package com.yahoo.vespa.model.container.http.xml;

import com.yahoo.component.ComponentSpecification;
import com.yahoo.config.model.builder.xml.XmlHelper;
import com.yahoo.config.model.deploy.DeployState;
import com.yahoo.config.model.producer.AnyConfigProducer;
import com.yahoo.config.model.producer.TreeConfigProducer;
import com.yahoo.config.provision.AthenzDomain;
import com.yahoo.text.XML;
import com.yahoo.vespa.defaults.Defaults;
import com.yahoo.vespa.model.builder.xml.dom.ModelElement;
import com.yahoo.vespa.model.builder.xml.dom.VespaDomBuilder;
import com.yahoo.vespa.model.container.ApplicationContainerCluster;
import com.yahoo.vespa.model.container.Container;
import com.yahoo.vespa.model.container.component.UserBindingPattern;
import com.yahoo.vespa.model.container.http.AccessControl;
import com.yahoo.vespa.model.container.http.FilterBinding;
import com.yahoo.vespa.model.container.http.FilterChains;
import com.yahoo.vespa.model.container.http.Http;
import com.yahoo.vespa.model.container.http.JettyHttpServer;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.logging.Level;
import java.util.stream.Stream;
import org.w3c.dom.Element;

/* loaded from: input_file:com/yahoo/vespa/model/container/http/xml/HttpBuilder.class */
public class HttpBuilder extends VespaDomBuilder.DomConfigProducerBuilderBase<Http> {
    static final String REQUEST_CHAIN_TAG_NAME = "request-chain";
    static final String RESPONSE_CHAIN_TAG_NAME = "response-chain";
    static final List<String> VALID_FILTER_CHAIN_TAG_NAMES = List.of(REQUEST_CHAIN_TAG_NAME, RESPONSE_CHAIN_TAG_NAME);
    private final Set<Integer> portBindingOverrides;

    public HttpBuilder(Set<Integer> set) {
        this.portBindingOverrides = set;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.yahoo.vespa.model.builder.xml.dom.VespaDomBuilder.DomConfigProducerBuilder
    /* renamed from: doBuild */
    public Http doBuild2(DeployState deployState, TreeConfigProducer<AnyConfigProducer> treeConfigProducer, Element element) {
        FilterChains newChainsInstance;
        List<FilterBinding> arrayList = new ArrayList();
        AccessControl accessControl = null;
        Optional empty = Optional.empty();
        Element child = XML.getChild(element, "filtering");
        if (child != null) {
            newChainsInstance = (FilterChains) new FilterChainsBuilder().build(deployState, treeConfigProducer, child);
            arrayList = readFilterBindings(child, this.portBindingOverrides);
            empty = XmlHelper.getOptionalAttribute(child, "strict-mode").map(Boolean::valueOf);
            Element child2 = XML.getChild(child, "access-control");
            if (child2 != null) {
                accessControl = buildAccessControl(deployState, treeConfigProducer, child2);
            }
        } else {
            newChainsInstance = new FilterChainsBuilder().newChainsInstance(treeConfigProducer);
        }
        Http http = new Http(newChainsInstance);
        Objects.requireNonNull(http);
        empty.ifPresent((v1) -> {
            r1.setStrictFiltering(v1);
        });
        http.getBindings().addAll(arrayList);
        http.setHttpServer((JettyHttpServer) new JettyHttpServerBuilder(getContainerCluster(treeConfigProducer).orElse(null)).build(deployState, treeConfigProducer, element));
        if (accessControl != null) {
            accessControl.configureHttpFilterChains(http);
        }
        return http;
    }

    private AccessControl buildAccessControl(DeployState deployState, TreeConfigProducer<?> treeConfigProducer, Element element) {
        AccessControl.Builder builder = new AccessControl.Builder(getAccessControlDomain(deployState, element).value());
        Optional<ApplicationContainerCluster> containerCluster = getContainerCluster(treeConfigProducer);
        Objects.requireNonNull(builder);
        containerCluster.ifPresent(builder::setHandlers);
        XmlHelper.getOptionalAttribute(element, "read").ifPresent(str -> {
            deployState.getDeployLogger().logApplicationPackage(Level.WARNING, "The 'read' attribute of the 'access-control' element has no effect and is deprecated. Please remove the attribute from services.xml, support will be removed in Vespa 9");
        });
        XmlHelper.getOptionalAttribute(element, "write").ifPresent(str2 -> {
            deployState.getDeployLogger().logApplicationPackage(Level.WARNING, "The 'write' attribute of the 'access-control' element has no effect and is deprecated. Please remove the attribute from services.xml, support will be removed in Vespa 9");
        });
        String str3 = "want";
        AccessControl.ClientAuthentication clientAuthentication = (AccessControl.ClientAuthentication) XmlHelper.getOptionalAttribute(element, "tls-handshake-client-auth").filter((v1) -> {
            return r1.equals(v1);
        }).map(str4 -> {
            return AccessControl.ClientAuthentication.want;
        }).orElse(AccessControl.ClientAuthentication.need);
        if (!deployState.getProperties().allowDisableMtls() && clientAuthentication == AccessControl.ClientAuthentication.want) {
            throw new IllegalArgumentException("Overriding 'tls-handshake-client-auth' for application is not allowed.");
        }
        builder.clientAuthentication(clientAuthentication);
        Element child = XML.getChild(element, "exclude");
        if (child != null) {
            Stream map = XML.getChildren(child, "binding").stream().map(element2 -> {
                return UserBindingPattern.fromPattern(XML.getValue(element2));
            });
            Objects.requireNonNull(builder);
            map.forEach((v1) -> {
                r1.excludeBinding(v1);
            });
        }
        return builder.build();
    }

    private static AthenzDomain getAccessControlDomain(DeployState deployState, Element element) {
        AthenzDomain athenzDomain = (AthenzDomain) deployState.getProperties().athenzDomain().orElse(null);
        AthenzDomain athenzDomain2 = (AthenzDomain) XmlHelper.getOptionalAttribute(element, "domain").map(AthenzDomain::from).orElse(null);
        if (athenzDomain == null) {
            if (athenzDomain2 == null) {
                throw new IllegalArgumentException("No Athenz domain provided for 'access-control'");
            }
            deployState.getDeployLogger().logApplicationPackage(Level.WARNING, "Athenz tenant is not provided by deploy call. This will soon be handled as failure.");
        }
        if (athenzDomain2 != null) {
            if (athenzDomain != null && !athenzDomain2.equals(athenzDomain)) {
                throw new IllegalArgumentException(String.format("Domain in access-control ('%s') does not match tenant domain ('%s')", athenzDomain2.value(), athenzDomain.value()));
            }
            deployState.getDeployLogger().logApplicationPackage(Level.WARNING, "Domain in 'access-control' is deprecated and is no longer necessary. Please remove the 'domain' attribute from the 'access-control' element in services.xml.");
        }
        return athenzDomain != null ? athenzDomain : athenzDomain2;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v7, types: [com.yahoo.config.model.producer.AnyConfigProducer] */
    private static Optional<ApplicationContainerCluster> getContainerCluster(TreeConfigProducer<?> treeConfigProducer) {
        TreeConfigProducer<?> treeConfigProducer2 = treeConfigProducer;
        while (!ApplicationContainerCluster.class.isAssignableFrom(treeConfigProducer2.getClass())) {
            treeConfigProducer2 = treeConfigProducer2.getParent();
            if (treeConfigProducer2 == null) {
                return Optional.empty();
            }
        }
        return Optional.of((ApplicationContainerCluster) treeConfigProducer2);
    }

    private List<FilterBinding> readFilterBindings(Element element, Set<Integer> set) {
        ArrayList arrayList = new ArrayList();
        for (Element element2 : XML.getChildren(element)) {
            String tagName = element2.getTagName();
            if (VALID_FILTER_CHAIN_TAG_NAMES.contains(tagName)) {
                ComponentSpecification idRef = XmlHelper.getIdRef(element2);
                Iterator it = XML.getChildren(element2, "binding").iterator();
                while (it.hasNext()) {
                    String value = XML.getValue((Element) it.next());
                    if (set.isEmpty()) {
                        arrayList.add(FilterBinding.create(toFilterBindingType(tagName), idRef, UserBindingPattern.fromPattern(value)));
                    } else {
                        UserBindingPattern fromPattern = UserBindingPattern.fromPattern(value);
                        Stream<Integer> stream = set.stream();
                        Objects.requireNonNull(fromPattern);
                        stream.map((v1) -> {
                            return r1.withOverriddenPort(v1);
                        }).forEach(userBindingPattern -> {
                            arrayList.add(FilterBinding.create(toFilterBindingType(tagName), idRef, userBindingPattern));
                        });
                    }
                }
            }
        }
        return arrayList;
    }

    private static FilterBinding.Type toFilterBindingType(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -1006958027:
                if (str.equals(RESPONSE_CHAIN_TAG_NAME)) {
                    z = true;
                    break;
                }
                break;
            case 299529731:
                if (str.equals(REQUEST_CHAIN_TAG_NAME)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return FilterBinding.Type.REQUEST;
            case true:
                return FilterBinding.Type.RESPONSE;
            default:
                throw new IllegalArgumentException("Unknown filter chain tag: " + str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int readPort(ModelElement modelElement, boolean z) {
        Integer integerAttribute = modelElement.integerAttribute("port");
        if (integerAttribute == null) {
            return Defaults.getDefaults().vespaWebServicePort();
        }
        if (integerAttribute.intValue() < 0) {
            throw new IllegalArgumentException("Invalid port " + integerAttribute);
        }
        int i = Container.BASEPORT;
        if (!z || integerAttribute.intValue() == i || modelElement.booleanAttribute("required", false)) {
            return integerAttribute.intValue();
        }
        throw new IllegalArgumentException("Illegal port " + integerAttribute + " in http server '" + modelElement.stringAttribute("id") + "': Port must be set to " + i);
    }
}
