package com.yahoo.jdisc.http.server.jetty;

import com.yahoo.container.logging.ConnectionLog;
import com.yahoo.container.logging.ConnectionLogEntry;
import com.yahoo.io.HexDump;
import com.yahoo.jdisc.http.ServerConfig;
import com.yahoo.security.X509CertificateUtils;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.function.Function;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.eclipse.jetty.alpn.server.ALPNServerConnection;
import org.eclipse.jetty.http.HttpFields;
import org.eclipse.jetty.http2.server.internal.HTTP2ServerConnection;
import org.eclipse.jetty.io.Connection;
import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.io.SocketChannelEndPoint;
import org.eclipse.jetty.io.ssl.SslConnection;
import org.eclipse.jetty.io.ssl.SslHandshakeListener;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.ProxyConnectionFactory;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.handler.EventsHandler;
import org.eclipse.jetty.server.internal.HttpConnection;

/* loaded from: input_file:com/yahoo/jdisc/http/server/jetty/JettyConnectionLogger.class */
class JettyConnectionLogger extends EventsHandler implements Connection.Listener, SslHandshakeListener {
    static final String CONNECTION_ID_REQUEST_ATTRIBUTE = "jdisc.request.connection.id";
    private static final Logger log = Logger.getLogger(JettyConnectionLogger.class.getName());
    private final SimpleConcurrentIdentityHashMap<SocketChannelEndPoint, ConnectionInfo> connectionInfos;
    private final SimpleConcurrentIdentityHashMap<SocketChannelEndPoint, SSLEngine> sslEngines;
    private final SimpleConcurrentIdentityHashMap<SSLEngine, ConnectionInfo> sslToConnectionInfo;
    private final boolean enabled;
    private final ConnectionLog connectionLog;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/yahoo/jdisc/http/server/jetty/JettyConnectionLogger$ConnectionInfo.class */
    public static class ConnectionInfo {
        private final UUID uuid;
        private final long createdAt;
        private final InetSocketAddress localAddress;
        private final InetSocketAddress peerAddress;
        private SocketAddress remoteAddress;
        private byte[] sslSessionId;
        private String sslProtocol;
        private String sslCipherSuite;
        private String sslPeerSubject;
        private Date sslPeerNotBefore;
        private Date sslPeerNotAfter;
        private List<SNIServerName> sslSniServerNames;
        private String sslPeerIssuerSubject;
        private byte[] sslPeerEncodedCertificate;
        private SSLHandshakeException sslHandshakeException;
        private List<String> sslSubjectAlternativeNames;
        private String proxyProtocolVersion;
        private String httpProtocol;
        private long closedAt = 0;
        private long httpBytesReceived = 0;
        private long httpBytesSent = 0;
        private long requests = 0;
        private long responses = 0;
        private long sslBytesReceived = 0;
        private long sslBytesSent = 0;

        private ConnectionInfo(UUID uuid, long j, InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2) {
            this.uuid = uuid;
            this.createdAt = j;
            this.localAddress = inetSocketAddress;
            this.peerAddress = inetSocketAddress2;
        }

        static ConnectionInfo from(SocketChannelEndPoint socketChannelEndPoint) {
            return new ConnectionInfo(UUID.randomUUID(), socketChannelEndPoint.getCreatedTimeStamp(), socketChannelEndPoint.getLocalAddress(), socketChannelEndPoint.getRemoteAddress());
        }

        synchronized UUID uuid() {
            return this.uuid;
        }

        synchronized ConnectionInfo setClosedAt(long j) {
            this.closedAt = j;
            return this;
        }

        synchronized ConnectionInfo setHttpBytes(long j, long j2) {
            this.httpBytesReceived = j;
            this.httpBytesSent = j2;
            return this;
        }

        synchronized ConnectionInfo incrementRequests() {
            this.requests++;
            return this;
        }

        synchronized ConnectionInfo incrementResponses() {
            this.responses++;
            return this;
        }

        synchronized ConnectionInfo setRemoteAddress(SocketAddress socketAddress) {
            this.remoteAddress = socketAddress;
            return this;
        }

        synchronized ConnectionInfo setSslSessionDetails(SSLSession sSLSession) {
            this.sslCipherSuite = sSLSession.getCipherSuite();
            this.sslProtocol = sSLSession.getProtocol();
            this.sslSessionId = sSLSession.getId();
            if (sSLSession instanceof ExtendedSSLSession) {
                this.sslSniServerNames = ((ExtendedSSLSession) sSLSession).getRequestedServerNames();
            }
            try {
                this.sslPeerSubject = sSLSession.getPeerPrincipal().getName();
                X509Certificate x509Certificate = (X509Certificate) sSLSession.getPeerCertificates()[0];
                this.sslPeerNotBefore = x509Certificate.getNotBefore();
                this.sslPeerNotAfter = x509Certificate.getNotAfter();
                this.sslSubjectAlternativeNames = X509CertificateUtils.getSubjectAlternativeNames(x509Certificate).stream().map((v0) -> {
                    return v0.getValue();
                }).toList();
                this.sslPeerIssuerSubject = x509Certificate.getIssuerX500Principal().getName();
                this.sslPeerEncodedCertificate = x509Certificate.getEncoded();
            } catch (CertificateEncodingException | SSLPeerUnverifiedException e) {
            }
            return this;
        }

        synchronized ConnectionInfo setSslHandshakeFailure(SSLHandshakeException sSLHandshakeException) {
            this.sslHandshakeException = sSLHandshakeException;
            return this;
        }

        synchronized ConnectionInfo setHttpProtocol(String str) {
            this.httpProtocol = str;
            return this;
        }

        synchronized ConnectionInfo setProxyProtocolVersion(String str) {
            this.proxyProtocolVersion = str;
            return this;
        }

        synchronized ConnectionInfo setSslBytes(long j, long j2) {
            this.sslBytesReceived = j;
            this.sslBytesSent = j2;
            return this;
        }

        synchronized ConnectionLogEntry toLogEntry() {
            ConnectionLogEntry.Builder builder = ConnectionLogEntry.builder(this.uuid, Instant.ofEpochMilli(this.createdAt));
            if (this.closedAt > 0) {
                builder.withDuration((this.closedAt - this.createdAt) / 1000.0d);
            }
            if (this.httpBytesReceived > 0) {
                builder.withHttpBytesReceived(this.httpBytesReceived);
            }
            if (this.httpBytesSent > 0) {
                builder.withHttpBytesSent(this.httpBytesSent);
            }
            if (this.requests > 0) {
                builder.withRequests(this.requests);
            }
            if (this.responses > 0) {
                builder.withResponses(this.responses);
            }
            if (this.peerAddress != null) {
                builder.withPeerAddress(this.peerAddress.getHostString()).withPeerPort(this.peerAddress.getPort());
            }
            if (this.localAddress != null) {
                builder.withLocalAddress(this.localAddress.getHostString()).withLocalPort(this.localAddress.getPort());
            }
            SocketAddress socketAddress = this.remoteAddress;
            if (socketAddress instanceof InetSocketAddress) {
                InetSocketAddress inetSocketAddress = (InetSocketAddress) socketAddress;
                builder.withRemoteAddress(inetSocketAddress.getHostString()).withRemotePort(inetSocketAddress.getPort());
            }
            if (this.sslProtocol != null && this.sslCipherSuite != null && this.sslSessionId != null) {
                builder.withSslProtocol(this.sslProtocol).withSslCipherSuite(this.sslCipherSuite).withSslSessionId(HexDump.toHexString(this.sslSessionId));
            }
            if (this.sslSniServerNames != null) {
                Optional findAny = this.sslSniServerNames.stream().filter(sNIServerName -> {
                    return (sNIServerName instanceof SNIHostName) && sNIServerName.getType() == 0;
                }).map(sNIServerName2 -> {
                    return ((SNIHostName) sNIServerName2).getAsciiName();
                }).findAny();
                Objects.requireNonNull(builder);
                findAny.ifPresent(builder::withSslSniServerName);
            }
            if (this.sslPeerSubject != null && this.sslPeerNotAfter != null && this.sslPeerNotBefore != null && this.sslPeerIssuerSubject != null && this.sslPeerEncodedCertificate != null) {
                builder.withSslPeerSubject(this.sslPeerSubject).withSslPeerIssuerSubject(this.sslPeerIssuerSubject).withSslPeerNotAfter(this.sslPeerNotAfter.toInstant()).withSslPeerNotBefore(this.sslPeerNotBefore.toInstant()).withSslPeerFingerprint(certificateFingerprint(this.sslPeerEncodedCertificate));
            }
            if (this.sslSubjectAlternativeNames != null && !this.sslSubjectAlternativeNames.isEmpty()) {
                builder.withSslSubjectAlternativeNames(this.sslSubjectAlternativeNames);
            }
            if (this.sslHandshakeException != null) {
                ArrayList arrayList = new ArrayList();
                Throwable th = this.sslHandshakeException;
                while (true) {
                    Throwable th2 = th;
                    if (th2 == null) {
                        break;
                    }
                    arrayList.add(new ConnectionLogEntry.SslHandshakeFailure.ExceptionEntry(th2.getClass().getName(), th2.getMessage()));
                    th = th2.getCause();
                }
                builder.withSslHandshakeFailure(new ConnectionLogEntry.SslHandshakeFailure((String) SslHandshakeFailure.fromSslHandshakeException(this.sslHandshakeException).map((v0) -> {
                    return v0.failureType();
                }).orElse("UNKNOWN"), arrayList));
            }
            if (this.httpProtocol != null) {
                builder.withHttpProtocol(this.httpProtocol);
            }
            if (this.proxyProtocolVersion != null) {
                builder.withProxyProtocolVersion(this.proxyProtocolVersion);
            }
            if (this.sslBytesReceived > 0) {
                builder.withSslBytesReceived(this.sslBytesReceived);
            }
            if (this.sslBytesSent > 0) {
                builder.withSslBytesSent(this.sslBytesSent);
            }
            return builder.build();
        }

        private static String certificateFingerprint(byte[] bArr) {
            try {
                return HexDump.toHexString(MessageDigest.getInstance("SHA-1").digest(bArr));
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @FunctionalInterface
    /* loaded from: input_file:com/yahoo/jdisc/http/server/jetty/JettyConnectionLogger$ListenerHandler.class */
    public interface ListenerHandler {
        void run() throws Exception;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JettyConnectionLogger(ServerConfig.ConnectionLog connectionLog, ConnectionLog connectionLog2, Handler handler) {
        super(handler);
        this.connectionInfos = new SimpleConcurrentIdentityHashMap<>();
        this.sslEngines = new SimpleConcurrentIdentityHashMap<>();
        this.sslToConnectionInfo = new SimpleConcurrentIdentityHashMap<>();
        this.enabled = connectionLog.enabled();
        this.connectionLog = connectionLog2;
        log.log(Level.FINE, () -> {
            return "Jetty connection logger is " + (connectionLog.enabled() ? "enabled" : "disabled");
        });
    }

    protected void doStop() {
        handleListenerInvocation("AbstractLifeCycle", "doStop", "", List.of(), () -> {
            log.log(Level.FINE, () -> {
                return "Jetty connection logger is stopped";
            });
        });
    }

    protected void doStart() {
        handleListenerInvocation("AbstractLifeCycle", "doStart", "", List.of(), () -> {
            log.log(Level.FINE, () -> {
                return "Jetty connection logger is started";
            });
        });
    }

    public void onOpened(Connection connection) {
        handleListenerInvocation("Connection.Listener", "onOpened", "%h", List.of(connection), () -> {
            SocketChannelEndPoint findUnderlyingSocketEndpoint = findUnderlyingSocketEndpoint(connection.getEndPoint());
            ConnectionInfo computeIfAbsent = this.connectionInfos.computeIfAbsent((SimpleConcurrentIdentityHashMap<SocketChannelEndPoint, ConnectionInfo>) findUnderlyingSocketEndpoint, (Function<SimpleConcurrentIdentityHashMap<SocketChannelEndPoint, ConnectionInfo>, ConnectionInfo>) ConnectionInfo::from);
            String simpleName = connection.getClass().getSimpleName();
            if (connection instanceof SslConnection) {
                addReferenceToSslEngine(findUnderlyingSocketEndpoint, computeIfAbsent, ((SslConnection) connection).getSSLEngine());
            } else if (connection instanceof ALPNServerConnection) {
                addReferenceToSslEngine(findUnderlyingSocketEndpoint, computeIfAbsent, ((ALPNServerConnection) connection).getSSLEngine());
            } else if (connection instanceof HttpConnection) {
                computeIfAbsent.setHttpProtocol("HTTP/1.1");
            } else if (connection instanceof HTTP2ServerConnection) {
                computeIfAbsent.setHttpProtocol("HTTP/2.0");
            } else if (simpleName.endsWith("ProxyProtocolV1Connection")) {
                computeIfAbsent.setProxyProtocolVersion("v1");
            } else if (simpleName.endsWith("ProxyProtocolV2Connection")) {
                computeIfAbsent.setProxyProtocolVersion("v2");
            }
            if (connection.getEndPoint() instanceof ProxyConnectionFactory.ProxyEndPoint) {
                computeIfAbsent.setRemoteAddress(connection.getEndPoint().getRemoteSocketAddress());
            }
        });
    }

    private void addReferenceToSslEngine(SocketChannelEndPoint socketChannelEndPoint, ConnectionInfo connectionInfo, SSLEngine sSLEngine) {
        if (sSLEngine != null) {
            Optional<SSLEngine> put = this.sslEngines.put(socketChannelEndPoint, sSLEngine);
            SimpleConcurrentIdentityHashMap<SSLEngine, ConnectionInfo> simpleConcurrentIdentityHashMap = this.sslToConnectionInfo;
            Objects.requireNonNull(simpleConcurrentIdentityHashMap);
            put.ifPresent((v1) -> {
                r1.remove(v1);
            });
            this.sslToConnectionInfo.put(sSLEngine, connectionInfo);
        }
    }

    public void onClosed(Connection connection) {
        handleListenerInvocation("Connection.Listener", "onClosed", "%h", List.of(connection), () -> {
            SocketChannelEndPoint findUnderlyingSocketEndpoint = findUnderlyingSocketEndpoint(connection.getEndPoint());
            ConnectionInfo orElse = this.connectionInfos.get(findUnderlyingSocketEndpoint).orElse(null);
            if (orElse == null) {
                return;
            }
            if (connection instanceof HttpConnection) {
                orElse.setHttpBytes(connection.getBytesIn(), connection.getBytesOut());
            }
            SslConnection.SslEndPoint endPoint = connection.getEndPoint();
            if (endPoint instanceof SslConnection.SslEndPoint) {
                SslConnection.SslEndPoint sslEndPoint = endPoint;
                orElse.setSslBytes(sslEndPoint.getSslConnection().getBytesIn(), sslEndPoint.getSslConnection().getBytesOut());
            }
            if (findUnderlyingSocketEndpoint.isOpen()) {
                return;
            }
            orElse.setClosedAt(System.currentTimeMillis());
            this.connectionLog.log(orElse.toLogEntry());
            this.connectionInfos.remove(findUnderlyingSocketEndpoint);
            Optional<SSLEngine> remove = this.sslEngines.remove(findUnderlyingSocketEndpoint);
            SimpleConcurrentIdentityHashMap<SSLEngine, ConnectionInfo> simpleConcurrentIdentityHashMap = this.sslToConnectionInfo;
            Objects.requireNonNull(simpleConcurrentIdentityHashMap);
            remove.ifPresent((v1) -> {
                r1.remove(v1);
            });
        });
    }

    protected void onBeforeHandling(Request request) {
        handleListenerInvocation("EventsHandler", "onBeforeHandling", "%h", List.of(request), () -> {
            ConnectionInfo connectionInfo = this.connectionInfos.get(findUnderlyingSocketEndpoint(request.getConnectionMetaData().getConnection().getEndPoint())).get();
            connectionInfo.incrementRequests();
            request.setAttribute(CONNECTION_ID_REQUEST_ATTRIBUTE, connectionInfo.uuid());
        });
    }

    protected void onResponseBegin(Request request, int i, HttpFields httpFields) {
        handleListenerInvocation("EventsHandler", "onResponseBegin", "%h", List.of(request), () -> {
            ConnectionInfo orElse = this.connectionInfos.get(findUnderlyingSocketEndpoint(request.getConnectionMetaData().getConnection().getEndPoint())).orElse(null);
            if (orElse == null) {
                return;
            }
            orElse.incrementResponses();
        });
    }

    public void handshakeSucceeded(SslHandshakeListener.Event event) {
        SSLEngine sSLEngine = event.getSSLEngine();
        handleListenerInvocation("SslHandshakeListener", "handshakeSucceeded", "sslEngine=%h", List.of(sSLEngine), () -> {
            ConnectionInfo orElse = this.sslToConnectionInfo.get(sSLEngine).orElse(null);
            if (orElse == null) {
                return;
            }
            orElse.setSslSessionDetails(sSLEngine.getSession());
        });
    }

    public void handshakeFailed(SslHandshakeListener.Event event, Throwable th) {
        SSLEngine sSLEngine = event.getSSLEngine();
        handleListenerInvocation("SslHandshakeListener", "handshakeFailed", "sslEngine=%h,failure=%s", List.of(sSLEngine, th), () -> {
            Logger logger = log;
            Level level = Level.FINE;
            Objects.requireNonNull(th);
            logger.log(level, th, th::toString);
            ConnectionInfo orElse = this.sslToConnectionInfo.get(sSLEngine).orElse(null);
            if (orElse == null) {
                return;
            }
            orElse.setSslHandshakeFailure((SSLHandshakeException) th);
        });
    }

    private void handleListenerInvocation(String str, String str2, String str3, List<Object> list, ListenerHandler listenerHandler) {
        if (this.enabled) {
            try {
                log.log(Level.FINE, () -> {
                    return String.format(str + "." + str2 + "(" + str3 + ")", list.toArray());
                });
                listenerHandler.run();
            } catch (Exception e) {
                log.log(Level.WARNING, String.format("Exception in %s.%s listener: %s", str, str2, e.getMessage()), (Throwable) e);
            }
        }
    }

    private static SocketChannelEndPoint findUnderlyingSocketEndpoint(EndPoint endPoint) {
        if (endPoint instanceof SocketChannelEndPoint) {
            return (SocketChannelEndPoint) endPoint;
        }
        if (endPoint instanceof SslConnection.SslEndPoint) {
            return findUnderlyingSocketEndpoint(((SslConnection.SslEndPoint) endPoint).getSslConnection().getEndPoint());
        }
        if (endPoint instanceof ProxyConnectionFactory.ProxyEndPoint) {
            return findUnderlyingSocketEndpoint(((ProxyConnectionFactory.ProxyEndPoint) endPoint).unwrap());
        }
        throw new IllegalArgumentException("Unknown connection endpoint type: " + endPoint.getClass().getName());
    }
}
