package de.svws_nrw.server.jetty;

import de.svws_nrw.config.SVWSKonfiguration;
import jakarta.ws.rs.core.Application;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.util.Collections;
import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
import org.eclipse.jetty.http2.HTTP2Cipher;
import org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.CustomRequestLog;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.RequestLogWriter;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.handler.ContextHandlerCollection;
import org.eclipse.jetty.server.handler.DefaultHandler;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.server.handler.RequestLogHandler;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.eclipse.jetty.util.thread.ScheduledExecutorScheduler;
import org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher;

/* loaded from: input_file:de/svws_nrw/server/jetty/HttpServer.class */
public class HttpServer {
    private static Server server;
    private static ContextHandlerCollection contexts;
    private static ServletContextHandler context_handler;

    private static void addLoginService() {
        SVWSLoginService sVWSLoginService = new SVWSLoginService("Authentifizierung bei dem SVWS-Server");
        server.addBean(sVWSLoginService);
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        server.setHandler(constraintSecurityHandler);
        Constraint constraint = new Constraint();
        constraint.setName("pass_openapi.json");
        constraint.setAuthenticate(false);
        ConstraintMapping constraintMapping = new ConstraintMapping();
        constraintMapping.setPathSpec("/openapi.json");
        constraintMapping.setConstraint(constraint);
        constraintSecurityHandler.setConstraintMappings(Collections.singletonList(constraintMapping));
        Constraint constraint2 = new Constraint();
        constraint2.setName("auth");
        constraint2.setAuthenticate(true);
        constraint2.setRoles(new String[]{"user", "admin"});
        ConstraintMapping constraintMapping2 = new ConstraintMapping();
        constraintMapping2.setPathSpec("/*");
        constraintMapping2.setConstraint(constraint2);
        constraintMapping2.setMethodOmissions(new String[]{"OPTIONS"});
        constraintMapping2.setConstraint(constraint2);
        constraintSecurityHandler.addConstraintMapping(constraintMapping2);
        constraintSecurityHandler.setAuthenticator(new SVWSAuthenticator());
        constraintSecurityHandler.setLoginService(sVWSLoginService);
        HandlerCollection handlerCollection = new HandlerCollection();
        contexts = new ContextHandlerCollection();
        handlerCollection.setHandlers(new Handler[]{contexts, new DefaultHandler()});
        constraintSecurityHandler.setHandler(handlerCollection);
        if (SVWSKonfiguration.get().isLoggingEnabled()) {
            String loggingPath = SVWSKonfiguration.get().getLoggingPath();
            try {
                Files.createDirectories(Paths.get(loggingPath, new String[0]), new FileAttribute[0]);
            } catch (IOException e) {
                e.printStackTrace();
            }
            RequestLogWriter requestLogWriter = new RequestLogWriter(loggingPath + "/yyyy_mm_dd.request.log");
            requestLogWriter.setFilenameDateFormat("yyyy_MM_dd");
            requestLogWriter.setRetainDays(90);
            requestLogWriter.setAppend(true);
            requestLogWriter.setTimeZone("GMT");
            CustomRequestLog customRequestLog = new CustomRequestLog(requestLogWriter, "%{client}a - %u %t \"%r\" %s %O \"%{Referer}i\" \"%{User-Agent}i\"");
            RequestLogHandler requestLogHandler = new RequestLogHandler();
            requestLogHandler.setRequestLog(customRequestLog);
            handlerCollection.addHandler(requestLogHandler);
        }
        context_handler = new ServletContextHandler(1);
        context_handler.setContextPath("/");
        context_handler.setResourceBase(System.getProperty("java.io.tmpdir"));
        contexts.addHandler(context_handler);
    }

    private static void addHTTPConfiguration() {
        boolean isTLSDisabled = SVWSKonfiguration.get().isTLSDisabled();
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        if (!isTLSDisabled) {
            httpConfiguration.setSecureScheme("https");
            httpConfiguration.setSecurePort(SVWSKonfiguration.get().getPortHTTPS());
        }
        httpConfiguration.setOutputBufferSize(32768);
        httpConfiguration.setRequestHeaderSize(8192);
        httpConfiguration.setResponseHeaderSize(8192);
        httpConfiguration.setSendServerVersion(true);
        httpConfiguration.setSendDateHeader(false);
        SslContextFactory.Server server2 = new SslContextFactory.Server();
        server2.setKeyStorePath(SVWSKonfiguration.get().getTLSKeystorePath() + "/keystore");
        server2.setKeyStorePassword(SVWSKonfiguration.get().getTLSKeystorePassword());
        server2.setKeyManagerPassword(SVWSKonfiguration.get().getTLSKeystorePassword());
        server2.setTrustStorePath(SVWSKonfiguration.get().getTLSKeystorePath() + "/keystore");
        server2.setTrustStorePassword(SVWSKonfiguration.get().getTLSKeystorePassword());
        server2.setIncludeProtocols(new String[]{"TLSv1.3", "TLSv1.2"});
        server2.setIncludeCipherSuites(new String[]{"TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256", "TLS_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"});
        server2.setSniRequired(false);
        server2.setCipherComparator(HTTP2Cipher.COMPARATOR);
        HttpConfiguration httpConfiguration2 = new HttpConfiguration(httpConfiguration);
        SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer();
        if (!isTLSDisabled) {
            secureRequestCustomizer.setSniHostCheck(false);
        }
        httpConfiguration2.addCustomizer(secureRequestCustomizer);
        ConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpConfiguration2);
        ConnectionFactory hTTP2ServerConnectionFactory = new HTTP2ServerConnectionFactory(httpConfiguration2);
        ConnectionFactory aLPNServerConnectionFactory = new ALPNServerConnectionFactory(new String[0]);
        if (isTLSDisabled) {
            ServerConnector serverConnector = SVWSKonfiguration.get().useHTTPDefaultv11() ? new ServerConnector(server, new ConnectionFactory[]{httpConnectionFactory, hTTP2ServerConnectionFactory}) : new ServerConnector(server, new ConnectionFactory[]{hTTP2ServerConnectionFactory, httpConnectionFactory});
            serverConnector.setPort(SVWSKonfiguration.get().getPortHTTP());
            server.addConnector(serverConnector);
        } else {
            ServerConnector serverConnector2 = SVWSKonfiguration.get().useHTTPDefaultv11() ? new ServerConnector(server, server2, new ConnectionFactory[]{aLPNServerConnectionFactory, httpConnectionFactory, hTTP2ServerConnectionFactory}) : new ServerConnector(server, server2, new ConnectionFactory[]{aLPNServerConnectionFactory, hTTP2ServerConnectionFactory, httpConnectionFactory});
            serverConnector2.setPort(SVWSKonfiguration.get().getPortHTTPS());
            server.addConnector(serverConnector2);
        }
    }

    public static void init() {
        QueuedThreadPool queuedThreadPool = new QueuedThreadPool();
        queuedThreadPool.setMaxThreads(500);
        server = new Server(queuedThreadPool);
        server.addBean(new ScheduledExecutorScheduler());
        server.setDumpAfterStart(false);
        server.setDumpBeforeStop(false);
        server.setStopAtShutdown(true);
        addLoginService();
        addHTTPConfiguration();
    }

    public static void start() throws Exception {
        server.start();
        server.join();
    }

    public static void addOpenAPIApplication(Class<? extends Application> cls) {
        context_handler.addServlet(HttpServletDispatcher.class, "/*").setInitParameter("jakarta.ws.rs.Application", cls.getCanonicalName());
    }
}
