package org.openremote.container.web;

import io.undertow.Undertow;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.RequestDumpingHandler;
import io.undertow.servlet.Servlets;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.DeploymentManager;
import io.undertow.servlet.api.FilterInfo;
import io.undertow.servlet.util.ImmediateInstanceHandle;
import io.undertow.util.HeaderMap;
import jakarta.servlet.DispatcherType;
import jakarta.ws.rs.core.UriBuilder;
import java.lang.System;
import java.net.Inet4Address;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import org.jboss.resteasy.core.ResteasyDeploymentImpl;
import org.jboss.resteasy.plugins.interceptors.GZIPEncodingInterceptor;
import org.jboss.resteasy.spi.ResteasyDeployment;
import org.openremote.container.json.JacksonConfig;
import org.openremote.container.message.MessageBrokerService;
import org.openremote.container.persistence.PersistenceService;
import org.openremote.container.security.CORSFilter;
import org.openremote.container.security.IdentityService;
import org.openremote.container.security.keycloak.KeycloakIdentityProvider;
import org.openremote.container.util.MapAccess;
import org.openremote.container.web.WebServiceExceptions;
import org.openremote.model.Container;
import org.openremote.model.ContainerService;
import org.openremote.model.util.TextUtil;
import org.xnio.Options;

/* loaded from: input_file:org/openremote/container/web/WebService.class */
public abstract class WebService implements ContainerService {
    public static final String OR_WEBSERVER_LISTEN_HOST = "OR_WEBSERVER_LISTEN_HOST";
    public static final String OR_WEBSERVER_LISTEN_HOST_DEFAULT = "0.0.0.0";
    public static final String OR_WEBSERVER_LISTEN_PORT = "OR_WEBSERVER_LISTEN_PORT";
    public static final int OR_WEBSERVER_LISTEN_PORT_DEFAULT = 8080;
    public static final String OR_WEBSERVER_DUMP_REQUESTS = "OR_WEBSERVER_DUMP_REQUESTS";
    public static final boolean OR_WEBSERVER_DUMP_REQUESTS_DEFAULT = false;
    public static final String OR_WEBSERVER_ALLOWED_ORIGINS = "OR_WEBSERVER_ALLOWED_ORIGINS";
    public static final String OR_WEBSERVER_IO_THREADS_MAX = "OR_WEBSERVER_IO_THREADS_MAX";
    public static final String OR_WEBSERVER_WORKER_THREADS_MAX = "OR_WEBSERVER_WORKER_THREADS_MAX";
    protected static AtomicReference<CORSFilter> corsFilterRef;
    protected boolean devMode;
    protected String host;
    protected int port;
    protected Undertow undertow;
    protected List<RequestHandler> httpHandlers = new ArrayList();
    protected URI containerHostUri;
    public static final int OR_WEBSERVER_IO_THREADS_MAX_DEFAULT = Math.max(Runtime.getRuntime().availableProcessors(), 2);
    public static final int WEBSERVER_WORKER_THREADS_MAX_DEFAULT = Math.max(Runtime.getRuntime().availableProcessors(), 10);
    private static final System.Logger LOG = System.getLogger(WebService.class.getName());

    /* loaded from: input_file:org/openremote/container/web/WebService$RequestHandler.class */
    public static class RequestHandler {
        protected String name;
        protected Predicate<HttpServerExchange> handlePredicate;
        protected HttpHandler handler;

        public RequestHandler(String str, Predicate<HttpServerExchange> predicate, HttpHandler httpHandler) {
            this.name = str;
            this.handlePredicate = predicate;
            this.handler = httpHandler;
        }

        public String getName() {
            return this.name;
        }

        public Predicate<HttpServerExchange> getHandlePredicate() {
            return this.handlePredicate;
        }

        public HttpHandler getHandler() {
            return this.handler;
        }
    }

    protected static String getLocalIpAddress() throws Exception {
        return Inet4Address.getLocalHost().getHostAddress();
    }

    public static RequestHandler pathStartsWithHandler(String str, String str2, HttpHandler httpHandler) {
        return new RequestHandler(str, httpServerExchange -> {
            return httpServerExchange.getRequestPath().startsWith(str2);
        }, httpHandler);
    }

    public int getPriority() {
        return MessageBrokerService.PRIORITY;
    }

    public void init(Container container) throws Exception {
        this.devMode = container.isDevMode();
        this.host = MapAccess.getString(container.getConfig(), OR_WEBSERVER_LISTEN_HOST, OR_WEBSERVER_LISTEN_HOST_DEFAULT);
        this.port = MapAccess.getInteger(container.getConfig(), OR_WEBSERVER_LISTEN_PORT, OR_WEBSERVER_LISTEN_PORT_DEFAULT);
        this.containerHostUri = UriBuilder.fromPath("/").scheme("http").host((this.host.equalsIgnoreCase(PersistenceService.OR_DB_HOST_DEFAULT) || this.host.indexOf("127") == 0 || this.host.indexOf(OR_WEBSERVER_LISTEN_HOST_DEFAULT) == 0) ? getLocalIpAddress() : this.host).port(this.port).build(new Object[0]);
        this.undertow = build(container, Undertow.builder().addHttpListener(this.port, this.host).setIoThreads(MapAccess.getInteger(container.getConfig(), OR_WEBSERVER_IO_THREADS_MAX, OR_WEBSERVER_IO_THREADS_MAX_DEFAULT)).setWorkerThreads(MapAccess.getInteger(container.getConfig(), OR_WEBSERVER_WORKER_THREADS_MAX, WEBSERVER_WORKER_THREADS_MAX_DEFAULT)).setWorkerOption(Options.WORKER_NAME, "WebService").setWorkerOption(Options.THREAD_DAEMON, true)).build();
        System.setProperty("io.undertow.websockets.core.read-timeout", "30000");
        System.setProperty("io.undertow.websockets.core.write-timeout", "30000");
    }

    public void start(Container container) throws Exception {
        if (this.undertow != null) {
            this.undertow.start();
            LOG.log(System.Logger.Level.INFO, "Webserver ready on http://" + this.host + ":" + this.port);
        }
    }

    public void stop(Container container) throws Exception {
        if (this.undertow != null) {
            this.undertow.stop();
            this.undertow = null;
        }
    }

    public static HttpHandler addServletDeployment(Container container, DeploymentInfo deploymentInfo, boolean z) {
        IdentityService identityService = (IdentityService) container.getService(IdentityService.class);
        boolean isDevMode = container.isDevMode();
        try {
            if (!z) {
                LOG.log(System.Logger.Level.INFO, "Deploying insecure web context: " + deploymentInfo.getContextPath());
            } else {
                if (identityService == null) {
                    throw new IllegalStateException("No identity service found, make sure " + IdentityService.class.getName() + " is added before this service");
                }
                identityService.secureDeployment(deploymentInfo);
            }
            deploymentInfo.setExceptionHandler(new WebServiceExceptions.ServletUndertowExceptionHandler(isDevMode));
            FilterInfo corsFilterInfo = getCorsFilterInfo(container);
            if (corsFilterInfo != null) {
                deploymentInfo.addFilter(corsFilterInfo);
                deploymentInfo.addFilterUrlMapping(corsFilterInfo.getName(), "*", DispatcherType.REQUEST);
                deploymentInfo.addFilterUrlMapping(corsFilterInfo.getName(), "*", DispatcherType.FORWARD);
            }
            DeploymentManager addDeployment = Servlets.defaultContainer().addDeployment(deploymentInfo);
            addDeployment.deploy();
            return addDeployment.start();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public void removeServletDeployment(DeploymentInfo deploymentInfo) {
        try {
            DeploymentManager deployment = Servlets.defaultContainer().getDeployment(deploymentInfo.getDeploymentName());
            deployment.stop();
            deployment.undeploy();
            Servlets.defaultContainer().removeDeployment(deploymentInfo);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public List<RequestHandler> getRequestHandlers() {
        return this.httpHandlers;
    }

    public URI getHostUri() {
        return this.containerHostUri;
    }

    protected Undertow.Builder build(Container container, Undertow.Builder builder) {
        LOG.log(System.Logger.Level.INFO, () -> {
            return "Building web routing with handler(s): " + ((String) getRequestHandlers().stream().map(requestHandler -> {
                return requestHandler.name;
            }).collect(Collectors.joining("\n")));
        });
        HttpHandler rootUndertowExceptionHandler = new WebServiceExceptions.RootUndertowExceptionHandler(this.devMode, httpServerExchange -> {
            RequestLogger.REQUEST_LOG.log(System.Logger.Level.DEBUG, () -> {
                String requestURI = httpServerExchange.getRequestURI();
                String inetSocketAddress = httpServerExchange.getSourceAddress().toString();
                HeaderMap requestHeaders = httpServerExchange.getRequestHeaders();
                String first = requestHeaders.getFirst("X-Forwarded-For");
                String first2 = requestHeaders.getFirst("Accept");
                SecurityContext securityContext = httpServerExchange.getSecurityContext();
                Account authenticatedAccount = securityContext != null ? securityContext.getAuthenticatedAccount() : null;
                return "Client request '" + requestURI + " (responseType=" + first2 + ")': user=" + (authenticatedAccount != null ? KeycloakIdentityProvider.getSubjectNameAndRealm(authenticatedAccount.getPrincipal()) : null) + ", origin=" + inetSocketAddress + ", forwarded-for=" + first;
            });
            boolean z = false;
            Iterator<RequestHandler> it = getRequestHandlers().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                RequestHandler next = it.next();
                if (next.handlePredicate.test(httpServerExchange)) {
                    LOG.log(System.Logger.Level.TRACE, () -> {
                        return "Handling '" + httpServerExchange.getRequestURI() + "' with handler: " + next.name;
                    });
                    next.handler.handleRequest(httpServerExchange);
                    z = true;
                    break;
                }
            }
            if (z) {
                return;
            }
            LOG.log(System.Logger.Level.WARNING, "No handler found for request: " + httpServerExchange.getRequestURI());
        });
        if (MapAccess.getBoolean(container.getConfig(), OR_WEBSERVER_DUMP_REQUESTS, false)) {
            rootUndertowExceptionHandler = new RequestDumpingHandler(rootUndertowExceptionHandler);
        }
        builder.setHandler(rootUndertowExceptionHandler);
        return builder;
    }

    protected ResteasyDeployment createResteasyDeployment(Container container, Collection<Class<?>> collection, Collection<Object> collection2, boolean z) {
        if (collection == null && collection2 == null) {
            return null;
        }
        WebApplication webApplication = new WebApplication(container, collection, collection2);
        ResteasyDeploymentImpl resteasyDeploymentImpl = new ResteasyDeploymentImpl();
        resteasyDeploymentImpl.setApplication(webApplication);
        resteasyDeploymentImpl.getProviders().add(new WebServiceExceptions.DefaultResteasyExceptionMapper(this.devMode));
        resteasyDeploymentImpl.getProviders().add(new WebServiceExceptions.ForbiddenResteasyExceptionMapper(this.devMode));
        resteasyDeploymentImpl.getProviders().add(new JacksonConfig());
        if (!container.isDevMode()) {
            resteasyDeploymentImpl.getProviders().add(GZIPEncodingInterceptor.class);
        }
        resteasyDeploymentImpl.getActualProviderClasses().add(AlreadyGzippedWriterInterceptor.class);
        resteasyDeploymentImpl.getActualProviderClasses().add(ClientErrorExceptionHandler.class);
        resteasyDeploymentImpl.setSecurityEnabled(z);
        return resteasyDeploymentImpl;
    }

    public Undertow getUndertow() {
        return this.undertow;
    }

    public static synchronized FilterInfo getCorsFilterInfo(Container container) {
        if (corsFilterRef == null) {
            CORSFilter cORSFilter = null;
            if (container.isDevMode()) {
                cORSFilter = new CORSFilter();
                cORSFilter.getAllowedOrigins().add("*");
                cORSFilter.setAllowCredentials(true);
                cORSFilter.setExposedHeaders("*");
                cORSFilter.setAllowedMethods("GET, POST, PUT, DELETE, OPTIONS, HEAD");
                cORSFilter.setCorsMaxAge(1209600);
            } else {
                Set<String> allowedOrigins = getAllowedOrigins(container);
                if (!allowedOrigins.isEmpty()) {
                    cORSFilter = new CORSFilter();
                    cORSFilter.setAllowCredentials(true);
                    cORSFilter.setAllowedMethods("GET, POST, PUT, DELETE, OPTIONS, HEAD");
                    cORSFilter.setExposedHeaders("*");
                    cORSFilter.setCorsMaxAge(1209600);
                    cORSFilter.getAllowedOrigins().addAll(allowedOrigins);
                }
            }
            corsFilterRef = new AtomicReference<>(cORSFilter);
        }
        if (corsFilterRef.get() == null) {
            return null;
        }
        CORSFilter cORSFilter2 = corsFilterRef.get();
        return Servlets.filter("CORS Filter", CORSFilter.class, () -> {
            return new ImmediateInstanceHandle(cORSFilter2);
        }).setAsyncSupported(true);
    }

    public static List<String> getExternalHostnames(Container container) {
        String string = MapAccess.getString(container.getConfig(), "OR_HOSTNAME", null);
        String string2 = MapAccess.getString(container.getConfig(), "OR_ADDITIONAL_HOSTNAMES", null);
        ArrayList arrayList = new ArrayList();
        if (!TextUtil.isNullOrEmpty(string2)) {
            arrayList.addAll(Arrays.stream(string2.split(",")).toList());
        }
        if (!TextUtil.isNullOrEmpty(string) && !arrayList.contains(string)) {
            arrayList.add(string);
        }
        return arrayList;
    }

    public static Set<String> getAllowedOrigins(Container container) {
        HashSet hashSet = new HashSet(getExternalHostnames(container).stream().map(str -> {
            return "https://" + str;
        }).toList());
        String string = MapAccess.getString(container.getConfig(), OR_WEBSERVER_ALLOWED_ORIGINS, null);
        if (!TextUtil.isNullOrEmpty(string)) {
            hashSet.addAll(Arrays.stream(string.split(",")).toList());
        }
        return hashSet;
    }
}
