package io.airlift.http.server;

import com.facebook.presto.hive.$internal.jodd.util.StringPool;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.MoreObjects;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.primitives.Ints;
import io.airlift.event.client.EventClient;
import io.airlift.http.server.HttpServerBinder;
import io.airlift.node.NodeInfo;
import io.airlift.security.pem.PemReader;
import io.airlift.tracetoken.TraceTokenManager;
import io.netty.handler.ssl.ApplicationProtocolNames;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.channels.ServerSocketChannel;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.time.ZoneId;
import java.time.ZonedDateTime;
import java.time.temporal.ChronoUnit;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import javax.annotation.PostConstruct;
import javax.annotation.PreDestroy;
import javax.management.MBeanServer;
import javax.servlet.DispatcherType;
import javax.servlet.Filter;
import javax.servlet.Servlet;
import org.apache.hadoop.hive.metastore.HiveMetaStore;
import org.eclipse.jetty.http2.server.HTTP2CServerConnectionFactory;
import org.eclipse.jetty.io.ConnectionStatistics;
import org.eclipse.jetty.jmx.MBeanContainer;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.SecurityHandler;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.server.handler.HandlerList;
import org.eclipse.jetty.server.handler.RequestLogHandler;
import org.eclipse.jetty.server.handler.StatisticsHandler;
import org.eclipse.jetty.server.handler.gzip.GzipHandler;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.weakref.jmx.Managed;
import org.weakref.jmx.Nested;

/* loaded from: input_file:io/airlift/http/server/HttpServer.class */
public class HttpServer {
    private final Server server;
    private final boolean registerErrorHandler;
    private final DelimitedRequestLog requestLog;
    private ConnectionStats httpConnectionStats;
    private ConnectionStats httpsConnectionStats;
    private final Optional<ZonedDateTime> certificateExpiration;

    public HttpServer(HttpServerInfo httpServerInfo, NodeInfo nodeInfo, HttpServerConfig httpServerConfig, Servlet servlet, Map<String, String> map, Set<Filter> set, Set<HttpServerBinder.HttpResourceBinding> set2, Servlet servlet2, Map<String, String> map2, Set<Filter> set3, MBeanServer mBeanServer, LoginService loginService, TraceTokenManager traceTokenManager, RequestStats requestStats, EventClient eventClient) throws IOException {
        ServerConnector createServerConnector;
        Objects.requireNonNull(httpServerInfo, "httpServerInfo is null");
        Objects.requireNonNull(nodeInfo, "nodeInfo is null");
        Objects.requireNonNull(httpServerConfig, "config is null");
        Objects.requireNonNull(servlet, "theServlet is null");
        QueuedThreadPool queuedThreadPool = new QueuedThreadPool(httpServerConfig.getMaxThreads());
        queuedThreadPool.setMinThreads(httpServerConfig.getMinThreads());
        queuedThreadPool.setIdleTimeout(Ints.checkedCast(httpServerConfig.getThreadMaxIdleTime().toMillis()));
        queuedThreadPool.setName("http-worker");
        queuedThreadPool.setDetailedDump(true);
        this.server = new Server(queuedThreadPool);
        this.registerErrorHandler = httpServerConfig.isShowStackTrace();
        if (mBeanServer != null) {
            this.server.addBean(new MBeanContainer(mBeanServer));
        }
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setSendServerVersion(false);
        httpConfiguration.setSendXPoweredBy(false);
        if (httpServerConfig.getMaxRequestHeaderSize() != null) {
            httpConfiguration.setRequestHeaderSize(Math.toIntExact(httpServerConfig.getMaxRequestHeaderSize().toBytes()));
        }
        httpConfiguration.setNotifyRemoteAsyncErrors(false);
        HttpServerChannelListener httpServerChannelListener = null;
        if (httpServerConfig.isLogEnabled()) {
            this.requestLog = createDelimitedRequestLog(httpServerConfig, traceTokenManager, eventClient);
            httpServerChannelListener = new HttpServerChannelListener(this.requestLog);
        } else {
            this.requestLog = null;
        }
        if (httpServerConfig.isHttpEnabled()) {
            HttpConfiguration httpConfiguration2 = new HttpConfiguration(httpConfiguration);
            if (httpServerConfig.isHttpsEnabled()) {
                httpConfiguration2.setSecureScheme("https");
                httpConfiguration2.setSecurePort(httpServerInfo.getHttpsUri().getPort());
            }
            Integer httpAcceptorThreads = httpServerConfig.getHttpAcceptorThreads();
            Integer httpSelectorThreads = httpServerConfig.getHttpSelectorThreads();
            HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpConfiguration2);
            HTTP2CServerConnectionFactory hTTP2CServerConnectionFactory = new HTTP2CServerConnectionFactory(httpConfiguration2);
            hTTP2CServerConnectionFactory.setInitialSessionRecvWindow(Math.toIntExact(httpServerConfig.getHttp2InitialSessionReceiveWindowSize().toBytes()));
            hTTP2CServerConnectionFactory.setInitialStreamRecvWindow(Math.toIntExact(httpServerConfig.getHttp2InitialStreamReceiveWindowSize().toBytes()));
            hTTP2CServerConnectionFactory.setMaxConcurrentStreams(httpServerConfig.getHttp2MaxConcurrentStreams());
            hTTP2CServerConnectionFactory.setInputBufferSize(Math.toIntExact(httpServerConfig.getHttp2InputBufferSize().toBytes()));
            hTTP2CServerConnectionFactory.setStreamIdleTimeout(httpServerConfig.getHttp2StreamIdleTimeout().toMillis());
            ServerConnector createServerConnector2 = createServerConnector(httpServerInfo.getHttpChannel(), this.server, null, ((Integer) MoreObjects.firstNonNull(httpAcceptorThreads, -1)).intValue(), ((Integer) MoreObjects.firstNonNull(httpSelectorThreads, -1)).intValue(), httpConnectionFactory, hTTP2CServerConnectionFactory);
            createServerConnector2.setName("http");
            createServerConnector2.setPort(httpServerInfo.getHttpUri().getPort());
            createServerConnector2.setIdleTimeout(httpServerConfig.getNetworkMaxIdleTime().toMillis());
            createServerConnector2.setHost(nodeInfo.getBindIp().getHostAddress());
            createServerConnector2.setAcceptQueueSize(httpServerConfig.getHttpAcceptQueueSize());
            ConnectionStatistics connectionStatistics = new ConnectionStatistics();
            createServerConnector2.addBean(connectionStatistics);
            this.httpConnectionStats = new ConnectionStats(connectionStatistics);
            if (httpServerChannelListener != null) {
                createServerConnector2.addBean(httpServerChannelListener);
            }
            this.server.addConnector(createServerConnector2);
        }
        List<String> httpsIncludedCipherSuites = httpServerConfig.getHttpsIncludedCipherSuites();
        List<String> httpsExcludedCipherSuites = httpServerConfig.getHttpsExcludedCipherSuites();
        if (httpServerConfig.isHttpsEnabled()) {
            HttpConfiguration httpConfiguration3 = new HttpConfiguration(httpConfiguration);
            httpConfiguration3.addCustomizer(new SecureRequestCustomizer());
            SslContextFactory sslContextFactory = new SslContextFactory();
            Optional<KeyStore> tryLoadPemKeyStore = tryLoadPemKeyStore(httpServerConfig);
            if (tryLoadPemKeyStore.isPresent()) {
                sslContextFactory.setKeyStore(tryLoadPemKeyStore.get());
                sslContextFactory.setKeyStorePassword("");
            } else {
                sslContextFactory.setKeyStorePath(httpServerConfig.getKeystorePath());
                sslContextFactory.setKeyStorePassword(httpServerConfig.getKeystorePassword());
                if (httpServerConfig.getKeyManagerPassword() != null) {
                    sslContextFactory.setKeyManagerPassword(httpServerConfig.getKeyManagerPassword());
                }
            }
            if (httpServerConfig.getTrustStorePath() != null) {
                Optional<KeyStore> tryLoadPemTrustStore = tryLoadPemTrustStore(httpServerConfig);
                if (tryLoadPemTrustStore.isPresent()) {
                    sslContextFactory.setTrustStore(tryLoadPemTrustStore.get());
                    sslContextFactory.setTrustStorePassword("");
                } else {
                    sslContextFactory.setTrustStorePath(httpServerConfig.getTrustStorePath());
                    sslContextFactory.setTrustStorePassword(httpServerConfig.getTrustStorePassword());
                }
            }
            sslContextFactory.setIncludeCipherSuites((String[]) httpsIncludedCipherSuites.toArray(new String[httpsIncludedCipherSuites.size()]));
            sslContextFactory.setExcludeCipherSuites((String[]) httpsExcludedCipherSuites.toArray(new String[httpsExcludedCipherSuites.size()]));
            sslContextFactory.setSecureRandomAlgorithm(httpServerConfig.getSecureRandomAlgorithm());
            sslContextFactory.setWantClientAuth(true);
            sslContextFactory.setSslSessionTimeout((int) httpServerConfig.getSslSessionTimeout().getValue(TimeUnit.SECONDS));
            sslContextFactory.setSslSessionCacheSize(httpServerConfig.getSslSessionCacheSize());
            ServerConnector createServerConnector3 = createServerConnector(httpServerInfo.getHttpsChannel(), this.server, null, ((Integer) MoreObjects.firstNonNull(httpServerConfig.getHttpsAcceptorThreads(), -1)).intValue(), ((Integer) MoreObjects.firstNonNull(httpServerConfig.getHttpsSelectorThreads(), -1)).intValue(), new SslConnectionFactory(sslContextFactory, ApplicationProtocolNames.HTTP_1_1), new HttpConnectionFactory(httpConfiguration3));
            createServerConnector3.setName("https");
            createServerConnector3.setPort(httpServerInfo.getHttpsUri().getPort());
            createServerConnector3.setIdleTimeout(httpServerConfig.getNetworkMaxIdleTime().toMillis());
            createServerConnector3.setHost(nodeInfo.getBindIp().getHostAddress());
            createServerConnector3.setAcceptQueueSize(httpServerConfig.getHttpAcceptQueueSize());
            ConnectionStatistics connectionStatistics2 = new ConnectionStatistics();
            createServerConnector3.addBean(connectionStatistics2);
            this.httpsConnectionStats = new ConnectionStats(connectionStatistics2);
            if (httpServerChannelListener != null) {
                createServerConnector3.addBean(httpServerChannelListener);
            }
            this.server.addConnector(createServerConnector3);
        }
        if (servlet2 != null && httpServerConfig.isAdminEnabled()) {
            HttpConfiguration httpConfiguration4 = new HttpConfiguration(httpConfiguration);
            QueuedThreadPool queuedThreadPool2 = new QueuedThreadPool(httpServerConfig.getAdminMaxThreads());
            queuedThreadPool2.setName("http-admin-worker");
            queuedThreadPool2.setMinThreads(httpServerConfig.getAdminMinThreads());
            queuedThreadPool2.setIdleTimeout(Ints.checkedCast(httpServerConfig.getThreadMaxIdleTime().toMillis()));
            if (httpServerConfig.isHttpsEnabled()) {
                httpConfiguration4.addCustomizer(new SecureRequestCustomizer());
                SslContextFactory sslContextFactory2 = new SslContextFactory();
                sslContextFactory2.setKeyStorePath(httpServerConfig.getKeystorePath());
                sslContextFactory2.setKeyStorePassword(httpServerConfig.getKeystorePassword());
                if (httpServerConfig.getKeyManagerPassword() != null) {
                    sslContextFactory2.setKeyManagerPassword(httpServerConfig.getKeyManagerPassword());
                }
                sslContextFactory2.setSecureRandomAlgorithm(httpServerConfig.getSecureRandomAlgorithm());
                sslContextFactory2.setWantClientAuth(true);
                sslContextFactory2.setIncludeCipherSuites((String[]) httpsIncludedCipherSuites.toArray(new String[httpsIncludedCipherSuites.size()]));
                sslContextFactory2.setExcludeCipherSuites((String[]) httpsExcludedCipherSuites.toArray(new String[httpsExcludedCipherSuites.size()]));
                createServerConnector = createServerConnector(httpServerInfo.getAdminChannel(), this.server, queuedThreadPool2, 0, -1, new SslConnectionFactory(sslContextFactory2, ApplicationProtocolNames.HTTP_1_1), new HttpConnectionFactory(httpConfiguration4));
            } else {
                HttpConnectionFactory httpConnectionFactory2 = new HttpConnectionFactory(httpConfiguration4);
                HTTP2CServerConnectionFactory hTTP2CServerConnectionFactory2 = new HTTP2CServerConnectionFactory(httpConfiguration4);
                hTTP2CServerConnectionFactory2.setMaxConcurrentStreams(httpServerConfig.getHttp2MaxConcurrentStreams());
                createServerConnector = createServerConnector(httpServerInfo.getAdminChannel(), this.server, queuedThreadPool2, -1, -1, httpConnectionFactory2, hTTP2CServerConnectionFactory2);
            }
            createServerConnector.setName(HiveMetaStore.ADMIN);
            createServerConnector.setPort(httpServerInfo.getAdminUri().getPort());
            createServerConnector.setIdleTimeout(httpServerConfig.getNetworkMaxIdleTime().toMillis());
            createServerConnector.setHost(nodeInfo.getBindIp().getHostAddress());
            createServerConnector.setAcceptQueueSize(httpServerConfig.getHttpAcceptQueueSize());
            this.server.addConnector(createServerConnector);
        }
        HandlerCollection handlerCollection = new HandlerCollection();
        for (HttpServerBinder.HttpResourceBinding httpResourceBinding : set2) {
            GzipHandler gzipHandler = new GzipHandler();
            gzipHandler.setHandler(new ClassPathResourceHandler(httpResourceBinding.getBaseUri(), httpResourceBinding.getClassPathResourceBase(), httpResourceBinding.getWelcomeFiles()));
            handlerCollection.addHandler(gzipHandler);
        }
        handlerCollection.addHandler(createServletContext(servlet, map, set, traceTokenManager, loginService, "http", "https"));
        RequestLogHandler requestLogHandler = new RequestLogHandler();
        requestLogHandler.setRequestLog(new StatsRecordingHandler(requestStats));
        handlerCollection.addHandler(requestLogHandler);
        StatisticsHandler statisticsHandler = new StatisticsHandler();
        statisticsHandler.setHandler(handlerCollection);
        HandlerList handlerList = new HandlerList();
        if (servlet2 != null && httpServerConfig.isAdminEnabled()) {
            handlerList.addHandler(createServletContext(servlet2, map2, set3, traceTokenManager, loginService, HiveMetaStore.ADMIN));
        }
        handlerList.addHandler(statisticsHandler);
        this.server.setHandler(handlerList);
        this.certificateExpiration = loadAllX509Certificates(httpServerConfig).stream().map((v0) -> {
            return v0.getNotAfter();
        }).min(Comparator.naturalOrder()).map(date -> {
            return ZonedDateTime.ofInstant(date.toInstant(), ZoneId.systemDefault());
        });
    }

    private static ServletContextHandler createServletContext(Servlet servlet, Map<String, String> map, Set<Filter> set, TraceTokenManager traceTokenManager, LoginService loginService, String... strArr) {
        ServletContextHandler servletContextHandler = new ServletContextHandler(0);
        servletContextHandler.addFilter(new FilterHolder(new TimingFilter()), "/*", (EnumSet<DispatcherType>) null);
        if (traceTokenManager != null) {
            servletContextHandler.addFilter(new FilterHolder(new TraceTokenFilter(traceTokenManager)), "/*", (EnumSet<DispatcherType>) null);
        }
        if (loginService != null) {
            servletContextHandler.setSecurityHandler(createSecurityHandler(loginService));
        }
        Iterator<Filter> it2 = set.iterator();
        while (it2.hasNext()) {
            servletContextHandler.addFilter(new FilterHolder(it2.next()), "/*", (EnumSet<DispatcherType>) null);
        }
        servletContextHandler.setGzipHandler(new GzipHandler());
        ServletHolder servletHolder = new ServletHolder(servlet);
        servletHolder.setInitParameters(ImmutableMap.copyOf((Map) map));
        servletContextHandler.addServlet(servletHolder, "/*");
        String[] strArr2 = new String[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            strArr2[i] = StringPool.AT + strArr[i];
        }
        servletContextHandler.setVirtualHosts(strArr2);
        return servletContextHandler;
    }

    private static SecurityHandler createSecurityHandler(LoginService loginService) {
        Constraint constraint = new Constraint();
        constraint.setAuthenticate(false);
        ConstraintMapping constraintMapping = new ConstraintMapping();
        constraintMapping.setConstraint(constraint);
        constraintMapping.setPathSpec("/*");
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        constraintSecurityHandler.setLoginService(loginService);
        constraintSecurityHandler.setAuthenticator(new BasicAuthenticator());
        constraintSecurityHandler.setConstraintMappings(Arrays.asList(constraintMapping));
        return constraintSecurityHandler;
    }

    private static DelimitedRequestLog createDelimitedRequestLog(HttpServerConfig httpServerConfig, TraceTokenManager traceTokenManager, EventClient eventClient) throws IOException {
        File file = new File(httpServerConfig.getLogPath());
        if (file.exists() && !file.isFile()) {
            throw new IOException(String.format("Log path %s exists but is not a file", file.getAbsolutePath()));
        }
        File parentFile = file.getParentFile();
        if (parentFile.mkdirs() || parentFile.exists()) {
            return new DelimitedRequestLog(httpServerConfig.getLogPath(), httpServerConfig.getLogHistory(), httpServerConfig.getLogQueueSize(), httpServerConfig.getLogMaxFileSize().toBytes(), traceTokenManager, eventClient, httpServerConfig.isLogCompressionEnabled());
        }
        throw new IOException(String.format("Cannot create %s and path does not already exist", parentFile.getAbsolutePath()));
    }

    private static Optional<KeyStore> tryLoadPemKeyStore(HttpServerConfig httpServerConfig) {
        File file = new File(httpServerConfig.getKeystorePath());
        try {
            if (!PemReader.isPem(file)) {
                return Optional.empty();
            }
            try {
                return Optional.of(PemReader.loadKeyStore(file, file, Optional.ofNullable(httpServerConfig.getKeystorePassword())));
            } catch (IOException | GeneralSecurityException e) {
                throw new IllegalArgumentException("Error loading PEM key store: " + file, e);
            }
        } catch (IOException e2) {
            throw new IllegalArgumentException("Error reading key store file: " + file, e2);
        }
    }

    private static Optional<KeyStore> tryLoadPemTrustStore(HttpServerConfig httpServerConfig) {
        File file = new File(httpServerConfig.getTrustStorePath());
        try {
            if (!PemReader.isPem(file)) {
                return Optional.empty();
            }
            try {
                if (PemReader.readCertificateChain(file).isEmpty()) {
                    throw new IllegalArgumentException("PEM trust store file does not contain any certificates: " + file);
                }
                return Optional.of(PemReader.loadTrustStore(file));
            } catch (IOException | GeneralSecurityException e) {
                throw new IllegalArgumentException("Error loading PEM trust store: " + file, e);
            }
        } catch (IOException e2) {
            throw new IllegalArgumentException("Error reading trust store file: " + file, e2);
        }
    }

    @Managed
    public Long getDaysUntilCertificateExpiration() {
        return (Long) this.certificateExpiration.map(zonedDateTime -> {
            return Long.valueOf(ZonedDateTime.now().until(zonedDateTime, ChronoUnit.DAYS));
        }).orElse(null);
    }

    @Managed
    @Nested
    public ConnectionStats getHttpConnectionStats() {
        return this.httpConnectionStats;
    }

    @Managed
    @Nested
    public ConnectionStats getHttpsConnectionStats() {
        return this.httpsConnectionStats;
    }

    @Managed
    public int getLoggerQueueSize() {
        if (this.requestLog == null) {
            return 0;
        }
        return this.requestLog.getQueueSize();
    }

    @PostConstruct
    public void start() throws Exception {
        this.server.start();
        if (!this.registerErrorHandler) {
            this.server.setErrorHandler(null);
        }
        Preconditions.checkState(this.server.isStarted(), "server is not started");
    }

    @PreDestroy
    public void stop() throws Exception {
        this.server.setStopTimeout(1L);
        try {
            this.server.stop();
        } catch (TimeoutException e) {
        }
    }

    @VisibleForTesting
    void join() throws InterruptedException {
        this.server.join();
    }

    private static Set<X509Certificate> loadAllX509Certificates(HttpServerConfig httpServerConfig) {
        ImmutableSet.Builder builder = ImmutableSet.builder();
        if (httpServerConfig.isHttpsEnabled()) {
            try {
                FileInputStream fileInputStream = new FileInputStream(httpServerConfig.getKeystorePath());
                Throwable th = null;
                try {
                    try {
                        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                        keyStore.load(fileInputStream, httpServerConfig.getKeystorePassword().toCharArray());
                        Iterator it2 = Collections.list(keyStore.aliases()).iterator();
                        while (it2.hasNext()) {
                            try {
                                Certificate certificate = keyStore.getCertificate((String) it2.next());
                                if (certificate instanceof X509Certificate) {
                                    builder.add((ImmutableSet.Builder) certificate);
                                }
                            } catch (KeyStoreException e) {
                            }
                        }
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (Exception e2) {
            }
        }
        return builder.build();
    }

    private static ServerConnector createServerConnector(ServerSocketChannel serverSocketChannel, Server server, Executor executor, int i, int i2, ConnectionFactory... connectionFactoryArr) throws IOException {
        ServerConnector serverConnector = new ServerConnector(server, executor, null, null, i, i2, connectionFactoryArr);
        serverConnector.open(serverSocketChannel);
        return serverConnector;
    }
}
