package org.eclipse.milo.opcua.stack.server.transport.http;

import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.SimpleChannelInboundHandler;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.codec.http.DefaultFullHttpResponse;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpHeaderValues;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpObjectAggregator;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpServerCodec;
import io.netty.handler.codec.http.HttpVersion;
import io.netty.handler.codec.http.websocketx.WebSocketServerProtocolHandler;
import io.netty.handler.codec.http.websocketx.extensions.compression.WebSocketServerCompressionHandler;
import io.netty.handler.logging.LogLevel;
import io.netty.handler.logging.LoggingHandler;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Objects;
import org.eclipse.milo.opcua.stack.core.util.EndpointUtil;
import org.eclipse.milo.opcua.stack.server.UaStackServer;
import org.eclipse.milo.opcua.stack.server.transport.RateLimitingHandler;
import org.eclipse.milo.opcua.stack.server.transport.websocket.OpcServerWebSocketFrameHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/milo/opcua/stack/server/transport/http/OpcServerHttpChannelInitializer.class */
public class OpcServerHttpChannelInitializer extends ChannelInitializer<SocketChannel> {
    private SslContext sslContext;
    private final UaStackServer stackServer;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/milo/opcua/stack/server/transport/http/OpcServerHttpChannelInitializer$OpcHttpTransportInterceptor.class */
    public static class OpcHttpTransportInterceptor extends SimpleChannelInboundHandler<FullHttpRequest> {
        private final Logger logger = LoggerFactory.getLogger(getClass());
        private final UaStackServer stackServer;

        public OpcHttpTransportInterceptor(UaStackServer uaStackServer) {
            this.stackServer = uaStackServer;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public void channelRead0(ChannelHandlerContext channelHandlerContext, FullHttpRequest fullHttpRequest) {
            String str = fullHttpRequest.headers().get(HttpHeaderNames.HOST);
            String uri = fullHttpRequest.uri();
            this.logger.debug("host={} uri={}", str, uri);
            if (!this.stackServer.getEndpointDescriptions().stream().anyMatch(endpointDescription -> {
                return Objects.equals(uri, EndpointUtil.getPath(endpointDescription.getEndpointUrl()));
            })) {
                this.logger.debug("unrecognized endpoint URL: " + uri);
                channelHandlerContext.channel().writeAndFlush(new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, HttpResponseStatus.NOT_FOUND)).addListener(future -> {
                    channelHandlerContext.close();
                });
                return;
            }
            if (Objects.equals(fullHttpRequest.method(), HttpMethod.GET) && "websocket".equalsIgnoreCase(fullHttpRequest.headers().get(HttpHeaderValues.UPGRADE))) {
                this.logger.debug("intercepted WebSocket upgrade");
                channelHandlerContext.channel().pipeline().remove(this);
                channelHandlerContext.channel().pipeline().addLast(new ChannelHandler[]{new WebSocketServerCompressionHandler()});
                channelHandlerContext.channel().pipeline().addLast(new ChannelHandler[]{new WebSocketServerProtocolHandler("/ws", String.format("%s, %s", "opcua+uacp", "opcua+uajson"), true)});
                channelHandlerContext.channel().pipeline().addLast(new ChannelHandler[]{new OpcServerWebSocketFrameHandler(this.stackServer)});
                fullHttpRequest.retain();
                channelHandlerContext.executor().execute(() -> {
                    channelHandlerContext.fireChannelRead(fullHttpRequest);
                });
                return;
            }
            if (!Objects.equals(fullHttpRequest.method(), HttpMethod.POST)) {
                channelHandlerContext.channel().writeAndFlush(new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, HttpResponseStatus.BAD_REQUEST)).addListener(future2 -> {
                    channelHandlerContext.close();
                });
                return;
            }
            this.logger.debug("intercepted HTTP POST");
            channelHandlerContext.channel().pipeline().remove(this);
            channelHandlerContext.channel().pipeline().addLast(new ChannelHandler[]{new OpcServerHttpRequestHandler(this.stackServer)});
            fullHttpRequest.retain();
            channelHandlerContext.executor().execute(() -> {
                channelHandlerContext.pipeline().fireChannelRead(fullHttpRequest);
            });
        }
    }

    public OpcServerHttpChannelInitializer(UaStackServer uaStackServer) {
        this.sslContext = null;
        this.stackServer = uaStackServer;
        KeyPair orElse = uaStackServer.getConfig().getHttpsKeyPair().orElse(null);
        X509Certificate orElse2 = uaStackServer.getConfig().getHttpsCertificate().orElse(null);
        if (orElse == null || orElse2 == null) {
            LoggerFactory.getLogger(OpcServerHttpChannelInitializer.class).warn("HTTPS KeyPair and/or Certificate not configured; falling back to plaintext...");
            return;
        }
        try {
            this.sslContext = SslContextBuilder.forServer(orElse.getPrivate(), new X509Certificate[]{orElse2}).clientAuth(ClientAuth.NONE).trustManager(InsecureTrustManagerFactory.INSTANCE).build();
        } catch (Exception e) {
            LoggerFactory.getLogger(OpcServerHttpChannelInitializer.class).error("Error configuration SslContext: {}", e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initChannel(SocketChannel socketChannel) {
        this.stackServer.registerConnectedChannel(socketChannel);
        socketChannel.closeFuture().addListener(future -> {
            this.stackServer.unregisterConnectedChannel(socketChannel);
        });
        socketChannel.pipeline().addLast(new ChannelHandler[]{RateLimitingHandler.getInstance()});
        if (this.sslContext != null) {
            socketChannel.pipeline().addLast(new ChannelHandler[]{this.sslContext.newHandler(socketChannel.alloc())});
        }
        socketChannel.pipeline().addLast(new ChannelHandler[]{new LoggingHandler(LogLevel.TRACE)});
        socketChannel.pipeline().addLast(new ChannelHandler[]{new HttpServerCodec()});
        socketChannel.pipeline().addLast(new ChannelHandler[]{new HttpObjectAggregator(Integer.MAX_VALUE)});
        socketChannel.pipeline().addLast(new ChannelHandler[]{new OpcHttpTransportInterceptor(this.stackServer)});
    }
}
