package com.google.gerrit.pgm.init;

import com.google.gerrit.common.FileUtil;
import com.google.gerrit.pgm.init.api.ConsoleUI;
import com.google.gerrit.pgm.init.api.InitFlags;
import com.google.gerrit.pgm.init.api.InitStep;
import com.google.gerrit.pgm.init.api.InitUtil;
import com.google.gerrit.pgm.init.api.Section;
import com.google.gerrit.server.config.SitePaths;
import com.google.gerrit.server.mail.SignedToken;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.file.CopyOption;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;

@Singleton
/* loaded from: input_file:com/google/gerrit/pgm/init/InitHttpd.class */
class InitHttpd implements InitStep {
    private final ConsoleUI ui;
    private final SitePaths site;
    private final InitFlags flags;
    private final Section httpd;
    private final Section gerrit;

    @Inject
    InitHttpd(ConsoleUI consoleUI, SitePaths sitePaths, InitFlags initFlags, Section.Factory factory) {
        this.ui = consoleUI;
        this.site = sitePaths;
        this.flags = initFlags;
        this.httpd = factory.get("httpd", (String) null);
        this.gerrit = factory.get("gerrit", (String) null);
    }

    public void run() throws IOException, InterruptedException {
        boolean yesno;
        String str;
        this.ui.header("HTTP Daemon", new Object[0]);
        boolean z = false;
        String[] list = this.httpd.getList("listenUrl");
        for (String str2 : list) {
            if (str2 != null && !str2.isEmpty()) {
                try {
                    if (InitUtil.toURI(str2).getScheme().startsWith("https")) {
                        z = true;
                    }
                } catch (URISyntaxException e) {
                    System.err.println(String.format("warning: invalid httpd.listenUrl entry: '%s'. Gerrit may not be able to start.", str2));
                }
            }
        }
        if (list.length > 1) {
            if (!this.ui.isBatch()) {
                System.err.println("Interactive configuration is not supported with multiple entries of httpd.listenUrl.");
            }
            if (z) {
                System.err.println("Generating self-signed SSL certificates is not supported with multiple entries of httpd.listenUrl.");
            }
            String str3 = "";
            if (list[0] != null && !list[0].isEmpty()) {
                try {
                    str3 = new URI(list[0]).toString();
                } catch (URISyntaxException e2) {
                    System.err.println(String.format("warning: invalid httpd.listenUrl entry: '%s'", list[0]));
                }
            }
            this.gerrit.string("Canonical URL", "canonicalWebUrl", str3);
            return;
        }
        boolean z2 = false;
        boolean z3 = false;
        String str4 = "*";
        int i = -1;
        String str5 = "/";
        if (list.length > 0 && list[0] != null && !list[0].isEmpty()) {
            try {
                URI uri = InitUtil.toURI(list[0]);
                z2 = uri.getScheme().startsWith("proxy-");
                z3 = uri.getScheme().endsWith("https");
                str4 = InitUtil.isAnyAddress(new URI(list[0])) ? "*" : uri.getHost();
                i = uri.getPort();
                str5 = uri.getPath();
            } catch (URISyntaxException e3) {
                System.err.println("warning: invalid httpd.listenUrl " + list[0]);
            }
        }
        boolean yesno2 = this.ui.yesno(Boolean.valueOf(z2), "Behind reverse proxy", new Object[0]);
        if (yesno2) {
            yesno = this.ui.yesno(Boolean.valueOf(z3), "Proxy uses SSL (https://)", new Object[0]);
            str = this.ui.readString(str5, "Subdirectory on proxy server", new Object[0]);
        } else {
            yesno = this.ui.yesno(Boolean.valueOf(z3), "Use SSL (https://)", new Object[0]);
            str = "/";
        }
        String readString = this.ui.readString(str4, "Listen on address", new Object[0]);
        if (i < 0) {
            i = yesno2 ? 8081 : yesno ? 8443 : 8080;
        }
        int readInt = this.ui.readInt(i, "Listen on port", new Object[0]);
        StringBuilder sb = new StringBuilder();
        sb.append(yesno2 ? "proxy-" : "");
        sb.append(yesno ? "https" : "http");
        sb.append("://");
        sb.append(readString);
        if (0 <= readInt) {
            sb.append(":");
            sb.append(readInt);
        }
        sb.append(str);
        try {
            URI uri2 = InitUtil.toURI(sb.toString());
            if (uri2.getScheme().startsWith("proxy-")) {
                uri2 = new URI(uri2.getScheme().substring("proxy-".length()) + "://" + uri2.getHost() + uri2.getPath());
            }
            this.httpd.set("listenUrl", sb.toString());
            this.gerrit.string("Canonical URL", "canonicalWebUrl", uri2.toString());
            generateSslCertificate();
        } catch (URISyntaxException e4) {
            throw InitUtil.die("invalid httpd.listenUrl", e4);
        }
    }

    private void generateSslCertificate() throws IOException, InterruptedException {
        String str = this.httpd.get("listenUrl");
        if (str.startsWith("https://")) {
            try {
                String str2 = this.gerrit.get("canonicalWebUrl");
                if (str2 == null || str2.isEmpty()) {
                    str2 = str;
                }
                String host = InitUtil.toURI(str2).getHost();
                Path path = this.site.ssl_keystore;
                if (this.ui.yesno(Boolean.valueOf(!Files.exists(path, new LinkOption[0])), "Create new self-signed SSL certificate", new Object[0])) {
                    String str3 = this.flags.sec.get("http", (String) null, "sslKeyPassword");
                    if (str3 == null || str3.isEmpty()) {
                        str3 = SignedToken.generateRandomKey();
                        this.flags.sec.set("httpd", (String) null, "sslKeyPassword", str3);
                    }
                    String readString = this.ui.readString(host, "Certificate server name", new Object[0]);
                    String readString2 = this.ui.readString("365", "Certificate expires in (days)", new Object[0]);
                    String str4 = "CN=" + readString + ",OU=Gerrit Code Review,O=" + InitUtil.domainOf(readString);
                    Path resolve = this.site.etc_dir.resolve("tmp.sslcertgen");
                    try {
                        Files.createDirectory(resolve, new FileAttribute[0]);
                        FileUtil.chmod(384, resolve);
                        Path resolve2 = resolve.resolve("keystore");
                        Runtime.getRuntime().exec(new String[]{"keytool", "-keystore", resolve2.toAbsolutePath().toString(), "-storepass", str3, "-genkeypair", "-alias", readString, "-keyalg", "RSA", "-validity", readString2, "-dname", str4, "-keypass", str3}).waitFor();
                        FileUtil.chmod(384, resolve2);
                        try {
                            Files.move(resolve2, path, new CopyOption[0]);
                            try {
                                Files.delete(resolve);
                            } catch (IOException e) {
                                throw InitUtil.die("Cannot delete " + resolve, e);
                            }
                        } catch (IOException e2) {
                            throw InitUtil.die("Cannot rename " + resolve2 + " to " + path, e2);
                        }
                    } catch (IOException e3) {
                        throw InitUtil.die("Cannot create directory " + resolve, e3);
                    }
                }
            } catch (URISyntaxException e4) {
                System.err.println("Invalid httpd.listenUrl, not checking certificate");
            }
        }
    }
}
