package org.apache.qpid.server.transport.websocket;

import java.io.IOException;
import java.lang.reflect.Field;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.nio.ByteBuffer;
import java.security.Principal;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.qpid.server.bytebuffer.QpidByteBuffer;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.Protocol;
import org.apache.qpid.server.model.Transport;
import org.apache.qpid.server.model.port.AmqpPort;
import org.apache.qpid.server.transport.AcceptingTransport;
import org.apache.qpid.server.transport.ByteBufferSender;
import org.apache.qpid.server.transport.MultiVersionProtocolEngine;
import org.apache.qpid.server.transport.MultiVersionProtocolEngineFactory;
import org.apache.qpid.server.transport.SchedulingDelayNotificationListener;
import org.apache.qpid.server.transport.ServerNetworkConnection;
import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
import org.eclipse.jetty.io.ssl.SslHandshakeListener;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.handler.AbstractHandler;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.eclipse.jetty.util.thread.ThreadPool;
import org.eclipse.jetty.websocket.api.Session;
import org.eclipse.jetty.websocket.api.WebSocketPolicy;
import org.eclipse.jetty.websocket.api.annotations.OnWebSocketClose;
import org.eclipse.jetty.websocket.api.annotations.OnWebSocketConnect;
import org.eclipse.jetty.websocket.api.annotations.OnWebSocketMessage;
import org.eclipse.jetty.websocket.api.annotations.WebSocket;
import org.eclipse.jetty.websocket.server.WebSocketHandler;
import org.eclipse.jetty.websocket.servlet.ServletUpgradeRequest;
import org.eclipse.jetty.websocket.servlet.WebSocketServletFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/apache/qpid/server/transport/websocket/WebSocketProvider.class */
public class WebSocketProvider implements AcceptingTransport {
    private static final Logger LOGGER = LoggerFactory.getLogger(WebSocketProvider.class);
    private static final String AMQP_WEBSOCKET_SUBPROTOCOL = "amqp";
    private final Transport _transport;
    private final SslContextFactory _sslContextFactory;
    private final AmqpPort<?> _port;
    private final Broker<?> _broker;
    private final Set<Protocol> _supported;
    private final Protocol _defaultSupportedProtocolReply;
    private final MultiVersionProtocolEngineFactory _factory;
    private Server _server;
    private final List<ConnectionWrapper> _activeConnections = new CopyOnWriteArrayList();
    private final WebSocketIdleTimeoutChecker _idleTimeoutChecker = new WebSocketIdleTimeoutChecker();
    private final AtomicBoolean _closed = new AtomicBoolean();

    @WebSocket
    /* loaded from: input_file:org/apache/qpid/server/transport/websocket/WebSocketProvider$AmqpWebSocket.class */
    public class AmqpWebSocket {
        private volatile QpidByteBuffer _netInputBuffer;
        private volatile MultiVersionProtocolEngine _protocolEngine;
        private volatile ConnectionWrapper _connectionWrapper;
        private volatile boolean _unexpectedByteBufferSizeReported;

        AmqpWebSocket() {
            this._netInputBuffer = QpidByteBuffer.allocateDirect(WebSocketProvider.this._broker.getNetworkBufferSize());
        }

        @OnWebSocketConnect
        public void onWebSocketConnect(Session session) {
            InetSocketAddress localAddress = session.getLocalAddress();
            InetSocketAddress remoteAddress = session.getRemoteAddress();
            this._protocolEngine = WebSocketProvider.this._factory.newProtocolEngine(remoteAddress);
            session.setIdleTimeout(0L);
            this._connectionWrapper = new ConnectionWrapper(session, localAddress, remoteAddress, this._protocolEngine, WebSocketProvider.this._server.getThreadPool());
            if (session.getUpgradeRequest() instanceof ServletUpgradeRequest) {
                ServletUpgradeRequest upgradeRequest = session.getUpgradeRequest();
                if (upgradeRequest.getCertificates() != null && upgradeRequest.getCertificates().length > 0) {
                    this._connectionWrapper.setPeerCertificate(upgradeRequest.getCertificates()[0]);
                }
            }
            this._protocolEngine.setNetworkConnection(this._connectionWrapper);
            this._protocolEngine.setWorkListener(protocolEngine -> {
                WebSocketProvider.this._server.getThreadPool().execute(() -> {
                    this._connectionWrapper.doWork();
                });
            });
            WebSocketProvider.this._activeConnections.add(this._connectionWrapper);
            WebSocketProvider.this._idleTimeoutChecker.wakeup();
        }

        /* JADX WARN: Finally extract failed */
        @OnWebSocketMessage
        public void onWebSocketBinary(Session session, byte[] bArr, int i, int i2) {
            synchronized (this._connectionWrapper) {
                this._protocolEngine.clearWork();
                try {
                    this._protocolEngine.setIOThread(Thread.currentThread());
                    Iterator processPendingIterator = this._protocolEngine.processPendingIterator();
                    while (processPendingIterator.hasNext()) {
                        ((Runnable) processPendingIterator.next()).run();
                    }
                    int i3 = i2;
                    do {
                        int min = Math.min(i3, this._netInputBuffer.remaining());
                        this._netInputBuffer.put(bArr, i, min);
                        i3 -= min;
                        i += min;
                        this._netInputBuffer.flip();
                        this._protocolEngine.received(this._netInputBuffer);
                        this._connectionWrapper.doWrite();
                        restoreApplicationBufferForWrite();
                    } while (i3 > 0);
                    if (WebSocketProvider.LOGGER.isDebugEnabled()) {
                        WebSocketProvider.LOGGER.debug("Read {} byte(s)", Integer.valueOf(i2));
                    }
                    this._protocolEngine.setIOThread((Thread) null);
                } catch (Throwable th) {
                    this._protocolEngine.setIOThread((Thread) null);
                    throw th;
                }
            }
            WebSocketProvider.this._idleTimeoutChecker.wakeup();
        }

        private void restoreApplicationBufferForWrite() {
            int capacity;
            QpidByteBuffer qpidByteBuffer = this._netInputBuffer;
            Throwable th = null;
            try {
                int remaining = this._netInputBuffer.remaining();
                this._netInputBuffer.limit(this._netInputBuffer.capacity());
                this._netInputBuffer = qpidByteBuffer.slice();
                this._netInputBuffer.limit(remaining);
                if (qpidByteBuffer != null) {
                    if (0 != 0) {
                        try {
                            qpidByteBuffer.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        qpidByteBuffer.close();
                    }
                }
                if (this._netInputBuffer.limit() != this._netInputBuffer.capacity()) {
                    this._netInputBuffer.position(this._netInputBuffer.limit());
                    this._netInputBuffer.limit(this._netInputBuffer.capacity());
                    return;
                }
                QpidByteBuffer qpidByteBuffer2 = this._netInputBuffer;
                Throwable th3 = null;
                try {
                    if (qpidByteBuffer2.capacity() < WebSocketProvider.this._broker.getNetworkBufferSize()) {
                        capacity = WebSocketProvider.this._broker.getNetworkBufferSize();
                    } else {
                        capacity = qpidByteBuffer2.capacity() + WebSocketProvider.this._broker.getNetworkBufferSize();
                        reportUnexpectedByteBufferSizeUsage();
                    }
                    this._netInputBuffer = QpidByteBuffer.allocateDirect(capacity);
                    this._netInputBuffer.put(qpidByteBuffer2);
                    if (qpidByteBuffer2 != null) {
                        if (0 == 0) {
                            qpidByteBuffer2.close();
                            return;
                        }
                        try {
                            qpidByteBuffer2.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    }
                } catch (Throwable th5) {
                    if (qpidByteBuffer2 != null) {
                        if (0 != 0) {
                            try {
                                qpidByteBuffer2.close();
                            } catch (Throwable th6) {
                                th3.addSuppressed(th6);
                            }
                        } else {
                            qpidByteBuffer2.close();
                        }
                    }
                    throw th5;
                }
            } catch (Throwable th7) {
                if (qpidByteBuffer != null) {
                    if (0 != 0) {
                        try {
                            qpidByteBuffer.close();
                        } catch (Throwable th8) {
                            th.addSuppressed(th8);
                        }
                    } else {
                        qpidByteBuffer.close();
                    }
                }
                throw th7;
            }
        }

        private void reportUnexpectedByteBufferSizeUsage() {
            if (this._unexpectedByteBufferSizeReported) {
                return;
            }
            WebSocketProvider.LOGGER.info("At least one frame unexpectedly does not fit into default byte buffer size ({}B) on a connection {}.", Integer.valueOf(WebSocketProvider.this._broker.getNetworkBufferSize()), toString());
            this._unexpectedByteBufferSizeReported = true;
        }

        @OnWebSocketMessage
        public void onWebSocketText(Session session, String str) {
            WebSocketProvider.LOGGER.info("Unexpected websocket text message received, closing connection");
            session.close();
        }

        @OnWebSocketClose
        public void onWebSocketClose(int i, String str) {
            if (this._protocolEngine != null) {
                this._protocolEngine.closed();
            }
            WebSocketProvider.this._activeConnections.remove(this._connectionWrapper);
            WebSocketProvider.this._idleTimeoutChecker.wakeup();
            this._netInputBuffer.dispose();
        }
    }

    /* loaded from: input_file:org/apache/qpid/server/transport/websocket/WebSocketProvider$ConnectionWrapper.class */
    private class ConnectionWrapper implements ServerNetworkConnection, ByteBufferSender {
        private final Session _connection;
        private final SocketAddress _localAddress;
        private final SocketAddress _remoteAddress;
        private final ConcurrentLinkedQueue<QpidByteBuffer> _buffers = new ConcurrentLinkedQueue<>();
        private final MultiVersionProtocolEngine _protocolEngine;
        private final ThreadPool _threadPool;
        private final Runnable _tickJob;
        private Certificate _certificate;
        private long _maxWriteIdleMillis;
        private long _maxReadIdleMillis;

        public ConnectionWrapper(Session session, SocketAddress socketAddress, SocketAddress socketAddress2, final MultiVersionProtocolEngine multiVersionProtocolEngine, ThreadPool threadPool) {
            this._connection = session;
            this._localAddress = socketAddress;
            this._remoteAddress = socketAddress2;
            this._protocolEngine = multiVersionProtocolEngine;
            this._threadPool = threadPool;
            this._tickJob = new Runnable() { // from class: org.apache.qpid.server.transport.websocket.WebSocketProvider.ConnectionWrapper.1
                @Override // java.lang.Runnable
                public void run() {
                    synchronized (ConnectionWrapper.this) {
                        multiVersionProtocolEngine.getAggregateTicker().tick(System.currentTimeMillis());
                        ConnectionWrapper.this.doWrite();
                    }
                }
            };
        }

        public ByteBufferSender getSender() {
            return this;
        }

        public void start() {
        }

        public boolean isDirectBufferPreferred() {
            return false;
        }

        public void send(QpidByteBuffer qpidByteBuffer) {
            if (qpidByteBuffer.remaining() > 0) {
                this._buffers.add(qpidByteBuffer.duplicate());
            }
            qpidByteBuffer.position(qpidByteBuffer.limit());
        }

        public void flush() {
        }

        public void close() {
            this._connection.close();
        }

        public SocketAddress getRemoteAddress() {
            return this._remoteAddress;
        }

        public SocketAddress getLocalAddress() {
            return this._localAddress;
        }

        public void setMaxWriteIdleMillis(long j) {
            this._maxWriteIdleMillis = j;
        }

        public void setMaxReadIdleMillis(long j) {
            this._maxReadIdleMillis = j;
        }

        public Principal getPeerPrincipal() {
            if (this._certificate instanceof X509Certificate) {
                return ((X509Certificate) this._certificate).getSubjectDN();
            }
            return null;
        }

        public Certificate getPeerCertificate() {
            return this._certificate;
        }

        public long getMaxReadIdleMillis() {
            return this._maxReadIdleMillis;
        }

        public long getMaxWriteIdleMillis() {
            return this._maxWriteIdleMillis;
        }

        public void addSchedulingDelayNotificationListeners(SchedulingDelayNotificationListener schedulingDelayNotificationListener) {
        }

        public void removeSchedulingDelayNotificationListeners(SchedulingDelayNotificationListener schedulingDelayNotificationListener) {
        }

        public String getTransportInfo() {
            return this._connection.getProtocolVersion();
        }

        public long getScheduledTime() {
            return 0L;
        }

        public String getSelectedHost() {
            return null;
        }

        void setPeerCertificate(Certificate certificate) {
            this._certificate = certificate;
        }

        public synchronized void doWrite() {
            int i = 0;
            ArrayList<QpidByteBuffer> arrayList = new ArrayList(this._buffers.size());
            while (true) {
                QpidByteBuffer poll = this._buffers.poll();
                if (poll == null) {
                    break;
                }
                i += poll.remaining();
                arrayList.add(poll);
            }
            byte[] bArr = new byte[i];
            int i2 = 0;
            for (QpidByteBuffer qpidByteBuffer : arrayList) {
                int remaining = qpidByteBuffer.remaining();
                qpidByteBuffer.get(bArr, i2, remaining);
                qpidByteBuffer.dispose();
                i2 += remaining;
            }
            if (i > 0) {
                try {
                    this._connection.getRemote().sendBytes(ByteBuffer.wrap(bArr));
                    if (WebSocketProvider.LOGGER.isDebugEnabled()) {
                        WebSocketProvider.LOGGER.debug("Written {} byte(s)", Integer.valueOf(bArr.length));
                    }
                } catch (IOException e) {
                    WebSocketProvider.LOGGER.info("Exception on write: {}", e.getMessage());
                    close();
                }
            }
        }

        public synchronized void doWork() {
            this._protocolEngine.clearWork();
            try {
                this._protocolEngine.setIOThread(Thread.currentThread());
                Iterator processPendingIterator = this._protocolEngine.processPendingIterator();
                while (processPendingIterator.hasNext()) {
                    ((Runnable) processPendingIterator.next()).run();
                }
                doWrite();
                WebSocketProvider.this._idleTimeoutChecker.wakeup();
            } finally {
                this._protocolEngine.setIOThread((Thread) null);
            }
        }

        public void tick() {
            this._threadPool.execute(this._tickJob);
        }
    }

    /* loaded from: input_file:org/apache/qpid/server/transport/websocket/WebSocketProvider$QBBTrackingThreadPool.class */
    private static class QBBTrackingThreadPool extends QueuedThreadPool {
        private final ThreadFactory _threadFactory;

        private QBBTrackingThreadPool() {
            this._threadFactory = QpidByteBuffer.createQpidByteBufferTrackingThreadFactory(runnable -> {
                return super.newThread(runnable);
            });
        }

        protected Thread newThread(Runnable runnable) {
            return this._threadFactory.newThread(runnable);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/qpid/server/transport/websocket/WebSocketProvider$WebSocketIdleTimeoutChecker.class */
    public class WebSocketIdleTimeoutChecker extends Thread {
        public WebSocketIdleTimeoutChecker() {
            setName("WebSocket Idle Checker: " + WebSocketProvider.this._port);
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            while (!WebSocketProvider.this._closed.get()) {
                ConnectionWrapper connectionWrapper = null;
                long currentTimeMillis = System.currentTimeMillis();
                synchronized (this) {
                    long j = Long.MAX_VALUE;
                    Iterator it = WebSocketProvider.this._activeConnections.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        ConnectionWrapper connectionWrapper2 = (ConnectionWrapper) it.next();
                        long timeToNextTick = connectionWrapper2._protocolEngine.getAggregateTicker().getTimeToNextTick(currentTimeMillis);
                        if (timeToNextTick <= 0) {
                            connectionWrapper = connectionWrapper2;
                            j = -1;
                            break;
                        } else if (timeToNextTick < j) {
                            j = timeToNextTick;
                        }
                    }
                    if (j > 0) {
                        try {
                            wait(j);
                        } catch (InterruptedException e) {
                            Thread.currentThread().interrupt();
                            return;
                        }
                    }
                }
                if (connectionWrapper != null) {
                    connectionWrapper.tick();
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public synchronized void wakeup() {
            notifyAll();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public WebSocketProvider(Transport transport, SSLContext sSLContext, AmqpPort<?> amqpPort, Set<Protocol> set, Protocol protocol) {
        this._transport = transport;
        this._sslContextFactory = transport == Transport.WSS ? createSslContextFactory(amqpPort) : null;
        this._port = amqpPort;
        this._broker = amqpPort.getParent();
        this._supported = set;
        this._defaultSupportedProtocolReply = protocol;
        this._factory = new MultiVersionProtocolEngineFactory(this._broker, this._supported, this._defaultSupportedProtocolReply, this._port, this._transport);
    }

    public void start() {
        ServerConnector serverConnector;
        this._idleTimeoutChecker.start();
        this._server = new Server(new QBBTrackingThreadPool());
        ConnectionFactory httpConnectionFactory = new HttpConnectionFactory();
        httpConnectionFactory.getHttpConfiguration().setSendServerVersion(false);
        httpConnectionFactory.getHttpConfiguration().setSendXPoweredBy(false);
        if (this._transport == Transport.WS) {
            serverConnector = new ServerConnector(this._server, new ConnectionFactory[]{httpConnectionFactory});
        } else {
            if (this._transport != Transport.WSS) {
                throw new IllegalArgumentException("Unexpected transport on port " + this._port.getName() + ":" + this._transport);
            }
            serverConnector = new ServerConnector(this._server, this._sslContextFactory, new ConnectionFactory[]{httpConnectionFactory});
            serverConnector.addBean(new SslHandshakeListener() { // from class: org.apache.qpid.server.transport.websocket.WebSocketProvider.1
                public void handshakeFailed(SslHandshakeListener.Event event, Throwable th) {
                    SSLEngine sSLEngine = event.getSSLEngine();
                    if (WebSocketProvider.LOGGER.isDebugEnabled()) {
                        WebSocketProvider.LOGGER.info("TLS handshake failed: host='{}', port={}", new Object[]{sSLEngine.getPeerHost(), Integer.valueOf(sSLEngine.getPeerPort()), th});
                    } else {
                        WebSocketProvider.LOGGER.info("TLS handshake failed: host='{}', port={}: {}", new Object[]{sSLEngine.getPeerHost(), Integer.valueOf(sSLEngine.getPeerPort()), String.valueOf(th)});
                    }
                }
            });
        }
        String bindingAddress = this._port.getBindingAddress();
        if (bindingAddress != null && !bindingAddress.trim().equals("") && !bindingAddress.trim().equals("*")) {
            serverConnector.setHost(bindingAddress.trim());
        }
        serverConnector.setPort(this._port.getPort());
        this._server.addConnector(serverConnector);
        WebSocketHandler webSocketHandler = new WebSocketHandler() { // from class: org.apache.qpid.server.transport.websocket.WebSocketProvider.2
            public void configure(WebSocketServletFactory webSocketServletFactory) {
                webSocketServletFactory.setCreator((servletUpgradeRequest, servletUpgradeResponse) -> {
                    servletUpgradeResponse.setAcceptedSubProtocol(WebSocketProvider.AMQP_WEBSOCKET_SUBPROTOCOL);
                    return new AmqpWebSocket();
                });
            }

            public void configurePolicy(WebSocketPolicy webSocketPolicy) {
                super.configurePolicy(webSocketPolicy);
                try {
                    Field declaredField = webSocketPolicy.getClass().getDeclaredField("maxBinaryMessageSize");
                    declaredField.setAccessible(true);
                    declaredField.set(webSocketPolicy, 0);
                } catch (IllegalAccessException | NoSuchFieldException e) {
                    WebSocketProvider.LOGGER.warn("Could not override maxBinaryMessageSize", e);
                }
            }
        };
        this._server.setHandler(webSocketHandler);
        webSocketHandler.setHandler(new AbstractHandler() { // from class: org.apache.qpid.server.transport.websocket.WebSocketProvider.3
            public void handle(String str, Request request, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
                if (httpServletResponse.isCommitted() || request.isHandled()) {
                    return;
                }
                request.setHandled(true);
                httpServletResponse.setStatus(403);
            }
        });
        try {
            this._server.start();
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new ServerScopedRuntimeException(e2);
        }
    }

    private SslContextFactory createSslContextFactory(final AmqpPort<?> amqpPort) {
        SslContextFactory sslContextFactory = new SslContextFactory() { // from class: org.apache.qpid.server.transport.websocket.WebSocketProvider.4
            public void customize(SSLEngine sSLEngine) {
                super.customize(sSLEngine);
                SSLUtil.updateEnabledCipherSuites(sSLEngine, amqpPort.getTlsCipherSuiteWhiteList(), amqpPort.getTlsCipherSuiteBlackList());
                SSLUtil.updateEnabledTlsProtocols(sSLEngine, amqpPort.getTlsProtocolWhiteList(), amqpPort.getTlsProtocolBlackList());
                if (amqpPort.getTlsCipherSuiteWhiteList() == null || amqpPort.getTlsCipherSuiteWhiteList().isEmpty()) {
                    return;
                }
                SSLParameters sSLParameters = sSLEngine.getSSLParameters();
                sSLParameters.setUseCipherSuitesOrder(true);
                sSLEngine.setSSLParameters(sSLParameters);
            }
        };
        sslContextFactory.setSslContext(amqpPort.getSSLContext());
        sslContextFactory.setNeedClientAuth(amqpPort.getNeedClientAuth());
        sslContextFactory.setWantClientAuth(amqpPort.getWantClientAuth());
        return sslContextFactory;
    }

    public void close() {
        this._closed.set(true);
        this._idleTimeoutChecker.wakeup();
        try {
            this._server.stop();
        } catch (Exception e) {
            LOGGER.warn("Error closing the web socket for : " + this._port.getPort(), e);
            this._server = null;
        }
    }

    public int getAcceptingPort() {
        Server server = this._server;
        return (server == null || server.getConnectors().length == 0 || !(server.getConnectors()[0] instanceof ServerConnector)) ? this._port.getPort() : server.getConnectors()[0].getLocalPort();
    }

    public boolean updatesSSLContext() {
        if (this._sslContextFactory == null) {
            return false;
        }
        try {
            this._sslContextFactory.reload(sslContextFactory -> {
                sslContextFactory.setSslContext(this._port.getSSLContext());
                sslContextFactory.setNeedClientAuth(this._port.getNeedClientAuth());
                sslContextFactory.setWantClientAuth(this._port.getWantClientAuth());
            });
            return true;
        } catch (Exception e) {
            throw new IllegalConfigurationException("Unexpected exception on reload of ssl context factory", e);
        }
    }
}
