package com.google.gerrit.pgm.http.jetty;

import com.google.common.base.Strings;
import com.google.gerrit.extensions.client.AuthType;
import com.google.gerrit.extensions.events.LifecycleListener;
import com.google.gerrit.pgm.http.jetty.HttpLog;
import com.google.gerrit.server.config.GerritServerConfig;
import com.google.gerrit.server.config.SitePaths;
import com.google.gerrit.server.config.ThreadSettingsConfig;
import com.google.inject.Inject;
import com.google.inject.Injector;
import com.google.inject.Singleton;
import com.google.inject.servlet.GuiceFilter;
import com.google.inject.servlet.GuiceServletContextListener;
import com.ibm.icu.lang.UProperty;
import java.lang.management.ManagementFactory;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.Iterator;
import java.util.concurrent.TimeUnit;
import javax.servlet.DispatcherType;
import javax.servlet.Filter;
import org.apache.http.HttpVersion;
import org.eclipse.jetty.http.HttpScheme;
import org.eclipse.jetty.jmx.MBeanContainer;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.ForwardedRequestCustomizer;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.server.handler.ContextHandlerCollection;
import org.eclipse.jetty.server.handler.RequestLogHandler;
import org.eclipse.jetty.server.handler.StatisticsHandler;
import org.eclipse.jetty.server.session.SessionHandler;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.BlockingArrayQueue;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.eclipse.jetty.util.thread.ThreadPool;
import org.eclipse.jgit.lib.Config;
import org.eclipse.jgit.transport.RefSpec;

@Singleton
/* loaded from: input_file:com/google/gerrit/pgm/http/jetty/JettyServer.class */
public class JettyServer {
    private final SitePaths site;
    private final Server httpd;
    private boolean reverseProxy;

    /* loaded from: input_file:com/google/gerrit/pgm/http/jetty/JettyServer$Lifecycle.class */
    static class Lifecycle implements LifecycleListener {
        private final JettyServer server;
        private final Config cfg;

        @Inject
        Lifecycle(JettyServer jettyServer, @GerritServerConfig Config config) {
            this.server = jettyServer;
            this.cfg = config;
        }

        @Override // com.google.gerrit.extensions.events.LifecycleListener
        public void start() {
            try {
                String string = this.cfg.getString("httpd", null, "listenUrl");
                boolean z = !Strings.isNullOrEmpty(string) && string.endsWith(":0/");
                this.server.httpd.start();
                if (z) {
                    Connector connector = this.server.httpd.getConnectors()[0];
                    if (connector instanceof ServerConnector) {
                        ServerConnector serverConnector = (ServerConnector) connector;
                        String format = String.format("http://%s:%d", serverConnector.getHost(), Integer.valueOf(serverConnector.getLocalPort()));
                        this.cfg.setString("gerrit", null, "canonicalWebUrl", format);
                        this.cfg.setString("httpd", null, "listenUrl", format);
                    }
                }
            } catch (Exception e) {
                throw new IllegalStateException("Cannot start HTTP daemon", e);
            }
        }

        @Override // com.google.gerrit.extensions.events.LifecycleListener
        public void stop() {
            try {
                this.server.httpd.stop();
                this.server.httpd.join();
            } catch (Exception e) {
                throw new IllegalStateException("Cannot stop HTTP daemon", e);
            }
        }
    }

    @Inject
    JettyServer(@GerritServerConfig Config config, ThreadSettingsConfig threadSettingsConfig, SitePaths sitePaths, JettyEnv jettyEnv, HttpLog.HttpLogFactory httpLogFactory) {
        this.site = sitePaths;
        this.httpd = new Server(threadPool(config, threadSettingsConfig));
        this.httpd.setConnectors(listen(this.httpd, config));
        Handler makeContext = makeContext(jettyEnv, config);
        if (config.getBoolean("httpd", "requestLog", !this.reverseProxy)) {
            RequestLogHandler requestLogHandler = new RequestLogHandler();
            requestLogHandler.setRequestLog(httpLogFactory.get());
            requestLogHandler.setHandler(makeContext);
            makeContext = requestLogHandler;
        }
        if (config.getBoolean("httpd", "registerMBeans", false)) {
            MBeanContainer mBeanContainer = new MBeanContainer(ManagementFactory.getPlatformMBeanServer());
            this.httpd.addEventListener(mBeanContainer);
            this.httpd.addBean(Log.getRootLogger());
            this.httpd.addBean(mBeanContainer);
        }
        long timeUnit = config.getTimeUnit("httpd", null, "gracefulStopTimeout", 0L, TimeUnit.MILLISECONDS);
        if (timeUnit > 0) {
            StatisticsHandler statisticsHandler = new StatisticsHandler();
            statisticsHandler.setHandler(makeContext);
            makeContext = statisticsHandler;
            this.httpd.setStopTimeout(timeUnit);
        }
        this.httpd.setHandler(makeContext);
        this.httpd.setStopAtShutdown(false);
    }

    private Connector[] listen(Server server, Config config) {
        int i;
        ServerConnector newServerConnector;
        int i2 = config.getInt("httpd", "requestheadersize", UProperty.CASE_FOLDING);
        URI[] listenURLs = listenURLs(config);
        boolean z = config.getBoolean("httpd", "reuseaddress", true);
        int i3 = config.getInt("httpd", "acceptorThreads", 2);
        AuthType authType = (AuthType) config.getEnum("auth", null, "type", AuthType.OPENID);
        this.reverseProxy = isReverseProxied(listenURLs);
        Connector[] connectorArr = new Connector[listenURLs.length];
        for (int i4 = 0; i4 < listenURLs.length; i4++) {
            URI uri = listenURLs[i4];
            HttpConfiguration defaultConfig = defaultConfig(i2);
            if (AuthType.CLIENT_SSL_CERT_LDAP.equals(authType) && !"https".equals(uri.getScheme())) {
                throw new IllegalArgumentException("Protocol '" + uri.getScheme() + "'  not supported in httpd.listenurl '" + uri + "' when auth.type = '" + AuthType.CLIENT_SSL_CERT_LDAP.name() + "'; only 'https' is supported");
            }
            if ("http".equals(uri.getScheme())) {
                i = 80;
                newServerConnector = newServerConnector(server, i3, defaultConfig);
            } else if ("https".equals(uri.getScheme())) {
                SslContextFactory sslContextFactory = new SslContextFactory();
                Path file = getFile(config, "sslkeystore", "etc/keystore");
                String string = config.getString("httpd", null, "sslkeypassword");
                if (string == null) {
                    string = "gerrit";
                }
                sslContextFactory.setKeyStorePath(file.toAbsolutePath().toString());
                sslContextFactory.setTrustStorePath(file.toAbsolutePath().toString());
                sslContextFactory.setKeyStorePassword(string);
                sslContextFactory.setTrustStorePassword(string);
                if (AuthType.CLIENT_SSL_CERT_LDAP.equals(authType)) {
                    sslContextFactory.setNeedClientAuth(true);
                    Path file2 = getFile(config, "sslCrl", "etc/crl.pem");
                    if (Files.exists(file2, new LinkOption[0])) {
                        sslContextFactory.setCrlPath(file2.toAbsolutePath().toString());
                        sslContextFactory.setValidatePeerCerts(true);
                    }
                }
                i = 443;
                defaultConfig.addCustomizer(new SecureRequestCustomizer());
                newServerConnector = new ServerConnector(server, null, null, null, 0, i3, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(defaultConfig));
            } else if ("proxy-http".equals(uri.getScheme())) {
                i = 8080;
                defaultConfig.addCustomizer(new ForwardedRequestCustomizer());
                newServerConnector = newServerConnector(server, i3, defaultConfig);
            } else {
                if (!"proxy-https".equals(uri.getScheme())) {
                    throw new IllegalArgumentException("Protocol '" + uri.getScheme() + "'  not supported in httpd.listenurl '" + uri + "'; only 'http', 'https', 'proxy-http, 'proxy-https' are supported");
                }
                i = 8080;
                defaultConfig.addCustomizer(new ForwardedRequestCustomizer());
                defaultConfig.addCustomizer(new HttpConfiguration.Customizer() { // from class: com.google.gerrit.pgm.http.jetty.JettyServer.1
                    @Override // org.eclipse.jetty.server.HttpConfiguration.Customizer
                    public void customize(Connector connector, HttpConfiguration httpConfiguration, Request request) {
                        request.setScheme(HttpScheme.HTTPS.asString());
                        request.setSecure(true);
                    }
                });
                newServerConnector = newServerConnector(server, i3, defaultConfig);
            }
            try {
                if (uri.getHost() == null && (uri.getAuthority().equals("*") || uri.getAuthority().startsWith("*:"))) {
                    URI parseServerAuthority = new URI(uri.toString().replace('*', 'A')).parseServerAuthority();
                    newServerConnector.setHost(null);
                    newServerConnector.setPort(0 < parseServerAuthority.getPort() ? parseServerAuthority.getPort() : i);
                } else {
                    URI parseServerAuthority2 = uri.parseServerAuthority();
                    newServerConnector.setHost(parseServerAuthority2.getHost());
                    newServerConnector.setPort(0 <= parseServerAuthority2.getPort() ? parseServerAuthority2.getPort() : i);
                }
                newServerConnector.setInheritChannel(config.getBoolean("httpd", "inheritChannel", false));
                newServerConnector.setReuseAddress(z);
                newServerConnector.setIdleTimeout(config.getTimeUnit("httpd", null, "idleTimeout", 30000L, TimeUnit.MILLISECONDS));
                connectorArr[i4] = newServerConnector;
            } catch (URISyntaxException e) {
                throw new IllegalArgumentException("Invalid httpd.listenurl " + uri, e);
            }
        }
        return connectorArr;
    }

    private static ServerConnector newServerConnector(Server server, int i, HttpConfiguration httpConfiguration) {
        return new ServerConnector(server, null, null, null, 0, i, new HttpConnectionFactory(httpConfiguration));
    }

    private HttpConfiguration defaultConfig(int i) {
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setRequestHeaderSize(i);
        httpConfiguration.setSendServerVersion(false);
        httpConfiguration.setSendDateHeader(true);
        return httpConfiguration;
    }

    static boolean isReverseProxied(URI[] uriArr) {
        for (URI uri : uriArr) {
            if ("http".equals(uri.getScheme()) || "https".equals(uri.getScheme())) {
                return false;
            }
        }
        return true;
    }

    static URI[] listenURLs(Config config) {
        String[] stringList = config.getStringList("httpd", null, "listenurl");
        if (stringList.length == 0) {
            stringList = new String[]{"http://*:8080/"};
        }
        URI[] uriArr = new URI[stringList.length];
        for (int i = 0; i < uriArr.length; i++) {
            String str = stringList[i];
            try {
                uriArr[i] = new URI(str);
            } catch (URISyntaxException e) {
                throw new IllegalArgumentException("Invalid httpd.listenurl " + str, e);
            }
        }
        return uriArr;
    }

    private Path getFile(Config config, String str, String str2) {
        String string = config.getString("httpd", null, str);
        if (string == null || string.length() == 0) {
            string = str2;
        }
        return this.site.resolve(string);
    }

    private ThreadPool threadPool(Config config, ThreadSettingsConfig threadSettingsConfig) {
        int httpdMaxThreads = threadSettingsConfig.getHttpdMaxThreads();
        int i = config.getInt("httpd", null, "minthreads", 5);
        int i2 = config.getInt("httpd", null, "maxqueued", 200);
        QueuedThreadPool queuedThreadPool = new QueuedThreadPool(httpdMaxThreads, i, (int) TimeUnit.MILLISECONDS.convert(60L, TimeUnit.SECONDS), new BlockingArrayQueue(i, i, i2 == 0 ? Integer.MAX_VALUE : Math.max(i, i2)));
        queuedThreadPool.setName(HttpVersion.HTTP);
        return queuedThreadPool;
    }

    private Handler makeContext(JettyEnv jettyEnv, Config config) {
        HashSet hashSet = new HashSet();
        for (URI uri : listenURLs(config)) {
            String path = uri.getPath();
            if (path == null || path.isEmpty()) {
                path = "/";
            }
            while (1 < path.length() && path.endsWith("/")) {
                path = path.substring(0, path.length() - 1);
            }
            hashSet.add(path);
        }
        ArrayList arrayList = new ArrayList();
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            arrayList.add(makeContext((String) it.next(), jettyEnv, config));
        }
        if (arrayList.size() == 1) {
            return (Handler) arrayList.get(0);
        }
        ContextHandlerCollection contextHandlerCollection = new ContextHandlerCollection();
        contextHandlerCollection.setHandlers((Handler[]) arrayList.toArray(new Handler[0]));
        return contextHandlerCollection;
    }

    private ContextHandler makeContext(String str, final JettyEnv jettyEnv, Config config) {
        ServletContextHandler servletContextHandler = new ServletContextHandler();
        servletContextHandler.setSessionHandler(new SessionHandler());
        servletContextHandler.setErrorHandler(new HiddenErrorHandler());
        servletContextHandler.setContextPath(str);
        for (String str2 : config.getStringList("httpd", null, "filterClass")) {
            try {
                servletContextHandler.addFilter(new FilterHolder((Filter) jettyEnv.webInjector.getInstance(Class.forName(str2))), RefSpec.WILDCARD_SUFFIX, EnumSet.of(DispatcherType.REQUEST, DispatcherType.ASYNC));
            } catch (Throwable th) {
                throw new IllegalArgumentException("Unable to instantiate front-end HTTP Filter " + str2, th);
            }
        }
        servletContextHandler.addFilter(new FilterHolder((GuiceFilter) jettyEnv.webInjector.getInstance(GuiceFilter.class)), RefSpec.WILDCARD_SUFFIX, EnumSet.of(DispatcherType.REQUEST, DispatcherType.ASYNC));
        servletContextHandler.addEventListener(new GuiceServletContextListener() { // from class: com.google.gerrit.pgm.http.jetty.JettyServer.2
            @Override // com.google.inject.servlet.GuiceServletContextListener
            protected Injector getInjector() {
                return jettyEnv.webInjector;
            }
        });
        ServletHolder addServlet = servletContextHandler.addServlet(DefaultServlet.class, "/");
        addServlet.setInitParameter("dirAllowed", "false");
        addServlet.setInitParameter("redirectWelcome", "false");
        addServlet.setInitParameter("useFileMappedBuffer", "false");
        addServlet.setInitParameter("gzip", "true");
        servletContextHandler.setWelcomeFiles(new String[0]);
        return servletContextHandler;
    }
}
