package org.apache.brooklyn.launcher;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Charsets;
import com.google.common.base.Splitter;
import com.google.common.base.Throwables;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Maps;
import com.google.common.io.Files;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.BindException;
import java.net.InetAddress;
import java.net.URI;
import java.net.UnknownHostException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.Nullable;
import org.apache.brooklyn.api.location.PortRange;
import org.apache.brooklyn.api.mgmt.ManagementContext;
import org.apache.brooklyn.config.ConfigKey;
import org.apache.brooklyn.core.BrooklynFeatureEnablement;
import org.apache.brooklyn.core.internal.BrooklynInitialization;
import org.apache.brooklyn.core.location.PortRanges;
import org.apache.brooklyn.core.mgmt.ShutdownHandler;
import org.apache.brooklyn.core.mgmt.internal.ManagementContextInternal;
import org.apache.brooklyn.core.server.BrooklynServerPaths;
import org.apache.brooklyn.location.localhost.LocalhostMachineProvisioningLocation;
import org.apache.brooklyn.rest.BrooklynWebConfig;
import org.apache.brooklyn.rest.NopSecurityHandler;
import org.apache.brooklyn.rest.RestApiSetup;
import org.apache.brooklyn.rest.filter.BrooklynSecurityProviderFilterJavax;
import org.apache.brooklyn.rest.filter.CorsImplSupplierFilter;
import org.apache.brooklyn.rest.filter.CsrfTokenFilter;
import org.apache.brooklyn.rest.filter.EntitlementContextFilter;
import org.apache.brooklyn.rest.filter.HaHotCheckResourceFilter;
import org.apache.brooklyn.rest.filter.LoggingFilter;
import org.apache.brooklyn.rest.filter.NoCacheFilter;
import org.apache.brooklyn.rest.filter.RequestTaggingFilter;
import org.apache.brooklyn.rest.filter.RequestTaggingRsFilter;
import org.apache.brooklyn.rest.security.provider.AnyoneSecurityProvider;
import org.apache.brooklyn.rest.util.ManagementContextProvider;
import org.apache.brooklyn.rest.util.ShutdownHandlerProvider;
import org.apache.brooklyn.util.collections.MutableMap;
import org.apache.brooklyn.util.core.BrooklynNetworkUtils;
import org.apache.brooklyn.util.core.ResourceUtils;
import org.apache.brooklyn.util.core.crypto.FluentKeySigner;
import org.apache.brooklyn.util.core.crypto.SecureKeys;
import org.apache.brooklyn.util.core.file.ArchiveBuilder;
import org.apache.brooklyn.util.core.flags.FlagUtils;
import org.apache.brooklyn.util.core.flags.SetFromFlag;
import org.apache.brooklyn.util.core.flags.TypeCoercions;
import org.apache.brooklyn.util.exceptions.Exceptions;
import org.apache.brooklyn.util.io.FileUtil;
import org.apache.brooklyn.util.javalang.Threads;
import org.apache.brooklyn.util.logging.LoggingSetup;
import org.apache.brooklyn.util.net.Networking;
import org.apache.brooklyn.util.os.Os;
import org.apache.brooklyn.util.stream.Streams;
import org.apache.brooklyn.util.text.Identifiers;
import org.apache.brooklyn.util.text.Strings;
import org.apache.brooklyn.util.time.Duration;
import org.apache.brooklyn.util.time.Time;
import org.apache.brooklyn.util.web.ContextHandlerCollectionHotSwappable;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.eclipse.jetty.webapp.WebAppContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/brooklyn/launcher/BrooklynWebServer.class */
public class BrooklynWebServer {
    private static final Logger log = LoggerFactory.getLogger(BrooklynWebServer.class);
    protected Server server;
    private WebAppContext rootContext;

    @SetFromFlag("port")
    protected PortRange requestedPort;

    @SetFromFlag
    protected PortRange httpPort;

    @SetFromFlag
    protected PortRange httpsPort;
    protected volatile int actualPort;
    protected InetAddress actualAddress;

    @SetFromFlag
    protected String war;

    @SetFromFlag
    protected InetAddress bindAddress;

    @SetFromFlag
    protected InetAddress publicAddress;

    @SetFromFlag
    private Map<String, String> wars;
    private Map<String, WebAppContextProvider> contextProviders;

    @SetFromFlag
    protected boolean ignoreWebappDeploymentFailures;

    @SetFromFlag
    private Map<String, Object> attributes;
    private ManagementContext managementContext;

    @SetFromFlag
    private Boolean httpsEnabled;

    @SetFromFlag
    private String sslCertificate;

    @SetFromFlag
    private String keystoreUrl;

    @SetFromFlag
    @Deprecated
    private String keystorePath;

    @SetFromFlag
    private String keystorePassword;

    @SetFromFlag
    private String keystoreCertAlias;

    @SetFromFlag
    private String truststorePath;

    @SetFromFlag
    private String trustStorePassword;

    @SetFromFlag
    private String transportProtocols;

    @SetFromFlag
    private String transportCiphers;
    private File webappTempDir;

    @SetFromFlag
    private boolean skipSecurity;
    private ShutdownHandler shutdownHandler;
    ContextHandlerCollectionHotSwappable handlers;
    private Thread shutdownHook;

    public BrooklynWebServer(ManagementContext managementContext) {
        this(Maps.newLinkedHashMap(), managementContext);
    }

    public BrooklynWebServer(Map<?, ?> map, ManagementContext managementContext) {
        this.requestedPort = null;
        this.httpPort = PortRanges.fromString("8081+");
        this.httpsPort = PortRanges.fromString("8443+");
        this.actualPort = -1;
        this.actualAddress = null;
        this.war = null;
        this.bindAddress = null;
        this.publicAddress = null;
        this.wars = new LinkedHashMap();
        this.contextProviders = new LinkedHashMap();
        this.ignoreWebappDeploymentFailures = false;
        this.attributes = new LinkedHashMap();
        this.skipSecurity = false;
        this.handlers = new ContextHandlerCollectionHotSwappable();
        this.shutdownHook = null;
        this.managementContext = managementContext;
        Map fieldsFromFlags = FlagUtils.setFieldsFromFlags(map, this);
        if (!fieldsFromFlags.isEmpty()) {
            log.warn("Ignoring unknown flags " + fieldsFromFlags);
        }
        this.webappTempDir = BrooklynServerPaths.getBrooklynWebTmpDir(managementContext);
    }

    public BrooklynWebServer(ManagementContext managementContext, int i) {
        this(managementContext, i, null);
    }

    public BrooklynWebServer(ManagementContext managementContext, int i, String str) {
        this((Map<?, ?>) MutableMap.of("port", Integer.valueOf(i), "war", str), managementContext);
    }

    public BrooklynWebServer skipSecurity() {
        return skipSecurity(true);
    }

    public BrooklynWebServer skipSecurity(boolean z) {
        this.skipSecurity = z;
        return this;
    }

    public void setShutdownHandler(@Nullable ShutdownHandler shutdownHandler) {
        this.shutdownHandler = shutdownHandler;
    }

    public BrooklynWebServer setPort(Object obj) {
        if (getActualPort() > 0) {
            throw new IllegalStateException("Can't set port after port has been assigned to server (using " + getActualPort() + ")");
        }
        this.requestedPort = (PortRange) TypeCoercions.coerce(obj, PortRange.class);
        return this;
    }

    @VisibleForTesting
    File getWebappTempDir() {
        return this.webappTempDir;
    }

    public BrooklynWebServer setHttpsEnabled(Boolean bool) {
        this.httpsEnabled = bool;
        return this;
    }

    public boolean getHttpsEnabled() {
        return ((Boolean) getConfig(this.httpsEnabled, BrooklynWebConfig.HTTPS_REQUIRED)).booleanValue();
    }

    public PortRange getRequestedPort() {
        return this.requestedPort;
    }

    public int getActualPort() {
        return this.actualPort;
    }

    public InetAddress getAddress() {
        return this.actualAddress != null ? this.actualAddress : !shouldBindToAll() ? this.bindAddress : BrooklynNetworkUtils.getLocalhostInetAddress();
    }

    public String getRootUrl() {
        String hostName = this.publicAddress != null ? this.publicAddress.getHostName() : getAddress().getHostName();
        if (getActualPort() > 0) {
            return (getHttpsEnabled() ? "https" : "http") + "://" + hostName + ":" + getActualPort() + "/";
        }
        return null;
    }

    public BrooklynWebServer setWar(String str) {
        this.war = str;
        return this;
    }

    public BrooklynWebServer addWar(String str, String str2) {
        addWar(new WebAppContextProvider(str, str2));
        return this;
    }

    public BrooklynWebServer addWar(WebAppContextProvider webAppContextProvider) {
        this.contextProviders.put(webAppContextProvider.getPath(), webAppContextProvider);
        return this;
    }

    public BrooklynWebServer setBindAddress(InetAddress inetAddress) {
        this.bindAddress = inetAddress;
        return this;
    }

    public BrooklynWebServer setPublicAddress(InetAddress inetAddress) {
        this.publicAddress = inetAddress;
        return this;
    }

    @Deprecated
    public BrooklynWebServer addAttribute(String str, Object obj) {
        return setAttribute(str, obj);
    }

    public BrooklynWebServer setAttribute(String str, Object obj) {
        this.attributes.put(str, obj);
        return this;
    }

    public <T> BrooklynWebServer configure(ConfigKey<T> configKey, T t) {
        return setAttribute(configKey.getName(), t);
    }

    public BrooklynWebServer putAttributes(Map map) {
        if (map != null) {
            this.attributes.putAll(map);
        }
        return this;
    }

    public synchronized void start() throws Exception {
        ServerConnector serverConnector;
        if (this.server != null) {
            throw new IllegalStateException("" + this + " already running");
        }
        if (this.actualPort == -1) {
            PortRange portRange = (PortRange) getConfig(this.requestedPort, BrooklynWebConfig.WEB_CONSOLE_PORT);
            if (portRange == null) {
                portRange = getHttpsEnabled() ? this.httpsPort : this.httpPort;
            }
            this.actualPort = LocalhostMachineProvisioningLocation.obtainPort(shouldBindToAll() ? Networking.ANY_NIC : getAddress(), portRange, true);
            if (this.actualPort == -1) {
                throw new IllegalStateException("Unable to provision port for rest server (wanted " + portRange + ")");
            }
        }
        QueuedThreadPool queuedThreadPool = new QueuedThreadPool();
        queuedThreadPool.setName("brooklyn-jetty-server-" + this.actualPort + "-" + queuedThreadPool.getName());
        this.server = new Server(queuedThreadPool);
        if (getHttpsEnabled()) {
            HttpConfiguration httpConfiguration = new HttpConfiguration();
            httpConfiguration.setSecureScheme("https");
            httpConfiguration.setSecurePort(this.actualPort);
            serverConnector = new ServerConnector(this.server, new ConnectionFactory[]{new SslConnectionFactory(createContextFactory(), HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfiguration)});
        } else {
            serverConnector = new ServerConnector(this.server, new ConnectionFactory[]{new HttpConnectionFactory()});
        }
        if (this.bindAddress != null) {
            serverConnector.setHost(this.bindAddress.getHostName());
        }
        serverConnector.setPort(this.actualPort);
        this.server.setConnectors(new Connector[]{serverConnector});
        if (shouldBindToAll()) {
            this.actualAddress = null;
        } else {
            this.actualAddress = this.bindAddress;
        }
        if (this.war == null) {
            this.war = createTempWarWithIndexHtml("This server is running the Brooklyn REST API only. No UI.");
        }
        if (log.isDebugEnabled()) {
            log.debug("Starting Brooklyn rest server at " + getRootUrl() + ", running " + this.war + (this.wars != null ? " and " + this.wars.values() : ""));
        }
        addShutdownHook();
        MutableMap copyOf = MutableMap.copyOf(this.contextProviders);
        for (Map.Entry<String, String> entry : this.wars.entrySet()) {
            copyOf.put(entry.getKey(), new WebAppContextProvider(entry.getKey(), entry.getValue()));
        }
        WebAppContextProvider webAppContextProvider = (WebAppContextProvider) copyOf.remove("");
        if (webAppContextProvider == null) {
            webAppContextProvider = new WebAppContextProvider("/", this.war);
        }
        Iterator it = copyOf.values().iterator();
        while (it.hasNext()) {
            deploy((WebAppContextProvider) it.next()).setTempDirectory(Os.mkdirs(new File(this.webappTempDir, newTimestampedDirName("war", 8))));
        }
        this.rootContext = deploy(webAppContextProvider);
        deployRestApi(this.rootContext);
        this.rootContext.setTempDirectory(Os.mkdirs(new File(this.webappTempDir, "war-root")));
        this.server.setHandler(this.handlers);
        try {
            this.server.start();
        } catch (BindException e) {
            log.warn("Initial server start-up failed binding (retrying after a delay): " + e);
            Time.sleep(Duration.millis(500));
            this.server.start();
        }
        BrooklynInitialization.reinitAll();
        if (this.managementContext instanceof ManagementContextInternal) {
            this.managementContext.setManagementNodeUri(new URI(getRootUrl()));
        }
        log.info("Started Brooklyn rest server at " + getRootUrl() + ", running " + webAppContextProvider + ((copyOf == null || copyOf.isEmpty()) ? "" : " and " + this.wars.values()));
    }

    private boolean shouldBindToAll() {
        try {
            if (this.bindAddress != null) {
                if (!this.bindAddress.equals(InetAddress.getByAddress(new byte[]{0, 0, 0, 0}))) {
                    return false;
                }
            }
            return true;
        } catch (UnknownHostException e) {
            throw Exceptions.propagate(e);
        }
    }

    private WebAppContext deployRestApi(WebAppContext webAppContext) {
        ImmutableList.Builder builder = ImmutableList.builder();
        builder.add(new Object[]{new ManagementContextProvider(), new ShutdownHandlerProvider(this.shutdownHandler), new RequestTaggingRsFilter(), new NoCacheFilter(), new HaHotCheckResourceFilter(), new EntitlementContextFilter(), new CsrfTokenFilter()});
        if (BrooklynFeatureEnablement.isEnabled("brooklyn.experimental.feature.corsCxfFeature")) {
            builder.add(new CorsImplSupplierFilter(this.managementContext));
        }
        RestApiSetup.installRest(webAppContext, builder.build().toArray());
        RestApiSetup.installServletFilters(webAppContext, new Class[]{RequestTaggingFilter.class, BrooklynSecurityProviderFilterJavax.class, LoggingFilter.class});
        return webAppContext;
    }

    private SslContextFactory createContextFactory() throws KeyStoreException {
        SslContextFactory sslContextFactory = new SslContextFactory();
        String keystoreUrl = getKeystoreUrl();
        String str = (String) getConfig(this.keystorePassword, BrooklynWebConfig.KEYSTORE_PASSWORD);
        String str2 = (String) getConfig(this.keystoreCertAlias, BrooklynWebConfig.KEYSTORE_CERTIFICATE_ALIAS);
        String str3 = (String) getConfig(this.transportProtocols, BrooklynWebConfig.TRANSPORT_PROTOCOLS);
        String str4 = (String) getConfig(this.transportCiphers, BrooklynWebConfig.TRANSPORT_CIPHERS);
        if (keystoreUrl != null) {
            sslContextFactory.setKeyStorePath(getLocalKeyStorePath(keystoreUrl));
            if (Strings.isEmpty(str)) {
                throw new IllegalArgumentException("Keystore password is required and non-empty if keystore is specified.");
            }
            sslContextFactory.setKeyStorePassword(str);
            if (Strings.isNonEmpty(str2)) {
                sslContextFactory.setCertAlias(str2);
            }
        } else {
            log.info("No keystore specified but https enabled; creating a default keystore");
            if (Strings.isEmpty(str2)) {
                str2 = "web-console";
            }
            if (Strings.isEmpty(str)) {
                str = Identifiers.makeRandomId(8);
                log.debug("created random password " + str + " for ad hoc internal keystore");
            }
            KeyStore newKeyStore = SecureKeys.newKeyStore();
            KeyPair newKeyPair = SecureKeys.newKeyPair();
            newKeyStore.setKeyEntry(str2, newKeyPair.getPrivate(), str.toCharArray(), new Certificate[]{new FluentKeySigner("brooklyn").newCertificateFor("web-console", newKeyPair)});
            sslContextFactory.setKeyStore(newKeyStore);
            sslContextFactory.setKeyStorePassword(str);
            sslContextFactory.setCertAlias(str2);
        }
        if (!Strings.isEmpty(this.truststorePath)) {
            sslContextFactory.setTrustStorePath(checkFileExists(this.truststorePath, "truststore"));
            sslContextFactory.setTrustStorePassword(this.trustStorePassword);
        }
        if (Strings.isNonBlank(str3)) {
            sslContextFactory.setIncludeProtocols(parseArray(str3));
        }
        if (Strings.isNonBlank(str4)) {
            sslContextFactory.setIncludeCipherSuites(parseArray(str4));
        }
        return sslContextFactory;
    }

    private String[] parseArray(String str) {
        List splitToList = Splitter.on(",").omitEmptyStrings().trimResults().splitToList(str);
        return (String[]) splitToList.toArray(new String[splitToList.size()]);
    }

    private String getKeystoreUrl() {
        if (this.keystoreUrl != null) {
            if (Strings.isNonBlank(this.keystorePath) && !this.keystoreUrl.equals(this.keystorePath)) {
                log.warn("Deprecated 'keystorePath' supplied with different value than 'keystoreUrl', preferring the latter: " + this.keystorePath + " / " + this.keystoreUrl);
            }
            return this.keystoreUrl;
        }
        if (!Strings.isNonBlank(this.keystorePath)) {
            return (String) this.managementContext.getConfig().getConfig(BrooklynWebConfig.KEYSTORE_URL);
        }
        log.warn("Deprecated 'keystorePath' used; callers should use 'keystoreUrl'");
        return this.keystorePath;
    }

    private <T> T getConfig(T t, ConfigKey<T> configKey) {
        return t != null ? t : (T) this.managementContext.getConfig().getConfig(configKey);
    }

    private String getLocalKeyStorePath(String str) {
        ResourceUtils create = ResourceUtils.create(this);
        create.checkUrlExists(str, BrooklynWebConfig.KEYSTORE_URL.getName());
        if (new File(str).exists()) {
            return str;
        }
        try {
            InputStream resourceFromUrl = create.getResourceFromUrl(str);
            File newTempFile = Os.newTempFile("brooklyn-keystore", "ks");
            newTempFile.deleteOnExit();
            try {
                FileUtil.copyTo(resourceFromUrl, newTempFile);
                Streams.closeQuietly(resourceFromUrl);
                return newTempFile.getAbsolutePath();
            } catch (Throwable th) {
                Streams.closeQuietly(resourceFromUrl);
                throw th;
            }
        } catch (Exception e) {
            Exceptions.propagateIfFatal(e);
            throw new IllegalArgumentException("Unable to access URL: " + str, e);
        }
    }

    private String newTimestampedDirName(String str, int i) {
        return str + "-" + new SimpleDateFormat("yyyyMMdd-HHmmss").format(new Date()) + "-" + Identifiers.makeRandomId(i);
    }

    private String checkFileExists(String str, String str2) {
        if (new File(str).exists()) {
            return str;
        }
        throw new IllegalArgumentException("Could not find " + str2 + ": " + str);
    }

    public synchronized void stop() throws Exception {
        if (this.server == null) {
            return;
        }
        String rootUrl = getRootUrl();
        if (this.shutdownHook != null) {
            Threads.removeShutdownHook(this.shutdownHook);
        }
        if (log.isDebugEnabled()) {
            log.debug("Stopping Brooklyn rest server at " + rootUrl + " (" + this.war + (this.wars != null ? " and " + this.wars.values() : "") + ")");
        }
        this.server.stop();
        try {
            this.server.join();
        } catch (Exception e) {
        }
        this.server = null;
        LocalhostMachineProvisioningLocation.releasePort(getAddress(), this.actualPort);
        this.actualPort = -1;
        if (log.isDebugEnabled()) {
            log.debug("Stopped Brooklyn rest server at " + rootUrl);
        }
    }

    protected synchronized void addShutdownHook() {
        if (this.shutdownHook != null) {
            return;
        }
        this.shutdownHook = Threads.addShutdownHook(new Runnable() { // from class: org.apache.brooklyn.launcher.BrooklynWebServer.1
            @Override // java.lang.Runnable
            public void run() {
                BrooklynWebServer.log.debug("BrooklynWebServer detected shutdown: stopping web-console");
                try {
                    BrooklynWebServer.this.stop();
                } catch (Exception e) {
                    BrooklynWebServer.log.error("Failure shutting down web-console: " + e, e);
                }
            }
        });
    }

    public WebAppContext deploy(String str, String str2) {
        return deploy(new WebAppContextProvider(str, str2));
    }

    public WebAppContext deploy(WebAppContextProvider webAppContextProvider) {
        WebAppContext webAppContext = webAppContextProvider.get(this.managementContext, this.attributes, this.ignoreWebappDeploymentFailures);
        initSecurity(webAppContext);
        deploy(webAppContext);
        return webAppContext;
    }

    private void initSecurity(WebAppContext webAppContext) {
        if (!this.skipSecurity) {
            webAppContext.addOverrideDescriptor(getClass().getResource("/web-security.xml").toExternalForm());
            return;
        }
        webAppContext.setSecurityHandler(new NopSecurityHandler());
        String strings = Strings.toString(this.managementContext.getBrooklynProperties().getConfigRaw(BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME).orNull());
        if (strings == null) {
            this.managementContext.getBrooklynProperties().put(BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME, AnyoneSecurityProvider.class.getName());
        } else {
            if (AnyoneSecurityProvider.class.getName().equals(strings)) {
                return;
            }
            log.warn("Server told to skip security with unexpected security provider: " + strings);
        }
    }

    public void deploy(WebAppContext webAppContext) {
        try {
            this.handlers.updateHandler(webAppContext);
        } catch (Exception e) {
            Throwables.propagate(e);
        }
    }

    public Server getServer() {
        return this.server;
    }

    public WebAppContext getRootContext() {
        return this.rootContext;
    }

    private static String createTempWebDirWithIndexHtml(String str) {
        File createTempDir = Files.createTempDir();
        createTempDir.deleteOnExit();
        try {
            Files.write(str, new File(createTempDir, "index.html"), Charsets.UTF_8);
        } catch (IOException e) {
            Exceptions.propagate(e);
        }
        return createTempDir.getAbsolutePath();
    }

    private static String createTempWarWithIndexHtml(String str) {
        File create = ArchiveBuilder.zip().addDirContentsAt(new File(createTempWebDirWithIndexHtml(str)), ".").create();
        create.deleteOnExit();
        return create.getAbsolutePath();
    }

    static {
        LoggingSetup.installJavaUtilLoggingBridge();
    }
}
