package org.apache.qpid.server.management.plugin;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Joiner;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
import com.google.common.util.concurrent.SettableFuture;
import java.io.IOException;
import java.io.StringWriter;
import java.io.Writer;
import java.net.BindException;
import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ScheduledThreadPoolExecutor;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.ThreadPoolExecutor;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSessionContext;
import javax.servlet.DispatcherType;
import javax.servlet.MultipartConfigElement;
import javax.servlet.http.HttpServletRequest;
import org.apache.qpid.server.bytebuffer.QpidByteBuffer;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.configuration.updater.TaskExecutor;
import org.apache.qpid.server.logging.messages.ManagementConsoleMessages;
import org.apache.qpid.server.logging.messages.PortMessages;
import org.apache.qpid.server.management.plugin.controller.LegacyConfiguredObject;
import org.apache.qpid.server.management.plugin.filter.AuthenticationCheckFilter;
import org.apache.qpid.server.management.plugin.filter.ExceptionHandlingFilter;
import org.apache.qpid.server.management.plugin.filter.ForbiddingTraceFilter;
import org.apache.qpid.server.management.plugin.filter.InteractiveAuthenticationFilter;
import org.apache.qpid.server.management.plugin.filter.LoggingFilter;
import org.apache.qpid.server.management.plugin.filter.RedirectFilter;
import org.apache.qpid.server.management.plugin.filter.RewriteRequestForUncompressedJavascript;
import org.apache.qpid.server.management.plugin.portunification.TlsOrPlainConnectionFactory;
import org.apache.qpid.server.management.plugin.preferences.QueryPreferenceValue;
import org.apache.qpid.server.management.plugin.servlet.FileServlet;
import org.apache.qpid.server.management.plugin.servlet.RootServlet;
import org.apache.qpid.server.management.plugin.servlet.rest.ApiDocsServlet;
import org.apache.qpid.server.management.plugin.servlet.rest.BrokerQueryServlet;
import org.apache.qpid.server.management.plugin.servlet.rest.JsonValueServlet;
import org.apache.qpid.server.management.plugin.servlet.rest.LogoutServlet;
import org.apache.qpid.server.management.plugin.servlet.rest.MetaDataServlet;
import org.apache.qpid.server.management.plugin.servlet.rest.QueueReportServlet;
import org.apache.qpid.server.management.plugin.servlet.rest.RestServlet;
import org.apache.qpid.server.management.plugin.servlet.rest.SaslServlet;
import org.apache.qpid.server.management.plugin.servlet.rest.StructureServlet;
import org.apache.qpid.server.management.plugin.servlet.rest.TimeZoneServlet;
import org.apache.qpid.server.management.plugin.servlet.rest.VirtualHostQueryServlet;
import org.apache.qpid.server.model.AbstractConfigurationChangeListener;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.model.ManagedAttributeField;
import org.apache.qpid.server.model.ManagedObject;
import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.Protocol;
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.model.Transport;
import org.apache.qpid.server.model.adapter.AbstractPluginAdapter;
import org.apache.qpid.server.model.port.HttpPort;
import org.apache.qpid.server.model.port.PortManager;
import org.apache.qpid.server.transport.PortBindFailureException;
import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
import org.apache.qpid.server.util.DaemonThreadFactory;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
import org.eclipse.jetty.io.Connection;
import org.eclipse.jetty.io.ssl.SslHandshakeListener;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.NetworkConnector;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.ErrorHandler;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.servlets.CrossOriginFilter;
import org.eclipse.jetty.util.annotation.Name;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.ExecutorThreadPool;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ManagedObject(category = false, type = HttpManagement.PLUGIN_TYPE)
/* loaded from: input_file:org/apache/qpid/server/management/plugin/HttpManagement.class */
public class HttpManagement extends AbstractPluginAdapter<HttpManagement> implements HttpManagementConfiguration<HttpManagement>, PortManager {
    private static final Logger LOGGER;
    public static final int DEFAULT_TIMEOUT_IN_SECONDS = 600;
    public static final String TIME_OUT = "sessionTimeout";
    public static final String HTTP_BASIC_AUTHENTICATION_ENABLED = "httpBasicAuthenticationEnabled";
    public static final String HTTPS_BASIC_AUTHENTICATION_ENABLED = "httpsBasicAuthenticationEnabled";
    public static final String HTTP_SASL_AUTHENTICATION_ENABLED = "httpSaslAuthenticationEnabled";
    public static final String HTTPS_SASL_AUTHENTICATION_ENABLED = "httpsSaslAuthenticationEnabled";
    public static final String PLUGIN_TYPE = "MANAGEMENT-HTTP";
    public static final String DEFAULT_LOGOUT_URL = "/logout.html";
    public static final String DEFAULT_LOGIN_URL = "/index.html";
    private static final String OPERATIONAL_LOGGING_NAME = "Web";
    private static final String JSESSIONID_COOKIE_PREFIX = "JSESSIONID_";
    private static final String[] STATIC_FILE_TYPES;
    private Server _server;

    @ManagedAttributeField
    private boolean _httpsSaslAuthenticationEnabled;

    @ManagedAttributeField
    private boolean _httpSaslAuthenticationEnabled;

    @ManagedAttributeField
    private boolean _httpsBasicAuthenticationEnabled;

    @ManagedAttributeField
    private boolean _httpBasicAuthenticationEnabled;

    @ManagedAttributeField
    private int _sessionTimeout;

    @ManagedAttributeField
    public String _corsAllowOrigins;

    @ManagedAttributeField
    public Set<String> _corsAllowMethods;

    @ManagedAttributeField
    public String _corsAllowHeaders;

    @ManagedAttributeField
    public boolean _corsAllowCredentials;

    @ManagedAttributeField
    private boolean _compressResponses;
    private final Map<HttpPort<?>, ServerConnector> _portConnectorMap;
    private final Map<HttpPort<?>, SslContextFactory> _sslContextFactoryMap;
    private final BrokerChangeListener _brokerChangeListener;
    private volatile boolean _serveUncompressedDojo;
    private volatile Long _saslExchangeExpiry;
    private volatile ThreadPoolExecutor _jettyServerExecutor;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:org/apache/qpid/server/management/plugin/HttpManagement$BrokerChangeListener.class */
    private class BrokerChangeListener extends AbstractConfigurationChangeListener {
        private BrokerChangeListener() {
        }

        public void childAdded(ConfiguredObject<?> configuredObject, ConfiguredObject<?> configuredObject2) {
            if (configuredObject2 instanceof HttpPort) {
                HttpPort httpPort = (HttpPort) configuredObject2;
                Server server = HttpManagement.this._server;
                if (server != null) {
                    ServerConnector serverConnector = null;
                    try {
                        serverConnector = HttpManagement.this.createConnector(httpPort, server);
                        serverConnector.addBean(new ConnectionTrackingListener());
                        server.addConnector(serverConnector);
                        serverConnector.start();
                        HttpManagement.this._portConnectorMap.put(httpPort, serverConnector);
                        HttpManagement.this.logOperationalListenMessages(httpPort, serverConnector.getLocalPort());
                    } catch (Exception e) {
                        if (serverConnector != null) {
                            server.removeConnector(serverConnector);
                        }
                        HttpManagement.LOGGER.warn("HTTP management connector creation failed for http port {}", httpPort, e);
                    }
                }
            }
        }

        public void childRemoved(ConfiguredObject<?> configuredObject, ConfiguredObject<?> configuredObject2) {
            if (configuredObject2 instanceof HttpPort) {
                HttpPort httpPort = (HttpPort) configuredObject2;
                if (HttpManagement.this._server != null) {
                    HttpManagement.this._sslContextFactoryMap.remove(httpPort);
                    final ServerConnector serverConnector = (ServerConnector) HttpManagement.this._portConnectorMap.remove(httpPort);
                    if (serverConnector != null) {
                        final int localPort = serverConnector.getLocalPort();
                        final ConnectionTrackingListener connectionTrackingListener = (ConnectionTrackingListener) serverConnector.getBean(ConnectionTrackingListener.class);
                        serverConnector.close();
                        serverConnector.setIdleTimeout(1L);
                        serverConnector.getConnectedEndPoints().forEach(endPoint -> {
                            endPoint.setIdleTimeout(1L);
                        });
                        HttpManagement.LOGGER.debug("Connector has {} connection(s)", Integer.valueOf(connectionTrackingListener.getConnectionCount()));
                        final TaskExecutor taskExecutor = HttpManagement.this.getBroker().getTaskExecutor();
                        connectionTrackingListener.getAllClosedFuture().addListener(new Runnable() { // from class: org.apache.qpid.server.management.plugin.HttpManagement.BrokerChangeListener.1
                            @Override // java.lang.Runnable
                            public void run() {
                                if (connectionTrackingListener.getConnectionCount() != 0) {
                                    HttpManagement.LOGGER.debug("Connector still has {} connection(s)", Integer.valueOf(connectionTrackingListener.getConnectionCount()));
                                    serverConnector.getConnectedEndPoints().forEach(endPoint2 -> {
                                        endPoint2.setIdleTimeout(1L);
                                    });
                                    connectionTrackingListener.getAllClosedFuture().addListener(this, taskExecutor);
                                    return;
                                }
                                HttpManagement.LOGGER.debug("Stopping connector for http port {}", Integer.valueOf(localPort));
                                try {
                                    serverConnector.stop();
                                } catch (Exception e) {
                                    HttpManagement.LOGGER.warn("Failed to stop connector for http port {}", Integer.valueOf(localPort), e);
                                } finally {
                                    HttpManagement.this.logOperationalShutdownMessage(localPort);
                                    HttpManagement.this._server.removeConnector(serverConnector);
                                }
                            }
                        }, taskExecutor);
                    }
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/qpid/server/management/plugin/HttpManagement$ConnectionTrackingListener.class */
    public static class ConnectionTrackingListener implements Connection.Listener {
        private final Map<Connection, SettableFuture<Void>> _closeFutures;

        private ConnectionTrackingListener() {
            this._closeFutures = new HashMap();
        }

        public void onOpened(Connection connection) {
            this._closeFutures.put(connection, SettableFuture.create());
        }

        public void onClosed(Connection connection) {
            SettableFuture<Void> remove = this._closeFutures.remove(connection);
            if (remove != null) {
                remove.set((Object) null);
            }
        }

        public ListenableFuture<List<Void>> getAllClosedFuture() {
            return Futures.allAsList(this._closeFutures.values());
        }

        public int getConnectionCount() {
            return this._closeFutures.size();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/qpid/server/management/plugin/HttpManagement$QBBTrackingThreadPool.class */
    public static class QBBTrackingThreadPool extends QueuedThreadPool {
        private final ThreadFactory _threadFactory;

        public QBBTrackingThreadPool(@Name("maxThreads") int i, @Name("minThreads") int i2) {
            super(i, i2);
            this._threadFactory = QpidByteBuffer.createQpidByteBufferTrackingThreadFactory(runnable -> {
                return super.newThread(runnable);
            });
        }

        protected Thread newThread(Runnable runnable) {
            return this._threadFactory.newThread(runnable);
        }
    }

    @ManagedObjectFactoryConstructor
    public HttpManagement(Map<String, Object> map, Broker broker) {
        super(map, broker);
        this._portConnectorMap = new ConcurrentHashMap();
        this._sslContextFactoryMap = new ConcurrentHashMap();
        this._brokerChangeListener = new BrokerChangeListener();
    }

    protected void onOpen() {
        super.onOpen();
        this._serveUncompressedDojo = Boolean.TRUE.equals(getContextValue(Boolean.class, "qpid.httpManagement.serveUncompressedDojo"));
        this._saslExchangeExpiry = (Long) getContextValue(Long.class, HttpManagementConfiguration.SASL_EXCHANGE_EXPIRY_CONTEXT_NAME);
        getBroker().addChangeListener(this._brokerChangeListener);
    }

    @StateTransition(currentState = {State.UNINITIALIZED, State.ERRORED}, desiredState = State.ACTIVE)
    private ListenableFuture<Void> doStart() {
        Collection<HttpPort<?>> eligibleHttpPorts = getEligibleHttpPorts(getBroker().getPorts());
        if (eligibleHttpPorts.isEmpty()) {
            LOGGER.warn("HttpManagement plugin is configured but no suitable HTTP ports are available.");
        } else {
            getBroker().getEventLogger().message(ManagementConsoleMessages.STARTUP(OPERATIONAL_LOGGING_NAME));
            this._server = createServer(eligibleHttpPorts);
            try {
                this._server.start();
                logOperationalListenMessages();
                getBroker().getEventLogger().message(ManagementConsoleMessages.READY(OPERATIONAL_LOGGING_NAME));
            } catch (PortBindFailureException e) {
                getBroker().getEventLogger().message(PortMessages.BIND_FAILED("HTTP", Integer.valueOf(e.getAddress().getPort())));
                throw e;
            } catch (Exception e2) {
                throw new ServerScopedRuntimeException("Failed to start HTTP management on ports : " + eligibleHttpPorts, e2);
            }
        }
        setState(State.ACTIVE);
        return Futures.immediateFuture((Object) null);
    }

    protected ListenableFuture<Void> onClose() {
        getBroker().removeChangeListener(this._brokerChangeListener);
        if (this._server != null) {
            try {
                logOperationalShutdownMessage();
                this._server.stop();
            } catch (Exception e) {
                throw new ServerScopedRuntimeException("Failed to stop HTTP management", e);
            }
        }
        if (this._jettyServerExecutor != null) {
            this._jettyServerExecutor.shutdown();
        }
        getBroker().getEventLogger().message(ManagementConsoleMessages.STOPPED(OPERATIONAL_LOGGING_NAME));
        return Futures.immediateFuture((Object) null);
    }

    @Override // org.apache.qpid.server.management.plugin.HttpManagementConfiguration
    public int getSessionTimeout() {
        return this._sessionTimeout;
    }

    @Override // org.apache.qpid.server.management.plugin.HttpManagementConfiguration
    public String getCorsAllowOrigins() {
        return this._corsAllowOrigins;
    }

    @Override // org.apache.qpid.server.management.plugin.HttpManagementConfiguration
    public Set<String> getCorsAllowMethods() {
        return this._corsAllowMethods;
    }

    @Override // org.apache.qpid.server.management.plugin.HttpManagementConfiguration
    public String getCorsAllowHeaders() {
        return this._corsAllowHeaders;
    }

    @Override // org.apache.qpid.server.management.plugin.HttpManagementConfiguration
    public boolean getCorsAllowCredentials() {
        return this._corsAllowCredentials;
    }

    private Server createServer(Collection<HttpPort<?>> collection) {
        LOGGER.debug("Starting up web server on {}", collection);
        this._jettyServerExecutor = new ScheduledThreadPoolExecutor(1, (ThreadFactory) new DaemonThreadFactory("Jetty-Server-Thread"));
        Server server = new Server(new ExecutorThreadPool(this._jettyServerExecutor));
        int i = -1;
        for (HttpPort<?> httpPort : collection) {
            ServerConnector createConnector = createConnector(httpPort, server);
            createConnector.addBean(new ConnectionTrackingListener());
            server.addConnector(createConnector);
            this._portConnectorMap.put(httpPort, createConnector);
            i = httpPort.getPort();
        }
        ServletContextHandler servletContextHandler = new ServletContextHandler(1);
        servletContextHandler.setContextPath("/");
        servletContextHandler.setCompactPath(true);
        server.setHandler(servletContextHandler);
        servletContextHandler.setErrorHandler(new ErrorHandler() { // from class: org.apache.qpid.server.management.plugin.HttpManagement.1
            protected void writeErrorPageBody(HttpServletRequest httpServletRequest, Writer writer, int i2, String str, boolean z) throws IOException {
                writeErrorPageMessage(httpServletRequest, writer, i2, str, httpServletRequest.getRequestURI());
                for (int i3 = 0; i3 < 20; i3++) {
                    writer.write("<br/>                                                \n");
                }
            }
        });
        servletContextHandler.getServletContext().setAttribute(HttpManagementUtil.ATTR_BROKER, getBroker());
        servletContextHandler.getServletContext().setAttribute(HttpManagementUtil.ATTR_MANAGEMENT_CONFIGURATION, this);
        servletContextHandler.addFilter(new FilterHolder(new ExceptionHandlingFilter()), "/*", EnumSet.allOf(DispatcherType.class));
        FilterHolder filterHolder = new FilterHolder(new CrossOriginFilter());
        filterHolder.setInitParameter("allowedOrigins", getCorsAllowOrigins());
        filterHolder.setInitParameter("allowedMethods", Joiner.on(",").join(getCorsAllowMethods()));
        filterHolder.setInitParameter("allowedHeaders", getCorsAllowHeaders());
        filterHolder.setInitParameter("allowCredentials", String.valueOf(getCorsAllowCredentials()));
        servletContextHandler.addFilter(filterHolder, "/*", EnumSet.of(DispatcherType.REQUEST));
        servletContextHandler.addFilter(new FilterHolder(new ForbiddingTraceFilter()), "/*", EnumSet.of(DispatcherType.REQUEST));
        FilterHolder filterHolder2 = new FilterHolder(new LoggingFilter());
        servletContextHandler.addFilter(filterHolder2, "/api/*", EnumSet.of(DispatcherType.REQUEST));
        servletContextHandler.addFilter(filterHolder2, "/service/*", EnumSet.of(DispatcherType.REQUEST));
        FilterHolder filterHolder3 = new FilterHolder(new AuthenticationCheckFilter());
        filterHolder3.setInitParameter(AuthenticationCheckFilter.INIT_PARAM_ALLOWED, "/service/sasl");
        servletContextHandler.addFilter(filterHolder3, "/api/*", EnumSet.of(DispatcherType.REQUEST));
        servletContextHandler.addFilter(filterHolder3, "/apidocs/*", EnumSet.of(DispatcherType.REQUEST));
        servletContextHandler.addFilter(filterHolder3, "/service/*", EnumSet.of(DispatcherType.REQUEST));
        servletContextHandler.addFilter(new FilterHolder(new InteractiveAuthenticationFilter()), DEFAULT_LOGIN_URL, EnumSet.of(DispatcherType.REQUEST));
        servletContextHandler.addFilter(new FilterHolder(new InteractiveAuthenticationFilter()), "/", EnumSet.of(DispatcherType.REQUEST));
        FilterHolder filterHolder4 = new FilterHolder(new RedirectFilter());
        filterHolder4.setInitParameter(RedirectFilter.INIT_PARAM_REDIRECT_URI, DEFAULT_LOGIN_URL);
        servletContextHandler.addFilter(filterHolder4, "/login.html", EnumSet.of(DispatcherType.REQUEST));
        if (this._serveUncompressedDojo) {
            servletContextHandler.addFilter(RewriteRequestForUncompressedJavascript.class, "/dojo/dojo/*", EnumSet.of(DispatcherType.REQUEST));
            servletContextHandler.addFilter(RewriteRequestForUncompressedJavascript.class, "/dojo/dojox/*", EnumSet.of(DispatcherType.REQUEST));
        }
        addRestServlet(servletContextHandler);
        ServletHolder servletHolder = new ServletHolder(new BrokerQueryServlet());
        servletContextHandler.addServlet(servletHolder, "/api/latest/querybroker/*");
        servletContextHandler.addServlet(servletHolder, "/api/v7.1/querybroker/*");
        ServletHolder servletHolder2 = new ServletHolder(new VirtualHostQueryServlet());
        servletContextHandler.addServlet(servletHolder2, "/api/latest/queryvhost/*");
        servletContextHandler.addServlet(servletHolder2, "/api/v7.1/queryvhost/*");
        ServletHolder servletHolder3 = new ServletHolder(new ApiDocsServlet());
        ServletHolder servletHolder4 = new ServletHolder(new RewriteServlet("^(.*)$", "$1/"));
        for (String str : new String[]{"/apidocs", "/apidocs/latest", "/apidocs/" + getLatestSupportedVersion()}) {
            servletContextHandler.addServlet(servletHolder4, str);
            servletContextHandler.addServlet(servletHolder3, str + "/");
        }
        servletContextHandler.addServlet(new ServletHolder(new StructureServlet()), "/service/structure");
        servletContextHandler.addServlet(new ServletHolder(new QueueReportServlet()), "/service/queuereport/*");
        servletContextHandler.addServlet(new ServletHolder(new MetaDataServlet()), "/service/metadata");
        servletContextHandler.addServlet(new ServletHolder(new SaslServlet()), "/service/sasl");
        servletContextHandler.addServlet(new ServletHolder(new RootServlet("/", "/apidocs/", "index.html")), "/");
        servletContextHandler.addServlet(new ServletHolder(new LogoutServlet()), "/logout");
        servletContextHandler.addServlet(new ServletHolder(new FileServlet(DojoHelper.getDojoPath(), true)), "/dojo/dojo/*");
        servletContextHandler.addServlet(new ServletHolder(new FileServlet(DojoHelper.getDijitPath(), true)), "/dojo/dijit/*");
        servletContextHandler.addServlet(new ServletHolder(new FileServlet(DojoHelper.getDojoxPath(), true)), "/dojo/dojox/*");
        servletContextHandler.addServlet(new ServletHolder(new FileServlet(DojoHelper.getDgridPath(), true)), "/dojo/dgrid/*");
        servletContextHandler.addServlet(new ServletHolder(new FileServlet(DojoHelper.getDstorePath(), true)), "/dojo/dstore/*");
        for (String str2 : STATIC_FILE_TYPES) {
            servletContextHandler.addServlet(new ServletHolder(new FileServlet()), str2);
        }
        servletContextHandler.addServlet(new ServletHolder(new TimeZoneServlet()), "/service/timezones");
        servletContextHandler.getSessionHandler().getSessionCookieConfig().setName(JSESSIONID_COOKIE_PREFIX + i);
        servletContextHandler.getSessionHandler().getSessionCookieConfig().setHttpOnly(true);
        servletContextHandler.getSessionHandler().setMaxInactiveInterval(getSessionTimeout());
        return server;
    }

    public int getBoundPort(HttpPort httpPort) {
        NetworkConnector networkConnector = this._portConnectorMap.get(httpPort);
        if (networkConnector != null) {
            return networkConnector.getLocalPort();
        }
        return -1;
    }

    public int getNumberOfAcceptors(HttpPort httpPort) {
        ServerConnector serverConnector = this._portConnectorMap.get(httpPort);
        if (serverConnector != null) {
            return serverConnector.getAcceptors();
        }
        return -1;
    }

    public int getNumberOfSelectors(HttpPort httpPort) {
        ServerConnector serverConnector = this._portConnectorMap.get(httpPort);
        if (serverConnector != null) {
            return serverConnector.getSelectorManager().getSelectorCount();
        }
        return -1;
    }

    public SSLContext getSSLContext(HttpPort httpPort) {
        SslContextFactory sslContextFactory = getSslContextFactory(httpPort);
        if (sslContextFactory != null) {
            return sslContextFactory.getSslContext();
        }
        return null;
    }

    public boolean updateSSLContext(HttpPort httpPort) {
        SslContextFactory sslContextFactory = getSslContextFactory(httpPort);
        if (sslContextFactory == null) {
            return false;
        }
        try {
            SSLContext createSslContext = createSslContext(httpPort);
            sslContextFactory.reload(sslContextFactory2 -> {
                sslContextFactory2.setSslContext(createSslContext);
                sslContextFactory2.setNeedClientAuth(httpPort.getNeedClientAuth());
                sslContextFactory2.setWantClientAuth(httpPort.getWantClientAuth());
            });
            return true;
        } catch (Exception e) {
            throw new IllegalConfigurationException("Unexpected exception on reload of ssl context factory", e);
        }
    }

    private SslContextFactory getSslContextFactory(HttpPort httpPort) {
        return this._sslContextFactoryMap.get(httpPort);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ServerConnector createConnector(final HttpPort<?> httpPort, Server server) {
        ConnectionFactory[] connectionFactoryArr;
        httpPort.setPortManager(this);
        if (httpPort.getState() != State.ACTIVE) {
            httpPort.startAsync();
        }
        ConnectionFactory httpConnectionFactory = new HttpConnectionFactory();
        httpConnectionFactory.getHttpConfiguration().setSendServerVersion(false);
        httpConnectionFactory.getHttpConfiguration().setSendXPoweredBy(false);
        httpConnectionFactory.getHttpConfiguration().addCustomizer((connector, httpConfiguration, request) -> {
            HttpManagementUtil.getPortAttributeAction(httpPort).performAction(request);
        });
        httpConnectionFactory.getHttpConfiguration().addCustomizer(new SecureRequestCustomizer());
        Set transports = httpPort.getTransports();
        SslContextFactory sslContextFactory = null;
        if (!transports.contains(Transport.SSL)) {
            connectionFactoryArr = new ConnectionFactory[]{httpConnectionFactory};
        } else {
            if (!transports.contains(Transport.SSL)) {
                throw new IllegalArgumentException("Unexpected transport on port " + httpPort.getName() + ":" + transports);
            }
            sslContextFactory = createSslContextFactory(httpPort);
            connectionFactoryArr = new ConnectionFactory[]{httpPort.getTransports().contains(Transport.TCP) ? new TlsOrPlainConnectionFactory(sslContextFactory, httpConnectionFactory.getProtocol()) : new SslConnectionFactory(sslContextFactory, httpConnectionFactory.getProtocol()), httpConnectionFactory};
        }
        ServerConnector serverConnector = new ServerConnector(server, new QBBTrackingThreadPool(httpPort.getThreadPoolMaximum(), httpPort.getThreadPoolMinimum()), null, null, httpPort.getDesiredNumberOfAcceptors(), httpPort.getDesiredNumberOfSelectors(), connectionFactoryArr) { // from class: org.apache.qpid.server.management.plugin.HttpManagement.2
            public void open() throws IOException {
                try {
                    super.open();
                } catch (BindException e) {
                    HttpManagement.this._sslContextFactoryMap.remove(httpPort);
                    throw new PortBindFailureException(getHost() == null ? new InetSocketAddress(getPort()) : new InetSocketAddress(getHost(), getPort()));
                }
            }
        };
        serverConnector.setAcceptQueueSize(httpPort.getAcceptBacklogSize());
        String bindingAddress = httpPort.getBindingAddress();
        if (bindingAddress != null && !bindingAddress.trim().equals(QueryPreferenceValue.DEFAULT_SCOPE) && !bindingAddress.trim().equals("*")) {
            serverConnector.setHost(bindingAddress.trim());
        }
        serverConnector.setPort(httpPort.getPort());
        if (transports.contains(Transport.SSL)) {
            serverConnector.addBean(new SslHandshakeListener() { // from class: org.apache.qpid.server.management.plugin.HttpManagement.3
                public void handshakeFailed(SslHandshakeListener.Event event, Throwable th) {
                    SSLEngine sSLEngine = event.getSSLEngine();
                    if (HttpManagement.LOGGER.isDebugEnabled()) {
                        HttpManagement.LOGGER.info("TLS handshake failed: host='{}', port={}", new Object[]{sSLEngine.getPeerHost(), Integer.valueOf(sSLEngine.getPeerPort()), th});
                    } else {
                        HttpManagement.LOGGER.info("TLS handshake failed: host='{}', port={}: {}", new Object[]{sSLEngine.getPeerHost(), Integer.valueOf(sSLEngine.getPeerPort()), String.valueOf(th)});
                    }
                }
            });
        }
        int acceptors = serverConnector.getAcceptors();
        int selectorCount = serverConnector.getSelectorManager().getSelectorCount();
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Created connector for http port {} with maxThreads={}, minThreads={}, acceptors={}, selectors={}, acceptBacklog={}", new Object[]{httpPort.getName(), Integer.valueOf(httpPort.getThreadPoolMaximum()), Integer.valueOf(httpPort.getThreadPoolMinimum()), Integer.valueOf(acceptors), Integer.valueOf(selectorCount), Integer.valueOf(httpPort.getAcceptBacklogSize())});
        }
        if (httpPort.getThreadPoolMaximum() < acceptors + (2 * selectorCount) + 1) {
            throw new IllegalConfigurationException(String.format("Insufficient number of threads is configured on http port '%s': max=%d < needed(acceptors=%d + selectors=2*%d + request=1)", httpPort.getName(), Integer.valueOf(httpPort.getThreadPoolMaximum()), Integer.valueOf(acceptors), Integer.valueOf(selectorCount)));
        }
        if (sslContextFactory != null) {
            this._sslContextFactoryMap.put(httpPort, sslContextFactory);
        }
        return serverConnector;
    }

    private SslContextFactory createSslContextFactory(final HttpPort<?> httpPort) {
        SslContextFactory.Server server = new SslContextFactory.Server() { // from class: org.apache.qpid.server.management.plugin.HttpManagement.4
            public void customize(SSLEngine sSLEngine) {
                super.customize(sSLEngine);
                if (httpPort.getTlsCipherSuiteWhiteList() != null && !httpPort.getTlsCipherSuiteWhiteList().isEmpty()) {
                    SSLParameters sSLParameters = sSLEngine.getSSLParameters();
                    sSLParameters.setUseCipherSuitesOrder(true);
                    sSLEngine.setSSLParameters(sSLParameters);
                }
                SSLUtil.updateEnabledCipherSuites(sSLEngine, httpPort.getTlsCipherSuiteWhiteList(), httpPort.getTlsCipherSuiteBlackList());
                SSLUtil.updateEnabledTlsProtocols(sSLEngine, httpPort.getTlsProtocolWhiteList(), httpPort.getTlsProtocolBlackList());
            }
        };
        server.setSslContext(createSslContext(httpPort));
        if (httpPort.getNeedClientAuth()) {
            server.setNeedClientAuth(true);
        } else if (httpPort.getWantClientAuth()) {
            server.setWantClientAuth(true);
        }
        return server;
    }

    private SSLContext createSslContext(HttpPort<?> httpPort) {
        if (httpPort.getKeyStore() == null) {
            throw new IllegalConfigurationException("Key store is not configured. Cannot start management on HTTPS port without keystore");
        }
        boolean z = httpPort.getNeedClientAuth() || httpPort.getWantClientAuth();
        Collection trustStores = httpPort.getTrustStores();
        if (z && trustStores.isEmpty()) {
            throw new IllegalConfigurationException(String.format("Client certificate authentication is enabled on HTTPS port '%s' but no trust store defined", getName()));
        }
        SSLContext createSslContext = SSLUtil.createSslContext(httpPort.getKeyStore(), trustStores, httpPort.getName());
        SSLSessionContext serverSessionContext = createSslContext.getServerSessionContext();
        if (httpPort.getTLSSessionCacheSize() > 0) {
            serverSessionContext.setSessionCacheSize(httpPort.getTLSSessionCacheSize());
        }
        if (httpPort.getTLSSessionTimeout() > 0) {
            serverSessionContext.setSessionTimeout(httpPort.getTLSSessionTimeout());
        }
        return createSslContext;
    }

    private void addRestServlet(ServletContextHandler servletContextHandler) {
        ManagementControllerFactory managementControllerFactory;
        Map<String, ManagementControllerFactory> loadFactories = ManagementControllerFactory.loadFactories();
        ApiDocsServlet apiDocsServlet = new ApiDocsServlet();
        ArrayList arrayList = new ArrayList();
        String str = "7.1";
        ManagementController managementController = null;
        do {
            managementControllerFactory = loadFactories.get(str);
            if (managementControllerFactory != null) {
                managementController = managementControllerFactory.createManagementController(this, managementController);
                RestServlet restServlet = new RestServlet();
                Iterator<String> it = managementController.getCategories().iterator();
                while (it.hasNext()) {
                    String lowerCase = it.next().toLowerCase();
                    String categoryMapping = managementController.getCategoryMapping(lowerCase);
                    ServletHolder servletHolder = new ServletHolder(categoryMapping, restServlet);
                    servletHolder.setInitParameter("qpid.controller.version", managementController.getVersion());
                    servletHolder.getRegistration().setMultipartConfig(new MultipartConfigElement(QueryPreferenceValue.DEFAULT_SCOPE, ((Long) getContextValue(Long.class, HttpManagementConfiguration.MAX_HTTP_FILE_UPLOAD_SIZE_CONTEXT_NAME)).longValue(), -1L, ((Integer) getContextValue(Integer.class, HttpManagementConfiguration.MAX_HTTP_FILE_UPLOAD_SIZE_CONTEXT_NAME)).intValue()));
                    servletContextHandler.addServlet(servletHolder, categoryMapping + (categoryMapping.endsWith("/") ? "*" : "/*"));
                    if ("7.1".equals(managementController.getVersion())) {
                        servletContextHandler.addServlet(servletHolder, "/api/latest/" + lowerCase + "/*");
                        ServletHolder servletHolder2 = new ServletHolder(lowerCase + "docs", apiDocsServlet);
                        servletContextHandler.addServlet(servletHolder2, "/apidocs/latest/" + lowerCase + "/");
                        servletContextHandler.addServlet(servletHolder2, "/apidocs/v7.1/" + lowerCase + "/");
                        servletContextHandler.addServlet(servletHolder2, "/apidocs/latest/" + lowerCase);
                        servletContextHandler.addServlet(servletHolder2, "/apidocs/v7.1/" + lowerCase);
                    }
                }
                arrayList.add("v" + str);
                str = managementControllerFactory.getPreviousVersion();
            }
        } while (managementControllerFactory != null);
        servletContextHandler.getServletContext().setAttribute("qpid.controller.chain", managementController);
        ServletHolder servletHolder3 = new ServletHolder(new JsonValueServlet(Collections.singletonMap("supportedVersions", arrayList)));
        servletContextHandler.addServlet(servletHolder3, "/api");
        servletContextHandler.addServlet(servletHolder3, "/api/");
    }

    private String getLatestSupportedVersion() {
        return "v" + String.valueOf("7.1");
    }

    private void logOperationalListenMessages() {
        for (Map.Entry<HttpPort<?>, ServerConnector> entry : this._portConnectorMap.entrySet()) {
            logOperationalListenMessages(entry.getKey(), entry.getValue().getLocalPort());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void logOperationalListenMessages(HttpPort<?> httpPort, int i) {
        Iterator it = httpPort.getTransports().iterator();
        while (it.hasNext()) {
            getBroker().getEventLogger().message(ManagementConsoleMessages.LISTENING(Protocol.HTTP.name(), ((Transport) it.next()).name(), Integer.valueOf(i)));
        }
    }

    private void logOperationalShutdownMessage() {
        Iterator<ServerConnector> it = this._portConnectorMap.values().iterator();
        while (it.hasNext()) {
            logOperationalShutdownMessage(it.next().getLocalPort());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void logOperationalShutdownMessage(int i) {
        getBroker().getEventLogger().message(ManagementConsoleMessages.SHUTTING_DOWN(Protocol.HTTP.name(), Integer.valueOf(i)));
    }

    private Collection<HttpPort<?>> getEligibleHttpPorts(Collection<Port<?>> collection) {
        HashSet hashSet = new HashSet();
        Iterator<Port<?>> it = collection.iterator();
        while (it.hasNext()) {
            HttpPort httpPort = (Port) it.next();
            if (State.ACTIVE == httpPort.getDesiredState() && State.ERRORED != httpPort.getState() && httpPort.getProtocols().contains(Protocol.HTTP)) {
                hashSet.add(httpPort);
            }
        }
        return Collections.unmodifiableCollection(hashSet);
    }

    @Override // org.apache.qpid.server.management.plugin.HttpManagementConfiguration
    public boolean isHttpsSaslAuthenticationEnabled() {
        return this._httpsSaslAuthenticationEnabled;
    }

    @Override // org.apache.qpid.server.management.plugin.HttpManagementConfiguration
    public boolean isHttpSaslAuthenticationEnabled() {
        return this._httpSaslAuthenticationEnabled;
    }

    @Override // org.apache.qpid.server.management.plugin.HttpManagementConfiguration
    public boolean isHttpsBasicAuthenticationEnabled() {
        return this._httpsBasicAuthenticationEnabled;
    }

    @Override // org.apache.qpid.server.management.plugin.HttpManagementConfiguration
    public boolean isHttpBasicAuthenticationEnabled() {
        return this._httpBasicAuthenticationEnabled;
    }

    @Override // org.apache.qpid.server.management.plugin.HttpManagementConfiguration
    public boolean isCompressResponses() {
        return this._compressResponses;
    }

    @Override // org.apache.qpid.server.management.plugin.HttpManagementConfiguration
    public AuthenticationProvider getAuthenticationProvider(HttpServletRequest httpServletRequest) {
        HttpPort<?> mo6getPort = mo6getPort(httpServletRequest);
        if (mo6getPort == null) {
            return null;
        }
        return mo6getPort.getAuthenticationProvider();
    }

    public static Set<String> getAllAvailableCorsMethodCombinations() {
        List asList = Arrays.asList("OPTION", "HEAD", "GET", "POST", "PUT", "DELETE");
        HashSet<Set> hashSet = new HashSet();
        int size = asList.size();
        if (!$assertionsDisabled && size >= 31) {
            throw new AssertionError("Too many combination to calculate");
        }
        for (int i = 0; i < (1 << size); i++) {
            HashSet hashSet2 = new HashSet();
            for (int i2 = 0; i2 < size; i2++) {
                if ((i & (1 << i2)) != 0) {
                    hashSet2.add(asList.get(i2));
                }
            }
            hashSet.add(hashSet2);
        }
        HashSet hashSet3 = new HashSet(hashSet.size());
        ObjectMapper objectMapper = new ObjectMapper();
        for (Set set : hashSet) {
            try {
                StringWriter stringWriter = new StringWriter();
                Throwable th = null;
                try {
                    try {
                        objectMapper.writeValue(stringWriter, set);
                        hashSet3.add(stringWriter.toString());
                        if (stringWriter != null) {
                            if (0 != 0) {
                                try {
                                    stringWriter.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                stringWriter.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (IOException e) {
                throw new IllegalArgumentException("Unexpected IO Exception generating JSON string", e);
            }
        }
        return Collections.unmodifiableSet(hashSet3);
    }

    @Override // org.apache.qpid.server.management.plugin.HttpManagementConfiguration
    /* renamed from: getPort, reason: merged with bridge method [inline-methods] */
    public HttpPort<?> mo6getPort(HttpServletRequest httpServletRequest) {
        return HttpManagementUtil.getPort(httpServletRequest);
    }

    protected void validateChange(ConfiguredObject<?> configuredObject, Set<String> set) {
        super.validateChange(configuredObject, set);
        HttpManagementConfiguration httpManagementConfiguration = (HttpManagementConfiguration) configuredObject;
        if (set.contains(LegacyConfiguredObject.NAME) && !getName().equals(httpManagementConfiguration.getName())) {
            throw new IllegalConfigurationException("Changing the name of http management plugin is not allowed");
        }
        if (set.contains(TIME_OUT) && httpManagementConfiguration.getSessionTimeout() < 0) {
            throw new IllegalConfigurationException("Only positive integer value can be specified for the session time out attribute");
        }
    }

    @Override // org.apache.qpid.server.management.plugin.HttpManagementConfiguration
    public long getSaslExchangeExpiry() {
        return this._saslExchangeExpiry.longValue();
    }

    static {
        $assertionsDisabled = !HttpManagement.class.desiredAssertionStatus();
        LOGGER = LoggerFactory.getLogger(HttpManagement.class);
        STATIC_FILE_TYPES = new String[]{"*.js", "*.css", "*.html", "*.png", "*.gif", "*.jpg", "*.jpeg", "*.json", "*.txt", "*.xsl", "*.svg"};
    }
}
