package com.hazelcast.webmonitor;

import com.hazelcast.webmonitor.config.BuildInfo;
import com.hazelcast.webmonitor.config.LauncherConfigOptions;
import com.hazelcast.webmonitor.configreplacer.SystemProperties;
import com.hazelcast.webmonitor.security.spi.impl.ldap.PersistentLdapConfigFactory;
import com.hazelcast.webmonitor.service.ManagementCenterContext;
import java.io.Console;
import java.io.IOException;
import java.security.Security;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.conscrypt.OpenSSLProvider;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.ForwardedRequestCustomizer;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.handler.HandlerList;
import org.eclipse.jetty.server.handler.SecuredRedirectHandler;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.webapp.WebAppContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/classes/com/hazelcast/webmonitor/Launcher.class
 */
/* loaded from: input_file:com/hazelcast/webmonitor/Launcher.class */
public final class Launcher {
    private static final String INCLUDE_CIPHER_SUITES = "hazelcast.mc.include.cipher.suites";
    private static final String EXCLUDE_CIPHER_SUITES = "hazelcast.mc.exclude.cipher.suites";
    static final String MC_INTERNAL_MODE_KEY = "hazelcast.mc.internal.mode";
    private static final String DEFAULT_CONTEXT_PATH = "/";
    private static final String HEALTH_CHECK_PATH = "/health";
    private static final int DEFAULT_PORT = 8080;
    private static final int DEFAULT_TLS_PORT = 8443;
    private static final int ERROR_EXIT_STATUS = 100;
    private static final int DEFAULT_SESSION_TIMEOUT_SECONDS = 1800;
    private final int port;
    private final int tlsPort;
    private final int healthCheckPort;
    private final String contextPath;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) Launcher.class);
    private static final long CONNECTION_IDLE_TIMEOUT_MILLIS = TimeUnit.HOURS.toMillis(1);
    private static final List<String> TLS_PROTOCOLS = Arrays.asList("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "SSLv2Hello");

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/classes/com/hazelcast/webmonitor/Launcher$HealthCheckServlet.class
     */
    /* loaded from: input_file:com/hazelcast/webmonitor/Launcher$HealthCheckServlet.class */
    public static class HealthCheckServlet extends HttpServlet {
        @Override // javax.servlet.http.HttpServlet
        protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
            httpServletResponse.setContentType("application/json");
            httpServletResponse.setStatus(200);
            httpServletResponse.getWriter().println("{\"managementCenterState\": \"ACTIVE\"}");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/classes/com/hazelcast/webmonitor/Launcher$InternalMode.class
     */
    /* loaded from: input_file:com/hazelcast/webmonitor/Launcher$InternalMode.class */
    public enum InternalMode {
        PROD("PROD"),
        DEV("DEV");

        final String commandLineArgument;

        InternalMode(String str) {
            this.commandLineArgument = str;
        }

        static InternalMode from(String str) {
            return (InternalMode) Arrays.stream(values()).filter(internalMode -> {
                return internalMode.commandLineArgument.equals(str);
            }).findAny().orElse(PROD);
        }
    }

    public Launcher() {
        this.port = isRunningOnCloudFoundry() ? Integer.parseInt(System.getenv("PORT")) : SystemProperties.getInteger(LauncherConfigOptions.HTTP_PORT, DEFAULT_PORT);
        this.tlsPort = SystemProperties.getInteger(LauncherConfigOptions.HTTPS_PORT, DEFAULT_TLS_PORT);
        this.healthCheckPort = SystemProperties.getInteger(LauncherConfigOptions.HEALTH_CHECK_PORT, this.port + 1);
        this.contextPath = normalizeContextPath(SystemProperties.getProperty(LauncherConfigOptions.CONTEXT_PATH, "/"));
    }

    public static void main(String[] strArr) {
        System.setProperty(ManagementCenterContext.MC_STANDALONE_KEY, Boolean.TRUE.toString());
        System.setProperty("jetty.version", BuildInfo.getJettyVersion());
        new Launcher().start();
    }

    public Server start() {
        askAndSetKeyStorePasswordIfNecessary();
        return startServer();
    }

    private Server startServer() {
        Server server = new Server();
        boolean z = SystemProperties.getBoolean(LauncherConfigOptions.TLS_ENABLED);
        if (z) {
            if (SystemProperties.getBoolean(LauncherConfigOptions.TLS_ENABLE_HTTP_PORT, false)) {
                server.addConnector(createHttpConnector(server));
            }
            server.addConnector(createHttpsConnector(server));
        } else {
            server.addConnector(createHttpConnector(server));
        }
        ServletContextHandler servletContextHandler = null;
        if (SystemProperties.getBoolean(LauncherConfigOptions.HEALTH_CHECK_ENABLED)) {
            server.addConnector(createHealthCheckHttpConnector(server));
            servletContextHandler = createHealthCheckHandler();
            LOGGER.info("Health check is enabled and available at http://localhost:" + this.healthCheckPort + healthCheckPathWithContextPath());
        }
        WebAppContext createWebAppContext = createWebAppContext();
        server.setHandler(createHandlerList(z, createWebAppContext, servletContextHandler));
        server.setStopAtShutdown(true);
        disableVersionHeader(server);
        try {
            server.start();
            createWebAppContext.getSessionHandler().setMaxInactiveInterval(getSessionTimeout());
            LOGGER.info("\n\nHazelcast Management Center successfully started at {}\n", z ? "https://localhost:" + this.tlsPort + this.contextPath : "http://localhost:" + this.port + this.contextPath);
            if (getInternalMode() == InternalMode.PROD) {
                server.join();
            }
        } catch (Exception e) {
            exit("Error while starting Hazelcast Management Center : " + e.getMessage(), 100);
        }
        return server;
    }

    private String healthCheckPathWithContextPath() {
        return this.contextPath.endsWith("/") ? this.contextPath.substring(0, this.contextPath.length() - 1) + HEALTH_CHECK_PATH : this.contextPath + HEALTH_CHECK_PATH;
    }

    private ServerConnector createHttpConnector(Server server) {
        ServerConnector serverConnector = new ServerConnector(server, new ConnectionFactory[]{createHttpConnectionFactory(true)});
        serverConnector.setIdleTimeout(CONNECTION_IDLE_TIMEOUT_MILLIS);
        serverConnector.setPort(this.port);
        serverConnector.setName("WebApp");
        return serverConnector;
    }

    private ServerConnector createHealthCheckHttpConnector(Server server) {
        ServerConnector serverConnector = new ServerConnector(server, new ConnectionFactory[]{createHttpConnectionFactory(false)});
        serverConnector.setIdleTimeout(CONNECTION_IDLE_TIMEOUT_MILLIS);
        serverConnector.setPort(this.healthCheckPort);
        serverConnector.setName("HealthCheck");
        return serverConnector;
    }

    private HttpConnectionFactory createHttpConnectionFactory(boolean z) {
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        if (SystemProperties.getBoolean(LauncherConfigOptions.FORWARDED_REQUESTS_ENABLED, true)) {
            httpConfiguration.addCustomizer(new ForwardedRequestCustomizer());
        }
        if (z) {
            httpConfiguration.setSecurePort(this.tlsPort);
        }
        return new HttpConnectionFactory(httpConfiguration);
    }

    private HandlerList createHandlerList(boolean z, WebAppContext webAppContext, ServletContextHandler servletContextHandler) {
        HandlerList handlerList = new HandlerList();
        if (servletContextHandler != null) {
            handlerList.addHandler(servletContextHandler);
        }
        if (z) {
            handlerList.addHandler(new SecuredRedirectHandler());
        }
        handlerList.addHandler(webAppContext);
        return handlerList;
    }

    private static int getSessionTimeout() {
        String property = SystemProperties.getProperty(LauncherConfigOptions.SESSION_TIMEOUT_SECONDS);
        if (property == null) {
            return DEFAULT_SESSION_TIMEOUT_SECONDS;
        }
        try {
            return Integer.parseInt(property);
        } catch (NumberFormatException e) {
            LOGGER.warn("Session timeout needs to be all digits. Using default value of 1800 (30 minutes).");
            return DEFAULT_SESSION_TIMEOUT_SECONDS;
        }
    }

    private WebAppContext createWebAppContext() {
        WebAppContext webAppContext = new WebAppContext();
        webAppContext.setContextPath(this.contextPath);
        webAppContext.getSessionHandler().setHttpOnly(true);
        webAppContext.setParentLoaderPriority(true);
        webAppContext.setExtractWAR(false);
        webAppContext.setCopyWebInf(true);
        webAppContext.setVirtualHosts(new String[]{"@WebApp", "@SecuredWebApp"});
        switch (getInternalMode()) {
            case DEV:
                webAppContext.setDescriptor("WEB-INF/web.xml");
                webAppContext.setResourceBase("src/main/webapp");
                break;
            case PROD:
            default:
                webAppContext.setWar(getJarLocation());
                break;
        }
        return webAppContext;
    }

    public static String getJarLocation() {
        return Launcher.class.getProtectionDomain().getCodeSource().getLocation().toExternalForm();
    }

    private ServletContextHandler createHealthCheckHandler() {
        ServletContextHandler servletContextHandler = new ServletContextHandler(0);
        servletContextHandler.setContextPath(this.contextPath);
        servletContextHandler.addServlet(HealthCheckServlet.class, HEALTH_CHECK_PATH);
        servletContextHandler.setVirtualHosts(new String[]{"@HealthCheck"});
        return servletContextHandler;
    }

    private ServerConnector createHttpsConnector(Server server) {
        SslContextFactory createSslContextFactory = createSslContextFactory(SystemProperties.getProperty(LauncherConfigOptions.TLS_KEYSTORE_PATH), SystemProperties.getProperty(LauncherConfigOptions.TLS_KEYSTORE_PASS), SystemProperties.getProperty(LauncherConfigOptions.TLS_KEY_MANAGER_ALGORTITHM, KeyManagerFactory.getDefaultAlgorithm()), SystemProperties.getProperty(LauncherConfigOptions.TLS_TRUSTSTORE_PATH), SystemProperties.getProperty(LauncherConfigOptions.TLS_TRUSTSTORE_PASS), SystemProperties.getProperty(LauncherConfigOptions.TLS_TRUST_MANAGER_ALGORTITHM, TrustManagerFactory.getDefaultAlgorithm()), SystemProperties.getProperty(LauncherConfigOptions.TLS_PROTOCOL, "TLS"), SystemProperties.getProperty(LauncherConfigOptions.TLS_MUTUAL_AUTH), getExcludedProtocols(), SystemProperties.getBoolean(LauncherConfigOptions.TLS_OPEN_SSL));
        String property = SystemProperties.getProperty(INCLUDE_CIPHER_SUITES);
        if (property != null) {
            createSslContextFactory.setIncludeCipherSuites(new String[]{property});
        }
        String property2 = SystemProperties.getProperty(EXCLUDE_CIPHER_SUITES);
        if (property2 != null) {
            createSslContextFactory.setExcludeCipherSuites(new String[]{property2});
        }
        ServerConnector serverConnector = new ServerConnector(server, createSslContextFactory);
        serverConnector.setPort(this.tlsPort);
        serverConnector.setIdleTimeout(CONNECTION_IDLE_TIMEOUT_MILLIS);
        serverConnector.setName("SecuredWebApp");
        return serverConnector;
    }

    private static String[] getExcludedProtocols() {
        String property = SystemProperties.getProperty(LauncherConfigOptions.TLS_EXCLUDE_PROTOCOLS);
        String[] strArr = null;
        if (property != null) {
            String[] split = property.split(",");
            strArr = new String[split.length];
            for (int i = 0; i < split.length; i++) {
                String trim = split[i].trim();
                if (!TLS_PROTOCOLS.contains(trim)) {
                    exit("Excluded protocol [" + trim + "] does not exist - no need to exclude it.", 100);
                }
                strArr[i] = trim;
            }
        }
        return strArr;
    }

    private static SslContextFactory createSslContextFactory(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String[] strArr, boolean z) {
        SslContextFactory.Server server = new SslContextFactory.Server();
        server.setKeyStorePath(str);
        server.setKeyStorePassword(str2);
        server.setKeyManagerFactoryAlgorithm(str3);
        if (str4 != null) {
            server.setTrustStorePath(str4);
        }
        if (str5 != null) {
            server.setTrustStorePassword(str5);
        }
        server.setTrustManagerFactoryAlgorithm(str6);
        server.setProtocol(str7);
        if (str8 != null) {
            if (str8.equals("REQUIRED")) {
                server.setNeedClientAuth(true);
            } else if (str8.equals("OPTIONAL")) {
                server.setWantClientAuth(true);
            }
        }
        if (strArr != null) {
            server.setExcludeProtocols(strArr);
        }
        if (z) {
            Security.addProvider(new OpenSSLProvider());
            server.setProvider("Conscrypt");
        }
        return server;
    }

    private static void askAndSetKeyStorePasswordIfNecessary() {
        if (System.getProperties().containsKey(LauncherConfigOptions.ASK_KEYSTORE_PASS)) {
            System.setProperty(PersistentLdapConfigFactory.KEYSTORE_PASS_SYSTEM_PROP, askKeyStorePassword());
        }
    }

    private static String askKeyStorePassword() {
        Console checkAndGetConsole = checkAndGetConsole();
        char[] cArr = new char[0];
        boolean z = false;
        while (!z) {
            cArr = checkAndGetConsole.readPassword("Enter the keyStore password: ", new Object[0]);
            z = Arrays.equals(cArr, checkAndGetConsole.readPassword("Confirm the keyStore password: ", new Object[0]));
            if (!z) {
                checkAndGetConsole.printf("Passwords do not match!%n", new Object[0]);
            } else if (cArr == null || cArr.length == 0) {
                checkAndGetConsole.printf("No password entered!%n", new Object[0]);
                z = false;
            }
        }
        return new String(cArr);
    }

    private static Console checkAndGetConsole() {
        Console console = System.console();
        if (console == null) {
            exit("Couldn't get Console instance", 0);
        }
        return console;
    }

    private static void exit(String str, int i) {
        if (i == 100) {
            LOGGER.error(str);
        } else {
            LOGGER.info(str);
        }
        System.exit(i);
    }

    private static InternalMode getInternalMode() {
        return InternalMode.from(SystemProperties.getProperty(MC_INTERNAL_MODE_KEY));
    }

    private static void disableVersionHeader(Server server) {
        for (Connector connector : server.getConnectors()) {
            for (HttpConnectionFactory httpConnectionFactory : connector.getConnectionFactories()) {
                if (httpConnectionFactory instanceof HttpConnectionFactory) {
                    httpConnectionFactory.getHttpConfiguration().setSendServerVersion(false);
                }
            }
        }
    }

    private static boolean isRunningOnCloudFoundry() {
        return System.getenv("VCAP_APPLICATION") != null;
    }

    private static String normalizeContextPath(String str) {
        return str.charAt(0) == '/' ? str : "/" + str;
    }
}
