package org.apache.nifi.processors.grpc;

import com.google.common.collect.Sets;
import io.grpc.CompressorRegistry;
import io.grpc.DecompressorRegistry;
import io.grpc.Server;
import io.grpc.ServerInterceptor;
import io.grpc.ServerInterceptors;
import io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.NettyServerBuilder;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Pattern;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.annotation.behavior.InputRequirement;
import org.apache.nifi.annotation.behavior.WritesAttribute;
import org.apache.nifi.annotation.behavior.WritesAttributes;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.annotation.lifecycle.OnScheduled;
import org.apache.nifi.annotation.lifecycle.OnStopped;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.processor.AbstractSessionFactoryProcessor;
import org.apache.nifi.processor.DataUnit;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSessionFactory;
import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.ssl.RestrictedSSLContextService;
import org.apache.nifi.ssl.SSLContextService;

@CapabilityDescription("Starts a gRPC server and listens on the given port to transform the incoming messages into FlowFiles. The message format is defined by the standard gRPC protobuf IDL provided by NiFi. gRPC isn't intended to carry large payloads, so this processor should be used only when FlowFile sizes are on the order of megabytes. The default maximum message size is 4MB.")
@InputRequirement(InputRequirement.Requirement.INPUT_FORBIDDEN)
@Tags({"ingest", "grpc", "rpc", "listen"})
@WritesAttributes({@WritesAttribute(attribute = ListenGRPC.REMOTE_USER_DN, description = "The DN of the user who sent the FlowFile to this NiFi"), @WritesAttribute(attribute = ListenGRPC.REMOTE_HOST, description = "The IP of the client who sent the FlowFile to this NiFi")})
/* loaded from: input_file:org/apache/nifi/processors/grpc/ListenGRPC.class */
public class ListenGRPC extends AbstractSessionFactoryProcessor {
    public static final String REMOTE_USER_DN = "listengrpc.remote.user.dn";
    public static final String REMOTE_HOST = "listengrpc.remote.host";
    public static final PropertyDescriptor PROP_SERVICE_PORT = new PropertyDescriptor.Builder().name("Local gRPC service port").displayName("Local gRPC Service Port").description("The local port that the gRPC service will listen on.").required(true).addValidator(StandardValidators.PORT_VALIDATOR).build();
    public static final PropertyDescriptor PROP_USE_SECURE = new PropertyDescriptor.Builder().name("Use TLS").displayName("Use TLS").description("Whether or not to use TLS to send the contents of the gRPC messages.").required(false).defaultValue("false").allowableValues(new String[]{"true", "false"}).build();
    public static final PropertyDescriptor PROP_SSL_CONTEXT_SERVICE = new PropertyDescriptor.Builder().name("SSL Context Service").displayName("SSL Context Service").description("The SSL Context Service used to provide client certificate information for TLS (https) connections.").required(false).identifiesControllerService(RestrictedSSLContextService.class).build();
    public static final PropertyDescriptor PROP_FLOW_CONTROL_WINDOW = new PropertyDescriptor.Builder().name("Flow Control Window").displayName("Flow Control Window").description("The initial HTTP/2 flow control window for both new streams and overall connection. Flow-control schemes ensure that streams on the same connection do not destructively interfere with each other. The default is 1MB.").defaultValue("1MB").required(false).addValidator(StandardValidators.DATA_SIZE_VALIDATOR).build();
    public static final PropertyDescriptor PROP_MAX_MESSAGE_SIZE = new PropertyDescriptor.Builder().name("Max Message Size").displayName("Maximum Message Size").description("The maximum size of FlowFiles that this processor will allow to be received. The default is 4MB. If FlowFiles exceed this size, you should consider using another transport mechanism as gRPC isn't designed for heavy payloads.").defaultValue("4MB").required(false).addValidator(StandardValidators.DATA_SIZE_VALIDATOR).build();
    public static final PropertyDescriptor PROP_AUTHORIZED_DN_PATTERN = new PropertyDescriptor.Builder().name("Authorized DN Pattern").displayName("Authorized DN Pattern").description("A Regular Expression to apply against the Distinguished Name of incoming connections. If the Pattern does not match the DN, the connection will be refused.").required(true).defaultValue(".*").addValidator(StandardValidators.REGULAR_EXPRESSION_VALIDATOR).build();
    public static final List<PropertyDescriptor> PROPERTIES = Collections.unmodifiableList(Arrays.asList(PROP_SERVICE_PORT, PROP_USE_SECURE, PROP_SSL_CONTEXT_SERVICE, PROP_FLOW_CONTROL_WINDOW, PROP_AUTHORIZED_DN_PATTERN, PROP_MAX_MESSAGE_SIZE));
    public static final Relationship REL_SUCCESS = new Relationship.Builder().name("Success").description("The FlowFile was received successfully.").build();
    public static final Set<Relationship> RELATIONSHIPS = Collections.unmodifiableSet(Sets.newHashSet(Arrays.asList(REL_SUCCESS)));
    private final AtomicReference<ProcessSessionFactory> sessionFactoryReference = new AtomicReference<>();
    private volatile Server server = null;

    public Set<Relationship> getRelationships() {
        return RELATIONSHIPS;
    }

    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return PROPERTIES;
    }

    @OnScheduled
    public void startServer(ProcessContext processContext) throws NoSuchAlgorithmException, IOException, KeyStoreException, CertificateException, UnrecoverableKeyException {
        SslContextBuilder clientAuth;
        ComponentLog logger = getLogger();
        Integer asInteger = processContext.getProperty(PROP_SERVICE_PORT).asInteger();
        Boolean asBoolean = processContext.getProperty(PROP_USE_SECURE).asBoolean();
        Integer valueOf = Integer.valueOf(processContext.getProperty(PROP_FLOW_CONTROL_WINDOW).asDataSize(DataUnit.B).intValue());
        Integer valueOf2 = Integer.valueOf(processContext.getProperty(PROP_MAX_MESSAGE_SIZE).asDataSize(DataUnit.B).intValue());
        SSLContextService asControllerService = processContext.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
        SSLContext createSSLContext = asControllerService == null ? null : asControllerService.createSSLContext(SslContextFactory.ClientAuth.NONE);
        Pattern compile = Pattern.compile(processContext.getProperty(PROP_AUTHORIZED_DN_PATTERN).getValue());
        FlowFileIngestServiceInterceptor flowFileIngestServiceInterceptor = new FlowFileIngestServiceInterceptor(getLogger());
        flowFileIngestServiceInterceptor.enforceDNPattern(compile);
        NettyServerBuilder maxMessageSize = NettyServerBuilder.forPort(asInteger.intValue()).addService(ServerInterceptors.intercept(new FlowFileIngestService(getLogger(), this.sessionFactoryReference, processContext), new ServerInterceptor[]{flowFileIngestServiceInterceptor})).compressorRegistry(CompressorRegistry.getDefaultInstance()).decompressorRegistry(DecompressorRegistry.getDefaultInstance()).flowControlWindow(valueOf.intValue()).maxMessageSize(valueOf2.intValue());
        if (asBoolean.booleanValue() && createSSLContext != null) {
            if (StringUtils.isBlank(asControllerService.getKeyStoreFile())) {
                throw new IllegalStateException("SSL is enabled, but no keystore has been configured. You must configure a keystore.");
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm(), createSSLContext.getProvider());
            KeyStore keyStore = KeyStore.getInstance(asControllerService.getKeyStoreType());
            FileInputStream fileInputStream = new FileInputStream(asControllerService.getKeyStoreFile());
            Throwable th = null;
            try {
                try {
                    keyStore.load(fileInputStream, asControllerService.getKeyStorePassword().toCharArray());
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    keyManagerFactory.init(keyStore, asControllerService.getKeyStorePassword().toCharArray());
                    SslContextBuilder forServer = SslContextBuilder.forServer(keyManagerFactory);
                    if (StringUtils.isNotBlank(asControllerService.getTrustStoreFile())) {
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm(), createSSLContext.getProvider());
                        KeyStore keyStore2 = KeyStore.getInstance(asControllerService.getTrustStoreType());
                        FileInputStream fileInputStream2 = new FileInputStream(asControllerService.getTrustStoreFile());
                        Throwable th3 = null;
                        try {
                            keyStore2.load(fileInputStream2, asControllerService.getTrustStorePassword().toCharArray());
                            if (fileInputStream2 != null) {
                                if (0 != 0) {
                                    try {
                                        fileInputStream2.close();
                                    } catch (Throwable th4) {
                                        th3.addSuppressed(th4);
                                    }
                                } else {
                                    fileInputStream2.close();
                                }
                            }
                            trustManagerFactory.init(keyStore2);
                            clientAuth = forServer.trustManager(trustManagerFactory).clientAuth(ClientAuth.REQUIRE);
                        } catch (Throwable th5) {
                            if (fileInputStream2 != null) {
                                if (0 != 0) {
                                    try {
                                        fileInputStream2.close();
                                    } catch (Throwable th6) {
                                        th3.addSuppressed(th6);
                                    }
                                } else {
                                    fileInputStream2.close();
                                }
                            }
                            throw th5;
                        }
                    } else {
                        clientAuth = forServer.clientAuth(ClientAuth.NONE);
                    }
                    maxMessageSize = maxMessageSize.sslContext(GrpcSslContexts.configure(clientAuth).build());
                } finally {
                }
            } catch (Throwable th7) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th8) {
                            th.addSuppressed(th8);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th7;
            }
        }
        logger.info("Starting gRPC server on port: {}", new Object[]{asInteger.toString()});
        this.server = maxMessageSize.build().start();
    }

    @OnStopped
    public void stopServer(ProcessContext processContext) {
        if (this.server != null) {
            try {
                this.server.shutdown().awaitTermination(5L, TimeUnit.SECONDS);
            } catch (InterruptedException e) {
                getLogger().warn("Unable to cleanly shutdown embedded gRPC server due to {}", new Object[]{e});
                this.server = null;
            }
        }
    }

    public void onTrigger(ProcessContext processContext, ProcessSessionFactory processSessionFactory) throws ProcessException {
        this.sessionFactoryReference.compareAndSet(null, processSessionFactory);
        processContext.yield();
    }
}
