package water.webserver.jetty9;

import ai.h2o.org.eclipse.jetty.security.authentication.SpnegoAuthenticator;
import com.feedzai.openml.h2o.H2OModelProvider;
import feedzai.jetty8.shaded.org.eclipse.jetty.jaas.JAASLoginService;
import feedzai.jetty8.shaded.org.eclipse.jetty.security.Authenticator;
import feedzai.jetty8.shaded.org.eclipse.jetty.security.ConstraintMapping;
import feedzai.jetty8.shaded.org.eclipse.jetty.security.ConstraintSecurityHandler;
import feedzai.jetty8.shaded.org.eclipse.jetty.security.DefaultIdentityService;
import feedzai.jetty8.shaded.org.eclipse.jetty.security.HashLoginService;
import feedzai.jetty8.shaded.org.eclipse.jetty.security.LoginService;
import feedzai.jetty8.shaded.org.eclipse.jetty.security.SpnegoLoginService;
import feedzai.jetty8.shaded.org.eclipse.jetty.security.authentication.BasicAuthenticator;
import feedzai.jetty8.shaded.org.eclipse.jetty.security.authentication.FormAuthenticator;
import feedzai.jetty8.shaded.org.eclipse.jetty.server.AbstractConnectionFactory;
import feedzai.jetty8.shaded.org.eclipse.jetty.server.Connector;
import feedzai.jetty8.shaded.org.eclipse.jetty.server.Handler;
import feedzai.jetty8.shaded.org.eclipse.jetty.server.HttpConfiguration;
import feedzai.jetty8.shaded.org.eclipse.jetty.server.HttpConnectionFactory;
import feedzai.jetty8.shaded.org.eclipse.jetty.server.Request;
import feedzai.jetty8.shaded.org.eclipse.jetty.server.Server;
import feedzai.jetty8.shaded.org.eclipse.jetty.server.ServerConnector;
import feedzai.jetty8.shaded.org.eclipse.jetty.server.handler.AbstractHandler;
import feedzai.jetty8.shaded.org.eclipse.jetty.server.handler.HandlerWrapper;
import feedzai.jetty8.shaded.org.eclipse.jetty.server.session.SessionHandler;
import feedzai.jetty8.shaded.org.eclipse.jetty.servlet.ServletContextHandler;
import feedzai.jetty8.shaded.org.eclipse.jetty.util.URIUtil;
import feedzai.jetty8.shaded.org.eclipse.jetty.util.security.Constraint;
import feedzai.jetty8.shaded.org.eclipse.jetty.util.ssl.SslContextFactory;
import feedzai.jetty8.shaded.org.eclipse.jetty.util.thread.QueuedThreadPool;
import feedzai.jetty8.shaded.org.eclipse.jetty.util.thread.ScheduledExecutorScheduler;
import feedzai.jetty8.shaded.org.eclipse.jetty.util.thread.Scheduler;
import java.io.IOException;
import java.util.Collections;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import water.webserver.iface.H2OHttpConfig;
import water.webserver.iface.H2OHttpView;
import water.webserver.iface.LoginType;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:water/webserver/jetty9/Jetty9Helper.class */
public class Jetty9Helper {
    private final H2OHttpConfig config;
    private final H2OHttpView h2oHttpView;

    /* loaded from: input_file:water/webserver/jetty9/Jetty9Helper$AuthenticationHandler.class */
    private class AuthenticationHandler extends AbstractHandler {
        private AuthenticationHandler() {
        }

        @Override // feedzai.jetty8.shaded.org.eclipse.jetty.server.handler.AbstractHandler, feedzai.jetty8.shaded.org.eclipse.jetty.server.Handler
        public void handle(String str, Request request, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
            if (Jetty9Helper.this.h2oHttpView.authenticationHandler(httpServletRequest, httpServletResponse)) {
                request.setHandled(true);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Jetty9Helper(H2OHttpView h2OHttpView) {
        this.h2oHttpView = h2OHttpView;
        this.config = h2OHttpView.getConfig();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Server createJettyServer(String str, int i) {
        Server server;
        ServerConnector serverConnector;
        System.setProperty("feedzai.jetty8.shaded.org.eclipse.jetty.server.Request.maxFormContentSize", Integer.toString(Integer.MAX_VALUE));
        if (this.config.ensure_daemon_threads) {
            QueuedThreadPool queuedThreadPool = new QueuedThreadPool();
            queuedThreadPool.setDaemon(true);
            server = new Server(queuedThreadPool);
            server.updateBean((Scheduler) server.getBean(Scheduler.class), new ScheduledExecutorScheduler(null, true));
        } else {
            server = new Server();
        }
        boolean z = this.config.jks != null;
        HttpConnectionFactory buildHttpConnectionFactory = buildHttpConnectionFactory(z);
        if (z) {
            SslContextFactory sslContextFactory = new SslContextFactory(this.config.jks);
            sslContextFactory.setKeyStorePassword(this.config.jks_pass);
            if (this.config.jks_alias != null) {
                sslContextFactory.setCertAlias(this.config.jks_alias);
            }
            serverConnector = new ServerConnector(server, AbstractConnectionFactory.getFactories(sslContextFactory, buildHttpConnectionFactory));
        } else {
            serverConnector = new ServerConnector(server, buildHttpConnectionFactory);
        }
        if (str != null) {
            serverConnector.setHost(str);
        }
        serverConnector.setPort(i);
        server.setConnectors(new Connector[]{serverConnector});
        return server;
    }

    private HttpConnectionFactory buildHttpConnectionFactory(boolean z) {
        String str = z ? URIUtil.HTTPS : URIUtil.HTTP;
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setSendServerVersion(false);
        httpConfiguration.setRequestHeaderSize(getSysPropInt(str + ".requestHeaderSize", 32768));
        httpConfiguration.setResponseHeaderSize(getSysPropInt(str + ".responseHeaderSize", 32768));
        httpConfiguration.setOutputBufferSize(getSysPropInt(str + ".responseBufferSize", httpConfiguration.getOutputBufferSize()));
        return new HttpConnectionFactory(httpConfiguration);
    }

    private static int getSysPropInt(String str, int i) {
        return Integer.getInteger("sys.ai.h2o." + str, i).intValue();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HandlerWrapper authWrapper(Server server) {
        LoginService spnegoLoginService;
        Authenticator spnegoAuthenticator;
        if (this.config.loginType == LoginType.NONE) {
            return server;
        }
        switch (this.config.loginType) {
            case HASH:
                spnegoLoginService = new HashLoginService(H2OModelProvider.H2O_NAME, this.config.login_conf);
                spnegoAuthenticator = new BasicAuthenticator();
                break;
            case LDAP:
            case KERBEROS:
            case PAM:
                spnegoLoginService = new JAASLoginService(this.config.loginType.jaasRealm);
                spnegoAuthenticator = new BasicAuthenticator();
                break;
            case SPNEGO:
                System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
                spnegoLoginService = new SpnegoLoginService(this.config.loginType.jaasRealm, this.config.spnego_properties);
                spnegoAuthenticator = new SpnegoAuthenticator();
                break;
            default:
                throw new UnsupportedOperationException(this.config.loginType + "");
        }
        spnegoLoginService.setIdentityService(new DefaultIdentityService());
        server.addBean(spnegoLoginService);
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        Constraint constraint = new Constraint();
        constraint.setName("auth");
        constraint.setAuthenticate(true);
        constraint.setRoles(new String[]{Constraint.ANY_AUTH});
        ConstraintMapping constraintMapping = new ConstraintMapping();
        constraintMapping.setPathSpec("/*");
        constraintMapping.setConstraint(constraint);
        constraintSecurityHandler.setConstraintMappings(Collections.singletonList(constraintMapping));
        Authenticator jetty9DelegatingAuthenticator = this.config.form_auth ? new Jetty9DelegatingAuthenticator(spnegoAuthenticator, new FormAuthenticator("/login", "/loginError", false)) : spnegoAuthenticator;
        constraintSecurityHandler.setLoginService(spnegoLoginService);
        constraintSecurityHandler.setAuthenticator(jetty9DelegatingAuthenticator);
        SessionHandler sessionHandler = new SessionHandler();
        if (this.config.session_timeout > 0) {
            sessionHandler.setMaxInactiveInterval(this.config.session_timeout * 60);
        }
        sessionHandler.setHandler(constraintSecurityHandler);
        server.setSessionIdManager(sessionHandler.getSessionIdManager());
        server.setHandler(sessionHandler);
        return constraintSecurityHandler;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServletContextHandler createServletContextHandler() {
        ServletContextHandler servletContextHandler = new ServletContextHandler(0);
        if (null == this.config.context_path || this.config.context_path.isEmpty()) {
            servletContextHandler.setContextPath("/");
        } else {
            servletContextHandler.setContextPath(this.config.context_path);
        }
        return servletContextHandler;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Handler authenticationHandler() {
        return new AuthenticationHandler();
    }
}
