package com.jetbrains.bundle.proxy.jetty;

import com.jetbrains.bundle.BundleEnvironment;
import com.jetbrains.bundle.BundleProperties;
import com.jetbrains.bundle.BundleState;
import com.jetbrains.bundle.ServiceDescriptor;
import com.jetbrains.bundle.Services;
import com.jetbrains.bundle.api.clientcert.ClientCertificateAuthSettingsService;
import com.jetbrains.bundle.api.clientcert.model.ClientCertAuthSettings;
import com.jetbrains.bundle.filters.DefaultContextRedirectionFilter;
import com.jetbrains.bundle.filters.RedirectingFilter;
import com.jetbrains.bundle.hub_client.util.validation.AdditionalKeystore;
import com.jetbrains.bundle.hub_client.util.validation.CertificateInfo;
import com.jetbrains.bundle.listener.OnePerClassListener;
import com.jetbrains.bundle.listener.event.ServiceStartedEvent;
import com.jetbrains.bundle.listener.event.StartFinishedEvent;
import com.jetbrains.bundle.services.Service;
import com.jetbrains.bundle.services.ServicesHolder;
import com.jetbrains.bundle.services.impl.ServiceBase;
import com.jetbrains.bundle.services.impl.jetty.BundleJettyServicesContainer;
import com.jetbrains.bundle.util.BundleJvmOption;
import com.jetbrains.launcher.AppExitCode;
import com.jetbrains.launcher.Status;
import com.jetbrains.launcher.exceptions.StartupException;
import com.jetbrains.service.jetty.BundleSecurityResponseHeadersFilter;
import com.jetbrains.service.util.BundleProperty;
import com.jetbrains.service.util.ConfiguratorUtils;
import com.jetbrains.service.util.SecureMode;
import com.jetbrains.service.util.StatusException;
import com.jetbrains.service.util.UrlUtil;
import com.jetbrains.service.util.cmd.ExecuteServiceCommandException;
import com.jetbrains.service.util.properties.impl.PropertiesBasedConfigurationHelper;
import com.jetbrains.service.util.ssl.KeystoreUtil;
import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.URL;
import java.net.UnknownHostException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import javax.servlet.DispatcherType;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
import org.eclipse.jetty.http2.HTTP2Cipher;
import org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.ForwardedRequestCustomizer;
import org.eclipse.jetty.server.HandlerContainer;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.ContextHandlerCollection;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.server.handler.SecuredRedirectHandler;
import org.eclipse.jetty.servlet.ErrorPageErrorHandler;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.servlets.CrossOriginFilter;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.webapp.WebAppContext;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;

/* loaded from: input_file:com/jetbrains/bundle/proxy/jetty/BundleProxy.class */
public class BundleProxy extends BundleJettyServicesContainer implements ClientCertificateAuthSettingsService {
    private static final String CLIENT_CERT_AUTH_ENABLED_PROPERTY = "client.auth.enabled";
    private static final String CLIENT_AUTH_CERT_NAME_PREFIX = "clientauthcert";

    @NotNull
    private final BundleState myBundleState;
    private Server redirectingContainer;
    private ServletContextHandler myBundleBaseStartupContextHandler;

    @Nullable
    private ClientCertAuthSettings clientCertAuthSettings;

    /* loaded from: input_file:com/jetbrains/bundle/proxy/jetty/BundleProxy$AddProxyOnServiceStartedListener.class */
    public class AddProxyOnServiceStartedListener extends OnePerClassListener<ServiceStartedEvent> {
        public AddProxyOnServiceStartedListener() {
        }

        @Override // com.jetbrains.bundle.listener.BundleListener
        public void onSuccess(@NotNull ServiceStartedEvent serviceStartedEvent) {
            ServletContextHandler addProxyRule;
            Collection allProxiedServices = BundleProxy.this.getAllProxiedServices(BundleProxy.this.getAllProperties());
            String id = serviceStartedEvent.getServiceDescriptor().getId();
            if (!allProxiedServices.contains(id) || (addProxyRule = BundleProxy.this.addProxyRule(id, BundleProxy.this.getAllProperties())) == null) {
                return;
            }
            try {
                BundleProxy.this.startContextInContainer(addProxyRule, id);
            } catch (Exception e) {
                BundleProxy.this.getLogger().debug("Failed to start proxying servlet context for service " + id);
            }
        }

        @Override // com.jetbrains.bundle.listener.BundleListener
        public void onFailure(@NotNull ServiceStartedEvent serviceStartedEvent, @NotNull Throwable th) {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/jetbrains/bundle/proxy/jetty/BundleProxy$BaseContextStartupDestroyer.class */
    public class BaseContextStartupDestroyer extends OnePerClassListener<StartFinishedEvent> {
        private BaseContextStartupDestroyer() {
        }

        @Override // com.jetbrains.bundle.listener.BundleListener
        public void onSuccess(@NotNull StartFinishedEvent startFinishedEvent) {
            try {
                BundleProxy.this.stopServletContext(BundleProxy.this.myBundleBaseStartupContextHandler, null);
            } catch (Exception e) {
                BundleProxy.this.getLogger().debug("Failed to stop bundle startup servlet context", e);
            }
        }

        @Override // com.jetbrains.bundle.listener.BundleListener
        public void onFailure(@NotNull StartFinishedEvent startFinishedEvent, @NotNull Throwable th) {
        }
    }

    /* loaded from: input_file:com/jetbrains/bundle/proxy/jetty/BundleProxy$InstallerRedirectingFilter.class */
    public static class InstallerRedirectingFilter implements Filter {
        static final String BUNDLE_BASE_URL_PARAMETER = "bundleBaseUrl";
        static final String BUNDLE_BASE_CONTEXT_PARAMETER = "bundleBaseContext";
        static final String BUNDLE_BASE_LISTEN_PORT_PARAMETER = "bundleListenPort";
        static final String BUNDLE_BASE_LISTEN_ADDRESS_PARAMETER = "bundleListenAddress";
        static final String BUNDLE_SECURE_MODE_PARAMETER = "bundleSecureMode";
        static final String PREVENT_REDIRECTION_FROM_BUNDLE_BASE_CONTEXT_PARAMETER = "preventRedirectionFromBundleBaseContext";
        private String bundleBaseUrl;
        private String bundleBaseContext;
        private int bundleListenPort;
        private String bundleSecureMode;
        private String bundleListenAddress;
        private boolean preventRedirectionFromBundleBaseContext;

        public void init(FilterConfig filterConfig) {
            this.bundleBaseUrl = filterConfig.getInitParameter(BUNDLE_BASE_URL_PARAMETER);
            this.bundleBaseContext = filterConfig.getInitParameter(BUNDLE_BASE_CONTEXT_PARAMETER);
            this.bundleListenPort = Integer.parseInt(filterConfig.getInitParameter(BUNDLE_BASE_LISTEN_PORT_PARAMETER));
            this.bundleListenAddress = filterConfig.getInitParameter(BUNDLE_BASE_LISTEN_ADDRESS_PARAMETER);
            this.bundleSecureMode = filterConfig.getInitParameter(BUNDLE_SECURE_MODE_PARAMETER);
            this.preventRedirectionFromBundleBaseContext = Boolean.valueOf(filterConfig.getInitParameter(PREVENT_REDIRECTION_FROM_BUNDLE_BASE_CONTEXT_PARAMETER)).booleanValue();
        }

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
            String combineUrls;
            String serverName = servletRequest.getServerName();
            String queryString = ((HttpServletRequest) servletRequest).getQueryString();
            String requestURI = ((HttpServletRequest) servletRequest).getRequestURI();
            String str = (requestURI != null ? requestURI : "") + (queryString != null ? "?" + queryString : "");
            if (this.preventRedirectionFromBundleBaseContext && (this.bundleBaseContext.isEmpty() || this.bundleBaseContext.equals("/") || (requestURI != null && requestURI.startsWith(this.bundleBaseContext)))) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            String str2 = this.bundleBaseUrl;
            if (serverName.equalsIgnoreCase(new URL(str2).getHost()) || !(this.bundleSecureMode == null || SecureMode.DISABLE.getName().equals(this.bundleSecureMode))) {
                combineUrls = UrlUtil.combineUrls(str2, str);
            } else {
                combineUrls = UrlUtil.combineUrls(UrlUtil.constructUrl(servletRequest.getScheme(), "0.0.0.0".equals(this.bundleListenAddress) ? serverName : this.bundleListenAddress, this.bundleListenPort, this.bundleBaseContext), str);
            }
            ((HttpServletResponse) servletResponse).sendRedirect(combineUrls);
        }

        public void destroy() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @FunctionalInterface
    /* loaded from: input_file:com/jetbrains/bundle/proxy/jetty/BundleProxy$KeyStoreFunction.class */
    public interface KeyStoreFunction<One, Two> {
        void apply(One one, Two two) throws KeyStoreException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/jetbrains/bundle/proxy/jetty/BundleProxy$TrustAllClientsSslContextFactory.class */
    public static class TrustAllClientsSslContextFactory extends SslContextFactory {

        /* loaded from: input_file:com/jetbrains/bundle/proxy/jetty/BundleProxy$TrustAllClientsSslContextFactory$CompositeX509TrustAllClientsManager.class */
        private static class CompositeX509TrustAllClientsManager extends X509ExtendedTrustManager {

            @NotNull
            private final List<X509TrustManager> x509TrustManagers;

            CompositeX509TrustAllClientsManager(@NotNull List<X509TrustManager> list) {
                this.x509TrustManagers = list;
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
                for (X509TrustManager x509TrustManager : this.x509TrustManagers) {
                    try {
                        if (x509TrustManager instanceof X509ExtendedTrustManager) {
                            ((X509ExtendedTrustManager) x509TrustManager).checkServerTrusted(x509CertificateArr, str, socket);
                            return;
                        } else {
                            x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                            return;
                        }
                    } catch (CertificateException e) {
                        if (this.x509TrustManagers.size() == 1) {
                            throw e;
                        }
                    }
                }
                throw new CertificateException("Cannot build trusted certificates chain");
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
                for (X509TrustManager x509TrustManager : this.x509TrustManagers) {
                    try {
                        if (x509TrustManager instanceof X509ExtendedTrustManager) {
                            ((X509ExtendedTrustManager) x509TrustManager).checkServerTrusted(x509CertificateArr, str, sSLEngine);
                            return;
                        } else {
                            x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                            return;
                        }
                    } catch (CertificateException e) {
                        if (this.x509TrustManagers.size() == 1) {
                            throw e;
                        }
                    }
                }
                throw new CertificateException("Cannot build trusted certificates chain");
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                Iterator<X509TrustManager> it = this.x509TrustManagers.iterator();
                while (it.hasNext()) {
                    try {
                        it.next().checkServerTrusted(x509CertificateArr, str);
                        return;
                    } catch (CertificateException e) {
                        if (this.x509TrustManagers.size() == 1) {
                            throw e;
                        }
                    }
                }
                throw new CertificateException("Cannot build trusted certificates chain");
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                ArrayList arrayList = new ArrayList();
                Iterator<X509TrustManager> it = this.x509TrustManagers.iterator();
                while (it.hasNext()) {
                    arrayList.addAll(Arrays.asList(it.next().getAcceptedIssuers()));
                }
                if (arrayList.isEmpty()) {
                    return null;
                }
                return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
            }
        }

        private TrustAllClientsSslContextFactory() {
        }

        protected TrustManager[] getTrustManagers(KeyStore keyStore, Collection<? extends CRL> collection) throws Exception {
            TrustManager[] trustManagers = super.getTrustManagers(keyStore, collection);
            if (trustManagers == null) {
                return null;
            }
            ArrayList arrayList = new ArrayList();
            for (TrustManager trustManager : trustManagers) {
                if (trustManager instanceof X509TrustManager) {
                    arrayList.add((X509TrustManager) trustManager);
                }
            }
            return arrayList.isEmpty() ? trustManagers : new TrustManager[]{new CompositeX509TrustAllClientsManager(arrayList)};
        }
    }

    public BundleProxy(@NotNull ServicesHolder servicesHolder, @NotNull BundleState bundleState) {
        super(servicesHolder, bundleState.getContextHolder());
        this.myBundleState = bundleState;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.jetbrains.bundle.services.impl.jetty.BundleJettyServicesContainer
    @NotNull
    public HandlerCollection getHandlerCollection(@NotNull Properties properties, @NotNull Server server) throws StartupException, IOException {
        HandlerCollection handlerCollection = super.getHandlerCollection(properties, server);
        addInstallationTimeServletContainerIfNeeded(this.myBundleState.getProperties(), this.myBundleState.getEnvironment(), handlerCollection);
        addFilterFromStartingPageContextIfNeeded(properties, handlerCollection);
        addHandlerForRedirectionFromRootContextIfNeeded(properties, handlerCollection);
        addBundleBaseContextStartupHandler(properties, this.myBundleState, this.myBundleState.getEnvironment(), handlerCollection);
        return handlerCollection;
    }

    protected void addSecureHandler(@NotNull HandlerCollection handlerCollection, @NotNull Properties properties) {
        if (getMandatoryProperty(BundleProperty.SECURE_MODE.getPrefixedName(), properties).equals(SecureMode.TLS.getName()) && Boolean.valueOf(properties.getProperty(BundleProperty.TLS_REDIRECT_FROM_HTTP_FLAG.getPrefixedName())).booleanValue()) {
            handlerCollection.addHandler(new SecuredRedirectHandler());
        }
    }

    private void addHandlerForRedirectionFromRootContextIfNeeded(@NotNull Properties properties, HandlerCollection handlerCollection) {
        String serviceProperty = getServicesHolder().getSortedServicesIds().contains("configurationWizard") ? "configurationWizard" : PropertiesBasedConfigurationHelper.getHelper().getServiceProperty(properties, "default.service");
        if (serviceProperty == null || !getServicesHolder().getSortedServicesIds().contains(serviceProperty)) {
            return;
        }
        final String mandatoryServiceProperty = PropertiesBasedConfigurationHelper.getHelper().getMandatoryServiceProperty(properties, serviceProperty, "context");
        String context = this.myBundleState.getProperties().getContext();
        if (PropertiesBasedConfigurationHelper.getHelper().getServicesPropertyValue(properties, "context").values().contains(context)) {
            return;
        }
        ServletContextHandler servletContextHandler = new ServletContextHandler() { // from class: com.jetbrains.bundle.proxy.jetty.BundleProxy.1
            public void doHandle(String str, Request request, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
                if (request.isHandled() || httpServletRequest.getServletPath() == null || !UrlUtil.trimSlashes(httpServletRequest.getServletPath()).isEmpty()) {
                    return;
                }
                String str2 = mandatoryServiceProperty;
                String queryString = httpServletRequest.getQueryString();
                if (queryString != null) {
                    str2 = str2.concat("?").concat(queryString);
                }
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(str2));
            }
        };
        servletContextHandler.setContextPath(context);
        handlerCollection.addHandler(servletContextHandler);
    }

    private void addFilterFromStartingPageContextIfNeeded(@NotNull Properties properties, HandlerCollection handlerCollection) {
        if (!PropertiesBasedConfigurationHelper.getHelper().isServiceEnabled(properties, "startingPage") || null == PropertiesBasedConfigurationHelper.getHelper().getServiceProperty(properties, "startingPage", "id")) {
            String mandatoryServiceProperty = PropertiesBasedConfigurationHelper.getHelper().getMandatoryServiceProperty(properties, Services.getAfterStartService(properties, getServiceDescriptorsMap(getServicesHolder().getSortedServiceDescriptors())).getId(), "context");
            FilterHolder filterHolder = new FilterHolder(RedirectingFilter.class);
            filterHolder.setInitParameter(RedirectingFilter.REDIRECT_URL_PARAMETER, UrlUtil.ensureEndsWithSlash(mandatoryServiceProperty));
            ServletContextHandler servletContextHandler = new ServletContextHandler();
            servletContextHandler.setContextPath(this.myBundleState.getProperties().getFullServiceUrlPath(Services.STARTING_PAGE_CONTEXT));
            servletContextHandler.addFilter(filterHolder, "", (EnumSet) null);
            handlerCollection.addHandler(servletContextHandler);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @NotNull
    public Collection<String> getAllProxiedServices(@NotNull Properties properties) {
        Collection<?> bundledInProcessServices = PropertiesBasedConfigurationHelper.getHelper().getBundledInProcessServices(properties, properties.getProperty("id"));
        Set allBundleServiceContainers = PropertiesBasedConfigurationHelper.getHelper().getAllBundleServiceContainers(properties);
        Collection<String> services = PropertiesBasedConfigurationHelper.getHelper().getServices(properties);
        services.removeAll(bundledInProcessServices);
        services.removeAll(allBundleServiceContainers);
        return services;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.jetbrains.bundle.services.impl.jetty.BundleJettyServicesContainer
    public WebAppContext addServiceToBundleProcess(Properties properties, String str, Server server) throws StartupException, IOException {
        WebAppContext addServiceToBundleProcess = super.addServiceToBundleProcess(properties, str, server);
        addCorsFilter(properties, addServiceToBundleProcess);
        return addServiceToBundleProcess;
    }

    public void beforeStart(@NotNull Properties properties) {
        super.beforeStart(properties);
        applyJvmOptionsOfBundledServices(properties);
    }

    private void applyJvmOptionsOfBundledServices(Properties properties) {
        Set<String> keySet = PropertiesBasedConfigurationHelper.getHelper().getAllBundledServices(properties).keySet();
        HashMap hashMap = new HashMap();
        for (String str : keySet) {
            ServiceBase service = getServicesHolder().getService(str);
            if (service != null) {
                Map<String, String> serviceSystemProperties = getServiceSystemProperties(service);
                for (String str2 : serviceSystemProperties.keySet()) {
                    Map map = (Map) hashMap.get(str2);
                    if (map == null) {
                        map = new HashMap();
                        hashMap.put(str2, map);
                    }
                    map.put(str, serviceSystemProperties.get(str2));
                }
            }
        }
        for (String str3 : hashMap.keySet()) {
            Map map2 = (Map) hashMap.get(str3);
            String property = System.getProperty(str3);
            if (property != null) {
                for (String str4 : map2.keySet()) {
                    String str5 = (String) map2.get(str4);
                    if (!property.equals(str5)) {
                        getLogger().warn(String.format("Ignoring JVM option [%s=%s] of bundled service [%s], this property has already been set in Bundle to value [%s]", str3, str5, str4, property));
                    }
                }
            } else if (new HashSet(map2.values()).size() == 1) {
                String str6 = (String) map2.values().iterator().next();
                System.setProperty(str3, str6);
                Logger logger = getLogger();
                Object[] objArr = new Object[4];
                objArr[0] = str3;
                objArr[1] = str6;
                objArr[2] = map2.size() > 1 ? "s" : "";
                objArr[3] = new HashSet(map2.keySet()).toString();
                logger.debug(String.format("JVM option [%s=%s] defined for bundled service%s %s is set", objArr));
            } else {
                getLogger().warn(String.format("Ignoring JVM option [%s]. It has got different values in different bundled services: %s%s", str3, System.lineSeparator(), map2.toString()));
            }
        }
    }

    private Map<String, String> getServiceSystemProperties(Service service) {
        try {
            return service.listSystemProperties();
        } catch (StatusException | ExecuteServiceCommandException e) {
            getLogger().error(e.getMessage(), e);
            return Collections.emptyMap();
        } catch (RuntimeException e2) {
            getLogger().debug(String.format("Either service %s doesn't support command [list jvm-options] or it failed to execute", service.getDescriptor().getId()), e2);
            return Collections.emptyMap();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ServletContextHandler addProxyRule(@NotNull String str, Properties properties) {
        String serviceProperty = PropertiesBasedConfigurationHelper.getHelper().getServiceProperty(properties, str, "context");
        String serviceProperty2 = PropertiesBasedConfigurationHelper.getHelper().getServiceProperty(properties, str, "port");
        String serviceProperty3 = PropertiesBasedConfigurationHelper.getHelper().getServiceProperty(properties, str, "host");
        if (serviceProperty == null || serviceProperty2 == null) {
            return null;
        }
        ServletContextHandler servletContextHandler = new ServletContextHandler((HandlerContainer) null, serviceProperty);
        addCorsFilter(properties, servletContextHandler);
        String str2 = "http://" + serviceProperty3 + ":" + Integer.valueOf(serviceProperty2) + serviceProperty;
        getLogger().debug(String.format("Adding proxy route from '%s' to '%s'", serviceProperty, str2));
        ServletHolder servletHolder = new ServletHolder(new ProxyServlet(str));
        servletHolder.setInitParameter("proxyTo", str2);
        servletHolder.setInitParameter("maxThreads", "1024");
        servletHolder.setInitParameter("idleTimeout", getIdleTimeout().toString());
        servletHolder.setInitParameter("timeout", String.valueOf(BundleJettyServicesContainer.REQUEST_TIMEOUT_MS));
        servletHolder.setInitParameter("requestBufferSize", getRequestHeaderBufferSize().toString());
        servletHolder.setInitParameter("responseBufferSize", getResponseHeaderBufferSize().toString());
        servletContextHandler.addServlet(servletHolder, "/*");
        return servletContextHandler;
    }

    private void addCorsFilter(Properties properties, ServletContextHandler servletContextHandler) {
        String configWizardCorsAllowedOrigins;
        if (!properties.getProperty(BundleProperty.SECURE_MODE.getPrefixedName()).equals(SecureMode.DISABLE.getName())) {
            servletContextHandler.addFilter(new FilterHolder(BundleSecurityResponseHeadersFilter.class), "*", EnumSet.allOf(DispatcherType.class));
        }
        if (getServicesHolder().getService("configurationWizard") != null) {
            configWizardCorsAllowedOrigins = "*";
        } else {
            configWizardCorsAllowedOrigins = getConfigWizardCorsAllowedOrigins(properties);
            if (configWizardCorsAllowedOrigins.trim().isEmpty()) {
                return;
            }
        }
        FilterHolder filterHolder = new FilterHolder(CrossOriginFilter.class);
        filterHolder.setInitParameter("allowedOrigins", configWizardCorsAllowedOrigins);
        filterHolder.setInitParameter("exposedHeaders", "X-Cache-Date, X-Atmosphere-tracking-id");
        filterHolder.setInitParameter("allowedHeaders", "X-Requested-With, Content-Type, Accept, Origin, cache-control, expires, pragma");
        servletContextHandler.addFilter(filterHolder, "*", EnumSet.allOf(DispatcherType.class));
        servletContextHandler.addFilter(new FilterHolder(AllowOriginOneTimeFilter.class), "*", EnumSet.allOf(DispatcherType.class));
    }

    @NotNull
    private String getConfigWizardCorsAllowedOrigins(Properties properties) {
        String serviceProperty = PropertiesBasedConfigurationHelper.getHelper().getServiceProperty(properties, "configurationWizard", "wizard-url");
        StringBuilder sb = new StringBuilder();
        if (serviceProperty == null) {
            addAdditionalCorsAllowedOrigins(sb);
            return sb.toString();
        }
        sb.append(serviceProperty);
        addAdditionalCorsAllowedOrigins(sb);
        String serviceProperty2 = PropertiesBasedConfigurationHelper.getHelper().getServiceProperty(properties, "configurationWizard", "wizard-actual-client-url");
        if (serviceProperty2 != null) {
            try {
                URL url = new URL(serviceProperty2);
                addNewAllowedOrigin(url, sb, url.getHost());
            } catch (MalformedURLException e) {
                getLogger().debug(String.format("Malformed URL [%s] was stored by Wizard in property '%s'", serviceProperty2, "wizard-actual-client-url"));
            }
        }
        try {
            URL url2 = new URL(serviceProperty);
            addNewAllowedOrigin(url2, sb, url2.getHost());
            URL url3 = null;
            try {
                url3 = new URL(UrlUtil.constructUrl("http", "127.0.0.1", Integer.parseInt(properties.getProperty(BundleProperty.LISTEN_PORT.getPrefixedName())), url2.getPath()));
            } catch (NumberFormatException | MalformedURLException e2) {
                getLogger().debug("Can not construct internal URL of Configuration Wizard service: " + e2.getMessage(), e2);
            }
            try {
                String canonicalHostName = InetAddress.getLocalHost().getCanonicalHostName();
                addNewAllowedOrigin(url2, sb, canonicalHostName);
                addNewAllowedOrigin(url3, sb, canonicalHostName);
            } catch (UnknownHostException e3) {
                getLogger().debug("Can not get fully qualified domain name address of Configuration Wizard server: " + e3.getMessage(), e3);
            }
            try {
                InetAddress localHost = InetAddress.getLocalHost();
                addNewAllowedOrigin(url2, sb, localHost.getHostAddress());
                addNewAllowedOrigin(url2, sb, localHost.getHostName());
                addNewAllowedOrigin(url3, sb, localHost.getHostAddress());
                addNewAllowedOrigin(url3, sb, localHost.getHostName());
            } catch (UnknownHostException e4) {
                getLogger().debug("Can not get local host name address of Configuration Wizard server: " + e4.getMessage(), e4);
            }
            InetAddress loopbackAddress = InetAddress.getLoopbackAddress();
            addNewAllowedOrigin(url2, sb, loopbackAddress.getHostAddress());
            addNewAllowedOrigin(url2, sb, loopbackAddress.getHostName());
            addNewAllowedOrigin(url3, sb, loopbackAddress.getHostAddress());
            addNewAllowedOrigin(url3, sb, loopbackAddress.getHostName());
            return sb.toString();
        } catch (MalformedURLException e5) {
            return sb.toString();
        }
    }

    private void addAdditionalCorsAllowedOrigins(StringBuilder sb) {
        String str = BundleJvmOption.ADDITIONAL_CORS.get();
        if (str != null) {
            for (String str2 : str.split(" ")) {
                if (!str2.trim().isEmpty()) {
                    try {
                        URL url = new URL(str2);
                        addNewAllowedOrigin(url, sb, url.getHost());
                    } catch (MalformedURLException e) {
                        getLogger().error(String.format("Malformed URL [%s]", str2));
                    }
                }
            }
        }
    }

    private void addNewAllowedOrigin(URL url, StringBuilder sb, String str) {
        if (url == null) {
            return;
        }
        try {
            sb.append(",").append(new URL(url.getProtocol(), str, url.getPort(), "").toString().toLowerCase());
        } catch (MalformedURLException e) {
            getLogger().debug("Can not compose URL: " + e.getMessage(), e);
        }
    }

    @NotNull
    private static Map<String, ServiceDescriptor> getServiceDescriptorsMap(@NotNull List<ServiceDescriptor> list) {
        HashMap hashMap = new HashMap();
        for (ServiceDescriptor serviceDescriptor : list) {
            hashMap.put(serviceDescriptor.getId(), serviceDescriptor);
        }
        return hashMap;
    }

    public AppExitCode shutdown(boolean z, AppExitCode appExitCode) {
        super.shutdown(z, appExitCode);
        if (this.redirectingContainer != null) {
            try {
                this.redirectingContainer.stop();
            } catch (Throwable th) {
                getLogger().debug("Could not stop redirecting servlet container", th);
            }
        }
        return appExitCode;
    }

    private void addInstallationTimeServletContainerIfNeeded(BundleProperties bundleProperties, BundleEnvironment bundleEnvironment, HandlerCollection handlerCollection) {
        Date fileLastModifiedDate = bundleEnvironment.getInstallationConfig().getFileLastModifiedDate();
        String listenAddress = bundleEnvironment.getInstallationConfig().getListenAddress();
        Integer installationPort = bundleEnvironment.getInstallationConfig().getInstallationPort();
        if (listenAddress == null || installationPort == null) {
            return;
        }
        if (fileLastModifiedDate == null || System.currentTimeMillis() - fileLastModifiedDate.getTime() < 3600000) {
            if (bundleProperties.getListenAddress().equalsIgnoreCase(listenAddress)) {
                if (bundleProperties.getListenPort() != installationPort.intValue()) {
                    this.redirectingContainer = createRedirectingServiceContainer(listenAddress, installationPort.intValue(), bundleProperties);
                    return;
                }
                String context = bundleProperties.getContext();
                if (context.isEmpty() || context.equals("/")) {
                    return;
                }
                addFilterForRedirectionToBundleServletContainer(handlerCollection, bundleProperties);
                return;
            }
            if (bundleProperties.getListenPort() != installationPort.intValue()) {
                this.redirectingContainer = createRedirectingServiceContainer(listenAddress, installationPort.intValue(), bundleProperties);
                return;
            }
            if (!bundleProperties.getListenAddress().equals("0.0.0.0")) {
                if (listenAddress.equals("0.0.0.0")) {
                    getLogger().warn(String.format("Can't start listening on {%s:%s}, because product has already occupied {%s:%s}", listenAddress, installationPort, bundleProperties.getListenAddress(), Integer.valueOf(bundleProperties.getListenPort())));
                    return;
                } else {
                    this.redirectingContainer = createRedirectingServiceContainer(listenAddress, installationPort.intValue(), bundleProperties);
                    return;
                }
            }
            String context2 = bundleProperties.getContext();
            if (context2.isEmpty() || context2.equals("/")) {
                return;
            }
            addFilterForRedirectionToBundleServletContainer(handlerCollection, bundleProperties);
        }
    }

    public Server createJettyServer(int i, @NotNull String str, @NotNull Properties properties) {
        Server server = new Server();
        server.setStopTimeout(5000L);
        ArrayList arrayList = new ArrayList();
        if (getMandatoryProperty(BundleProperty.SECURE_MODE.getPrefixedName(), properties).equals(SecureMode.DISABLE.getName())) {
            arrayList.add(buildHttpServerConnector(i, str, server));
        } else {
            arrayList.add(buildSslConnector(i, str, properties, server));
            if (Boolean.valueOf(properties.getProperty(BundleProperty.TLS_REDIRECT_FROM_HTTP_FLAG.getPrefixedName())).booleanValue()) {
                arrayList.add(buildHttpServerConnector(Integer.parseInt(getMandatoryProperty(BundleProperty.TLS_REDIRECT_FROM_HTTP_LISTEN_PORT.getPrefixedName(), properties)), str, server, Integer.valueOf(i)));
            }
        }
        server.setConnectors((Connector[]) arrayList.toArray(new Connector[0]));
        return server;
    }

    @NotNull
    private ServerConnector buildSslConnector(int i, @NotNull String str, @NotNull Properties properties, Server server) {
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setSecurePort(i);
        httpConfiguration.setSecureScheme("https");
        httpConfiguration.setSendXPoweredBy(false);
        httpConfiguration.setSendServerVersion(false);
        if (getBlockingTimeout() != null) {
            httpConfiguration.setBlockingTimeout(r0.intValue());
        }
        httpConfiguration.addCustomizer(new ForwardedRequestCustomizer());
        httpConfiguration.addCustomizer(new SecureRequestCustomizer());
        TrustAllClientsSslContextFactory trustAllClientsSslContextFactory = new TrustAllClientsSslContextFactory();
        trustAllClientsSslContextFactory.setKeyStorePath(getMandatoryProperty(BundleProperty.ADDITIONAL_KEYSTORE_PATH.getPrefixedName(), properties));
        String mandatoryProperty = getMandatoryProperty(BundleProperty.ADDITIONAL_KEYSTORE_PASSWORD.getPrefixedName(), properties);
        String[] listProperty = getListProperty(properties, BundleProperty.TLS_PROTOCOLS);
        String[] listProperty2 = getListProperty(properties, BundleProperty.TLS_EXCLUDE_PROTOCOLS);
        String[] listProperty3 = getListProperty(properties, BundleProperty.TLS_CIPHER_SUITE);
        String[] listProperty4 = getListProperty(properties, BundleProperty.TLS_EXCLUDE_CIPHER_SUITE);
        trustAllClientsSslContextFactory.setKeyStorePassword(mandatoryProperty);
        trustAllClientsSslContextFactory.setCertAlias("secureKeyStoreAlias".toLowerCase());
        trustAllClientsSslContextFactory.setKeyManagerPassword(mandatoryProperty);
        if (listProperty != null) {
            trustAllClientsSslContextFactory.setIncludeProtocols(listProperty);
        }
        if (listProperty2 != null) {
            trustAllClientsSslContextFactory.setExcludeProtocols(listProperty2);
        }
        if (listProperty3 != null) {
            trustAllClientsSslContextFactory.setIncludeCipherSuites(listProperty3);
        }
        if (listProperty4 != null) {
            trustAllClientsSslContextFactory.setExcludeCipherSuites(listProperty4);
        }
        trustAllClientsSslContextFactory.setRenegotiationAllowed(false);
        trustAllClientsSslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
        trustAllClientsSslContextFactory.setUseCipherSuitesOrder(true);
        trustAllClientsSslContextFactory.addExcludeProtocols(new String[]{"TLSv1.3"});
        setClientCertificateAuthSettings(trustAllClientsSslContextFactory);
        ConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpConfiguration);
        ConnectionFactory hTTP2ServerConnectionFactory = new HTTP2ServerConnectionFactory(httpConfiguration);
        ConnectionFactory createAlpnProtocolFactory = createAlpnProtocolFactory(httpConnectionFactory);
        ServerConnector serverConnector = new ServerConnector(server, new ConnectionFactory[]{new SslConnectionFactory(trustAllClientsSslContextFactory, createAlpnProtocolFactory.getProtocol()), createAlpnProtocolFactory, hTTP2ServerConnectionFactory, httpConnectionFactory});
        serverConnector.setHost(str);
        serverConnector.setPort(i);
        serverConnector.setIdleTimeout(getIdleTimeout().intValue());
        return serverConnector;
    }

    public void changeClientCertificateAuthSettings(boolean z, List<String> list) {
        for (Connector connector : getServer().getConnectors()) {
            for (SslConnectionFactory sslConnectionFactory : connector.getConnectionFactories()) {
                if (sslConnectionFactory instanceof SslConnectionFactory) {
                    try {
                        SslConnectionFactory sslConnectionFactory2 = sslConnectionFactory;
                        List<Certificate> parseCertificates = list != null ? CertificateInfo.parseCertificates(list) : Collections.emptyList();
                        setClientCertificateAuthSettings(sslConnectionFactory2.getSslContextFactory(), z, parseCertificates);
                        sslConnectionFactory2.getSslContextFactory().reload(sslContextFactory -> {
                            getLogger().debug(String.format("Start reloading SSLContextFactory [enableCertificateAuth=%s]", Boolean.valueOf(z)));
                        });
                        persistClientCertAuthSettings(z, parseCertificates);
                        return;
                    } catch (Exception e) {
                        getLogger().error("Failed to reload SSLContextFactory", e);
                        throw new RuntimeException("Failed to reload SSLContextFactory", e);
                    }
                }
            }
        }
    }

    private void persistClientCertAuthSettings(boolean z, List<Certificate> list) {
        try {
            storeClientCertificateAuthEnabledFlag(z);
            if (z) {
                storeClientAuthCertificatesInAdditionalKeystore(list);
            }
        } catch (Exception e) {
            getLogger().debug("Failed to update client certificates in bundle keystore", e);
        }
    }

    private boolean isClientCertificatesAuthEnabled() {
        return Boolean.valueOf(loadClientAuthProperties().getProperty(CLIENT_CERT_AUTH_ENABLED_PROPERTY)).booleanValue();
    }

    private Properties loadClientAuthProperties() {
        File clientAuthConfig = getClientAuthConfig();
        return Files.exists(clientAuthConfig.toPath(), new LinkOption[0]) ? ConfiguratorUtils.loadPropertiesFile(clientAuthConfig) : new Properties();
    }

    private void storeClientCertificateAuthEnabledFlag(boolean z) {
        Properties loadClientAuthProperties = loadClientAuthProperties();
        loadClientAuthProperties.setProperty(CLIENT_CERT_AUTH_ENABLED_PROPERTY, String.valueOf(z));
        ConfiguratorUtils.savePropertiesFile(getClientAuthConfig(), loadClientAuthProperties);
    }

    @NotNull
    private File getClientAuthConfig() {
        return this.myBundleState.getEnvironment().getInternalServiceConfDir("bundleProcess").toPath().resolve("client_auth.properties").toFile();
    }

    private void storeClientAuthCertificatesInAdditionalKeystore(@NotNull List<Certificate> list) throws KeyStoreException {
        KeyStore loadAdditionalKeystore = loadAdditionalKeystore(getAllProperties());
        if (loadAdditionalKeystore == null) {
            return;
        }
        iterateThroughClientAuthCertificates(loadAdditionalKeystore, (v0, v1) -> {
            v0.deleteEntry(v1);
        });
        addClientAuthCertificates(loadAdditionalKeystore, list);
        saveAdditionalKeystore(loadAdditionalKeystore, getAllProperties());
    }

    private void addClientAuthCertificates(@NotNull KeyStore keyStore, @NotNull List<Certificate> list) throws KeyStoreException {
        for (int i = 0; i < list.size(); i++) {
            keyStore.setCertificateEntry(CLIENT_AUTH_CERT_NAME_PREFIX + i, list.get(i));
        }
    }

    private void iterateThroughClientAuthCertificates(@NotNull KeyStore keyStore, @NotNull KeyStoreFunction<KeyStore, String> keyStoreFunction) throws KeyStoreException {
        Iterator it = Collections.list(keyStore.aliases()).iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (str != null && str.toLowerCase().startsWith(CLIENT_AUTH_CERT_NAME_PREFIX)) {
                keyStoreFunction.apply(keyStore, str);
            }
        }
    }

    private KeyStore loadAdditionalKeystore(@NotNull Properties properties) {
        try {
            return AdditionalKeystore.loadAsKeystore(properties);
        } catch (Exception e) {
            getLogger().error("Failed to load keystore from " + PropertiesBasedConfigurationHelper.getHelper().getMandatoryServiceProperty(properties, BundleProperty.ADDITIONAL_KEYSTORE_PATH.getPrefixedName()), e);
            return null;
        }
    }

    private void saveAdditionalKeystore(KeyStore keyStore, Properties properties) {
        Path path = Paths.get(PropertiesBasedConfigurationHelper.getHelper().getMandatoryServiceProperty(properties, BundleProperty.ADDITIONAL_KEYSTORE_PATH.getPrefixedName()), new String[0]);
        try {
            KeystoreUtil.saveKeyStore(keyStore, path, PropertiesBasedConfigurationHelper.getHelper().getMandatoryServiceProperty(properties, BundleProperty.ADDITIONAL_KEYSTORE_PASSWORD.getPrefixedName()));
        } catch (Exception e) {
            getLogger().error("Failed to store keystore at " + path.toString(), e);
        }
    }

    private void setClientCertificateAuthSettings(SslContextFactory sslContextFactory) {
        boolean isClientCertificatesAuthEnabled = isClientCertificatesAuthEnabled();
        try {
            ArrayList arrayList = new ArrayList();
            if (isClientCertificatesAuthEnabled) {
                arrayList.addAll(loadClientAuthCertificates());
                if (arrayList.isEmpty()) {
                    getLogger().warn("No certificate used for client authentication was found. Client authentication has not been enabled");
                    return;
                }
            }
            setClientCertificateAuthSettings(sslContextFactory, isClientCertificatesAuthEnabled, arrayList);
        } catch (Exception e) {
            getLogger().error(String.format("Failed to configure client auth settings [isEnabled=%s] on SSLContextFactory", Boolean.valueOf(isClientCertificatesAuthEnabled)), e);
        }
    }

    @NotNull
    private List<Certificate> loadClientAuthCertificates() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore loadAsKeystore = AdditionalKeystore.loadAsKeystore(getAllProperties());
        ArrayList arrayList = new ArrayList();
        iterateThroughClientAuthCertificates(loadAsKeystore, (keyStore, str) -> {
            arrayList.add(keyStore.getCertificate(str));
        });
        return arrayList;
    }

    private void setClientCertificateAuthSettings(@NotNull SslContextFactory sslContextFactory, boolean z, @NotNull List<Certificate> list) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        if (z) {
            if (list.isEmpty()) {
                throw new IllegalArgumentException("At least one certificate should be passed if client certificate authentication is enabled");
            }
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null, null);
            addClientAuthCertificates(keyStore, list);
            sslContextFactory.setTrustStore(keyStore);
        }
        sslContextFactory.setWantClientAuth(z);
        this.clientCertAuthSettings = new ClientCertAuthSettings(z, getEncodedClientAuthCertificates(list));
    }

    private List<String> getEncodedClientAuthCertificates(@NotNull List<Certificate> list) {
        try {
            ArrayList arrayList = new ArrayList();
            Iterator<Certificate> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(CertificateInfo.toPemFormat(it.next().getEncoded()));
            }
            return Collections.unmodifiableList(arrayList);
        } catch (Exception e) {
            getLogger().error("Failed to convert certificates in string representation", e);
            return null;
        }
    }

    public ClientCertAuthSettings getClientCertificateAuthSettings() {
        return this.clientCertAuthSettings;
    }

    private ALPNServerConnectionFactory createAlpnProtocolFactory(HttpConnectionFactory httpConnectionFactory) {
        ALPNServerConnectionFactory aLPNServerConnectionFactory = new ALPNServerConnectionFactory(new String[0]);
        aLPNServerConnectionFactory.setDefaultProtocol(httpConnectionFactory.getProtocol());
        return aLPNServerConnectionFactory;
    }

    private Server createRedirectingServiceContainer(@NotNull String str, int i, @NotNull BundleProperties bundleProperties) {
        Server createJettyServer = super.createJettyServer(i, str, getAllProperties());
        ContextHandlerCollection contextHandlerCollection = new ContextHandlerCollection();
        addFilterForRedirectionToBundleServletContainer(contextHandlerCollection, bundleProperties, false);
        HandlerCollection handlerCollection = new HandlerCollection();
        handlerCollection.addHandler(contextHandlerCollection);
        createJettyServer.setHandler(handlerCollection);
        try {
            createJettyServer.start();
        } catch (Exception e) {
            getLogger().debug(String.format("Error while starting server on {%s:%s}", str, Integer.valueOf(i)), e);
        }
        return createJettyServer;
    }

    private void addFilterForRedirectionToBundleServletContainer(@NotNull HandlerCollection handlerCollection, @NotNull BundleProperties bundleProperties) {
        addFilterForRedirectionToBundleServletContainer(handlerCollection, bundleProperties, true);
    }

    private void addFilterForRedirectionToBundleServletContainer(@NotNull HandlerCollection handlerCollection, @NotNull BundleProperties bundleProperties, boolean z) {
        FilterHolder filterHolder = new FilterHolder(InstallerRedirectingFilter.class);
        filterHolder.setInitParameter("bundleBaseUrl", bundleProperties.getBaseUrl());
        filterHolder.setInitParameter("bundleBaseContext", bundleProperties.getContext());
        filterHolder.setInitParameter("bundleListenPort", Integer.toString(bundleProperties.getListenPort()));
        filterHolder.setInitParameter("bundleListenAddress", bundleProperties.getListenAddress());
        filterHolder.setInitParameter("bundleSecureMode", bundleProperties.getSecureMode());
        filterHolder.setInitParameter("preventRedirectionFromBundleBaseContext", String.valueOf(z));
        ServletContextHandler servletContextHandler = new ServletContextHandler();
        servletContextHandler.setContextPath("/");
        servletContextHandler.addFilter(filterHolder, "*", (EnumSet) null);
        handlerCollection.addHandler(servletContextHandler);
    }

    private void addBundleBaseContextStartupHandler(@NotNull Properties properties, @NotNull final BundleState bundleState, @NotNull BundleEnvironment bundleEnvironment, @NotNull HandlerCollection handlerCollection) {
        final Map<String, ServiceDescriptor> serviceDescriptorsMap = bundleState.getServices().getServiceDescriptorsMap();
        final String context = bundleState.getProperties().getContext();
        ServletContextHandler servletContextHandler = new ServletContextHandler() { // from class: com.jetbrains.bundle.proxy.jetty.BundleProxy.2
            public void doHandle(String str, Request request, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
                if (request.isHandled()) {
                    return;
                }
                if (httpServletRequest.getServletPath().equals("/bundle/error_pages")) {
                    super.doHandle(str, request, httpServletRequest, httpServletResponse);
                }
                if (!bundleState.getServices().isBundleStarting() || bundleState.getServices().isBundleShutdownInProgress()) {
                    return;
                }
                String combineContexts = UrlUtil.combineContexts(httpServletRequest.getContextPath(), httpServletRequest.getServletPath());
                String str2 = null;
                String str3 = null;
                for (ServiceDescriptor serviceDescriptor : serviceDescriptorsMap.values()) {
                    if (!serviceDescriptor.isBundleServiceContainer()) {
                        String fullServiceUrlPath = bundleState.getProperties().getFullServiceUrlPath(serviceDescriptor);
                        if (!fullServiceUrlPath.equals(context)) {
                            if (combineContexts.equals(fullServiceUrlPath) || combineContexts.startsWith(UrlUtil.ensureEndsWithSlash(fullServiceUrlPath))) {
                                str3 = serviceDescriptor.getId();
                                break;
                            }
                        } else {
                            str2 = serviceDescriptor.getId();
                        }
                    }
                }
                if (str3 == null) {
                    str3 = str2;
                }
                if (str3 == null || Status.RUNNING.name().equalsIgnoreCase(bundleState.getServices().getServiceStatus(str3).getStatus())) {
                    return;
                }
                super.doHandle(str, request, httpServletRequest, httpServletResponse);
            }
        };
        servletContextHandler.setContextPath(this.myBundleState.getProperties().getContext());
        ErrorPageErrorHandler errorPageErrorHandler = new ErrorPageErrorHandler();
        errorPageErrorHandler.addErrorPage(404, UrlUtil.combineContexts("/bundle/error_pages", "/404.html"));
        servletContextHandler.setErrorHandler(errorPageErrorHandler);
        ServletHolder servletHolder = new ServletHolder(ErrorPagesServlet.class);
        prepareErrorPagesServletInitParameters(properties, servletHolder);
        servletContextHandler.setResourceBase(bundleEnvironment.getBundleHomeInternal().resolve("error_pages").toString());
        servletContextHandler.addServlet(servletHolder, "/bundle/error_pages/*");
        this.myBundleBaseStartupContextHandler = servletContextHandler;
        handlerCollection.addHandler(this.myBundleBaseStartupContextHandler);
        bundleState.addStartFinishedListener(new BaseContextStartupDestroyer());
    }

    private void prepareErrorPagesServletInitParameters(@NotNull Properties properties, @NotNull ServletHolder servletHolder) {
        servletHolder.setInitParameter("product.presentation.name", PropertiesBasedConfigurationHelper.getHelper().getMandatoryServiceProperty(properties, "bundle.product.presentation_name"));
        servletHolder.setInitParameter("product.short.name", PropertiesBasedConfigurationHelper.getHelper().getMandatoryServiceProperty(properties, "bundle.product.name"));
        servletHolder.setInitParameter("bundle.backend.context", PropertiesBasedConfigurationHelper.getHelper().getServiceProperty(properties, "bundleBackend", "context"));
        setInitParameterIfNotNull(servletHolder, "product.whats.new.link", this.myBundleState.getBuildProperties().getBundleProductWhatsNewLink());
    }

    private void setInitParameterIfNotNull(@NotNull ServletHolder servletHolder, @NotNull String str, String str2) {
        if (str2 != null) {
            servletHolder.setInitParameter(str, str2);
        }
    }

    private void addDefaultContextRedirectionFilter(@NotNull ServletContextHandler servletContextHandler, String str) {
        FilterHolder filterHolder = new FilterHolder(DefaultContextRedirectionFilter.class);
        filterHolder.setInitParameter(RedirectingFilter.REDIRECT_URL_PARAMETER, str);
        servletContextHandler.addFilter(filterHolder, "", (EnumSet) null);
    }

    @Nullable
    private String[] getListProperty(@NotNull Properties properties, BundleProperty bundleProperty) {
        String property = properties.getProperty(bundleProperty.getPrefixedName());
        return !StringUtils.isEmpty(property) ? property.replace(" ", "").split(",") : null;
    }
}
