package com.atlassian.bamboo.grpc.authentication;

import com.atlassian.bamboo.beehive.BambooClusterNodeHeartbeatService;
import com.atlassian.bamboo.beehive.ClusterNodeProperties;
import com.atlassian.bamboo.cluster.grpc.GrpcChannelService;
import com.atlassian.bamboo.grpc.util.GrpcCertificateUtils;
import com.atlassian.bamboo.setup.BambooHomeLocator;
import com.atlassian.bamboo.utils.SystemProperty;
import io.grpc.ChannelCredentials;
import io.grpc.Grpc;
import io.grpc.ManagedChannel;
import io.grpc.ManagedChannelBuilder;
import io.grpc.ServerCredentials;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.concurrent.Executor;
import javax.inject.Inject;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.operator.OperatorCreationException;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:com/atlassian/bamboo/grpc/authentication/GrpcChannelServiceImpl.class */
public class GrpcChannelServiceImpl implements GrpcChannelService {
    private static final Logger log = LogManager.getLogger(GrpcChannelServiceImpl.class);
    private final BambooHomeLocator bambooHomeLocator;
    private final BambooClusterNodeHeartbeatService bambooClusterNodeHeartbeatService;
    private final ServerCredentials serverCredentials;
    private final ChannelCredentials clientCredentials;
    private final String hostname;

    @Inject
    public GrpcChannelServiceImpl(ClusterNodeProperties clusterNodeProperties, BambooHomeLocator bambooHomeLocator, BambooClusterNodeHeartbeatService bambooClusterNodeHeartbeatService) {
        this.hostname = clusterNodeProperties.getHostname();
        this.bambooHomeLocator = bambooHomeLocator;
        this.bambooClusterNodeHeartbeatService = bambooClusterNodeHeartbeatService;
        generateCaIfNeeded();
        this.serverCredentials = generateServerCredentials();
        this.clientCredentials = generateClientCredentials();
    }

    private void generateCaIfNeeded() {
        try {
            GrpcCertificateUtils.regenerateCaIfNeeded(this.bambooHomeLocator.getSharedHomePath());
        } catch (IOException | InterruptedException | NoSuchAlgorithmException | CertificateException | OperatorCreationException e) {
            log.error("Cannot regenerate root certificate used for gRPC connectivity. Bamboo will shut down now.", e);
            this.bambooClusterNodeHeartbeatService.renouncePrimaryRole(true);
            if (e instanceof InterruptedException) {
                Thread.currentThread().interrupt();
            }
            throw new RuntimeException("Bamboo should already be down.", e);
        }
    }

    private ServerCredentials generateServerCredentials() {
        try {
            return GrpcCertificateUtils.generateServerCredentials(this.bambooHomeLocator.getSharedHomePath(), this.bambooHomeLocator.getLocalHomePath(), this.hostname);
        } catch (IOException | NoSuchAlgorithmException | CertificateException | InvalidKeySpecException | OperatorCreationException e) {
            log.error("Cannot generate certificates used for gRPC server. Bamboo will shut down now.", e);
            this.bambooClusterNodeHeartbeatService.renouncePrimaryRole(true);
            throw new RuntimeException("Bamboo should already be down.", e);
        }
    }

    private ChannelCredentials generateClientCredentials() {
        try {
            return GrpcCertificateUtils.generateClientCredentials(this.bambooHomeLocator.getSharedHomePath(), this.bambooHomeLocator.getLocalHomePath(), this.hostname);
        } catch (IOException | NoSuchAlgorithmException | CertificateException | InvalidKeySpecException | OperatorCreationException e) {
            log.error("Cannot generate certificates used for gRPC client(s). Bamboo will shut down now.", e);
            this.bambooClusterNodeHeartbeatService.renouncePrimaryRole(true);
            throw new RuntimeException("Bamboo should already be down.", e);
        }
    }

    @NotNull
    public ServerCredentials getServerCredentials() {
        return this.serverCredentials;
    }

    @NotNull
    private ChannelCredentials getClientCredentials() {
        return this.clientCredentials;
    }

    @NotNull
    public ManagedChannel createClientChannel(String str, int i, Executor executor) {
        ManagedChannelBuilder usePlaintext;
        if (SystemProperty.BAMBOO_GRPC_AUTHENTICATION_ENABLED.getTypedValue()) {
            usePlaintext = Grpc.newChannelBuilderForAddress(str, i, getClientCredentials()).executor(executor);
        } else {
            log.debug("gRPC authentication is disabled. gRPC client [destination: {}:{}] will not use the authenticated channel.", str, String.valueOf(i));
            usePlaintext = ManagedChannelBuilder.forAddress(str, i).executor(executor).usePlaintext();
        }
        if (SystemProperty.BAMBOO_ENABLE_GRPC_VIA_PROXY.getTypedValue()) {
            log.debug("gRPC proxy support is enabled. gRPC client [destination: {}:{}] will use the proxy if one exists.", str, String.valueOf(i));
            String value = new SystemProperty(false, new String[]{"https.proxyHost"}).getValue();
            int typedValue = (int) new SystemProperty.IntegerSystemProperty(false, 0L, new String[]{"https.proxyPort"}).getTypedValue();
            if (StringUtils.isNotBlank(value) && typedValue > 0) {
                log.debug("Found a proxy, gRPC client [destination: {}:{}] will use the proxy [host: {}, port: {}].", str, String.valueOf(i), value, String.valueOf(typedValue));
            }
        } else {
            log.debug("gRPC proxy support is disabled. gRPC client [destination: {}:{}] will not use proxy.", str, String.valueOf(i));
            usePlaintext.proxyDetector(socketAddress -> {
                return null;
            });
        }
        return usePlaintext.build();
    }
}
