package org.apache.kerby.has.server.web;

import java.io.File;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.URI;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletContext;
import org.apache.hadoop.HadoopIllegalArgumentException;
import org.apache.hadoop.http.HttpConfig;
import org.apache.hadoop.http.HttpServer2;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.kerby.has.common.HasConfig;
import org.apache.kerby.has.common.HasException;
import org.apache.kerby.has.server.HasServer;
import org.apache.kerby.has.server.web.rest.AsRequestApi;
import org.apache.kerby.has.server.web.rest.param.TypeParam;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/kerby/has/server/web/WebServer.class */
public class WebServer {
    public static final Logger LOG = LoggerFactory.getLogger(WebServer.class);
    private HttpServer2 httpServer;
    private final HasConfig conf;
    private InetSocketAddress httpAddress;
    private InetSocketAddress httpsAddress;
    protected static final String HAS_SERVER_ATTRIBUTE_KEY = "hasserver";

    public WebServer(HasConfig hasConfig) {
        this.conf = hasConfig;
    }

    public HasConfig getConf() {
        return this.conf;
    }

    private void init() {
        this.httpServer.addJerseyResourcePackage(AsRequestApi.class.getPackage().getName(), "/has/v1/*");
    }

    public void defineFilter() {
        if (this.conf.getString(WebConfigKey.HAS_AUTHENTICATION_FILTER_AUTH_TYPE).equals("kerberos")) {
            String string = this.conf.getString(WebConfigKey.HAS_AUTHENTICATION_FILTER_KEY, WebConfigKey.HAS_AUTHENTICATION_FILTER_DEFAULT);
            HttpServer2.defineFilter(this.httpServer.getWebAppContext(), string, string, getAuthFilterParams(this.conf), new String[]{"/has/v1/kadmin/*", "/has/v1/hadmin/*"});
            HttpServer2.LOG.info("Added filter '" + string + "' (class=" + string + ")");
        }
    }

    public void defineConfFilter() {
        String name = ConfFilter.class.getName();
        HttpServer2.defineFilter(this.httpServer.getWebAppContext(), name, name, getAuthFilterParams(this.conf), new String[]{"/has/v1/conf/*"});
        HttpServer2.LOG.info("Added filter '" + name + "' (class=" + name + ")");
    }

    private Map<String, String> getAuthFilterParams(HasConfig hasConfig) {
        HashMap hashMap = new HashMap();
        String string = hasConfig.getString(WebConfigKey.HAS_AUTHENTICATION_FILTER_AUTH_TYPE);
        if (string != null && !string.isEmpty()) {
            hashMap.put(TypeParam.NAME, string);
        }
        String string2 = hasConfig.getString(WebConfigKey.HAS_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY);
        if (string2 != null && !string2.isEmpty()) {
            try {
                string2 = SecurityUtil.getServerPrincipal(string2, getHttpsAddress().getHostName());
            } catch (IOException e) {
                LOG.warn("Errors occurred when get server principal. " + e.getMessage());
            }
            hashMap.put("kerberos.principal", string2);
        }
        String string3 = hasConfig.getString(WebConfigKey.HAS_AUTHENTICATION_KERBEROS_KEYTAB_KEY);
        if (string3 != null && !string3.isEmpty()) {
            hashMap.put("kerberos.keytab", string3);
        }
        String string4 = hasConfig.getString(WebConfigKey.HAS_AUTHENTICATION_KERBEROS_NAME_RULES);
        if (string4 == null || string4.isEmpty()) {
            hashMap.put("kerberos.name.rules", "DEFAULT");
        } else {
            hashMap.put("kerberos.name.rules", string4);
        }
        return hashMap;
    }

    public InetSocketAddress getBindAddress() {
        if (this.httpAddress != null) {
            return this.httpAddress;
        }
        if (this.httpsAddress != null) {
            return this.httpsAddress;
        }
        return null;
    }

    public void start() throws HasException {
        HttpConfig.Policy httpPolicy = getHttpPolicy(this.conf);
        String string = this.conf.getString(WebConfigKey.HAS_HTTPS_BIND_HOST_KEY);
        InetSocketAddress inetSocketAddress = null;
        if (httpPolicy.isHttpEnabled()) {
            inetSocketAddress = NetUtils.createSocketAddr(this.conf.getString(WebConfigKey.HAS_HTTP_ADDRESS_KEY, WebConfigKey.HAS_HTTP_ADDRESS_DEFAULT));
            if (string != null && !string.isEmpty()) {
                inetSocketAddress = new InetSocketAddress(string, inetSocketAddress.getPort());
            }
            LOG.info("Get the http address: " + inetSocketAddress);
        }
        InetSocketAddress inetSocketAddress2 = null;
        if (httpPolicy.isHttpsEnabled()) {
            inetSocketAddress2 = NetUtils.createSocketAddr(this.conf.getString(WebConfigKey.HAS_HTTPS_ADDRESS_KEY, WebConfigKey.HAS_HTTPS_ADDRESS_DEFAULT));
            if (string != null && !string.isEmpty()) {
                inetSocketAddress2 = new InetSocketAddress(string, inetSocketAddress2.getPort());
            }
            LOG.info("Get the https address: " + inetSocketAddress2);
        }
        try {
            this.httpServer = httpServerTemplateForHAS(this.conf, inetSocketAddress, inetSocketAddress2, "has").build();
            init();
            try {
                this.httpServer.start();
                int i = 0;
                if (httpPolicy.isHttpEnabled()) {
                    i = 0 + 1;
                    this.httpAddress = this.httpServer.getConnectorAddress(0);
                    if (this.httpAddress != null) {
                        this.conf.setString(WebConfigKey.HAS_HTTP_ADDRESS_KEY, NetUtils.getHostPortString(this.httpAddress));
                    }
                }
                if (httpPolicy.isHttpsEnabled()) {
                    this.httpsAddress = this.httpServer.getConnectorAddress(i);
                    if (this.httpsAddress != null) {
                        this.conf.setString(WebConfigKey.HAS_HTTPS_ADDRESS_KEY, NetUtils.getHostPortString(this.httpsAddress));
                    }
                }
            } catch (IOException e) {
                throw new HasException("Errors occurred when starting http server. " + e.getMessage());
            }
        } catch (IOException e2) {
            throw new HasException("Errors occurred when building http server. " + e2.getMessage());
        }
    }

    public void setWebServerAttribute(HasServer hasServer) {
        this.httpServer.setAttribute(HAS_SERVER_ATTRIBUTE_KEY, hasServer);
    }

    public static HasServer getHasServerFromContext(ServletContext servletContext) {
        return (HasServer) servletContext.getAttribute(HAS_SERVER_ATTRIBUTE_KEY);
    }

    public HttpConfig.Policy getHttpPolicy(HasConfig hasConfig) {
        String string = hasConfig.getString(WebConfigKey.HAS_HTTP_POLICY_KEY, WebConfigKey.HAS_HTTP_POLICY_DEFAULT);
        HttpConfig.Policy fromString = HttpConfig.Policy.fromString(string);
        if (fromString == null) {
            throw new HadoopIllegalArgumentException("Unrecognized value '" + string + "' for " + WebConfigKey.HAS_HTTP_POLICY_KEY);
        }
        hasConfig.setString(WebConfigKey.HAS_HTTP_POLICY_KEY, fromString.name());
        return fromString;
    }

    public HttpServer2.Builder httpServerTemplateForHAS(HasConfig hasConfig, InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2, String str) throws HasException {
        HttpConfig.Policy httpPolicy = getHttpPolicy(hasConfig);
        HttpServer2.Builder name = new HttpServer2.Builder().setName(str);
        if (httpPolicy.isHttpEnabled()) {
            if (inetSocketAddress != null && inetSocketAddress.getPort() == 0) {
                name.setFindPort(true);
            }
            URI create = URI.create("http://" + NetUtils.getHostPortString(inetSocketAddress));
            name.addEndpoint(create);
            LOG.info("Starting Web-server for " + str + " at: " + create);
        }
        if (httpPolicy.isHttpsEnabled() && inetSocketAddress2 != null) {
            loadSslConfToHttpServerBuilder(name, loadSslConfiguration(hasConfig));
            if (inetSocketAddress2.getPort() == 0) {
                name.setFindPort(true);
            }
            URI create2 = URI.create("https://" + NetUtils.getHostPortString(inetSocketAddress2));
            name.addEndpoint(create2);
            LOG.info("Starting Web-server for " + str + " at: " + create2);
        }
        return name;
    }

    public HasConfig loadSslConfiguration(HasConfig hasConfig) throws HasException {
        HasConfig hasConfig2 = new HasConfig();
        String string = hasConfig.getString(WebConfigKey.HAS_SERVER_HTTPS_KEYSTORE_RESOURCE_KEY, WebConfigKey.HAS_SERVER_HTTPS_KEYSTORE_RESOURCE_DEFAULT);
        LOG.info("Get the ssl config file: " + string);
        File file = new File(string);
        if (!file.exists()) {
            throw new HasException("The ssl server config file " + string + " does not exist.");
        }
        try {
            hasConfig2.addIniConfig(file);
            for (String str : new String[]{WebConfigKey.HAS_SERVER_HTTPS_TRUSTSTORE_LOCATION_KEY, WebConfigKey.HAS_SERVER_HTTPS_KEYSTORE_LOCATION_KEY, WebConfigKey.HAS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY, WebConfigKey.HAS_SERVER_HTTPS_KEYPASSWORD_KEY}) {
                if (hasConfig2.getString(str) == null) {
                    LOG.warn("SSL config " + str + " is missing. If " + WebConfigKey.HAS_SERVER_HTTPS_KEYSTORE_RESOURCE_KEY + " is specified, make sure it is a relative path");
                }
            }
            hasConfig2.setBoolean(WebConfigKey.HAS_CLIENT_HTTPS_NEED_AUTH_KEY, Boolean.valueOf(hasConfig.getBoolean(WebConfigKey.HAS_CLIENT_HTTPS_NEED_AUTH_KEY, false).booleanValue()));
            return hasConfig2;
        } catch (IOException e) {
            throw new HasException("Errors occurred when adding config. " + e.getMessage());
        }
    }

    public HttpServer2.Builder loadSslConfToHttpServerBuilder(HttpServer2.Builder builder, HasConfig hasConfig) {
        return builder.needsClientAuth(hasConfig.getBoolean(WebConfigKey.HAS_CLIENT_HTTPS_NEED_AUTH_KEY, false).booleanValue()).keyPassword(getPassword(hasConfig, WebConfigKey.HAS_SERVER_HTTPS_KEYPASSWORD_KEY)).keyStore(hasConfig.getString(WebConfigKey.HAS_SERVER_HTTPS_KEYSTORE_LOCATION_KEY), getPassword(hasConfig, WebConfigKey.HAS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY), hasConfig.getString("ssl.server.keystore.type", "jks")).trustStore(hasConfig.getString(WebConfigKey.HAS_SERVER_HTTPS_TRUSTSTORE_LOCATION_KEY), getPassword(hasConfig, WebConfigKey.HAS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY), hasConfig.getString("ssl.server.truststore.type", "jks")).excludeCiphers(hasConfig.getString("ssl.server.exclude.cipher.list"));
    }

    public String getPassword(HasConfig hasConfig, String str) {
        return hasConfig.getString(str);
    }

    public void stop() throws Exception {
        if (this.httpServer != null) {
            this.httpServer.stop();
        }
    }

    public InetSocketAddress getHttpAddress() {
        return this.httpAddress;
    }

    public InetSocketAddress getHttpsAddress() {
        return this.httpsAddress;
    }
}
