package org.yamcs.http;

import com.google.protobuf.Message;
import com.google.protobuf.util.JsonFormat;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufOutputStream;
import io.netty.buffer.Unpooled;
import io.netty.channel.ChannelFuture;
import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.WriteBufferWaterMark;
import io.netty.handler.codec.DecoderException;
import io.netty.handler.codec.DecoderResult;
import io.netty.handler.codec.http.DefaultFullHttpResponse;
import io.netty.handler.codec.http.HttpContent;
import io.netty.handler.codec.http.HttpContentCompressor;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpHeaderValues;
import io.netty.handler.codec.http.HttpHeaders;
import io.netty.handler.codec.http.HttpMessage;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpObjectAggregator;
import io.netty.handler.codec.http.HttpRequest;
import io.netty.handler.codec.http.HttpResponse;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpUtil;
import io.netty.handler.codec.http.HttpVersion;
import io.netty.handler.codec.http.LastHttpContent;
import io.netty.handler.codec.http.cookie.Cookie;
import io.netty.handler.codec.http.cookie.ServerCookieDecoder;
import io.netty.handler.codec.http.websocketx.WebSocketServerProtocolHandler;
import io.netty.handler.codec.protobuf.ProtobufDecoder;
import io.netty.handler.codec.protobuf.ProtobufVarint32FrameDecoder;
import io.netty.handler.ssl.NotSslRecordException;
import io.netty.util.AttributeKey;
import io.netty.util.CharsetUtil;
import io.netty.util.ReferenceCountUtil;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashSet;
import java.util.Iterator;
import java.util.concurrent.ExecutionException;
import java.util.regex.Matcher;
import javax.net.ssl.SSLHandshakeException;
import me.lemire.integercompression.FastPFOR128;
import org.yamcs.YConfiguration;
import org.yamcs.YamcsServer;
import org.yamcs.http.auth.TokenStore;
import org.yamcs.logging.Log;
import org.yamcs.security.AbstractHttpRequestAuthModule;
import org.yamcs.security.AuthenticationException;
import org.yamcs.security.AuthenticationInfo;
import org.yamcs.security.SecurityStore;
import org.yamcs.security.User;
import org.yamcs.security.UsernamePasswordToken;

/* loaded from: input_file:org/yamcs/http/HttpRequestHandler.class */
public class HttpRequestHandler extends ChannelInboundHandlerAdapter {
    public static final String ANY_PATH = "*";
    private static final String API_PATH = "api";
    private static final String STATIC_PATH = "static";
    private static final String AUTH_TYPE_BASIC = "Basic ";
    private static final String AUTH_TYPE_BEARER = "Bearer ";
    public static final AttributeKey<String> CTX_CONTEXT_PATH = AttributeKey.valueOf("contextPath");
    public static final AttributeKey<HttpRequest> CTX_HTTP_REQUEST = AttributeKey.valueOf("httpRequest");
    public static final AttributeKey<String> CTX_USERNAME = AttributeKey.valueOf("username");
    public static final AttributeKey<RouteContext> CTX_CONTEXT = AttributeKey.valueOf("routeContext");
    private static final Log log = new Log(HttpRequestHandler.class);
    public static final Object CONTENT_FINISHED_EVENT = new Object();
    private static StaticFileHandler fileRequestHandler = new StaticFileHandler();
    private static SecurityStore securityStore = YamcsServer.getServer().getSecurityStore();
    private static RouteHandler routeHandler = new RouteHandler();
    private HttpServer httpServer;
    private String contextPath;
    private boolean contentExpected = false;
    YConfiguration wsConfig;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/yamcs/http/HttpRequestHandler$RouteMatch.class */
    public static final class RouteMatch {
        final Matcher regexMatch;
        final Route route;

        RouteMatch(Matcher matcher, Route route) {
            this.regexMatch = matcher;
            this.route = route;
        }
    }

    public HttpRequestHandler(HttpServer httpServer) {
        this.httpServer = httpServer;
        this.wsConfig = httpServer.getConfig().getConfig("webSocket");
        this.contextPath = httpServer.getContextPath();
    }

    public void channelActive(ChannelHandlerContext channelHandlerContext) throws Exception {
        this.httpServer.trackClientChannel(channelHandlerContext.channel());
        super.channelActive(channelHandlerContext);
    }

    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
        if (obj instanceof HttpMessage) {
            DecoderResult decoderResult = ((HttpMessage) obj).decoderResult();
            if (!decoderResult.isSuccess()) {
                log.warn("{} Exception while decoding http message: {}", channelHandlerContext.channel().id().asShortText(), decoderResult.cause());
                sendPlainTextError(channelHandlerContext, null, HttpResponseStatus.BAD_REQUEST);
                return;
            }
        }
        if (obj instanceof HttpRequest) {
            this.contentExpected = false;
            HttpRequest httpRequest = (HttpRequest) obj;
            log.debug("{} {} {}", channelHandlerContext.channel().id().asShortText(), httpRequest.method(), httpRequest.uri());
            try {
                handleRequest(channelHandlerContext, httpRequest);
            } catch (InternalServerErrorException e) {
                log.error(httpRequest.uri(), e);
                sendPlainTextError(channelHandlerContext, httpRequest, e.getStatus(), e.getMessage());
            } catch (HttpException e2) {
                log.warn("{}: {}", httpRequest.uri(), e2.getMessage());
                sendPlainTextError(channelHandlerContext, httpRequest, e2.getStatus(), e2.getMessage());
            } catch (Throwable th) {
                log.error(httpRequest.uri(), th);
                sendPlainTextError(channelHandlerContext, httpRequest, HttpResponseStatus.INTERNAL_SERVER_ERROR);
            }
            ReferenceCountUtil.release(obj);
            return;
        }
        if (!(obj instanceof HttpContent)) {
            log.error("{} unexpected message received: {}", channelHandlerContext.channel().id().asShortText(), obj);
            ReferenceCountUtil.release(obj);
            return;
        }
        if (this.contentExpected) {
            channelHandlerContext.fireChannelRead(obj);
            if (obj instanceof LastHttpContent) {
                channelHandlerContext.fireUserEventTriggered(CONTENT_FINISHED_EVENT);
                return;
            }
            return;
        }
        if (obj instanceof LastHttpContent) {
            return;
        }
        log.warn("{} unexpected http content received: {}", channelHandlerContext.channel().id().asShortText(), obj);
        ReferenceCountUtil.release(obj);
        channelHandlerContext.close();
    }

    private void handleRequest(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest) throws IOException {
        cleanPipeline(channelHandlerContext.pipeline());
        channelHandlerContext.channel().attr(CTX_CONTEXT_PATH).set(this.contextPath);
        channelHandlerContext.channel().attr(CTX_HTTP_REQUEST).set(httpRequest);
        channelHandlerContext.channel().attr(CTX_CONTEXT).set((Object) null);
        channelHandlerContext.channel().attr(CTX_USERNAME).set((Object) null);
        if (!httpRequest.uri().startsWith(this.contextPath)) {
            sendPlainTextError(channelHandlerContext, httpRequest, HttpResponseStatus.NOT_FOUND);
            return;
        }
        String pathWithoutContext = HttpUtils.getPathWithoutContext(httpRequest, this.contextPath);
        String[] split = pathWithoutContext.split("/", 3);
        String str = split.length >= 2 ? split[1] : HttpServer.TYPE_URL_PREFIX;
        boolean z = -1;
        switch (str.hashCode()) {
            case -892481938:
                if (str.equals(STATIC_PATH)) {
                    z = false;
                    break;
                }
                break;
            case 96794:
                if (str.equals(API_PATH)) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (split.length == 2) {
                    sendPlainTextError(channelHandlerContext, httpRequest, HttpResponseStatus.FORBIDDEN);
                    return;
                } else {
                    fileRequestHandler.handleStaticFileRequest(channelHandlerContext, httpRequest, split[2]);
                    return;
                }
            case true:
                User authorizeUser = authorizeUser(channelHandlerContext, httpRequest);
                channelHandlerContext.channel().attr(CTX_USERNAME).set(authorizeUser.getName());
                handleApiRequest(channelHandlerContext, httpRequest, authorizeUser, pathWithoutContext);
                this.contentExpected = true;
                return;
            default:
                Handler createHandler = this.httpServer.createHandler(str);
                if (createHandler == null) {
                    createHandler = this.httpServer.createHandler(ANY_PATH);
                }
                if (createHandler == null) {
                    sendPlainTextError(channelHandlerContext, httpRequest, HttpResponseStatus.NOT_FOUND);
                    return;
                }
                channelHandlerContext.pipeline().addLast(new ChannelHandler[]{new HttpContentCompressor()});
                channelHandlerContext.pipeline().addLast(new ChannelHandler[]{new HttpObjectAggregator(FastPFOR128.DEFAULT_PAGE_SIZE)});
                channelHandlerContext.pipeline().addLast(new ChannelHandler[]{createHandler});
                channelHandlerContext.fireChannelRead(httpRequest);
                this.contentExpected = true;
                return;
        }
    }

    private User authorizeUser(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest) throws HttpException {
        if (securityStore.isEnabled()) {
            if (httpRequest.headers().contains(HttpHeaderNames.AUTHORIZATION)) {
                String str = httpRequest.headers().get(HttpHeaderNames.AUTHORIZATION);
                if (str.startsWith(AUTH_TYPE_BASIC)) {
                    return handleBasicAuth(channelHandlerContext, httpRequest);
                }
                if (str.startsWith(AUTH_TYPE_BEARER)) {
                    return handleBearerAuth(channelHandlerContext, httpRequest);
                }
                throw new BadRequestException("Unsupported Authorization header '" + str + "'");
            }
            if (securityStore.getAuthModules().stream().anyMatch(authModule -> {
                return (authModule instanceof AbstractHttpRequestAuthModule) && ((AbstractHttpRequestAuthModule) authModule).handles(channelHandlerContext, httpRequest);
            })) {
                try {
                    return securityStore.getDirectory().getUser(securityStore.login(new AbstractHttpRequestAuthModule.HttpRequestToken(channelHandlerContext, httpRequest)).get().getUsername());
                } catch (InterruptedException e) {
                    Thread.currentThread().interrupt();
                    return null;
                } catch (ExecutionException e2) {
                    if (e2.getCause() instanceof AuthenticationException) {
                        throw new UnauthorizedException(e2.getCause().getMessage());
                    }
                    throw new InternalServerErrorException(e2.getCause());
                }
            }
            String accessTokenFromCookie = getAccessTokenFromCookie(httpRequest);
            if (accessTokenFromCookie != null) {
                return handleAccessToken(channelHandlerContext, httpRequest, accessTokenFromCookie);
            }
        }
        if (securityStore.getGuestUser().isActive()) {
            return securityStore.getGuestUser();
        }
        throw new UnauthorizedException("Missing authentication");
    }

    private void handleApiRequest(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest, User user, String str) {
        if (str.equals(HttpServer.WEBSOCKET_ROUTE.getGet())) {
            if (httpRequest.method() != HttpMethod.GET) {
                throw new MethodNotAllowedException(httpRequest.method(), str, Arrays.asList(HttpMethod.GET));
            }
            prepareChannelForWebSocketUpgrade(channelHandlerContext, httpRequest, user);
            return;
        }
        RouteMatch matchRoute = matchRoute(httpRequest.method(), str);
        if (matchRoute == null) {
            throw new NotFoundException();
        }
        RouteContext routeContext = new RouteContext(this.httpServer, channelHandlerContext, user, httpRequest, matchRoute.route, matchRoute.regexMatch);
        log.debug("{}: Routing {} {}", routeContext, httpRequest.method(), httpRequest.uri());
        channelHandlerContext.channel().attr(CTX_CONTEXT).set(routeContext);
        ChannelPipeline pipeline = channelHandlerContext.pipeline();
        if (!routeContext.isClientStreaming()) {
            pipeline.addLast(new ChannelHandler[]{new HttpContentCompressor()});
            pipeline.addLast(new ChannelHandler[]{new HttpObjectAggregator(routeContext.getMaxBodySize())});
            pipeline.addLast(new ChannelHandler[]{routeHandler});
            channelHandlerContext.fireChannelRead(httpRequest);
            return;
        }
        pipeline.addLast(new ChannelHandler[]{new HttpContentToByteBufDecoder()});
        pipeline.addLast(new ChannelHandler[]{new ProtobufVarint32FrameDecoder()});
        String bodySpecifier = routeContext.getBodySpecifier();
        Message requestPrototype = routeContext.getRequestPrototype();
        if (bodySpecifier != null && !ANY_PATH.equals(bodySpecifier)) {
            requestPrototype = requestPrototype.newBuilderForType().getFieldBuilder(requestPrototype.getDescriptorForType().findFieldByName(bodySpecifier)).getDefaultInstanceForType();
        }
        pipeline.addLast(new ChannelHandler[]{new ProtobufDecoder(requestPrototype)});
        pipeline.addLast(new ChannelHandler[]{new StreamingClientHandler(routeContext)});
        if (HttpUtil.is100ContinueExpected(httpRequest)) {
            channelHandlerContext.writeAndFlush(HttpUtils.CONTINUE_RESPONSE.retainedDuplicate());
        }
    }

    private RouteMatch matchRoute(HttpMethod httpMethod, String str) throws MethodNotAllowedException {
        for (Route route : this.httpServer.getRoutes()) {
            if (route.getHttpMethod().equals(httpMethod)) {
                Matcher matchURI = route.matchURI(str);
                if (matchURI.matches()) {
                    if (route.isDeprecated()) {
                        log.warn("A client used a deprecated route: {}", str);
                    }
                    return new RouteMatch(matchURI, route);
                }
            }
        }
        HashSet hashSet = new HashSet(4);
        Iterator<Route> it = this.httpServer.getRoutes().iterator();
        while (it.hasNext()) {
            if (it.next().matchURI(str).matches()) {
                hashSet.add(httpMethod);
            }
        }
        if (hashSet.isEmpty()) {
            return null;
        }
        throw new MethodNotAllowedException(httpMethod, str, hashSet);
    }

    private void prepareChannelForWebSocketUpgrade(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest, User user) {
        this.contentExpected = true;
        ChannelPipeline pipeline = channelHandlerContext.pipeline();
        pipeline.addLast(new ChannelHandler[]{new HttpObjectAggregator(FastPFOR128.DEFAULT_PAGE_SIZE)});
        int i = this.wsConfig.getInt("maxFrameLength");
        WriteBufferWaterMark writeBufferWaterMark = new WriteBufferWaterMark(this.wsConfig.getConfig("writeBufferWaterMark").getInt("low"), this.wsConfig.getConfig("writeBufferWaterMark").getInt("high"));
        pipeline.addLast(new ChannelHandler[]{new WebSocketServerProtocolHandler(httpRequest.uri(), "json, protobuf", true, i)});
        pipeline.addLast(new ChannelHandler[]{new WebSocketFrameHandler(this.httpServer, httpRequest, user, writeBufferWaterMark)});
        channelHandlerContext.fireChannelRead(httpRequest);
    }

    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
        String asShortText = channelHandlerContext.channel().id().asShortText();
        if (th instanceof NotSslRecordException) {
            log.info("{} Closing channel: expected a TLS/SSL packet", asShortText);
        } else if ((th instanceof IOException) && th.getMessage().contains("reset by peer")) {
            log.info("{} Closing channel: {}", asShortText, th.getMessage());
        } else if ((th instanceof DecoderException) && (((DecoderException) th).getCause() instanceof SSLHandshakeException)) {
            log.info("{} Closing channel: {}", asShortText, th.getMessage());
        } else {
            log.error("{} Closing channel: {}", asShortText, th.getMessage(), th);
        }
        channelHandlerContext.close();
    }

    public static <T extends Message> ChannelFuture sendMessageResponse(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest, HttpResponseStatus httpResponseStatus, T t) {
        ByteBuf buffer = channelHandlerContext.alloc().buffer();
        MediaType acceptType = getAcceptType(httpRequest);
        try {
            if (acceptType == MediaType.PROTOBUF) {
                ByteBufOutputStream byteBufOutputStream = new ByteBufOutputStream(buffer);
                try {
                    t.writeTo(byteBufOutputStream);
                    byteBufOutputStream.close();
                } finally {
                }
            } else if (acceptType == MediaType.PLAIN_TEXT) {
                buffer.writeCharSequence(t.toString(), StandardCharsets.UTF_8);
            } else {
                acceptType = MediaType.JSON;
                buffer.writeCharSequence(JsonFormat.printer().preservingProtoFieldNames().print(t), StandardCharsets.UTF_8);
            }
            DefaultFullHttpResponse defaultFullHttpResponse = new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, httpResponseStatus, buffer);
            defaultFullHttpResponse.headers().set(HttpHeaderNames.CONTENT_TYPE, acceptType.toString());
            defaultFullHttpResponse.headers().set(HttpHeaderNames.CONTENT_LENGTH, Integer.valueOf(buffer.readableBytes()));
            return sendResponse(channelHandlerContext, httpRequest, defaultFullHttpResponse);
        } catch (IOException e) {
            return sendPlainTextError(channelHandlerContext, httpRequest, HttpResponseStatus.INTERNAL_SERVER_ERROR, e.toString());
        }
    }

    public static ChannelFuture sendPlainTextError(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest, HttpResponseStatus httpResponseStatus) {
        return sendPlainTextError(channelHandlerContext, httpRequest, httpResponseStatus, httpResponseStatus.toString());
    }

    public static ChannelFuture sendPlainTextError(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest, HttpResponseStatus httpResponseStatus, String str) {
        DefaultFullHttpResponse defaultFullHttpResponse = new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, httpResponseStatus, Unpooled.copiedBuffer(str + "\r\n", CharsetUtil.UTF_8));
        defaultFullHttpResponse.headers().set(HttpHeaderNames.CONTENT_TYPE, "text/plain; charset=UTF-8");
        defaultFullHttpResponse.headers().set(HttpHeaderNames.CONTENT_LENGTH, Integer.valueOf(defaultFullHttpResponse.content().readableBytes()));
        return sendResponse(channelHandlerContext, httpRequest, defaultFullHttpResponse);
    }

    public static ChannelFuture sendResponse(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest, HttpResponse httpResponse) {
        int code = httpResponse.status().code();
        boolean isKeepAlive = HttpUtil.isKeepAlive(httpRequest);
        if (100 > code || code >= 400) {
            isKeepAlive = false;
            if (httpRequest != null) {
                log.warn("{} {} {} {}", channelHandlerContext.channel().id().asShortText(), httpRequest.method(), httpRequest.uri(), Integer.valueOf(code));
            } else {
                log.warn("{} malformed or illegal request. Sending back {}", channelHandlerContext.channel().id().asShortText(), Integer.valueOf(code));
            }
        } else {
            log.info("{} {} {} {}", channelHandlerContext.channel().id().asShortText(), httpRequest.method(), httpRequest.uri(), Integer.valueOf(code));
        }
        if (isKeepAlive) {
            httpResponse.headers().set(HttpHeaderNames.CONNECTION, HttpHeaderValues.KEEP_ALIVE);
            return channelHandlerContext.writeAndFlush(httpResponse);
        }
        httpResponse.headers().set(HttpHeaderNames.CONNECTION, HttpHeaderValues.CLOSE);
        return channelHandlerContext.writeAndFlush(httpResponse).addListener(ChannelFutureListener.CLOSE);
    }

    private void cleanPipeline(ChannelPipeline channelPipeline) {
        while (channelPipeline.last() != this) {
            channelPipeline.removeLast();
        }
    }

    private static MediaType getAcceptType(HttpRequest httpRequest) {
        MediaType from;
        String str = httpRequest.headers().get(HttpHeaderNames.ACCEPT);
        if (str != null && (from = MediaType.from(str)) != MediaType.ANY) {
            return from;
        }
        return getContentType(httpRequest);
    }

    public static MediaType getContentType(HttpRequest httpRequest) {
        String str = httpRequest.headers().get(HttpHeaderNames.CONTENT_TYPE);
        return str != null ? MediaType.from(str) : MediaType.JSON;
    }

    private String getAccessTokenFromCookie(HttpRequest httpRequest) {
        HttpHeaders headers = httpRequest.headers();
        if (!headers.contains(HttpHeaderNames.COOKIE)) {
            return null;
        }
        for (Cookie cookie : ServerCookieDecoder.STRICT.decode(headers.get(HttpHeaderNames.COOKIE))) {
            if ("access_token".equalsIgnoreCase(cookie.name())) {
                return cookie.value();
            }
        }
        return null;
    }

    private User handleBasicAuth(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest) throws HttpException {
        try {
            String[] split = new String(Base64.getDecoder().decode(httpRequest.headers().get(HttpHeaderNames.AUTHORIZATION).substring(AUTH_TYPE_BASIC.length()))).split(":", 2);
            if (split.length < 2) {
                throw new BadRequestException("Malformed username/password (Not separated by colon?)");
            }
            try {
                return securityStore.getDirectory().getUser(securityStore.login(new UsernamePasswordToken(split[0], split[1].toCharArray())).get().getUsername());
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
                return null;
            } catch (ExecutionException e2) {
                if (e2.getCause() instanceof AuthenticationException) {
                    throw new UnauthorizedException(e2.getCause().getMessage());
                }
                throw new InternalServerErrorException(e2.getCause());
            }
        } catch (IllegalArgumentException e3) {
            throw new BadRequestException("Could not decode Base64-encoded credentials");
        }
    }

    private User handleBearerAuth(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest) throws UnauthorizedException {
        return handleAccessToken(channelHandlerContext, httpRequest, httpRequest.headers().get(HttpHeaderNames.AUTHORIZATION).substring(AUTH_TYPE_BEARER.length()));
    }

    private User handleAccessToken(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest, String str) throws UnauthorizedException {
        TokenStore tokenStore = this.httpServer.getTokenStore();
        AuthenticationInfo verifyAccessToken = tokenStore.verifyAccessToken(str);
        if (securityStore.verifyValidity(verifyAccessToken)) {
            return securityStore.getDirectory().getUser(verifyAccessToken.getUsername());
        }
        tokenStore.revokeAccessToken(str);
        throw new UnauthorizedException("Could not verify token");
    }
}
