package brooklyn.entity.proxy.nginx;

import brooklyn.entity.Entity;
import brooklyn.entity.Group;
import brooklyn.entity.annotation.Effector;
import brooklyn.entity.basic.Lifecycle;
import brooklyn.entity.group.AbstractMembershipTrackingPolicy;
import brooklyn.entity.proxy.AbstractControllerImpl;
import brooklyn.entity.proxy.ProxySslConfig;
import brooklyn.event.SensorEvent;
import brooklyn.event.SensorEventListener;
import brooklyn.event.feed.ConfigToAttributes;
import brooklyn.event.feed.http.HttpFeed;
import brooklyn.event.feed.http.HttpPollConfig;
import brooklyn.event.feed.http.HttpPollValue;
import brooklyn.util.ResourceUtils;
import brooklyn.util.collections.MutableMap;
import brooklyn.util.text.Strings;
import com.google.common.base.Function;
import com.google.common.base.Predicates;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Iterables;
import com.google.common.collect.LinkedHashMultimap;
import com.google.common.collect.Sets;
import java.io.ByteArrayInputStream;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:brooklyn/entity/proxy/nginx/NginxControllerImpl.class */
public class NginxControllerImpl extends AbstractControllerImpl implements NginxController {
    private static final Logger LOG = LoggerFactory.getLogger(NginxControllerImpl.class);
    private volatile HttpFeed httpFeed;
    private final Set<String> installedKeysCache;

    public NginxControllerImpl() {
        this.installedKeysCache = Sets.newLinkedHashSet();
    }

    public NginxControllerImpl(Entity entity) {
        this(MutableMap.of(), entity);
    }

    public NginxControllerImpl(Map map) {
        this(map, null);
    }

    public NginxControllerImpl(Map map, Entity entity) {
        super(map, entity);
        this.installedKeysCache = Sets.newLinkedHashSet();
    }

    @Override // brooklyn.entity.proxy.AbstractControllerImpl, brooklyn.entity.proxy.LoadBalancer
    public void reload() {
        NginxSshDriver nginxSshDriver = (NginxSshDriver) getDriver();
        if (nginxSshDriver == null) {
            throw new IllegalStateException("Cannot reload (no driver instance; stopped? (state=" + ((Lifecycle) getAttribute(NginxController.SERVICE_STATE)) + ")");
        }
        nginxSshDriver.reload();
    }

    @Override // brooklyn.entity.proxy.nginx.NginxController
    public boolean isSticky() {
        return ((Boolean) getConfig(STICKY)).booleanValue();
    }

    @Override // brooklyn.entity.proxy.AbstractControllerImpl
    public void connectSensors() {
        super.connectSensors();
        ConfigToAttributes.apply(this);
        this.httpFeed = HttpFeed.builder().entity(this).period(((Long) getConfig(HTTP_POLL_PERIOD)).longValue()).baseUri(inferUrl(true)).baseUriVars(ImmutableMap.of("include-runtime", "true")).poll(new HttpPollConfig(SERVICE_UP).checkSuccess(Predicates.alwaysTrue()).onResult(new Function<HttpPollValue, Boolean>() { // from class: brooklyn.entity.proxy.nginx.NginxControllerImpl.1
            public Boolean apply(HttpPollValue httpPollValue) {
                List list = (List) httpPollValue.getHeaderLists().get("Server");
                return list != null && list.size() == 1 && ((String) list.get(0)).startsWith("nginx");
            }
        }).setOnException(false)).build();
        Group group = (Group) getConfig(URL_MAPPINGS);
        if (group != null) {
            subscribeToMembers(group, UrlMapping.TARGET_ADDRESSES, new SensorEventListener<Collection<String>>() { // from class: brooklyn.entity.proxy.nginx.NginxControllerImpl.2
                public void onEvent(SensorEvent<Collection<String>> sensorEvent) {
                    NginxControllerImpl.this.updateNeeded();
                }
            });
            AbstractMembershipTrackingPolicy abstractMembershipTrackingPolicy = new AbstractMembershipTrackingPolicy() { // from class: brooklyn.entity.proxy.nginx.NginxControllerImpl.3
                protected void onEntityChange(Entity entity) {
                    NginxControllerImpl.this.updateNeeded();
                }

                protected void onEntityAdded(Entity entity) {
                    NginxControllerImpl.this.updateNeeded();
                }

                protected void onEntityRemoved(Entity entity) {
                    NginxControllerImpl.this.updateNeeded();
                }
            };
            addPolicy(abstractMembershipTrackingPolicy);
            abstractMembershipTrackingPolicy.setGroup(group);
        }
    }

    protected void doStop() {
        super.doStop();
        setAttribute(SERVICE_UP, false);
    }

    protected void disconnectSensors() {
        super.disconnectSensors();
        if (this.httpFeed != null) {
            this.httpFeed.stop();
        }
    }

    public Class getDriverInterface() {
        return NginxDriver.class;
    }

    public void doExtraConfigurationDuringStart() {
        reconfigureService();
    }

    @Override // brooklyn.entity.proxy.nginx.NginxController
    @Effector(description = "Gets the current server configuration (by brooklyn recalculating what the config should be); does not affect the server")
    public String getCurrentConfiguration() {
        return getConfigFile();
    }

    @Override // brooklyn.entity.proxy.AbstractControllerImpl
    protected void reconfigureService() {
        String configFile = getConfigFile();
        if (configFile == null) {
            return;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Reconfiguring {}, targetting {} and {}", new Object[]{this, this.serverPoolAddresses, findUrlMappings()});
        }
        if (LOG.isTraceEnabled()) {
            LOG.trace("Reconfiguring {}, config file:\n{}", this, configFile);
        }
        NginxSshDriver nginxSshDriver = (NginxSshDriver) getDriver();
        if (!nginxSshDriver.isCustomizationCompleted()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Reconfiguring {}, but driver's customization not yet complete so aborting");
            }
        } else {
            nginxSshDriver.getMachine().copyTo(new ByteArrayInputStream(configFile.getBytes()), String.valueOf(nginxSshDriver.getRunDir()) + "/conf/server.conf");
            installSslKeys("global", (ProxySslConfig) getConfig(SSL_CONFIG));
            for (UrlMapping urlMapping : findUrlMappings()) {
                installSslKeys(urlMapping.getDomain(), (ProxySslConfig) urlMapping.getConfig(UrlMapping.SSL_CONFIG));
            }
        }
    }

    protected void installSslKeys(String str, ProxySslConfig proxySslConfig) {
        if (proxySslConfig == null || this.installedKeysCache.contains(str)) {
            return;
        }
        NginxSshDriver nginxSshDriver = (NginxSshDriver) getDriver();
        if (!Strings.isEmpty(proxySslConfig.getCertificateSourceUrl())) {
            nginxSshDriver.getMachine().copyTo(ImmutableMap.of("permissions", "0400"), new ResourceUtils(this).getResourceFromUrl(proxySslConfig.getCertificateSourceUrl()), Strings.isEmpty(proxySslConfig.getCertificateDestination()) ? String.valueOf(nginxSshDriver.getRunDir()) + "/conf/" + str + ".crt" : proxySslConfig.getCertificateDestination());
        }
        if (!Strings.isEmpty(proxySslConfig.getKeySourceUrl())) {
            nginxSshDriver.getMachine().copyTo(ImmutableMap.of("permissions", "0400"), new ResourceUtils(this).getResourceFromUrl(proxySslConfig.getKeySourceUrl()), Strings.isEmpty(proxySslConfig.getKeyDestination()) ? String.valueOf(nginxSshDriver.getRunDir()) + "/conf/" + str + ".key" : proxySslConfig.getKeyDestination());
        }
        this.installedKeysCache.add(str);
    }

    @Override // brooklyn.entity.proxy.nginx.NginxController
    public String getConfigFile() {
        NginxSshDriver nginxSshDriver = (NginxSshDriver) getDriver();
        if (nginxSshDriver == null) {
            if (!LOG.isDebugEnabled()) {
                return null;
            }
            LOG.debug("No driver for {}, so not generating config file (is entity stopping? state={})", this, getAttribute(NginxController.SERVICE_STATE));
            return null;
        }
        StringBuilder sb = new StringBuilder();
        sb.append("\n");
        sb.append(String.format("pid %s/logs/nginx.pid;\n", nginxSshDriver.getRunDir()));
        sb.append("events {\n");
        sb.append("  worker_connections 8196;\n");
        sb.append("}\n");
        sb.append("http {\n");
        ProxySslConfig proxySslConfig = (ProxySslConfig) getConfig(SSL_CONFIG);
        if (proxySslConfig != null) {
            verifyConfig(proxySslConfig);
            appendSslConfig("global", sb, "    ", proxySslConfig, true, true);
        }
        if (getDomain() != null || this.serverPoolAddresses == null || this.serverPoolAddresses.isEmpty()) {
            sb.append("  server {\n");
            sb.append(getCodeForServerConfig());
            sb.append("    listen " + getPort() + ";\n");
            sb.append(getCodeFor404());
            sb.append("  }\n");
        }
        if (this.serverPoolAddresses != null && this.serverPoolAddresses.size() > 0) {
            sb.append(String.format("  upstream " + getId() + " {\n", new Object[0]));
            if (isSticky()) {
                sb.append("    sticky;\n");
            }
            Iterator<String> it = this.serverPoolAddresses.iterator();
            while (it.hasNext()) {
                sb.append("    server " + it.next() + ";\n");
            }
            sb.append("  }\n");
            sb.append("  server {\n");
            sb.append(getCodeForServerConfig());
            sb.append("    listen " + getPort() + ";\n");
            if (getDomain() != null) {
                sb.append("    server_name " + getDomain() + ";\n");
            }
            sb.append("    location / {\n");
            sb.append("      proxy_pass " + ((proxySslConfig == null || !proxySslConfig.getTargetIsSsl()) ? "http" : "https") + "://" + getId() + ";\n");
            sb.append("    }\n");
            sb.append("  }\n");
        }
        Iterable<UrlMapping> findUrlMappings = findUrlMappings();
        LinkedHashMultimap create = LinkedHashMultimap.create();
        for (UrlMapping urlMapping : findUrlMappings) {
            Collection collection = (Collection) urlMapping.getAttribute(UrlMapping.TARGET_ADDRESSES);
            if (collection != null && collection.size() > 0) {
                create.put(urlMapping.getDomain(), urlMapping);
            }
        }
        for (UrlMapping urlMapping2 : findUrlMappings) {
            Collection collection2 = (Collection) urlMapping2.getAttribute(UrlMapping.TARGET_ADDRESSES);
            if (collection2 != null && collection2.size() > 0) {
                if (urlMapping2.getPath() != null) {
                    urlMapping2.getPath();
                }
                sb.append(String.format("  upstream " + urlMapping2.getUniqueLabel() + " {\n", new Object[0]));
                if (isSticky()) {
                    sb.append("    sticky;\n");
                }
                Iterator it2 = collection2.iterator();
                while (it2.hasNext()) {
                    sb.append("    server " + ((String) it2.next()) + ";\n");
                }
                sb.append("  }\n");
            }
        }
        for (String str : create.keySet()) {
            sb.append("  server {\n");
            sb.append(getCodeForServerConfig());
            sb.append("    listen " + getPort() + ";\n");
            sb.append("    server_name " + str + ";\n");
            boolean z = false;
            ProxySslConfig proxySslConfig2 = null;
            for (UrlMapping urlMapping3 : create.get(str)) {
                ProxySslConfig proxySslConfig3 = (ProxySslConfig) urlMapping3.getConfig(UrlMapping.SSL_CONFIG);
                if (proxySslConfig3 != null) {
                    verifyConfig(proxySslConfig3);
                    if (proxySslConfig2 != null) {
                        if (!proxySslConfig2.equals(proxySslConfig3)) {
                            LOG.warn("{} mapping {} provides SSL config for {} when a different config had already been provided by another mapping, ignoring this one", new Object[]{this, urlMapping3, str});
                        }
                    } else if (proxySslConfig == null) {
                        proxySslConfig2 = proxySslConfig3;
                    } else if (!proxySslConfig.equals(proxySslConfig3)) {
                        LOG.warn("{} mapping {} provides SSL config for {} when a different config had been provided at root nginx scope, ignoring this one", new Object[]{this, urlMapping3, str});
                    }
                }
            }
            if (proxySslConfig2 != null) {
                appendSslConfig(str, sb, "    ", proxySslConfig2, true, true);
            } else if (proxySslConfig != null) {
            }
            for (UrlMapping urlMapping4 : create.get(str)) {
                boolean z2 = urlMapping4.getPath() == null || urlMapping4.getPath().length() == 0 || urlMapping4.getPath().equals("/");
                if (z2 && z) {
                    LOG.warn(this + " mapping " + urlMapping4 + " provides a duplicate / proxy, ignoring");
                } else {
                    z |= z2;
                    sb.append("    location " + (z2 ? "/" : "~ " + urlMapping4.getPath()) + " {\n");
                    Collection<UrlRewriteRule> collection3 = (Collection) urlMapping4.getConfig(UrlMapping.REWRITES);
                    if (collection3 != null && collection3.size() > 0) {
                        for (UrlRewriteRule urlRewriteRule : collection3) {
                            sb.append("      rewrite \"^" + urlRewriteRule.getFrom() + "$\" \"" + urlRewriteRule.getTo() + "\"");
                            if (urlRewriteRule.isBreak()) {
                                sb.append(" break");
                            }
                            sb.append(" ;\n");
                        }
                    }
                    sb.append("      proxy_pass " + ((proxySslConfig2 == null || !proxySslConfig2.getTargetIsSsl()) ? (proxySslConfig2 == null && proxySslConfig != null && proxySslConfig.getTargetIsSsl()) ? "https" : "http" : "https") + "://" + urlMapping4.getUniqueLabel() + " ;\n");
                    sb.append("    }\n");
                }
            }
            if (!z) {
                sb.append("    location / { \n" + getCodeFor404() + "    }\n");
            }
            sb.append("  }\n");
        }
        sb.append("}\n");
        return sb.toString();
    }

    protected String getCodeForServerConfig() {
        return "    server_tokens off;\n    proxy_set_header Host $http_host;\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n    proxy_set_header X-Real-IP $remote_addr;\n";
    }

    protected String getCodeFor404() {
        return "    return 404;\n";
    }

    void verifyConfig(ProxySslConfig proxySslConfig) {
        if (Strings.isEmpty(proxySslConfig.getCertificateDestination()) && Strings.isEmpty(proxySslConfig.getCertificateSourceUrl())) {
            throw new IllegalStateException("ProxySslConfig can't have a null certificateDestination and null certificateSourceUrl. One or both need to be set");
        }
    }

    @Override // brooklyn.entity.proxy.nginx.NginxController
    public boolean appendSslConfig(String str, StringBuilder sb, String str2, ProxySslConfig proxySslConfig, boolean z, boolean z2) {
        if (proxySslConfig == null) {
            return false;
        }
        if (z) {
            sb.append(str2);
            sb.append("ssl on;\n");
        }
        if (proxySslConfig.getReuseSessions()) {
            sb.append(str2);
            sb.append("proxy_ssl_session_reuse on;");
        }
        if (!z2) {
            return true;
        }
        String certificateDestination = Strings.isEmpty(proxySslConfig.getCertificateDestination()) ? str + ".crt" : proxySslConfig.getCertificateDestination();
        sb.append(str2);
        sb.append("ssl_certificate " + certificateDestination + ";\n");
        String keyDestination = !Strings.isEmpty(proxySslConfig.getKeyDestination()) ? proxySslConfig.getKeyDestination() : !Strings.isEmpty(proxySslConfig.getKeySourceUrl()) ? str + ".key" : null;
        if (keyDestination == null) {
            return true;
        }
        sb.append(str2);
        sb.append("ssl_certificate_key " + keyDestination + ";\n");
        return true;
    }

    protected Iterable<UrlMapping> findUrlMappings() {
        Group group = (Group) getConfig(URL_MAPPINGS);
        return group != null ? Iterables.filter(group.getMembers(), UrlMapping.class) : Collections.emptyList();
    }

    public String getShortName() {
        return "Nginx";
    }
}
