package org.apache.flink.kubernetes.operator.admission;

import io.fabric8.kubernetes.client.KubernetesClientBuilder;
import java.net.InetSocketAddress;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.util.Objects;
import java.util.Optional;
import org.apache.flink.kubernetes.operator.admission.informer.InformerManager;
import org.apache.flink.kubernetes.operator.admission.mutator.FlinkMutator;
import org.apache.flink.kubernetes.operator.config.FlinkConfigManager;
import org.apache.flink.kubernetes.operator.fs.FileSystemWatchService;
import org.apache.flink.kubernetes.operator.ssl.ReloadableSslContext;
import org.apache.flink.kubernetes.operator.utils.EnvUtils;
import org.apache.flink.kubernetes.operator.utils.ValidatorUtils;
import org.apache.flink.shaded.netty4.io.netty.bootstrap.ServerBootstrap;
import org.apache.flink.shaded.netty4.io.netty.channel.Channel;
import org.apache.flink.shaded.netty4.io.netty.channel.ChannelHandler;
import org.apache.flink.shaded.netty4.io.netty.channel.ChannelInitializer;
import org.apache.flink.shaded.netty4.io.netty.channel.nio.NioEventLoopGroup;
import org.apache.flink.shaded.netty4.io.netty.channel.socket.SocketChannel;
import org.apache.flink.shaded.netty4.io.netty.channel.socket.nio.NioServerSocketChannel;
import org.apache.flink.shaded.netty4.io.netty.handler.codec.http.HttpObjectAggregator;
import org.apache.flink.shaded.netty4.io.netty.handler.codec.http.HttpServerCodec;
import org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext;
import org.apache.flink.shaded.netty4.io.netty.handler.stream.ChunkedWriteHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/flink/kubernetes/operator/admission/FlinkOperatorWebhook.class */
public class FlinkOperatorWebhook {
    private static final Logger LOG = LoggerFactory.getLogger(FlinkOperatorWebhook.class);
    private static final int MAX_CONTEXT_LENGTH = 104857600;
    private static FileSystemWatchService fileSystemWatchService;

    public static void main(String[] strArr) throws Exception {
        EnvUtils.logEnvironmentInfo(LOG, "Flink Kubernetes Webhook", strArr);
        InformerManager informerManager = new InformerManager(new KubernetesClientBuilder().build());
        Objects.requireNonNull(informerManager);
        FlinkConfigManager flinkConfigManager = new FlinkConfigManager(informerManager::setNamespaces);
        if (!flinkConfigManager.getOperatorConfiguration().isDynamicNamespacesEnabled()) {
            informerManager.setNamespaces(flinkConfigManager.getOperatorConfiguration().getWatchedNamespaces());
        }
        ChannelInitializer<SocketChannel> createChannelInitializer = createChannelInitializer(new AdmissionHandler(new FlinkValidator(ValidatorUtils.discoverValidators(flinkConfigManager), informerManager), new FlinkMutator()));
        NioEventLoopGroup nioEventLoopGroup = new NioEventLoopGroup(1);
        NioEventLoopGroup nioEventLoopGroup2 = new NioEventLoopGroup();
        try {
            ServerBootstrap serverBootstrap = new ServerBootstrap();
            serverBootstrap.group(nioEventLoopGroup, nioEventLoopGroup2).channel(NioServerSocketChannel.class).childHandler(createChannelInitializer);
            Channel channel = serverBootstrap.bind(getPort()).sync().channel();
            InetSocketAddress inetSocketAddress = (InetSocketAddress) channel.localAddress();
            LOG.info("Webhook listening at {}:{}", inetSocketAddress.getAddress().getHostAddress(), Integer.valueOf(inetSocketAddress.getPort()));
            channel.closeFuture().sync();
            nioEventLoopGroup.shutdownGracefully();
            nioEventLoopGroup2.shutdownGracefully();
        } catch (Throwable th) {
            nioEventLoopGroup.shutdownGracefully();
            nioEventLoopGroup2.shutdownGracefully();
            throw th;
        }
    }

    private static int getPort() {
        return Integer.parseInt(EnvUtils.getRequired("WEBHOOK_SERVER_PORT"));
    }

    private static ChannelInitializer<SocketChannel> createChannelInitializer(final AdmissionHandler admissionHandler) throws Exception {
        final SslContext createSslContext = createSslContext();
        return new ChannelInitializer<SocketChannel>() { // from class: org.apache.flink.kubernetes.operator.admission.FlinkOperatorWebhook.1
            /* JADX INFO: Access modifiers changed from: protected */
            public void initChannel(SocketChannel socketChannel) {
                if (createSslContext != null) {
                    socketChannel.pipeline().addLast(new ChannelHandler[]{createSslContext.newHandler(socketChannel.alloc())});
                }
                socketChannel.pipeline().addLast(new ChannelHandler[]{new HttpServerCodec()}).addLast(new ChannelHandler[]{new HttpObjectAggregator(FlinkOperatorWebhook.MAX_CONTEXT_LENGTH)});
                socketChannel.pipeline().addLast(new ChannelHandler[]{new ChunkedWriteHandler()}).addLast(admissionHandler.getClass().getName(), admissionHandler);
            }
        };
    }

    private static SslContext createSslContext() throws Exception {
        Optional optional = EnvUtils.get("WEBHOOK_KEYSTORE_FILE");
        if (optional.isEmpty()) {
            LOG.info("No keystore path is defined in WEBHOOK_KEYSTORE_FILE, running without ssl");
            return null;
        }
        final ReloadableSslContext reloadableSslContext = new ReloadableSslContext((String) optional.get(), EnvUtils.getRequired("WEBHOOK_KEYSTORE_TYPE"), EnvUtils.getRequired("WEBHOOK_KEYSTORE_PASSWORD"));
        stopFileSystemWatchService();
        LOG.info("Keystore path is resolved to real filename: " + Path.of((String) optional.get(), new String[0]).toRealPath(new LinkOption[0]).getFileName().toString());
        fileSystemWatchService = new FileSystemWatchService(Path.of((String) optional.get(), new String[0]).getParent().toString()) { // from class: org.apache.flink.kubernetes.operator.admission.FlinkOperatorWebhook.2
            protected void onFileOrDirectoryModified(Path path) {
                try {
                    FlinkOperatorWebhook.LOG.info("Reloading SSL context because of certificate change");
                    reloadableSslContext.reload();
                    FlinkOperatorWebhook.LOG.info("SSL context reloaded successfully");
                } catch (Exception e) {
                    FlinkOperatorWebhook.LOG.error("SSL context reload received exception: " + e);
                }
            }
        };
        fileSystemWatchService.start();
        return reloadableSslContext;
    }

    private static void stopFileSystemWatchService() throws InterruptedException {
        if (fileSystemWatchService != null) {
            fileSystemWatchService.interrupt();
            fileSystemWatchService.join();
        }
    }
}
