package org.apereo.cas.tomcat;

import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.lang.reflect.Field;
import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import lombok.Generated;
import org.apache.catalina.authenticator.BasicAuthenticator;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.valves.ExtendedAccessLogValve;
import org.apache.catalina.valves.SSLValve;
import org.apache.catalina.valves.rewrite.RewriteValve;
import org.apache.commons.lang3.StringUtils;
import org.apache.coyote.AbstractProtocol;
import org.apache.coyote.ajp.AbstractAjpProtocol;
import org.apache.coyote.ajp.AjpNio2Protocol;
import org.apache.coyote.ajp.AjpNioProtocol;
import org.apache.coyote.http11.Constants;
import org.apache.coyote.http11.Http11AprProtocol;
import org.apache.coyote.http11.Http11Nio2Protocol;
import org.apache.coyote.http11.Http11NioProtocol;
import org.apache.coyote.http2.Http2Protocol;
import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatAjpProperties;
import org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatBasicAuthenticationProperties;
import org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatExtendedAccessLogProperties;
import org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatHttpProperties;
import org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatHttpProxyProperties;
import org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatProperties;
import org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatSocketProperties;
import org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatSslValveProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.util.ResourceUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.boot.autoconfigure.web.servlet.ServletWebServerFactoryCustomizer;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
import org.springframework.core.io.Resource;
import org.springframework.util.ReflectionUtils;
import org.springframework.util.SocketUtils;

/* loaded from: input_file:WEB-INF/lib/cas-server-webapp-init-tomcat-6.2.2.jar:org/apereo/cas/tomcat/CasTomcatServletWebServerFactoryCustomizer.class */
public class CasTomcatServletWebServerFactoryCustomizer extends ServletWebServerFactoryCustomizer {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CasTomcatServletWebServerFactoryCustomizer.class);
    private final CasConfigurationProperties casProperties;
    private final ServerProperties serverProperties;

    public CasTomcatServletWebServerFactoryCustomizer(ServerProperties serverProperties, CasConfigurationProperties casConfigurationProperties) {
        super(serverProperties);
        this.casProperties = casConfigurationProperties;
        this.serverProperties = serverProperties;
    }

    private static void configureConnectorForProtocol(Connector connector, CasEmbeddedApacheTomcatHttpProxyProperties casEmbeddedApacheTomcatHttpProxyProperties) {
        AbstractProtocol http11NioProtocol;
        Field findField = ReflectionUtils.findField(connector.getClass(), "protocolHandler");
        if (findField != null) {
            ReflectionUtils.makeAccessible(findField);
            if ("HTTP/2".equalsIgnoreCase(casEmbeddedApacheTomcatHttpProxyProperties.getProtocol())) {
                ReflectionUtils.setField(findField, connector, new Http2Protocol());
            } else {
                String protocol = casEmbeddedApacheTomcatHttpProxyProperties.getProtocol();
                boolean z = -1;
                switch (protocol.hashCode()) {
                    case -247915282:
                        if (protocol.equals("AJP/1.3")) {
                            z = true;
                            break;
                        }
                        break;
                    case 65027:
                        if (protocol.equals("APR")) {
                            z = 2;
                            break;
                        }
                        break;
                    case 62311786:
                        if (protocol.equals("AJP/2")) {
                            z = false;
                            break;
                        }
                        break;
                    case 649369517:
                        if (protocol.equals(Constants.HTTP_11)) {
                            z = 4;
                            break;
                        }
                        break;
                    case 649369518:
                        if (protocol.equals("HTTP/1.2")) {
                            z = 3;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        http11NioProtocol = new AjpNio2Protocol();
                        AbstractAjpProtocol abstractAjpProtocol = (AbstractAjpProtocol) AbstractAjpProtocol.class.cast(http11NioProtocol);
                        abstractAjpProtocol.setSecretRequired(casEmbeddedApacheTomcatHttpProxyProperties.isSecure());
                        abstractAjpProtocol.setSecret(casEmbeddedApacheTomcatHttpProxyProperties.getSecret());
                        break;
                    case true:
                        http11NioProtocol = new AjpNioProtocol();
                        AbstractAjpProtocol abstractAjpProtocol2 = (AbstractAjpProtocol) AbstractAjpProtocol.class.cast(http11NioProtocol);
                        abstractAjpProtocol2.setSecretRequired(casEmbeddedApacheTomcatHttpProxyProperties.isSecure());
                        abstractAjpProtocol2.setSecret(casEmbeddedApacheTomcatHttpProxyProperties.getSecret());
                        break;
                    case true:
                        http11NioProtocol = new Http11AprProtocol();
                        break;
                    case true:
                        http11NioProtocol = new Http11Nio2Protocol();
                        break;
                    case true:
                    default:
                        http11NioProtocol = new Http11NioProtocol();
                        break;
                }
                http11NioProtocol.setPort(connector.getPort());
                ReflectionUtils.setField(findField, connector, http11NioProtocol);
            }
            Field findField2 = ReflectionUtils.findField(connector.getClass(), "protocolHandlerClassName");
            if (findField2 != null) {
                ReflectionUtils.makeAccessible(findField2);
                ReflectionUtils.setField(findField2, connector, connector.getProtocolHandler().getClass().getName());
            }
        }
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.springframework.boot.autoconfigure.web.servlet.ServletWebServerFactoryCustomizer, org.springframework.boot.web.server.WebServerFactoryCustomizer
    public void customize(ConfigurableServletWebServerFactory configurableServletWebServerFactory) {
        if (!(configurableServletWebServerFactory instanceof TomcatServletWebServerFactory)) {
            LOGGER.error("Servlet web server factory [{}] does not support Apache Tomcat and cannot be customized.", configurableServletWebServerFactory);
            return;
        }
        TomcatServletWebServerFactory tomcatServletWebServerFactory = (TomcatServletWebServerFactory) configurableServletWebServerFactory;
        configureAjp(tomcatServletWebServerFactory);
        configureHttp(tomcatServletWebServerFactory);
        configureHttpProxy(tomcatServletWebServerFactory);
        configureExtendedAccessLogValve(tomcatServletWebServerFactory);
        configureRewriteValve(tomcatServletWebServerFactory);
        configureSSLValve(tomcatServletWebServerFactory);
        configureBasicAuthn(tomcatServletWebServerFactory);
        finalizeConnectors(tomcatServletWebServerFactory);
    }

    private void finalizeConnectors(TomcatServletWebServerFactory tomcatServletWebServerFactory) {
        tomcatServletWebServerFactory.addConnectorCustomizers(connector -> {
            CasEmbeddedApacheTomcatProperties tomcat = this.casProperties.getServer().getTomcat();
            connector.setProperty("Server", tomcat.getServerName());
            CasEmbeddedApacheTomcatSocketProperties socket = tomcat.getSocket();
            if (socket.getBufferPool() > 0) {
                connector.setProperty("socket.bufferPool", String.valueOf(socket.getBufferPool()));
            }
            if (socket.getAppReadBufSize() > 0) {
                connector.setProperty("socket.appReadBufSize", String.valueOf(socket.getAppReadBufSize()));
            }
            if (socket.getAppWriteBufSize() > 0) {
                connector.setProperty("socket.appWriteBufSize", String.valueOf(socket.getAppWriteBufSize()));
            }
            if (socket.getPerformanceBandwidth() >= 0) {
                connector.setProperty("socket.performanceBandwidth", String.valueOf(socket.getPerformanceBandwidth()));
            }
            if (socket.getPerformanceConnectionTime() >= 0) {
                connector.setProperty("socket.performanceConnectionTime", String.valueOf(socket.getPerformanceConnectionTime()));
            }
            if (socket.getPerformanceLatency() >= 0) {
                connector.setProperty("socket.performanceLatency", String.valueOf(socket.getPerformanceLatency()));
            }
        });
    }

    private void configureBasicAuthn(TomcatServletWebServerFactory tomcatServletWebServerFactory) {
        CasEmbeddedApacheTomcatBasicAuthenticationProperties basicAuthn = this.casProperties.getServer().getTomcat().getBasicAuthn();
        if (basicAuthn.isEnabled()) {
            tomcatServletWebServerFactory.addContextCustomizers(context -> {
                LoginConfig loginConfig = new LoginConfig();
                loginConfig.setAuthMethod("BASIC");
                context.setLoginConfig(loginConfig);
                List<String> securityRoles = basicAuthn.getSecurityRoles();
                Objects.requireNonNull(context);
                securityRoles.forEach(context::addSecurityRole);
                basicAuthn.getAuthRoles().forEach(str -> {
                    SecurityConstraint securityConstraint = new SecurityConstraint();
                    securityConstraint.addAuthRole(str);
                    SecurityCollection securityCollection = new SecurityCollection();
                    List<String> patterns = basicAuthn.getPatterns();
                    Objects.requireNonNull(securityCollection);
                    patterns.forEach(securityCollection::addPattern);
                    securityConstraint.addCollection(securityCollection);
                    context.addConstraint(securityConstraint);
                });
            });
            tomcatServletWebServerFactory.addContextValves(new BasicAuthenticator());
        }
    }

    private void configureExtendedAccessLogValve(TomcatServletWebServerFactory tomcatServletWebServerFactory) {
        CasEmbeddedApacheTomcatExtendedAccessLogProperties extAccessLog = this.casProperties.getServer().getTomcat().getExtAccessLog();
        if (extAccessLog.isEnabled() && StringUtils.isNotBlank(extAccessLog.getPattern())) {
            LOGGER.debug("Creating extended access log valve configuration for the embedded tomcat container...");
            ExtendedAccessLogValve extendedAccessLogValve = new ExtendedAccessLogValve();
            extendedAccessLogValve.setPattern(extAccessLog.getPattern());
            if (StringUtils.isBlank(extAccessLog.getDirectory())) {
                extendedAccessLogValve.setDirectory(this.serverProperties.getTomcat().getAccesslog().getDirectory());
            } else {
                extendedAccessLogValve.setDirectory(extAccessLog.getDirectory());
            }
            extendedAccessLogValve.setPrefix(extAccessLog.getPrefix());
            extendedAccessLogValve.setSuffix(extAccessLog.getSuffix());
            extendedAccessLogValve.setAsyncSupported(true);
            extendedAccessLogValve.setEnabled(true);
            extendedAccessLogValve.setRotatable(true);
            extendedAccessLogValve.setBuffered(true);
            tomcatServletWebServerFactory.addEngineValves(extendedAccessLogValve);
        }
    }

    private void configureHttp(TomcatServletWebServerFactory tomcatServletWebServerFactory) {
        CasEmbeddedApacheTomcatHttpProperties http = this.casProperties.getServer().getTomcat().getHttp();
        if (http.isEnabled()) {
            LOGGER.debug("Creating HTTP configuration for the embedded tomcat container...");
            Connector connector = new Connector(http.getProtocol());
            int port = http.getPort();
            if (port <= 0) {
                LOGGER.warn("No explicit port configuration is provided to CAS. Scanning for available ports...");
                port = SocketUtils.findAvailableTcpPort();
            }
            LOGGER.info("Activated embedded tomcat container HTTP port on [{}]", Integer.valueOf(port));
            connector.setPort(port);
            LOGGER.debug("Configuring embedded tomcat container for HTTP2 protocol support");
            connector.addUpgradeProtocol(new Http2Protocol());
            Map<String, String> attributes = http.getAttributes();
            Objects.requireNonNull(connector);
            attributes.forEach(connector::setProperty);
            tomcatServletWebServerFactory.addAdditionalTomcatConnectors(connector);
        }
    }

    private void configureHttpProxy(TomcatServletWebServerFactory tomcatServletWebServerFactory) {
        CasEmbeddedApacheTomcatHttpProxyProperties httpProxy = this.casProperties.getServer().getTomcat().getHttpProxy();
        if (!httpProxy.isEnabled()) {
            LOGGER.trace("HTTP proxying is not enabled for CAS; Connector configuration for port [{}] is not modified.", Integer.valueOf(tomcatServletWebServerFactory.getPort()));
        } else {
            LOGGER.debug("Customizing HTTP proxying for connector listening on port [{}]", Integer.valueOf(tomcatServletWebServerFactory.getPort()));
            tomcatServletWebServerFactory.getTomcatConnectorCustomizers().add(connector -> {
                connector.setSecure(httpProxy.isSecure());
                connector.setScheme(httpProxy.getScheme());
                if (StringUtils.isNotBlank(httpProxy.getProtocol())) {
                    LOGGER.debug("Setting HTTP proxying protocol to [{}]", httpProxy.getProtocol());
                    configureConnectorForProtocol(connector, httpProxy);
                }
                if (httpProxy.getRedirectPort() > 0) {
                    LOGGER.debug("Setting HTTP proxying redirect port to [{}]", Integer.valueOf(httpProxy.getRedirectPort()));
                    connector.setRedirectPort(httpProxy.getRedirectPort());
                }
                if (httpProxy.getProxyPort() > 0) {
                    LOGGER.debug("Setting HTTP proxying proxy port to [{}]", Integer.valueOf(httpProxy.getProxyPort()));
                    connector.setProxyPort(httpProxy.getProxyPort());
                }
                connector.addUpgradeProtocol(new Http2Protocol());
                Map<String, String> attributes = httpProxy.getAttributes();
                Objects.requireNonNull(connector);
                attributes.forEach(connector::setProperty);
                LOGGER.info("Configured connector listening on port [{}]", Integer.valueOf(tomcatServletWebServerFactory.getPort()));
            });
        }
    }

    private void configureAjp(TomcatServletWebServerFactory tomcatServletWebServerFactory) {
        CasEmbeddedApacheTomcatAjpProperties ajp = this.casProperties.getServer().getTomcat().getAjp();
        if (!ajp.isEnabled() || ajp.getPort() <= 0) {
            return;
        }
        LOGGER.debug("Creating AJP configuration for the embedded tomcat container...");
        Connector connector = new Connector(ajp.getProtocol());
        connector.setPort(ajp.getPort());
        connector.setSecure(ajp.isSecure());
        connector.setAllowTrace(ajp.isAllowTrace());
        connector.setScheme(ajp.getScheme());
        connector.setAsyncTimeout(Beans.newDuration(ajp.getAsyncTimeout()).toMillis());
        connector.setEnableLookups(ajp.isEnableLookups());
        connector.setMaxPostSize(ajp.getMaxPostSize());
        connector.addUpgradeProtocol(new Http2Protocol());
        AbstractAjpProtocol abstractAjpProtocol = (AbstractAjpProtocol) connector.getProtocolHandler();
        if (abstractAjpProtocol != null) {
            abstractAjpProtocol.setSecretRequired(ajp.isSecure());
            abstractAjpProtocol.setSecret(ajp.getSecret());
        }
        if (ajp.getProxyPort() > 0) {
            LOGGER.debug("Set AJP proxy port to [{}]", Integer.valueOf(ajp.getProxyPort()));
            connector.setProxyPort(ajp.getProxyPort());
        }
        if (ajp.getRedirectPort() > 0) {
            LOGGER.debug("Set AJP redirect port to [{}]", Integer.valueOf(ajp.getRedirectPort()));
            connector.setRedirectPort(ajp.getRedirectPort());
        }
        Map<String, String> attributes = ajp.getAttributes();
        Objects.requireNonNull(connector);
        attributes.forEach(connector::setProperty);
        tomcatServletWebServerFactory.addAdditionalTomcatConnectors(connector);
    }

    private void configureSSLValve(TomcatServletWebServerFactory tomcatServletWebServerFactory) {
        CasEmbeddedApacheTomcatSslValveProperties sslValve = this.casProperties.getServer().getTomcat().getSslValve();
        if (sslValve.isEnabled()) {
            LOGGER.debug("Adding SSLValve to context of the embedded tomcat container...");
            SSLValve sSLValve = new SSLValve();
            sSLValve.setSslCipherHeader(sslValve.getSslCipherHeader());
            sSLValve.setSslCipherUserKeySizeHeader(sslValve.getSslCipherUserKeySizeHeader());
            sSLValve.setSslClientCertHeader(sslValve.getSslClientCertHeader());
            sSLValve.setSslSessionIdHeader(sslValve.getSslSessionIdHeader());
            tomcatServletWebServerFactory.addContextValves(sSLValve);
        }
    }

    private void configureRewriteValve(TomcatServletWebServerFactory tomcatServletWebServerFactory) {
        final Resource location = this.casProperties.getServer().getTomcat().getRewriteValve().getLocation();
        if (ResourceUtils.doesResourceExist(location)) {
            LOGGER.debug("Configuring rewrite valve at [{}]", location);
            RewriteValve rewriteValve = new RewriteValve() { // from class: org.apereo.cas.tomcat.CasTomcatServletWebServerFactoryCustomizer.1
                @Override // org.apache.catalina.valves.rewrite.RewriteValve, org.apache.catalina.valves.ValveBase, org.apache.catalina.util.LifecycleBase
                public synchronized void startInternal() {
                    try {
                        super.startInternal();
                        InputStream inputStream = location.getInputStream();
                        try {
                            InputStreamReader inputStreamReader = new InputStreamReader(inputStream, StandardCharsets.UTF_8);
                            try {
                                BufferedReader bufferedReader = new BufferedReader(inputStreamReader);
                                try {
                                    parse(bufferedReader);
                                    bufferedReader.close();
                                    inputStreamReader.close();
                                    if (inputStream != null) {
                                        inputStream.close();
                                    }
                                } catch (Throwable th) {
                                    try {
                                        bufferedReader.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                    throw th;
                                }
                            } catch (Throwable th3) {
                                try {
                                    inputStreamReader.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                                throw th3;
                            }
                        } finally {
                        }
                    } catch (Exception e) {
                        if (CasTomcatServletWebServerFactoryCustomizer.LOGGER.isDebugEnabled()) {
                            CasTomcatServletWebServerFactoryCustomizer.LOGGER.error(e.getMessage(), (Throwable) e);
                        } else {
                            CasTomcatServletWebServerFactoryCustomizer.LOGGER.error(e.getMessage());
                        }
                    }
                }
            };
            rewriteValve.setAsyncSupported(true);
            rewriteValve.setEnabled(true);
            LOGGER.debug("Creating rewrite valve configuration for the embedded tomcat container...");
            tomcatServletWebServerFactory.addContextValves(rewriteValve);
        }
    }
}
