package io.confluent.controlcenter.rest;

import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.io.SegmentedStringWriter;
import com.fasterxml.jackson.core.util.BufferRecycler;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import com.fasterxml.jackson.databind.JsonSerializer;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializerProvider;
import com.fasterxml.jackson.databind.module.SimpleModule;
import com.fasterxml.jackson.jaxrs.base.JsonMappingExceptionMapper;
import com.github.zafarkhaja.semver.Version;
import com.google.common.annotations.VisibleForTesting;
import com.google.inject.Inject;
import com.google.inject.Provider;
import io.confluent.command.record.Command;
import io.confluent.command.record.alert.CommandAlert;
import io.confluent.controlcenter.ControlCenterConfig;
import io.confluent.controlcenter.alert.record.Alert;
import io.confluent.controlcenter.record.Controlcenter;
import io.confluent.controlcenter.rest.ControlCenterRestModule;
import io.confluent.controlcenter.rest.jackson.KafkaModule;
import io.confluent.monitoring.common.SystemClock;
import io.confluent.rest.Application;
import io.confluent.rest.RestConfig;
import io.confluent.rest.auth.AuthUtil;
import io.confluent.serializers.ProtoSerde;
import io.confluent.serializers.UberSerde;
import java.io.IOException;
import java.net.URI;
import java.util.Arrays;
import java.util.Collection;
import java.util.EnumSet;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.servlet.DispatcherType;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.websocket.DeploymentException;
import javax.websocket.server.ServerEndpoint;
import javax.websocket.server.ServerEndpointConfig;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.Configurable;
import javax.ws.rs.ext.ContextResolver;
import org.eclipse.jetty.jaas.JAASLoginService;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.DefaultIdentityService;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.resource.ResourceCollection;
import org.eclipse.jetty.websocket.jsr356.server.ServerContainer;
import org.glassfish.jersey.servlet.ServletProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/controlcenter/rest/ControlCenterApplication.class */
public class ControlCenterApplication extends Application<RestConfig> {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ControlCenterApplication.class);
    public static final String X_CONFLUENT_CONTROL_CENTER_VERSION_HEADER = "X-Confluent-Control-Center-Version";
    public static final String X_FRAME_OPTIONS = "X-Frame-Options";
    protected static final String STRICT_TRANSPORT_SECURITY_HEADER = "Strict-Transport-Security";
    protected static final String STRICT_TRANSPORT_SECURITY_VALUE = "max-age=31536000";
    private final ControlCenterConfig controlCenterConfig;
    private final MessageDeliveryResource messageDeliveryResource;
    private final KafkaResource kafkaResource;
    private final ConnectResource connectResource;
    private final LicenseResource licenseResource;
    private final StatusResource statusResource;
    private final Version version;
    private final AuthResource authResource;
    private final AlertsResource alertsResource;
    private final CommandResource commandResource;
    private final FeatureFlagResource featureFlagResource;
    private final Provider<ConsumerResource> consumerResourceProvider;
    private final ClusterResource clusterResource;
    private final MetricsResource metricsResource;
    private final HealthCheckResource healthCheckResource;
    private final CachedConsumerOffsetsResource cachedConsumerOffsetsResource;
    private final UberSerde<Alert.AlertInfo> alertInfoUberSerde;
    private final UberSerde<Controlcenter.TriggerMeasurement> triggerMeasurementUberSerde;
    private final UberSerde<CommandAlert.MonitoringTriggerConfig> monitoringTriggerConfigUberSerde;
    private final UberSerde<CommandAlert.ActionConfig> actionConfigUberSerde;
    private final ClusterConverter clusterConverter;
    private final ConnectClusterConverter connectClusterConverter;
    private final KafkaExceptionMapper kafkaExceptionMapper;
    private final Collection<String> readOnlyRoles;
    private final KsqlProxyServlet ksqlProxyServlet;
    private final SchemaRegistryProxyServlet srProxyServlet;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/confluent/controlcenter/rest/ControlCenterApplication$UberJsonDeserializer.class */
    public static class UberJsonDeserializer<K> extends JsonDeserializer<K> {
        private final UberSerde<K> serde;

        UberJsonDeserializer(UberSerde<K> uberSerde) {
            this.serde = uberSerde;
        }

        @Override // com.fasterxml.jackson.databind.JsonDeserializer
        public K deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException {
            SegmentedStringWriter segmentedStringWriter = new SegmentedStringWriter(new BufferRecycler());
            JsonGenerator createGenerator = jsonParser.getCodec().getFactory().createGenerator(segmentedStringWriter);
            createGenerator.copyCurrentStructure(jsonParser);
            createGenerator.close();
            return this.serde.deserialize(this.serde.fromJson(segmentedStringWriter.getAndClear()));
        }
    }

    @Inject
    public ControlCenterApplication(RestConfig restConfig, ControlCenterConfig controlCenterConfig, FeatureFlagResource featureFlagResource, AlertsResource alertsResource, KafkaResource kafkaResource, ClusterResource clusterResource, MessageDeliveryResource messageDeliveryResource, ConnectResource connectResource, LicenseResource licenseResource, StatusResource statusResource, AuthResource authResource, MetricsResource metricsResource, Version version, CommandResource commandResource, Provider<ConsumerResource> provider, HealthCheckResource healthCheckResource, CachedConsumerOffsetsResource cachedConsumerOffsetsResource, UberSerde<Alert.AlertInfo> uberSerde, UberSerde<Controlcenter.TriggerMeasurement> uberSerde2, UberSerde<CommandAlert.MonitoringTriggerConfig> uberSerde3, UberSerde<CommandAlert.ActionConfig> uberSerde4, ClusterConverter clusterConverter, ConnectClusterConverter connectClusterConverter, KafkaExceptionMapper kafkaExceptionMapper, @ControlCenterRestModule.RestrictedRoles Collection<String> collection, KsqlProxyServlet ksqlProxyServlet, SchemaRegistryProxyServlet schemaRegistryProxyServlet) {
        super(restConfig);
        this.controlCenterConfig = controlCenterConfig;
        this.alertsResource = alertsResource;
        this.featureFlagResource = featureFlagResource;
        this.kafkaResource = kafkaResource;
        this.clusterResource = clusterResource;
        this.messageDeliveryResource = messageDeliveryResource;
        this.connectResource = connectResource;
        this.licenseResource = licenseResource;
        this.statusResource = statusResource;
        this.authResource = authResource;
        this.metricsResource = metricsResource;
        this.healthCheckResource = healthCheckResource;
        this.cachedConsumerOffsetsResource = cachedConsumerOffsetsResource;
        this.version = version;
        this.commandResource = commandResource;
        this.consumerResourceProvider = provider;
        this.alertInfoUberSerde = uberSerde;
        this.triggerMeasurementUberSerde = uberSerde2;
        this.monitoringTriggerConfigUberSerde = uberSerde3;
        this.actionConfigUberSerde = uberSerde4;
        this.clusterConverter = clusterConverter;
        this.connectClusterConverter = connectClusterConverter;
        this.kafkaExceptionMapper = kafkaExceptionMapper;
        this.readOnlyRoles = collection;
        this.ksqlProxyServlet = ksqlProxyServlet;
        this.srProxyServlet = schemaRegistryProxyServlet;
    }

    @Override // io.confluent.rest.Application
    protected ResourceCollection getStaticResources() {
        return new ResourceCollection(Resource.newClassPathResource("io/confluent/controlcenter/rest/static"));
    }

    @Override // io.confluent.rest.Application
    protected void configurePostResourceHandling(ServletContextHandler servletContextHandler) {
        long j = this.controlCenterConfig.getLong(ControlCenterConfig.CONTROL_CENTER_AUTH_SESSION_EXPIRATION_MS);
        if (j > 0) {
            servletContextHandler.getSessionHandler().setMaxInactiveInterval((int) TimeUnit.SECONDS.toSeconds(j));
        }
        servletContextHandler.addFilter(new FilterHolder(new Filter() { // from class: io.confluent.controlcenter.rest.ControlCenterApplication.1
            @Override // javax.servlet.Filter
            public void init(FilterConfig filterConfig) throws ServletException {
            }

            @Override // javax.servlet.Filter
            public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
                ((HttpServletResponse) servletResponse).setHeader(ControlCenterApplication.X_CONFLUENT_CONTROL_CENTER_VERSION_HEADER, ControlCenterApplication.this.version.toString());
                if (ControlCenterApplication.this.controlCenterConfig.getBoolean(ControlCenterConfig.CONTROL_CENTER_HSTS_ENABLE)) {
                    ((HttpServletResponse) servletResponse).setHeader("Strict-Transport-Security", ControlCenterApplication.STRICT_TRANSPORT_SECURITY_VALUE);
                }
                String requestURI = ((HttpServletRequest) servletRequest).getRequestURI();
                if (requestURI.equals("/") || requestURI.startsWith("/dist/") || requestURI.startsWith("/api/")) {
                    filterChain.doFilter(servletRequest, servletResponse);
                } else {
                    servletRequest.getRequestDispatcher("/").forward(servletRequest, servletResponse);
                }
            }

            @Override // javax.servlet.Filter
            public void destroy() {
            }
        }), "/*", (EnumSet<DispatcherType>) null);
        if (this.controlCenterConfig.getBoolean(ControlCenterConfig.KSQL_ENABLED)) {
            servletContextHandler.addServlet(new ServletHolder(this.ksqlProxyServlet), "/api/ksql/*");
            this.ksqlProxyServlet.buildKsqlEndpointLookupTable();
        }
        if (this.controlCenterConfig.getBoolean(ControlCenterConfig.SCHEMA_REGISTRY_ENABLED)) {
            servletContextHandler.addServlet(new ServletHolder(this.srProxyServlet), "/api/schema-registry/*");
        }
        if (getSslContextFactory() != null) {
            this.ksqlProxyServlet.setSslContextFactory(getSslContextFactory());
            this.srProxyServlet.setSslContextFactory(getSslContextFactory());
        }
    }

    @VisibleForTesting
    URI getServerUri() {
        return this.server.getURI();
    }

    @Override // io.confluent.rest.Application
    protected void registerWebSocketEndpoints(ServerContainer serverContainer) {
        if (this.controlCenterConfig.getBoolean(ControlCenterConfig.TOPIC_INSPECTION_ENABLED)) {
            try {
                log.debug("adding consumer endpoint");
                serverContainer.addEndpoint(ServerEndpointConfig.Builder.create(ConsumerResource.class, ((ServerEndpoint) ConsumerResource.class.getAnnotation(ServerEndpoint.class)).value()).configurator(new ServerEndpointConfig.Configurator() { // from class: io.confluent.controlcenter.rest.ControlCenterApplication.2
                    @Override // javax.websocket.server.ServerEndpointConfig.Configurator
                    public <T> T getEndpointInstance(Class<T> cls) throws InstantiationException {
                        return (T) ControlCenterApplication.this.consumerResourceProvider.get();
                    }
                }).encoders(Arrays.asList(((ServerEndpoint) ConsumerResource.class.getAnnotation(ServerEndpoint.class)).encoders())).build());
            } catch (DeploymentException e) {
                log.error("unable to deploy websocket endpoints", (Throwable) e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.confluent.rest.Application
    public ConstraintSecurityHandler createBasicSecurityHandler() {
        long j = this.controlCenterConfig.getLong(ControlCenterConfig.CONTROL_CENTER_AUTH_SESSION_EXPIRATION_MS);
        if (j <= 0) {
            return super.createBasicSecurityHandler();
        }
        String string = getConfiguration().getString(RestConfig.AUTHENTICATION_REALM_CONFIG);
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        constraintSecurityHandler.addConstraintMapping(createGlobalAuthConstraint());
        constraintSecurityHandler.setAuthenticator(new SessionBasicAuthenticator(new SystemClock(), j));
        constraintSecurityHandler.setLoginService(new JAASLoginService(string));
        constraintSecurityHandler.setIdentityService(new DefaultIdentityService());
        constraintSecurityHandler.setRealmName(string);
        List<ConstraintMapping> createUnsecuredConstraints = AuthUtil.createUnsecuredConstraints(this.config);
        constraintSecurityHandler.getClass();
        createUnsecuredConstraints.forEach(constraintSecurityHandler::addConstraintMapping);
        return constraintSecurityHandler;
    }

    @Override // io.confluent.rest.Application
    public void setupResources(Configurable<?> configurable, RestConfig restConfig) {
        if ("BASIC".equals(this.config.getString(RestConfig.AUTHENTICATION_METHOD_CONFIG))) {
            log.debug("registering disallow filter with roles={}", this.readOnlyRoles);
            configurable.register2(new ReadOnlyRolesFilter(this.readOnlyRoles));
        }
        configurable.register2(this.alertsResource);
        configurable.register2(this.featureFlagResource);
        configurable.register2(this.kafkaResource);
        configurable.register2(this.clusterResource);
        configurable.register2(this.connectResource);
        configurable.register2(this.licenseResource);
        configurable.register2(this.messageDeliveryResource);
        configurable.register2(this.statusResource);
        configurable.register2(this.authResource);
        configurable.register2(this.commandResource);
        configurable.register2(this.metricsResource);
        configurable.register2(this.healthCheckResource);
        configurable.register2(this.cachedConsumerOffsetsResource);
        configurable.register(JsonMappingExceptionMapper.class);
        configurable.register2(new ContextResolver<ObjectMapper>() { // from class: io.confluent.controlcenter.rest.ControlCenterApplication.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // javax.ws.rs.ext.ContextResolver
            public ObjectMapper getContext(Class<?> cls) {
                return ControlCenterApplication.this.getJsonMapper();
            }

            @Override // javax.ws.rs.ext.ContextResolver
            public /* bridge */ /* synthetic */ ObjectMapper getContext(Class cls) {
                return getContext((Class<?>) cls);
            }
        });
        configurable.register2(new SerializationExceptionMapper());
        configurable.register2(new InvalidLicenseExceptionMapper(this.licenseResource.licenseInfo()));
        configurable.register2(new LicenseManagerNotEnabledExceptionMapper());
        configurable.register2(new ContainerResponseFilter() { // from class: io.confluent.controlcenter.rest.ControlCenterApplication.4
            @Override // javax.ws.rs.container.ContainerResponseFilter
            public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) throws IOException {
                containerResponseContext.getHeaders().add(ControlCenterApplication.X_CONFLUENT_CONTROL_CENTER_VERSION_HEADER, ControlCenterApplication.this.version.toString());
                if (ControlCenterApplication.this.controlCenterConfig.getBoolean(ControlCenterConfig.CONTROL_CENTER_HSTS_ENABLE)) {
                    containerResponseContext.getHeaders().add("Strict-Transport-Security", ControlCenterApplication.STRICT_TRANSPORT_SECURITY_VALUE);
                }
                containerResponseContext.getHeaders().add("X-Frame-Options", "DENY");
            }
        });
        configurable.property2(ServletProperties.FILTER_STATIC_CONTENT_REGEX, "^/(?!(2.0|3.0)/).*");
        configurable.register2(this.clusterConverter);
        configurable.register2(this.connectClusterConverter);
        configurable.register2(this.kafkaExceptionMapper);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.confluent.rest.Application
    public ObjectMapper getJsonMapper() {
        ObjectMapper jsonMapper = super.getJsonMapper();
        SimpleModule simpleModule = new SimpleModule("ProtoJsonSerializerModule", new com.fasterxml.jackson.core.Version(0, 1, 0, "alpha"));
        simpleModule.addSerializer(Alert.AlertInfo.class, new JsonSerializer<Alert.AlertInfo>() { // from class: io.confluent.controlcenter.rest.ControlCenterApplication.5
            @Override // com.fasterxml.jackson.databind.JsonSerializer
            public void serialize(Alert.AlertInfo alertInfo, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) throws IOException {
                jsonGenerator.writeRawValue(ControlCenterApplication.this.alertInfoUberSerde.toJson(alertInfo));
            }

            @Override // com.fasterxml.jackson.databind.JsonSerializer
            public Class<Alert.AlertInfo> handledType() {
                return Alert.AlertInfo.class;
            }
        });
        simpleModule.addSerializer(Controlcenter.TriggerMeasurement.class, new JsonSerializer<Controlcenter.TriggerMeasurement>() { // from class: io.confluent.controlcenter.rest.ControlCenterApplication.6
            @Override // com.fasterxml.jackson.databind.JsonSerializer
            public void serialize(Controlcenter.TriggerMeasurement triggerMeasurement, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) throws IOException {
                jsonGenerator.writeRawValue(ControlCenterApplication.this.triggerMeasurementUberSerde.toJson(triggerMeasurement));
            }

            @Override // com.fasterxml.jackson.databind.JsonSerializer
            public Class<Controlcenter.TriggerMeasurement> handledType() {
                return Controlcenter.TriggerMeasurement.class;
            }
        });
        simpleModule.addSerializer(Command.CommandMessage.class, new JsonSerializer<Command.CommandMessage>() { // from class: io.confluent.controlcenter.rest.ControlCenterApplication.7
            final ProtoSerde<Command.CommandMessage> commandMessageProtoSerde = new ProtoSerde<>(Command.CommandMessage.getDefaultInstance());

            @Override // com.fasterxml.jackson.databind.JsonSerializer
            public void serialize(Command.CommandMessage commandMessage, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) throws IOException {
                jsonGenerator.writeRawValue(this.commandMessageProtoSerde.toJson((ProtoSerde<Command.CommandMessage>) commandMessage));
            }
        });
        simpleModule.addDeserializer(Command.CommandMessage.class, new UberJsonDeserializer(new ProtoSerde(Command.CommandMessage.getDefaultInstance())));
        simpleModule.addSerializer(CommandAlert.MonitoringTriggerConfig.class, new JsonSerializer<CommandAlert.MonitoringTriggerConfig>() { // from class: io.confluent.controlcenter.rest.ControlCenterApplication.8
            @Override // com.fasterxml.jackson.databind.JsonSerializer
            public void serialize(CommandAlert.MonitoringTriggerConfig monitoringTriggerConfig, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) throws IOException {
                jsonGenerator.writeRawValue(ControlCenterApplication.this.monitoringTriggerConfigUberSerde.toJson(monitoringTriggerConfig));
            }

            @Override // com.fasterxml.jackson.databind.JsonSerializer
            public Class<CommandAlert.MonitoringTriggerConfig> handledType() {
                return CommandAlert.MonitoringTriggerConfig.class;
            }
        });
        simpleModule.addDeserializer(CommandAlert.MonitoringTriggerConfig.class, new UberJsonDeserializer(this.monitoringTriggerConfigUberSerde));
        simpleModule.addSerializer(CommandAlert.ActionConfig.class, new JsonSerializer<CommandAlert.ActionConfig>() { // from class: io.confluent.controlcenter.rest.ControlCenterApplication.9
            @Override // com.fasterxml.jackson.databind.JsonSerializer
            public void serialize(CommandAlert.ActionConfig actionConfig, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) throws IOException {
                jsonGenerator.writeRawValue(ControlCenterApplication.this.actionConfigUberSerde.toJson(actionConfig));
            }

            @Override // com.fasterxml.jackson.databind.JsonSerializer
            public Class<CommandAlert.ActionConfig> handledType() {
                return CommandAlert.ActionConfig.class;
            }
        });
        simpleModule.addDeserializer(CommandAlert.ActionConfig.class, new UberJsonDeserializer(this.actionConfigUberSerde));
        simpleModule.addSerializer(Command.CommandKey.class, new JsonSerializer<Command.CommandKey>() { // from class: io.confluent.controlcenter.rest.ControlCenterApplication.10
            private final UberSerde<Command.CommandKey> commandKeySerde = new ProtoSerde(Command.CommandKey.getDefaultInstance());

            @Override // com.fasterxml.jackson.databind.JsonSerializer
            public void serialize(Command.CommandKey commandKey, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) throws IOException {
                jsonGenerator.writeRawValue(this.commandKeySerde.toJson(commandKey));
            }

            @Override // com.fasterxml.jackson.databind.JsonSerializer
            public Class<Command.CommandKey> handledType() {
                return Command.CommandKey.class;
            }
        });
        jsonMapper.registerModule(simpleModule);
        jsonMapper.registerModule(new KafkaModule());
        return jsonMapper;
    }
}
