package org.apache.drill.exec.server.rest;

import com.codahale.metrics.MetricRegistry;
import com.codahale.metrics.servlets.MetricsServlet;
import com.codahale.metrics.servlets.ThreadDumpServlet;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSet;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.EnumSet;
import javax.servlet.DispatcherType;
import javax.servlet.Filter;
import javax.servlet.Servlet;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.drill.common.config.DrillConfig;
import org.apache.drill.exec.ExecConstants;
import org.apache.drill.exec.server.BootStrapContext;
import org.apache.drill.exec.server.rest.auth.DrillRestLoginService;
import org.apache.drill.exec.server.rest.auth.DrillUserPrincipal;
import org.apache.drill.exec.work.WorkManager;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.SecurityHandler;
import org.eclipse.jetty.security.authentication.FormAuthenticator;
import org.eclipse.jetty.security.authentication.SessionAuthentication;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.ErrorHandler;
import org.eclipse.jetty.server.session.HashSessionManager;
import org.eclipse.jetty.server.session.SessionHandler;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.servlets.CrossOriginFilter;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.glassfish.jersey.servlet.ServletContainer;
import org.joda.time.DateTime;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;

/* loaded from: input_file:org/apache/drill/exec/server/rest/WebServer.class */
public class WebServer implements AutoCloseable {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) WebServer.class);
    private final DrillConfig config;
    private final MetricRegistry metrics;
    private final WorkManager workManager;
    private final Server embeddedJetty;
    private final BootStrapContext context;
    private static final String BASE_STATIC_PATH = "/rest/static/";
    private static final String DRILL_ICON_RESOURCE_RELATIVE_PATH = "img/drill.ico";

    public WebServer(BootStrapContext bootStrapContext, WorkManager workManager) {
        this.context = bootStrapContext;
        this.config = bootStrapContext.getConfig();
        this.metrics = bootStrapContext.getMetrics();
        this.workManager = workManager;
        if (this.config.getBoolean(ExecConstants.HTTP_ENABLE)) {
            this.embeddedJetty = new Server();
        } else {
            this.embeddedJetty = null;
        }
    }

    public void start() throws Exception {
        if (this.embeddedJetty == null) {
            return;
        }
        boolean z = this.config.getBoolean(ExecConstants.USER_AUTHENTICATION_ENABLED);
        if (z && !this.context.getAuthProvider().containsFactory("PLAIN")) {
            logger.warn("Not starting web server. Currently Drill supports web authentication only through username/password. But PLAIN mechanism is not configured.");
            return;
        }
        this.embeddedJetty.addConnector(this.config.getBoolean(ExecConstants.HTTP_ENABLE_SSL) ? createHttpsConnector() : createHttpConnector());
        ErrorHandler errorHandler = new ErrorHandler();
        errorHandler.setShowStacks(true);
        errorHandler.setShowMessageInTitle(true);
        ServletContextHandler servletContextHandler = new ServletContextHandler(1);
        servletContextHandler.setErrorHandler(errorHandler);
        servletContextHandler.setContextPath("/");
        ServletHolder servletHolder = new ServletHolder(new ServletContainer(new DrillRestServer(this.workManager)));
        servletHolder.setInitOrder(1);
        servletContextHandler.addServlet(servletHolder, "/*");
        servletContextHandler.addServlet(new ServletHolder((Servlet) new MetricsServlet(this.metrics)), "/status/metrics");
        servletContextHandler.addServlet(new ServletHolder((Servlet) new ThreadDumpServlet()), "/status/threads");
        ServletHolder servletHolder2 = new ServletHolder("static", (Class<? extends Servlet>) DefaultServlet.class);
        String url = Resource.newClassPathResource("/rest/static/img/drill.ico").getURL().toString();
        servletHolder2.setInitParameter("resourceBase", url.substring(0, url.length() - DRILL_ICON_RESOURCE_RELATIVE_PATH.length()));
        servletHolder2.setInitParameter("dirAllowed", "false");
        servletHolder2.setInitParameter("pathInfoOnly", "true");
        servletContextHandler.addServlet(servletHolder2, "/static/*");
        if (z) {
            servletContextHandler.setSecurityHandler(createSecurityHandler());
            servletContextHandler.setSessionHandler(createSessionHandler(servletContextHandler.getSecurityHandler()));
        }
        if (this.config.getBoolean(ExecConstants.HTTP_CORS_ENABLED)) {
            FilterHolder filterHolder = new FilterHolder((Class<? extends Filter>) CrossOriginFilter.class);
            filterHolder.setInitParameter(CrossOriginFilter.ALLOWED_ORIGINS_PARAM, StringUtils.join(this.config.getStringList(ExecConstants.HTTP_CORS_ALLOWED_ORIGINS), ","));
            filterHolder.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM, StringUtils.join(this.config.getStringList(ExecConstants.HTTP_CORS_ALLOWED_METHODS), ","));
            filterHolder.setInitParameter(CrossOriginFilter.ALLOWED_HEADERS_PARAM, StringUtils.join(this.config.getStringList(ExecConstants.HTTP_CORS_ALLOWED_HEADERS), ","));
            filterHolder.setInitParameter(CrossOriginFilter.ALLOW_CREDENTIALS_PARAM, String.valueOf(this.config.getBoolean(ExecConstants.HTTP_CORS_CREDENTIALS)));
            for (String str : new String[]{"*.json", "/storage/*/enable/*", "/status*"}) {
                servletContextHandler.addFilter(filterHolder, str, EnumSet.of(DispatcherType.REQUEST));
            }
        }
        this.embeddedJetty.setHandler(servletContextHandler);
        this.embeddedJetty.start();
    }

    private SessionHandler createSessionHandler(final SecurityHandler securityHandler) {
        HashSessionManager hashSessionManager = new HashSessionManager();
        hashSessionManager.setMaxInactiveInterval(this.config.getInt(ExecConstants.HTTP_SESSION_MAX_IDLE_SECS));
        hashSessionManager.addEventListener(new HttpSessionListener() { // from class: org.apache.drill.exec.server.rest.WebServer.1
            @Override // javax.servlet.http.HttpSessionListener
            public void sessionCreated(HttpSessionEvent httpSessionEvent) {
            }

            @Override // javax.servlet.http.HttpSessionListener
            public void sessionDestroyed(HttpSessionEvent httpSessionEvent) {
                HttpSession session = httpSessionEvent.getSession();
                if (session == null) {
                    return;
                }
                Object attribute = session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);
                if (attribute != null) {
                    securityHandler.logout((SessionAuthentication) attribute);
                    session.removeAttribute(SessionAuthentication.__J_AUTHENTICATED);
                }
                WebSessionResources webSessionResources = (WebSessionResources) session.getAttribute(WebSessionResources.class.getSimpleName());
                if (webSessionResources != null) {
                    webSessionResources.close();
                    session.removeAttribute(WebSessionResources.class.getSimpleName());
                }
            }
        });
        return new SessionHandler(hashSessionManager);
    }

    private ConstraintSecurityHandler createSecurityHandler() {
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        constraintSecurityHandler.setConstraintMappings(Collections.emptyList(), ImmutableSet.of(DrillUserPrincipal.AUTHENTICATED_ROLE, DrillUserPrincipal.ADMIN_ROLE));
        constraintSecurityHandler.setAuthenticator(new FormAuthenticator(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL, DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL, true));
        constraintSecurityHandler.setLoginService(new DrillRestLoginService(this.workManager.getContext()));
        return constraintSecurityHandler;
    }

    private ServerConnector createHttpsConnector() throws Exception {
        logger.info("Setting up HTTPS connector for web server");
        SslContextFactory sslContextFactory = new SslContextFactory();
        if (!this.config.hasPath("javax.net.ssl.keyStore") || Strings.isNullOrEmpty(this.config.getString("javax.net.ssl.keyStore"))) {
            logger.info("Using generated self-signed SSL settings for web server");
            SecureRandom secureRandom = new SecureRandom();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(1024, secureRandom);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            DateTime now = DateTime.now();
            X500NameBuilder addRDN = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.OU, "Apache Drill (auth-generated)").addRDN(BCStyle.O, "Apache Software Foundation (auto-generated)").addRDN(BCStyle.CN, this.workManager.getContext().getEndpoint().getAddress());
            X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(new JcaX509v3CertificateBuilder(addRDN.build(), new BigInteger(128, secureRandom), now.minusMinutes(1).toDate(), now.plusYears(5).toDate(), addRDN.build(), generateKeyPair.getPublic()).build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(generateKeyPair.getPrivate())));
            certificate.checkValidity(now.toDate());
            certificate.verify(certificate.getPublicKey());
            String random = RandomStringUtils.random(20);
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null, null);
            keyStore.setKeyEntry("DrillAutoGeneratedCert", generateKeyPair.getPrivate(), random.toCharArray(), new Certificate[]{certificate});
            sslContextFactory.setKeyStore(keyStore);
            sslContextFactory.setKeyStorePassword(random);
        } else {
            logger.info("Using configured SSL settings for web server");
            sslContextFactory.setKeyStorePath(this.config.getString("javax.net.ssl.keyStore"));
            sslContextFactory.setKeyStorePassword(this.config.getString("javax.net.ssl.keyStorePassword"));
            if (this.config.hasPath("javax.net.ssl.trustStore")) {
                sslContextFactory.setTrustStorePath(this.config.getString("javax.net.ssl.trustStore"));
                if (this.config.hasPath("javax.net.ssl.trustStorePassword")) {
                    sslContextFactory.setTrustStorePassword(this.config.getString("javax.net.ssl.trustStorePassword"));
                }
            }
        }
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.addCustomizer(new SecureRequestCustomizer());
        ServerConnector serverConnector = new ServerConnector(this.embeddedJetty, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfiguration));
        serverConnector.setPort(this.config.getInt(ExecConstants.HTTP_PORT));
        return serverConnector;
    }

    private ServerConnector createHttpConnector() throws Exception {
        logger.info("Setting up HTTP connector for web server");
        ServerConnector serverConnector = new ServerConnector(this.embeddedJetty, new HttpConnectionFactory(new HttpConfiguration()));
        serverConnector.setPort(this.config.getInt(ExecConstants.HTTP_PORT));
        return serverConnector;
    }

    @Override // java.lang.AutoCloseable
    public void close() throws Exception {
        if (this.embeddedJetty != null) {
            this.embeddedJetty.stop();
        }
    }
}
