package org.apache.hive.druid.org.apache.druid.server.initialization.jetty;

import com.google.inject.Binder;
import com.google.inject.Binding;
import com.google.inject.Inject;
import com.google.inject.Injector;
import com.google.inject.Key;
import com.google.inject.Provides;
import com.google.inject.Scopes;
import com.google.inject.Singleton;
import com.google.inject.multibindings.Multibinder;
import com.sun.jersey.api.core.DefaultResourceConfig;
import com.sun.jersey.api.core.ResourceConfig;
import com.sun.jersey.guice.JerseyServletModule;
import com.sun.jersey.guice.spi.container.servlet.GuiceContainer;
import com.sun.jersey.spi.container.servlet.WebConfig;
import java.security.KeyStore;
import java.security.cert.CRL;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.atomic.AtomicInteger;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import org.apache.hive.druid.com.fasterxml.jackson.databind.ObjectMapper;
import org.apache.hive.druid.com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider;
import org.apache.hive.druid.com.fasterxml.jackson.jaxrs.smile.JacksonSmileProvider;
import org.apache.hive.druid.com.google.common.base.Preconditions;
import org.apache.hive.druid.com.google.common.primitives.Ints;
import org.apache.hive.druid.org.apache.druid.guice.Jerseys;
import org.apache.hive.druid.org.apache.druid.guice.JsonConfigProvider;
import org.apache.hive.druid.org.apache.druid.guice.LazySingleton;
import org.apache.hive.druid.org.apache.druid.guice.annotations.JSR311Resource;
import org.apache.hive.druid.org.apache.druid.guice.annotations.Json;
import org.apache.hive.druid.org.apache.druid.guice.annotations.Self;
import org.apache.hive.druid.org.apache.druid.guice.annotations.Smile;
import org.apache.hive.druid.org.apache.druid.java.util.common.ISE;
import org.apache.hive.druid.org.apache.druid.java.util.common.RE;
import org.apache.hive.druid.org.apache.druid.java.util.common.lifecycle.Lifecycle;
import org.apache.hive.druid.org.apache.druid.java.util.common.logger.Logger;
import org.apache.hive.druid.org.apache.druid.java.util.emitter.service.ServiceEmitter;
import org.apache.hive.druid.org.apache.druid.java.util.emitter.service.ServiceMetricEvent;
import org.apache.hive.druid.org.apache.druid.java.util.metrics.AbstractMonitor;
import org.apache.hive.druid.org.apache.druid.java.util.metrics.MonitorUtils;
import org.apache.hive.druid.org.apache.druid.query.DruidProcessingConfig;
import org.apache.hive.druid.org.apache.druid.server.DruidNode;
import org.apache.hive.druid.org.apache.druid.server.StatusResource;
import org.apache.hive.druid.org.apache.druid.server.initialization.ServerConfig;
import org.apache.hive.druid.org.apache.druid.server.initialization.TLSServerConfig;
import org.apache.hive.druid.org.apache.druid.server.metrics.DataSourceTaskIdHolder;
import org.apache.hive.druid.org.apache.druid.server.metrics.MetricsModule;
import org.apache.hive.druid.org.apache.druid.server.metrics.MonitorsConfig;
import org.apache.hive.druid.org.apache.druid.server.security.CustomCheckX509TrustManager;
import org.apache.hive.druid.org.apache.druid.server.security.TLSCertificateChecker;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.ForwardedRequestCustomizer;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.util.component.LifeCycle;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.eclipse.jetty.util.thread.ScheduledExecutorScheduler;

/* loaded from: input_file:org/apache/hive/druid/org/apache/druid/server/initialization/jetty/JettyServerModule.class */
public class JettyServerModule extends JerseyServletModule {
    private static final Logger log = new Logger(JettyServerModule.class);
    private static final AtomicInteger ACTIVE_CONNECTIONS = new AtomicInteger();
    private static final String HTTP_1_1_STRING = "HTTP/1.1";

    /* loaded from: input_file:org/apache/hive/druid/org/apache/druid/server/initialization/jetty/JettyServerModule$DruidGuiceContainer.class */
    public static class DruidGuiceContainer extends GuiceContainer {
        private final Set<Class<?>> resources;

        @Inject
        public DruidGuiceContainer(Injector injector, @JSR311Resource Set<Class<?>> set) {
            super(injector);
            this.resources = set;
        }

        protected ResourceConfig getDefaultResourceConfig(Map<String, Object> map, WebConfig webConfig) {
            return new DefaultResourceConfig(this.resources);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hive/druid/org/apache/druid/server/initialization/jetty/JettyServerModule$IdentityCheckOverrideSslContextFactory.class */
    public static class IdentityCheckOverrideSslContextFactory extends SslContextFactory {
        private final TLSServerConfig tlsServerConfig;
        private final TLSCertificateChecker certificateChecker;

        public IdentityCheckOverrideSslContextFactory(TLSServerConfig tLSServerConfig, TLSCertificateChecker tLSCertificateChecker) {
            super(false);
            this.tlsServerConfig = tLSServerConfig;
            this.certificateChecker = tLSCertificateChecker;
        }

        protected TrustManager[] getTrustManagers(KeyStore keyStore, Collection<? extends CRL> collection) throws Exception {
            TrustManager[] trustManagers = super.getTrustManagers(keyStore, collection);
            TrustManager[] trustManagerArr = new TrustManager[trustManagers.length];
            for (int i = 0; i < trustManagers.length; i++) {
                if (trustManagers[i] instanceof X509ExtendedTrustManager) {
                    trustManagerArr[i] = new CustomCheckX509TrustManager((X509ExtendedTrustManager) trustManagers[i], this.certificateChecker, this.tlsServerConfig.isValidateHostnames());
                } else {
                    trustManagerArr[i] = trustManagers[i];
                    JettyServerModule.log.info("Encountered non-X509ExtendedTrustManager: " + trustManagers[i].getClass(), new Object[0]);
                }
            }
            return trustManagerArr;
        }
    }

    /* loaded from: input_file:org/apache/hive/druid/org/apache/druid/server/initialization/jetty/JettyServerModule$JettyMonitor.class */
    public static class JettyMonitor extends AbstractMonitor {
        private final Map<String, String[]> dimensions;

        public JettyMonitor(String str, String str2) {
            this.dimensions = MonitorsConfig.mapOfDatasourceAndTaskID(str, str2);
        }

        @Override // org.apache.hive.druid.org.apache.druid.java.util.metrics.AbstractMonitor
        public boolean doMonitor(ServiceEmitter serviceEmitter) {
            ServiceMetricEvent.Builder builder = new ServiceMetricEvent.Builder();
            MonitorUtils.addDimensionsToBuilder(builder, this.dimensions);
            serviceEmitter.emit(builder.build("jetty/numOpenConnections", Integer.valueOf(JettyServerModule.ACTIVE_CONNECTIONS.get())));
            return true;
        }
    }

    protected void configureServlets() {
        Binder binder = binder();
        JsonConfigProvider.bind(binder, "druid.server.http", ServerConfig.class);
        JsonConfigProvider.bind(binder, "druid.server.https", TLSServerConfig.class);
        binder.bind(GuiceContainer.class).to(DruidGuiceContainer.class);
        binder.bind(DruidGuiceContainer.class).in(Scopes.SINGLETON);
        binder.bind(CustomExceptionMapper.class).in(Singleton.class);
        binder.bind(ForbiddenExceptionMapper.class).in(Singleton.class);
        binder.bind(BadRequestExceptionMapper.class).in(Singleton.class);
        serve("/*", new String[0]).with(DruidGuiceContainer.class);
        Jerseys.addResource(binder, StatusResource.class);
        binder.bind(StatusResource.class).in(LazySingleton.class);
        Multibinder.newSetBinder(binder, Handler.class);
        Multibinder.newSetBinder(binder, ServletFilterHolder.class);
        MetricsModule.register(binder, JettyMonitor.class);
    }

    @LazySingleton
    @Provides
    public Server getServer(Injector injector, Lifecycle lifecycle, @Self DruidNode druidNode, ServerConfig serverConfig, TLSServerConfig tLSServerConfig) {
        return makeAndInitializeServer(injector, lifecycle, druidNode, serverConfig, tLSServerConfig, injector.getExistingBinding(Key.get(SslContextFactory.class)), (TLSCertificateChecker) injector.getInstance(TLSCertificateChecker.class));
    }

    @Singleton
    @Provides
    public JacksonJsonProvider getJacksonJsonProvider(@Json ObjectMapper objectMapper) {
        JacksonJsonProvider jacksonJsonProvider = new JacksonJsonProvider();
        jacksonJsonProvider.setMapper(objectMapper);
        return jacksonJsonProvider;
    }

    @Singleton
    @Provides
    public JacksonSmileProvider getJacksonSmileProvider(@Smile ObjectMapper objectMapper) {
        JacksonSmileProvider jacksonSmileProvider = new JacksonSmileProvider();
        jacksonSmileProvider.setMapper(objectMapper);
        return jacksonSmileProvider;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Server makeAndInitializeServer(Injector injector, Lifecycle lifecycle, final DruidNode druidNode, final ServerConfig serverConfig, final TLSServerConfig tLSServerConfig, Binding<SslContextFactory> binding, TLSCertificateChecker tLSCertificateChecker) {
        QueuedThreadPool queuedThreadPool;
        SslContextFactory sslContextFactory;
        int numThreads = serverConfig.getNumThreads() + getMaxJettyAcceptorsSelectorsNum(druidNode);
        if (serverConfig.getQueueSize() == Integer.MAX_VALUE) {
            queuedThreadPool = new QueuedThreadPool();
            queuedThreadPool.setMinThreads(numThreads);
            queuedThreadPool.setMaxThreads(numThreads);
        } else {
            queuedThreadPool = new QueuedThreadPool(numThreads, numThreads, DruidProcessingConfig.DEFAULT_MERGE_POOL_AWAIT_SHUTDOWN_MILLIS, new LinkedBlockingQueue(serverConfig.getQueueSize()));
        }
        queuedThreadPool.setDaemon(true);
        final Server server = new Server(queuedThreadPool);
        server.addBean(new ScheduledExecutorScheduler("JettyScheduler", true), true);
        ArrayList<ServerConnector> arrayList = new ArrayList();
        if (druidNode.isEnablePlaintextPort()) {
            log.info("Creating http connector with port [%d]", Integer.valueOf(druidNode.getPlaintextPort()));
            HttpConfiguration httpConfiguration = new HttpConfiguration();
            if (serverConfig.isEnableForwardedRequestCustomizer()) {
                httpConfiguration.addCustomizer(new ForwardedRequestCustomizer());
            }
            httpConfiguration.setRequestHeaderSize(serverConfig.getMaxRequestHeaderSize());
            ServerConnector serverConnector = new ServerConnector(server, new ConnectionFactory[]{new HttpConnectionFactory(httpConfiguration)});
            if (druidNode.isBindOnHost()) {
                serverConnector.setHost(druidNode.getHost());
            }
            serverConnector.setPort(druidNode.getPlaintextPort());
            arrayList.add(serverConnector);
        }
        if (druidNode.isEnableTlsPort()) {
            log.info("Creating https connector with port [%d]", Integer.valueOf(druidNode.getTlsPort()));
            if (binding == null) {
                sslContextFactory = new IdentityCheckOverrideSslContextFactory(tLSServerConfig, tLSCertificateChecker);
                sslContextFactory.setKeyStorePath(tLSServerConfig.getKeyStorePath());
                sslContextFactory.setKeyStoreType(tLSServerConfig.getKeyStoreType());
                sslContextFactory.setKeyStorePassword(tLSServerConfig.getKeyStorePasswordProvider().getPassword());
                sslContextFactory.setCertAlias(tLSServerConfig.getCertAlias());
                sslContextFactory.setKeyManagerFactoryAlgorithm(tLSServerConfig.getKeyManagerFactoryAlgorithm() == null ? KeyManagerFactory.getDefaultAlgorithm() : tLSServerConfig.getKeyManagerFactoryAlgorithm());
                sslContextFactory.setKeyManagerPassword(tLSServerConfig.getKeyManagerPasswordProvider() == null ? null : tLSServerConfig.getKeyManagerPasswordProvider().getPassword());
                if (tLSServerConfig.getIncludeCipherSuites() != null) {
                    sslContextFactory.setIncludeCipherSuites((String[]) tLSServerConfig.getIncludeCipherSuites().toArray(new String[0]));
                }
                if (tLSServerConfig.getExcludeCipherSuites() != null) {
                    sslContextFactory.setExcludeCipherSuites((String[]) tLSServerConfig.getExcludeCipherSuites().toArray(new String[0]));
                }
                if (tLSServerConfig.getIncludeProtocols() != null) {
                    sslContextFactory.setIncludeProtocols((String[]) tLSServerConfig.getIncludeProtocols().toArray(new String[0]));
                }
                if (tLSServerConfig.getExcludeProtocols() != null) {
                    sslContextFactory.setExcludeProtocols((String[]) tLSServerConfig.getExcludeProtocols().toArray(new String[0]));
                }
                sslContextFactory.setNeedClientAuth(tLSServerConfig.isRequireClientCertificate());
                sslContextFactory.setWantClientAuth(tLSServerConfig.isRequestClientCertificate());
                if (tLSServerConfig.isRequireClientCertificate() || tLSServerConfig.isRequestClientCertificate()) {
                    if (tLSServerConfig.getCrlPath() != null) {
                        sslContextFactory.setValidatePeerCerts(true);
                        sslContextFactory.setCrlPath(tLSServerConfig.getCrlPath());
                    }
                    if (tLSServerConfig.isValidateHostnames()) {
                        sslContextFactory.setEndpointIdentificationAlgorithm("HTTPS");
                    }
                    if (tLSServerConfig.getTrustStorePath() != null) {
                        sslContextFactory.setTrustStorePath(tLSServerConfig.getTrustStorePath());
                        sslContextFactory.setTrustStoreType(tLSServerConfig.getTrustStoreType() == null ? KeyStore.getDefaultType() : tLSServerConfig.getTrustStoreType());
                        sslContextFactory.setTrustManagerFactoryAlgorithm(tLSServerConfig.getTrustStoreAlgorithm() == null ? TrustManagerFactory.getDefaultAlgorithm() : tLSServerConfig.getTrustStoreAlgorithm());
                        sslContextFactory.setTrustStorePassword(tLSServerConfig.getTrustStorePasswordProvider() == null ? null : tLSServerConfig.getTrustStorePasswordProvider().getPassword());
                    }
                }
            } else {
                sslContextFactory = (SslContextFactory) binding.getProvider().get();
            }
            HttpConfiguration httpConfiguration2 = new HttpConfiguration();
            if (serverConfig.isEnableForwardedRequestCustomizer()) {
                httpConfiguration2.addCustomizer(new ForwardedRequestCustomizer());
            }
            httpConfiguration2.setSecureScheme("https");
            httpConfiguration2.setSecurePort(druidNode.getTlsPort());
            httpConfiguration2.addCustomizer(new SecureRequestCustomizer());
            httpConfiguration2.setRequestHeaderSize(serverConfig.getMaxRequestHeaderSize());
            ServerConnector serverConnector2 = new ServerConnector(server, new ConnectionFactory[]{new SslConnectionFactory(sslContextFactory, HTTP_1_1_STRING), new HttpConnectionFactory(httpConfiguration2)});
            if (druidNode.isBindOnHost()) {
                serverConnector2.setHost(druidNode.getHost());
            }
            serverConnector2.setPort(druidNode.getTlsPort());
            arrayList.add(serverConnector2);
        } else {
            sslContextFactory = null;
        }
        ServerConnector[] serverConnectorArr = new ServerConnector[arrayList.size()];
        int i = 0;
        for (ServerConnector serverConnector3 : arrayList) {
            int i2 = i;
            i++;
            serverConnectorArr[i2] = serverConnector3;
            serverConnector3.setIdleTimeout(Ints.checkedCast(serverConfig.getMaxIdleTime().toStandardDuration().getMillis()));
            serverConnector3.setAcceptorPriorityDelta(-1);
            ArrayList arrayList2 = new ArrayList();
            Iterator it2 = serverConnector3.getConnectionFactories().iterator();
            while (it2.hasNext()) {
                arrayList2.add(new JettyMonitoringConnectionFactory((ConnectionFactory) it2.next(), ACTIVE_CONNECTIONS));
            }
            serverConnector3.setConnectionFactories(arrayList2);
        }
        server.setConnectors(serverConnectorArr);
        long millis = serverConfig.getGracefulShutdownTimeout().toStandardDuration().getMillis();
        if (millis > 0) {
            server.setStopTimeout(millis);
        }
        server.addLifeCycleListener(new LifeCycle.Listener() { // from class: org.apache.hive.druid.org.apache.druid.server.initialization.jetty.JettyServerModule.1
            public void lifeCycleStarting(LifeCycle lifeCycle) {
                JettyServerModule.log.debug("Jetty lifecycle starting [%s]", lifeCycle.getClass());
            }

            public void lifeCycleStarted(LifeCycle lifeCycle) {
                JettyServerModule.log.debug("Jetty lifeycle started [%s]", lifeCycle.getClass());
            }

            public void lifeCycleFailure(LifeCycle lifeCycle, Throwable th) {
                JettyServerModule.log.error(th, "Jetty lifecycle event failed [%s]", lifeCycle.getClass());
            }

            public void lifeCycleStopping(LifeCycle lifeCycle) {
                JettyServerModule.log.debug("Jetty lifecycle stopping [%s]", lifeCycle.getClass());
            }

            public void lifeCycleStopped(LifeCycle lifeCycle) {
                JettyServerModule.log.debug("Jetty lifecycle stopped [%s]", lifeCycle.getClass());
            }
        });
        try {
            ((JettyServerInitializer) injector.getInstance(JettyServerInitializer.class)).initialize(server, injector);
            final SslContextFactory sslContextFactory2 = sslContextFactory;
            lifecycle.addHandler(new Lifecycle.Handler() { // from class: org.apache.hive.druid.org.apache.druid.server.initialization.jetty.JettyServerModule.2
                @Override // org.apache.hive.druid.org.apache.druid.java.util.common.lifecycle.Lifecycle.Handler
                public void start() throws Exception {
                    JettyServerModule.log.debug("Starting Jetty Server...", new Object[0]);
                    server.start();
                    if (druidNode.isEnableTlsPort()) {
                        Preconditions.checkNotNull(sslContextFactory2);
                        SSLEngine newSSLEngine = sslContextFactory2.newSSLEngine();
                        if (newSSLEngine.getEnabledCipherSuites() == null || newSSLEngine.getEnabledCipherSuites().length == 0) {
                            throw new ISE("No supported cipher suites found, supported suites [%s], configured suites include list: [%s] exclude list: [%s]", Arrays.toString(newSSLEngine.getSupportedCipherSuites()), tLSServerConfig.getIncludeCipherSuites(), tLSServerConfig.getExcludeCipherSuites());
                        }
                        if (newSSLEngine.getEnabledProtocols() == null || newSSLEngine.getEnabledProtocols().length == 0) {
                            throw new ISE("No supported protocols found, supported protocols [%s], configured protocols include list: [%s] exclude list: [%s]", Arrays.toString(newSSLEngine.getSupportedProtocols()), tLSServerConfig.getIncludeProtocols(), tLSServerConfig.getExcludeProtocols());
                        }
                    }
                }

                @Override // org.apache.hive.druid.org.apache.druid.java.util.common.lifecycle.Lifecycle.Handler
                public void stop() {
                    try {
                        long millis2 = serverConfig.getUnannouncePropagationDelay().toStandardDuration().getMillis();
                        if (millis2 > 0) {
                            JettyServerModule.log.info("Sleeping %s ms for unannouncement to propagate.", Long.valueOf(millis2));
                            Thread.sleep(millis2);
                        } else {
                            JettyServerModule.log.debug("Skipping unannounce wait.", new Object[0]);
                        }
                        JettyServerModule.log.debug("Stopping Jetty Server...", new Object[0]);
                        server.stop();
                    } catch (InterruptedException e) {
                        Thread.currentThread().interrupt();
                        throw new RE(e, "Interrupted waiting for jetty shutdown.", new Object[0]);
                    } catch (Exception e2) {
                        JettyServerModule.log.warn(e2, "Unable to stop Jetty server.", new Object[0]);
                    }
                }
            }, Lifecycle.Stage.SERVER);
            return server;
        } catch (Exception e) {
            throw new RE(e, "server initialization exception", new Object[0]);
        }
    }

    private static int getMaxJettyAcceptorsSelectorsNum(DruidNode druidNode) {
        return ((druidNode.isEnablePlaintextPort() ? 1 : 0) + (druidNode.isEnableTlsPort() ? 1 : 0)) * 8;
    }

    @Singleton
    @Provides
    public JettyMonitor getJettyMonitor(DataSourceTaskIdHolder dataSourceTaskIdHolder) {
        return new JettyMonitor(dataSourceTaskIdHolder.getDataSource(), dataSourceTaskIdHolder.getTaskId());
    }
}
