package org.opends.server.protocols.http;

import io.swagger.models.Swagger;
import java.io.IOException;
import java.net.InetAddress;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import org.apache.http.HttpVersion;
import org.forgerock.http.ApiProducer;
import org.forgerock.http.DescribedHttpApplication;
import org.forgerock.http.Filter;
import org.forgerock.http.Handler;
import org.forgerock.http.HttpApplicationException;
import org.forgerock.http.grizzly.GrizzlySupport;
import org.forgerock.http.handler.Handlers;
import org.forgerock.http.io.Buffer;
import org.forgerock.http.protocol.Request;
import org.forgerock.http.protocol.Response;
import org.forgerock.http.protocol.Status;
import org.forgerock.http.swagger.SwaggerApiProducer;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizableMessageDescriptor;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.config.server.ConfigChangeResult;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.config.server.ConfigurationChangeListener;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.rest2ldap.ErrorLoggerFilter;
import org.forgerock.opendj.server.config.server.ConnectionHandlerCfg;
import org.forgerock.opendj.server.config.server.HTTPConnectionHandlerCfg;
import org.forgerock.services.context.Context;
import org.forgerock.util.Factory;
import org.forgerock.util.promise.NeverThrowsException;
import org.forgerock.util.promise.Promise;
import org.forgerock.util.promise.PromiseImpl;
import org.forgerock.util.time.TimeService;
import org.glassfish.grizzly.http.HttpProbe;
import org.glassfish.grizzly.http.server.HttpServer;
import org.glassfish.grizzly.http.server.NetworkListener;
import org.glassfish.grizzly.http.server.ServerConfiguration;
import org.glassfish.grizzly.monitoring.MonitoringConfig;
import org.glassfish.grizzly.nio.transport.TCPNIOTransport;
import org.glassfish.grizzly.ssl.SSLEngineConfigurator;
import org.glassfish.grizzly.strategies.SameThreadIOStrategy;
import org.glassfish.grizzly.utils.Charsets;
import org.opends.messages.ConfigMessages;
import org.opends.messages.ProtocolMessages;
import org.opends.server.api.AlertGenerator;
import org.opends.server.api.ClientConnection;
import org.opends.server.api.ConnectionHandler;
import org.opends.server.api.KeyManagerProvider;
import org.opends.server.api.ServerShutdownListener;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ServerContext;
import org.opends.server.extensions.NullKeyManagerProvider;
import org.opends.server.loggers.HTTPAccessLogger;
import org.opends.server.monitors.ClientConnectionMonitorProvider;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.types.AbstractOperation;
import org.opends.server.types.Control;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.HostPort;
import org.opends.server.types.InitializationException;
import org.opends.server.types.OperationType;
import org.opends.server.util.DynamicConstants;
import org.opends.server.util.SelectableCertificateKeyManager;
import org.opends.server.util.ServerConstants;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/protocols/http/HTTPConnectionHandler.class */
public class HTTPConnectionHandler extends ConnectionHandler<HTTPConnectionHandlerCfg> implements ConfigurationChangeListener<HTTPConnectionHandlerCfg>, ServerShutdownListener, AlertGenerator {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private static final String DEFAULT_FRIENDLY_NAME = "HTTP Connection Handler";
    private static final String SSL_CONTEXT_INSTANCE_NAME = "TLS";
    private HTTPConnectionHandlerCfg initConfig;
    private HTTPConnectionHandlerCfg currentConfig;
    private volatile boolean shutdownRequested;
    private boolean enabled;
    private final List<HostPort> listeners;
    private HttpServer httpServer;
    private HTTPStatsProbe httpProbe;
    private final Map<ClientConnection, ClientConnection> clientConnections;
    private HTTPStatistics statTracker;
    private ClientConnectionMonitorProvider connMonitor;
    private String handlerName;
    private String protocol;
    private final Object waitListen;
    private String friendlyName;
    private SSLEngineConfigurator sslEngineConfigurator;
    private ServerContext serverContext;

    /* loaded from: input_file:org/opends/server/protocols/http/HTTPConnectionHandler$ExecuteInWorkerThreadFilter.class */
    private static final class ExecuteInWorkerThreadFilter implements Filter {

        /* loaded from: input_file:org/opends/server/protocols/http/HTTPConnectionHandler$ExecuteInWorkerThreadFilter$AsyncOperation.class */
        private static final class AsyncOperation<V> extends AbstractOperation {
            private final Runnable runnable;

            AsyncOperation(InternalClientConnection internalClientConnection, Runnable runnable) {
                super(internalClientConnection, InternalClientConnection.nextOperationID(), InternalClientConnection.nextMessageID(), Collections.emptyList());
                setInternalOperation(true);
                this.runnable = runnable;
            }

            @Override // org.opends.server.types.Operation, java.lang.Runnable
            public void run() {
                this.runnable.run();
            }

            @Override // org.opends.server.types.Operation, org.opends.server.types.operation.PluginOperation
            public OperationType getOperationType() {
                return null;
            }

            @Override // org.opends.server.types.Operation, org.opends.server.types.operation.PluginOperation
            public List<Control> getResponseControls() {
                return Collections.emptyList();
            }

            @Override // org.opends.server.types.Operation, org.opends.server.types.operation.PreParseOperation, org.opends.server.types.operation.PostOperationOperation
            public void addResponseControl(Control control) {
            }

            @Override // org.opends.server.types.Operation, org.opends.server.types.operation.PreParseOperation, org.opends.server.types.operation.PostOperationOperation
            public void removeResponseControl(Control control) {
            }

            @Override // org.opends.server.types.Operation
            public DN getProxiedAuthorizationDN() {
                return null;
            }

            @Override // org.opends.server.types.Operation
            public void setProxiedAuthorizationDN(DN dn) {
            }

            @Override // org.opends.server.types.Operation, org.opends.server.types.operation.PluginOperation
            public void toString(StringBuilder sb) {
                sb.append(AsyncOperation.class.getSimpleName());
            }
        }

        private ExecuteInWorkerThreadFilter() {
        }

        @Override // org.forgerock.http.Filter
        public Promise<Response, NeverThrowsException> filter(final Context context, final Request request, final Handler handler) {
            final PromiseImpl create = PromiseImpl.create();
            try {
                DirectoryServer.getWorkQueue().submitOperation(new AsyncOperation(InternalClientConnection.getRootConnection(), new Runnable() { // from class: org.opends.server.protocols.http.HTTPConnectionHandler.ExecuteInWorkerThreadFilter.1
                    @Override // java.lang.Runnable
                    public void run() {
                        handler.handle(context, request).thenOnResult(create).thenOnRuntimeException(create);
                    }
                }));
            } catch (Exception e) {
                create.handleResult(new Response(Status.INTERNAL_SERVER_ERROR).setCause(e));
            }
            return create;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opends/server/protocols/http/HTTPConnectionHandler$RootHttpApplication.class */
    public final class RootHttpApplication implements DescribedHttpApplication {
        private RootHttpApplication() {
        }

        @Override // org.forgerock.http.HttpApplication
        public Handler start() throws HttpApplicationException {
            return Handlers.chainOf(HTTPConnectionHandler.this.serverContext.getHTTPRouter(), new HttpAccessLogFilter(HTTPConnectionHandler.this.serverContext), new ErrorLoggerFilter(), new ExecuteInWorkerThreadFilter(), new AllowDenyFilter(HTTPConnectionHandler.this.currentConfig.getDeniedClient(), HTTPConnectionHandler.this.currentConfig.getAllowedClient()), new CommonAuditTransactionIdFilter(HTTPConnectionHandler.this.serverContext), new CommonAuditHttpAccessCheckEnabledFilter(HTTPConnectionHandler.this.serverContext, new CommonAuditHttpAccessAuditFilter(DynamicConstants.PRODUCT_NAME, HTTPConnectionHandler.this.serverContext.getCommonAudit().getAuditServiceForHttpAccessLog(), TimeService.SYSTEM)), new LDAPContextInjectionFilter(HTTPConnectionHandler.this.serverContext, HTTPConnectionHandler.this));
        }

        @Override // org.forgerock.http.HttpApplication
        public void stop() {
        }

        @Override // org.forgerock.http.HttpApplication
        public Factory<Buffer> getBufferFactory() {
            return null;
        }

        @Override // org.forgerock.http.DescribedHttpApplication
        public ApiProducer<Swagger> getApiProducer() {
            return new SwaggerApiProducer(null);
        }
    }

    public HTTPConnectionHandler() {
        super(DEFAULT_FRIENDLY_NAME);
        this.listeners = new LinkedList();
        this.clientConnections = new ConcurrentHashMap();
        this.waitListen = new Object();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addClientConnection(ClientConnection clientConnection) {
        this.clientConnections.put(clientConnection, clientConnection);
    }

    @Override // org.forgerock.opendj.config.server.ConfigurationChangeListener
    public ConfigChangeResult applyConfigurationChange(HTTPConnectionHandlerCfg hTTPConnectionHandlerCfg) {
        ConfigChangeResult configChangeResult = new ConfigChangeResult();
        if (anyChangeRequiresRestart(hTTPConnectionHandlerCfg)) {
            configChangeResult.setAdminActionRequired(true);
            configChangeResult.addMessage(ProtocolMessages.ERR_CONNHANDLER_CONFIG_CHANGES_REQUIRE_RESTART.get(HttpVersion.HTTP));
        }
        try {
            configureSSL(hTTPConnectionHandlerCfg);
            if (hTTPConnectionHandlerCfg.isEnabled() && this.currentConfig.isEnabled() && isListening()) {
                if (!this.currentConfig.isKeepStats() && hTTPConnectionHandlerCfg.isKeepStats()) {
                    setHttpStatsProbe(this.httpServer);
                } else if (this.currentConfig.isKeepStats() && !hTTPConnectionHandlerCfg.isKeepStats() && this.httpProbe != null) {
                    getHttpConfig(this.httpServer).removeProbes(this.httpProbe);
                    this.httpProbe = null;
                }
            }
            this.initConfig = hTTPConnectionHandlerCfg;
            this.currentConfig = hTTPConnectionHandlerCfg;
            this.enabled = this.currentConfig.isEnabled();
            return configChangeResult;
        } catch (DirectoryException e) {
            logger.traceException(e);
            configChangeResult.setResultCode(e.getResultCode());
            configChangeResult.addMessage(e.getMessageObject());
            return configChangeResult;
        }
    }

    private boolean anyChangeRequiresRestart(HTTPConnectionHandlerCfg hTTPConnectionHandlerCfg) {
        return (equals((long) hTTPConnectionHandlerCfg.getListenPort(), (long) this.initConfig.getListenPort()) && Objects.equals(hTTPConnectionHandlerCfg.getListenAddress(), this.initConfig.getListenAddress()) && equals(hTTPConnectionHandlerCfg.getMaxRequestSize(), this.currentConfig.getMaxRequestSize()) && equals(hTTPConnectionHandlerCfg.isAllowTCPReuseAddress(), this.currentConfig.isAllowTCPReuseAddress()) && equals(hTTPConnectionHandlerCfg.isUseTCPKeepAlive(), this.currentConfig.isUseTCPKeepAlive()) && equals(hTTPConnectionHandlerCfg.isUseTCPNoDelay(), this.currentConfig.isUseTCPNoDelay()) && equals(hTTPConnectionHandlerCfg.getMaxBlockedWriteTimeLimit(), this.currentConfig.getMaxBlockedWriteTimeLimit()) && equals(hTTPConnectionHandlerCfg.getBufferSize(), this.currentConfig.getBufferSize()) && equals((long) hTTPConnectionHandlerCfg.getAcceptBacklog(), (long) this.currentConfig.getAcceptBacklog()) && equals(hTTPConnectionHandlerCfg.isUseSSL(), this.currentConfig.isUseSSL()) && Objects.equals(hTTPConnectionHandlerCfg.getKeyManagerProviderDN(), this.currentConfig.getKeyManagerProviderDN()) && Objects.equals(hTTPConnectionHandlerCfg.getSSLCertNickname(), this.currentConfig.getSSLCertNickname()) && Objects.equals(hTTPConnectionHandlerCfg.getTrustManagerProviderDN(), this.currentConfig.getTrustManagerProviderDN()) && Objects.equals(hTTPConnectionHandlerCfg.getSSLProtocol(), this.currentConfig.getSSLProtocol()) && Objects.equals(hTTPConnectionHandlerCfg.getSSLCipherSuite(), this.currentConfig.getSSLCipherSuite()) && Objects.equals(hTTPConnectionHandlerCfg.getSSLClientAuthPolicy(), this.currentConfig.getSSLClientAuthPolicy())) ? false : true;
    }

    private boolean equals(long j, long j2) {
        return j == j2;
    }

    private boolean equals(boolean z, boolean z2) {
        return z == z2;
    }

    private void configureSSL(HTTPConnectionHandlerCfg hTTPConnectionHandlerCfg) throws DirectoryException {
        this.protocol = hTTPConnectionHandlerCfg.isUseSSL() ? "HTTPS" : HttpVersion.HTTP;
        if (hTTPConnectionHandlerCfg.isUseSSL()) {
            this.sslEngineConfigurator = createSSLEngineConfigurator(hTTPConnectionHandlerCfg);
        } else {
            this.sslEngineConfigurator = null;
        }
    }

    @Override // org.opends.server.api.ConnectionHandler
    public void finalizeConnectionHandler(LocalizableMessage localizableMessage) {
        this.shutdownRequested = true;
        this.currentConfig.removeHTTPChangeListener(this);
        if (this.connMonitor != null) {
            DirectoryServer.deregisterMonitorProvider(this.connMonitor);
        }
        if (this.statTracker != null) {
            DirectoryServer.deregisterMonitorProvider(this.statTracker);
        }
    }

    @Override // org.opends.server.api.AlertGenerator
    public Map<String, String> getAlerts() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(ServerConstants.ALERT_TYPE_HTTP_CONNECTION_HANDLER_CONSECUTIVE_FAILURES, ServerConstants.ALERT_DESCRIPTION_HTTP_CONNECTION_HANDLER_CONSECUTIVE_FAILURES);
        return linkedHashMap;
    }

    @Override // org.opends.server.api.AlertGenerator
    public String getClassName() {
        return HTTPConnectionHandler.class.getName();
    }

    @Override // org.opends.server.api.ConnectionHandler
    public Collection<ClientConnection> getClientConnections() {
        return this.clientConnections.keySet();
    }

    @Override // org.opends.server.api.ConnectionHandler, org.opends.server.api.AlertGenerator
    public DN getComponentEntryDN() {
        return this.currentConfig.dn();
    }

    @Override // org.opends.server.api.ConnectionHandler
    public String getConnectionHandlerName() {
        return this.handlerName;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HTTPConnectionHandlerCfg getCurrentConfig() {
        return this.currentConfig;
    }

    @Override // org.opends.server.api.ConnectionHandler
    public Collection<String> getEnabledSSLCipherSuites() {
        SSLEngineConfigurator sSLEngineConfigurator = this.sslEngineConfigurator;
        return sSLEngineConfigurator != null ? Arrays.asList(sSLEngineConfigurator.getEnabledCipherSuites()) : super.getEnabledSSLCipherSuites();
    }

    @Override // org.opends.server.api.ConnectionHandler
    public Collection<String> getEnabledSSLProtocols() {
        SSLEngineConfigurator sSLEngineConfigurator = this.sslEngineConfigurator;
        return sSLEngineConfigurator != null ? Arrays.asList(sSLEngineConfigurator.getEnabledProtocols()) : super.getEnabledSSLProtocols();
    }

    @Override // org.opends.server.api.ConnectionHandler
    public Collection<HostPort> getListeners() {
        return this.listeners;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getListenPort() {
        return this.initConfig.getListenPort();
    }

    @Override // org.opends.server.api.ConnectionHandler
    public String getProtocol() {
        return this.protocol;
    }

    @Override // org.opends.server.api.ServerShutdownListener
    public String getShutdownListenerName() {
        return this.handlerName;
    }

    public HTTPStatistics getStatTracker() {
        return this.statTracker;
    }

    @Override // org.opends.server.api.ConnectionHandler
    public void initializeConnectionHandler(ServerContext serverContext, HTTPConnectionHandlerCfg hTTPConnectionHandlerCfg) throws ConfigException, InitializationException {
        this.serverContext = serverContext;
        this.enabled = hTTPConnectionHandlerCfg.isEnabled();
        if (this.friendlyName == null) {
            this.friendlyName = hTTPConnectionHandlerCfg.name();
        }
        int listenPort = hTTPConnectionHandlerCfg.getListenPort();
        Iterator<InetAddress> it = hTTPConnectionHandlerCfg.getListenAddress().iterator();
        while (it.hasNext()) {
            this.listeners.add(new HostPort(it.next().getHostAddress(), listenPort));
        }
        this.handlerName = getHandlerName(hTTPConnectionHandlerCfg);
        try {
            configureSSL(hTTPConnectionHandlerCfg);
            this.statTracker = new HTTPStatistics(this.handlerName + " Statistics");
            DirectoryServer.registerMonitorProvider(this.statTracker);
            this.connMonitor = new ClientConnectionMonitorProvider(this);
            DirectoryServer.registerMonitorProvider(this.connMonitor);
            hTTPConnectionHandlerCfg.addHTTPChangeListener(this);
            this.initConfig = hTTPConnectionHandlerCfg;
            this.currentConfig = hTTPConnectionHandlerCfg;
        } catch (DirectoryException e) {
            logger.traceException(e);
            throw new InitializationException(e.getMessageObject());
        }
    }

    private String getHandlerName(HTTPConnectionHandlerCfg hTTPConnectionHandlerCfg) {
        StringBuilder sb = new StringBuilder();
        sb.append(this.friendlyName);
        for (InetAddress inetAddress : hTTPConnectionHandlerCfg.getListenAddress()) {
            sb.append(" ");
            sb.append(inetAddress.getHostAddress());
        }
        sb.append(" port ");
        sb.append(hTTPConnectionHandlerCfg.getListenPort());
        return sb.toString();
    }

    @Override // org.opends.server.api.ConnectionHandler
    public boolean isConfigurationAcceptable(ConnectionHandlerCfg connectionHandlerCfg, List<LocalizableMessage> list) {
        LocalizableMessage checkAnyListenAddressInUse;
        HTTPConnectionHandlerCfg hTTPConnectionHandlerCfg = (HTTPConnectionHandlerCfg) connectionHandlerCfg;
        if ((this.currentConfig == null || (!this.enabled && hTTPConnectionHandlerCfg.isEnabled())) && (checkAnyListenAddressInUse = checkAnyListenAddressInUse(hTTPConnectionHandlerCfg.getListenAddress(), hTTPConnectionHandlerCfg.getListenPort(), hTTPConnectionHandlerCfg.isAllowTCPReuseAddress(), hTTPConnectionHandlerCfg.dn())) != null) {
            list.add(checkAnyListenAddressInUse);
            return false;
        }
        if (!hTTPConnectionHandlerCfg.isEnabled() || !hTTPConnectionHandlerCfg.isUseSSL()) {
            return true;
        }
        try {
            createSSLEngineConfigurator(hTTPConnectionHandlerCfg);
            return true;
        } catch (DirectoryException e) {
            logger.traceException(e);
            list.add(e.getMessageObject());
            return false;
        }
    }

    private LocalizableMessage checkAnyListenAddressInUse(Collection<InetAddress> collection, int i, boolean z, DN dn) {
        for (InetAddress inetAddress : collection) {
            try {
                if (StaticUtils.isAddressInUse(inetAddress, i, z)) {
                    throw new IOException(ProtocolMessages.ERR_CONNHANDLER_ADDRESS_INUSE.get().toString());
                }
            } catch (IOException e) {
                logger.traceException(e);
                return ProtocolMessages.ERR_CONNHANDLER_CANNOT_BIND.get(HttpVersion.HTTP, dn, inetAddress.getHostAddress(), Integer.valueOf(i), StaticUtils.getExceptionMessage(e));
            }
        }
        return null;
    }

    /* renamed from: isConfigurationChangeAcceptable, reason: avoid collision after fix types in other method */
    public boolean isConfigurationChangeAcceptable2(HTTPConnectionHandlerCfg hTTPConnectionHandlerCfg, List<LocalizableMessage> list) {
        return isConfigurationAcceptable(hTTPConnectionHandlerCfg, list);
    }

    public boolean keepStats() {
        return this.currentConfig.isKeepStats();
    }

    @Override // org.opends.server.api.ServerShutdownListener
    public void processServerShutdown(LocalizableMessage localizableMessage) {
        this.shutdownRequested = true;
    }

    private boolean isListening() {
        return this.httpServer != null;
    }

    @Override // java.lang.Thread
    public void start() {
        synchronized (this.waitListen) {
            super.start();
            try {
                this.waitListen.wait();
            } catch (InterruptedException e) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void removeClientConnection(ClientConnection clientConnection) {
        this.clientConnections.remove(clientConnection);
    }

    @Override // org.opends.server.api.ConnectionHandler, java.lang.Thread, java.lang.Runnable
    public void run() {
        setName(this.handlerName);
        boolean z = false;
        boolean z2 = true;
        while (!this.shutdownRequested) {
            if (!this.enabled) {
                if (isListening()) {
                    stopHttpServer();
                }
                if (z2) {
                    synchronized (this.waitListen) {
                        z2 = false;
                        this.waitListen.notify();
                    }
                }
                StaticUtils.sleep(1000L);
            } else if (isListening()) {
                StaticUtils.sleep(1000L);
            } else {
                try {
                    synchronized (this.waitListen) {
                        this.waitListen.notify();
                    }
                    startHttpServer();
                    z = false;
                } catch (Exception e) {
                    cleanUpHttpServer();
                    logger.traceException(e);
                    logger.error((LocalizableMessageDescriptor.Arg3<LocalizableMessageDescriptor.Arg3<Object, Object, Object>, String, DN>) ProtocolMessages.ERR_CONNHANDLER_CANNOT_ACCEPT_CONNECTION, (LocalizableMessageDescriptor.Arg3<Object, Object, Object>) this.friendlyName, (String) this.currentConfig.dn(), (DN) StaticUtils.getExceptionMessage(e));
                    if (z) {
                        LocalizableMessage localizableMessage = ProtocolMessages.ERR_CONNHANDLER_CONSECUTIVE_ACCEPT_FAILURES.get(this.friendlyName, this.currentConfig.dn(), StaticUtils.stackTraceToSingleLineString(e));
                        logger.error(localizableMessage);
                        DirectoryServer.sendAlertNotification(this, ServerConstants.ALERT_TYPE_HTTP_CONNECTION_HANDLER_CONSECUTIVE_FAILURES, localizableMessage);
                        this.enabled = false;
                    } else {
                        z = true;
                    }
                }
            }
        }
        stopHttpServer();
    }

    private void startHttpServer() throws Exception {
        if (HTTPAccessLogger.getHTTPAccessLogPublishers().isEmpty()) {
            logger.warn(ConfigMessages.WARN_CONFIG_LOGGER_NO_ACTIVE_HTTP_ACCESS_LOGGERS);
        }
        this.httpServer = createHttpServer();
        this.httpServer.getServerConfiguration().addHttpHandler(GrizzlySupport.newGrizzlyHttpHandler(new RootHttpApplication()));
        logger.trace("Starting HTTP server...");
        this.httpServer.start();
        logger.trace("HTTP server started");
        logger.info((LocalizableMessageDescriptor.Arg1<LocalizableMessageDescriptor.Arg1<Object>>) ProtocolMessages.NOTE_CONNHANDLER_STARTED_LISTENING, (LocalizableMessageDescriptor.Arg1<Object>) this.handlerName);
    }

    private HttpServer createHttpServer() {
        HttpServer httpServer = new HttpServer();
        int maxRequestSize = (int) this.currentConfig.getMaxRequestSize();
        ServerConfiguration serverConfiguration = httpServer.getServerConfiguration();
        serverConfiguration.setMaxBufferedPostSize(maxRequestSize);
        serverConfiguration.setMaxFormPostSize(maxRequestSize);
        serverConfiguration.setDefaultQueryEncoding(Charsets.UTF8_CHARSET);
        if (keepStats()) {
            setHttpStatsProbe(httpServer);
        }
        NetworkListener networkListener = new NetworkListener("OpenDJ-HTTP", "0.0.0.0", this.initConfig.getListenPort());
        httpServer.addListener(networkListener);
        TCPNIOTransport transport = networkListener.getTransport();
        transport.setReuseAddress(this.currentConfig.isAllowTCPReuseAddress());
        transport.setKeepAlive(this.currentConfig.isUseTCPKeepAlive());
        transport.setTcpNoDelay(this.currentConfig.isUseTCPNoDelay());
        transport.setWriteTimeout(this.currentConfig.getMaxBlockedWriteTimeLimit(), TimeUnit.MILLISECONDS);
        int bufferSize = (int) this.currentConfig.getBufferSize();
        transport.setReadBufferSize(bufferSize);
        transport.setWriteBufferSize(bufferSize);
        transport.setIOStrategy(SameThreadIOStrategy.getInstance());
        transport.setSelectorRunnersCount(getNumRequestHandlers(this.currentConfig.getNumRequestHandlers(), this.friendlyName));
        transport.setServerConnectionBackLog(this.currentConfig.getAcceptBacklog());
        if (this.sslEngineConfigurator != null) {
            networkListener.setSecure(true);
            networkListener.setSSLEngineConfig(this.sslEngineConfigurator);
        }
        return httpServer;
    }

    private void setHttpStatsProbe(HttpServer httpServer) {
        this.httpProbe = new HTTPStatsProbe(this.statTracker);
        getHttpConfig(httpServer).addProbes(this.httpProbe);
    }

    private MonitoringConfig<HttpProbe> getHttpConfig(HttpServer httpServer) {
        return httpServer.getServerConfiguration().getMonitoringConfig().getHttpConfig();
    }

    private void stopHttpServer() {
        if (this.httpServer != null) {
            logger.trace("Stopping HTTP server...");
            this.httpServer.shutdownNow();
            cleanUpHttpServer();
            logger.trace("HTTP server stopped");
            logger.info((LocalizableMessageDescriptor.Arg1<LocalizableMessageDescriptor.Arg1<Object>>) ProtocolMessages.NOTE_CONNHANDLER_STOPPED_LISTENING, (LocalizableMessageDescriptor.Arg1<Object>) this.handlerName);
        }
    }

    private void cleanUpHttpServer() {
        this.httpServer = null;
        this.httpProbe = null;
    }

    @Override // org.opends.server.api.ConnectionHandler
    public void toString(StringBuilder sb) {
        sb.append(this.handlerName);
    }

    private SSLEngineConfigurator createSSLEngineConfigurator(HTTPConnectionHandlerCfg hTTPConnectionHandlerCfg) throws DirectoryException {
        if (!hTTPConnectionHandlerCfg.isUseSSL()) {
            return null;
        }
        try {
            SSLContext createSSLContext = createSSLContext(hTTPConnectionHandlerCfg);
            SSLEngineConfigurator sSLEngineConfigurator = new SSLEngineConfigurator(createSSLContext);
            sSLEngineConfigurator.setClientMode(false);
            SSLEngine createSSLEngine = createSSLContext.createSSLEngine();
            sSLEngineConfigurator.setEnabledProtocols(createSSLEngine.getEnabledProtocols());
            sSLEngineConfigurator.setEnabledCipherSuites(createSSLEngine.getEnabledCipherSuites());
            SortedSet<String> sSLProtocol = hTTPConnectionHandlerCfg.getSSLProtocol();
            if (!sSLProtocol.isEmpty()) {
                sSLEngineConfigurator.setEnabledProtocols((String[]) sSLProtocol.toArray(new String[sSLProtocol.size()]));
            }
            SortedSet<String> sSLCipherSuite = hTTPConnectionHandlerCfg.getSSLCipherSuite();
            if (!sSLCipherSuite.isEmpty()) {
                sSLEngineConfigurator.setEnabledCipherSuites((String[]) sSLCipherSuite.toArray(new String[sSLCipherSuite.size()]));
            }
            switch (hTTPConnectionHandlerCfg.getSSLClientAuthPolicy()) {
                case DISABLED:
                    sSLEngineConfigurator.setNeedClientAuth(false);
                    sSLEngineConfigurator.setWantClientAuth(false);
                    break;
                case REQUIRED:
                    sSLEngineConfigurator.setNeedClientAuth(true);
                    sSLEngineConfigurator.setWantClientAuth(true);
                    break;
                case OPTIONAL:
                default:
                    sSLEngineConfigurator.setNeedClientAuth(false);
                    sSLEngineConfigurator.setWantClientAuth(true);
                    break;
            }
            return sSLEngineConfigurator;
        } catch (Exception e) {
            logger.traceException(e);
            throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), ProtocolMessages.ERR_CONNHANDLER_SSL_CANNOT_INITIALIZE.get(StaticUtils.getExceptionMessage(e)), e);
        }
    }

    private SSLContext createSSLContext(HTTPConnectionHandlerCfg hTTPConnectionHandlerCfg) throws Exception {
        KeyManager[] wrap;
        if (!hTTPConnectionHandlerCfg.isUseSSL()) {
            return null;
        }
        ServerContext serverContext = DirectoryServer.getInstance().getServerContext();
        DN keyManagerProviderDN = hTTPConnectionHandlerCfg.getKeyManagerProviderDN();
        KeyManagerProvider<?> keyManagerProvider = serverContext.getKeyManagerProvider(keyManagerProviderDN);
        if (keyManagerProvider == null) {
            logger.error((LocalizableMessageDescriptor.Arg2<LocalizableMessageDescriptor.Arg2<Object, Object>, DN>) ProtocolMessages.ERR_NULL_KEY_PROVIDER_MANAGER, (LocalizableMessageDescriptor.Arg2<Object, Object>) keyManagerProviderDN, (DN) this.friendlyName);
            logger.warn((LocalizableMessageDescriptor.Arg1<LocalizableMessageDescriptor.Arg1<Object>>) ProtocolMessages.INFO_DISABLE_CONNECTION, (LocalizableMessageDescriptor.Arg1<Object>) this.friendlyName);
            keyManagerProvider = new NullKeyManagerProvider();
            this.enabled = false;
        } else if (!keyManagerProvider.containsAtLeastOneKey()) {
            logger.error((LocalizableMessageDescriptor.Arg1<LocalizableMessageDescriptor.Arg1<Object>>) ProtocolMessages.ERR_INVALID_KEYSTORE, (LocalizableMessageDescriptor.Arg1<Object>) this.friendlyName);
            logger.warn((LocalizableMessageDescriptor.Arg1<LocalizableMessageDescriptor.Arg1<Object>>) ProtocolMessages.INFO_DISABLE_CONNECTION, (LocalizableMessageDescriptor.Arg1<Object>) this.friendlyName);
            this.enabled = false;
        }
        TreeSet treeSet = new TreeSet((SortedSet) hTTPConnectionHandlerCfg.getSSLCertNickname());
        if (treeSet.isEmpty()) {
            wrap = keyManagerProvider.getKeyManagers();
        } else {
            Iterator it = treeSet.iterator();
            while (it.hasNext()) {
                if (!keyManagerProvider.containsKeyWithAlias((String) it.next())) {
                    logger.error((LocalizableMessageDescriptor.Arg2<LocalizableMessageDescriptor.Arg2<Object, Object>, TreeSet>) ProtocolMessages.ERR_KEYSTORE_DOES_NOT_CONTAIN_ALIAS, (LocalizableMessageDescriptor.Arg2<Object, Object>) treeSet, (TreeSet) this.friendlyName);
                    it.remove();
                }
            }
            if (treeSet.isEmpty()) {
                logger.warn((LocalizableMessageDescriptor.Arg1<LocalizableMessageDescriptor.Arg1<Object>>) ProtocolMessages.INFO_DISABLE_CONNECTION, (LocalizableMessageDescriptor.Arg1<Object>) this.friendlyName);
                this.enabled = false;
            }
            wrap = SelectableCertificateKeyManager.wrap(keyManagerProvider.getKeyManagers(), treeSet, this.friendlyName);
        }
        DN trustManagerProviderDN = hTTPConnectionHandlerCfg.getTrustManagerProviderDN();
        TrustManager[] trustManagers = trustManagerProviderDN == null ? null : serverContext.getTrustManagerProvider(trustManagerProviderDN).getTrustManagers();
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(wrap, trustManagers, null);
        return sSLContext;
    }

    @Override // org.forgerock.opendj.config.server.ConfigurationChangeListener
    public /* bridge */ /* synthetic */ boolean isConfigurationChangeAcceptable(HTTPConnectionHandlerCfg hTTPConnectionHandlerCfg, List list) {
        return isConfigurationChangeAcceptable2(hTTPConnectionHandlerCfg, (List<LocalizableMessage>) list);
    }
}
