package org.zowe.apiml.product.web;

import java.lang.reflect.Field;
import java.util.Arrays;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.tomcat.TomcatConnectorCustomizer;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/apiml-tomcat-common-2.18.0.jar:org/zowe/apiml/product/web/TomcatKeyringFix.class */
public class TomcatKeyringFix implements TomcatConnectorCustomizer {
    private static final Pattern KEYRING_PATTERN = Pattern.compile("^(safkeyring[^:]*):/{2,4}([^/]+)/(.+)$");
    private static final String KEYRING_PASSWORD = "password";

    @Value("${server.ssl.keyStore:#{null}}")
    protected String keyStore;

    @Value("${server.ssl.keyStorePassword:#{null}}")
    protected char[] keyStorePassword;

    @Value("${server.ssl.keyPassword:#{null}}")
    protected char[] keyPassword;

    @Value("${server.ssl.trustStore:#{null}}")
    protected String trustStore;

    @Value("${server.ssl.trustStorePassword:#{null}}")
    protected char[] trustStorePassword;

    void fixDefaultCertificate(SSLHostConfig sSLHostConfig) {
        Set<SSLHostConfigCertificate> certificates = sSLHostConfig.getCertificates();
        if (certificates.isEmpty()) {
            return;
        }
        try {
            Field declaredField = sSLHostConfig.getClass().getDeclaredField("defaultCertificate");
            declaredField.setAccessible(true);
            if (declaredField.get(sSLHostConfig) == null) {
                declaredField.set(sSLHostConfig, certificates.iterator().next());
            }
        } catch (IllegalAccessException | NoSuchFieldException e) {
            throw new IllegalStateException("Cannot update Tomcat SSL context", e);
        }
    }

    boolean isKeyring(String str) {
        if (str == null) {
            return false;
        }
        return KEYRING_PATTERN.matcher(str).matches();
    }

    static String formatKeyringUrl(String str) {
        if (str == null) {
            return null;
        }
        Matcher matcher = KEYRING_PATTERN.matcher(str);
        if (matcher.matches()) {
            str = matcher.group(1) + "://" + matcher.group(2) + "/" + matcher.group(3);
        }
        return str;
    }

    @Override // org.springframework.boot.web.embedded.tomcat.TomcatConnectorCustomizer
    public void customize(Connector connector) {
        Arrays.stream(connector.findSslHostConfigs()).forEach(sSLHostConfig -> {
            fixDefaultCertificate(sSLHostConfig);
            if (isKeyring(this.keyStore)) {
                sSLHostConfig.setCertificateKeystoreFile(formatKeyringUrl(this.keyStore));
                if (this.keyStorePassword == null) {
                    sSLHostConfig.setCertificateKeystorePassword("password");
                }
                if (this.keyPassword == null) {
                    sSLHostConfig.setCertificateKeyPassword("password");
                }
            }
            if (isKeyring(this.trustStore)) {
                sSLHostConfig.setTruststoreFile(formatKeyringUrl(this.trustStore));
                if (this.trustStorePassword == null) {
                    sSLHostConfig.setTruststorePassword("password");
                }
            }
        });
    }
}
