package co.cask.cdap.gateway.router;

import co.cask.cdap.common.ServiceBindException;
import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.common.conf.SConfiguration;
import co.cask.cdap.gateway.router.handlers.AuditLogHandler;
import co.cask.cdap.gateway.router.handlers.AuthenticationHandler;
import co.cask.cdap.gateway.router.handlers.HttpRequestRouter;
import co.cask.cdap.gateway.router.handlers.HttpStatusRequestHandler;
import co.cask.cdap.security.auth.AccessTokenTransformer;
import co.cask.cdap.security.auth.TokenValidator;
import co.cask.http.SSLConfig;
import co.cask.http.SSLHandlerFactory;
import com.google.common.base.Throwables;
import com.google.common.util.concurrent.AbstractIdleService;
import com.google.common.util.concurrent.Service;
import com.google.common.util.concurrent.ThreadFactoryBuilder;
import com.google.inject.Inject;
import com.google.inject.name.Named;
import io.netty.bootstrap.ServerBootstrap;
import io.netty.channel.Channel;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelOption;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.EventLoopGroup;
import io.netty.channel.group.ChannelGroup;
import io.netty.channel.group.DefaultChannelGroup;
import io.netty.channel.nio.NioEventLoopGroup;
import io.netty.channel.socket.SocketChannel;
import io.netty.channel.socket.nio.NioServerSocketChannel;
import io.netty.handler.codec.http.HttpServerCodec;
import io.netty.handler.codec.http.HttpServerExpectContinueHandler;
import io.netty.util.concurrent.Future;
import io.netty.util.concurrent.ImmediateEventExecutor;
import java.io.File;
import java.net.BindException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Optional;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.twill.common.Cancellable;
import org.apache.twill.discovery.DiscoveryServiceClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:co/cask/cdap/gateway/router/NettyRouter.class */
public class NettyRouter extends AbstractIdleService {
    private static final Logger LOG = LoggerFactory.getLogger(NettyRouter.class);
    private final int serverBossThreadPoolSize;
    private final int serverWorkerThreadPoolSize;
    private final int serverConnectionBacklog;
    private final InetAddress hostname;
    private final int port;
    private final RouterServiceLookup serviceLookup;
    private final boolean securityEnabled;
    private final TokenValidator tokenValidator;
    private final AccessTokenTransformer accessTokenTransformer;
    private final CConfiguration cConf;
    private final boolean sslEnabled;
    private final SSLHandlerFactory sslHandlerFactory;
    private InetSocketAddress boundAddress;
    private DiscoveryServiceClient discoveryServiceClient;
    private Cancellable serverCancellable;

    @Inject
    public NettyRouter(CConfiguration cConfiguration, SConfiguration sConfiguration, @Named("router.bind.address") InetAddress inetAddress, RouterServiceLookup routerServiceLookup, TokenValidator tokenValidator, AccessTokenTransformer accessTokenTransformer, DiscoveryServiceClient discoveryServiceClient) {
        this.cConf = cConfiguration;
        this.serverBossThreadPoolSize = cConfiguration.getInt("router.server.boss.threads");
        this.serverWorkerThreadPoolSize = cConfiguration.getInt("router.server.worker.threads");
        this.serverConnectionBacklog = cConfiguration.getInt("router.connection.backlog");
        this.hostname = inetAddress;
        this.serviceLookup = routerServiceLookup;
        this.securityEnabled = cConfiguration.getBoolean("security.enabled", false);
        this.tokenValidator = tokenValidator;
        this.accessTokenTransformer = accessTokenTransformer;
        this.discoveryServiceClient = discoveryServiceClient;
        this.sslEnabled = cConfiguration.getBoolean("ssl.external.enabled");
        if (!this.sslEnabled) {
            this.port = cConfiguration.getInt("router.bind.port");
            this.sslHandlerFactory = null;
        } else {
            this.port = cConfiguration.getInt("router.ssl.bind.port");
            try {
                this.sslHandlerFactory = new SSLHandlerFactory(SSLConfig.builder(new File(sConfiguration.get("router.ssl.keystore.path")), sConfiguration.get("router.ssl.keystore.password")).setCertificatePassword(sConfiguration.get("router.ssl.keystore.keypassword")).build());
            } catch (Throwable th) {
                throw new RuntimeException("SSL is enabled but the keystore file could not be read. Please verify that the keystore file exists and the path is set correctly : " + sConfiguration.get("router.ssl.keystore.path"));
            }
        }
    }

    public Optional<InetSocketAddress> getBoundAddress() {
        return Optional.ofNullable(this.boundAddress);
    }

    protected void startUp() throws Exception {
        this.tokenValidator.startAndWait();
        DefaultChannelGroup defaultChannelGroup = new DefaultChannelGroup(ImmediateEventExecutor.INSTANCE);
        this.serverCancellable = startServer(createServerBootstrap(defaultChannelGroup), defaultChannelGroup);
    }

    protected void shutDown() {
        this.boundAddress = null;
        LOG.info("Stopping Netty Router...");
        this.serverCancellable.cancel();
        this.tokenValidator.stopAndWait();
        LOG.info("Stopped Netty Router.");
    }

    protected Executor executor(Service.State state) {
        AtomicInteger atomicInteger = new AtomicInteger();
        return runnable -> {
            new Thread(runnable, String.format("NettyRouter-%d", Integer.valueOf(atomicInteger.incrementAndGet()))).start();
        };
    }

    private EventLoopGroup createEventLoopGroup(int i, String str) {
        return new NioEventLoopGroup(i, new ThreadFactoryBuilder().setDaemon(true).setNameFormat(str).build());
    }

    private ServerBootstrap createServerBootstrap(final ChannelGroup channelGroup) {
        return new ServerBootstrap().group(createEventLoopGroup(this.serverBossThreadPoolSize, "router-server-boss-thread-%d"), createEventLoopGroup(this.serverWorkerThreadPoolSize, "router-server-worker-thread-%d")).channel(NioServerSocketChannel.class).option(ChannelOption.SO_BACKLOG, Integer.valueOf(this.serverConnectionBacklog)).childHandler(new ChannelInitializer<SocketChannel>() { // from class: co.cask.cdap.gateway.router.NettyRouter.1
            /* JADX INFO: Access modifiers changed from: protected */
            public void initChannel(SocketChannel socketChannel) {
                channelGroup.add(socketChannel);
                ChannelPipeline pipeline = socketChannel.pipeline();
                if (NettyRouter.this.sslEnabled) {
                    pipeline.addLast("ssl", NettyRouter.this.sslHandlerFactory.create(socketChannel.alloc()));
                }
                pipeline.addLast("http-codec", new HttpServerCodec());
                pipeline.addLast("http-status-request-handler", new HttpStatusRequestHandler());
                if (NettyRouter.this.securityEnabled) {
                    pipeline.addLast("access-token-authenticator", new AuthenticationHandler(NettyRouter.this.cConf, NettyRouter.this.tokenValidator, NettyRouter.this.discoveryServiceClient, NettyRouter.this.accessTokenTransformer));
                }
                if (NettyRouter.this.cConf.getBoolean("router.audit.log.enabled")) {
                    pipeline.addLast("audit-log", new AuditLogHandler());
                }
                pipeline.addLast("expect-continue", new HttpServerExpectContinueHandler());
                pipeline.addLast("http-request-handler", new HttpRequestRouter(NettyRouter.this.cConf, NettyRouter.this.serviceLookup));
            }
        });
    }

    private Cancellable startServer(ServerBootstrap serverBootstrap, ChannelGroup channelGroup) throws Exception {
        InetSocketAddress inetSocketAddress = new InetSocketAddress(this.hostname, this.port);
        LOG.info("Starting Netty Router on address {}...", inetSocketAddress);
        try {
            Channel channel = serverBootstrap.bind(inetSocketAddress).sync().channel();
            channelGroup.add(channel);
            this.boundAddress = (InetSocketAddress) channel.localAddress();
            LOG.info("Started Netty Router for service {} on address {}.", this.boundAddress);
            return () -> {
                ArrayList arrayList = new ArrayList();
                arrayList.add(channelGroup.close());
                arrayList.add(serverBootstrap.config().group().shutdownGracefully(0L, 5L, TimeUnit.SECONDS));
                arrayList.add(serverBootstrap.config().childGroup().shutdownGracefully(0L, 5L, TimeUnit.SECONDS));
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    ((Future) it.next()).awaitUninterruptibly();
                }
            };
        } catch (Exception e) {
            if (Throwables.getRootCause(e) instanceof BindException) {
                throw new ServiceBindException("Router", this.hostname.getCanonicalHostName(), this.port, e);
            }
            throw e;
        }
    }
}
