package de.fraunhofer.iosb.ilt.faaast.service.endpoint.http;

import de.fraunhofer.iosb.ilt.faaast.service.ServiceContext;
import de.fraunhofer.iosb.ilt.faaast.service.assetconnection.opcua.util.OpcUaConstants;
import de.fraunhofer.iosb.ilt.faaast.service.certificate.CertificateData;
import de.fraunhofer.iosb.ilt.faaast.service.certificate.CertificateInformation;
import de.fraunhofer.iosb.ilt.faaast.service.certificate.util.KeyStoreHelper;
import de.fraunhofer.iosb.ilt.faaast.service.config.CoreConfig;
import de.fraunhofer.iosb.ilt.faaast.service.endpoint.Endpoint;
import de.fraunhofer.iosb.ilt.faaast.service.exception.EndpointException;
import de.fraunhofer.iosb.ilt.faaast.service.util.Ensure;
import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Objects;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/fraunhofer/iosb/ilt/faaast/service/endpoint/http/HttpEndpoint.class */
public class HttpEndpoint implements Endpoint<HttpEndpointConfig> {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) HttpEndpoint.class);
    private static final CertificateInformation SELFSIGNED_CERTIFICATE_INFORMATION = CertificateInformation.builder().applicationUri("urn:de:fraunhofer:iosb:ilt:faaast:service:endpoint:http").commonName("FA³ST Service HTTP Endpoint").countryCode(OpcUaConstants.CERTIFICATE_COUNTRYCODE).localityName(OpcUaConstants.CERTIFICATE_LOCALITY).organization(OpcUaConstants.CERTIFICATE_ORGANIZATION).organizationUnit(OpcUaConstants.CERTIFICATE_ORGANIZATION_UNIT).build();
    private HttpEndpointConfig config;
    private ServiceContext serviceContext;
    private Server server;
    private Handler handler;

    @Override // de.fraunhofer.iosb.ilt.faaast.service.config.Configurable
    public HttpEndpointConfig asConfig() {
        return this.config;
    }

    @Override // de.fraunhofer.iosb.ilt.faaast.service.config.Configurable
    public void init(CoreConfig coreConfig, HttpEndpointConfig httpEndpointConfig, ServiceContext serviceContext) {
        Ensure.requireNonNull(httpEndpointConfig, "config must be non-null");
        Ensure.requireNonNull(serviceContext, "serviceContext must be non-null");
        this.config = httpEndpointConfig;
        this.serviceContext = serviceContext;
    }

    @Override // de.fraunhofer.iosb.ilt.faaast.service.endpoint.Endpoint
    public void start() throws EndpointException {
        if (this.server == null || !this.server.isStarted()) {
            this.server = new Server();
            configureHttpServer();
            this.handler = new RequestHandler(this.serviceContext, this.config);
            this.server.setHandler(this.handler);
            this.server.setErrorHandler(new HttpErrorHandler());
            try {
                this.server.start();
            } catch (Exception e) {
                throw new EndpointException("error starting HTTP endpoint", e);
            }
        }
    }

    private void configureHttpServer() throws EndpointException {
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setSendServerVersion(false);
        httpConfiguration.setSendDateHeader(false);
        httpConfiguration.setSendXPoweredBy(false);
        HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpConfiguration);
        SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer();
        secureRequestCustomizer.setSniHostCheck(this.config.isSniEnabled());
        httpConfiguration.addCustomizer(secureRequestCustomizer);
        ServerConnector buildSSLServerConnector = buildSSLServerConnector(httpConnectionFactory);
        buildSSLServerConnector.setPort(this.config.getPort());
        this.server.addConnector(buildSSLServerConnector);
    }

    private KeyStore generateSelfSignedCertificate() throws EndpointException {
        try {
            LOGGER.debug("Generating self-signed certificate for HTTP endpoint...");
            CertificateData generateSelfSigned = KeyStoreHelper.generateSelfSigned(SELFSIGNED_CERTIFICATE_INFORMATION);
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setCertificateEntry(KeyStoreHelper.DEFAULT_ALIAS, generateSelfSigned.getCertificate());
            keyStore.setKeyEntry(KeyStoreHelper.DEFAULT_ALIAS, generateSelfSigned.getKeyPair().getPrivate(), null, generateSelfSigned.getCertificateChain());
            LOGGER.debug("Self-signed certificate for HTTP endpoint successfully generated");
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new EndpointException("error generating self-signed certificate for HTTPS endpoint", e);
        }
    }

    private ServerConnector buildSSLServerConnector(HttpConnectionFactory httpConnectionFactory) throws EndpointException {
        SslContextFactory.Server server = new SslContextFactory.Server();
        if (Objects.isNull(this.config.getCertificate()) || Objects.isNull(this.config.getCertificate().getKeyStorePath()) || this.config.getCertificate().getKeyStorePath().equals("")) {
            LOGGER.info("Generating self-signed certificate for HTTPS (reason: no certificate provided)");
            server.setKeyStore(generateSelfSignedCertificate());
        } else {
            try {
                KeyStore load = KeyStoreHelper.load(new File(this.config.getCertificate().getKeyStorePath()), this.config.getCertificate().getKeyStoreType(), this.config.getCertificate().getKeyStorePassword());
                server.setKeyStorePassword(this.config.getCertificate().getKeyStorePassword());
                server.setKeyManagerPassword(this.config.getCertificate().getKeyPassword());
                server.setKeyStore(load);
            } catch (IOException | GeneralSecurityException e) {
                throw new EndpointException("Error loading certificate for HTTP endpoint", e);
            }
        }
        return new ServerConnector(this.server, new SslConnectionFactory(server, httpConnectionFactory.getProtocol()), httpConnectionFactory);
    }

    @Override // de.fraunhofer.iosb.ilt.faaast.service.endpoint.Endpoint
    public void stop() {
        if (this.handler != null) {
            try {
                this.handler.stop();
            } catch (Exception e) {
                LOGGER.debug("stopping HTTP handler failed", (Throwable) e);
            }
        }
        try {
            this.server.stop();
            this.server.join();
        } catch (Exception e2) {
            LOGGER.debug("HTTP endpoint did non shutdown correctly", (Throwable) e2);
            Thread.currentThread().interrupt();
        }
    }
}
