package org.elasticsearch.xpack.security.transport.nio;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.channels.ServerSocketChannel;
import java.nio.channels.SocketChannel;
import java.util.Objects;
import java.util.function.Consumer;
import javax.net.ssl.SSLEngine;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.network.NetworkService;
import org.elasticsearch.common.settings.ClusterSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.BigArrays;
import org.elasticsearch.common.util.PageCacheRecycler;
import org.elasticsearch.common.xcontent.NamedXContentRegistry;
import org.elasticsearch.http.HttpChannel;
import org.elasticsearch.http.HttpHandlingSettings;
import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.http.nio.HttpReadWriteHandler;
import org.elasticsearch.http.nio.NioHttpChannel;
import org.elasticsearch.http.nio.NioHttpServerChannel;
import org.elasticsearch.http.nio.NioHttpServerTransport;
import org.elasticsearch.nio.BytesChannelContext;
import org.elasticsearch.nio.ChannelFactory;
import org.elasticsearch.nio.Config;
import org.elasticsearch.nio.InboundChannelBuffer;
import org.elasticsearch.nio.NioSelector;
import org.elasticsearch.nio.ServerChannelContext;
import org.elasticsearch.nio.TaskScheduler;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.nio.NioGroupFactory;
import org.elasticsearch.xpack.core.XPackSettings;
import org.elasticsearch.xpack.core.ssl.SSLConfiguration;
import org.elasticsearch.xpack.core.ssl.SSLService;
import org.elasticsearch.xpack.security.transport.SecurityHttpExceptionHandler;
import org.elasticsearch.xpack.security.transport.filter.IPFilter;

/* loaded from: input_file:org/elasticsearch/xpack/security/transport/nio/SecurityNioHttpServerTransport.class */
public class SecurityNioHttpServerTransport extends NioHttpServerTransport {
    private static final Logger logger = LogManager.getLogger(SecurityNioHttpServerTransport.class);
    private final SecurityHttpExceptionHandler securityExceptionHandler;
    private final IPFilter ipFilter;
    private final SSLService sslService;
    private final SSLConfiguration sslConfiguration;
    private final boolean sslEnabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/elasticsearch/xpack/security/transport/nio/SecurityNioHttpServerTransport$SecurityHttpChannelFactory.class */
    public class SecurityHttpChannelFactory extends ChannelFactory<NioHttpServerChannel, NioHttpChannel> {
        private SecurityHttpChannelFactory() {
            super(SecurityNioHttpServerTransport.this.tcpNoDelay, SecurityNioHttpServerTransport.this.tcpKeepAlive, SecurityNioHttpServerTransport.this.tcpKeepIdle, SecurityNioHttpServerTransport.this.tcpKeepInterval, SecurityNioHttpServerTransport.this.tcpKeepCount, SecurityNioHttpServerTransport.this.reuseAddress, SecurityNioHttpServerTransport.this.tcpSendBufferSize, SecurityNioHttpServerTransport.this.tcpReceiveBufferSize);
        }

        /* renamed from: createChannel, reason: merged with bridge method [inline-methods] */
        public NioHttpChannel m128createChannel(NioSelector nioSelector, SocketChannel socketChannel, Config.Socket socket) throws IOException {
            SSLChannelContext bytesChannelContext;
            SSLEngine createSSLEngine;
            NioHttpChannel nioHttpChannel = new NioHttpChannel(socketChannel);
            SecurityNioHttpServerTransport securityNioHttpServerTransport = SecurityNioHttpServerTransport.this;
            HttpHandlingSettings httpHandlingSettings = SecurityNioHttpServerTransport.this.handlingSettings;
            TaskScheduler taskScheduler = nioSelector.getTaskScheduler();
            ThreadPool threadPool = SecurityNioHttpServerTransport.this.threadPool;
            Objects.requireNonNull(threadPool);
            NioIPFilter httpReadWriteHandler = new HttpReadWriteHandler(nioHttpChannel, securityNioHttpServerTransport, httpHandlingSettings, taskScheduler, threadPool::relativeTimeInNanos);
            NioIPFilter nioIPFilter = SecurityNioHttpServerTransport.this.ipFilter != null ? new NioIPFilter(httpReadWriteHandler, socket.getRemoteAddress(), SecurityNioHttpServerTransport.this.ipFilter, IPFilter.HTTP_PROFILE_NAME) : httpReadWriteHandler;
            InboundChannelBuffer inboundChannelBuffer = new InboundChannelBuffer(SecurityNioHttpServerTransport.this.pageAllocator);
            Consumer consumer = exc -> {
                SecurityNioHttpServerTransport.this.securityExceptionHandler.accept((HttpChannel) nioHttpChannel, exc);
            };
            if (SecurityNioHttpServerTransport.this.sslEnabled) {
                if (SecurityNioHttpServerTransport.this.sslConfiguration.verificationMode().isHostnameVerificationEnabled()) {
                    InetSocketAddress inetSocketAddress = (InetSocketAddress) socketChannel.getRemoteAddress();
                    createSSLEngine = SecurityNioHttpServerTransport.this.sslService.createSSLEngine(SecurityNioHttpServerTransport.this.sslConfiguration, inetSocketAddress.getHostString(), inetSocketAddress.getPort());
                } else {
                    createSSLEngine = SecurityNioHttpServerTransport.this.sslService.createSSLEngine(SecurityNioHttpServerTransport.this.sslConfiguration, (String) null, -1);
                }
                bytesChannelContext = new SSLChannelContext(nioHttpChannel, nioSelector, socket, consumer, new SSLDriver(createSSLEngine, SecurityNioHttpServerTransport.this.pageAllocator, false), nioIPFilter, inboundChannelBuffer, new InboundChannelBuffer(SecurityNioHttpServerTransport.this.pageAllocator));
            } else {
                bytesChannelContext = new BytesChannelContext(nioHttpChannel, nioSelector, socket, consumer, nioIPFilter, inboundChannelBuffer);
            }
            nioHttpChannel.setContext(bytesChannelContext);
            return nioHttpChannel;
        }

        /* renamed from: createServerChannel, reason: merged with bridge method [inline-methods] */
        public NioHttpServerChannel m127createServerChannel(NioSelector nioSelector, ServerSocketChannel serverSocketChannel, Config.ServerSocket serverSocket) {
            NioHttpServerChannel nioHttpServerChannel = new NioHttpServerChannel(serverSocketChannel);
            Consumer consumer = exc -> {
                SecurityNioHttpServerTransport.this.onServerException(nioHttpServerChannel, exc);
            };
            SecurityNioHttpServerTransport securityNioHttpServerTransport = SecurityNioHttpServerTransport.this;
            nioHttpServerChannel.setContext(new ServerChannelContext(nioHttpServerChannel, this, nioSelector, serverSocket, nioSocketChannel -> {
                securityNioHttpServerTransport.acceptChannel(nioSocketChannel);
            }, consumer));
            return nioHttpServerChannel;
        }
    }

    public SecurityNioHttpServerTransport(Settings settings, NetworkService networkService, BigArrays bigArrays, PageCacheRecycler pageCacheRecycler, ThreadPool threadPool, NamedXContentRegistry namedXContentRegistry, HttpServerTransport.Dispatcher dispatcher, IPFilter iPFilter, SSLService sSLService, NioGroupFactory nioGroupFactory, ClusterSettings clusterSettings) {
        super(settings, networkService, bigArrays, pageCacheRecycler, threadPool, namedXContentRegistry, dispatcher, nioGroupFactory, clusterSettings);
        this.securityExceptionHandler = new SecurityHttpExceptionHandler(logger, this.lifecycle, (httpChannel, exc) -> {
            super.onException(httpChannel, exc);
        });
        this.ipFilter = iPFilter;
        this.sslEnabled = ((Boolean) XPackSettings.HTTP_SSL_ENABLED.get(settings)).booleanValue();
        this.sslService = sSLService;
        if (!this.sslEnabled) {
            this.sslConfiguration = null;
            return;
        }
        this.sslConfiguration = sSLService.getHttpTransportSSLConfiguration();
        if (!sSLService.isConfigurationValidForServerUsage(this.sslConfiguration)) {
            throw new IllegalArgumentException("a key must be provided to run as a server. the key should be configured using the [xpack.security.http.ssl.key] or [xpack.security.http.ssl.keystore.path] setting");
        }
    }

    protected void doStart() {
        super.doStart();
        this.ipFilter.setBoundHttpTransportAddress(boundAddress());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: channelFactory, reason: merged with bridge method [inline-methods] */
    public SecurityHttpChannelFactory m126channelFactory() {
        return new SecurityHttpChannelFactory();
    }
}
