package io.confluent.controlcenter.servicehealthcheck;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.linecorp.armeria.client.ClientFactory;
import com.linecorp.armeria.client.ClientFactoryBuilder;
import com.linecorp.armeria.client.ClientOptions;
import com.linecorp.armeria.client.ClientOptionsBuilder;
import com.linecorp.armeria.client.Endpoint;
import com.linecorp.armeria.client.endpoint.EndpointGroup;
import com.linecorp.armeria.client.endpoint.healthcheck.HealthCheckedEndpointGroup;
import com.linecorp.armeria.common.SessionProtocol;
import io.confluent.controlcenter.httpclient.HttpCredential;
import io.confluent.controlcenter.util.UriUtils;
import io.confluent.rest.RestConfig;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.FileInputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyStore;
import java.time.Duration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import org.eclipse.jetty.http.HttpHeader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/controlcenter/servicehealthcheck/ArmeriaServiceHealthCheck.class */
public class ArmeriaServiceHealthCheck implements ServiceHealthCheck {
    private static final Logger log = LoggerFactory.getLogger(ServiceHealthCheck.class);
    private static final Duration CONNECT_TIMEOUT = Duration.ofSeconds(15);
    private final Map<String, List<String>> originalUrls;
    private final Map<String, HealthCheckedEndpointGroup> healthCheckMap = new HashMap();
    private final Map<String, UrlsHttpsEnabled> healthyUrlsMap = new ConcurrentHashMap();
    private final Duration healthCheckInterval;
    private final String healthCheckPath;
    private final RestConfig restConfig;
    private final HttpCredential httpCredential;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/confluent/controlcenter/servicehealthcheck/ArmeriaServiceHealthCheck$UrlsHttpsEnabled.class */
    public static class UrlsHttpsEnabled {
        private final List<String> urls;
        private final boolean httpsEnabled;

        UrlsHttpsEnabled(List<String> list) {
            this(list, ArmeriaServiceHealthCheck.httpsEnabled(list));
        }

        UrlsHttpsEnabled(List<String> list, boolean z) {
            this.urls = ImmutableList.copyOf(list);
            this.httpsEnabled = z;
        }

        boolean isHttpsEnabled() {
            return this.httpsEnabled;
        }

        List<String> getUrls() {
            return this.urls;
        }
    }

    public ArmeriaServiceHealthCheck(Duration duration, Map<String, List<String>> map, String str, RestConfig restConfig, HttpCredential httpCredential) {
        this.healthCheckInterval = duration;
        this.healthCheckPath = str;
        this.restConfig = restConfig;
        this.httpCredential = httpCredential;
        ImmutableMap.Builder builder = ImmutableMap.builder();
        for (Map.Entry<String, List<String>> entry : map.entrySet()) {
            UrlsHttpsEnabled urlsHttpsEnabled = new UrlsHttpsEnabled(normalizeUrls(entry.getValue()));
            builder.put(entry.getKey(), ImmutableList.copyOf(urlsHttpsEnabled.getUrls()));
            HealthCheckedEndpointGroup createHealthCheck = createHealthCheck(urlsHttpsEnabled.getUrls(), urlsHttpsEnabled.isHttpsEnabled());
            createHealthCheck.addListener(list -> {
                updateHealthyNodes((String) entry.getKey(), list);
            });
            this.healthCheckMap.put(entry.getKey(), createHealthCheck);
            this.healthyUrlsMap.put(entry.getKey(), urlsHttpsEnabled);
        }
        this.originalUrls = builder.build();
    }

    @Override // io.confluent.controlcenter.servicehealthcheck.ServiceHealthCheck
    public List<String> getHealthyUrls(String str) {
        UrlsHttpsEnabled urlsHttpsEnabled = this.healthyUrlsMap.get(str);
        if (urlsHttpsEnabled == null) {
            return null;
        }
        return urlsHttpsEnabled.getUrls();
    }

    @Override // io.confluent.controlcenter.servicehealthcheck.ServiceHealthCheck
    public List<String> getOriginalUrls(String str) {
        return this.originalUrls.get(str);
    }

    @Override // io.confluent.controlcenter.servicehealthcheck.ServiceHealthCheck
    public void close() {
        Iterator<HealthCheckedEndpointGroup> it = this.healthCheckMap.values().iterator();
        while (it.hasNext()) {
            it.next().close();
        }
    }

    private HealthCheckedEndpointGroup createHealthCheck(List<String> list, boolean z) {
        List list2 = (List) list.stream().map(str -> {
            return uriToEndpoint(stringToUri(str));
        }).collect(Collectors.toList());
        ClientFactoryBuilder connectTimeout = ClientFactory.builder().tlsCustomizer(sslContextBuilder -> {
            buildSslContext(sslContextBuilder, this.restConfig);
        }).connectTimeout(CONNECT_TIMEOUT);
        ClientOptionsBuilder builder = ClientOptions.builder();
        if (this.httpCredential != null) {
            builder.addHeader(HttpHeader.AUTHORIZATION.toString(), this.httpCredential.authorizationHeaderValue());
        }
        return HealthCheckedEndpointGroup.builder(EndpointGroup.of(list2), this.healthCheckPath).clientFactory(connectTimeout.build()).clientOptions(builder.build()).protocol(z ? SessionProtocol.HTTPS : SessionProtocol.HTTP).retryInterval(this.healthCheckInterval).build();
    }

    private void updateHealthyNodes(String str, List<Endpoint> list) {
        this.healthyUrlsMap.compute(str, (str2, urlsHttpsEnabled) -> {
            Preconditions.checkNotNull(urlsHttpsEnabled);
            return new UrlsHttpsEnabled((List) list.stream().map(endpoint -> {
                return endpointToString(endpoint, urlsHttpsEnabled.isHttpsEnabled());
            }).collect(Collectors.toList()), urlsHttpsEnabled.isHttpsEnabled());
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean httpsEnabled(List<String> list) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().toLowerCase().startsWith("https://")) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String endpointToString(Endpoint endpoint, boolean z) {
        return "http" + (z ? "s" : "") + "://" + endpoint.host() + ":" + endpoint.port();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Endpoint uriToEndpoint(URI uri) {
        return Endpoint.of(uri.getHost(), uri.getPort() > 0 ? uri.getPort() : 80);
    }

    private static URI stringToUri(String str) {
        try {
            return new URI(str);
        } catch (URISyntaxException e) {
            log.error("unable to parse url {}", str, e);
            throw new RuntimeException(e);
        }
    }

    private static List<String> normalizeUrls(List<String> list) {
        return (List) list.stream().map(str -> {
            try {
                return UriUtils.uriWithDefaultScheme(str, "http").toString();
            } catch (URISyntaxException e) {
                log.error("unable to parse url {}", str, e);
                throw new RuntimeException(e);
            }
        }).collect(Collectors.toList());
    }

    private static void buildSslContext(SslContextBuilder sslContextBuilder, RestConfig restConfig) {
        List list = restConfig.getList("ssl.enabled.protocols");
        if (!list.isEmpty()) {
            sslContextBuilder.protocols(list);
        }
        ClientAuth clientAuth = ClientAuth.NONE;
        String string = restConfig.getString("ssl.client.authentication");
        if (string.equals("REQUESTED")) {
            clientAuth = ClientAuth.OPTIONAL;
        } else if (string.equals("REQUIRED")) {
            clientAuth = ClientAuth.REQUIRE;
        }
        sslContextBuilder.clientAuth(clientAuth);
        if (!restConfig.getList("ssl.cipher.suites").isEmpty()) {
            sslContextBuilder.ciphers(restConfig.getList("ssl.cipher.suites"));
        }
        try {
            if (!restConfig.getString("ssl.keystore.location").isEmpty()) {
                KeyManagerFactory keyManagerFactory = !restConfig.getString("ssl.keymanager.algorithm").isEmpty() ? KeyManagerFactory.getInstance(restConfig.getString("ssl.keymanager.algorithm")) : KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                KeyStore keyStore = KeyStore.getInstance(restConfig.getString("ssl.keystore.type"));
                keyStore.load(new FileInputStream(restConfig.getString("ssl.keystore.location")), restConfig.getPassword("ssl.keystore.password").value().isEmpty() ? null : restConfig.getPassword("ssl.keystore.password").value().toCharArray());
                keyManagerFactory.init(keyStore, restConfig.getPassword("ssl.key.password").value().toCharArray());
                sslContextBuilder.keyManager(keyManagerFactory);
            }
            try {
                if (!restConfig.getString("ssl.truststore.location").isEmpty()) {
                    TrustManagerFactory trustManagerFactory = !restConfig.getString("ssl.trustmanager.algorithm").isEmpty() ? TrustManagerFactory.getInstance(restConfig.getString("ssl.trustmanager.algorithm")) : TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    KeyStore keyStore2 = KeyStore.getInstance(restConfig.getString("ssl.truststore.type"));
                    keyStore2.load(new FileInputStream(restConfig.getString("ssl.truststore.location")), restConfig.getPassword("ssl.truststore.password").value().isEmpty() ? null : restConfig.getPassword("ssl.truststore.password").value().toCharArray());
                    trustManagerFactory.init(keyStore2);
                    sslContextBuilder.trustManager(trustManagerFactory);
                }
            } catch (Exception e) {
                log.error("Error initializing client truststore", e);
                throw new RuntimeException(e);
            }
        } catch (Exception e2) {
            log.error("Error initializing client keystore", e2);
            throw new RuntimeException(e2);
        }
    }
}
