package io.confluent.rest;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.jaxrs.base.JsonParseExceptionMapper;
import io.confluent.common.config.ConfigException;
import io.confluent.common.config.types.Password;
import io.confluent.common.metrics.JmxReporter;
import io.confluent.common.metrics.MetricConfig;
import io.confluent.common.metrics.Metrics;
import io.confluent.common.metrics.MetricsReporter;
import io.confluent.rest.RestConfig;
import io.confluent.rest.exceptions.ConstraintViolationExceptionMapper;
import io.confluent.rest.exceptions.GenericExceptionMapper;
import io.confluent.rest.exceptions.WebApplicationExceptionMapper;
import io.confluent.rest.logging.Slf4jRequestLog;
import io.confluent.rest.metrics.MetricsResourceMethodApplicationListener;
import io.confluent.rest.validation.JacksonMessageBodyProvider;
import java.lang.management.ManagementFactory;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import javax.servlet.DispatcherType;
import javax.ws.rs.core.Configurable;
import org.eclipse.jetty.jaas.JAASLoginService;
import org.eclipse.jetty.jmx.MBeanContainer;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.DefaultIdentityService;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.NetworkTrafficServerConnector;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.handler.DefaultHandler;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.server.handler.RequestLogHandler;
import org.eclipse.jetty.server.handler.StatisticsHandler;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.servlets.AsyncGzipFilter;
import org.eclipse.jetty.servlets.CrossOriginFilter;
import org.eclipse.jetty.util.resource.ResourceCollection;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.server.validation.ValidationFeature;
import org.glassfish.jersey.servlet.ServletContainer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/rest/Application.class */
public abstract class Application<T extends RestConfig> {
    protected T config;
    protected Server server = null;
    protected CountDownLatch shutdownLatch = new CountDownLatch(1);
    protected Metrics metrics;
    private static final Logger log = LoggerFactory.getLogger(Application.class);

    public Application(T t) {
        this.config = t;
        MetricConfig timeWindow = new MetricConfig().samples(t.getInt(RestConfig.METRICS_NUM_SAMPLES_CONFIG)).timeWindow(t.getLong(RestConfig.METRICS_SAMPLE_WINDOW_MS_CONFIG), TimeUnit.MILLISECONDS);
        List configuredInstances = t.getConfiguredInstances(RestConfig.METRICS_REPORTER_CLASSES_CONFIG, MetricsReporter.class);
        configuredInstances.add(new JmxReporter(t.getString(RestConfig.METRICS_JMX_PREFIX_CONFIG)));
        this.metrics = new Metrics(timeWindow, configuredInstances, t.getTime());
    }

    public abstract void setupResources(Configurable<?> configurable, T t);

    protected ResourceCollection getStaticResources() {
        return null;
    }

    protected void configurePostResourceHandling(ServletContextHandler servletContextHandler) {
    }

    public Map<String, String> getMetricsTags() {
        return new LinkedHashMap();
    }

    public Server createServer() throws RestConfigException {
        NetworkTrafficServerConnector networkTrafficServerConnector;
        Configurable<?> resourceConfig = new ResourceConfig<>();
        Map<String, String> metricsTags = getMetricsTags();
        configureBaseApplication(resourceConfig, metricsTags);
        setupResources(resourceConfig, getConfiguration());
        FilterHolder filterHolder = new FilterHolder(new ServletContainer(resourceConfig));
        this.server = new Server() { // from class: io.confluent.rest.Application.1
            protected void doStop() throws Exception {
                super.doStop();
                Application.this.metrics.close();
                Application.this.onShutdown();
                Application.this.shutdownLatch.countDown();
            }
        };
        MBeanContainer mBeanContainer = new MBeanContainer(ManagementFactory.getPlatformMBeanServer());
        this.server.addEventListener(mBeanContainer);
        this.server.addBean(mBeanContainer);
        MetricsListener metricsListener = new MetricsListener(this.metrics, "jetty", metricsTags);
        for (URI uri : parseListeners(this.config.getList(RestConfig.LISTENERS_CONFIG), this.config.getInt(RestConfig.PORT_CONFIG), Arrays.asList("http", "https"), "http")) {
            log.info("Adding listener: " + uri.toString());
            if (uri.getScheme().equals("http")) {
                networkTrafficServerConnector = new NetworkTrafficServerConnector(this.server);
            } else {
                SslContextFactory sslContextFactory = new SslContextFactory();
                if (this.config.getString(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG).isEmpty()) {
                    String clientKeystoreLocation = KafkaRestSSLPropertiesReader.getClientKeystoreLocation();
                    if (clientKeystoreLocation == null) {
                        throw new ConfigException(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG);
                    }
                    sslContextFactory.setKeyStorePath(clientKeystoreLocation);
                } else {
                    sslContextFactory.setKeyStorePath(this.config.getString(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG));
                }
                Password password = this.config.getPassword(RestConfig.SSL_KEYSTORE_PASSWORD_CONFIG);
                if (Objects.equals(password.value(), "")) {
                    String clientKeystorePassword = KafkaRestSSLPropertiesReader.getClientKeystorePassword();
                    if (Objects.equals(clientKeystorePassword, "")) {
                        throw new ConfigException(RestConfig.SSL_KEYSTORE_PASSWORD_CONFIG);
                    }
                    sslContextFactory.setKeyStorePassword(clientKeystorePassword);
                } else {
                    sslContextFactory.setKeyStorePassword(password.value());
                }
                Password password2 = this.config.getPassword(RestConfig.SSL_KEY_PASSWORD_CONFIG);
                if (Objects.equals(password2.value(), "")) {
                    String clientKeyPassword = KafkaRestSSLPropertiesReader.getClientKeyPassword();
                    if (Objects.equals(clientKeyPassword, "")) {
                        throw new ConfigException(RestConfig.SSL_KEY_PASSWORD_CONFIG);
                    }
                    sslContextFactory.setKeyManagerPassword(clientKeyPassword);
                } else {
                    sslContextFactory.setKeyManagerPassword(password2.value());
                }
                sslContextFactory.setKeyStoreType(this.config.getString(RestConfig.SSL_KEYSTORE_TYPE_CONFIG));
                if (!this.config.getString(RestConfig.SSL_KEYMANAGER_ALGORITHM_CONFIG).isEmpty()) {
                    sslContextFactory.setSslKeyManagerFactoryAlgorithm(this.config.getString(RestConfig.SSL_KEYMANAGER_ALGORITHM_CONFIG));
                }
                sslContextFactory.setNeedClientAuth(this.config.getBoolean(RestConfig.SSL_CLIENT_AUTH_CONFIG));
                List list = this.config.getList(RestConfig.SSL_ENABLED_PROTOCOLS_CONFIG);
                if (!list.isEmpty()) {
                    sslContextFactory.setIncludeProtocols((String[]) list.toArray(new String[0]));
                }
                List list2 = this.config.getList(RestConfig.SSL_DISABLED_PROTOCOLS_CONFIG);
                if (!list2.isEmpty()) {
                    sslContextFactory.setExcludeProtocols((String[]) list2.toArray(new String[0]));
                }
                List list3 = this.config.getList(RestConfig.SSL_CIPHER_SUITES_CONFIG);
                if (!list3.isEmpty()) {
                    sslContextFactory.setIncludeCipherSuites((String[]) list3.toArray(new String[0]));
                }
                if (!this.config.getList(RestConfig.SSL_DISABLED_CIPHER_SUITES_CONFIG).isEmpty()) {
                    sslContextFactory.setExcludeCipherSuites((String[]) list3.toArray(new String[0]));
                }
                if (!this.config.getString(RestConfig.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG).isEmpty()) {
                    sslContextFactory.setEndpointIdentificationAlgorithm(this.config.getString(RestConfig.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG));
                }
                if (!this.config.getString(RestConfig.SSL_TRUSTSTORE_LOCATION_CONFIG).isEmpty()) {
                    sslContextFactory.setTrustStorePath(this.config.getString(RestConfig.SSL_TRUSTSTORE_LOCATION_CONFIG));
                    sslContextFactory.setTrustStorePassword(this.config.getPassword(RestConfig.SSL_TRUSTSTORE_PASSWORD_CONFIG).value());
                    sslContextFactory.setTrustStoreType(this.config.getString(RestConfig.SSL_TRUSTSTORE_TYPE_CONFIG));
                    if (!this.config.getString(RestConfig.SSL_TRUSTMANAGER_ALGORITHM_CONFIG).isEmpty()) {
                        sslContextFactory.setTrustManagerFactoryAlgorithm(this.config.getString(RestConfig.SSL_TRUSTMANAGER_ALGORITHM_CONFIG));
                    }
                }
                sslContextFactory.setProtocol(this.config.getString(RestConfig.SSL_PROTOCOL_CONFIG));
                if (!this.config.getString(RestConfig.SSL_PROVIDER_CONFIG).isEmpty()) {
                    sslContextFactory.setProtocol(this.config.getString(RestConfig.SSL_PROVIDER_CONFIG));
                }
                networkTrafficServerConnector = new NetworkTrafficServerConnector(this.server, sslContextFactory);
            }
            NetworkTrafficServerConnector networkTrafficServerConnector2 = networkTrafficServerConnector;
            networkTrafficServerConnector2.addNetworkTrafficListener(metricsListener);
            networkTrafficServerConnector2.setPort(uri.getPort());
            networkTrafficServerConnector2.setHost(uri.getHost());
            this.server.addConnector(networkTrafficServerConnector2);
        }
        Handler servletContextHandler = new ServletContextHandler(1);
        servletContextHandler.setContextPath("/");
        ServletHolder servletHolder = new ServletHolder("default", DefaultServlet.class);
        servletHolder.setInitParameter("dirAllowed", "false");
        ResourceCollection staticResources = getStaticResources();
        if (staticResources != null) {
            servletContextHandler.setBaseResource(staticResources);
        }
        if (this.config.getBoolean(RestConfig.ENABLE_GZIP_COMPRESSION_CONFIG)) {
            FilterHolder filterHolder2 = new FilterHolder(AsyncGzipFilter.class);
            filterHolder2.setInitParameter("checkGzExists", "false");
            filterHolder2.setInitParameter("methods", "GET,POST");
            servletContextHandler.addFilter(filterHolder2, "/*", (EnumSet) null);
        }
        if (enableBasicAuth(this.config.getString(RestConfig.AUTHENTICATION_METHOD_CONFIG))) {
            servletContextHandler.setSecurityHandler(createSecurityHandler(getConfiguration().getString(RestConfig.AUTHENTICATION_REALM_CONFIG), getConfiguration().getList(RestConfig.AUTHENTICATION_ROLES_CONFIG)));
        }
        String string = getConfiguration().getString(RestConfig.ACCESS_CONTROL_ALLOW_ORIGIN_CONFIG);
        if (string != null && !string.trim().isEmpty()) {
            FilterHolder filterHolder3 = new FilterHolder(CrossOriginFilter.class);
            filterHolder3.setName("cross-origin");
            filterHolder3.setInitParameter("allowedOrigins", string);
            String string2 = getConfiguration().getString(RestConfig.ACCESS_CONTROL_ALLOW_METHODS);
            if (string2 != null && !string.trim().isEmpty()) {
                filterHolder3.setInitParameter("allowedMethods", string2);
            }
            servletContextHandler.addFilter(filterHolder3, "/*", EnumSet.of(DispatcherType.REQUEST));
        }
        servletContextHandler.addFilter(filterHolder, "/*", (EnumSet) null);
        configurePostResourceHandling(servletContextHandler);
        servletContextHandler.addServlet(servletHolder, "/*");
        Handler requestLogHandler = new RequestLogHandler();
        Slf4jRequestLog slf4jRequestLog = new Slf4jRequestLog();
        slf4jRequestLog.setLoggerName(this.config.getString(RestConfig.REQUEST_LOGGER_NAME_CONFIG));
        slf4jRequestLog.setLogLatency(true);
        requestLogHandler.setRequestLog(slf4jRequestLog);
        HandlerCollection handlerCollection = new HandlerCollection();
        handlerCollection.setHandlers(new Handler[]{servletContextHandler, new DefaultHandler(), requestLogHandler});
        StatisticsHandler statisticsHandler = new StatisticsHandler();
        statisticsHandler.setHandler(handlerCollection);
        this.server.setHandler(statisticsHandler);
        int i = getConfiguration().getInt(RestConfig.SHUTDOWN_GRACEFUL_MS_CONFIG);
        if (i > 0) {
            this.server.setStopTimeout(i);
        }
        this.server.setStopAtShutdown(true);
        return this.server;
    }

    static boolean enableBasicAuth(String str) {
        return RestConfig.AUTHENTICATION_METHOD_BASIC.equals(str);
    }

    static ConstraintSecurityHandler createSecurityHandler(String str, List<String> list) {
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        Constraint constraint = new Constraint();
        constraint.setAuthenticate(true);
        constraint.setRoles(new String[]{"**"});
        ConstraintMapping constraintMapping = new ConstraintMapping();
        constraintMapping.setConstraint(constraint);
        constraintMapping.setMethod("*");
        constraintMapping.setPathSpec("/*");
        constraintSecurityHandler.addConstraintMapping(constraintMapping);
        constraintSecurityHandler.setAuthenticator(new BasicAuthenticator());
        constraintSecurityHandler.setLoginService(new JAASLoginService(str));
        constraintSecurityHandler.setIdentityService(new DefaultIdentityService());
        constraintSecurityHandler.setRealmName(str);
        constraintSecurityHandler.setDenyUncoveredHttpMethods(false);
        constraintSecurityHandler.addRole("*");
        return constraintSecurityHandler;
    }

    public static List<URI> parseListeners(List<String> list, int i, List<String> list2, String str) {
        if (list.isEmpty() || list.get(0).isEmpty()) {
            log.warn("DEPRECATION warning: `listeners` configuration is not configured. Falling back to the deprecated `port` configuration.");
            list = new ArrayList(1);
            list.add(str + "://0.0.0.0:" + i);
        }
        ArrayList arrayList = new ArrayList(list.size());
        for (String str2 : list) {
            try {
                URI uri = new URI(str2);
                String scheme = uri.getScheme();
                if (scheme == null) {
                    throw new ConfigException("Found a listener without a scheme. All listeners must have a scheme. The listener without a scheme is: " + str2);
                }
                if (uri.getPort() == -1) {
                    throw new ConfigException("Found a listener without a port. All listeners must have a port. The listener without a port is: " + str2);
                }
                if (list2.contains(scheme)) {
                    arrayList.add(uri);
                } else {
                    log.warn("Found a listener with an unsupported scheme (supported: {}). Ignoring listener '{}'", list2, str2);
                }
            } catch (URISyntaxException e) {
                throw new ConfigException("Could not parse a listener URI from the `listener` configuration option.");
            }
        }
        if (arrayList.isEmpty()) {
            throw new ConfigException("No listeners are configured. Must have at least one listener.");
        }
        return arrayList;
    }

    public void configureBaseApplication(Configurable<?> configurable) {
        configureBaseApplication(configurable, null);
    }

    public void configureBaseApplication(Configurable<?> configurable, Map<String, String> map) {
        T configuration = getConfiguration();
        registerJsonProvider(configurable, configuration, true);
        registerFeatures(configurable, configuration);
        registerExceptionMappers(configurable, configuration);
        configurable.register(new MetricsResourceMethodApplicationListener(this.metrics, "jersey", map, configuration.getTime()));
        configurable.property("jersey.config.beanValidation.enableOutputValidationErrorEntity.server", true);
    }

    protected void registerJsonProvider(Configurable<?> configurable, T t, boolean z) {
        configurable.register(new JacksonMessageBodyProvider(getJsonMapper()));
        if (z) {
            configurable.register(JsonParseExceptionMapper.class);
        }
    }

    protected void registerFeatures(Configurable<?> configurable, T t) {
        configurable.register(ValidationFeature.class);
    }

    protected void registerExceptionMappers(Configurable<?> configurable, T t) {
        configurable.register(ConstraintViolationExceptionMapper.class);
        configurable.register(new WebApplicationExceptionMapper(t));
        configurable.register(new GenericExceptionMapper(t));
    }

    public T getConfiguration() {
        return this.config;
    }

    protected ObjectMapper getJsonMapper() {
        return new ObjectMapper();
    }

    public void start() throws Exception {
        if (this.server == null) {
            createServer();
        }
        this.server.start();
    }

    public void join() throws InterruptedException {
        this.server.join();
        this.shutdownLatch.await();
    }

    public void stop() throws Exception {
        this.server.stop();
    }

    public void onShutdown() {
    }
}
