package io.confluent.rest;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.jaxrs.base.JsonParseExceptionMapper;
import io.confluent.common.metrics.JmxReporter;
import io.confluent.common.metrics.MetricConfig;
import io.confluent.common.metrics.Metrics;
import io.confluent.common.metrics.MetricsReporter;
import io.confluent.rest.RestConfig;
import io.confluent.rest.auth.AuthUtil;
import io.confluent.rest.exceptions.ConstraintViolationExceptionMapper;
import io.confluent.rest.exceptions.GenericExceptionMapper;
import io.confluent.rest.exceptions.WebApplicationExceptionMapper;
import io.confluent.rest.extension.ResourceExtension;
import io.confluent.rest.metrics.MetricsResourceMethodApplicationListener;
import io.confluent.rest.validation.JacksonMessageBodyProvider;
import java.io.IOException;
import java.lang.management.ManagementFactory;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.function.Consumer;
import javax.servlet.DispatcherType;
import javax.servlet.Filter;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import javax.ws.rs.HttpMethod;
import javax.ws.rs.core.Configurable;
import org.apache.kafka.common.config.ConfigException;
import org.eclipse.jetty.jaas.JAASLoginService;
import org.eclipse.jetty.jmx.MBeanContainer;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.DefaultIdentityService;
import org.eclipse.jetty.security.IdentityService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.security.authentication.LoginAuthenticator;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.NetworkTrafficServerConnector;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.Slf4jRequestLog;
import org.eclipse.jetty.server.handler.ContextHandlerCollection;
import org.eclipse.jetty.server.handler.DefaultHandler;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.server.handler.RequestLogHandler;
import org.eclipse.jetty.server.handler.StatisticsHandler;
import org.eclipse.jetty.server.handler.gzip.GzipHandler;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.servlets.CrossOriginFilter;
import org.eclipse.jetty.util.resource.ResourceCollection;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.websocket.jsr356.server.ServerContainer;
import org.eclipse.jetty.websocket.jsr356.server.deploy.WebSocketServerContainerInitializer;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.server.ServerProperties;
import org.glassfish.jersey.server.validation.ValidationFeature;
import org.glassfish.jersey.servlet.ServletContainer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/bundled-dependencies/rest-utils-5.3.0.jar:io/confluent/rest/Application.class */
public abstract class Application<T extends RestConfig> {
    protected T config;
    protected Metrics metrics;
    protected final Slf4jRequestLog requestLog;
    protected SslContextFactory sslContextFactory;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) Application.class);
    protected Server server = null;
    protected CountDownLatch shutdownLatch = new CountDownLatch(1);
    protected final List<ResourceExtension> resourceExtensions = new ArrayList();

    public Application(T t) {
        this.config = t;
        MetricConfig timeWindow = new MetricConfig().samples(t.getInt("metrics.num.samples").intValue()).timeWindow(t.getLong("metrics.sample.window.ms").longValue(), TimeUnit.MILLISECONDS);
        List configuredInstances = t.getConfiguredInstances("metric.reporters", MetricsReporter.class);
        configuredInstances.add(new JmxReporter(t.getString(RestConfig.METRICS_JMX_PREFIX_CONFIG)));
        this.metrics = new Metrics(timeWindow, configuredInstances, t.getTime());
        this.requestLog = new Slf4jRequestLog();
        this.requestLog.setLoggerName(t.getString(RestConfig.REQUEST_LOGGER_NAME_CONFIG));
        this.requestLog.setLogLatency(true);
        this.sslContextFactory = createSslContextFactory();
    }

    public abstract void setupResources(Configurable<?> configurable, T t);

    /* JADX INFO: Access modifiers changed from: protected */
    public ResourceCollection getStaticResources() {
        return null;
    }

    protected void configurePreResourceHandling(ServletContextHandler servletContextHandler) {
    }

    protected SslContextFactory getSslContextFactory() {
        return this.sslContextFactory;
    }

    protected void configurePostResourceHandling(ServletContextHandler servletContextHandler) {
    }

    protected void configureWebSocketPostResourceHandling(ServletContextHandler servletContextHandler) {
    }

    public Map<String, String> getMetricsTags() {
        return new LinkedHashMap();
    }

    public Server createServer() throws ServletException {
        ResourceConfig resourceConfig = new ResourceConfig();
        Map<? extends String, ? extends String> parseListToMap = parseListToMap(getConfiguration().getList(RestConfig.METRICS_TAGS_CONFIG));
        Map<String, String> hashMap = new HashMap<>(getMetricsTags());
        hashMap.putAll(parseListToMap);
        configureBaseApplication(resourceConfig, hashMap);
        configureResourceExtensions(resourceConfig);
        setupResources(resourceConfig, getConfiguration());
        FilterHolder filterHolder = new FilterHolder(new ServletContainer(resourceConfig));
        this.server = new Server() { // from class: io.confluent.rest.Application.1
            @Override // org.eclipse.jetty.server.Server, org.eclipse.jetty.server.handler.AbstractHandler, org.eclipse.jetty.util.component.ContainerLifeCycle, org.eclipse.jetty.util.component.AbstractLifeCycle
            protected void doStop() throws Exception {
                super.doStop();
                Application.this.metrics.close();
                Application.this.doShutdown();
                Application.this.shutdownLatch.countDown();
            }
        };
        MBeanContainer mBeanContainer = new MBeanContainer(ManagementFactory.getPlatformMBeanServer());
        this.server.addEventListener(mBeanContainer);
        this.server.addBean(mBeanContainer);
        MetricsListener metricsListener = new MetricsListener(this.metrics, "jetty", hashMap);
        for (URI uri : parseListeners(this.config.getList(RestConfig.LISTENERS_CONFIG), this.config.getInt("port").intValue(), Arrays.asList("http", "https"), "http")) {
            log.info("Adding listener: " + uri.toString());
            NetworkTrafficServerConnector networkTrafficServerConnector = uri.getScheme().equals("http") ? new NetworkTrafficServerConnector(this.server) : new NetworkTrafficServerConnector(this.server, this.sslContextFactory);
            networkTrafficServerConnector.addNetworkTrafficListener(metricsListener);
            networkTrafficServerConnector.setPort(uri.getPort());
            networkTrafficServerConnector.setHost(uri.getHost());
            networkTrafficServerConnector.setIdleTimeout(this.config.getLong(RestConfig.IDLE_TIMEOUT_MS_CONFIG).longValue());
            this.server.addConnector(networkTrafficServerConnector);
        }
        ServletContextHandler servletContextHandler = new ServletContextHandler(1);
        servletContextHandler.setContextPath("/");
        ServletHolder servletHolder = new ServletHolder("default", (Class<? extends Servlet>) DefaultServlet.class);
        servletHolder.setInitParameter("dirAllowed", "false");
        ResourceCollection staticResources = getStaticResources();
        if (staticResources != null) {
            servletContextHandler.setBaseResource(staticResources);
        }
        configureSecurityHandler(servletContextHandler);
        if (isCorsEnabled()) {
            String string = this.config.getString(RestConfig.ACCESS_CONTROL_ALLOW_ORIGIN_CONFIG);
            FilterHolder filterHolder2 = new FilterHolder((Class<? extends Filter>) CrossOriginFilter.class);
            filterHolder2.setName("cross-origin");
            filterHolder2.setInitParameter(CrossOriginFilter.ALLOWED_ORIGINS_PARAM, string);
            String string2 = this.config.getString(RestConfig.ACCESS_CONTROL_ALLOW_METHODS);
            String string3 = this.config.getString(RestConfig.ACCESS_CONTROL_ALLOW_HEADERS);
            if (string2 != null && !string2.trim().isEmpty()) {
                filterHolder2.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM, string2);
            }
            if (string3 != null && !string3.trim().isEmpty()) {
                filterHolder2.setInitParameter(CrossOriginFilter.ALLOWED_HEADERS_PARAM, string3);
            }
            filterHolder2.setInitParameter(CrossOriginFilter.CHAIN_PREFLIGHT_PARAM, "false");
            servletContextHandler.addFilter(filterHolder2, "/*", EnumSet.of(DispatcherType.REQUEST));
        }
        configurePreResourceHandling(servletContextHandler);
        servletContextHandler.addFilter(filterHolder, "/*", (EnumSet<DispatcherType>) null);
        configurePostResourceHandling(servletContextHandler);
        servletContextHandler.addServlet(servletHolder, "/*");
        applyCustomConfiguration(servletContextHandler, RestConfig.REST_SERVLET_INITIALIZERS_CLASSES_CONFIG);
        RequestLogHandler requestLogHandler = new RequestLogHandler();
        requestLogHandler.setRequestLog(this.requestLog);
        HandlerCollection handlerCollection = new HandlerCollection();
        handlerCollection.setHandlers(new Handler[]{servletContextHandler, new DefaultHandler(), requestLogHandler});
        StatisticsHandler statisticsHandler = new StatisticsHandler();
        statisticsHandler.setHandler(handlerCollection);
        ServletContextHandler servletContextHandler2 = new ServletContextHandler(1);
        servletContextHandler2.setContextPath(this.config.getString(RestConfig.WEBSOCKET_PATH_PREFIX_CONFIG));
        configureSecurityHandler(servletContextHandler2);
        ContextHandlerCollection contextHandlerCollection = new ContextHandlerCollection();
        contextHandlerCollection.setHandlers(new Handler[]{statisticsHandler, servletContextHandler2});
        this.server.setHandler(wrapWithGzipHandler(contextHandlerCollection));
        registerWebSocketEndpoints(WebSocketServerContainerInitializer.configureContext(servletContextHandler2));
        configureWebSocketPostResourceHandling(servletContextHandler2);
        applyCustomConfiguration(servletContextHandler2, RestConfig.WEBSOCKET_SERVLET_INITIALIZERS_CLASSES_CONFIG);
        int intValue = getConfiguration().getInt(RestConfig.SHUTDOWN_GRACEFUL_MS_CONFIG).intValue();
        if (intValue > 0) {
            this.server.setStopTimeout(intValue);
        }
        this.server.setStopAtShutdown(true);
        return this.server;
    }

    public static Map<String, String> parseListToMap(List<String> list) {
        HashMap hashMap = new HashMap();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String[] split = it.next().split("\\s*:\\s*", -1);
            if (split.length != 2) {
                throw new ConfigException("Map entry should be of form <key>:<value");
            }
            hashMap.put(split[0], split[1]);
        }
        return hashMap;
    }

    private boolean isCorsEnabled() {
        return AuthUtil.isCorsEnabled(this.config);
    }

    private void configureResourceExtensions(ResourceConfig resourceConfig) {
        this.resourceExtensions.addAll(getConfiguration().getConfiguredInstances(RestConfig.RESOURCE_EXTENSION_CLASSES_CONFIG, ResourceExtension.class));
        this.resourceExtensions.forEach(resourceExtension -> {
            try {
                resourceExtension.register(resourceConfig, this);
            } catch (Exception e) {
                throw new RuntimeException("Exception throw by resource extension. ext:" + resourceExtension, e);
            }
        });
    }

    private void applyCustomConfiguration(ServletContextHandler servletContextHandler, String str) {
        getConfiguration().getConfiguredInstances(str, Consumer.class).forEach(consumer -> {
            try {
                consumer.accept(servletContextHandler);
            } catch (Exception e) {
                throw new RuntimeException("Exception from custom initializer. config:" + str + ", initializer" + consumer, e);
            }
        });
    }

    protected void configureSecurityHandler(ServletContextHandler servletContextHandler) {
        String string = this.config.getString(RestConfig.AUTHENTICATION_METHOD_CONFIG);
        if (enableBasicAuth(string)) {
            servletContextHandler.setSecurityHandler(createBasicSecurityHandler());
        } else if (enableBearerAuth(string)) {
            servletContextHandler.setSecurityHandler(createBearerSecurityHandler());
        }
    }

    private SslContextFactory createSslContextFactory() {
        SslContextFactory.Server server = new SslContextFactory.Server();
        if (!this.config.getString("ssl.keystore.location").isEmpty()) {
            server.setKeyStorePath(this.config.getString("ssl.keystore.location"));
            server.setKeyStorePassword(this.config.getPassword("ssl.keystore.password").value());
            server.setKeyManagerPassword(this.config.getPassword("ssl.key.password").value());
            server.setKeyStoreType(this.config.getString("ssl.keystore.type"));
            if (!this.config.getString("ssl.keymanager.algorithm").isEmpty()) {
                server.setKeyManagerFactoryAlgorithm(this.config.getString("ssl.keymanager.algorithm"));
            }
        }
        configureClientAuth(server);
        List<String> list = this.config.getList("ssl.enabled.protocols");
        if (!list.isEmpty()) {
            server.setIncludeProtocols((String[]) list.toArray(new String[0]));
        }
        List<String> list2 = this.config.getList("ssl.cipher.suites");
        if (!list2.isEmpty()) {
            server.setIncludeCipherSuites((String[]) list2.toArray(new String[0]));
        }
        server.setEndpointIdentificationAlgorithm(this.config.getString("ssl.endpoint.identification.algorithm"));
        if (!this.config.getString("ssl.truststore.location").isEmpty()) {
            server.setTrustStorePath(this.config.getString("ssl.truststore.location"));
            server.setTrustStorePassword(this.config.getPassword("ssl.truststore.password").value());
            server.setTrustStoreType(this.config.getString("ssl.truststore.type"));
            if (!this.config.getString("ssl.trustmanager.algorithm").isEmpty()) {
                server.setTrustManagerFactoryAlgorithm(this.config.getString("ssl.trustmanager.algorithm"));
            }
        }
        server.setProtocol(this.config.getString("ssl.protocol"));
        if (!this.config.getString("ssl.provider").isEmpty()) {
            server.setProtocol(this.config.getString("ssl.provider"));
        }
        server.setRenegotiationAllowed(false);
        return server;
    }

    private void configureClientAuth(SslContextFactory sslContextFactory) {
        String string = this.config.getString(RestConfig.SSL_CLIENT_AUTHENTICATION_CONFIG);
        if (this.config.originals().containsKey("ssl.client.auth")) {
            if (this.config.originals().containsKey(RestConfig.SSL_CLIENT_AUTHENTICATION_CONFIG)) {
                log.warn("The {} configuration is deprecated. Since a value has been supplied for the {} configuration, that will be used instead", "ssl.client.auth", RestConfig.SSL_CLIENT_AUTHENTICATION_CONFIG);
            } else {
                log.warn("The configuration {} is deprecated and should be replaced with {}", "ssl.client.auth", RestConfig.SSL_CLIENT_AUTHENTICATION_CONFIG);
                string = this.config.getBoolean("ssl.client.auth").booleanValue() ? RestConfig.SSL_CLIENT_AUTHENTICATION_REQUIRED : "NONE";
            }
        }
        String str = string;
        boolean z = -1;
        switch (str.hashCode()) {
            case -814438578:
                if (str.equals(RestConfig.SSL_CLIENT_AUTHENTICATION_REQUESTED)) {
                    z = true;
                    break;
                }
                break;
            case 2402104:
                if (str.equals("NONE")) {
                    z = 2;
                    break;
                }
                break;
            case 389487519:
                if (str.equals(RestConfig.SSL_CLIENT_AUTHENTICATION_REQUIRED)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                sslContextFactory.setNeedClientAuth(true);
                return;
            case true:
                sslContextFactory.setWantClientAuth(true);
                return;
            case true:
                return;
            default:
                throw new ConfigException("Unexpected value for {} configuration: {}", RestConfig.SSL_CLIENT_AUTHENTICATION_CONFIG, string);
        }
    }

    public Handler wrapWithGzipHandler(Handler handler) {
        if (!this.config.getBoolean(RestConfig.ENABLE_GZIP_COMPRESSION_CONFIG).booleanValue()) {
            return handler;
        }
        GzipHandler gzipHandler = new GzipHandler();
        gzipHandler.setIncludedMethods(HttpMethod.GET, HttpMethod.POST);
        gzipHandler.setHandler(handler);
        return gzipHandler;
    }

    protected void registerWebSocketEndpoints(ServerContainer serverContainer) {
    }

    static boolean enableBasicAuth(String str) {
        return "BASIC".equals(str);
    }

    static boolean enableBearerAuth(String str) {
        return RestConfig.AUTHENTICATION_METHOD_BEARER.equals(str);
    }

    protected LoginAuthenticator createAuthenticator() {
        getConfiguration().getString(RestConfig.AUTHENTICATION_REALM_CONFIG);
        String string = getConfiguration().getString(RestConfig.AUTHENTICATION_METHOD_CONFIG);
        if (enableBasicAuth(string)) {
            return new BasicAuthenticator();
        }
        if (enableBearerAuth(string)) {
            throw new UnsupportedOperationException("Must implement Application.createAuthenticator() when using 'authentication.method=BEARER'.");
        }
        return null;
    }

    protected LoginService createLoginService() {
        String string = getConfiguration().getString(RestConfig.AUTHENTICATION_REALM_CONFIG);
        String string2 = getConfiguration().getString(RestConfig.AUTHENTICATION_METHOD_CONFIG);
        if (enableBasicAuth(string2)) {
            return new JAASLoginService(string);
        }
        if (enableBearerAuth(string2)) {
            throw new UnsupportedOperationException("Must implement Application.createLoginService() when using 'authentication.method=BEARER'.");
        }
        return null;
    }

    protected IdentityService createIdentityService() {
        String string = getConfiguration().getString(RestConfig.AUTHENTICATION_METHOD_CONFIG);
        if (enableBasicAuth(string) || enableBearerAuth(string)) {
            return new DefaultIdentityService();
        }
        return null;
    }

    protected ConstraintSecurityHandler createBasicSecurityHandler() {
        return createSecurityHandler();
    }

    protected ConstraintSecurityHandler createBearerSecurityHandler() {
        return createSecurityHandler();
    }

    protected ConstraintSecurityHandler createSecurityHandler() {
        String string = getConfiguration().getString(RestConfig.AUTHENTICATION_REALM_CONFIG);
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        constraintSecurityHandler.addConstraintMapping(createGlobalAuthConstraint());
        constraintSecurityHandler.setAuthenticator(createAuthenticator());
        constraintSecurityHandler.setLoginService(createLoginService());
        constraintSecurityHandler.setIdentityService(createIdentityService());
        constraintSecurityHandler.setRealmName(string);
        List<ConstraintMapping> createUnsecuredConstraints = AuthUtil.createUnsecuredConstraints(this.config);
        constraintSecurityHandler.getClass();
        createUnsecuredConstraints.forEach(constraintSecurityHandler::addConstraintMapping);
        return constraintSecurityHandler;
    }

    protected ConstraintMapping createGlobalAuthConstraint() {
        return AuthUtil.createGlobalAuthConstraint(this.config);
    }

    public static List<URI> parseListeners(List<String> list, int i, List<String> list2, String str) {
        if (list.isEmpty() || list.get(0).isEmpty()) {
            log.warn("DEPRECATION warning: `listeners` configuration is not configured. Falling back to the deprecated `port` configuration.");
            list = new ArrayList(1);
            list.add(str + "://0.0.0.0:" + i);
        }
        ArrayList arrayList = new ArrayList(list.size());
        for (String str2 : list) {
            try {
                URI uri = new URI(str2);
                String scheme = uri.getScheme();
                if (scheme == null) {
                    throw new ConfigException("Found a listener without a scheme. All listeners must have a scheme. The listener without a scheme is: " + str2);
                }
                if (uri.getPort() == -1) {
                    throw new ConfigException("Found a listener without a port. All listeners must have a port. The listener without a port is: " + str2);
                }
                if (list2.contains(scheme)) {
                    arrayList.add(uri);
                } else {
                    log.warn("Found a listener with an unsupported scheme (supported: {}). Ignoring listener '{}'", list2, str2);
                }
            } catch (URISyntaxException e) {
                throw new ConfigException("Could not parse a listener URI from the `listener` configuration option.");
            }
        }
        if (arrayList.isEmpty()) {
            throw new ConfigException("No listeners are configured. Must have at least one listener.");
        }
        return arrayList;
    }

    public void configureBaseApplication(Configurable<?> configurable) {
        configureBaseApplication(configurable, null);
    }

    public void configureBaseApplication(Configurable<?> configurable, Map<String, String> map) {
        T configuration = getConfiguration();
        registerJsonProvider(configurable, configuration, true);
        registerFeatures(configurable, configuration);
        registerExceptionMappers(configurable, configuration);
        configurable.register2(new MetricsResourceMethodApplicationListener(this.metrics, "jersey", map, configuration.getTime()));
        configurable.property2(ServerProperties.BV_SEND_ERROR_IN_RESPONSE, true);
        configurable.property2(ServerProperties.WADL_FEATURE_DISABLE, true);
    }

    protected void registerJsonProvider(Configurable<?> configurable, T t, boolean z) {
        configurable.register2(new JacksonMessageBodyProvider(getJsonMapper()));
        if (z) {
            configurable.register(JsonParseExceptionMapper.class);
        }
    }

    protected void registerFeatures(Configurable<?> configurable, T t) {
        configurable.register(ValidationFeature.class);
    }

    protected void registerExceptionMappers(Configurable<?> configurable, T t) {
        configurable.register(ConstraintViolationExceptionMapper.class);
        configurable.register2(new WebApplicationExceptionMapper(t));
        configurable.register2(new GenericExceptionMapper(t));
    }

    public T getConfiguration() {
        return this.config;
    }

    protected ObjectMapper getJsonMapper() {
        return new ObjectMapper();
    }

    public void start() throws Exception {
        if (this.server == null) {
            createServer();
        }
        this.server.start();
    }

    public void join() throws InterruptedException {
        this.server.join();
        this.shutdownLatch.await();
    }

    public void stop() throws Exception {
        this.server.stop();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void doShutdown() {
        this.resourceExtensions.forEach(resourceExtension -> {
            try {
                resourceExtension.close();
            } catch (IOException e) {
                log.error("Error closing the extension resource. ext:" + resourceExtension, (Throwable) e);
            }
        });
        onShutdown();
    }

    public void onShutdown() {
    }
}
