package org.apache.nifi.processors.standard;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.servlet.Servlet;
import javax.ws.rs.Path;
import org.apache.nifi.annotation.behavior.InputRequirement;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.annotation.lifecycle.OnScheduled;
import org.apache.nifi.annotation.lifecycle.OnStopped;
import org.apache.nifi.annotation.notification.OnPrimaryNodeStateChange;
import org.apache.nifi.annotation.notification.PrimaryNodeState;
import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.processor.AbstractSessionFactoryProcessor;
import org.apache.nifi.processor.DataUnit;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.ProcessSessionFactory;
import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.processors.standard.relp.response.RELPResponse;
import org.apache.nifi.processors.standard.servlets.ContentAcknowledgmentServlet;
import org.apache.nifi.processors.standard.servlets.HealthCheckServlet;
import org.apache.nifi.processors.standard.servlets.ListenHTTPServlet;
import org.apache.nifi.scheduling.ExecutionNode;
import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.serialization.RecordReaderFactory;
import org.apache.nifi.serialization.RecordSetWriterFactory;
import org.apache.nifi.ssl.RestrictedSSLContextService;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.stream.io.LeakyBucketStreamThrottler;
import org.apache.nifi.stream.io.StreamThrottler;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;

@InputRequirement(InputRequirement.Requirement.INPUT_FORBIDDEN)
@CapabilityDescription("Starts an HTTP Server and listens on a given base path to transform incoming requests into FlowFiles. The default URI of the Service will be http://{hostname}:{port}/contentListener. Only HEAD and POST requests are supported. GET, PUT, and DELETE will result in an error and the HTTP response status code 405. GET is supported on <service_URI>/healthcheck. If the service is available, it returns \"200 OK\" with the content \"OK\". The health check functionality can be configured to be accessible via a different port. For details see the documentation of the \"Listening Port for health check requests\" property.A Record Reader and Record Writer property can be enabled on the processor to process incoming requests as records. Record processing is not allowed for multipart requests and request in FlowFileV3 format (minifi).")
@Tags({"ingest", InvokeHTTP.HTTP, InvokeHTTP.HTTPS, "rest", "listen"})
/* loaded from: input_file:org/apache/nifi/processors/standard/ListenHTTP.class */
public class ListenHTTP extends AbstractSessionFactoryProcessor {
    public static final String CONTEXT_ATTRIBUTE_PROCESSOR = "processor";
    public static final String CONTEXT_ATTRIBUTE_LOGGER = "logger";
    public static final String CONTEXT_ATTRIBUTE_SESSION_FACTORY_HOLDER = "sessionFactoryHolder";
    public static final String CONTEXT_ATTRIBUTE_PROCESS_CONTEXT_HOLDER = "processContextHolder";
    public static final String CONTEXT_ATTRIBUTE_AUTHORITY_PATTERN = "authorityPattern";
    public static final String CONTEXT_ATTRIBUTE_AUTHORITY_ISSUER_PATTERN = "authorityIssuerPattern";
    public static final String CONTEXT_ATTRIBUTE_HEADER_PATTERN = "headerPattern";
    public static final String CONTEXT_ATTRIBUTE_FLOWFILE_MAP = "flowFileMap";
    public static final String CONTEXT_ATTRIBUTE_STREAM_THROTTLER = "streamThrottler";
    public static final String CONTEXT_ATTRIBUTE_BASE_PATH = "basePath";
    public static final String CONTEXT_ATTRIBUTE_RETURN_CODE = "returnCode";
    public static final String CONTEXT_ATTRIBUTE_MULTIPART_REQUEST_MAX_SIZE = "multipartRequestMaxSize";
    public static final String CONTEXT_ATTRIBUTE_MULTIPART_READ_BUFFER_SIZE = "multipartReadBufferSize";
    public static final String CONTEXT_ATTRIBUTE_PORT = "port";
    public static final Relationship RELATIONSHIP_SUCCESS = new Relationship.Builder().name("success").description("Relationship for successfully received FlowFiles").build();
    public static final PropertyDescriptor BASE_PATH = new PropertyDescriptor.Builder().name("Base Path").description("Base path for incoming connections").required(true).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).defaultValue("contentListener").addValidator(StandardValidators.URI_VALIDATOR).addValidator(StandardValidators.createRegexMatchingValidator(Pattern.compile("(^[^/]+.*[^/]+$|^[^/]+$|^$)"))).build();
    public static final PropertyDescriptor PORT = new PropertyDescriptor.Builder().name("Listening Port").description("The Port to listen on for incoming connections").required(true).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).addValidator(StandardValidators.POSITIVE_INTEGER_VALIDATOR).build();
    public static final PropertyDescriptor HEALTH_CHECK_PORT = new PropertyDescriptor.Builder().name("health-check-port").displayName("Listening Port for Health Check Requests").description("The port to listen on for incoming health check requests. If set, it must be different from the Listening Port. Configure this port if the processor is set to use two-way SSL and a load balancer that does not support client authentication for health check requests is used. Only /<base_path>/healthcheck service is available via this port and only GET and HEAD requests are supported. If the processor is set not to use SSL, SSL will not be used on this port, either. If the processor is set to use one-way SSL, one-way SSL will be used on this port. If the processor is set to use two-way SSL, one-way SSL will be used on this port (client authentication not required).").required(false).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).addValidator(StandardValidators.PORT_VALIDATOR).build();
    private static final String MATCH_ALL = ".*";
    public static final PropertyDescriptor AUTHORIZED_DN_PATTERN = new PropertyDescriptor.Builder().name("Authorized DN Pattern").displayName("Authorized Subject DN Pattern").description("A Regular Expression to apply against the Subject's Distinguished Name of incoming connections. If the Pattern does not match the Subject DN, the the processor will respond with a status of HTTP 403 Forbidden.").required(true).defaultValue(MATCH_ALL).addValidator(StandardValidators.REGULAR_EXPRESSION_VALIDATOR).build();
    public static final PropertyDescriptor AUTHORIZED_ISSUER_DN_PATTERN = new PropertyDescriptor.Builder().name("authorized-issuer-dn-pattern").displayName("Authorized Issuer DN Pattern").description("A Regular Expression to apply against the Issuer's Distinguished Name of incoming connections. If the Pattern does not match the Issuer DN, the processor will respond with a status of HTTP 403 Forbidden.").required(false).defaultValue(MATCH_ALL).addValidator(StandardValidators.REGULAR_EXPRESSION_VALIDATOR).build();
    public static final PropertyDescriptor MAX_UNCONFIRMED_TIME = new PropertyDescriptor.Builder().name("Max Unconfirmed Flowfile Time").description("The maximum amount of time to wait for a FlowFile to be confirmed before it is removed from the cache").required(true).defaultValue("60 secs").addValidator(StandardValidators.TIME_PERIOD_VALIDATOR).build();
    public static final PropertyDescriptor MAX_DATA_RATE = new PropertyDescriptor.Builder().name("Max Data to Receive per Second").description("The maximum amount of data to receive per second; this allows the bandwidth to be throttled to a specified data rate; if not specified, the data rate is not throttled").required(false).addValidator(StandardValidators.DATA_SIZE_VALIDATOR).build();
    public static final PropertyDescriptor SSL_CONTEXT_SERVICE = new PropertyDescriptor.Builder().name("SSL Context Service").description("The Controller Service to use in order to obtain an SSL Context").required(false).identifiesControllerService(RestrictedSSLContextService.class).build();
    public static final PropertyDescriptor HEADERS_AS_ATTRIBUTES_REGEX = new PropertyDescriptor.Builder().name("HTTP Headers to receive as Attributes (Regex)").description("Specifies the Regular Expression that determines the names of HTTP Headers that should be passed along as FlowFile attributes").addValidator(StandardValidators.REGULAR_EXPRESSION_VALIDATOR).required(false).build();
    public static final PropertyDescriptor RETURN_CODE = new PropertyDescriptor.Builder().name("Return Code").description("The HTTP return code returned after every HTTP call").defaultValue(String.valueOf(RELPResponse.OK)).addValidator(StandardValidators.NON_NEGATIVE_INTEGER_VALIDATOR).build();
    public static final PropertyDescriptor MULTIPART_REQUEST_MAX_SIZE = new PropertyDescriptor.Builder().name("multipart-request-max-size").displayName("Multipart Request Max Size").description("The max size of the request. Only applies for requests with Content-Type: multipart/form-data, and is used to prevent denial of service type of attacks, to prevent filling up the heap or disk space").required(true).addValidator(StandardValidators.DATA_SIZE_VALIDATOR).defaultValue("1 MB").build();
    public static final PropertyDescriptor MULTIPART_READ_BUFFER_SIZE = new PropertyDescriptor.Builder().name("multipart-read-buffer-size").displayName("Multipart Read Buffer Size").description("The threshold size, at which the contents of an incoming file would be written to disk. Only applies for requests with Content-Type: multipart/form-data. It is used to prevent denial of service type of attacks, to prevent filling up the heap or disk space.").required(true).addValidator(StandardValidators.DATA_SIZE_VALIDATOR).defaultValue("512 KB").build();
    public static final PropertyDescriptor CLIENT_AUTHENTICATION = new PropertyDescriptor.Builder().name("client-authentication").displayName("Client Authentication").description("Client Authentication policy for TLS connections. Required when SSL Context Service configured.").required(false).allowableValues((AllowableValue[]) ((List) Arrays.stream(ClientAuthentication.values()).map((v0) -> {
        return v0.getAllowableValue();
    }).collect(Collectors.toList())).toArray(new AllowableValue[0])).defaultValue(ClientAuthentication.AUTO.name()).dependsOn(SSL_CONTEXT_SERVICE, new AllowableValue[0]).build();
    public static final PropertyDescriptor MAX_THREAD_POOL_SIZE = new PropertyDescriptor.Builder().name("max-thread-pool-size").displayName("Maximum Thread Pool Size").description("The maximum number of threads to be used by the embedded Jetty server. The value can be set between 8 and 1000. The value of this property affects the performance of the flows and the operating system, therefore the default value should only be changed in justified cases. A value that is less than the default value may be suitable if only a small number of HTTP clients connect to the server. A greater value may be suitable if a large number of HTTP clients are expected to make requests to the server simultaneously.").required(true).addValidator(StandardValidators.createLongValidator(8, 1000, true)).defaultValue("200").build();
    public static final PropertyDescriptor RECORD_READER = new PropertyDescriptor.Builder().name("record-reader").displayName("Record Reader").description("The Record Reader to use parsing the incoming FlowFile into Records").required(false).identifiesControllerService(RecordReaderFactory.class).build();
    public static final PropertyDescriptor RECORD_WRITER = new PropertyDescriptor.Builder().name("record-writer").displayName("Record Writer").description("The Record Writer to use for serializing Records after they have been transformed").required(true).identifiesControllerService(RecordSetWriterFactory.class).dependsOn(RECORD_READER, new AllowableValue[0]).build();
    protected static final List<PropertyDescriptor> PROPERTIES = Collections.unmodifiableList(Arrays.asList(BASE_PATH, PORT, HEALTH_CHECK_PORT, MAX_DATA_RATE, SSL_CONTEXT_SERVICE, CLIENT_AUTHENTICATION, AUTHORIZED_DN_PATTERN, AUTHORIZED_ISSUER_DN_PATTERN, MAX_UNCONFIRMED_TIME, HEADERS_AS_ATTRIBUTES_REGEX, RETURN_CODE, MULTIPART_REQUEST_MAX_SIZE, MULTIPART_READ_BUFFER_SIZE, MAX_THREAD_POOL_SIZE, RECORD_READER, RECORD_WRITER));
    private static final Set<Relationship> RELATIONSHIPS = Collections.unmodifiableSet(new HashSet(Collections.singletonList(RELATIONSHIP_SUCCESS)));
    private final AtomicBoolean initialized = new AtomicBoolean(false);
    private final AtomicBoolean runOnPrimary = new AtomicBoolean(false);
    private volatile Server server = null;
    private final ConcurrentMap<String, FlowFileEntryTimeWrapper> flowFileMap = new ConcurrentHashMap();
    private final AtomicReference<ProcessSessionFactory> sessionFactoryReference = new AtomicReference<>();
    private final AtomicReference<StreamThrottler> throttlerRef = new AtomicReference<>();

    /* loaded from: input_file:org/apache/nifi/processors/standard/ListenHTTP$ClientAuthentication.class */
    public enum ClientAuthentication {
        AUTO("Inferred based on SSL Context Service properties. The presence of Trust Store properties implies REQUIRED, otherwise NONE is configured."),
        WANT(ClientAuth.WANT.getDescription()),
        REQUIRED(ClientAuth.REQUIRED.getDescription()),
        NONE(ClientAuth.NONE.getDescription());

        private final String description;

        ClientAuthentication(String str) {
            this.description = str;
        }

        public String getDescription() {
            return this.description;
        }

        public AllowableValue getAllowableValue() {
            return new AllowableValue(name(), name(), this.description);
        }
    }

    /* loaded from: input_file:org/apache/nifi/processors/standard/ListenHTTP$FlowFileEntryTimeWrapper.class */
    public static class FlowFileEntryTimeWrapper {
        private final Set<FlowFile> flowFiles;
        private final long entryTime;
        private final ProcessSession session;
        private final String clientIP;

        public FlowFileEntryTimeWrapper(ProcessSession processSession, Set<FlowFile> set, long j, String str) {
            this.flowFiles = set;
            this.entryTime = j;
            this.session = processSession;
            this.clientIP = str;
        }

        public Set<FlowFile> getFlowFiles() {
            return this.flowFiles;
        }

        public long getEntryTime() {
            return this.entryTime;
        }

        public ProcessSession getSession() {
            return this.session;
        }

        public String getClientIP() {
            return this.clientIP;
        }
    }

    protected Collection<ValidationResult> customValidate(ValidationContext validationContext) {
        ArrayList arrayList = new ArrayList(super.customValidate(validationContext));
        validatePortsAreNotEqual(validationContext, arrayList);
        return arrayList;
    }

    private void validatePortsAreNotEqual(ValidationContext validationContext, Collection<ValidationResult> collection) {
        Integer asInteger = validationContext.getProperty(HEALTH_CHECK_PORT).evaluateAttributeExpressions().asInteger();
        if (asInteger == null || !validationContext.getProperty(PORT).evaluateAttributeExpressions().asInteger().equals(asInteger)) {
            return;
        }
        collection.add(createValidationResult(HEALTH_CHECK_PORT.getDisplayName(), String.format("'%s' and '%s' cannot have the same value.", PORT.getDisplayName(), HEALTH_CHECK_PORT.getDisplayName())));
    }

    private ValidationResult createValidationResult(String str, String str2) {
        return new ValidationResult.Builder().subject(str).valid(false).explanation(str2).build();
    }

    public Set<Relationship> getRelationships() {
        return RELATIONSHIPS;
    }

    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return PROPERTIES;
    }

    @OnStopped
    public void shutdownHttpServer() {
        StreamThrottler andSet = this.throttlerRef.getAndSet(null);
        if (andSet != null) {
            try {
                andSet.close();
            } catch (IOException e) {
                getLogger().error("Failed to close StreamThrottler", e);
            }
        }
        Server server = this.server;
        if (server == null) {
            return;
        }
        shutdownHttpServer(server);
    }

    Server getServer() {
        return this.server;
    }

    private void shutdownHttpServer(Server server) {
        try {
            server.stop();
            server.destroy();
            clearInit();
        } catch (Exception e) {
            getLogger().warn("unable to cleanly shutdown embedded server due to {}", new Object[]{e});
            this.server = null;
        }
    }

    private synchronized void createHttpServerFromService(ProcessContext processContext) throws Exception {
        if (this.initialized.get()) {
            return;
        }
        this.runOnPrimary.set(processContext.getExecutionNode().equals(ExecutionNode.PRIMARY));
        String value = processContext.getProperty(BASE_PATH).evaluateAttributeExpressions().getValue();
        SSLContextService sSLContextService = (SSLContextService) processContext.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
        Double asDataSize = processContext.getProperty(MAX_DATA_RATE).asDataSize(DataUnit.B);
        LeakyBucketStreamThrottler leakyBucketStreamThrottler = asDataSize == null ? null : new LeakyBucketStreamThrottler(asDataSize.intValue());
        int intValue = processContext.getProperty(RETURN_CODE).asInteger().intValue();
        long longValue = processContext.getProperty(MULTIPART_REQUEST_MAX_SIZE).asDataSize(DataUnit.B).longValue();
        int intValue2 = processContext.getProperty(MULTIPART_READ_BUFFER_SIZE).asDataSize(DataUnit.B).intValue();
        int intValue3 = processContext.getProperty(MAX_THREAD_POOL_SIZE).asInteger().intValue();
        this.throttlerRef.set(leakyBucketStreamThrottler);
        boolean z = sSLContextService != null;
        ClientAuthentication clientAuthentication = getClientAuthentication(sSLContextService, processContext.getProperty(CLIENT_AUTHENTICATION));
        QueuedThreadPool queuedThreadPool = new QueuedThreadPool(intValue3);
        queuedThreadPool.setName(String.format("%s (%s) Web Server", getClass().getSimpleName(), getIdentifier()));
        Server server = new Server(queuedThreadPool);
        int intValue4 = processContext.getProperty(PORT).evaluateAttributeExpressions().asInteger().intValue();
        server.addConnector(createServerConnector(server, intValue4, sSLContextService, z, clientAuthentication));
        Integer asInteger = processContext.getProperty(HEALTH_CHECK_PORT).evaluateAttributeExpressions().asInteger();
        if (asInteger != null) {
            server.addConnector(createServerConnector(server, asInteger.intValue(), sSLContextService, z, ClientAuthentication.NONE));
        }
        ServletContextHandler servletContextHandler = new ServletContextHandler(server, "/", true, z);
        for (Class<? extends Servlet> cls : getServerClasses()) {
            Path annotation = cls.getAnnotation(Path.class);
            if (!value.isEmpty() || annotation.value().isEmpty()) {
                servletContextHandler.addServlet(cls, "/" + value + annotation.value());
            } else {
                servletContextHandler.addServlet(cls, annotation.value());
            }
        }
        servletContextHandler.setAttribute(CONTEXT_ATTRIBUTE_PROCESSOR, this);
        servletContextHandler.setAttribute(CONTEXT_ATTRIBUTE_LOGGER, getLogger());
        servletContextHandler.setAttribute(CONTEXT_ATTRIBUTE_SESSION_FACTORY_HOLDER, this.sessionFactoryReference);
        servletContextHandler.setAttribute(CONTEXT_ATTRIBUTE_PROCESS_CONTEXT_HOLDER, processContext);
        servletContextHandler.setAttribute(CONTEXT_ATTRIBUTE_FLOWFILE_MAP, this.flowFileMap);
        servletContextHandler.setAttribute(CONTEXT_ATTRIBUTE_AUTHORITY_PATTERN, Pattern.compile(processContext.getProperty(AUTHORIZED_DN_PATTERN).getValue()));
        servletContextHandler.setAttribute(CONTEXT_ATTRIBUTE_AUTHORITY_ISSUER_PATTERN, Pattern.compile(processContext.getProperty(AUTHORIZED_ISSUER_DN_PATTERN).isSet() ? processContext.getProperty(AUTHORIZED_ISSUER_DN_PATTERN).getValue() : MATCH_ALL));
        servletContextHandler.setAttribute(CONTEXT_ATTRIBUTE_STREAM_THROTTLER, leakyBucketStreamThrottler);
        servletContextHandler.setAttribute(CONTEXT_ATTRIBUTE_BASE_PATH, value);
        servletContextHandler.setAttribute(CONTEXT_ATTRIBUTE_RETURN_CODE, Integer.valueOf(intValue));
        servletContextHandler.setAttribute(CONTEXT_ATTRIBUTE_MULTIPART_REQUEST_MAX_SIZE, Long.valueOf(longValue));
        servletContextHandler.setAttribute(CONTEXT_ATTRIBUTE_MULTIPART_READ_BUFFER_SIZE, Integer.valueOf(intValue2));
        servletContextHandler.setAttribute(CONTEXT_ATTRIBUTE_PORT, Integer.valueOf(intValue4));
        if (processContext.getProperty(HEADERS_AS_ATTRIBUTES_REGEX).isSet()) {
            servletContextHandler.setAttribute(CONTEXT_ATTRIBUTE_HEADER_PATTERN, Pattern.compile(processContext.getProperty(HEADERS_AS_ATTRIBUTES_REGEX).getValue()));
        }
        try {
            server.start();
            this.server = server;
            this.initialized.set(true);
        } catch (Exception e) {
            shutdownHttpServer(server);
            throw e;
        }
    }

    private ClientAuthentication getClientAuthentication(SSLContextService sSLContextService, PropertyValue propertyValue) {
        ClientAuthentication clientAuthentication = ClientAuthentication.NONE;
        if (propertyValue.isSet()) {
            clientAuthentication = ClientAuthentication.valueOf(propertyValue.getValue());
            boolean z = sSLContextService != null && sSLContextService.isTrustStoreConfigured();
            if (ClientAuthentication.AUTO.equals(clientAuthentication) && z) {
                clientAuthentication = ClientAuthentication.REQUIRED;
                getLogger().debug("Client Authentication REQUIRED from SSLContextService Trust Store configuration");
            }
        }
        return clientAuthentication;
    }

    private ServerConnector createServerConnector(Server server, int i, SSLContextService sSLContextService, boolean z, ClientAuthentication clientAuthentication) {
        ServerConnector serverConnector;
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        if (z) {
            httpConfiguration.setSecureScheme(InvokeHTTP.HTTPS);
            httpConfiguration.setSecurePort(i);
            httpConfiguration.addCustomizer(new SecureRequestCustomizer());
            serverConnector = new ServerConnector(server, new ConnectionFactory[]{new SslConnectionFactory(createSslContextFactory(sSLContextService, clientAuthentication), "http/1.1"), new HttpConnectionFactory(httpConfiguration)});
        } else {
            serverConnector = new ServerConnector(server, new ConnectionFactory[]{new HttpConnectionFactory(httpConfiguration)});
        }
        serverConnector.setPort(i);
        return serverConnector;
    }

    private SslContextFactory createSslContextFactory(SSLContextService sSLContextService, ClientAuthentication clientAuthentication) {
        SslContextFactory.Server server = new SslContextFactory.Server();
        server.setSslContext(sSLContextService.createContext());
        server.setIncludeProtocols(sSLContextService.createTlsConfiguration().getEnabledProtocols());
        if (ClientAuthentication.REQUIRED.equals(clientAuthentication)) {
            server.setNeedClientAuth(true);
        } else if (ClientAuthentication.WANT.equals(clientAuthentication)) {
            server.setWantClientAuth(true);
        }
        return server;
    }

    @OnScheduled
    public void clearInit() {
        this.initialized.set(false);
    }

    protected Set<Class<? extends Servlet>> getServerClasses() {
        HashSet hashSet = new HashSet();
        hashSet.add(ListenHTTPServlet.class);
        hashSet.add(ContentAcknowledgmentServlet.class);
        hashSet.add(HealthCheckServlet.class);
        return hashSet;
    }

    private Set<String> findOldFlowFileIds(ProcessContext processContext) {
        HashSet hashSet = new HashSet();
        long currentTimeMillis = System.currentTimeMillis() - processContext.getProperty(MAX_UNCONFIRMED_TIME).asTimePeriod(TimeUnit.MILLISECONDS).longValue();
        for (Map.Entry<String, FlowFileEntryTimeWrapper> entry : this.flowFileMap.entrySet()) {
            FlowFileEntryTimeWrapper value = entry.getValue();
            if (value != null && value.getEntryTime() < currentTimeMillis) {
                hashSet.add(entry.getKey());
            }
        }
        return hashSet;
    }

    public void onTrigger(ProcessContext processContext, ProcessSessionFactory processSessionFactory) throws ProcessException {
        try {
            if (!this.initialized.get()) {
                createHttpServerFromService(processContext);
            }
            this.sessionFactoryReference.compareAndSet(null, processSessionFactory);
            for (String str : findOldFlowFileIds(processContext)) {
                FlowFileEntryTimeWrapper remove = this.flowFileMap.remove(str);
                if (remove != null) {
                    getLogger().warn("failed to received acknowledgment for HOLD with ID {} sent by {}; rolling back session", new Object[]{str, remove.getClientIP()});
                    remove.session.rollback();
                }
            }
            processContext.yield();
        } catch (Exception e) {
            getLogger().warn("Failed to start http server during initialization: " + e);
            processContext.yield();
            throw new ProcessException("Failed to initialize the server", e);
        }
    }

    @OnPrimaryNodeStateChange
    public void onPrimaryNodeChange(PrimaryNodeState primaryNodeState) {
        if (this.runOnPrimary.get() && primaryNodeState.equals(PrimaryNodeState.PRIMARY_NODE_REVOKED)) {
            try {
                shutdownHttpServer();
            } catch (Exception e) {
                getLogger().warn("Processor is configured to run only on Primary Node, but failed to shutdown HTTP server following revocation of primary node status due to {}", e);
            }
        }
    }
}
