package org.somda.sdc.dpws.http.helper;

import com.google.inject.Inject;
import com.google.inject.name.Named;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetSocketAddress;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.Enumeration;
import java.util.Optional;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.config.SocketConfig;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.eclipse.jetty.http.HttpCompliance;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.server.handler.ContextHandlerCollection;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.somda.sdc.common.logging.InstanceLogger;
import org.somda.sdc.dpws.crypto.CryptoConfigurator;
import org.somda.sdc.dpws.crypto.CryptoSettings;
import org.somda.sdc.dpws.http.jetty.JettyHttpServerHandler;
import org.somda.sdc.dpws.http.jetty.factory.JettyHttpServerHandlerFactory;
import org.somda.sdc.dpws.soap.SoapConstants;

/* loaded from: input_file:org/somda/sdc/dpws/http/helper/HttpServerClientSelfTest.class */
public class HttpServerClientSelfTest {
    private static final Logger LOG = LogManager.getLogger(HttpServerClientSelfTest.class);
    private final Logger instanceLogger;
    private final boolean enableHttps;
    private final String[] tlsProtocols;
    private final String[] enabledCiphers;
    private final HostnameVerifier hostnameVerifier;
    private final Duration connectionTimeout;
    private final JettyHttpServerHandlerFactory jettyHttpServerHandlerFactory;
    private final CryptoConfigurator cryptoConfigurator;
    private final CryptoSettings cryptoSettings;
    private SSLContext sslContext;

    @Inject
    public HttpServerClientSelfTest(@Named("Common.InstanceIdentifier") String str, @Named("Dpws.EnableHttps") boolean z, CryptoConfigurator cryptoConfigurator, @Named("Dpws.Crypto.Settings") CryptoSettings cryptoSettings, @Named("Dpws.Crypto.TlsEnabledVersions") String[] strArr, @Named("Dpws.Crypto.TlsEnabledCiphers") String[] strArr2, @Named("Dpws.Crypto.DeviceHostnameVerifier") HostnameVerifier hostnameVerifier, @Named("Dpws.HttpServerConnectionTimeout") Duration duration, JettyHttpServerHandlerFactory jettyHttpServerHandlerFactory) {
        this.instanceLogger = InstanceLogger.wrapLogger(LOG, str);
        this.enableHttps = z;
        this.cryptoConfigurator = cryptoConfigurator;
        this.cryptoSettings = cryptoSettings;
        this.tlsProtocols = strArr;
        this.hostnameVerifier = hostnameVerifier;
        this.enabledCiphers = strArr2;
        this.connectionTimeout = duration;
        this.jettyHttpServerHandlerFactory = jettyHttpServerHandlerFactory;
    }

    public void testConnection() {
        if (!this.enableHttps) {
            this.instanceLogger.info("HTTPS protocol disabled, skipping self-test");
            return;
        }
        if (this.cryptoSettings == null) {
            logAndThrowException("Crypto settings are required for HTTPS protocol");
        }
        this.instanceLogger.info("Starting self test between server and client");
        this.sslContext = getSslContext();
        Server buildServer = buildServer();
        String uri = buildServer.getURI().toString();
        this.instanceLogger.info("Using URI {} for the self test", uri);
        try {
            try {
                CloseableHttpClient build = buildHttpClient().build();
                try {
                    CloseableHttpResponse execute = build.execute(new HttpGet(uri));
                    try {
                        int statusCode = execute.getStatusLine().getStatusCode();
                        if (statusCode != 200) {
                            logAndThrowException("Connection self test failed with status: " + statusCode);
                        }
                        this.instanceLogger.info("Connection self test was successful");
                        if (execute != null) {
                            execute.close();
                        }
                        if (build != null) {
                            build.close();
                        }
                    } catch (Throwable th) {
                        if (execute != null) {
                            try {
                                execute.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    if (build != null) {
                        try {
                            build.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    }
                    throw th3;
                }
            } finally {
                try {
                    buildServer.stop();
                } catch (Exception e) {
                    this.instanceLogger.error("Could not stop HTTP server", e);
                }
            }
        } catch (IOException e2) {
            logAndThrowException("Connection self test failed", e2);
            try {
                buildServer.stop();
            } catch (Exception e3) {
                this.instanceLogger.error("Could not stop HTTP server", e3);
            }
        }
    }

    private SSLContext getSslContext() {
        try {
            SSLContextBuilder custom = SSLContexts.custom();
            Optional<InputStream> keyStoreStream = this.cryptoSettings.getKeyStoreStream();
            Optional<InputStream> trustStoreStream = this.cryptoSettings.getTrustStoreStream();
            if (keyStoreStream.isEmpty() || trustStoreStream.isEmpty()) {
                throw new IOException("Expected key and trust store, but none found");
            }
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(keyStoreStream.get(), this.cryptoSettings.getKeyStorePassword().toCharArray());
            custom.loadKeyMaterial(keyStore, this.cryptoSettings.getKeyStorePassword().toCharArray());
            printCertificateDetails(keyStore);
            KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore2.load(trustStoreStream.get(), this.cryptoSettings.getTrustStorePassword().toCharArray());
            custom.loadTrustMaterial(keyStore2, (TrustStrategy) null);
            return custom.build();
        } catch (IOException | IllegalArgumentException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            this.instanceLogger.warn("Could not read server crypto config, fallback to system properties");
            CryptoConfigurator cryptoConfigurator = this.cryptoConfigurator;
            return CryptoConfigurator.createSslContextFromSystemProperties();
        }
    }

    private HttpClientBuilder buildHttpClient() {
        return HttpClients.custom().setDefaultSocketConfig(SocketConfig.custom().setTcpNoDelay(true).build()).setSSLSocketFactory(new SSLConnectionSocketFactory(this.sslContext, this.tlsProtocols, this.enabledCiphers, this.hostnameVerifier));
    }

    private Server buildServer() {
        this.instanceLogger.debug("Init new HTTP server from URI: {}", "https://127.0.0.1:0");
        URI create = URI.create("https://127.0.0.1:0");
        Server server = new Server(new InetSocketAddress(create.getHost(), create.getPort()));
        server.setHandler(new ContextHandlerCollection(new ContextHandler[]{getHttpHandler("/ctxt/self-test")}));
        server.setConnectors(new Connector[]{getServerConnector(create, server)});
        try {
            server.start();
        } catch (Exception e) {
            logAndThrowException("Could not start HTTP server for self-test", e);
        }
        return server;
    }

    private ServerConnector getServerConnector(URI uri, Server server) {
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setHttpCompliance(HttpCompliance.RFC2616);
        SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer();
        secureRequestCustomizer.setSniHostCheck(false);
        httpConfiguration.addCustomizer(secureRequestCustomizer);
        ServerConnector serverConnector = new ServerConnector(server, new ConnectionFactory[]{getContextFactory(), new HttpConnectionFactory(httpConfiguration)});
        serverConnector.setIdleTimeout(this.connectionTimeout.toMillis());
        serverConnector.setHost(uri.getHost());
        serverConnector.setPort(uri.getPort());
        return serverConnector;
    }

    private SslConnectionFactory getContextFactory() {
        SslContextFactory.Server server = new SslContextFactory.Server();
        server.setSslContext(this.sslContext);
        server.setNeedClientAuth(true);
        server.setExcludeProtocols(new String[0]);
        server.setIncludeProtocols(this.tlsProtocols);
        server.setExcludeCipherSuites(new String[0]);
        server.setIncludeCipherSuites(this.enabledCiphers);
        return new SslConnectionFactory(server, HttpVersion.HTTP_1_1.asString());
    }

    private ContextHandler getHttpHandler(String str) {
        JettyHttpServerHandler create = this.jettyHttpServerHandlerFactory.create(SoapConstants.MEDIA_TYPE_SOAP, (inputStream, outputStream, communicationContext) -> {
            try {
                outputStream.write("OK".getBytes(StandardCharsets.UTF_8));
            } catch (IOException e) {
                logAndThrowException("HTTP handler failed", e);
            }
        }, null, null);
        ContextHandler contextHandler = new ContextHandler(str);
        contextHandler.setHandler(create);
        contextHandler.setAllowNullPathInfo(true);
        return contextHandler;
    }

    private void printCertificateDetails(KeyStore keyStore) {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                if (this.instanceLogger.isInfoEnabled()) {
                    this.instanceLogger.info("Certificate Alias: {}", nextElement);
                    this.instanceLogger.info("Certificate Issuer DName: {}", x509Certificate.getIssuerX500Principal().getName("RFC1779"));
                    this.instanceLogger.info("Certificate Subject DName: {}", x509Certificate.getSubjectX500Principal().getName("RFC1779"));
                    this.instanceLogger.info("Certificate Extended Key Usage: {}", x509Certificate.getExtendedKeyUsage());
                    this.instanceLogger.info("Certificate Expiration: {}", x509Certificate.getNotAfter());
                    this.instanceLogger.trace("Certificate: {}", x509Certificate);
                }
            }
        } catch (KeyStoreException | CertificateParsingException e) {
            this.instanceLogger.warn("Failed to parse certificate details", e);
        }
    }

    private void logAndThrowException(String str) {
        this.instanceLogger.error(str);
        throw new ServerClientSelfTestException(str);
    }

    private void logAndThrowException(String str, Exception exc) {
        this.instanceLogger.error(str, exc);
        throw new ServerClientSelfTestException(str, exc);
    }
}
