package org.graylog2.shared.initializers;

import com.codahale.metrics.InstrumentedExecutorService;
import com.codahale.metrics.MetricRegistry;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.jaxrs.json.JacksonJaxbJsonProvider;
import com.google.common.base.MoreObjects;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableMap;
import com.google.common.net.HostAndPort;
import com.google.common.util.concurrent.AbstractIdleService;
import com.google.common.util.concurrent.ThreadFactoryBuilder;
import java.io.IOException;
import java.net.URI;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.stream.Collectors;
import javax.inject.Inject;
import javax.inject.Named;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.container.DynamicFeature;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.ext.ContextResolver;
import javax.ws.rs.ext.ExceptionMapper;
import org.glassfish.grizzly.http.CompressionConfig;
import org.glassfish.grizzly.http.server.ErrorPageGenerator;
import org.glassfish.grizzly.http.server.HttpServer;
import org.glassfish.grizzly.http.server.NetworkListener;
import org.glassfish.grizzly.ssl.SSLContextConfigurator;
import org.glassfish.grizzly.ssl.SSLEngineConfigurator;
import org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpServerFactory;
import org.glassfish.jersey.media.multipart.MultiPartFeature;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.server.model.Resource;
import org.graylog.security.UserContextBinder;
import org.graylog2.audit.PluginAuditEventTypes;
import org.graylog2.audit.jersey.AuditEventModelProcessor;
import org.graylog2.configuration.HttpConfiguration;
import org.graylog2.configuration.TLSProtocolsConfiguration;
import org.graylog2.jersey.PrefixAddingModelProcessor;
import org.graylog2.log4j.MemoryLimitedCompressingFifoRingBuffer;
import org.graylog2.plugin.inputs.MessageInput;
import org.graylog2.plugin.rest.PluginRestResource;
import org.graylog2.rest.MoreMediaTypes;
import org.graylog2.rest.resources.system.SlidingExpirationCookieFilter;
import org.graylog2.shared.rest.CORSFilter;
import org.graylog2.shared.rest.ContentTypeOptionFilter;
import org.graylog2.shared.rest.EmbeddingControlFilter;
import org.graylog2.shared.rest.NodeIdResponseFilter;
import org.graylog2.shared.rest.NotAuthorizedResponseFilter;
import org.graylog2.shared.rest.OptionalResponseFilter;
import org.graylog2.shared.rest.PrintModelProcessor;
import org.graylog2.shared.rest.RequestIdFilter;
import org.graylog2.shared.rest.RestAccessLogFilter;
import org.graylog2.shared.rest.VerboseCsrfProtectionFilter;
import org.graylog2.shared.rest.XHRFilter;
import org.graylog2.shared.rest.exceptionmappers.AnyExceptionClassMapper;
import org.graylog2.shared.rest.exceptionmappers.BadRequestExceptionMapper;
import org.graylog2.shared.rest.exceptionmappers.JacksonPropertyExceptionMapper;
import org.graylog2.shared.rest.exceptionmappers.JsonMappingExceptionMapper;
import org.graylog2.shared.rest.exceptionmappers.JsonProcessingExceptionMapper;
import org.graylog2.shared.rest.exceptionmappers.MissingStreamPermissionExceptionMapper;
import org.graylog2.shared.rest.exceptionmappers.WebApplicationExceptionMapper;
import org.graylog2.shared.security.ShiroRequestHeadersBinder;
import org.graylog2.shared.security.ShiroSecurityContextFilter;
import org.graylog2.shared.security.tls.KeyStoreUtils;
import org.graylog2.shared.security.tls.PemKeyStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog2/shared/initializers/JerseyService.class */
public class JerseyService extends AbstractIdleService {
    public static final String PLUGIN_PREFIX = "/plugins";
    private static final Logger LOG = LoggerFactory.getLogger(JerseyService.class);
    private static final String RESOURCE_PACKAGE_WEB = "org.graylog2.web.resources";
    private final HttpConfiguration configuration;
    private final Set<Class<?>> systemRestResources;
    private final Map<String, Set<Class<? extends PluginRestResource>>> pluginRestResources;
    private final Set<Class<? extends DynamicFeature>> dynamicFeatures;
    private final Set<Class<? extends ContainerResponseFilter>> containerResponseFilters;
    private final Set<Class<? extends ExceptionMapper>> exceptionMappers;
    private final Set<Class> additionalComponents;
    private final Set<PluginAuditEventTypes> pluginAuditEventTypes;
    private final ObjectMapper objectMapper;
    private final MetricRegistry metricRegistry;
    private final ErrorPageGenerator errorPageGenerator;
    private final TLSProtocolsConfiguration tlsConfiguration;
    private HttpServer apiHttpServer = null;

    @Inject
    public JerseyService(HttpConfiguration httpConfiguration, Set<Class<? extends DynamicFeature>> set, Set<Class<? extends ContainerResponseFilter>> set2, Set<Class<? extends ExceptionMapper>> set3, @Named("additionalJerseyComponents") Set<Class> set4, @Named("systemRestResources") Set<Class<?>> set5, Map<String, Set<Class<? extends PluginRestResource>>> map, Set<PluginAuditEventTypes> set6, ObjectMapper objectMapper, MetricRegistry metricRegistry, ErrorPageGenerator errorPageGenerator, TLSProtocolsConfiguration tLSProtocolsConfiguration) {
        this.configuration = (HttpConfiguration) Objects.requireNonNull(httpConfiguration, MessageInput.FIELD_CONFIGURATION);
        this.dynamicFeatures = (Set) Objects.requireNonNull(set, "dynamicFeatures");
        this.containerResponseFilters = (Set) Objects.requireNonNull(set2, "containerResponseFilters");
        this.exceptionMappers = (Set) Objects.requireNonNull(set3, "exceptionMappers");
        this.additionalComponents = (Set) Objects.requireNonNull(set4, "additionalComponents");
        this.systemRestResources = set5;
        this.pluginRestResources = (Map) Objects.requireNonNull(map, "pluginResources");
        this.pluginAuditEventTypes = (Set) Objects.requireNonNull(set6, "pluginAuditEventTypes");
        this.objectMapper = (ObjectMapper) Objects.requireNonNull(objectMapper, "objectMapper");
        this.metricRegistry = (MetricRegistry) Objects.requireNonNull(metricRegistry, "metricRegistry");
        this.errorPageGenerator = (ErrorPageGenerator) Objects.requireNonNull(errorPageGenerator, "errorPageGenerator");
        this.tlsConfiguration = (TLSProtocolsConfiguration) Objects.requireNonNull(tLSProtocolsConfiguration);
    }

    protected void startUp() throws Exception {
        System.setProperty("org.glassfish.grizzly.DEFAULT_MEMORY_MANAGER", "org.glassfish.grizzly.memory.HeapMemoryManager");
        startUpApi();
    }

    protected void shutDown() throws Exception {
        shutdownHttpServer(this.apiHttpServer, this.configuration.getHttpBindAddress());
    }

    private void shutdownHttpServer(HttpServer httpServer, HostAndPort hostAndPort) {
        if (httpServer == null || !httpServer.isStarted()) {
            return;
        }
        LOG.info("Shutting down HTTP listener at <{}>", hostAndPort);
        httpServer.shutdownNow();
    }

    private void startUpApi() throws Exception {
        Set<Resource> prefixPluginResources = prefixPluginResources(PLUGIN_PREFIX, this.pluginRestResources);
        SSLEngineConfigurator buildSslEngineConfigurator = this.configuration.isHttpEnableTls() ? buildSslEngineConfigurator(this.configuration.getHttpTlsCertFile(), this.configuration.getHttpTlsKeyFile(), this.configuration.getHttpTlsKeyPassword()) : null;
        HostAndPort httpBindAddress = this.configuration.getHttpBindAddress();
        String path = this.configuration.getHttpPublishUri().getPath();
        this.apiHttpServer = setUp(new URI(this.configuration.getUriScheme(), null, httpBindAddress.getHost(), httpBindAddress.getPort(), Strings.isNullOrEmpty(path) ? "/" : path, null, null), buildSslEngineConfigurator, this.configuration.getHttpThreadPoolSize(), this.configuration.getHttpSelectorRunnersCount(), this.configuration.getHttpMaxHeaderSize(), this.configuration.isHttpEnableGzip(), this.configuration.isHttpEnableCors(), prefixPluginResources);
        this.apiHttpServer.start();
        LOG.info("Started REST API at <{}>", this.configuration.getHttpBindAddress());
    }

    private Set<Resource> prefixPluginResources(String str, Map<String, Set<Class<? extends PluginRestResource>>> map) {
        return (Set) map.entrySet().stream().map(entry -> {
            return prefixResources(str + "/" + ((String) entry.getKey()), (Set) entry.getValue());
        }).flatMap((v0) -> {
            return v0.stream();
        }).collect(Collectors.toSet());
    }

    private <T> Set<Resource> prefixResources(String str, Set<Class<? extends T>> set) {
        String substring = str.endsWith("/") ? str.substring(0, str.length() - 1) : str;
        return (Set) set.stream().map(cls -> {
            String nullToEmpty = Strings.nullToEmpty(Resource.getPath(cls).value());
            return Resource.builder(cls).path(nullToEmpty.startsWith("/") ? substring + nullToEmpty : substring + "/" + nullToEmpty).build();
        }).collect(Collectors.toSet());
    }

    private ResourceConfig buildResourceConfig(boolean z, Set<Resource> set) {
        ResourceConfig registerResources = new ResourceConfig().property("jersey.config.beanValidation.enableOutputValidationErrorEntity.server", true).property("jersey.config.server.wadl.disableWadl", true).property("jersey.config.server.mediaTypeMappings", mediaTypeMappings()).register(new PrefixAddingModelProcessor(ImmutableMap.of(RESOURCE_PACKAGE_WEB, "", "", HttpConfiguration.PATH_API))).register(new AuditEventModelProcessor(this.pluginAuditEventTypes)).registerClasses(new Class[]{ShiroSecurityContextFilter.class, ShiroRequestHeadersBinder.class, VerboseCsrfProtectionFilter.class, JacksonJaxbJsonProvider.class, JsonProcessingExceptionMapper.class, JsonMappingExceptionMapper.class, JacksonPropertyExceptionMapper.class, AnyExceptionClassMapper.class, MissingStreamPermissionExceptionMapper.class, WebApplicationExceptionMapper.class, BadRequestExceptionMapper.class, RestAccessLogFilter.class, NodeIdResponseFilter.class, RequestIdFilter.class, XHRFilter.class, NotAuthorizedResponseFilter.class, EmbeddingControlFilter.class, OptionalResponseFilter.class, ContentTypeOptionFilter.class, SlidingExpirationCookieFilter.class}).register(new ContextResolver<ObjectMapper>() { // from class: org.graylog2.shared.initializers.JerseyService.1
            public ObjectMapper getContext(Class<?> cls) {
                return JerseyService.this.objectMapper;
            }

            /* renamed from: getContext, reason: collision with other method in class */
            public /* bridge */ /* synthetic */ Object m1232getContext(Class cls) {
                return getContext((Class<?>) cls);
            }
        }).register(new UserContextBinder()).register(MultiPartFeature.class).registerClasses(this.systemRestResources).registerResources(set);
        Set<Class<? extends ExceptionMapper>> set2 = this.exceptionMappers;
        Objects.requireNonNull(registerResources);
        set2.forEach(cls -> {
            registerResources.registerClasses(new Class[]{cls});
        });
        Set<Class<? extends DynamicFeature>> set3 = this.dynamicFeatures;
        Objects.requireNonNull(registerResources);
        set3.forEach(cls2 -> {
            registerResources.registerClasses(new Class[]{cls2});
        });
        Set<Class<? extends ContainerResponseFilter>> set4 = this.containerResponseFilters;
        Objects.requireNonNull(registerResources);
        set4.forEach(cls3 -> {
            registerResources.registerClasses(new Class[]{cls3});
        });
        Set<Class> set5 = this.additionalComponents;
        Objects.requireNonNull(registerResources);
        set5.forEach(cls4 -> {
            registerResources.registerClasses(new Class[]{cls4});
        });
        if (z) {
            LOG.info("Enabling CORS for HTTP endpoint");
            registerResources.registerClasses(new Class[]{CORSFilter.class});
        }
        if (LOG.isDebugEnabled()) {
            registerResources.registerClasses(new Class[]{PrintModelProcessor.class});
        }
        return registerResources;
    }

    private Map<String, MediaType> mediaTypeMappings() {
        return ImmutableMap.of("json", MediaType.APPLICATION_JSON_TYPE, "ndjson", MoreMediaTypes.APPLICATION_NDJSON_TYPE, "csv", MoreMediaTypes.TEXT_CSV_TYPE, "log", MoreMediaTypes.TEXT_PLAIN_TYPE, "gelf-ndjson", MoreMediaTypes.APPLICATION_NDGELF_TYPE);
    }

    private HttpServer setUp(URI uri, SSLEngineConfigurator sSLEngineConfigurator, int i, int i2, int i3, boolean z, boolean z2, Set<Resource> set) {
        HttpServer createHttpServer = GrizzlyHttpServerFactory.createHttpServer(uri, buildResourceConfig(z2, set), sSLEngineConfigurator != null, sSLEngineConfigurator, false);
        NetworkListener listener = createHttpServer.getListener("grizzly");
        listener.setMaxHttpHeaderSize(i3);
        listener.getTransport().setWorkerThreadPool(instrumentedExecutor("http-worker-executor", "http-worker-%d", i));
        listener.getTransport().setSelectorRunnersCount(i2);
        listener.setDefaultErrorPageGenerator(this.errorPageGenerator);
        if (z) {
            CompressionConfig compressionConfig = listener.getCompressionConfig();
            compressionConfig.setCompressionMode(CompressionConfig.CompressionMode.ON);
            compressionConfig.setCompressionMinSize(MemoryLimitedCompressingFifoRingBuffer.BATCHSIZE);
        }
        return createHttpServer;
    }

    private SSLEngineConfigurator buildSslEngineConfigurator(Path path, Path path2, String str) throws GeneralSecurityException, IOException {
        if (path2 == null || !Files.isRegularFile(path2, new LinkOption[0]) || !Files.isReadable(path2)) {
            throw new InvalidKeyException("Unreadable or missing private key: " + path2);
        }
        if (path == null || !Files.isRegularFile(path, new LinkOption[0]) || !Files.isReadable(path)) {
            throw new CertificateException("Unreadable or missing X.509 certificate: " + path);
        }
        SSLContextConfigurator sSLContextConfigurator = new SSLContextConfigurator();
        char[] charArray = ((String) MoreObjects.firstNonNull(str, "")).toCharArray();
        KeyStore buildKeyStore = PemKeyStore.buildKeyStore(path, path2, charArray);
        sSLContextConfigurator.setKeyStorePass(charArray);
        sSLContextConfigurator.setKeyStoreBytes(KeyStoreUtils.getBytes(buildKeyStore, charArray));
        SSLEngineConfigurator sSLEngineConfigurator = new SSLEngineConfigurator(sSLContextConfigurator.createSSLContext(true), false, false, false);
        sSLEngineConfigurator.setEnabledProtocols((String[]) this.tlsConfiguration.getEnabledTlsProtocols().toArray(new String[0]));
        return sSLEngineConfigurator;
    }

    private ExecutorService instrumentedExecutor(String str, String str2, int i) {
        return new InstrumentedExecutorService(Executors.newFixedThreadPool(i, new ThreadFactoryBuilder().setNameFormat(str2).setDaemon(true).build()), this.metricRegistry, MetricRegistry.name(JerseyService.class, new String[]{str}));
    }
}
