package org.apache.drill.yarn.appMaster.http;

import com.typesafe.config.Config;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.Principal;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collections;
import javax.security.auth.Subject;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.drill.shaded.guava.com.google.common.collect.ImmutableSet;
import org.apache.drill.yarn.appMaster.Dispatcher;
import org.apache.drill.yarn.core.DrillOnYarnConfig;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.DefaultIdentityService;
import org.eclipse.jetty.security.DefaultUserIdentity;
import org.eclipse.jetty.security.IdentityService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.SecurityHandler;
import org.eclipse.jetty.security.authentication.FormAuthenticator;
import org.eclipse.jetty.security.authentication.SessionAuthentication;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.HandlerContainer;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.server.handler.ErrorHandler;
import org.eclipse.jetty.server.session.HashSessionManager;
import org.eclipse.jetty.server.session.SessionHandler;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.glassfish.jersey.servlet.ServletContainer;
import org.joda.time.DateTime;

/* loaded from: input_file:org/apache/drill/yarn/appMaster/http/WebServer.class */
public class WebServer implements AutoCloseable {
    private static final Log LOG = LogFactory.getLog(WebServer.class);
    private final Server jettyServer;
    private Dispatcher dispatcher;

    /* loaded from: input_file:org/apache/drill/yarn/appMaster/http/WebServer$AMUserPrincipal.class */
    public static class AMUserPrincipal implements Principal {
        public final String userName;

        public AMUserPrincipal(String str) {
            this.userName = str;
        }

        @Override // java.security.Principal
        public String getName() {
            return this.userName;
        }
    }

    /* loaded from: input_file:org/apache/drill/yarn/appMaster/http/WebServer$AmLoginService.class */
    public static class AmLoginService implements LoginService {
        private AMSecurityManager securityMgr;
        protected IdentityService identityService = new DefaultIdentityService();

        public AmLoginService(AMSecurityManager aMSecurityManager) {
            this.securityMgr = aMSecurityManager;
        }

        public String getName() {
            return "drill-am";
        }

        public UserIdentity login(String str, Object obj, ServletRequest servletRequest) {
            if (this.securityMgr.login(str, (String) obj)) {
                return new DefaultUserIdentity((Subject) null, new AMUserPrincipal(str), new String[]{"admin"});
            }
            return null;
        }

        public boolean validate(UserIdentity userIdentity) {
            return true;
        }

        public IdentityService getIdentityService() {
            return this.identityService;
        }

        public void setIdentityService(IdentityService identityService) {
            this.identityService = identityService;
        }

        public void logout(UserIdentity userIdentity) {
        }
    }

    public WebServer(Dispatcher dispatcher) {
        this.dispatcher = dispatcher;
        if (DrillOnYarnConfig.config().getBoolean(DrillOnYarnConfig.HTTP_ENABLED)) {
            this.jettyServer = new Server();
        } else {
            this.jettyServer = null;
        }
    }

    public void start() throws Exception {
        if (this.jettyServer == null) {
            return;
        }
        build();
        this.jettyServer.start();
    }

    private void build() throws Exception {
        Config config = DrillOnYarnConfig.config();
        buildConnector(config);
        buildServlets(config);
    }

    private void buildConnector(Config config) throws Exception {
        this.jettyServer.addConnector(config.getBoolean(DrillOnYarnConfig.HTTP_ENABLE_SSL) ? createHttpsConnector(config) : createHttpConnector(config));
    }

    private void buildServlets(Config config) {
        ServletContextHandler servletContextHandler = new ServletContextHandler((HandlerContainer) null, "/");
        servletContextHandler.setErrorHandler(createErrorHandler());
        this.jettyServer.setHandler(servletContextHandler);
        ServletHolder servletHolder = new ServletHolder(new ServletContainer(new WebUiPageTree(this.dispatcher)));
        servletHolder.setInitOrder(1);
        servletContextHandler.addServlet(servletHolder, "/*");
        ServletHolder servletHolder2 = new ServletHolder(new ServletContainer(new AmRestApi(this.dispatcher)));
        servletHolder2.setInitOrder(2);
        servletContextHandler.addServlet(servletHolder2, "/rest/*");
        setupStaticResources(servletContextHandler);
        if (AMSecurityManagerImpl.isEnabled()) {
            servletContextHandler.setSecurityHandler(createSecurityHandler());
            servletContextHandler.setSessionHandler(createSessionHandler(config, servletContextHandler.getSecurityHandler()));
        }
    }

    private ErrorHandler createErrorHandler() {
        ErrorHandler errorHandler = new ErrorHandler();
        errorHandler.setShowStacks(true);
        errorHandler.setShowMessageInTitle(true);
        return errorHandler;
    }

    private void setupStaticResources(ServletContextHandler servletContextHandler) {
        ServletHolder servletHolder = new ServletHolder("static", DefaultServlet.class);
        servletHolder.setInitParameter("resourceBase", Resource.newClassPathResource("/rest/static").toString());
        servletHolder.setInitParameter("dirAllowed", "false");
        servletHolder.setInitParameter("pathInfoOnly", "true");
        servletContextHandler.addServlet(servletHolder, "/static/*");
        ServletHolder servletHolder2 = new ServletHolder("am-static", DefaultServlet.class);
        servletHolder2.setInitParameter("resourceBase", Resource.newClassPathResource("/drill-am/static").toString());
        servletHolder2.setInitParameter("dirAllowed", "false");
        servletHolder2.setInitParameter("pathInfoOnly", "true");
        servletContextHandler.addServlet(servletHolder2, "/drill-am/static/*");
    }

    private ConstraintSecurityHandler createSecurityHandler() {
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        constraintSecurityHandler.setConstraintMappings(Collections.emptyList(), ImmutableSet.of("admin"));
        constraintSecurityHandler.setAuthenticator(new FormAuthenticator("/login", "/login", true));
        constraintSecurityHandler.setLoginService(new AmLoginService(AMSecurityManagerImpl.instance()));
        return constraintSecurityHandler;
    }

    private SessionHandler createSessionHandler(Config config, final SecurityHandler securityHandler) {
        HashSessionManager hashSessionManager = new HashSessionManager();
        hashSessionManager.setMaxInactiveInterval(config.getInt(DrillOnYarnConfig.HTTP_SESSION_MAX_IDLE_SECS));
        hashSessionManager.addEventListener(new HttpSessionListener() { // from class: org.apache.drill.yarn.appMaster.http.WebServer.1
            public void sessionCreated(HttpSessionEvent httpSessionEvent) {
            }

            public void sessionDestroyed(HttpSessionEvent httpSessionEvent) {
                Object attribute;
                HttpSession session = httpSessionEvent.getSession();
                if (session == null || (attribute = session.getAttribute("org.eclipse.jetty.security.UserIdentity")) == null) {
                    return;
                }
                securityHandler.logout((SessionAuthentication) attribute);
                session.removeAttribute("org.eclipse.jetty.security.UserIdentity");
            }
        });
        return new SessionHandler(hashSessionManager);
    }

    private ServerConnector createHttpConnector(Config config) throws Exception {
        LOG.info("Setting up HTTP connector for web server");
        ServerConnector serverConnector = new ServerConnector(this.jettyServer, new ConnectionFactory[]{new HttpConnectionFactory(new HttpConfiguration())});
        serverConnector.setPort(config.getInt(DrillOnYarnConfig.HTTP_PORT));
        return serverConnector;
    }

    private ServerConnector createHttpsConnector(Config config) throws Exception {
        LOG.info("Setting up HTTPS connector for web server");
        SslContextFactory sslContextFactory = new SslContextFactory();
        LOG.info("Using generated self-signed SSL settings for web server");
        SecureRandom secureRandom = new SecureRandom();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024, secureRandom);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        DateTime now = DateTime.now();
        X500NameBuilder addRDN = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.OU, "Apache Drill (auth-generated)").addRDN(BCStyle.O, "Apache Software Foundation (auto-generated)").addRDN(BCStyle.CN, "Drill AM");
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(new JcaX509v3CertificateBuilder(addRDN.build(), new BigInteger(128, secureRandom), now.minusMinutes(1).toDate(), now.plusYears(5).toDate(), addRDN.build(), generateKeyPair.getPublic()).build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(generateKeyPair.getPrivate())));
        certificate.checkValidity(now.toDate());
        certificate.verify(certificate.getPublicKey());
        String random = RandomStringUtils.random(20);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        keyStore.setKeyEntry("DrillAutoGeneratedCert", generateKeyPair.getPrivate(), random.toCharArray(), new Certificate[]{certificate});
        sslContextFactory.setKeyStore(keyStore);
        sslContextFactory.setKeyStorePassword(random);
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.addCustomizer(new SecureRequestCustomizer());
        ServerConnector serverConnector = new ServerConnector(this.jettyServer, new ConnectionFactory[]{new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfiguration)});
        serverConnector.setPort(config.getInt(DrillOnYarnConfig.HTTP_PORT));
        return serverConnector;
    }

    @Override // java.lang.AutoCloseable
    public void close() throws Exception {
        if (this.jettyServer != null) {
            this.jettyServer.stop();
        }
    }
}
