package org.wso2.transport.http.netty.contractimpl.listener;

import io.netty.buffer.Unpooled;
import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.group.ChannelGroup;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.codec.http.HttpRequestDecoder;
import io.netty.handler.codec.http.HttpResponseEncoder;
import io.netty.handler.codec.http.HttpServerCodec;
import io.netty.handler.codec.http.HttpServerUpgradeHandler;
import io.netty.handler.codec.http2.Http2CodecUtil;
import io.netty.handler.codec.http2.Http2ServerUpgradeCodec;
import io.netty.handler.ssl.ApplicationProtocolNames;
import io.netty.handler.ssl.ApplicationProtocolNegotiationHandler;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.ReferenceCountedOpenSslContext;
import io.netty.handler.ssl.ReferenceCountedOpenSslEngine;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.stream.ChunkedWriteHandler;
import io.netty.handler.timeout.IdleStateHandler;
import io.netty.util.AsciiString;
import io.netty.util.concurrent.EventExecutorGroup;
import io.netty.util.concurrent.Future;
import io.netty.util.concurrent.GenericFutureListener;
import java.io.IOException;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.transport.http.netty.contract.Constants;
import org.wso2.transport.http.netty.contract.ServerConnectorFuture;
import org.wso2.transport.http.netty.contract.config.ChunkConfig;
import org.wso2.transport.http.netty.contract.config.InboundMsgSizeValidationConfig;
import org.wso2.transport.http.netty.contract.config.KeepAliveConfig;
import org.wso2.transport.http.netty.contractimpl.common.BackPressureHandler;
import org.wso2.transport.http.netty.contractimpl.common.Util;
import org.wso2.transport.http.netty.contractimpl.common.certificatevalidation.CertificateVerificationException;
import org.wso2.transport.http.netty.contractimpl.common.http2.Http2ExceptionHandler;
import org.wso2.transport.http.netty.contractimpl.common.ssl.SSLConfig;
import org.wso2.transport.http.netty.contractimpl.common.ssl.SSLHandlerFactory;
import org.wso2.transport.http.netty.contractimpl.listener.http2.Http2SourceConnectionHandlerBuilder;
import org.wso2.transport.http.netty.contractimpl.listener.http2.Http2ToHttpFallbackHandler;
import org.wso2.transport.http.netty.contractimpl.listener.http2.Http2WithPriorKnowledgeHandler;
import org.wso2.transport.http.netty.contractimpl.sender.CertificateValidationHandler;

/* loaded from: input_file:WEB-INF/lib/org.wso2.transport.http.netty-6.3.49.jar:org/wso2/transport/http/netty/contractimpl/listener/HttpServerChannelInitializer.class */
public class HttpServerChannelInitializer extends ChannelInitializer<SocketChannel> {
    private static final Logger LOG = LoggerFactory.getLogger(HttpServerChannelInitializer.class);
    private long socketIdleTimeout;
    private boolean httpTraceLogEnabled;
    private boolean httpAccessLogEnabled;
    private ChunkConfig chunkConfig;
    private KeepAliveConfig keepAliveConfig;
    private String interfaceId;
    private String serverName;
    private SSLConfig sslConfig;
    private SSLHandlerFactory sslHandlerFactory;
    private SSLContext keystoreSslContext;
    private SslContext keystoreHttp2SslContext;
    private SslContext certAndKeySslContext;
    private ServerConnectorFuture serverConnectorFuture;
    private InboundMsgSizeValidationConfig reqSizeValidationConfig;
    private boolean validateCertEnabled;
    private int cacheDelay;
    private int cacheSize;
    private ChannelGroup allChannels;
    private boolean pipeliningEnabled;
    private long pipeliningLimit;
    private EventExecutorGroup pipeliningGroup;
    private boolean webSocketCompressionEnabled;
    private boolean http2Enabled = false;
    private boolean ocspStaplingEnabled = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/org.wso2.transport.http.netty-6.3.49.jar:org/wso2/transport/http/netty/contractimpl/listener/HttpServerChannelInitializer$Http2PipelineConfiguratorForServer.class */
    public class Http2PipelineConfiguratorForServer extends ApplicationProtocolNegotiationHandler {
        private HttpServerChannelInitializer channelInitializer;
        private SSLEngine sslEngine;

        Http2PipelineConfiguratorForServer(HttpServerChannelInitializer httpServerChannelInitializer, SSLEngine sSLEngine) {
            super(ApplicationProtocolNames.HTTP_1_1);
            this.channelInitializer = httpServerChannelInitializer;
            this.sslEngine = sSLEngine;
        }

        @Override // io.netty.handler.ssl.ApplicationProtocolNegotiationHandler
        protected void configurePipeline(ChannelHandlerContext channelHandlerContext, String str) {
            Util.setMutualSslStatus(channelHandlerContext, this.sslEngine);
            if ("h2".equals(str)) {
                channelHandlerContext.pipeline().addLast(Constants.HTTP2_SOURCE_CONNECTION_HANDLER, new Http2SourceConnectionHandlerBuilder(HttpServerChannelInitializer.this.interfaceId, HttpServerChannelInitializer.this.serverConnectorFuture, HttpServerChannelInitializer.this.serverName, this.channelInitializer).build());
            } else {
                if (!ApplicationProtocolNames.HTTP_1_1.equals(str)) {
                    throw new IllegalStateException("unknown protocol: " + str);
                }
                HttpServerChannelInitializer.this.configureHttpPipeline(channelHandlerContext.pipeline(), "http");
                channelHandlerContext.pipeline().fireChannelActive();
            }
        }

        @Override // io.netty.handler.ssl.ApplicationProtocolNegotiationHandler, io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelHandlerAdapter, io.netty.channel.ChannelHandler, io.netty.channel.ChannelInboundHandler
        public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) {
            if (channelHandlerContext == null || !channelHandlerContext.channel().isActive()) {
                return;
            }
            channelHandlerContext.writeAndFlush(Unpooled.EMPTY_BUFFER).addListener2((GenericFutureListener<? extends Future<? super Void>>) ChannelFutureListener.CLOSE);
        }

        @Override // io.netty.handler.ssl.ApplicationProtocolNegotiationHandler
        protected void handshakeFailure(ChannelHandlerContext channelHandlerContext, Throwable th) {
            if (th.toString().contains("ssl") || th.toString().contains(Constants.SECURITY)) {
                while (th.getCause() != null && th.getCause() != th) {
                    th = th.getCause();
                }
            }
            HttpServerChannelInitializer.LOG.warn("{} TLS handshake failed: {}", channelHandlerContext.channel(), th.getMessage());
        }
    }

    @Override // io.netty.channel.ChannelInitializer
    public void initChannel(SocketChannel socketChannel) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Initializing source channel pipeline");
        }
        ChannelPipeline pipeline = socketChannel.pipeline();
        if (!this.http2Enabled) {
            if (this.sslHandlerFactory != null) {
                configureSslForHttp(pipeline, socketChannel);
                return;
            } else {
                configureHttpPipeline(pipeline, "http");
                return;
            }
        }
        if (this.sslHandlerFactory == null) {
            configureH2cPipeline(pipeline);
            return;
        }
        if (!this.ocspStaplingEnabled) {
            SslHandler newHandler = this.keystoreHttp2SslContext.newHandler(socketChannel.alloc());
            Util.setSslHandshakeTimeOut(this.sslConfig, newHandler);
            pipeline.addLast(newHandler, new Http2PipelineConfiguratorForServer(this, newHandler.engine()));
            pipeline.addLast(Constants.HTTP2_EXCEPTION_HANDLER, new Http2ExceptionHandler());
            return;
        }
        OCSPResp ocspResponse = getOcspResponse();
        SslHandler newHandler2 = ((ReferenceCountedOpenSslContext) this.keystoreHttp2SslContext).newHandler(socketChannel.alloc());
        ((ReferenceCountedOpenSslEngine) newHandler2.engine()).setOcspResponse(ocspResponse.getEncoded());
        Util.setSslHandshakeTimeOut(this.sslConfig, newHandler2);
        socketChannel.pipeline().addLast(newHandler2, new Http2PipelineConfiguratorForServer(this, newHandler2.engine()));
    }

    private OCSPResp getOcspResponse() throws IOException, KeyStoreException, CertificateVerificationException, CertificateException {
        OCSPResp generateOcspResponse = OCSPResponseBuilder.generateOcspResponse(this.sslConfig, this.cacheSize, this.cacheDelay);
        if (!OpenSsl.isAvailable()) {
            throw new IllegalStateException("OpenSSL is not available!");
        }
        if (OpenSsl.isOcspSupported()) {
            return generateOcspResponse;
        }
        throw new IllegalStateException("OCSP is not supported!");
    }

    private void configureSslForHttp(ChannelPipeline channelPipeline, SocketChannel socketChannel) throws CertificateVerificationException, KeyStoreException, IOException, CertificateException {
        SSLEngine buildServerSSLEngine;
        if (this.ocspStaplingEnabled) {
            OCSPResp ocspResponse = getOcspResponse();
            SslHandler newHandler = this.sslHandlerFactory.getServerReferenceCountedOpenSslContext(this.ocspStaplingEnabled).newHandler(socketChannel.alloc());
            buildServerSSLEngine = newHandler.engine();
            ((ReferenceCountedOpenSslEngine) buildServerSSLEngine).setOcspResponse(ocspResponse.getEncoded());
            Util.setSslHandshakeTimeOut(this.sslConfig, newHandler);
            socketChannel.pipeline().addLast(newHandler);
        } else {
            if (this.sslConfig.getServerKeyFile() != null) {
                buildServerSSLEngine = this.certAndKeySslContext.newHandler(socketChannel.alloc()).engine();
                this.sslHandlerFactory.addCommonConfigs(buildServerSSLEngine);
            } else {
                buildServerSSLEngine = this.sslHandlerFactory.buildServerSSLEngine(this.keystoreSslContext);
            }
            SslHandler sslHandler = new SslHandler(buildServerSSLEngine);
            Util.setSslHandshakeTimeOut(this.sslConfig, sslHandler);
            channelPipeline.addLast("ssl", sslHandler);
            if (this.validateCertEnabled) {
                channelPipeline.addLast(Constants.HTTP_CERT_VALIDATION_HANDLER, new CertificateValidationHandler(buildServerSSLEngine, this.cacheDelay, this.cacheSize));
            }
        }
        channelPipeline.addLast(Constants.SSL_COMPLETION_HANDLER, new SslHandshakeCompletionHandlerForServer(this, channelPipeline, buildServerSSLEngine));
    }

    public void configureHttpPipeline(ChannelPipeline channelPipeline, String str) {
        if (str.equals("http")) {
            channelPipeline.addLast(Constants.HTTP_ENCODER, new HttpResponseEncoder());
            channelPipeline.addLast(Constants.HTTP_DECODER, new HttpRequestDecoder(this.reqSizeValidationConfig.getMaxInitialLineLength(), this.reqSizeValidationConfig.getMaxHeaderSize(), this.reqSizeValidationConfig.getMaxChunkSize()));
            channelPipeline.addLast(Constants.HTTP_COMPRESSOR, new CustomHttpContentCompressor());
            channelPipeline.addLast(Constants.HTTP_CHUNK_WRITER, new ChunkedWriteHandler());
            if (this.httpTraceLogEnabled) {
                channelPipeline.addLast(Constants.HTTP_TRACE_LOG_HANDLER, new HttpTraceLoggingHandler(Constants.TRACE_LOG_DOWNSTREAM));
            }
            if (this.httpAccessLogEnabled) {
                channelPipeline.addLast(Constants.HTTP_ACCESS_LOG_HANDLER, new HttpAccessLoggingHandler("http.accesslog"));
            }
        }
        channelPipeline.addLast(Constants.URI_HEADER_LENGTH_VALIDATION_HANDLER, new UriAndHeaderLengthValidator(this.serverName));
        if (this.reqSizeValidationConfig.getMaxEntityBodySize() > -1) {
            channelPipeline.addLast(Constants.MAX_ENTITY_BODY_VALIDATION_HANDLER, new MaxEntityBodyValidator(this.serverName, this.reqSizeValidationConfig.getMaxEntityBodySize()));
        }
        channelPipeline.addLast(Constants.WEBSOCKET_SERVER_HANDSHAKE_HANDLER, new WebSocketServerHandshakeHandler(this.serverConnectorFuture, this.webSocketCompressionEnabled));
        channelPipeline.addLast(Constants.BACK_PRESSURE_HANDLER, new BackPressureHandler());
        channelPipeline.addLast(Constants.HTTP_SOURCE_HANDLER, new SourceHandler(this.serverConnectorFuture, this.interfaceId, this.chunkConfig, this.keepAliveConfig, this.serverName, this.allChannels, this.pipeliningEnabled, this.pipeliningLimit, this.pipeliningGroup));
        if (this.socketIdleTimeout >= 0) {
            channelPipeline.addBefore(Constants.HTTP_SOURCE_HANDLER, Constants.IDLE_STATE_HANDLER, new IdleStateHandler(0L, 0L, this.socketIdleTimeout, TimeUnit.MILLISECONDS));
        }
        channelPipeline.addLast(Constants.HTTP_EXCEPTION_HANDLER, new HttpExceptionHandler());
    }

    private void configureH2cPipeline(ChannelPipeline channelPipeline) {
        channelPipeline.addLast(new Http2WithPriorKnowledgeHandler(this.interfaceId, this.serverName, this.serverConnectorFuture, this));
        HttpServerCodec httpServerCodec = new HttpServerCodec(this.reqSizeValidationConfig.getMaxInitialLineLength(), this.reqSizeValidationConfig.getMaxHeaderSize(), this.reqSizeValidationConfig.getMaxChunkSize());
        HttpServerUpgradeHandler.UpgradeCodecFactory upgradeCodecFactory = charSequence -> {
            if (AsciiString.contentEquals(Http2CodecUtil.HTTP_UPGRADE_PROTOCOL_NAME, charSequence)) {
                return new Http2ServerUpgradeCodec(Constants.HTTP2_SOURCE_CONNECTION_HANDLER, new Http2SourceConnectionHandlerBuilder(this.interfaceId, this.serverConnectorFuture, this.serverName, this).build());
            }
            return null;
        };
        channelPipeline.addLast(Constants.HTTP_SERVER_CODEC, httpServerCodec);
        channelPipeline.addLast(Constants.HTTP_COMPRESSOR, new CustomHttpContentCompressor());
        if (this.httpTraceLogEnabled) {
            channelPipeline.addLast(Constants.HTTP_TRACE_LOG_HANDLER, new HttpTraceLoggingHandler(Constants.TRACE_LOG_DOWNSTREAM));
        }
        if (this.httpAccessLogEnabled) {
            channelPipeline.addLast(Constants.HTTP_ACCESS_LOG_HANDLER, new HttpAccessLoggingHandler("http.accesslog"));
        }
        channelPipeline.addLast(Constants.HTTP2_UPGRADE_HANDLER, new HttpServerUpgradeHandler(httpServerCodec, upgradeCodecFactory, Integer.MAX_VALUE));
        channelPipeline.addLast(Constants.HTTP2_TO_HTTP_FALLBACK_HANDLER, new Http2ToHttpFallbackHandler(this));
    }

    public void setServerConnectorFuture(ServerConnectorFuture serverConnectorFuture) {
        this.serverConnectorFuture = serverConnectorFuture;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setIdleTimeout(long j) {
        this.socketIdleTimeout = j;
    }

    public long getSocketIdleTimeout() {
        return this.socketIdleTimeout;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setHttpTraceLogEnabled(boolean z) {
        this.httpTraceLogEnabled = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setHttpAccessLogEnabled(boolean z) {
        this.httpAccessLogEnabled = z;
    }

    public boolean isHttpTraceLogEnabled() {
        return this.httpTraceLogEnabled;
    }

    public boolean isHttpAccessLogEnabled() {
        return this.httpAccessLogEnabled;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setInterfaceId(String str) {
        this.interfaceId = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSslConfig(SSLConfig sSLConfig) {
        this.sslConfig = sSLConfig;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSslHandlerFactory(SSLHandlerFactory sSLHandlerFactory) {
        this.sslHandlerFactory = sSLHandlerFactory;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setKeystoreSslContext(SSLContext sSLContext) {
        this.keystoreSslContext = sSLContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setHttp2SslContext(SslContext sslContext) {
        this.keystoreHttp2SslContext = sslContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCertandKeySslContext(SslContext sslContext) {
        this.certAndKeySslContext = sslContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setReqSizeValidationConfig(InboundMsgSizeValidationConfig inboundMsgSizeValidationConfig) {
        this.reqSizeValidationConfig = inboundMsgSizeValidationConfig;
    }

    public void setChunkingConfig(ChunkConfig chunkConfig) {
        this.chunkConfig = chunkConfig;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setKeepAliveConfig(KeepAliveConfig keepAliveConfig) {
        this.keepAliveConfig = keepAliveConfig;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setValidateCertEnabled(boolean z) {
        this.validateCertEnabled = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCacheDelay(int i) {
        this.cacheDelay = i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCacheSize(int i) {
        this.cacheSize = i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setServerName(String str) {
        this.serverName = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setOcspStaplingEnabled(boolean z) {
        this.ocspStaplingEnabled = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setHttp2Enabled(boolean z) {
        this.http2Enabled = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPipeliningEnabled(boolean z) {
        this.pipeliningEnabled = z;
    }

    public void setPipeliningLimit(long j) {
        this.pipeliningLimit = j;
    }

    public void setPipeliningThreadGroup(EventExecutorGroup eventExecutorGroup) {
        this.pipeliningGroup = eventExecutorGroup;
    }

    public void setWebSocketCompressionEnabled(boolean z) {
        this.webSocketCompressionEnabled = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setAllChannels(ChannelGroup channelGroup) {
        this.allChannels = channelGroup;
    }
}
