package org.commonjava.indy.httprox.handler;

import com.rabbitmq.client.ConnectionFactory;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.URI;
import java.net.URL;
import java.nio.channels.SocketChannel;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import org.commonjava.indy.boot.PortFinder;
import org.commonjava.indy.core.ctl.ContentController;
import org.commonjava.indy.httprox.conf.HttproxConfig;
import org.commonjava.indy.httprox.util.CertUtils;
import org.commonjava.indy.httprox.util.CertificateAndKeys;
import org.commonjava.indy.httprox.util.HttpConduitWrapper;
import org.commonjava.indy.httprox.util.OutputStreamSinkChannel;
import org.commonjava.indy.httprox.util.ProxyResponseHelper;
import org.commonjava.indy.model.core.ArtifactStore;
import org.commonjava.indy.subsys.http.util.UserPass;
import org.commonjava.maven.galley.spi.cache.CacheProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/commonjava/indy/httprox/handler/ProxyMITMSSLServer.class */
public class ProxyMITMSSLServer implements Runnable {
    private static final int FIND_OPEN_PORT_MAX_RETRIES = 16;
    private static final int GET_SOCKET_CHANNEL_MAX_RETRIES = 32;
    private static final int GET_SOCKET_CHANNEL_WAIT_TIME_IN_MILLISECONDS = 500;
    private final String host;
    private final int port;
    private final HttproxConfig config;
    private volatile int serverPort;
    private final String trackingId;
    private final UserPass proxyUserPass;
    private final ContentController contentController;
    private final CacheProvider cacheProvider;
    private final ProxyResponseHelper proxyResponseHelper;
    private volatile boolean started;
    private volatile ServerSocket sslServerSocket;
    private volatile Socket socket;
    private static Map<String, KeyStore> keystoreMap = new ConcurrentHashMap();
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private char[] keystorePassword = "password".toCharArray();

    public ProxyMITMSSLServer(String str, int i, String str2, UserPass userPass, ProxyResponseHelper proxyResponseHelper, ContentController contentController, CacheProvider cacheProvider, HttproxConfig httproxConfig) {
        this.host = str;
        this.port = i;
        this.trackingId = str2;
        this.proxyUserPass = userPass;
        this.proxyResponseHelper = proxyResponseHelper;
        this.contentController = contentController;
        this.cacheProvider = cacheProvider;
        this.config = httproxConfig;
    }

    @Override // java.lang.Runnable
    public void run() {
        try {
            execute();
        } catch (Exception e) {
            this.logger.warn("Exception failed", (Throwable) e);
        }
    }

    private SSLServerSocketFactory getSSLServerSocketFactory(String str) throws Exception {
        AtomicReference atomicReference = new AtomicReference();
        KeyStore computeIfAbsent = keystoreMap.computeIfAbsent(str, str2 -> {
            try {
                return getKeyStore(str2);
            } catch (Exception e) {
                atomicReference.set(e);
                return null;
            }
        });
        if (computeIfAbsent == null || atomicReference.get() != null) {
            throw ((Exception) atomicReference.get());
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(computeIfAbsent, this.keystorePassword);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerFactory.getKeyManagers(), null, null);
        return sSLContext.getServerSocketFactory();
    }

    private KeyStore getKeyStore(String str) throws Exception {
        PrivateKey privateKey = CertUtils.getPrivateKey(this.config.getMITMCAKey());
        X509Certificate loadX509Certificate = CertUtils.loadX509Certificate(new File(this.config.getMITMCACert()));
        CertificateAndKeys createSignedCertificateAndKey = CertUtils.createSignedCertificateAndKey(this.config.getMITMDNTemplate().replace("<host>", str), loadX509Certificate, privateKey, false);
        Certificate certificate = createSignedCertificateAndKey.getCertificate();
        this.logger.debug("Create signed cert:\n" + certificate.toString());
        KeyStore createKeyStore = CertUtils.createKeyStore();
        createKeyStore.setKeyEntry(str, createSignedCertificateAndKey.getPrivateKey(), this.keystorePassword, new Certificate[]{certificate, loadX509Certificate});
        return createKeyStore;
    }

    private void execute() throws Exception {
        SSLServerSocketFactory sSLServerSocketFactory = getSSLServerSocketFactory(this.host);
        this.serverPort = PortFinder.findOpenPort(16);
        this.sslServerSocket = sSLServerSocketFactory.createServerSocket(this.serverPort);
        this.logger.debug("MITM server started, {}", this.sslServerSocket);
        this.started = true;
        this.socket = this.sslServerSocket.accept();
        this.socket.setSoTimeout((int) TimeUnit.MINUTES.toMillis(this.config.getMITMSoTimeoutMinutes().intValue()));
        this.logger.debug("MITM server accepted");
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(this.socket.getInputStream()));
        String str = null;
        StringBuilder sb = new StringBuilder();
        String str2 = null;
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                break;
            }
            sb.append(readLine + "\n");
            if (readLine.startsWith("GET") || readLine.startsWith("HEAD")) {
                String[] split = readLine.split("\\s+");
                str2 = split[0];
                str = split[1];
            } else if (readLine.isEmpty()) {
                this.logger.debug("Get empty line and break");
                break;
            }
        }
        this.logger.debug("Request:\n{}", sb.toString());
        if (str != null) {
            try {
                transferRemote(this.socket, this.host, this.port, str2, str);
            } catch (Exception e) {
                this.logger.error("Transfer remote failed", (Throwable) e);
            }
        } else {
            this.logger.debug("MITM server failed to get request from client");
        }
        bufferedReader.close();
        this.socket.close();
        this.sslServerSocket.close();
        this.logger.debug("MITM server closed");
    }

    private void transferRemote(Socket socket, String str, int i, String str2, String str3) throws Exception {
        URL url = new URI("https", null, str, i, str3, null, null).toURL();
        this.logger.debug("Requesting remote URL: {}", url.toString());
        ArtifactStore artifactStore = this.proxyResponseHelper.getArtifactStore(this.trackingId, url);
        OutputStream outputStream = socket.getOutputStream();
        Throwable th = null;
        try {
            try {
                HttpConduitWrapper httpConduitWrapper = new HttpConduitWrapper(new OutputStreamSinkChannel(outputStream), null, this.contentController, this.cacheProvider);
                this.proxyResponseHelper.transfer(httpConduitWrapper, artifactStore, url.getPath(), "GET".equals(str2), this.proxyUserPass);
                httpConduitWrapper.close();
                if (outputStream != null) {
                    if (0 == 0) {
                        outputStream.close();
                        return;
                    }
                    try {
                        outputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (outputStream != null) {
                if (th != null) {
                    try {
                        outputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    outputStream.close();
                }
            }
            throw th4;
        }
    }

    public SocketChannel getSocketChannel() throws InterruptedException, ExecutionException {
        for (int i = 0; i < 32; i++) {
            this.logger.debug("Try to get socket channel #{}", Integer.valueOf(i + 1));
            if (this.started) {
                this.logger.debug("Server started");
                try {
                    return openSocketChannelToMITM();
                } catch (IOException e) {
                    throw new ExecutionException("Open socket channel to MITM failed", e);
                }
            }
            this.logger.debug("Server not started, wait...");
            TimeUnit.MILLISECONDS.sleep(500L);
        }
        return null;
    }

    private SocketChannel openSocketChannelToMITM() throws IOException {
        this.logger.debug("Open socket channel to MITM server, localhost:{}", Integer.valueOf(this.serverPort));
        return SocketChannel.open(new InetSocketAddress(ConnectionFactory.DEFAULT_HOST, this.serverPort));
    }

    public void stop() {
        try {
            if (!this.sslServerSocket.isClosed()) {
                this.sslServerSocket.close();
            }
            if (this.socket != null && !this.socket.isClosed()) {
                this.socket.close();
            }
        } catch (IOException e) {
            this.logger.debug("Close MITM server, {}", e.toString());
        }
    }
}
