package org.geoserver.web;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStreamReader;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.webapp.WebAppContext;
import org.eclipse.jetty.xml.XmlConfiguration;
import org.geotools.util.logging.Logging;
import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;

/* loaded from: input_file:org/geoserver/web/Start.class */
public class Start {
    private static final Logger log = Logging.getLogger(Start.class.getName());

    public static void main(String[] strArr) {
        final Server server = new Server();
        try {
            HttpConfiguration httpConfiguration = new HttpConfiguration();
            Connector serverConnector = new ServerConnector(server, new ConnectionFactory[]{new HttpConnectionFactory(httpConfiguration)});
            serverConnector.setPort(Integer.getInteger("jetty.port", 8080).intValue());
            serverConnector.setAcceptQueueSize(100);
            serverConnector.setIdleTimeout(3600000L);
            serverConnector.setSoLingerTime(-1);
            String property = System.getProperty("ssl.hostname");
            ServerConnector serverConnector2 = null;
            if (property != null && property.length() > 0) {
                Security.addProvider(new BouncyCastleProvider());
                SslContextFactory createSSLContextFactory = createSSLContextFactory(property);
                HttpConfiguration httpConfiguration2 = new HttpConfiguration(httpConfiguration);
                httpConfiguration2.addCustomizer(new SecureRequestCustomizer());
                serverConnector2 = new ServerConnector(server, new ConnectionFactory[]{new SslConnectionFactory(createSSLContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfiguration2)});
                serverConnector2.setPort(8443);
            }
            server.setConnectors(serverConnector2 != null ? new Connector[]{serverConnector, serverConnector2} : new Connector[]{serverConnector});
            WebAppContext webAppContext = new WebAppContext();
            webAppContext.setContextPath("/geoserver");
            webAppContext.setWar("src/main/webapp");
            server.setHandler(webAppContext);
            webAppContext.setTempDirectory(new File("target/work"));
            webAppContext.getServletContext().getContextHandler().setMaxFormContentSize(5242880);
            webAppContext.getServletContext().getContextHandler().setMaxFormKeys(2000);
            String property2 = System.getProperty("jetty.config.file");
            if (property2 != null) {
                log.info("Loading Jetty config from file: " + property2);
                new XmlConfiguration(new FileInputStream(property2)).configure(server);
            }
            long currentTimeMillis = System.currentTimeMillis();
            log.severe("GeoServer starting");
            server.start();
            log.severe("GeoServer startup complete in " + ((System.currentTimeMillis() - currentTimeMillis) / 1000.0d) + "s");
            Thread thread = new Thread() { // from class: org.geoserver.web.Start.1
                @Override // java.lang.Thread, java.lang.Runnable
                public void run() {
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(System.in));
                    while (true) {
                        try {
                            if ("stop".equals(bufferedReader.readLine())) {
                                server.stop();
                                System.exit(0);
                            }
                        } catch (Exception e) {
                            e.printStackTrace();
                            System.exit(1);
                            return;
                        }
                    }
                }
            };
            thread.setDaemon(true);
            thread.run();
        } catch (Exception e) {
            log.log(Level.SEVERE, "Could not start the Jetty server: " + e.getMessage(), (Throwable) e);
            if (server != null) {
                try {
                    server.stop();
                } catch (Exception e2) {
                    log.log(Level.SEVERE, "Unable to stop the Jetty server:" + e2.getMessage(), (Throwable) e2);
                }
            }
        }
    }

    private static SslContextFactory createSSLContextFactory(String str) {
        File file = new File(new File(System.getProperty("user.home")), ".geoserver");
        if (!file.exists()) {
            file.mkdir();
        }
        File file2 = new File(file, "keystore.jks");
        try {
            assureSelfSignedServerCertificate(str, file2, "changeit");
            SslContextFactory sslContextFactory = new SslContextFactory();
            sslContextFactory.setKeyStorePath(file2.getAbsolutePath());
            sslContextFactory.setKeyStorePassword("changeit");
            File file3 = new File(new File(System.getProperty("java.home")), "lib").toPath().resolve("security/cacerts").toFile();
            if (!file3.exists()) {
                return null;
            }
            sslContextFactory.setTrustStorePath(file3.getAbsolutePath());
            sslContextFactory.setTrustStorePassword("changeit");
            return sslContextFactory;
        } catch (Exception e) {
            log.log(Level.WARNING, "NO SSL available", (Throwable) e);
            return null;
        }
    }

    private static void assureSelfSignedServerCertificate(String str, File file, String str2) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        if (file.exists()) {
            keyStore.load(new FileInputStream(file), str2.toCharArray());
            if (keyStoreContainsCertificate(keyStore, str)) {
                return;
            }
        } else {
            keyStore.load(null);
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        int nextInt = new SecureRandom().nextInt();
        if (nextInt < 0) {
            nextInt *= -1;
        }
        x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(nextInt));
        x509V3CertificateGenerator.setIssuerDN(new X509Principal("CN=" + str + ", OU=None, O=None L=None, C=None"));
        x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis() - 2592000000L));
        x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + 315360000000L));
        x509V3CertificateGenerator.setSubjectDN(new X509Principal("CN=" + str + ", OU=None, O=None L=None, C=None"));
        x509V3CertificateGenerator.setPublicKey(generateKeyPair.getPublic());
        x509V3CertificateGenerator.setSignatureAlgorithm("MD5WithRSAEncryption");
        X509Certificate generateX509Certificate = x509V3CertificateGenerator.generateX509Certificate(generateKeyPair.getPrivate());
        FileOutputStream fileOutputStream = new FileOutputStream(new File(file.getParentFile(), str + ".cert").getAbsoluteFile());
        fileOutputStream.write(generateX509Certificate.getEncoded());
        fileOutputStream.close();
        keyStore.setKeyEntry(str + ".key", generateKeyPair.getPrivate(), str2.toCharArray(), new Certificate[]{generateX509Certificate});
        keyStore.setCertificateEntry(str + ".cert", generateX509Certificate);
        keyStore.store(new FileOutputStream(file), str2.toCharArray());
    }

    private static boolean keyStoreContainsCertificate(KeyStore keyStore, String str) throws Exception {
        new SubjectDnX509PrincipalExtractor();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                Certificate certificate = keyStore.getCertificate(nextElement);
                if ((certificate instanceof X509Certificate) && ((X509Certificate) certificate).getSubjectX500Principal().getName().contains(str)) {
                    return true;
                }
            }
        }
        return false;
    }
}
