package org.elasticsearch.xpack.security.transport.netty3;

import org.apache.logging.log4j.message.ParameterizedMessage;
import org.elasticsearch.common.network.NetworkService;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.BigArrays;
import org.elasticsearch.common.xcontent.NamedXContentRegistry;
import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.http.HttpTransportSettings;
import org.elasticsearch.http.netty3.Netty3HttpServerTransport;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.netty3.Netty3Utils;
import org.elasticsearch.xpack.XPackSettings;
import org.elasticsearch.xpack.monitoring.exporter.http.HttpExporter;
import org.elasticsearch.xpack.security.transport.SSLExceptionHelper;
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
import org.elasticsearch.xpack.ssl.SSLService;
import org.jboss.netty.channel.ChannelHandlerContext;
import org.jboss.netty.channel.ChannelPipeline;
import org.jboss.netty.channel.ChannelPipelineFactory;
import org.jboss.netty.channel.ExceptionEvent;
import org.jboss.netty.handler.ssl.SslHandler;

/* loaded from: input_file:x-pack-api-5.4.3.jar:org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3HttpServerTransport.class */
public class SecurityNetty3HttpServerTransport extends Netty3HttpServerTransport {
    private final IPFilter ipFilter;
    private final SSLService sslService;
    private final boolean ssl;

    /* loaded from: input_file:x-pack-api-5.4.3.jar:org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3HttpServerTransport$HttpSslChannelPipelineFactory.class */
    private class HttpSslChannelPipelineFactory extends Netty3HttpServerTransport.HttpChannelPipelineFactory {
        private final Settings sslSettings;

        HttpSslChannelPipelineFactory(Netty3HttpServerTransport netty3HttpServerTransport) {
            super(netty3HttpServerTransport, SecurityNetty3HttpServerTransport.this.detailedErrorsEnabled, SecurityNetty3HttpServerTransport.this.threadPool.getThreadContext());
            this.sslSettings = SSLService.getHttpTransportSSLSettings(SecurityNetty3HttpServerTransport.this.settings);
            if (SecurityNetty3HttpServerTransport.this.ssl && !SecurityNetty3HttpServerTransport.this.sslService.isConfigurationValidForServerUsage(this.sslSettings, Settings.EMPTY)) {
                throw new IllegalArgumentException("a key must be provided to run as a server. the key should be configured using the [xpack.security.http.ssl.key] or [xpack.security.http.ssl.keystore.path] setting");
            }
        }

        @Override // org.elasticsearch.http.netty3.Netty3HttpServerTransport.HttpChannelPipelineFactory, org.jboss.netty.channel.ChannelPipelineFactory
        public ChannelPipeline getPipeline() throws Exception {
            ChannelPipeline pipeline = super.getPipeline();
            if (SecurityNetty3HttpServerTransport.this.ssl) {
                pipeline.addFirst(HttpExporter.SSL_SETTING, new SslHandler(SecurityNetty3HttpServerTransport.this.sslService.createSSLEngine(this.sslSettings, Settings.EMPTY)));
            }
            pipeline.addFirst("ipfilter", new IPFilterNetty3UpstreamHandler(SecurityNetty3HttpServerTransport.this.ipFilter, IPFilter.HTTP_PROFILE_NAME));
            return pipeline;
        }
    }

    public SecurityNetty3HttpServerTransport(Settings settings, NetworkService networkService, BigArrays bigArrays, IPFilter iPFilter, SSLService sSLService, ThreadPool threadPool, NamedXContentRegistry namedXContentRegistry, HttpServerTransport.Dispatcher dispatcher) {
        super(settings, networkService, bigArrays, threadPool, namedXContentRegistry, dispatcher);
        this.ipFilter = iPFilter;
        this.sslService = sSLService;
        this.ssl = XPackSettings.HTTP_SSL_ENABLED.get(settings).booleanValue();
    }

    @Override // org.elasticsearch.http.netty3.Netty3HttpServerTransport
    protected String deprecationMessage() {
        return "http type [security3] is deprecated";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.elasticsearch.http.netty3.Netty3HttpServerTransport
    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, ExceptionEvent exceptionEvent) throws Exception {
        Netty3Utils.maybeDie(exceptionEvent.getCause());
        if (this.lifecycle.started()) {
            Throwable cause = exceptionEvent.getCause();
            if (SSLExceptionHelper.isNotSslRecordException(cause)) {
                if (this.logger.isTraceEnabled()) {
                    this.logger.trace(() -> {
                        return new ParameterizedMessage("received plaintext http traffic on a https channel, closing connection {}", channelHandlerContext.getChannel());
                    }, cause);
                } else {
                    this.logger.warn("received plaintext http traffic on a https channel, closing connection {}", channelHandlerContext.getChannel());
                }
                channelHandlerContext.getChannel().close();
                return;
            }
            if (!SSLExceptionHelper.isCloseDuringHandshakeException(cause)) {
                super.exceptionCaught(channelHandlerContext, exceptionEvent);
                return;
            }
            if (this.logger.isTraceEnabled()) {
                this.logger.trace(() -> {
                    return new ParameterizedMessage("connection {} closed during handshake", channelHandlerContext.getChannel());
                }, cause);
            } else {
                this.logger.warn("connection {} closed during handshake", channelHandlerContext.getChannel());
            }
            channelHandlerContext.getChannel().close();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.elasticsearch.http.netty3.Netty3HttpServerTransport, org.elasticsearch.common.component.AbstractLifecycleComponent
    public void doStart() {
        super.doStart();
        this.ipFilter.setBoundHttpTransportAddress(boundAddress());
    }

    @Override // org.elasticsearch.http.netty3.Netty3HttpServerTransport
    public ChannelPipelineFactory configureServerChannelPipelineFactory() {
        return new HttpSslChannelPipelineFactory(this);
    }

    public static void overrideSettings(Settings.Builder builder, Settings settings) {
        if (!XPackSettings.HTTP_SSL_ENABLED.get(settings).booleanValue() || HttpTransportSettings.SETTING_HTTP_COMPRESSION.exists(settings)) {
            return;
        }
        builder.put(HttpTransportSettings.SETTING_HTTP_COMPRESSION.getKey(), false);
    }
}
