package com.paremus.dosgi.net.server;

import com.paremus.dosgi.net.config.Config;
import com.paremus.dosgi.net.config.ProtocolScheme;
import com.paremus.dosgi.net.tcp.LengthFieldPopulator;
import com.paremus.dosgi.net.tcp.VersionCheckingLengthFieldBasedFrameDecoder;
import com.paremus.net.encode.EncodingSchemeFactory;
import io.netty.bootstrap.ServerBootstrap;
import io.netty.buffer.ByteBufAllocator;
import io.netty.channel.Channel;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelOption;
import io.netty.channel.EventLoopGroup;
import io.netty.channel.group.DefaultChannelGroup;
import io.netty.channel.nio.NioEventLoopGroup;
import io.netty.channel.socket.nio.NioServerSocketChannel;
import io.netty.handler.ssl.Ciphers;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SslProtocols;
import io.netty.util.concurrent.FastThreadLocalThread;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/paremus/dosgi/net/server/ServerConnectionManager.class */
public class ServerConnectionManager {
    private static final Logger LOG = LoggerFactory.getLogger(ServerConnectionManager.class);
    private final EventLoopGroup serverIo;
    private final AtomicInteger ioThreadId = new AtomicInteger(1);
    private final ByteBufAllocator allocator;
    private final EncodingSchemeFactory esf;
    private final List<RemotingProviderImpl> configuredTransports;

    public ServerConnectionManager(Config config, EncodingSchemeFactory encodingSchemeFactory, ByteBufAllocator byteBufAllocator) {
        this.esf = encodingSchemeFactory;
        this.allocator = byteBufAllocator;
        this.serverIo = new NioEventLoopGroup(config.server_io_threads(), runnable -> {
            FastThreadLocalThread fastThreadLocalThread = new FastThreadLocalThread(runnable, "Paremus RSA distribution server IO: " + this.ioThreadId.getAndIncrement());
            fastThreadLocalThread.setDaemon(true);
            return fastThreadLocalThread;
        });
        try {
            InetAddress byName = InetAddress.getByName(config.server_bind_address());
            this.configuredTransports = (List) config.server_protocols().stream().filter(protocolScheme -> {
                if (config.allow_insecure_transports() || protocolScheme.getProtocol().isSecure()) {
                    return true;
                }
                LOG.warn("The server transport {} is not permitted because it is insecure and insecure transports are not enabled.", protocolScheme.getProtocol());
                return false;
            }).map(protocolScheme2 -> {
                return createProviderFor(protocolScheme2, byName);
            }).filter(remotingProviderImpl -> {
                return remotingProviderImpl != null;
            }).collect(Collectors.toList());
            if (this.configuredTransports.isEmpty()) {
                LOG.error("There are no server transports available for this provider. Please check the configuration {}", config.server_protocols());
            }
        } catch (UnknownHostException e) {
            throw new IllegalArgumentException("The default bind address " + config.server_bind_address() + " is not valid.");
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:2:0x0050. Please report as an issue. */
    /* JADX WARN: Type inference failed for: r0v32, types: [io.netty.channel.ChannelFuture] */
    private RemotingProviderImpl createProviderFor(ProtocolScheme protocolScheme, InetAddress inetAddress) {
        ServerBootstrap serverBootstrap = new ServerBootstrap();
        serverBootstrap.group(this.serverIo).option(ChannelOption.ALLOCATOR, this.allocator).option(ChannelOption.SO_SNDBUF, Integer.valueOf(protocolScheme.getSendBufferSize())).option(ChannelOption.SO_RCVBUF, Integer.valueOf(protocolScheme.getReceiveBufferSize()));
        Consumer consumer = channel -> {
        };
        boolean z = false;
        switch (protocolScheme.getProtocol()) {
            case TCP_CLIENT_AUTH:
                z = true;
            case TCP_TLS:
                boolean z2 = z;
                KeyManagerFactory sSLKeyManagerFactory = this.esf.getSSLKeyManagerFactory();
                TrustManagerFactory sSLTrustManagerFactory = this.esf.getSSLTrustManagerFactory();
                if (sSLTrustManagerFactory == null || (z2 && sSLKeyManagerFactory == null)) {
                    LOG.error("The secure transport {} cannot be configured as the necessary certificate configuration is unavailable. Please check the configuration of the com.paremus.net.encode provider.", protocolScheme.getProtocol());
                    return null;
                }
                consumer = consumer.andThen(channel2 -> {
                    String str = (String) protocolScheme.getOption("ciphers", String.class);
                    String str2 = str == null ? Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : str;
                    String str3 = ((String) protocolScheme.getOption("protocols", String.class)) == null ? SslProtocols.TLS_v1_2 : str2;
                    try {
                        SSLEngine newEngine = SslContextBuilder.forServer(sSLKeyManagerFactory).trustManager(sSLTrustManagerFactory).ciphers(Arrays.asList(str2.split(","))).build().newEngine(this.allocator);
                        newEngine.setWantClientAuth(z2);
                        newEngine.setNeedClientAuth(z2);
                        newEngine.setEnabledProtocols(str3.split(","));
                        channel2.pipeline().addLast(new SslHandler(newEngine));
                    } catch (Exception e) {
                        throw new RuntimeException("Unable to create the SSL Engine", e);
                    }
                });
                break;
            case TCP:
                serverBootstrap.channel(NioServerSocketChannel.class).option(ChannelOption.SO_BACKLOG, 128).childOption(ChannelOption.SO_KEEPALIVE, true).childOption(ChannelOption.TCP_NODELAY, (Boolean) protocolScheme.getOption("nodelay", Boolean.class));
                Consumer andThen = consumer.andThen(channel3 -> {
                    channel3.pipeline().addLast(new LengthFieldPopulator());
                    channel3.pipeline().addLast(new VersionCheckingLengthFieldBasedFrameDecoder(16777216, 1, 3));
                });
                ServerRequestHandler serverRequestHandler = new ServerRequestHandler(protocolScheme);
                final DefaultChannelGroup defaultChannelGroup = new DefaultChannelGroup(this.serverIo.next());
                final Consumer andThen2 = andThen.andThen(channel4 -> {
                    channel4.pipeline().addLast(serverRequestHandler);
                });
                serverBootstrap.childHandler(new ChannelInitializer<Channel>() { // from class: com.paremus.dosgi.net.server.ServerConnectionManager.1
                    @Override // io.netty.channel.ChannelInitializer
                    protected void initChannel(Channel channel5) throws Exception {
                        andThen2.accept(channel5);
                        defaultChannelGroup.add(channel5);
                    }
                });
                try {
                    Channel channel5 = serverBootstrap.bind(protocolScheme.getBindAddress() == null ? inetAddress : protocolScheme.getBindAddress(), protocolScheme.getPort()).sync2().channel();
                    defaultChannelGroup.add((DefaultChannelGroup) channel5);
                    return new RemotingProviderImpl(protocolScheme.getProtocol().isSecure(), protocolScheme.getProtocol().getUriScheme(), serverRequestHandler, channel5, defaultChannelGroup);
                } catch (InterruptedException e) {
                    LOG.warn("Interruped while configuring the transport {} with configuration {}", protocolScheme.getProtocol(), protocolScheme.getConfigurationString());
                    throw new RuntimeException(e);
                }
            default:
                throw new IllegalArgumentException("No support for protocol " + protocolScheme.getProtocol());
        }
    }

    public List<? extends RemotingProvider> getConfiguredProviders() {
        return this.configuredTransports;
    }

    public void close() {
        this.configuredTransports.stream().forEach((v0) -> {
            v0.close();
        });
        try {
            this.serverIo.shutdownGracefully(250L, 1000L, TimeUnit.MILLISECONDS).await(2000L);
        } catch (InterruptedException e) {
            e.printStackTrace();
        }
    }
}
