package co.cask.cdap.security.server;

import co.cask.cdap.common.ServiceBindException;
import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.common.conf.Configuration;
import co.cask.cdap.common.conf.SConfiguration;
import co.cask.cdap.common.discovery.ResolvingDiscoverable;
import com.google.common.base.Preconditions;
import com.google.common.base.Throwables;
import com.google.common.util.concurrent.AbstractIdleService;
import com.google.common.util.concurrent.Service;
import com.google.inject.Inject;
import com.google.inject.name.Named;
import java.lang.Thread;
import java.net.BindException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.UnknownHostException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.Executor;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.commons.lang.StringUtils;
import org.apache.twill.common.Cancellable;
import org.apache.twill.discovery.Discoverable;
import org.apache.twill.discovery.DiscoveryService;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.server.nio.SelectChannelConnector;
import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:co/cask/cdap/security/server/ExternalAuthenticationServer.class */
public class ExternalAuthenticationServer extends AbstractIdleService {
    private static final Logger LOG = LoggerFactory.getLogger(ExternalAuthenticationServer.class);
    public static final String NAMED_EXTERNAL_AUTH = "external.auth";
    private final int port;
    private final int maxThreads;
    private final Map<String, Object> handlers;
    private final DiscoveryService discoveryService;
    private final CConfiguration cConfiguration;
    private final SConfiguration sConfiguration;
    private final AuditLogHandler auditLogHandler;
    private final GrantAccessToken grantAccessToken;
    private final AbstractAuthenticationHandler authenticationHandler;
    private Cancellable serviceCancellable;
    private Server server;
    private InetAddress bindAddress;

    /* loaded from: input_file:co/cask/cdap/security/server/ExternalAuthenticationServer$HandlerType.class */
    public static final class HandlerType {
        public static final String AUTHENTICATION_HANDLER = "AuthenticationHandler";
        public static final String GRANT_TOKEN_HANDLER = "GrantTokenHandler";
    }

    /* loaded from: input_file:co/cask/cdap/security/server/ExternalAuthenticationServer$ResponseFields.class */
    public static final class ResponseFields {
        public static final String TOKEN_TYPE = "token_type";
        public static final String TOKEN_TYPE_BODY = "Bearer";
        public static final String ACCESS_TOKEN = "access_token";
        public static final String EXPIRES_IN = "expires_in";
    }

    @Inject
    public ExternalAuthenticationServer(CConfiguration cConfiguration, SConfiguration sConfiguration, DiscoveryService discoveryService, @Named("security.handlers.map") Map<String, Object> map, @Named("external.auth") AuditLogHandler auditLogHandler) {
        this.port = cConfiguration.getBoolean("ssl.external.enabled") ? cConfiguration.getInt("security.auth.server.ssl.bind.port") : cConfiguration.getInt("security.auth.server.bind.port");
        this.maxThreads = cConfiguration.getInt("security.server.maxthreads");
        this.handlers = map;
        this.discoveryService = discoveryService;
        this.cConfiguration = cConfiguration;
        this.sConfiguration = sConfiguration;
        this.grantAccessToken = (GrantAccessToken) map.get(HandlerType.GRANT_TOKEN_HANDLER);
        this.authenticationHandler = (AbstractAuthenticationHandler) map.get(HandlerType.AUTHENTICATION_HANDLER);
        this.auditLogHandler = auditLogHandler;
    }

    public InetSocketAddress getSocketAddress() {
        if (!this.server.isRunning()) {
            throw new IllegalStateException("Server not started yet");
        }
        Connector connector = this.server.getConnectors()[0];
        return new InetSocketAddress(connector.getHost(), connector.getLocalPort());
    }

    protected void startUp() throws Exception {
        try {
            this.server = new Server();
            try {
                this.bindAddress = InetAddress.getByName(this.cConfiguration.get("security.auth.server.bind.address"));
                QueuedThreadPool queuedThreadPool = new QueuedThreadPool();
                queuedThreadPool.setMaxThreads(this.maxThreads);
                this.server.setThreadPool(queuedThreadPool);
                initHandlers();
                ServletContextHandler servletContextHandler = new ServletContextHandler();
                servletContextHandler.setServer(this.server);
                servletContextHandler.addServlet(HttpServletDispatcher.class, "/");
                servletContextHandler.addEventListener(new AuthenticationGuiceServletContextListener(this.handlers));
                servletContextHandler.setSecurityHandler(this.authenticationHandler);
                ContextHandler contextHandler = new ContextHandler();
                contextHandler.setContextPath("/status");
                contextHandler.setServer(this.server);
                contextHandler.setHandler(new StatusRequestHandler());
                if (this.cConfiguration.getBoolean("ssl.external.enabled", false)) {
                    SslContextFactory sslContextFactory = new SslContextFactory();
                    String str = this.sConfiguration.get("security.auth.server.ssl.keystore.path");
                    String str2 = this.sConfiguration.get("security.auth.server.ssl.keystore.password");
                    String str3 = this.sConfiguration.get("security.auth.server.ssl.keystore.type", "JKS");
                    String str4 = this.sConfiguration.get("security.auth.server.ssl.keystore.keypassword");
                    Preconditions.checkArgument(str != null, "Key Store Path Not Configured");
                    Preconditions.checkArgument(str2 != null, "KeyStore Password Not Configured");
                    sslContextFactory.setKeyStorePath(str);
                    sslContextFactory.setKeyStorePassword(str2);
                    sslContextFactory.setKeyStoreType(str3);
                    if (str4 != null && str4.length() != 0) {
                        sslContextFactory.setKeyManagerPassword(str4);
                    }
                    String str5 = this.cConfiguration.get("security.auth.server.ssl.truststore.path");
                    if (StringUtils.isNotEmpty(str5)) {
                        String str6 = this.cConfiguration.get("security.auth.server.ssl.truststore.password");
                        String str7 = this.cConfiguration.get("security.auth.server.ssl.truststore.type", "JKS");
                        sslContextFactory.setWantClientAuth(true);
                        sslContextFactory.setTrustStore(str5);
                        sslContextFactory.setTrustStorePassword(str6);
                        sslContextFactory.setTrustStoreType(str7);
                        sslContextFactory.setValidateCerts(true);
                    }
                    Connector sslSelectChannelConnector = new SslSelectChannelConnector(sslContextFactory);
                    sslSelectChannelConnector.setHost(this.bindAddress.getCanonicalHostName());
                    sslSelectChannelConnector.setPort(this.port);
                    this.server.setConnectors(new Connector[]{sslSelectChannelConnector});
                } else {
                    Connector selectChannelConnector = new SelectChannelConnector();
                    selectChannelConnector.setHost(this.bindAddress.getCanonicalHostName());
                    selectChannelConnector.setPort(this.port);
                    this.server.setConnectors(new Connector[]{selectChannelConnector});
                }
                HandlerCollection handlerCollection = new HandlerCollection();
                handlerCollection.addHandler(contextHandler);
                handlerCollection.addHandler(servletContextHandler);
                handlerCollection.addHandler(this.auditLogHandler);
                this.server.setHandler(handlerCollection);
            } catch (UnknownHostException e) {
                LOG.error("Error finding host to connect to.", e);
                throw e;
            }
        } catch (Exception e2) {
            LOG.error("Error while starting Authentication Server.", e2);
        }
        try {
            this.server.start();
            Connector connector = this.server.getConnectors()[0];
            this.serviceCancellable = this.discoveryService.register(ResolvingDiscoverable.of(new Discoverable("external.authentication", new InetSocketAddress(connector.getHost(), connector.getLocalPort()))));
        } catch (Exception e3) {
            if (!(Throwables.getRootCause(e3) instanceof BindException)) {
                throw e3;
            }
            throw new ServiceBindException("Authentication Server", this.bindAddress.getCanonicalHostName(), this.port, e3);
        }
    }

    private void initHandlers() throws Exception {
        HashMap hashMap = new HashMap();
        copyPropIfExists(hashMap, this.cConfiguration, "security.auth.server.ssl.truststore.path");
        copyPropIfExists(hashMap, this.cConfiguration, "security.auth.server.ssl.truststore.type");
        copyPropIfExists(hashMap, this.cConfiguration, "security.auth.server.ssl.truststore.password");
        copyPropIfExists(hashMap, this.cConfiguration, "ssl.external.enabled");
        copyPropIfExists(hashMap, this.cConfiguration, "security.authentication.basic.realmfile");
        copyPropIfExists(hashMap, this.cConfiguration, "security.authentication.loginmodule.className");
        copyProps(hashMap, getAuthHandlerConfigs(this.cConfiguration));
        copyProps(hashMap, getAuthHandlerConfigs(this.sConfiguration));
        this.authenticationHandler.init(hashMap);
        this.grantAccessToken.init();
    }

    private void copyProps(Map<String, String> map, Map<String, String> map2) {
        for (Map.Entry<String, String> entry : map2.entrySet()) {
            String put = map.put(entry.getKey(), entry.getValue());
            if (put != null && !put.equals(entry.getValue())) {
                LOG.warn("Overriding property '{}'", entry.getKey());
            }
        }
    }

    private void copyPropIfExists(Map<String, String> map, Configuration configuration, String str) {
        String str2 = configuration.get(str);
        if (str2 != null) {
            map.put(str, str2);
        }
    }

    private Map<String, String> getAuthHandlerConfigs(Configuration configuration) {
        int length = "security.authentication.handler.".length();
        String str = "^" + "security.authentication.handler.".replace(".", "\\.");
        HashMap hashMap = new HashMap();
        Iterator it = configuration.getValByRegex(str).entrySet().iterator();
        while (it.hasNext()) {
            String str2 = (String) ((Map.Entry) it.next()).getKey();
            hashMap.put(str2.substring(length), configuration.get(str2));
        }
        return hashMap;
    }

    protected Executor executor(Service.State state) {
        final AtomicInteger atomicInteger = new AtomicInteger();
        final Thread.UncaughtExceptionHandler uncaughtExceptionHandler = new Thread.UncaughtExceptionHandler() { // from class: co.cask.cdap.security.server.ExternalAuthenticationServer.1
            @Override // java.lang.Thread.UncaughtExceptionHandler
            public void uncaughtException(Thread thread, Throwable th) {
            }
        };
        return new Executor() { // from class: co.cask.cdap.security.server.ExternalAuthenticationServer.2
            @Override // java.util.concurrent.Executor
            public void execute(Runnable runnable) {
                Thread thread = new Thread(runnable, String.format("ExternalAuthenticationServer-%d", Integer.valueOf(atomicInteger.incrementAndGet())));
                thread.setUncaughtExceptionHandler(uncaughtExceptionHandler);
                thread.start();
            }
        };
    }

    protected void shutDown() {
        try {
            this.serviceCancellable.cancel();
            this.server.stop();
            this.grantAccessToken.destroy();
        } catch (Exception e) {
            LOG.error("Error stopping Authentication Server.", e);
        }
    }
}
