package io.helidon.webserver;

import io.helidon.webserver.ReferenceHoldingQueue;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.codec.http.HttpContentCompressor;
import io.netty.handler.codec.http.HttpServerCodec;
import io.netty.handler.logging.LogLevel;
import io.netty.handler.logging.LoggingHandler;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslHandler;
import io.netty.util.AttributeKey;
import io.netty.util.concurrent.Future;
import java.lang.ref.Reference;
import java.lang.ref.ReferenceQueue;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Queue;
import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.security.auth.x500.X500Principal;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:io/helidon/webserver/HttpInitializer.class */
public class HttpInitializer extends ChannelInitializer<SocketChannel> {
    private static final Logger LOGGER = Logger.getLogger(HttpInitializer.class.getName());
    static final AttributeKey<String> CLIENT_CERTIFICATE_NAME = AttributeKey.valueOf("client_certificate_name");
    static final AttributeKey<X509Certificate> CLIENT_CERTIFICATE = AttributeKey.valueOf("client_certificate");
    static final AttributeKey<Certificate[]> CLIENT_CERTIFICATE_CHAIN = AttributeKey.valueOf("client_certificate_chain");
    private final NettyWebServer webServer;
    private final DirectHandlers directHandlers;
    private final SocketConfiguration soConfig;
    private final Router router;
    private volatile SslContext sslContext;
    private final AtomicBoolean clearLock = new AtomicBoolean();
    private final ReferenceQueue<Object> queues = new ReferenceQueue<>();
    private final Queue<ReferenceHoldingQueue<?>> unreleasedQueues = new ConcurrentLinkedQueue();

    /* JADX INFO: Access modifiers changed from: package-private */
    public HttpInitializer(SocketConfiguration socketConfiguration, SslContext sslContext, Router router, NettyWebServer nettyWebServer, DirectHandlers directHandlers) {
        this.soConfig = socketConfiguration;
        this.router = router;
        this.sslContext = sslContext;
        this.webServer = nettyWebServer;
        this.directHandlers = directHandlers;
    }

    private void clearQueues() {
        if (this.clearLock.get() || !this.clearLock.compareAndSet(false, true)) {
            return;
        }
        try {
            Reference<? extends Object> poll = this.queues.poll();
            while (poll != null) {
                if (poll instanceof ReferenceHoldingQueue.IndirectReference) {
                    ReferenceHoldingQueue<?> referenceHoldingQueue = (ReferenceHoldingQueue) ((ReferenceHoldingQueue.IndirectReference) poll).acquire();
                    if (referenceHoldingQueue != null && !referenceHoldingQueue.release()) {
                        this.unreleasedQueues.add(referenceHoldingQueue);
                    }
                } else {
                    log("Unexpected reference in queues", null);
                }
                poll = this.queues.poll();
            }
            this.unreleasedQueues.removeIf((v0) -> {
                return v0.release();
            });
        } finally {
            this.clearLock.lazySet(false);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void queuesShutdown() {
        clearQueues();
        this.unreleasedQueues.removeIf(referenceHoldingQueue -> {
            referenceHoldingQueue.shutdown();
            return true;
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void updateSslContext(SslContext sslContext) {
        if (this.sslContext == null) {
            throw new IllegalStateException("Current TLS context is not set, update not allowed");
        }
        this.sslContext = sslContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasTls() {
        return this.sslContext != null;
    }

    public void initChannel(SocketChannel socketChannel) {
        log("Initializing channel", socketChannel);
        ChannelPipeline pipeline = socketChannel.pipeline();
        SSLEngine sSLEngine = null;
        SslContext sslContext = this.sslContext;
        if (sslContext != null) {
            ChannelHandler newHandler = sslContext.newHandler(socketChannel.alloc());
            sSLEngine = newHandler.engine();
            pipeline.addLast(new ChannelHandler[]{newHandler});
            newHandler.handshakeFuture().addListener(future -> {
                obtainClientCN(future, socketChannel, newHandler);
            });
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            pipeline.addLast(new ChannelHandler[]{new LoggingHandler(LogLevel.DEBUG)});
        }
        ServerConfiguration configuration = this.webServer.configuration();
        UpgradeManager.addUpgradeHandler(pipeline, this.router, new HttpServerCodec(this.soConfig.maxInitialLineLength(), this.soConfig.maxHeaderSize(), this.soConfig.maxChunkSize(), this.soConfig.validateHeaders(), this.soConfig.initialBufferSize()), this.soConfig.maxUpgradeContentLength());
        if (configuration.enableCompression()) {
            log("Compression negotiation enabled (gzip, deflate)", socketChannel);
            pipeline.addLast(new ChannelHandler[]{new HttpContentCompressor()});
        }
        RequestRouting requestRouting = (RequestRouting) this.router.routing(RequestRouting.class, null);
        if (requestRouting != null) {
            pipeline.addLast(new ChannelHandler[]{new ForwardingHandler(requestRouting, this.webServer, sSLEngine, this.queues, this::clearQueues, this.soConfig, this.directHandlers)});
        }
        socketChannel.eventLoop().execute(this::clearQueues);
    }

    private void obtainClientCN(Future<? super Channel> future, SocketChannel socketChannel, SslHandler sslHandler) {
        if (future.cause() == null) {
            try {
                Certificate[] peerCertificates = sslHandler.engine().getSession().getPeerCertificates();
                if (peerCertificates.length >= 1) {
                    X509Certificate x509Certificate = (X509Certificate) peerCertificates[0];
                    X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
                    int indexOf = subjectX500Principal.getName().indexOf("CN=");
                    String str = "Unknown CN";
                    if (indexOf >= 0) {
                        str = subjectX500Principal.getName().substring(indexOf + 3);
                        int indexOf2 = str.indexOf(",");
                        if (indexOf2 > 0) {
                            str = str.substring(0, indexOf2);
                        }
                    }
                    socketChannel.attr(CLIENT_CERTIFICATE_NAME).set(str);
                    socketChannel.attr(CLIENT_CERTIFICATE).set(x509Certificate);
                    socketChannel.attr(CLIENT_CERTIFICATE_CHAIN).set(peerCertificates);
                }
            } catch (SSLPeerUnverifiedException e) {
            }
        }
    }

    private void log(String str, Channel channel) {
        if (LOGGER.isLoggable(Level.FINER)) {
            LOGGER.finer("[Initializer: " + System.identityHashCode(this) + ", Channel: 0x" + (channel != null ? channel.id().toString() : "N/A") + "] " + str);
        }
    }
}
