package org.apache.nifi.web.server.connector;

import java.util.Arrays;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.jetty.configuration.connector.ApplicationLayerProtocol;
import org.apache.nifi.jetty.configuration.connector.StandardServerConnectorFactory;
import org.apache.nifi.processor.DataUnit;
import org.apache.nifi.security.util.TlsPlatform;
import org.apache.nifi.util.FormatUtils;
import org.apache.nifi.util.NiFiProperties;
import org.eclipse.jetty.server.HostHeaderCustomizer;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.util.ssl.SslContextFactory;

/* loaded from: input_file:org/apache/nifi/web/server/connector/FrameworkServerConnectorFactory.class */
public class FrameworkServerConnectorFactory extends StandardServerConnectorFactory {
    private static final String DEFAULT_AUTO_REFRESH_INTERVAL = "30 s";
    private static final int IDLE_TIMEOUT_MULTIPLIER = 2;
    private static final String CIPHER_SUITE_SEPARATOR_PATTERN = ",\\s*";
    private final int headerSize;
    private final int idleTimeout;
    private final String includeCipherSuites;
    private final String excludeCipherSuites;
    private SslContextFactory.Server sslContextFactory;

    public FrameworkServerConnectorFactory(Server server, NiFiProperties niFiProperties) {
        super(server, getPort(niFiProperties));
        this.includeCipherSuites = niFiProperties.getProperty("nifi.web.https.ciphersuites.include");
        this.excludeCipherSuites = niFiProperties.getProperty("nifi.web.https.ciphersuites.exclude");
        this.headerSize = DataUnit.parseDataSize(niFiProperties.getWebMaxHeaderSize(), DataUnit.B).intValue();
        this.idleTimeout = getIdleTimeout();
        if (niFiProperties.isHTTPSConfigured()) {
            if (niFiProperties.isClientAuthRequiredForRestApi()) {
                setNeedClientAuth(true);
            } else {
                setWantClientAuth(true);
            }
            setApplicationLayerProtocols(niFiProperties);
            setIncludeSecurityProtocols((String[]) TlsPlatform.getPreferredProtocols().toArray(new String[0]));
        }
    }

    protected HttpConfiguration getHttpConfiguration() {
        HttpConfiguration httpConfiguration = super.getHttpConfiguration();
        httpConfiguration.setRequestHeaderSize(this.headerSize);
        httpConfiguration.setResponseHeaderSize(this.headerSize);
        httpConfiguration.setIdleTimeout(this.idleTimeout);
        httpConfiguration.addCustomizer(new HostHeaderCustomizer());
        return httpConfiguration;
    }

    protected SslContextFactory.Server getSslContextFactory() {
        if (this.sslContextFactory == null) {
            this.sslContextFactory = super.getSslContextFactory();
            if (StringUtils.isNotBlank(this.includeCipherSuites)) {
                this.sslContextFactory.setIncludeCipherSuites(getCipherSuites(this.includeCipherSuites));
            }
            if (StringUtils.isNotBlank(this.excludeCipherSuites)) {
                this.sslContextFactory.setExcludeCipherSuites(getCipherSuites(this.excludeCipherSuites));
            }
        }
        return this.sslContextFactory;
    }

    private void setApplicationLayerProtocols(NiFiProperties niFiProperties) {
        Set webHttpsApplicationProtocols = niFiProperties.getWebHttpsApplicationProtocols();
        setApplicationLayerProtocols((Set) Arrays.stream(ApplicationLayerProtocol.values()).filter(applicationLayerProtocol -> {
            return webHttpsApplicationProtocols.contains(applicationLayerProtocol.getProtocol());
        }).collect(Collectors.toSet()));
    }

    private int getIdleTimeout() {
        return Math.multiplyExact((int) FormatUtils.getPreciseTimeDuration(DEFAULT_AUTO_REFRESH_INTERVAL, TimeUnit.MILLISECONDS), IDLE_TIMEOUT_MULTIPLIER);
    }

    private String[] getCipherSuites(String str) {
        return str.split(CIPHER_SUITE_SEPARATOR_PATTERN);
    }

    private static int getPort(NiFiProperties niFiProperties) {
        Integer sslPort = niFiProperties.getSslPort();
        Integer port = niFiProperties.getPort();
        if (ObjectUtils.allNull(new Object[]{sslPort, port})) {
            throw new IllegalStateException("Invalid port configuration in nifi.properties: Neither nifi.web.https.port nor nifi.web.http.port specified");
        }
        if (ObjectUtils.allNotNull(new Object[]{sslPort, port})) {
            throw new IllegalStateException("Invalid port configuration in nifi.properties: Both nifi.web.https.port and nifi.web.http.port specified");
        }
        return ((Integer) ObjectUtils.defaultIfNull(sslPort, port)).intValue();
    }
}
