package _ss_com.streamsets.datacollector.http;

import _ss_com.com.google.common.annotations.VisibleForTesting;
import _ss_com.com.google.common.collect.ImmutableList;
import _ss_com.com.google.common.collect.ImmutableMap;
import _ss_com.com.google.common.collect.ImmutableSet;
import _ss_com.streamsets.datacollector.main.BuildInfo;
import _ss_com.streamsets.datacollector.main.RuntimeInfo;
import _ss_com.streamsets.datacollector.task.AbstractTask;
import _ss_com.streamsets.datacollector.util.Configuration;
import _ss_com.streamsets.lib.security.http.DisconnectedSSOManager;
import _ss_com.streamsets.lib.security.http.FailoverSSOService;
import _ss_com.streamsets.lib.security.http.ProxySSOService;
import _ss_com.streamsets.lib.security.http.RemoteSSOService;
import _ss_com.streamsets.lib.security.http.SSOAuthenticator;
import _ss_com.streamsets.lib.security.http.SSOConstants;
import _ss_com.streamsets.lib.security.http.SSOService;
import _ss_com.streamsets.lib.security.http.SSOUtils;
import _ss_com.streamsets.pipeline.lib.parser.log.Constants;
import com.streamsets.pipeline.api.impl.Utils;
import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.URI;
import java.net.URL;
import java.net.UnknownHostException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.nio.file.attribute.PosixFilePermission;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.jaas.JAASLoginService;
import org.eclipse.jetty.rewrite.handler.RewriteHandler;
import org.eclipse.jetty.rewrite.handler.RewriteRegexRule;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.DefaultIdentityService;
import org.eclipse.jetty.security.DefaultUserIdentity;
import org.eclipse.jetty.security.HashLoginService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.SecurityHandler;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.security.authentication.DigestAuthenticator;
import org.eclipse.jetty.security.authentication.FormAuthenticator;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.server.handler.ContextHandlerCollection;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.server.session.HashSessionManager;
import org.eclipse.jetty.server.session.SessionHandler;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.URIUtil;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.glassfish.hk2.utilities.BuilderHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:_ss_com/streamsets/datacollector/http/WebServerTask.class */
public abstract class WebServerTask extends AbstractTask {
    public static final String HTTP_BIND_HOST = "http.bindHost";
    private static final String HTTP_BIND_HOST_DEFAULT = "0.0.0.0";
    public static final String HTTP_MAX_THREADS = "http.maxThreads";
    private static final int HTTP_MAX_THREADS_DEFAULT = 200;
    public static final String HTTP_PORT_KEY = "http.port";
    private static final int HTTP_PORT_DEFAULT = 0;
    public static final String HTTPS_PORT_KEY = "https.port";
    private static final int HTTPS_PORT_DEFAULT = -1;
    public static final String HTTPS_KEYSTORE_PATH_KEY = "https.keystore.path";
    private static final String HTTPS_KEYSTORE_PATH_DEFAULT = "keystore.jks";
    public static final String HTTPS_KEYSTORE_PASSWORD_KEY = "https.keystore.password";
    private static final String HTTPS_KEYSTORE_PASSWORD_DEFAULT = "${file(\"keystore-password.txt\")}";
    static final String HTTPS_TRUSTSTORE_PATH_KEY = "https.truststore.path";
    private static final String HTTPS_TRUSTSTORE_PASSWORD_KEY = "https.truststore.password";
    public static final String HTTP_SESSION_MAX_INACTIVE_INTERVAL_CONFIG = "http.session.max.inactive.interval";
    public static final int HTTP_SESSION_MAX_INACTIVE_INTERVAL_DEFAULT = 86400;
    public static final String AUTHENTICATION_KEY = "http.authentication";
    private static final String DIGEST_REALM_KEY = "http.digest.realm";
    private static final String REALM_POSIX_DEFAULT = "-realm";
    public static final String REALM_FILE_PERMISSION_CHECK = "http.realm.file.permission.check";
    private static final boolean REALM_FILE_PERMISSION_CHECK_DEFAULT = true;
    public static final String HTTP_AUTHENTICATION_LOGIN_MODULE = "http.authentication.login.module";
    public static final String FILE = "file";
    private static final String HTTP_AUTHENTICATION_LOGIN_MODULE_DEFAULT = "file";
    public static final String HTTP_AUTHENTICATION_LDAP_ROLE_MAPPING = "http.authentication.ldap.role.mapping";
    private static final String HTTP_AUTHENTICATION_LDAP_ROLE_MAPPING_DEFAULT = "";
    private static final String JSESSIONID_COOKIE = "JSESSIONID_";
    public static final String LDAP_LOGIN_CONF = "ldap-login.conf";
    public static final String JAVA_SECURITY_AUTH_LOGIN_CONFIG = "java.security.auth.login.config";
    public static final String LDAP_LOGIN_MODULE_NAME = "ldap.login.module.name";
    public static final String SSO_SERVICES_ATTR = "ssoServices";
    private final String serverName;
    private final BuildInfo buildInfo;
    private final RuntimeInfo runtimeInfo;
    private final Configuration conf;
    private final Set<WebAppProvider> webAppProviders;
    private final Set<ContextConfigurator> contextConfigurators;
    private int port;
    private Server server;
    private Server redirector;
    private HashSessionManager hashSessionManager;
    private Map<String, Set<String>> roleMapping;
    private final List<Runnable> postStartRunnables;
    private static final String HTTPS_TRUSTSTORE_PATH_DEFAULT = null;
    private static final String HTTPS_TRUSTSTORE_PASSWORD_DEFAULT = null;
    public static final String AUTHENTICATION_DEFAULT = "none";
    private static final Set<String> AUTHENTICATION_MODES = ImmutableSet.of(AUTHENTICATION_DEFAULT, "digest", "basic", "form");
    public static final String LDAP = "ldap";
    private static final Set<String> LOGIN_MODULES = ImmutableSet.of("file", LDAP);
    private static final Logger LOG = LoggerFactory.getLogger(WebServerTask.class);
    public static final Set<PosixFilePermission> OWNER_PERMISSIONS = ImmutableSet.of(PosixFilePermission.OWNER_EXECUTE, PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:_ss_com/streamsets/datacollector/http/WebServerTask$RedirectorServlet.class */
    public class RedirectorServlet extends HttpServlet {
        private RedirectorServlet() {
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // javax.servlet.http.HttpServlet
        public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
            StringBuffer requestURL = httpServletRequest.getRequestURL();
            String queryString = httpServletRequest.getQueryString();
            if (queryString != null) {
                requestURL.append("?").append(queryString);
            }
            URL url = new URL(requestURL.toString());
            httpServletResponse.sendRedirect(new URL(URIUtil.HTTPS, url.getHost(), WebServerTask.this.port, url.getFile()).toString());
        }
    }

    public WebServerTask(BuildInfo buildInfo, RuntimeInfo runtimeInfo, Configuration configuration, Set<ContextConfigurator> set, Set<WebAppProvider> set2) {
        this("webserver", buildInfo, runtimeInfo, configuration, set, set2);
    }

    public WebServerTask(String str, BuildInfo buildInfo, RuntimeInfo runtimeInfo, Configuration configuration, Set<ContextConfigurator> set, Set<WebAppProvider> set2) {
        super("webServer");
        this.postStartRunnables = new ArrayList();
        this.serverName = str;
        this.buildInfo = buildInfo;
        this.runtimeInfo = runtimeInfo;
        this.conf = configuration;
        this.webAppProviders = set2;
        this.contextConfigurators = set;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RuntimeInfo getRuntimeInfo() {
        return this.runtimeInfo;
    }

    protected Configuration getConfiguration() {
        return this.conf;
    }

    @Override // _ss_com.streamsets.datacollector.task.AbstractTask
    public void initTask() {
        checkValidPorts();
        synchronized (getRuntimeInfo()) {
            if (!getRuntimeInfo().hasAttribute(SSO_SERVICES_ATTR)) {
                getRuntimeInfo().setAttribute(SSO_SERVICES_ATTR, Collections.synchronizedList(new ArrayList()));
            }
        }
        this.server = createServer();
        this.hashSessionManager = new HashSessionManager();
        this.hashSessionManager.setMaxInactiveInterval(this.conf.get(HTTP_SESSION_MAX_INACTIVE_INTERVAL_CONFIG, 86400));
        ContextHandlerCollection contextHandlerCollection = new ContextHandlerCollection();
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (WebAppProvider webAppProvider : this.webAppProviders) {
            Configuration appConfiguration = webAppProvider.getAppConfiguration();
            ServletContextHandler servletContextHandler = webAppProvider.get();
            String contextPath = servletContextHandler.getContextPath();
            if (contextPath.equals(URIUtil.SLASH)) {
                throw new RuntimeException("Webapps cannot be registered at the root context");
            }
            if (linkedHashSet.contains(contextPath)) {
                throw new RuntimeException(Utils.format("Webapp already registered at '{}' context", new Object[]{contextPath}));
            }
            servletContextHandler.setSessionHandler(new SessionHandler(this.hashSessionManager));
            servletContextHandler.setSecurityHandler(createSecurityHandler(this.server, appConfiguration, servletContextHandler, contextPath));
            linkedHashSet.add(contextPath);
            contextHandlerCollection.addHandler(servletContextHandler);
        }
        ServletContextHandler configureRootContext = configureRootContext(new SessionHandler(this.hashSessionManager));
        configureRootContext.setSecurityHandler(createSecurityHandler(this.server, this.conf, configureRootContext, URIUtil.SLASH));
        contextHandlerCollection.addHandler(configureRedirectionRules(configureRootContext));
        this.server.setHandler(contextHandlerCollection);
        if (isRedirectorToSSLEnabled()) {
            this.redirector = createRedirectorServer();
        }
        addToPostStart(new Runnable() { // from class: _ss_com.streamsets.datacollector.http.WebServerTask.1
            @Override // java.lang.Runnable
            public void run() {
                Iterator it = WebServerTask.this.webAppProviders.iterator();
                while (it.hasNext()) {
                    ((WebAppProvider) it.next()).postStart();
                }
            }
        });
    }

    @VisibleForTesting
    Server getServer() {
        return this.server;
    }

    private ServletContextHandler configureRootContext(SessionHandler sessionHandler) {
        ServletContextHandler servletContextHandler = new ServletContextHandler(1);
        servletContextHandler.setSessionHandler(sessionHandler);
        servletContextHandler.setContextPath(URIUtil.SLASH);
        Iterator<ContextConfigurator> it = this.contextConfigurators.iterator();
        while (it.hasNext()) {
            it.next().init(servletContextHandler);
        }
        return servletContextHandler;
    }

    private Handler configureRedirectionRules(Handler handler) {
        RewriteHandler rewriteHandler = new RewriteHandler();
        rewriteHandler.setRewriteRequestURI(false);
        rewriteHandler.setRewritePathInfo(false);
        rewriteHandler.setOriginalPathAttribute("requestedPath");
        RewriteRegexRule rewriteRegexRule = new RewriteRegexRule();
        rewriteRegexRule.setRegex("^/collector/.*");
        rewriteRegexRule.setReplacement(URIUtil.SLASH);
        rewriteHandler.addRule(rewriteRegexRule);
        rewriteHandler.setHandler(handler);
        HandlerCollection handlerCollection = new HandlerCollection();
        handlerCollection.setHandlers(new Handler[]{rewriteHandler, handler});
        return handlerCollection;
    }

    private List<ConstraintMapping> createConstraintMappings() {
        Constraint constraint = new Constraint();
        constraint.setName(Constants.USER_AUTH);
        constraint.setAuthenticate(false);
        constraint.setRoles(new String[]{"user"});
        ConstraintMapping constraintMapping = new ConstraintMapping();
        constraintMapping.setPathSpec("/*");
        constraintMapping.setConstraint(constraint);
        Constraint constraint2 = new Constraint();
        constraint2.setName(Constants.USER_AUTH);
        constraint2.setAuthenticate(false);
        constraint2.setRoles(new String[]{"user"});
        ConstraintMapping constraintMapping2 = new ConstraintMapping();
        constraintMapping2.setPathSpec("/public-rest/*");
        constraintMapping2.setConstraint(constraint2);
        Constraint constraint3 = new Constraint();
        constraint3.setName(Constants.USER_AUTH);
        constraint3.setAuthenticate(true);
        constraint3.setRoles(new String[]{"user"});
        ConstraintMapping constraintMapping3 = new ConstraintMapping();
        constraintMapping3.setPathSpec("/rest/*");
        constraintMapping3.setConstraint(constraint3);
        Constraint constraint4 = new Constraint();
        constraint4.setName(Constants.USER_AUTH);
        constraint4.setAuthenticate(true);
        constraint4.setRoles(new String[]{"user"});
        ConstraintMapping constraintMapping4 = new ConstraintMapping();
        constraintMapping4.setPathSpec("/logout");
        constraintMapping4.setConstraint(constraint4);
        Constraint constraint5 = new Constraint();
        constraint5.setName(Constants.USER_AUTH);
        constraint5.setAuthenticate(true);
        constraint5.setRoles(new String[]{"user"});
        ConstraintMapping constraintMapping5 = new ConstraintMapping();
        constraintMapping5.setPathSpec("");
        constraintMapping5.setConstraint(constraint5);
        ConstraintMapping constraintMapping6 = new ConstraintMapping();
        constraintMapping6.setPathSpec("/docs/*");
        constraintMapping6.setConstraint(constraint5);
        Constraint constraint6 = new Constraint();
        constraint6.setName("Disable TRACE");
        constraint6.setAuthenticate(true);
        ConstraintMapping constraintMapping7 = new ConstraintMapping();
        constraintMapping7.setPathSpec("/*");
        constraintMapping7.setMethod("TRACE");
        constraintMapping7.setConstraint(constraint6);
        return ImmutableList.of(constraintMapping7, constraintMapping3, constraintMapping5, constraintMapping6, constraintMapping4, constraintMapping, constraintMapping2);
    }

    protected SecurityHandler createSecurityHandler(Server server, Configuration configuration, ServletContextHandler servletContextHandler, String str) {
        ConstraintSecurityHandler configureForm;
        String str2 = this.conf.get(AUTHENTICATION_KEY, AUTHENTICATION_DEFAULT);
        if (this.runtimeInfo.isDPMEnabled()) {
            configureForm = configureSSO(configuration, servletContextHandler, str);
        } else {
            boolean z = -1;
            switch (str2.hashCode()) {
                case -1331913276:
                    if (str2.equals("digest")) {
                        z = true;
                        break;
                    }
                    break;
                case 3148996:
                    if (str2.equals("form")) {
                        z = 3;
                        break;
                    }
                    break;
                case 3387192:
                    if (str2.equals(AUTHENTICATION_DEFAULT)) {
                        z = false;
                        break;
                    }
                    break;
                case 93508654:
                    if (str2.equals("basic")) {
                        z = 2;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    configureForm = null;
                    break;
                case true:
                case true:
                    configureForm = configureDigestBasic(configuration, server, str2);
                    break;
                case true:
                    configureForm = configureForm(configuration, server, str2);
                    break;
                default:
                    throw new RuntimeException(Utils.format("Invalid authentication mode '{}', must be one of '{}'", new Object[]{str2, AUTHENTICATION_MODES}));
            }
        }
        if (configureForm != null) {
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(createConstraintMappings());
            configureForm.setConstraintMappings(arrayList);
        }
        return configureForm;
    }

    private void validateRealmFile(File file) {
        if (this.conf.get(REALM_FILE_PERMISSION_CHECK, true)) {
            if (!file.exists()) {
                throw new RuntimeException(Utils.format("Realm file '{}' does not exists", new Object[]{file}));
            }
            if (!file.isFile()) {
                throw new RuntimeException(Utils.format("Realm file '{}' is not a file", new Object[]{file}));
            }
            try {
                Set<PosixFilePermission> posixFilePermissions = Files.getPosixFilePermissions(file.toPath(), new LinkOption[0]);
                posixFilePermissions.removeAll(OWNER_PERMISSIONS);
                if (posixFilePermissions.isEmpty()) {
                } else {
                    throw new RuntimeException(Utils.format("The permissions of the realm file '{}' should be owner only", new Object[]{file}));
                }
            } catch (IOException e) {
                throw new RuntimeException(Utils.format("Could not get the permissions of the realm file '{}', {}", new Object[]{file, e.toString(), e}));
            }
        }
    }

    RemoteSSOService createRemoteSSOService(Configuration configuration) {
        RemoteSSOService remoteSSOService = new RemoteSSOService();
        remoteSSOService.setConfiguration(configuration);
        return remoteSSOService;
    }

    protected boolean isDisconnectedSSOModeEnabled() {
        return false;
    }

    private ConstraintSecurityHandler configureSSO(Configuration configuration, ServletContextHandler servletContextHandler, String str) {
        SSOService sSOService;
        final String componentId = getComponentId(configuration);
        String appAuthToken = getAppAuthToken(configuration);
        Utils.checkArgument((appAuthToken == null || appAuthToken.trim().isEmpty()) ? false : true, Utils.format("{} cannot be NULL or empty", new Object[]{RemoteSSOService.SECURITY_SERVICE_APP_AUTH_TOKEN_CONFIG}));
        LOG.debug("Initializing DPM componentId '{}'", componentId);
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        RemoteSSOService createRemoteSSOService = createRemoteSSOService(configuration);
        createRemoteSSOService.setComponentId(componentId);
        createRemoteSSOService.setApplicationAuthToken(appAuthToken);
        LOG.info("DPM component ID '{}' application authentication token '{}'", componentId, SSOUtils.tokenForLog(appAuthToken));
        if (isDisconnectedSSOModeEnabled()) {
            LOG.info("Support for DPM disconnected mode is enabled");
            DisconnectedSSOManager disconnectedSSOManager = new DisconnectedSSOManager(getRuntimeInfo().getDataDir(), configuration);
            disconnectedSSOManager.setEnabled(true);
            disconnectedSSOManager.registerResources(servletContextHandler);
            sSOService = new FailoverSSOService(createRemoteSSOService, disconnectedSSOManager.getSsoService());
        } else {
            LOG.debug("Support for DPM disconnected mode is disabled");
            sSOService = createRemoteSSOService;
        }
        final SSOService sSOService2 = sSOService;
        addToPostStart(new Runnable() { // from class: _ss_com.streamsets.datacollector.http.WebServerTask.2
            @Override // java.lang.Runnable
            public void run() {
                WebServerTask.LOG.debug("Validating application token for DPM component ID '{}'", componentId);
                sSOService2.register(WebServerTask.this.getRegistrationAttributes());
                WebServerTask.this.runtimeInfo.setRemoteRegistrationStatus(true);
            }
        });
        ProxySSOService proxySSOService = new ProxySSOService(sSOService);
        ((List) getRuntimeInfo().getAttribute(SSO_SERVICES_ATTR)).add(proxySSOService);
        servletContextHandler.getServletContext().setAttribute(SSOService.SSO_SERVICE_KEY, proxySSOService);
        constraintSecurityHandler.setAuthenticator(new SSOAuthenticator(str, proxySSOService, configuration));
        return constraintSecurityHandler;
    }

    private ConstraintSecurityHandler configureDigestBasic(Configuration configuration, Server server, String str) {
        LoginService loginService = getLoginService(configuration, str);
        server.addBean(loginService);
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        boolean z = -1;
        switch (str.hashCode()) {
            case -1331913276:
                if (str.equals("digest")) {
                    z = false;
                    break;
                }
                break;
            case 93508654:
                if (str.equals("basic")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                constraintSecurityHandler.setAuthenticator(new ProxyAuthenticator(new DigestAuthenticator(), this.runtimeInfo, configuration));
                break;
            case true:
                constraintSecurityHandler.setAuthenticator(new ProxyAuthenticator(new BasicAuthenticator(), this.runtimeInfo, configuration));
                break;
        }
        constraintSecurityHandler.setLoginService(loginService);
        return constraintSecurityHandler;
    }

    private ConstraintSecurityHandler configureForm(Configuration configuration, Server server, String str) {
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        LoginService loginService = getLoginService(configuration, str);
        server.addBean(loginService);
        constraintSecurityHandler.setLoginService(loginService);
        constraintSecurityHandler.setAuthenticator(new ProxyAuthenticator(new FormAuthenticator("/login.html", "/login.html?error=true", true), this.runtimeInfo, configuration));
        return constraintSecurityHandler;
    }

    private boolean isSSLEnabled() {
        return this.conf.get(HTTPS_PORT_KEY, -1) != -1;
    }

    private void checkValidPorts() {
        if ((this.conf.get(HTTP_PORT_KEY, 0) == 0 && this.conf.get(HTTPS_PORT_KEY, -1) != -1) || (this.conf.get(HTTPS_PORT_KEY, -1) == 0 && this.conf.get(HTTP_PORT_KEY, 0) != -1)) {
            throw new IllegalArgumentException("Invalid port combination for http and https, If http port is set to 0 (random), then https should be set to -1 or vice versa");
        }
    }

    private boolean isRedirectorToSSLEnabled() {
        return (this.conf.get(HTTPS_PORT_KEY, -1) == -1 || this.conf.get(HTTP_PORT_KEY, 0) == -1) ? false : true;
    }

    private Server createServer() {
        this.port = isSSLEnabled() ? this.conf.get(HTTPS_PORT_KEY, -1) : this.conf.get(HTTP_PORT_KEY, 0);
        String str = this.conf.get(HTTP_BIND_HOST, "0.0.0.0");
        QueuedThreadPool queuedThreadPool = new QueuedThreadPool(this.conf.get(HTTP_MAX_THREADS, 200));
        queuedThreadPool.setName(this.serverName);
        queuedThreadPool.setDaemon(true);
        Server server = new Server(queuedThreadPool);
        if (isSSLEnabled()) {
            HttpConfiguration httpConfiguration = new HttpConfiguration();
            httpConfiguration.addCustomizer(new SecureRequestCustomizer());
            ServerConnector serverConnector = new ServerConnector(server, new SslConnectionFactory(createSslContextFactory(), "http/1.1"), new HttpConnectionFactory(httpConfiguration));
            serverConnector.setPort(this.port);
            serverConnector.setHost(str);
            server.setConnectors(new Connector[]{serverConnector});
        } else {
            InetSocketAddress inetSocketAddress = new InetSocketAddress(str, this.port);
            ServerConnector serverConnector2 = new ServerConnector(server);
            serverConnector2.setHost(inetSocketAddress.getHostName());
            serverConnector2.setPort(inetSocketAddress.getPort());
            server.setConnectors(new Connector[]{serverConnector2});
        }
        return server;
    }

    protected SslContextFactory createSslContextFactory() {
        SslContextFactory sslContextFactory = new SslContextFactory();
        File httpsKeystore = getHttpsKeystore(this.conf, this.runtimeInfo.getConfigDir());
        if (!httpsKeystore.exists()) {
            throw new RuntimeException(Utils.format("KeyStore file '{}' does not exist", new Object[]{httpsKeystore.getPath()}));
        }
        String trim = this.conf.get(HTTPS_KEYSTORE_PASSWORD_KEY, HTTPS_KEYSTORE_PASSWORD_DEFAULT).trim();
        sslContextFactory.setKeyStorePath(httpsKeystore.getPath());
        sslContextFactory.setKeyStorePassword(trim);
        sslContextFactory.setKeyManagerPassword(trim);
        File httpsTruststore = getHttpsTruststore(this.conf, this.runtimeInfo.getConfigDir());
        if (httpsTruststore != null) {
            if (!httpsTruststore.exists()) {
                throw new IllegalStateException(Utils.format("Truststore file: '{}' doesn't exist", new Object[]{httpsTruststore.getAbsolutePath()}));
            }
            sslContextFactory.setTrustStorePath(httpsTruststore.getPath());
            sslContextFactory.setTrustStorePassword(((String) Utils.checkNotNull(this.conf.get(HTTPS_TRUSTSTORE_PASSWORD_KEY, HTTPS_TRUSTSTORE_PASSWORD_DEFAULT), HTTPS_TRUSTSTORE_PASSWORD_KEY)).trim());
        }
        return sslContextFactory;
    }

    private void setSSLContext() {
        for (Connector connector : this.server.getConnectors()) {
            for (ConnectionFactory connectionFactory : connector.getConnectionFactories()) {
                if (connectionFactory instanceof SslConnectionFactory) {
                    this.runtimeInfo.setSSLContext(((SslConnectionFactory) connectionFactory).getSslContextFactory().getSslContext());
                }
            }
        }
        if (this.runtimeInfo.getSSLContext() == null) {
            throw new IllegalStateException("Unexpected error, SSLContext is not set for https enabled server");
        }
    }

    private File getHttpsTruststore(Configuration configuration, String str) {
        String str2 = configuration.get(HTTPS_TRUSTSTORE_PATH_KEY, HTTPS_TRUSTSTORE_PATH_DEFAULT);
        if (str2 != null && !str2.trim().isEmpty()) {
            return Paths.get(str2, new String[0]).isAbsolute() ? new File(str2).getAbsoluteFile() : new File(str, str2).getAbsoluteFile();
        }
        LOG.info(Utils.format("TrustStore config '{}' is not set, will pickup truststore from $JAVA_HOME/jre/lib/security/cacerts", new Object[]{HTTPS_TRUSTSTORE_PATH_KEY}));
        return null;
    }

    @VisibleForTesting
    static File getHttpsKeystore(Configuration configuration, String str) {
        String str2 = configuration.get(HTTPS_KEYSTORE_PATH_KEY, HTTPS_KEYSTORE_PATH_DEFAULT);
        return Paths.get(str2, new String[0]).isAbsolute() ? new File(str2).getAbsoluteFile() : new File(str, str2).getAbsoluteFile();
    }

    private Server createRedirectorServer() {
        int i = this.conf.get(HTTP_PORT_KEY, 0);
        String str = this.conf.get(HTTP_BIND_HOST, "0.0.0.0");
        QueuedThreadPool queuedThreadPool = new QueuedThreadPool(25);
        queuedThreadPool.setName(this.serverName + "Redirector");
        queuedThreadPool.setDaemon(true);
        Server server = new Server(queuedThreadPool);
        InetSocketAddress inetSocketAddress = new InetSocketAddress(str, i);
        ServerConnector serverConnector = new ServerConnector(server);
        serverConnector.setHost(inetSocketAddress.getHostName());
        serverConnector.setPort(inetSocketAddress.getPort());
        server.setConnectors(new Connector[]{serverConnector});
        ServletContextHandler servletContextHandler = new ServletContextHandler();
        servletContextHandler.addServlet(new ServletHolder(new RedirectorServlet()), "/*");
        servletContextHandler.setContextPath(URIUtil.SLASH);
        server.setHandler(servletContextHandler);
        return server;
    }

    void addToPostStart(Runnable runnable) {
        this.postStartRunnables.add(runnable);
    }

    void postStart() {
        Iterator<Runnable> it = this.postStartRunnables.iterator();
        while (it.hasNext()) {
            it.next().run();
        }
    }

    protected String getHttpUrl() {
        return this.runtimeInfo.getBaseHttpUrl();
    }

    @Override // _ss_com.streamsets.datacollector.task.AbstractTask
    protected void runTask() {
        Iterator<ContextConfigurator> it = this.contextConfigurators.iterator();
        while (it.hasNext()) {
            it.next().start();
        }
        try {
            this.server.start();
            this.port = this.server.getURI().getPort();
            this.hashSessionManager.setSessionCookie(JSESSIONID_COOKIE + this.port);
            if (this.runtimeInfo.getBaseHttpUrl().equals(RuntimeInfo.UNDEF)) {
                try {
                    String str = isSSLEnabled() ? "https://" : "http://";
                    String str2 = this.conf.get(HTTP_BIND_HOST, "0.0.0.0");
                    this.runtimeInfo.setBaseHttpUrl((str + (!"0.0.0.0".equals(str2) ? str2 : InetAddress.getLocalHost().getCanonicalHostName())) + _ss_com.streamsets.datacollector.execution.runner.common.Constants.MASTER_SDC_ID_SEPARATOR + this.port);
                } catch (UnknownHostException e) {
                    LOG.debug("Exception during hostname resolution: {}", e);
                    this.runtimeInfo.setBaseHttpUrl(this.server.getURI().toString());
                }
            }
            System.out.println(Utils.format("Running on URI : '{}'", new Object[]{getHttpUrl()}));
            LOG.info("Running on URI : '{}'", getHttpUrl());
            for (Connector connector : this.server.getConnectors()) {
                if (connector instanceof ServerConnector) {
                    this.port = ((ServerConnector) connector).getLocalPort();
                }
            }
            if (this.redirector != null) {
                try {
                    this.redirector.start();
                    LOG.debug("Running HTTP redirector to HTTPS on port '{}'", Integer.valueOf(this.conf.get(HTTP_PORT_KEY, 0)));
                } catch (Exception e2) {
                    throw new RuntimeException(e2);
                }
            }
            if (isSSLEnabled()) {
                setSSLContext();
            }
            postStart();
        } catch (Exception e3) {
            throw new RuntimeException(e3);
        }
    }

    public URI getServerURI() throws ServerNotYetRunningException {
        if (this.server.isStarted()) {
            return this.server.getURI();
        }
        throw new ServerNotYetRunningException("Server has not yet started");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // _ss_com.streamsets.datacollector.task.AbstractTask
    public void stopTask() {
        try {
            try {
                this.server.stop();
                for (ContextConfigurator contextConfigurator : this.contextConfigurators) {
                    try {
                        contextConfigurator.stop();
                    } catch (Exception e) {
                        LOG.error("Error while stopping '{}', {}", new Object[]{contextConfigurator.getClass().getSimpleName(), e.toString(), e});
                    }
                }
            } catch (Exception e2) {
                LOG.error("Error while stopping Jetty, {}", e2.toString(), e2);
                for (ContextConfigurator contextConfigurator2 : this.contextConfigurators) {
                    try {
                        contextConfigurator2.stop();
                    } catch (Exception e3) {
                        LOG.error("Error while stopping '{}', {}", new Object[]{contextConfigurator2.getClass().getSimpleName(), e3.toString(), e3});
                    }
                }
            }
            if (this.redirector != null) {
                try {
                    this.redirector.stop();
                } catch (Exception e4) {
                    LOG.error("Error while stopping redirector Jetty, {}", e4.toString(), e4);
                }
            }
        } catch (Throwable th) {
            for (ContextConfigurator contextConfigurator3 : this.contextConfigurators) {
                try {
                    contextConfigurator3.stop();
                } catch (Exception e5) {
                    LOG.error("Error while stopping '{}', {}", new Object[]{contextConfigurator3.getClass().getSimpleName(), e5.toString(), e5});
                }
            }
            throw th;
        }
    }

    private LoginService getLoginService(Configuration configuration, String str) {
        LoginService jAASLoginService;
        String str2 = this.conf.get(HTTP_AUTHENTICATION_LOGIN_MODULE, "file");
        boolean z = -1;
        switch (str2.hashCode()) {
            case 3143036:
                if (str2.equals("file")) {
                    z = false;
                    break;
                }
                break;
            case 3316647:
                if (str2.equals(LDAP)) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                String str3 = configuration.get(DIGEST_REALM_KEY, str + REALM_POSIX_DEFAULT);
                File absoluteFile = new File(this.runtimeInfo.getConfigDir(), str3 + ".properties").getAbsoluteFile();
                validateRealmFile(absoluteFile);
                jAASLoginService = new HashLoginService(str3, absoluteFile.getAbsolutePath());
                break;
            case true:
                if (null == System.getProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG, null)) {
                    System.setProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG, new File(this.runtimeInfo.getConfigDir(), LDAP_LOGIN_CONF).getAbsoluteFile().getAbsolutePath());
                }
                this.roleMapping = parseRoleMapping(configuration.get(HTTP_AUTHENTICATION_LDAP_ROLE_MAPPING, ""));
                String str4 = configuration.get(LDAP_LOGIN_MODULE_NAME, LDAP);
                if (str4.trim().isEmpty()) {
                    str4 = LDAP;
                }
                jAASLoginService = new JAASLoginService(str4);
                jAASLoginService.setIdentityService(new DefaultIdentityService() { // from class: _ss_com.streamsets.datacollector.http.WebServerTask.3
                    @Override // org.eclipse.jetty.security.DefaultIdentityService, org.eclipse.jetty.security.IdentityService
                    public UserIdentity newUserIdentity(Subject subject, Principal principal, String[] strArr) {
                        HashSet hashSet = new HashSet();
                        hashSet.add("user");
                        for (String str5 : strArr) {
                            Set<String> tryMappingRole = WebServerTask.this.tryMappingRole(str5);
                            if (tryMappingRole == null || tryMappingRole.size() <= 0) {
                                hashSet.add(str5);
                            } else {
                                hashSet.addAll(tryMappingRole);
                            }
                        }
                        return new DefaultUserIdentity(subject, principal, (String[]) hashSet.toArray(new String[hashSet.size()]));
                    }
                });
                break;
            default:
                throw new RuntimeException(Utils.format("Invalid Authentication Login Module '{}', must be one of '{}'", new Object[]{str2, LOGIN_MODULES}));
        }
        return jAASLoginService;
    }

    private Map<String, Set<String>> parseRoleMapping(String str) {
        if (str == null || str.trim().length() == 0) {
            throw new RuntimeException(Utils.format("LDAP group to Data Collector role mapping configuration - '{}' is empty", new Object[]{HTTP_AUTHENTICATION_LDAP_ROLE_MAPPING}));
        }
        HashMap hashMap = new HashMap();
        try {
            for (String str2 : str.split(BuilderHelper.TOKEN_SEPARATOR)) {
                String[] split = str2.split(_ss_com.streamsets.datacollector.execution.runner.common.Constants.MASTER_SDC_ID_SEPARATOR, 2);
                String trim = split[0].trim();
                String[] split2 = split[1].split(",");
                if (hashMap.get(trim) == null) {
                    hashMap.put(trim, new HashSet());
                }
                Set set = (Set) hashMap.get(trim);
                for (String str3 : split2) {
                    set.add(str3.trim());
                }
            }
            return hashMap;
        } catch (Exception e) {
            throw new RuntimeException(Utils.format("Invalid LDAP group to Data Collector role mapping configuration - '{}'.", new Object[]{str, e.getMessage()}), e);
        }
    }

    protected Set<String> tryMappingRole(String str) {
        HashSet hashSet = new HashSet();
        if (this.roleMapping == null || this.roleMapping.isEmpty()) {
            return hashSet;
        }
        Set<String> set = this.roleMapping.get(str);
        if (set != null) {
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                hashSet.add(it.next());
            }
        }
        return hashSet;
    }

    protected abstract String getAppAuthToken(Configuration configuration);

    protected abstract String getComponentId(Configuration configuration);

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, String> getRegistrationAttributes() {
        return ImmutableMap.of(SSOConstants.SERVICE_BASE_URL_ATTR, this.runtimeInfo.getBaseHttpUrl());
    }
}
