package io.confluent.rest;

import io.confluent.rest.RestConfig;
import java.io.IOException;
import java.lang.management.ManagementFactory;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.kafka.common.config.ConfigException;
import org.apache.kafka.common.metrics.Metrics;
import org.eclipse.jetty.jmx.MBeanContainer;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.NetworkTrafficServerConnector;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.handler.ContextHandlerCollection;
import org.eclipse.jetty.server.handler.DefaultHandler;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.server.handler.StatisticsHandler;
import org.eclipse.jetty.server.handler.gzip.GzipHandler;
import org.eclipse.jetty.util.BlockingArrayQueue;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.eclipse.jetty.util.thread.ThreadPool;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/rest/ApplicationServer.class */
public final class ApplicationServer<T extends RestConfig> extends Server {
    private final T config;
    private final ApplicationGroup applications;
    private final SslContextFactory sslContextFactory;
    private List<NetworkTrafficServerConnector> connectors;
    private static final Logger log = LoggerFactory.getLogger(ApplicationServer.class);

    public ApplicationServer(T t) {
        this(t, createThreadPool(t));
    }

    public ApplicationServer(T t, ThreadPool threadPool) {
        super(threadPool);
        this.connectors = new ArrayList();
        this.config = t;
        this.applications = new ApplicationGroup(this);
        int intValue = t.getInt(RestConfig.SHUTDOWN_GRACEFUL_MS_CONFIG).intValue();
        if (intValue > 0) {
            super.setStopTimeout(intValue);
        }
        super.setStopAtShutdown(true);
        MBeanContainer mBeanContainer = new MBeanContainer(ManagementFactory.getPlatformMBeanServer());
        super.addEventListener(mBeanContainer);
        super.addBean(mBeanContainer);
        this.sslContextFactory = createSslContextFactory(t);
        configureConnectors(this.sslContextFactory);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<URI> parseListeners(List<String> list, int i, List<String> list2, String str) {
        if (list.isEmpty() || list.get(0).isEmpty()) {
            log.warn("DEPRECATION warning: `listeners` configuration is not configured. Falling back to the deprecated `port` configuration.");
            list = new ArrayList(1);
            list.add(str + "://0.0.0.0:" + i);
        }
        ArrayList arrayList = new ArrayList(list.size());
        for (String str2 : list) {
            try {
                URI uri = new URI(str2);
                String scheme = uri.getScheme();
                if (scheme == null) {
                    throw new ConfigException("Found a listener without a scheme. All listeners must have a scheme. The listener without a scheme is: " + str2);
                }
                if (uri.getPort() == -1) {
                    throw new ConfigException("Found a listener without a port. All listeners must have a port. The listener without a port is: " + str2);
                }
                if (list2.contains(scheme)) {
                    arrayList.add(uri);
                } else {
                    log.warn("Found a listener with an unsupported scheme (supported: {}). Ignoring listener '{}'", list2, str2);
                }
            } catch (URISyntaxException e) {
                throw new ConfigException("Could not parse a listener URI from the `listener` configuration option.");
            }
        }
        if (arrayList.isEmpty()) {
            throw new ConfigException("No listeners are configured. Must have at least one listener.");
        }
        return arrayList;
    }

    public void registerApplication(Application application) {
        this.applications.addApplication(application);
    }

    public List<Application<?>> getApplications() {
        return this.applications.getApplications();
    }

    private void attachMetricsListener(Metrics metrics, Map<String, String> map) {
        MetricsListener metricsListener = new MetricsListener(metrics, "jetty", map);
        Iterator<NetworkTrafficServerConnector> it = this.connectors.iterator();
        while (it.hasNext()) {
            it.next().addNetworkTrafficListener(metricsListener);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void finalizeHandlerCollection(HandlerCollection handlerCollection, HandlerCollection handlerCollection2) {
        handlerCollection.addHandler(new DefaultHandler());
        StatisticsHandler statisticsHandler = new StatisticsHandler();
        statisticsHandler.setHandler(handlerCollection);
        ContextHandlerCollection contextHandlerCollection = new ContextHandlerCollection();
        contextHandlerCollection.setHandlers(new Handler[]{statisticsHandler, handlerCollection2});
        super.setHandler(wrapWithGzipHandler(contextHandlerCollection));
    }

    protected void doStop() throws Exception {
        super.doStop();
        this.applications.doStop();
    }

    protected final void doStart() throws Exception {
        HandlerCollection handlerCollection = new HandlerCollection();
        HandlerCollection handlerCollection2 = new HandlerCollection();
        for (Application<?> application : this.applications.getApplications()) {
            attachMetricsListener(application.getMetrics(), application.getMetricsTags());
            handlerCollection.addHandler(application.configureHandler());
            handlerCollection2.addHandler(application.configureWebSocketHandler());
        }
        finalizeHandlerCollection(handlerCollection, handlerCollection2);
        super.doStart();
    }

    private void configureClientAuth(SslContextFactory sslContextFactory, RestConfig restConfig) {
        String string = restConfig.getString(RestConfig.SSL_CLIENT_AUTHENTICATION_CONFIG);
        if (restConfig.originals().containsKey(RestConfig.SSL_CLIENT_AUTH_CONFIG)) {
            if (restConfig.originals().containsKey(RestConfig.SSL_CLIENT_AUTHENTICATION_CONFIG)) {
                log.warn("The {} configuration is deprecated. Since a value has been supplied for the {} configuration, that will be used instead", RestConfig.SSL_CLIENT_AUTH_CONFIG, RestConfig.SSL_CLIENT_AUTHENTICATION_CONFIG);
            } else {
                log.warn("The configuration {} is deprecated and should be replaced with {}", RestConfig.SSL_CLIENT_AUTH_CONFIG, RestConfig.SSL_CLIENT_AUTHENTICATION_CONFIG);
                string = restConfig.getBoolean(RestConfig.SSL_CLIENT_AUTH_CONFIG).booleanValue() ? RestConfig.SSL_CLIENT_AUTHENTICATION_REQUIRED : "NONE";
            }
        }
        String str = string;
        boolean z = -1;
        switch (str.hashCode()) {
            case -814438578:
                if (str.equals(RestConfig.SSL_CLIENT_AUTHENTICATION_REQUESTED)) {
                    z = true;
                    break;
                }
                break;
            case 2402104:
                if (str.equals("NONE")) {
                    z = 2;
                    break;
                }
                break;
            case 389487519:
                if (str.equals(RestConfig.SSL_CLIENT_AUTHENTICATION_REQUIRED)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                sslContextFactory.setNeedClientAuth(true);
                return;
            case true:
                sslContextFactory.setWantClientAuth(true);
                return;
            case true:
                return;
            default:
                throw new ConfigException("Unexpected value for {} configuration: {}", RestConfig.SSL_CLIENT_AUTHENTICATION_CONFIG, string);
        }
    }

    private Path getWatchLocation(RestConfig restConfig) {
        Path path = Paths.get(restConfig.getString(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG), new String[0]);
        String string = restConfig.getString(RestConfig.SSL_KEYSTORE_WATCH_LOCATION_CONFIG);
        if (!string.isEmpty()) {
            path = Paths.get(string, new String[0]);
        }
        return path;
    }

    private SslContextFactory createSslContextFactory(RestConfig restConfig) {
        SslContextFactory.Server server = new SslContextFactory.Server();
        if (!restConfig.getString(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG).isEmpty()) {
            server.setKeyStorePath(restConfig.getString(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG));
            server.setKeyStorePassword(restConfig.getPassword(RestConfig.SSL_KEYSTORE_PASSWORD_CONFIG).value());
            server.setKeyManagerPassword(restConfig.getPassword(RestConfig.SSL_KEY_PASSWORD_CONFIG).value());
            server.setKeyStoreType(restConfig.getString(RestConfig.SSL_KEYSTORE_TYPE_CONFIG));
            if (!restConfig.getString(RestConfig.SSL_KEYMANAGER_ALGORITHM_CONFIG).isEmpty()) {
                server.setKeyManagerFactoryAlgorithm(restConfig.getString(RestConfig.SSL_KEYMANAGER_ALGORITHM_CONFIG));
            }
            if (restConfig.getBoolean(RestConfig.SSL_KEYSTORE_RELOAD_CONFIG).booleanValue()) {
                Path watchLocation = getWatchLocation(restConfig);
                try {
                    FileWatcher.onFileChange(watchLocation, () -> {
                        server.setKeyStorePath(restConfig.getString(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG));
                        server.reload(sslContextFactory -> {
                            log.info("Reloaded SSL cert");
                        });
                    });
                    log.info("Enabled SSL cert auto reload for: " + watchLocation);
                } catch (IOException e) {
                    log.error("Can not enabled SSL cert auto reload", e);
                }
            }
        }
        configureClientAuth(server, restConfig);
        List list = restConfig.getList(RestConfig.SSL_ENABLED_PROTOCOLS_CONFIG);
        if (!list.isEmpty()) {
            server.setIncludeProtocols((String[]) list.toArray(new String[0]));
        }
        List list2 = restConfig.getList(RestConfig.SSL_CIPHER_SUITES_CONFIG);
        if (!list2.isEmpty()) {
            server.setIncludeCipherSuites((String[]) list2.toArray(new String[0]));
        }
        server.setEndpointIdentificationAlgorithm(restConfig.getString(RestConfig.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG));
        if (!restConfig.getString(RestConfig.SSL_TRUSTSTORE_LOCATION_CONFIG).isEmpty()) {
            server.setTrustStorePath(restConfig.getString(RestConfig.SSL_TRUSTSTORE_LOCATION_CONFIG));
            server.setTrustStorePassword(restConfig.getPassword(RestConfig.SSL_TRUSTSTORE_PASSWORD_CONFIG).value());
            server.setTrustStoreType(restConfig.getString(RestConfig.SSL_TRUSTSTORE_TYPE_CONFIG));
            if (!restConfig.getString(RestConfig.SSL_TRUSTMANAGER_ALGORITHM_CONFIG).isEmpty()) {
                server.setTrustManagerFactoryAlgorithm(restConfig.getString(RestConfig.SSL_TRUSTMANAGER_ALGORITHM_CONFIG));
            }
        }
        server.setProtocol(restConfig.getString(RestConfig.SSL_PROTOCOL_CONFIG));
        if (!restConfig.getString(RestConfig.SSL_PROVIDER_CONFIG).isEmpty()) {
            server.setProtocol(restConfig.getString(RestConfig.SSL_PROVIDER_CONFIG));
        }
        server.setRenegotiationAllowed(false);
        return server;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SslContextFactory getSslContextFactory() {
        return this.sslContextFactory;
    }

    private void configureConnectors(SslContextFactory sslContextFactory) {
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setSendServerVersion(false);
        HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpConfiguration);
        for (URI uri : parseListeners(this.config.getList(RestConfig.LISTENERS_CONFIG), this.config.getInt(RestConfig.PORT_CONFIG).intValue(), Arrays.asList("http", "https"), "http")) {
            log.info("Adding listener: " + uri.toString());
            NetworkTrafficServerConnector networkTrafficServerConnector = uri.getScheme().equals("http") ? new NetworkTrafficServerConnector(this, httpConnectionFactory) : new NetworkTrafficServerConnector(this, httpConnectionFactory, sslContextFactory);
            networkTrafficServerConnector.setPort(uri.getPort());
            networkTrafficServerConnector.setHost(uri.getHost());
            networkTrafficServerConnector.setIdleTimeout(this.config.getLong(RestConfig.IDLE_TIMEOUT_MS_CONFIG).longValue());
            this.connectors.add(networkTrafficServerConnector);
            super.addConnector(networkTrafficServerConnector);
        }
    }

    List<URL> getListeners() {
        Stream filter = Arrays.stream(getServer().getConnectors()).filter(connector -> {
            return connector instanceof ServerConnector;
        });
        Class<ServerConnector> cls = ServerConnector.class;
        ServerConnector.class.getClass();
        return (List) filter.map((v1) -> {
            return r1.cast(v1);
        }).map(serverConnector -> {
            try {
                return new URL(new HashSet(serverConnector.getProtocols()).stream().map((v0) -> {
                    return v0.toLowerCase();
                }).anyMatch(str -> {
                    return str.equals("ssl");
                }) ? "https" : "http", "localhost", serverConnector.getLocalPort(), "");
            } catch (Exception e) {
                throw new RuntimeException("Malformed listener", e);
            }
        }).collect(Collectors.toList());
    }

    public int getThreads() {
        return getThreadPool().getThreads();
    }

    public int getMaxThreads() {
        return this.config.getInt(RestConfig.THREAD_POOL_MAX_CONFIG).intValue();
    }

    public int getQueueSize() {
        return getThreadPool().getQueueSize();
    }

    public int getQueueCapacity() {
        return this.config.getInt(RestConfig.REQUEST_QUEUE_CAPACITY_CONFIG).intValue();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Handler wrapWithGzipHandler(RestConfig restConfig, Handler handler) {
        if (!restConfig.getBoolean(RestConfig.ENABLE_GZIP_COMPRESSION_CONFIG).booleanValue()) {
            return handler;
        }
        GzipHandler gzipHandler = new GzipHandler();
        gzipHandler.setIncludedMethods(new String[]{"GET", "POST"});
        gzipHandler.setHandler(handler);
        return gzipHandler;
    }

    private Handler wrapWithGzipHandler(Handler handler) {
        return wrapWithGzipHandler(this.config, handler);
    }

    private static ThreadPool createThreadPool(RestConfig restConfig) {
        int intValue = restConfig.getInt(RestConfig.REQUEST_QUEUE_CAPACITY_INITIAL_CONFIG).intValue();
        int intValue2 = restConfig.getInt(RestConfig.REQUEST_QUEUE_CAPACITY_GROWBY_CONFIG).intValue();
        int intValue3 = restConfig.getInt(RestConfig.REQUEST_QUEUE_CAPACITY_CONFIG).intValue();
        log.info("Initial capacity {}, increased by {}, maximum capacity {}.", new Object[]{Integer.valueOf(intValue), Integer.valueOf(intValue2), Integer.valueOf(intValue3)});
        return new QueuedThreadPool(restConfig.getInt(RestConfig.THREAD_POOL_MAX_CONFIG).intValue(), restConfig.getInt(RestConfig.THREAD_POOL_MIN_CONFIG).intValue(), new BlockingArrayQueue(intValue, intValue2, intValue3));
    }
}
