package io.airlift.http.server;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.primitives.Ints;
import io.airlift.event.client.EventClient;
import io.airlift.http.server.HttpServerBinder;
import io.airlift.node.NodeInfo;
import io.airlift.tracetoken.TraceTokenManager;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.time.temporal.ChronoUnit;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.Executor;
import javax.annotation.PostConstruct;
import javax.annotation.PreDestroy;
import javax.management.MBeanServer;
import javax.servlet.Filter;
import javax.servlet.Servlet;
import org.eclipse.jetty.http2.server.HTTP2CServerConnectionFactory;
import org.eclipse.jetty.io.ByteBufferPool;
import org.eclipse.jetty.jmx.MBeanContainer;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.SecurityHandler;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.ErrorHandler;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.server.handler.HandlerList;
import org.eclipse.jetty.server.handler.RequestLogHandler;
import org.eclipse.jetty.server.handler.StatisticsHandler;
import org.eclipse.jetty.server.handler.gzip.GzipHandler;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.eclipse.jetty.util.thread.Scheduler;
import org.eclipse.jetty.util.thread.ThreadPool;
import org.weakref.jmx.Managed;

/* loaded from: input_file:io/airlift/http/server/HttpServer.class */
public class HttpServer {
    private final Server server;
    private final ServerConnector httpConnector;
    private final ServerConnector httpsConnector;
    private final ServerConnector adminConnector;
    private final Optional<ZonedDateTime> certificateExpiration;

    public HttpServer(HttpServerInfo httpServerInfo, NodeInfo nodeInfo, HttpServerConfig httpServerConfig, Servlet servlet, Map<String, String> map, Set<Filter> set, Set<HttpServerBinder.HttpResourceBinding> set2, Servlet servlet2, Map<String, String> map2, Set<Filter> set3, MBeanServer mBeanServer, LoginService loginService, TraceTokenManager traceTokenManager, RequestStats requestStats, EventClient eventClient) throws IOException {
        Preconditions.checkNotNull(httpServerInfo, "httpServerInfo is null");
        Preconditions.checkNotNull(nodeInfo, "nodeInfo is null");
        Preconditions.checkNotNull(httpServerConfig, "config is null");
        Preconditions.checkNotNull(servlet, "theServlet is null");
        QueuedThreadPool queuedThreadPool = new QueuedThreadPool(httpServerConfig.getMaxThreads());
        queuedThreadPool.setMinThreads(httpServerConfig.getMinThreads());
        queuedThreadPool.setIdleTimeout(Ints.checkedCast(httpServerConfig.getThreadMaxIdleTime().toMillis()));
        queuedThreadPool.setName("http-worker");
        this.server = new Server(queuedThreadPool);
        if (httpServerConfig.isShowStackTrace()) {
            this.server.addBean(new ErrorHandler());
        }
        if (mBeanServer != null) {
            this.server.addBean(new MBeanContainer(mBeanServer));
        }
        if (httpServerConfig.isHttpEnabled()) {
            HttpConfiguration httpConfiguration = new HttpConfiguration();
            httpConfiguration.setSendServerVersion(false);
            httpConfiguration.setSendXPoweredBy(false);
            if (httpServerConfig.getMaxRequestHeaderSize() != null) {
                httpConfiguration.setRequestHeaderSize(Ints.checkedCast(httpServerConfig.getMaxRequestHeaderSize().toBytes()));
            }
            if (httpServerConfig.isHttpsEnabled()) {
                httpConfiguration.setSecureScheme("https");
                httpConfiguration.setSecurePort(httpServerInfo.getHttpsUri().getPort());
            }
            Integer httpAcceptorThreads = httpServerConfig.getHttpAcceptorThreads();
            Integer httpSelectorThreads = httpServerConfig.getHttpSelectorThreads();
            ConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpConfiguration);
            ConnectionFactory hTTP2CServerConnectionFactory = new HTTP2CServerConnectionFactory(httpConfiguration);
            hTTP2CServerConnectionFactory.setMaxConcurrentStreams(httpServerConfig.getHttp2MaxConcurrentStreams());
            this.httpConnector = new ServerConnector(this.server, (Executor) null, (Scheduler) null, (ByteBufferPool) null, httpAcceptorThreads == null ? -1 : httpAcceptorThreads.intValue(), httpSelectorThreads == null ? -1 : httpSelectorThreads.intValue(), new ConnectionFactory[]{httpConnectionFactory, hTTP2CServerConnectionFactory});
            this.httpConnector.setName("http");
            this.httpConnector.setPort(httpServerInfo.getHttpUri().getPort());
            this.httpConnector.setIdleTimeout(httpServerConfig.getNetworkMaxIdleTime().toMillis());
            this.httpConnector.setHost(nodeInfo.getBindIp().getHostAddress());
            this.httpConnector.setAcceptQueueSize(httpServerConfig.getHttpAcceptQueueSize());
            this.server.addConnector(this.httpConnector);
        } else {
            this.httpConnector = null;
        }
        if (httpServerConfig.isHttpsEnabled()) {
            HttpConfiguration httpConfiguration2 = new HttpConfiguration();
            httpConfiguration2.setSendServerVersion(false);
            httpConfiguration2.setSendXPoweredBy(false);
            if (httpServerConfig.getMaxRequestHeaderSize() != null) {
                httpConfiguration2.setRequestHeaderSize(Ints.checkedCast(httpServerConfig.getMaxRequestHeaderSize().toBytes()));
            }
            httpConfiguration2.addCustomizer(new SecureRequestCustomizer());
            SslContextFactory sslContextFactory = new SslContextFactory(httpServerConfig.getKeystorePath());
            sslContextFactory.setKeyStorePassword(httpServerConfig.getKeystorePassword());
            List<String> httpsIncludedCipherSuites = httpServerConfig.getHttpsIncludedCipherSuites();
            sslContextFactory.setIncludeCipherSuites((String[]) httpsIncludedCipherSuites.toArray(new String[httpsIncludedCipherSuites.size()]));
            List<String> httpsExcludedCipherSuites = httpServerConfig.getHttpsExcludedCipherSuites();
            sslContextFactory.setExcludeCipherSuites((String[]) httpsExcludedCipherSuites.toArray(new String[httpsExcludedCipherSuites.size()]));
            ConnectionFactory sslConnectionFactory = new SslConnectionFactory(sslContextFactory, "http/1.1");
            Integer httpsAcceptorThreads = httpServerConfig.getHttpsAcceptorThreads();
            Integer httpsSelectorThreads = httpServerConfig.getHttpsSelectorThreads();
            this.httpsConnector = new ServerConnector(this.server, (Executor) null, (Scheduler) null, (ByteBufferPool) null, httpsAcceptorThreads == null ? -1 : httpsAcceptorThreads.intValue(), httpsSelectorThreads == null ? -1 : httpsSelectorThreads.intValue(), new ConnectionFactory[]{sslConnectionFactory, new HttpConnectionFactory(httpConfiguration2)});
            this.httpsConnector.setName("https");
            this.httpsConnector.setPort(httpServerInfo.getHttpsUri().getPort());
            this.httpsConnector.setIdleTimeout(httpServerConfig.getNetworkMaxIdleTime().toMillis());
            this.httpsConnector.setHost(nodeInfo.getBindIp().getHostAddress());
            this.httpsConnector.setAcceptQueueSize(httpServerConfig.getHttpAcceptQueueSize());
            this.server.addConnector(this.httpsConnector);
        } else {
            this.httpsConnector = null;
        }
        if (servlet2 == null || !httpServerConfig.isAdminEnabled()) {
            this.adminConnector = null;
        } else {
            HttpConfiguration httpConfiguration3 = new HttpConfiguration();
            httpConfiguration3.setSendServerVersion(false);
            httpConfiguration3.setSendXPoweredBy(false);
            if (httpServerConfig.getMaxRequestHeaderSize() != null) {
                httpConfiguration3.setRequestHeaderSize(Ints.checkedCast(httpServerConfig.getMaxRequestHeaderSize().toBytes()));
            }
            QueuedThreadPool queuedThreadPool2 = new QueuedThreadPool(httpServerConfig.getAdminMaxThreads());
            queuedThreadPool2.setName("http-admin-worker");
            queuedThreadPool2.setMinThreads(httpServerConfig.getAdminMinThreads());
            queuedThreadPool2.setIdleTimeout(Ints.checkedCast(httpServerConfig.getThreadMaxIdleTime().toMillis()));
            if (httpServerConfig.isHttpsEnabled()) {
                httpConfiguration3.addCustomizer(new SecureRequestCustomizer());
                SslContextFactory sslContextFactory2 = new SslContextFactory(httpServerConfig.getKeystorePath());
                sslContextFactory2.setKeyStorePassword(httpServerConfig.getKeystorePassword());
                this.adminConnector = new ServerConnector(this.server, queuedThreadPool2, (Scheduler) null, (ByteBufferPool) null, 0, -1, new ConnectionFactory[]{new SslConnectionFactory(sslContextFactory2, "http/1.1"), new HttpConnectionFactory(httpConfiguration3)});
            } else {
                ConnectionFactory httpConnectionFactory2 = new HttpConnectionFactory(httpConfiguration3);
                ConnectionFactory hTTP2CServerConnectionFactory2 = new HTTP2CServerConnectionFactory(httpConfiguration3);
                hTTP2CServerConnectionFactory2.setMaxConcurrentStreams(httpServerConfig.getHttp2MaxConcurrentStreams());
                this.adminConnector = new ServerConnector(this.server, queuedThreadPool2, (Scheduler) null, (ByteBufferPool) null, -1, -1, new ConnectionFactory[]{httpConnectionFactory2, hTTP2CServerConnectionFactory2});
            }
            this.adminConnector.setName("admin");
            this.adminConnector.setPort(httpServerInfo.getAdminUri().getPort());
            this.adminConnector.setIdleTimeout(httpServerConfig.getNetworkMaxIdleTime().toMillis());
            this.adminConnector.setHost(nodeInfo.getBindIp().getHostAddress());
            this.adminConnector.setAcceptQueueSize(httpServerConfig.getHttpAcceptQueueSize());
            this.server.addConnector(this.adminConnector);
        }
        HandlerCollection handlerCollection = new HandlerCollection();
        for (HttpServerBinder.HttpResourceBinding httpResourceBinding : set2) {
            GzipHandler gzipHandler = new GzipHandler();
            gzipHandler.setHandler(new ClassPathResourceHandler(httpResourceBinding.getBaseUri(), httpResourceBinding.getClassPathResourceBase(), httpResourceBinding.getWelcomeFiles()));
            handlerCollection.addHandler(gzipHandler);
        }
        handlerCollection.addHandler(createServletContext(servlet, map, set, traceTokenManager, loginService, "http", "https"));
        if (httpServerConfig.isLogEnabled()) {
            handlerCollection.addHandler(createLogHandler(httpServerConfig, traceTokenManager, eventClient));
        }
        RequestLogHandler requestLogHandler = new RequestLogHandler();
        requestLogHandler.setRequestLog(new StatsRecordingHandler(requestStats));
        handlerCollection.addHandler(requestLogHandler);
        StatisticsHandler statisticsHandler = new StatisticsHandler();
        statisticsHandler.setHandler(handlerCollection);
        HandlerList handlerList = new HandlerList();
        if (servlet2 != null && httpServerConfig.isAdminEnabled()) {
            handlerList.addHandler(createServletContext(servlet2, map2, set3, traceTokenManager, loginService, "admin"));
        }
        handlerList.addHandler(statisticsHandler);
        this.server.setHandler(handlerList);
        this.certificateExpiration = loadAllX509Certificates(httpServerConfig).stream().map((v0) -> {
            return v0.getNotAfter();
        }).min(Comparator.naturalOrder()).map(date -> {
            return ZonedDateTime.ofInstant(date.toInstant(), ZoneOffset.systemDefault());
        });
    }

    private static ServletContextHandler createServletContext(Servlet servlet, Map<String, String> map, Set<Filter> set, TraceTokenManager traceTokenManager, LoginService loginService, String... strArr) {
        ServletContextHandler servletContextHandler = new ServletContextHandler(0);
        servletContextHandler.addFilter(new FilterHolder(new TimingFilter()), "/*", (EnumSet) null);
        if (traceTokenManager != null) {
            servletContextHandler.addFilter(new FilterHolder(new TraceTokenFilter(traceTokenManager)), "/*", (EnumSet) null);
        }
        if (loginService != null) {
            servletContextHandler.setSecurityHandler(createSecurityHandler(loginService));
        }
        Iterator<Filter> it = set.iterator();
        while (it.hasNext()) {
            servletContextHandler.addFilter(new FilterHolder(it.next()), "/*", (EnumSet) null);
        }
        servletContextHandler.setGzipHandler(new GzipHandler());
        ServletHolder servletHolder = new ServletHolder(servlet);
        servletHolder.setInitParameters(ImmutableMap.copyOf(map));
        servletContextHandler.addServlet(servletHolder, "/*");
        String[] strArr2 = new String[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            strArr2[i] = "@" + strArr[i];
        }
        servletContextHandler.setVirtualHosts(strArr2);
        return servletContextHandler;
    }

    private static SecurityHandler createSecurityHandler(LoginService loginService) {
        Constraint constraint = new Constraint();
        constraint.setAuthenticate(false);
        ConstraintMapping constraintMapping = new ConstraintMapping();
        constraintMapping.setConstraint(constraint);
        constraintMapping.setPathSpec("/*");
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        constraintSecurityHandler.setLoginService(loginService);
        constraintSecurityHandler.setAuthenticator(new BasicAuthenticator());
        constraintSecurityHandler.setConstraintMappings(Arrays.asList(constraintMapping));
        return constraintSecurityHandler;
    }

    private static RequestLogHandler createLogHandler(HttpServerConfig httpServerConfig, TraceTokenManager traceTokenManager, EventClient eventClient) throws IOException {
        RequestLogHandler requestLogHandler = new RequestLogHandler();
        File file = new File(httpServerConfig.getLogPath());
        if (file.exists() && !file.isFile()) {
            throw new IOException(String.format("Log path %s exists but is not a file", file.getAbsolutePath()));
        }
        File parentFile = file.getParentFile();
        if (!parentFile.mkdirs() && !parentFile.exists()) {
            throw new IOException(String.format("Cannot create %s and path does not already exist", parentFile.getAbsolutePath()));
        }
        requestLogHandler.setRequestLog(new DelimitedRequestLog(httpServerConfig.getLogPath(), httpServerConfig.getLogHistory(), httpServerConfig.getLogMaxFileSize().toBytes(), traceTokenManager, eventClient));
        return requestLogHandler;
    }

    @Managed
    public Long getDaysUntilCertificateExpiration() {
        return (Long) this.certificateExpiration.map(zonedDateTime -> {
            return Long.valueOf(ZonedDateTime.now().until(zonedDateTime, ChronoUnit.DAYS));
        }).orElse(null);
    }

    @PostConstruct
    public void start() throws Exception {
        this.server.start();
        Preconditions.checkState(this.server.isStarted(), "server is not started");
        checkSufficientThreads(this.httpConnector, "HTTP");
        checkSufficientThreads(this.httpsConnector, "HTTPS");
        checkSufficientThreads(this.adminConnector, "admin");
        Preconditions.checkState(!this.server.getThreadPool().isLowOnThreads(), "insufficient threads configured for server connector");
    }

    @PreDestroy
    public void stop() throws Exception {
        this.server.setStopTimeout(0L);
        this.server.stop();
    }

    private static void checkSufficientThreads(Connector connector, String str) {
        if (connector == null) {
            return;
        }
        ThreadPool executor = connector.getExecutor();
        if (executor instanceof ThreadPool) {
            Preconditions.checkState(!executor.isLowOnThreads(), "insufficient threads configured for %s connector", new Object[]{str});
        }
    }

    private static Set<X509Certificate> loadAllX509Certificates(HttpServerConfig httpServerConfig) {
        ImmutableSet.Builder builder = ImmutableSet.builder();
        if (httpServerConfig.isHttpsEnabled()) {
            try {
                FileInputStream fileInputStream = new FileInputStream(httpServerConfig.getKeystorePath());
                Throwable th = null;
                try {
                    try {
                        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                        keyStore.load(fileInputStream, httpServerConfig.getKeystorePassword().toCharArray());
                        Iterator it = Collections.list(keyStore.aliases()).iterator();
                        while (it.hasNext()) {
                            try {
                                Certificate certificate = keyStore.getCertificate((String) it.next());
                                if (certificate instanceof X509Certificate) {
                                    builder.add((X509Certificate) certificate);
                                }
                            } catch (KeyStoreException e) {
                            }
                        }
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (Exception e2) {
            }
        }
        return builder.build();
    }
}
