package water.webserver.jetty9;

import ai.h2o.org.eclipse.jetty.security.authentication.SpnegoAuthenticator;
import java.io.IOException;
import java.util.Collections;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.jaas.JAASLoginService;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.DefaultIdentityService;
import org.eclipse.jetty.security.HashLoginService;
import org.eclipse.jetty.security.SpnegoLoginService;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.security.authentication.FormAuthenticator;
import org.eclipse.jetty.server.AbstractConnectionFactory;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.handler.AbstractHandler;
import org.eclipse.jetty.server.handler.HandlerWrapper;
import org.eclipse.jetty.server.session.SessionHandler;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.eclipse.jetty.util.thread.ScheduledExecutorScheduler;
import org.eclipse.jetty.util.thread.Scheduler;
import water.webserver.config.ConnectionConfiguration;
import water.webserver.iface.H2OHttpConfig;
import water.webserver.iface.H2OHttpView;
import water.webserver.iface.LoginType;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:water/webserver/jetty9/Jetty9Helper.class */
public class Jetty9Helper {
    private final H2OHttpConfig config;
    private final H2OHttpView h2oHttpView;

    /* renamed from: water.webserver.jetty9.Jetty9Helper$1, reason: invalid class name */
    /* loaded from: input_file:water/webserver/jetty9/Jetty9Helper$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$water$webserver$iface$LoginType = new int[LoginType.values().length];

        static {
            try {
                $SwitchMap$water$webserver$iface$LoginType[LoginType.HASH.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$water$webserver$iface$LoginType[LoginType.LDAP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$water$webserver$iface$LoginType[LoginType.KERBEROS.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$water$webserver$iface$LoginType[LoginType.PAM.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$water$webserver$iface$LoginType[LoginType.SPNEGO.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* loaded from: input_file:water/webserver/jetty9/Jetty9Helper$AuthenticationHandler.class */
    private class AuthenticationHandler extends AbstractHandler {
        private AuthenticationHandler() {
        }

        public void handle(String str, Request request, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
            if (Jetty9Helper.this.h2oHttpView.authenticationHandler(httpServletRequest, httpServletResponse)) {
                request.setHandled(true);
            }
        }

        /* synthetic */ AuthenticationHandler(Jetty9Helper jetty9Helper, AnonymousClass1 anonymousClass1) {
            this();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Jetty9Helper(H2OHttpView h2OHttpView) {
        this.h2oHttpView = h2OHttpView;
        this.config = h2OHttpView.getConfig();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Server createJettyServer(String str, int i) {
        Server server;
        ServerConnector serverConnector;
        System.setProperty("org.eclipse.jetty.server.Request.maxFormContentSize", Integer.toString(Integer.MAX_VALUE));
        if (this.config.ensure_daemon_threads) {
            QueuedThreadPool queuedThreadPool = new QueuedThreadPool();
            queuedThreadPool.setDaemon(true);
            server = new Server(queuedThreadPool);
            server.updateBean((Scheduler) server.getBean(Scheduler.class), new ScheduledExecutorScheduler((String) null, true));
        } else {
            server = new Server();
        }
        boolean z = this.config.jks != null;
        ConnectionFactory httpConnectionFactory = new HttpConnectionFactory(makeHttpConfiguration(new ConnectionConfiguration(z)));
        if (z) {
            SslContextFactory sslContextFactory = new SslContextFactory(this.config.jks);
            sslContextFactory.setKeyStorePassword(this.config.jks_pass);
            if (this.config.jks_alias != null) {
                sslContextFactory.setCertAlias(this.config.jks_alias);
            }
            serverConnector = new ServerConnector(server, AbstractConnectionFactory.getFactories(sslContextFactory, new ConnectionFactory[]{httpConnectionFactory}));
        } else {
            serverConnector = new ServerConnector(server, new ConnectionFactory[]{httpConnectionFactory});
        }
        if (str != null) {
            serverConnector.setHost(str);
        }
        serverConnector.setPort(i);
        server.setConnectors(new Connector[]{serverConnector});
        return server;
    }

    static HttpConfiguration makeHttpConfiguration(ConnectionConfiguration connectionConfiguration) {
        H2OHttpConfiguration h2OHttpConfiguration = new H2OHttpConfiguration();
        h2OHttpConfiguration.setSendServerVersion(false);
        h2OHttpConfiguration.setRequestHeaderSize(connectionConfiguration.getRequestHeaderSize());
        h2OHttpConfiguration.setResponseHeaderSize(connectionConfiguration.getResponseHeaderSize());
        h2OHttpConfiguration.setOutputBufferSize(connectionConfiguration.getOutputBufferSize(h2OHttpConfiguration.getOutputBufferSize()));
        h2OHttpConfiguration.setRelativeRedirectAllowed(connectionConfiguration.isRelativeRedirectAllowed());
        h2OHttpConfiguration.setIdleTimeout(connectionConfiguration.getIdleTimeout());
        return h2OHttpConfiguration;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HandlerWrapper authWrapper(Server server) {
        HashLoginService spnegoLoginService;
        BasicAuthenticator spnegoAuthenticator;
        if (this.config.loginType == LoginType.NONE) {
            return server;
        }
        switch (AnonymousClass1.$SwitchMap$water$webserver$iface$LoginType[this.config.loginType.ordinal()]) {
            case 1:
                spnegoLoginService = new HashLoginService("H2O", this.config.login_conf);
                spnegoAuthenticator = new BasicAuthenticator();
                break;
            case 2:
            case 3:
            case 4:
                spnegoLoginService = new JAASLoginService(this.config.loginType.jaasRealm);
                spnegoAuthenticator = new BasicAuthenticator();
                break;
            case 5:
                System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
                spnegoLoginService = new SpnegoLoginService(this.config.loginType.jaasRealm, this.config.spnego_properties);
                spnegoAuthenticator = new SpnegoAuthenticator();
                break;
            default:
                throw new UnsupportedOperationException(this.config.loginType + "");
        }
        spnegoLoginService.setIdentityService(new DefaultIdentityService());
        server.addBean(spnegoLoginService);
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        Constraint constraint = new Constraint();
        constraint.setName("auth");
        constraint.setAuthenticate(true);
        constraint.setRoles(new String[]{"**"});
        ConstraintMapping constraintMapping = new ConstraintMapping();
        constraintMapping.setPathSpec("/*");
        constraintMapping.setConstraint(constraint);
        constraintSecurityHandler.setConstraintMappings(Collections.singletonList(constraintMapping));
        BasicAuthenticator jetty9DelegatingAuthenticator = this.config.form_auth ? new Jetty9DelegatingAuthenticator(spnegoAuthenticator, new FormAuthenticator("/login", "/loginError", false)) : spnegoAuthenticator;
        constraintSecurityHandler.setLoginService(spnegoLoginService);
        constraintSecurityHandler.setAuthenticator(jetty9DelegatingAuthenticator);
        SessionHandler sessionHandler = new SessionHandler();
        if (this.config.session_timeout > 0) {
            sessionHandler.setMaxInactiveInterval(this.config.session_timeout * 60);
        }
        sessionHandler.setHandler(constraintSecurityHandler);
        server.setSessionIdManager(sessionHandler.getSessionIdManager());
        server.setHandler(sessionHandler);
        return constraintSecurityHandler;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServletContextHandler createServletContextHandler() {
        ServletContextHandler servletContextHandler = new ServletContextHandler(0);
        if (null == this.config.context_path || this.config.context_path.isEmpty()) {
            servletContextHandler.setContextPath("/");
        } else {
            servletContextHandler.setContextPath(this.config.context_path);
        }
        return servletContextHandler;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Handler authenticationHandler() {
        return new AuthenticationHandler(this, null);
    }
}
