package org.graylog2.configuration;

import com.github.joschi.jadconfig.Parameter;
import com.github.joschi.jadconfig.ParameterException;
import com.github.joschi.jadconfig.ValidationException;
import com.github.joschi.jadconfig.ValidatorMethod;
import com.github.joschi.jadconfig.validators.PositiveIntegerValidator;
import com.github.joschi.jadconfig.validators.URIAbsoluteValidator;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.net.HostAndPort;
import com.google.common.net.InetAddresses;
import java.net.Inet4Address;
import java.net.InetAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import javax.annotation.Nullable;
import org.graylog2.plugin.Tools;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog2/configuration/HttpConfiguration.class */
public class HttpConfiguration {
    private static final Logger LOG = LoggerFactory.getLogger(HttpConfiguration.class);
    private static final int GRAYLOG_DEFAULT_PORT = 9000;
    public static final String OVERRIDE_HEADER = "X-Graylog-Server-URL";
    public static final String PATH_WEB = "";
    public static final String PATH_API = "api/";

    @Parameter(value = "http_publish_uri", validator = URIAbsoluteValidator.class)
    private URI httpPublishUri;

    @Parameter("http_tls_cert_file")
    private Path httpTlsCertFile;

    @Parameter("http_tls_key_file")
    private Path httpTlsKeyFile;

    @Parameter("http_tls_key_password")
    private String httpTlsKeyPassword;

    @Parameter("http_external_uri")
    private URI httpExternalUri;

    @Parameter(value = "http_bind_address", required = true)
    private HostAndPort httpBindAddress = HostAndPort.fromParts("127.0.0.1", GRAYLOG_DEFAULT_PORT);

    @Parameter("http_enable_cors")
    private boolean httpEnableCors = true;

    @Parameter("http_enable_gzip")
    private boolean httpEnableGzip = true;

    @Parameter(value = "http_max_header_size", required = true, validator = PositiveIntegerValidator.class)
    private int httpMaxHeaderSize = 8192;

    @Parameter(value = "http_thread_pool_size", required = true, validator = PositiveIntegerValidator.class)
    private int httpThreadPoolSize = 16;

    @Parameter(value = "http_selector_runners_count", required = true, validator = PositiveIntegerValidator.class)
    private int httpSelectorRunnersCount = 1;

    @Parameter("http_enable_tls")
    private boolean httpEnableTls = false;

    public HostAndPort getHttpBindAddress() {
        return this.httpBindAddress.requireBracketsForIPv6().withDefaultPort(GRAYLOG_DEFAULT_PORT);
    }

    public String getUriScheme() {
        return isHttpEnableTls() ? "https" : "http";
    }

    @Nullable
    private InetAddress toInetAddress(String str) {
        try {
            return InetAddress.getByName(str);
        } catch (UnknownHostException e) {
            LOG.debug("Couldn't resolve \"{}\"", str, e);
            return null;
        }
    }

    public URI getHttpPublishUri() {
        if (this.httpPublishUri == null) {
            URI defaultHttpUri = getDefaultHttpUri();
            LOG.debug("No \"http_publish_uri\" set. Using default <{}>.", defaultHttpUri);
            return defaultHttpUri;
        }
        if (!Tools.isWildcardInetAddress(toInetAddress(this.httpPublishUri.getHost()))) {
            return Tools.normalizeURI(this.httpPublishUri, this.httpPublishUri.getScheme(), GRAYLOG_DEFAULT_PORT, this.httpPublishUri.getPath());
        }
        URI defaultHttpUri2 = getDefaultHttpUri(this.httpPublishUri.getPath());
        LOG.warn("\"{}\" is not a valid setting for \"http_publish_uri\". Using default <{}>.", this.httpPublishUri, defaultHttpUri2);
        return defaultHttpUri2;
    }

    @VisibleForTesting
    URI getDefaultHttpUri() {
        return getDefaultHttpUri("/");
    }

    private URI getDefaultHttpUri(String str) {
        URI uri;
        HostAndPort httpBindAddress = getHttpBindAddress();
        InetAddress inetAddress = toInetAddress(httpBindAddress.getHost());
        if (inetAddress == null || !Tools.isWildcardInetAddress(inetAddress)) {
            try {
                uri = new URI(getUriScheme(), null, getHttpBindAddress().getHost(), getHttpBindAddress().getPort(), str, null, null);
            } catch (URISyntaxException e) {
                throw new RuntimeException("Invalid http_publish_uri.", e);
            }
        } else {
            try {
                InetAddress guessPrimaryNetworkAddress = Tools.guessPrimaryNetworkAddress(inetAddress instanceof Inet4Address);
                if (guessPrimaryNetworkAddress.isLoopbackAddress()) {
                    LOG.debug("Using loopback address {}", guessPrimaryNetworkAddress);
                }
                try {
                    uri = new URI(getUriScheme(), null, guessPrimaryNetworkAddress.getHostAddress(), httpBindAddress.getPort(), str, null, null);
                } catch (URISyntaxException e2) {
                    throw new RuntimeException("Invalid http_publish_uri.", e2);
                }
            } catch (Exception e3) {
                LOG.error("Could not guess primary network address for \"http_publish_uri\". Please configure it in your Graylog configuration.", e3);
                throw new ParameterException("No http_publish_uri.", e3);
            }
        }
        return uri;
    }

    public boolean isHttpEnableCors() {
        return this.httpEnableCors;
    }

    public boolean isHttpEnableGzip() {
        return this.httpEnableGzip;
    }

    public int getHttpMaxHeaderSize() {
        return this.httpMaxHeaderSize;
    }

    public int getHttpThreadPoolSize() {
        return this.httpThreadPoolSize;
    }

    public int getHttpSelectorRunnersCount() {
        return this.httpSelectorRunnersCount;
    }

    public boolean isHttpEnableTls() {
        return this.httpEnableTls;
    }

    public Path getHttpTlsCertFile() {
        return this.httpTlsCertFile;
    }

    public Path getHttpTlsKeyFile() {
        return this.httpTlsKeyFile;
    }

    public String getHttpTlsKeyPassword() {
        return this.httpTlsKeyPassword;
    }

    public URI getHttpExternalUri() {
        return this.httpExternalUri == null ? getHttpPublishUri() : this.httpExternalUri;
    }

    @ValidatorMethod
    public void validateHttpBindAddress() throws ValidationException {
        try {
            String host = getHttpBindAddress().getHost();
            if (!InetAddresses.isInetAddress(host)) {
                InetAddress.getByName(host);
            }
        } catch (IllegalArgumentException | UnknownHostException e) {
            throw new ValidationException(e);
        }
    }

    @ValidatorMethod
    public void validateHttpPublishUriPathEndsWithSlash() throws ValidationException {
        if (!getHttpPublishUri().getPath().endsWith("/")) {
            throw new ValidationException("\"http_publish_uri\" must end with a slash (\"/\")");
        }
    }

    @ValidatorMethod
    public void validateHttpExternalUriPathEndsWithSlash() throws ValidationException {
        if (!getHttpExternalUri().getPath().endsWith("/")) {
            throw new ValidationException("\"http_external_uri\" must end with a slash (\"/\")");
        }
    }

    @ValidatorMethod
    public void validateTlsConfig() throws ValidationException {
        if (isHttpEnableTls()) {
            if (!isRegularFileAndReadable(getHttpTlsKeyFile())) {
                throw new ValidationException("Unreadable or missing HTTP private key: " + getHttpTlsKeyFile());
            }
            if (!isRegularFileAndReadable(getHttpTlsCertFile())) {
                throw new ValidationException("Unreadable or missing HTTP X.509 certificate: " + getHttpTlsCertFile());
            }
        }
    }

    private boolean isRegularFileAndReadable(Path path) {
        return path != null && Files.isRegularFile(path, new LinkOption[0]) && Files.isReadable(path);
    }
}
