package io.confluent.rest;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.jaxrs.base.JsonParseExceptionMapper;
import io.confluent.common.config.ConfigException;
import io.confluent.common.metrics.JmxReporter;
import io.confluent.common.metrics.MetricConfig;
import io.confluent.common.metrics.Metrics;
import io.confluent.common.metrics.MetricsReporter;
import io.confluent.rest.RestConfig;
import io.confluent.rest.exceptions.ConstraintViolationExceptionMapper;
import io.confluent.rest.exceptions.GenericExceptionMapper;
import io.confluent.rest.exceptions.WebApplicationExceptionMapper;
import io.confluent.rest.metrics.MetricsResourceMethodApplicationListener;
import io.confluent.rest.validation.JacksonMessageBodyProvider;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import javax.servlet.DispatcherType;
import javax.servlet.ServletException;
import javax.ws.rs.core.Configurable;
import org.eclipse.jetty.jaas.JAASLoginService;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.DefaultIdentityService;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.NetworkTrafficServerConnector;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.Slf4jRequestLog;
import org.eclipse.jetty.server.handler.ContextHandlerCollection;
import org.eclipse.jetty.server.handler.DefaultHandler;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.server.handler.RequestLogHandler;
import org.eclipse.jetty.server.handler.StatisticsHandler;
import org.eclipse.jetty.server.handler.gzip.GzipHandler;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.servlets.CrossOriginFilter;
import org.eclipse.jetty.util.resource.ResourceCollection;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.websocket.jsr356.server.ServerContainer;
import org.eclipse.jetty.websocket.jsr356.server.deploy.WebSocketServerContainerInitializer;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.server.validation.ValidationFeature;
import org.glassfish.jersey.servlet.ServletContainer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/rest/Application.class */
public abstract class Application<T extends RestConfig> {
    protected T config;
    protected Server server = null;
    protected CountDownLatch shutdownLatch = new CountDownLatch(1);
    protected Metrics metrics;
    protected final Slf4jRequestLog requestLog;
    private static final Logger log = LoggerFactory.getLogger(Application.class);

    public Application(T t) {
        this.config = t;
        MetricConfig timeWindow = new MetricConfig().samples(t.getInt("metrics.num.samples")).timeWindow(t.getLong("metrics.sample.window.ms"), TimeUnit.MILLISECONDS);
        List configuredInstances = t.getConfiguredInstances("metric.reporters", MetricsReporter.class);
        configuredInstances.add(new JmxReporter(t.getString("metrics.jmx.prefix")));
        this.metrics = new Metrics(timeWindow, configuredInstances, t.getTime());
        this.requestLog = new Slf4jRequestLog();
        this.requestLog.setLoggerName(t.getString("request.logger.name"));
        this.requestLog.setLogLatency(true);
    }

    public abstract void setupResources(Configurable<?> configurable, T t);

    protected ResourceCollection getStaticResources() {
        return null;
    }

    protected void configurePostResourceHandling(ServletContextHandler servletContextHandler) {
    }

    public Map<String, String> getMetricsTags() {
        return new LinkedHashMap();
    }

    public Server createServer() throws RestConfigException, ServletException {
        NetworkTrafficServerConnector networkTrafficServerConnector;
        Configurable<?> resourceConfig = new ResourceConfig<>();
        Map<? extends String, ? extends String> map = getConfiguration().getMap("metrics.tag.map");
        Map<String, String> hashMap = new HashMap<>(getMetricsTags());
        hashMap.putAll(map);
        configureBaseApplication(resourceConfig, hashMap);
        setupResources(resourceConfig, getConfiguration());
        FilterHolder filterHolder = new FilterHolder(new ServletContainer(resourceConfig));
        this.server = new Server() { // from class: io.confluent.rest.Application.1
            protected void doStop() throws Exception {
                super.doStop();
                Application.this.metrics.close();
                Application.this.onShutdown();
                Application.this.shutdownLatch.countDown();
            }
        };
        MetricsListener metricsListener = new MetricsListener(this.metrics, "jetty", hashMap);
        for (URI uri : parseListeners(this.config.getList("listeners"), this.config.getInt("port"), Arrays.asList("http", "https"), "http")) {
            log.info("Adding listener: " + uri.toString());
            if (uri.getScheme().equals("http")) {
                networkTrafficServerConnector = new NetworkTrafficServerConnector(this.server);
            } else {
                SslContextFactory sslContextFactory = new SslContextFactory();
                if (!this.config.getString("ssl.keystore.location").isEmpty()) {
                    sslContextFactory.setKeyStorePath(this.config.getString("ssl.keystore.location"));
                    sslContextFactory.setKeyStorePassword(this.config.getPassword("ssl.keystore.password").value());
                    sslContextFactory.setKeyManagerPassword(this.config.getPassword("ssl.key.password").value());
                    sslContextFactory.setKeyStoreType(this.config.getString("ssl.keystore.type"));
                    if (!this.config.getString("ssl.keymanager.algorithm").isEmpty()) {
                        sslContextFactory.setKeyManagerFactoryAlgorithm(this.config.getString("ssl.keymanager.algorithm"));
                    }
                }
                sslContextFactory.setNeedClientAuth(this.config.getBoolean("ssl.client.auth"));
                List list = this.config.getList("ssl.enabled.protocols");
                if (!list.isEmpty()) {
                    sslContextFactory.setIncludeProtocols((String[]) list.toArray(new String[0]));
                }
                List list2 = this.config.getList("ssl.cipher.suites");
                if (!list2.isEmpty()) {
                    sslContextFactory.setIncludeCipherSuites((String[]) list2.toArray(new String[0]));
                }
                if (!this.config.getString("ssl.endpoint.identification.algorithm").isEmpty()) {
                    sslContextFactory.setEndpointIdentificationAlgorithm(this.config.getString("ssl.endpoint.identification.algorithm"));
                }
                if (!this.config.getString("ssl.truststore.location").isEmpty()) {
                    sslContextFactory.setTrustStorePath(this.config.getString("ssl.truststore.location"));
                    sslContextFactory.setTrustStorePassword(this.config.getPassword("ssl.truststore.password").value());
                    sslContextFactory.setTrustStoreType(this.config.getString("ssl.truststore.type"));
                    if (!this.config.getString("ssl.trustmanager.algorithm").isEmpty()) {
                        sslContextFactory.setTrustManagerFactoryAlgorithm(this.config.getString("ssl.trustmanager.algorithm"));
                    }
                }
                sslContextFactory.setProtocol(this.config.getString("ssl.protocol"));
                if (!this.config.getString("ssl.provider").isEmpty()) {
                    sslContextFactory.setProtocol(this.config.getString("ssl.provider"));
                }
                networkTrafficServerConnector = new NetworkTrafficServerConnector(this.server, sslContextFactory);
            }
            NetworkTrafficServerConnector networkTrafficServerConnector2 = networkTrafficServerConnector;
            networkTrafficServerConnector2.addNetworkTrafficListener(metricsListener);
            networkTrafficServerConnector2.setPort(uri.getPort());
            networkTrafficServerConnector2.setHost(uri.getHost());
            this.server.addConnector(networkTrafficServerConnector2);
        }
        Handler servletContextHandler = new ServletContextHandler(1);
        servletContextHandler.setContextPath("/");
        ServletHolder servletHolder = new ServletHolder("default", DefaultServlet.class);
        servletHolder.setInitParameter("dirAllowed", "false");
        ResourceCollection staticResources = getStaticResources();
        if (staticResources != null) {
            servletContextHandler.setBaseResource(staticResources);
        }
        if (enableBasicAuth(this.config.getString("authentication.method"))) {
            servletContextHandler.setSecurityHandler(createSecurityHandler(getConfiguration().getString("authentication.realm"), getConfiguration().getList("authentication.roles")));
        }
        setUnsecurePathConstraints(servletContextHandler, this.config.getList("authentication.skip.paths"));
        String string = getConfiguration().getString("access.control.allow.origin");
        if (string != null && !string.trim().isEmpty()) {
            FilterHolder filterHolder2 = new FilterHolder(CrossOriginFilter.class);
            filterHolder2.setName("cross-origin");
            filterHolder2.setInitParameter("allowedOrigins", string);
            String string2 = getConfiguration().getString("access.control.allow.methods");
            if (string2 != null && !string.trim().isEmpty()) {
                filterHolder2.setInitParameter("allowedMethods", string2);
            }
            servletContextHandler.addFilter(filterHolder2, "/*", EnumSet.of(DispatcherType.REQUEST));
        }
        servletContextHandler.addFilter(filterHolder, "/*", (EnumSet) null);
        configurePostResourceHandling(servletContextHandler);
        servletContextHandler.addServlet(servletHolder, "/*");
        Handler requestLogHandler = new RequestLogHandler();
        requestLogHandler.setRequestLog(this.requestLog);
        HandlerCollection handlerCollection = new HandlerCollection();
        handlerCollection.setHandlers(new Handler[]{servletContextHandler, new DefaultHandler(), requestLogHandler});
        Handler statisticsHandler = new StatisticsHandler();
        statisticsHandler.setHandler(handlerCollection);
        Handler servletContextHandler2 = new ServletContextHandler(1);
        servletContextHandler2.setContextPath(this.config.getString("websocket.path.prefix"));
        ContextHandlerCollection contextHandlerCollection = new ContextHandlerCollection();
        contextHandlerCollection.setHandlers(new Handler[]{statisticsHandler, servletContextHandler2});
        this.server.setHandler(wrapWithGzipHandler(contextHandlerCollection));
        registerWebSocketEndpoints(WebSocketServerContainerInitializer.configureContext(servletContextHandler2));
        int i = getConfiguration().getInt("shutdown.graceful.ms");
        if (i > 0) {
            this.server.setStopTimeout(i);
        }
        this.server.setStopAtShutdown(true);
        return this.server;
    }

    public Handler wrapWithGzipHandler(Handler handler) {
        if (!this.config.getBoolean("compression.enable")) {
            return handler;
        }
        GzipHandler gzipHandler = new GzipHandler();
        gzipHandler.setIncludedMethods(new String[]{"GET", "POST"});
        gzipHandler.setHandler(handler);
        return gzipHandler;
    }

    protected void registerWebSocketEndpoints(ServerContainer serverContainer) {
    }

    static void setUnsecurePathConstraints(ServletContextHandler servletContextHandler, List<String> list) {
        if (servletContextHandler.getSecurityHandler() == null || list.isEmpty()) {
            return;
        }
        for (String str : list) {
            Constraint constraint = new Constraint();
            constraint.setAuthenticate(false);
            ConstraintMapping constraintMapping = new ConstraintMapping();
            constraintMapping.setConstraint(constraint);
            constraintMapping.setMethod("*");
            constraintMapping.setPathSpec(str);
            servletContextHandler.getSecurityHandler().addConstraintMapping(constraintMapping);
        }
    }

    static boolean enableBasicAuth(String str) {
        return "BASIC".equals(str);
    }

    static ConstraintSecurityHandler createSecurityHandler(String str, List<String> list) {
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        Constraint constraint = new Constraint();
        constraint.setAuthenticate(true);
        constraint.setRoles((String[]) list.toArray(new String[0]));
        ConstraintMapping constraintMapping = new ConstraintMapping();
        constraintMapping.setConstraint(constraint);
        constraintMapping.setMethod("*");
        constraintMapping.setPathSpec("/*");
        constraintSecurityHandler.addConstraintMapping(constraintMapping);
        constraintSecurityHandler.setAuthenticator(new BasicAuthenticator());
        constraintSecurityHandler.setLoginService(new JAASLoginService(str));
        constraintSecurityHandler.setIdentityService(new DefaultIdentityService());
        constraintSecurityHandler.setRealmName(str);
        return constraintSecurityHandler;
    }

    public static List<URI> parseListeners(List<String> list, int i, List<String> list2, String str) {
        if (list.isEmpty() || list.get(0).isEmpty()) {
            log.warn("DEPRECATION warning: `listeners` configuration is not configured. Falling back to the deprecated `port` configuration.");
            list = new ArrayList(1);
            list.add(str + "://0.0.0.0:" + i);
        }
        ArrayList arrayList = new ArrayList(list.size());
        for (String str2 : list) {
            try {
                URI uri = new URI(str2);
                String scheme = uri.getScheme();
                if (scheme == null) {
                    throw new ConfigException("Found a listener without a scheme. All listeners must have a scheme. The listener without a scheme is: " + str2);
                }
                if (uri.getPort() == -1) {
                    throw new ConfigException("Found a listener without a port. All listeners must have a port. The listener without a port is: " + str2);
                }
                if (list2.contains(scheme)) {
                    arrayList.add(uri);
                } else {
                    log.warn("Found a listener with an unsupported scheme (supported: {}). Ignoring listener '{}'", list2, str2);
                }
            } catch (URISyntaxException e) {
                throw new ConfigException("Could not parse a listener URI from the `listener` configuration option.");
            }
        }
        if (arrayList.isEmpty()) {
            throw new ConfigException("No listeners are configured. Must have at least one listener.");
        }
        return arrayList;
    }

    public void configureBaseApplication(Configurable<?> configurable) {
        configureBaseApplication(configurable, null);
    }

    public void configureBaseApplication(Configurable<?> configurable, Map<String, String> map) {
        T configuration = getConfiguration();
        registerJsonProvider(configurable, configuration, true);
        registerFeatures(configurable, configuration);
        registerExceptionMappers(configurable, configuration);
        configurable.register(new MetricsResourceMethodApplicationListener(this.metrics, "jersey", map, configuration.getTime()));
        configurable.property("jersey.config.beanValidation.enableOutputValidationErrorEntity.server", true);
    }

    protected void registerJsonProvider(Configurable<?> configurable, T t, boolean z) {
        configurable.register(new JacksonMessageBodyProvider(getJsonMapper()));
        if (z) {
            configurable.register(JsonParseExceptionMapper.class);
        }
    }

    protected void registerFeatures(Configurable<?> configurable, T t) {
        configurable.register(ValidationFeature.class);
    }

    protected void registerExceptionMappers(Configurable<?> configurable, T t) {
        configurable.register(ConstraintViolationExceptionMapper.class);
        configurable.register(new WebApplicationExceptionMapper(t));
        configurable.register(new GenericExceptionMapper(t));
    }

    public T getConfiguration() {
        return this.config;
    }

    protected ObjectMapper getJsonMapper() {
        return new ObjectMapper();
    }

    public void start() throws Exception {
        if (this.server == null) {
            createServer();
        }
        this.server.start();
    }

    public void join() throws InterruptedException {
        this.server.join();
        this.shutdownLatch.await();
    }

    public void stop() throws Exception {
        this.server.stop();
    }

    public void onShutdown() {
    }
}
