package org.opensearch.migrations.trafficcapture.proxyserver;

import com.beust.jcommander.JCommander;
import com.beust.jcommander.Parameter;
import com.beust.jcommander.ParameterException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
import com.google.protobuf.CodedOutputStream;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.io.OutputStream;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Properties;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import lombok.Generated;
import lombok.NonNull;
import org.apache.kafka.clients.producer.KafkaProducer;
import org.opensearch.common.settings.Settings;
import org.opensearch.migrations.jcommander.NoSplitter;
import org.opensearch.migrations.tracing.ActiveContextTracker;
import org.opensearch.migrations.tracing.ActiveContextTrackerByActivityType;
import org.opensearch.migrations.tracing.CompositeContextTracker;
import org.opensearch.migrations.tracing.IContextTracker;
import org.opensearch.migrations.tracing.RootOtelContext;
import org.opensearch.migrations.trafficcapture.CodedOutputStreamHolder;
import org.opensearch.migrations.trafficcapture.FileConnectionCaptureFactory;
import org.opensearch.migrations.trafficcapture.IConnectionCaptureFactory;
import org.opensearch.migrations.trafficcapture.StreamChannelConnectionCaptureSerializer;
import org.opensearch.migrations.trafficcapture.StreamLifecycleManager;
import org.opensearch.migrations.trafficcapture.kafkaoffloader.KafkaCaptureFactory;
import org.opensearch.migrations.trafficcapture.netty.HeaderValueFilteringCapturePredicate;
import org.opensearch.migrations.trafficcapture.netty.RequestCapturePredicate;
import org.opensearch.migrations.trafficcapture.proxyserver.netty.BacksideConnectionPool;
import org.opensearch.migrations.trafficcapture.proxyserver.netty.HeaderAdderHandler;
import org.opensearch.migrations.trafficcapture.proxyserver.netty.HeaderRemoverHandler;
import org.opensearch.migrations.trafficcapture.proxyserver.netty.NettyScanningHttpProxy;
import org.opensearch.migrations.trafficcapture.proxyserver.netty.ProxyChannelInitializer;
import org.opensearch.migrations.utils.ProcessHelpers;
import org.opensearch.security.ssl.DefaultSecurityKeyStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opensearch/migrations/trafficcapture/proxyserver/CaptureProxy.class */
public class CaptureProxy {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(CaptureProxy.class);
    private static final String HTTPS_CONFIG_PREFIX = "plugins.security.ssl.http.";
    public static final String DEFAULT_KAFKA_CLIENT_ID = "HttpCaptureProxyProducer";
    public static final String SUPPORTED_TLS_PROTOCOLS_LIST_KEY = "plugins.security.ssl.http.enabled_protocols";

    /* loaded from: input_file:org/opensearch/migrations/trafficcapture/proxyserver/CaptureProxy$Parameters.class */
    public static class Parameters {

        @Parameter(required = false, names = {"--traceDirectory"}, arity = 1, description = "Directory to store trace files in.")
        public String traceDirectory;

        @Parameter(required = false, names = {"--noCapture"}, arity = 0, description = "If enabled, Does NOT capture traffic to ANY sink.")
        public boolean noCapture;

        @Parameter(required = false, names = {"--kafkaConfigFile"}, arity = 1, description = "Kafka properties file for additional client customization.")
        public String kafkaPropertiesFile;

        @Parameter(required = false, names = {"--kafkaConnection"}, arity = 1, description = "Sequence of <HOSTNAME:PORT> values delimited by ','.")
        public String kafkaConnection;

        @Parameter(required = false, names = {"--sslConfigFile"}, arity = 1, description = "YAML configuration of the HTTPS settings.  When this is not set, the proxy will not use TLS.")
        public String sslConfigFilePath;

        @Parameter(required = false, names = {"--insecureDestination"}, arity = 0, description = "Do not check the destination server's certificate")
        public boolean allowInsecureConnectionsToBackside;

        @Parameter(required = true, names = {"--destinationUri"}, arity = 1, description = "URI of the server that the proxy is capturing traffic for.")
        public String backsideUriString;

        @Parameter(required = false, names = {"--otelCollectorEndpoint"}, arity = 1, description = "Endpoint (host:port) for the OpenTelemetry Collector to which metrics logs should be forwarded.If this is not provided, metrics will not be sent to a collector.")
        public String otelCollectorEndpoint;

        @Parameter(required = false, names = {"--kafkaClientId"}, arity = 1, description = "clientId to use for interfacing with Kafka.")
        public String kafkaClientId = CaptureProxy.DEFAULT_KAFKA_CLIENT_ID;

        @Parameter(required = false, names = {"--enableMSKAuth"}, arity = 0, description = "Enables SASL Kafka properties required for connecting to MSK with IAM auth.")
        public boolean mskAuthEnabled = false;

        @Parameter(required = false, names = {"--maxTrafficBufferSize"}, arity = 1, description = "The maximum number of bytes that will be written to a single TrafficStream object.")
        public int maximumTrafficStreamSize = 1048576;

        @Parameter(required = true, names = {"--listenPort"}, arity = 1, description = "Exposed port for clients to connect to this proxy.")
        public int frontsidePort = 0;

        @Parameter(required = false, names = {"--numThreads"}, arity = 1, description = "How many threads netty should create in its event loop group")
        public int numThreads = 1;

        @Parameter(required = false, names = {"--destinationConnectionPoolSize"}, arity = 1, description = "Number of socket connections that should be maintained to the destination server to reduce the perceived latency to clients.  Each thread will have its own cache, so the total number of outstanding warm connections will be multiplied by numThreads.")
        public int destinationConnectionPoolSize = 0;

        @Parameter(required = false, names = {"--destinationConnectionPoolTimeout"}, arity = 1, description = "Of the socket connections maintained by the destination connection pool, how long after connection should the be recycled (closed with a new connection taking its place)")
        public String destinationConnectionPoolTimeout = "PT30S";

        @Parameter(required = false, names = {"--setHeader"}, splitter = NoSplitter.class, arity = 2, description = "[header-name header-value] Set an HTTP header (first argument) with to the specified value (second argument).  Any existing headers with that name will be removed.")
        public List<String> headerOverrides = new ArrayList();

        @Parameter(required = false, names = {"--suppressCaptureForHeaderMatch"}, splitter = NoSplitter.class, arity = 2, description = "The header name (which will be interpreted in a case-insensitive manner) and a regex pattern.  When the incoming request has a header that matches the regex, it will be passed through to the service but will NOT be captured.  E.g. user-agent 'healthcheck'.")
        public List<String> suppressCaptureHeaderPairs = new ArrayList();
    }

    static Parameters parseArgs(String[] strArr) {
        Parameters parameters = new Parameters();
        JCommander jCommander = new JCommander(parameters);
        try {
            jCommander.parse(strArr);
            String[] strArr2 = new String[3];
            strArr2[0] = parameters.traceDirectory;
            strArr2[1] = parameters.kafkaConnection;
            strArr2[2] = parameters.noCapture ? "" : null;
            if (Stream.of((Object[]) strArr2).mapToInt(str -> {
                return str != null ? 1 : 0;
            }).sum() != 1) {
                throw new ParameterException("Expected exactly one of '--traceDirectory', '--kafkaConnection', or '--noCapture' to be set");
            }
            return parameters;
        } catch (ParameterException e) {
            System.err.println(e.getMessage());
            System.err.println("Got args: " + String.join("; ", strArr));
            jCommander.usage();
            System.exit(2);
            return null;
        }
    }

    protected static Settings getSettings(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("configFile is marked non-null but is null");
        }
        ObjectMapper objectMapper = new ObjectMapper(new YAMLFactory());
        Map map = (Map) objectMapper.readValue(new File(str), Map.class);
        Path parent = Paths.get(str, new String[0]).toAbsolutePath().getParent();
        Map map2 = (Map) ((Map) objectMapper.convertValue(map, new TypeReference<Map<String, Object>>() { // from class: org.opensearch.migrations.trafficcapture.proxyserver.CaptureProxy.1
        })).entrySet().stream().filter(entry -> {
            return ((String) entry.getKey()).startsWith(HTTPS_CONFIG_PREFIX);
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
        map2.putIfAbsent(SUPPORTED_TLS_PROTOCOLS_LIST_KEY, List.of("TLSv1.2", "TLSv1.3"));
        return Settings.builder().loadFromMap(map2).put("plugins.security.ssl.transport.enabled", false).put("path.home", parent).build();
    }

    protected static IConnectionCaptureFactory<Object> getNullConnectionCaptureFactory() {
        System.err.println("No trace log directory specified.  Logging to /dev/null");
        return iConnectionContext -> {
            return new StreamChannelConnectionCaptureSerializer((String) null, iConnectionContext.getConnectionId(), new StreamLifecycleManager<Object>() { // from class: org.opensearch.migrations.trafficcapture.proxyserver.CaptureProxy.2
                public CodedOutputStreamHolder createStream() {
                    return new CodedOutputStreamHolder() { // from class: org.opensearch.migrations.trafficcapture.proxyserver.CaptureProxy.2.1
                        final CodedOutputStream nullOutputStream = CodedOutputStream.newInstance(OutputStream.nullOutputStream());

                        public int getOutputStreamBytesLimit() {
                            return -1;
                        }

                        @NonNull
                        public CodedOutputStream getOutputStream() {
                            return this.nullOutputStream;
                        }
                    };
                }

                public CompletableFuture<Object> closeStream(CodedOutputStreamHolder codedOutputStreamHolder, int i) {
                    return CompletableFuture.completedFuture(null);
                }
            });
        };
    }

    protected static String getNodeId() {
        return UUID.randomUUID().toString();
    }

    static Properties buildKafkaProperties(Parameters parameters) throws IOException {
        Properties properties = new Properties();
        properties.put("key.serializer", "org.apache.kafka.common.serialization.StringSerializer");
        properties.put("value.serializer", "org.apache.kafka.common.serialization.ByteArraySerializer");
        properties.put("delivery.timeout.ms", 10000);
        properties.put("request.timeout.ms", 5000);
        properties.put("max.block.ms", 10000);
        if (parameters.kafkaPropertiesFile != null) {
            try {
                FileReader fileReader = new FileReader(parameters.kafkaPropertiesFile);
                try {
                    properties.load(fileReader);
                    fileReader.close();
                } finally {
                }
            } catch (IOException e) {
                log.error("Unable to locate provided Kafka producer properties file path: " + parameters.kafkaPropertiesFile);
                throw e;
            }
        }
        properties.put("bootstrap.servers", parameters.kafkaConnection);
        properties.put("client.id", parameters.kafkaClientId);
        if (parameters.mskAuthEnabled) {
            properties.setProperty("security.protocol", "SASL_SSL");
            properties.setProperty("sasl.mechanism", "AWS_MSK_IAM");
            properties.setProperty("sasl.jaas.config", "software.amazon.msk.auth.iam.IAMLoginModule required;");
            properties.setProperty("sasl.client.callback.handler.class", "software.amazon.msk.auth.iam.IAMClientCallbackHandler");
        }
        return properties;
    }

    protected static IConnectionCaptureFactory<?> getConnectionCaptureFactory(Parameters parameters, RootCaptureContext rootCaptureContext) throws IOException {
        String nodeId = getNodeId();
        if (parameters.traceDirectory != null) {
            return new FileConnectionCaptureFactory(nodeId, parameters.traceDirectory, parameters.maximumTrafficStreamSize);
        }
        if (parameters.kafkaConnection != null) {
            return new KafkaCaptureFactory(rootCaptureContext, nodeId, new KafkaProducer(buildKafkaProperties(parameters)), parameters.maximumTrafficStreamSize);
        }
        if (parameters.noCapture) {
            return getNullConnectionCaptureFactory();
        }
        throw new IllegalStateException("Must specify some connection capture factory options");
    }

    protected static URI convertStringToUri(String str) {
        try {
            URI uri = new URI(str);
            if (uri.getPort() < 0) {
                throw new IllegalArgumentException("Port not present for URI: " + String.valueOf(uri));
            }
            if (uri.getHost() == null) {
                throw new IllegalArgumentException("Hostname not present for URI: " + String.valueOf(uri));
            }
            if (uri.getScheme() == null) {
                throw new IllegalArgumentException("Scheme (http|https) is not present for URI: " + String.valueOf(uri));
            }
            return uri;
        } catch (Exception e) {
            System.err.println("Exception parsing URI string: " + str);
            System.err.println(e.getMessage());
            System.exit(3);
            return null;
        }
    }

    protected static SslContext loadBacksideSslContext(URI uri, boolean z) throws SSLException {
        if (!uri.getScheme().equalsIgnoreCase("https")) {
            return null;
        }
        SslContextBuilder forClient = SslContextBuilder.forClient();
        if (z) {
            forClient.trustManager(InsecureTrustManagerFactory.INSTANCE);
        }
        return forClient.build();
    }

    protected static Map<String, String> convertPairListToMap(List<String> list) {
        if (list == null) {
            return Map.of();
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (int i = 0; i < list.size(); i += 2) {
            linkedHashMap.put(list.get(i), list.get(i + 1));
        }
        return linkedHashMap;
    }

    public static void main(String[] strArr) throws InterruptedException, IOException {
        System.err.println("Got args: " + String.join("; ", strArr));
        log.info("Starting Capture Proxy on " + ProcessHelpers.getNodeInstanceName());
        Parameters parseArgs = parseArgs(strArr);
        URI convertStringToUri = convertStringToUri(parseArgs.backsideUriString);
        RootCaptureContext rootCaptureContext = new RootCaptureContext(RootOtelContext.initializeOpenTelemetryWithCollectorOrAsNoop(parseArgs.otelCollectorEndpoint, "capture", ProcessHelpers.getNodeInstanceName()), new CompositeContextTracker(new IContextTracker[]{new ActiveContextTracker(), new ActiveContextTrackerByActivityType()}));
        Optional filter = Optional.ofNullable(parseArgs.sslConfigFilePath).map(str -> {
            return new DefaultSecurityKeyStore(getSettings(str), Paths.get(str, new String[0]).toAbsolutePath().getParent());
        }).filter(defaultSecurityKeyStore -> {
            return defaultSecurityKeyStore.sslHTTPProvider != null;
        });
        filter.ifPresent((v0) -> {
            v0.initHttpSSLConfig();
        });
        NettyScanningHttpProxy nettyScanningHttpProxy = new NettyScanningHttpProxy(parseArgs.frontsidePort);
        try {
            nettyScanningHttpProxy.start(buildProxyChannelInitializer(rootCaptureContext, new BacksideConnectionPool(convertStringToUri, loadBacksideSslContext(convertStringToUri, parseArgs.allowInsecureConnectionsToBackside), parseArgs.destinationConnectionPoolSize, parseArgs.destinationConnectionPoolSize == 0 ? Duration.ZERO : Duration.parse(parseArgs.destinationConnectionPoolTimeout)), (Supplier) filter.map(defaultSecurityKeyStore2 -> {
                return () -> {
                    try {
                        return defaultSecurityKeyStore2.createHTTPSSLEngine();
                    } catch (Exception e) {
                        throw e;
                    }
                };
            }).orElse(null), new HeaderValueFilteringCapturePredicate(convertPairListToMap(parseArgs.suppressCaptureHeaderPairs)), parseArgs.headerOverrides, getConnectionCaptureFactory(parseArgs, rootCaptureContext)), parseArgs.numThreads);
            Runtime.getRuntime().addShutdownHook(new Thread(() -> {
                try {
                    System.err.println("Received shutdown signal.  Trying to shutdown cleanly");
                    nettyScanningHttpProxy.stop();
                    System.err.println("Done stopping the proxy.");
                } catch (InterruptedException e) {
                    System.err.println("Caught InterruptedException while shutting down, resetting interrupt status: " + String.valueOf(e));
                    Thread.currentThread().interrupt();
                }
            }));
            nettyScanningHttpProxy.waitForClose();
        } catch (Exception e) {
            log.atError().setCause(e).setMessage("Caught exception while setting up the server and rethrowing").log();
            throw e;
        }
    }

    static <T> ProxyChannelInitializer<T> buildProxyChannelInitializer(RootCaptureContext rootCaptureContext, BacksideConnectionPool backsideConnectionPool, Supplier<SSLEngine> supplier, @NonNull RequestCapturePredicate requestCapturePredicate, List<String> list, IConnectionCaptureFactory<T> iConnectionCaptureFactory) {
        if (requestCapturePredicate == null) {
            throw new NullPointerException("headerCapturePredicate is marked non-null but is null");
        }
        final ArrayList arrayList = new ArrayList(convertPairListToMap(list).entrySet());
        Collections.reverse(arrayList);
        final ArrayList arrayList2 = new ArrayList(arrayList.size());
        final ArrayList arrayList3 = new ArrayList(arrayList.size());
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            Map.Entry entry = (Map.Entry) it.next();
            arrayList3.add(Unpooled.unreleasableBuffer(Unpooled.wrappedBuffer((((String) entry.getKey()) + ": " + ((String) entry.getValue())).getBytes(StandardCharsets.UTF_8))));
            arrayList2.add(((String) entry.getKey()) + ":");
        }
        return new ProxyChannelInitializer<T>(rootCaptureContext, backsideConnectionPool, supplier, iConnectionCaptureFactory, requestCapturePredicate) { // from class: org.opensearch.migrations.trafficcapture.proxyserver.CaptureProxy.3
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.opensearch.migrations.trafficcapture.proxyserver.netty.ProxyChannelInitializer
            public void initChannel(@NonNull SocketChannel socketChannel) throws IOException {
                if (socketChannel == null) {
                    throw new NullPointerException("ch is marked non-null but is null");
                }
                super.initChannel(socketChannel);
                ChannelPipeline pipeline = socketChannel.pipeline();
                int i = 0;
                Iterator it2 = arrayList.iterator();
                while (it2.hasNext()) {
                    int i2 = i;
                    i++;
                    pipeline.addAfter("CaptureHandler", "AddHeader-" + ((String) ((Map.Entry) it2.next()).getKey()), new HeaderAdderHandler((ByteBuf) arrayList3.get(i2)));
                }
                int i3 = 0;
                Iterator it3 = arrayList.iterator();
                while (it3.hasNext()) {
                    int i4 = i3;
                    i3++;
                    pipeline.addAfter("CaptureHandler", "RemoveHeader-" + ((String) ((Map.Entry) it3.next()).getKey()), new HeaderRemoverHandler((String) arrayList2.get(i4)));
                }
            }
        };
    }
}
