package org.apache.pinot.core.util;

import com.google.common.base.Preconditions;
import java.io.File;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.net.URI;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.attribute.FileAttribute;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.pinot.common.config.TlsConfig;
import org.apache.pinot.common.utils.TlsUtils;
import org.apache.pinot.core.transport.HttpServerThreadPoolConfig;
import org.apache.pinot.core.transport.ListenerConfig;
import org.apache.pinot.spi.env.PinotConfiguration;
import org.glassfish.grizzly.http.server.HttpServer;
import org.glassfish.grizzly.http.server.NetworkListener;
import org.glassfish.grizzly.ssl.SSLContextConfigurator;
import org.glassfish.grizzly.ssl.SSLEngineConfigurator;
import org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpServerFactory;
import org.glassfish.jersey.internal.guava.ThreadFactoryBuilder;
import org.glassfish.jersey.process.JerseyProcessingUncaughtExceptionHandler;
import org.glassfish.jersey.server.ResourceConfig;

/* loaded from: input_file:org/apache/pinot/core/util/ListenerConfigUtil.class */
public final class ListenerConfigUtil {
    private static final String DEFAULT_HOST = "0.0.0.0";
    private static final String DOT_ACCESS_PROTOCOLS = ".access.protocols";
    private static final String DOT_ACCESS_THREAD_POOL = ".http.server.thread.pool";
    public static final Set<String> SUPPORTED_PROTOCOLS = new HashSet(Arrays.asList("http", "https"));

    private ListenerConfigUtil() {
    }

    public static List<ListenerConfig> buildListenerConfigs(PinotConfiguration pinotConfiguration, String str, TlsConfig tlsConfig) {
        return StringUtils.isBlank(pinotConfiguration.getProperty(str + ".access.protocols")) ? new ArrayList() : (List) Arrays.stream(pinotConfiguration.getProperty(str + ".access.protocols").split(",")).map(str2 -> {
            return buildListenerConfig(pinotConfiguration, str, str2, tlsConfig);
        }).collect(Collectors.toList());
    }

    public static List<ListenerConfig> buildControllerConfigs(PinotConfiguration pinotConfiguration) {
        ArrayList arrayList = new ArrayList();
        String property = pinotConfiguration.getProperty("controller.port");
        if (property != null) {
            arrayList.add(new ListenerConfig("http", DEFAULT_HOST, Integer.parseInt(property), "http", new TlsConfig(), buildServerThreadPoolConfig(pinotConfiguration, "pinot.controller")));
        }
        arrayList.addAll(buildListenerConfigs(pinotConfiguration, "controller", TlsUtils.extractTlsConfig(pinotConfiguration, "controller.tls")));
        Preconditions.checkState(!arrayList.isEmpty(), "Missing listener configs");
        return arrayList;
    }

    public static List<ListenerConfig> buildBrokerConfigs(PinotConfiguration pinotConfiguration) {
        ArrayList arrayList = new ArrayList();
        String property = pinotConfiguration.getProperty("pinot.broker.client.queryPort");
        if (property != null) {
            arrayList.add(new ListenerConfig("http", DEFAULT_HOST, Integer.parseInt(property), "http", new TlsConfig(), buildServerThreadPoolConfig(pinotConfiguration, "pinot.broker")));
        }
        arrayList.addAll(buildListenerConfigs(pinotConfiguration, "pinot.broker.client", TlsUtils.extractTlsConfig(pinotConfiguration, "pinot.broker.tls")));
        if (arrayList.isEmpty()) {
            arrayList.add(new ListenerConfig("http", DEFAULT_HOST, 8099, "http", new TlsConfig(), buildServerThreadPoolConfig(pinotConfiguration, "pinot.broker")));
        }
        return arrayList;
    }

    public static List<ListenerConfig> buildServerAdminConfigs(PinotConfiguration pinotConfiguration) {
        ArrayList arrayList = new ArrayList();
        String property = pinotConfiguration.getProperty("pinot.server.adminapi.port");
        if (property != null) {
            arrayList.add(new ListenerConfig("http", DEFAULT_HOST, Integer.parseInt(property), "http", new TlsConfig(), buildServerThreadPoolConfig(pinotConfiguration, "pinot.server")));
        }
        arrayList.addAll(buildListenerConfigs(pinotConfiguration, "pinot.server.adminapi", TlsUtils.extractTlsConfig(pinotConfiguration, "pinot.server.tls")));
        if (arrayList.isEmpty()) {
            arrayList.add(new ListenerConfig("http", DEFAULT_HOST, 8097, "http", new TlsConfig(), buildServerThreadPoolConfig(pinotConfiguration, "pinot.server")));
        }
        return arrayList;
    }

    public static List<ListenerConfig> buildMinionConfigs(PinotConfiguration pinotConfiguration) {
        ArrayList arrayList = new ArrayList();
        String property = pinotConfiguration.getProperty("pinot.minion.port");
        if (property != null) {
            arrayList.add(new ListenerConfig("http", DEFAULT_HOST, Integer.parseInt(property), "http", new TlsConfig(), buildServerThreadPoolConfig(pinotConfiguration, "pinot.minion")));
        }
        arrayList.addAll(buildListenerConfigs(pinotConfiguration, "pinot.minion.adminapi", TlsUtils.extractTlsConfig(pinotConfiguration, "pinot.minion.tls")));
        if (arrayList.isEmpty()) {
            arrayList.add(new ListenerConfig("http", DEFAULT_HOST, 9514, "http", new TlsConfig(), buildServerThreadPoolConfig(pinotConfiguration, "pinot.minion")));
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ListenerConfig buildListenerConfig(PinotConfiguration pinotConfiguration, String str, String str2, TlsConfig tlsConfig) {
        String str3 = str + ".access.protocols." + str2;
        return new ListenerConfig(str2, getHost(pinotConfiguration.getProperty(str3 + ".host", DEFAULT_HOST)), getPort(pinotConfiguration.getProperty(str3 + ".port")), getProtocol(pinotConfiguration.getProperty(str3 + ".protocol"), str2), TlsUtils.extractTlsConfig(pinotConfiguration, str3 + ".tls", tlsConfig), buildServerThreadPoolConfig(pinotConfiguration, str));
    }

    private static String getHost(String str) {
        return (String) Optional.ofNullable(str).map((v0) -> {
            return v0.trim();
        }).filter(str2 -> {
            return !str2.isEmpty();
        }).orElseThrow(() -> {
            return new IllegalArgumentException(str + " is not a valid host");
        });
    }

    private static int getPort(String str) {
        return ((Integer) Optional.ofNullable(str).map((v0) -> {
            return v0.trim();
        }).filter(str2 -> {
            return !str2.isEmpty();
        }).map(Integer::valueOf).orElseThrow(() -> {
            return new IllegalArgumentException(str + " is not a valid port");
        })).intValue();
    }

    private static String getProtocol(String str, String str2) {
        Optional filter = Optional.ofNullable(str).map((v0) -> {
            return v0.trim();
        }).filter(str3 -> {
            return !str3.isEmpty();
        });
        if (filter.isPresent()) {
            Set<String> set = SUPPORTED_PROTOCOLS;
            Objects.requireNonNull(set);
            return (String) filter.filter((v1) -> {
                return r1.contains(v1);
            }).orElseThrow(() -> {
                return new IllegalArgumentException(str + " is not a valid protocol");
            });
        }
        Optional of = Optional.of(str2);
        Set<String> set2 = SUPPORTED_PROTOCOLS;
        Objects.requireNonNull(set2);
        return (String) of.filter((v1) -> {
            return r1.contains(v1);
        }).orElseThrow(() -> {
            return new IllegalArgumentException("No protocol set for listener" + str2 + " and '" + str2 + "' is not a valid protocol either");
        });
    }

    public static HttpServer buildHttpServer(ResourceConfig resourceConfig, List<ListenerConfig> list) {
        Preconditions.checkNotNull(list);
        HttpServer createHttpServer = GrizzlyHttpServerFactory.createHttpServer(URI.create("http://0.0.0.0/"), resourceConfig, false);
        createHttpServer.removeListener("grizzly");
        list.forEach(listenerConfig -> {
            configureListener(createHttpServer, listenerConfig);
        });
        return createHttpServer;
    }

    public static void configureListener(HttpServer httpServer, ListenerConfig listenerConfig) {
        NetworkListener networkListener = new NetworkListener(listenerConfig.getName() + "-" + listenerConfig.getPort(), listenerConfig.getHost(), listenerConfig.getPort());
        networkListener.getTransport().getWorkerThreadPoolConfig().setThreadFactory(new ThreadFactoryBuilder().setNameFormat("grizzly-http-server-%d").setUncaughtExceptionHandler(new JerseyProcessingUncaughtExceptionHandler()).build()).setCorePoolSize(listenerConfig.getThreadPoolConfig().getCorePoolSize()).setMaxPoolSize(listenerConfig.getThreadPoolConfig().getMaxPoolSize());
        if ("https".equals(listenerConfig.getProtocol())) {
            networkListener.setSecure(true);
            networkListener.setSSLEngineConfig(buildSSLEngineConfigurator(listenerConfig.getTlsConfig()));
        }
        httpServer.addListener(networkListener);
    }

    public static int findLastTlsPort(List<ListenerConfig> list, int i) {
        return ((Integer) list.stream().filter(listenerConfig -> {
            return listenerConfig.getProtocol().equalsIgnoreCase("https");
        }).map((v0) -> {
            return v0.getPort();
        }).reduce((num, num2) -> {
            return num2;
        }).orElse(Integer.valueOf(i))).intValue();
    }

    private static SSLEngineConfigurator buildSSLEngineConfigurator(TlsConfig tlsConfig) {
        SSLContextConfigurator sSLContextConfigurator = new SSLContextConfigurator();
        if (tlsConfig.getKeyStorePath() != null) {
            Preconditions.checkNotNull(tlsConfig.getKeyStorePassword(), "key store password required");
            sSLContextConfigurator.setKeyStoreFile(cacheInTempFile(tlsConfig.getKeyStorePath()).getAbsolutePath());
            sSLContextConfigurator.setKeyStorePass(tlsConfig.getKeyStorePassword());
        }
        if (tlsConfig.getTrustStorePath() != null) {
            Preconditions.checkNotNull(tlsConfig.getKeyStorePassword(), "trust store password required");
            sSLContextConfigurator.setTrustStoreFile(cacheInTempFile(tlsConfig.getTrustStorePath()).getAbsolutePath());
            sSLContextConfigurator.setTrustStorePass(tlsConfig.getTrustStorePassword());
        }
        return new SSLEngineConfigurator(sSLContextConfigurator).setClientMode(false).setNeedClientAuth(tlsConfig.isClientAuthEnabled()).setEnabledProtocols(new String[]{"TLSv1.2"});
    }

    private static HttpServerThreadPoolConfig buildServerThreadPoolConfig(PinotConfiguration pinotConfiguration, String str) {
        String str2 = str + ".http.server.thread.pool";
        HttpServerThreadPoolConfig defaultInstance = HttpServerThreadPoolConfig.defaultInstance();
        int property = pinotConfiguration.getProperty(str2 + ".corePoolSize", -1);
        int property2 = pinotConfiguration.getProperty(str2 + ".maxPoolSize", -1);
        if (property > 0) {
            defaultInstance.setCorePoolSize(property);
        }
        if (property2 > 0) {
            defaultInstance.setMaxPoolSize(property2);
        }
        return defaultInstance;
    }

    public static String toString(Collection<? extends ListenerConfig> collection) {
        return StringUtils.join(collection.stream().map(listenerConfig -> {
            return String.format("%s://%s:%d", listenerConfig.getProtocol(), listenerConfig.getHost(), Integer.valueOf(listenerConfig.getPort()));
        }).toArray(), ", ");
    }

    private static File cacheInTempFile(String str) {
        try {
            URL makeKeyOrTrustStoreUrl = TlsUtils.makeKeyOrTrustStoreUrl(str);
            if ("file".equals(makeKeyOrTrustStoreUrl.getProtocol())) {
                return new File(makeKeyOrTrustStoreUrl.getPath());
            }
            File file = Files.createTempFile("pinot-keystore-", null, new FileAttribute[0]).toFile();
            file.deleteOnExit();
            InputStream openStream = makeKeyOrTrustStoreUrl.openStream();
            try {
                FileOutputStream fileOutputStream = new FileOutputStream(file);
                try {
                    IOUtils.copy(openStream, fileOutputStream);
                    fileOutputStream.close();
                    if (openStream != null) {
                        openStream.close();
                    }
                    return file;
                } catch (Throwable th) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Exception e) {
            throw new IllegalStateException(String.format("Could not retrieve and cache keystore from '%s'", str), e);
        }
    }
}
