package se.arkalix.internal.net.http.service;

import io.netty.buffer.Unpooled;
import io.netty.channel.ChannelFuture;
import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.codec.http.DefaultFullHttpResponse;
import io.netty.handler.codec.http.DefaultHttpHeaders;
import io.netty.handler.codec.http.EmptyHttpHeaders;
import io.netty.handler.codec.http.HttpContent;
import io.netty.handler.codec.http.HttpHeaders;
import io.netty.handler.codec.http.HttpRequest;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpUtil;
import io.netty.handler.codec.http.HttpVersion;
import io.netty.handler.codec.http.LastHttpContent;
import io.netty.handler.codec.http.QueryStringDecoder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.timeout.IdleState;
import io.netty.handler.timeout.IdleStateEvent;
import java.net.InetSocketAddress;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.arkalix.ArSystem;
import se.arkalix.description.ConsumerDescription;
import se.arkalix.descriptor.EncodingDescriptor;
import se.arkalix.dto.DtoReadException;
import se.arkalix.internal.net.NettySimpleChannelInboundHandler;
import se.arkalix.internal.net.http.HttpMediaTypes;
import se.arkalix.internal.net.http.NettyHttpBodyReceiver;
import se.arkalix.internal.net.http.service.NettyHttpServiceRequest;
import se.arkalix.net.http.HttpStatus;
import se.arkalix.net.http.service.HttpServiceRequestException;
import se.arkalix.query.ServiceNotFoundException;
import se.arkalix.security.access.AccessTokenException;
import se.arkalix.util.concurrent.Future;

/* loaded from: input_file:se/arkalix/internal/net/http/service/NettyHttpServiceConnectionHandler.class */
public class NettyHttpServiceConnectionHandler extends NettySimpleChannelInboundHandler<Object> {
    private static final Logger logger = LoggerFactory.getLogger(NettyHttpServiceConnectionHandler.class);
    private final ArSystem system;
    private final HttpServiceLookup serviceLookup;
    private final SslHandler sslHandler;
    private HttpRequest request = null;
    private boolean keepAlive = false;
    private HttpServiceInternal service = null;
    private ConsumerDescription consumer = null;
    private NettyHttpBodyReceiver body = null;

    public NettyHttpServiceConnectionHandler(ArSystem arSystem, HttpServiceLookup httpServiceLookup, SslHandler sslHandler) {
        this.system = (ArSystem) Objects.requireNonNull(arSystem, "Expected system");
        this.serviceLookup = (HttpServiceLookup) Objects.requireNonNull(httpServiceLookup, "Expected serviceLookup");
        this.sslHandler = sslHandler;
    }

    protected void channelRead0(ChannelHandlerContext channelHandlerContext, Object obj) {
        if (obj instanceof HttpRequest) {
            readRequest(channelHandlerContext, (HttpRequest) obj);
        }
        if (obj instanceof HttpContent) {
            readContent((HttpContent) obj);
        }
    }

    private void readRequest(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest) {
        EncodingDescriptor resolveEncoding;
        this.request = httpRequest;
        this.keepAlive = HttpUtil.isKeepAlive(httpRequest);
        QueryStringDecoder queryStringDecoder = new QueryStringDecoder(httpRequest.uri());
        this.service = resolveService(channelHandlerContext, queryStringDecoder.path());
        if (this.service == null || !authorize(channelHandlerContext, httpRequest) || (resolveEncoding = resolveEncoding(channelHandlerContext)) == null) {
            return;
        }
        if (HttpUtil.is100ContinueExpected(httpRequest)) {
            channelHandlerContext.writeAndFlush(new DefaultFullHttpResponse(httpRequest.protocolVersion(), HttpResponseStatus.CONTINUE, Unpooled.EMPTY_BUFFER));
        }
        NettyHttpBodyReceiver nettyHttpBodyReceiver = new NettyHttpBodyReceiver(channelHandlerContext.alloc(), httpRequest.headers(), resolveEncoding);
        NettyHttpServiceRequest build = new NettyHttpServiceRequest.Builder().body(nettyHttpBodyReceiver).queryStringDecoder(queryStringDecoder).request(httpRequest).consumer(this.consumer).build();
        DefaultHttpHeaders defaultHttpHeaders = new DefaultHttpHeaders();
        NettyHttpServiceResponse nettyHttpServiceResponse = new NettyHttpServiceResponse(httpRequest, defaultHttpHeaders, resolveEncoding);
        this.body = nettyHttpBodyReceiver;
        this.service.handle(build, nettyHttpServiceResponse).map(obj -> {
            HttpUtil.setKeepAlive(defaultHttpHeaders, httpRequest.protocolVersion(), this.keepAlive);
            ChannelFuture write = nettyHttpServiceResponse.write(channelHandlerContext.channel());
            if (!this.keepAlive) {
                write.addListener(ChannelFutureListener.CLOSE);
            }
            return Future.done();
        }).onFailure(th -> {
            if ((th instanceof HttpServiceRequestException) || (th instanceof DtoReadException)) {
                if (logger.isWarnEnabled()) {
                    logger.warn("Incoming request could not be processed", th);
                }
                sendEmptyResponseAndCleanup(channelHandlerContext, HttpResponseStatus.BAD_REQUEST, false);
            } else if (th instanceof ServiceNotFoundException) {
                sendEmptyResponseAndCleanup(channelHandlerContext, HttpResponseStatus.NOT_FOUND, false);
            } else {
                logAndSendInternalServerError(channelHandlerContext, "handling", th);
            }
        });
    }

    private HttpServiceInternal resolveService(ChannelHandlerContext channelHandlerContext, String str) {
        Optional<HttpServiceInternal> serviceByPath = this.serviceLookup.getServiceByPath(str);
        if (!serviceByPath.isEmpty()) {
            return serviceByPath.get();
        }
        sendEmptyResponseAndCleanup(channelHandlerContext, HttpResponseStatus.NOT_FOUND);
        return null;
    }

    private boolean authorize(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest) {
        String str = httpRequest.headers().get("authorization");
        if (str != null && str.regionMatches(true, 0, "bearer ", 0, 7)) {
            str = str.substring(7).stripLeading();
        }
        try {
            try {
                if (this.consumer == null && this.sslHandler != null) {
                    Optional<ConsumerDescription> tryFrom = ConsumerDescription.tryFrom(this.sslHandler.engine().getSession().getPeerCertificates(), (InetSocketAddress) channelHandlerContext.channel().remoteAddress());
                    if (tryFrom.isEmpty()) {
                        sendEmptyResponseAndCleanup(channelHandlerContext, HttpResponseStatus.UNAUTHORIZED);
                        return false;
                    }
                    this.consumer = tryFrom.get();
                }
                if (this.service.accessPolicy().isAuthorized(this.consumer, this.system, this.service.description(), str)) {
                    return true;
                }
                sendEmptyResponseAndCleanup(channelHandlerContext, HttpResponseStatus.UNAUTHORIZED);
                return false;
            } catch (SSLPeerUnverifiedException | AccessTokenException e) {
                sendEmptyResponseAndCleanup(channelHandlerContext, HttpResponseStatus.UNAUTHORIZED);
                return false;
            }
        } catch (Exception e2) {
            logAndSendInternalServerError(channelHandlerContext, "authorizing", e2);
            return false;
        }
    }

    private EncodingDescriptor resolveEncoding(ChannelHandlerContext channelHandlerContext) {
        Optional<EncodingDescriptor> findEncodingCompatibleWithAcceptHeaders;
        HttpHeaders headers = this.request.headers();
        List<EncodingDescriptor> encodings = this.service.encodings();
        Optional.empty();
        String str = headers.get("content-type");
        if (str != null) {
            findEncodingCompatibleWithAcceptHeaders = HttpMediaTypes.findEncodingCompatibleWithContentType(encodings, str);
        } else {
            List all = headers.getAll("accept");
            if (all == null || all.size() <= 0) {
                return this.service.defaultEncoding();
            }
            findEncodingCompatibleWithAcceptHeaders = HttpMediaTypes.findEncodingCompatibleWithAcceptHeaders(encodings, all);
        }
        if (findEncodingCompatibleWithAcceptHeaders.isPresent()) {
            return findEncodingCompatibleWithAcceptHeaders.get();
        }
        sendEmptyResponseAndCleanup(channelHandlerContext, HttpResponseStatus.UNSUPPORTED_MEDIA_TYPE);
        return null;
    }

    private void readContent(HttpContent httpContent) {
        if (this.body == null) {
            return;
        }
        this.body.append(httpContent);
        if (httpContent instanceof LastHttpContent) {
            this.body.finish((LastHttpContent) httpContent);
            this.body = null;
        }
    }

    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) {
        try {
            try {
                if (this.body != null && this.body.tryAbort(th)) {
                    this.body = null;
                }
            } catch (Throwable th2) {
                th2.addSuppressed(th);
                logAndSendInternalServerError(channelHandlerContext, "handling", th2);
            }
        } finally {
            logAndSendInternalServerError(channelHandlerContext, "handling", th);
        }
    }

    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) {
        if (obj instanceof IdleStateEvent) {
            if (((IdleStateEvent) obj).state() == IdleState.READER_IDLE && this.body != null) {
                if (this.body.tryAbort(new HttpServiceRequestException(HttpStatus.REQUEST_TIMEOUT))) {
                    this.body = null;
                    sendEmptyResponseAndCleanup(channelHandlerContext, HttpResponseStatus.REQUEST_TIMEOUT, false);
                }
            }
            channelHandlerContext.close();
        }
    }

    private void logAndSendInternalServerError(ChannelHandlerContext channelHandlerContext, String str, Throwable th) {
        if (logger.isErrorEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("An unexpected exception was caught while ").append(str);
            if (this.request != null) {
                sb.append(" the request ").append(this.request.method()).append(' ').append(this.request.uri());
            } else {
                sb.append(" a request");
            }
            if (this.service != null) {
                sb.append(" routed to the \"").append(this.service.name()).append("\" service");
            } else {
                sb.append(" before it could be routed to a service");
            }
            sb.append("; the request was received from ");
            if (this.consumer != null) {
                sb.append("the system \"").append(this.consumer.name()).append("\" at ");
            }
            sb.append(channelHandlerContext.channel().remoteAddress());
            logger.error(sb.toString(), th);
        }
        sendEmptyResponseAndCleanup(channelHandlerContext, HttpResponseStatus.INTERNAL_SERVER_ERROR, false);
    }

    private void sendEmptyResponseAndCleanup(ChannelHandlerContext channelHandlerContext, HttpResponseStatus httpResponseStatus) {
        sendEmptyResponseAndCleanup(channelHandlerContext, httpResponseStatus, this.keepAlive);
    }

    private void sendEmptyResponseAndCleanup(ChannelHandlerContext channelHandlerContext, HttpResponseStatus httpResponseStatus, boolean z) {
        HttpHeaders add = new DefaultHttpHeaders(false).add("content-length", "0");
        HttpVersion protocolVersion = this.request != null ? this.request.protocolVersion() : HttpVersion.HTTP_1_1;
        if (z) {
            HttpUtil.setKeepAlive(add, protocolVersion, true);
        }
        ChannelFuture writeAndFlush = channelHandlerContext.writeAndFlush(new DefaultFullHttpResponse(protocolVersion, httpResponseStatus, Unpooled.EMPTY_BUFFER, add, EmptyHttpHeaders.INSTANCE));
        if (z) {
            return;
        }
        writeAndFlush.addListener(ChannelFutureListener.CLOSE);
    }
}
