package io.camunda.zeebe.gateway;

import io.camunda.identity.sdk.IdentityConfiguration;
import io.camunda.zeebe.broker.client.api.BrokerClient;
import io.camunda.zeebe.gateway.health.GatewayHealthManager;
import io.camunda.zeebe.gateway.health.Status;
import io.camunda.zeebe.gateway.health.impl.GatewayHealthManagerImpl;
import io.camunda.zeebe.gateway.impl.configuration.AuthenticationCfg;
import io.camunda.zeebe.gateway.impl.configuration.GatewayCfg;
import io.camunda.zeebe.gateway.impl.configuration.IdentityCfg;
import io.camunda.zeebe.gateway.impl.configuration.MultiTenancyCfg;
import io.camunda.zeebe.gateway.impl.configuration.NetworkCfg;
import io.camunda.zeebe.gateway.impl.configuration.SecurityCfg;
import io.camunda.zeebe.gateway.impl.job.ActivateJobsHandler;
import io.camunda.zeebe.gateway.impl.job.LongPollingActivateJobsHandler;
import io.camunda.zeebe.gateway.impl.job.RoundRobinActivateJobsHandler;
import io.camunda.zeebe.gateway.impl.stream.StreamJobsHandler;
import io.camunda.zeebe.gateway.interceptors.impl.ContextInjectingInterceptor;
import io.camunda.zeebe.gateway.interceptors.impl.DecoratedInterceptor;
import io.camunda.zeebe.gateway.interceptors.impl.IdentityInterceptor;
import io.camunda.zeebe.gateway.interceptors.impl.InterceptorRepository;
import io.camunda.zeebe.gateway.protocol.GatewayOuterClass;
import io.camunda.zeebe.gateway.query.impl.QueryApiImpl;
import io.camunda.zeebe.protocol.impl.stream.job.JobActivationProperties;
import io.camunda.zeebe.scheduler.Actor;
import io.camunda.zeebe.scheduler.ActorSchedulingService;
import io.camunda.zeebe.scheduler.future.ActorFuture;
import io.camunda.zeebe.scheduler.future.CompletableActorFuture;
import io.camunda.zeebe.transport.stream.api.ClientStreamer;
import io.camunda.zeebe.util.CloseableSilently;
import io.camunda.zeebe.util.TlsConfigUtil;
import io.camunda.zeebe.util.error.FatalErrorHandler;
import io.grpc.BindableService;
import io.grpc.Server;
import io.grpc.ServerBuilder;
import io.grpc.ServerInterceptor;
import io.grpc.ServerInterceptors;
import io.grpc.ServerServiceDefinition;
import io.grpc.StatusException;
import io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.NettyServerBuilder;
import io.grpc.protobuf.StatusProto;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.File;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.net.InetSocketAddress;
import java.time.Duration;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.ForkJoinPool;
import java.util.concurrent.ForkJoinWorkerThread;
import java.util.concurrent.TimeUnit;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.stream.Collectors;
import me.dinowernli.grpc.prometheus.Configuration;
import me.dinowernli.grpc.prometheus.MonitoringServerInterceptor;
import org.slf4j.Logger;

/* loaded from: input_file:io/camunda/zeebe/gateway/Gateway.class */
public final class Gateway implements CloseableSilently {
    public static final Function<String, Exception> NO_JOBS_RECEIVED_EXCEPTION_PROVIDER = str -> {
        return grpcStatusException(8, str);
    };
    public static final Function<String, Throwable> REQUEST_CANCELED_EXCEPTION_PROVIDER = str -> {
        return grpcStatusException(1, str);
    };
    private static final Logger LOG = Loggers.GATEWAY_LOGGER;
    private static final MonitoringServerInterceptor MONITORING_SERVER_INTERCEPTOR = MonitoringServerInterceptor.create(Configuration.allMetrics());
    private static final Duration DEFAULT_SHUTDOWN_TIMEOUT = Duration.ofSeconds(30);
    private final GatewayCfg gatewayCfg;
    private final IdentityConfiguration identityCfg;
    private final ActorSchedulingService actorSchedulingService;
    private final GatewayHealthManager healthManager;
    private final ClientStreamer<JobActivationProperties> jobStreamer;
    private final Duration shutdownTimeout;
    private Server server;
    private ExecutorService grpcExecutor;
    private final BrokerClient brokerClient;

    /* loaded from: input_file:io/camunda/zeebe/gateway/Gateway$NamedForkJoinPoolThreadFactory.class */
    private static final class NamedForkJoinPoolThreadFactory implements ForkJoinPool.ForkJoinWorkerThreadFactory {
        private NamedForkJoinPoolThreadFactory() {
        }

        @Override // java.util.concurrent.ForkJoinPool.ForkJoinWorkerThreadFactory
        public ForkJoinWorkerThread newThread(ForkJoinPool forkJoinPool) {
            ForkJoinWorkerThread newThread = ForkJoinPool.defaultForkJoinWorkerThreadFactory.newThread(forkJoinPool);
            newThread.setName("grpc-executor-" + newThread.getPoolIndex());
            return newThread;
        }
    }

    public Gateway(GatewayCfg gatewayCfg, IdentityConfiguration identityConfiguration, BrokerClient brokerClient, ActorSchedulingService actorSchedulingService, ClientStreamer<JobActivationProperties> clientStreamer) {
        this(DEFAULT_SHUTDOWN_TIMEOUT, gatewayCfg, identityConfiguration, brokerClient, actorSchedulingService, clientStreamer);
    }

    public Gateway(GatewayCfg gatewayCfg, BrokerClient brokerClient, ActorSchedulingService actorSchedulingService, ClientStreamer<JobActivationProperties> clientStreamer) {
        this(gatewayCfg, null, brokerClient, actorSchedulingService, clientStreamer);
    }

    public Gateway(Duration duration, GatewayCfg gatewayCfg, IdentityConfiguration identityConfiguration, BrokerClient brokerClient, ActorSchedulingService actorSchedulingService, ClientStreamer<JobActivationProperties> clientStreamer) {
        this.shutdownTimeout = duration;
        this.gatewayCfg = gatewayCfg;
        this.identityCfg = identityConfiguration;
        this.brokerClient = brokerClient;
        this.actorSchedulingService = actorSchedulingService;
        this.jobStreamer = clientStreamer;
        this.healthManager = new GatewayHealthManagerImpl();
    }

    public GatewayCfg getGatewayCfg() {
        return this.gatewayCfg;
    }

    public Status getStatus() {
        return this.healthManager.getStatus();
    }

    public BrokerClient getBrokerClient() {
        return this.brokerClient;
    }

    public ActorFuture<Gateway> start() {
        CompletableActorFuture completableActorFuture = new CompletableActorFuture();
        this.healthManager.setStatus(Status.STARTING);
        createAndStartActivateJobsHandler(this.brokerClient).thenCombine(startClientStreamAdapter(), this::createServer).thenAccept((Consumer<? super V>) this::startServer).thenApply(r3 -> {
            return this;
        }).whenComplete((BiConsumer<? super U, ? super Throwable>) completableActorFuture);
        return completableActorFuture;
    }

    private void startServer(Server server) {
        this.server = server;
        try {
            this.server.start();
            this.healthManager.setStatus(Status.RUNNING);
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    private CompletionStage<StreamJobsHandler> startClientStreamAdapter() {
        StreamJobsHandler streamJobsHandler = new StreamJobsHandler(this.jobStreamer);
        CompletableFuture completableFuture = new CompletableFuture();
        this.actorSchedulingService.submitActor(streamJobsHandler).onComplete((r5, th) -> {
            if (th != null) {
                completableFuture.completeExceptionally(th);
            } else {
                completableFuture.complete(streamJobsHandler);
            }
        }, ForkJoinPool.commonPool());
        return completableFuture;
    }

    private Server createServer(ActivateJobsHandler<GatewayOuterClass.ActivateJobsResponse> activateJobsHandler, StreamJobsHandler streamJobsHandler) {
        NetworkCfg network = this.gatewayCfg.getNetwork();
        MultiTenancyCfg multiTenancy = this.gatewayCfg.getMultiTenancy();
        NettyServerBuilder applyNetworkConfig = applyNetworkConfig(network);
        applyExecutorConfiguration(applyNetworkConfig);
        applySecurityConfiguration(applyNetworkConfig);
        return buildServer(applyNetworkConfig, new GatewayGrpcService(new EndpointManager(this.brokerClient, activateJobsHandler, streamJobsHandler, multiTenancy)));
    }

    private void applyExecutorConfiguration(NettyServerBuilder nettyServerBuilder) {
        this.gatewayCfg.getThreads();
        this.grpcExecutor = Executors.newThreadPerTaskExecutor(Thread.ofVirtual().uncaughtExceptionHandler(FatalErrorHandler.uncaughtExceptionHandler(LOG)).name("grpc-virtual-executor").factory());
        nettyServerBuilder.executor(this.grpcExecutor);
    }

    private void applySecurityConfiguration(NettyServerBuilder nettyServerBuilder) {
        SecurityCfg security = this.gatewayCfg.getSecurity();
        if (security.isEnabled()) {
            setSecurityConfig(nettyServerBuilder, security);
        }
    }

    private Server buildServer(ServerBuilder<?> serverBuilder, BindableService bindableService) {
        return serverBuilder.addService(applyInterceptors(bindableService)).addService(ServerInterceptors.intercept(this.healthManager.getHealthService(), new ServerInterceptor[]{MONITORING_SERVER_INTERCEPTOR})).build();
    }

    private NettyServerBuilder applyNetworkConfig(NetworkCfg networkCfg) {
        Duration minKeepAliveInterval = networkCfg.getMinKeepAliveInterval();
        if (minKeepAliveInterval.isNegative() || minKeepAliveInterval.isZero()) {
            throw new IllegalArgumentException("Minimum keep alive interval must be positive.");
        }
        int bytes = (int) networkCfg.getMaxMessageSize().toBytes();
        if (bytes <= 0) {
            throw new IllegalArgumentException("maxMessageSize must be positive");
        }
        return NettyServerBuilder.forAddress(new InetSocketAddress(networkCfg.getHost(), networkCfg.getPort())).maxInboundMessageSize(bytes).permitKeepAliveTime(minKeepAliveInterval.toMillis(), TimeUnit.MILLISECONDS).permitKeepAliveWithoutCalls(false);
    }

    private void setSecurityConfig(NettyServerBuilder nettyServerBuilder, SecurityCfg securityCfg) {
        File certificateChainPath = securityCfg.getCertificateChainPath();
        File privateKeyPath = securityCfg.getPrivateKeyPath();
        File filePath = securityCfg.getKeyStore().getFilePath();
        String password = securityCfg.getKeyStore().getPassword();
        TlsConfigUtil.validateTlsConfig(certificateChainPath, privateKeyPath, filePath);
        try {
            nettyServerBuilder.sslContext(GrpcSslContexts.configure(filePath != null ? SslContextBuilder.forServer(TlsConfigUtil.getPrivateKey(filePath, password), TlsConfigUtil.getCertificateChain(filePath, password)) : SslContextBuilder.forServer(certificateChainPath, privateKeyPath)).build());
        } catch (Exception e) {
            throw new IllegalArgumentException("Failed to start messaging service; invalid server TLS configuration", e);
        }
    }

    public void close() {
        this.healthManager.setStatus(Status.SHUTDOWN);
        if (this.server != null && !this.server.isShutdown()) {
            this.server.shutdown();
            try {
                LOG.debug("Waiting {} for server to shut down cleanly", this.shutdownTimeout);
                if (!this.server.awaitTermination(this.shutdownTimeout.getSeconds(), TimeUnit.SECONDS)) {
                    LOG.warn("Server did not shut down cleanly within {}", this.shutdownTimeout);
                    this.server.shutdownNow();
                    this.server.awaitTermination();
                }
            } catch (InterruptedException e) {
                LOG.warn("Failed to await termination of gRPC server", e);
                Thread.currentThread().interrupt();
            } finally {
                this.server = null;
            }
        }
        if (this.grpcExecutor != null) {
            this.grpcExecutor.shutdownNow();
            try {
                this.grpcExecutor.awaitTermination(10L, TimeUnit.SECONDS);
            } catch (InterruptedException e2) {
                Thread.currentThread().interrupt();
            } finally {
                this.grpcExecutor = null;
            }
        }
    }

    private CompletableFuture<ActivateJobsHandler<GatewayOuterClass.ActivateJobsResponse>> createAndStartActivateJobsHandler(BrokerClient brokerClient) {
        return submitActorToActivateJobs(buildActivateJobsHandler(brokerClient));
    }

    private CompletableFuture<ActivateJobsHandler<GatewayOuterClass.ActivateJobsResponse>> submitActorToActivateJobs(ActivateJobsHandler<GatewayOuterClass.ActivateJobsResponse> activateJobsHandler) {
        CompletableFuture<ActivateJobsHandler<GatewayOuterClass.ActivateJobsResponse>> completableFuture = new CompletableFuture<>();
        this.actorSchedulingService.submitActor(Actor.newActor().name("ActivateJobsHandler").actorStartedHandler(activateJobsHandler.andThen(actorControl -> {
            completableFuture.complete(activateJobsHandler);
        })).build());
        return completableFuture;
    }

    private ActivateJobsHandler<GatewayOuterClass.ActivateJobsResponse> buildActivateJobsHandler(BrokerClient brokerClient) {
        return this.gatewayCfg.getLongPolling().isEnabled() ? buildLongPollingHandler(brokerClient) : new RoundRobinActivateJobsHandler(brokerClient, this.gatewayCfg.getNetwork().getMaxMessageSize().toBytes(), ResponseMapper::toActivateJobsResponse, REQUEST_CANCELED_EXCEPTION_PROVIDER);
    }

    private LongPollingActivateJobsHandler<GatewayOuterClass.ActivateJobsResponse> buildLongPollingHandler(BrokerClient brokerClient) {
        return LongPollingActivateJobsHandler.newBuilder().setBrokerClient(brokerClient).setMaxMessageSize(this.gatewayCfg.getNetwork().getMaxMessageSize().toBytes()).setLongPollingTimeout(this.gatewayCfg.getLongPolling().getTimeout()).setProbeTimeoutMillis(this.gatewayCfg.getLongPolling().getProbeTimeout()).setMinEmptyResponses(this.gatewayCfg.getLongPolling().getMinEmptyResponses()).setActivationResultMapper(ResponseMapper::toActivateJobsResponse).setNoJobsReceivedExceptionProvider(NO_JOBS_RECEIVED_EXCEPTION_PROVIDER).setRequestCanceledExceptionProvider(REQUEST_CANCELED_EXCEPTION_PROVIDER).build();
    }

    private ServerServiceDefinition applyInterceptors(BindableService bindableService) {
        InterceptorRepository load = new InterceptorRepository().load(this.gatewayCfg.getInterceptors());
        QueryApiImpl queryApiImpl = new QueryApiImpl(this.brokerClient);
        List list = (List) load.instantiate().map(DecoratedInterceptor::decorate).collect(Collectors.toList());
        Collections.reverse(list);
        list.add(new ContextInjectingInterceptor(queryApiImpl));
        list.add(MONITORING_SERVER_INTERCEPTOR);
        if (AuthenticationCfg.AuthMode.IDENTITY == this.gatewayCfg.getSecurity().getAuthentication().getMode()) {
            IdentityCfg identity = this.gatewayCfg.getSecurity().getAuthentication().getIdentity();
            if (isZeebeIdentityConfigurationNotNull(identity)) {
                list.add(new IdentityInterceptor(identity, this.gatewayCfg));
                LOG.warn("These Zeebe configuration properties for Camunda Identity are deprecated! Please use the corresponding Camunda Identity properties or the environment variables defined here: https://docs.camunda.io/docs/self-managed/identity/deployment/configuration-variables/");
            } else {
                list.add(new IdentityInterceptor(this.identityCfg, this.gatewayCfg));
            }
        }
        return ServerInterceptors.intercept(bindableService, list);
    }

    private boolean isZeebeIdentityConfigurationNotNull(IdentityCfg identityCfg) {
        return (identityCfg.getIssuerBackendUrl() == null && identityCfg.getBaseUrl() == null) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static StatusException grpcStatusException(int i, String str) {
        return StatusProto.toStatusException(com.google.rpc.Status.newBuilder().setCode(i).setMessage(str).build());
    }
}
