package org.zowe.apiml.gateway.config;

import java.io.File;
import java.net.InetAddress;
import java.net.UnknownHostException;
import org.apache.catalina.connector.Connector;
import org.apache.coyote.http11.Http11NioProtocol;
import org.apache.tomcat.util.net.Constants;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
/* loaded from: input_file:BOOT-INF/classes/org/zowe/apiml/gateway/config/TomcatConfiguration.class */
public class TomcatConfiguration {

    @Value("${server.internal.enabled:false}")
    private boolean enableInternalPort;

    @Value("${server.internal.ssl.enabled:true}")
    private boolean enableSslOnInternal;

    @Value("${server.internal.ssl.clientAuth:want}")
    private String clientAuth;

    @Value("${server.internal.port:10017}")
    private int internalPort;

    @Value("${server.internal.ssl.keyStore:keystore/localhost/localhost.keystore.p12}")
    private String keyStorePath;

    @Value("${server.internal.ssl.keyStorePassword:password}")
    private String keyStorePassword;

    @Value("${server.internal.ssl.keyStoreType:PKCS12}")
    private String keyStoreType;

    @Value("${server.internal.ssl.keyPassword:password}")
    private String keyPassword;

    @Value("${server.internal.ssl.keyAlias:localhost}")
    private String keyAlias;

    @Value("${server.internal.ssl.trustStore:keystore/localhost/localhost.truststore.p12}")
    private String trustStorePath;

    @Value("${server.internal.ssl.trustStorePassword:password}")
    private String trustStorePassword;

    @Value("${server.internal.ssl.trustStoreType:PKCS12}")
    private String trustStoreType;

    @Value("${server.ssl.ciphers}")
    private String ciphers;

    @Value("${server.address}")
    private String address;

    @Bean
    public ServletWebServerFactory servletContainer() throws UnknownHostException {
        System.setProperty("org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH", "true");
        TomcatServletWebServerFactory tomcatServletWebServerFactory = new TomcatServletWebServerFactory();
        tomcatServletWebServerFactory.setProtocol("org.apache.coyote.http11.Http11NioProtocol");
        if (this.enableInternalPort) {
            tomcatServletWebServerFactory.addAdditionalTomcatConnectors(createSslConnector());
        }
        return tomcatServletWebServerFactory;
    }

    private Connector createSslConnector() throws UnknownHostException {
        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        Http11NioProtocol http11NioProtocol = (Http11NioProtocol) connector.getProtocolHandler();
        connector.setPort(this.internalPort);
        if (this.enableSslOnInternal) {
            connector.setScheme("https");
            connector.setSecure(true);
            http11NioProtocol.setSSLEnabled(true);
            http11NioProtocol.setSslEnabledProtocols(Constants.SSL_PROTO_TLSv1_2);
            http11NioProtocol.setSSLHonorCipherOrder(true);
            http11NioProtocol.setCiphers(this.ciphers);
            http11NioProtocol.setClientAuth(this.clientAuth);
            http11NioProtocol.setAddress(InetAddress.getByName(this.address));
            File file = new File(this.keyStorePath);
            File file2 = new File(this.trustStorePath);
            http11NioProtocol.setKeystoreFile(file.getAbsolutePath());
            http11NioProtocol.setKeystorePass(this.keyStorePassword);
            http11NioProtocol.setKeystoreType(this.keyStoreType);
            http11NioProtocol.setTruststoreFile(file2.getAbsolutePath());
            http11NioProtocol.setTruststorePass(this.trustStorePassword);
            http11NioProtocol.setTruststoreType(this.trustStoreType);
            http11NioProtocol.setKeyAlias(this.keyAlias);
            http11NioProtocol.setKeyPass(this.keyPassword);
        } else {
            connector.setScheme("http");
            connector.setSecure(false);
        }
        return connector;
    }
}
