package com.yahoo.container.jdisc;

import com.yahoo.cloud.config.DataplaneProxyConfig;
import com.yahoo.component.AbstractComponent;
import com.yahoo.jdisc.http.server.jetty.DataplaneProxyCredentials;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.nio.file.attribute.FileAttribute;
import java.util.List;
import java.util.concurrent.ScheduledThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import javax.inject.Inject;

/* loaded from: input_file:com/yahoo/container/jdisc/DataplaneProxyService.class */
public final class DataplaneProxyService extends AbstractComponent {
    private static final Logger logger = Logger.getLogger(DataplaneProxyService.class.getName());
    private static final String PREFIX = "/opt/vespa";
    private final Path configTemplate;
    private final Path serverCertificateFile;
    private final Path serverKeyFile;
    private final Path nginxConf;
    private final ProxyCommands proxyCommands;
    private final ScheduledThreadPoolExecutor executorService;
    private final Path root;
    private volatile NginxState state;
    private volatile NginxState wantedState;
    private DataplaneProxyConfig cfg;
    private Path proxyCredentialsCert;
    private Path proxyCredentialsKey;

    /* loaded from: input_file:com/yahoo/container/jdisc/DataplaneProxyService$NginxProxyCommands.class */
    public static class NginxProxyCommands implements ProxyCommands {
        @Override // com.yahoo.container.jdisc.DataplaneProxyService.ProxyCommands
        public void start(Path path) {
            try {
                int waitFor = new ProcessBuilder(new String[0]).command("nginx", "-c", path.toString()).start().waitFor();
                if (waitFor != 0) {
                    throw new RuntimeException("Non-zero exitcode from nginx: %d".formatted(Integer.valueOf(waitFor)));
                }
            } catch (IOException | InterruptedException e) {
                throw new RuntimeException("Could not start nginx", e);
            }
        }

        @Override // com.yahoo.container.jdisc.DataplaneProxyService.ProxyCommands
        public void stop(Path path) {
            try {
                int waitFor = new ProcessBuilder(new String[0]).command("nginx", "-s", "stop", "-c", path.toString()).start().waitFor();
                if (waitFor != 0) {
                    throw new RuntimeException("Non-zero exitcode from nginx: %d".formatted(Integer.valueOf(waitFor)));
                }
            } catch (IOException | InterruptedException e) {
                throw new RuntimeException("Could not start nginx", e);
            }
        }

        @Override // com.yahoo.container.jdisc.DataplaneProxyService.ProxyCommands
        public void reload(Path path) {
            try {
                int waitFor = new ProcessBuilder(new String[0]).command("nginx", "-s", "reload", "-c", path.toString()).start().waitFor();
                if (waitFor != 0) {
                    throw new RuntimeException("Non-zero exitcode from nginx: %d".formatted(Integer.valueOf(waitFor)));
                }
            } catch (IOException | InterruptedException e) {
                throw new RuntimeException("Could not start nginx", e);
            }
        }

        @Override // com.yahoo.container.jdisc.DataplaneProxyService.ProxyCommands
        public boolean isRunning() {
            return ProcessHandle.allProcesses().map((v0) -> {
                return v0.info();
            }).anyMatch(info -> {
                return ((String) info.command().orElse("")).endsWith("nginx");
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/yahoo/container/jdisc/DataplaneProxyService$NginxState.class */
    public enum NginxState {
        INITIALIZING,
        RUNNING,
        RELOAD_REQUIRED,
        STOPPED
    }

    /* loaded from: input_file:com/yahoo/container/jdisc/DataplaneProxyService$ProxyCommands.class */
    public interface ProxyCommands {
        void start(Path path);

        void stop(Path path);

        void reload(Path path);

        boolean isRunning();
    }

    @Inject
    public DataplaneProxyService() {
        this(Paths.get(PREFIX, new String[0]), new NginxProxyCommands(), 1);
    }

    DataplaneProxyService(Path path, ProxyCommands proxyCommands, int i) {
        this.root = path;
        this.proxyCommands = proxyCommands;
        changeState(NginxState.INITIALIZING);
        this.wantedState = NginxState.RUNNING;
        this.configTemplate = path.resolve("conf/nginx/nginx.conf.template");
        this.serverCertificateFile = path.resolve("conf/nginx/server_cert.pem");
        this.serverKeyFile = path.resolve("conf/nginx/server_key.pem");
        this.nginxConf = path.resolve("conf/nginx/nginx.conf");
        this.executorService = new ScheduledThreadPoolExecutor(1);
        this.executorService.scheduleAtFixedRate(this::converge, i, i, TimeUnit.MINUTES);
    }

    public void reconfigure(DataplaneProxyConfig dataplaneProxyConfig, DataplaneProxyCredentials dataplaneProxyCredentials) {
        synchronized (this) {
            this.cfg = dataplaneProxyConfig;
            this.proxyCredentialsCert = dataplaneProxyCredentials.certificateFile();
            this.proxyCredentialsKey = dataplaneProxyCredentials.keyFile();
        }
    }

    private void changeState(NginxState nginxState) {
        this.state = nginxState;
    }

    void converge() {
        DataplaneProxyConfig dataplaneProxyConfig;
        Path path;
        Path path2;
        synchronized (this) {
            dataplaneProxyConfig = this.cfg;
            path = this.proxyCredentialsCert;
            path2 = this.proxyCredentialsKey;
            this.cfg = null;
            this.proxyCredentialsCert = null;
            this.proxyCredentialsKey = null;
        }
        if (dataplaneProxyConfig != null) {
            try {
                boolean writeFile = false | writeFile(this.serverCertificateFile, dataplaneProxyConfig.serverCertificate()) | writeFile(this.serverKeyFile, dataplaneProxyConfig.serverKey()) | writeFile(this.nginxConf, nginxConfig(this.configTemplate, path, path2, this.serverCertificateFile, this.serverKeyFile, dataplaneProxyConfig.mtlsPort(), dataplaneProxyConfig.tokenPort(), dataplaneProxyConfig.tokenEndpoints(), this.root));
                if (writeFile) {
                    logger.log(Level.INFO, "Configuring data plane proxy service. Token endpoints: [%s]".formatted(String.join(", ", dataplaneProxyConfig.tokenEndpoints())));
                }
                if (writeFile && this.state == NginxState.RUNNING) {
                    changeState(NginxState.RELOAD_REQUIRED);
                }
            } catch (IOException e) {
                throw new RuntimeException("Error reconfiguring data plane proxy", e);
            }
        }
        NginxState nginxState = this.wantedState;
        if (nginxState != NginxState.RUNNING) {
            if (nginxState != NginxState.STOPPED) {
                logger.warning("Unknown state " + nginxState);
                return;
            }
            if (this.proxyCommands.isRunning()) {
                try {
                    this.proxyCommands.stop(this.nginxConf);
                } catch (Exception e2) {
                    logger.log(Level.INFO, "Failed to stop nginx, will retry");
                    logger.log(Level.FINE, "Exception from nginx stop", (Throwable) e2);
                }
            }
            if (this.proxyCommands.isRunning()) {
                return;
            }
            changeState(nginxState);
            this.executorService.shutdownNow();
            return;
        }
        if (!this.proxyCommands.isRunning()) {
            try {
                this.proxyCommands.start(this.nginxConf);
                changeState(nginxState);
                return;
            } catch (Exception e3) {
                logger.log(Level.INFO, "Failed to start nginx, will retry");
                logger.log(Level.FINE, "Exception from nginx start", (Throwable) e3);
                return;
            }
        }
        if (this.state != NginxState.RELOAD_REQUIRED) {
            if (this.state != nginxState) {
                changeState(nginxState);
            }
        } else {
            try {
                this.proxyCommands.reload(this.nginxConf);
                changeState(nginxState);
            } catch (Exception e4) {
                logger.log(Level.INFO, "Failed to reconfigure nginx, will retry.");
                logger.log(Level.FINE, "Exception from nginx reload", (Throwable) e4);
            }
        }
    }

    public void deconstruct() {
        super.deconstruct();
        this.wantedState = NginxState.STOPPED;
        try {
            this.executorService.awaitTermination(30L, TimeUnit.SECONDS);
        } catch (InterruptedException e) {
            logger.log(Level.WARNING, "Error shutting down proxy reload thread", (Throwable) e);
        }
    }

    private boolean writeFile(Path path, String str) throws IOException {
        Path resolve = path.getParent().resolve(path.getFileName().toString() + ".new");
        Files.createDirectories(resolve.getParent(), new FileAttribute[0]);
        Files.writeString(resolve, str, new OpenOption[0]);
        if (!Files.exists(path, new LinkOption[0]) || Files.mismatch(resolve, path) > 0) {
            Files.move(resolve, path, StandardCopyOption.REPLACE_EXISTING);
            return true;
        }
        Files.delete(resolve);
        return false;
    }

    static String nginxConfig(Path path, Path path2, Path path3, Path path4, Path path5, int i, int i2, List<String> list, Path path6) {
        try {
            String str = "        %s vespatoken;";
            return replace(replace(replace(replace(replace(replace(replace(replace(Files.readString(path), "client_cert", path2.toString()), "client_key", path3.toString()), "server_cert", path4.toString()), "server_key", path5.toString()), "vespa_mtls_port", Integer.toString(i)), "vespa_token_port", Integer.toString(i2)), "prefix", path6.toString()), "vespa_token_endpoints", (String) list.stream().map(obj -> {
                return "        %s vespatoken;".formatted(obj);
            }).collect(Collectors.joining("\n")));
        } catch (IOException e) {
            throw new IllegalArgumentException("Could not create data plane proxy configuration", e);
        }
    }

    private static String replace(String str, String str2, String str3) {
        return str.replaceAll("\\$\\{%s\\}".formatted(str2), str3);
    }

    NginxState state() {
        return this.state;
    }

    NginxState wantedState() {
        return this.wantedState;
    }
}
