package water;

import java.io.IOException;
import java.util.Collections;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.plus.jaas.JAASLoginService;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.DefaultIdentityService;
import org.eclipse.jetty.security.HashLoginService;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.security.authentication.FormAuthenticator;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.bio.SocketConnector;
import org.eclipse.jetty.server.handler.AbstractHandler;
import org.eclipse.jetty.server.handler.HandlerWrapper;
import org.eclipse.jetty.server.session.HashSessionIdManager;
import org.eclipse.jetty.server.session.HashSessionManager;
import org.eclipse.jetty.server.session.SessionHandler;
import org.eclipse.jetty.server.ssl.SslSocketConnector;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import water.H2O;
import water.util.Log;

/* loaded from: input_file:water/AbstractHTTPD.class */
public abstract class AbstractHTTPD {
    private final H2O.BaseArgs _args;
    protected String _ip;
    protected int _port;
    protected Server _server;

    /* loaded from: input_file:water/AbstractHTTPD$AuthenticationHandler.class */
    public class AuthenticationHandler extends AbstractHandler {
        public AuthenticationHandler() {
        }

        public void handle(String str, Request request, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
            if (AbstractHTTPD.this._args.ldap_login || AbstractHTTPD.this._args.kerberos_login || AbstractHTTPD.this._args.pam_login) {
                String name = httpServletRequest.getUserPrincipal().getName();
                if (name.equals(AbstractHTTPD.this._args.user_name)) {
                    return;
                }
                Log.warn("Login name (" + name + ") does not match cluster owner name (" + AbstractHTTPD.this._args.user_name + ")");
                AbstractHTTPD.this.sendUnauthorizedResponse(httpServletResponse, "Login name does not match cluster owner name");
                request.setHandled(true);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractHTTPD(H2O.BaseArgs baseArgs) {
        this._args = baseArgs;
    }

    public String getScheme() {
        return this._args.jks != null ? "https" : "http";
    }

    public int getPort() {
        return this._port;
    }

    public String getIp() {
        return this._ip;
    }

    public Server getServer() {
        return this._server;
    }

    public void setServer(Server server) {
        this._server = server;
    }

    public void setup(String str, int i) {
        this._ip = str;
        this._port = i;
        System.setProperty("org.eclipse.jetty.server.Request.maxFormContentSize", Integer.toString(Value.MAX));
    }

    public void start(String str, int i) throws Exception {
        setup(str, i);
        if (this._args.jks != null) {
            startHttps();
        } else {
            startHttp();
        }
    }

    protected void createServer(Connector connector) throws Exception {
        HashLoginService jAASLoginService;
        this._server.setConnectors(new Connector[]{connector});
        if (this._args.hash_login || this._args.ldap_login || this._args.kerberos_login || this._args.pam_login) {
            if (this._args.login_conf == null) {
                Log.err("Must specify -login_conf argument");
                H2O.exit(1);
            }
            if (this._args.hash_login) {
                Log.info("Configuring HashLoginService");
                jAASLoginService = new HashLoginService("H2O", this._args.login_conf);
            } else if (this._args.ldap_login) {
                Log.info("Configuring JAASLoginService (with LDAP)");
                System.setProperty("java.security.auth.login.config", this._args.login_conf);
                jAASLoginService = new JAASLoginService("ldaploginmodule");
            } else if (this._args.kerberos_login) {
                Log.info("Configuring JAASLoginService (with Kerberos)");
                System.setProperty("java.security.auth.login.config", this._args.login_conf);
                jAASLoginService = new JAASLoginService("krb5loginmodule");
            } else {
                if (!this._args.pam_login) {
                    throw failEx("Unexpected authentication method selected");
                }
                Log.info("Configuring JAASLoginService (with PAM)");
                System.setProperty("java.security.auth.login.config", this._args.login_conf);
                jAASLoginService = new JAASLoginService("pamloginmodule");
            }
            jAASLoginService.setIdentityService(new DefaultIdentityService());
            this._server.addBean(jAASLoginService);
            ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
            Constraint constraint = new Constraint();
            constraint.setName("auth");
            constraint.setAuthenticate(true);
            constraintSecurityHandler.setStrict(false);
            constraint.setRoles(new String[]{"*"});
            ConstraintMapping constraintMapping = new ConstraintMapping();
            constraintMapping.setPathSpec("/*");
            constraintMapping.setConstraint(constraint);
            constraintSecurityHandler.setConstraintMappings(Collections.singletonList(constraintMapping));
            DelegatingAuthenticator delegatingAuthenticator = this._args.form_auth ? new DelegatingAuthenticator(new BasicAuthenticator(), new FormAuthenticator("/login", "/loginError", false)) : new BasicAuthenticator();
            constraintSecurityHandler.setLoginService(jAASLoginService);
            constraintSecurityHandler.setAuthenticator(delegatingAuthenticator);
            this._server.setSessionIdManager(new HashSessionIdManager());
            HashSessionManager hashSessionManager = new HashSessionManager();
            if (this._args.session_timeout > 0) {
                hashSessionManager.setMaxInactiveInterval(this._args.session_timeout * 60);
            }
            SessionHandler sessionHandler = new SessionHandler(hashSessionManager);
            sessionHandler.setHandler(constraintSecurityHandler);
            registerHandlers(constraintSecurityHandler);
            this._server.setHandler(sessionHandler);
        } else {
            registerHandlers(this._server);
        }
        this._server.start();
    }

    protected abstract RuntimeException failEx(String str);

    protected void startHttp() throws Exception {
        this._server = new Server();
        SocketConnector socketConnector = new SocketConnector();
        socketConnector.setHost(this._ip);
        socketConnector.setPort(this._port);
        createServer(socketConnector);
    }

    private void startHttps() throws Exception {
        this._server = new Server();
        SslContextFactory sslContextFactory = new SslContextFactory(this._args.jks);
        sslContextFactory.setKeyStorePassword(this._args.jks_pass);
        SslSocketConnector sslSocketConnector = new SslSocketConnector(sslContextFactory);
        if (getIp() != null) {
            sslSocketConnector.setHost(getIp());
        }
        sslSocketConnector.setPort(getPort());
        createServer(sslSocketConnector);
    }

    public void stop() throws Exception {
        if (this._server != null) {
            this._server.stop();
        }
    }

    public void registerHandlers(HandlerWrapper handlerWrapper) {
        ServletContextHandler servletContextHandler = new ServletContextHandler(0);
        if (null == this._args.context_path || this._args.context_path.isEmpty()) {
            servletContextHandler.setContextPath("/");
        } else {
            servletContextHandler.setContextPath(this._args.context_path);
        }
        registerHandlers(handlerWrapper, servletContextHandler);
    }

    protected abstract void registerHandlers(HandlerWrapper handlerWrapper, ServletContextHandler servletContextHandler);

    protected void sendUnauthorizedResponse(HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.sendError(401, str);
    }
}
