package org.glowroot.central;

import com.google.common.base.Preconditions;
import com.google.common.base.Stopwatch;
import io.grpc.Server;
import io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.NettyServerBuilder;
import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.ApplicationProtocolNegotiator;
import io.netty.handler.ssl.SslContext;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.file.FileSystems;
import java.nio.file.Path;
import java.nio.file.StandardWatchEventKinds;
import java.nio.file.WatchEvent;
import java.nio.file.WatchKey;
import java.nio.file.WatchService;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSessionContext;
import org.glowroot.central.repo.ActiveAgentDao;
import org.glowroot.central.repo.AgentConfigDao;
import org.glowroot.central.repo.AgentDisplayDao;
import org.glowroot.central.repo.AggregateDao;
import org.glowroot.central.repo.EnvironmentDao;
import org.glowroot.central.repo.GaugeValueDao;
import org.glowroot.central.repo.HeartbeatDao;
import org.glowroot.central.repo.TraceDao;
import org.glowroot.central.repo.V09AgentRollupDao;
import org.glowroot.central.util.ClusterManager;
import org.glowroot.central.util.MoreExecutors2;
import org.glowroot.common.util.Clock;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/glowroot/central/GrpcServer.class */
public class GrpcServer {
    private static final Logger startupLogger = LoggerFactory.getLogger("org.glowroot");
    private static final Logger logger = LoggerFactory.getLogger(GrpcServer.class);
    private final DownstreamServiceImpl downstreamService;
    private final Server httpServer;
    private final Server httpsServer;
    private final ExecutorService confDirWatchExecutor;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/glowroot/central/GrpcServer$CertificateReloader.class */
    public static final class CertificateReloader implements Runnable {
        private final WatchService watcher;
        private final DelegatingSslContext delegatingSslContext;

        private CertificateReloader(File file, DelegatingSslContext delegatingSslContext) throws IOException {
            this.delegatingSslContext = delegatingSslContext;
            this.watcher = FileSystems.getDefault().newWatchService();
            file.toPath().register(this.watcher, StandardWatchEventKinds.ENTRY_CREATE, StandardWatchEventKinds.ENTRY_MODIFY);
        }

        @Override // java.lang.Runnable
        public void run() {
            while (true) {
                try {
                    runInternal();
                } catch (InterruptedException e) {
                    GrpcServer.logger.debug(e.getMessage(), e);
                    return;
                } catch (Throwable th) {
                    GrpcServer.logger.error(th.getMessage(), th);
                }
            }
        }

        public void runInternal() throws Exception {
            WatchKey poll;
            WatchKey take = this.watcher.take();
            take.reset();
            if (!certificateModified(take)) {
                return;
            }
            do {
                TimeUnit.SECONDS.sleep(5L);
                poll = this.watcher.poll();
                if (poll == null) {
                    break;
                } else {
                    poll.reset();
                }
            } while (certificateModified(poll));
            this.delegatingSslContext.reloadCertificate();
        }

        private static boolean certificateModified(WatchKey watchKey) {
            Iterator<WatchEvent<?>> it = watchKey.pollEvents().iterator();
            while (it.hasNext()) {
                Object context = it.next().context();
                if (context instanceof Path) {
                    String path = ((Path) context).toString();
                    if (path.equals("grpc-cert.pem") || path.equals("cert.pem") || path.equals("grpc-key.pem") || path.equals("key.pem")) {
                        return true;
                    }
                }
            }
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/glowroot/central/GrpcServer$DelegatingSslContext.class */
    public static class DelegatingSslContext extends SslContext {
        private final File confDir;
        private volatile SslContext sslContext;

        public static SslContext create(File file, ExecutorService executorService) throws IOException {
            DelegatingSslContext delegatingSslContext = new DelegatingSslContext(file);
            executorService.execute(new CertificateReloader(file, delegatingSslContext));
            return delegatingSslContext;
        }

        private DelegatingSslContext(File file) throws IOException {
            this.confDir = file;
            this.sslContext = createSslContext(file);
        }

        public boolean isClient() {
            return this.sslContext.isClient();
        }

        public List<String> cipherSuites() {
            return this.sslContext.cipherSuites();
        }

        public long sessionCacheSize() {
            return this.sslContext.sessionCacheSize();
        }

        public long sessionTimeout() {
            return this.sslContext.sessionTimeout();
        }

        public ApplicationProtocolNegotiator applicationProtocolNegotiator() {
            return this.sslContext.applicationProtocolNegotiator();
        }

        public SSLEngine newEngine(ByteBufAllocator byteBufAllocator) {
            return this.sslContext.newEngine(byteBufAllocator);
        }

        public SSLEngine newEngine(ByteBufAllocator byteBufAllocator, String str, int i) {
            return this.sslContext.newEngine(byteBufAllocator, str, i);
        }

        public SSLSessionContext sessionContext() {
            return this.sslContext.sessionContext();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void reloadCertificate() throws IOException {
            this.sslContext = createSslContext(this.confDir);
            GrpcServer.startupLogger.info("gRPC certificate reloaded");
        }

        private static SslContext createSslContext(File file) throws IOException {
            return GrpcSslContexts.forServer(getHttpsConfFile(file, "grpc-cert.pem", "cert.pem", "certificate"), getHttpsConfFile(file, "grpc-key.pem", "key.pem", "private key")).build();
        }

        private static File getHttpsConfFile(File file, String str, String str2, String str3) throws FileNotFoundException {
            File file2 = new File(file, str);
            if (file2.exists()) {
                return file2;
            }
            File file3 = new File(file, str2);
            if (file3.exists()) {
                return file3;
            }
            throw new FileNotFoundException("HTTPS is enabled, but " + str + " (or " + str2 + " if using the same " + str3 + " for both grpc and ui) was not found under '" + file.getAbsolutePath() + "'");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public GrpcServer(String str, Integer num, Integer num2, File file, AgentDisplayDao agentDisplayDao, AgentConfigDao agentConfigDao, ActiveAgentDao activeAgentDao, EnvironmentDao environmentDao, HeartbeatDao heartbeatDao, AggregateDao aggregateDao, GaugeValueDao gaugeValueDao, TraceDao traceDao, V09AgentRollupDao v09AgentRollupDao, CentralAlertingService centralAlertingService, ClusterManager clusterManager, Clock clock, String str2) throws IOException {
        GrpcCommon grpcCommon = new GrpcCommon(v09AgentRollupDao);
        this.downstreamService = new DownstreamServiceImpl(grpcCommon, clusterManager);
        CollectorServiceImpl collectorServiceImpl = new CollectorServiceImpl(agentDisplayDao, agentConfigDao, activeAgentDao, environmentDao, heartbeatDao, aggregateDao, gaugeValueDao, traceDao, v09AgentRollupDao, grpcCommon, centralAlertingService, clock, str2);
        if (num == null) {
            this.httpServer = null;
        } else {
            this.httpServer = startServer(str, num.intValue(), false, file, null, this.downstreamService, collectorServiceImpl);
            if (num2 == null) {
                startupLogger.info("gRPC listening on {}:{}", str, num);
            } else {
                startupLogger.info("gRPC listening on {}:{} (HTTP)", str, num);
            }
        }
        if (num2 == null) {
            this.confDirWatchExecutor = null;
            this.httpsServer = null;
        } else {
            this.confDirWatchExecutor = MoreExecutors2.newSingleThreadExecutor("Conf-Dir-Watcher");
            this.httpsServer = startServer(str, num2.intValue(), true, file, this.confDirWatchExecutor, this.downstreamService, collectorServiceImpl);
            startupLogger.info("gRPC listening on {}:{} (HTTPS)", str, num2);
        }
    }

    private static Server startServer(String str, int i, boolean z, File file, ExecutorService executorService, DownstreamServiceImpl downstreamServiceImpl, CollectorServiceImpl collectorServiceImpl) throws IOException {
        NettyServerBuilder forAddress = NettyServerBuilder.forAddress(new InetSocketAddress(str, i));
        if (z) {
            forAddress.sslContext(DelegatingSslContext.create(file, (ExecutorService) Preconditions.checkNotNull(executorService)));
        }
        return forAddress.addService(collectorServiceImpl.bindService()).addService(downstreamServiceImpl.bindService()).maxInboundMessageSize(67108864).permitKeepAliveTime(20L, TimeUnit.SECONDS).maxConnectionAge(20L, TimeUnit.MINUTES).build().start();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DownstreamServiceImpl getDownstreamService() {
        return this.downstreamService;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void close(boolean z) throws InterruptedException {
        if (this.confDirWatchExecutor != null && !z) {
            this.confDirWatchExecutor.shutdownNow();
            if (!this.confDirWatchExecutor.awaitTermination(10L, TimeUnit.SECONDS)) {
                throw new IllegalStateException("Timed out waiting for conf dir watching thread to terminate");
            }
        }
        this.downstreamService.stopSendingDownstreamRequests();
        if (this.httpsServer != null) {
            this.httpsServer.shutdown();
        }
        if (this.httpServer != null) {
            this.httpServer.shutdown();
        }
        Stopwatch createStarted = Stopwatch.createStarted();
        if (this.httpsServer != null) {
            while (createStarted.elapsed(TimeUnit.SECONDS) < 5 && !this.httpsServer.isTerminated()) {
                Thread.sleep(10L);
            }
        }
        if (this.httpServer != null) {
            while (createStarted.elapsed(TimeUnit.SECONDS) < 5 && !this.httpServer.isTerminated()) {
                Thread.sleep(10L);
            }
        }
        if (this.httpsServer != null && !this.httpsServer.isTerminated()) {
            this.httpsServer.shutdownNow();
        }
        if (this.httpServer != null && !this.httpServer.isTerminated()) {
            this.httpServer.shutdownNow();
        }
        Stopwatch createStarted2 = Stopwatch.createStarted();
        if (this.httpsServer != null && !this.httpsServer.isTerminated() && !this.httpsServer.awaitTermination(5L, TimeUnit.SECONDS)) {
            throw new IllegalStateException("Timed out waiting for grpc server to terminate");
        }
        long max = Math.max(0L, 5000 - createStarted2.elapsed(TimeUnit.MILLISECONDS));
        if (this.httpServer != null && !this.httpServer.isTerminated() && !this.httpServer.awaitTermination(max, TimeUnit.MILLISECONDS)) {
            throw new IllegalStateException("Timed out waiting for grpc server to terminate");
        }
    }
}
