package pl.edu.icm.unity.engine.server;

import eu.unicore.security.canl.IAuthnAndTrustConfiguration;
import eu.unicore.util.configuration.ConfigurationException;
import eu.unicore.util.jetty.PlainServerConnector;
import eu.unicore.util.jetty.SecuredServerConnector;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.Set;
import javax.servlet.DispatcherType;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import org.apache.logging.log4j.Logger;
import org.eclipse.jetty.rewrite.handler.HeaderPatternRule;
import org.eclipse.jetty.rewrite.handler.RewriteHandler;
import org.eclipse.jetty.rewrite.handler.Rule;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.HttpChannel;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.NetworkConnector;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Response;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.handler.AbstractHandlerContainer;
import org.eclipse.jetty.server.handler.ContextHandlerCollection;
import org.eclipse.jetty.server.handler.gzip.GzipHandler;
import org.eclipse.jetty.server.session.DefaultSessionIdManager;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlets.CrossOriginFilter;
import org.eclipse.jetty.servlets.DoSFilter;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.Lifecycle;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.PKIManagement;
import pl.edu.icm.unity.engine.api.config.UnityHttpServerConfiguration;
import pl.edu.icm.unity.engine.api.config.UnityServerConfiguration;
import pl.edu.icm.unity.engine.api.endpoint.WebAppEndpointInstance;
import pl.edu.icm.unity.engine.api.server.NetworkServer;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.exceptions.WrongArgumentException;

@Component
/* loaded from: input_file:pl/edu/icm/unity/engine/server/JettyServer.class */
public class JettyServer implements Lifecycle, NetworkServer {
    private static final Logger log = Log.getLogger("unity.server.core", UnityApplication.class);
    private List<WebAppEndpointInstance> deployedEndpoints;
    private Map<String, ServletContextHandler> usedContextPaths;
    private ContextHandlerCollection mainContextHandler;
    private FilterHolder dosFilter;
    private UnityServerConfiguration cfg;
    private final URL[] listenUrls;
    private final IAuthnAndTrustConfiguration securityConfiguration;
    private final UnityHttpServerConfiguration serverSettings;
    private Server theServer;

    @Autowired
    public JettyServer(UnityServerConfiguration unityServerConfiguration, PKIManagement pKIManagement, ListeningUrlsProvider listeningUrlsProvider) {
        this.dosFilter = null;
        this.securityConfiguration = pKIManagement.getMainAuthnAndTrust();
        this.listenUrls = listeningUrlsProvider.getListenUrls();
        this.serverSettings = unityServerConfiguration.getJettyProperties();
        this.cfg = unityServerConfiguration;
        initServer();
        this.dosFilter = createDoSFilterInstance();
        addRedirectHandler(unityServerConfiguration);
    }

    public void start() {
        try {
            log.debug("Starting Jetty HTTP server");
            this.theServer.start();
            updatePortsIfNeeded();
            log.info("Jetty HTTP server was started");
        } catch (Exception e) {
            log.error("Problem starting HTTP Jetty server: " + e.getMessage(), e);
        }
    }

    public void stop() {
        try {
            log.debug("Stopping Jetty HTTP server");
            this.theServer.stop();
            log.info("Jetty HTTP server was stopped");
        } catch (Exception e) {
            log.error("Problem stopping HTTP Jetty server: " + e.getMessage(), e);
        }
    }

    private void updatePortsIfNeeded() {
        NetworkConnector[] connectors = this.theServer.getConnectors();
        for (int i = 0; i < this.listenUrls.length; i++) {
            URL url = this.listenUrls[i];
            if (url.getPort() == 0) {
                try {
                    this.listenUrls[i] = new URL(url.getProtocol(), url.getHost(), connectors[i].getLocalPort(), url.getFile());
                } catch (MalformedURLException e) {
                    throw new RuntimeException("Ups, URL can not be reconstructed, while it should", e);
                }
            }
        }
    }

    private void initServer() throws ConfigurationException {
        if (this.listenUrls.length == 1 && "0.0.0.0".equals(this.listenUrls[0].getHost())) {
            log.info("Creating Jetty HTTP server, will listen on all network interfaces");
        } else {
            StringBuilder sb = new StringBuilder();
            for (URL url : this.listenUrls) {
                sb.append(url).append(" ");
            }
            log.info("Creating Jetty HTTP server, will listen on: " + sb);
        }
        this.theServer = createServer();
        if (this.serverSettings.getBooleanValue("fastRandom").booleanValue()) {
            configureFastAndInsecureSessionIdGenerator();
        }
        for (Connector connector : createConnectors()) {
            this.theServer.addConnector(connector);
        }
        initRootHandler();
        configureGzipHandler(configureHttpHeaders(this.mainContextHandler));
        configureErrorHandler();
    }

    private Server createServer() {
        return new Server(getThreadPool()) { // from class: pl.edu.icm.unity.engine.server.JettyServer.1
            public void handle(HttpChannel httpChannel) throws IOException, ServletException {
                Request request = httpChannel.getRequest();
                Response response = httpChannel.getResponse();
                if (!"TRACE".equals(request.getMethod())) {
                    super.handle(httpChannel);
                } else {
                    request.setHandled(true);
                    response.setStatus(405);
                }
            }
        };
    }

    private void configureGzipHandler(AbstractHandlerContainer abstractHandlerContainer) {
        this.theServer.setHandler(configureGzip(abstractHandlerContainer));
    }

    private QueuedThreadPool getThreadPool() {
        QueuedThreadPool queuedThreadPool = new QueuedThreadPool();
        int length = this.listenUrls.length * 3;
        queuedThreadPool.setMaxThreads(this.serverSettings.getIntValue("maxThreads").intValue() + length);
        queuedThreadPool.setMinThreads(this.serverSettings.getIntValue("minThreads").intValue() + length);
        return queuedThreadPool;
    }

    private AbstractHandlerContainer configureHttpHeaders(Handler handler) {
        RewriteHandler rewriteHandler = new RewriteHandler();
        rewriteHandler.setRewriteRequestURI(false);
        rewriteHandler.setRewritePathInfo(false);
        rewriteHandler.setHandler(handler);
        rewriteHandler.setRules(new Rule[0]);
        if (this.serverSettings.getBooleanValue("enableHsts").booleanValue()) {
            HeaderPatternRule headerPatternRule = new HeaderPatternRule();
            headerPatternRule.setName("Strict-Transport-Security");
            headerPatternRule.setValue("max-age=31536000; includeSubDomains");
            headerPatternRule.setPattern("*");
            rewriteHandler.addRule(headerPatternRule);
        }
        UnityHttpServerConfiguration.XFrameOptions enumValue = this.serverSettings.getEnumValue("xFrameOptions", UnityHttpServerConfiguration.XFrameOptions.class);
        if (enumValue != UnityHttpServerConfiguration.XFrameOptions.allow) {
            HeaderPatternRule headerPatternRule2 = new HeaderPatternRule();
            headerPatternRule2.setName("X-Frame-Options");
            StringBuilder sb = new StringBuilder(enumValue.toHttp());
            if (enumValue == UnityHttpServerConfiguration.XFrameOptions.allowFrom) {
                sb.append(" ").append(this.serverSettings.getValue("xFrameAllowed"));
            }
            headerPatternRule2.setValue(sb.toString());
            headerPatternRule2.setPattern("*");
            rewriteHandler.addRule(headerPatternRule2);
        }
        return rewriteHandler;
    }

    private void configureFastAndInsecureSessionIdGenerator() {
        log.info("Using fast (but less secure) session ID generator");
        this.theServer.setSessionIdManager(new DefaultSessionIdManager(this.theServer, new Random()));
    }

    private Connector[] createConnectors() throws ConfigurationException {
        ServerConnector[] serverConnectorArr = new ServerConnector[this.listenUrls.length];
        for (int i = 0; i < this.listenUrls.length; i++) {
            serverConnectorArr[i] = createConnector(this.listenUrls[i]);
            configureConnector(serverConnectorArr[i], this.listenUrls[i]);
        }
        return serverConnectorArr;
    }

    private ServerConnector createConnector(URL url) throws ConfigurationException {
        return url.getProtocol().startsWith("https") ? createSecureConnector(url) : createPlainConnector(url);
    }

    protected SecuredServerConnector getSecuredConnectorInstance() throws ConfigurationException {
        ConnectionFactory httpConnectionFactory = getHttpConnectionFactory();
        try {
            return new SecuredServerConnector(this.theServer, SecuredServerConnector.createContextFactory(this.securityConfiguration.getValidator(), this.securityConfiguration.getCredential()), new ConnectionFactory[]{httpConnectionFactory});
        } catch (Exception e) {
            throw new ConfigurationException("Can't create secure context factory", e);
        }
    }

    private ServerConnector createSecureConnector(URL url) throws ConfigurationException {
        log.debug("Creating SSL NIO connector on: " + url);
        SecuredServerConnector securedConnectorInstance = getSecuredConnectorInstance();
        SslContextFactory.Server sslContextFactory = securedConnectorInstance.getSslContextFactory();
        sslContextFactory.setNeedClientAuth(this.serverSettings.getBooleanValue("requireClientAuthn").booleanValue());
        sslContextFactory.setWantClientAuth(this.serverSettings.getBooleanValue("wantClientAuthn").booleanValue());
        String value = this.serverSettings.getValue("disabledProtocols");
        if (value != null) {
            sslContextFactory.setExcludeProtocols(value.trim().split("[ ]+"));
        }
        String value2 = this.serverSettings.getValue("disabledCipherSuites");
        if (value2 != null) {
            String trim = value2.trim();
            if (trim.length() > 1) {
                sslContextFactory.setExcludeCipherSuites(trim.split("[ ]+"));
            }
        }
        log.info("SSL protocol was set to: '" + sslContextFactory.getProtocol() + "'");
        return securedConnectorInstance;
    }

    private ServerConnector getPlainConnectorInstance() {
        return new PlainServerConnector(this.theServer, new ConnectionFactory[]{getHttpConnectionFactory()});
    }

    private HttpConnectionFactory getHttpConnectionFactory() {
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setSendServerVersion(false);
        httpConfiguration.setSendXPoweredBy(false);
        return new HttpConnectionFactory(httpConfiguration);
    }

    private ServerConnector createPlainConnector(URL url) {
        log.info("Creating plain HTTP connector on: " + url);
        return getPlainConnectorInstance();
    }

    private void configureConnector(ServerConnector serverConnector, URL url) throws ConfigurationException {
        serverConnector.setHost(url.getHost());
        serverConnector.setPort(url.getPort() == -1 ? url.getDefaultPort() : url.getPort());
        serverConnector.setIdleTimeout(this.serverSettings.getIntValue("maxIdleTime").intValue());
    }

    private AbstractHandlerContainer configureGzip(AbstractHandlerContainer abstractHandlerContainer) throws ConfigurationException {
        if (!this.serverSettings.getBooleanValue("gzip.enable").booleanValue()) {
            return abstractHandlerContainer;
        }
        GzipHandler gzipHandler = new GzipHandler();
        gzipHandler.setMinGzipSize(this.serverSettings.getIntValue("gzip.minGzipSize").intValue());
        log.info("Enabling GZIP compression filter");
        gzipHandler.setServer(this.theServer);
        gzipHandler.setHandler(abstractHandlerContainer);
        return gzipHandler;
    }

    public URL[] getUrls() {
        return this.listenUrls;
    }

    private void configureErrorHandler() {
        this.theServer.setErrorHandler(new JettyErrorHandler(this.cfg.getValue("defaultWebContentDirectory")));
    }

    public boolean isRunning() {
        if (this.theServer == null) {
            return false;
        }
        return this.theServer.isRunning();
    }

    private synchronized void initRootHandler() {
        this.usedContextPaths = new HashMap();
        this.mainContextHandler = new ContextHandlerCollection();
        this.deployedEndpoints = new ArrayList(16);
    }

    private void addRedirectHandler(UnityServerConfiguration unityServerConfiguration) throws ConfigurationException {
        if (unityServerConfiguration.isSet("defaultWebPath")) {
            try {
                deployHandler(new RedirectHandler(unityServerConfiguration.getValue("defaultWebPath")), "sys:redirect");
            } catch (EngineException e) {
                log.error("Cannot deploy redirect handler " + e.getMessage(), e);
            }
        }
    }

    public synchronized void deployEndpoint(WebAppEndpointInstance webAppEndpointInstance) throws EngineException {
        deployHandler(webAppEndpointInstance.getServletContextHandler(), webAppEndpointInstance.getEndpointDescription().getName());
        this.deployedEndpoints.add(webAppEndpointInstance);
    }

    public synchronized void deployHandler(ServletContextHandler servletContextHandler, String str) throws EngineException {
        String contextPath = servletContextHandler.getContextPath();
        if (this.usedContextPaths.containsKey(contextPath)) {
            throw new WrongArgumentException("There are (at least) two web applications configured at the same context path: " + contextPath);
        }
        addDoSFilter(servletContextHandler);
        addCORSFilter(servletContextHandler);
        ClientIPSettingHandler applyClientIPDiscoveryHandler = applyClientIPDiscoveryHandler(servletContextHandler, str);
        this.mainContextHandler.addHandler(applyClientIPDiscoveryHandler);
        if (this.theServer.isStarted()) {
            try {
                applyClientIPDiscoveryHandler.start();
            } catch (Exception e) {
                this.mainContextHandler.removeHandler(applyClientIPDiscoveryHandler);
                throw new EngineException("Can not start handler", e);
            }
        }
        this.usedContextPaths.put(contextPath, servletContextHandler);
    }

    public synchronized void undeployAllHandlers() throws EngineException {
        Iterator<ServletContextHandler> it = this.usedContextPaths.values().iterator();
        while (it.hasNext()) {
            try {
                it.next().stop();
            } catch (Exception e) {
                throw new EngineException("Can not stop handler", e);
            }
        }
        this.usedContextPaths.clear();
        for (Handler handler : (Handler[]) this.mainContextHandler.getHandlers().clone()) {
            this.mainContextHandler.removeHandler(handler);
        }
    }

    public synchronized void undeployHandler(String str) throws EngineException {
        ServletContextHandler servletContextHandler = this.usedContextPaths.get(str);
        try {
            servletContextHandler.stop();
            this.mainContextHandler.removeHandler(servletContextHandler);
            this.usedContextPaths.remove(servletContextHandler.getContextPath());
        } catch (Exception e) {
            throw new EngineException("Can not stop handler", e);
        }
    }

    public synchronized void undeployEndpoint(String str) throws EngineException {
        WebAppEndpointInstance webAppEndpointInstance = null;
        Iterator<WebAppEndpointInstance> it = this.deployedEndpoints.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            WebAppEndpointInstance next = it.next();
            if (next.getEndpointDescription().getName().equals(str)) {
                webAppEndpointInstance = next;
                break;
            }
        }
        if (webAppEndpointInstance == null) {
            throw new WrongArgumentException("There is no deployed endpoint with id " + str);
        }
        ServletContextHandler servletContextHandler = this.usedContextPaths.get(webAppEndpointInstance.getEndpointDescription().getEndpoint().getContextAddress());
        try {
            servletContextHandler.stop();
            this.mainContextHandler.removeHandler(servletContextHandler);
            this.usedContextPaths.remove(servletContextHandler.getContextPath());
            this.deployedEndpoints.remove(webAppEndpointInstance);
        } catch (Exception e) {
            throw new EngineException("Can not stop handler", e);
        }
    }

    public Set<String> getUsedContextPaths() {
        return this.usedContextPaths.keySet();
    }

    private FilterHolder createDoSFilterInstance() {
        if (!this.serverSettings.getBooleanValue("enableDoSFilter").booleanValue()) {
            return null;
        }
        FilterHolder filterHolder = new FilterHolder(new DoSFilter());
        for (String str : this.serverSettings.getSortedStringKeys("dosFilter.")) {
            filterHolder.setInitParameter(str.substring("unityServer.core.httpServer.".length() + "dosFilter.".length()), this.serverSettings.getProperty(str));
        }
        return filterHolder;
    }

    private void addDoSFilter(ServletContextHandler servletContextHandler) {
        if (this.dosFilter != null) {
            log.info("Enabling DoS filter on context " + servletContextHandler.getContextPath());
            servletContextHandler.addFilter(this.dosFilter, "/*", EnumSet.of(DispatcherType.REQUEST));
        }
    }

    private void addCORSFilter(ServletContextHandler servletContextHandler) {
        if (this.serverSettings.getBooleanValue("enableCORS").booleanValue()) {
            log.info("Enabling CORS");
            CrossOriginFilter crossOriginFilter = new CrossOriginFilter();
            try {
                crossOriginFilter.init(new FilterConfig() { // from class: pl.edu.icm.unity.engine.server.JettyServer.2
                    public ServletContext getServletContext() {
                        throw new UnsupportedOperationException("Not implemented");
                    }

                    public Enumeration<String> getInitParameterNames() {
                        throw new UnsupportedOperationException("Not implemented");
                    }

                    public String getInitParameter(String str) {
                        return JettyServer.this.serverSettings.getValue("cors." + str);
                    }

                    public String getFilterName() {
                        return "CORS";
                    }
                });
                servletContextHandler.addFilter(new FilterHolder(crossOriginFilter), "/*", EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD));
            } catch (ServletException e) {
                throw new ConfigurationException("Error setting up CORS", e);
            }
        }
    }

    private ClientIPSettingHandler applyClientIPDiscoveryHandler(AbstractHandlerContainer abstractHandlerContainer, String str) {
        ClientIPDiscovery clientIPDiscovery = new ClientIPDiscovery(this.serverSettings.getIntValue("proxyCount").intValue(), this.serverSettings.getBooleanValue("allowNotProxiedTraffic").booleanValue());
        IPValidator iPValidator = new IPValidator(this.serverSettings.getListOfValues("allowedClientIPs."));
        log.info("Enabling client IP discovery filter");
        ClientIPSettingHandler clientIPSettingHandler = new ClientIPSettingHandler(clientIPDiscovery, iPValidator, str);
        clientIPSettingHandler.setServer(this.theServer);
        clientIPSettingHandler.setHandler(abstractHandlerContainer);
        return clientIPSettingHandler;
    }
}
