package org.jivesoftware.openfire.container;

import java.io.File;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import org.apache.jasper.servlet.JasperInitializer;
import org.apache.tomcat.InstanceManager;
import org.apache.tomcat.SimpleInstanceManager;
import org.eclipse.jetty.annotations.AnnotationConfiguration;
import org.eclipse.jetty.annotations.ServletContainerInitializersStarter;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.plus.annotation.ContainerInitializer;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.ContextHandlerCollection;
import org.eclipse.jetty.server.handler.DefaultHandler;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.spdy.server.http.HTTPSPDYServerConnector;
import org.eclipse.jetty.util.URIUtil;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.eclipse.jetty.webapp.WebAppContext;
import org.jivesoftware.openfire.JMXManager;
import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.keystore.IdentityStore;
import org.jivesoftware.openfire.spi.ConnectionManagerImpl;
import org.jivesoftware.openfire.spi.ConnectionType;
import org.jivesoftware.openfire.spi.EncryptionArtifactFactory;
import org.jivesoftware.util.CertificateEventListener;
import org.jivesoftware.util.CertificateManager;
import org.jivesoftware.util.JiveGlobals;
import org.jivesoftware.util.LocaleUtils;
import org.jivesoftware.util.StringUtils;
import org.logicalcobwebs.proxool.ProxoolConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jivesoftware/openfire/container/AdminConsolePlugin.class */
public class AdminConsolePlugin implements Plugin {
    private static final Logger Log = LoggerFactory.getLogger(AdminConsolePlugin.class);
    public static final String secret = StringUtils.randomString(64);
    private int adminPort;
    private int adminSecurePort;
    private Server adminServer;
    private CertificateEventListener certificateListener;
    private File pluginDir;
    private boolean restartNeeded = false;
    private boolean sslEnabled = false;
    private ContextHandlerCollection contexts = new ContextHandlerCollection();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jivesoftware/openfire/container/AdminConsolePlugin$CertificateListener.class */
    public class CertificateListener implements CertificateEventListener {
        private CertificateListener() {
        }

        @Override // org.jivesoftware.util.CertificateEventListener
        public void certificateCreated(KeyStore keyStore, String str, X509Certificate x509Certificate) {
            if ("RSA".equals(x509Certificate.getPublicKey().getAlgorithm())) {
                AdminConsolePlugin.this.restartNeeded = true;
            }
        }

        @Override // org.jivesoftware.util.CertificateEventListener
        public void certificateDeleted(KeyStore keyStore, String str) {
            AdminConsolePlugin.this.restartNeeded = true;
        }

        @Override // org.jivesoftware.util.CertificateEventListener
        public void certificateSigned(KeyStore keyStore, String str, List<X509Certificate> list) {
            if ("RSA".equals(list.get(0).getPublicKey().getAlgorithm())) {
                AdminConsolePlugin.this.restartNeeded = true;
            }
        }
    }

    public void startup() {
        ServerConnector serverConnector;
        this.restartNeeded = false;
        this.certificateListener = new CertificateListener();
        CertificateManager.addListener(this.certificateListener);
        int xMLProperty = JiveGlobals.getXMLProperty("adminConsole.serverThreads", 2);
        this.adminPort = JiveGlobals.getXMLProperty("adminConsole.port", 9090);
        this.adminSecurePort = JiveGlobals.getXMLProperty("adminConsole.securePort", 9091);
        QueuedThreadPool queuedThreadPool = new QueuedThreadPool();
        queuedThreadPool.setName("Jetty-QTP-AdminConsole");
        this.adminServer = new Server(queuedThreadPool);
        if (JMXManager.isEnabled()) {
            this.adminServer.addBean(JMXManager.getInstance().getContainer());
        }
        if (this.adminPort > 0) {
            HttpConfiguration httpConfiguration = new HttpConfiguration();
            httpConfiguration.setSendServerVersion(false);
            ServerConnector serverConnector2 = new ServerConnector(this.adminServer, null, null, null, -1, xMLProperty, new HttpConnectionFactory(httpConfiguration));
            serverConnector2.setHost(getBindInterface());
            serverConnector2.setPort(this.adminPort);
            this.adminServer.addConnector(serverConnector2);
        }
        this.sslEnabled = false;
        try {
            IdentityStore identityStore = null;
            if (XMPPServer.getInstance().getCertificateStoreManager() == null) {
                Log.warn("Admin console: CertifcateStoreManager has not been initialized yet. HTTPS will be unavailable.");
            } else {
                identityStore = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore(ConnectionType.WEBADMIN);
            }
            if (identityStore != null && this.adminSecurePort > 0) {
                if (identityStore.getAllCertificates().isEmpty()) {
                    Log.warn("Admin console: Identity store does not have any certificates. HTTPS will be unavailable.");
                } else {
                    if (!identityStore.containsDomainCertificate("RSA")) {
                        Log.warn("Admin console: Using RSA certificates but they are not valid for the hosted domain");
                    }
                    SslContextFactory sslContextFactory = new EncryptionArtifactFactory(((ConnectionManagerImpl) XMPPServer.getInstance().getConnectionManager()).getListener(ConnectionType.WEBADMIN, true).generateConnectionConfiguration()).getSslContextFactory();
                    if ("npn".equals(JiveGlobals.getXMLProperty("spdy.protocol", ""))) {
                        serverConnector = new HTTPSPDYServerConnector(this.adminServer, sslContextFactory);
                    } else {
                        HttpConfiguration httpConfiguration2 = new HttpConfiguration();
                        httpConfiguration2.setSendServerVersion(false);
                        httpConfiguration2.setSecureScheme(URIUtil.HTTPS);
                        httpConfiguration2.setSecurePort(this.adminSecurePort);
                        httpConfiguration2.addCustomizer(new SecureRequestCustomizer());
                        serverConnector = new ServerConnector(this.adminServer, null, null, null, -1, xMLProperty, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.toString()), new HttpConnectionFactory(httpConfiguration2));
                    }
                    serverConnector.setHost(getBindInterface());
                    serverConnector.setPort(this.adminSecurePort);
                    this.adminServer.addConnector(serverConnector);
                    this.sslEnabled = true;
                }
            }
        } catch (Exception e) {
            Log.error("An exception occurred while trying to make available the admin console via HTTPS.", (Throwable) e);
        }
        if (this.adminServer.getConnectors() == null || this.adminServer.getConnectors().length == 0) {
            this.adminServer = null;
            log(LocaleUtils.getLocalizedString("admin.console.warning"));
            return;
        }
        HandlerCollection handlerCollection = new HandlerCollection();
        this.adminServer.setHandler(handlerCollection);
        handlerCollection.setHandlers(new Handler[]{this.contexts, new DefaultHandler()});
        try {
            this.adminServer.start();
            logAdminConsolePorts();
        } catch (Exception e2) {
            Log.error("Could not start admin console server", (Throwable) e2);
        }
    }

    public void shutdown() {
        if (this.certificateListener != null) {
            CertificateManager.removeListener(this.certificateListener);
        }
        try {
            if (this.adminServer != null && this.adminServer.isRunning()) {
                this.adminServer.stop();
            }
        } catch (Exception e) {
            Log.error("Error stopping admin console server", (Throwable) e);
        }
        this.adminServer = null;
    }

    @Override // org.jivesoftware.openfire.container.Plugin
    public void initializePlugin(PluginManager pluginManager, File file) {
        this.pluginDir = file;
        createWebAppContext();
        startup();
    }

    @Override // org.jivesoftware.openfire.container.Plugin
    public void destroyPlugin() {
        shutdown();
    }

    public boolean isRestartNeeded() {
        return this.restartNeeded;
    }

    public String getBindInterface() {
        String xMLProperty = JiveGlobals.getXMLProperty("adminConsole.interface");
        String xMLProperty2 = JiveGlobals.getXMLProperty("network.interface");
        String str = null;
        if (xMLProperty != null && xMLProperty.trim().length() > 0) {
            str = xMLProperty;
        } else if (xMLProperty2 != null && xMLProperty2.trim().length() > 0) {
            str = xMLProperty2;
        }
        return str;
    }

    public int getAdminUnsecurePort() {
        return this.adminPort;
    }

    public int getAdminSecurePort() {
        if (this.sslEnabled) {
            return this.adminSecurePort;
        }
        return 0;
    }

    public ContextHandlerCollection getContexts() {
        return this.contexts;
    }

    public void restart() {
        try {
            this.adminServer.stop();
            this.adminServer.start();
        } catch (Exception e) {
            Log.error("An exception occurred while restarting the admin console:", (Throwable) e);
        }
    }

    private void createWebAppContext() {
        WebAppContext webAppContext;
        boolean z = Boolean.getBoolean("developmentMode");
        if (z) {
            System.out.println(LocaleUtils.getLocalizedString("admin.console.devmode"));
            webAppContext = new WebAppContext(this.contexts, this.pluginDir.getParentFile().getParentFile().getParentFile().getParent() + File.separator + "src" + File.separator + "web", "/");
        } else {
            webAppContext = new WebAppContext(this.contexts, this.pluginDir.getAbsoluteFile() + File.separator + "webapp", "/");
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(new ContainerInitializer(new JasperInitializer(), (Class<?>[]) null));
        webAppContext.setAttribute(AnnotationConfiguration.CONTAINER_INITIALIZERS, arrayList);
        webAppContext.setAttribute(InstanceManager.class.getName(), new SimpleInstanceManager());
        webAppContext.setWelcomeFiles(new String[]{"index.html"});
        if (z) {
            webAppContext.addBean((Object) new ServletContainerInitializersStarter(webAppContext), true);
        }
    }

    private void log(String str) {
        Log.info(str);
        System.out.println(str);
    }

    private void logAdminConsolePorts() {
        String localizedString = LocaleUtils.getLocalizedString("admin.console.listening");
        String xMPPDomain = getBindInterface() == null ? XMPPServer.getInstance().getServerInfo().getXMPPDomain() : getBindInterface();
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        for (Connector connector : this.adminServer.getConnectors()) {
            if (((ServerConnector) connector).getPort() == this.adminPort) {
                z = true;
            } else if (((ServerConnector) connector).getPort() == this.adminSecurePort) {
                z2 = true;
            }
            if (connector instanceof HTTPSPDYServerConnector) {
                z3 = true;
            }
        }
        if (z && z2) {
            log(localizedString + ProxoolConstants.URL_DELIMITER + System.getProperty("line.separator") + "  http://" + xMPPDomain + ProxoolConstants.URL_DELIMITER + this.adminPort + System.getProperty("line.separator") + "  https://" + xMPPDomain + ProxoolConstants.URL_DELIMITER + this.adminSecurePort + (z3 ? " (SPDY)" : ""));
        } else if (z2) {
            log(localizedString + " https://" + xMPPDomain + ProxoolConstants.URL_DELIMITER + this.adminSecurePort + (z3 ? " (SPDY)" : ""));
        } else if (z) {
            log(localizedString + " http://" + xMPPDomain + ProxoolConstants.URL_DELIMITER + this.adminPort);
        }
    }
}
