package org.apache.tinkerpop.gremlin.server;

import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.timeout.IdleStateHandler;
import java.io.FileInputStream;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.ScheduledExecutorService;
import java.util.stream.Stream;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import org.apache.tinkerpop.gremlin.groovy.engine.GremlinExecutor;
import org.apache.tinkerpop.gremlin.server.Settings;
import org.apache.tinkerpop.gremlin.server.auth.Authenticator;
import org.apache.tinkerpop.gremlin.server.authz.Authorizer;
import org.apache.tinkerpop.gremlin.server.handler.AbstractAuthenticationHandler;
import org.apache.tinkerpop.gremlin.server.handler.OpExecutorHandler;
import org.apache.tinkerpop.gremlin.server.handler.OpSelectorHandler;
import org.apache.tinkerpop.gremlin.server.util.ServerGremlinExecutor;
import org.apache.tinkerpop.gremlin.util.MessageSerializer;
import org.apache.tinkerpop.gremlin.util.ser.GraphBinaryMessageSerializerV1;
import org.apache.tinkerpop.gremlin.util.ser.GraphSONMessageSerializerV2;
import org.javatuples.Pair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/tinkerpop/gremlin/server/AbstractChannelizer.class */
public abstract class AbstractChannelizer extends ChannelInitializer<SocketChannel> implements Channelizer {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) AbstractChannelizer.class);
    protected static final List<Settings.SerializerSettings> DEFAULT_SERIALIZERS = Arrays.asList(new Settings.SerializerSettings(GraphSONMessageSerializerV2.class.getName(), Collections.emptyMap()), new Settings.SerializerSettings(GraphBinaryMessageSerializerV1.class.getName(), Collections.emptyMap()), new Settings.SerializerSettings(GraphBinaryMessageSerializerV1.class.getName(), new HashMap<String, Object>() { // from class: org.apache.tinkerpop.gremlin.server.AbstractChannelizer.1
        {
            put(GraphBinaryMessageSerializerV1.TOKEN_SERIALIZE_RESULT_TO_STRING, true);
        }
    }));
    protected Settings settings;
    protected GremlinExecutor gremlinExecutor;
    protected Optional<SslContext> sslContext;
    protected GraphManager graphManager;
    protected ExecutorService gremlinExecutorService;
    protected ScheduledExecutorService scheduledExecutorService;
    public static final String PIPELINE_AUTHENTICATOR = "authenticator";
    public static final String PIPELINE_AUTHORIZER = "authorizer";
    public static final String PIPELINE_REQUEST_HANDLER = "request-handler";
    public static final String PIPELINE_HTTP_RESPONSE_ENCODER = "http-response-encoder";
    public static final String PIPELINE_HTTP_AGGREGATOR = "http-aggregator";
    public static final String PIPELINE_WEBSOCKET_SERVER_COMPRESSION = "web-socket-server-compression-handler";
    public static final String PIPELINE_HTTP_USER_AGENT_HANDLER = "http-user-agent-handler";
    protected static final String PIPELINE_SSL = "ssl";
    protected static final String PIPELINE_OP_SELECTOR = "op-selector";
    protected static final String PIPELINE_OP_EXECUTOR = "op-executor";
    protected static final String PIPELINE_HTTP_REQUEST_DECODER = "http-request-decoder";
    protected static final String GREMLIN_ENDPOINT = "/gremlin";
    protected final Map<String, MessageSerializer<?>> serializers = new HashMap();
    private OpSelectorHandler opSelectorHandler;
    private OpExecutorHandler opExecutorHandler;
    protected Authenticator authenticator;
    protected Authorizer authorizer;

    public abstract void configure(ChannelPipeline channelPipeline);

    public void finalize(ChannelPipeline channelPipeline) {
    }

    @Override // org.apache.tinkerpop.gremlin.server.Channelizer
    public void init(ServerGremlinExecutor serverGremlinExecutor) {
        this.settings = serverGremlinExecutor.getSettings();
        this.gremlinExecutor = serverGremlinExecutor.getGremlinExecutor();
        this.graphManager = serverGremlinExecutor.getGraphManager();
        this.gremlinExecutorService = serverGremlinExecutor.getGremlinExecutorService();
        this.scheduledExecutorService = serverGremlinExecutor.getScheduledExecutorService();
        configureSerializers();
        this.sslContext = (this.settings.optionalSsl().isPresent() && this.settings.ssl.enabled) ? Optional.ofNullable(createSSLContext(this.settings)) : Optional.empty();
        if (this.sslContext.isPresent()) {
            logger.info("SSL enabled");
        }
        this.authenticator = createAuthenticator(this.settings.authentication);
        this.authorizer = createAuthorizer(this.settings.authorization);
        this.opSelectorHandler = new OpSelectorHandler(this.settings, this.graphManager, this.gremlinExecutor, this.scheduledExecutorService, this);
        this.opExecutorHandler = new OpExecutorHandler(this.settings, this.graphManager, this.gremlinExecutor, this.scheduledExecutorService);
    }

    @Override // io.netty.channel.ChannelInitializer
    public void initChannel(SocketChannel socketChannel) throws Exception {
        ChannelPipeline pipeline = socketChannel.pipeline();
        this.sslContext.ifPresent(sslContext -> {
            pipeline.addLast(PIPELINE_SSL, sslContext.newHandler(socketChannel.alloc()));
        });
        if (supportsIdleMonitor()) {
            pipeline.addLast(new IdleStateHandler((int) (this.settings.idleConnectionTimeout / 1000), (int) (this.settings.keepAliveInterval / 1000), 0));
        }
        configure(pipeline);
        pipeline.addLast(PIPELINE_OP_SELECTOR, this.opSelectorHandler);
        pipeline.addLast(PIPELINE_OP_EXECUTOR, this.opExecutorHandler);
        finalize(pipeline);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAuthenticationHandler createAuthenticationHandler(Settings settings) {
        try {
            Class<?> cls = Class.forName(settings.authentication.authenticationHandler);
            try {
                return (AbstractAuthenticationHandler) cls.getDeclaredConstructor(Authenticator.class, Authorizer.class, Settings.class).newInstance(this.authenticator, this.authorizer, settings);
            } catch (Exception e) {
                try {
                    Constructor<?> declaredConstructor = cls.getDeclaredConstructor(Authenticator.class, Settings.class);
                    if (this.authorizer != null) {
                        logger.warn("There is an authorizer configured but the {} does not have a constructor of ({}, {}, {}) so it cannot be added", cls.getName(), Authenticator.class.getSimpleName(), Authorizer.class.getSimpleName(), Settings.class.getSimpleName());
                    }
                    return (AbstractAuthenticationHandler) declaredConstructor.newInstance(this.authenticator, settings);
                } catch (Exception e2) {
                    throw e2;
                }
            }
        } catch (Exception e3) {
            logger.warn(e3.getMessage());
            throw new IllegalStateException(String.format("Could not create/configure AuthenticationHandler %s", settings.authentication.authenticationHandler), e3);
        }
    }

    private Authenticator createAuthenticator(Settings.AuthenticationSettings authenticationSettings) {
        try {
            Authenticator authenticator = (Authenticator) Class.forName(authenticationSettings.authenticator).newInstance();
            authenticator.setup(authenticationSettings.config);
            return authenticator;
        } catch (Exception e) {
            logger.warn(e.getMessage());
            throw new IllegalStateException(String.format("Could not create/configure Authenticator %s", this.authenticator), e);
        }
    }

    private Authorizer createAuthorizer(Settings.AuthorizationSettings authorizationSettings) {
        String str = authorizationSettings.authorizer;
        if (null == str) {
            return null;
        }
        try {
            Authorizer authorizer = (Authorizer) Class.forName(str).newInstance();
            authorizer.setup(authorizationSettings.config);
            return authorizer;
        } catch (Exception e) {
            logger.warn(e.getMessage());
            throw new IllegalStateException(String.format("Could not create/configure Authorizer %s", this.authorizer), e);
        }
    }

    private void configureSerializers() {
        ((null == this.settings.serializers || this.settings.serializers.isEmpty()) ? DEFAULT_SERIALIZERS : this.settings.serializers).stream().map(serializerSettings -> {
            try {
                Class<?> cls = Class.forName(serializerSettings.className);
                if (!MessageSerializer.class.isAssignableFrom(cls)) {
                    logger.warn("The {} serialization class does not implement {} - it will not be available.", serializerSettings.className, MessageSerializer.class.getCanonicalName());
                    return Optional.empty();
                }
                if (cls.getAnnotation(Deprecated.class) != null) {
                    logger.warn("The {} serialization class is deprecated.", serializerSettings.className);
                }
                MessageSerializer messageSerializer = (MessageSerializer) cls.newInstance();
                HashMap hashMap = new HashMap();
                for (String str : this.settings.graphs.keySet()) {
                    hashMap.put(str, this.graphManager.getGraph(str));
                }
                if (serializerSettings.config != null) {
                    messageSerializer.configure(serializerSettings.config, hashMap);
                }
                return Optional.ofNullable(messageSerializer);
            } catch (ClassNotFoundException e) {
                logger.warn("Could not find configured serializer class - {} - it will not be available", serializerSettings.className);
                return Optional.empty();
            } catch (Exception e2) {
                logger.warn("Could not instantiate configured serializer class - {} - it will not be available. {}", serializerSettings.className, e2.getMessage());
                return Optional.empty();
            }
        }).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).flatMap(messageSerializer -> {
            return Stream.of((Object[]) messageSerializer.mimeTypesSupported()).map(str -> {
                return Pair.with(str, messageSerializer);
            });
        }).forEach(pair -> {
            String str = (String) pair.getValue0();
            MessageSerializer<?> messageSerializer2 = (MessageSerializer) pair.getValue1();
            if (this.serializers.containsKey(str)) {
                logger.info("{} already has {} configured - it will not be replaced by {}, change order of serialization configuration if this is not desired.", str, this.serializers.get(str).getClass().getName(), messageSerializer2.getClass().getName());
            } else {
                logger.info("Configured {} with {}", str, ((MessageSerializer) pair.getValue1()).getClass().getName());
                this.serializers.put(str, messageSerializer2);
            }
        });
        if (this.serializers.size() == 0) {
            logger.error("No serializers were successfully configured - server will not start.");
            throw new RuntimeException("Serialization configuration error.");
        }
    }

    private SslContext createSSLContext(Settings settings) {
        Settings.SslSettings sslSettings = settings.ssl;
        if (sslSettings.getSslContext().isPresent()) {
            logger.info("Using the SslContext override");
            return sslSettings.getSslContext().get();
        }
        SslProvider sslProvider = SslProvider.JDK;
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            if (null == sslSettings.keyStore) {
                throw new IllegalStateException("keyStore must be configured when SSL is enabled.");
            }
            KeyStore keyStore = KeyStore.getInstance(null == sslSettings.keyStoreType ? KeyStore.getDefaultType() : sslSettings.keyStoreType);
            char[] charArray = null == sslSettings.keyStorePassword ? null : sslSettings.keyStorePassword.toCharArray();
            FileInputStream fileInputStream = new FileInputStream(sslSettings.keyStore);
            try {
                keyStore.load(fileInputStream, charArray);
                fileInputStream.close();
                keyManagerFactory.init(keyStore, charArray);
                SslContextBuilder forServer = SslContextBuilder.forServer(keyManagerFactory);
                if (null != sslSettings.trustStore) {
                    KeyStore keyStore2 = KeyStore.getInstance(null != sslSettings.trustStoreType ? sslSettings.trustStoreType : sslSettings.keyStoreType != null ? sslSettings.keyStoreType : KeyStore.getDefaultType());
                    char[] charArray2 = null == sslSettings.trustStorePassword ? null : sslSettings.trustStorePassword.toCharArray();
                    fileInputStream = new FileInputStream(sslSettings.trustStore);
                    try {
                        keyStore2.load(fileInputStream, charArray2);
                        fileInputStream.close();
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory.init(keyStore2);
                        forServer.trustManager(trustManagerFactory);
                    } finally {
                    }
                }
                if (null != sslSettings.sslCipherSuites && !sslSettings.sslCipherSuites.isEmpty()) {
                    forServer.ciphers(sslSettings.sslCipherSuites);
                }
                if (null != sslSettings.sslEnabledProtocols && !sslSettings.sslEnabledProtocols.isEmpty()) {
                    forServer.protocols((String[]) sslSettings.sslEnabledProtocols.toArray(new String[0]));
                }
                if (null != sslSettings.needClientAuth && ClientAuth.OPTIONAL == sslSettings.needClientAuth) {
                    logger.warn("needClientAuth = OPTIONAL is not a secure configuration. Setting to REQUIRE.");
                    sslSettings.needClientAuth = ClientAuth.REQUIRE;
                }
                forServer.clientAuth(sslSettings.needClientAuth).sslProvider(sslProvider);
                try {
                    return forServer.build();
                } catch (SSLException e) {
                    logger.error(e.getMessage());
                    throw new RuntimeException("There was an error enabling SSL.", e);
                }
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e2) {
            logger.error(e2.getMessage());
            throw new RuntimeException("There was an error enabling SSL.", e2);
        }
    }
}
