package org.opends.server.core;

import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import org.forgerock.http.Filter;
import org.forgerock.http.Handler;
import org.forgerock.http.HttpApplication;
import org.forgerock.http.HttpApplicationException;
import org.forgerock.http.handler.Handlers;
import org.forgerock.http.protocol.Request;
import org.forgerock.http.protocol.Response;
import org.forgerock.http.protocol.Status;
import org.forgerock.http.routing.RouteMatchers;
import org.forgerock.http.routing.Router;
import org.forgerock.http.routing.RoutingMode;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.config.Configuration;
import org.forgerock.opendj.config.server.ConfigChangeResult;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.config.server.ConfigurationAddListener;
import org.forgerock.opendj.config.server.ConfigurationChangeListener;
import org.forgerock.opendj.config.server.ConfigurationDeleteListener;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.rest2ldap.authz.Authorization;
import org.forgerock.opendj.rest2ldap.authz.ConditionalFilters;
import org.forgerock.opendj.server.config.meta.HTTPEndpointCfgDefn;
import org.forgerock.opendj.server.config.server.HTTPAuthorizationMechanismCfg;
import org.forgerock.opendj.server.config.server.HTTPEndpointCfg;
import org.forgerock.opendj.server.config.server.RootCfg;
import org.forgerock.services.context.Context;
import org.forgerock.services.routing.RouteMatcher;
import org.forgerock.util.Pair;
import org.forgerock.util.Reject;
import org.forgerock.util.promise.NeverThrowsException;
import org.forgerock.util.promise.Promise;
import org.opends.messages.ConfigMessages;
import org.opends.server.api.HttpEndpoint;
import org.opends.server.protocols.http.authz.HttpAuthorizationMechanism;
import org.opends.server.protocols.http.authz.HttpAuthorizationMechanismFactory;
import org.opends.server.types.InitializationException;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/core/HttpEndpointConfigManager.class */
public class HttpEndpointConfigManager implements ConfigurationChangeListener<HTTPEndpointCfg>, ConfigurationAddListener<HTTPEndpointCfg>, ConfigurationDeleteListener<HTTPEndpointCfg> {
    private static final LocalizedLogger LOGGER = LocalizedLogger.getLoggerForThisClass();
    private final ServerContext serverContext;
    private final Router router;
    private final AuthorizationMechanismManager auhtzFilterManager = new AuthorizationMechanismManager();
    private final Map<DN, Pair<HttpApplication, Handler>> startedApplications = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opends/server/core/HttpEndpointConfigManager$AuthorizationMechanismManager.class */
    public final class AuthorizationMechanismManager implements ConfigurationChangeListener<HTTPAuthorizationMechanismCfg>, ConfigurationAddListener<HTTPAuthorizationMechanismCfg>, ConfigurationDeleteListener<HTTPAuthorizationMechanismCfg> {
        private final HttpAuthorizationMechanismFactory authzFilterFactory;
        private final Map<DN, HttpAuthorizationMechanism<?>> authzFilters;

        private AuthorizationMechanismManager() {
            this.authzFilterFactory = new HttpAuthorizationMechanismFactory(HttpEndpointConfigManager.this.serverContext);
            this.authzFilters = new HashMap();
        }

        public void registerTo(RootCfg rootCfg) throws ConfigException {
            rootCfg.addHTTPAuthorizationMechanismAddListener(this);
            rootCfg.addHTTPAuthorizationMechanismDeleteListener(this);
            for (String str : rootCfg.listHTTPAuthorizationMechanisms()) {
                HTTPAuthorizationMechanismCfg hTTPAuthorizationMechanism = rootCfg.getHTTPAuthorizationMechanism(str);
                hTTPAuthorizationMechanism.addChangeListener(this);
                ConfigChangeResult applyConfigurationAdd = applyConfigurationAdd(hTTPAuthorizationMechanism);
                if (!applyConfigurationAdd.getResultCode().equals(ResultCode.SUCCESS)) {
                    throw new ConfigException((LocalizableMessage) applyConfigurationAdd.getMessages().get(0));
                }
            }
        }

        Collection<? extends ConditionalFilters.ConditionalFilter> getFilters(DN dn, Set<DN> set) throws ConfigException {
            TreeSet treeSet = new TreeSet();
            for (DN dn2 : set) {
                HttpAuthorizationMechanism<?> httpAuthorizationMechanism = this.authzFilters.get(dn2);
                if (httpAuthorizationMechanism == null) {
                    throw new ConfigException(ConfigMessages.ERR_CONFIG_HTTPENDPOINT_INVALID_AUTHZ_DN.get(dn, dn2));
                }
                if (!treeSet.add(httpAuthorizationMechanism)) {
                    throw new ConfigException(ConfigMessages.ERR_CONFIG_HTTPENDPOINT_CONFLICTING_AUTHZ_DN.get(dn, dn2.rdn(0), treeSet.tailSet(httpAuthorizationMechanism).first()));
                }
            }
            return treeSet;
        }

        private void rebindStartedApplications(DN dn, ConfigChangeResult configChangeResult) {
            Pair pair;
            RootCfg rootConfig = HttpEndpointConfigManager.this.serverContext.getRootConfig();
            for (String str : rootConfig.listHTTPEndpoints()) {
                try {
                    HTTPEndpointCfg hTTPEndpoint = rootConfig.getHTTPEndpoint(str);
                    if (hTTPEndpoint.getAuthorizationMechanismDNs().contains(dn) && (pair = (Pair) HttpEndpointConfigManager.this.startedApplications.get(hTTPEndpoint.dn())) != null) {
                        HttpEndpointConfigManager.this.bindApplication(getFilters(hTTPEndpoint.dn(), hTTPEndpoint.getAuthorizationMechanismDNs()), (Handler) pair.getSecond(), hTTPEndpoint.getBasePath());
                    }
                } catch (ConfigException e) {
                    configChangeResult.setResultCode(DirectoryServer.getCoreConfigManager().getServerErrorResultCode());
                    configChangeResult.addMessage(ConfigMessages.ERR_CONFIG_HTTPENDPOINT_UNABLE_TO_START.get(str, StaticUtils.stackTraceToSingleLineString(e)));
                }
            }
        }

        public boolean isConfigurationDeleteAcceptable(HTTPAuthorizationMechanismCfg hTTPAuthorizationMechanismCfg, List<LocalizableMessage> list) {
            return true;
        }

        public ConfigChangeResult applyConfigurationDelete(HTTPAuthorizationMechanismCfg hTTPAuthorizationMechanismCfg) {
            doConfigurationDelete(hTTPAuthorizationMechanismCfg);
            ConfigChangeResult configChangeResult = new ConfigChangeResult();
            rebindStartedApplications(hTTPAuthorizationMechanismCfg.dn(), configChangeResult);
            return configChangeResult;
        }

        private void doConfigurationDelete(HTTPAuthorizationMechanismCfg hTTPAuthorizationMechanismCfg) {
            this.authzFilters.remove(hTTPAuthorizationMechanismCfg.dn());
        }

        public boolean isConfigurationAddAcceptable(HTTPAuthorizationMechanismCfg hTTPAuthorizationMechanismCfg, List<LocalizableMessage> list) {
            try {
                return this.authzFilterFactory.newInstance(hTTPAuthorizationMechanismCfg) != null;
            } catch (InitializationException e) {
                list.add(e.getMessageObject());
                return false;
            }
        }

        public ConfigChangeResult applyConfigurationAdd(HTTPAuthorizationMechanismCfg hTTPAuthorizationMechanismCfg) {
            ConfigChangeResult configChangeResult = new ConfigChangeResult();
            if (!hTTPAuthorizationMechanismCfg.isEnabled()) {
                return configChangeResult;
            }
            try {
                this.authzFilters.put(hTTPAuthorizationMechanismCfg.dn(), this.authzFilterFactory.newInstance(hTTPAuthorizationMechanismCfg));
                rebindStartedApplications(hTTPAuthorizationMechanismCfg.dn(), configChangeResult);
            } catch (InitializationException e) {
                configChangeResult.setResultCode(DirectoryServer.getCoreConfigManager().getServerErrorResultCode());
                configChangeResult.addMessage(e.getMessageObject());
            }
            return configChangeResult;
        }

        public boolean isConfigurationChangeAcceptable(HTTPAuthorizationMechanismCfg hTTPAuthorizationMechanismCfg, List<LocalizableMessage> list) {
            return !hTTPAuthorizationMechanismCfg.isEnabled() || (isConfigurationDeleteAcceptable(hTTPAuthorizationMechanismCfg, list) && isConfigurationAddAcceptable(hTTPAuthorizationMechanismCfg, list));
        }

        public ConfigChangeResult applyConfigurationChange(HTTPAuthorizationMechanismCfg hTTPAuthorizationMechanismCfg) {
            doConfigurationDelete(hTTPAuthorizationMechanismCfg);
            return applyConfigurationAdd(hTTPAuthorizationMechanismCfg);
        }

        public /* bridge */ /* synthetic */ boolean isConfigurationChangeAcceptable(Configuration configuration, List list) {
            return isConfigurationChangeAcceptable((HTTPAuthorizationMechanismCfg) configuration, (List<LocalizableMessage>) list);
        }

        public /* bridge */ /* synthetic */ boolean isConfigurationAddAcceptable(Configuration configuration, List list) {
            return isConfigurationAddAcceptable((HTTPAuthorizationMechanismCfg) configuration, (List<LocalizableMessage>) list);
        }

        public /* bridge */ /* synthetic */ boolean isConfigurationDeleteAcceptable(Configuration configuration, List list) {
            return isConfigurationDeleteAcceptable((HTTPAuthorizationMechanismCfg) configuration, (List<LocalizableMessage>) list);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opends/server/core/HttpEndpointConfigManager$ErrorHandler.class */
    public static final class ErrorHandler implements Handler {
        private static final Handler SERVICE_UNAVAILABLE = new ErrorHandler(Status.SERVICE_UNAVAILABLE);
        private static final Handler INTERNAL_SERVER_ERROR = new ErrorHandler(Status.INTERNAL_SERVER_ERROR);
        private final Status status;

        ErrorHandler(Status status) {
            this.status = status;
        }

        public Promise<Response, NeverThrowsException> handle(Context context, Request request) {
            return Response.newResponsePromise(new Response(this.status));
        }
    }

    public HttpEndpointConfigManager(ServerContext serverContext) {
        this.serverContext = (ServerContext) Reject.checkNotNull(serverContext, "serverContext cannot be null");
        this.router = serverContext.getHTTPRouter();
    }

    public void registerTo(RootCfg rootCfg) throws ConfigException {
        this.auhtzFilterManager.registerTo(rootCfg);
        rootCfg.addHTTPEndpointAddListener(this);
        rootCfg.addHTTPEndpointDeleteListener(this);
        for (String str : rootCfg.listHTTPEndpoints()) {
            HTTPEndpointCfg hTTPEndpoint = rootCfg.getHTTPEndpoint(str);
            hTTPEndpoint.addChangeListener(this);
            if (hTTPEndpoint.isEnabled()) {
                ConfigChangeResult applyConfigurationAdd = applyConfigurationAdd(hTTPEndpoint);
                if (!applyConfigurationAdd.getResultCode().equals(ResultCode.SUCCESS)) {
                    LOGGER.error((LocalizableMessage) applyConfigurationAdd.getMessages().get(0));
                }
            }
        }
    }

    public boolean isConfigurationAddAcceptable(HTTPEndpointCfg hTTPEndpointCfg, List<LocalizableMessage> list) {
        try {
            this.auhtzFilterManager.getFilters(hTTPEndpointCfg.dn(), hTTPEndpointCfg.getAuthorizationMechanismDNs());
            return loadEndpoint(hTTPEndpointCfg).isConfigurationValid(list);
        } catch (InitializationException | ConfigException e) {
            list.add(e.getMessageObject());
            return false;
        }
    }

    public ConfigChangeResult applyConfigurationAdd(HTTPEndpointCfg hTTPEndpointCfg) {
        ConfigChangeResult configChangeResult = new ConfigChangeResult();
        hTTPEndpointCfg.addChangeListener(this);
        if (!hTTPEndpointCfg.isEnabled()) {
            return configChangeResult;
        }
        try {
            HttpApplication newHttpApplication = loadEndpoint(hTTPEndpointCfg).newHttpApplication();
            Handler start = newHttpApplication.start();
            this.startedApplications.put(hTTPEndpointCfg.dn(), Pair.of(newHttpApplication, start));
            bindApplication(this.auhtzFilterManager.getFilters(hTTPEndpointCfg.dn(), hTTPEndpointCfg.getAuthorizationMechanismDNs()), start, hTTPEndpointCfg.getBasePath());
        } catch (InitializationException | ConfigException e) {
            configChangeResult.setResultCodeIfSuccess(DirectoryServer.getCoreConfigManager().getServerErrorResultCode());
            configChangeResult.addMessage(e.getMessageObject());
            this.router.addRoute(newRoute(hTTPEndpointCfg.getBasePath()), ErrorHandler.INTERNAL_SERVER_ERROR);
        } catch (HttpApplicationException e2) {
            configChangeResult.setResultCodeIfSuccess(DirectoryServer.getCoreConfigManager().getServerErrorResultCode());
            configChangeResult.addMessage(ConfigMessages.ERR_CONFIG_HTTPENDPOINT_UNABLE_TO_START.get(hTTPEndpointCfg.dn(), StaticUtils.stackTraceToSingleLineString(e2)));
            this.router.addRoute(newRoute(hTTPEndpointCfg.getBasePath()), ErrorHandler.INTERNAL_SERVER_ERROR);
        }
        return configChangeResult;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void bindApplication(Iterable<? extends ConditionalFilters.ConditionalFilter> iterable, Handler handler, String str) {
        this.router.addRoute(newRoute(str), Handlers.chainOf(handler, new Filter[]{Authorization.newAuthorizationFilter(iterable)}));
    }

    public boolean isConfigurationDeleteAcceptable(HTTPEndpointCfg hTTPEndpointCfg, List<LocalizableMessage> list) {
        return true;
    }

    public ConfigChangeResult applyConfigurationDelete(HTTPEndpointCfg hTTPEndpointCfg) {
        this.router.removeRoute(new RouteMatcher[]{newRoute(hTTPEndpointCfg.getBasePath())});
        Pair<HttpApplication, Handler> remove = this.startedApplications.remove(hTTPEndpointCfg.dn());
        if (remove != null) {
            ((HttpApplication) remove.getFirst()).stop();
        }
        return new ConfigChangeResult();
    }

    public boolean isConfigurationChangeAcceptable(HTTPEndpointCfg hTTPEndpointCfg, List<LocalizableMessage> list) {
        return isConfigurationAddAcceptable(hTTPEndpointCfg, list);
    }

    public ConfigChangeResult applyConfigurationChange(HTTPEndpointCfg hTTPEndpointCfg) {
        Pair<HttpApplication, Handler> remove = this.startedApplications.remove(hTTPEndpointCfg.dn());
        if (remove != null) {
            this.router.addRoute(newRoute(hTTPEndpointCfg.getBasePath()), ErrorHandler.SERVICE_UNAVAILABLE);
            ((HttpApplication) remove.getFirst()).stop();
        }
        return applyConfigurationAdd(hTTPEndpointCfg);
    }

    private HttpEndpoint<?> loadEndpoint(HTTPEndpointCfg hTTPEndpointCfg) throws InitializationException {
        try {
            return (HttpEndpoint) HTTPEndpointCfgDefn.getInstance().getJavaClassPropertyDefinition().loadClass(hTTPEndpointCfg.getJavaClass(), HttpEndpoint.class).getDeclaredConstructor(hTTPEndpointCfg.configurationClass(), ServerContext.class).newInstance(hTTPEndpointCfg, this.serverContext);
        } catch (Exception e) {
            throw new InitializationException(ConfigMessages.ERR_CONFIG_HTTPENDPOINT_INITIALIZATION_FAILED.get(hTTPEndpointCfg.getJavaClass(), hTTPEndpointCfg.dn(), StaticUtils.stackTraceToSingleLineString(e)), e);
        }
    }

    private static String removeLeadingAndTrailingSlashes(String str) {
        int i = 0;
        while (str.charAt(i) == '/') {
            i++;
        }
        int length = str.length();
        while (str.charAt(length - 1) == '/') {
            length--;
        }
        return str.substring(i, length);
    }

    private static RouteMatcher<Request> newRoute(String str) {
        return RouteMatchers.requestUriMatcher(RoutingMode.STARTS_WITH, removeLeadingAndTrailingSlashes(str));
    }

    public /* bridge */ /* synthetic */ boolean isConfigurationChangeAcceptable(Configuration configuration, List list) {
        return isConfigurationChangeAcceptable((HTTPEndpointCfg) configuration, (List<LocalizableMessage>) list);
    }

    public /* bridge */ /* synthetic */ boolean isConfigurationAddAcceptable(Configuration configuration, List list) {
        return isConfigurationAddAcceptable((HTTPEndpointCfg) configuration, (List<LocalizableMessage>) list);
    }

    public /* bridge */ /* synthetic */ boolean isConfigurationDeleteAcceptable(Configuration configuration, List list) {
        return isConfigurationDeleteAcceptable((HTTPEndpointCfg) configuration, (List<LocalizableMessage>) list);
    }
}
