceAsStream(str);
        }
        return inputStream;
    }

    private void close(InputStream inputStream, String str) {
        if (inputStream != null) {
            try {
                inputStream.close();
            } catch (IOException e) {
                LOG.error("Error while closing file: [" + str + "]", e);
            }
        }
    }
}
