package de.gematik.test.tiger.mockserver.netty.unification;

import de.gematik.test.tiger.mockserver.character.Character;
import de.gematik.test.tiger.mockserver.codec.MockServerHttpServerCodec;
import de.gematik.test.tiger.mockserver.configuration.MockServerConfiguration;
import de.gematik.test.tiger.mockserver.exception.ExceptionHandling;
import de.gematik.test.tiger.mockserver.httpclient.BinaryBridgeHandler;
import de.gematik.test.tiger.mockserver.httpclient.NettyHttpClient;
import de.gematik.test.tiger.mockserver.mock.HttpState;
import de.gematik.test.tiger.mockserver.mock.action.http.HttpActionHandler;
import de.gematik.test.tiger.mockserver.netty.HttpRequestHandler;
import de.gematik.test.tiger.mockserver.netty.MockServer;
import de.gematik.test.tiger.mockserver.netty.proxy.BinaryHandler;
import de.gematik.test.tiger.mockserver.netty.proxy.relay.RelayConnectHandler;
import de.gematik.test.tiger.mockserver.socket.tls.NettySslContextFactory;
import de.gematik.test.tiger.mockserver.socket.tls.SniHandler;
import de.gematik.test.tiger.proxy.data.TigerConnectionStatus;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelPipeline;
import io.netty.handler.codec.ReplayingDecoder;
import io.netty.handler.codec.http.HttpContentDecompressor;
import io.netty.handler.codec.http.HttpObjectAggregator;
import io.netty.handler.codec.http.HttpServerCodec;
import io.netty.handler.ssl.SslHandler;
import io.netty.util.AttributeKey;
import io.netty.util.Signal;
import io.netty.util.concurrent.Future;
import io.netty.util.concurrent.GenericFutureListener;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/classes/de/gematik/test/tiger/mockserver/netty/unification/PortUnificationHandler.class */
public class PortUnificationHandler extends ReplayingDecoder<Void> {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) PortUnificationHandler.class);
    public static final AttributeKey<Boolean> TLS_ENABLED_UPSTREAM = AttributeKey.valueOf("TLS_ENABLED_UPSTREAM");
    public static final AttributeKey<Boolean> TLS_ENABLED_DOWNSTREAM = AttributeKey.valueOf("TLS_ENABLED_DOWNSTREAM");
    private static final Map<PortBinding, Set<String>> localAddressesCache = new ConcurrentHashMap();
    private final HttpContentLengthRemover httpContentLengthRemover = new HttpContentLengthRemover();
    private final MockServerConfiguration configuration;
    private final MockServer server;
    private final HttpState httpState;
    private final HttpActionHandler actionHandler;

    public PortUnificationHandler(MockServerConfiguration mockServerConfiguration, MockServer mockServer, HttpState httpState, HttpActionHandler httpActionHandler) {
        this.configuration = mockServerConfiguration;
        this.server = mockServer;
        this.httpState = httpState;
        this.actionHandler = httpActionHandler;
    }

    private void performConnectionToRemote(ChannelHandlerContext channelHandlerContext) {
        Channel channel = channelHandlerContext.channel();
        if (channel.attr(BinaryBridgeHandler.OUTGOING_CHANNEL).get() != null || this.configuration.binaryProxyListener() == null) {
            log.trace("already connected to remote server or no binary proxy listener");
            return;
        }
        log.trace("enabling connection to remote server");
        InetSocketAddress remoteAddress = HttpActionHandler.getRemoteAddress(channelHandlerContext);
        NettyHttpClient httpClient = this.actionHandler.getHttpClient();
        httpClient.getClientBootstrapFactory().configureChannel().isSecure(isSslEnabledUpstream(channel)).incomingChannel(channel).remoteAddress(remoteAddress).clientInitializer(httpClient.createClientInitializer(null)).eventLoopGroup(channel.eventLoop()).errorIfChannelClosedWithoutResponse(false).connectToChannel().addListener2((GenericFutureListener<? extends Future<? super Void>>) channelFuture -> {
            channel.attr(BinaryBridgeHandler.OUTGOING_CHANNEL).set(channelFuture.channel());
            channelFuture.channel().attr(BinaryBridgeHandler.INCOMING_CHANNEL).set(channel);
            if (channelFuture.isSuccess()) {
                return;
            }
            log.error("Failed to connect to {}", remoteAddress, channelFuture.cause());
        });
    }

    public NettySslContextFactory nettySslContextFactory(boolean z) {
        return z ? this.server.getServerSslContextFactory() : this.server.getClientSslContextFactory();
    }

    public static void enableSslUpstreamAndDownstream(Channel channel) {
        channel.attr(TLS_ENABLED_UPSTREAM).set(Boolean.TRUE);
        channel.attr(TLS_ENABLED_DOWNSTREAM).set(Boolean.TRUE);
    }

    public static boolean isSslEnabledUpstream(Channel channel) {
        if (channel.attr(TLS_ENABLED_UPSTREAM).get() != null) {
            return ((Boolean) channel.attr(TLS_ENABLED_UPSTREAM).get()).booleanValue();
        }
        return false;
    }

    public static boolean isSslEnabledDownstream(Channel channel) {
        if (channel.attr(TLS_ENABLED_DOWNSTREAM).get() != null) {
            return ((Boolean) channel.attr(TLS_ENABLED_DOWNSTREAM).get()).booleanValue();
        }
        return false;
    }

    @Override // io.netty.handler.codec.ByteToMessageDecoder
    protected void decode(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, List<Object> list) {
        if (isTls(byteBuf) && this.configuration.enableTlsTermination()) {
            logStage(channelHandlerContext, "adding TLS decoders");
            enableTls(channelHandlerContext, byteBuf);
            performConnectionToRemote(channelHandlerContext);
            return;
        }
        performConnectionToRemote(channelHandlerContext);
        if (this.configuration.binaryProxyListener() != null) {
            logStage(channelHandlerContext, "adding binary decoder");
            switchToBinary(channelHandlerContext, byteBuf);
        } else if (isHttp(byteBuf)) {
            logStage(channelHandlerContext, "adding HTTP decoders");
            switchToHttp(channelHandlerContext, byteBuf);
        } else if (isProxyConnected(byteBuf)) {
            logStage(channelHandlerContext, "setting proxy connected");
            switchToProxyConnected(channelHandlerContext, byteBuf);
        }
    }

    private void logStage(ChannelHandlerContext channelHandlerContext, String str) {
        if (log.isTraceEnabled()) {
            log.trace(str + " for channel:{}pipeline:{}", channelHandlerContext.channel().toString(), channelHandlerContext.pipeline().names());
        }
    }

    private boolean isTls(ByteBuf byteBuf) {
        try {
            return SslHandler.isEncrypted(byteBuf);
        } catch (Signal e) {
            return false;
        }
    }

    private void enableTls(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) {
        ChannelPipeline pipeline = channelHandlerContext.pipeline();
        this.server.addConnectionWithStatus(channelHandlerContext.channel().remoteAddress(), TigerConnectionStatus.OPEN_TLS);
        pipeline.addFirst(new SniHandler(this.configuration, nettySslContextFactory(true)));
        enableSslUpstreamAndDownstream(channelHandlerContext.channel());
        channelHandlerContext.pipeline().fireChannelRead((Object) byteBuf.readBytes(actualReadableBytes()));
    }

    private boolean isHttp(ByteBuf byteBuf) {
        if (byteBuf.writerIndex() < 8) {
            return false;
        }
        String byteBuf2 = byteBuf.toString(byteBuf.readerIndex(), 8, StandardCharsets.US_ASCII);
        return byteBuf2.startsWith("GET ") || byteBuf2.startsWith("POST ") || byteBuf2.startsWith("PUT ") || byteBuf2.startsWith("HEAD ") || byteBuf2.startsWith("OPTIONS ") || byteBuf2.startsWith("PATCH ") || byteBuf2.startsWith("DELETE ") || byteBuf2.startsWith("TRACE ") || byteBuf2.startsWith("CONNECT ");
    }

    private void switchToHttp(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) {
        ChannelPipeline pipeline = channelHandlerContext.pipeline();
        addLastIfNotPresent(pipeline, new HttpServerCodec(this.configuration.maxInitialLineLength().intValue(), this.configuration.maxHeaderSize().intValue(), this.configuration.maxChunkSize().intValue()));
        addLastIfNotPresent(pipeline, new HttpContentDecompressor());
        addLastIfNotPresent(pipeline, this.httpContentLengthRemover);
        addLastIfNotPresent(pipeline, new HttpObjectAggregator(Integer.MAX_VALUE));
        addLastIfNotPresent(pipeline, new MockServerHttpServerCodec(this.configuration, isSslEnabledUpstream(channelHandlerContext.channel()), SniHandler.retrieveClientCertificates(channelHandlerContext), channelHandlerContext.channel().localAddress()));
        addLastIfNotPresent(pipeline, new HttpRequestHandler(this.configuration, this.server, this.httpState, this.actionHandler));
        pipeline.remove(this);
        channelHandlerContext.channel().attr(HttpRequestHandler.LOCAL_HOST_HEADERS).set(getLocalAddresses(channelHandlerContext));
        channelHandlerContext.fireChannelRead((Object) byteBuf.readBytes(actualReadableBytes()));
    }

    private boolean isProxyConnected(ByteBuf byteBuf) {
        if (byteBuf.writerIndex() < 8) {
            return false;
        }
        return byteBuf.toString(byteBuf.readerIndex(), 8, StandardCharsets.US_ASCII).startsWith(RelayConnectHandler.PROXIED);
    }

    private void switchToProxyConnected(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) {
        String readMessage = readMessage(byteBuf);
        if (readMessage.startsWith(RelayConnectHandler.PROXIED_SECURE)) {
            String[] split = StringUtils.substringAfter(readMessage, RelayConnectHandler.PROXIED_SECURE).split(":");
            int parseInt = split.length > 1 ? Integer.parseInt(split[1]) : 443;
            enableSslUpstreamAndDownstream(channelHandlerContext.channel());
            channelHandlerContext.channel().attr(HttpRequestHandler.PROXYING).set(Boolean.TRUE);
            channelHandlerContext.channel().attr(HttpActionHandler.REMOTE_SOCKET).set(new InetSocketAddress(split[0], parseInt));
        } else if (readMessage.startsWith(RelayConnectHandler.PROXIED)) {
            String[] split2 = StringUtils.substringAfter(readMessage, RelayConnectHandler.PROXIED).split(":");
            int parseInt2 = split2.length > 1 ? Integer.parseInt(split2[1]) : 80;
            channelHandlerContext.channel().attr(HttpRequestHandler.PROXYING).set(Boolean.TRUE);
            channelHandlerContext.channel().attr(HttpActionHandler.REMOTE_SOCKET).set(new InetSocketAddress(split2[0], parseInt2));
        }
        channelHandlerContext.writeAndFlush(Unpooled.copiedBuffer(("PROXIED_RESPONSE_" + readMessage).getBytes(StandardCharsets.UTF_8))).awaitUninterruptibly2();
    }

    private String readMessage(ByteBuf byteBuf) {
        byte[] bArr = new byte[actualReadableBytes()];
        byteBuf.readBytes(bArr);
        return new String(bArr, StandardCharsets.US_ASCII);
    }

    private void switchToBinary(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) {
        addLastIfNotPresent(channelHandlerContext.pipeline(), new BinaryHandler(this.configuration, this.actionHandler.getHttpClient()));
        channelHandlerContext.pipeline().remove(this);
        channelHandlerContext.fireChannelRead((Object) byteBuf.readBytes(actualReadableBytes()));
    }

    private Set<String> getLocalAddresses(ChannelHandlerContext channelHandlerContext) {
        SocketAddress localAddress = channelHandlerContext.channel().localAddress();
        Set<String> set = null;
        if (localAddress instanceof InetSocketAddress) {
            InetSocketAddress inetSocketAddress = (InetSocketAddress) localAddress;
            String calculatePortExtension = calculatePortExtension(inetSocketAddress, isSslEnabledUpstream(channelHandlerContext.channel()));
            PortBinding portBinding = new PortBinding(inetSocketAddress, calculatePortExtension);
            set = localAddressesCache.get(portBinding);
            if (set == null) {
                set = calculateLocalAddresses(inetSocketAddress, calculatePortExtension);
                localAddressesCache.put(portBinding, set);
            }
        }
        return set == null ? Collections.emptySet() : set;
    }

    private String calculatePortExtension(InetSocketAddress inetSocketAddress, boolean z) {
        return (!(inetSocketAddress.getPort() == 443 && z) && (inetSocketAddress.getPort() != 80 || z)) ? ":" + inetSocketAddress.getPort() : "";
    }

    private Set<String> calculateLocalAddresses(InetSocketAddress inetSocketAddress, String str) {
        InetAddress address = inetSocketAddress.getAddress();
        HashSet hashSet = new HashSet();
        hashSet.add(address.getHostAddress() + str);
        hashSet.add(address.getCanonicalHostName() + str);
        hashSet.add(address.getHostName() + str);
        hashSet.add("localhost" + str);
        hashSet.add("127.0.0.1" + str);
        return Collections.unmodifiableSet(hashSet);
    }

    private void addLastIfNotPresent(ChannelPipeline channelPipeline, ChannelHandler channelHandler) {
        if (channelPipeline.get(channelHandler.getClass()) == null) {
            channelPipeline.addLast(channelHandler);
        }
    }

    @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelHandlerAdapter, io.netty.channel.ChannelHandler, io.netty.channel.ChannelInboundHandler
    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) {
        if (ExceptionHandling.connectionClosedException(th)) {
            log.error("exception caught by port unification handler -> closing pipeline {}", channelHandlerContext.channel(), th);
        } else if (ExceptionHandling.sslHandshakeException(th)) {
            if (th.getMessage().contains("certificate_unknown")) {
                log.warn("TLS handshake failure:" + Character.NEW_LINE + Character.NEW_LINE + " Client does not trust MockServer Certificate Authority for:{}See http://mock-server.com/mock_server/HTTPS_TLS.html to enable the client to trust MocksServer Certificate Authority." + Character.NEW_LINE, channelHandlerContext.channel());
            } else if (!th.getMessage().contains("close_notify during handshake")) {
                log.error("TLS handshake failure while a client attempted to connect to {}", channelHandlerContext.channel(), th);
            }
        }
        ExceptionHandling.closeOnFlush(channelHandlerContext.channel());
    }
}
