package org.apache.activemq.artemis.core.remoting.impl.netty;

import io.netty.bootstrap.ServerBootstrap;
import io.netty.buffer.ByteBufAllocator;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelOption;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.DefaultEventLoopGroup;
import io.netty.channel.EventLoopGroup;
import io.netty.channel.ServerChannel;
import io.netty.channel.WriteBufferWaterMark;
import io.netty.channel.epoll.EpollEventLoopGroup;
import io.netty.channel.epoll.EpollServerSocketChannel;
import io.netty.channel.group.ChannelGroup;
import io.netty.channel.group.DefaultChannelGroup;
import io.netty.channel.kqueue.KQueueEventLoopGroup;
import io.netty.channel.kqueue.KQueueServerSocketChannel;
import io.netty.channel.local.LocalAddress;
import io.netty.channel.local.LocalServerChannel;
import io.netty.channel.nio.NioEventLoopGroup;
import io.netty.channel.socket.nio.NioServerSocketChannel;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslHandler;
import io.netty.util.ResourceLeakDetector;
import io.netty.util.concurrent.Future;
import io.netty.util.concurrent.GenericFutureListener;
import io.netty.util.concurrent.GlobalEventExecutor;
import java.net.InetSocketAddress;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.Executor;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import org.apache.activemq.artemis.api.config.ActiveMQDefaultConfiguration;
import org.apache.activemq.artemis.api.core.ActiveMQException;
import org.apache.activemq.artemis.api.core.SimpleString;
import org.apache.activemq.artemis.api.core.TransportConfiguration;
import org.apache.activemq.artemis.api.core.management.CoreNotificationType;
import org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl;
import org.apache.activemq.artemis.core.protocol.ProtocolHandler;
import org.apache.activemq.artemis.core.remoting.impl.AbstractAcceptor;
import org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport;
import org.apache.activemq.artemis.core.security.ActiveMQPrincipal;
import org.apache.activemq.artemis.core.server.ActiveMQComponent;
import org.apache.activemq.artemis.core.server.ActiveMQMessageBundle;
import org.apache.activemq.artemis.core.server.ActiveMQServerLogger;
import org.apache.activemq.artemis.core.server.cluster.ClusterConnection;
import org.apache.activemq.artemis.core.server.management.Notification;
import org.apache.activemq.artemis.core.server.management.NotificationService;
import org.apache.activemq.artemis.spi.core.protocol.ProtocolManager;
import org.apache.activemq.artemis.spi.core.remoting.BufferHandler;
import org.apache.activemq.artemis.spi.core.remoting.Connection;
import org.apache.activemq.artemis.spi.core.remoting.ServerConnectionLifeCycleListener;
import org.apache.activemq.artemis.utils.ActiveMQThreadFactory;
import org.apache.activemq.artemis.utils.ConfigurationHelper;
import org.apache.activemq.artemis.utils.collections.TypedProperties;
import org.jboss.logging.Logger;
import org.jgroups.Global;

/* loaded from: input_file:WEB-INF/lib/artemis-server-2.8.0.jar:org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.class */
public class NettyAcceptor extends AbstractAcceptor {
    public static String INVM_ACCEPTOR_TYPE = "IN-VM";
    public static String NIO_ACCEPTOR_TYPE = "NIO";
    public static String EPOLL_ACCEPTOR_TYPE = "EPOLL";
    public static String KQUEUE_ACCEPTOR_TYPE = "KQUEUE";
    private final String protocolsString;
    private final String name;
    private final ClusterConnection clusterConnection;
    private Class<? extends ServerChannel> channelClazz;
    private EventLoopGroup eventLoopGroup;
    private volatile ChannelGroup serverChannelGroup;
    private volatile ChannelGroup channelGroup;
    private ServerBootstrap bootstrap;
    private final BufferHandler handler;
    private final ServerConnectionLifeCycleListener listener;
    private final boolean sslEnabled;
    private final boolean useInvm;
    private final boolean useEpoll;
    private final boolean useKQueue;
    private final ProtocolHandler protocolHandler;
    private final String host;
    private final int port;
    private final String keyStoreProvider;
    private String keyStorePath;
    private final String keyStorePassword;
    private final String trustStoreProvider;
    private final String trustStorePath;
    private final String trustStorePassword;
    private final String crlPath;
    private final String enabledCipherSuites;
    private final String enabledProtocols;
    private final boolean needClientAuth;
    private final boolean wantClientAuth;
    private final String sslProvider;
    private final boolean verifyHost;
    private final String kerb5Config;
    private String sniHost;
    private final boolean tcpNoDelay;
    private final int backlog;
    private final int tcpSendBufferSize;
    private final int tcpReceiveBufferSize;
    private final int writeBufferLowWaterMark;
    private final int writeBufferHighWaterMark;
    private int remotingThreads;
    private final ConcurrentMap<Object, NettyServerConnection> connections;
    private final Map<String, Object> configuration;
    private final ScheduledExecutorService scheduledThreadPool;
    private NotificationService notificationService;
    private boolean paused;
    private BatchFlusher flusher;
    private ScheduledFuture<?> batchFlusherFuture;
    private final long batchDelay;
    private final boolean directDeliver;
    private final boolean httpUpgradeEnabled;
    private final long connectionsAllowed;
    private Map<String, Object> extraConfigs;
    private static final Logger logger;
    final AtomicBoolean warningPrinted;
    final Executor failureExecutor;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/artemis-server-2.8.0.jar:org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor$ActiveMQServerChannelHandler.class */
    public final class ActiveMQServerChannelHandler extends ActiveMQChannelHandler implements ConnectionCreator {
        ActiveMQServerChannelHandler(ChannelGroup channelGroup, BufferHandler bufferHandler, ServerConnectionLifeCycleListener serverConnectionLifeCycleListener, Executor executor) {
            super(channelGroup, bufferHandler, serverConnectionLifeCycleListener, executor);
        }

        @Override // org.apache.activemq.artemis.core.remoting.impl.netty.ConnectionCreator
        public NettyServerConnection createConnection(ChannelHandlerContext channelHandlerContext, String str, boolean z) throws Exception {
            if (NettyAcceptor.this.connectionsAllowed != -1 && NettyAcceptor.this.connections.size() >= NettyAcceptor.this.connectionsAllowed) {
                ActiveMQServerLogger.LOGGER.connectionLimitReached(NettyAcceptor.this.connectionsAllowed, channelHandlerContext.channel().remoteAddress().toString());
                channelHandlerContext.channel().close();
                return null;
            }
            super.channelActive(channelHandlerContext);
            Listener listener = new Listener();
            NettyServerConnection nettyServerConnection = new NettyServerConnection(NettyAcceptor.this.configuration, channelHandlerContext.channel(), listener, !z && NettyAcceptor.this.batchDelay > 0, NettyAcceptor.this.directDeliver);
            listener.connectionCreated((ActiveMQComponent) NettyAcceptor.this, (Connection) nettyServerConnection, NettyAcceptor.this.protocolHandler.getProtocol(str));
            SslHandler sslHandler = (SslHandler) channelHandlerContext.pipeline().get(SslHandler.class);
            if (sslHandler != null) {
                sslHandler.handshakeFuture().addListener2(new GenericFutureListener<Future<Channel>>() { // from class: org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor.ActiveMQServerChannelHandler.1
                    @Override // io.netty.util.concurrent.GenericFutureListener
                    public void operationComplete(Future<Channel> future) throws Exception {
                        if (future.isSuccess()) {
                            ActiveMQServerChannelHandler.this.active = true;
                        } else {
                            future.getNow().close();
                        }
                    }
                });
            } else {
                this.active = true;
            }
            return nettyServerConnection;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/artemis-server-2.8.0.jar:org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor$BatchFlusher.class */
    private class BatchFlusher implements Runnable {
        private boolean cancelled;

        private BatchFlusher() {
        }

        @Override // java.lang.Runnable
        public synchronized void run() {
            if (this.cancelled) {
                return;
            }
            Iterator it = NettyAcceptor.this.connections.values().iterator();
            while (it.hasNext()) {
                ((Connection) it.next()).checkFlushBatchBuffer();
            }
        }

        public synchronized void cancel() {
            this.cancelled = true;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/artemis-server-2.8.0.jar:org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor$Listener.class */
    public class Listener implements ServerConnectionLifeCycleListener {
        private Listener() {
        }

        @Override // org.apache.activemq.artemis.spi.core.remoting.BaseConnectionLifeCycleListener
        public void connectionCreated(ActiveMQComponent activeMQComponent, Connection connection, ProtocolManager protocolManager) {
            if (NettyAcceptor.this.connections.putIfAbsent(connection.getID(), (NettyServerConnection) connection) != null) {
                throw ActiveMQMessageBundle.BUNDLE.connectionExists(connection.getID());
            }
            NettyAcceptor.this.listener.connectionCreated(activeMQComponent, connection, protocolManager);
        }

        @Override // org.apache.activemq.artemis.spi.core.remoting.BaseConnectionLifeCycleListener
        public void connectionDestroyed(Object obj) {
            if (NettyAcceptor.this.connections.remove(obj) != null) {
                NettyAcceptor.this.listener.connectionDestroyed(obj);
            }
        }

        /* JADX WARN: Type inference failed for: r0v0, types: [org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor$Listener$1] */
        @Override // org.apache.activemq.artemis.spi.core.remoting.BaseConnectionLifeCycleListener
        public void connectionException(final Object obj, final ActiveMQException activeMQException) {
            new Thread() { // from class: org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor.Listener.1
                @Override // java.lang.Thread, java.lang.Runnable
                public void run() {
                    NettyAcceptor.this.listener.connectionException(obj, activeMQException);
                }
            }.start();
        }

        @Override // org.apache.activemq.artemis.spi.core.remoting.BaseConnectionLifeCycleListener
        public void connectionReadyForWrites(Object obj, boolean z) {
            NettyServerConnection nettyServerConnection = (NettyServerConnection) NettyAcceptor.this.connections.get(obj);
            if (nettyServerConnection != null) {
                nettyServerConnection.fireReady(z);
            }
            NettyAcceptor.this.listener.connectionReadyForWrites(obj, z);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/artemis-server-2.8.0.jar:org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor$SslHandshakeExceptionHandler.class */
    private class SslHandshakeExceptionHandler implements ChannelHandler {
        private SslHandshakeExceptionHandler() {
        }

        @Override // io.netty.channel.ChannelHandler
        public void handlerAdded(ChannelHandlerContext channelHandlerContext) throws Exception {
        }

        @Override // io.netty.channel.ChannelHandler
        public void handlerRemoved(ChannelHandlerContext channelHandlerContext) throws Exception {
        }

        @Override // io.netty.channel.ChannelHandler, io.netty.channel.ChannelInboundHandler
        public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
            if (th.getMessage() == null || !th.getMessage().startsWith(SSLHandshakeException.class.getName())) {
                return;
            }
            Throwable rootCause = getRootCause(th);
            ActiveMQServerLogger.LOGGER.sslHandshakeFailed(channelHandlerContext.channel().remoteAddress().toString(), rootCause.getClass().getName() + ": " + rootCause.getMessage());
            if (ActiveMQServerLogger.LOGGER.isDebugEnabled()) {
                ActiveMQServerLogger.LOGGER.debug("SSL handshake failed", th);
            }
        }

        private Throwable getRootCause(Throwable th) {
            ArrayList arrayList = new ArrayList();
            while (th != null && !arrayList.contains(th)) {
                arrayList.add(th);
                th = th.getCause();
            }
            return arrayList.size() < 2 ? th : (Throwable) arrayList.get(arrayList.size() - 1);
        }
    }

    public NettyAcceptor(String str, ClusterConnection clusterConnection, Map<String, Object> map, BufferHandler bufferHandler, ServerConnectionLifeCycleListener serverConnectionLifeCycleListener, ScheduledExecutorService scheduledExecutorService, Executor executor, Map<String, ProtocolManager> map2) {
        super(map2);
        this.connections = new ConcurrentHashMap();
        this.warningPrinted = new AtomicBoolean(false);
        this.failureExecutor = executor;
        this.name = str;
        this.clusterConnection = clusterConnection;
        this.configuration = map;
        this.handler = bufferHandler;
        this.listener = serverConnectionLifeCycleListener;
        this.sslEnabled = ConfigurationHelper.getBooleanProperty(TransportConstants.SSL_ENABLED_PROP_NAME, false, map);
        this.kerb5Config = ConfigurationHelper.getStringProperty(TransportConstants.SSL_KRB5_CONFIG_PROP_NAME, TransportConstants.DEFAULT_SSL_KRB5_CONFIG, map);
        this.remotingThreads = ConfigurationHelper.getIntProperty(TransportConstants.NIO_REMOTING_THREADS_PROPNAME, -1, map);
        this.remotingThreads = ConfigurationHelper.getIntProperty(TransportConstants.REMOTING_THREADS_PROPNAME, this.remotingThreads, map);
        this.useEpoll = ConfigurationHelper.getBooleanProperty(TransportConstants.USE_EPOLL_PROP_NAME, true, map);
        this.useKQueue = ConfigurationHelper.getBooleanProperty(TransportConstants.USE_KQUEUE_PROP_NAME, true, map);
        this.backlog = ConfigurationHelper.getIntProperty("backlog", -1, map);
        this.useInvm = ConfigurationHelper.getBooleanProperty(TransportConstants.USE_INVM_PROP_NAME, false, map);
        this.protocolHandler = new ProtocolHandler(map2, this, scheduledExecutorService);
        this.protocolsString = getProtocols(map2);
        this.host = ConfigurationHelper.getStringProperty("host", "localhost", map);
        this.port = ConfigurationHelper.getIntProperty("port", TransportConstants.DEFAULT_PORT, map);
        if (this.sslEnabled) {
            this.keyStoreProvider = ConfigurationHelper.getStringProperty(TransportConstants.KEYSTORE_PROVIDER_PROP_NAME, "JKS", map);
            this.keyStorePath = ConfigurationHelper.getStringProperty(TransportConstants.KEYSTORE_PATH_PROP_NAME, TransportConstants.DEFAULT_KEYSTORE_PATH, map);
            this.keyStorePassword = ConfigurationHelper.getPasswordProperty(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, TransportConstants.DEFAULT_KEYSTORE_PASSWORD, map, ActiveMQDefaultConfiguration.getPropMaskPassword(), ActiveMQDefaultConfiguration.getPropPasswordCodec());
            this.trustStoreProvider = ConfigurationHelper.getStringProperty(TransportConstants.TRUSTSTORE_PROVIDER_PROP_NAME, "JKS", map);
            this.trustStorePath = ConfigurationHelper.getStringProperty(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, TransportConstants.DEFAULT_TRUSTSTORE_PATH, map);
            this.trustStorePassword = ConfigurationHelper.getPasswordProperty(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, TransportConstants.DEFAULT_TRUSTSTORE_PASSWORD, map, ActiveMQDefaultConfiguration.getPropMaskPassword(), ActiveMQDefaultConfiguration.getPropPasswordCodec());
            this.crlPath = ConfigurationHelper.getStringProperty(TransportConstants.CRL_PATH_PROP_NAME, TransportConstants.DEFAULT_CRL_PATH, map);
            this.enabledCipherSuites = ConfigurationHelper.getStringProperty(TransportConstants.ENABLED_CIPHER_SUITES_PROP_NAME, TransportConstants.DEFAULT_ENABLED_CIPHER_SUITES, map);
            this.enabledProtocols = ConfigurationHelper.getStringProperty(TransportConstants.ENABLED_PROTOCOLS_PROP_NAME, TransportConstants.DEFAULT_ENABLED_PROTOCOLS, map);
            this.needClientAuth = ConfigurationHelper.getBooleanProperty(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, false, map);
            this.wantClientAuth = ConfigurationHelper.getBooleanProperty(TransportConstants.WANT_CLIENT_AUTH_PROP_NAME, false, map);
            this.verifyHost = ConfigurationHelper.getBooleanProperty(TransportConstants.VERIFY_HOST_PROP_NAME, false, map);
            this.sslProvider = ConfigurationHelper.getStringProperty(TransportConstants.SSL_PROVIDER, TransportConstants.DEFAULT_SSL_PROVIDER, map);
            this.sniHost = ConfigurationHelper.getStringProperty(TransportConstants.SNIHOST_PROP_NAME, TransportConstants.DEFAULT_SNIHOST_CONFIG, map);
        } else {
            this.keyStoreProvider = "JKS";
            this.keyStorePath = TransportConstants.DEFAULT_KEYSTORE_PATH;
            this.keyStorePassword = TransportConstants.DEFAULT_KEYSTORE_PASSWORD;
            this.trustStoreProvider = "JKS";
            this.trustStorePath = TransportConstants.DEFAULT_TRUSTSTORE_PATH;
            this.trustStorePassword = TransportConstants.DEFAULT_TRUSTSTORE_PASSWORD;
            this.crlPath = TransportConstants.DEFAULT_CRL_PATH;
            this.enabledCipherSuites = TransportConstants.DEFAULT_ENABLED_CIPHER_SUITES;
            this.enabledProtocols = TransportConstants.DEFAULT_ENABLED_PROTOCOLS;
            this.needClientAuth = false;
            this.wantClientAuth = false;
            this.verifyHost = false;
            this.sslProvider = TransportConstants.DEFAULT_SSL_PROVIDER;
            this.sniHost = TransportConstants.DEFAULT_SNIHOST_CONFIG;
        }
        this.tcpNoDelay = ConfigurationHelper.getBooleanProperty(TransportConstants.TCP_NODELAY_PROPNAME, true, map);
        this.tcpSendBufferSize = ConfigurationHelper.getIntProperty(TransportConstants.TCP_SENDBUFFER_SIZE_PROPNAME, 1048576, map);
        this.tcpReceiveBufferSize = ConfigurationHelper.getIntProperty(TransportConstants.TCP_RECEIVEBUFFER_SIZE_PROPNAME, 1048576, map);
        this.writeBufferLowWaterMark = ConfigurationHelper.getIntProperty(TransportConstants.WRITE_BUFFER_LOW_WATER_MARK_PROPNAME, TransportConstants.DEFAULT_WRITE_BUFFER_LOW_WATER_MARK, map);
        this.writeBufferHighWaterMark = ConfigurationHelper.getIntProperty(TransportConstants.WRITE_BUFFER_HIGH_WATER_MARK_PROPNAME, TransportConstants.DEFAULT_WRITE_BUFFER_HIGH_WATER_MARK, map);
        this.scheduledThreadPool = scheduledExecutorService;
        this.batchDelay = ConfigurationHelper.getLongProperty(TransportConstants.BATCH_DELAY, 0L, map);
        this.directDeliver = ConfigurationHelper.getBooleanProperty("directDeliver", true, map);
        this.httpUpgradeEnabled = ConfigurationHelper.getBooleanProperty(TransportConstants.HTTP_UPGRADE_ENABLED_PROP_NAME, false, map);
        this.connectionsAllowed = ConfigurationHelper.getLongProperty("connectionsAllowed", -1L, map);
    }

    @Override // org.apache.activemq.artemis.core.server.ActiveMQComponent
    public synchronized void start() throws Exception {
        String str;
        if (this.channelClazz != null) {
            return;
        }
        if (this.useInvm) {
            str = INVM_ACCEPTOR_TYPE;
            this.channelClazz = LocalServerChannel.class;
            this.eventLoopGroup = new DefaultEventLoopGroup();
        } else {
            if (this.remotingThreads == -1) {
                this.remotingThreads = Runtime.getRuntime().availableProcessors() * 3;
            }
            if (this.useEpoll && CheckDependencies.isEpollAvailable()) {
                this.channelClazz = EpollServerSocketChannel.class;
                this.eventLoopGroup = new EpollEventLoopGroup(this.remotingThreads, (ThreadFactory) AccessController.doPrivileged(new PrivilegedAction<ActiveMQThreadFactory>() { // from class: org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public ActiveMQThreadFactory run() {
                        return new ActiveMQThreadFactory("activemq-netty-threads", true, ClientSessionFactoryImpl.class.getClassLoader());
                    }
                }));
                str = EPOLL_ACCEPTOR_TYPE;
                logger.debug("Acceptor using native epoll");
            } else if (this.useKQueue && CheckDependencies.isKQueueAvailable()) {
                this.channelClazz = KQueueServerSocketChannel.class;
                this.eventLoopGroup = new KQueueEventLoopGroup(this.remotingThreads, (ThreadFactory) AccessController.doPrivileged(new PrivilegedAction<ActiveMQThreadFactory>() { // from class: org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor.2
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public ActiveMQThreadFactory run() {
                        return new ActiveMQThreadFactory("activemq-netty-threads", true, ClientSessionFactoryImpl.class.getClassLoader());
                    }
                }));
                str = KQUEUE_ACCEPTOR_TYPE;
                logger.debug("Acceptor using native kqueue");
            } else {
                this.channelClazz = NioServerSocketChannel.class;
                this.eventLoopGroup = new NioEventLoopGroup(this.remotingThreads, (ThreadFactory) AccessController.doPrivileged(new PrivilegedAction<ActiveMQThreadFactory>() { // from class: org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor.3
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public ActiveMQThreadFactory run() {
                        return new ActiveMQThreadFactory("activemq-netty-threads", true, ClientSessionFactoryImpl.class.getClassLoader());
                    }
                }));
                str = NIO_ACCEPTOR_TYPE;
                logger.debug("Acceptor using nio");
            }
        }
        this.bootstrap = new ServerBootstrap();
        this.bootstrap.group(this.eventLoopGroup);
        this.bootstrap.channel(this.channelClazz);
        this.bootstrap.childHandler(new ChannelInitializer<Channel>() { // from class: org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor.4
            @Override // io.netty.channel.ChannelInitializer
            public void initChannel(Channel channel) throws Exception {
                ChannelPipeline pipeline = channel.pipeline();
                if (NettyAcceptor.this.sslEnabled) {
                    pipeline.addLast("ssl", NettyAcceptor.this.getSslHandler(channel.alloc()));
                    pipeline.addLast("sslHandshakeExceptionHandler", new SslHandshakeExceptionHandler());
                }
                pipeline.addLast(NettyAcceptor.this.protocolHandler.getProtocolDecoder());
            }
        });
        this.bootstrap.childOption(ChannelOption.TCP_NODELAY, Boolean.valueOf(this.tcpNoDelay));
        if (this.tcpReceiveBufferSize != -1) {
            this.bootstrap.childOption(ChannelOption.SO_RCVBUF, Integer.valueOf(this.tcpReceiveBufferSize));
        }
        if (this.tcpSendBufferSize != -1) {
            this.bootstrap.childOption(ChannelOption.SO_SNDBUF, Integer.valueOf(this.tcpSendBufferSize));
        }
        this.bootstrap.childOption(ChannelOption.WRITE_BUFFER_WATER_MARK, new WriteBufferWaterMark(this.writeBufferLowWaterMark != -1 ? this.writeBufferLowWaterMark : WriteBufferWaterMark.DEFAULT.low(), this.writeBufferHighWaterMark != -1 ? this.writeBufferHighWaterMark : WriteBufferWaterMark.DEFAULT.high()));
        if (this.backlog != -1) {
            this.bootstrap.option(ChannelOption.SO_BACKLOG, Integer.valueOf(this.backlog));
        }
        this.bootstrap.option(ChannelOption.SO_REUSEADDR, true);
        this.bootstrap.childOption(ChannelOption.SO_REUSEADDR, true);
        this.bootstrap.childOption(ChannelOption.SO_KEEPALIVE, true);
        this.channelGroup = new DefaultChannelGroup("activemq-accepted-channels", GlobalEventExecutor.INSTANCE);
        this.serverChannelGroup = new DefaultChannelGroup("activemq-acceptor-channels", GlobalEventExecutor.INSTANCE);
        if (!this.httpUpgradeEnabled) {
            startServerChannels();
            this.paused = false;
            if (this.notificationService != null) {
                TypedProperties typedProperties = new TypedProperties();
                typedProperties.putSimpleStringProperty(new SimpleString("factory"), new SimpleString(NettyAcceptorFactory.class.getName()));
                typedProperties.putSimpleStringProperty(new SimpleString("host"), new SimpleString(this.host));
                typedProperties.putIntProperty(new SimpleString("port"), this.port);
                this.notificationService.sendNotification(new Notification(null, CoreNotificationType.ACCEPTOR_STARTED, typedProperties));
            }
            ActiveMQServerLogger.LOGGER.startedAcceptor(str, this.host, Integer.valueOf(this.port), this.protocolsString);
        }
        if (this.batchDelay > 0) {
            this.flusher = new BatchFlusher();
            this.batchFlusherFuture = this.scheduledThreadPool.scheduleWithFixedDelay(this.flusher, this.batchDelay, this.batchDelay, TimeUnit.MILLISECONDS);
        }
    }

    @Override // org.apache.activemq.artemis.spi.core.remoting.Acceptor
    public String getName() {
        return this.name;
    }

    public void setKeyStorePath(String str) {
        this.keyStorePath = str;
    }

    public void transfer(Channel channel) {
        if (this.paused || this.eventLoopGroup == null) {
            throw ActiveMQMessageBundle.BUNDLE.acceptorUnavailable();
        }
        channel.pipeline().addLast(this.protocolHandler.getProtocolDecoder());
    }

    @Override // org.apache.activemq.artemis.spi.core.remoting.Acceptor
    public void reload() {
        this.serverChannelGroup.disconnect();
        this.serverChannelGroup.clear();
        startServerChannels();
    }

    public synchronized SslHandler getSslHandler(ByteBufAllocator byteBufAllocator) throws Exception {
        SSLEngine loadOpenSslEngine = this.sslProvider.equals(TransportConstants.OPENSSL_PROVIDER) ? loadOpenSslEngine(byteBufAllocator) : loadJdkSslEngine();
        loadOpenSslEngine.setUseClientMode(false);
        if (this.needClientAuth) {
            loadOpenSslEngine.setNeedClientAuth(true);
        } else if (this.wantClientAuth) {
            loadOpenSslEngine.setWantClientAuth(true);
        }
        String[] enabledProtocols = loadOpenSslEngine.getEnabledProtocols();
        if (this.enabledCipherSuites != null) {
            try {
                loadOpenSslEngine.setEnabledCipherSuites(SSLSupport.parseCommaSeparatedListIntoArray(this.enabledCipherSuites));
            } catch (IllegalArgumentException e) {
                ActiveMQServerLogger.LOGGER.invalidCipherSuite(SSLSupport.parseArrayIntoCommandSeparatedList(loadOpenSslEngine.getSupportedCipherSuites()));
                throw e;
            }
        }
        if (this.enabledProtocols != null) {
            try {
                loadOpenSslEngine.setEnabledProtocols(SSLSupport.parseCommaSeparatedListIntoArray(this.enabledProtocols));
            } catch (IllegalArgumentException e2) {
                ActiveMQServerLogger.LOGGER.invalidProtocol(SSLSupport.parseArrayIntoCommandSeparatedList(loadOpenSslEngine.getSupportedProtocols()));
                throw e2;
            }
        } else {
            loadOpenSslEngine.setEnabledProtocols(enabledProtocols);
        }
        String[] enabledProtocols2 = loadOpenSslEngine.getEnabledProtocols();
        HashSet hashSet = new HashSet();
        for (String str : enabledProtocols2) {
            if (!str.equalsIgnoreCase("SSLv3") && !str.equals("SSLv2Hello")) {
                hashSet.add(str);
            } else if (!this.warningPrinted.get()) {
                ActiveMQServerLogger.LOGGER.disallowedProtocol(str, this.name);
            }
        }
        this.warningPrinted.set(true);
        loadOpenSslEngine.setEnabledProtocols((String[]) hashSet.toArray(new String[hashSet.size()]));
        if (this.verifyHost) {
            SSLParameters sSLParameters = loadOpenSslEngine.getSSLParameters();
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            loadOpenSslEngine.setSSLParameters(sSLParameters);
        }
        if (this.sniHost != null) {
            SSLParameters sSLParameters2 = loadOpenSslEngine.getSSLParameters();
            sSLParameters2.setSNIMatchers(Arrays.asList(SNIHostName.createSNIMatcher(this.sniHost)));
            loadOpenSslEngine.setSSLParameters(sSLParameters2);
        }
        return new SslHandler(loadOpenSslEngine);
    }

    private SSLEngine loadJdkSslEngine() throws Exception {
        try {
            if (this.kerb5Config == null && this.keyStorePath == null && "JKS".equals(this.keyStoreProvider)) {
                throw new IllegalArgumentException("If \"sslEnabled\" is true then \"keyStorePath\" must be non-null unless an alternative \"keyStoreProvider\" has been specified.");
            }
            final SSLContext createContext = new SSLSupport().setKeystoreProvider(this.keyStoreProvider).setKeystorePath(this.keyStorePath).setKeystorePassword(this.keyStorePassword).setTruststoreProvider(this.trustStoreProvider).setTruststorePath(this.trustStorePath).setTruststorePassword(this.trustStorePassword).setCrlPath(this.crlPath).createContext();
            Subject subject = null;
            if (this.kerb5Config != null) {
                LoginContext loginContext = new LoginContext(this.kerb5Config);
                loginContext.login();
                subject = loginContext.getSubject();
            }
            return (SSLEngine) Subject.doAs(subject, new PrivilegedExceptionAction<SSLEngine>() { // from class: org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor.5
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public SSLEngine run() {
                    return NettyAcceptor.this.verifyHost ? createContext.createSSLEngine(NettyAcceptor.this.host, NettyAcceptor.this.port) : createContext.createSSLEngine();
                }
            });
        } catch (Exception e) {
            IllegalStateException illegalStateException = new IllegalStateException("Unable to create NettyAcceptor for " + this.host + ":" + this.port);
            illegalStateException.initCause(e);
            throw illegalStateException;
        }
    }

    private SSLEngine loadOpenSslEngine(final ByteBufAllocator byteBufAllocator) throws Exception {
        try {
            if (this.kerb5Config == null && this.keyStorePath == null && "JKS".equals(this.keyStoreProvider)) {
                throw new IllegalArgumentException("If \"sslEnabled\" is true then \"keyStorePath\" must be non-null unless an alternative \"keyStoreProvider\" has been specified.");
            }
            final SslContext createNettyContext = new SSLSupport().setKeystoreProvider(this.keyStoreProvider).setKeystorePath(this.keyStorePath).setKeystorePassword(this.keyStorePassword).setTruststoreProvider(this.trustStoreProvider).setTruststorePath(this.trustStorePath).setTruststorePassword(this.trustStorePassword).setSslProvider(this.sslProvider).createNettyContext();
            Subject subject = null;
            if (this.kerb5Config != null) {
                LoginContext loginContext = new LoginContext(this.kerb5Config);
                loginContext.login();
                subject = loginContext.getSubject();
            }
            return (SSLEngine) Subject.doAs(subject, new PrivilegedExceptionAction<SSLEngine>() { // from class: org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor.6
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public SSLEngine run() {
                    return NettyAcceptor.this.verifyHost ? createNettyContext.newEngine(byteBufAllocator, NettyAcceptor.this.host, NettyAcceptor.this.port) : createNettyContext.newEngine(byteBufAllocator);
                }
            });
        } catch (Exception e) {
            IllegalStateException illegalStateException = new IllegalStateException("Unable to create NettyAcceptor for " + this.host + ":" + this.port);
            illegalStateException.initCause(e);
            throw illegalStateException;
        }
    }

    /* JADX WARN: Type inference failed for: r0v17, types: [io.netty.channel.ChannelFuture] */
    private void startServerChannels() {
        for (String str : TransportConfiguration.splitHosts(this.host)) {
            this.serverChannelGroup.add(this.bootstrap.bind(this.useInvm ? new LocalAddress(str) : new InetSocketAddress(str, this.port)).syncUninterruptibly2().channel());
        }
    }

    @Override // org.apache.activemq.artemis.spi.core.remoting.Acceptor
    public Map<String, Object> getConfiguration() {
        return this.configuration;
    }

    /* JADX WARN: Type inference failed for: r0v42, types: [io.netty.channel.group.ChannelGroupFuture] */
    @Override // org.apache.activemq.artemis.core.server.ActiveMQComponent
    public synchronized void stop() {
        if (this.channelClazz == null) {
            return;
        }
        if (this.protocolHandler != null) {
            this.protocolHandler.close();
        }
        if (this.batchFlusherFuture != null) {
            this.batchFlusherFuture.cancel(false);
            this.flusher.cancel();
            this.flusher = null;
            this.batchFlusherFuture = null;
        }
        if (this.serverChannelGroup != null) {
            this.serverChannelGroup.close().awaitUninterruptibly2();
        }
        if (this.channelGroup != null) {
            ?? awaitUninterruptibly2 = this.channelGroup.close().awaitUninterruptibly2();
            if (!awaitUninterruptibly2.isSuccess()) {
                ActiveMQServerLogger.LOGGER.nettyChannelGroupError();
                for (Channel channel : awaitUninterruptibly2.group()) {
                    if (channel.isActive()) {
                        ActiveMQServerLogger.LOGGER.nettyChannelStillOpen(channel, channel.remoteAddress());
                    }
                }
            }
        }
        this.eventLoopGroup.shutdownGracefully(100L, Global.THREADPOOL_SHUTDOWN_WAIT_TIME, TimeUnit.MILLISECONDS);
        this.eventLoopGroup = null;
        this.channelClazz = null;
        Iterator<NettyServerConnection> it = this.connections.values().iterator();
        while (it.hasNext()) {
            this.listener.connectionDestroyed(it.next().getID());
        }
        this.connections.clear();
        if (this.notificationService != null) {
            TypedProperties typedProperties = new TypedProperties();
            typedProperties.putSimpleStringProperty(new SimpleString("factory"), new SimpleString(NettyAcceptorFactory.class.getName()));
            typedProperties.putSimpleStringProperty(new SimpleString("host"), new SimpleString(this.host));
            typedProperties.putIntProperty(new SimpleString("port"), this.port);
            try {
                this.notificationService.sendNotification(new Notification(null, CoreNotificationType.ACCEPTOR_STOPPED, typedProperties));
            } catch (Exception e) {
                ActiveMQServerLogger.LOGGER.failedToSendNotification(e);
            }
        }
        this.paused = false;
    }

    @Override // org.apache.activemq.artemis.core.server.ActiveMQComponent
    public boolean isStarted() {
        return this.channelClazz != null;
    }

    /* JADX WARN: Type inference failed for: r0v10, types: [io.netty.channel.group.ChannelGroupFuture] */
    @Override // org.apache.activemq.artemis.spi.core.remoting.Acceptor
    public synchronized void pause() {
        if (this.paused || this.channelClazz == null) {
            return;
        }
        if (this.serverChannelGroup != null) {
            ?? awaitUninterruptibly2 = this.serverChannelGroup.close().awaitUninterruptibly2();
            if (!awaitUninterruptibly2.isSuccess()) {
                ActiveMQServerLogger.LOGGER.nettyChannelGroupBindError();
                for (Channel channel : awaitUninterruptibly2.group()) {
                    if (channel.isActive()) {
                        ActiveMQServerLogger.LOGGER.nettyChannelStillBound(channel, channel.remoteAddress());
                    }
                }
            }
        }
        this.paused = true;
    }

    @Override // org.apache.activemq.artemis.spi.core.remoting.Acceptor
    public void setNotificationService(NotificationService notificationService) {
        this.notificationService = notificationService;
    }

    @Override // org.apache.activemq.artemis.spi.core.remoting.Acceptor
    public void setDefaultActiveMQPrincipal(ActiveMQPrincipal activeMQPrincipal) {
        throw new IllegalStateException("unsecure connections not allowed");
    }

    @Override // org.apache.activemq.artemis.spi.core.remoting.Acceptor
    public boolean isUnsecurable() {
        return false;
    }

    @Override // org.apache.activemq.artemis.spi.core.remoting.Acceptor
    public ClusterConnection getClusterConnection() {
        return this.clusterConnection;
    }

    public ConnectionCreator createConnectionCreator() {
        return new ActiveMQServerChannelHandler(this.channelGroup, this.handler, new Listener(), this.failureExecutor);
    }

    private static String getProtocols(Map<String, ProtocolManager> map) {
        StringBuilder sb = new StringBuilder();
        if (map != null) {
            for (String str : map.keySet()) {
                if (sb.length() > 0) {
                    sb.append(",");
                }
                sb.append(str);
            }
        }
        return sb.toString();
    }

    static {
        if (System.getProperty("io.netty.leakDetectionLevel") == null && System.getProperty("io.netty.leakDetection.level") == null) {
            ResourceLeakDetector.setLevel(ResourceLeakDetector.Level.DISABLED);
        }
        logger = Logger.getLogger((Class<?>) NettyAcceptor.class);
    }
}
