package org.graylog2.shared.initializers;

import com.codahale.metrics.InstrumentedExecutorService;
import com.codahale.metrics.MetricRegistry;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.jaxrs.json.JacksonJaxbJsonProvider;
import com.google.common.base.MoreObjects;
import com.google.common.base.Strings;
import com.google.common.util.concurrent.AbstractIdleService;
import com.google.common.util.concurrent.ThreadFactoryBuilder;
import java.io.IOException;
import java.net.URI;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.stream.Collectors;
import javax.inject.Inject;
import javax.inject.Named;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.container.DynamicFeature;
import javax.ws.rs.ext.ContextResolver;
import javax.ws.rs.ext.ExceptionMapper;
import org.glassfish.grizzly.http.CompressionConfig;
import org.glassfish.grizzly.http.server.HttpServer;
import org.glassfish.grizzly.http.server.NetworkListener;
import org.glassfish.grizzly.ssl.SSLContextConfigurator;
import org.glassfish.grizzly.ssl.SSLEngineConfigurator;
import org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpServerFactory;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.server.model.Resource;
import org.graylog2.Configuration;
import org.graylog2.audit.PluginAuditEventTypes;
import org.graylog2.audit.jersey.AuditEventModelProcessor;
import org.graylog2.jersey.PrefixAddingModelProcessor;
import org.graylog2.plugin.rest.PluginRestResource;
import org.graylog2.rest.GraylogErrorPageGenerator;
import org.graylog2.rest.filter.WebAppNotFoundResponseFilter;
import org.graylog2.shared.rest.CORSFilter;
import org.graylog2.shared.rest.NodeIdResponseFilter;
import org.graylog2.shared.rest.NotAuthorizedResponseFilter;
import org.graylog2.shared.rest.PrintModelProcessor;
import org.graylog2.shared.rest.RestAccessLogFilter;
import org.graylog2.shared.rest.XHRFilter;
import org.graylog2.shared.rest.exceptionmappers.AnyExceptionClassMapper;
import org.graylog2.shared.rest.exceptionmappers.BadRequestExceptionMapper;
import org.graylog2.shared.rest.exceptionmappers.JacksonPropertyExceptionMapper;
import org.graylog2.shared.rest.exceptionmappers.JsonProcessingExceptionMapper;
import org.graylog2.shared.rest.exceptionmappers.WebApplicationExceptionMapper;
import org.graylog2.shared.security.tls.KeyStoreUtils;
import org.graylog2.shared.security.tls.PemKeyStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog2/shared/initializers/JerseyService.class */
public class JerseyService extends AbstractIdleService {
    public static final String PLUGIN_PREFIX = "/plugins";
    private static final Logger LOG = LoggerFactory.getLogger(JerseyService.class);
    private static final String RESOURCE_PACKAGE_WEB = "org.graylog2.web.resources";
    private final Configuration configuration;
    private final Map<String, Set<Class<? extends PluginRestResource>>> pluginRestResources;
    private final String[] restControllerPackages;
    private final Set<Class<? extends DynamicFeature>> dynamicFeatures;
    private final Set<Class<? extends ContainerResponseFilter>> containerResponseFilters;
    private final Set<Class<? extends ExceptionMapper>> exceptionMappers;
    private final Set<Class> additionalComponents;
    private final Set<PluginAuditEventTypes> pluginAuditEventTypes;
    private final ObjectMapper objectMapper;
    private final MetricRegistry metricRegistry;
    private HttpServer apiHttpServer = null;
    private HttpServer webHttpServer = null;

    @Inject
    public JerseyService(Configuration configuration, Set<Class<? extends DynamicFeature>> set, Set<Class<? extends ContainerResponseFilter>> set2, Set<Class<? extends ExceptionMapper>> set3, @Named("additionalJerseyComponents") Set<Class> set4, Map<String, Set<Class<? extends PluginRestResource>>> map, @Named("RestControllerPackages") String[] strArr, Set<PluginAuditEventTypes> set5, ObjectMapper objectMapper, MetricRegistry metricRegistry) {
        this.configuration = configuration;
        this.dynamicFeatures = set;
        this.containerResponseFilters = set2;
        this.exceptionMappers = set3;
        this.additionalComponents = set4;
        this.pluginRestResources = map;
        this.restControllerPackages = strArr;
        this.pluginAuditEventTypes = set5;
        this.objectMapper = objectMapper;
        this.metricRegistry = metricRegistry;
    }

    protected void startUp() throws Exception {
        startUpApi();
        if (!this.configuration.isWebEnable() || this.configuration.isRestAndWebOnSamePort()) {
            return;
        }
        startUpWeb();
    }

    private void startUpWeb() throws Exception {
        String[] strArr = {RESOURCE_PACKAGE_WEB};
        SSLEngineConfigurator buildSslEngineConfigurator = this.configuration.isWebEnableTls() ? buildSslEngineConfigurator(this.configuration.getWebTlsCertFile(), this.configuration.getWebTlsKeyFile(), this.configuration.getWebTlsKeyPassword()) : null;
        URI webListenUri = this.configuration.getWebListenUri();
        this.webHttpServer = setUp("web", new URI(webListenUri.getScheme(), webListenUri.getUserInfo(), webListenUri.getHost(), webListenUri.getPort(), null, null, null), buildSslEngineConfigurator, this.configuration.getWebThreadPoolSize(), this.configuration.getWebSelectorRunnersCount(), this.configuration.getWebMaxInitialLineLength(), this.configuration.getWebMaxHeaderSize(), this.configuration.isWebEnableGzip(), this.configuration.isWebEnableCors(), Collections.emptySet(), strArr);
        this.webHttpServer.start();
        LOG.info("Started Web Interface at <{}>", this.configuration.getWebListenUri());
    }

    protected void shutDown() throws Exception {
        shutdownHttpServer(this.apiHttpServer, this.configuration.getRestListenUri());
        shutdownHttpServer(this.webHttpServer, this.configuration.getWebListenUri());
    }

    private void shutdownHttpServer(HttpServer httpServer, URI uri) {
        if (httpServer == null || !httpServer.isStarted()) {
            return;
        }
        LOG.info("Shutting down HTTP listener at <{}>", uri);
        httpServer.shutdownNow();
    }

    private void startUpApi() throws Exception {
        boolean z = this.configuration.isWebEnable() && this.configuration.isRestAndWebOnSamePort();
        ArrayList arrayList = new ArrayList(Arrays.asList(this.restControllerPackages));
        if (z) {
            arrayList.add(RESOURCE_PACKAGE_WEB);
        }
        Set<Resource> prefixPluginResources = prefixPluginResources(PLUGIN_PREFIX, this.pluginRestResources);
        SSLEngineConfigurator buildSslEngineConfigurator = this.configuration.isRestEnableTls() ? buildSslEngineConfigurator(this.configuration.getRestTlsCertFile(), this.configuration.getRestTlsKeyFile(), this.configuration.getRestTlsKeyPassword()) : null;
        URI restListenUri = this.configuration.getRestListenUri();
        this.apiHttpServer = setUp("rest", new URI(restListenUri.getScheme(), restListenUri.getUserInfo(), restListenUri.getHost(), restListenUri.getPort(), null, null, null), buildSslEngineConfigurator, this.configuration.getRestThreadPoolSize(), this.configuration.getRestSelectorRunnersCount(), this.configuration.getRestMaxInitialLineLength(), this.configuration.getRestMaxHeaderSize(), this.configuration.isRestEnableGzip(), this.configuration.isRestEnableCors(), prefixPluginResources, (String[]) arrayList.toArray(new String[0]));
        this.apiHttpServer.start();
        LOG.info("Started REST API at <{}>", this.configuration.getRestListenUri());
        if (z) {
            LOG.info("Started Web Interface at <{}>", this.configuration.getWebListenUri());
        }
    }

    private Set<Resource> prefixPluginResources(String str, Map<String, Set<Class<? extends PluginRestResource>>> map) {
        return (Set) map.entrySet().stream().map(entry -> {
            return prefixResources(str + "/" + ((String) entry.getKey()), (Set) entry.getValue());
        }).flatMap((v0) -> {
            return v0.stream();
        }).collect(Collectors.toSet());
    }

    private <T> Set<Resource> prefixResources(String str, Set<Class<? extends T>> set) {
        String substring = str.endsWith("/") ? str.substring(0, str.length() - 1) : str;
        return (Set) set.stream().map(cls -> {
            String nullToEmpty = Strings.nullToEmpty(Resource.getPath(cls).value());
            return Resource.builder(cls).path(nullToEmpty.startsWith("/") ? substring + nullToEmpty : substring + "/" + nullToEmpty).build();
        }).collect(Collectors.toSet());
    }

    private ResourceConfig buildResourceConfig(boolean z, Set<Resource> set, String[] strArr) {
        HashMap hashMap = new HashMap();
        for (String str : strArr) {
            hashMap.put(str, this.configuration.getRestListenUri().getPath());
        }
        hashMap.put(RESOURCE_PACKAGE_WEB, this.configuration.getWebListenUri().getPath());
        hashMap.put("", this.configuration.getRestListenUri().getPath());
        ResourceConfig registerResources = new ResourceConfig().property("jersey.config.beanValidation.enableOutputValidationErrorEntity.server", true).property("jersey.config.server.wadl.disableWadl", true).register(new PrefixAddingModelProcessor(hashMap)).register(new AuditEventModelProcessor(this.pluginAuditEventTypes)).registerClasses(new Class[]{JacksonJaxbJsonProvider.class, JsonProcessingExceptionMapper.class, JacksonPropertyExceptionMapper.class, AnyExceptionClassMapper.class, WebApplicationExceptionMapper.class, BadRequestExceptionMapper.class, RestAccessLogFilter.class, NodeIdResponseFilter.class, XHRFilter.class, NotAuthorizedResponseFilter.class, WebAppNotFoundResponseFilter.class}).register(new ContextResolver<ObjectMapper>() { // from class: org.graylog2.shared.initializers.JerseyService.1
            public ObjectMapper getContext(Class<?> cls) {
                return JerseyService.this.objectMapper;
            }

            /* renamed from: getContext, reason: collision with other method in class */
            public /* bridge */ /* synthetic */ Object m506getContext(Class cls) {
                return getContext((Class<?>) cls);
            }
        }).packages(true, strArr).registerResources(set);
        Set<Class<? extends ExceptionMapper>> set2 = this.exceptionMappers;
        Objects.requireNonNull(registerResources);
        set2.forEach(cls -> {
            registerResources.registerClasses(new Class[]{cls});
        });
        Set<Class<? extends DynamicFeature>> set3 = this.dynamicFeatures;
        Objects.requireNonNull(registerResources);
        set3.forEach(cls2 -> {
            registerResources.registerClasses(new Class[]{cls2});
        });
        Set<Class<? extends ContainerResponseFilter>> set4 = this.containerResponseFilters;
        Objects.requireNonNull(registerResources);
        set4.forEach(cls3 -> {
            registerResources.registerClasses(new Class[]{cls3});
        });
        Set<Class> set5 = this.additionalComponents;
        Objects.requireNonNull(registerResources);
        set5.forEach(cls4 -> {
            registerResources.registerClasses(new Class[]{cls4});
        });
        if (z) {
            LOG.info("Enabling CORS for HTTP endpoint");
            registerResources.registerClasses(new Class[]{CORSFilter.class});
        }
        if (LOG.isDebugEnabled()) {
            registerResources.registerClasses(new Class[]{PrintModelProcessor.class});
        }
        return registerResources;
    }

    private HttpServer setUp(String str, URI uri, SSLEngineConfigurator sSLEngineConfigurator, int i, int i2, int i3, int i4, boolean z, boolean z2, Set<Resource> set, String[] strArr) throws GeneralSecurityException, IOException {
        HttpServer createHttpServer = GrizzlyHttpServerFactory.createHttpServer(uri, buildResourceConfig(z2, set, strArr), sSLEngineConfigurator != null, sSLEngineConfigurator, false);
        NetworkListener listener = createHttpServer.getListener("grizzly");
        listener.setMaxHttpHeaderSize(i3);
        listener.setMaxRequestHeaders(i4);
        listener.getTransport().setWorkerThreadPool(instrumentedExecutor(str + "-worker-executor", str + "-worker-%d", i));
        listener.getTransport().setSelectorRunnersCount(i2);
        listener.setDefaultErrorPageGenerator(new GraylogErrorPageGenerator());
        if (z) {
            CompressionConfig compressionConfig = listener.getCompressionConfig();
            compressionConfig.setCompressionMode(CompressionConfig.CompressionMode.ON);
            compressionConfig.setCompressionMinSize(512);
        }
        return createHttpServer;
    }

    private SSLEngineConfigurator buildSslEngineConfigurator(Path path, Path path2, String str) throws GeneralSecurityException, IOException {
        if (path2 == null || !Files.isRegularFile(path2, new LinkOption[0]) || !Files.isReadable(path2)) {
            throw new InvalidKeyException("Unreadable or missing private key: " + path2);
        }
        if (path == null || !Files.isRegularFile(path, new LinkOption[0]) || !Files.isReadable(path)) {
            throw new CertificateException("Unreadable or missing X.509 certificate: " + path);
        }
        SSLContextConfigurator sSLContextConfigurator = new SSLContextConfigurator();
        char[] charArray = ((String) MoreObjects.firstNonNull(str, "")).toCharArray();
        KeyStore buildKeyStore = PemKeyStore.buildKeyStore(path, path2, charArray);
        sSLContextConfigurator.setKeyStorePass(charArray);
        sSLContextConfigurator.setKeyStoreBytes(KeyStoreUtils.getBytes(buildKeyStore, charArray));
        if (sSLContextConfigurator.validateConfiguration(true)) {
            return new SSLEngineConfigurator(sSLContextConfigurator.createSSLContext(), false, false, false);
        }
        throw new IllegalStateException("Couldn't initialize SSL context for HTTP server");
    }

    private ExecutorService instrumentedExecutor(String str, String str2, int i) {
        return new InstrumentedExecutorService(Executors.newFixedThreadPool(i, new ThreadFactoryBuilder().setNameFormat(str2).setDaemon(true).build()), this.metricRegistry, MetricRegistry.name(JerseyService.class, new String[]{str}));
    }
}
