package pl.fhframework.plugins.fhtomcat;

import java.util.logging.Logger;
import org.apache.catalina.connector.Connector;
import org.apache.coyote.http11.Http11NioProtocol;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.server.ConfigurableWebServerFactory;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:pl/fhframework/plugins/fhtomcat/CertAuthServerConnectorConfig.class */
public class CertAuthServerConnectorConfig implements WebServerFactoryCustomizer<ConfigurableWebServerFactory> {
    private static final Logger LOGGER = Logger.getLogger(CertAuthServerConnectorConfig.class.getName());

    @Value("${fhframework.certAuth.server.port:-1}")
    private int port;

    @Value("${fhframework.certAuth.server.keystore:}")
    private String keystore;

    @Value("${fhframework.certAuth.server.keystorePass:}")
    private String keystorePass;

    @Value("${fhframework.certAuth.server.keystoreType:}")
    private String keystoreType;

    @Value("${fhframework.certAuth.server.keystoreAlias:}")
    private String keystoreAlias;

    @Value("${fhframework.certAuth.server.truststore:}")
    private String truststore;

    @Value("${fhframework.certAuth.server.truststorePass:}")
    private String truststorePass;

    @Value("${fhframework.certAuth.server.truststoreType:}")
    private String truststoreType;

    public void customize(ConfigurableWebServerFactory configurableWebServerFactory) {
        String str;
        String str2;
        String str3;
        if (this.port == -1 && this.keystore.isEmpty() && this.keystorePass.isEmpty() && this.keystoreType.isEmpty() && this.keystoreAlias.isEmpty() && this.truststore.isEmpty() && this.truststorePass.isEmpty() && this.truststoreType.isEmpty()) {
            return;
        }
        if (this.port == -1 || this.keystore.isEmpty() || this.keystorePass.isEmpty()) {
            LOGGER.severe("At least fhframework.certAuth.server.port, .keystore and .keystorePass properties must be set");
            return;
        }
        if (!(configurableWebServerFactory instanceof TomcatServletWebServerFactory)) {
            LOGGER.severe("Container factory is not a " + TomcatServletWebServerFactory.class.getSimpleName() + ", got " + configurableWebServerFactory.getClass().getName());
            return;
        }
        TomcatServletWebServerFactory tomcatServletWebServerFactory = (TomcatServletWebServerFactory) configurableWebServerFactory;
        LOGGER.info("Adding client SSL certificate authentication connector at port " + this.port);
        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        Http11NioProtocol protocolHandler = connector.getProtocolHandler();
        connector.setScheme("https");
        connector.setSecure(true);
        connector.setPort(this.port);
        protocolHandler.setSSLEnabled(true);
        protocolHandler.setClientAuth(SSLHostConfig.CertificateVerification.REQUIRED.name());
        protocolHandler.setKeystoreFile(this.keystore);
        protocolHandler.setKeystorePass(this.keystorePass);
        if (!this.keystoreType.isEmpty()) {
            protocolHandler.setKeystoreType(this.keystoreType);
        }
        if (this.truststore.isEmpty()) {
            str = this.keystore;
            str2 = this.keystorePass;
            str3 = this.keystoreType;
            LOGGER.info("Property fhframework.certAuth.server.truststore not set, using keystore as truststore");
        } else {
            str = this.truststore;
            str2 = this.truststorePass;
            str3 = this.truststoreType;
        }
        protocolHandler.setTruststoreFile(str);
        protocolHandler.setTruststorePass(str2);
        if (!str3.isEmpty()) {
            protocolHandler.setTruststoreType(str3);
        }
        tomcatServletWebServerFactory.addAdditionalTomcatConnectors(new Connector[]{connector});
    }
}
