package org.apache.calcite.avatica.server;

import java.io.File;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.Callable;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.calcite.avatica.metrics.MetricsSystemConfiguration;
import org.apache.calcite.avatica.remote.AuthenticationType;
import org.apache.calcite.avatica.remote.Driver;
import org.apache.calcite.avatica.remote.Service;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.HashLoginService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.security.authentication.DigestAuthenticator;
import org.eclipse.jetty.server.AbstractConnectionFactory;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.handler.DefaultHandler;
import org.eclipse.jetty.server.handler.HandlerList;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/calcite/avatica/server/HttpServer.class */
public class HttpServer {
    private static final Logger LOG = LoggerFactory.getLogger(HttpServer.class);
    private static final int MAX_ALLOWED_HEADER_SIZE = 65536;
    private Server server;
    private int port;
    private final AvaticaHandler handler;
    private final AvaticaServerConfiguration config;
    private final Subject subject;
    private final SslContextFactory.Server sslFactory;
    private final List<ServerCustomizer<Server>> serverCustomizers;
    private final int maxAllowedHeaderSize;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.calcite.avatica.server.HttpServer$2, reason: invalid class name */
    /* loaded from: input_file:org/apache/calcite/avatica/server/HttpServer$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$calcite$avatica$remote$AuthenticationType = new int[AuthenticationType.values().length];

        static {
            try {
                $SwitchMap$org$apache$calcite$avatica$remote$AuthenticationType[AuthenticationType.SPNEGO.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$calcite$avatica$remote$AuthenticationType[AuthenticationType.BASIC.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$calcite$avatica$remote$AuthenticationType[AuthenticationType.DIGEST.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$calcite$avatica$remote$AuthenticationType[AuthenticationType.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$calcite$avatica$remote$AuthenticationType[AuthenticationType.CUSTOM.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* loaded from: input_file:org/apache/calcite/avatica/server/HttpServer$Builder.class */
    public static class Builder<T> {
        private int port;
        private Service service;
        private Driver.Serialization serialization;
        private MetricsSystemConfiguration<?> metricsConfig;
        private String kerberosPrincipal;
        private String kerberosRealm;
        private File keytab;
        private DoAsRemoteUserCallback remoteUserCallback;
        private String loginServiceRealm;
        private String loginServiceProperties;
        private String[] loginServiceAllowedRoles;
        private File keystore;
        private String keystorePassword;
        private File truststore;
        private String truststorePassword;
        private AvaticaServerConfiguration serverConfig;
        private Subject subject;
        private AvaticaHandler handler = null;
        private AuthenticationType authenticationType = AuthenticationType.NONE;
        private RemoteUserExtractor remoteUserExtractor = new HttpRequestRemoteUserExtractor();
        private boolean usingTLS = false;
        private List<ServerCustomizer<T>> serverCustomizers = Collections.emptyList();
        private int maxAllowedHeaderSize = HttpServer.MAX_ALLOWED_HEADER_SIZE;

        public static <T> Builder<T> newBuilder() {
            return new Builder<>();
        }

        public Builder<T> withPort(int i) {
            this.port = i;
            return this;
        }

        public Builder<T> withHandler(Service service, Driver.Serialization serialization) {
            this.service = (Service) Objects.requireNonNull(service);
            this.serialization = (Driver.Serialization) Objects.requireNonNull(serialization);
            return this;
        }

        public Builder<T> withHandler(AvaticaHandler avaticaHandler) {
            this.handler = (AvaticaHandler) Objects.requireNonNull(avaticaHandler);
            return this;
        }

        public Builder<T> withMetricsConfiguration(MetricsSystemConfiguration<?> metricsSystemConfiguration) {
            this.metricsConfig = (MetricsSystemConfiguration) Objects.requireNonNull(metricsSystemConfiguration);
            return this;
        }

        public Builder<T> withSpnego(String str) {
            return withSpnego(str, (String[]) null);
        }

        public Builder<T> withSpnego(String str, String[] strArr) {
            int lastIndexOf = ((String) Objects.requireNonNull(str)).lastIndexOf(64);
            if (-1 == lastIndexOf) {
                throw new IllegalArgumentException("Could not find '@' symbol in '" + str + "' to parse the Kerberos realm from the principal");
            }
            return withSpnego(str, str.substring(lastIndexOf + 1), strArr);
        }

        public Builder<T> withSpnego(String str, String str2) {
            return withSpnego(str, str2, null);
        }

        public Builder<T> withSpnego(String str, String str2, String[] strArr) {
            this.authenticationType = AuthenticationType.SPNEGO;
            this.kerberosPrincipal = (String) Objects.requireNonNull(str);
            this.kerberosRealm = (String) Objects.requireNonNull(str2);
            this.loginServiceAllowedRoles = strArr;
            return this;
        }

        public Builder<T> withAutomaticLogin(File file) {
            this.keytab = (File) Objects.requireNonNull(file);
            return this;
        }

        public Builder<T> withImpersonation(DoAsRemoteUserCallback doAsRemoteUserCallback) {
            this.remoteUserCallback = (DoAsRemoteUserCallback) Objects.requireNonNull(doAsRemoteUserCallback);
            return this;
        }

        public Builder withRemoteUserExtractor(RemoteUserExtractor remoteUserExtractor) {
            this.remoteUserExtractor = (RemoteUserExtractor) Objects.requireNonNull(remoteUserExtractor);
            return this;
        }

        public Builder<T> withBasicAuthentication(String str, String[] strArr) {
            return withAuthentication(AuthenticationType.BASIC, str, strArr);
        }

        public Builder<T> withDigestAuthentication(String str, String[] strArr) {
            return withAuthentication(AuthenticationType.DIGEST, str, strArr);
        }

        public Builder<T> withCustomAuthentication(AvaticaServerConfiguration avaticaServerConfiguration) {
            this.authenticationType = AuthenticationType.CUSTOM;
            this.serverConfig = avaticaServerConfiguration;
            return this;
        }

        private Builder<T> withAuthentication(AuthenticationType authenticationType, String str, String[] strArr) {
            this.loginServiceRealm = "Avatica";
            this.authenticationType = authenticationType;
            this.loginServiceProperties = (String) Objects.requireNonNull(str);
            this.loginServiceAllowedRoles = (String[]) Objects.requireNonNull(strArr);
            return this;
        }

        public Builder<T> withTLS(File file, String str, File file2, String str2) {
            this.usingTLS = true;
            this.keystore = (File) Objects.requireNonNull(file);
            this.keystorePassword = (String) Objects.requireNonNull(str);
            this.truststore = (File) Objects.requireNonNull(file2);
            this.truststorePassword = (String) Objects.requireNonNull(str2);
            return this;
        }

        public Builder<T> withServerCustomizers(List<ServerCustomizer<T>> list, Class<T> cls) {
            Objects.requireNonNull(cls);
            if (!cls.isAssignableFrom(Server.class)) {
                throw new IllegalArgumentException("Only Jetty Server customizers are supported");
            }
            this.serverCustomizers = (List) Objects.requireNonNull(list);
            return this;
        }

        public Builder<T> withMaxHeaderSize(int i) {
            this.maxAllowedHeaderSize = i;
            return this;
        }

        public HttpServer build() {
            switch (AnonymousClass2.$SwitchMap$org$apache$calcite$avatica$remote$AuthenticationType[this.authenticationType.ordinal()]) {
                case 1:
                    if (null != this.keytab) {
                        HttpServer.LOG.debug("Performing Kerberos login with {} as {}", this.keytab, this.kerberosPrincipal);
                        this.subject = loginViaKerberos(this);
                    } else {
                        HttpServer.LOG.debug("Not performing Kerberos login");
                        this.subject = null;
                    }
                    this.serverConfig = buildSpnegoConfiguration(this);
                    this.handler = buildHandler(this, this.serverConfig);
                    break;
                case 2:
                case 3:
                    this.serverConfig = buildUserAuthenticationConfiguration(this);
                    this.subject = null;
                    this.handler = buildHandler(this, this.serverConfig);
                    break;
                case 4:
                    this.serverConfig = null;
                    this.subject = null;
                    this.handler = buildHandler(this, this.serverConfig);
                    break;
                case 5:
                    this.serverConfig = buildCustomConfiguration(this);
                    this.subject = null;
                    break;
                default:
                    throw new IllegalArgumentException("Unhandled AuthenticationType");
            }
            SslContextFactory.Server buildSSLContextFactory = buildSSLContextFactory();
            ArrayList arrayList = new ArrayList();
            Iterator<ServerCustomizer<T>> it = this.serverCustomizers.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
            return new HttpServer(this.port, this.handler, this.serverConfig, this.subject, buildSSLContextFactory, arrayList, this.maxAllowedHeaderSize);
        }

        protected SslContextFactory.Server buildSSLContextFactory() {
            SslContextFactory.Server server = null;
            if (this.usingTLS) {
                server = new SslContextFactory.Server();
                server.setKeyStorePath(this.keystore.getAbsolutePath());
                server.setKeyStorePassword(this.keystorePassword);
                server.setTrustStorePath(this.truststore.getAbsolutePath());
                server.setTrustStorePassword(this.truststorePassword);
            }
            return server;
        }

        private AvaticaServerConfiguration buildCustomConfiguration(Builder<T> builder) {
            return builder.serverConfig;
        }

        private AvaticaHandler buildHandler(Builder builder, AvaticaServerConfiguration avaticaServerConfiguration) {
            return null != builder.handler ? builder.handler : new HandlerFactory().getHandler(builder.service, builder.serialization, builder.metricsConfig, avaticaServerConfiguration);
        }

        private AvaticaServerConfiguration buildSpnegoConfiguration(Builder builder) {
            final String str = builder.kerberosPrincipal;
            final String str2 = builder.kerberosRealm;
            final String[] strArr = builder.loginServiceAllowedRoles;
            final DoAsRemoteUserCallback doAsRemoteUserCallback = builder.remoteUserCallback;
            final RemoteUserExtractor remoteUserExtractor = builder.remoteUserExtractor;
            return new AvaticaServerConfiguration() { // from class: org.apache.calcite.avatica.server.HttpServer.Builder.1
                @Override // org.apache.calcite.avatica.server.AvaticaServerConfiguration
                public AuthenticationType getAuthenticationType() {
                    return AuthenticationType.SPNEGO;
                }

                @Override // org.apache.calcite.avatica.server.AvaticaServerConfiguration
                public String getKerberosRealm() {
                    return str2;
                }

                @Override // org.apache.calcite.avatica.server.AvaticaServerConfiguration
                public String getKerberosPrincipal() {
                    return str;
                }

                @Override // org.apache.calcite.avatica.server.AvaticaServerConfiguration
                public boolean supportsImpersonation() {
                    return null != doAsRemoteUserCallback;
                }

                @Override // org.apache.calcite.avatica.server.AvaticaServerConfiguration
                public <T> T doAsRemoteUser(String str3, String str4, Callable<T> callable) throws Exception {
                    return (T) doAsRemoteUserCallback.doAsRemoteUser(str3, str4, callable);
                }

                @Override // org.apache.calcite.avatica.server.AvaticaServerConfiguration
                public RemoteUserExtractor getRemoteUserExtractor() {
                    return remoteUserExtractor;
                }

                @Override // org.apache.calcite.avatica.server.AvaticaServerConfiguration
                public String[] getAllowedRoles() {
                    return strArr;
                }

                @Override // org.apache.calcite.avatica.server.AvaticaServerConfiguration
                public String getHashLoginServiceRealm() {
                    return null;
                }

                @Override // org.apache.calcite.avatica.server.AvaticaServerConfiguration
                public String getHashLoginServiceProperties() {
                    return null;
                }
            };
        }

        private AvaticaServerConfiguration buildUserAuthenticationConfiguration(Builder builder) {
            final AuthenticationType authenticationType = builder.authenticationType;
            final String[] strArr = builder.loginServiceAllowedRoles;
            final String str = builder.loginServiceRealm;
            final String str2 = builder.loginServiceProperties;
            final RemoteUserExtractor remoteUserExtractor = builder.remoteUserExtractor;
            return new AvaticaServerConfiguration() { // from class: org.apache.calcite.avatica.server.HttpServer.Builder.2
                @Override // org.apache.calcite.avatica.server.AvaticaServerConfiguration
                public AuthenticationType getAuthenticationType() {
                    return authenticationType;
                }

                @Override // org.apache.calcite.avatica.server.AvaticaServerConfiguration
                public String[] getAllowedRoles() {
                    return strArr;
                }

                @Override // org.apache.calcite.avatica.server.AvaticaServerConfiguration
                public String getHashLoginServiceRealm() {
                    return str;
                }

                @Override // org.apache.calcite.avatica.server.AvaticaServerConfiguration
                public String getHashLoginServiceProperties() {
                    return str2;
                }

                @Override // org.apache.calcite.avatica.server.AvaticaServerConfiguration
                public String getKerberosRealm() {
                    return null;
                }

                @Override // org.apache.calcite.avatica.server.AvaticaServerConfiguration
                public String getKerberosPrincipal() {
                    return null;
                }

                @Override // org.apache.calcite.avatica.server.AvaticaServerConfiguration
                public boolean supportsImpersonation() {
                    return false;
                }

                @Override // org.apache.calcite.avatica.server.AvaticaServerConfiguration
                public <T> T doAsRemoteUser(String str3, String str4, Callable<T> callable) throws Exception {
                    return null;
                }

                @Override // org.apache.calcite.avatica.server.AvaticaServerConfiguration
                public RemoteUserExtractor getRemoteUserExtractor() {
                    return remoteUserExtractor;
                }
            };
        }

        private Subject loginViaKerberos(Builder builder) {
            HashSet hashSet = new HashSet();
            hashSet.add(new KerberosPrincipal(builder.kerberosPrincipal));
            try {
                LoginContext loginContext = new LoginContext("NotUsed", new Subject(false, hashSet, new HashSet(), new HashSet()), (CallbackHandler) null, new ServerKeytabJaasConf(builder.kerberosPrincipal, builder.keytab.toString()));
                loginContext.login();
                return loginContext.getSubject();
            } catch (LoginException e) {
                throw new RuntimeException(e);
            }
        }
    }

    @Deprecated
    public HttpServer(Handler handler) {
        this(wrapJettyHandler(handler));
    }

    public HttpServer(AvaticaHandler avaticaHandler) {
        this(0, avaticaHandler);
    }

    @Deprecated
    public HttpServer(int i, Handler handler) {
        this(i, wrapJettyHandler(handler));
    }

    public HttpServer(int i, AvaticaHandler avaticaHandler) {
        this(i, avaticaHandler, null);
    }

    public HttpServer(int i, AvaticaHandler avaticaHandler, AvaticaServerConfiguration avaticaServerConfiguration) {
        this(i, avaticaHandler, avaticaServerConfiguration, null);
    }

    public HttpServer(int i, AvaticaHandler avaticaHandler, AvaticaServerConfiguration avaticaServerConfiguration, Subject subject) {
        this(i, avaticaHandler, avaticaServerConfiguration, subject, null);
    }

    public HttpServer(int i, AvaticaHandler avaticaHandler, AvaticaServerConfiguration avaticaServerConfiguration, Subject subject, SslContextFactory.Server server) {
        this(i, avaticaHandler, avaticaServerConfiguration, subject, server, Collections.emptyList(), MAX_ALLOWED_HEADER_SIZE);
    }

    public HttpServer(int i, AvaticaHandler avaticaHandler, AvaticaServerConfiguration avaticaServerConfiguration, Subject subject, SslContextFactory.Server server, int i2) {
        this(i, avaticaHandler, avaticaServerConfiguration, subject, server, Collections.emptyList(), i2);
    }

    private HttpServer(int i, AvaticaHandler avaticaHandler, AvaticaServerConfiguration avaticaServerConfiguration, Subject subject, SslContextFactory.Server server, List<ServerCustomizer<Server>> list, int i2) {
        this.port = -1;
        this.port = i;
        this.handler = avaticaHandler;
        this.config = avaticaServerConfiguration;
        this.subject = subject;
        this.sslFactory = server;
        this.serverCustomizers = list;
        this.maxAllowedHeaderSize = i2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AvaticaHandler wrapJettyHandler(Handler handler) {
        return handler instanceof AvaticaHandler ? (AvaticaHandler) handler : new DelegatingAvaticaHandler(handler);
    }

    public void start() {
        if (null != this.subject) {
            Subject.doAs(this.subject, new PrivilegedAction<Void>() { // from class: org.apache.calcite.avatica.server.HttpServer.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Void run() {
                    HttpServer.this.internalStart();
                    return null;
                }
            });
        } else {
            internalStart();
        }
    }

    protected void internalStart() {
        if (this.server != null) {
            throw new RuntimeException("Server is already started");
        }
        QueuedThreadPool queuedThreadPool = new QueuedThreadPool(200, 8, 60000, -1, (BlockingQueue) null, (ThreadGroup) null, new SubjectPreservingPrivilegedThreadFactory());
        this.server = new Server(queuedThreadPool);
        this.server.manage(queuedThreadPool);
        ServerConnector serverConnector = null;
        HandlerList handlerList = null;
        if (null == this.config || AuthenticationType.CUSTOM != this.config.getAuthenticationType()) {
            serverConnector = configureServerConnector();
            handlerList = configureHandlers();
        } else if (null != this.handler || null != this.sslFactory) {
            throw new IllegalStateException("Handlers and SSLFactory cannot be configured with the HTTPServer Builder when using CUSTOM Authentication Type.");
        }
        for (ServerCustomizer<Server> serverCustomizer : this.serverCustomizers) {
            LOG.info("Customizing server with customizer: " + serverCustomizer.getClass());
            serverCustomizer.customize(this.server);
        }
        try {
            this.server.start();
            if (null == serverConnector || null == handlerList) {
                if (0 == this.server.getConnectors().length) {
                    LOG.error("No server connectors have been configured for this Avatica server");
                    throw new RuntimeException("No server connectors have been configured for this Avatica server");
                }
            } else {
                this.port = serverConnector.getLocalPort();
                LOG.info("Service listening on port {}.", Integer.valueOf(getPort()));
                try {
                    this.handler.setServerRpcMetadata(createRpcServerMetadata(serverConnector));
                } catch (UnknownHostException e) {
                    throw new RuntimeException(e);
                }
            }
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    private ServerConnector configureServerConnector() {
        Connector serverConnector = getServerConnector();
        serverConnector.setIdleTimeout(60000L);
        serverConnector.setPort(this.port);
        this.server.setConnectors(new Connector[]{serverConnector});
        return serverConnector;
    }

    private HandlerList configureHandlers() {
        HandlerList handlerList = new HandlerList();
        ConstraintSecurityHandler constraintSecurityHandler = this.handler;
        if (null != this.config) {
            ConstraintSecurityHandler securityHandler = getSecurityHandler();
            securityHandler.setHandler(this.handler);
            constraintSecurityHandler = securityHandler;
        }
        handlerList.setHandlers(new Handler[]{constraintSecurityHandler, new DefaultHandler()});
        this.server.setHandler(handlerList);
        return handlerList;
    }

    private ConstraintSecurityHandler getSecurityHandler() {
        ConstraintSecurityHandler constraintSecurityHandler = null;
        switch (AnonymousClass2.$SwitchMap$org$apache$calcite$avatica$remote$AuthenticationType[this.config.getAuthenticationType().ordinal()]) {
            case 1:
                constraintSecurityHandler = configureSpnego(this.server, this.config);
                break;
            case 2:
                constraintSecurityHandler = configureBasicAuthentication(this.server, this.config);
                break;
            case 3:
                constraintSecurityHandler = configureDigestAuthentication(this.server, this.config);
                break;
        }
        return constraintSecurityHandler;
    }

    protected ServerConnector getServerConnector() {
        ConnectionFactory httpConnectionFactory = new HttpConnectionFactory();
        httpConnectionFactory.getHttpConfiguration().setRequestHeaderSize(this.maxAllowedHeaderSize);
        return null == this.sslFactory ? new ServerConnector(this.server, new ConnectionFactory[]{httpConnectionFactory}) : new ServerConnector(this.server, AbstractConnectionFactory.getFactories(this.sslFactory, new ConnectionFactory[]{httpConnectionFactory}));
    }

    private Service.RpcMetadataResponse createRpcServerMetadata(ServerConnector serverConnector) throws UnknownHostException {
        String host = serverConnector.getHost();
        if (null == host) {
            host = InetAddress.getLocalHost().getHostName();
        }
        return new Service.RpcMetadataResponse(String.format(Locale.ROOT, "%s:%d", host, Integer.valueOf(serverConnector.getLocalPort())));
    }

    protected ConstraintSecurityHandler configureSpnego(Server server, AvaticaServerConfiguration avaticaServerConfiguration) {
        String str = (String) Objects.requireNonNull(avaticaServerConfiguration.getKerberosRealm());
        return configureCommonAuthentication("SPNEGO", getAllowedRealms(str, avaticaServerConfiguration), new AvaticaSpnegoAuthenticator(), str, new PropertyBasedSpnegoLoginService(str, (String) Objects.requireNonNull(avaticaServerConfiguration.getKerberosPrincipal())));
    }

    protected String[] getAllowedRealms(String str, AvaticaServerConfiguration avaticaServerConfiguration) {
        String[] strArr = {str};
        if (null != avaticaServerConfiguration.getAllowedRoles()) {
            strArr = new String[avaticaServerConfiguration.getAllowedRoles().length + 1];
            strArr[0] = str;
            System.arraycopy(avaticaServerConfiguration.getAllowedRoles(), 0, strArr, 1, avaticaServerConfiguration.getAllowedRoles().length);
        }
        return strArr;
    }

    protected ConstraintSecurityHandler configureBasicAuthentication(Server server, AvaticaServerConfiguration avaticaServerConfiguration) {
        String[] allowedRoles = avaticaServerConfiguration.getAllowedRoles();
        HashLoginService hashLoginService = new HashLoginService(avaticaServerConfiguration.getHashLoginServiceRealm(), avaticaServerConfiguration.getHashLoginServiceProperties());
        server.addBean(hashLoginService);
        return configureCommonAuthentication("BASIC", allowedRoles, new BasicAuthenticator(), null, hashLoginService);
    }

    protected ConstraintSecurityHandler configureDigestAuthentication(Server server, AvaticaServerConfiguration avaticaServerConfiguration) {
        String[] allowedRoles = avaticaServerConfiguration.getAllowedRoles();
        HashLoginService hashLoginService = new HashLoginService(avaticaServerConfiguration.getHashLoginServiceRealm(), avaticaServerConfiguration.getHashLoginServiceProperties());
        server.addBean(hashLoginService);
        return configureCommonAuthentication("DIGEST", allowedRoles, new DigestAuthenticator(), null, hashLoginService);
    }

    protected ConstraintSecurityHandler configureCommonAuthentication(String str, String[] strArr, Authenticator authenticator, String str2, LoginService loginService) {
        Constraint constraint = new Constraint();
        constraint.setName(str);
        constraint.setRoles(strArr);
        constraint.setAuthenticate(true);
        ConstraintMapping constraintMapping = new ConstraintMapping();
        constraintMapping.setConstraint(constraint);
        constraintMapping.setPathSpec("/*");
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        constraintSecurityHandler.setAuthenticator(authenticator);
        constraintSecurityHandler.setLoginService(loginService);
        constraintSecurityHandler.setConstraintMappings(new ConstraintMapping[]{constraintMapping});
        constraintSecurityHandler.setRealmName(str2);
        return constraintSecurityHandler;
    }

    protected ServerConnector configureConnector(ServerConnector serverConnector, int i) {
        serverConnector.setIdleTimeout(60000L);
        serverConnector.setPort(i);
        return serverConnector;
    }

    protected AvaticaServerConfiguration getConfig() {
        return this.config;
    }

    public void stop() {
        if (this.server == null) {
            throw new RuntimeException("Server is already stopped");
        }
        LOG.info("Service terminating.");
        try {
            Server server = this.server;
            this.port = -1;
            this.server = null;
            server.stop();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public void join() throws InterruptedException {
        this.server.join();
    }

    public int getPort() {
        return this.port;
    }
}
