package org.commonjava.indy.httprox.handler;

import java.io.IOException;
import java.net.SocketAddress;
import java.net.URL;
import java.nio.channels.SocketChannel;
import java.util.concurrent.TimeUnit;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.ClassUtils;
import org.apache.http.HttpRequest;
import org.apache.http.RequestLine;
import org.commonjava.cdi.util.weft.WeftExecutorService;
import org.commonjava.indy.IndyWorkflowException;
import org.commonjava.indy.bind.jaxrs.MDCManager;
import org.commonjava.indy.core.ctl.ContentController;
import org.commonjava.indy.data.IndyDataException;
import org.commonjava.indy.data.StoreDataManager;
import org.commonjava.indy.folo.model.TrackingKey;
import org.commonjava.indy.httprox.conf.HttproxConfig;
import org.commonjava.indy.httprox.conf.TrackingType;
import org.commonjava.indy.httprox.keycloak.KeycloakProxyAuthenticator;
import org.commonjava.indy.httprox.util.HttpConduitWrapper;
import org.commonjava.indy.httprox.util.HttpProxyConstants;
import org.commonjava.indy.httprox.util.ProxyMeter;
import org.commonjava.indy.httprox.util.ProxyResponseHelper;
import org.commonjava.indy.sli.metrics.IndyGoldenSignalsMetricSet;
import org.commonjava.indy.subsys.http.HttpWrapper;
import org.commonjava.indy.subsys.http.util.UserPass;
import org.commonjava.indy.subsys.infinispan.CacheHandle;
import org.commonjava.indy.subsys.infinispan.CacheProducer;
import org.commonjava.indy.subsys.metrics.conf.IndyMetricsConfig;
import org.commonjava.indy.util.ApplicationHeader;
import org.commonjava.indy.util.ApplicationStatus;
import org.commonjava.indy.util.RequestContextHelper;
import org.commonjava.maven.galley.spi.cache.CacheProvider;
import org.commonjava.o11yphant.metrics.MetricsManager;
import org.commonjava.o11yphant.metrics.api.Timer;
import org.commonjava.o11yphant.metrics.util.NameUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xnio.ChannelListener;
import org.xnio.StreamConnection;
import org.xnio.conduits.ConduitStreamSinkChannel;
import org.xnio.conduits.ConduitStreamSourceChannel;

/* loaded from: input_file:org/commonjava/indy/httprox/handler/ProxyResponseWriter.class */
public final class ProxyResponseWriter implements ChannelListener<ConduitStreamSinkChannel> {
    private static final String HTTP_PROXY_AUTH_CACHE = "httproxy-auth-cache";
    private final ConduitStreamSourceChannel sourceChannel;
    private ProxyRequestReader proxyRequestReader;
    private final SocketAddress peerAddress;
    private ProxySSLTunnel sslTunnel;
    private final CacheHandle<String, Boolean> proxyAuthCache;
    private Throwable error;
    private final HttproxConfig config;
    private final ContentController contentController;
    private final StoreDataManager storeManager;
    private KeycloakProxyAuthenticator proxyAuthenticator;
    private CacheProvider cacheProvider;
    private ProxyRepositoryCreator repoCreator;
    private HttpRequest httpRequest;
    private final MDCManager mdcManager;
    private final MetricsManager metricManager;
    private IndyGoldenSignalsMetricSet sliMetricSet;
    private long startNanos;
    private final IndyMetricsConfig metricsConfig;
    private final WeftExecutorService tunnelAndMITMExecutor;
    private boolean summaryReported;
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private final Logger restLogger = LoggerFactory.getLogger(HttpProxyConstants.PROXY_METRIC_LOGGER);
    private boolean directed = false;
    private final String cls = ClassUtils.getAbbreviatedName(getClass().getName(), 1);

    public ProxyResponseWriter(HttproxConfig httproxConfig, StoreDataManager storeDataManager, ContentController contentController, KeycloakProxyAuthenticator keycloakProxyAuthenticator, CacheProvider cacheProvider, MDCManager mDCManager, ProxyRepositoryCreator proxyRepositoryCreator, StreamConnection streamConnection, IndyMetricsConfig indyMetricsConfig, MetricsManager metricsManager, IndyGoldenSignalsMetricSet indyGoldenSignalsMetricSet, CacheProducer cacheProducer, long j, WeftExecutorService weftExecutorService) {
        this.config = httproxConfig;
        this.contentController = contentController;
        this.storeManager = storeDataManager;
        this.proxyAuthenticator = keycloakProxyAuthenticator;
        this.cacheProvider = cacheProvider;
        this.mdcManager = mDCManager;
        this.repoCreator = proxyRepositoryCreator;
        this.peerAddress = streamConnection.getPeerAddress();
        this.sourceChannel = streamConnection.getSourceChannel();
        this.metricsConfig = indyMetricsConfig;
        this.metricManager = metricsManager;
        this.sliMetricSet = indyGoldenSignalsMetricSet;
        this.startNanos = j;
        this.proxyAuthCache = cacheProducer.getCache(HTTP_PROXY_AUTH_CACHE);
        this.tunnelAndMITMExecutor = weftExecutorService;
    }

    public void setProxyRequestReader(ProxyRequestReader proxyRequestReader) {
        this.proxyRequestReader = proxyRequestReader;
    }

    public void handleEvent(ConduitStreamSinkChannel conduitStreamSinkChannel) {
        if (this.metricsConfig == null || this.metricManager == null) {
            doHandleEvent(conduitStreamSinkChannel);
            return;
        }
        Timer.Context startTimer = this.metricManager.startTimer(NameUtils.name(this.metricsConfig.getNodePrefix(), new String[]{this.cls, "handleEvent"}));
        try {
            doHandleEvent(conduitStreamSinkChannel);
        } finally {
            startTimer.stop();
        }
    }

    private void doHandleEvent(ConduitStreamSinkChannel conduitStreamSinkChannel) {
        if (this.directed) {
            return;
        }
        ProxyMeter proxyMeter = new ProxyMeter(this.httpRequest.getRequestLine().getMethod(), this.httpRequest.getRequestLine().toString(), this.startNanos, this.sliMetricSet, this.restLogger, this.peerAddress);
        try {
            HttpConduitWrapper httpConduitWrapper = new HttpConduitWrapper(conduitStreamSinkChannel, this.httpRequest, this.contentController, this.cacheProvider);
            if (this.httpRequest == null) {
                if (this.error != null) {
                    this.logger.debug("Handling error from request reader: " + this.error.getMessage(), this.error);
                    handleError(this.error, httpConduitWrapper);
                } else {
                    this.logger.debug("Invalid state (no error or request) from request reader. Sending 400.");
                    try {
                        httpConduitWrapper.writeStatus(ApplicationStatus.BAD_REQUEST);
                    } catch (IOException e) {
                        this.logger.error("Failed to write BAD REQUEST for missing HTTP first-line to response channel.", e);
                    }
                }
                return;
            }
            this.restLogger.info("SERVE {} (from: {})", this.httpRequest.getRequestLine(), this.peerAddress);
            String name = Thread.currentThread().getName();
            Thread.currentThread().setName("PROXY-" + this.httpRequest.getRequestLine().toString());
            conduitStreamSinkChannel.getCloseSetter().set(conduitStreamSinkChannel2 -> {
                this.logger.trace("Sink channel closing.");
                Thread.currentThread().setName(name);
                if (this.sslTunnel != null) {
                    this.logger.trace("Close ssl tunnel");
                    this.sslTunnel.close();
                }
            });
            this.logger.debug("\n\n\n>>>>>>> Handle write\n\n\n");
            if (this.error == null) {
                ProxyResponseHelper proxyResponseHelper = new ProxyResponseHelper(this.httpRequest, this.config, this.contentController, this.repoCreator, this.storeManager, this.metricsConfig, this.metricManager, this.cls);
                try {
                    try {
                        if (this.repoCreator == null) {
                            throw new IndyDataException("No valid instance of ProxyRepositoryCreator", new Object[0]);
                        }
                        UserPass parse = UserPass.parse(ApplicationHeader.proxy_authorization, this.httpRequest, (String) null);
                        this.logger.info("Using proxy authentication: {}", parse);
                        this.mdcManager.putExtraHeaders(this.httpRequest);
                        this.mdcManager.putExternalID(parse == null ? null : parse.getUser());
                        this.logger.debug("Proxy UserPass: {}\nConfig secured? {}\nConfig tracking type: {}", new Object[]{parse, Boolean.valueOf(this.config.isSecured()), this.config.getTrackingType()});
                        if (parse != null || (!this.config.isSecured() && TrackingType.ALWAYS != this.config.getTrackingType())) {
                            RequestLine requestLine = this.httpRequest.getRequestLine();
                            String upperCase = requestLine.getMethod().toUpperCase();
                            String str = null;
                            boolean z = true;
                            if (parse != null) {
                                TrackingKey trackingKey = proxyResponseHelper.getTrackingKey(parse);
                                if (trackingKey != null) {
                                    str = trackingKey.getId();
                                    RequestContextHelper.setContext("tracking-id", str);
                                }
                                String generateAuthCacheKey = generateAuthCacheKey(parse);
                                if (Boolean.TRUE.equals((Boolean) this.proxyAuthCache.get(generateAuthCacheKey))) {
                                    z = true;
                                    this.logger.debug("Found auth key in cache");
                                } else {
                                    this.logger.debug("Passing BASIC authentication credentials to Keycloak bearer-token translation authenticator");
                                    z = this.proxyAuthenticator.authenticate(parse, httpConduitWrapper);
                                    if (z) {
                                        this.proxyAuthCache.put(generateAuthCacheKey, Boolean.TRUE, this.config.getAuthCacheExpirationHours().intValue(), TimeUnit.HOURS);
                                    }
                                }
                                this.logger.debug("Authentication done, result: {}", Boolean.valueOf(z));
                            }
                            if (z) {
                                boolean z2 = -1;
                                switch (upperCase.hashCode()) {
                                    case -531492226:
                                        if (upperCase.equals(HttpProxyConstants.OPTIONS_METHOD)) {
                                            z2 = 2;
                                            break;
                                        }
                                        break;
                                    case 70454:
                                        if (upperCase.equals(HttpProxyConstants.GET_METHOD)) {
                                            z2 = false;
                                            break;
                                        }
                                        break;
                                    case 2213344:
                                        if (upperCase.equals(HttpProxyConstants.HEAD_METHOD)) {
                                            z2 = true;
                                            break;
                                        }
                                        break;
                                    case 1669334218:
                                        if (upperCase.equals(HttpProxyConstants.CONNECT_METHOD)) {
                                            z2 = 3;
                                            break;
                                        }
                                        break;
                                }
                                switch (z2) {
                                    case false:
                                    case true:
                                        URL url = new URL(requestLine.getUri());
                                        this.logger.debug("getArtifactStore starts, trackingId: {}, url: {}", str, url);
                                        proxyResponseHelper.transfer(httpConduitWrapper, proxyResponseHelper.getArtifactStore(str, url), url.getPath(), HttpProxyConstants.GET_METHOD.equals(upperCase), parse, proxyMeter);
                                        break;
                                    case true:
                                        httpConduitWrapper.writeStatus(ApplicationStatus.OK);
                                        httpConduitWrapper.writeHeader(ApplicationHeader.allow, HttpProxyConstants.ALLOW_HEADER_VALUE);
                                        break;
                                    case true:
                                        if (!this.config.isMITMEnabled()) {
                                            this.logger.debug("CONNECT method not supported unless MITM-proxying is enabled.");
                                            httpConduitWrapper.writeStatus(ApplicationStatus.BAD_REQUEST);
                                            break;
                                        } else {
                                            String uri = requestLine.getUri();
                                            this.logger.debug("Get CONNECT request, uri: {}", uri);
                                            String[] split = uri.split(":");
                                            String str2 = split[0];
                                            int parseInt = Integer.parseInt(split[1]);
                                            this.directed = true;
                                            ProxyMITMSSLServer proxyMITMSSLServer = new ProxyMITMSSLServer(str2, parseInt, str, parse, proxyResponseHelper, this.contentController, this.cacheProvider, this.config, proxyMeter);
                                            this.tunnelAndMITMExecutor.submit(proxyMITMSSLServer);
                                            SocketChannel socketChannel = proxyMITMSSLServer.getSocketChannel();
                                            if (socketChannel != null) {
                                                this.sslTunnel = new ProxySSLTunnel(conduitStreamSinkChannel, socketChannel, this.config);
                                                this.tunnelAndMITMExecutor.submit(this.sslTunnel);
                                                this.proxyRequestReader.setProxySSLTunnel(this.sslTunnel);
                                                httpConduitWrapper.writeStatus(ApplicationStatus.OK);
                                                httpConduitWrapper.writeHeader("Status", "200 OK\n");
                                                break;
                                            } else {
                                                this.logger.debug("Failed to get MITM socket channel");
                                                httpConduitWrapper.writeStatus(ApplicationStatus.SERVER_ERROR);
                                                proxyMITMSSLServer.stop();
                                                break;
                                            }
                                        }
                                    default:
                                        httpConduitWrapper.writeStatus(ApplicationStatus.METHOD_NOT_ALLOWED);
                                        break;
                                }
                            }
                        } else {
                            String format = String.format(HttpProxyConstants.PROXY_AUTHENTICATE_FORMAT, this.config.getProxyRealm());
                            this.logger.info("Not authenticated to proxy. Sending response: {} / {}: {}", new Object[]{ApplicationStatus.PROXY_AUTHENTICATION_REQUIRED, ApplicationHeader.proxy_authenticate, format});
                            httpConduitWrapper.writeStatus(ApplicationStatus.PROXY_AUTHENTICATION_REQUIRED);
                            httpConduitWrapper.writeHeader(ApplicationHeader.proxy_authenticate, format);
                        }
                        this.logger.debug("Response complete.");
                        this.mdcManager.clear();
                    } catch (Throwable th) {
                        this.mdcManager.clear();
                        throw th;
                    }
                } catch (Throwable th2) {
                    this.error = th2;
                    this.mdcManager.clear();
                }
            }
            if (this.error != null) {
                handleError(this.error, httpConduitWrapper);
            }
            try {
                if (!this.directed) {
                    httpConduitWrapper.close();
                }
            } catch (IOException e2) {
                this.logger.error("Failed to shutdown response", e2);
            }
            proxyMeter.reportResponseSummary();
            return;
        } finally {
        }
        proxyMeter.reportResponseSummary();
    }

    private String generateAuthCacheKey(UserPass userPass) {
        return DigestUtils.sha256Hex(userPass.getUser() + ":" + userPass.getPassword());
    }

    private void handleError(Throwable th, HttpWrapper httpWrapper) {
        this.logger.error("HTTProx request failed: " + th.getMessage(), th);
        try {
            if (httpWrapper.isOpen()) {
                if (th instanceof IndyWorkflowException) {
                    httpWrapper.writeStatus(ApplicationStatus.getStatus(((IndyWorkflowException) th).getStatus()));
                } else {
                    httpWrapper.writeStatus(ApplicationStatus.SERVER_ERROR);
                }
                httpWrapper.writeError(th);
                this.logger.debug("Response error complete.");
            }
        } catch (IOException e) {
            this.logger.error("Failed to close httprox request: " + th.getMessage(), th);
        }
    }

    public void setError(Throwable th) {
        this.error = th;
    }

    public void setHttpRequest(HttpRequest httpRequest) {
        this.httpRequest = httpRequest;
    }
}
