package dev.dsf.common.jetty;

import dev.dsf.common.auth.BackChannelLogoutAuthenticator;
import dev.dsf.common.auth.ClientCertificateAuthenticator;
import dev.dsf.common.auth.DelegatingAuthenticator;
import dev.dsf.common.auth.DsfLoginService;
import dev.dsf.common.auth.DsfOpenIdConfiguration;
import dev.dsf.common.auth.DsfOpenIdLoginService;
import dev.dsf.common.auth.DsfSecurityHandler;
import dev.dsf.common.auth.StatusPortAuthenticator;
import jakarta.servlet.ServletContainerInitializer;
import jakarta.servlet.ServletContext;
import jakarta.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.io.Writer;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.eclipse.jetty.annotations.AnnotationConfiguration;
import org.eclipse.jetty.client.HttpClient;
import org.eclipse.jetty.client.http.HttpClientTransportOverHTTP;
import org.eclipse.jetty.io.ClientConnector;
import org.eclipse.jetty.security.openid.OpenIdAuthenticator;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.handler.ErrorHandler;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.eclipse.jetty.webapp.Configuration;
import org.eclipse.jetty.webapp.WebAppContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dev/dsf/common/jetty/JettyServer.class */
public class JettyServer {
    private static final Logger logger = LoggerFactory.getLogger(JettyServer.class);
    private final Server server;
    private final WebAppContext webAppContext;

    public JettyServer(String str, JettyConfig jettyConfig, Stream<Class<? extends ServletContainerInitializer>> stream) {
        EnvJettyConfig envJettyConfig = new EnvJettyConfig(jettyConfig);
        this.server = new Server(threadPool());
        this.server.addConnector(envJettyConfig.createConnector(this.server));
        this.server.addConnector(envJettyConfig.createStatusConnector(this.server));
        this.webAppContext = webAppContext(str, envJettyConfig, stream);
        configureSecurityHandler(this.webAppContext, envJettyConfig.getStatusPort().orElseThrow(JettyConfig.propertyNotDefined(JettyConfig.PROPERTY_JETTY_STATUS_PORT)).intValue(), envJettyConfig.getClientTrustStore().orElseThrow(JettyConfig.propertyNotDefined(JettyConfig.PROPERTY_JETTY_AUTH_CLIENT_TRUST_CERTIFICATES)), envJettyConfig.getOidcConfig().orElse(null));
        this.server.setHandler(this.webAppContext);
        this.server.setErrorHandler(statusCodeOnlyErrorHandler());
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v7, types: [java.util.EventListener] */
    private void configureSecurityHandler(WebAppContext webAppContext, int i, KeyStore keyStore, OidcConfig oidcConfig) {
        DsfLoginService dsfLoginService = new DsfLoginService(webAppContext);
        DsfOpenIdConfiguration dsfOpenIdConfiguration = null;
        OpenIdAuthenticator openIdAuthenticator = null;
        DsfOpenIdLoginService dsfOpenIdLoginService = null;
        BackChannelLogoutAuthenticator backChannelLogoutAuthenticator = null;
        if (oidcConfig != null) {
            dsfOpenIdConfiguration = new DsfOpenIdConfiguration(oidcConfig.providerBaseUrl(), oidcConfig.clientId(), oidcConfig.clientSecret(), createOidcClient(oidcConfig), oidcConfig.ssoBackChannelLogoutEnabled());
            openIdAuthenticator = new OpenIdAuthenticator(dsfOpenIdConfiguration);
            dsfOpenIdLoginService = new DsfOpenIdLoginService(dsfOpenIdConfiguration, dsfLoginService);
            if (oidcConfig.ssoBackChannelLogoutEnabled()) {
                backChannelLogoutAuthenticator = new BackChannelLogoutAuthenticator(dsfOpenIdConfiguration, oidcConfig.ssoBackChannelPath());
            }
        }
        DsfSecurityHandler dsfSecurityHandler = new DsfSecurityHandler(dsfLoginService, new DelegatingAuthenticator(new StatusPortAuthenticator(i), new ClientCertificateAuthenticator(keyStore), openIdAuthenticator, dsfOpenIdLoginService, backChannelLogoutAuthenticator), dsfOpenIdConfiguration);
        dsfSecurityHandler.setSessionRenewedOnAuthentication(true);
        webAppContext.setSecurityHandler(dsfSecurityHandler);
        webAppContext.getSessionHandler().addEventListener(backChannelLogoutAuthenticator);
    }

    private HttpClient createOidcClient(OidcConfig oidcConfig) {
        SslContextFactory.Client client = new SslContextFactory.Client(false);
        if (oidcConfig.clientTrustStore() != null) {
            client.setTrustStore(oidcConfig.clientTrustStore());
        }
        if (oidcConfig.clientKeyStore() != null) {
            client.setKeyStore(oidcConfig.clientKeyStore());
            client.setKeyStorePassword(String.valueOf(oidcConfig.clientKeyStorePassword()));
        }
        ClientConnector clientConnector = new ClientConnector();
        clientConnector.setSslContextFactory(client);
        if (oidcConfig.clientIdleTimeout() != null) {
            clientConnector.setIdleTimeout(oidcConfig.clientIdleTimeout());
        }
        if (oidcConfig.clientConnectTimeout() != null) {
            clientConnector.setConnectTimeout(oidcConfig.clientConnectTimeout());
        }
        HttpClientWithGetRetry httpClientWithGetRetry = new HttpClientWithGetRetry(new HttpClientTransportOverHTTP(clientConnector), 5);
        if (oidcConfig.clientProxy() != null) {
            httpClientWithGetRetry.getProxyConfiguration().addProxy(oidcConfig.clientProxy());
        }
        return httpClientWithGetRetry;
    }

    private QueuedThreadPool threadPool() {
        QueuedThreadPool queuedThreadPool = new QueuedThreadPool();
        queuedThreadPool.setName("jetty-server");
        return queuedThreadPool;
    }

    private WebAppContext webAppContext(String str, JettyConfig jettyConfig, Stream<Class<? extends ServletContainerInitializer>> stream) {
        String[] classPath = classPath();
        WebAppContext webAppContext = new WebAppContext();
        Map<String, String> allProperties = jettyConfig.getAllProperties();
        Objects.requireNonNull(webAppContext);
        allProperties.forEach(webAppContext::setInitParameter);
        webAppContext.getServerClassMatcher().exclude((String[]) stream.map((v0) -> {
            return v0.getName();
        }).toArray(i -> {
            return new String[i];
        }));
        webAppContext.setContextPath(jettyConfig.getContextPath().orElseThrow(JettyConfig.propertyNotDefined(JettyConfig.PROPERTY_JETTY_CONTEXT_PATH)));
        webAppContext.setLogUrlOnStart(true);
        webAppContext.setThrowUnavailableOnStartupException(true);
        webAppContext.setConfigurations(new Configuration[]{new AnnotationConfiguration()});
        webAppContext.getMetaData().setWebInfClassesResources(Stream.of((Object[]) classPath).filter(str2 -> {
            return str2.contains(str);
        }).map(str3 -> {
            return Paths.get(str3, new String[0]);
        }).map(Resource::newResource).toList());
        webAppContext.setErrorHandler(statusCodeOnlyErrorHandler());
        logger.debug("Java classpath: {}", Arrays.toString(classPath));
        logger.debug("Resources for jetty: {}", webAppContext.getMetaData().getWebInfClassesResources());
        logger.debug("Init parameters: {}", clean(webAppContext.getInitParams()));
        return webAppContext;
    }

    private String clean(Map<String, String> map) {
        return (String) map.entrySet().stream().map(entry -> {
            return (entry.getKey() == null || entry.getValue() == null || !(((String) entry.getKey()).toLowerCase(Locale.ENGLISH).endsWith("password") || ((String) entry.getKey()).toLowerCase(Locale.ENGLISH).endsWith("secret"))) ? ((String) entry.getKey()) + ": " + ((String) entry.getValue()) : ((String) entry.getKey()) + ": ***";
        }).collect(Collectors.joining(", ", "{", "}"));
    }

    private String[] classPath() {
        return System.getProperty("java.class.path").split(System.getProperty("path.separator"));
    }

    private ErrorHandler statusCodeOnlyErrorHandler() {
        return new ErrorHandler() { // from class: dev.dsf.common.jetty.JettyServer.1
            protected void writeErrorPage(HttpServletRequest httpServletRequest, Writer writer, int i, String str, boolean z) throws IOException {
                JettyServer.logger.warn("Error {}: {}", Integer.valueOf(i), str);
            }
        };
    }

    public final void start() {
        try {
            beforeStart();
            Runtime.getRuntime().addShutdownHook(new Thread(this::stop));
            try {
                logger.info("Starting jetty server ...");
                this.server.start();
            } catch (Exception e) {
                try {
                    stop();
                } catch (Exception e2) {
                    e.addSuppressed(e2);
                }
                if (!(e instanceof RuntimeException)) {
                    throw new RuntimeException(e);
                }
                throw ((RuntimeException) e);
            }
        } catch (Exception e3) {
            throw new RuntimeException(e3);
        }
    }

    public void beforeStart() {
    }

    public final void stop() {
        logger.info("Stopping jetty server ...");
        try {
            this.server.stop();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public final ServletContext getServletContext() {
        if (this.webAppContext == null) {
            return null;
        }
        return this.webAppContext.getServletContext();
    }
}
