package de.jens98.clansystem.utils.certificates;

import ch.qos.logback.core.net.ssl.SSL;
import de.jens98.clansystem.ClanSystem;
import de.jens98.clansystem.utils.api.rest.routes.filter.BearerTokenAuthFilter;
import de.jens98.clansystem.utils.api.rest.routes.plugin.GET_ClanInfo;
import de.jens98.clansystem.utils.api.rest.routes.plugin.GET_UserInfo;
import de.jens98.clansystem.utils.config.ConfigPath;
import de.jens98.clansystem.utils.config.defaults.DefaultConfig;
import de.jens98.clansystem.utils.logs.LogMessage;
import de.jens98.clansystem.utils.logs.LogType;
import jakarta.servlet.DispatcherType;
import java.io.File;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.URI;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.EnumSet;
import javax.security.auth.x500.X500Principal;
import me.minidigger.minimessage.text.Constants;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.URIUtil;
import org.eclipse.jetty.util.ssl.SslContextFactory;

/* loaded from: input_file:de/jens98/clansystem/utils/certificates/CertificateManager.class */
public class CertificateManager {
    private static Server server;
    private static Thread serverThread;

    public static X509Certificate generateSelfSignedCertificate(KeyPair keyPair) throws Exception {
        long currentTimeMillis = System.currentTimeMillis();
        Date date = new Date(currentTimeMillis);
        Date date2 = new Date(currentTimeMillis + 31536000000L);
        BigInteger bigInteger = new BigInteger(128, new SecureRandom());
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.setSerialNumber(bigInteger);
        x509V3CertificateGenerator.setSubjectDN(new X500Principal("CN=0.0.0.0"));
        x509V3CertificateGenerator.setIssuerDN(new X500Principal("CN=0.0.0.0"));
        x509V3CertificateGenerator.setNotBefore(date);
        x509V3CertificateGenerator.setNotAfter(date2);
        x509V3CertificateGenerator.setPublicKey(keyPair.getPublic());
        x509V3CertificateGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption");
        return x509V3CertificateGenerator.generate(keyPair.getPrivate(), BouncyCastleProvider.PROVIDER_NAME);
    }

    private static SslContextFactory.Server getSslContextFactory() {
        SslContextFactory.Server server2 = new SslContextFactory.Server();
        File file = new File(String.valueOf(ClanSystem.getInstance().getDataFolder()) + "/certificates/keystore.jks");
        String valueOf = String.valueOf(ConfigPath.DEFAULTS_API_HTTPS_CERTIFICATE_PASSWORD.getOrElse(DefaultConfig.generateRandomPassword(8)));
        if (!file.exists()) {
            try {
                KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
                keyStore.load(null, null);
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
                keyPairGenerator.initialize(2048);
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                keyStore.setKeyEntry("selfsigned", generateKeyPair.getPrivate(), valueOf.toCharArray(), new Certificate[]{generateSelfSignedCertificate(generateKeyPair)});
                FileOutputStream fileOutputStream = new FileOutputStream(file);
                try {
                    keyStore.store(fileOutputStream, valueOf.toCharArray());
                    fileOutputStream.close();
                } finally {
                }
            } catch (Exception e) {
                e.printStackTrace();
                return null;
            }
        }
        server2.setKeyStorePath(file.getAbsolutePath());
        server2.setKeyStorePassword(valueOf);
        server2.setKeyStoreType(SSL.DEFAULT_KEYSTORE_TYPE);
        return server2;
    }

    public static void startServer() {
        if (serverThread != null && serverThread.isAlive()) {
            new LogMessage(LogType.INFO).setText("Endpoint is already started.").send();
            return;
        }
        String valueOf = String.valueOf(ConfigPath.DEFAULTS_API_AUTH_BEARER.getOrElse(DefaultConfig.generateRandomPassword(8)));
        BearerTokenAuthFilter.setValidToken(valueOf);
        serverThread = new Thread(() -> {
            try {
                server = new Server();
                HttpConfiguration httpConfiguration = new HttpConfiguration();
                httpConfiguration.setSecureScheme(URIUtil.HTTPS);
                httpConfiguration.setSecurePort(6073);
                httpConfiguration.setOutputBufferSize(32768);
                SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer();
                secureRequestCustomizer.setSniRequired(false);
                secureRequestCustomizer.setSniHostCheck(false);
                httpConfiguration.addCustomizer(secureRequestCustomizer);
                SslContextFactory.Server sslContextFactory = getSslContextFactory();
                if (sslContextFactory == null) {
                    new LogMessage(LogType.CRITICAL).setText("API Endpoint cannot be started. Error: Certificate cannot be loaded.").send();
                    Thread.currentThread().interrupt();
                    return;
                }
                ServerConnector serverConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfiguration));
                try {
                    serverConnector.setPort(Integer.parseInt(String.valueOf(ConfigPath.DEFAULTS_API_HTTPS_PORT.getOrElse("6074"))));
                    StringBuilder sb = new StringBuilder();
                    String hostIP = getHostIP();
                    serverConnector.setHost("0.0.0.0");
                    server.setConnectors(new Connector[]{serverConnector});
                    serverConnector.close();
                    ServletContextHandler servletContextHandler = new ServletContextHandler(1);
                    servletContextHandler.setContextPath("/v1/plugin");
                    servletContextHandler.addFilter(BearerTokenAuthFilter.class, "/*", (EnumSet<DispatcherType>) null);
                    server.setHandler(servletContextHandler);
                    servletContextHandler.addServlet(new ServletHolder(new GET_ClanInfo()), String.valueOf(ConfigPath.DEFAULTS_API_HTTPS_ENDPOINTS_CLAN_INFO_PATH.getOrElse("/clan/*")));
                    servletContextHandler.addServlet(new ServletHolder(new GET_UserInfo()), String.valueOf(ConfigPath.DEFAULTS_API_HTTPS_ENDPOINTS_PLAYER_INFO_PATH.getOrElse("/member/*")));
                    server.start();
                    URI uri = server.getURI();
                    sb.append("https://").append(hostIP.equalsIgnoreCase("unknown") ? uri.getHost() : "IP").append(Constants.SEPARATOR).append(uri.getPort()).append(servletContextHandler.getContextPath());
                    new LogMessage(LogType.INFO).setText("Endpoint " + String.valueOf(sb) + ". Ready for connections...").send();
                    new LogMessage(LogType.INFO).setText("Bearer token: " + valueOf).send();
                    server.join();
                } finally {
                }
            } catch (Exception e) {
                new LogMessage(LogType.CRITICAL).setText("API Endpoint cannot be started. Error: " + e.getMessage()).send();
                Thread.currentThread().interrupt();
            }
        });
        serverThread.start();
    }

    public static String getHostIP() {
        try {
            return InetAddress.getLocalHost().getHostAddress();
        } catch (Exception e) {
            return "Unknown";
        }
    }

    public static void stopServer() {
        if (server == null) {
            return;
        }
        try {
            server.stop();
            new LogMessage(LogType.INFO).setText("Endpoint stopped.").send();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
