package app.utils.server;

import app.utils.config.AppConfig;
import app.utils.server.security.NoOpLoginService;
import app.utils.server.security.OpenIdLoginWithRoleExtractionService;
import app.utils.server.security.legacy.oidc.OidcAccessTokenAuthenticator;
import app.utils.server.security.legacy.oidc.OidcAccessTokenFilter;
import app.utils.server.security.legacy.oidc.OidcConfiguration;
import app.utils.server.security.oauth.JwtAccessTokenAuthenticator;
import app.utils.server.security.oauth.JwtAccessTokenFilter;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import javax.servlet.DispatcherType;
import javax.servlet.http.HttpServlet;
import org.apache.camel.support.jsse.KeyManagersParameters;
import org.apache.camel.support.jsse.KeyStoreParameters;
import org.apache.camel.support.jsse.SSLContextParameters;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.DefaultParser;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Option;
import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
import org.apache.commons.configuration2.CompositeConfiguration;
import org.apache.commons.lang3.StringUtils;
import org.apache.cxf.Bus;
import org.apache.cxf.configuration.jsse.TLSServerParametersConfig;
import org.apache.cxf.configuration.security.ClientAuthentication;
import org.apache.cxf.configuration.security.KeyManagersType;
import org.apache.cxf.configuration.security.KeyStoreType;
import org.apache.cxf.configuration.security.TLSServerParametersType;
import org.apache.cxf.jaxrs.provider.dom4j.DOM4JProvider;
import org.apache.cxf.jaxrs.servlet.CXFNonSpringJaxrsServlet;
import org.apache.cxf.management.counters.CounterRepository;
import org.apache.cxf.management.jmx.InstrumentationManagerImpl;
import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngine;
import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.HashLoginService;
import org.eclipse.jetty.security.UserStore;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.security.openid.OpenIdAuthenticator;
import org.eclipse.jetty.security.openid.OpenIdConfiguration;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.session.DefaultSessionCache;
import org.eclipse.jetty.server.session.NullSessionDataStore;
import org.eclipse.jetty.server.session.SessionHandler;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.servlets.CrossOriginFilter;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.security.Password;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.jolokia.http.AgentServlet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:app/utils/server/AppJetty.class */
public class AppJetty {
    private static Logger LOG = LoggerFactory.getLogger(AppJetty.class);

    public static CompositeConfiguration cfg() {
        return AppConfig.getInstance().getConfigs();
    }

    public static Server createServer() {
        return new Server(cfg().getInt("server.port", 8065));
    }

    public static void addCxfJaxRSServlet(ServletContextHandler servletContextHandler, String str) {
        ServletHolder servletHolder = new ServletHolder(new CXFNonSpringJaxrsServlet());
        servletHolder.setInitParameter("jaxrs.serviceClasses", str);
        servletHolder.setInitParameter("jaxrs.providers", DOM4JProvider.class.getName());
        servletContextHandler.addServlet(servletHolder, "/services/*");
    }

    public static JettyHTTPServerEngine createServer(Bus bus) throws GeneralSecurityException, IOException {
        JettyHTTPServerEngineFactory jettyHTTPServerEngineFactory = (JettyHTTPServerEngineFactory) bus.getExtension(JettyHTTPServerEngineFactory.class);
        TLSServerParametersConfig tLSConfig = getTLSConfig();
        if (tLSConfig != null) {
            jettyHTTPServerEngineFactory.setTLSServerParametersForPort("localhost", cfg().getInt("server.port"), tLSConfig);
        }
        return jettyHTTPServerEngineFactory.createJettyHTTPServerEngine(cfg().getString("server.host"), cfg().getInt("server.port"), cfg().getString("server.protocol"));
    }

    private static String getMgmtContextPath(ServletContextHandler servletContextHandler) {
        return servletContextHandler.getContextPath().length() > 1 ? "" : cfg().getString("server.management.base-path");
    }

    public static void addJolokiaServlet(ServletContextHandler servletContextHandler) {
        servletContextHandler.addServlet(new ServletHolder("jolokia", AgentServlet.class), String.format("%s/jolokia/*", getMgmtContextPath(servletContextHandler)));
    }

    public static void addHealthCheck(ServletContextHandler servletContextHandler, HttpServlet httpServlet) {
        servletContextHandler.addServlet(new ServletHolder(httpServlet), String.format("%s/health", getMgmtContextPath(servletContextHandler)));
    }

    public static void addCamelHealthCheck(ServletContextHandler servletContextHandler, HttpServlet httpServlet) {
        servletContextHandler.addServlet(new ServletHolder(httpServlet), String.format("%s/ready", getMgmtContextPath(servletContextHandler)));
    }

    public static void addInfoEndpoint(ServletContextHandler servletContextHandler, HttpServlet httpServlet) {
        servletContextHandler.addServlet(new ServletHolder(httpServlet), String.format("%s/info", getMgmtContextPath(servletContextHandler)));
    }

    public static void addShutdownEndpoint(ServletContextHandler servletContextHandler, HttpServlet httpServlet) {
        servletContextHandler.addServlet(new ServletHolder(httpServlet), String.format("%s/shutdown", getMgmtContextPath(servletContextHandler)));
    }

    public static void addJmxManagement(Bus bus) {
        InstrumentationManagerImpl instrumentationManagerImpl = new InstrumentationManagerImpl(bus);
        instrumentationManagerImpl.setUsePlatformMBeanServer(true);
        instrumentationManagerImpl.getMBeanServer();
        instrumentationManagerImpl.setBus(bus);
        instrumentationManagerImpl.setEnabled(true);
        instrumentationManagerImpl.init();
        new CounterRepository().setBus(bus);
    }

    public static void addCrossOriginFilter(ServletContextHandler servletContextHandler) {
        FilterHolder filterHolder = new FilterHolder(CrossOriginFilter.class);
        filterHolder.setName("cross-origin");
        servletContextHandler.addFilter(filterHolder, "/*", EnumSet.of(DispatcherType.REQUEST));
    }

    public static void addBasicAuthentication(ServletContextHandler servletContextHandler, String str) {
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        Constraint constraint = new Constraint();
        constraint.setName("BASIC");
        constraint.setRoles(new String[]{"user"});
        constraint.setAuthenticate(true);
        ConstraintMapping constraintMapping = new ConstraintMapping();
        constraintMapping.setPathSpec(str);
        constraintMapping.setConstraint(constraint);
        constraintSecurityHandler.setConstraintMappings(Collections.singletonList(constraintMapping));
        BasicAuthenticator basicAuthenticator = new BasicAuthenticator();
        servletContextHandler.setSecurityHandler(constraintSecurityHandler);
        constraintSecurityHandler.setRealmName("TalendRealm");
        constraintSecurityHandler.setAuthenticator(basicAuthenticator);
        UserStore userStore = new UserStore();
        userStore.addUser(cfg().getString("security.user.name"), new Password(cfg().getString("security.user.password")), new String[]{"user"});
        HashLoginService hashLoginService = new HashLoginService();
        hashLoginService.setName("TalendRealm");
        hashLoginService.setUserStore(userStore);
        constraintSecurityHandler.setLoginService(hashLoginService);
    }

    public static void addLegacyOIDCViaFilter(ServletContextHandler servletContextHandler, String str) {
        servletContextHandler.addFilter(new FilterHolder(new OidcAccessTokenFilter(getLegacyOidcConfigs())), str, EnumSet.of(DispatcherType.REQUEST));
    }

    public static void addLegacyOIDCViaAuthenticator(ServletContextHandler servletContextHandler, String str) {
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        Constraint constraint = new Constraint();
        constraint.setName("OAUTH");
        constraint.setRoles(new String[]{"user"});
        constraint.setAuthenticate(true);
        ConstraintMapping constraintMapping = new ConstraintMapping();
        constraintMapping.setPathSpec(str);
        constraintMapping.setConstraint(constraint);
        constraintSecurityHandler.setConstraintMappings(Collections.singletonList(constraintMapping));
        constraintSecurityHandler.setAuthenticator(new OidcAccessTokenAuthenticator(getLegacyOidcConfigs()));
        constraintSecurityHandler.setLoginService(new NoOpLoginService());
        servletContextHandler.setSecurityHandler(constraintSecurityHandler);
    }

    public static Map<String, String> getLegacyOidcConfigs() {
        AppConfig.addConfigsFromFile(cfg(), "config/legacy-oidc.properties");
        HashMap hashMap = new HashMap();
        hashMap.put("token.endpoint", cfg().getString("token.endpoint"));
        hashMap.put(OidcConfiguration.OIDC_VALIDATION_ENDPOINT_LOCATION, cfg().getString(OidcConfiguration.OIDC_VALIDATION_ENDPOINT_LOCATION));
        hashMap.put("public.client.id", cfg().getString("public.client.id"));
        hashMap.put("scope", cfg().getString("scope"));
        return hashMap;
    }

    public static void addJWTAuthorizationViaFilter(ServletContextHandler servletContextHandler, String str) {
        servletContextHandler.addFilter(new FilterHolder(new JwtAccessTokenFilter()), str, EnumSet.of(DispatcherType.REQUEST));
    }

    public static void addJWTAuthorizationViaAuthenticator(ServletContextHandler servletContextHandler, String str) {
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        Constraint constraint = new Constraint();
        constraint.setName("OAUTH");
        constraint.setRoles(new String[]{"user"});
        constraint.setAuthenticate(true);
        ConstraintMapping constraintMapping = new ConstraintMapping();
        constraintMapping.setPathSpec(str);
        constraintMapping.setConstraint(constraint);
        constraintSecurityHandler.setConstraintMappings(Collections.singletonList(constraintMapping));
        constraintSecurityHandler.setAuthenticator(new JwtAccessTokenAuthenticator());
        constraintSecurityHandler.setLoginService(new NoOpLoginService());
        servletContextHandler.setSecurityHandler(constraintSecurityHandler);
    }

    public static void addOIDAuthorizationCodeFlow(ServletContextHandler servletContextHandler, String str) {
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        constraintSecurityHandler.setRealmName("TalendRealm");
        Constraint constraint = new Constraint();
        constraint.setName("OPENID");
        constraint.setRoles(new String[]{"TalendRealmRole"});
        constraint.setAuthenticate(true);
        ConstraintMapping constraintMapping = new ConstraintMapping();
        constraintMapping.setPathSpec(str);
        constraintMapping.setConstraint(constraint);
        constraintSecurityHandler.setConstraintMappings(Collections.singletonList(constraintMapping));
        OpenIdConfiguration openIdConfiguration = new OpenIdConfiguration(cfg().getString("oidc.auth.provider.realm.url"), cfg().getString("oidc.auth.client.id"), cfg().getString("oidc.auth.client.secret"));
        LOG.info(String.format("Will authenticate with OpenId Provider using %s method", openIdConfiguration.getAuthMethod()));
        constraintSecurityHandler.setLoginService(new OpenIdLoginWithRoleExtractionService(openIdConfiguration));
        constraintSecurityHandler.setAuthenticator(new OpenIdAuthenticator());
        servletContextHandler.setSecurityHandler(constraintSecurityHandler);
        SessionHandler sessionHandler = new SessionHandler();
        DefaultSessionCache defaultSessionCache = new DefaultSessionCache(sessionHandler);
        defaultSessionCache.setSessionDataStore(new NullSessionDataStore());
        sessionHandler.setSessionCache(defaultSessionCache);
        servletContextHandler.setSessionHandler(sessionHandler);
    }

    private static TLSServerParametersConfig getTLSConfig() throws IOException, GeneralSecurityException {
        if (!cfg().getBoolean("security.require-ssl", false)) {
            return null;
        }
        TLSServerParametersType tLSServerParametersType = new TLSServerParametersType();
        tLSServerParametersType.setCertAlias(cfg().getString("server.ssl.key-store-alias"));
        ClientAuthentication clientAuthentication = new ClientAuthentication();
        clientAuthentication.setRequired(false);
        clientAuthentication.setWant(false);
        tLSServerParametersType.setClientAuthentication(clientAuthentication);
        KeyManagersType keyManagersType = new KeyManagersType();
        KeyStoreType keyStoreType = new KeyStoreType();
        keyStoreType.setFile(Paths.get(cfg().getString("server.ssl.key-store"), new String[0]).toAbsolutePath().toString());
        keyStoreType.setPassword(cfg().getString("server.ssl.key-store-password"));
        keyStoreType.setType(cfg().getString("server.ssl.key-store-type"));
        keyManagersType.setKeyStore(keyStoreType);
        keyManagersType.setKeyPassword(cfg().getString("server.ssl.key-store-password"));
        tLSServerParametersType.setKeyManagers(keyManagersType);
        return new TLSServerParametersConfig(tLSServerParametersType);
    }

    public static void addSSLSupport(Server server) {
        if (cfg().getBoolean("security.require-ssl", false)) {
            HttpConfiguration httpConfiguration = new HttpConfiguration();
            httpConfiguration.setSecureScheme("https");
            httpConfiguration.setSecurePort(cfg().getInt("server.port"));
            httpConfiguration.addCustomizer(new SecureRequestCustomizer());
            File file = Paths.get(cfg().getString("server.ssl.key-store"), new String[0]).toFile();
            if (!file.exists()) {
                throw new RuntimeException("Could not setup keystore {} file not found" + file.getAbsolutePath());
            }
            SslContextFactory.Server server2 = new SslContextFactory.Server();
            server2.setKeyStorePath(file.getAbsolutePath());
            server2.setKeyStorePassword(cfg().getString("server.ssl.key-store-password"));
            server2.setKeyStoreType(cfg().getString("server.ssl.key-store-type"));
            server2.setCertAlias(cfg().getString("server.ssl.key-store-alias"));
            try {
                server2.start();
                Connector serverConnector = new ServerConnector(server, new ConnectionFactory[]{new SslConnectionFactory(server2, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfiguration)});
                serverConnector.setPort(cfg().getInt("server.port"));
                serverConnector.setHost(cfg().getString("server.host"));
                server.setConnectors(new Connector[]{serverConnector});
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    public static SSLContextParameters buildSSLContext() {
        CompositeConfiguration configs = AppConfig.getInstance().getConfigs();
        if (!configs.getBoolean("security.require-ssl", false)) {
            return null;
        }
        KeyStoreParameters keyStoreParameters = new KeyStoreParameters();
        keyStoreParameters.setResource(configs.getString("server.ssl.key-store"));
        keyStoreParameters.setPassword(configs.getString("server.ssl.key-store-password"));
        KeyManagersParameters keyManagersParameters = new KeyManagersParameters();
        keyManagersParameters.setKeyStore(keyStoreParameters);
        SSLContextParameters sSLContextParameters = new SSLContextParameters();
        sSLContextParameters.setKeyManagers(keyManagersParameters);
        sSLContextParameters.setCertAlias(configs.getString("server.ssl.key-store-alias"));
        return sSLContextParameters;
    }

    public static void generateUserNameAndPassword() {
        String config = AppConfig.getInstance().getConfig("security.user.name");
        boolean z = false;
        if (StringUtils.isEmpty(config)) {
            config = "user";
            System.setProperty("security.user.name", config);
            z = true;
            LOG.warn("username is not available, generating");
        }
        if (StringUtils.isEmpty(AppConfig.getInstance().getConfig("security.user.password"))) {
            String uuid = UUID.randomUUID().toString();
            System.setProperty("security.user.password", uuid);
            z = true;
            LOG.warn("password is not available, generating");
            LOG.warn(String.format("%n%nUsing generated security credentials %nusername: %s %npassword: %s%n%nThis generated password is for development use only. %nYour security configuration must be updated before running your application in production.%n", config, uuid));
        }
        if (z) {
            AppConfig.reload();
        }
    }

    public static void parseCmdLineAndPrintBanner(String[] strArr) {
        Options options = new Options();
        Option build = Option.builder("h").longOpt("help").desc("print this message").build();
        Option build2 = Option.builder().longOpt("context_param").desc("To override a context parameter or a property --context_param  key=value").numberOfArgs(2).valueSeparator('=').build();
        Option build3 = Option.builder().longOpt("context").desc("To set the context name ").hasArg().build();
        Option build4 = Option.builder().longOpt("stat_port").desc("To set statistic port number ").hasArg().build();
        Option build5 = Option.builder().longOpt("pid").desc("To force pid of the job ").hasArg().build();
        Option build6 = Option.builder().longOpt("additional_location").desc("To set the configuration files to read, separated by ,").hasArgs().valueSeparator(',').build();
        Option build7 = Option.builder().longOpt("banner").desc("To set the location of the banner file").hasArg().build();
        options.addOption(build).addOption(build2).addOption(build3).addOption(build4).addOption(build5).addOption(build6).addOption(build7);
        DefaultParser defaultParser = new DefaultParser();
        HelpFormatter helpFormatter = new HelpFormatter();
        try {
            CommandLine parse = defaultParser.parse(options, strArr);
            if (parse.hasOption(build)) {
                helpFormatter.printHelp("Usage:", options);
                throw new RuntimeException("Exit");
            }
            if (parse.hasOption(build6)) {
                AppConfig.setConfigFileLocation(parse.getOptionValues(build6));
            }
            if (parse.hasOption(build3)) {
                System.setProperty("context", parse.getOptionValue(build3));
            }
            if (parse.hasOption(build2)) {
                AppConfig.addContextParamProperty(parse.getOptionValues(build2)[0], parse.getOptionValues(build2)[1]);
            }
            if (parse.hasOption(build7)) {
                System.setProperty("banner.location", parse.getOptionValue(build7));
            }
            if (parse.hasOption(build5)) {
                System.setProperty("pid", parse.getOptionValue(build5));
            }
            if (parse.hasOption(build4)) {
                System.setProperty("stat_port", parse.getOptionValue(build4));
            }
            AppConfig.reload();
            printBanner();
        } catch (ParseException e) {
            helpFormatter.printHelp("Usage:", options);
            throw new RuntimeException((Throwable) e);
        }
    }

    private static void printBanner() {
        Path path = Paths.get(AppConfig.getInstance().getConfigs().getString("banner.location", "src/main/resources/config/banner.txt"), new String[0]);
        if (Files.exists(path, new LinkOption[0])) {
            try {
                System.out.println(Files.readString(path));
            } catch (IOException e) {
                LOG.error("Error while reading banner file ", e.getMessage());
            }
        }
    }
}
