package de.trustable.ca3s.adcs.proxy;

import de.trustable.ca3s.adcs.proxy.config.ApplicationProperties;
import de.trustable.ca3s.adcsKeyStore.provider.LocalADCSBundleFactory;
import de.trustable.ca3s.adcsKeyStore.provider.LocalADCSKeyManagerProvider;
import de.trustable.ca3s.adcsKeyStore.provider.LocalADCSProvider;
import de.trustable.ca3s.adcsKeyStore.provider.SpringEnvironmentPropertyProviderImpl;
import de.trustable.ca3s.cert.bundle.TimedRenewalCertMap;
import de.trustable.util.JCAManager;
import io.undertow.Undertow;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Security;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import javax.annotation.PostConstruct;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.embedded.undertow.UndertowBuilderCustomizer;
import org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.DependsOn;
import org.springframework.core.env.Environment;
import tech.jhipster.config.DefaultProfileUtil;
import tech.jhipster.config.JHipsterConstants;
import tech.jhipster.config.JHipsterDefaults;

@EnableConfigurationProperties({ApplicationProperties.class})
@SpringBootApplication
/* loaded from: input_file:BOOT-INF/classes/de/trustable/ca3s/adcs/proxy/AdcsProxyApp.class */
public class AdcsProxyApp implements InitializingBean {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AdcsProxyApp.class);
    private final Environment env;

    public AdcsProxyApp(Environment environment) {
        this.env = environment;
    }

    @PostConstruct
    public void initApplication() {
        List asList = Arrays.asList(this.env.getActiveProfiles());
        if (asList.contains(JHipsterConstants.SPRING_PROFILE_DEVELOPMENT) && asList.contains(JHipsterConstants.SPRING_PROFILE_PRODUCTION)) {
            log.error("You have misconfigured your application! It should not run with both the 'dev' and 'prod' profiles at the same time.");
        }
        if (asList.contains(JHipsterConstants.SPRING_PROFILE_DEVELOPMENT) && asList.contains(JHipsterConstants.SPRING_PROFILE_CLOUD)) {
            log.error("You have misconfigured your application! It should not run with both the 'dev' and 'cloud' profiles at the same time.");
        }
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        initApplication();
    }

    public static void main(String[] strArr) {
        SpringApplication springApplication = new SpringApplication(AdcsProxyApp.class);
        DefaultProfileUtil.addDefaultProfile(springApplication);
        logApplicationStartup(springApplication.run(strArr).getEnvironment());
    }

    private static void logApplicationStartup(Environment environment) {
        String str = (String) Optional.ofNullable(environment.getProperty("server.ssl.key-store")).map(str2 -> {
            return "https";
        }).orElse("http");
        String property = environment.getProperty("server.port");
        String str3 = (String) Optional.ofNullable(environment.getProperty("server.servlet.context-path")).filter((v0) -> {
            return StringUtils.isNotBlank(v0);
        }).orElse("/");
        String str4 = JHipsterDefaults.Logging.Logstash.host;
        try {
            str4 = InetAddress.getLocalHost().getHostAddress();
        } catch (UnknownHostException e) {
            log.warn("The host name could not be determined, using `localhost` as fallback");
        }
        log.info("\n----------------------------------------------------------\n\tApplication '{}' is running! Access URLs:\n\tLocal: \t\t{}://localhost:{}{}\n\tExternal: \t{}://{}:{}{}\n\tProfile(s): \t{}\n----------------------------------------------------------", environment.getProperty("spring.application.name"), str, property, str3, str, str4, property, str3, environment.getActiveProfiles());
    }

    @Bean
    public TimedRenewalCertMap timedRenewalCertMap() {
        log.debug("in timedRenewalCertMap()");
        JCAManager.getInstance();
        return new TimedRenewalCertMap(new LocalADCSBundleFactory(new SpringEnvironmentPropertyProviderImpl(this.env)));
    }

    @DependsOn({"timedRenewalCertMap"})
    @Bean
    public LocalADCSKeyManagerProvider localADCSKeyManagerProvider() {
        log.debug("in localADCSKeyManagerProvider()");
        LocalADCSKeyManagerProvider localADCSKeyManagerProvider = new LocalADCSKeyManagerProvider(timedRenewalCertMap());
        Security.addProvider(localADCSKeyManagerProvider);
        return localADCSKeyManagerProvider;
    }

    @DependsOn({"timedRenewalCertMap"})
    @Bean
    public LocalADCSProvider localADCSProvider() {
        log.debug("in localADCSProvider()");
        LocalADCSProvider localADCSProvider = new LocalADCSProvider(timedRenewalCertMap(), new SpringEnvironmentPropertyProviderImpl(this.env));
        Security.addProvider(localADCSProvider);
        return localADCSProvider;
    }

    @DependsOn({"localADCSKeyManagerProvider", "localADCSProvider"})
    @Bean
    public UndertowServletWebServerFactory embeddedServletContainerFactory() {
        log.info("\n----------------------------------------------------------\n\t configure Undertow for TLS\n----------------------------------------------------------\n\t");
        UndertowServletWebServerFactory undertowServletWebServerFactory = new UndertowServletWebServerFactory();
        undertowServletWebServerFactory.addBuilderCustomizers(new UndertowBuilderCustomizer() { // from class: de.trustable.ca3s.adcs.proxy.AdcsProxyApp.1
            @Override // org.springframework.boot.web.embedded.undertow.UndertowBuilderCustomizer
            public void customize(Undertow.Builder builder) {
                int i = 8443;
                String str = "0.0.0.0";
                String property = AdcsProxyApp.this.env.getProperty("server.tls.port");
                if (property == null) {
                    AdcsProxyApp.log.debug("TLS listen port undefined, using default port #" + 8443);
                } else {
                    i = Integer.parseUnsignedInt(property);
                }
                String property2 = AdcsProxyApp.this.env.getProperty("server.tls.host", JHipsterDefaults.Logging.Logstash.host);
                if (property == null) {
                    AdcsProxyApp.log.debug("TLS listen host undefined, using default value '" + str + "'");
                } else {
                    str = property2.trim();
                }
                try {
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(LocalADCSKeyManagerProvider.ALGO_NAME);
                    KeyStore keyStore = KeyStore.getInstance(LocalADCSProvider.ALGO_NAME);
                    keyStore.load(null, null);
                    keyManagerFactory.init(keyStore, "password".toCharArray());
                    KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
                    AdcsProxyApp.log.debug("keyManagers has #{} elements, first one is a {}", Integer.valueOf(keyManagers.length), keyManagers[0].getClass().getName());
                    SSLContext sSLContext = SSLContext.getInstance("TLS");
                    sSLContext.init(keyManagers, null, null);
                    builder.addHttpsListener(i, str, sSLContext);
                    AdcsProxyApp.log.debug("added TLS listen port {} programmatically", Integer.valueOf(i));
                } catch (IOException | GeneralSecurityException e) {
                    AdcsProxyApp.log.error("problem configuring TLS port #" + i, e);
                }
            }
        });
        return undertowServletWebServerFactory;
    }
}
