package org.wso2.ei.dashboard.bootstrap;

import com.google.gson.Gson;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.id.Issuer;
import io.asgardeo.java.oidc.sdk.config.model.OIDCAgentConfig;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.lang.management.ManagementFactory;
import java.net.InetAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.TimeUnit;
import javax.servlet.DispatcherType;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.DetectorConnectionFactory;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.webapp.WebAppContext;
import org.wso2.carbon.securevault.SecretManagerInitializer;
import org.wso2.config.mapper.ConfigParser;
import org.wso2.config.mapper.ConfigParserException;
import org.wso2.micro.integrator.dashboard.utils.ExecutorServiceHolder;
import org.wso2.micro.integrator.dashboard.utils.SSOConfig;
import org.wso2.micro.integrator.dashboard.utils.SSOConfigException;
import org.wso2.securevault.SecretResolver;
import org.wso2.securevault.SecretResolverFactory;
import org.wso2.securevault.commons.MiscellaneousUtil;
import org.wso2.securevault.secret.SecretCallbackHandler;

/* loaded from: input_file:org/wso2/ei/dashboard/bootstrap/DashboardServer.class */
public class DashboardServer {
    private static final String CONF_DIR = "conf";
    private static final String MI_REPOSITORY_DIR = "repository";
    private static final String MI_RESOURCE_DIR = "resources";
    private static final String DEPLOYMENT_TOML = "deployment.toml";
    private static final String SECURITY_DIR = "security";
    private static final String KEYSTORE_FILE = "dashboard.jks";
    private static final String TOML_CONF_PORT = "server_config.port";
    private static final String TOML_MI_USERNAME = "mi_user_store.username";
    private static final String TOML_MI_PASSWORD = "mi_user_store.password";
    private static final String MI_USERNAME = "mi_username";
    private static final String MI_PASSWORD = "mi_password";
    private static final String TOML_CONF_HEARTBEAT_POOL_SIZE = "heartbeat_config.pool_size";
    private static final String SERVER_DIR = "server";
    private static final String WEBAPPS_DIR = "webapps";
    private static final String WWW_DIR = "www";
    private static final String KEYSTORE_PASSWORD = "KEYSTORE_PASSWORD";
    private static final String TOML_KEYSTORE_PASSWORD = "keystore.password";
    private static final String KEY_MANAGER_PASSWORD = "KEY_MANAGER_PASSWORD";
    private static final String TOML_KEY_MANAGER_PASSWORD = "keystore.key_password";
    private static final String JKS_FILE_LOCATION = "JKS_FILE_LOCATION";
    private static final String TOML_JKS_FILE_LOCATION = "keystore.file_name";
    private static final String TOML_TRUSTSTORE_PASSWORD = "truststore.password";
    private static final String TOML_TRUSTSTORE_FILE_LOCATION = "truststore.file_name";
    private static final String JAVAX_SSL_TRUSTSTORE = "javax.net.ssl.trustStore";
    private static final String JAVAX_SSL_TRUSTSTORE_PASSWORD = "javax.net.ssl.trustStorePassword";
    private static final String CARBON_HOME = "carbon.home";
    private static final String SECRET_CONF = "secret-conf.properties";
    private static final String CARBON_CONFIG_DIR = "carbon.config.dir.path";
    private static final int EXECUTOR_SERVICE_TERMINATION_TIMEOUT = 5000;
    private static final int DEFAULT_HEARTBEAT_POOL_SIZE = 10;
    private static String keyStorePassword;
    private static String keyManagerPassword;
    private static String jksFileLocation;
    private static SSOConfig ssoConfig;
    private static Thread shutdownHook;
    private static final String DASHBOARD_HOME = System.getProperty("dashboard.home");
    private static SecretResolver secretResolver = new SecretResolver();
    private static final Logger logger = LogManager.getLogger(DashboardServer.class);

    public void startServerWithConfigs() {
        int i = 9743;
        try {
            Map<String, Object> parseConfigJS = parseConfigJS(DASHBOARD_HOME + File.separator + CONF_DIR + File.separator + DEPLOYMENT_TOML);
            Object obj = parseConfigJS.get(TOML_CONF_PORT);
            if (obj instanceof Long) {
                i = ((Long) obj).intValue();
            }
            initSecureVault(parseConfigJS);
            loadConfigurations(parseConfigJS);
            ssoConfig = generateSSOConfig(parseConfigJS);
        } catch (SSOConfigException e) {
            logger.error("Error reading SSO configs from TOML file", e);
            System.exit(1);
        } catch (ConfigParserException e2) {
            logger.error("Error while reading TOML file configs", e2);
        }
        Server server = new Server();
        setServerConnectors(i, server, DASHBOARD_HOME);
        setServerHandlers(DASHBOARD_HOME, server);
        addShutdownHook();
        try {
            server.start();
            writePID(DASHBOARD_HOME);
            printServerStartupLog(i);
            server.join();
        } catch (Exception e3) {
            logger.error("Error while starting up the server", e3);
        }
        logger.info("Stopping the server");
    }

    private void addShutdownHook() {
        if (shutdownHook != null) {
            return;
        }
        shutdownHook = new Thread(() -> {
            logger.debug("Shutdown hook triggered....");
            shutdownGracefully();
        });
        Runtime.getRuntime().addShutdownHook(shutdownHook);
    }

    private void shutdownGracefully() {
        if (logger.isDebugEnabled()) {
            logger.debug("Shutting down MI Dashboard Server...");
        }
        ExecutorService miArtifactsManagerExecutorService = ExecutorServiceHolder.getMiArtifactsManagerExecutorService();
        miArtifactsManagerExecutorService.shutdown();
        try {
            if (!miArtifactsManagerExecutorService.awaitTermination(5000L, TimeUnit.MILLISECONDS)) {
                miArtifactsManagerExecutorService.shutdownNow();
            }
        } catch (InterruptedException e) {
            miArtifactsManagerExecutorService.shutdownNow();
        }
    }

    private void setServerConnectors(int i, Server server, String str) {
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.addCustomizer(new SecureRequestCustomizer());
        httpConfiguration.setSecureScheme("https");
        httpConfiguration.setSecurePort(i);
        httpConfiguration.setSendServerVersion(false);
        server.setAttribute("org.eclipse.jetty.server.Request.maxFormContentSize", 2000);
        SslContextFactory.Server server2 = new SslContextFactory.Server();
        server2.setKeyStorePath(str + File.separator + jksFileLocation);
        server2.setKeyStorePassword(keyStorePassword);
        server2.setKeyManagerPassword(keyManagerPassword);
        Connector serverConnector = new ServerConnector(server, new ConnectionFactory[]{new DetectorConnectionFactory(new ConnectionFactory.Detecting[]{new SslConnectionFactory(server2, "http/1.1")}), new HttpConnectionFactory(httpConfiguration)});
        serverConnector.setPort(i);
        server.setConnectors(new Connector[]{serverConnector});
    }

    private void setServerHandlers(String str, Server server) {
        String str2 = str + File.separator + SERVER_DIR + File.separator + WEBAPPS_DIR;
        File file = new File(str2);
        HandlerCollection handlerCollection = new HandlerCollection();
        for (String str3 : file.list()) {
            WebAppContext webAppContext = new WebAppContext();
            webAppContext.setContextPath("/dashboard/*");
            File file2 = new File(str2 + File.separator + str3);
            webAppContext.setExtractWAR(true);
            webAppContext.setWar(file2.getAbsolutePath());
            webAppContext.setAttribute("org.wso2.micro.integrator.dashboard.sso.config", ssoConfig);
            webAppContext.setErrorHandler(new JsonErrorHandler());
            handlerCollection.addHandler(webAppContext);
        }
        WebAppContext webAppContext2 = new WebAppContext();
        webAppContext2.setContextPath("/");
        webAppContext2.setResourceBase(str + File.separator + SERVER_DIR + File.separator + WWW_DIR);
        webAppContext2.setParentLoaderPriority(true);
        webAppContext2.addFilter(SecurityHeaderFilter.class, "/*", EnumSet.of(DispatcherType.INCLUDE, DispatcherType.REQUEST));
        webAppContext2.setInitParameter("org.eclipse.jetty.servlet.Default.dirAllowed", "false");
        handlerCollection.addHandler(webAppContext2);
        server.setHandler(handlerCollection);
    }

    private void printServerStartupLog(int i) {
        String str;
        try {
            str = InetAddress.getLocalHost().getHostName();
        } catch (UnknownHostException e) {
            str = "127.0.0.1";
        }
        logger.info("WSO2 Micro Integration Monitoring Dashboard started.");
        logger.info("Login to Micro Integrator Dashboard : '" + ("https://" + str + ":" + i + "/login") + "'");
    }

    private void loadConfigurations(Map<String, Object> map) {
        String valueOf = String.valueOf(DEFAULT_HEARTBEAT_POOL_SIZE);
        if (map.containsKey(TOML_CONF_HEARTBEAT_POOL_SIZE)) {
            valueOf = ((Long) map.get(TOML_CONF_HEARTBEAT_POOL_SIZE)).toString();
        }
        Properties properties = System.getProperties();
        properties.put("heartbeat_pool_size", valueOf);
        if (StringUtils.isEmpty(System.getProperty(MI_USERNAME))) {
            properties.put(MI_USERNAME, resolveSecret((String) map.get(TOML_MI_USERNAME)));
        }
        if (StringUtils.isEmpty(System.getProperty(MI_PASSWORD))) {
            properties.put(MI_PASSWORD, resolveSecret((String) map.get(TOML_MI_PASSWORD)));
        }
        keyStorePassword = System.getProperty(KEYSTORE_PASSWORD);
        if (StringUtils.isEmpty(keyStorePassword)) {
            keyStorePassword = resolveSecret((String) map.get(TOML_KEYSTORE_PASSWORD));
        }
        keyManagerPassword = System.getProperty(KEY_MANAGER_PASSWORD);
        if (StringUtils.isEmpty(keyManagerPassword)) {
            keyManagerPassword = resolveSecret((String) map.get(TOML_KEY_MANAGER_PASSWORD));
        }
        jksFileLocation = System.getProperty(JKS_FILE_LOCATION);
        if (StringUtils.isEmpty(jksFileLocation)) {
            jksFileLocation = resolveSecret((String) map.get(TOML_JKS_FILE_LOCATION));
        }
        System.setProperties(properties);
    }

    private void writePID(String str) {
        String name = ManagementFactory.getRuntimeMXBean().getName();
        int indexOf = name.indexOf(64);
        if (indexOf < 1) {
            logger.warn("Cannot extract current process ID from JVM name '" + name + "'.");
            return;
        }
        String substring = name.substring(0, indexOf);
        Path path = Paths.get(str, "runtime.pid");
        try {
            Files.write(path, substring.getBytes(StandardCharsets.UTF_8), new OpenOption[0]);
        } catch (IOException e) {
            logger.warn("Cannot write process ID '" + substring + "' to '" + path.toString() + "' file.", e);
        }
    }

    private Map<String, Object> parseConfigJS(String str) throws ConfigParserException {
        String str2 = DASHBOARD_HOME + File.separator + MI_REPOSITORY_DIR + File.separator + MI_RESOURCE_DIR + File.separator + CONF_DIR;
        String str3 = DASHBOARD_HOME;
        File file = new File(str3);
        if (!file.exists()) {
            file.mkdir();
        }
        ConfigParser.parse(str, str2, str3);
        return ConfigParser.getParsedConfigs();
    }

    private SSOConfig generateSSOConfig(Map<String, Object> map) throws SSOConfigException {
        if (!Boolean.parseBoolean(map.get("sso.enable").toString())) {
            return null;
        }
        OIDCAgentConfig generateOIDCAgentConfig = generateOIDCAgentConfig(map);
        String str = map.get("sso.admin_group_attribute") instanceof String ? (String) map.get("sso.admin_group_attribute") : "groups";
        String json = map.get("sso.admin_groups") instanceof List ? new Gson().toJson(map.get("sso.admin_groups")) : "";
        String str2 = map.get("sso.base_url") instanceof String ? (String) map.get("sso.base_url") : "";
        String str3 = "";
        if (map.get("sso.well_known_endpoint") instanceof String) {
            str3 = (String) map.get("sso.well_known_endpoint");
        } else if (str2 != null && !str2.isEmpty()) {
            str3 = str2 + "/oauth2/token/.well-known/openid-configuration";
        }
        String str4 = null;
        if (map.get("sso.introspection_endpoint") instanceof String) {
            str4 = (String) map.get("sso.introspection_endpoint");
        }
        String str5 = null;
        if (map.get("sso.user_info_endpoint") instanceof String) {
            str5 = (String) map.get("sso.user_info_endpoint");
        }
        setJavaxSslTruststore(map);
        return new SSOConfig(generateOIDCAgentConfig, str, json, str3, str2, str4, str5);
    }

    private OIDCAgentConfig generateOIDCAgentConfig(Map<String, Object> map) throws SSOConfigException {
        OIDCAgentConfig oIDCAgentConfig = new OIDCAgentConfig();
        if (!(map.get("sso.jwt_issuer") instanceof String)) {
            throw new SSOConfigException("Missing value for sso.jwt_issuer in SSO Configs");
        }
        oIDCAgentConfig.setIssuer(new Issuer((String) map.get("sso.jwt_issuer")));
        if (map.get("sso.jwks_endpoint") instanceof String) {
            try {
                oIDCAgentConfig.setJwksEndpoint(new URI((String) map.get("sso.jwks_endpoint")));
            } catch (URISyntaxException e) {
                throw new SSOConfigException("Invalid url for sso.jwks_endpoint in SSO Configs", e);
            }
        }
        if (!(map.get("sso.client_id") instanceof String)) {
            throw new SSOConfigException("Missing value for sso.client_id in SSO Configs");
        }
        ClientID clientID = new ClientID((String) map.get("sso.client_id"));
        oIDCAgentConfig.setConsumerKey(clientID);
        if (map.get("sso.client_secret") instanceof String) {
            oIDCAgentConfig.setConsumerSecret(new Secret((String) map.get("sso.client_secret")));
        }
        if (map.get("sso.jwks_algorithm") instanceof String) {
            oIDCAgentConfig.setSignatureAlgorithm(new JWSAlgorithm((String) map.get("sso.jwks_algorithm")));
        }
        HashSet hashSet = new HashSet();
        hashSet.add(clientID.getValue());
        if (map.get("sso.additional_trusted_audience") instanceof List) {
            ArrayList arrayList = (ArrayList) map.get("sso.additional_trusted_audience");
            for (int i = 0; i < ((List) Objects.requireNonNull(arrayList)).size(); i++) {
                hashSet.add(arrayList.get(i).toString());
            }
        }
        oIDCAgentConfig.setTrustedAudience(hashSet);
        return oIDCAgentConfig;
    }

    private void setJavaxSslTruststore(Map<String, Object> map) throws SSOConfigException {
        Object obj = map.get(TOML_TRUSTSTORE_FILE_LOCATION);
        Object obj2 = map.get(TOML_TRUSTSTORE_PASSWORD);
        if (!(obj instanceof String) || !(obj2 instanceof String) || ((String) obj2).isEmpty() || ((String) obj).isEmpty()) {
            throw new SSOConfigException("Truststore information is missing");
        }
        System.setProperty(JAVAX_SSL_TRUSTSTORE, DASHBOARD_HOME + File.separator + resolveSecret((String) obj));
        System.setProperty(JAVAX_SSL_TRUSTSTORE_PASSWORD, resolveSecret((String) obj2));
    }

    private void initSecureVault(Map<String, Object> map) {
        System.setProperty(CARBON_HOME, DASHBOARD_HOME);
        System.setProperty(CARBON_CONFIG_DIR, DASHBOARD_HOME + File.separator + CONF_DIR);
        if (secretResolver.isInitialized()) {
            return;
        }
        SecretCallbackHandler secretCallbackHandler = new SecretManagerInitializer().init().getSecretCallbackHandler();
        secretResolver = SecretResolverFactory.create(loadProperties(map));
        secretResolver.init(secretCallbackHandler);
    }

    private Properties loadProperties(Map<String, Object> map) {
        Properties properties = new Properties();
        String path = Paths.get(System.getProperty(CARBON_HOME), CONF_DIR, SECURITY_DIR, SECRET_CONF).toString();
        File file = new File(path);
        if (!file.exists()) {
            appendTomlProperties(properties, map);
            return properties;
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                properties.load(fileInputStream);
                appendTomlProperties(properties, map);
                fileInputStream.close();
                return properties;
            } finally {
            }
        } catch (IOException e) {
            logger.error(MessageFormat.format("Error loading properties from a file at :{0}", path), e);
            return properties;
        }
    }

    private void appendTomlProperties(Properties properties, Map<String, Object> map) {
        HashSet hashSet = new HashSet(Arrays.asList(TOML_MI_USERNAME, TOML_MI_PASSWORD, TOML_KEYSTORE_PASSWORD, TOML_KEY_MANAGER_PASSWORD, TOML_JKS_FILE_LOCATION, TOML_TRUSTSTORE_PASSWORD, TOML_TRUSTSTORE_FILE_LOCATION));
        for (String str : map.keySet()) {
            if (hashSet.contains(str) && Objects.nonNull(map.get(str))) {
                properties.put(str, map.get(str));
            }
        }
    }

    private String resolveSecret(String str) {
        String protectedToken = MiscellaneousUtil.getProtectedToken(str);
        return !StringUtils.isEmpty(protectedToken) ? MiscellaneousUtil.resolve(protectedToken, secretResolver) : str;
    }
}
