package emissary.server;

import ch.qos.logback.classic.ViewStatusMessagesServlet;
import com.google.common.annotations.VisibleForTesting;
import emissary.client.EmissaryClient;
import emissary.client.HTTPConnectionFactory;
import emissary.command.ServerCommand;
import emissary.config.ConfigUtil;
import emissary.config.Configurator;
import emissary.core.EmissaryException;
import emissary.core.IPausable;
import emissary.core.MetricsManager;
import emissary.core.Namespace;
import emissary.core.NamespaceException;
import emissary.core.ResourceWatcher;
import emissary.core.sentinel.Sentinel;
import emissary.directory.DirectoryPlace;
import emissary.directory.EmissaryNode;
import emissary.place.IServiceProviderPlace;
import emissary.pool.AgentPool;
import emissary.pool.MoveSpool;
import emissary.roll.RollManager;
import emissary.server.mvc.ThreadDumpAction;
import emissary.spi.SPILoader;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.naming.directory.AttributeInUseException;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.HashLoginService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.authentication.DigestAuthenticator;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.server.handler.HandlerList;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.glassfish.jersey.jackson.JacksonFeature;
import org.glassfish.jersey.media.multipart.MultiPartFeature;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.server.filter.CsrfProtectionFilter;
import org.glassfish.jersey.server.mvc.mustache.MustacheMvcFeature;
import org.glassfish.jersey.servlet.ServletContainer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:emissary/server/EmissaryServer.class */
public class EmissaryServer {
    public static final String DEFAULT_NAMESPACE_NAME = "EmissaryServer";
    private static final Logger LOG = LoggerFactory.getLogger(EmissaryServer.class);
    private String nameSpaceName;
    private Server server;
    private final ServerCommand cmd;
    private final EmissaryNode emissaryNode;

    public EmissaryServer(ServerCommand serverCommand) throws EmissaryException {
        this(serverCommand, new EmissaryNode());
    }

    @VisibleForTesting
    public EmissaryServer(ServerCommand serverCommand, EmissaryNode emissaryNode) throws EmissaryException {
        this.nameSpaceName = null;
        this.cmd = serverCommand;
        if (serverCommand.getMode() != null) {
            System.setProperty("node.mode", serverCommand.getMode());
        }
        this.emissaryNode = emissaryNode;
        if (this.emissaryNode.isValid()) {
            return;
        }
        LOG.error("Not an emissary node, no emissary services required.");
        LOG.error("Try setting -D{}=value to configure an emissary node", EmissaryNode.NODE_NAME_PROPERTY);
        throw new EmissaryException("Not an emissary node, no emissary services required");
    }

    public EmissaryNode getNode() {
        return this.emissaryNode;
    }

    public ServerCommand getServerCommand() {
        return this.cmd;
    }

    public Server startServer() {
        try {
            ContextHandler buildEmissaryHandler = buildEmissaryHandler();
            buildEmissaryHandler.setContextPath("/idontreallyservecontentnowdoi");
            ContextHandler buildLogbackConfigHandler = buildLogbackConfigHandler();
            buildLogbackConfigHandler.setContextPath("/lbConfig");
            ContextHandler buildApiHandler = buildApiHandler();
            buildApiHandler.setContextPath("/api");
            ContextHandler buildMVCHandler = buildMVCHandler();
            buildMVCHandler.setContextPath("/emissary");
            ContextHandler buildStaticHandler = buildStaticHandler();
            buildStaticHandler.setContextPath("/");
            LoginService buildLoginService = buildLoginService();
            ConstraintSecurityHandler buildSecurityHandler = buildSecurityHandler();
            buildSecurityHandler.setLoginService(buildLoginService);
            HandlerList handlerList = new HandlerList();
            handlerList.addHandler(buildLogbackConfigHandler);
            handlerList.addHandler(buildApiHandler);
            handlerList.addHandler(buildMVCHandler);
            handlerList.addHandler(buildStaticHandler);
            buildSecurityHandler.setHandler(handlerList);
            HandlerList handlerList2 = new HandlerList();
            handlerList2.addHandler(buildEmissaryHandler);
            handlerList2.addHandler(buildSecurityHandler);
            Server configureServer = configureServer();
            configureServer.setHandler(handlerList2);
            configureServer.addBean(buildLoginService);
            configureServer.setStopAtShutdown(true);
            configureServer.setStopTimeout(10000L);
            if (this.cmd.shouldDumpJettyBeans() && LOG.isInfoEnabled()) {
                LOG.info(configureServer.dump());
            }
            this.server = configureServer;
            bindServer();
            configureServer.start();
            String str = this.cmd.getScheme() + "://" + this.cmd.getHost() + ":" + this.cmd.getPort();
            Path path = Paths.get(ConfigUtil.getProjectBase() + File.separator + "env.sh", new String[0]);
            if (Files.exists(path, new LinkOption[0])) {
                LOG.debug("Removing old {}", path.toAbsolutePath());
                Files.delete(path);
            }
            String contentString = new EmissaryClient().send(new HttpGet(str + "/api/env.sh")).getContentString();
            Files.createFile(path, new FileAttribute[0]);
            Files.write(path, contentString.getBytes(), new OpenOption[0]);
            LOG.info("Wrote {}", path.toAbsolutePath());
            LOG.debug(" with \n{}", contentString);
            if (this.cmd.isPause()) {
                pause(true);
            } else {
                unpause(true);
            }
            LOG.info("Started EmissaryServer at {}", str);
            return configureServer;
        } catch (Throwable th) {
            throw new RuntimeException("Emissary server didn't start", th);
        }
    }

    public boolean isServerRunning() {
        return this.server != null && this.server.isStarted();
    }

    public static void pause() throws NamespaceException {
        pause(false);
    }

    public static void pause(boolean z) throws NamespaceException {
        LOG.debug("Pausing Emissary Server");
        Namespace.lookup(IPausable.class, z).forEach((v0) -> {
            v0.pause();
        });
    }

    public static void unpause() throws NamespaceException {
        unpause(false);
    }

    public static void unpause(boolean z) throws NamespaceException {
        LOG.debug("Unpausing Emissary Server");
        Namespace.lookup(IPausable.class, z).forEach((v0) -> {
            v0.unpause();
        });
    }

    public static void stopServer() {
        stopServer(false);
    }

    public static void stopServerForce() {
        stopServer(true, false);
    }

    public static void stopServer(boolean z) {
        stopServer(false, z);
    }

    public static void stopServer(boolean z, boolean z2) {
        stopServer(getDefaultNamespaceName(), z, z2);
    }

    public static void stopServer(String str, boolean z) {
        stopServer(str, false, z);
    }

    public static void stopServer(String str, boolean z, boolean z2) {
        LOG.info("Beginning shutdown of EmissaryServer {}", str);
        logThreadDump("Thread dump before anything");
        try {
            pause();
            LOG.info("Done pausing server");
        } catch (Exception e) {
            LOG.error("Error pausing server", e);
        }
        try {
            Sentinel.lookup().quit();
        } catch (Exception e2) {
            LOG.warn("No sentinel available");
        }
        try {
            if (z) {
                AgentPool.lookup().kill();
            } else {
                AgentPool.lookup().close();
            }
        } catch (Exception e3) {
            LOG.warn("Problem stopping AgentPool", e3);
        }
        logThreadDump("Thread dump after closing agent pool");
        try {
            DirectoryPlace.lookup().shutDown();
        } catch (Exception e4) {
            LOG.warn("Problem shutting down DirectoryPlace", e4);
        }
        try {
            MoveSpool.lookup().quit();
        } catch (Exception e5) {
            LOG.warn("Problem stopping MoveSpool", e5);
        }
        for (String str2 : Namespace.keySet()) {
            try {
                Object lookup = Namespace.lookup(str2);
                if (lookup instanceof IServiceProviderPlace) {
                    LOG.info("Stopping {} ", lookup);
                    ((IServiceProviderPlace) lookup).shutDown();
                    Namespace.unbind(str2);
                    LOG.info("Done stopping place: {}", str2);
                }
            } catch (Exception e6) {
                LOG.error("Error shutting down " + str2, e6);
            }
        }
        LOG.info("Done stopping all places");
        try {
            ResourceWatcher lookup2 = ResourceWatcher.lookup();
            lookup2.logStats(LOG);
            lookup2.quit();
        } catch (Exception e7) {
            LOG.warn("No resource statistics available");
        }
        try {
            MetricsManager.lookup().shutdown();
        } catch (Exception e8) {
            LOG.warn("No metrics manager available");
        }
        SPILoader.unload();
        RollManager.shutdown();
        LOG.info("Done stopping all services");
        logThreadDump("Thread dump before stopping jetty server");
        try {
            lookup(str).getServer().stop();
        } catch (NamespaceException e9) {
            LOG.error("Unable to lookup {} ", str, e9);
        } catch (InterruptedException e10) {
            LOG.warn("Interrupted! Expected?");
            Thread.currentThread().interrupt();
        } catch (Exception e11) {
            LOG.warn("Unable to stop server {} ", str, e11);
        }
        LOG.debug("Unbinding name: {}", str);
        Namespace.unbind(str);
        Namespace.clear();
        LOG.info("Emissary named {} completely stopped.", str);
    }

    private static void logThreadDump(String str) {
        if (LOG.isTraceEnabled()) {
            Map<String, Object> threaddumps = new ThreadDumpAction().getThreaddumps();
            StringBuilder sb = new StringBuilder();
            sb.append("\n" + str);
            sb.append("\nThread DUMP");
            sb.append("\nEmissary Version: " + threaddumps.get("emissary.version"));
            sb.append("\nJVM Version: " + threaddumps.get("java.version"));
            sb.append("\nJVM Name: " + threaddumps.get("java.name"));
            Map map = (Map) threaddumps.get("threadcount");
            sb.append("\nThread count: current=" + map.get("current") + " max=" + map.get("max") + " daemon=" + map.get("daemon"));
            sb.append("\nDeadlocked Threads:");
            Iterator it = ((Set) threaddumps.get("deadlocks")).iterator();
            while (it.hasNext()) {
                sb.append("\n" + ((ThreadDumpAction.ThreadDumpInfo) it.next()).stack);
            }
            sb.append("\nThread dump:");
            Iterator it2 = ((Set) threaddumps.get("threads")).iterator();
            while (it2.hasNext()) {
                sb.append("\n" + ((ThreadDumpAction.ThreadDumpInfo) it2.next()).stack);
            }
            LOG.trace(sb.toString());
        }
    }

    public boolean isIdle() {
        try {
            return AgentPool.lookup().getNumActive() == 0;
        } catch (NamespaceException e) {
            return true;
        }
    }

    public void stop() {
        stopServer(getNamespaceName(), false);
    }

    public Server getServer() {
        return this.server;
    }

    public synchronized String getNamespaceName() {
        if (this.nameSpaceName == null) {
            this.nameSpaceName = getDefaultNamespaceName();
        }
        return this.nameSpaceName;
    }

    public static String getDefaultNamespaceName() {
        return "EmissaryServer";
    }

    public static boolean isStarted() {
        return isStarted(getDefaultNamespaceName());
    }

    public static boolean isStarted(String str) {
        boolean z = false;
        try {
            Server server = lookup(str).getServer();
            if (server == null || !server.isStarted()) {
                LOG.debug("Server found but not started, name={}", str);
            } else {
                z = true;
            }
        } catch (NamespaceException e) {
            LOG.debug("No server found using name={}", str);
        }
        return z;
    }

    public static boolean exists() {
        try {
            lookup();
            return true;
        } catch (NamespaceException e) {
            return false;
        }
    }

    public static EmissaryServer lookup() throws NamespaceException {
        return lookup(getDefaultNamespaceName());
    }

    public static EmissaryServer lookup(String str) throws NamespaceException {
        return (EmissaryServer) Namespace.lookup(str);
    }

    private ConstraintSecurityHandler buildSecurityHandler() {
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        Constraint constraint = new Constraint();
        constraint.setName("auth");
        constraint.setAuthenticate(true);
        constraint.setRoles(new String[]{"everyone", "emissary", "admin", "support", "manager"});
        Constraint constraint2 = new Constraint();
        constraint2.setName("no_auth");
        constraint2.setAuthenticate(false);
        ConstraintMapping constraintMapping = new ConstraintMapping();
        constraintMapping.setPathSpec("/*");
        constraintMapping.setConstraint(constraint);
        ConstraintMapping constraintMapping2 = new ConstraintMapping();
        constraintMapping2.setPathSpec("/api/health");
        constraintMapping2.setConstraint(constraint2);
        constraintSecurityHandler.setConstraintMappings(new ConstraintMapping[]{constraintMapping, constraintMapping2});
        constraintSecurityHandler.setAuthenticator(new DigestAuthenticator());
        return constraintSecurityHandler;
    }

    private LoginService buildLoginService() {
        String configFile = ConfigUtil.getConfigFile("jetty-users.properties");
        System.setProperty(EmissaryClient.JETTY_USER_FILE_PROPERTY_NAME, configFile);
        return new HashLoginService("EmissaryRealm", configFile);
    }

    private void bindServer() throws AttributeInUseException {
        if (Namespace.exists(getDefaultNamespaceName())) {
            LOG.error("EmissaryServer already bound to namespace. This should NEVER happen.");
            throw new AttributeInUseException("EmissaryServer was already bound to the namespace using serverName: EmissaryServer");
        }
        LOG.debug("Binding {} ", "EmissaryServer");
        Namespace.bind(getDefaultNamespaceName(), this);
    }

    private ContextHandler buildStaticHandler() {
        ServletHolder servletHolder = new ServletHolder("static-holder", DefaultServlet.class);
        if (null == this.cmd.getStaticDir()) {
            LOG.debug("Loading static resources from the classpath");
            servletHolder.setInitParameter("resourceBase", getClass().getClassLoader().getResource("public").toExternalForm());
        } else {
            LOG.debug("Loading static resources from staticPath: {}", this.cmd.getStaticDir());
            servletHolder.setInitParameter("resourceBase", this.cmd.getStaticDir().toAbsolutePath().toString());
        }
        servletHolder.setInitParameter("dirAllowed", "true");
        servletHolder.setInitParameter("pathInfoOnly", "true");
        ServletContextHandler servletContextHandler = new ServletContextHandler(1);
        servletContextHandler.addServlet(servletHolder, "/*");
        return servletContextHandler;
    }

    private ContextHandler buildApiHandler() {
        ResourceConfig resourceConfig = new ResourceConfig();
        resourceConfig.setApplicationName("api");
        resourceConfig.register(MultiPartFeature.class);
        resourceConfig.packages(new String[]{"emissary.server.api"}).register(JacksonFeature.class);
        csrfFilter(resourceConfig);
        ServletHolder servletHolder = new ServletHolder(new ServletContainer(resourceConfig));
        ServletContextHandler servletContextHandler = new ServletContextHandler(1);
        servletContextHandler.addServlet(servletHolder, "/*");
        return servletContextHandler;
    }

    private ContextHandler buildMVCHandler() {
        ResourceConfig resourceConfig = new ResourceConfig();
        resourceConfig.setApplicationName("mvc");
        resourceConfig.register(MultiPartFeature.class);
        resourceConfig.property("jersey.config.server.mvc.templateBasePath.mustache", "/templates");
        resourceConfig.register(MustacheMvcFeature.class).packages(new String[]{"emissary.server.mvc"});
        csrfFilter(resourceConfig);
        ServletHolder servletHolder = new ServletHolder(new ServletContainer(resourceConfig));
        ServletContextHandler servletContextHandler = new ServletContextHandler(1);
        servletContextHandler.addServlet(servletHolder, "/*");
        return servletContextHandler;
    }

    protected void csrfFilter(ResourceConfig resourceConfig) {
        if (!this.cmd.isCsrf()) {
            LOG.debug("Disabling csrf protection filter for {}", resourceConfig.getApplicationName());
        } else {
            LOG.debug("Enabling csrf protection filter for {}", resourceConfig.getApplicationName());
            resourceConfig.register(CsrfProtectionFilter.class);
        }
    }

    private ContextHandler buildEmissaryHandler() throws EmissaryException {
        String property = System.getProperty(ConfigUtil.CONFIG_DIR_PROPERTY, null);
        if (property == null || !Files.exists(Paths.get(property, new String[0]), new LinkOption[0])) {
            throw new EmissaryException("Config dir error. emissary.config.dir is " + property);
        }
        if (this.cmd.getAgents() != 0) {
            System.setProperty("agent.poolsize", Integer.toString(this.cmd.getAgents()));
        }
        ServletContextHandler servletContextHandler = new ServletContextHandler(1);
        servletContextHandler.addEventListener(new InitializeContext(this.emissaryNode));
        return servletContextHandler;
    }

    private ContextHandler buildLogbackConfigHandler() {
        ServletHolder servletHolder = new ServletHolder("logback-config-holder", ViewStatusMessagesServlet.class);
        ServletContextHandler servletContextHandler = new ServletContextHandler(1);
        servletContextHandler.addServlet(servletHolder, "/*");
        return servletContextHandler;
    }

    @VisibleForTesting
    protected Server configureServer() throws IOException {
        QueuedThreadPool queuedThreadPool = new QueuedThreadPool(250, 10, (int) TimeUnit.MINUTES.toMillis(15L));
        queuedThreadPool.setLowThreadsThreshold(50);
        queuedThreadPool.setThreadsPriority(9);
        Server server = new Server(queuedThreadPool);
        server.setConnectors(new Connector[]{createServerConnector(server)});
        return server;
    }

    private ServerConnector createServerConnector(Server server) throws IOException {
        ServerConnector createHttpsConnector = this.cmd.isSslEnabled() ? createHttpsConnector(server) : createHttpConnector(server);
        createHttpsConnector.setHost(this.cmd.getHost());
        createHttpsConnector.setPort(this.cmd.getPort());
        return createHttpsConnector;
    }

    private ServerConnector createHttpConnector(Server server) {
        return new ServerConnector(server);
    }

    private ServerConnector createHttpsConnector(Server server) throws IOException {
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setSecureScheme("https");
        httpConfiguration.setSecurePort(this.cmd.getPort());
        HttpConfiguration httpConfiguration2 = new HttpConfiguration(httpConfiguration);
        httpConfiguration2.addCustomizer(createSecureRequestCustomizer());
        return new ServerConnector(server, new ConnectionFactory[]{new SslConnectionFactory(getSslContextFactory(), HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfiguration2)});
    }

    private SecureRequestCustomizer createSecureRequestCustomizer() {
        SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer();
        secureRequestCustomizer.setSniHostCheck(this.cmd.isSniHostCheckEnabled());
        return secureRequestCustomizer;
    }

    private SslContextFactory.Server getSslContextFactory() throws IOException {
        Configurator configInfo = ConfigUtil.getConfigInfo((Class<?>) HTTPConnectionFactory.class);
        String findStringEntry = configInfo.findStringEntry("javax.net.ssl.keyStore", "no-keystore");
        System.setProperty("javax.net.ssl.keyStore", findStringEntry);
        String findStringEntry2 = configInfo.findStringEntry("javax.net.ssl.keyStorePassword", "no-keypass");
        System.setProperty("javax.net.ssl.keyStorePassword", findStringEntry2);
        String findStringEntry3 = configInfo.findStringEntry("javax.net.ssl.trustStore", findStringEntry);
        System.setProperty("javax.net.ssl.trustStore", findStringEntry3);
        String findStringEntry4 = configInfo.findStringEntry("javax.net.ssl.trustStorePassword", findStringEntry2);
        System.setProperty("javax.net.ssl.trustStorePassword", findStringEntry4);
        SslContextFactory.Server server = new SslContextFactory.Server();
        server.setKeyStorePath(findStringEntry);
        server.setKeyStorePassword(findStringEntry2);
        try {
            InputStream newInputStream = Files.newInputStream(Paths.get(findStringEntry3, new String[0]), new OpenOption[0]);
            try {
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(newInputStream, findStringEntry4.toCharArray());
                if (newInputStream != null) {
                    newInputStream.close();
                }
                server.setTrustStore(keyStore);
                return server;
            } finally {
            }
        } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new IOException("There was an issue loading the truststore", e);
        }
    }
}
