package org.apache.nifi.web.server;

import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.net.InetAddress;
import java.net.NetworkInterface;
import java.net.SocketException;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.stream.Collectors;
import javax.servlet.DispatcherType;
import javax.servlet.Filter;
import javax.servlet.ServletContext;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.NiFiServer;
import org.apache.nifi.bundle.Bundle;
import org.apache.nifi.bundle.BundleDetails;
import org.apache.nifi.cluster.protocol.DataFlow;
import org.apache.nifi.controller.UninheritableFlowException;
import org.apache.nifi.controller.serialization.FlowSerializationException;
import org.apache.nifi.controller.serialization.FlowSynchronizationException;
import org.apache.nifi.diagnostics.DiagnosticsDump;
import org.apache.nifi.diagnostics.DiagnosticsDumpElement;
import org.apache.nifi.diagnostics.DiagnosticsFactory;
import org.apache.nifi.diagnostics.ThreadDumpTask;
import org.apache.nifi.documentation.DocGenerator;
import org.apache.nifi.lifecycle.LifeCycleStartException;
import org.apache.nifi.nar.ExtensionManagerHolder;
import org.apache.nifi.nar.ExtensionMapping;
import org.apache.nifi.nar.ExtensionUiLoader;
import org.apache.nifi.nar.NarAutoLoader;
import org.apache.nifi.nar.NarClassLoadersHolder;
import org.apache.nifi.nar.StandardExtensionDiscoveringManager;
import org.apache.nifi.nar.StandardNarLoader;
import org.apache.nifi.processor.DataUnit;
import org.apache.nifi.security.util.KeyStoreUtils;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.services.FlowService;
import org.apache.nifi.ui.extension.UiExtension;
import org.apache.nifi.ui.extension.UiExtensionMapping;
import org.apache.nifi.util.FormatUtils;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.ContentAccess;
import org.apache.nifi.web.NiFiWebConfigurationContext;
import org.apache.nifi.web.UiExtensionType;
import org.apache.nifi.web.security.headers.ContentSecurityPolicyFilter;
import org.apache.nifi.web.security.headers.StrictTransportSecurityFilter;
import org.apache.nifi.web.security.headers.XContentTypeOptionsFilter;
import org.apache.nifi.web.security.headers.XFrameOptionsFilter;
import org.apache.nifi.web.security.headers.XSSProtectionFilter;
import org.apache.nifi.web.security.requests.ContentLengthFilter;
import org.eclipse.jetty.annotations.AnnotationConfiguration;
import org.eclipse.jetty.deploy.App;
import org.eclipse.jetty.deploy.AppProvider;
import org.eclipse.jetty.deploy.DeploymentManager;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.ContextHandlerCollection;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.server.handler.HandlerList;
import org.eclipse.jetty.server.handler.gzip.GzipHandler;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.servlets.DoSFilter;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.eclipse.jetty.webapp.Configuration;
import org.eclipse.jetty.webapp.JettyWebXmlConfiguration;
import org.eclipse.jetty.webapp.WebAppClassLoader;
import org.eclipse.jetty.webapp.WebAppContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:org/apache/nifi/web/server/JettyServer.class */
public class JettyServer implements NiFiServer, ExtensionUiLoader {
    private static final String WEB_DEFAULTS_XML = "org/apache/nifi/web/webdefault.xml";
    private static final String CONTAINER_INCLUDE_PATTERN_KEY = "org.eclipse.jetty.server.webapp.ContainerIncludeJarPattern";
    private static final String CONTAINER_INCLUDE_PATTERN_VALUE = ".*/[^/]*servlet-api-[^/]*\\.jar$|.*/javax.servlet.jsp.jstl-.*\\\\.jar$|.*/[^/]*taglibs.*\\.jar$";
    private Server server;
    private NiFiProperties props;
    private Bundle systemBundle;
    private Set<Bundle> bundles;
    private ExtensionMapping extensionMapping;
    private NarAutoLoader narAutoLoader;
    private DiagnosticsFactory diagnosticsFactory;
    private WebAppContext webApiContext;
    private WebAppContext webDocsContext;
    private WebAppContext webContentViewerContext;
    private Collection<WebAppContext> contentViewerWebContexts;
    private UiExtensionMapping componentUiExtensions;
    private Collection<WebAppContext> componentUiExtensionWebContexts;
    private DeploymentManager deploymentManager;
    private static final Logger logger = LoggerFactory.getLogger(JettyServer.class);
    private static final FileFilter WAR_FILTER = file -> {
        return file.getName().toLowerCase().endsWith(".war") && file.isFile();
    };

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/nifi/web/server/JettyServer$ExtensionUiInfo.class */
    public static class ExtensionUiInfo {
        private final Collection<WebAppContext> webAppContexts;
        private final Map<String, String> mimeMappings;
        private final Collection<WebAppContext> componentUiExtensionWebContexts;
        private final Collection<WebAppContext> contentViewerWebContexts;
        private final Map<String, List<UiExtension>> componentUiExtensionsByType;

        public ExtensionUiInfo(Collection<WebAppContext> collection, Map<String, String> map, Collection<WebAppContext> collection2, Collection<WebAppContext> collection3, Map<String, List<UiExtension>> map2) {
            this.webAppContexts = collection;
            this.mimeMappings = map;
            this.componentUiExtensionWebContexts = collection2;
            this.contentViewerWebContexts = collection3;
            this.componentUiExtensionsByType = map2;
        }

        public Collection<WebAppContext> getWebAppContexts() {
            return this.webAppContexts;
        }

        public Map<String, String> getMimeMappings() {
            return this.mimeMappings;
        }

        public Collection<WebAppContext> getComponentUiExtensionWebContexts() {
            return this.componentUiExtensionWebContexts;
        }

        public Collection<WebAppContext> getContentViewerWebContexts() {
            return this.contentViewerWebContexts;
        }

        public Map<String, List<UiExtension>> getComponentUiExtensionsByType() {
            return this.componentUiExtensionsByType;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/nifi/web/server/JettyServer$ThreadDumpDiagnosticsFactory.class */
    public static class ThreadDumpDiagnosticsFactory implements DiagnosticsFactory {
        private ThreadDumpDiagnosticsFactory() {
        }

        public DiagnosticsDump create(final boolean z) {
            return new DiagnosticsDump() { // from class: org.apache.nifi.web.server.JettyServer.ThreadDumpDiagnosticsFactory.1
                public void writeTo(OutputStream outputStream) throws IOException {
                    DiagnosticsDumpElement captureDump = new ThreadDumpTask().captureDump(z);
                    BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(outputStream));
                    Iterator it = captureDump.getDetails().iterator();
                    while (it.hasNext()) {
                        bufferedWriter.write((String) it.next());
                        bufferedWriter.write("\n");
                    }
                    bufferedWriter.flush();
                }
            };
        }
    }

    public JettyServer() {
    }

    public void init() {
        QueuedThreadPool queuedThreadPool = new QueuedThreadPool(this.props.getWebThreads());
        queuedThreadPool.setName("NiFi Web Server");
        this.server = new Server(queuedThreadPool);
        Configuration.ClassList.setServerDefault(this.server).addBefore(JettyWebXmlConfiguration.class.getName(), new String[]{AnnotationConfiguration.class.getName()});
        configureConnectors(this.server);
        Handler loadInitialWars = loadInitialWars(this.bundles);
        HandlerList handlerList = new HandlerList();
        if (this.props.isHTTPSConfigured()) {
            HostHeaderHandler hostHeaderHandler = new HostHeaderHandler(this.props);
            logger.info("Created HostHeaderHandler [" + hostHeaderHandler.toString() + "]");
            handlerList.addHandler(hostHeaderHandler);
        } else {
            logger.info("Running in HTTP mode; host headers not restricted");
        }
        ContextHandlerCollection contextHandlerCollection = new ContextHandlerCollection();
        contextHandlerCollection.addHandler(loadInitialWars);
        handlerList.addHandler(contextHandlerCollection);
        this.server.setHandler(handlerList);
        this.deploymentManager = new DeploymentManager();
        this.deploymentManager.setContextAttribute(CONTAINER_INCLUDE_PATTERN_KEY, CONTAINER_INCLUDE_PATTERN_VALUE);
        this.deploymentManager.setContexts(contextHandlerCollection);
        this.server.addBean(this.deploymentManager);
    }

    JettyServer(Server server, NiFiProperties niFiProperties) {
        this.server = server;
        this.props = niFiProperties;
    }

    private Handler loadInitialWars(Set<Bundle> set) {
        Map<File, Bundle> findWars = findWars(set);
        File file = null;
        File file2 = null;
        File file3 = null;
        File file4 = null;
        File file5 = null;
        HashMap hashMap = new HashMap();
        for (Map.Entry<File, Bundle> entry : findWars.entrySet()) {
            File key = entry.getKey();
            Bundle value = entry.getValue();
            if (key.getName().toLowerCase().startsWith("nifi-web-api")) {
                file2 = key;
            } else if (key.getName().toLowerCase().startsWith("nifi-web-error")) {
                file3 = key;
            } else if (key.getName().toLowerCase().startsWith("nifi-web-docs")) {
                file4 = key;
            } else if (key.getName().toLowerCase().startsWith("nifi-web-content-viewer")) {
                file5 = key;
            } else if (key.getName().toLowerCase().startsWith("nifi-web")) {
                file = key;
            } else {
                hashMap.put(key, value);
            }
        }
        if (file == null) {
            throw new RuntimeException("Unable to load nifi-web WAR");
        }
        if (file2 == null) {
            throw new RuntimeException("Unable to load nifi-web-api WAR");
        }
        if (file4 == null) {
            throw new RuntimeException("Unable to load nifi-web-docs WAR");
        }
        if (file3 == null) {
            throw new RuntimeException("Unable to load nifi-web-error WAR");
        }
        if (file5 == null) {
            throw new RuntimeException("Unable to load nifi-web-content-viewer WAR");
        }
        ExtensionUiInfo loadWars = loadWars(hashMap);
        this.componentUiExtensionWebContexts = new ArrayList(loadWars.getComponentUiExtensionWebContexts());
        this.contentViewerWebContexts = new ArrayList(loadWars.getContentViewerWebContexts());
        this.componentUiExtensions = new UiExtensionMapping(loadWars.getComponentUiExtensionsByType());
        HandlerCollection handlerCollection = new HandlerCollection();
        Collection<WebAppContext> webAppContexts = loadWars.getWebAppContexts();
        handlerCollection.getClass();
        webAppContexts.forEach((v1) -> {
            r1.addHandler(v1);
        });
        ClassLoader classLoader = getClass().getClassLoader();
        WebAppContext loadWar = loadWar(file, "/nifi", classLoader);
        loadWar.getInitParams().put("oidc-supported", String.valueOf(this.props.isOidcEnabled()));
        loadWar.getInitParams().put("knox-supported", String.valueOf(this.props.isKnoxSsoEnabled()));
        loadWar.getInitParams().put("saml-supported", String.valueOf(this.props.isSamlEnabled()));
        loadWar.getInitParams().put("saml-single-logout-supported", String.valueOf(this.props.isSamlSingleLogoutEnabled()));
        loadWar.getInitParams().put("allowedContextPaths", this.props.getAllowedContextPaths());
        handlerCollection.addHandler(loadWar);
        this.webApiContext = loadWar(file2, "/nifi-api", classLoader);
        handlerCollection.addHandler(this.webApiContext);
        this.webContentViewerContext = loadWar(file5, "/nifi-content-viewer", classLoader);
        this.webContentViewerContext.getInitParams().putAll(loadWars.getMimeMappings());
        handlerCollection.addHandler(this.webContentViewerContext);
        this.webDocsContext = loadWar(file4, "/nifi-docs", classLoader);
        addDocsServlets(this.webDocsContext);
        handlerCollection.addHandler(this.webDocsContext);
        WebAppContext loadWar2 = loadWar(file3, "/", classLoader);
        loadWar2.getInitParams().put("allowedContextPaths", this.props.getAllowedContextPaths());
        handlerCollection.addHandler(loadWar2);
        return gzip(handlerCollection);
    }

    public void loadExtensionUis(Set<Bundle> set) {
        ExtensionUiInfo loadWars = loadWars(findWars(set));
        Collection<WebAppContext> webAppContexts = loadWars.getWebAppContexts();
        if (CollectionUtils.isEmpty(webAppContexts)) {
            logger.debug("No webapp contexts were loaded, returning...");
            return;
        }
        Iterator<WebAppContext> it = webAppContexts.iterator();
        while (it.hasNext()) {
            this.deploymentManager.addApp(new App(this.deploymentManager, (AppProvider) null, "nifi-jetty-server", it.next()));
        }
        Collection<? extends WebAppContext> componentUiExtensionWebContexts = loadWars.getComponentUiExtensionWebContexts();
        Collection<? extends WebAppContext> contentViewerWebContexts = loadWars.getContentViewerWebContexts();
        NiFiWebConfigurationContext niFiWebConfigurationContext = (NiFiWebConfigurationContext) WebApplicationContextUtils.getRequiredWebApplicationContext(this.webApiContext.getServletHandler().getServletContext()).getBean("nifiWebConfigurationContext", NiFiWebConfigurationContext.class);
        FilterHolder filter = this.webApiContext.getServletHandler().getFilter("springSecurityFilterChain");
        performInjectionForComponentUis(componentUiExtensionWebContexts, niFiWebConfigurationContext, filter);
        performInjectionForContentViewerUis(contentViewerWebContexts, filter);
        this.componentUiExtensionWebContexts.addAll(componentUiExtensionWebContexts);
        this.contentViewerWebContexts.addAll(contentViewerWebContexts);
        this.componentUiExtensions.addUiExtensions(loadWars.getComponentUiExtensionsByType());
        Iterator<WebAppContext> it2 = webAppContexts.iterator();
        while (it2.hasNext()) {
            Throwable unavailableException = it2.next().getUnavailableException();
            if (unavailableException != null) {
                logger.error("Unable to start context due to " + unavailableException.getMessage(), unavailableException);
            }
        }
    }

    private ExtensionUiInfo loadWars(Map<File, Bundle> map) {
        ArrayList arrayList = new ArrayList();
        HashMap hashMap = new HashMap();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        HashMap hashMap2 = new HashMap();
        ClassLoader parent = getClass().getClassLoader().getParent();
        if (!map.isEmpty()) {
            for (Map.Entry<File, Bundle> entry : map.entrySet()) {
                File key = entry.getKey();
                Bundle value = entry.getValue();
                HashMap hashMap3 = new HashMap();
                identifyUiExtensionsForComponents(hashMap3, key);
                if (!hashMap3.isEmpty()) {
                    String format = String.format("/%s", StringUtils.substringBeforeLast(key.getName(), "."));
                    ClassLoader classLoader = value.getClassLoader();
                    if (classLoader == null) {
                        classLoader = parent;
                    }
                    WebAppContext loadWar = loadWar(key, format, classLoader);
                    for (Map.Entry<UiExtensionType, List<String>> entry2 : hashMap3.entrySet()) {
                        UiExtensionType key2 = entry2.getKey();
                        List<String> value2 = entry2.getValue();
                        if (UiExtensionType.ContentViewer.equals(key2)) {
                            Iterator<String> it = value2.iterator();
                            while (it.hasNext()) {
                                hashMap.put(it.next(), format);
                            }
                            arrayList3.add(loadWar);
                        } else {
                            for (String str : value2) {
                                logger.info(String.format("Loading UI extension [%s, %s] for %s", key2, format, str));
                                UiExtension uiExtension = new UiExtension(key2, format);
                                List<UiExtension> list = (List) hashMap2.get(str);
                                if (list == null) {
                                    list = new ArrayList();
                                    hashMap2.put(str, list);
                                }
                                if (containsUiExtensionType(list, key2)) {
                                    throw new IllegalStateException(String.format("Encountered duplicate UI for %s", str));
                                }
                                list.add(uiExtension);
                            }
                            arrayList2.add(loadWar);
                        }
                    }
                    arrayList.add(loadWar);
                }
            }
        }
        return new ExtensionUiInfo(arrayList, hashMap, arrayList2, arrayList3, hashMap2);
    }

    private boolean containsUiExtensionType(List<UiExtension> list, UiExtensionType uiExtensionType) {
        Iterator<UiExtension> it = list.iterator();
        while (it.hasNext()) {
            if (uiExtensionType.equals(it.next().getExtensionType())) {
                return true;
            }
        }
        return false;
    }

    private Handler gzip(Handler handler) {
        GzipHandler gzipHandler = new GzipHandler();
        gzipHandler.setIncludedMethods(new String[]{"GET", "POST", "PUT", "DELETE"});
        gzipHandler.setHandler(handler);
        return gzipHandler;
    }

    private Map<File, Bundle> findWars(Set<Bundle> set) {
        HashMap hashMap = new HashMap();
        set.forEach(bundle -> {
            BundleDetails bundleDetails = bundle.getBundleDetails();
            File file = new File(bundleDetails.getWorkingDirectory(), "NAR-INF/bundled-dependencies");
            logger.debug("Attempting to load bundle {} from {}", bundleDetails, file.getAbsolutePath());
            if (file.isDirectory()) {
                File[] listFiles = file.listFiles(WAR_FILTER);
                if (listFiles == null) {
                    throw new IllegalStateException(String.format("Unable to access working directory for NAR dependencies in: %s", file.getAbsolutePath()));
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("Found {} available WARs in {}", Integer.valueOf(listFiles.length), file.getAbsolutePath());
                    for (File file2 : listFiles) {
                        logger.debug("\t" + file2.getAbsolutePath());
                    }
                }
                for (File file3 : listFiles) {
                    hashMap.put(file3, bundle);
                }
            }
        });
        return hashMap;
    }

    private void readUiExtensions(Map<UiExtensionType, List<String>> map, UiExtensionType uiExtensionType, JarFile jarFile, JarEntry jarEntry) throws IOException {
        if (jarEntry == null) {
            return;
        }
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(jarFile.getInputStream(jarEntry)));
        Throwable th = null;
        while (true) {
            try {
                try {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    String extractComponentType = extractComponentType(readLine);
                    if (extractComponentType != null) {
                        List<String> list = map.get(uiExtensionType);
                        if (list == null) {
                            list = new ArrayList();
                            map.put(uiExtensionType, list);
                        }
                        list.add(extractComponentType);
                    }
                } catch (Throwable th2) {
                    th = th2;
                    throw th2;
                }
            } catch (Throwable th3) {
                if (bufferedReader != null) {
                    if (th != null) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                throw th3;
            }
        }
        if (bufferedReader != null) {
            if (0 == 0) {
                bufferedReader.close();
                return;
            }
            try {
                bufferedReader.close();
            } catch (Throwable th5) {
                th.addSuppressed(th5);
            }
        }
    }

    private void identifyUiExtensionsForComponents(Map<UiExtensionType, List<String>> map, File file) {
        try {
            JarFile jarFile = new JarFile(file);
            Throwable th = null;
            try {
                try {
                    readUiExtensions(map, UiExtensionType.ContentViewer, jarFile, jarFile.getJarEntry("META-INF/nifi-content-viewer"));
                    readUiExtensions(map, UiExtensionType.ProcessorConfiguration, jarFile, jarFile.getJarEntry("META-INF/nifi-processor-configuration"));
                    readUiExtensions(map, UiExtensionType.ControllerServiceConfiguration, jarFile, jarFile.getJarEntry("META-INF/nifi-controller-service-configuration"));
                    readUiExtensions(map, UiExtensionType.ReportingTaskConfiguration, jarFile, jarFile.getJarEntry("META-INF/nifi-reporting-task-configuration"));
                    if (jarFile != null) {
                        if (0 != 0) {
                            try {
                                jarFile.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            jarFile.close();
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } finally {
            }
        } catch (IOException e) {
            logger.warn(String.format("Unable to inspect %s for a UI extensions.", file));
        }
    }

    private String extractComponentType(String str) {
        String trim = str.trim();
        if (trim.isEmpty() || trim.startsWith("#")) {
            return null;
        }
        int indexOf = trim.indexOf("#");
        return indexOf > 0 ? trim.substring(0, indexOf) : trim;
    }

    private WebAppContext loadWar(File file, String str, ClassLoader classLoader) {
        WebAppContext webAppContext = new WebAppContext(file.getPath(), str);
        webAppContext.setContextPath(str);
        webAppContext.setDisplayName(str);
        webAppContext.setAttribute(CONTAINER_INCLUDE_PATTERN_KEY, CONTAINER_INCLUDE_PATTERN_VALUE);
        ArrayList arrayList = new ArrayList(Arrays.asList(webAppContext.getServerClasses()));
        arrayList.remove("org.slf4j.");
        webAppContext.setServerClasses((String[]) arrayList.toArray(new String[0]));
        webAppContext.setDefaultsDescriptor(WEB_DEFAULTS_XML);
        webAppContext.getMimeTypes().addMimeMapping("ttf", "font/ttf");
        File file2 = new File(this.props.getWebWorkingDirectory(), file.getName());
        if (file2.exists() && !file2.isDirectory()) {
            throw new RuntimeException(file2.getAbsolutePath() + " is not a directory");
        }
        if (!file2.exists() && !file2.mkdirs()) {
            throw new RuntimeException(file2.getAbsolutePath() + " could not be created");
        }
        if (!file2.canRead() || !file2.canWrite()) {
            throw new RuntimeException(file2.getAbsolutePath() + " directory does not have read/write privilege");
        }
        webAppContext.setTempDirectory(file2);
        webAppContext.setMaxFormContentSize(600000);
        ArrayList arrayList2 = new ArrayList(Arrays.asList(XFrameOptionsFilter.class, ContentSecurityPolicyFilter.class, XSSProtectionFilter.class, XContentTypeOptionsFilter.class));
        if (this.props.isHTTPSConfigured()) {
            arrayList2.add(StrictTransportSecurityFilter.class);
        }
        arrayList2.forEach(cls -> {
            addFilters(cls, "/*", webAppContext);
        });
        addDenialOfServiceFilters("/*", webAppContext, this.props);
        try {
            webAppContext.setClassLoader(new WebAppClassLoader(classLoader, webAppContext));
        } catch (IOException e) {
            startUpFailure(e);
        }
        logger.info("Loading WAR: " + file.getAbsolutePath() + " with context path set to " + str);
        return webAppContext;
    }

    private void addFilters(Class<? extends Filter> cls, String str, WebAppContext webAppContext) {
        FilterHolder filterHolder = new FilterHolder(cls);
        filterHolder.setName(cls.getSimpleName());
        webAppContext.addFilter(filterHolder, str, EnumSet.allOf(DispatcherType.class));
    }

    private void addDocsServlets(WebAppContext webAppContext) {
        try {
            File docsDir = getDocsDir("docs");
            File workingDocsDirectory = getWorkingDocsDirectory(this.props.getComponentDocumentationWorkingDirectory());
            File webApiDocsDir = getWebApiDocsDir();
            ServletHolder servletHolder = new ServletHolder("default", DefaultServlet.class);
            servletHolder.setInitParameter("dirAllowed", "false");
            ServletHolder servletHolder2 = new ServletHolder("docs", DefaultServlet.class);
            servletHolder2.setInitParameter("resourceBase", docsDir.getPath());
            servletHolder2.setInitParameter("dirAllowed", "false");
            ServletHolder servletHolder3 = new ServletHolder("components", DefaultServlet.class);
            servletHolder3.setInitParameter("resourceBase", workingDocsDirectory.getPath());
            servletHolder3.setInitParameter("dirAllowed", "false");
            ServletHolder servletHolder4 = new ServletHolder("rest-api", DefaultServlet.class);
            servletHolder4.setInitParameter("resourceBase", webApiDocsDir.getPath());
            servletHolder4.setInitParameter("dirAllowed", "false");
            webAppContext.addServlet(servletHolder2, "/html/*");
            webAppContext.addServlet(servletHolder3, "/components/*");
            webAppContext.addServlet(servletHolder4, "/rest-api/*");
            webAppContext.addServlet(servletHolder, "/");
            logger.info("Loading documents web app with context path set to " + webAppContext.getContextPath());
        } catch (Exception e) {
            logger.error("Unhandled Exception in createDocsWebApp: " + e.getMessage());
            startUpFailure(e);
        }
    }

    private static void addDenialOfServiceFilters(String str, WebAppContext webAppContext, NiFiProperties niFiProperties) {
        addWebRequestRateLimitingFilter(str, webAppContext, determineMaxWebRequestsPerSecond(niFiProperties));
        int determineMaxRequestSize = determineMaxRequestSize(niFiProperties);
        if (determineMaxRequestSize > 0) {
            addContentLengthFilter(str, webAppContext, determineMaxRequestSize);
        } else {
            logger.debug("Not adding content-length filter because {} is not set in nifi.properties", "nifi.web.max.content.size");
        }
    }

    private static int determineMaxWebRequestsPerSecond(NiFiProperties niFiProperties) {
        int parseInt = Integer.parseInt("30000");
        int i = 0;
        try {
            i = Integer.parseInt(niFiProperties.getMaxWebRequestsPerSecond());
        } catch (NumberFormatException e) {
            logger.warn("Exception parsing property nifi.web.max.requests.per.second; using default value: " + parseInt);
        }
        return i > 0 ? i : parseInt;
    }

    private static void addWebRequestRateLimitingFilter(String str, WebAppContext webAppContext, final int i) {
        FilterHolder filterHolder = new FilterHolder(DoSFilter.class);
        filterHolder.setInitParameters(new HashMap<String, String>() { // from class: org.apache.nifi.web.server.JettyServer.1
            {
                put("maxRequestsPerSec", String.valueOf(i));
            }
        });
        filterHolder.setName(DoSFilter.class.getSimpleName());
        logger.debug("Adding DoSFilter to context at path: " + str + " with max req/sec: " + i);
        webAppContext.addFilter(filterHolder, str, EnumSet.allOf(DispatcherType.class));
    }

    private static int determineMaxRequestSize(NiFiProperties niFiProperties) {
        try {
            String webMaxContentSize = niFiProperties.getWebMaxContentSize();
            logger.debug("Read {} as {}", "nifi.web.max.content.size", webMaxContentSize);
            if (!StringUtils.isNotBlank(webMaxContentSize)) {
                logger.debug("{} read from nifi.properties is empty", "nifi.web.max.content.size");
                return -1;
            }
            int intValue = DataUnit.parseDataSize(webMaxContentSize, DataUnit.B).intValue();
            logger.debug("Parsed max content length as {} bytes", Integer.valueOf(intValue));
            return intValue;
        } catch (IllegalArgumentException e) {
            logger.warn("Exception parsing property {}; disabling content length filter", "nifi.web.max.content.size");
            logger.debug("Error during parsing: ", e);
            return -1;
        }
    }

    private static void addContentLengthFilter(String str, WebAppContext webAppContext, final int i) {
        FilterHolder filterHolder = new FilterHolder(ContentLengthFilter.class);
        filterHolder.setInitParameters(new HashMap<String, String>() { // from class: org.apache.nifi.web.server.JettyServer.2
            {
                put("maxContentLength", String.valueOf(i));
            }
        });
        filterHolder.setName(ContentLengthFilter.class.getSimpleName());
        logger.debug("Adding ContentLengthFilter to context at path: " + str + " with max request size: " + i + "B");
        webAppContext.addFilter(filterHolder, str, EnumSet.allOf(DispatcherType.class));
    }

    private File getDocsDir(String str) {
        File absoluteFile;
        try {
            absoluteFile = Paths.get(str, new String[0]).toRealPath(new LinkOption[0]).toFile();
        } catch (IOException e) {
            logger.info("Directory '" + str + "' is missing. Some documentation will be unavailable.");
            absoluteFile = new File(str).getAbsoluteFile();
            if (!absoluteFile.mkdirs()) {
                logger.error("Failed to create 'docs' directory!");
                startUpFailure(new IOException(absoluteFile.getAbsolutePath() + " could not be created"));
            }
        }
        return absoluteFile;
    }

    private File getWorkingDocsDirectory(File file) {
        File file2 = null;
        try {
            file2 = file.toPath().toRealPath(new LinkOption[0]).getParent().toFile();
        } catch (IOException e) {
            logger.error("Failed to load :" + file.getAbsolutePath());
            startUpFailure(e);
        }
        return file2;
    }

    private File getWebApiDocsDir() {
        File file = new File(this.webApiContext.getTempDirectory(), "webapp/docs");
        if (!file.exists() && !file.mkdirs()) {
            logger.error("Failed to create " + file.getAbsolutePath());
            startUpFailure(new IOException(file.getAbsolutePath() + " could not be created"));
        }
        return file;
    }

    private void configureConnectors(Server server) throws ServerConfigurationException {
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        int intValue = DataUnit.parseDataSize(this.props.getWebMaxHeaderSize(), DataUnit.B).intValue();
        httpConfiguration.setRequestHeaderSize(intValue);
        httpConfiguration.setResponseHeaderSize(intValue);
        httpConfiguration.setSendServerVersion(this.props.shouldSendServerVersion());
        if (bothHttpAndHttpsConnectorsConfigured(this.props)) {
            logger.error("NiFi only supports one mode of HTTP or HTTPS operation, not both simultaneously. Check the nifi.properties file and ensure that either the HTTP hostname and port or the HTTPS hostname and port are empty");
            startUpFailure(new IllegalStateException("Only one of the HTTP and HTTPS connectors can be configured at one time"));
        }
        if (this.props.getSslPort() != null) {
            configureHttpsConnector(server, httpConfiguration);
        } else if (this.props.getPort() != null) {
            configureHttpConnector(server, httpConfiguration);
        } else {
            logger.error("Neither the HTTP nor HTTPS connector was configured in nifi.properties");
            startUpFailure(new IllegalStateException("Must configure HTTP or HTTPS connector"));
        }
    }

    private void configureHttpsConnector(Server server, HttpConfiguration httpConfiguration) {
        String property = this.props.getProperty("nifi.web.https.host");
        Integer sslPort = this.props.getSslPort();
        configureGenericConnector(server, httpConfiguration, property, sslPort, "HTTPS", this.props.getHttpsNetworkInterfaces(), (server2, httpConfiguration2) -> {
            return createUnconfiguredSslServerConnector(server2, httpConfiguration2, sslPort.intValue());
        });
    }

    private void configureHttpConnector(Server server, HttpConfiguration httpConfiguration) {
        configureGenericConnector(server, httpConfiguration, this.props.getProperty("nifi.web.http.host"), this.props.getPort(), "HTTP", this.props.getHttpNetworkInterfaces(), (server2, httpConfiguration2) -> {
            return new ServerConnector(server2, new ConnectionFactory[]{new HttpConnectionFactory(httpConfiguration2)});
        });
    }

    private void configureGenericConnector(Server server, HttpConfiguration httpConfiguration, String str, Integer num, String str2, Map<String, String> map, ServerConnectorCreator<Server, HttpConfiguration, ServerConnector> serverConnectorCreator) {
        if (num.intValue() < 0 || ((int) Math.pow(2.0d, 16.0d)) <= num.intValue()) {
            throw new ServerConfigurationException("Invalid " + str2 + " port: " + num);
        }
        logger.info("Configuring Jetty for " + str2 + " on port: " + num);
        ArrayList newArrayList = Lists.newArrayList();
        String autoRefreshInterval = this.props.getAutoRefreshInterval();
        long timeDuration = (autoRefreshInterval == null ? 30000L : FormatUtils.getTimeDuration(autoRefreshInterval, TimeUnit.MILLISECONDS)) * 2;
        if (map.isEmpty() || ((List) map.values().stream().filter(str3 -> {
            return !Strings.isNullOrEmpty(str3);
        }).collect(Collectors.toList())).isEmpty()) {
            ServerConnector create = serverConnectorCreator.create(server, httpConfiguration);
            if (StringUtils.isNotBlank(str)) {
                create.setHost(str);
            }
            create.setPort(num.intValue());
            create.setIdleTimeout(timeDuration);
            newArrayList.add(create);
        } else {
            newArrayList.addAll(Lists.newArrayList((Iterable) map.values().stream().map(str4 -> {
                NetworkInterface networkInterface = null;
                try {
                    networkInterface = NetworkInterface.getByName(str4);
                } catch (SocketException e) {
                    logger.error("Unable to get network interface by name {}", str4, e);
                }
                if (networkInterface == null) {
                    logger.warn("Unable to find network interface named {}", str4);
                }
                return networkInterface;
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).flatMap(networkInterface -> {
                return Collections.list(networkInterface.getInetAddresses()).stream();
            }).map(inetAddress -> {
                ServerConnector serverConnector = (ServerConnector) serverConnectorCreator.create(server, httpConfiguration);
                serverConnector.setHost(inetAddress.getHostAddress());
                serverConnector.setPort(num.intValue());
                serverConnector.setIdleTimeout(timeDuration);
                return serverConnector;
            }).collect(Collectors.toList())));
        }
        server.getClass();
        newArrayList.forEach(server::addConnector);
    }

    static boolean bothHttpAndHttpsConnectorsConfigured(NiFiProperties niFiProperties) {
        Integer port = niFiProperties.getPort();
        String property = niFiProperties.getProperty("nifi.web.http.host");
        Integer sslPort = niFiProperties.getSslPort();
        String property2 = niFiProperties.getProperty("nifi.web.https.host");
        if (port == null || sslPort == null) {
            return false;
        }
        logger.warn("Both the HTTP and HTTPS connectors are configured in nifi.properties. Only one of these connectors should be configured. See the NiFi Admin Guide for more details");
        logger.warn("HTTP connector:   http://" + property + ":" + port);
        logger.warn("HTTPS connector: https://" + property2 + ":" + sslPort);
        return true;
    }

    private ServerConnector createUnconfiguredSslServerConnector(Server server, HttpConfiguration httpConfiguration, int i) {
        HttpConfiguration httpConfiguration2 = new HttpConfiguration(httpConfiguration);
        httpConfiguration2.setSecureScheme("https");
        httpConfiguration2.setSecurePort(i);
        httpConfiguration2.setSendServerVersion(this.props.shouldSendServerVersion());
        httpConfiguration2.addCustomizer(new SecureRequestCustomizer());
        return new ServerConnector(server, new ConnectionFactory[]{new SslConnectionFactory(createSslContextFactory(), "http/1.1"), new HttpConnectionFactory(httpConfiguration2)});
    }

    private SslContextFactory createSslContextFactory() {
        SslContextFactory.Server server = new SslContextFactory.Server();
        configureSslContextFactory(server, this.props);
        return server;
    }

    protected static void configureSslContextFactory(SslContextFactory.Server server, NiFiProperties niFiProperties) {
        server.setIncludeProtocols(TlsConfiguration.getCurrentSupportedTlsProtocolVersions());
        server.setExcludeProtocols(new String[]{"TLS", "TLSv1", "TLSv1.1", "SSL", "SSLv2", "SSLv2Hello", "SSLv3"});
        if (niFiProperties.isClientAuthRequiredForRestApi()) {
            server.setNeedClientAuth(true);
        } else {
            server.setWantClientAuth(true);
        }
        if (StringUtils.isNotBlank(niFiProperties.getProperty("nifi.security.keystore"))) {
            server.setKeyStorePath(niFiProperties.getProperty("nifi.security.keystore"));
        }
        String property = niFiProperties.getProperty("nifi.security.keystoreType");
        if (StringUtils.isNotBlank(property)) {
            server.setKeyStoreType(property);
            String keyStoreProvider = KeyStoreUtils.getKeyStoreProvider(property);
            if (StringUtils.isNoneEmpty(new CharSequence[]{keyStoreProvider})) {
                server.setKeyStoreProvider(keyStoreProvider);
            }
        }
        String property2 = niFiProperties.getProperty("nifi.security.keystorePasswd");
        String property3 = niFiProperties.getProperty("nifi.security.keyPasswd");
        if (StringUtils.isNotBlank(property2)) {
            String str = StringUtils.isBlank(property3) ? property2 : property3;
            server.setKeyStorePassword(property2);
            server.setKeyManagerPassword(str);
        } else if (StringUtils.isNotBlank(property3)) {
            server.setKeyManagerPassword(property3);
        }
        if (StringUtils.isNotBlank(niFiProperties.getProperty("nifi.security.truststore"))) {
            server.setTrustStorePath(niFiProperties.getProperty("nifi.security.truststore"));
        }
        String property4 = niFiProperties.getProperty("nifi.security.truststoreType");
        if (StringUtils.isNotBlank(property4)) {
            server.setTrustStoreType(property4);
            String keyStoreProvider2 = KeyStoreUtils.getKeyStoreProvider(property4);
            if (StringUtils.isNoneEmpty(new CharSequence[]{keyStoreProvider2})) {
                server.setTrustStoreProvider(keyStoreProvider2);
            }
        }
        if (StringUtils.isNotBlank(niFiProperties.getProperty("nifi.security.truststorePasswd"))) {
            server.setTrustStorePassword(niFiProperties.getProperty("nifi.security.truststorePasswd"));
        }
    }

    public void start() {
        try {
            StandardExtensionDiscoveringManager standardExtensionDiscoveringManager = new StandardExtensionDiscoveringManager();
            standardExtensionDiscoveringManager.discoverExtensions(this.systemBundle, this.bundles);
            standardExtensionDiscoveringManager.logClassLoaderMapping();
            ExtensionManagerHolder.init(standardExtensionDiscoveringManager);
            DocGenerator.generate(this.props, standardExtensionDiscoveringManager, this.extensionMapping);
            this.server.start();
            for (WebAppContext webAppContext : this.server.getChildHandlers()) {
                if (webAppContext instanceof WebAppContext) {
                    WebAppContext webAppContext2 = webAppContext;
                    if (webAppContext2.getUnavailableException() != null) {
                        startUpFailure(webAppContext2.getUnavailableException());
                    }
                }
            }
            if (this.webApiContext != null) {
                ServletContext servletContext = this.webApiContext.getServletHandler().getServletContext();
                servletContext.setAttribute("nifi-ui-extensions", this.componentUiExtensions);
                WebApplicationContext requiredWebApplicationContext = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
                NiFiWebConfigurationContext niFiWebConfigurationContext = (NiFiWebConfigurationContext) requiredWebApplicationContext.getBean("nifiWebConfigurationContext", NiFiWebConfigurationContext.class);
                FilterHolder filter = this.webApiContext.getServletHandler().getFilter("springSecurityFilterChain");
                performInjectionForComponentUis(this.componentUiExtensionWebContexts, niFiWebConfigurationContext, filter);
                performInjectionForContentViewerUis(this.contentViewerWebContexts, filter);
                if (this.webContentViewerContext != null) {
                    this.webContentViewerContext.getServletHandler().getServletContext().setAttribute("nifi-content-access", (ContentAccess) requiredWebApplicationContext.getBean("contentAccess", ContentAccess.class));
                    if (filter != null) {
                        this.webContentViewerContext.addFilter(filter, "/*", EnumSet.allOf(DispatcherType.class));
                    }
                }
                this.diagnosticsFactory = (DiagnosticsFactory) requiredWebApplicationContext.getBean("diagnosticsFactory", DiagnosticsFactory.class);
            }
            if (this.webDocsContext != null) {
                this.webDocsContext.getServletHandler().getServletContext().setAttribute("nifi-extension-mapping", this.extensionMapping);
            }
            if (this.props.isNode()) {
                FlowService flowService = null;
                try {
                    logger.info("Loading Flow...");
                    flowService = (FlowService) WebApplicationContextUtils.getWebApplicationContext(this.webApiContext.getServletContext()).getBean("flowService", FlowService.class);
                    flowService.start();
                    flowService.load((DataFlow) null);
                    logger.info("Flow loaded successfully.");
                } catch (BeansException | LifeCycleStartException | IOException | FlowSerializationException | FlowSynchronizationException | UninheritableFlowException e) {
                    if (flowService != null && flowService.isRunning()) {
                        flowService.stop(false);
                    }
                    logger.error("Unable to load flow due to: " + e, e);
                    throw new Exception("Unable to load flow due to: " + e);
                }
            }
            this.narAutoLoader = new NarAutoLoader(this.props.getNarAutoLoadDirectory(), new StandardNarLoader(this.props.getExtensionsWorkingDirectory(), this.props.getComponentDocumentationWorkingDirectory(), NarClassLoadersHolder.getInstance(), standardExtensionDiscoveringManager, this.extensionMapping, this));
            this.narAutoLoader.start();
            dumpUrls();
        } catch (Exception e2) {
            startUpFailure(e2);
        }
    }

    public DiagnosticsFactory getDiagnosticsFactory() {
        return this.diagnosticsFactory == null ? getThreadDumpFactory() : this.diagnosticsFactory;
    }

    public DiagnosticsFactory getThreadDumpFactory() {
        return new ThreadDumpDiagnosticsFactory();
    }

    private void performInjectionForComponentUis(Collection<WebAppContext> collection, NiFiWebConfigurationContext niFiWebConfigurationContext, FilterHolder filterHolder) {
        if (CollectionUtils.isNotEmpty(collection)) {
            for (WebAppContext webAppContext : collection) {
                webAppContext.getServletHandler().getServletContext().setAttribute("nifi-web-configuration-context", niFiWebConfigurationContext);
                if (filterHolder != null) {
                    webAppContext.addFilter(filterHolder, "/*", EnumSet.allOf(DispatcherType.class));
                }
            }
        }
    }

    private void performInjectionForContentViewerUis(Collection<WebAppContext> collection, FilterHolder filterHolder) {
        if (CollectionUtils.isNotEmpty(collection)) {
            for (WebAppContext webAppContext : collection) {
                if (filterHolder != null) {
                    webAppContext.addFilter(filterHolder, "/*", EnumSet.allOf(DispatcherType.class));
                }
            }
        }
    }

    private void dumpUrls() throws SocketException {
        ArrayList arrayList = new ArrayList();
        for (ServerConnector serverConnector : this.server.getConnectors()) {
            if (serverConnector instanceof ServerConnector) {
                ServerConnector serverConnector2 = serverConnector;
                HashSet hashSet = new HashSet();
                if (StringUtils.isNotBlank(serverConnector2.getHost())) {
                    hashSet.add(serverConnector2.getHost());
                } else {
                    Enumeration<NetworkInterface> networkInterfaces = NetworkInterface.getNetworkInterfaces();
                    if (networkInterfaces != null) {
                        Iterator it = Collections.list(networkInterfaces).iterator();
                        while (it.hasNext()) {
                            Iterator it2 = Collections.list(((NetworkInterface) it.next()).getInetAddresses()).iterator();
                            while (it2.hasNext()) {
                                hashSet.add(((InetAddress) it2.next()).getHostAddress());
                            }
                        }
                    }
                }
                if (!hashSet.isEmpty()) {
                    Object obj = "http";
                    if (this.props.getSslPort() != null && serverConnector2.getPort() == this.props.getSslPort().intValue()) {
                        obj = "https";
                    }
                    Iterator it3 = hashSet.iterator();
                    while (it3.hasNext()) {
                        arrayList.add(String.format("%s://%s:%s", obj, (String) it3.next(), Integer.valueOf(serverConnector2.getPort())));
                    }
                }
            }
        }
        if (arrayList.isEmpty()) {
            logger.warn("NiFi has started, but the UI is not available on any hosts. Please verify the host properties.");
            return;
        }
        logger.info("NiFi has started. The UI is available at the following URLs:");
        Iterator it4 = arrayList.iterator();
        while (it4.hasNext()) {
            logger.info(String.format("%s/nifi", (String) it4.next()));
        }
    }

    private void startUpFailure(Throwable th) {
        System.err.println("Failed to start web server: " + th.getMessage());
        System.err.println("Shutting down...");
        logger.warn("Failed to start web server... shutting down.", th);
        System.exit(1);
    }

    public void initialize(NiFiProperties niFiProperties, Bundle bundle, Set<Bundle> set, ExtensionMapping extensionMapping) {
        this.props = niFiProperties;
        this.systemBundle = bundle;
        this.bundles = set;
        this.extensionMapping = extensionMapping;
        init();
    }

    public void stop() {
        try {
            this.server.stop();
        } catch (Exception e) {
            logger.warn("Failed to stop web server", e);
        }
        try {
            if (this.narAutoLoader != null) {
                this.narAutoLoader.stop();
            }
        } catch (Exception e2) {
            logger.warn("Failed to stop NAR auto-loader", e2);
        }
    }
}
