package eu.unicore.util.jetty;

import eu.unicore.security.canl.IAuthnAndTrustConfiguration;
import eu.unicore.util.Log;
import eu.unicore.util.configuration.ConfigurationException;
import eu.unicore.util.jetty.HttpServerProperties;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletContext;
import jakarta.servlet.ServletException;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.EnumSet;
import java.util.Enumeration;
import java.util.Random;
import org.apache.logging.log4j.Logger;
import org.eclipse.jetty.rewrite.handler.HeaderPatternRule;
import org.eclipse.jetty.rewrite.handler.RewriteHandler;
import org.eclipse.jetty.rewrite.handler.Rule;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.ConnectionLimit;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.HttpChannel;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.NetworkConnector;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Response;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.handler.AbstractHandlerContainer;
import org.eclipse.jetty.server.handler.gzip.GzipHandler;
import org.eclipse.jetty.server.session.DefaultSessionIdManager;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlets.CrossOriginFilter;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;

/* loaded from: input_file:eu/unicore/util/jetty/JettyServerBase.class */
public abstract class JettyServerBase {
    private static final Logger logger = Log.getLogger(Log.HTTP_SERVER, JettyServerBase.class);
    protected final URL[] listenUrls;
    protected final IAuthnAndTrustConfiguration securityConfiguration;
    protected final HttpServerProperties extraSettings;
    private Handler rootHandler;
    private Server theServer;

    public JettyServerBase(URL url, IAuthnAndTrustConfiguration iAuthnAndTrustConfiguration, HttpServerProperties httpServerProperties) throws ConfigurationException {
        this(new URL[]{url}, iAuthnAndTrustConfiguration, httpServerProperties);
    }

    public JettyServerBase(URL[] urlArr, IAuthnAndTrustConfiguration iAuthnAndTrustConfiguration, HttpServerProperties httpServerProperties) throws ConfigurationException {
        this.securityConfiguration = iAuthnAndTrustConfiguration;
        this.listenUrls = urlArr;
        this.extraSettings = httpServerProperties;
    }

    public void start() throws Exception {
        logger.debug("Starting Jetty HTTP server");
        this.theServer.start();
        updatePortsIfNeeded();
        logger.info("Jetty HTTP server was started");
    }

    public void stop() throws Exception {
        logger.debug("Stopping Jetty HTTP server");
        this.theServer.stop();
        logger.info("Jetty HTTP server was stopped");
    }

    protected void initServer() throws ConfigurationException {
        if (this.listenUrls.length == 1 && "0.0.0.0".equals(this.listenUrls[0].getHost())) {
            logger.info("Creating Jetty HTTP server, will listen on all network interfaces");
        } else {
            StringBuilder sb = new StringBuilder();
            for (URL url : this.listenUrls) {
                sb.append(url).append(" ");
            }
            logger.info("Creating Jetty HTTP server, will listen on: {}", sb);
        }
        this.theServer = createServer();
        configureSessionIdManager(this.extraSettings.getBooleanValue(HttpServerProperties.FAST_RANDOM).booleanValue());
        for (Connector connector : createConnectors()) {
            this.theServer.addConnector(connector);
        }
        configureResourceMonitoring();
        this.rootHandler = createRootHandler();
        try {
            this.rootHandler = configureCORS(this.rootHandler);
            configureGzipHandler(configureHttpHeaders(this.rootHandler));
            configureErrorHandler();
        } catch (ServletException e) {
            throw new ConfigurationException("Error setting up CORS", e);
        }
    }

    protected Server createServer() {
        return new Server(getThreadPool()) { // from class: eu.unicore.util.jetty.JettyServerBase.1
            public void handle(HttpChannel httpChannel) throws IOException, ServletException {
                Request request = httpChannel.getRequest();
                Response response = httpChannel.getResponse();
                if (!"TRACE".equals(request.getMethod())) {
                    super.handle(httpChannel);
                } else {
                    request.setHandled(true);
                    response.setStatus(405);
                }
            }
        };
    }

    protected void configureGzipHandler(AbstractHandlerContainer abstractHandlerContainer) {
        this.theServer.setHandler(configureGzip(abstractHandlerContainer));
    }

    protected void configureErrorHandler() {
        this.theServer.addBean(new JettyErrorHandler(this.theServer));
    }

    protected QueuedThreadPool getThreadPool() {
        QueuedThreadPool queuedThreadPool = new QueuedThreadPool();
        int length = this.listenUrls.length * 3;
        queuedThreadPool.setMaxThreads(this.extraSettings.getIntValue(HttpServerProperties.MAX_THREADS).intValue() + length);
        queuedThreadPool.setMinThreads(this.extraSettings.getIntValue(HttpServerProperties.MIN_THREADS).intValue() + length);
        return queuedThreadPool;
    }

    protected AbstractHandlerContainer configureHttpHeaders(Handler handler) {
        RewriteHandler rewriteHandler = new RewriteHandler();
        rewriteHandler.setRewriteRequestURI(false);
        rewriteHandler.setRewritePathInfo(false);
        rewriteHandler.setHandler(handler);
        rewriteHandler.setRules(new Rule[0]);
        if (this.extraSettings.getBooleanValue(HttpServerProperties.ENABLE_HSTS).booleanValue()) {
            HeaderPatternRule headerPatternRule = new HeaderPatternRule();
            headerPatternRule.setName("Strict-Transport-Security");
            headerPatternRule.setValue("max-age=31536000; includeSubDomains");
            headerPatternRule.setPattern("*");
            rewriteHandler.addRule(headerPatternRule);
        }
        HttpServerProperties.XFrameOptions xFrameOptions = (HttpServerProperties.XFrameOptions) this.extraSettings.getEnumValue(HttpServerProperties.FRAME_OPTIONS, HttpServerProperties.XFrameOptions.class);
        if (xFrameOptions != HttpServerProperties.XFrameOptions.allow) {
            HeaderPatternRule headerPatternRule2 = new HeaderPatternRule();
            headerPatternRule2.setName("X-Frame-Options");
            StringBuilder sb = new StringBuilder(xFrameOptions.toHttp());
            if (xFrameOptions == HttpServerProperties.XFrameOptions.allowFrom) {
                sb.append(" ").append(this.extraSettings.getValue(HttpServerProperties.ALLOWED_TO_EMBED));
            }
            headerPatternRule2.setValue(sb.toString());
            headerPatternRule2.setPattern("*");
            rewriteHandler.addRule(headerPatternRule2);
        }
        return rewriteHandler;
    }

    protected void configureSessionIdManager(boolean z) {
        if (z) {
            logger.debug("Using fast (but less secure) session ID generator");
            this.theServer.setSessionIdManager(new DefaultSessionIdManager(this.theServer, new Random()));
        }
    }

    protected Connector[] createConnectors() throws ConfigurationException {
        ServerConnector[] serverConnectorArr = new ServerConnector[this.listenUrls.length];
        for (int i = 0; i < this.listenUrls.length; i++) {
            serverConnectorArr[i] = createConnector(this.listenUrls[i]);
            configureConnector(serverConnectorArr[i], this.listenUrls[i]);
        }
        return serverConnectorArr;
    }

    protected ServerConnector createConnector(URL url) throws ConfigurationException {
        return url.getProtocol().startsWith("https") ? createSecureConnector(url) : createPlainConnector(url);
    }

    protected SecuredServerConnector getSecuredConnectorInstance() throws ConfigurationException {
        ConnectionFactory httpConnectionFactory = getHttpConnectionFactory();
        try {
            return new SecuredServerConnector(this.theServer, SecuredServerConnector.createContextFactory(this.securityConfiguration.getValidator(), this.securityConfiguration.getCredential()), httpConnectionFactory);
        } catch (Exception e) {
            throw new ConfigurationException("Can't create secure context factory", e);
        }
    }

    protected ServerConnector createSecureConnector(URL url) throws ConfigurationException {
        logger.debug("Creating SSL connector on: {}", url);
        SecuredServerConnector securedConnectorInstance = getSecuredConnectorInstance();
        SslContextFactory.Server sslContextFactory = securedConnectorInstance.getSslContextFactory();
        sslContextFactory.setNeedClientAuth(this.extraSettings.getBooleanValue(HttpServerProperties.REQUIRE_CLIENT_AUTHN).booleanValue());
        sslContextFactory.setWantClientAuth(this.extraSettings.getBooleanValue(HttpServerProperties.WANT_CLIENT_AUTHN).booleanValue());
        String value = this.extraSettings.getValue(HttpServerProperties.DISABLED_CIPHER_SUITES);
        if (value != null) {
            String trim = value.trim();
            if (trim.length() > 1) {
                sslContextFactory.setExcludeCipherSuites(trim.split("[ ]+"));
            }
        }
        logger.debug("SSL protocol was set to: '{}'", sslContextFactory.getProtocol());
        return securedConnectorInstance;
    }

    protected ServerConnector getPlainConnectorInstance() {
        return new PlainServerConnector(this.theServer, getHttpConnectionFactory());
    }

    protected HttpConnectionFactory getHttpConnectionFactory() {
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setSendServerVersion(false);
        httpConfiguration.setSendXPoweredBy(false);
        boolean booleanValue = this.extraSettings.getBooleanValue(HttpServerProperties.ENABLE_SNI).booleanValue();
        SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer();
        secureRequestCustomizer.setSniHostCheck(booleanValue);
        httpConfiguration.addCustomizer(secureRequestCustomizer);
        return new HttpConnectionFactory(httpConfiguration);
    }

    protected ServerConnector createPlainConnector(URL url) {
        logger.debug("Creating plain HTTP connector on: {}", url);
        return getPlainConnectorInstance();
    }

    protected void configureConnector(ServerConnector serverConnector, URL url) throws ConfigurationException {
        serverConnector.setHost(url.getHost());
        serverConnector.setPort(url.getPort() == -1 ? url.getDefaultPort() : url.getPort());
        serverConnector.setIdleTimeout(this.extraSettings.getIntValue(HttpServerProperties.MAX_IDLE_TIME).intValue());
    }

    protected void configureResourceMonitoring() throws ConfigurationException {
        Integer intValue = this.extraSettings.getIntValue(HttpServerProperties.MAX_CONNECTIONS);
        if (intValue.intValue() > 0) {
            this.theServer.addBean(new ConnectionLimit(intValue.intValue(), this.theServer));
        }
    }

    protected AbstractHandlerContainer configureGzip(AbstractHandlerContainer abstractHandlerContainer) throws ConfigurationException {
        if (!this.extraSettings.getBooleanValue(HttpServerProperties.ENABLE_GZIP).booleanValue()) {
            return abstractHandlerContainer;
        }
        GzipHandler gzipHandler = new GzipHandler();
        gzipHandler.setMinGzipSize(this.extraSettings.getIntValue(HttpServerProperties.MIN_GZIP_SIZE).intValue());
        logger.info("Enabling GZIP compression filter");
        gzipHandler.setServer(this.theServer);
        gzipHandler.setHandler(abstractHandlerContainer);
        return gzipHandler;
    }

    protected Handler configureCORS(Handler handler) throws ConfigurationException, ServletException {
        if (this.extraSettings.getBooleanValue(HttpServerProperties.ENABLE_CORS).booleanValue() && (handler instanceof ServletContextHandler)) {
            logger.info("Enabling CORS");
            CrossOriginFilter crossOriginFilter = new CrossOriginFilter();
            crossOriginFilter.init(new FilterConfig() { // from class: eu.unicore.util.jetty.JettyServerBase.2
                public ServletContext getServletContext() {
                    return null;
                }

                public Enumeration<String> getInitParameterNames() {
                    return null;
                }

                public String getInitParameter(String str) {
                    return JettyServerBase.this.extraSettings.getValue("CORS_" + str);
                }

                public String getFilterName() {
                    return null;
                }
            });
            FilterHolder filterHolder = new FilterHolder();
            filterHolder.setFilter(crossOriginFilter);
            ((ServletContextHandler) handler).addFilter(filterHolder, "*", (EnumSet) null);
        }
        return handler;
    }

    protected void updatePortsIfNeeded() {
        NetworkConnector[] connectors = this.theServer.getConnectors();
        for (int i = 0; i < this.listenUrls.length; i++) {
            URL url = this.listenUrls[i];
            if (url.getPort() == 0) {
                try {
                    this.listenUrls[i] = new URL(url.getProtocol(), url.getHost(), connectors[i].getLocalPort(), url.getFile());
                } catch (MalformedURLException e) {
                    throw new RuntimeException("Ups, URL can not be reconstructed, while it should", e);
                }
            }
        }
    }

    protected abstract Handler createRootHandler() throws ConfigurationException;

    public Handler getRootHandler() {
        return this.rootHandler;
    }

    public AbstractHandlerContainer getRootHandlerLowLevel() {
        return this.theServer.getHandler();
    }

    public Server getServer() {
        return this.theServer;
    }

    public URL[] getUrls() {
        return this.listenUrls;
    }

    public void reloadCredential() {
        for (SecuredServerConnector securedServerConnector : this.theServer.getConnectors()) {
            try {
                if (securedServerConnector instanceof SecuredServerConnector) {
                    logger.info("Reloading credential on {}", securedServerConnector.getServer().getURI());
                    JettyConnectorUtils.reloadCredential(securedServerConnector.getSslContextFactory(), this.securityConfiguration.getCredential(), this.securityConfiguration.getValidator(), logger);
                }
            } catch (Exception e) {
                logger.error("Cannot reload credential.", e);
            }
        }
    }
}
