package org.opensearch.performanceanalyzer;

import com.google.common.annotations.VisibleForTesting;
import com.sun.net.httpserver.HttpServer;
import com.sun.net.httpserver.HttpsConfigurator;
import com.sun.net.httpserver.HttpsParameters;
import com.sun.net.httpserver.HttpsServer;
import java.net.BindException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.security.KeyStore;
import java.security.Security;
import java.util.concurrent.Executors;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:org/opensearch/performanceanalyzer/PerformanceAnalyzerWebServer.class */
public class PerformanceAnalyzerWebServer {
    private static final Logger LOG = LogManager.getLogger(PerformanceAnalyzerWebServer.class);

    @VisibleForTesting
    public static final String WEBSERVICE_BIND_HOST_NAME = "webservice-bind-host";
    private static final int INCOMING_QUEUE_LENGTH = 1;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opensearch/performanceanalyzer/PerformanceAnalyzerWebServer$ClientAuthConfigurator.class */
    public static class ClientAuthConfigurator extends HttpsConfigurator {
        public ClientAuthConfigurator(SSLContext sSLContext) {
            super(sSLContext);
        }

        public void configure(HttpsParameters httpsParameters) {
            SSLParameters defaultSSLParameters = getSSLContext().getDefaultSSLParameters();
            if (CertificateUtils.getTrustedCasFile() == null) {
                PerformanceAnalyzerWebServer.LOG.debug("Not enabling client auth");
                super.configure(httpsParameters);
                return;
            }
            PerformanceAnalyzerWebServer.LOG.debug("Enabling client auth");
            SSLEngine createSSLEngine = getSSLContext().createSSLEngine();
            defaultSSLParameters.setNeedClientAuth(true);
            defaultSSLParameters.setCipherSuites(createSSLEngine.getEnabledCipherSuites());
            defaultSSLParameters.setProtocols(createSSLEngine.getEnabledProtocols());
            httpsParameters.setSSLParameters(defaultSSLParameters);
        }
    }

    public static HttpServer createInternalServer(int i, String str, boolean z) {
        try {
            Security.addProvider(new BouncyCastleProvider());
            HttpServer createHttpsServer = z ? createHttpsServer(i, str) : createHttpServer(i, str);
            createHttpsServer.setExecutor(Executors.newCachedThreadPool());
            return createHttpsServer;
        } catch (BindException e) {
            LOG.error("Could not create HttpServer on port {}", Integer.valueOf(i), e);
            Runtime.getRuntime().halt(1);
            return null;
        } catch (Exception e2) {
            LOG.error("Unable to create HttpServer", e2);
            Runtime.getRuntime().halt(1);
            return null;
        }
    }

    private static HttpServer createHttpsServer(int i, String str) throws Exception {
        HttpsServer create;
        if (str == null || str.trim().isEmpty()) {
            LOG.info("Value Not Configured for: {} Using default value: binding only to local interface", WEBSERVICE_BIND_HOST_NAME);
            create = HttpsServer.create(new InetSocketAddress(InetAddress.getLoopbackAddress(), i), 1);
        } else {
            LOG.info("Binding to Interface: {}", str);
            create = HttpsServer.create(new InetSocketAddress(InetAddress.getByName(str.trim()), i), 1);
        }
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        KeyStore createKeyStore = CertificateUtils.createKeyStore();
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("NewSunX509");
        keyManagerFactory.init(createKeyStore, CertificateUtils.IN_MEMORY_PWD.toCharArray());
        sSLContext.init(keyManagerFactory.getKeyManagers(), CertificateUtils.getTrustManagers(true), null);
        create.setHttpsConfigurator(new ClientAuthConfigurator(sSLContext));
        try {
            LOG.debug("Setting default SSLSocketFactory...");
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
            LOG.debug("Default SSLSocketFactory set successfully");
            HostnameVerifier hostnameVerifier = (str2, sSLSession) -> {
                return true;
            };
            LOG.debug("Setting default HostnameVerifier...");
            HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
            LOG.debug("Default HostnameVerifier set successfully");
        } catch (Exception e) {
            LOG.warn("Exception while trying to set URLConnection defaults", e);
        }
        return create;
    }

    private static HttpServer createHttpServer(int i, String str) throws Exception {
        HttpServer create;
        if (str == null || str.trim().isEmpty()) {
            LOG.info("Value Not Configured for: {} Using default value: binding only to local interface", WEBSERVICE_BIND_HOST_NAME);
            create = HttpServer.create(new InetSocketAddress(InetAddress.getLoopbackAddress(), i), 1);
        } else {
            LOG.info("Binding to Interface: {}", str);
            create = HttpServer.create(new InetSocketAddress(InetAddress.getByName(str.trim()), i), 1);
        }
        return create;
    }
}
