package org.opensearch.http.netty4.ssl;

import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.handler.codec.DecoderException;
import io.netty.handler.ssl.ApplicationProtocolNegotiationHandler;
import io.netty.handler.ssl.SslHandler;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.net.ssl.SSLEngine;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensearch.common.network.NetworkService;
import org.opensearch.common.settings.ClusterSettings;
import org.opensearch.common.settings.Settings;
import org.opensearch.common.util.BigArrays;
import org.opensearch.core.xcontent.NamedXContentRegistry;
import org.opensearch.http.HttpChannel;
import org.opensearch.http.HttpHandlingSettings;
import org.opensearch.http.HttpServerTransport;
import org.opensearch.http.netty4.Netty4HttpChannel;
import org.opensearch.http.netty4.Netty4HttpServerTransport;
import org.opensearch.plugins.SecureHttpTransportSettingsProvider;
import org.opensearch.plugins.TransportExceptionHandler;
import org.opensearch.telemetry.tracing.Tracer;
import org.opensearch.threadpool.ThreadPool;
import org.opensearch.transport.SharedGroupFactory;
import org.opensearch.transport.TransportAdapterProvider;
import org.opensearch.transport.netty4.ssl.SslUtils;

/* loaded from: input_file:org/opensearch/http/netty4/ssl/SecureNetty4HttpServerTransport.class */
public class SecureNetty4HttpServerTransport extends Netty4HttpServerTransport {
    public static final String REQUEST_HEADER_VERIFIER = "HeaderVerifier";
    public static final String REQUEST_DECOMPRESSOR = "RequestDecompressor";
    private static final Logger logger = LogManager.getLogger(SecureNetty4HttpServerTransport.class);
    private final SecureHttpTransportSettingsProvider secureHttpTransportSettingsProvider;
    private final TransportExceptionHandler exceptionHandler;
    private final ChannelInboundHandlerAdapter headerVerifier;
    private final TransportAdapterProvider<HttpServerTransport> decompressorProvider;

    /* loaded from: input_file:org/opensearch/http/netty4/ssl/SecureNetty4HttpServerTransport$SslHttpChannelHandler.class */
    protected class SslHttpChannelHandler extends Netty4HttpServerTransport.HttpChannelHandler {

        /* loaded from: input_file:org/opensearch/http/netty4/ssl/SecureNetty4HttpServerTransport$SslHttpChannelHandler$Http2OrHttpHandler.class */
        private class Http2OrHttpHandler extends ApplicationProtocolNegotiationHandler {
            protected Http2OrHttpHandler() {
                super("http/1.1");
            }

            protected void configurePipeline(ChannelHandlerContext channelHandlerContext, String str) throws Exception {
                if ("h2".equals(str)) {
                    SslHttpChannelHandler.this.configureDefaultHttp2Pipeline(channelHandlerContext.pipeline());
                } else {
                    if (!"http/1.1".equals(str)) {
                        throw new IllegalStateException("Unknown application protocol: " + str);
                    }
                    SslHttpChannelHandler.this.configureDefaultHttpPipeline(channelHandlerContext.pipeline());
                }
            }

            public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                super.exceptionCaught(channelHandlerContext, th);
                Netty4HttpChannel netty4HttpChannel = (Netty4HttpChannel) channelHandlerContext.channel().attr(Netty4HttpServerTransport.HTTP_CHANNEL_KEY).get();
                if (netty4HttpChannel != null) {
                    if (th instanceof Error) {
                        SecureNetty4HttpServerTransport.this.onException(netty4HttpChannel, new Exception(th));
                    } else {
                        SecureNetty4HttpServerTransport.this.onException(netty4HttpChannel, (Exception) th);
                    }
                }
            }
        }

        protected SslHttpChannelHandler(Netty4HttpServerTransport netty4HttpServerTransport, HttpHandlingSettings httpHandlingSettings) {
            super(netty4HttpServerTransport, httpHandlingSettings);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.opensearch.http.netty4.Netty4HttpServerTransport.HttpChannelHandler
        public void initChannel(Channel channel) throws Exception {
            super.initChannel(channel);
            channel.pipeline().addFirst("ssl_http", new SslHandler((SSLEngine) SecureNetty4HttpServerTransport.this.secureHttpTransportSettingsProvider.buildSecureHttpServerEngine(SecureNetty4HttpServerTransport.this.settings, SecureNetty4HttpServerTransport.this).orElseGet(SslUtils::createDefaultServerSSLEngine)));
        }

        @Override // org.opensearch.http.netty4.Netty4HttpServerTransport.HttpChannelHandler
        protected void configurePipeline(Channel channel) {
            channel.pipeline().addLast(new ChannelHandler[]{new Http2OrHttpHandler()});
        }
    }

    public SecureNetty4HttpServerTransport(Settings settings, NetworkService networkService, BigArrays bigArrays, ThreadPool threadPool, NamedXContentRegistry namedXContentRegistry, HttpServerTransport.Dispatcher dispatcher, ClusterSettings clusterSettings, SharedGroupFactory sharedGroupFactory, SecureHttpTransportSettingsProvider secureHttpTransportSettingsProvider, Tracer tracer) {
        super(settings, networkService, bigArrays, threadPool, namedXContentRegistry, dispatcher, clusterSettings, sharedGroupFactory, tracer);
        this.secureHttpTransportSettingsProvider = secureHttpTransportSettingsProvider;
        this.exceptionHandler = (TransportExceptionHandler) secureHttpTransportSettingsProvider.buildHttpServerExceptionHandler(settings, this).orElse(TransportExceptionHandler.NOOP);
        List list = (List) secureHttpTransportSettingsProvider.getHttpTransportAdapterProviders(settings).stream().filter(transportAdapterProvider -> {
            return REQUEST_HEADER_VERIFIER.equalsIgnoreCase(transportAdapterProvider.name());
        }).map(transportAdapterProvider2 -> {
            return transportAdapterProvider2.create(settings, this, ChannelInboundHandlerAdapter.class);
        }).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).collect(Collectors.toList());
        if (list.size() > 1) {
            throw new IllegalArgumentException("Cannot have more than one header verifier configured, supplied " + list.size());
        }
        Optional findFirst = secureHttpTransportSettingsProvider.getHttpTransportAdapterProviders(settings).stream().filter(transportAdapterProvider3 -> {
            return REQUEST_DECOMPRESSOR.equalsIgnoreCase(transportAdapterProvider3.name());
        }).findFirst();
        findFirst.ifPresent(transportAdapterProvider4 -> {
            logger.debug("Using request decompressor provider: {}", transportAdapterProvider4);
        });
        this.headerVerifier = list.isEmpty() ? null : (ChannelInboundHandlerAdapter) list.get(0);
        this.decompressorProvider = (TransportAdapterProvider) findFirst.orElseGet(() -> {
            return new TransportAdapterProvider<HttpServerTransport>() { // from class: org.opensearch.http.netty4.ssl.SecureNetty4HttpServerTransport.1
                public String name() {
                    return SecureNetty4HttpServerTransport.REQUEST_DECOMPRESSOR;
                }

                public <C> Optional<C> create(Settings settings2, HttpServerTransport httpServerTransport, Class<C> cls) {
                    return Optional.empty();
                }
            };
        });
    }

    @Override // org.opensearch.http.netty4.Netty4HttpServerTransport
    public ChannelHandler configureServerChannelHandler() {
        return new SslHttpChannelHandler(this, this.handlingSettings);
    }

    @Override // org.opensearch.http.netty4.Netty4HttpServerTransport
    public void onException(HttpChannel httpChannel, Exception exc) {
        Exception exc2 = exc;
        if ((exc instanceof DecoderException) && exc != null) {
            exc2 = exc.getCause();
        }
        this.exceptionHandler.onError(exc2);
        logger.error("Exception during establishing a SSL connection: " + String.valueOf(exc2), exc2);
        super.onException(httpChannel, exc);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensearch.http.netty4.Netty4HttpServerTransport
    public ChannelInboundHandlerAdapter createHeaderVerifier() {
        return this.headerVerifier != null ? this.headerVerifier : super.createHeaderVerifier();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensearch.http.netty4.Netty4HttpServerTransport
    public ChannelInboundHandlerAdapter createDecompressor() {
        return (ChannelInboundHandlerAdapter) this.decompressorProvider.create(this.settings, this, ChannelInboundHandlerAdapter.class).orElseGet(() -> {
            return super.createDecompressor();
        });
    }
}
