package org.apache.kafka.common.network;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.kafka.common.utils.LogContext;
import org.apache.kafka.common.utils.Utils;

/* loaded from: input_file:org/apache/kafka/common/network/ProxyProtocolV2Engine.class */
public class ProxyProtocolV2Engine extends AbstractProxyProtocolEngine {
    private static final String INVALID_PROTOCOL_V2_HEADER = "Invalid Proxy Protocol V2 Header.";
    private static final byte[] PROTOCOL_SIGNATURE = {13, 10, 13, 10, 0, 13, 10, 81, 85, 73, 84, 10};
    private boolean protocolSignatureDetected;
    private byte protocolByte;
    private int bytesRead;
    private int addressLength;
    private byte[] addressBytes;
    private ProxyProtocolCommand command;
    private final Map<ProxyTlvType, ProxyTlv> tlvs;

    public ProxyProtocolV2Engine(ConnectionMode connectionMode, LogContext logContext) {
        super(connectionMode, logContext);
        this.protocolSignatureDetected = false;
        this.tlvs = new HashMap();
    }

    @Override // org.apache.kafka.common.network.AbstractProxyProtocolEngine
    protected void configureClient(Map<String, Object> map) {
        this.command = getConfiguredCommand(map);
        if (this.command == ProxyProtocolCommand.PROXY) {
            this.sourceAddress = getConfiguredSourceAddress(map);
            this.sourcePort = getConfiguredSourcePort(map).intValue();
        } else {
            this.sourceAddress = InetAddress.getLoopbackAddress();
            this.sourcePort = 0;
        }
        Optional<String> configuredLkcId = getConfiguredLkcId(map);
        String str = null;
        if (configuredLkcId.isPresent()) {
            str = configuredLkcId.get();
            ProxyTlv createForSubtype = ProxyTlv.createForSubtype(ProxyTlvType.LKC_ID, str);
            this.tlvs.put(createForSubtype.type, createForSubtype);
        }
        CCloudTrafficType cCloudTrafficType = (CCloudTrafficType) map.get(CCloudTrafficType.CCLOUD_TRAFFIC_TYPE_CLIENT_CONFIG);
        if (cCloudTrafficType != null) {
            ProxyTlv tlv = cCloudTrafficType.tlv();
            this.tlvs.put(tlv.type, tlv);
        }
        String str2 = (String) map.get(ProxyTlvType.PPV2_INGRESS_GATEWAY_ID_CLIENT_CONFIG);
        if (str2 != null) {
            ProxyTlv createForSubtypeWithCharSet = ProxyTlv.createForSubtypeWithCharSet(ProxyTlvType.INGRESS_GATEWAY_ID, str2, StandardCharsets.US_ASCII);
            this.tlvs.put(createForSubtypeWithCharSet.type, createForSubtypeWithCharSet);
        }
        String str3 = (String) map.get(ProxyTlvType.PPV2_ACCESS_POINT_ID_CLIENT_CONFIG);
        if (str3 != null) {
            ProxyTlv createForSubtypeWithCharSet2 = ProxyTlv.createForSubtypeWithCharSet(ProxyTlvType.ACCESS_POINT_ID, str3, StandardCharsets.US_ASCII);
            this.tlvs.put(createForSubtypeWithCharSet2.type, createForSubtypeWithCharSet2);
        }
        String str4 = (String) map.get(ProxyTlvType.PPV2_AVAILABILITY_ZONE_ID_CLIENT_CONFIG);
        if (str4 != null) {
            ProxyTlv createForSubtypeWithCharSet3 = ProxyTlv.createForSubtypeWithCharSet(ProxyTlvType.AVAILABILITY_ZONE_ID, str4, StandardCharsets.US_ASCII);
            this.tlvs.put(createForSubtypeWithCharSet3.type, createForSubtypeWithCharSet3);
        }
        String str5 = (String) map.get(ProxyTlvType.PPV2_FQDN_TEMPLATE_CLIENT_CONFIG);
        if (str5 != null) {
            ProxyTlv createForSubtypeWithCharSet4 = ProxyTlv.createForSubtypeWithCharSet(ProxyTlvType.FQDN_TEMPLATE, str5, StandardCharsets.US_ASCII);
            this.tlvs.put(createForSubtypeWithCharSet4.type, createForSubtypeWithCharSet4);
        }
        String str6 = (String) map.get(ProxyTlvType.PPV2_INGRESS_TYPE_CLIENT_CONFIG);
        if (str6 != null) {
            ProxyTlv createForSubtypeWithCharSet5 = ProxyTlv.createForSubtypeWithCharSet(ProxyTlvType.INGRESS_TYPE, str6, StandardCharsets.US_ASCII);
            this.tlvs.put(createForSubtypeWithCharSet5.type, createForSubtypeWithCharSet5);
        }
        String str7 = (String) map.get(ProxyTlvType.PPV2_PRIVATE_ENDPOINT_ID_CLIENT_CONFIG);
        if (str7 != null) {
            ProxyTlv createForSubtypeWithCharSet6 = ProxyTlv.createForSubtypeWithCharSet(ProxyTlvType.PRIVATE_ENDPOINT_ID, str7, StandardCharsets.US_ASCII);
            this.tlvs.put(createForSubtypeWithCharSet6.type, createForSubtypeWithCharSet6);
        }
        this.log.debug("The proxy protocol engine was configured with {}: {}, {}: {}, {}: {}, {}: {}", new Object[]{"confluent.proxy.protocol.client.address", this.sourceAddress, "confluent.proxy.protocol.client.port", Integer.valueOf(this.sourcePort), "confluent.proxy.protocol.client.mode", this.command, "confluent.lkc.id", str});
    }

    protected static ProxyProtocolCommand getConfiguredCommand(Map<String, Object> map) {
        String configuredString = getConfiguredString(map, "confluent.proxy.protocol.client.mode");
        try {
            return ProxyProtocolCommand.forName(configuredString);
        } catch (IllegalArgumentException e) {
            throw newConfigException("confluent.proxy.protocol.client.mode", configuredString);
        }
    }

    protected static Optional<String> getConfiguredLkcId(Map<String, Object> map) {
        String str = (String) map.get("confluent.lkc.id");
        if (Utils.isBlank(str)) {
            return Optional.empty();
        }
        String trim = str.trim();
        validateLkcId(trim);
        return Optional.of(trim);
    }

    @Override // org.apache.kafka.common.network.ProxyProtocolEngine
    public void processHeaders(ByteBuffer byteBuffer) throws IOException {
        if (!this.protocolSignatureDetected) {
            if (byteBuffer.remaining() < PROTOCOL_SIGNATURE.length) {
                return;
            }
            for (byte b : PROTOCOL_SIGNATURE) {
                byte b2 = byteBuffer.get();
                this.bytesRead++;
                if (b2 != b) {
                    if (!this.proxyProtocolFallbackEnabled) {
                        throw new IOException(INVALID_PROTOCOL_V2_HEADER);
                    }
                    byteBuffer.position(0);
                    this.proxyHeaderProcessed = true;
                    this.bytesRead = 0;
                    return;
                }
            }
            this.protocolSignatureDetected = true;
        }
        parseConnectionInformation(byteBuffer);
        while (byteBuffer.hasRemaining() && this.bytesRead - 16 < this.addressLength) {
            this.addressBytes[this.bytesRead - 16] = byteBuffer.get();
            this.bytesRead++;
        }
        if (this.bytesRead != 16 + this.addressLength || this.proxyHeaderProcessed) {
            return;
        }
        decodeProxyProtocol();
    }

    private void parseConnectionInformation(ByteBuffer byteBuffer) throws IOException {
        while (byteBuffer.hasRemaining() && this.bytesRead < 16) {
            byte b = byteBuffer.get();
            this.bytesRead++;
            switch (this.bytesRead) {
                case 13:
                    int i = b & 15;
                    int i2 = b >> 4;
                    if (i2 != 2) {
                        this.log.warn("The version (the highest four bits from byte 13 of the header) was {} which is not valid for v2 of the PROXY protocol", Integer.valueOf(i2));
                        throw new IOException(INVALID_PROTOCOL_V2_HEADER);
                    }
                    try {
                        this.command = ProxyProtocolCommand.forValue(i);
                        break;
                    } catch (IllegalArgumentException e) {
                        this.log.warn("The command (the lowest four bits from byte 13 of the header) was {} which is not valid per the PROXY protocol spec", Integer.valueOf(i), e);
                        throw new IOException(INVALID_PROTOCOL_V2_HEADER);
                    }
                case 14:
                    this.protocolByte = b;
                    break;
                case 15:
                    byte b2 = byteBuffer.get();
                    this.bytesRead++;
                    this.addressLength = ((b & 255) << 8) | (b2 & 255);
                    this.addressBytes = new byte[this.addressLength];
                    break;
            }
        }
    }

    private void decodeProxyProtocol() throws IOException {
        int i = 0;
        switch (this.protocolByte) {
            case 17:
                this.sourceAddress = Inet4Address.getByAddress(Arrays.copyOfRange(this.addressBytes, 0, 4));
                this.sourcePort = ((this.addressBytes[8] & 255) << 8) | (this.addressBytes[9] & 255);
                this.log.debug("decodeProxyProtocol - PROXY protocol source address/port: {}:{}", this.sourceAddress, Integer.valueOf(this.sourcePort));
                i = 12;
                break;
            case 33:
                this.sourceAddress = Inet6Address.getByAddress(Arrays.copyOfRange(this.addressBytes, 0, 16));
                this.sourcePort = ((this.addressBytes[32] & 255) << 8) | (this.addressBytes[33] & 255);
                this.log.debug("decodeProxyProtocol - PROXY protocol source address/port: {}:{}", this.sourceAddress, Integer.valueOf(this.sourcePort));
                i = 36;
                break;
            default:
                if (this.command != ProxyProtocolCommand.LOCAL) {
                    throw new IOException(INVALID_PROTOCOL_V2_HEADER);
                }
                break;
        }
        while (i + 3 < this.addressBytes.length) {
            int i2 = this.addressBytes[i] & 255;
            int i3 = i + 1;
            int i4 = ((this.addressBytes[i3] & 255) << 8) | (this.addressBytes[i3 + 1] & 255);
            i = i3 + 2;
            if (i + i4 <= this.addressBytes.length) {
                byte[] copyOfRange = Arrays.copyOfRange(this.addressBytes, i, i + i4);
                i += i4;
                ProxyTlv createReservedTlv = i2 == 239 ? createReservedTlv(copyOfRange) : new ProxyTlv(new ProxyTlvType(i2), copyOfRange);
                this.tlvs.put(createReservedTlv.type, createReservedTlv);
                this.log.debug("Parsed new TLV {}", createReservedTlv);
            }
        }
        this.proxyHeaderProcessed = true;
    }

    private ProxyTlv createReservedTlv(byte[] bArr) {
        Optional of = Optional.of(Integer.valueOf(bArr[0] & 255));
        Set<ProxyTlvType> registeredTypes = ProxyTlvType.registeredTypes();
        ProxyTlvType proxyTlvType = null;
        Iterator<ProxyTlvType> it = registeredTypes.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            ProxyTlvType next = it.next();
            if (next.type == 239 && next.subtype.equals(of)) {
                proxyTlvType = next;
                break;
            }
        }
        if (proxyTlvType == null) {
            this.log.error(String.format("No Confluent TLV types found with type %s, subtype %s; known TLV types are: %s", Integer.valueOf(ProxyTlvType.PP2_TYPE_CFLT), of.get(), (String) registeredTypes.stream().map(proxyTlvType2 -> {
                return String.format("%s/%s", Integer.valueOf(proxyTlvType2.type), proxyTlvType2.subtype);
            }).collect(Collectors.joining(", "))));
            proxyTlvType = new ProxyTlvType(ProxyTlvType.PP2_TYPE_CFLT, of);
        }
        ProxyTlvValidator orElse = proxyTlvType.validator().orElse(null);
        if (orElse != null) {
            try {
                orElse.validate(bArr);
            } catch (Throwable th) {
                this.log.debug("Error validating TLV: {}", th.getMessage());
            }
        }
        return new ProxyTlv(proxyTlvType, bArr);
    }

    @Override // org.apache.kafka.common.network.AbstractProxyProtocolEngine
    protected IOException invalidProtocolHeaderException(String str) {
        return new IOException("Invalid Proxy Protocol V2 Header. " + str);
    }

    @Override // org.apache.kafka.common.network.ProxyProtocolEngine
    public byte[] emitHeaders(InetAddress inetAddress, int i) throws IOException {
        validateAddresses(inetAddress);
        validatePorts(i);
        validateProxyMode();
        byte b = (byte) (this.command == ProxyProtocolCommand.PROXY ? 33 : 32);
        int i2 = this.command == ProxyProtocolCommand.LOCAL ? 0 : inetAddress instanceof Inet4Address ? 17 : 33;
        byte[] tlvBytes = tlvBytes(this.tlvs.values());
        int length = this.command == ProxyProtocolCommand.LOCAL ? tlvBytes.length : inetAddress instanceof Inet4Address ? 12 + tlvBytes.length : 36 + tlvBytes.length;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(PROTOCOL_SIGNATURE);
        byteArrayOutputStream.write(b);
        byteArrayOutputStream.write(i2);
        byteArrayOutputStream.write(shortBytes(length));
        if (this.command != ProxyProtocolCommand.LOCAL) {
            byteArrayOutputStream.write(this.sourceAddress.getAddress());
            byteArrayOutputStream.write(inetAddress.getAddress());
            byteArrayOutputStream.write(shortBytes(this.sourcePort));
            byteArrayOutputStream.write(shortBytes(i));
        }
        if (tlvBytes.length > 0) {
            byteArrayOutputStream.write(tlvBytes);
        }
        this.proxyHeaderProcessed = true;
        return byteArrayOutputStream.toByteArray();
    }

    @Override // org.apache.kafka.common.network.ProxyProtocolEngine
    public ProxyTlv tlv(ProxyTlvType proxyTlvType) {
        return this.tlvs.get(proxyTlvType);
    }

    public Map<ProxyTlvType, ProxyTlv> getTlvs() {
        return this.tlvs;
    }

    @Override // org.apache.kafka.common.network.ProxyProtocolEngine
    public ProxyProtocolCommand command() {
        return this.command;
    }

    private void validateProxyMode() throws IOException {
        if (this.command == null) {
            throw invalidProtocolHeaderException("The PROXY header could not be emitted because the command was not configured");
        }
    }

    static void validateLkcId(String str) {
        if (!str.startsWith(SslTransportLayer.LKC_PREFIX)) {
            throw newConfigException("confluent.lkc.id", str);
        }
    }

    private byte[] shortBytes(int i) {
        return new byte[]{(byte) ((i >> 8) & 255), (byte) (i & 255)};
    }

    static byte[] tlvBytes(ProxyTlv proxyTlv) {
        byte[] rawValue = proxyTlv.rawValue();
        int length = rawValue.length;
        byte[] bArr = new byte[3 + length];
        bArr[0] = (byte) (proxyTlv.type().type() & 255);
        bArr[1] = (byte) ((length >> 8) & 255);
        bArr[2] = (byte) (length & 255);
        System.arraycopy(rawValue, 0, bArr, 3, length);
        return bArr;
    }

    static byte[] tlvBytes(Collection<ProxyTlv> collection) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Iterator<ProxyTlv> it = collection.iterator();
        while (it.hasNext()) {
            byteArrayOutputStream.write(tlvBytes(it.next()));
        }
        return byteArrayOutputStream.toByteArray();
    }
}
