package co.codewizards.cloudstore.server;

import ch.qos.logback.classic.LoggerContext;
import ch.qos.logback.classic.joran.JoranConfigurator;
import ch.qos.logback.core.joran.spi.JoranException;
import ch.qos.logback.core.util.StatusPrinter;
import co.codewizards.cloudstore.core.Uid;
import co.codewizards.cloudstore.core.appid.AppIdRegistry;
import co.codewizards.cloudstore.core.auth.BouncyCastleRegistrationUtil;
import co.codewizards.cloudstore.core.chronos.ChronosUtil;
import co.codewizards.cloudstore.core.config.ConfigDir;
import co.codewizards.cloudstore.core.config.ConfigImpl;
import co.codewizards.cloudstore.core.io.StreamUtil;
import co.codewizards.cloudstore.core.oio.File;
import co.codewizards.cloudstore.core.oio.OioFileFactory;
import co.codewizards.cloudstore.core.util.DebugUtil;
import co.codewizards.cloudstore.core.util.DerbyUtil;
import co.codewizards.cloudstore.core.util.HashUtil;
import co.codewizards.cloudstore.core.util.MainArgsUtil;
import co.codewizards.cloudstore.core.util.Util;
import co.codewizards.cloudstore.ls.server.LocalServer;
import co.codewizards.cloudstore.rest.server.CloudStoreRest;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicBoolean;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.eclipse.jetty.util.thread.ScheduledExecutorScheduler;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.servlet.ServletContainer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:co/codewizards/cloudstore/server/CloudStoreServer.class */
public class CloudStoreServer implements Runnable {
    public static final String CONFIG_KEY_SECURE_PORT = "server.securePort";
    private static final int DEFAULT_SECURE_PORT = 8443;
    private static final String CERTIFICATE_ALIAS = "CloudStoreServer";
    private static final String CERTIFICATE_COMMON_NAME = "CloudStoreServer";
    private File keyStoreFile;
    private int securePort;
    private Server server;
    private CloudStoreUpdaterTimer updaterTimer;
    private static final Logger logger = LoggerFactory.getLogger(CloudStoreServer.class);
    private static Class<? extends CloudStoreServer> cloudStoreServerClass = CloudStoreServer.class;
    private static final String KEY_STORE_PASSWORD_STRING = "CloudStore-key-store";
    private static final char[] KEY_STORE_PASSWORD_CHAR_ARRAY = KEY_STORE_PASSWORD_STRING.toCharArray();
    private static final String KEY_PASSWORD_STRING = "CloudStore-private-key";
    private static final char[] KEY_PASSWORD_CHAR_ARRAY = KEY_PASSWORD_STRING.toCharArray();
    public final Uid instanceId = new Uid();
    private final SecureRandom random = new SecureRandom();
    private final AtomicBoolean running = new AtomicBoolean();

    public static void main(String[] strArr) throws Exception {
        String[] extractAndApplySystemPropertiesReturnOthers = MainArgsUtil.extractAndApplySystemPropertiesReturnOthers(strArr);
        initLogging();
        try {
            createCloudStoreServer(extractAndApplySystemPropertiesReturnOthers).run();
        } catch (Throwable th) {
            logger.error(th.toString(), th);
            System.exit(999);
        }
    }

    public CloudStoreServer(String... strArr) {
        logger.debug("[{}].<init>", this.instanceId);
        BouncyCastleRegistrationUtil.registerBouncyCastleIfNeeded();
    }

    protected static Constructor<? extends CloudStoreServer> getCloudStoreServerConstructor() throws NoSuchMethodException, SecurityException {
        return getCloudStoreServerClass().getConstructor(String[].class);
    }

    protected static CloudStoreServer createCloudStoreServer(String[] strArr) throws NoSuchMethodException, SecurityException, InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException {
        return getCloudStoreServerConstructor().newInstance(strArr);
    }

    protected static Class<? extends CloudStoreServer> getCloudStoreServerClass() {
        return cloudStoreServerClass;
    }

    protected static void setCloudStoreServerClass(Class<? extends CloudStoreServer> cls) {
        Objects.requireNonNull(cls, "cloudStoreServerClass");
        cloudStoreServerClass = cls;
    }

    @Override // java.lang.Runnable
    public void run() {
        LocalServer createLocalServer;
        logger.debug("[{}].run: entered. securePort={}", this.instanceId, Integer.valueOf(getSecurePort()));
        if (!this.running.compareAndSet(false, true)) {
            logger.error("[{}].run: Server is already running!", this.instanceId);
            throw new IllegalStateException(String.format("Server [%s] is already running!", this.instanceId));
        }
        LocalServer localServer = null;
        try {
            try {
                try {
                    initKeyStore();
                    synchronized (this) {
                        createLocalServer = createLocalServer();
                        if (!createLocalServer.start()) {
                            createLocalServer = null;
                        }
                        this.server = createServer();
                        logger.debug("[{}].run: Starting server (securePort={})...", this.instanceId, Integer.valueOf(getSecurePort()));
                        this.server.start();
                        this.updaterTimer = createUpdaterTimer();
                        this.updaterTimer.start();
                    }
                    logger.debug("[{}].run: before server.join()...", this.instanceId);
                    this.server.join();
                    logger.debug("[{}].run: after server.join().", this.instanceId);
                    logger.debug("[{}].run: entered finally-block.", this.instanceId);
                    synchronized (this) {
                        if (createLocalServer != null) {
                            try {
                                createLocalServer.stop();
                            } catch (Exception e) {
                                logger.warn("localServer.stop() failed: " + e, e);
                            }
                        }
                        this.server = null;
                    }
                    this.running.set(false);
                    logger.debug("[{}].run: leaving finally-block.", this.instanceId);
                } catch (RuntimeException e2) {
                    logger.error("[{}].run: failed: {}", this.instanceId, e2);
                    throw e2;
                }
            } catch (Exception e3) {
                logger.error("[{}].run: failed: {}", this.instanceId, e3);
                throw new RuntimeException(e3);
            }
        } catch (Throwable th) {
            logger.debug("[{}].run: entered finally-block.", this.instanceId);
            synchronized (this) {
                if (0 != 0) {
                    try {
                        localServer.stop();
                    } catch (Exception e4) {
                        logger.warn("localServer.stop() failed: " + e4, e4);
                    }
                }
                this.server = null;
                this.running.set(false);
                logger.debug("[{}].run: leaving finally-block.", this.instanceId);
                throw th;
            }
        }
    }

    protected CloudStoreUpdaterTimer createUpdaterTimer() {
        return new CloudStoreUpdaterTimer();
    }

    protected LocalServer createLocalServer() {
        return new LocalServer();
    }

    public synchronized void stop() {
        if (this.updaterTimer != null) {
            this.updaterTimer.stop();
        }
        if (this.server != null) {
            try {
                this.server.stop();
            } catch (Exception e) {
                throw new RuntimeException();
            }
        }
    }

    public synchronized File getKeyStoreFile() {
        if (this.keyStoreFile == null) {
            File createFile = OioFileFactory.createFile(ConfigDir.getInstance().getFile(), new String[]{"ssl.server"});
            if (!createFile.isDirectory()) {
                createFile.mkdirs();
            }
            if (!createFile.isDirectory()) {
                throw new IllegalStateException("Could not create directory: " + createFile);
            }
            this.keyStoreFile = OioFileFactory.createFile(createFile, new String[]{"keystore"});
        }
        return this.keyStoreFile;
    }

    public synchronized void setKeyStoreFile(File file) {
        assertNotRunning();
        this.keyStoreFile = file;
    }

    public synchronized int getSecurePort() {
        if (this.securePort <= 0) {
            this.securePort = ConfigImpl.getInstance().getPropertyAsInt(CONFIG_KEY_SECURE_PORT, DEFAULT_SECURE_PORT);
            if (this.securePort < 1 || this.securePort > 65535) {
                logger.warn("Config key '{}' is set to the value '{}' which is out of range for a port number. Falling back to default port {}.", new Object[]{CONFIG_KEY_SECURE_PORT, Integer.valueOf(this.securePort), Integer.valueOf(DEFAULT_SECURE_PORT)});
                this.securePort = DEFAULT_SECURE_PORT;
            }
        }
        return this.securePort;
    }

    public synchronized void setSecurePort(int i) {
        assertNotRunning();
        this.securePort = i;
    }

    private void assertNotRunning() {
        if (this.running.get()) {
            throw new IllegalStateException("Server is already running.");
        }
    }

    private void initKeyStore() throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, InvalidKeyException, SecurityException, SignatureException, NoSuchProviderException, UnrecoverableEntryException {
        if (!getKeyStoreFile().exists()) {
            logger.info("initKeyStore: keyStoreFile='{}' does not exist!", getKeyStoreFile());
            logger.info("initKeyStore: Creating RSA key pair (this might take a while)...");
            System.out.println("**********************************************************************");
            System.out.println("There is no key, yet. Creating a new RSA key pair, now. This might");
            System.out.println("take a while (a few seconds up to a few minutes). Please be patient!");
            System.out.println("**********************************************************************");
            long nowAsMillis = ChronosUtil.nowAsMillis();
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, KEY_STORE_PASSWORD_CHAR_ARRAY);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(4096, this.random);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
            x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(new SecureRandom().nextLong()).abs());
            x509V3CertificateGenerator.setIssuerDN(new X509Principal("CN=CloudStoreServer, OU=None, O=None, C=None"));
            x509V3CertificateGenerator.setNotBefore(new Date(ChronosUtil.nowAsMillis() - 259200000));
            x509V3CertificateGenerator.setNotAfter(new Date(ChronosUtil.nowAsMillis() + 315360000000L));
            x509V3CertificateGenerator.setSubjectDN(new X509Principal("CN=CloudStoreServer, OU=None, O=None, C=None"));
            x509V3CertificateGenerator.setPublicKey(generateKeyPair.getPublic());
            x509V3CertificateGenerator.setSignatureAlgorithm("SHA1WithRSAEncryption");
            keyStore.setEntry("CloudStoreServer", new KeyStore.PrivateKeyEntry(generateKeyPair.getPrivate(), new Certificate[]{x509V3CertificateGenerator.generateX509Certificate(generateKeyPair.getPrivate())}), new KeyStore.PasswordProtection(KEY_PASSWORD_CHAR_ARRAY));
            OutputStream castStream = StreamUtil.castStream(getKeyStoreFile().createOutputStream());
            try {
                keyStore.store(castStream, KEY_STORE_PASSWORD_CHAR_ARRAY);
                castStream.close();
                long nowAsMillis2 = ChronosUtil.nowAsMillis() - nowAsMillis;
                logger.info("initKeyStore: Creating RSA key pair took {} ms.", Long.valueOf(nowAsMillis2));
                System.out.println(String.format("Generating a new RSA key pair took %s ms.", Long.valueOf(nowAsMillis2)));
            } catch (Throwable th) {
                castStream.close();
                throw th;
            }
        }
        KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
        InputStream castStream2 = StreamUtil.castStream(getKeyStoreFile().createInputStream());
        try {
            keyStore2.load(castStream2, KEY_STORE_PASSWORD_CHAR_ARRAY);
            castStream2.close();
            String sha1ForHuman = HashUtil.sha1ForHuman(((X509Certificate) keyStore2.getCertificate("CloudStoreServer")).getEncoded());
            System.out.println("**********************************************************************");
            System.out.println("Server certificate fingerprint (SHA1):");
            System.out.println();
            System.out.println("    " + sha1ForHuman);
            System.out.println();
            System.out.println("Use this fingerprint to verify on the client-side, whether you're");
            System.out.println("really talking to this server. If the client shows you a different");
            System.out.println("value, someone is tampering with your connection!");
            System.out.println();
            System.out.println("Please keep this fingerprint at a safe place. You'll need it whenever");
            System.out.println("one of your clients connects to this server for the first time.");
            System.out.println("**********************************************************************");
            logger.info("initKeyStore: RSA fingerprint (SHA1): {}", sha1ForHuman);
        } catch (Throwable th2) {
            castStream2.close();
            throw th2;
        }
    }

    protected Server createServer() {
        logger.debug("[{}].createServer: securePort={}", this.instanceId, Integer.valueOf(getSecurePort()));
        QueuedThreadPool queuedThreadPool = new QueuedThreadPool();
        queuedThreadPool.setMaxThreads(500);
        Server server = new Server(queuedThreadPool);
        server.addBean(new ScheduledExecutorScheduler());
        HttpConfiguration createHttpConfigurationForHTTP = createHttpConfigurationForHTTP();
        server.setHandler(createServletContextHandler());
        server.setDumpAfterStart(false);
        server.setDumpBeforeStop(false);
        server.setStopAtShutdown(true);
        server.addConnector(createServerConnectorForHTTPS(server, createHttpConfigurationForHTTPS(createHttpConfigurationForHTTP)));
        return server;
    }

    private HttpConfiguration createHttpConfigurationForHTTP() {
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setSecureScheme("https");
        httpConfiguration.setSecurePort(getSecurePort());
        httpConfiguration.setOutputBufferSize(32768);
        httpConfiguration.setRequestHeaderSize(8192);
        httpConfiguration.setResponseHeaderSize(8192);
        httpConfiguration.setSendServerVersion(true);
        httpConfiguration.setSendDateHeader(false);
        return httpConfiguration;
    }

    private HttpConfiguration createHttpConfigurationForHTTPS(HttpConfiguration httpConfiguration) {
        HttpConfiguration httpConfiguration2 = new HttpConfiguration(httpConfiguration);
        httpConfiguration2.addCustomizer(new SecureRequestCustomizer());
        return httpConfiguration2;
    }

    private ServletContextHandler createServletContextHandler() {
        ServletContextHandler servletContextHandler = new ServletContextHandler(1);
        servletContextHandler.setContextPath("/");
        servletContextHandler.addServlet(new ServletHolder(new ServletContainer((ResourceConfig) Objects.requireNonNull(createResourceConfig(), "createResourceConfig()"))), "/*");
        return servletContextHandler;
    }

    protected ResourceConfig createResourceConfig() {
        return new CloudStoreRest();
    }

    private ServerConnector createServerConnectorForHTTPS(Server server, HttpConfiguration httpConfiguration) {
        SslContextFactory sslContextFactory = new SslContextFactory();
        sslContextFactory.setKeyStorePath(getKeyStoreFile().getPath());
        sslContextFactory.setKeyStorePassword(KEY_STORE_PASSWORD_STRING);
        sslContextFactory.setKeyManagerPassword(KEY_PASSWORD_STRING);
        sslContextFactory.setTrustStorePath(getKeyStoreFile().getPath());
        sslContextFactory.setTrustStorePassword(KEY_STORE_PASSWORD_STRING);
        sslContextFactory.setExcludeCipherSuites(new String[]{".*RC4.*", ".*DES.*"});
        ServerConnector serverConnector = new ServerConnector(server, new ConnectionFactory[]{new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpConfiguration)});
        serverConnector.setPort(getSecurePort());
        return serverConnector;
    }

    private static void initLogging() throws IOException, JoranException {
        DerbyUtil.setLogFile(OioFileFactory.createFile(ConfigDir.getInstance().getLogDir(), new String[]{"derby.log"}));
        File createFile = OioFileFactory.createFile(ConfigDir.getInstance().getFile(), new String[]{"logback.server.xml"});
        if (!createFile.exists()) {
            AppIdRegistry.getInstance().copyResourceResolvingAppId(CloudStoreServer.class, "logback.server.xml", createFile);
        }
        LoggerContext iLoggerFactory = LoggerFactory.getILoggerFactory();
        try {
            JoranConfigurator joranConfigurator = new JoranConfigurator();
            joranConfigurator.setContext(iLoggerFactory);
            iLoggerFactory.reset();
            joranConfigurator.doConfigure(createFile.getIoFile());
        } catch (JoranException e) {
            Util.doNothing();
        }
        StatusPrinter.printInCaseOfErrorsOrWarnings(iLoggerFactory);
        DebugUtil.logSystemProperties();
    }
}
