package app.utils.server;

import app.utils.config.AppConfig;
import app.utils.config.ServerConfig;
import app.utils.security.server.basic.BasicHttpAuthFilter;
import app.utils.security.server.legacy.oidc.OidcAccessTokenRSFilter;
import app.utils.security.server.legacy.oidc.OidcAccessTokenServletFilter;
import app.utils.server.management.info.InfoServlet;
import io.micrometer.core.instrument.Clock;
import io.micrometer.core.instrument.binder.jetty.JettyConnectionMetrics;
import io.micrometer.core.instrument.binder.jetty.JettySslHandshakeMetrics;
import io.micrometer.core.instrument.binder.jvm.ClassLoaderMetrics;
import io.micrometer.core.instrument.binder.jvm.JvmGcMetrics;
import io.micrometer.core.instrument.binder.jvm.JvmHeapPressureMetrics;
import io.micrometer.core.instrument.binder.jvm.JvmMemoryMetrics;
import io.micrometer.core.instrument.binder.jvm.JvmThreadMetrics;
import io.micrometer.core.instrument.binder.logging.Log4j2Metrics;
import io.micrometer.core.instrument.binder.system.DiskSpaceMetrics;
import io.micrometer.core.instrument.binder.system.FileDescriptorMetrics;
import io.micrometer.core.instrument.binder.system.ProcessorMetrics;
import io.micrometer.core.instrument.binder.system.UptimeMetrics;
import io.micrometer.prometheus.PrometheusConfig;
import io.micrometer.prometheus.PrometheusMeterRegistry;
import io.prometheus.client.CollectorRegistry;
import io.prometheus.client.servlet.jakarta.exporter.MetricsServlet;
import io.prometheus.jmx.BuildInfoCollector;
import io.prometheus.jmx.JmxCollector;
import jakarta.servlet.DispatcherType;
import jakarta.servlet.http.HttpServlet;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.UUID;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import org.apache.camel.CamelContext;
import org.apache.camel.support.jsse.KeyManagersParameters;
import org.apache.camel.support.jsse.KeyStoreParameters;
import org.apache.camel.support.jsse.SSLContextParameters;
import org.apache.commons.lang3.StringUtils;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.jaxrs.provider.dom4j.DOM4JProvider;
import org.apache.cxf.jaxrs.security.JAASAuthenticationFilter;
import org.apache.cxf.jaxrs.servlet.CXFNonSpringJaxrsServlet;
import org.apache.cxf.metrics.MetricsFeature;
import org.apache.cxf.metrics.codahale.CodahaleMetricsProvider;
import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngine;
import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory;
import org.apache.cxf.transport.http_jetty.ThreadingParameters;
import org.apache.http.client.utils.URIBuilder;
import org.eclipse.jetty.ee10.servlet.FilterHolder;
import org.eclipse.jetty.ee10.servlet.ServletContextHandler;
import org.eclipse.jetty.ee10.servlet.ServletHolder;
import org.eclipse.jetty.ee10.servlets.CrossOriginFilter;
import org.eclipse.jetty.http.HttpScheme;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.server.AsyncRequestLogWriter;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.CustomRequestLog;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.util.component.LifeCycle;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.jolokia.server.core.http.AgentServlet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:app/utils/server/AppJetty.class */
public class AppJetty {
    private static final Logger LOG = LoggerFactory.getLogger(AppJetty.class);

    @Deprecated
    public static Server createServer() {
        return new Server(ServerConfig.getPort());
    }

    @Deprecated
    public static void addCxfJaxRSServlet(ServletContextHandler servletContextHandler, String str) {
        ServletHolder servletHolder = new ServletHolder(new CXFNonSpringJaxrsServlet());
        servletHolder.setInitParameter("jaxrs.serviceClasses", str);
        servletHolder.setInitParameter("jaxrs.providers", DOM4JProvider.class.getName());
        servletContextHandler.addServlet(servletHolder, ServerConfig.getServletContextPath() + "/*");
    }

    public static JettyHTTPServerEngine createServer(Bus bus) {
        JettyHTTPServerEngineFactory jettyHTTPServerEngineFactory = (JettyHTTPServerEngineFactory) bus.getExtension(JettyHTTPServerEngineFactory.class);
        if (HttpScheme.HTTPS.toString().equalsIgnoreCase(ServerConfig.getProtocol())) {
            try {
                jettyHTTPServerEngineFactory.setTLSServerParametersForPort(ServerConfig.getHost(), ServerConfig.getPort(), ServerConfig.getTLSConfig());
            } catch (IOException | GeneralSecurityException e) {
                LOG.error(String.format("Setting SSL/TLS for port %d resulted in exception, startup errors may occur", Integer.valueOf(ServerConfig.getPort())), e);
            }
        }
        try {
            return jettyHTTPServerEngineFactory.createJettyHTTPServerEngine(ServerConfig.getHost(), ServerConfig.getPort(), ServerConfig.getProtocol());
        } catch (IOException | GeneralSecurityException e2) {
            throw new RuntimeException(String.format("Creatng Jetty server at %s://%s:%s resulted in exception", ServerConfig.getProtocol(), ServerConfig.getHost(), Integer.valueOf(ServerConfig.getPort())), e2);
        }
    }

    public static void startServer(Bus bus, JettyHTTPServerEngine jettyHTTPServerEngine, ServletContextHandler servletContextHandler) {
        ManagementEndpointsHTTPHandler managementEndpointsHTTPHandler = new ManagementEndpointsHTTPHandler(bus, servletContextHandler, ServerConfig.getMgmtContextPath());
        try {
            URL url = new URL(ServerConfig.getMgmtEndpointsPrefix());
            boolean z = AppConfig.getBoolean("server.requestlog.enabled", false);
            LifeCycle lifeCycle = null;
            if (z) {
                AsyncRequestLogWriter asyncRequestLogWriter = new AsyncRequestLogWriter();
                asyncRequestLogWriter.setAppend(AppConfig.getBoolean("server.requestlog.append", true));
                asyncRequestLogWriter.setFilename(AppConfig.getString("server.requestlog.file", "request.log"));
                asyncRequestLogWriter.setRetainDays(AppConfig.getInt("server.requestlog.retaindays", 1));
                lifeCycle = new CustomRequestLog(asyncRequestLogWriter, AppConfig.getString("server.requestlog.format", "%{client}a - %u %t \"%r\" %s %O \"%{Referer}i\" \"%{User-Agent}i\""));
                servletContextHandler.addManaged(lifeCycle);
            }
            ThreadingParameters threadingParameters = new ThreadingParameters();
            threadingParameters.setMaxThreads(AppConfig.getInt("jetty.threadPool.maxThreads", 200));
            threadingParameters.setMinThreads(AppConfig.getInt("jetty.threadPool.minThreads", 8));
            String string = AppConfig.getString("jetty.threadPool.threadNamePrefix");
            if (string != null) {
                threadingParameters.setThreadNamePrefix(string);
            }
            jettyHTTPServerEngine.setThreadingParameters(threadingParameters);
            jettyHTTPServerEngine.addServant(url, managementEndpointsHTTPHandler);
            if (z) {
                jettyHTTPServerEngine.getServer().setRequestLog(lifeCycle);
            }
            servletContextHandler.setServer(jettyHTTPServerEngine.getServer());
            jettyHTTPServerEngine.getServer().addManaged(servletContextHandler);
        } catch (MalformedURLException e) {
            LOG.error(String.format("Converting %s to URL resulted in exception - management endpoints will not be available", ServerConfig.getMgmtEndpointsPrefix()), e);
        }
    }

    public static void addMgmtEndpoints(JettyHTTPServerEngine jettyHTTPServerEngine, ServletContextHandler servletContextHandler, boolean z) {
        addMgmtServlets(null, jettyHTTPServerEngine, servletContextHandler, z);
    }

    public static void addMgmtEndpoints(CamelContext camelContext, JettyHTTPServerEngine jettyHTTPServerEngine, ServletContextHandler servletContextHandler, boolean z) {
        addMgmtServlets(camelContext, jettyHTTPServerEngine, servletContextHandler, z);
    }

    protected static void addMgmtServlets(CamelContext camelContext, JettyHTTPServerEngine jettyHTTPServerEngine, ServletContextHandler servletContextHandler, boolean z) {
        boolean z2 = AppConfig.getBoolean("management.endpoints.secured", true);
        for (String str : ServerConfig.getMgmtEndpointsToAdd()) {
            if (ServerConfig.MGMT_JOLOKIA_ENDPOINT.equals(str)) {
                addJolokiaServlet(servletContextHandler);
            } else if (z && ServerConfig.MGMT_PROMETHEUS_ENDPOINT.equals(str)) {
                addPrometheusServlet(servletContextHandler, z2);
            } else if (ServerConfig.MGMT_HEALTH_ENDPOINT.equals(str)) {
                addServlet(servletContextHandler, new LivenessServlet(camelContext), ServerConfig.MGMT_HEALTH_ENDPOINT, z2);
                addServlet(servletContextHandler, new ReadinessServlet(camelContext), ServerConfig.MGMT_CAMEL_HEALTH_ENDPOINT, z2);
            } else if (ServerConfig.MGMT_INFO_ENDPOINT.equals(str)) {
                addServlet(servletContextHandler, new InfoServlet(camelContext), ServerConfig.MGMT_INFO_ENDPOINT, z2);
            } else if (ServerConfig.MGMT_SHUTDOWN_ENDPOINT.equals(str)) {
                addServlet(servletContextHandler, new ShutdownServlet(camelContext, jettyHTTPServerEngine), ServerConfig.MGMT_SHUTDOWN_ENDPOINT, true);
            }
        }
    }

    public static void addJolokiaServlet(ServletContextHandler servletContextHandler) {
        ServletHolder servletHolder = new ServletHolder(ServerConfig.MGMT_JOLOKIA_ENDPOINT, AgentServlet.class);
        String format = String.format("/%s/*", ServerConfig.MGMT_JOLOKIA_ENDPOINT);
        servletContextHandler.addServlet(servletHolder, format);
        addBasicAuthentication(servletContextHandler, format);
    }

    public static void addPrometheusServlet(ServletContextHandler servletContextHandler, boolean z) {
        CollectorRegistry collectorRegistry = CollectorRegistry.defaultRegistry;
        PrometheusMeterRegistry prometheusMeterRegistry = new PrometheusMeterRegistry(PrometheusConfig.DEFAULT, collectorRegistry, Clock.SYSTEM);
        new UptimeMetrics().bindTo(prometheusMeterRegistry);
        new ProcessorMetrics().bindTo(prometheusMeterRegistry);
        new FileDescriptorMetrics().bindTo(prometheusMeterRegistry);
        new DiskSpaceMetrics(new File(".")).bindTo(prometheusMeterRegistry);
        new JvmMemoryMetrics().bindTo(prometheusMeterRegistry);
        new JvmThreadMetrics().bindTo(prometheusMeterRegistry);
        new ClassLoaderMetrics().bindTo(prometheusMeterRegistry);
        AutoCloseable jvmGcMetrics = new JvmGcMetrics();
        jvmGcMetrics.bindTo(prometheusMeterRegistry);
        AutoCloseable jvmHeapPressureMetrics = new JvmHeapPressureMetrics();
        jvmHeapPressureMetrics.bindTo(prometheusMeterRegistry);
        AutoCloseable log4j2Metrics = new Log4j2Metrics();
        log4j2Metrics.bindTo(prometheusMeterRegistry);
        new JettyConnectionMetrics(prometheusMeterRegistry);
        new JettySslHandshakeMetrics(prometheusMeterRegistry);
        new BuildInfoCollector().register(collectorRegistry);
        try {
            InputStream resourceAsStream = AppJetty.class.getClassLoader().getResourceAsStream("config/jmx-prometheus.yaml");
            try {
                if (resourceAsStream != null) {
                    new JmxCollector(resourceAsStream).register(collectorRegistry);
                } else {
                    LOG.error("Failed to load file config/jmx-prometheus.yaml, Prometheus JMX metrics collector will not be registered");
                }
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
            } finally {
            }
        } catch (Exception e) {
            LOG.error("Failed to initialize Prometheus JMX metrics collector", e);
        }
        servletContextHandler.addEventListener(new ServletResourceManager(jvmGcMetrics, jvmHeapPressureMetrics, log4j2Metrics));
        ServletHolder servletHolder = new ServletHolder(ServerConfig.MGMT_PROMETHEUS_ENDPOINT, new MetricsServlet(prometheusMeterRegistry.getPrometheusRegistry()));
        String format = String.format("/%s", ServerConfig.MGMT_PROMETHEUS_ENDPOINT);
        servletContextHandler.addServlet(servletHolder, format);
        if (z) {
            addBasicAuthentication(servletContextHandler, format);
        }
    }

    public static void addServlet(ServletContextHandler servletContextHandler, HttpServlet httpServlet, String str, boolean z) {
        ServletHolder servletHolder = new ServletHolder(httpServlet);
        String format = String.format("/%s", str);
        servletContextHandler.addServlet(servletHolder, format);
        if (z) {
            addBasicAuthentication(servletContextHandler, format);
        }
    }

    public static void addJmxManagement(Bus bus) {
        bus.getFeatures().add(new MetricsFeature(new CodahaleMetricsProvider(bus)));
    }

    public static void addCrossOriginFilter(ServletContextHandler servletContextHandler) {
        FilterHolder filterHolder = new FilterHolder(CrossOriginFilter.class);
        filterHolder.setName("cross-origin");
        servletContextHandler.addFilter(filterHolder, "/*", EnumSet.of(DispatcherType.REQUEST));
    }

    public static void addBasicAuthentication(ServletContextHandler servletContextHandler, String str) {
        servletContextHandler.addFilter(new FilterHolder(new BasicHttpAuthFilter()), str, EnumSet.of(DispatcherType.FORWARD));
    }

    public static void addLegacyOIDCViaFilter(ServletContextHandler servletContextHandler, String str) {
        servletContextHandler.addFilter(new FilterHolder(new OidcAccessTokenServletFilter(AppConfig.getString("validation.endpoint"))), str, EnumSet.of(DispatcherType.FORWARD));
    }

    public static JAASAuthenticationFilter getBasicAuthRSProvider() {
        JAASAuthenticationFilter jAASAuthenticationFilter = new JAASAuthenticationFilter();
        jAASAuthenticationFilter.setContextName("jetty");
        jAASAuthenticationFilter.setLoginConfig(new Configuration() { // from class: app.utils.server.AppJetty.1
            public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                return new AppConfigurationEntry[]{new AppConfigurationEntry("app.utils.security.server.basic.JaasBasicAuthLoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap())};
            }
        });
        return jAASAuthenticationFilter;
    }

    public static OidcAccessTokenRSFilter getLegacyOIDCAuthRSProvider() {
        return new OidcAccessTokenRSFilter(AppConfig.getString("validation.endpoint"));
    }

    public static String processAddress(String str) {
        JettyHTTPServerEngineFactory jettyHTTPServerEngineFactory;
        int port;
        JettyHTTPServerEngine retrieveJettyHTTPServerEngine;
        String str2 = str;
        try {
            URIBuilder uRIBuilder = new URIBuilder(str);
            String protocol = ServerConfig.getProtocol();
            uRIBuilder.setScheme(protocol);
            str2 = uRIBuilder.build().toString();
            if (HttpScheme.HTTPS.toString().equalsIgnoreCase(protocol) && (null == (retrieveJettyHTTPServerEngine = (jettyHTTPServerEngineFactory = (JettyHTTPServerEngineFactory) BusFactory.getDefaultBus(true).getExtension(JettyHTTPServerEngineFactory.class)).retrieveJettyHTTPServerEngine((port = uRIBuilder.getPort()))) || (null != retrieveJettyHTTPServerEngine && null == retrieveJettyHTTPServerEngine.getTlsServerParameters()))) {
                jettyHTTPServerEngineFactory.setTLSServerParametersForPort(port, ServerConfig.getTLSConfig());
            }
        } catch (IOException | GeneralSecurityException e) {
            LOG.error(String.format("Setting SSL/TLS for %s resulted in exception, startup errors may occur", str), e);
        } catch (URISyntaxException e2) {
            LOG.error(String.format("Failed to create URI from %s, SSL/TLS support won't be added and startup errors may occur", str), e2);
        }
        return str2;
    }

    @Deprecated
    public static void addSSLSupport(Server server) {
        if (AppConfig.getBoolean("security.require-ssl", false)) {
            HttpConfiguration httpConfiguration = new HttpConfiguration();
            httpConfiguration.setSecureScheme(ServerConfig.HTTPS_PROTOCOL);
            httpConfiguration.setSecurePort(ServerConfig.getPort());
            httpConfiguration.addCustomizer(new SecureRequestCustomizer());
            File file = Paths.get(AppConfig.getString("server.ssl.key-store"), new String[0]).toFile();
            if (!file.exists()) {
                throw new RuntimeException("Could not setup keystore {} file not found" + file.getAbsolutePath());
            }
            SslContextFactory.Server server2 = new SslContextFactory.Server();
            server2.setKeyStorePath(file.getAbsolutePath());
            server2.setKeyStorePassword(AppConfig.getString("server.ssl.key-store-password"));
            server2.setKeyStoreType(AppConfig.getString("server.ssl.key-store-type"));
            server2.setCertAlias(AppConfig.getString("server.ssl.key-store-alias"));
            try {
                server2.start();
                Connector serverConnector = new ServerConnector(server, new ConnectionFactory[]{new SslConnectionFactory(server2, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfiguration)});
                serverConnector.setPort(ServerConfig.getPort());
                serverConnector.setHost(ServerConfig.getHost());
                server.setConnectors(new Connector[]{serverConnector});
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    @Deprecated
    public static SSLContextParameters buildSSLContext() {
        if (!AppConfig.getBoolean("security.require-ssl", false)) {
            return null;
        }
        KeyStoreParameters keyStoreParameters = new KeyStoreParameters();
        keyStoreParameters.setResource(AppConfig.getString("server.ssl.key-store"));
        keyStoreParameters.setPassword(AppConfig.getString("server.ssl.key-store-password"));
        KeyManagersParameters keyManagersParameters = new KeyManagersParameters();
        keyManagersParameters.setKeyStore(keyStoreParameters);
        SSLContextParameters sSLContextParameters = new SSLContextParameters();
        sSLContextParameters.setKeyManagers(keyManagersParameters);
        sSLContextParameters.setCertAlias(AppConfig.getString("server.ssl.key-store-alias"));
        return sSLContextParameters;
    }

    public static void generateUserNameAndPassword() {
        String string = AppConfig.getString("security.user.name");
        boolean z = false;
        if (StringUtils.isEmpty(string)) {
            string = "user";
            System.setProperty("security.user.name", string);
            z = true;
            LOG.warn("username is not available, generating");
        }
        if (StringUtils.isEmpty(AppConfig.getString("security.user.password"))) {
            String uuid = UUID.randomUUID().toString();
            System.setProperty("security.user.password", uuid);
            z = true;
            LOG.warn("password is not available, generating");
            LOG.warn(String.format("%n%nUsing generated security credentials %nusername: %s %npassword: %s%n%nThis generated password is for development use only. %nYour security configuration must be updated before running your application in production.%n", string, uuid));
        }
        if (z) {
            AppConfig.reload();
        }
    }
}
