package de.sep.sesam.server.netty;

import de.sep.sesam.common.logging.ContextLogger;
import de.sep.sesam.common.logging.LogGroup;
import de.sep.sesam.common.logging.messages.SimpleMessage;
import de.sep.sesam.common.security.CertificateUtils;
import de.sep.sesam.common.util.HostUtils;
import de.sep.sesam.exec.core.impl.RemoteExec;
import de.sep.sesam.server.communication.RestHandler;
import de.sep.sesam.server.impl.GUIServerImpl;
import de.sep.sesam.server.impl.GUIServerParam;
import io.netty.bootstrap.ServerBootstrap;
import io.netty.buffer.ByteBuf;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.DefaultEventLoop;
import io.netty.channel.DefaultEventLoopGroup;
import io.netty.channel.EventLoop;
import io.netty.channel.EventLoopGroup;
import io.netty.channel.nio.NioEventLoopGroup;
import io.netty.channel.socket.SocketChannel;
import io.netty.channel.socket.nio.NioServerSocketChannel;
import io.netty.handler.codec.ByteToMessageDecoder;
import io.netty.handler.codec.compression.ZlibCodecFactory;
import io.netty.handler.codec.compression.ZlibWrapper;
import io.netty.handler.codec.http.HttpContentCompressor;
import io.netty.handler.codec.http.HttpObjectAggregator;
import io.netty.handler.codec.http.HttpServerCodec;
import io.netty.handler.logging.LogLevel;
import io.netty.handler.logging.LoggingHandler;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import io.netty.handler.stream.ChunkedWriteHandler;
import io.netty.util.concurrent.DefaultThreadFactory;
import java.io.File;
import java.net.BindException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.Executor;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.net.ssl.SSLException;
import org.apache.commons.lang3.StringUtils;
import org.springframework.util.backoff.ExponentialBackOff;

/* loaded from: input_file:de/sep/sesam/server/netty/NettyProtocolServer.class */
public class NettyProtocolServer implements Runnable {
    private static final ContextLogger logger;
    private final String listenHost;
    private int listenPort;
    private SslContext sslCtx;
    private final RestHandler restHandler;
    public static long startUp;
    private final RemoteExec remoteExec;
    private Thread execThread;
    private final EventLoopGroup bossGroup = new NioEventLoopGroup(2);
    private final EventLoopGroup workerGroup = new NioEventLoopGroup(32);
    private final EventLoopGroup sepWorkerGroup = new NettyProtocolServerEventLoopGroup(64);
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/sep/sesam/server/netty/NettyProtocolServer$NettyProtocolServerEventLoop.class */
    public static final class NettyProtocolServerEventLoop extends DefaultEventLoop {
        private final AtomicBoolean executing;

        public NettyProtocolServerEventLoop(EventLoopGroup eventLoopGroup, Executor executor) {
            super(eventLoopGroup, executor);
            this.executing = new AtomicBoolean(false);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // io.netty.util.concurrent.SingleThreadEventExecutor
        public Runnable takeTask() {
            Runnable takeTask = super.takeTask();
            if (takeTask != null) {
                takeTask = () -> {
                    try {
                        setExecuting(true);
                        takeTask.run();
                    } finally {
                        setExecuting(false);
                    }
                };
            }
            return takeTask;
        }

        public final void setExecuting(boolean z) {
            this.executing.set(z);
        }

        public final boolean isExecuting() {
            return this.executing.get();
        }
    }

    /* loaded from: input_file:de/sep/sesam/server/netty/NettyProtocolServer$NettyProtocolServerEventLoopGroup.class */
    private static final class NettyProtocolServerEventLoopGroup extends DefaultEventLoopGroup {
        public NettyProtocolServerEventLoopGroup(int i) {
            super(i, new DefaultThreadFactory((Class<?>) NettyProtocolServer.class));
        }

        @Override // io.netty.channel.MultithreadEventLoopGroup, io.netty.util.concurrent.MultithreadEventExecutorGroup, io.netty.util.concurrent.EventExecutorGroup, io.netty.channel.EventLoopGroup
        public EventLoop next() {
            EventLoop next = super.next();
            EventLoop eventLoop = next;
            while ((eventLoop instanceof NettyProtocolServerEventLoop) && ((NettyProtocolServerEventLoop) eventLoop).isExecuting()) {
                eventLoop = super.next();
                if (eventLoop != null && eventLoop.equals(next)) {
                    eventLoop = null;
                }
            }
            if (eventLoop != null) {
                next = eventLoop;
            }
            return next;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // io.netty.channel.DefaultEventLoopGroup, io.netty.channel.MultithreadEventLoopGroup, io.netty.util.concurrent.MultithreadEventExecutorGroup
        public EventLoop newChild(Executor executor, Object... objArr) throws Exception {
            return new NettyProtocolServerEventLoop(this, executor);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/sep/sesam/server/netty/NettyProtocolServer$NettyProtocolServerProtocolDetector.class */
    public static final class NettyProtocolServerProtocolDetector extends ByteToMessageDecoder {
        private final SslContext sslCtx;
        static final /* synthetic */ boolean $assertionsDisabled;

        public NettyProtocolServerProtocolDetector(SslContext sslContext) {
            if (!$assertionsDisabled && sslContext == null) {
                throw new AssertionError();
            }
            this.sslCtx = sslContext;
        }

        private boolean isSsl(ByteBuf byteBuf) {
            if ($assertionsDisabled || byteBuf != null) {
                return SslHandler.isEncrypted(byteBuf);
            }
            throw new AssertionError();
        }

        private boolean isHttp(int i, int i2) {
            return (i == 71 && i2 == 69) || (i == 80 && i2 == 79) || ((i == 80 && i2 == 85) || ((i == 72 && i2 == 69) || ((i == 79 && i2 == 80) || ((i == 80 && i2 == 65) || ((i == 68 && i2 == 69) || ((i == 84 && i2 == 82) || (i == 67 && i2 == 79)))))));
        }

        private boolean isGzip(int i, int i2) {
            return i == 31 && i2 == 139;
        }

        @Override // io.netty.handler.codec.ByteToMessageDecoder
        protected void decode(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, List<Object> list) throws Exception {
            if (!$assertionsDisabled && channelHandlerContext == null) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && byteBuf == null) {
                throw new AssertionError();
            }
            if (byteBuf.readableBytes() < 3) {
                return;
            }
            ChannelPipeline pipeline = channelHandlerContext.pipeline();
            if (!$assertionsDisabled && pipeline == null) {
                throw new AssertionError();
            }
            if (isSsl(byteBuf)) {
                pipeline.addBefore("httpCodec", "ssl", this.sslCtx.newHandler(channelHandlerContext.alloc()));
                pipeline.remove(this);
                return;
            }
            short unsignedByte = byteBuf.getUnsignedByte(byteBuf.readerIndex());
            short unsignedByte2 = byteBuf.getUnsignedByte(byteBuf.readerIndex() + 1);
            if (isGzip(unsignedByte, unsignedByte2)) {
                pipeline.addBefore("httpCodec", "gzipinflater", ZlibCodecFactory.newZlibDecoder(ZlibWrapper.GZIP));
                pipeline.addBefore("gzipinflater", "gzipdeflater", ZlibCodecFactory.newZlibEncoder(ZlibWrapper.GZIP));
                pipeline.remove(this);
            } else {
                if (!isHttp(unsignedByte, unsignedByte2)) {
                    byteBuf.clear();
                    channelHandlerContext.close();
                    return;
                }
                pipeline.remove(this);
                SepServerHandler sepServerHandler = (SepServerHandler) pipeline.get(SepServerHandler.class);
                if (sepServerHandler != null) {
                    sepServerHandler.setHttpProtocolDetected(true);
                }
            }
        }

        static {
            $assertionsDisabled = !NettyProtocolServer.class.desiredAssertionStatus();
        }
    }

    public NettyProtocolServer(GUIServerParam gUIServerParam, File file, String str, RemoteExec remoteExec) {
        this.listenHost = str;
        this.remoteExec = remoteExec;
        this.restHandler = new RestHandler(file);
        if (StringUtils.isNotBlank(gUIServerParam.httpsCertificate) && StringUtils.isNotBlank(gUIServerParam.httpsPrivateKey)) {
            File file2 = new File(gUIServerParam.httpsCertificate);
            File file3 = new File(gUIServerParam.httpsPrivateKey);
            if (file2 != null && file2.canRead() && file3 != null && file3.canRead()) {
                logger.info("NettyProtocolServer", "Setting up HTTPS certificate from certificate file ''{0}'' (via command line parameter).", file2.getAbsolutePath());
                try {
                    this.sslCtx = SslContextBuilder.forServer(file2, file3).clientAuth(ClientAuth.NONE).build();
                } catch (Exception e) {
                    ContextLogger contextLogger = logger;
                    Object[] objArr = new Object[2];
                    objArr[0] = file2.getAbsolutePath();
                    objArr[1] = e != null ? e.getMessage() : "Unknown";
                    contextLogger.warn("NettyProtocolServer", "Failed to set up HTTPS certificate from certificate file ''{0}''. Cause: {1}", objArr);
                }
            }
        }
        if (this.sslCtx == null) {
            File httpsCertificateFile = CertificateUtils.getHttpsCertificateFile();
            File httpsPrivateKeyFile = CertificateUtils.getHttpsPrivateKeyFile();
            if (httpsCertificateFile != null && httpsCertificateFile.canRead() && httpsPrivateKeyFile != null && httpsPrivateKeyFile.canRead()) {
                logger.info("NettyProtocolServer", "Setting up HTTPS certificate from certificate file ''{0}'' (via default location lookup).", httpsCertificateFile.getAbsolutePath());
                try {
                    this.sslCtx = SslContextBuilder.forServer(httpsCertificateFile, httpsPrivateKeyFile).clientAuth(ClientAuth.NONE).build();
                    CertificateUtils.checkPrivateKeyFilePermissions(httpsPrivateKeyFile);
                } catch (Exception e2) {
                    ContextLogger contextLogger2 = logger;
                    Object[] objArr2 = new Object[2];
                    objArr2[0] = httpsCertificateFile.getAbsolutePath();
                    objArr2[1] = e2 != null ? e2.getMessage() : "Unknown";
                    contextLogger2.warn("NettyProtocolServer", "Failed to set up HTTPS certificate from certificate file ''{0}''. Cause: {1}", objArr2);
                }
            }
        }
        if (this.sslCtx == null) {
            String str2 = HostUtils.getenv("SESAM_SSL_CERT");
            String str3 = HostUtils.getenv("SESAM_SSL_KEY");
            if (StringUtils.isNotBlank(str2) && StringUtils.isNotBlank(str3)) {
                logger.info("NettyProtocolServer", "Setting up HTTPS certificate from certificate file ''{0}'' (via environment variable).", str2);
                try {
                    File file4 = new File(str3);
                    this.sslCtx = SslContextBuilder.forServer(new File(str2), file4).clientAuth(ClientAuth.NONE).build();
                    CertificateUtils.checkPrivateKeyFilePermissions(file4);
                } catch (Exception e3) {
                    ContextLogger contextLogger3 = logger;
                    Object[] objArr3 = new Object[2];
                    objArr3[0] = str2;
                    objArr3[1] = e3 != null ? e3.getMessage() : "Unknown";
                    contextLogger3.warn("NettyProtocolServer", "Failed to set up HTTPS certificate from certificate file ''{0}''. Cause: {1}", objArr3);
                }
            }
        }
        if (this.sslCtx == null) {
            logger.info("NettyProtocolServer", "Setting up self-signed HTTPS certificate for server '127.0.0.1'.", new Object[0]);
            try {
                SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate("127.0.0.1");
                this.sslCtx = SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).trustManager(CustomClientTrustManagerFactory.INSTANCE).clientAuth(ClientAuth.NONE).build();
                CertificateUtils.checkPrivateKeyFilePermissions(selfSignedCertificate.privateKey());
            } catch (CertificateException | SSLException e4) {
                ContextLogger contextLogger4 = logger;
                Object[] objArr4 = new Object[1];
                objArr4[0] = e4 != null ? e4.getMessage() : "Unknown";
                contextLogger4.warn("NettyProtocolServer", "Failed to set up self-signed HTTPS certificate for server ''127.0.0.1''. Cause: {0}", objArr4);
            }
        }
        if (this.sslCtx == null) {
            logger.info("NettyProtocolServer", "Setting up HTTPS certificate from default shipped certificate.", new Object[0]);
            try {
                this.sslCtx = SslContextBuilder.forServer(getClass().getResourceAsStream("/ssl/sesam.https.crt"), getClass().getResourceAsStream("/ssl/sesam.https.key")).clientAuth(ClientAuth.NONE).build();
                logger.warn("NettyProtocolServer", LogGroup.SECURITY, "Using default HTTPS certificate provided by SEP sesam REST server. Please configure a custom HTTPS certificate!", new Object[0]);
            } catch (Exception e5) {
                logger.error("NettyProtocolServer", LogGroup.ABORT, new SimpleMessage("Failed to set up HTTPS server certificate. ({0})- Exiting."), e5, e5.getMessage());
                System.exit(1);
            }
        }
    }

    public void start(int i) {
        this.listenPort = i;
        startUp = System.currentTimeMillis();
        this.execThread = new Thread(this);
        this.execThread.start();
    }

    /* JADX WARN: Type inference failed for: r0v48, types: [io.netty.channel.ChannelFuture] */
    /* JADX WARN: Type inference failed for: r0v60, types: [io.netty.channel.ChannelFuture] */
    @Override // java.lang.Runnable
    public void run() {
        ContextLogger contextLogger = logger;
        Object[] objArr = new Object[2];
        objArr[0] = StringUtils.isNotBlank(this.listenHost) ? this.listenHost : "*";
        objArr[1] = Integer.valueOf(this.listenPort);
        contextLogger.info("run", "Setting up REST server to listen on {0}:{1}.", objArr);
        try {
            try {
                ServerBootstrap childHandler = new ServerBootstrap().group(this.bossGroup, this.workerGroup).channel(NioServerSocketChannel.class).childHandler(new ChannelInitializer<SocketChannel>() { // from class: de.sep.sesam.server.netty.NettyProtocolServer.1
                    static final /* synthetic */ boolean $assertionsDisabled;

                    @Override // io.netty.channel.ChannelInitializer
                    public void initChannel(SocketChannel socketChannel) throws Exception {
                        if (!$assertionsDisabled && socketChannel == null) {
                            throw new AssertionError();
                        }
                        ChannelPipeline pipeline = socketChannel.pipeline();
                        if (!$assertionsDisabled && pipeline == null) {
                            throw new AssertionError();
                        }
                        pipeline.addFirst(new LoggingHandler(LogLevel.DEBUG));
                        pipeline.addLast("nettyProtocolDetector", new NettyProtocolServerProtocolDetector(NettyProtocolServer.this.sslCtx));
                        pipeline.addLast("httpCodec", new HttpServerCodec());
                        pipeline.addLast("httpAggregator", new HttpObjectAggregator(10485760));
                        pipeline.addLast("httpDeflater", new HttpContentCompressor());
                        pipeline.addLast("httpStreamer", new ChunkedWriteHandler());
                        pipeline.addLast(NettyProtocolServer.this.sepWorkerGroup, "handler", new SepServerHandler(NettyProtocolServer.this.restHandler));
                    }

                    static {
                        $assertionsDisabled = !NettyProtocolServer.class.desiredAssertionStatus();
                    }
                });
                if (!$assertionsDisabled && childHandler == null) {
                    throw new AssertionError();
                }
                if (StringUtils.isBlank(this.listenHost)) {
                    childHandler.bind(this.listenPort).sync2().channel().closeFuture().sync2();
                } else {
                    childHandler.bind(this.listenHost, this.listenPort).sync2().channel().closeFuture().sync2();
                }
                this.bossGroup.shutdownGracefully();
                this.workerGroup.shutdownGracefully();
            } catch (InterruptedException e) {
                this.bossGroup.shutdownGracefully();
                this.workerGroup.shutdownGracefully();
            } catch (Exception e2) {
                if (e2 instanceof BindException) {
                    String str = "Port " + this.listenPort + " is already in use.";
                    logger.error("run", LogGroup.ABORT, new SimpleMessage("Port {0} is already in use."), Integer.valueOf(this.listenPort));
                    try {
                        logger.info("run", this.remoteExec.executeProcess(Arrays.asList("sm_prot", "-l", "E020", "-w", str), null).getRetVal(), new Object[0]);
                    } catch (Exception e3) {
                        logger.error("run", LogGroup.ERROR, new SimpleMessage("unable to write sm_prot message."), e3, new Object[0]);
                    }
                    System.exit(1);
                } else {
                    e2.printStackTrace();
                }
                this.bossGroup.shutdownGracefully();
                this.workerGroup.shutdownGracefully();
            }
        } catch (Throwable th) {
            this.bossGroup.shutdownGracefully();
            this.workerGroup.shutdownGracefully();
            throw th;
        }
    }

    public void stop() {
        if (this.execThread != null) {
            this.execThread.interrupt();
            try {
                this.execThread.join(ExponentialBackOff.DEFAULT_INITIAL_INTERVAL);
            } catch (InterruptedException e) {
            }
        }
    }

    static {
        $assertionsDisabled = !NettyProtocolServer.class.desiredAssertionStatus();
        logger = new ContextLogger(GUIServerImpl.class);
        startUp = -1L;
    }
}
