package org.wso2.carbon.logging.appender.http;

import java.io.Serializable;
import java.net.URL;
import java.util.Base64;
import java.util.Objects;
import java.util.Properties;
import java.util.concurrent.ArrayBlockingQueue;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import org.apache.logging.log4j.core.Filter;
import org.apache.logging.log4j.core.Layout;
import org.apache.logging.log4j.core.LogEvent;
import org.apache.logging.log4j.core.appender.AbstractAppender;
import org.apache.logging.log4j.core.appender.HttpManager;
import org.apache.logging.log4j.core.appender.HttpURLConnectionManager;
import org.apache.logging.log4j.core.config.Property;
import org.apache.logging.log4j.core.config.plugins.Plugin;
import org.apache.logging.log4j.core.config.plugins.PluginBuilderAttribute;
import org.apache.logging.log4j.core.config.plugins.PluginBuilderFactory;
import org.apache.logging.log4j.core.config.plugins.PluginElement;
import org.apache.logging.log4j.core.config.plugins.validation.constraints.Required;
import org.apache.logging.log4j.core.net.ssl.KeyStoreConfiguration;
import org.apache.logging.log4j.core.net.ssl.StoreConfigurationException;
import org.apache.logging.log4j.core.net.ssl.TrustStoreConfiguration;
import org.wso2.carbon.logging.appender.http.models.HttpConnectionConfig;
import org.wso2.carbon.logging.appender.http.models.SslConfiguration;
import org.wso2.carbon.logging.appender.http.utils.AppenderConstants;
import org.wso2.securevault.SecretResolver;
import org.wso2.securevault.SecretResolverFactory;

@Plugin(name = "SecuredHttp", category = "Core", elementType = "appender", printObject = true)
/* loaded from: input_file:org/wso2/carbon/logging/appender/http/SecuredHttpAppender.class */
public class SecuredHttpAppender extends AbstractAppender {
    private HttpManager manager;
    private final BlockingQueue<LogEvent> queue;
    private final HttpConnectionConfig httpConnConfig;
    private final ScheduledExecutorService scheduler;
    private final int processingLimit;
    private int failedCount;
    private boolean isManagerInitialized;

    /* loaded from: input_file:org/wso2/carbon/logging/appender/http/SecuredHttpAppender$Builder.class */
    public static class Builder<B extends Builder<B>> extends AbstractAppender.Builder<B> implements org.apache.logging.log4j.core.util.Builder<SecuredHttpAppender> {

        @PluginBuilderAttribute
        @Required(message = "No URL provided for SecuredHttpAppender")
        private URL url;

        @PluginElement("Headers")
        private Property[] headers;

        @PluginElement("SslConfiguration")
        private SslConfiguration sslConfiguration;

        @PluginBuilderAttribute
        private String method = "POST";

        @PluginBuilderAttribute
        private int connectTimeoutMillis = 0;

        @PluginBuilderAttribute
        private int readTimeoutMillis = 0;

        @PluginBuilderAttribute
        private String username = "";

        @PluginBuilderAttribute
        private String password = "";

        @PluginBuilderAttribute
        private boolean verifyHostname = true;

        @PluginBuilderAttribute
        private int processingLimit = 1000;

        public URL getUrl() {
            return this.url;
        }

        public String getMethod() {
            return this.method;
        }

        public int getConnectTimeoutMillis() {
            return this.connectTimeoutMillis;
        }

        public int getReadTimeoutMillis() {
            return this.readTimeoutMillis;
        }

        public String getUsername() {
            return this.username;
        }

        public String getPassword() {
            return this.password;
        }

        public Property[] getHeaders() {
            return this.headers;
        }

        public SslConfiguration getSslConfiguration() {
            return this.sslConfiguration;
        }

        public boolean isVerifyHostname() {
            return this.verifyHostname;
        }

        public int getProcessingLimit() {
            return this.processingLimit;
        }

        public B setUrl(URL url) {
            this.url = url;
            return asBuilder();
        }

        public B setMethod(String str) {
            this.method = str;
            return asBuilder();
        }

        public B setConnectTimeoutMillis(int i) {
            this.connectTimeoutMillis = i;
            return asBuilder();
        }

        public B setReadTimeoutMillis(int i) {
            this.readTimeoutMillis = i;
            return asBuilder();
        }

        public B setUsername(String str) {
            this.username = str;
            return asBuilder();
        }

        public B setPassword(String str) {
            this.password = str;
            return asBuilder();
        }

        public B setHeaders(Property[] propertyArr) {
            this.headers = propertyArr;
            return asBuilder();
        }

        public B setSslConfiguration(SslConfiguration sslConfiguration) {
            this.sslConfiguration = sslConfiguration;
            return asBuilder();
        }

        public B setVerifyHostname(boolean z) {
            this.verifyHostname = z;
            return asBuilder();
        }

        public B setProcessingLimit(int i) {
            this.processingLimit = i;
            return asBuilder();
        }

        /* renamed from: build, reason: merged with bridge method [inline-methods] */
        public SecuredHttpAppender m0build() {
            return new SecuredHttpAppender(getName(), getLayout(), getFilter(), isIgnoreExceptions(), getPropertyArray(), new HttpConnectionConfig(getConfiguration(), getConfiguration().getLoggerContext(), getName(), this.url, this.method, this.connectTimeoutMillis, this.readTimeoutMillis, this.username, this.password, this.headers, this.sslConfiguration, this.verifyHostname), this.processingLimit);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/logging/appender/http/SecuredHttpAppender$LogPublisherTask.class */
    private final class LogPublisherTask implements Runnable {
        private LogPublisherTask() {
        }

        @Override // java.lang.Runnable
        public void run() {
            if (!SecuredHttpAppender.this.isManagerInitialized || SecuredHttpAppender.this.queue.isEmpty()) {
                return;
            }
            try {
                SecuredHttpAppender.this.manager.send(SecuredHttpAppender.this.getLayout(), (LogEvent) SecuredHttpAppender.this.queue.take());
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
                SecuredHttpAppender.this.error("Error occurred while publishing logs to HTTP endpoint", e);
            } catch (Exception e2) {
                SecuredHttpAppender.this.error("Error occurred while publishing logs to HTTP endpoint", e2);
            }
        }
    }

    @PluginBuilderFactory
    public static <B extends Builder<B>> B newBuilder() {
        return new Builder().asBuilder();
    }

    protected SecuredHttpAppender(String str, Layout<? extends Serializable> layout, Filter filter, boolean z, Property[] propertyArr, HttpConnectionConfig httpConnectionConfig, int i) {
        super(str, filter, layout, z, propertyArr);
        this.manager = null;
        this.failedCount = 0;
        this.isManagerInitialized = false;
        Objects.requireNonNull(layout, "layout");
        this.httpConnConfig = httpConnectionConfig;
        this.processingLimit = i;
        this.queue = new ArrayBlockingQueue(i);
        this.scheduler = Executors.newScheduledThreadPool(10);
        this.scheduler.scheduleWithFixedDelay(new LogPublisherTask(), 10L, 10L, TimeUnit.MILLISECONDS);
    }

    public void start() {
        super.start();
    }

    public void append(LogEvent logEvent) {
        if (ServerStartupMonitor.isInitialized() && !this.isManagerInitialized) {
            this.isManagerInitialized = initManager();
        }
        if (this.queue.offer(logEvent.toImmutable())) {
            return;
        }
        int i = this.failedCount + 1;
        this.failedCount = i;
        if (i % 1000 == 0) {
            error("Logging events queue exceed the process limits " + this.processingLimit + ", dropping the log event");
        }
    }

    public boolean stop(long j, TimeUnit timeUnit) {
        setStopping();
        if (this.scheduler != null) {
            try {
                this.scheduler.shutdown();
                this.scheduler.awaitTermination(10L, TimeUnit.SECONDS);
            } catch (InterruptedException e) {
                this.scheduler.shutdownNow();
                Thread.currentThread().interrupt();
                error("Interrupted while awaiting for Schedule Executor termination" + e.getMessage(), e);
            }
        }
        boolean stop = super.stop(j, timeUnit, false);
        if (this.manager != null) {
            stop &= this.manager.stop(j, timeUnit);
        }
        setStopped();
        this.isManagerInitialized = false;
        return stop;
    }

    public String toString() {
        return "SecuredHttpAppender{name=" + getName() + ", state=" + getState() + '}';
    }

    private boolean initManager() {
        String authHeaderValue = getAuthHeaderValue(this.httpConnConfig.getUsername(), this.httpConnConfig.getPassword());
        if (authHeaderValue != null) {
            this.httpConnConfig.addHeader(AppenderConstants.AUTHORIZATION_HEADER, authHeaderValue);
        }
        boolean equalsIgnoreCase = this.httpConnConfig.getUrl().getProtocol().equalsIgnoreCase(AppenderConstants.HTTPS);
        if (equalsIgnoreCase && this.httpConnConfig.getSslConfiguration() == null) {
            error("SSL configuration is not provided for HTTPS scheme.");
            return false;
        }
        if (!equalsIgnoreCase && this.httpConnConfig.getSslConfiguration() != null) {
            error("SSL configuration can only be provided for HTTPS scheme.");
            return false;
        }
        org.apache.logging.log4j.core.net.ssl.SslConfiguration sslConfiguration = null;
        if (this.httpConnConfig.getSslConfiguration() != null) {
            try {
                sslConfiguration = org.apache.logging.log4j.core.net.ssl.SslConfiguration.createSSLConfiguration(this.httpConnConfig.getSslConfiguration().getProtocol(), KeyStoreConfiguration.createKeyStoreConfiguration(this.httpConnConfig.getSslConfiguration().getKeyStoreLocation(), resolveSecretPassword(this.httpConnConfig.getSslConfiguration().getKeyStorePassword()).toCharArray(), (String) null, (String) null, (String) null, (String) null), TrustStoreConfiguration.createKeyStoreConfiguration(this.httpConnConfig.getSslConfiguration().getTrustStoreLocation(), resolveSecretPassword(this.httpConnConfig.getSslConfiguration().getTrustStorePassword()).toCharArray(), (String) null, (String) null, (String) null, (String) null));
            } catch (StoreConfigurationException e) {
                error("Error initializing the SSL configuration", e);
                return false;
            }
        }
        this.manager = new HttpURLConnectionManager(this.httpConnConfig.getConfiguration(), this.httpConnConfig.getLoggerContext(), this.httpConnConfig.getName(), this.httpConnConfig.getUrl(), this.httpConnConfig.getMethod(), this.httpConnConfig.getConnectTimeoutMillis(), this.httpConnConfig.getReadTimeoutMillis(), this.httpConnConfig.getHeaders(), sslConfiguration, this.httpConnConfig.isVerifyHostname());
        this.manager.startup();
        return true;
    }

    private String getAuthHeaderValue(String str, String str2) {
        boolean z = (str == null || str.isEmpty()) ? false : true;
        boolean z2 = (str2 == null || str2.isEmpty()) ? false : true;
        if (!z && !z2) {
            return null;
        }
        if (!z) {
            throw new IllegalArgumentException("Username is not provided for SecuredHttpAppender");
        }
        if (z2) {
            return AppenderConstants.BASIC_AUTH_PREFIX + new String(Base64.getEncoder().encode((str + ":" + resolveSecretPassword(str2)).getBytes()));
        }
        throw new IllegalArgumentException("Password is not provided for SecuredHttpAppender");
    }

    private String resolveSecretPassword(String str) {
        if (str.startsWith("$secret{") && str.endsWith("}")) {
            String substring = str.substring(str.indexOf("{") + 1, str.lastIndexOf("}"));
            Properties properties = new Properties();
            properties.put("password", str);
            SecretResolver create = SecretResolverFactory.create(properties);
            if (create.isInitialized() && create.isTokenProtected(substring)) {
                return create.resolve(substring);
            }
        }
        return str;
    }
}
