package net.intelie.liverig.plugin.server;

import java.io.BufferedInputStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import net.intelie.live.ElementHandle;
import net.intelie.live.ElementState;
import net.intelie.live.EventLobby;
import net.intelie.live.ExtensionConfig;
import net.intelie.live.ExtensionQualifier;
import net.intelie.live.ExtensionRole;
import net.intelie.live.PrefixedLive;
import net.intelie.live.ValidationBuilder;
import net.intelie.liverig.plugin.guava.base.Strings;
import net.intelie.liverig.protocol.Util;
import net.intelie.liverig.server.Server;
import net.intelie.liverig.util.Default;
import net.intelie.liverig.util.Escapes;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:net/intelie/liverig/plugin/server/ServerExtensionConfig.class */
public class ServerExtensionConfig implements ExtensionConfig {
    public static final String PROGRAM_NAME = "liverig-server";
    private static final int DEFAULT_LISTEN_BACKLOG = 0;
    private static final boolean DEFAULT_COMPRESSION = true;
    private static final long DEFAULT_HELLO_TIMEOUT = 30000;
    private static final int DEFAULT_EXECUTOR_THREADS = 8;
    private static final int DEFAULT_EXECUTOR_QUEUE_SIZE = 16;
    private static final int DEFAULT_EXECUTOR_CORE_POOL_SIZE = 4;
    private static final int DEFAULT_CONNECTION_LIMIT_PER_PEER = 3;
    public static final String DEFAULT_SSL_STORETYPE = "PKCS12";
    public static final String DEFAULT_SSL_STOREPASS = "liverig";
    public static final String DEFAULT_SSL_KEYALIAS = "liverig";
    public static final String DEFAULT_SSL_KEYPASS = "liverig";
    private String listen_address;
    private Integer listen_port;
    private Integer listen_backlog;
    private Boolean compression;
    private Long hello_timeout;
    private Integer executor_threads;
    private Integer executor_queue_size;
    private Integer executor_core_pool_size;
    private Integer connection_limit;
    private String state_path;
    private String sslKeyStore;
    private String sslStoreType;
    private String sslStorePass;
    private String sslKeyAlias;
    private String sslKeyPass;
    private Map<String, Peer> peers = Collections.emptyMap();
    private String server_report_event_type = "liverig_server_event";

    /* loaded from: input_file:net/intelie/liverig/plugin/server/ServerExtensionConfig$Peer.class */
    static class Peer {
        private static final long DEFAULT_IDLE_TIMEOUT = 10000;
        private static final long DEFAULT_KEEPALIVE_TIMEOUT = 30000;
        private String password;
        private Long idle_timeout;
        private Long keepalive_timeout;
        private Set<String> allowed_rig_names;

        Peer(String str) {
            this(str, null, null);
        }

        Peer(String str, Long l, Long l2) {
            this.password = str;
            this.idle_timeout = l;
            this.keepalive_timeout = l2;
        }

        public String password() {
            return this.password;
        }

        public long idle_timeout() {
            return Default.positive_or_default(this.idle_timeout, DEFAULT_IDLE_TIMEOUT);
        }

        public long keepalive_timeout() {
            return Default.positive_or_default(this.keepalive_timeout, DEFAULT_KEEPALIVE_TIMEOUT);
        }

        public Set<String> allowed_rig_names() {
            return this.allowed_rig_names != null ? Collections.unmodifiableSet(this.allowed_rig_names) : Collections.emptySet();
        }
    }

    public String listen_address() {
        return this.listen_address;
    }

    public int listen_port() {
        return this.listen_port.intValue();
    }

    public int listen_backlog() {
        if (this.listen_backlog != null) {
            return this.listen_backlog.intValue();
        }
        return 0;
    }

    public InetSocketAddress listenSocketAddress() {
        return this.listen_address == null ? new InetSocketAddress(this.listen_port.intValue()) : new InetSocketAddress(this.listen_address, this.listen_port.intValue());
    }

    public Set<String> peers() {
        return Collections.unmodifiableSet(this.peers.keySet());
    }

    public Peer peer(String str) {
        return this.peers.get(str);
    }

    public PeerState peerState(String str) throws IOException {
        return new PeerState(Paths.get(this.state_path, new String[0]).resolve(Escapes.safeIdentifier(str)));
    }

    String state_path() {
        return this.state_path;
    }

    public boolean compression() {
        if (this.compression != null) {
            return this.compression.booleanValue();
        }
        return true;
    }

    public long hello_timeout() {
        return Default.positive_or_default(this.hello_timeout, DEFAULT_HELLO_TIMEOUT);
    }

    public int executor_threads() {
        return Default.positive_or_default(this.executor_threads, 8);
    }

    public int executor_queue_size() {
        return Default.positive_or_default(this.executor_queue_size, 16);
    }

    public int executor_core_pool_size() {
        return Default.positive_or_default(this.executor_core_pool_size, 4);
    }

    public int connection_limit() {
        return Default.positive_or_default(this.connection_limit, this.peers.size() * 3);
    }

    @NotNull
    private String sslKeyAlias() {
        return this.sslKeyAlias != null ? this.sslKeyAlias : "liverig";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nullable
    public KeyStore keyStore() throws IOException, GeneralSecurityException {
        if (Strings.isNullOrEmpty(this.sslKeyStore)) {
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance(this.sslStoreType != null ? this.sslStoreType : DEFAULT_SSL_STORETYPE);
        BufferedInputStream bufferedInputStream = new BufferedInputStream(Files.newInputStream(Paths.get(this.sslKeyStore, new String[0]), new OpenOption[0]));
        try {
            keyStore.load(bufferedInputStream, (this.sslStorePass != null ? this.sslStorePass : "liverig").toCharArray());
            bufferedInputStream.close();
            return keyStore;
        } catch (Throwable th) {
            try {
                bufferedInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nullable
    public String publicKeyFingerprint(@Nullable KeyStore keyStore) throws KeyStoreException {
        Certificate certificate;
        if (keyStore == null || (certificate = keyStore.getCertificate(sslKeyAlias())) == null) {
            return null;
        }
        return Util.publicKeyFingerprint(certificate);
    }

    @Nullable
    private SSLContext sslContext(@Nullable KeyStore keyStore) throws GeneralSecurityException {
        if (keyStore == null) {
            return null;
        }
        String sslKeyAlias = sslKeyAlias();
        if (!keyStore.containsAlias(sslKeyAlias) || !keyStore.isKeyEntry(sslKeyAlias)) {
            throw new CertificateException("KeyStore does not contain key for alias " + sslKeyAlias);
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, (this.sslKeyPass != null ? this.sslKeyPass : "liverig").toCharArray());
        KeyManager[] keyManagerArr = (KeyManager[]) Arrays.stream(keyManagerFactory.getKeyManagers()).map(keyManager -> {
            return keyManager instanceof X509ExtendedKeyManager ? new FixedAliasKeyManager((X509ExtendedKeyManager) keyManager, sslKeyAlias) : keyManager;
        }).toArray(i -> {
            return new KeyManager[i];
        });
        ServerTrustManager serverTrustManager = new ServerTrustManager();
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerArr, new TrustManager[]{serverTrustManager}, null);
        return sSLContext;
    }

    public String summarize() {
        return listenSocketAddress().toString();
    }

    public Set<ExtensionRole> roles() {
        return Collections.singleton(ExtensionRole.INPUT);
    }

    public ValidationBuilder validate(ValidationBuilder validationBuilder) {
        return validationBuilder.requiredValue(this.listen_port != null ? this.listen_port.toString() : null, "listen_port").requiredValue(this.state_path, "state_path");
    }

    public ElementHandle create(PrefixedLive prefixedLive, ExtensionQualifier extensionQualifier, RemoteControlImpl remoteControlImpl, FingerprintConfig fingerprintConfig) throws Exception {
        String version = prefixedLive.pluginVersion().toString();
        EventLobby eventLobby = prefixedLive.engine().getEventLobby();
        ServerReporter serverReporter = new ServerReporter(eventLobby, extensionQualifier, this.server_report_event_type, version);
        EventProcessor eventProcessor = new EventProcessor(eventLobby, extensionQualifier, serverReporter, version);
        KeyStore keyStore = keyStore();
        if (keyStore != null) {
            fingerprintConfig.register(prefixedLive, extensionQualifier.qualifier(), publicKeyFingerprint(keyStore));
        }
        ServerConfiguration serverConfiguration = new ServerConfiguration(prefixedLive, this, serverReporter, eventProcessor, sslContext(keyStore));
        LiveComponents liveComponents = new LiveComponents(prefixedLive, executor_threads(), executor_queue_size(), executor_core_pool_size());
        InetSocketAddress listenSocketAddress = listenSocketAddress();
        prefixedLive.describeAction("Listening on liverig endpoint " + listenSocketAddress, new Server(serverConfiguration, liveComponents, listenSocketAddress, listen_backlog()));
        remoteControlImpl.register(prefixedLive, extensionQualifier.qualifier(), serverConfiguration);
        return new ElementHandle.Default(prefixedLive);
    }

    public ElementState test(ExtensionQualifier extensionQualifier) throws Exception {
        sslContext(keyStore());
        return ElementState.OK;
    }
}
