package org.mockserver.netty.unification;

import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelPipeline;
import io.netty.handler.codec.ReplayingDecoder;
import io.netty.handler.codec.http.HttpContentDecompressor;
import io.netty.handler.codec.http.HttpObjectAggregator;
import io.netty.handler.codec.http.HttpServerCodec;
import io.netty.handler.codec.socksx.v4.Socks4ServerDecoder;
import io.netty.handler.codec.socksx.v4.Socks4ServerEncoder;
import io.netty.handler.codec.socksx.v5.Socks5InitialRequestDecoder;
import io.netty.handler.codec.socksx.v5.Socks5ServerEncoder;
import io.netty.handler.ssl.SslHandler;
import io.netty.util.AttributeKey;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.lang3.StringUtils;
import org.mockserver.character.Character;
import org.mockserver.closurecallback.websocketregistry.CallbackWebSocketServerHandler;
import org.mockserver.codec.MockServerHttpServerCodec;
import org.mockserver.configuration.ConfigurationProperties;
import org.mockserver.dashboard.DashboardWebSocketHandler;
import org.mockserver.exception.ExceptionHandling;
import org.mockserver.lifecycle.LifeCycle;
import org.mockserver.log.model.LogEntry;
import org.mockserver.logging.LoggingHandler;
import org.mockserver.logging.MockServerLogger;
import org.mockserver.mappers.MockServerHttpResponseToFullHttpResponse;
import org.mockserver.mock.HttpState;
import org.mockserver.mock.action.http.HttpActionHandler;
import org.mockserver.model.HttpResponse;
import org.mockserver.netty.HttpRequestHandler;
import org.mockserver.netty.proxy.BinaryHandler;
import org.mockserver.netty.proxy.relay.RelayConnectHandler;
import org.mockserver.netty.proxy.socks.Socks4ProxyHandler;
import org.mockserver.netty.proxy.socks.Socks5ProxyHandler;
import org.mockserver.netty.proxy.socks.SocksDetector;
import org.mockserver.socket.tls.NettySslContextFactory;
import org.mockserver.socket.tls.SniHandler;
import org.slf4j.event.Level;

/* loaded from: input_file:org/mockserver/netty/unification/PortUnificationHandler.class */
public class PortUnificationHandler extends ReplayingDecoder<Void> {
    private static final AttributeKey<Boolean> SSL_ENABLED_UPSTREAM = AttributeKey.valueOf("PROXY_SSL_ENABLED_UPSTREAM");
    private static final AttributeKey<Boolean> SSL_ENABLED_DOWNSTREAM = AttributeKey.valueOf("SSL_ENABLED_DOWNSTREAM");
    private static final AttributeKey<NettySslContextFactory> NETTY_SSL_CONTEXT_FACTORY = AttributeKey.valueOf("NETTY_SSL_CONTEXT_FACTORY");
    private static final Map<PortBinding, Set<String>> localAddressesCache = new ConcurrentHashMap();
    protected final MockServerLogger mockServerLogger;
    private final LoggingHandler loggingHandlerFirst = new LoggingHandler(PortUnificationHandler.class.getSimpleName() + "-first");
    private final LoggingHandler loggingHandlerLast = new LoggingHandler(PortUnificationHandler.class.getSimpleName() + "-last");
    private final HttpContentLengthRemover httpContentLengthRemover = new HttpContentLengthRemover();
    private final LifeCycle server;
    private final HttpState httpStateHandler;
    private final HttpActionHandler actionHandler;
    private final NettySslContextFactory nettySslContextFactory;
    private final MockServerHttpResponseToFullHttpResponse mockServerHttpResponseToFullHttpResponse;

    public PortUnificationHandler(LifeCycle lifeCycle, HttpState httpState, HttpActionHandler httpActionHandler, NettySslContextFactory nettySslContextFactory) {
        this.server = lifeCycle;
        this.mockServerLogger = httpState.getMockServerLogger();
        this.httpStateHandler = httpState;
        this.actionHandler = httpActionHandler;
        this.nettySslContextFactory = nettySslContextFactory;
        this.mockServerHttpResponseToFullHttpResponse = new MockServerHttpResponseToFullHttpResponse(this.mockServerLogger);
    }

    public static NettySslContextFactory nettySslContextFactory(Channel channel) {
        if (channel.attr(NETTY_SSL_CONTEXT_FACTORY).get() != null) {
            return (NettySslContextFactory) channel.attr(NETTY_SSL_CONTEXT_FACTORY).get();
        }
        throw new RuntimeException("NettySslContextFactory not yet initialised for channel " + channel);
    }

    public static void enableSslUpstreamAndDownstream(Channel channel) {
        channel.attr(SSL_ENABLED_UPSTREAM).set(Boolean.TRUE);
        channel.attr(SSL_ENABLED_DOWNSTREAM).set(Boolean.TRUE);
    }

    public static boolean isSslEnabledUpstream(Channel channel) {
        if (channel.attr(SSL_ENABLED_UPSTREAM).get() != null) {
            return ((Boolean) channel.attr(SSL_ENABLED_UPSTREAM).get()).booleanValue();
        }
        return false;
    }

    public static void enableSslDownstream(Channel channel) {
        channel.attr(SSL_ENABLED_DOWNSTREAM).set(Boolean.TRUE);
    }

    public static void disableSslDownstream(Channel channel) {
        channel.attr(SSL_ENABLED_DOWNSTREAM).set(Boolean.FALSE);
    }

    public static boolean isSslEnabledDownstream(Channel channel) {
        if (channel.attr(SSL_ENABLED_DOWNSTREAM).get() != null) {
            return ((Boolean) channel.attr(SSL_ENABLED_DOWNSTREAM).get()).booleanValue();
        }
        return false;
    }

    protected void decode(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, List<Object> list) {
        channelHandlerContext.channel().attr(NETTY_SSL_CONTEXT_FACTORY).set(this.nettySslContextFactory);
        if (SocksDetector.isSocks4(byteBuf, actualReadableBytes())) {
            logStage(channelHandlerContext, "adding SOCKS4 decoders");
            enableSocks4(channelHandlerContext, byteBuf);
        } else if (SocksDetector.isSocks5(byteBuf, actualReadableBytes())) {
            logStage(channelHandlerContext, "adding SOCKS5 decoders");
            enableSocks5(channelHandlerContext, byteBuf);
        } else if (isTls(byteBuf)) {
            logStage(channelHandlerContext, "adding TLS decoders");
            enableTls(channelHandlerContext, byteBuf);
        } else if (isHttp(byteBuf)) {
            logStage(channelHandlerContext, "adding HTTP decoders");
            switchToHttp(channelHandlerContext, byteBuf);
        } else if (isProxyConnected(byteBuf)) {
            logStage(channelHandlerContext, "setting proxy connected");
            switchToProxyConnected(channelHandlerContext, byteBuf);
        } else {
            logStage(channelHandlerContext, "adding binary decoder");
            switchToBinary(channelHandlerContext, byteBuf);
        }
        if (MockServerLogger.isEnabled(Level.TRACE)) {
            this.loggingHandlerFirst.addLoggingHandler(channelHandlerContext);
        }
        if (MockServerLogger.isEnabled(Level.TRACE)) {
            channelHandlerContext.pipeline().addLast(new ChannelHandler[]{this.loggingHandlerLast});
        }
    }

    private void logStage(ChannelHandlerContext channelHandlerContext, String str) {
        if (MockServerLogger.isEnabled(Level.TRACE)) {
            this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.TRACE).setMessageFormat(str + " for channel:{}pipeline:{}").setArguments(new Object[]{channelHandlerContext.channel().toString(), channelHandlerContext.pipeline().names()}));
        }
    }

    private void enableSocks4(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) {
        enableSocks(channelHandlerContext, byteBuf, new Socks4ServerDecoder(), new Socks4ProxyHandler(this.server, this.mockServerLogger), Socks4ServerEncoder.INSTANCE);
    }

    private void enableSocks5(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) {
        enableSocks(channelHandlerContext, byteBuf, new Socks5InitialRequestDecoder(), new Socks5ProxyHandler(this.server, this.mockServerLogger), Socks5ServerEncoder.DEFAULT);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void enableSocks(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, ReplayingDecoder<?> replayingDecoder, ChannelHandler... channelHandlerArr) {
        ChannelPipeline pipeline = channelHandlerContext.pipeline();
        for (ChannelHandler channelHandler : channelHandlerArr) {
            if (isSslEnabledUpstream(channelHandlerContext.channel())) {
                pipeline.addAfter(SslHandler.class.getName(), (String) null, channelHandler);
            } else {
                pipeline.addFirst(new ChannelHandler[]{channelHandler});
            }
        }
        pipeline.addFirst(new ChannelHandler[]{replayingDecoder});
        channelHandlerContext.channel().attr(HttpRequestHandler.PROXYING).set(Boolean.TRUE);
        channelHandlerContext.pipeline().fireChannelRead(byteBuf.readBytes(actualReadableBytes()));
    }

    private boolean isTls(ByteBuf byteBuf) {
        return SslHandler.isEncrypted(byteBuf);
    }

    private void enableTls(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) {
        channelHandlerContext.pipeline().addFirst(new ChannelHandler[]{new SniHandler(this.nettySslContextFactory)});
        enableSslUpstreamAndDownstream(channelHandlerContext.channel());
        channelHandlerContext.pipeline().fireChannelRead(byteBuf.readBytes(actualReadableBytes()));
    }

    private boolean isHttp(ByteBuf byteBuf) {
        String byteBuf2 = byteBuf.toString(byteBuf.readerIndex(), 8, StandardCharsets.US_ASCII);
        return byteBuf2.startsWith("GET ") || byteBuf2.startsWith("POST ") || byteBuf2.startsWith("PUT ") || byteBuf2.startsWith("HEAD ") || byteBuf2.startsWith("OPTIONS ") || byteBuf2.startsWith("PATCH ") || byteBuf2.startsWith("DELETE ") || byteBuf2.startsWith("TRACE ") || byteBuf2.startsWith("CONNECT ");
    }

    private void switchToHttp(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) {
        ChannelPipeline pipeline = channelHandlerContext.pipeline();
        addLastIfNotPresent(pipeline, new HttpServerCodec(ConfigurationProperties.maxInitialLineLength(), ConfigurationProperties.maxHeaderSize(), ConfigurationProperties.maxChunkSize()));
        addLastIfNotPresent(pipeline, new HttpContentDecompressor());
        addLastIfNotPresent(pipeline, this.httpContentLengthRemover);
        addLastIfNotPresent(pipeline, new HttpObjectAggregator(Integer.MAX_VALUE));
        if (ConfigurationProperties.tlsMutualAuthenticationRequired() && !isSslEnabledUpstream(channelHandlerContext.channel())) {
            HttpResponse withHeader = HttpResponse.response().withStatusCode(426).withHeader("Upgrade", new String[]{"TLS/1.2, HTTP/1.1"}).withHeader("Connection", new String[]{"Upgrade"});
            if (MockServerLogger.isEnabled(Level.INFO)) {
                this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.INFO).setMessageFormat("no tls for connection:{}returning response:{}").setArguments(new Object[]{channelHandlerContext.channel().localAddress(), withHeader}));
            }
            channelHandlerContext.channel().writeAndFlush(this.mockServerHttpResponseToFullHttpResponse.mapMockServerResponseToNettyResponse(withHeader).get(0)).addListener(channelFuture -> {
                channelFuture.channel().disconnect().awaitUninterruptibly();
            });
            return;
        }
        addLastIfNotPresent(pipeline, new CallbackWebSocketServerHandler(this.httpStateHandler));
        addLastIfNotPresent(pipeline, new DashboardWebSocketHandler(this.httpStateHandler, isSslEnabledUpstream(channelHandlerContext.channel()), false));
        addLastIfNotPresent(pipeline, new MockServerHttpServerCodec(this.mockServerLogger, isSslEnabledUpstream(channelHandlerContext.channel()), channelHandlerContext.channel().localAddress()));
        addLastIfNotPresent(pipeline, new HttpRequestHandler(this.server, this.httpStateHandler, this.actionHandler));
        pipeline.remove(this);
        channelHandlerContext.channel().attr(HttpRequestHandler.LOCAL_HOST_HEADERS).set(getLocalAddresses(channelHandlerContext));
        channelHandlerContext.fireChannelRead(byteBuf.readBytes(actualReadableBytes()));
    }

    private boolean isProxyConnected(ByteBuf byteBuf) {
        return byteBuf.toString(byteBuf.readerIndex(), 8, StandardCharsets.US_ASCII).startsWith(RelayConnectHandler.PROXIED);
    }

    private void switchToProxyConnected(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) {
        String readMessage = readMessage(byteBuf);
        if (readMessage.startsWith(RelayConnectHandler.PROXIED_SECURE)) {
            String[] split = StringUtils.substringAfter(readMessage, RelayConnectHandler.PROXIED_SECURE).split(":");
            int parseInt = split.length > 1 ? Integer.parseInt(split[1]) : 443;
            channelHandlerContext.channel().attr(HttpRequestHandler.PROXYING).set(Boolean.TRUE);
            channelHandlerContext.channel().attr(HttpActionHandler.REMOTE_SOCKET).set(new InetSocketAddress(split[0], parseInt));
            enableSslUpstreamAndDownstream(channelHandlerContext.channel());
            channelHandlerContext.channel().attr(HttpRequestHandler.PROXYING).set(Boolean.TRUE);
            channelHandlerContext.channel().attr(HttpActionHandler.REMOTE_SOCKET).set(new InetSocketAddress(split[0], parseInt));
        } else if (readMessage.startsWith(RelayConnectHandler.PROXIED)) {
            String[] split2 = StringUtils.substringAfter(readMessage, RelayConnectHandler.PROXIED).split(":");
            int parseInt2 = split2.length > 1 ? Integer.parseInt(split2[1]) : 80;
            channelHandlerContext.channel().attr(HttpRequestHandler.PROXYING).set(Boolean.TRUE);
            channelHandlerContext.channel().attr(HttpActionHandler.REMOTE_SOCKET).set(new InetSocketAddress(split2[0], parseInt2));
        }
        channelHandlerContext.writeAndFlush(Unpooled.copiedBuffer((RelayConnectHandler.PROXIED_RESPONSE + readMessage).getBytes(StandardCharsets.UTF_8))).awaitUninterruptibly();
    }

    private String readMessage(ByteBuf byteBuf) {
        byte[] bArr = new byte[actualReadableBytes()];
        byteBuf.readBytes(bArr);
        return new String(bArr, StandardCharsets.US_ASCII);
    }

    private void switchToBinary(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) {
        addLastIfNotPresent(channelHandlerContext.pipeline(), new BinaryHandler(this.httpStateHandler.getMockServerLogger(), this.httpStateHandler.getScheduler(), this.actionHandler.getHttpClient()));
        channelHandlerContext.fireChannelRead(byteBuf.readBytes(actualReadableBytes()));
    }

    private Set<String> getLocalAddresses(ChannelHandlerContext channelHandlerContext) {
        SocketAddress localAddress = channelHandlerContext.channel().localAddress();
        Set<String> set = null;
        if (localAddress instanceof InetSocketAddress) {
            InetSocketAddress inetSocketAddress = (InetSocketAddress) localAddress;
            String calculatePortExtension = calculatePortExtension(inetSocketAddress, isSslEnabledUpstream(channelHandlerContext.channel()));
            PortBinding portBinding = new PortBinding(inetSocketAddress, calculatePortExtension);
            set = localAddressesCache.get(portBinding);
            if (set == null) {
                set = calculateLocalAddresses(inetSocketAddress, calculatePortExtension);
                localAddressesCache.put(portBinding, set);
            }
        }
        return set == null ? Collections.emptySet() : set;
    }

    private String calculatePortExtension(InetSocketAddress inetSocketAddress, boolean z) {
        return (!(inetSocketAddress.getPort() == 443 && z) && (inetSocketAddress.getPort() != 80 || z)) ? ":" + inetSocketAddress.getPort() : "";
    }

    private Set<String> calculateLocalAddresses(InetSocketAddress inetSocketAddress, String str) {
        InetAddress address = inetSocketAddress.getAddress();
        HashSet hashSet = new HashSet();
        hashSet.add(address.getHostAddress() + str);
        hashSet.add(address.getCanonicalHostName() + str);
        hashSet.add(address.getHostName() + str);
        hashSet.add("localhost" + str);
        hashSet.add("127.0.0.1" + str);
        return Collections.unmodifiableSet(hashSet);
    }

    private void addLastIfNotPresent(ChannelPipeline channelPipeline, ChannelHandler channelHandler) {
        if (channelPipeline.get(channelHandler.getClass()) == null) {
            channelPipeline.addLast(new ChannelHandler[]{channelHandler});
        }
    }

    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) {
        if (ExceptionHandling.connectionClosedException(th)) {
            this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.ERROR).setMessageFormat("exception caught by port unification handler -> closing pipeline " + channelHandlerContext.channel()).setThrowable(th));
        } else if (ExceptionHandling.sslHandshakeException(th)) {
            if (th.getMessage().contains("certificate_unknown")) {
                if (MockServerLogger.isEnabled(Level.WARN)) {
                    this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.WARN).setMessageFormat("TSL handshake failure:" + Character.NEW_LINE + Character.NEW_LINE + " Client does not trust MockServer Certificate Authority for:{}See http://mock-server.com/mock_server/HTTPS_TLS.html to enable the client to trust MocksServer Certificate Authority." + Character.NEW_LINE).setArguments(new Object[]{channelHandlerContext.channel()}));
                }
            } else if (!th.getMessage().contains("close_notify during handshake")) {
                this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.ERROR).setMessageFormat("TSL handshake failure while a client attempted to connect to " + channelHandlerContext.channel()).setThrowable(th));
            }
        }
        ExceptionHandling.closeOnFlush(channelHandlerContext.channel());
    }
}
