package io.confluent.controlcenter.rest;

import com.fasterxml.jackson.databind.Module;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.datatype.jdk8.Jdk8Module;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.inject.Inject;
import com.google.inject.Injector;
import com.google.inject.Key;
import com.google.inject.Singleton;
import com.google.inject.TypeLiteral;
import io.confluent.controlcenter.ControlCenterConfig;
import io.confluent.controlcenter.ControlCenterConfigModule;
import io.confluent.controlcenter.annotation.Environment;
import io.confluent.controlcenter.annotation.Mode;
import io.confluent.controlcenter.client.ConfigurableClient;
import io.confluent.controlcenter.data.KafkaMetadataDao;
import io.confluent.controlcenter.data.PermissionsService;
import io.confluent.controlcenter.data.ScopedKafkaMetadataDao;
import io.confluent.controlcenter.data.ScopedPermissions;
import io.confluent.controlcenter.data.ScopedServiceVisibilityFilter;
import io.confluent.controlcenter.data.ScopedServiceVisibilityFilterFactory;
import io.confluent.controlcenter.data.ServiceVisibilityFilter;
import io.confluent.controlcenter.rest.jackson.KafkaModule;
import io.confluent.controlcenter.rest.jackson.ProtoJsonSerializerModule;
import io.confluent.controlcenter.ssl.SslHolder;
import io.confluent.controlcenter.ssl.SslUtils;
import io.confluent.controlcenter.util.ReflectionsUtils;
import io.confluent.rest.Application;
import io.confluent.rest.ApplicationServer;
import io.confluent.rest.RestConfig;
import io.confluent.rest.SslFactory;
import io.confluent.rest.auth.AuthUtil;
import java.lang.annotation.Annotation;
import java.lang.reflect.Modifier;
import java.net.URI;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.DispatcherType;
import javax.servlet.Filter;
import javax.websocket.DeploymentException;
import javax.websocket.Encoder;
import javax.websocket.server.ServerEndpoint;
import javax.websocket.server.ServerEndpointConfig;
import javax.ws.rs.Path;
import javax.ws.rs.core.Configurable;
import javax.ws.rs.ext.ContextResolver;
import javax.ws.rs.ext.ExceptionMapper;
import javax.ws.rs.ext.ParamConverterProvider;
import org.apache.kafka.common.metrics.JmxReporter;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.resource.ResourceCollection;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.websocket.jsr356.server.ServerContainer;
import org.glassfish.hk2.utilities.binding.AbstractBinder;
import org.glassfish.jersey.process.internal.RequestScoped;
import org.glassfish.jersey.servlet.ServletProperties;
import org.reflections.Reflections;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:io/confluent/controlcenter/rest/ControlCenterApplication.class */
public class ControlCenterApplication extends Application<RestConfig> implements ApplicationBase {
    private static final String staticResourcePath = "io/confluent/controlcenter/rest/static";
    private static final String nonApiRequests = "^/(?!(2.0/|3.0/|api/permissions|api/service-health/)).*";
    private final ControlCenterConfig controlCenterConfig;
    private Injector injector;
    private final Reflections reflections;
    private Mode.ModeType modeType;
    private final Predicate<Class<?>> predicate;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ControlCenterApplication.class);
    private static final List<String> securedPathSec = ImmutableList.of("/2.0/*", "/3.0/*", "/api/*");
    private static final List<String> unsecuredPathSec = ImmutableList.of("/2.0/feature/flags", "/3.0/license/payload", "/api/metadata/*");
    private static final List<String> nonProxyPathsRegex = (List) Stream.of((Object[]) new String[]{"/api/permissions", "/api/service-health/.*"}).collect(Collectors.toList());

    @Inject
    public ControlCenterApplication(RestConfig restConfig, ControlCenterConfig controlCenterConfig, Mode.ModeType modeType, Injector injector, Reflections reflections) {
        super(restConfig, controlCenterConfig.getString(ControlCenterConfig.UI_BASEPATH));
        this.predicate = cls -> {
            int modifiers = cls.getModifiers();
            Environment environment = (Environment) cls.getAnnotation(Environment.class);
            Mode mode = (Mode) cls.getAnnotation(Mode.class);
            return !Modifier.isAbstract(modifiers) && (environment == null || environment.environment() == Environment.EnvType.ON_PREM) && ((mode == null || mode.mode() == this.modeType) && this.injector.getInstance(cls) != null);
        };
        this.controlCenterConfig = controlCenterConfig;
        this.modeType = modeType;
        this.injector = injector;
        this.reflections = reflections;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.confluent.rest.Application
    public ResourceCollection getStaticResources() {
        return new ResourceCollection(new ModifiableResource(Resource.newClassPathResource(staticResourcePath), this.controlCenterConfig));
    }

    @Override // io.confluent.rest.Application
    protected void configurePreResourceHandling(ServletContextHandler servletContextHandler) {
        servletContextHandler.addFilter(new FilterHolder(new ProxyUriValidationFilter((List) getSubTypesOf(ProxyServlet.class).stream().filter((v0) -> {
            return v0.enabled();
        }).map((v0) -> {
            return v0.getPathSpec();
        }).map(str -> {
            return str.replace("*", JmxReporter.DEFAULT_INCLUDE);
        }).collect(Collectors.toList()), nonProxyPathsRegex)), "/api/*", (EnumSet<DispatcherType>) null);
        servletContextHandler.addFilter(new FilterHolder((Filter) this.injector.getInstance(ReadOnlyRolesFilter.class)), "/*", (EnumSet<DispatcherType>) null);
        servletContextHandler.addFilter(new FilterHolder((Filter) this.injector.getInstance(AvailableResourceFilter.class)), "/*", (EnumSet<DispatcherType>) null);
        servletContextHandler.addFilter(new FilterHolder((Filter) this.injector.getInstance(CustomHeaderFilter.class)), "/*", (EnumSet<DispatcherType>) null);
    }

    @Override // io.confluent.rest.Application
    protected void configurePostResourceHandling(ServletContextHandler servletContextHandler) {
        long longValue = this.controlCenterConfig.getLong(ControlCenterConfig.CONTROL_CENTER_AUTH_SESSION_EXPIRATION_MS).longValue();
        if (longValue > 0) {
            servletContextHandler.getSessionHandler().setMaxInactiveInterval((int) TimeUnit.SECONDS.toSeconds(longValue));
        }
        servletContextHandler.addFilter(new FilterHolder((Filter) this.injector.getInstance(StaticContentFilter.class)), "/*", (EnumSet<DispatcherType>) null);
        configureProxyServices(servletContextHandler);
        configureErrorHandler(servletContextHandler);
    }

    @Override // io.confluent.rest.Application
    protected void registerWebSocketEndpoints(ServerContainer serverContainer) {
        if (this.controlCenterConfig.getBoolean(ControlCenterConfig.TOPIC_INSPECTION_ENABLED).booleanValue()) {
            List asList = AuthUtil.isCorsEnabled(this.config) ? Arrays.asList(StringUtil.csvSplit(this.config.getString("access.control.allow.origin"))) : null;
            getTypesAnnotatedWith(ServerEndpoint.class).forEach(obj -> {
                Class<?> cls = obj.getClass();
                String value = ((ServerEndpoint) cls.getAnnotation(ServerEndpoint.class)).value();
                Class<? extends Encoder>[] encoders = ((ServerEndpoint) cls.getAnnotation(ServerEndpoint.class)).encoders();
                log.info("adding websocket endpoint " + cls.getSimpleName());
                try {
                    serverContainer.addEndpoint(ServerEndpointConfig.Builder.create(cls, value).configurator(new ServerEndpointConfig.Configurator() { // from class: io.confluent.controlcenter.rest.ControlCenterApplication.1
                        @Override // javax.websocket.server.ServerEndpointConfig.Configurator
                        public <T> T getEndpointInstance(Class<T> cls2) {
                            return (T) ControlCenterApplication.this.injector.getInstance(cls2);
                        }

                        @Override // javax.websocket.server.ServerEndpointConfig.Configurator
                        public boolean checkOrigin(String str) {
                            if (asList == null || StringUtil.isBlank(str) || asList.contains("*")) {
                                return true;
                            }
                            Stream stream = asList.stream();
                            str.getClass();
                            return stream.anyMatch(str::equalsIgnoreCase);
                        }
                    }).encoders(Arrays.asList(encoders)).build());
                } catch (DeploymentException e) {
                    log.error("unable to deploy websocket endpoints", (Throwable) e);
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.confluent.rest.Application
    public void configureSecurityHandler(ServletContextHandler servletContextHandler) {
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        RestSecuritySetup restSecuritySetup = (RestSecuritySetup) this.injector.getInstance(RestSecuritySetup.class);
        if (restSecuritySetup.getRealm() != null) {
            securedPathSec.forEach(str -> {
                constraintSecurityHandler.addConstraintMapping(AuthUtil.createSecuredConstraint(this.config, str));
            });
            unsecuredPathSec.forEach(str2 -> {
                constraintSecurityHandler.addConstraintMapping(AuthUtil.createUnsecuredConstraint(this.config, str2));
            });
        }
        constraintSecurityHandler.setRealmName(restSecuritySetup.getRealm());
        constraintSecurityHandler.setAuthenticator(restSecuritySetup.getAuthenticator());
        constraintSecurityHandler.setLoginService(restSecuritySetup.getLoginService());
        constraintSecurityHandler.setIdentityService(restSecuritySetup.getIdentityService());
        List<ConstraintMapping> createUnsecuredConstraints = AuthUtil.createUnsecuredConstraints(this.config);
        constraintSecurityHandler.getClass();
        createUnsecuredConstraints.forEach(constraintSecurityHandler::addConstraintMapping);
        servletContextHandler.setSecurityHandler(constraintSecurityHandler);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.confluent.rest.Application
    public void registerJsonProvider(Configurable<?> configurable, RestConfig restConfig, boolean z) {
        super.registerJsonProvider(configurable, restConfig, false);
        configurable.register(JsonParseExceptionMapper.class);
    }

    @Override // io.confluent.rest.Application
    public void setupResources(Configurable<?> configurable, RestConfig restConfig) {
        ImmutableSet subTypesOf = getSubTypesOf(ExceptionMapper.class);
        configurable.getClass();
        subTypesOf.forEach((v1) -> {
            r1.register2(v1);
        });
        configurable.register(com.fasterxml.jackson.jaxrs.base.JsonMappingExceptionMapper.class);
        ImmutableSet<Object> typesAnnotatedWith = getTypesAnnotatedWith(Path.class);
        configurable.getClass();
        typesAnnotatedWith.forEach(configurable::register2);
        ImmutableSet subTypesOf2 = getSubTypesOf(ParamConverterProvider.class);
        configurable.getClass();
        subTypesOf2.forEach((v1) -> {
            r1.register2(v1);
        });
        configurable.register2(new ContextResolver<ObjectMapper>() { // from class: io.confluent.controlcenter.rest.ControlCenterApplication.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // javax.ws.rs.ext.ContextResolver
            public ObjectMapper getContext(Class<?> cls) {
                return ControlCenterApplication.this.getJsonMapper();
            }

            @Override // javax.ws.rs.ext.ContextResolver
            public /* bridge */ /* synthetic */ ObjectMapper getContext(Class cls) {
                return getContext((Class<?>) cls);
            }
        });
        configurable.register2(new AbstractBinder() { // from class: io.confluent.controlcenter.rest.ControlCenterApplication.3
            @Override // org.glassfish.hk2.utilities.binding.AbstractBinder
            protected void configure() {
                bindFactory(ScopedPermissionsFactory.class).to(ScopedPermissions.class).proxy(true).proxyForSameScope(false).in(RequestScoped.class);
                bind((AnonymousClass3) ControlCenterApplication.this.injector.getInstance(PermissionsService.class)).to(PermissionsService.class);
                bindFactory(ScopedKafkaMetadataDaoFactory.class).to(ScopedKafkaMetadataDao.class).proxy(true).proxyForSameScope(false).in(RequestScoped.class);
                bind((AnonymousClass3) ControlCenterApplication.this.injector.getInstance(KafkaMetadataDao.class)).to(KafkaMetadataDao.class);
                bindFactory(ScopedServiceVisibilityFilterFactory.class).to(ScopedServiceVisibilityFilter.class).proxy(true).proxyForSameScope(false).in(RequestScoped.class);
                bind((AnonymousClass3) ControlCenterApplication.this.injector.getInstance(ServiceVisibilityFilter.class)).to(ServiceVisibilityFilter.class);
            }
        });
        configurable.property2(ServletProperties.FILTER_STATIC_CONTENT_REGEX, nonApiRequests);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.confluent.rest.Application
    public ObjectMapper getJsonMapper() {
        ObjectMapper jsonMapper = super.getJsonMapper();
        jsonMapper.registerModule((Module) this.injector.getInstance(ProtoJsonSerializerModule.class));
        jsonMapper.registerModule(new KafkaModule());
        jsonMapper.registerModule(new Jdk8Module());
        return jsonMapper;
    }

    private void configureProxyServices(ServletContextHandler servletContextHandler) {
        SslHolder sslHolder = (SslHolder) this.injector.getInstance(Key.get(SslHolder.class, (Class<? extends Annotation>) ControlCenterConfigModule.ServerSslHolder.class));
        List list = (List) this.injector.getInstance(Key.get(new TypeLiteral<List<SslHolder>>() { // from class: io.confluent.controlcenter.rest.ControlCenterApplication.4
        }));
        SslContextFactory createSslContextFactory = SslFactory.createSslContextFactory(this.config.getBaseSslConfig());
        SslUtils.JettySslUtils.buildJettySslContext(createSslContextFactory, sslHolder, list, this.controlCenterConfig);
        Iterator<SslContextFactory> it = this.server.getSslContextFactories().values().iterator();
        while (it.hasNext()) {
            SslUtils.JettySslUtils.buildJettySslContext(it.next(), sslHolder, list, this.controlCenterConfig);
        }
        int intValue = this.controlCenterConfig.getInt(ControlCenterConfig.PROXY_REQUEST_BUFFER_SIZE).intValue();
        getSubTypesOf(ProxyServlet.class).stream().filter((v0) -> {
            return v0.enabled();
        }).forEach(proxyServlet -> {
            servletContextHandler.addServlet(new ServletHolder(proxyServlet), proxyServlet.getPathSpec());
            proxyServlet.setRequestBufferSize(intValue);
            proxyServlet.setSslContextFactory(createSslContextFactory);
        });
        getSubTypesOf(ConfigurableClient.class).stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).forEach(configurableClient -> {
            configurableClient.setSslContextFactory(createSslContextFactory);
        });
        ((ServiceVisibilityFilter) this.injector.getInstance(ServiceVisibilityFilter.class)).setSslContextFactory(createSslContextFactory);
    }

    private <T> ImmutableSet<T> getSubTypesOf(Class<T> cls) {
        ImmutableSet.Builder builder = ImmutableSet.builder();
        ReflectionsUtils.getSubTypesOf(this.reflections, cls, builder, this.predicate, cls2 -> {
            return this.injector.getInstance(cls2);
        });
        return builder.build();
    }

    public ApplicationServer<?> getServer() {
        return this.server;
    }

    private ImmutableSet<Object> getTypesAnnotatedWith(Class<? extends Annotation> cls) {
        ImmutableSet.Builder builder = ImmutableSet.builder();
        ReflectionsUtils.getTypesAnnotatedWith(this.reflections, cls, builder, this.predicate, cls2 -> {
            return this.injector.getInstance(cls2);
        });
        return builder.build();
    }

    @VisibleForTesting
    URI getServerUri() {
        return this.server.getURI();
    }
}
