/*-
 * ============LICENSE_START=======================================================
 * org.onap.dmaap
 * ================================================================================
 * Copyright (C) 2017 AT&T Intellectual Property.
 *
 * Modifications Copyright (C) 2019 IBM.
 * ================================================================================
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * ============LICENSE_END=========================================================
 */

package org.onap.dmaap.dbcapi.server;

import com.google.common.collect.Sets;
import javax.servlet.DispatcherType;

import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.server.*;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;

import java.util.Properties;

/**
 * A  Jetty server which supports:
 * 	- http and https (simultaneously for dev env)
 *  - REST API context
 *  - static html pages (for documentation).
 */
public class JettyServer extends BaseLoggingClass {

    private Server server;


    public Server getServer() {
        return server;
    }

    public JettyServer(Properties params) throws Exception {

        server = new Server();
        int httpPort = Integer.valueOf(params.getProperty("IntHttpPort", "80"));
        int sslPort = Integer.valueOf(params.getProperty("IntHttpsPort", "443"));
        boolean allowHttp = Boolean.valueOf(params.getProperty("HttpAllowed", "false"));
        serverLogger.info("port params: http=" + httpPort + " https=" + sslPort);
        serverLogger.info("allowHttp=" + allowHttp);

        // HTTP Server
        HttpConfiguration http_config = new HttpConfiguration();
        http_config.setSecureScheme("https");
        http_config.setSecurePort(sslPort);
        http_config.setOutputBufferSize(32768);

        try (ServerConnector httpConnector = new ServerConnector(server, new HttpConnectionFactory(http_config))) {
            httpConnector.setPort(httpPort);
            httpConnector.setIdleTimeout(30000);

            // HTTPS Server

            HttpConfiguration https_config = new HttpConfiguration(http_config);
            https_config.addCustomizer(new SecureRequestCustomizer());
            SslContextFactory sslContextFactory = new SslContextFactory.Server();
            sslContextFactory.setWantClientAuth(true);

            CertificateManager certificateManager = new CertficateManagerFactory(params).initCertificateManager();
            if ( ! certificateManager.isReady()) {
            	serverLogger.error("CertificateManager is not ready.  NOT starting https!");
            } else {
            	setUpKeystore(certificateManager, sslContextFactory);
            	setUpTrustStore(certificateManager, sslContextFactory);
          

	            if (sslPort != 0) {
	                try (ServerConnector sslConnector = new ServerConnector(server,
	                    new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
	                    new HttpConnectionFactory(https_config))) {
	                    sslConnector.setPort(sslPort);
	                    server.addConnector(sslConnector);
	                    serverLogger.info("Starting sslConnector on port " + sslPort + " for https");
	                }
	            } else {
	                serverLogger.info("NOT starting sslConnector because InHttpsPort param is " + sslPort );
	            }
            } 
            if (allowHttp) {
                serverLogger.info("Starting httpConnector on port " + httpPort);
                server.addConnector(httpConnector);
            } else {
                serverLogger.info("NOT starting httpConnector because HttpAllowed param is " + allowHttp);
            }
        }

        // Set context for servlet.  This is shared for http and https
        ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
        context.setContextPath("/");
        server.setHandler(context);

        ServletHolder jerseyServlet = context
            .addServlet(org.glassfish.jersey.servlet.ServletContainer.class, "/webapi/*");
        jerseyServlet.setInitOrder(1);
        jerseyServlet.setInitParameter("jersey.config.server.provider.packages", "org.onap.dmaap.dbcapi.resources");
        jerseyServlet.setInitParameter("javax.ws.rs.Application", "org.onap.dmaap.dbcapi.server.ApplicationConfig");

        // also serve up some static pages...
        ServletHolder staticServlet = context.addServlet(DefaultServlet.class, "/*");
        staticServlet.setInitParameter("resourceBase", "www");
        staticServlet.setInitParameter("pathInfoOnly", "true");

        registerAuthFilters(context);

        try {

            serverLogger.info("Starting jetty server");
            String unit_test = params.getProperty("UnitTest", "No");
            serverLogger.info("UnitTest=" + unit_test);
            if (unit_test.equals("No")) {
                server.start();
                server.dumpStdErr();
                server.join();
            }
        } catch (Exception e) {
            errorLogger.error("Exception " + e);
        } finally {
            server.destroy();
        }

    }

    private void registerAuthFilters(ServletContextHandler context) {
        context.addFilter("org.onap.dmaap.dbcapi.resources.AAFAuthenticationFilter", "/webapi/*",
            Sets.newEnumSet(Sets.newHashSet(DispatcherType.FORWARD, DispatcherType.REQUEST), DispatcherType.class));
        context.addFilter("org.onap.dmaap.dbcapi.resources.AAFAuthorizationFilter", "/webapi/*",
            Sets.newEnumSet(Sets.newHashSet(DispatcherType.FORWARD, DispatcherType.REQUEST), DispatcherType.class));
    }

    private void setUpKeystore(CertificateManager certificateManager, SslContextFactory sslContextFactory) {
        String keystore = certificateManager.getKeyStoreFile();
        logger.info("https Server using keystore at " + keystore);
        sslContextFactory.setKeyStorePath(keystore);
        sslContextFactory.setKeyStoreType(certificateManager.getKeyStoreType());
        sslContextFactory.setKeyStorePassword(certificateManager.getKeyStorePassword());
        sslContextFactory.setKeyManagerPassword(certificateManager.getKeyStorePassword());
    }

    private void setUpTrustStore(CertificateManager certificateManager, SslContextFactory sslContextFactory) {
        String truststore = certificateManager.getTrustStoreFile();
        logger.info("https Server using truststore at " + truststore);
        sslContextFactory.setTrustStorePath(truststore);
        sslContextFactory.setTrustStoreType(certificateManager.getTrustStoreType());
        sslContextFactory.setTrustStorePassword(certificateManager.getTrustStorePassword());
    }
}