package org.apereo.cas.web.tomcat;

import lombok.Generated;
import org.apache.catalina.connector.Connector;
import org.apache.coyote.http11.AbstractHttp11Protocol;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.x509.X509WebflowAutoConfigurationProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.boot.autoconfigure.web.servlet.ServletWebServerFactoryCustomizer;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;

/* loaded from: input_file:org/apereo/cas/web/tomcat/X509TomcatServletWebServiceFactoryCustomizer.class */
public class X509TomcatServletWebServiceFactoryCustomizer extends ServletWebServerFactoryCustomizer {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(X509TomcatServletWebServiceFactoryCustomizer.class);
    private final CasConfigurationProperties casProperties;
    private final ServerProperties serverProperties;

    public X509TomcatServletWebServiceFactoryCustomizer(ServerProperties serverProperties, CasConfigurationProperties casConfigurationProperties) {
        super(serverProperties);
        this.casProperties = casConfigurationProperties;
        this.serverProperties = serverProperties;
    }

    public void customize(ConfigurableServletWebServerFactory configurableServletWebServerFactory) {
        X509WebflowAutoConfigurationProperties webflow = this.casProperties.getAuthn().getX509().getWebflow();
        if (configurableServletWebServerFactory instanceof TomcatServletWebServerFactory) {
            TomcatServletWebServerFactory tomcatServletWebServerFactory = (TomcatServletWebServerFactory) configurableServletWebServerFactory;
            if (webflow.getPort() > 0) {
                LOGGER.debug("Creating X509 configuration for the tomcat container...");
                Connector connector = new Connector("HTTP/1.1");
                connector.setPort(webflow.getPort());
                connector.setScheme("https");
                connector.setSecure(true);
                connector.setAllowTrace(true);
                Long valueOf = Long.valueOf(this.serverProperties.getTomcat().getMaxHttpFormPostSize().toBytes());
                connector.setMaxPostSize(valueOf.intValue());
                LOGGER.debug("Configured max post size for the tomcat connector on port [{}] to be [{}]", Integer.valueOf(webflow.getPort()), valueOf);
                AbstractHttp11Protocol protocolHandler = connector.getProtocolHandler();
                protocolHandler.setSSLEnabled(true);
                Long valueOf2 = Long.valueOf(this.serverProperties.getMaxHttpRequestHeaderSize().toBytes());
                protocolHandler.setMaxHttpRequestHeaderSize(valueOf2.intValue());
                LOGGER.debug("Configured max request header size for the tomcat connector on port [{}] to be [{}]", Integer.valueOf(webflow.getPort()), valueOf2);
                Long valueOf3 = Long.valueOf(this.serverProperties.getTomcat().getMaxHttpResponseHeaderSize().toBytes());
                protocolHandler.setMaxHttpResponseHeaderSize(valueOf3.intValue());
                LOGGER.debug("Configured max response header size for the tomcat connector on port [{}] to be [{}]", Integer.valueOf(webflow.getPort()), valueOf3);
                SSLHostConfig sSLHostConfig = new SSLHostConfig();
                sSLHostConfig.setSslProtocol("TLS");
                sSLHostConfig.setHostName(protocolHandler.getDefaultSSLHostConfigName());
                sSLHostConfig.setCertificateVerification(webflow.getClientAuth());
                SSLHostConfigCertificate sSLHostConfigCertificate = new SSLHostConfigCertificate(sSLHostConfig, SSLHostConfigCertificate.Type.UNDEFINED);
                sSLHostConfigCertificate.setCertificateKeystoreFile(this.serverProperties.getSsl().getKeyStore());
                sSLHostConfigCertificate.setCertificateKeyPassword(this.serverProperties.getSsl().getKeyStorePassword());
                sSLHostConfig.setTruststoreFile(this.serverProperties.getSsl().getTrustStore());
                sSLHostConfig.setTruststorePassword(this.serverProperties.getSsl().getTrustStorePassword());
                sSLHostConfig.addCertificate(sSLHostConfigCertificate);
                protocolHandler.addSslHostConfig(sSLHostConfig);
                tomcatServletWebServerFactory.addAdditionalTomcatConnectors(new Connector[]{connector});
            }
        }
    }
}
