package nxt;

import java.io.IOException;
import java.io.PrintStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.BasicPermission;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import nxt.http.APIEnum;
import nxt.http.CustomAPISetup;
import nxt.util.SslKeyStoreGenerator;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.SecurityHandler;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.server.handler.DefaultHandler;
import org.eclipse.jetty.server.handler.HandlerList;
import org.eclipse.jetty.server.handler.ResourceHandler;
import org.eclipse.jetty.server.handler.gzip.GzipHandler;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.servlet.Source;
import org.eclipse.jetty.servlets.CrossOriginFilter;
import org.eclipse.jetty.util.IncludeExclude;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.security.Password;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.ShutdownThread;

/* loaded from: classes.dex */
public abstract class k {
    public static final int a;
    public static final String[] b;
    public static boolean c;
    public static final int d;
    public static final int e;
    public static final boolean f;
    public static List g;
    public static List h;
    public static final e8 i;
    public static final e8 j;
    public static final HashMap k;
    public static final String l;
    public static final String m;
    public static final boolean n;
    public static final int o;
    public static final boolean p;
    public static final int q;
    public static final boolean r;
    public static final String s;
    public static final Server t;
    public static final rm u;
    public static final rm v;
    public static final rm w;
    public static final URI x;
    public static final URI y;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r7v25, types: [org.eclipse.jetty.servlet.ServletHolder$Registration, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r7v26, types: [org.eclipse.jetty.servlet.ServletHolder$Registration, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r7v9, types: [org.eclipse.jetty.server.Handler, org.eclipse.jetty.server.handler.ResourceHandler, nxt.hd0] */
    /* JADX WARN: Type inference failed for: r8v4, types: [java.security.BasicPermission, nxt.rm] */
    /* JADX WARN: Type inference failed for: r8v5, types: [java.security.BasicPermission, nxt.rm] */
    /* JADX WARN: Type inference failed for: r8v6, types: [java.security.BasicPermission, nxt.rm] */
    static {
        final SslContextFactory.Server server;
        boolean z;
        int i2 = 0;
        int i3 = bl.e ? 26875 : 26876;
        a = i3;
        b = new String[]{"TRACE", "HEAD"};
        c = false;
        k = new HashMap();
        String i4 = Nxt.i("nxt.adminPassword", "", null, true);
        l = i4;
        String i5 = Nxt.i("nxt.adminPasswordHash", "", null, true);
        m = i5;
        o = Nxt.d(0, "nxt.maxAPIRecords");
        p = Nxt.b("nxt.enableAPIUPnP", false);
        int d2 = Nxt.d(0, "nxt.apiServerIdleTimeout");
        q = d2;
        r = Nxt.b("nxt.apiServerCORS", false);
        s = Nxt.i("nxt.forwardedForHeader", null, null, false);
        u = new BasicPermission("api");
        v = new BasicPermission("adminPassword");
        w = new BasicPermission("lifecycle");
        if (!i4.isEmpty() && !i5.isEmpty()) {
            ga0.o("admin password and admin password hash are both defined");
        }
        i = new e8("nxt.allowedBotHosts", i2);
        j = new e8("nxt.unlimitedBotHosts", i2);
        if (!Nxt.b("nxt.enableAPIServer", false)) {
            t = null;
            n = false;
            d = 0;
            e = 0;
            f = false;
            ga0.k("API server not enabled");
            return;
        }
        boolean z2 = bl.a;
        if (!z2) {
            i3 = Nxt.d(0, "nxt.apiServerPort");
        }
        final int i6 = i3;
        final int d3 = z2 ? 26877 : Nxt.d(0, "nxt.apiServerSSLPort");
        final String i7 = Nxt.i("nxt.apiServerHost", null, null, false);
        n = Nxt.b("nxt.disableAdminPassword", false) || ("127.0.0.1".equals(i7) && !e());
        Server server2 = new Server();
        t = server2;
        final boolean b2 = Nxt.b("nxt.apiSSL", false);
        if (!b2 || i6 != d3) {
            HttpConfiguration httpConfiguration = new HttpConfiguration();
            httpConfiguration.A2 = false;
            httpConfiguration.z2 = false;
            ServerConnector serverConnector = new ServerConnector(server2, new HttpConnectionFactory(httpConfiguration));
            serverConnector.S2 = i6;
            serverConnector.R2 = i7;
            serverConnector.K2 = d2;
            serverConnector.X2 = true;
            server2.B4(serverConnector);
            ga0.k("API server using HTTP port " + i6);
        }
        if (b2) {
            HttpConfiguration httpConfiguration2 = new HttpConfiguration();
            httpConfiguration2.A2 = false;
            httpConfiguration2.z2 = false;
            httpConfiguration2.y2 = "https";
            httpConfiguration2.v2 = d3;
            httpConfiguration2.X.add(new SecureRequestCustomizer());
            SslContextFactory.Server server3 = new SslContextFactory.Server();
            Path resolve = Paths.get(Nxt.j(), new String[0]).resolve(Paths.get(Nxt.i("nxt.keyStorePath", null, null, false), new String[0]));
            String i8 = Nxt.i("nxt.keyStorePassword", null, null, true);
            String i9 = Nxt.i("nxt.keyStoreType", null, null, false);
            String path = resolve.toString();
            if (Files.notExists(resolve, new LinkOption[0])) {
                ga0.h("Auto generating local keystore " + path);
                try {
                    List h2 = Nxt.h("nxt.generatedKeyStoreDomains");
                    nt0 nt0Var = new nt0();
                    nt0Var.a = resolve;
                    nt0Var.b = i8;
                    nt0Var.c = i9;
                    if (!h2.isEmpty()) {
                        nt0Var.d.clear();
                        h2.forEach(new qa(17, nt0Var));
                    }
                    new SslKeyStoreGenerator(nt0Var).a();
                } catch (ot0 e2) {
                    ga0.a(4, "Failed to generate local ssl keystore", e2);
                }
            } else {
                ga0.h("Using keystore: " + path);
            }
            try {
                Resource v2 = Resource.v(path, Resource.Y);
                server3.D2 = v2;
                if (i8 != null) {
                    server3.F2 = new Password(i8);
                } else if (v2 != null) {
                    Logger logger = Password.r2;
                    String property = System.getProperty("org.eclipse.jetty.ssl.password", null);
                    if (property == null || property.length() == 0) {
                        try {
                            PrintStream printStream = System.out;
                            printStream.print("org.eclipse.jetty.ssl.password : ");
                            printStream.flush();
                            byte[] bArr = new byte[512];
                            int read = System.in.read(bArr);
                            if (read > 0) {
                                property = new String(bArr, 0, read).trim();
                            }
                        } catch (IOException e3) {
                            Password.r2.e("EXCEPTION ", e3);
                        }
                        if (property == null || property.length() == 0) {
                            property = null;
                        }
                    }
                    server3.F2 = new Password(property);
                } else {
                    server3.F2 = null;
                }
                server3.v2.addAll(Arrays.asList("SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"));
                server3.t2.addAll(Arrays.asList("SSLv3"));
                server3.E2 = i9;
                List h3 = Nxt.h("nxt.apiSSLCiphers");
                if (!h3.isEmpty()) {
                    String[] strArr = (String[]) h3.toArray(new String[0]);
                    LinkedHashSet linkedHashSet = server3.w2;
                    linkedHashSet.clear();
                    linkedHashSet.addAll(Arrays.asList(strArr));
                }
                cx0.e("JettySSLContextReloader", new kj(14, server3), 1, TimeUnit.DAYS);
                Server server4 = t;
                ServerConnector serverConnector2 = new ServerConnector(server4, new SslConnectionFactory(server3, "http/1.1"), new HttpConnectionFactory(httpConfiguration2));
                serverConnector2.S2 = d3;
                serverConnector2.R2 = i7;
                serverConnector2.K2 = q;
                serverConnector2.X2 = true;
                server4.B4(serverConnector2);
                ga0.k("API server using HTTPS port " + d3);
                server = server3;
            } catch (Exception e4) {
                throw new IllegalArgumentException(e4);
            }
        } else {
            server = null;
        }
        String str = ("0.0.0.0".equals(i7) || "127.0.0.1".equals(i7)) ? "localhost" : i7;
        try {
            x = new URI(b2 ? "https" : "http", null, str, b2 ? d3 : i6, "/index.html", null, null);
            y = new URI(b2 ? "https" : "http", null, str, b2 ? d3 : i6, "", null, null);
            new URI(b2 ? "https" : "http", null, str, b2 ? d3 : i6, "/paperwallet", null, null);
        } catch (URISyntaxException e5) {
            ga0.a(2, "Cannot resolve browser URI", e5);
        }
        boolean z3 = bl.c;
        int i10 = (z3 || !"0.0.0.0".equals(i7) || ((Set) i.Y) != null || (b2 && i6 == d3)) ? 0 : i6;
        d = i10;
        int i11 = (!z3 && "0.0.0.0".equals(i7) && ((Set) i.Y) == null && b2) ? d3 : 0;
        e = i11;
        boolean z4 = i10 > 0 || i11 > 0;
        f = z4;
        HandlerList handlerList = new HandlerList();
        ServletContextHandler servletContextHandler = new ServletContextHandler();
        String i12 = Nxt.i("nxt.apiResourceBase", null, null, false);
        if (i12 != null) {
            DefaultServlet defaultServlet = new DefaultServlet();
            ServletHolder servletHolder = new ServletHolder(Source.c);
            synchronized (servletHolder) {
                servletHolder.n4(defaultServlet);
            }
            servletHolder.m4("dirAllowed", "false");
            servletHolder.m4("resourceBase", i12);
            servletHolder.m4("welcomeServlets", "true");
            servletHolder.m4("redirectWelcome", "true");
            servletHolder.m4("gzip", "true");
            servletHolder.m4("etags", "true");
            servletContextHandler.a5().G4(servletHolder, "/*");
            servletContextHandler.M2 = new String[]{Nxt.i("nxt.apiWelcomeFile", null, null, false)};
        }
        String i13 = Nxt.i("nxt.javadocResourceBase", null, null, false);
        if (i13 != null) {
            ContextHandler contextHandler = new ContextHandler("/doc");
            ResourceHandler resourceHandler = new ResourceHandler();
            resourceHandler.G2.d = false;
            resourceHandler.H2 = new String[]{"index.html"};
            try {
                resourceHandler.C2 = Resource.v(i13, Resource.Y);
                contextHandler.A4(resourceHandler);
                handlerList.A4(contextHandler);
            } catch (Exception e6) {
                Logger logger2 = ResourceHandler.I2;
                logger2.g(e6.toString(), new Object[0]);
                logger2.l(e6);
                throw new IllegalArgumentException(i13);
            }
        }
        ContextHandler contextHandler2 = new ContextHandler("/addon-plugins");
        ?? resourceHandler2 = new ResourceHandler();
        resourceHandler2.G2.d = false;
        resourceHandler2.J2 = "addon_plugins";
        contextHandler2.A4(resourceHandler2);
        handlerList.A4(contextHandler2);
        ServletHolder Y4 = servletContextHandler.Y4(w.class, "/nxt");
        if (Y4.F2 == null) {
            Y4.F2 = new Object();
        }
        Y4.F2.a = new jd0(null, Math.max(Nxt.d(0, "nxt.maxUploadFileSize"), 43008), -1L, 0);
        ServletHolder Y42 = servletContextHandler.Y4(s.class, "/nxt-proxy");
        Map singletonMap = Collections.singletonMap("idleTimeout", "" + Math.max(q - 5000, 0));
        HashMap hashMap = Y42.z2;
        hashMap.clear();
        hashMap.putAll(singletonMap);
        if (Y42.F2 == null) {
            Y42.F2 = new Object();
        }
        Y42.F2.a = new jd0(null, Math.max(Nxt.d(0, "nxt.maxUploadFileSize"), 43008), -1L, 0);
        GzipHandler gzipHandler = new GzipHandler();
        if (!Nxt.b("nxt.enableAPIServerGZIPFilter", z4)) {
            IncludeExclude includeExclude = gzipHandler.K2;
            includeExclude.Z.clear();
            includeExclude.b("/nxt", "/nxt-proxy");
        }
        IncludeExclude includeExclude2 = gzipHandler.J2;
        includeExclude2.X.clear();
        includeExclude2.c("GET", "POST");
        gzipHandler.E2 = Math.max(0, 256);
        servletContextHandler.c5(servletContextHandler.l3, gzipHandler);
        servletContextHandler.l3 = gzipHandler;
        servletContextHandler.b5();
        servletContextHandler.Y4(y.class, "/test");
        servletContextHandler.Y4(y.class, "/test-proxy");
        servletContextHandler.Y4(mq.class, "/dbshell");
        servletContextHandler.Y4(ph0.class, "/paperwallet");
        if (r) {
            FilterHolder X4 = servletContextHandler.X4(CrossOriginFilter.class);
            X4.m4("allowedHeaders", "*");
            X4.A2 = true;
        }
        if (Nxt.b("nxt.apiFrameOptionsSameOrigin", false)) {
            servletContextHandler.X4(j.class).A2 = true;
        }
        SecurityHandler Z4 = servletContextHandler.Z4();
        if (Z4 == null) {
            Z4 = new ConstraintSecurityHandler();
            servletContextHandler.c5(servletContextHandler.j3, Z4);
            servletContextHandler.j3 = Z4;
            servletContextHandler.b5();
        }
        if (Z4 instanceof ConstraintSecurityHandler) {
            ConstraintSecurityHandler constraintSecurityHandler = (ConstraintSecurityHandler) Z4;
            String[] strArr2 = b;
            for (String str2 : strArr2) {
                ConstraintMapping constraintMapping = new ConstraintMapping();
                Constraint constraint = new Constraint();
                constraint.X = z70.u("Disable ", str2);
                constraint.Z = true;
                constraintMapping.d = constraint;
                constraintMapping.c = "/";
                constraintMapping.a = str2;
                constraintSecurityHandler.F4(constraintMapping);
            }
            ConstraintMapping constraintMapping2 = new ConstraintMapping();
            Constraint constraint2 = new Constraint();
            constraint2.X = "Enable everything but TRACE";
            constraintMapping2.d = constraint2;
            constraintMapping2.b = strArr2;
            constraintMapping2.c = "/";
            constraintSecurityHandler.F4(constraintMapping2);
        }
        String c2 = um.c(Nxt.i("nxt.apiCustomSetupImpl", null, null, false));
        if (c2 != null) {
            try {
                ((CustomAPISetup) Class.forName(c2).newInstance()).a(handlerList);
            } catch (ReflectiveOperationException e7) {
                ga0.a(4, "Failed to load custom API setup", e7);
            }
        }
        handlerList.A4(servletContextHandler);
        handlerList.A4(new DefaultHandler());
        Server server5 = t;
        server5.A4(handlerList);
        if (server5.G2 || !server5.h3()) {
            z = true;
        } else {
            z = true;
            ShutdownThread.b(server5);
        }
        server5.G2 = z;
        cx0.c(new Runnable() { // from class: nxt.g
            @Override // java.lang.Runnable
            public final void run() {
                boolean z5 = b2;
                int i14 = i6;
                int i15 = d3;
                String str3 = i7;
                SslContextFactory sslContextFactory = server;
                String str4 = (!z5 || i14 == i15) ? "" : ", " + str3 + ":" + i15;
                try {
                    if (k.p) {
                        for (Connector connector : k.t.C4()) {
                            if (connector instanceof ServerConnector) {
                                g01.e(((ServerConnector) connector).S2);
                            }
                        }
                    }
                    boolean z6 = w.r2;
                    String[] strArr3 = s.G2;
                    ArrayList arrayList = y.r2;
                    k.t.q();
                    if (sslContextFactory != null) {
                        StringBuilder sb = new StringBuilder();
                        sb.append("API SSL Protocols: ");
                        String[] strArr4 = sslContextFactory.A2;
                        sb.append(Arrays.toString((String[]) Arrays.copyOf(strArr4, strArr4.length)));
                        ga0.b(sb.toString());
                        StringBuilder sb2 = new StringBuilder();
                        sb2.append("API SSL Ciphers: ");
                        String[] strArr5 = sslContextFactory.C2;
                        sb2.append(Arrays.toString((String[]) Arrays.copyOf(strArr5, strArr5.length)));
                        ga0.b(sb2.toString());
                    }
                    ga0.k("Started API server at " + str3 + ":" + i14 + str4);
                } catch (Exception e8) {
                    ga0.f("Failed to start API server at " + str3 + ":" + i14 + str4, e8);
                    throw new RuntimeException(e8.toString(), e8);
                }
            }
        }, z);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static void a(f50 f50Var) {
        int f2 = Nxt.a.f();
        String str = s;
        String v2 = str != null ? f50Var.v(str) : null;
        if (v2 == null) {
            v2 = f50Var.U();
        }
        HashMap hashMap = k;
        synchronized (hashMap) {
            try {
                i iVar = (i) hashMap.get(v2);
                if (iVar != null && iVar.a >= 25 && f2 - iVar.b < 3600) {
                    ga0.o("Too many incorrect admin password attempts from " + v2);
                    throw new qh0(l70.A0);
                }
                String X = f50Var.X("adminPassword");
                if (X == null) {
                    X = "";
                }
                String str2 = l;
                if (!str2.isEmpty() && str2.equals(X)) {
                    if (iVar != null) {
                        hashMap.remove(v2);
                    }
                    return;
                }
                if (X.isEmpty()) {
                    throw new qh0(l70.y0);
                }
                i iVar2 = iVar;
                if (m.equals(um.w(qn.k().digest(X.getBytes(StandardCharsets.UTF_8))))) {
                    if (iVar != null) {
                        hashMap.remove(v2);
                    }
                    return;
                }
                if (iVar == null) {
                    Object obj = new Object();
                    hashMap.put(v2, obj);
                    iVar2 = obj;
                    if (hashMap.size() > 1000) {
                        ArrayList arrayList = new ArrayList(hashMap.keySet());
                        hashMap.remove(arrayList.get(new Random().nextInt(arrayList.size())));
                        iVar2 = obj;
                    }
                }
                iVar2.a++;
                iVar2.b = f2;
                ga0.o("Incorrect adminPassword from " + v2);
                throw new qh0(l70.z0);
            } catch (Throwable th) {
                throw th;
            }
        }
    }

    public static boolean b(f50 f50Var) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(v);
        }
        if (n) {
            return true;
        }
        if (!e() || um.c(f50Var.X("adminPassword")) == null) {
            return false;
        }
        try {
            a(f50Var);
            return true;
        } catch (qh0 unused) {
            return false;
        }
    }

    public static List c() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(u);
        }
        d();
        return h;
    }

    public static void d() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(w);
        }
        if (c) {
            return;
        }
        c = true;
        g = (List) new ArrayList(Nxt.h("nxt.disabledAPIs")).stream().map(new we(25)).collect(Collectors.toCollection(new qi0(4)));
        if (bl.k0) {
            g.add(APIEnum.SEARCH_ACCOUNTS);
            g.add(APIEnum.SEARCH_ASSETS);
            g.add(APIEnum.SEARCH_CURRENCIES);
            g.add(APIEnum.SEARCH_DGS_GOODS);
            g.add(APIEnum.SEARCH_POLLS);
            g.add(APIEnum.SEARCH_TAGGED_DATA);
        }
        List h2 = Nxt.h("nxt.disabledAPITags");
        Collections.sort(h2);
        ArrayList arrayList = new ArrayList(h2.size());
        h2.forEach(new n5(10, arrayList));
        h = Collections.unmodifiableList(arrayList);
    }

    public static boolean e() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(u);
        }
        return (l.isEmpty() && m.isEmpty()) ? false : true;
    }

    public static boolean f(String str) {
        boolean b2 = e8.b(i, str);
        if (!b2) {
            ga0.b("Not allowing " + str);
        }
        return !b2;
    }

    public static void g(f50 f50Var) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(v);
        }
        if (n) {
            return;
        }
        if (!e()) {
            throw new qh0(l70.C1);
        }
        a(f50Var);
    }

    public static void shutdown() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(w);
        }
        ga0.m("Shutting down the API server...");
        Server server = t;
        if (server != null) {
            try {
                server.stop();
                if (p) {
                    for (Connector connector : server.C4()) {
                        if (connector instanceof ServerConnector) {
                            g01.t(((ServerConnector) connector).S2);
                        }
                    }
                }
            } catch (Exception e2) {
                ga0.n("Failed to stop API server", e2);
            }
        }
        ga0.m("API server stopped");
    }
}
