package nxt;

import java.math.BigInteger;
import java.net.Inet4Address;
import java.net.InetAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Random;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import nxt.http.CustomAPISetup;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.SecurityHandler;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.server.handler.DefaultHandler;
import org.eclipse.jetty.server.handler.HandlerList;
import org.eclipse.jetty.server.handler.ResourceHandler;
import org.eclipse.jetty.server.handler.gzip.GzipHandler;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.servlets.CrossOriginFilter;
import org.eclipse.jetty.util.ArrayUtil;
import org.eclipse.jetty.util.IncludeExclude;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.ssl.SslContextFactory;

/* loaded from: classes.dex */
public final class h {
    public static final int d;
    public static final int e;
    public static final boolean f;
    public static List<nxt.http.b> g;
    public static List<u> h;
    public static final Set<String> i;
    public static final List<b> j;
    public static final boolean m;
    public static final Server s;
    public static URI t;
    public static URI u;
    public static final String[] a = {"TRACE", "OPTIONS", "HEAD"};
    public static final Set<String> b = Collections.unmodifiableSet(new HashSet(Arrays.asList("secretPhrase", "adminPassword", "sharedKey", "encryptionPassword")));
    public static boolean c = false;
    public static final Map<String, c> k = new HashMap();
    public static final String l = Nxt.n("nxt.adminPassword", "", true);
    public static final int n = Nxt.h("nxt.maxAPIRecords");
    public static final boolean o = Nxt.d("nxt.enableAPIUPnP");
    public static final int p = Nxt.h("nxt.apiServerIdleTimeout");
    public static final boolean q = Nxt.d("nxt.apiServerCORS");
    public static final String r = Nxt.l("nxt.forwardedForHeader");

    /* loaded from: classes.dex */
    public static class b {
        public BigInteger a;
        public BigInteger b;

        public b(String str, a aVar) {
            String[] split = str.split("/");
            if (split.length != 2) {
                throw new IllegalArgumentException(vi.l("Invalid address: ", str));
            }
            InetAddress byName = InetAddress.getByName(split[0]);
            this.a = new BigInteger(1, byName.getAddress());
            int intValue = Integer.valueOf(split[1]).intValue();
            int i = byName instanceof Inet4Address ? 32 : 128;
            BigInteger bigInteger = BigInteger.ZERO;
            BigInteger bit = bigInteger.setBit(i);
            BigInteger bigInteger2 = BigInteger.ONE;
            this.b = bit.subtract(bigInteger2).subtract(bigInteger.setBit(i - intValue).subtract(bigInteger2));
        }
    }

    /* loaded from: classes.dex */
    public static class c {
        public int a;
        public int b;

        public c() {
        }

        public c(a aVar) {
        }
    }

    /* loaded from: classes.dex */
    public static final class d implements vb {
        @Override // nxt.vb
        public void a(xb xbVar) {
        }

        @Override // nxt.vb
        public void b(xl xlVar, dm dmVar, wb wbVar) {
            ((ue) dmVar).v("X-FRAME-OPTIONS", "SAMEORIGIN");
            wbVar.a(xlVar, dmVar);
        }

        @Override // nxt.vb
        public void destroy() {
        }
    }

    static {
        String str;
        final SslContextFactory sslContextFactory;
        boolean z;
        int i2;
        EnumSet<la> enumSet;
        boolean z2;
        Handler handler;
        List<String> k2 = Nxt.k("nxt.allowedBotHosts");
        if (k2.contains("*")) {
            i = null;
            j = null;
        } else {
            HashSet hashSet = new HashSet();
            ArrayList arrayList = new ArrayList();
            for (String str2 : k2) {
                if (str2.contains("/")) {
                    try {
                        arrayList.add(new b(str2, null));
                    } catch (UnknownHostException e2) {
                        sg.a(4, "Unknown network " + str2, e2);
                        throw new RuntimeException(e2.toString(), e2);
                    }
                } else {
                    hashSet.add(str2);
                }
            }
            i = Collections.unmodifiableSet(hashSet);
            j = Collections.unmodifiableList(arrayList);
        }
        if (!Nxt.d("nxt.enableAPIServer")) {
            s = null;
            m = false;
            d = 0;
            e = 0;
            f = false;
            sg.h("API server not enabled");
            return;
        }
        boolean z3 = s6.a;
        final int h2 = z3 ? 6876 : Nxt.h("nxt.apiServerPort");
        int h3 = z3 ? 6877 : Nxt.h("nxt.apiServerSSLPort");
        final String l2 = Nxt.l("nxt.apiServerHost");
        m = Nxt.d("nxt.disableAdminPassword") || ("127.0.0.1".equals(l2) && l.isEmpty());
        Server server = new Server();
        s = server;
        boolean d2 = Nxt.d("nxt.apiSSL");
        if (!d2 || h2 != h3) {
            HttpConfiguration httpConfiguration = new HttpConfiguration();
            httpConfiguration.m = false;
            httpConfiguration.l = false;
            ServerConnector serverConnector = new ServerConnector(server, new HttpConnectionFactory(httpConfiguration));
            serverConnector.q2 = h2;
            serverConnector.p2 = l2;
            serverConnector.l2 = p;
            serverConnector.u2 = true;
            server.a4(serverConnector);
            sg.h("API server using HTTP port " + h2);
        }
        if (d2) {
            HttpConfiguration httpConfiguration2 = new HttpConfiguration();
            httpConfiguration2.m = false;
            httpConfiguration2.l = false;
            httpConfiguration2.k = "https";
            httpConfiguration2.h = h3;
            httpConfiguration2.a.add(new SecureRequestCustomizer());
            SslContextFactory sslContextFactory2 = new SslContextFactory();
            String path = Paths.get(Nxt.p(), new String[0]).resolve(Paths.get(Nxt.l("nxt.keyStorePath"), new String[0])).toString();
            sg.f("Using keystore: " + path);
            sslContextFactory2.f4(path);
            sslContextFactory2.e4(Nxt.n("nxt.keyStorePassword", null, true));
            sslContextFactory2.d2.addAll(Arrays.asList("SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"));
            sslContextFactory2.b2.addAll(Arrays.asList("SSLv3"));
            sslContextFactory2.m2 = Nxt.l("nxt.keyStoreType");
            List<String> k3 = Nxt.k("nxt.apiSSLCiphers");
            if (!k3.isEmpty()) {
                String[] strArr = (String[]) k3.toArray(new String[k3.size()]);
                sslContextFactory2.e2.clear();
                sslContextFactory2.e2.addAll(Arrays.asList(strArr));
            }
            str = "https";
            fo.e("JettySSLContextReloader", new kr(sslContextFactory2, 5), 1, TimeUnit.DAYS);
            ServerConnector serverConnector2 = new ServerConnector(server, new SslConnectionFactory(sslContextFactory2, "http/1.1"), new HttpConnectionFactory(httpConfiguration2));
            serverConnector2.q2 = h3;
            serverConnector2.p2 = l2;
            serverConnector2.l2 = p;
            serverConnector2.u2 = true;
            server.a4(serverConnector2);
            sg.h("API server using HTTPS port " + h3);
            sslContextFactory = sslContextFactory2;
        } else {
            str = "https";
            sslContextFactory = null;
        }
        String str3 = ("0.0.0.0".equals(l2) || "127.0.0.1".equals(l2)) ? "localhost" : l2;
        try {
            t = new URI(d2 ? str : "http", null, str3, d2 ? h3 : h2, "/index.html", null, null);
            u = new URI(d2 ? str : "http", null, str3, d2 ? h3 : h2, "", null, null);
        } catch (URISyntaxException e3) {
            sg.a(2, "Cannot resolve browser URI", e3);
        }
        boolean z4 = s6.c;
        int i3 = (z4 || !"0.0.0.0".equals(l2) || i != null || (d2 && h2 == h3)) ? 0 : h2;
        d = i3;
        int i4 = (!z4 && "0.0.0.0".equals(l2) && i == null && d2) ? h3 : 0;
        e = i4;
        boolean z5 = i3 > 0 || i4 > 0;
        f = z5;
        HandlerList handlerList = new HandlerList();
        ServletContextHandler servletContextHandler = new ServletContextHandler();
        String l3 = Nxt.l("nxt.apiResourceBase");
        if (l3 != null) {
            ServletHolder servletHolder = new ServletHolder(new DefaultServlet());
            i2 = h3;
            z = d2;
            servletHolder.h2.put("dirAllowed", "false");
            servletHolder.h2.put("resourceBase", l3);
            servletHolder.h2.put("welcomeServlets", "true");
            servletHolder.h2.put("redirectWelcome", "true");
            servletHolder.h2.put("gzip", "true");
            servletHolder.h2.put("etags", "true");
            servletContextHandler.u4().f4(servletHolder, "/*");
            servletContextHandler.m2 = new String[]{Nxt.l("nxt.apiWelcomeFile")};
        } else {
            z = d2;
            i2 = h3;
        }
        String l4 = Nxt.l("nxt.javadocResourceBase");
        if (l4 != null) {
            ContextHandler contextHandler = new ContextHandler(null, null, "/doc");
            ResourceHandler resourceHandler = new ResourceHandler();
            resourceHandler.j2 = false;
            resourceHandler.h2 = new String[]{"index.html"};
            resourceHandler.a4(l4);
            contextHandler.Z3(resourceHandler);
            handlerList.Z3((Handler[]) ArrayUtil.a(handlerList.e2, contextHandler, Handler.class));
        }
        ((ServletHolder.Registration) servletContextHandler.u4().e4(nxt.http.e.class, "/nxt").e4()).a = new sh(null, Math.max(Nxt.h("nxt.maxUploadFileSize"), 43008), -1L, 0);
        ServletHolder e4 = servletContextHandler.u4().e4(nxt.http.d.class, "/nxt-proxy");
        StringBuilder o2 = j9.o("");
        o2.append(Math.max(p - 5000, 0));
        Map<? extends String, ? extends String> singletonMap = Collections.singletonMap("idleTimeout", o2.toString());
        e4.h2.clear();
        e4.h2.putAll(singletonMap);
        ((ServletHolder.Registration) e4.e4()).a = new sh(null, Math.max(Nxt.h("nxt.maxUploadFileSize"), 43008), -1L, 0);
        GzipHandler gzipHandler = new GzipHandler();
        if (!Nxt.e("nxt.enableAPIServerGZIPFilter", z5)) {
            String[] strArr2 = {"/nxt", "/nxt-proxy"};
            gzipHandler.l2.d2.clear();
            IncludeExclude<String> includeExclude = gzipHandler.l2;
            Objects.requireNonNull(includeExclude);
            for (int i5 = 0; i5 < 2; i5++) {
                includeExclude.d2.add(strArr2[i5]);
            }
        }
        gzipHandler.a4("GET", "POST");
        gzipHandler.e2 = 256;
        servletContextHandler.x4(gzipHandler);
        servletContextHandler.u4().e4(nxt.http.f.class, "/test");
        servletContextHandler.u4().e4(nxt.http.f.class, "/test-proxy");
        servletContextHandler.u4().e4(w8.class, "/dbshell");
        if (q) {
            enumSet = null;
            FilterHolder r4 = servletContextHandler.r4(CrossOriginFilter.class, "/*", null);
            r4.h2.put("allowedHeaders", "*");
            z2 = true;
            r4.i2 = true;
        } else {
            enumSet = null;
            z2 = true;
        }
        if (Nxt.d("nxt.apiFrameOptionsSameOrigin")) {
            servletContextHandler.r4(d.class, "/*", enumSet).i2 = z2;
        }
        SecurityHandler t4 = servletContextHandler.t4();
        if (t4 == null) {
            t4 = new ConstraintSecurityHandler();
            if (servletContextHandler.isStarted()) {
                throw new IllegalStateException(AbstractLifeCycle.STARTED);
            }
            SecurityHandler securityHandler = servletContextHandler.J2;
            if (securityHandler != null) {
                handler = securityHandler.d2;
                securityHandler.Z3(null);
                servletContextHandler.w4(servletContextHandler.J2, t4);
            } else {
                handler = null;
            }
            servletContextHandler.J2 = t4;
            if (handler != null && t4.d2 == null) {
                t4.Z3(handler);
            }
            servletContextHandler.v4();
        }
        if (t4 instanceof ConstraintSecurityHandler) {
            ConstraintSecurityHandler constraintSecurityHandler = (ConstraintSecurityHandler) t4;
            for (String str4 : a) {
                ConstraintMapping constraintMapping = new ConstraintMapping();
                Constraint constraint = new Constraint();
                constraint.b2 = vi.l("Disable ", str4);
                constraint.d2 = true;
                constraintMapping.d = constraint;
                constraintMapping.c = "/";
                constraintMapping.a = str4;
                constraintSecurityHandler.m2.add(constraintMapping);
                if (constraintSecurityHandler.isStarted()) {
                    constraintSecurityHandler.f4(constraintMapping);
                }
            }
            ConstraintMapping constraintMapping2 = new ConstraintMapping();
            Constraint constraint2 = new Constraint();
            constraint2.b2 = "Enable everything but TRACE";
            constraintMapping2.d = constraint2;
            constraintMapping2.b = a;
            constraintMapping2.c = "/";
            constraintSecurityHandler.m2.add(constraintMapping2);
            if (constraintSecurityHandler.isStarted()) {
                constraintSecurityHandler.f4(constraintMapping2);
            }
        }
        String b2 = w6.b(Nxt.l("nxt.apiCustomSetupImpl"));
        if (b2 != null) {
            try {
                ((CustomAPISetup) Class.forName(b2).newInstance()).a(handlerList);
            } catch (ReflectiveOperationException e5) {
                sg.a(4, "Failed to load custom API setup", e5);
            }
        }
        handlerList.Z3((Handler[]) ArrayUtil.a(handlerList.e2, servletContextHandler, Handler.class));
        handlerList.Z3((Handler[]) ArrayUtil.a(handlerList.e2, new DefaultHandler(), Handler.class));
        Server server2 = s;
        server2.Z3(handlerList);
        server2.e4(true);
        final boolean z6 = z;
        final int i6 = i2;
        fo.c(new Runnable() { // from class: nxt.g
            @Override // java.lang.Runnable
            public final void run() {
                SslContextFactory sslContextFactory3 = SslContextFactory.this;
                String str5 = l2;
                int i7 = h2;
                boolean z7 = z6;
                int i8 = i6;
                try {
                    if (h.o) {
                        for (Connector connector : h.s.b4()) {
                            if (connector instanceof ServerConnector) {
                                zp.a(((ServerConnector) connector).q2);
                            }
                        }
                    }
                    boolean z8 = nxt.http.e.e2;
                    String str6 = nxt.http.d.r2;
                    List<String> list = nxt.http.f.e2;
                    h.s.start();
                    if (sslContextFactory3 != null) {
                        StringBuilder sb = new StringBuilder();
                        sb.append("API SSL Protocols: ");
                        String[] strArr3 = sslContextFactory3.i2;
                        sb.append(Arrays.toString((String[]) Arrays.copyOf(strArr3, strArr3.length)));
                        sg.b(sb.toString());
                        StringBuilder sb2 = new StringBuilder();
                        sb2.append("API SSL Ciphers: ");
                        String[] strArr4 = sslContextFactory3.k2;
                        sb2.append(Arrays.toString((String[]) Arrays.copyOf(strArr4, strArr4.length)));
                        sg.b(sb2.toString());
                    }
                    StringBuilder sb3 = new StringBuilder();
                    sb3.append("Started API server at ");
                    sb3.append(str5);
                    sb3.append(":");
                    sb3.append(i7);
                    sb3.append((!z7 || i7 == i8) ? "" : ", " + str5 + ":" + i8);
                    sg.h(sb3.toString());
                } catch (Exception e6) {
                    sg.a(4, "Failed to start API server", e6);
                    throw new RuntimeException(e6.toString(), e6);
                }
            }
        }, true);
    }

    public static void a(se seVar) {
        int g2 = Nxt.g();
        String str = r;
        String t2 = str != null ? seVar.t(str) : null;
        if (t2 == null) {
            t2 = seVar.C();
        }
        Map<String, c> map = k;
        synchronized (map) {
            c cVar = (c) ((HashMap) map).get(t2);
            if (cVar != null && cVar.a >= 25 && g2 - cVar.b < 3600) {
                sg.k("Too many incorrect admin password attempts from " + t2);
                throw new xi(vf.R0);
            }
            String G = seVar.G("adminPassword");
            char[] cArr = w6.a;
            if (G == null) {
                G = "";
            }
            if (!l.equals(G)) {
                if (G.length() <= 0) {
                    throw new xi(vf.P0);
                }
                if (cVar == null) {
                    cVar = new c(null);
                    ((HashMap) map).put(t2, cVar);
                    if (((HashMap) map).size() > 1000) {
                        ArrayList arrayList = new ArrayList(((HashMap) map).keySet());
                        ((HashMap) map).remove(arrayList.get(new Random().nextInt(arrayList.size())));
                    }
                }
                cVar.a++;
                cVar.b = g2;
                sg.k("Incorrect adminPassword from " + t2);
                throw new xi(vf.Q0);
            }
            if (cVar != null) {
                ((HashMap) map).remove(t2);
            }
        }
    }

    public static boolean b(se seVar) {
        if (m) {
            return true;
        }
        if (l.isEmpty() || w6.b(seVar.G("adminPassword")) == null) {
            return false;
        }
        try {
            a(seVar);
            return true;
        } catch (xi unused) {
            return false;
        }
    }

    public static void c() {
        if (c) {
            return;
        }
        c = true;
        g = (List) new ArrayList(Nxt.k("nxt.disabledAPIs")).stream().map(g6.u).collect(Collectors.toCollection(to.f));
        if (s6.Z) {
            g.add(nxt.http.b.SEARCH_ACCOUNTS);
            g.add(nxt.http.b.SEARCH_ASSETS);
            g.add(nxt.http.b.SEARCH_CURRENCIES);
            g.add(nxt.http.b.SEARCH_DGS_GOODS);
            g.add(nxt.http.b.SEARCH_POLLS);
            g.add(nxt.http.b.SEARCH_TAGGED_DATA);
        }
        List<String> k2 = Nxt.k("nxt.disabledAPITags");
        Collections.sort(k2);
        ArrayList arrayList = new ArrayList(k2.size());
        k2.forEach(new om(arrayList, 2));
        h = Collections.unmodifiableList(arrayList);
    }

    public static boolean d(String str) {
        Set<String> set = i;
        if (set == null || set.contains(str)) {
            return true;
        }
        try {
            BigInteger bigInteger = new BigInteger(InetAddress.getByName(str).getAddress());
            for (b bVar : j) {
                if (bigInteger.and(bVar.b).equals(bVar.a)) {
                    return true;
                }
            }
            return false;
        } catch (UnknownHostException unused) {
            sg.h("Unknown remote host " + str);
            return false;
        }
    }

    public static void e(se seVar) {
        if (m) {
            return;
        }
        if (l.isEmpty()) {
            throw new xi(vf.P1);
        }
        a(seVar);
    }

    public static void shutdown() {
        Server server = s;
        if (server != null) {
            try {
                server.stop();
                if (o) {
                    for (Connector connector : server.b4()) {
                        if (connector instanceof ServerConnector) {
                            zp.b(((ServerConnector) connector).q2);
                        }
                    }
                }
            } catch (Exception e2) {
                sg.j("Failed to stop API server", e2);
            }
        }
    }
}
