package org.springframework.boot.web.embedded.jetty;

import java.net.InetSocketAddress;
import java.util.function.Supplier;
import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.http2.HTTP2Cipher;
import org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.springframework.boot.ssl.SslBundle;
import org.springframework.boot.ssl.SslBundleKey;
import org.springframework.boot.ssl.SslOptions;
import org.springframework.boot.ssl.SslStoreBundle;
import org.springframework.boot.web.server.Http2;
import org.springframework.boot.web.server.Ssl;
import org.springframework.util.Assert;
import org.springframework.util.ClassUtils;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/spring-boot-3.4.4.jar:org/springframework/boot/web/embedded/jetty/SslServerCustomizer.class */
public class SslServerCustomizer implements JettyServerCustomizer {
    private final Http2 http2;
    private final InetSocketAddress address;
    private final Ssl.ClientAuth clientAuth;
    private final SslBundle sslBundle;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/spring-boot-3.4.4.jar:org/springframework/boot/web/embedded/jetty/SslServerCustomizer$SslValidatingServerConnector.class */
    public static class SslValidatingServerConnector extends ServerConnector {
        private final SslBundleKey key;
        private final SslContextFactory sslContextFactory;

        /* JADX WARN: Multi-variable type inference failed */
        SslValidatingServerConnector(SslBundleKey sslBundleKey, SslContextFactory sslContextFactory, Server server, SslConnectionFactory sslConnectionFactory, HttpConnectionFactory httpConnectionFactory) {
            super(server, new ConnectionFactory[]{sslConnectionFactory, httpConnectionFactory});
            this.key = sslBundleKey;
            this.sslContextFactory = sslContextFactory;
        }

        SslValidatingServerConnector(SslBundleKey sslBundleKey, SslContextFactory sslContextFactory, Server server, ConnectionFactory... connectionFactoryArr) {
            super(server, connectionFactoryArr);
            this.key = sslBundleKey;
            this.sslContextFactory = sslContextFactory;
        }

        protected void doStart() throws Exception {
            super.doStart();
            this.key.assertContainsAlias(this.sslContextFactory.getKeyStore());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SslServerCustomizer(Http2 http2, InetSocketAddress inetSocketAddress, Ssl.ClientAuth clientAuth, SslBundle sslBundle) {
        this.address = inetSocketAddress;
        this.clientAuth = clientAuth;
        this.sslBundle = sslBundle;
        this.http2 = http2;
    }

    @Override // org.springframework.boot.web.embedded.jetty.JettyServerCustomizer
    public void customize(Server server) {
        SslContextFactory.Server server2 = new SslContextFactory.Server();
        server2.setEndpointIdentificationAlgorithm((String) null);
        configureSsl(server2, this.clientAuth);
        server.setConnectors(new Connector[]{createConnector(server, server2)});
    }

    private ServerConnector createConnector(Server server, SslContextFactory.Server server2) {
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setSendServerVersion(false);
        httpConfiguration.setSecureScheme("https");
        httpConfiguration.setSecurePort(this.address.getPort());
        httpConfiguration.addCustomizer(new SecureRequestCustomizer());
        ServerConnector createServerConnector = createServerConnector(server, server2, httpConfiguration);
        createServerConnector.setPort(this.address.getPort());
        createServerConnector.setHost(this.address.getHostString());
        return createServerConnector;
    }

    private ServerConnector createServerConnector(Server server, SslContextFactory.Server server2, HttpConfiguration httpConfiguration) {
        if (this.http2 == null || !this.http2.isEnabled()) {
            return createHttp11ServerConnector(httpConfiguration, server2, server);
        }
        Assert.state(isJettyAlpnPresent(), (Supplier<String>) () -> {
            return "An 'org.eclipse.jetty:jetty-alpn-*-server' dependency is required for HTTP/2 support.";
        });
        Assert.state(isJettyHttp2Present(), (Supplier<String>) () -> {
            return "The 'org.eclipse.jetty.http2:jetty-http2-server' dependency is required for HTTP/2 support.";
        });
        return createHttp2ServerConnector(httpConfiguration, server2, server);
    }

    private ServerConnector createHttp11ServerConnector(HttpConfiguration httpConfiguration, SslContextFactory.Server server, Server server2) {
        return new SslValidatingServerConnector(this.sslBundle.getKey(), server, server2, createSslConnectionFactory(server, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfiguration));
    }

    private SslConnectionFactory createSslConnectionFactory(SslContextFactory.Server server, String str) {
        return new SslConnectionFactory(server, str);
    }

    private boolean isJettyAlpnPresent() {
        return ClassUtils.isPresent("org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory", null);
    }

    private boolean isJettyHttp2Present() {
        return ClassUtils.isPresent("org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory", null);
    }

    private ServerConnector createHttp2ServerConnector(HttpConfiguration httpConfiguration, SslContextFactory.Server server, Server server2) {
        ConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpConfiguration);
        ConnectionFactory hTTP2ServerConnectionFactory = new HTTP2ServerConnectionFactory(httpConfiguration);
        ConnectionFactory createAlpnServerConnectionFactory = createAlpnServerConnectionFactory();
        server.setCipherComparator(HTTP2Cipher.COMPARATOR);
        if (isConscryptPresent()) {
            server.setProvider("Conscrypt");
        }
        return new SslValidatingServerConnector(this.sslBundle.getKey(), server, server2, createSslConnectionFactory(server, createAlpnServerConnectionFactory.getProtocol()), createAlpnServerConnectionFactory, hTTP2ServerConnectionFactory, httpConnectionFactory);
    }

    private ALPNServerConnectionFactory createAlpnServerConnectionFactory() {
        try {
            return new ALPNServerConnectionFactory(new String[0]);
        } catch (IllegalStateException e) {
            throw new IllegalStateException("An 'org.eclipse.jetty:jetty-alpn-*-server' dependency is required for HTTP/2 support.", e);
        }
    }

    private boolean isConscryptPresent() {
        return ClassUtils.isPresent("org.conscrypt.Conscrypt", null) && ClassUtils.isPresent("org.eclipse.jetty.alpn.conscrypt.server.ConscryptServerALPNProcessor", null);
    }

    protected void configureSsl(SslContextFactory.Server server, Ssl.ClientAuth clientAuth) {
        SslBundleKey key = this.sslBundle.getKey();
        SslOptions options = this.sslBundle.getOptions();
        SslStoreBundle stores = this.sslBundle.getStores();
        server.setProtocol(this.sslBundle.getProtocol());
        configureSslClientAuth(server, clientAuth);
        if (stores.getKeyStorePassword() != null) {
            server.setKeyStorePassword(stores.getKeyStorePassword());
        }
        server.setCertAlias(key.getAlias());
        if (options.getCiphers() != null) {
            server.setIncludeCipherSuites(options.getCiphers());
            server.setExcludeCipherSuites(new String[0]);
        }
        if (options.getEnabledProtocols() != null) {
            server.setIncludeProtocols(options.getEnabledProtocols());
            server.setExcludeProtocols(new String[0]);
        }
        try {
            if (key.getPassword() != null) {
                server.setKeyManagerPassword(key.getPassword());
            }
            server.setKeyStore(stores.getKeyStore());
            server.setTrustStore(stores.getTrustStore());
        } catch (Exception e) {
            throw new IllegalStateException("Unable to set SSL store: " + e.getMessage(), e);
        }
    }

    private void configureSslClientAuth(SslContextFactory.Server server, Ssl.ClientAuth clientAuth) {
        server.setWantClientAuth(clientAuth == Ssl.ClientAuth.WANT || clientAuth == Ssl.ClientAuth.NEED);
        server.setNeedClientAuth(clientAuth == Ssl.ClientAuth.NEED);
    }
}
