package io.micronaut.http.server.netty;

import io.micronaut.core.annotation.NonNull;
import io.micronaut.core.annotation.Nullable;
import io.micronaut.core.naming.Named;
import io.micronaut.core.util.SupplierUtil;
import io.micronaut.http.HttpVersion;
import io.micronaut.http.server.netty.NettyServerCustomizer;
import io.micronaut.http.server.netty.configuration.NettyHttpServerConfiguration;
import io.micronaut.http.server.netty.handler.Http2ServerHandler;
import io.micronaut.http.server.netty.handler.PipeliningServerHandler;
import io.micronaut.http.server.netty.handler.RequestHandler;
import io.micronaut.http.server.netty.handler.accesslog.Http2AccessLogManager;
import io.micronaut.http.server.netty.handler.accesslog.HttpAccessLogHandler;
import io.micronaut.http.server.netty.websocket.NettyServerWebSocketUpgradeHandler;
import io.micronaut.http.server.util.HttpHostResolver;
import io.micronaut.http.ssl.ServerSslConfiguration;
import io.netty.buffer.ByteBufAllocator;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelOutboundHandler;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.SimpleChannelInboundHandler;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.HttpMessage;
import io.netty.handler.codec.http.HttpObjectAggregator;
import io.netty.handler.codec.http.HttpServerCodec;
import io.netty.handler.codec.http.HttpServerUpgradeHandler;
import io.netty.handler.codec.http.websocketx.extensions.compression.WebSocketServerCompressionHandler;
import io.netty.handler.codec.http2.CleartextHttp2ServerUpgradeHandler;
import io.netty.handler.codec.http2.Http2CodecUtil;
import io.netty.handler.codec.http2.Http2ConnectionHandler;
import io.netty.handler.codec.http2.Http2FrameCodec;
import io.netty.handler.codec.http2.Http2FrameCodecBuilder;
import io.netty.handler.codec.http2.Http2FrameLogger;
import io.netty.handler.codec.http2.Http2MultiplexHandler;
import io.netty.handler.codec.http2.Http2ServerUpgradeCodec;
import io.netty.handler.codec.http2.Http2StreamChannel;
import io.netty.handler.codec.http2.Http2StreamFrameToHttpObjectCodec;
import io.netty.handler.flow.FlowControlHandler;
import io.netty.handler.logging.LoggingHandler;
import io.netty.handler.pcap.PcapWriteHandler;
import io.netty.handler.ssl.ApplicationProtocolNegotiationHandler;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SslHandshakeCompletionEvent;
import io.netty.handler.timeout.IdleStateHandler;
import io.netty.incubator.codec.http3.Http3;
import io.netty.incubator.codec.http3.Http3FrameToHttpObjectCodec;
import io.netty.incubator.codec.http3.Http3ServerConnectionHandler;
import io.netty.incubator.codec.quic.QuicChannel;
import io.netty.incubator.codec.quic.QuicSslContext;
import io.netty.incubator.codec.quic.QuicSslEngine;
import io.netty.incubator.codec.quic.QuicStreamChannel;
import io.netty.util.AsciiString;
import io.netty.util.AttributeKey;
import io.netty.util.ReferenceCountUtil;
import java.io.Closeable;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.nio.channels.ClosedChannelException;
import java.security.cert.Certificate;
import java.time.Duration;
import java.time.Instant;
import java.util.Iterator;
import java.util.Optional;
import java.util.concurrent.ThreadLocalRandom;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.function.Supplier;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:io/micronaut/http/server/netty/HttpPipelineBuilder.class */
public final class HttpPipelineBuilder implements Closeable {
    static final Supplier<AttributeKey<StreamPipeline>> STREAM_PIPELINE_ATTRIBUTE = SupplierUtil.memoized(() -> {
        return AttributeKey.newInstance("stream-pipeline");
    });
    static final Supplier<AttributeKey<Supplier<Certificate>>> CERTIFICATE_SUPPLIER_ATTRIBUTE = SupplierUtil.memoized(() -> {
        return AttributeKey.newInstance("certificate-supplier");
    });
    private static final Logger LOG = LoggerFactory.getLogger(HttpPipelineBuilder.class);
    private final NettyHttpServer server;
    private final NettyEmbeddedServices embeddedServices;
    private final ServerSslConfiguration sslConfiguration;
    private final RoutingInBoundHandler routingInBoundHandler;
    private final HttpHostResolver hostResolver;
    private final LoggingHandler loggingHandler;
    private final SslContext sslContext;
    private final QuicSslContext quicSslContext;
    private final HttpAccessLogHandler accessLogHandler;
    private final Http2AccessLogManager.Factory accessLogManagerFactory;
    private final NettyServerCustomizer serverCustomizer;
    private final boolean quic;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/micronaut/http/server/netty/HttpPipelineBuilder$ConnectionPipeline.class */
    public final class ConnectionPipeline {
        private final Channel channel;
        private final ChannelPipeline pipeline;

        @Nullable
        private final SslHandlerHolder sslHandler;
        private final NettyServerCustomizer connectionCustomizer;

        /* renamed from: io.micronaut.http.server.netty.HttpPipelineBuilder$ConnectionPipeline$1Http2ServerUpgradeCodecImpl, reason: invalid class name */
        /* loaded from: input_file:io/micronaut/http/server/netty/HttpPipelineBuilder$ConnectionPipeline$1Http2ServerUpgradeCodecImpl.class */
        class C1Http2ServerUpgradeCodecImpl extends Http2ServerUpgradeCodec {
            public C1Http2ServerUpgradeCodecImpl(Http2ConnectionHandler http2ConnectionHandler) {
                super(http2ConnectionHandler);
            }

            public C1Http2ServerUpgradeCodecImpl(Http2FrameCodec http2FrameCodec, ChannelHandler... channelHandlerArr) {
                super(http2FrameCodec, channelHandlerArr);
            }

            public void upgradeTo(ChannelHandlerContext channelHandlerContext, FullHttpRequest fullHttpRequest) {
                super.upgradeTo(channelHandlerContext, fullHttpRequest);
                ConnectionPipeline.this.pipeline.remove("http1-fallback-handler");
                new StreamPipeline(ConnectionPipeline.this.channel, ConnectionPipeline.this.sslHandler, ConnectionPipeline.this.connectionCustomizer).afterHttp2ServerHandlerSetUp();
                ConnectionPipeline.this.onRequestPipelineBuilt();
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ConnectionPipeline(Channel channel, boolean z) {
            this.channel = channel;
            this.pipeline = channel.pipeline();
            this.sslHandler = z ? new SslHandlerHolder() : null;
            this.connectionCustomizer = HttpPipelineBuilder.this.serverCustomizer.specializeForChannel(channel, NettyServerCustomizer.ChannelRole.CONNECTION);
        }

        void insertPcapLoggingHandler(Channel channel, String str) {
            String pcapLoggingPathPattern = HttpPipelineBuilder.this.server.getServerConfiguration().getPcapLoggingPathPattern();
            if (pcapLoggingPathPattern == null) {
                return;
            }
            String replace = pcapLoggingPathPattern.replace("{qualifier}", str);
            if (channel.localAddress() != null) {
                replace = replace.replace("{localAddress}", resolveIfNecessary(channel.localAddress()));
            }
            if (channel.remoteAddress() != null) {
                replace = replace.replace("{remoteAddress}", resolveIfNecessary(channel.remoteAddress()));
            }
            if (HttpPipelineBuilder.this.quic && (channel instanceof QuicStreamChannel)) {
                QuicStreamChannel quicStreamChannel = (QuicStreamChannel) channel;
                replace = replace.replace("{localAddress}", resolveIfNecessary(quicStreamChannel.parent().localSocketAddress())).replace("{remoteAddress}", resolveIfNecessary(quicStreamChannel.parent().remoteSocketAddress()));
            }
            String replace2 = replace.replace("{random}", Long.toHexString(ThreadLocalRandom.current().nextLong())).replace("{timestamp}", Instant.now().toString()).replace(':', '_');
            HttpPipelineBuilder.LOG.warn("Logging *full* request data, as configured. This will contain sensitive information! Path: '{}'", replace2);
            try {
                PcapWriteHandler.Builder builder = PcapWriteHandler.builder();
                if (HttpPipelineBuilder.this.quic && (channel instanceof QuicStreamChannel)) {
                    QuicStreamChannel quicStreamChannel2 = (QuicStreamChannel) channel;
                    builder.forceTcpChannel((InetSocketAddress) quicStreamChannel2.parent().localSocketAddress(), (InetSocketAddress) quicStreamChannel2.parent().remoteSocketAddress(), true);
                }
                channel.pipeline().addLast(new ChannelHandler[]{builder.build(new FileOutputStream(replace2))});
            } catch (FileNotFoundException e) {
                HttpPipelineBuilder.LOG.warn("Failed to create target pcap at '{}', not logging.", replace2, e);
            }
        }

        private String resolveIfNecessary(SocketAddress socketAddress) {
            if (!(socketAddress instanceof InetSocketAddress)) {
                String obj = socketAddress.toString();
                return obj.contains("/") ? "weird" : obj;
            }
            InetSocketAddress inetSocketAddress = (InetSocketAddress) socketAddress;
            if (inetSocketAddress.isUnresolved()) {
                new InetSocketAddress(inetSocketAddress.getHostString(), inetSocketAddress.getPort());
                if (inetSocketAddress.isUnresolved()) {
                    return "unresolved";
                }
            }
            return inetSocketAddress.getAddress().getHostAddress() + ":" + inetSocketAddress.getPort();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void initChannel() {
            insertOuterTcpHandlers();
            if (HttpPipelineBuilder.this.server.getServerConfiguration().getHttpVersion() != HttpVersion.HTTP_2_0) {
                configureForHttp1();
            } else if (this.sslHandler != null) {
                configureForAlpn();
            } else {
                configureForH2cSupport();
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void initHttp3Channel() {
            insertPcapLoggingHandler(this.channel, "udp-encapsulated");
            this.pipeline.addLast(new ChannelHandler[]{Http3.newQuicServerCodecBuilder().sslEngineProvider(QuicFactory.quicEngineFactory(this.sslHandler)).initialMaxData(HttpPipelineBuilder.this.server.getServerConfiguration().getHttp3().getInitialMaxData()).initialMaxStreamDataBidirectionalLocal(HttpPipelineBuilder.this.server.getServerConfiguration().getHttp3().getInitialMaxStreamDataBidirectionalLocal()).initialMaxStreamDataBidirectionalRemote(HttpPipelineBuilder.this.server.getServerConfiguration().getHttp3().getInitialMaxStreamDataBidirectionalRemote()).initialMaxStreamsBidirectional(HttpPipelineBuilder.this.server.getServerConfiguration().getHttp3().getInitialMaxStreamsBidirectional()).tokenHandler(QuicTokenHandlerImpl.create(this.channel.alloc())).handler(new ChannelInitializer<Channel>() { // from class: io.micronaut.http.server.netty.HttpPipelineBuilder.ConnectionPipeline.1
                protected void initChannel(@NonNull Channel channel) throws Exception {
                    ConnectionPipeline.this.insertPcapLoggingHandler(channel, "quic-decapsulated");
                    channel.pipeline().addLast(new ChannelHandler[]{new Http3ServerConnectionHandler(new ChannelInitializer<QuicStreamChannel>() { // from class: io.micronaut.http.server.netty.HttpPipelineBuilder.ConnectionPipeline.1.1
                        /* JADX INFO: Access modifiers changed from: protected */
                        public void initChannel(@NonNull QuicStreamChannel quicStreamChannel) throws Exception {
                            StreamPipeline streamPipeline = new StreamPipeline(quicStreamChannel, ConnectionPipeline.this.sslHandler, ConnectionPipeline.this.connectionCustomizer.specializeForChannel(quicStreamChannel, NettyServerCustomizer.ChannelRole.REQUEST_STREAM));
                            streamPipeline.insertHttp3FrameHandlers();
                            streamPipeline.streamCustomizer.onStreamPipelineBuilt();
                        }
                    })});
                }
            }).build()});
        }

        void insertOuterTcpHandlers() {
            insertPcapLoggingHandler(this.channel, "encapsulated");
            if (this.sslHandler != null) {
                this.pipeline.addLast("ssl", this.sslHandler.makeNormal(this.channel.alloc()));
                insertPcapLoggingHandler(this.channel, "ssl-decapsulated");
            }
            if (HttpPipelineBuilder.this.loggingHandler != null) {
                this.pipeline.addLast(new ChannelHandler[]{HttpPipelineBuilder.this.loggingHandler});
            }
        }

        private void onRequestPipelineBuilt() {
            HttpPipelineBuilder.this.server.triggerPipelineListeners(this.pipeline);
        }

        private void insertIdleStateHandler() {
            Duration idleTimeout = HttpPipelineBuilder.this.server.getServerConfiguration().getIdleTimeout();
            if (idleTimeout.isNegative()) {
                return;
            }
            this.pipeline.addLast("idle-state", new IdleStateHandler((int) HttpPipelineBuilder.this.server.getServerConfiguration().getReadIdleTimeout().getSeconds(), (int) HttpPipelineBuilder.this.server.getServerConfiguration().getWriteIdleTimeout().getSeconds(), (int) idleTimeout.getSeconds()));
        }

        void configureForHttp1() {
            insertIdleStateHandler();
            this.pipeline.addLast("http-server-codec", createServerCodec());
            new StreamPipeline(this.channel, this.sslHandler, this.connectionCustomizer).insertHttp1DownstreamHandlers();
            this.connectionCustomizer.onInitialPipelineBuilt();
            this.connectionCustomizer.onStreamPipelineBuilt();
            onRequestPipelineBuilt();
        }

        private void configureForHttp2() {
            insertIdleStateHandler();
            boolean isLegacyMultiplexHandlers = HttpPipelineBuilder.this.routingInBoundHandler.serverConfiguration.isLegacyMultiplexHandlers();
            if (isLegacyMultiplexHandlers) {
                this.pipeline.addLast("http2-connection", createHttp2FrameCodec());
                this.pipeline.addLast(new ChannelHandler[]{makeHttp2Handler()});
            } else {
                this.pipeline.addLast("http2-connection", createHttp2ServerHandler(true));
            }
            this.connectionCustomizer.onInitialPipelineBuilt();
            onRequestPipelineBuilt();
            if (isLegacyMultiplexHandlers) {
                return;
            }
            new StreamPipeline(this.channel, this.sslHandler, this.connectionCustomizer).afterHttp2ServerHandlerSetUp();
        }

        private Http2FrameCodec createHttp2FrameCodec() {
            Http2FrameCodecBuilder initialSettings = Http2FrameCodecBuilder.forServer().validateHeaders(HttpPipelineBuilder.this.server.getServerConfiguration().isValidateHeaders()).initialSettings(HttpPipelineBuilder.this.server.getServerConfiguration().getHttp2().http2Settings());
            HttpPipelineBuilder.this.server.getServerConfiguration().getLogLevel().ifPresent(logLevel -> {
                initialSettings.frameLogger(new Http2FrameLogger(logLevel, NettyHttpServer.class));
            });
            return initialSettings.build();
        }

        private Http2ConnectionHandler createHttp2ServerHandler(boolean z) {
            Http2ServerHandler.ConnectionHandlerBuilder m96initialSettings = new Http2ServerHandler.ConnectionHandlerBuilder(HttpPipelineBuilder.this.makeRequestHandler(HttpPipelineBuilder.this.embeddedServices.getWebSocketUpgradeHandler(HttpPipelineBuilder.this.server), z)).compressor(HttpPipelineBuilder.this.embeddedServices.getHttpCompressionStrategy()).accessLogManagerFactory(HttpPipelineBuilder.this.accessLogManagerFactory).m95validateHeaders(HttpPipelineBuilder.this.server.getServerConfiguration().isValidateHeaders()).m96initialSettings(HttpPipelineBuilder.this.server.getServerConfiguration().getHttp2().http2Settings());
            HttpPipelineBuilder.this.server.getServerConfiguration().getLogLevel().ifPresent(logLevel -> {
                m96initialSettings.m94frameLogger(new Http2FrameLogger(logLevel, NettyHttpServer.class));
            });
            return m96initialSettings.m93build();
        }

        void configureForAlpn() {
            this.pipeline.addLast(new ChannelHandler[]{new ApplicationProtocolNegotiationHandler(HttpPipelineBuilder.this.server.getServerConfiguration().getFallbackProtocol()) { // from class: io.micronaut.http.server.netty.HttpPipelineBuilder.ConnectionPipeline.2
                public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                    if (HttpPipelineBuilder.this.routingInBoundHandler.isIgnorable(th)) {
                        channelHandlerContext.close();
                    } else {
                        super.exceptionCaught(channelHandlerContext, th);
                    }
                }

                public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                    if (obj instanceof SslHandshakeCompletionEvent) {
                        SslHandshakeCompletionEvent sslHandshakeCompletionEvent = (SslHandshakeCompletionEvent) obj;
                        if (!sslHandshakeCompletionEvent.isSuccess()) {
                            if (sslHandshakeCompletionEvent.cause() instanceof ClosedChannelException) {
                                return;
                            } else {
                                super.userEventTriggered(channelHandlerContext, obj);
                            }
                        }
                    }
                    super.userEventTriggered(channelHandlerContext, obj);
                }

                protected void configurePipeline(ChannelHandlerContext channelHandlerContext, String str) {
                    boolean z = -1;
                    switch (str.hashCode()) {
                        case -134242387:
                            if (str.equals("http/1.1")) {
                                z = true;
                                break;
                            }
                            break;
                        case 3274:
                            if (str.equals("h2")) {
                                z = false;
                                break;
                            }
                            break;
                    }
                    switch (z) {
                        case false:
                            ConnectionPipeline.this.configureForHttp2();
                            break;
                        case true:
                            ConnectionPipeline.this.configureForHttp1();
                            break;
                        default:
                            HttpPipelineBuilder.LOG.warn("Negotiated unknown ALPN protocol. Is the fallback protocol configured correctly? Falling back on HTTP 1");
                            ConnectionPipeline.this.configureForHttp1();
                            break;
                    }
                    channelHandlerContext.read();
                }
            }});
        }

        void configureForH2cSupport() {
            Http2FrameCodec createHttp2ServerHandler;
            Http2FrameCodec http2FrameCodec;
            insertIdleStateHandler();
            if (HttpPipelineBuilder.this.server.getServerConfiguration().isLegacyMultiplexHandlers()) {
                http2FrameCodec = createHttp2FrameCodec();
                createHttp2ServerHandler = http2FrameCodec;
            } else {
                createHttp2ServerHandler = createHttp2ServerHandler(false);
                http2FrameCodec = null;
            }
            Http2FrameCodec http2FrameCodec2 = http2FrameCodec;
            Http2FrameCodec http2FrameCodec3 = createHttp2ServerHandler;
            HttpServerUpgradeHandler.UpgradeCodecFactory upgradeCodecFactory = charSequence -> {
                if (AsciiString.contentEquals(Http2CodecUtil.HTTP_UPGRADE_PROTOCOL_NAME, charSequence)) {
                    return http2FrameCodec2 == null ? new C1Http2ServerUpgradeCodecImpl(http2FrameCodec3) : new C1Http2ServerUpgradeCodecImpl(http2FrameCodec2, new Http2MultiplexHandler(new ChannelInitializer<Http2StreamChannel>() { // from class: io.micronaut.http.server.netty.HttpPipelineBuilder.ConnectionPipeline.3
                        /* JADX INFO: Access modifiers changed from: protected */
                        public void initChannel(@NonNull Http2StreamChannel http2StreamChannel) {
                            StreamPipeline streamPipeline = new StreamPipeline(http2StreamChannel, ConnectionPipeline.this.sslHandler, ConnectionPipeline.this.connectionCustomizer.specializeForChannel(http2StreamChannel, NettyServerCustomizer.ChannelRole.REQUEST_STREAM));
                            streamPipeline.insertHttp2FrameHandlers();
                            streamPipeline.streamCustomizer.onStreamPipelineBuilt();
                        }
                    }));
                }
                return null;
            };
            HttpServerCodec createServerCodec = createServerCodec();
            final HttpServerUpgradeHandler httpServerUpgradeHandler = new HttpServerUpgradeHandler(createServerCodec, upgradeCodecFactory, HttpPipelineBuilder.this.server.getServerConfiguration().getMaxH2cUpgradeRequestSize());
            this.pipeline.addLast(new ChannelHandler[]{new CleartextHttp2ServerUpgradeHandler(createServerCodec, httpServerUpgradeHandler, createHttp2ServerHandler)});
            this.pipeline.addLast("http1-fallback-handler", new SimpleChannelInboundHandler<HttpMessage>() { // from class: io.micronaut.http.server.netty.HttpPipelineBuilder.ConnectionPipeline.4
                /* JADX INFO: Access modifiers changed from: protected */
                public void channelRead0(ChannelHandlerContext channelHandlerContext, HttpMessage httpMessage) {
                    ChannelPipeline pipeline = channelHandlerContext.pipeline();
                    pipeline.remove(httpServerUpgradeHandler);
                    pipeline.remove(this);
                    new StreamPipeline(ConnectionPipeline.this.channel, ConnectionPipeline.this.sslHandler, ConnectionPipeline.this.connectionCustomizer).insertHttp1DownstreamHandlers();
                    ConnectionPipeline.this.connectionCustomizer.onStreamPipelineBuilt();
                    ConnectionPipeline.this.onRequestPipelineBuilt();
                    pipeline.fireChannelRead(ReferenceCountUtil.retain(httpMessage));
                }
            });
            this.connectionCustomizer.onInitialPipelineBuilt();
        }

        @NonNull
        private Http2MultiplexHandler makeHttp2Handler() {
            return new Http2MultiplexHandler(new ChannelInitializer<Channel>() { // from class: io.micronaut.http.server.netty.HttpPipelineBuilder.ConnectionPipeline.5
                protected void initChannel(@NonNull Channel channel) {
                    StreamPipeline streamPipeline = new StreamPipeline(channel, ConnectionPipeline.this.sslHandler, ConnectionPipeline.this.connectionCustomizer.specializeForChannel(channel, NettyServerCustomizer.ChannelRole.REQUEST_STREAM));
                    streamPipeline.insertHttp2FrameHandlers();
                    streamPipeline.streamCustomizer.onStreamPipelineBuilt();
                }
            });
        }

        @NonNull
        private HttpServerCodec createServerCodec() {
            return new HttpServerCodec(HttpPipelineBuilder.this.server.getServerConfiguration().getMaxInitialLineLength(), HttpPipelineBuilder.this.server.getServerConfiguration().getMaxHeaderSize(), HttpPipelineBuilder.this.server.getServerConfiguration().getMaxChunkSize(), HttpPipelineBuilder.this.server.getServerConfiguration().isValidateHeaders(), HttpPipelineBuilder.this.server.getServerConfiguration().getInitialBufferSize());
        }
    }

    /* loaded from: input_file:io/micronaut/http/server/netty/HttpPipelineBuilder$QuicFactory.class */
    private static final class QuicFactory {
        private QuicFactory() {
        }

        static Function<QuicChannel, ? extends QuicSslEngine> quicEngineFactory(SslHandlerHolder sslHandlerHolder) {
            return quicChannel -> {
                QuicSslEngine newEngine = sslHandlerHolder.pipelineBuilder().quicSslContext.newEngine(quicChannel.alloc());
                sslHandlerHolder.quicSslEngine = newEngine;
                return newEngine;
            };
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/micronaut/http/server/netty/HttpPipelineBuilder$SslHandlerHolder.class */
    public final class SslHandlerHolder {
        private SslHandler sslHandler;
        private SSLEngine quicSslEngine;

        private SslHandlerHolder() {
        }

        SslHandler makeNormal(ByteBufAllocator byteBufAllocator) {
            this.sslHandler = HttpPipelineBuilder.this.sslContext.newHandler(byteBufAllocator);
            this.sslHandler.setHandshakeTimeoutMillis(HttpPipelineBuilder.this.sslConfiguration.getHandshakeTimeout().toMillis());
            return this.sslHandler;
        }

        Supplier<Certificate> findPeerCert() {
            return SupplierUtil.memoized(() -> {
                try {
                    return (this.quicSslEngine == null ? this.sslHandler.engine() : this.quicSslEngine).getSession().getPeerCertificates()[0];
                } catch (SSLPeerUnverifiedException e) {
                    return null;
                }
            });
        }

        HttpPipelineBuilder pipelineBuilder() {
            return HttpPipelineBuilder.this;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/micronaut/http/server/netty/HttpPipelineBuilder$StreamPipeline.class */
    public final class StreamPipeline {
        HttpVersion httpVersion = HttpVersion.HTTP_1_1;
        private final Channel channel;
        private final ChannelPipeline pipeline;

        @Nullable
        private final SslHandlerHolder sslHandler;
        private final NettyServerCustomizer streamCustomizer;

        private StreamPipeline(Channel channel, @Nullable SslHandlerHolder sslHandlerHolder, NettyServerCustomizer nettyServerCustomizer) {
            this.channel = channel;
            this.pipeline = channel.pipeline();
            this.sslHandler = sslHandlerHolder;
            this.streamCustomizer = nettyServerCustomizer;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void initializeChildPipelineForPushPromise(Channel channel) {
            StreamPipeline streamPipeline = new StreamPipeline(channel, this.sslHandler, this.streamCustomizer.specializeForChannel(channel, NettyServerCustomizer.ChannelRole.PUSH_PROMISE_STREAM));
            streamPipeline.insertHttp2FrameHandlers();
            streamPipeline.streamCustomizer.onStreamPipelineBuilt();
        }

        private void insertHttp2FrameHandlers() {
            this.pipeline.addLast("http-decoder", new Http2StreamFrameToHttpObjectCodec(true, HttpPipelineBuilder.this.server.getServerConfiguration().isValidateHeaders()));
            insertHttp2DownstreamHandlers();
        }

        private void insertHttp3FrameHandlers() {
            this.pipeline.addLast("http-decoder", new Http3FrameToHttpObjectCodec(true, HttpPipelineBuilder.this.server.getServerConfiguration().isValidateHeaders()));
            insertHttp2DownstreamHandlers();
        }

        private void insertHttp2DownstreamHandlers() {
            this.httpVersion = HttpVersion.HTTP_2_0;
            this.pipeline.addLast("flow-control-handler", new FlowControlHandler());
            if (HttpPipelineBuilder.this.accessLogHandler != null) {
                this.pipeline.addLast("http-access-logger", HttpPipelineBuilder.this.accessLogHandler);
            }
            registerMicronautChannelHandlers();
            insertMicronautHandlers();
        }

        private void insertMicronautHandlers() {
            this.channel.attr(HttpPipelineBuilder.STREAM_PIPELINE_ATTRIBUTE.get()).set(this);
            if (this.sslHandler != null) {
                this.channel.attr(HttpPipelineBuilder.CERTIFICATE_SUPPLIER_ATTRIBUTE.get()).set(this.sslHandler.findPeerCert());
            }
            Optional<NettyServerWebSocketUpgradeHandler> webSocketUpgradeHandler = HttpPipelineBuilder.this.embeddedServices.getWebSocketUpgradeHandler(HttpPipelineBuilder.this.server);
            if (webSocketUpgradeHandler.isPresent()) {
                this.pipeline.addLast(NettyServerWebSocketUpgradeHandler.COMPRESSION_HANDLER, new WebSocketServerCompressionHandler());
            }
            if (HttpPipelineBuilder.this.server.getServerConfiguration().getServerType() != NettyHttpServerConfiguration.HttpServerType.STREAMED) {
                this.pipeline.addLast("http-aggregator", new HttpObjectAggregator((int) HttpPipelineBuilder.this.server.getServerConfiguration().getMaxRequestSize(), HttpPipelineBuilder.this.server.getServerConfiguration().isCloseOnExpectationFailed()));
            }
            PipeliningServerHandler pipeliningServerHandler = new PipeliningServerHandler(HttpPipelineBuilder.this.makeRequestHandler(webSocketUpgradeHandler, this.sslHandler != null));
            pipeliningServerHandler.setCompressionStrategy(HttpPipelineBuilder.this.embeddedServices.getHttpCompressionStrategy());
            this.pipeline.addLast("micronaut-inbound-handler", pipeliningServerHandler);
        }

        void afterHttp2ServerHandlerSetUp() {
            this.httpVersion = HttpVersion.HTTP_2_0;
            this.channel.attr(HttpPipelineBuilder.STREAM_PIPELINE_ATTRIBUTE.get()).set(this);
            if (this.sslHandler != null) {
                this.channel.attr(HttpPipelineBuilder.CERTIFICATE_SUPPLIER_ATTRIBUTE.get()).set(this.sslHandler.findPeerCert());
            }
        }

        private void insertHttp1DownstreamHandlers() {
            this.httpVersion = HttpVersion.HTTP_1_1;
            if (HttpPipelineBuilder.this.accessLogHandler != null) {
                this.pipeline.addLast("http-access-logger", HttpPipelineBuilder.this.accessLogHandler);
            }
            registerMicronautChannelHandlers();
            insertMicronautHandlers();
        }

        private void registerMicronautChannelHandlers() {
            String str;
            int i = 0;
            Iterator<ChannelOutboundHandler> it = HttpPipelineBuilder.this.embeddedServices.getOutboundHandlers().iterator();
            while (it.hasNext()) {
                Named named = (ChannelOutboundHandler) it.next();
                if (named instanceof Named) {
                    str = named.getName();
                } else {
                    i++;
                    str = "micronaut-inbound-handler-outbound-" + i;
                }
                this.pipeline.addLast(str, named);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HttpPipelineBuilder(NettyHttpServer nettyHttpServer, NettyEmbeddedServices nettyEmbeddedServices, ServerSslConfiguration serverSslConfiguration, RoutingInBoundHandler routingInBoundHandler, HttpHostResolver httpHostResolver, NettyServerCustomizer nettyServerCustomizer, boolean z) {
        this.server = nettyHttpServer;
        this.embeddedServices = nettyEmbeddedServices;
        this.sslConfiguration = serverSslConfiguration;
        this.routingInBoundHandler = routingInBoundHandler;
        this.hostResolver = httpHostResolver;
        this.serverCustomizer = nettyServerCustomizer;
        this.quic = z;
        this.loggingHandler = (LoggingHandler) nettyHttpServer.getServerConfiguration().getLogLevel().map(logLevel -> {
            return new LoggingHandler(NettyHttpServer.class, logLevel);
        }).orElse(null);
        this.sslContext = (nettyEmbeddedServices.getServerSslBuilder() == null || z) ? null : nettyEmbeddedServices.getServerSslBuilder().build().orElse(null);
        this.quicSslContext = z ? nettyEmbeddedServices.getServerSslBuilder().buildQuic().orElse(null) : null;
        NettyHttpServerConfiguration.AccessLogger accessLogger = nettyHttpServer.getServerConfiguration().getAccessLogger();
        if (accessLogger == null || !accessLogger.isEnabled()) {
            this.accessLogHandler = null;
            this.accessLogManagerFactory = null;
            return;
        }
        String loggerName = accessLogger.getLoggerName();
        Predicate<String> inclusionPredicate = NettyHttpServer.inclusionPredicate(accessLogger);
        this.accessLogHandler = new HttpAccessLogHandler(loggerName, accessLogger.getLogFormat(), inclusionPredicate);
        this.accessLogManagerFactory = new Http2AccessLogManager.Factory((loggerName == null || loggerName.isEmpty()) ? null : LoggerFactory.getLogger(loggerName), accessLogger.getLogFormat(), inclusionPredicate);
        routingInBoundHandler.supportLoggingHandler = true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean supportsSsl() {
        return this.sslContext != null;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        ReferenceCountUtil.release(this.sslContext);
    }

    private RequestHandler makeRequestHandler(Optional<NettyServerWebSocketUpgradeHandler> optional, boolean z) {
        RequestHandler requestHandler = this.routingInBoundHandler;
        if (optional.isPresent()) {
            optional.get().setNext(this.routingInBoundHandler);
            requestHandler = optional.get();
        }
        if (this.server.getServerConfiguration().isDualProtocol() && this.server.getServerConfiguration().isHttpToHttpsRedirect() && !z) {
            requestHandler = new HttpToHttpsRedirectHandler(this.routingInBoundHandler.conversionService, this.server.getServerConfiguration(), this.sslConfiguration, this.hostResolver);
        }
        return requestHandler;
    }
}
