package lsfusion.server.physics.dev.integration.external.from.http;

import com.sun.net.httpserver.Headers;
import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpHandler;
import com.sun.net.httpserver.HttpServer;
import com.sun.net.httpserver.HttpsConfigurator;
import com.sun.net.httpserver.HttpsServer;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.URI;
import java.nio.charset.Charset;
import java.rmi.RemoteException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import lsfusion.base.BaseUtils;
import lsfusion.base.DaemonThreadFactory;
import lsfusion.base.Result;
import lsfusion.base.file.FileData;
import lsfusion.interop.connection.AuthenticationToken;
import lsfusion.interop.connection.ComputerInfo;
import lsfusion.interop.connection.ConnectionInfo;
import lsfusion.interop.connection.UserInfo;
import lsfusion.interop.connection.authentication.PasswordAuthentication;
import lsfusion.interop.session.ExternalUtils;
import lsfusion.server.base.controller.lifecycle.LifecycleEvent;
import lsfusion.server.base.controller.lifecycle.LifecycleListener;
import lsfusion.server.base.controller.manager.MonitorServer;
import lsfusion.server.base.controller.remote.RmiManager;
import lsfusion.server.base.controller.thread.ThreadLocalContext;
import lsfusion.server.data.sql.exception.SQLHandledException;
import lsfusion.server.data.value.ObjectValue;
import lsfusion.server.logics.LogicsInstance;
import lsfusion.server.logics.action.session.DataSession;
import lsfusion.server.logics.controller.remote.RemoteLogics;
import lsfusion.server.physics.admin.Settings;
import lsfusion.server.physics.admin.log.ServerLoggers;
import lsfusion.server.physics.admin.service.ServiceLogicsModule;
import org.apache.batik.constants.XMLConstants;
import org.apache.commons.lang.StringUtils;
import org.apache.hc.core5.http.ContentType;
import org.apache.hc.core5.http.HttpEntity;
import org.apache.hc.core5.net.URLEncodedUtils;
import org.asynchttpclient.uri.Uri;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;

/* loaded from: input_file:lsfusion/server/physics/dev/integration/external/from/http/ExternalHttpServer.class */
public class ExternalHttpServer extends MonitorServer {
    private LogicsInstance logicsInstance;
    private RemoteLogics remoteLogics;
    private final Map<InetSocketAddress, String> hostMap;
    private boolean useHTTPS;
    private char[] keyPassword;
    private final char[] defaultKeystorePassword;
    private final char[] defaultKeyPassword;
    private static final String SECURITY_ALGORITHM = "SunX509";
    public static final String HOSTNAME_COOKIE_NAME = "LSFUSION_HOSTNAME";
    private static final int COOKIE_VERSION = ExternalUtils.DEFAULT_COOKIE_VERSION;
    private final ExternalUtils.SessionContainer sessionContainer;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:lsfusion/server/physics/dev/integration/external/from/http/ExternalHttpServer$ExternalServerException.class */
    public static class ExternalServerException extends Exception {
        public ExternalServerException(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:lsfusion/server/physics/dev/integration/external/from/http/ExternalHttpServer$HttpRequestHandler.class */
    public class HttpRequestHandler implements HttpHandler {
        public HttpRequestHandler() {
        }

        /* JADX WARN: Finally extract failed */
        /* JADX WARN: Multi-variable type inference failed */
        public void handle(HttpExchange httpExchange) {
            ThreadLocalContext.aspectBeforeMonitorHTTP(ExternalHttpServer.this);
            try {
                Headers requestHeaders = httpExchange.getRequestHeaders();
                int i = 0;
                String[] strArr = new String[requestHeaders.size()];
                String[] strArr2 = new String[requestHeaders.size()];
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList();
                String str = null;
                String str2 = null;
                Integer num = null;
                for (Map.Entry entry : requestHeaders.entrySet()) {
                    String str3 = (String) entry.getKey();
                    List list = (List) entry.getValue();
                    strArr[i] = str3;
                    int i2 = i;
                    i++;
                    strArr2[i2] = StringUtils.join(list.iterator(), ",");
                    if (str3.equals("Cookie")) {
                        Iterator it = list.iterator();
                        while (it.hasNext()) {
                            for (String str4 : ((String) it.next()).split(";")) {
                                String[] split = str4.split(XMLConstants.XML_EQUAL_SIGN);
                                if (split.length == 2) {
                                    String str5 = split[0];
                                    String decodeCookie = ExternalUtils.decodeCookie(split[1], 0);
                                    arrayList.add(str5);
                                    arrayList2.add(decodeCookie);
                                    if (str5.equals(ExternalHttpServer.HOSTNAME_COOKIE_NAME)) {
                                        str = decodeCookie;
                                    }
                                }
                            }
                        }
                    }
                    if (str3.equals("Host") && !list.isEmpty()) {
                        String[] split2 = ((String) list.get(0)).split(":");
                        str2 = split2[0];
                        if (split2.length > 1) {
                            num = Integer.valueOf(Integer.parseInt(split2[1]));
                        }
                    }
                }
                String[] strArr3 = (String[]) arrayList.toArray(new String[0]);
                String[] strArr4 = (String[]) arrayList2.toArray(new String[0]);
                InetSocketAddress remoteAddress = httpExchange.getRemoteAddress();
                InetAddress address = remoteAddress.getAddress();
                ConnectionInfo connectionInfo = new ConnectionInfo(new ComputerInfo(str != null ? str : getHostName(remoteAddress), address != null ? address.getHostAddress() : null), UserInfo.NULL);
                ContentType parseContentType = ExternalUtils.parseContentType(getContentType(httpExchange));
                URI requestURI = httpExchange.getRequestURI();
                String rawQuery = requestURI.getRawQuery();
                String str6 = null;
                if (rawQuery != null && rawQuery.contains("session")) {
                    str6 = ExternalUtils.getParameterValue(URLEncodedUtils.parse(rawQuery, ExternalUtils.defaultUrlCharset), "session");
                }
                Result result = str6 != null ? new Result(str6) : null;
                Result result2 = new Result(false);
                try {
                    try {
                        sendResponse(httpExchange, ExternalUtils.processRequest(ExternalUtils.getExecInterface(ExternalHttpServer.this.remoteLogics, result, result2, ExternalHttpServer.this.sessionContainer, getAuthToken(httpExchange), connectionInfo), externalRequest -> {
                            return obj -> {
                                return ExternalHttpServer.this.getLogicsInstance().getRmiManager().convertFileValue(externalRequest, obj);
                            };
                        }, httpExchange.getRequestBody(), parseContentType, strArr, strArr2, strArr3, strArr4, null, null, null, ExternalHttpServer.this.useHTTPS ? Uri.HTTPS : "http", httpExchange.getRequestMethod(), str2, num, "", requestURI.getPath(), "", rawQuery, null));
                        if (result != null && ((Boolean) result2.result).booleanValue()) {
                            ExternalHttpServer.this.sessionContainer.removeSession((String) result.result);
                        }
                    } catch (RemoteException e) {
                        result2.set(true);
                        throw e;
                    }
                } catch (Throwable th) {
                    if (result != null && ((Boolean) result2.result).booleanValue()) {
                        ExternalHttpServer.this.sessionContainer.removeSession((String) result.result);
                    }
                    throw th;
                }
            } catch (Exception e2) {
                ServerLoggers.systemLogger.error("ExternalHttpServer error: ", e2);
                try {
                    sendErrorResponse(httpExchange, e2.getMessage());
                } catch (Exception unused) {
                }
            } finally {
                ThreadLocalContext.aspectAfterMonitorHTTP(ExternalHttpServer.this);
                httpExchange.close();
            }
        }

        private AuthenticationToken getAuthToken(HttpExchange httpExchange) throws RemoteException {
            AuthenticationToken authenticationToken = AuthenticationToken.ANONYMOUS;
            List list = httpExchange.getRequestHeaders().get("Authorization");
            String str = (list == null || list.isEmpty()) ? null : (String) list.get(0);
            if (str != null) {
                if (str.toLowerCase().startsWith("bearer ")) {
                    authenticationToken = new AuthenticationToken(str.substring(7));
                } else if (str.toLowerCase().startsWith("basic ")) {
                    String[] split = BaseUtils.toHashString(Base64.getDecoder().decode(str.substring(6))).split(":", 2);
                    if (split.length == 2) {
                        authenticationToken = ExternalHttpServer.this.remoteLogics.authenticateUser(new PasswordAuthentication(split[0], split[1]));
                    }
                }
            }
            return authenticationToken;
        }

        private String getHostName(InetSocketAddress inetSocketAddress) throws ExecutionException, InterruptedException {
            String str = (String) ExternalHttpServer.this.hostMap.get(inetSocketAddress);
            if (str == null) {
                ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
                inetSocketAddress.getClass();
                Future submit = newSingleThreadExecutor.submit(inetSocketAddress::getHostName);
                try {
                    str = (String) submit.get(100L, TimeUnit.MILLISECONDS);
                } catch (TimeoutException unused) {
                    submit.cancel(true);
                    str = "remote";
                }
                ExternalHttpServer.this.hostMap.put(inetSocketAddress, str);
            }
            return str;
        }

        private String getContentType(HttpExchange httpExchange) {
            String str = null;
            List list = httpExchange.getRequestHeaders().get("Content-Type");
            if (list != null && !list.isEmpty()) {
                str = (String) list.get(0);
            }
            return str;
        }

        private String[] getRequestHeaderValues(Headers headers, String[] strArr) {
            String[] strArr2 = new String[strArr.length];
            for (int i = 0; i < strArr.length; i++) {
                strArr2[i] = StringUtils.join(headers.get(strArr[i]).iterator(), ",");
            }
            return strArr2;
        }

        private void sendErrorResponse(HttpExchange httpExchange, String str) throws IOException {
            Charset charset = ExternalUtils.defaultBodyCharset;
            httpExchange.getResponseHeaders().add("Content-Type", "text/html; charset=" + charset.name());
            httpExchange.getResponseHeaders().add("Access-Control-Allow-Origin", "*");
            byte[] bytes = str.getBytes(charset);
            httpExchange.sendResponseHeaders(500, bytes.length);
            OutputStream responseBody = httpExchange.getResponseBody();
            responseBody.write(bytes);
            responseBody.close();
        }

        private void sendResponse(HttpExchange httpExchange, ExternalUtils.ExternalResponse externalResponse) throws IOException {
            if (!(externalResponse instanceof ExternalUtils.ResultExternalResponse)) {
                throw new UnsupportedOperationException();
            }
            sendResponse(httpExchange, (ExternalUtils.ResultExternalResponse) externalResponse);
        }

        private void sendResponse(HttpExchange httpExchange, ExternalUtils.ResultExternalResponse resultExternalResponse) throws IOException {
            HttpEntity httpEntity = resultExternalResponse.response;
            String contentType = httpEntity.getContentType();
            String str = resultExternalResponse.contentDisposition;
            String[] strArr = resultExternalResponse.headerNames;
            String[] strArr2 = resultExternalResponse.headerValues;
            String[] strArr3 = resultExternalResponse.cookieNames;
            String[] strArr4 = resultExternalResponse.cookieValues;
            int i = resultExternalResponse.statusHttp;
            boolean z = false;
            boolean z2 = false;
            if (strArr != null) {
                for (int i2 = 0; i2 < strArr.length; i2++) {
                    String str2 = strArr[i2];
                    if (str2.equals("Content-Type")) {
                        z = true;
                        httpExchange.getResponseHeaders().add("Content-Type", strArr2[i2]);
                    } else {
                        httpExchange.getResponseHeaders().add(str2, strArr2[i2]);
                    }
                    z2 = z2 || str2.equals("Content-Disposition");
                }
            }
            if (strArr3 != null) {
                String str3 = "";
                for (int i3 = 0; i3 < strArr3.length; i3++) {
                    str3 = String.valueOf(str3) + (str3.isEmpty() ? "" : ";") + strArr3[i3] + XMLConstants.XML_EQUAL_SIGN + ExternalUtils.encodeCookie(strArr4[i3], ExternalHttpServer.COOKIE_VERSION);
                }
                httpExchange.getResponseHeaders().add("Cookie", str3);
            }
            if (contentType != null && !z) {
                httpExchange.getResponseHeaders().add("Content-Type", contentType);
            }
            if (str != null && !z2) {
                httpExchange.getResponseHeaders().add("Content-Disposition", str);
            }
            httpExchange.getResponseHeaders().add("Access-Control-Allow-Origin", "*");
            httpExchange.sendResponseHeaders(i, httpEntity.getContentLength());
            httpEntity.writeTo(httpExchange.getResponseBody());
        }
    }

    @Override // lsfusion.server.base.controller.manager.EventServer
    public String getEventName() {
        return "external-http-server";
    }

    @Override // lsfusion.server.base.controller.manager.EventServer
    public LogicsInstance getLogicsInstance() {
        return this.logicsInstance;
    }

    @Override // lsfusion.server.base.controller.lifecycle.LifecycleAdapter
    protected void onStarted(LifecycleEvent lifecycleEvent) {
        RmiManager rmiManager = getLogicsInstance().getRmiManager();
        this.useHTTPS = rmiManager.isHttps();
        ServerLoggers.systemLogger.info("Binding External" + (this.useHTTPS ? "HTTPS" : "HTTP") + "Server");
        HttpServer httpServer = null;
        try {
            httpServer = initServer(this.useHTTPS, new InetSocketAddress(rmiManager.getHttpPort()));
            httpServer.createContext("/", new HttpRequestHandler());
            httpServer.setExecutor(Executors.newFixedThreadPool(Settings.get().getExternalHttpServerThreadCount(), new DaemonThreadFactory("externalHttpServer-daemon")));
            httpServer.start();
        } catch (ExternalServerException e) {
            ServerLoggers.systemLogger.error("External server has not been started. " + e.getMessage());
        } catch (Exception e2) {
            if (httpServer != null) {
                httpServer.stop(0);
            }
            e2.printStackTrace();
        }
    }

    protected HttpServer initServer(boolean z, InetSocketAddress inetSocketAddress) throws IOException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException, CertificateException, ExternalServerException {
        HttpsServer create;
        if (z) {
            KeyStore keyStore = getKeyStore();
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(SECURITY_ALGORITHM);
            keyManagerFactory.init(keyStore, this.keyPassword != null ? this.keyPassword : this.defaultKeyPassword);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(SECURITY_ALGORITHM);
            trustManagerFactory.init(keyStore);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
            HttpsServer create2 = HttpsServer.create(inetSocketAddress, 0);
            create2.setHttpsConfigurator(new HttpsConfigurator(sSLContext));
            create = create2;
        } else {
            create = HttpServer.create(inetSocketAddress, 0);
        }
        return create;
    }

    /* JADX WARN: Finally extract failed */
    private KeyStore getKeyStore() throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException, ExternalServerException {
        Throwable th;
        PEMKeyPair decryptKeyPair;
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        ServiceLogicsModule serviceLogicsModule = getLogicsInstance().getBusinessLogics().serviceLM;
        KeyStore keyStore = KeyStore.getInstance("JKS");
        Throwable th2 = null;
        try {
            try {
                DataSession createSession = createSession();
                try {
                    if (((Boolean) serviceLogicsModule.useKeystore.read(createSession, new ObjectValue[0])) != null) {
                        this.keyPassword = getPassword(serviceLogicsModule.keyPassword.read(createSession, new ObjectValue[0]));
                        char[] password = getPassword(serviceLogicsModule.keystorePassword.read(createSession, new ObjectValue[0]));
                        FileData fileData = (FileData) serviceLogicsModule.keystore.read(createSession, new ObjectValue[0]);
                        if (fileData == null) {
                            throw new ExternalServerException("Using external HTTPS server requires .jks file be loaded");
                        }
                        keyStore.load(fileData.getRawFile().getInputStream(), password);
                    } else {
                        FileData fileData2 = (FileData) serviceLogicsModule.privateKey.read(createSession, new ObjectValue[0]);
                        if (fileData2 == null) {
                            throw new ExternalServerException("Using external HTTPS server requires the privateKey-file be loaded");
                        }
                        th2 = null;
                        try {
                            PEMParser pEMParser = new PEMParser(new InputStreamReader(fileData2.getRawFile().getInputStream(), ExternalUtils.hashCharset));
                            try {
                                Object readObject = pEMParser.readObject();
                                if (readObject instanceof PEMKeyPair) {
                                    decryptKeyPair = (PEMKeyPair) readObject;
                                } else {
                                    if (!(readObject instanceof PEMEncryptedKeyPair)) {
                                        throw new ExternalServerException("Invalid PEM file");
                                    }
                                    String str = (String) serviceLogicsModule.privateKeyPassword.read(createSession, new ObjectValue[0]);
                                    if (str == null) {
                                        throw new ExternalServerException("PEMEncryptedKeyPair requires privateKeyPassword to be non-null");
                                    }
                                    decryptKeyPair = ((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(str.toCharArray()));
                                }
                                PrivateKey privateKey = new JcaPEMKeyConverter().getKeyPair(decryptKeyPair).getPrivate();
                                if (pEMParser != null) {
                                    pEMParser.close();
                                }
                                FileData fileData3 = (FileData) serviceLogicsModule.chain.read(createSession, new ObjectValue[0]);
                                if (fileData3 == null) {
                                    throw new ExternalServerException("Using external HTTPS server requires that the certificateChain-file be loaded");
                                }
                                X509Certificate[] x509CertificateArr = (X509Certificate[]) CertificateFactory.getInstance("X.509").generateCertificates(fileData3.getRawFile().getInputStream()).toArray(new X509Certificate[0]);
                                keyStore.load(null, this.defaultKeystorePassword);
                                keyStore.setKeyEntry("lsf", privateKey, this.defaultKeyPassword, x509CertificateArr);
                            } catch (Throwable th3) {
                                if (pEMParser != null) {
                                    pEMParser.close();
                                }
                                throw th3;
                            }
                        } finally {
                        }
                    }
                    if (createSession != null) {
                        createSession.close();
                    }
                    return keyStore;
                } catch (Throwable th4) {
                    if (createSession != null) {
                        createSession.close();
                    }
                    throw th4;
                }
            } finally {
            }
        } catch (SQLException | SQLHandledException e) {
            throw new RuntimeException(e);
        }
    }

    private char[] getPassword(Object obj) {
        return obj != null ? ((String) obj).toCharArray() : new char[0];
    }

    public ExternalHttpServer() {
        super(LifecycleListener.DAEMON_ORDER);
        this.hostMap = new HashMap();
        this.useHTTPS = false;
        this.keyPassword = null;
        this.defaultKeystorePassword = getPassword(null);
        this.defaultKeyPassword = getPassword(null);
        this.sessionContainer = new ExternalUtils.SessionContainer();
    }

    public void setLogicsInstance(LogicsInstance logicsInstance) {
        this.logicsInstance = logicsInstance;
    }

    public void setRemoteLogics(RemoteLogics remoteLogics) {
        this.remoteLogics = remoteLogics;
    }
}
