package org.logevents.web;

import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpServer;
import com.sun.net.httpserver.HttpsConfigurator;
import com.sun.net.httpserver.HttpsExchange;
import com.sun.net.httpserver.HttpsServer;
import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.time.Instant;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Optional;
import javax.net.ssl.SSLContext;
import org.logevents.observers.LogEventSource;
import org.logevents.query.LogEventFilter;
import org.logevents.query.LogEventQueryResult;
import org.logevents.status.LogEventStatus;
import org.logevents.util.JsonParser;
import org.logevents.util.JsonUtil;
import org.logevents.util.openid.OpenIdConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.Marker;
import org.slf4j.MarkerFactory;

/* loaded from: input_file:org/logevents/web/LogEventHttpServer.class */
public class LogEventHttpServer extends AbstractLogEventHttpServer {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) LogEventHttpServer.class);
    private static final Marker AUDIT = MarkerFactory.getMarker("AUDIT");
    private HttpServer httpServer;
    private OpenIdConfiguration openIdConfiguration;
    private LogEventSource logEventSource;
    private CryptoVault sessionVault;
    private String hostname = null;
    private Optional<Integer> httpPort = Optional.empty();
    private Optional<Integer> httpsPort = Optional.empty();
    private String logEventsHtml = "/org/logevents/logevents.html";
    private Optional<String> cookieEncryptionKey = Optional.empty();
    private Optional<String> keyStore = Optional.empty();
    private Optional<String> keyStorePassword = Optional.empty();
    private Optional<String> hostKeyPassword = Optional.empty();

    public void setHostname(String str) {
        this.hostname = str;
    }

    public void setHttpPort(Optional<Integer> optional) {
        this.httpPort = optional;
    }

    public void setLogEventsHtml(String str) {
        this.logEventsHtml = str;
    }

    public void setOpenIdConfiguration(OpenIdConfiguration openIdConfiguration) {
        this.openIdConfiguration = openIdConfiguration;
    }

    public void setLogEventSource(LogEventSource logEventSource) {
        this.logEventSource = logEventSource;
    }

    public void start() {
        LogEventStatus.getInstance().addInfo(this, "Starting server on port " + this.httpPort);
        try {
            if (this.hostname == null) {
                this.hostname = InetAddress.getLocalHost().getHostName();
            }
            if (this.httpsPort.isPresent()) {
                HttpsServer create = HttpsServer.create(new InetSocketAddress(this.hostname, this.httpsPort.get().intValue()), 0);
                try {
                    create.setHttpsConfigurator(new HttpsConfigurator(createSslContext(this.hostname)));
                    this.httpServer = create;
                } catch (GeneralSecurityException e) {
                    LogEventStatus.getInstance().addError(this, "Failed to start SSLContext", e);
                    return;
                }
            } else {
                if (!this.httpPort.isPresent()) {
                    LogEventStatus.getInstance().addError(this, "httpPort or httpsPort must be configured", null);
                    return;
                }
                this.httpServer = HttpServer.create(new InetSocketAddress(this.hostname, this.httpPort.get().intValue()), 0);
            }
            LogEventStatus.getInstance().addInfo(this, "Started on " + getUrl());
            this.httpServer.createContext("/", this::httpHandler);
            this.httpServer.start();
        } catch (IOException e2) {
            LogEventStatus.getInstance().addError(this, "Failed to start server", e2);
        }
        setupCookieVault();
    }

    public String getUrl() {
        return (this.httpServer instanceof HttpsServer ? "https" : "http") + "://" + this.hostname + ":" + this.httpServer.getAddress().getPort() + "/logs";
    }

    void setupCookieVault() {
        this.sessionVault = new CryptoVault(this.cookieEncryptionKey);
    }

    public SSLContext createSslContext(String str) throws GeneralSecurityException, IOException {
        HostKeyStore hostKeyStore = new HostKeyStore(new File(this.keyStore.orElse("key-" + str + ".p12")), this.keyStorePassword.orElse(""));
        hostKeyStore.setHostName(str);
        hostKeyStore.setKeyPassword(this.hostKeyPassword.orElse(""));
        if (!hostKeyStore.isKeyPresent()) {
            hostKeyStore.generateKey();
        }
        File file = new File("key-" + str + ".crt");
        if (!file.exists()) {
            LogEventStatus.getInstance().addInfo(this, "Please import " + file.getAbsolutePath() + " as a root CA to access logevents console with your browser over https");
        }
        hostKeyStore.writeCertificate(file);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(hostKeyStore.getKeyManagers(), null, null);
        return sSLContext;
    }

    void httpHandler(HttpExchange httpExchange) throws IOException {
        try {
            String path = httpExchange.getRequestURI().getPath();
            if (path.equals("/logs")) {
                httpExchange.getResponseHeaders().add("Location", getAuthority(httpExchange) + "/logs/");
                httpExchange.sendResponseHeaders(302, 0L);
            } else if (path.equals("/logs/")) {
                String resourceFileAsString = getResourceFileAsString(this.logEventsHtml);
                httpExchange.getResponseHeaders().add("Content-type", "text/html");
                sendResponse(httpExchange, resourceFileAsString, 200);
            } else if (path.equals("/logs/swagger.json")) {
                Map<String, Object> parseObject = JsonParser.parseObject(getResourceFileAsString("/org/logevents/swagger.json"));
                HashMap hashMap = new HashMap();
                hashMap.put("url", getAuthority(httpExchange) + "/logs");
                parseObject.put("servers", Collections.singletonList(hashMap));
                httpExchange.getResponseHeaders().add("Content-type", "application/json");
                sendResponse(httpExchange, JsonUtil.toIndentedJson((Map<String, ?>) parseObject), 200);
            } else if (path.equals("/logs/login")) {
                String randomString = OpenIdConfiguration.randomString(50);
                httpExchange.getResponseHeaders().add("Location", this.openIdConfiguration.getAuthorizationUrl(randomString, getAuthority(httpExchange) + "/logs/oauth2callback"));
                httpExchange.getResponseHeaders().set("Set-Cookie", "logevents.query=" + httpExchange.getRequestURI().getRawQuery() + ";Max-Age: 300, logevents.login.state=" + randomString + ";Max-Age; 300");
                httpExchange.sendResponseHeaders(302, 0L);
            } else if (path.equals("/logs/oauth2callback")) {
                Map<String, Object> fetchIdToken = this.openIdConfiguration.fetchIdToken(parseParameters(httpExchange.getRequestURI().getQuery()).get("code")[0], getAuthority(httpExchange) + "/logs/oauth2callback");
                if (!this.openIdConfiguration.isAuthorizedToken(fetchIdToken)) {
                    logger.warn(AUDIT, "Unknown user tried to log in {}", fetchIdToken);
                    httpExchange.sendResponseHeaders(403, 0L);
                } else {
                    logger.warn(AUDIT, "User logged in {}", fetchIdToken);
                    LogEventStatus.getInstance().addInfo(this, "User logged in " + fetchIdToken);
                    httpExchange.getResponseHeaders().set("Set-Cookie", createSessionCookie(fetchIdToken));
                    httpExchange.getResponseHeaders().add("Location", getAuthority(httpExchange) + "/logs");
                    httpExchange.sendResponseHeaders(302, 0L);
                }
            } else if (!isAuthenticated(httpExchange)) {
                sendResponse(httpExchange, "Please log in", 401);
            } else if (path.equals("/logs/events")) {
                LogEventQueryResult query = this.logEventSource.query(new LogEventFilter(parseParameters(httpExchange.getRequestURI().getQuery())));
                LinkedHashMap linkedHashMap = new LinkedHashMap();
                linkedHashMap.put("facets", query.getSummary().toJson());
                linkedHashMap.put("events", query.getEventsAsJson());
                httpExchange.getResponseHeaders().add("Content-type", "application/json");
                sendResponse(httpExchange, JsonUtil.toIndentedJson(linkedHashMap), 200);
            } else {
                sendResponse(httpExchange, "Unknown file", 404);
            }
        } catch (Exception e) {
            logger.error("While processing {}", httpExchange, e);
            sendResponse(httpExchange, e.toString(), 500);
        }
    }

    private String getAuthority(HttpExchange httpExchange) {
        return (httpExchange instanceof HttpsExchange ? "https" : "http") + "://" + httpExchange.getRequestHeaders().getFirst("Host");
    }

    private String createSessionCookie(Map<String, Object> map) {
        HashMap hashMap = new HashMap();
        hashMap.put("subject", map.get("sub"));
        hashMap.put("sessionTime", Instant.ofEpochSecond(Long.parseLong(map.get("iat").toString())).toString());
        return "logevents.session=" + this.sessionVault.encrypt(JsonUtil.toIndentedJson(hashMap));
    }

    private boolean isAuthenticated(HttpExchange httpExchange) {
        Optional<String> cookie = getCookie(httpExchange, "logevents.session");
        if (!cookie.isPresent()) {
            return false;
        }
        try {
            Map<String, Object> parseObject = JsonParser.parseObject(this.sessionVault.decrypt(cookie.get()));
            if (parseObject.containsKey("sessionTime")) {
                if (Instant.now().isBefore(Instant.parse(parseObject.get("sessionTime").toString()).plusSeconds(3600L))) {
                    return true;
                }
            }
        } catch (Exception e) {
            LogEventStatus.getInstance().addInfo(this, "Failed to decode session cookie");
        }
        httpExchange.getResponseHeaders().set("Set-Cookie", "logevents.session=; max-age=-1");
        return false;
    }

    public String toString() {
        return getClass().getSimpleName() + "{hostname='" + this.hostname + "', httpPort=" + this.httpPort + '}';
    }

    public void setHttpsPort(Optional<Integer> optional) {
        this.httpsPort = optional;
    }

    public CryptoVault getSessionVault() {
        return this.sessionVault;
    }

    public void setCookieEncryptionKey(Optional<String> optional) {
        this.cookieEncryptionKey = optional;
    }

    public void setKeyStore(Optional<String> optional) {
        this.keyStore = optional;
    }

    public void setKeyStorePassword(Optional<String> optional) {
        this.keyStorePassword = optional;
    }

    public void setHostKeyPassword(Optional<String> optional) {
        this.hostKeyPassword = optional;
    }
}
