package org.apache.nifi.remote;

import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketTimeoutException;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import org.apache.nifi.groups.ProcessGroup;
import org.apache.nifi.remote.cluster.NodeInformant;
import org.apache.nifi.remote.cluster.NodeInformation;
import org.apache.nifi.remote.exception.BadRequestException;
import org.apache.nifi.remote.exception.HandshakeException;
import org.apache.nifi.remote.exception.NotAuthorizedException;
import org.apache.nifi.remote.exception.RequestExpiredException;
import org.apache.nifi.remote.protocol.CommunicationsSession;
import org.apache.nifi.remote.protocol.RequestType;
import org.apache.nifi.remote.protocol.ServerProtocol;
import org.apache.nifi.security.cert.StandardPrincipalFormatter;
import org.apache.nifi.security.util.TlsPlatform;
import org.apache.nifi.util.NiFiProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/remote/SocketRemoteSiteListener.class */
public class SocketRemoteSiteListener implements RemoteSiteListener {
    private final int socketPort;
    private final SSLContext sslContext;
    private final NodeInformant nodeInformant;
    private final AtomicReference<ProcessGroup> rootGroup;
    private final NiFiProperties nifiProperties;
    private final PeerDescriptionModifier peerDescriptionModifier;
    private static final int EXCEPTION_THRESHOLD_MILLIS = 10000;
    private volatile long tlsErrorLastSeen;
    private final AtomicBoolean stopped;
    private static final Logger LOG = LoggerFactory.getLogger(SocketRemoteSiteListener.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.nifi.remote.SocketRemoteSiteListener$2, reason: invalid class name */
    /* loaded from: input_file:org/apache/nifi/remote/SocketRemoteSiteListener$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$nifi$remote$protocol$RequestType = new int[RequestType.values().length];

        static {
            try {
                $SwitchMap$org$apache$nifi$remote$protocol$RequestType[RequestType.NEGOTIATE_FLOWFILE_CODEC.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$nifi$remote$protocol$RequestType[RequestType.RECEIVE_FLOWFILES.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$nifi$remote$protocol$RequestType[RequestType.SEND_FLOWFILES.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$nifi$remote$protocol$RequestType[RequestType.REQUEST_PEER_LIST.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$nifi$remote$protocol$RequestType[RequestType.SHUTDOWN.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    public SocketRemoteSiteListener(int i, SSLContext sSLContext, NiFiProperties niFiProperties) {
        this(i, sSLContext, niFiProperties, null);
    }

    public SocketRemoteSiteListener(int i, SSLContext sSLContext, NiFiProperties niFiProperties, NodeInformant nodeInformant) {
        this.rootGroup = new AtomicReference<>();
        this.tlsErrorLastSeen = -1L;
        this.stopped = new AtomicBoolean(false);
        this.socketPort = i;
        this.sslContext = sSLContext;
        this.nifiProperties = niFiProperties;
        this.nodeInformant = nodeInformant;
        this.peerDescriptionModifier = new PeerDescriptionModifier(niFiProperties);
    }

    @Override // org.apache.nifi.remote.RemoteSiteListener
    public void setRootGroup(ProcessGroup processGroup) {
        this.rootGroup.set(processGroup);
    }

    @Override // org.apache.nifi.remote.RemoteSiteListener
    public void start() throws IOException {
        final boolean z = this.sslContext != null;
        final ArrayList arrayList = new ArrayList();
        this.stopped.set(false);
        Thread thread = new Thread(new Runnable() { // from class: org.apache.nifi.remote.SocketRemoteSiteListener.1
            private int threadCount = 0;

            @Override // java.lang.Runnable
            public void run() {
                try {
                    ServerSocket createServerSocket = SocketRemoteSiteListener.this.createServerSocket();
                    try {
                        createServerSocket.setSoTimeout(2000);
                        while (!SocketRemoteSiteListener.this.stopped.get()) {
                            Socket acceptConnection = SocketRemoteSiteListener.this.acceptConnection(createServerSocket);
                            if (acceptConnection != null) {
                                if (SocketRemoteSiteListener.this.stopped.get()) {
                                    break;
                                }
                                Thread createWorkerThread = createWorkerThread(acceptConnection);
                                int i = this.threadCount;
                                this.threadCount = i + 1;
                                createWorkerThread.setName("Site-to-Site Worker Thread-" + i);
                                SocketRemoteSiteListener.LOG.debug("Handing connection to {}", createWorkerThread);
                                createWorkerThread.start();
                                arrayList.add(createWorkerThread);
                                arrayList.removeIf(thread2 -> {
                                    return !thread2.isAlive();
                                });
                            }
                        }
                        if (createServerSocket != null) {
                            createServerSocket.close();
                        }
                    } finally {
                    }
                } catch (IOException e) {
                    SocketRemoteSiteListener.LOG.error("Unable to open server socket due to {}", e.toString());
                    if (SocketRemoteSiteListener.LOG.isDebugEnabled()) {
                        SocketRemoteSiteListener.LOG.error("", e);
                    }
                }
                for (Thread thread3 : arrayList) {
                    if (thread3 != null) {
                        thread3.interrupt();
                    }
                }
            }

            private Thread createWorkerThread(final Socket socket) {
                return new Thread(new Runnable() { // from class: org.apache.nifi.remote.SocketRemoteSiteListener.1.1
                    /* JADX WARN: Removed duplicated region for block: B:120:0x058d A[EXC_TOP_SPLITTER, SYNTHETIC] */
                    /* JADX WARN: Removed duplicated region for block: B:146:0x04a0 A[EXC_TOP_SPLITTER, SYNTHETIC] */
                    /* JADX WARN: Removed duplicated region for block: B:172:0x052b A[EXC_TOP_SPLITTER, SYNTHETIC] */
                    @Override // java.lang.Runnable
                    /*
                        Code decompiled incorrectly, please refer to instructions dump.
                        To view partially-correct add '--show-bad-code' argument
                    */
                    public void run() {
                        /*
                            Method dump skipped, instructions count: 1462
                            To view this dump add '--comments-level debug' option
                        */
                        throw new UnsupportedOperationException("Method not decompiled: org.apache.nifi.remote.SocketRemoteSiteListener.AnonymousClass1.RunnableC00001.run():void");
                    }
                });
            }
        });
        thread.setName("Site-to-Site Listener");
        thread.start();
    }

    private boolean isTlsError(Throwable th) {
        return ((th instanceof SSLException) || (th instanceof GeneralSecurityException)) ? true : th.getCause() == null ? false : isTlsError(th.getCause());
    }

    private String getPeerIdentity(SSLSocket sSLSocket) throws SSLPeerUnverifiedException {
        Certificate[] peerCertificates = sSLSocket.getSession().getPeerCertificates();
        if (peerCertificates == null || peerCertificates.length == 0) {
            throw new SSLPeerUnverifiedException(String.format("Peer [%s] certificates not found", sSLSocket.getRemoteSocketAddress()));
        }
        return StandardPrincipalFormatter.getInstance().getSubject((X509Certificate) peerCertificates[0]);
    }

    private boolean handleTlsError(String str) {
        if (tlsErrorRecentlySeen()) {
            LOG.debug(str);
            return false;
        }
        LOG.error(str);
        return true;
    }

    private boolean tlsErrorRecentlySeen() {
        return System.currentTimeMillis() - this.tlsErrorLastSeen < 10000;
    }

    private ServerSocket createServerSocket() throws IOException {
        if (this.sslContext == null) {
            return new ServerSocket(this.socketPort);
        }
        SSLServerSocket sSLServerSocket = (SSLServerSocket) this.sslContext.getServerSocketFactory().createServerSocket(this.socketPort);
        sSLServerSocket.setNeedClientAuth(true);
        sSLServerSocket.setEnabledProtocols((String[]) TlsPlatform.getPreferredProtocols().toArray(new String[0]));
        return sSLServerSocket;
    }

    private Socket acceptConnection(ServerSocket serverSocket) {
        LOG.trace("Accepting Connection...");
        Socket socket = null;
        while (!this.stopped.get() && socket == null) {
            try {
                try {
                    socket = serverSocket.accept();
                } catch (SocketTimeoutException e) {
                    LOG.trace("SocketTimeoutException occurred. {}", e.getMessage());
                }
            } catch (IOException e2) {
                LOG.error("RemoteSiteListener Unable to accept connection due to {}", e2.toString());
                if (LOG.isDebugEnabled()) {
                    LOG.error("", e2);
                }
                return socket;
            }
        }
        LOG.trace("Got connection");
        return socket;
    }

    private void handleRequest(ServerProtocol serverProtocol, Peer peer, RequestType requestType) throws IOException, NotAuthorizedException, BadRequestException, RequestExpiredException {
        LOG.debug("Request type from {} is {}", serverProtocol, requestType);
        switch (AnonymousClass2.$SwitchMap$org$apache$nifi$remote$protocol$RequestType[requestType.ordinal()]) {
            case 1:
                serverProtocol.negotiateCodec(peer);
                return;
            case 2:
                serverProtocol.getPort().transferFlowFiles(peer, serverProtocol);
                return;
            case 3:
                serverProtocol.getPort().receiveFlowFiles(peer, serverProtocol);
                return;
            case 4:
                Optional empty = this.nodeInformant == null ? Optional.empty() : Optional.of(this.nodeInformant.getNodeInformation());
                String remoteInputHost = this.nifiProperties.getRemoteInputHost();
                if (remoteInputHost == null) {
                    remoteInputHost = InetAddress.getLocalHost().getHostName();
                }
                Boolean isSiteToSiteSecure = this.nifiProperties.isSiteToSiteSecure();
                Integer sslPort = isSiteToSiteSecure.booleanValue() ? this.nifiProperties.getSslPort() : this.nifiProperties.getPort();
                serverProtocol.sendPeerList(peer, empty, new NodeInformation(remoteInputHost, this.nifiProperties.getRemoteInputPort(), this.nifiProperties.getRemoteInputHttpPort(), sslPort != null ? sslPort.intValue() : 0, isSiteToSiteSecure.booleanValue(), 0));
                return;
            case 5:
                serverProtocol.shutdown(peer);
                return;
            default:
                return;
        }
    }

    private int getPort() {
        return this.socketPort;
    }

    @Override // org.apache.nifi.remote.RemoteSiteListener
    public void stop() {
        this.stopped.set(true);
    }

    @Override // org.apache.nifi.remote.RemoteSiteListener
    public void destroy() {
    }

    private void verifyMagicBytes(InputStream inputStream, String str) throws IOException {
        byte[] bArr = new byte[CommunicationsSession.MAGIC_BYTES.length];
        for (int i = 0; i < bArr.length; i++) {
            try {
                bArr[i] = (byte) inputStream.read();
            } catch (EOFException e) {
                throw new HandshakeException("Handshake failed (not enough bytes) when communicating with " + str);
            }
        }
        if (!Arrays.equals(CommunicationsSession.MAGIC_BYTES, bArr)) {
            throw new HandshakeException("Handshake with " + str + " failed because the Magic Header was not present");
        }
    }
}
