package se.arkalix.internal.net.http.service;

import io.netty.buffer.Unpooled;
import io.netty.channel.Channel;
import io.netty.channel.ChannelFuture;
import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.codec.http.DefaultFullHttpResponse;
import io.netty.handler.codec.http.DefaultHttpHeaders;
import io.netty.handler.codec.http.DefaultHttpResponse;
import io.netty.handler.codec.http.EmptyHttpHeaders;
import io.netty.handler.codec.http.HttpContent;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpHeaderValues;
import io.netty.handler.codec.http.HttpHeaders;
import io.netty.handler.codec.http.HttpObject;
import io.netty.handler.codec.http.HttpRequest;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpUtil;
import io.netty.handler.codec.http.HttpVersion;
import io.netty.handler.codec.http.LastHttpContent;
import io.netty.handler.codec.http.QueryStringDecoder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.timeout.IdleState;
import io.netty.handler.timeout.IdleStateEvent;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.channels.ClosedChannelException;
import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.SSLHandshakeException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.arkalix.ArSystem;
import se.arkalix.description.SystemIdentityDescription;
import se.arkalix.descriptor.EncodingDescriptor;
import se.arkalix.dto.DtoReadException;
import se.arkalix.dto.DtoWriteException;
import se.arkalix.internal.net.NettyBodyOutgoing;
import se.arkalix.internal.net.NettySimpleChannelInboundHandler;
import se.arkalix.internal.net.http.HttpMediaTypes;
import se.arkalix.internal.net.http.NettyHttpConverters;
import se.arkalix.internal.net.http.service.NettyHttpServiceRequest;
import se.arkalix.internal.util.concurrent.NettyFutures;
import se.arkalix.net.http.HttpStatus;
import se.arkalix.net.http.service.HttpServiceConnection;
import se.arkalix.net.http.service.HttpServiceRequestException;
import se.arkalix.query.ServiceNotFoundException;
import se.arkalix.security.access.AccessTokenException;
import se.arkalix.security.identity.SystemIdentity;
import se.arkalix.util.concurrent.Future;

/* loaded from: input_file:se/arkalix/internal/net/http/service/NettyHttpServiceConnection.class */
public class NettyHttpServiceConnection extends NettySimpleChannelInboundHandler<HttpObject> implements HttpServiceConnection {
    private static final Logger logger = LoggerFactory.getLogger(NettyHttpServiceConnection.class);
    private final ArSystem system;
    private final HttpServiceLookup serviceLookup;
    private final SslHandler sslHandler;
    private SystemIdentityDescription consumer = null;
    private Channel channel = null;
    private HttpRequest nettyRequest = null;
    private NettyHttpServiceRequest kalixRequest = null;
    private HttpServerService service = null;
    private boolean isClosing = false;

    public NettyHttpServiceConnection(ArSystem arSystem, HttpServiceLookup httpServiceLookup, SslHandler sslHandler) {
        this.system = (ArSystem) Objects.requireNonNull(arSystem, "Expected system");
        this.serviceLookup = (HttpServiceLookup) Objects.requireNonNull(httpServiceLookup, "Expected serviceLookup");
        this.sslHandler = sslHandler;
    }

    @Override // se.arkalix.internal.net.NettySimpleChannelInboundHandler
    public void channelActive(ChannelHandlerContext channelHandlerContext) throws Exception {
        this.channel = channelHandlerContext.channel();
        if (this.sslHandler != null) {
            this.sslHandler.handshakeFuture().addListener(future -> {
                Throwable th;
                try {
                } catch (Throwable th2) {
                    th = th2;
                }
                if (future.isSuccess()) {
                    this.consumer = SystemIdentityDescription.tryFrom(this.sslHandler.engine().getSession().getPeerCertificates(), (InetSocketAddress) this.channel.remoteAddress()).orElse(null);
                    if (logger.isDebugEnabled()) {
                        logger.debug("TLS handshake completed with " + this.channel.remoteAddress());
                        return;
                    }
                    return;
                }
                th = future.cause();
                if (th instanceof ClosedChannelException) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Connection closed by " + this.channel.remoteAddress() + " before TLS handshake could take place", th);
                    }
                } else if (logger.isDebugEnabled()) {
                    logger.debug("Failed to complete TLS handshake with " + this.channel.remoteAddress(), th);
                }
                channelHandlerContext.close();
            });
        } else {
            InetSocketAddress inetSocketAddress = (InetSocketAddress) this.channel.remoteAddress();
            this.consumer = SystemIdentityDescription.from("<" + inetSocketAddress + ">", inetSocketAddress);
        }
        super.channelActive(channelHandlerContext);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void channelRead0(ChannelHandlerContext channelHandlerContext, HttpObject httpObject) {
        if (httpObject instanceof HttpRequest) {
            readRequest(channelHandlerContext, (HttpRequest) httpObject);
        }
        if (httpObject instanceof HttpContent) {
            readContent((HttpContent) httpObject);
        }
    }

    private void readRequest(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest) {
        EncodingDescriptor orElse;
        boolean z;
        this.nettyRequest = httpRequest;
        this.isClosing = !HttpUtil.isKeepAlive(httpRequest);
        QueryStringDecoder queryStringDecoder = new QueryStringDecoder(httpRequest.uri());
        String path = queryStringDecoder.path();
        if (logger.isTraceEnabled()) {
            logger.trace("Attempting to resolve service by path " + path);
        }
        this.service = this.serviceLookup.getServiceByPath(path).orElse(null);
        if (this.service == null) {
            if (logger.isTraceEnabled()) {
                logger.trace("No service associated with path " + path);
            }
            sendEmptyResponseAndCleanup(channelHandlerContext, HttpResponseStatus.NOT_FOUND);
            return;
        }
        HttpHeaders headers = httpRequest.headers();
        List<EncodingDescriptor> encodings = this.service.encodings();
        List all = headers.getAll("accept");
        if (all == null || all.size() <= 0) {
            String str = headers.get("content-type");
            if (str == null) {
                sendEmptyResponseAndCleanup(channelHandlerContext, HttpResponseStatus.UNSUPPORTED_MEDIA_TYPE);
                return;
            }
            orElse = HttpMediaTypes.findEncodingCompatibleWithContentType(encodings, str).orElse(this.service.defaultEncoding());
        } else {
            orElse = HttpMediaTypes.findEncodingCompatibleWithAcceptHeaders(encodings, all).orElse(this.service.defaultEncoding());
        }
        String str2 = httpRequest.headers().get("authorization");
        if (str2 != null && str2.regionMatches(true, 0, "Bearer ", 0, 7)) {
            str2 = str2.substring(7).stripLeading();
        }
        try {
            z = this.service.accessPolicy().isAuthorized(this.consumer, this.system, this.service.description(), str2);
        } catch (AccessTokenException e) {
            if (logger.isDebugEnabled()) {
                logger.debug("Bad access token \"" + str2 + "\"", e);
            }
            z = false;
        }
        if (!z) {
            sendEmptyResponseAndCleanup(channelHandlerContext, HttpResponseStatus.FORBIDDEN);
            return;
        }
        if (HttpUtil.is100ContinueExpected(httpRequest)) {
            channelHandlerContext.writeAndFlush(new DefaultFullHttpResponse(httpRequest.protocolVersion(), HttpResponseStatus.CONTINUE, Unpooled.EMPTY_BUFFER));
        }
        this.kalixRequest = new NettyHttpServiceRequest.Builder().alloc(channelHandlerContext.alloc()).connection(this).queryStringDecoder(queryStringDecoder).request(httpRequest).consumer(this.consumer).build();
        DefaultHttpServiceResponse defaultHttpServiceResponse = new DefaultHttpServiceResponse();
        EncodingDescriptor encodingDescriptor = orElse;
        this.service.handle(this.kalixRequest, defaultHttpServiceResponse).ifSuccess(obj -> {
            sendKalixResponseAndCleanup(channelHandlerContext, defaultHttpServiceResponse, encodingDescriptor);
        }).onFailure(th -> {
            if (th instanceof HttpServiceRequestException) {
                HttpServiceRequestException httpServiceRequestException = (HttpServiceRequestException) th;
                if (httpServiceRequestException.status() == HttpStatus.INTERNAL_SERVER_ERROR && logger.isDebugEnabled()) {
                    logger.debug("Caught explicit INTERNAL SERVER ERROR exception", httpServiceRequestException);
                }
                sendEmptyResponseAndCleanup(channelHandlerContext, NettyHttpConverters.convert(httpServiceRequestException.status()));
                return;
            }
            if (th instanceof DtoReadException) {
                sendEmptyResponseAndCleanup(channelHandlerContext, HttpResponseStatus.BAD_REQUEST);
            } else if (th instanceof ServiceNotFoundException) {
                sendEmptyResponseAndCleanup(channelHandlerContext, HttpResponseStatus.NOT_FOUND);
            } else {
                sendInternalServerErrorLogAndCleanup(channelHandlerContext, th);
            }
        });
    }

    private void readContent(HttpContent httpContent) {
        if (this.kalixRequest == null) {
            return;
        }
        this.kalixRequest.append(httpContent);
        if (httpContent instanceof LastHttpContent) {
            this.kalixRequest.headers().unwrap().add(((LastHttpContent) httpContent).trailingHeaders());
            this.kalixRequest.finish();
            this.kalixRequest = null;
        }
    }

    private void sendKalixResponseAndCleanup(ChannelHandlerContext channelHandlerContext, DefaultHttpServiceResponse defaultHttpServiceResponse, EncodingDescriptor encodingDescriptor) throws DtoWriteException, IOException {
        HttpResponseStatus convert = NettyHttpConverters.convert(defaultHttpServiceResponse.status().orElseThrow(() -> {
            return new IllegalStateException("No HTTP status specified in service response");
        }));
        HttpVersion httpVersion = (HttpVersion) defaultHttpServiceResponse.version().map(NettyHttpConverters::convert).orElse(this.nettyRequest.protocolVersion());
        HttpHeaders unwrap = defaultHttpServiceResponse.headers().unwrap();
        HttpUtil.setKeepAlive(unwrap, httpVersion, !this.isClosing);
        if (!unwrap.contains(HttpHeaderNames.CONTENT_TYPE)) {
            EncodingDescriptor orElse = defaultHttpServiceResponse.encoding().orElse(encodingDescriptor);
            if (orElse == null) {
                unwrap.set(HttpHeaderNames.CONTENT_TYPE, HttpHeaderValues.TEXT_PLAIN + ";charset=" + defaultHttpServiceResponse.charset().orElse(StandardCharsets.UTF_8).name().toLowerCase());
            } else {
                unwrap.set(HttpHeaderNames.CONTENT_TYPE, HttpMediaTypes.toMediaType(orElse));
            }
        }
        NettyBodyOutgoing from = NettyBodyOutgoing.from(defaultHttpServiceResponse, channelHandlerContext.alloc(), encodingDescriptor);
        if (!unwrap.contains(HttpHeaderNames.CONTENT_LENGTH)) {
            unwrap.set(HttpHeaderNames.CONTENT_LENGTH, Long.toString(from.length()));
        }
        this.channel.write(new DefaultHttpResponse(httpVersion, convert, unwrap));
        this.channel.write(from.content());
        ChannelFuture writeAndFlush = this.channel.writeAndFlush(LastHttpContent.EMPTY_LAST_CONTENT);
        if (this.isClosing) {
            writeAndFlush.addListener(ChannelFutureListener.CLOSE);
        }
        cleanup();
    }

    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) {
        if (th instanceof SSLHandshakeException) {
            if (logger.isDebugEnabled()) {
                logger.debug("SSL handshake failed", th);
                return;
            }
            return;
        }
        try {
            if (this.kalixRequest != null && this.kalixRequest.tryAbort(th)) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Relayed exception causing 500 response to be sent to client", th);
                }
                sendEmptyResponseAndCleanup(channelHandlerContext, HttpResponseStatus.INTERNAL_SERVER_ERROR);
                return;
            }
        } catch (Throwable th2) {
            th2.addSuppressed(th);
            th = th2;
        }
        sendInternalServerErrorLogAndCleanup(channelHandlerContext, th);
    }

    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) {
        if (!(obj instanceof IdleStateEvent)) {
            channelHandlerContext.fireUserEventTriggered(obj);
            return;
        }
        this.isClosing = true;
        try {
            if (((IdleStateEvent) obj).state() == IdleState.READER_IDLE && this.kalixRequest != null) {
                if (this.kalixRequest.tryAbort(new HttpServiceRequestException(HttpStatus.REQUEST_TIMEOUT))) {
                    sendEmptyResponseAndCleanup(channelHandlerContext, HttpResponseStatus.REQUEST_TIMEOUT);
                }
            }
        } finally {
            channelHandlerContext.close();
        }
    }

    private void sendInternalServerErrorLogAndCleanup(ChannelHandlerContext channelHandlerContext, Throwable th) {
        if (logger.isErrorEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("An unexpected exception was caught while handling");
            if (this.nettyRequest != null) {
                sb.append(" the request ").append(this.nettyRequest.method()).append(' ').append(this.nettyRequest.uri());
            } else {
                sb.append(" a request");
            }
            if (this.service != null) {
                sb.append(" routed to the \"").append(this.service.name()).append("\" service");
            } else {
                sb.append(" before it could be routed to a service");
            }
            sb.append("; the request was received from ");
            if (this.consumer != null) {
                sb.append("the system \"").append(this.consumer.name()).append("\" at ");
            }
            sb.append(channelHandlerContext.channel().remoteAddress());
            logger.error(sb.toString(), th);
        }
        this.isClosing = true;
        sendEmptyResponseAndCleanup(channelHandlerContext, HttpResponseStatus.INTERNAL_SERVER_ERROR);
    }

    private void sendEmptyResponseAndCleanup(ChannelHandlerContext channelHandlerContext, HttpResponseStatus httpResponseStatus) {
        HttpHeaders add = new DefaultHttpHeaders(false).add("content-length", "0");
        HttpVersion protocolVersion = this.nettyRequest != null ? this.nettyRequest.protocolVersion() : HttpVersion.HTTP_1_1;
        HttpUtil.setKeepAlive(add, protocolVersion, !this.isClosing);
        ChannelFuture writeAndFlush = channelHandlerContext.writeAndFlush(new DefaultFullHttpResponse(protocolVersion, httpResponseStatus, Unpooled.EMPTY_BUFFER, add, EmptyHttpHeaders.INSTANCE));
        if (this.isClosing) {
            writeAndFlush.addListener(ChannelFutureListener.CLOSE);
        }
        cleanup();
    }

    private void cleanup() {
        this.nettyRequest = null;
        this.kalixRequest = null;
        this.service = null;
        this.isClosing = false;
    }

    @Override // se.arkalix.net.http.HttpConnectionWithArSystem
    public SystemIdentity remoteIdentity() {
        return this.consumer.identity();
    }

    @Override // se.arkalix.net.http.HttpConnectionWithArSystem
    public ArSystem localSystem() {
        return this.system;
    }

    @Override // se.arkalix.net.http.HttpConnection
    public InetSocketAddress remoteSocketAddress() {
        return (InetSocketAddress) this.channel.remoteAddress();
    }

    @Override // se.arkalix.net.http.HttpConnection
    public InetSocketAddress localSocketAddress() {
        return (InetSocketAddress) this.channel.localAddress();
    }

    @Override // se.arkalix.net.http.HttpConnection
    public boolean isLive() {
        return this.channel.isActive();
    }

    @Override // se.arkalix.net.http.HttpConnection
    public boolean isSecure() {
        return this.sslHandler != null;
    }

    @Override // se.arkalix.net.http.HttpConnection
    public Future<?> close() {
        return NettyFutures.adapt(this.channel.close());
    }
}
