package com.floragunn.searchguard.ssl.http.netty;

import com.floragunn.fluent.collections.ImmutableMap;
import com.floragunn.searchguard.ssl.SearchGuardKeyStore;
import com.floragunn.searchguard.ssl.SslExceptionHandler;
import com.floragunn.searchsupport.rest.AttributedHttpRequest;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.handler.codec.DecoderException;
import io.netty.handler.ssl.SslHandler;
import java.util.function.BiConsumer;
import java.util.function.BiPredicate;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.network.NetworkService;
import org.elasticsearch.common.settings.ClusterSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.http.HttpChannel;
import org.elasticsearch.http.HttpHandlingSettings;
import org.elasticsearch.http.HttpPreRequest;
import org.elasticsearch.http.HttpRequest;
import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.http.netty4.Netty4HttpChannel;
import org.elasticsearch.http.netty4.Netty4HttpServerTransport;
import org.elasticsearch.http.netty4.internal.HttpValidator;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.telemetry.tracing.Tracer;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.netty4.AcceptChannelHandler;
import org.elasticsearch.transport.netty4.SharedGroupFactory;
import org.elasticsearch.transport.netty4.TLSConfig;
import org.elasticsearch.xcontent.NamedXContentRegistry;

/* loaded from: input_file:com/floragunn/searchguard/ssl/http/netty/SearchGuardSSLNettyHttpServerTransport.class */
public class SearchGuardSSLNettyHttpServerTransport extends Netty4HttpServerTransport {
    private static final Logger logger = LogManager.getLogger(SearchGuardSSLNettyHttpServerTransport.class);
    private final SearchGuardKeyStore sgks;
    private final SslExceptionHandler errorHandler;
    private final BiConsumer<HttpPreRequest, ThreadContext> perRequestThreadContext;

    /* loaded from: input_file:com/floragunn/searchguard/ssl/http/netty/SearchGuardSSLNettyHttpServerTransport$SSLHttpChannelHandler.class */
    protected class SSLHttpChannelHandler extends Netty4HttpServerTransport.HttpChannelHandler {
        protected SSLHttpChannelHandler(Netty4HttpServerTransport netty4HttpServerTransport, HttpHandlingSettings httpHandlingSettings, SearchGuardKeyStore searchGuardKeyStore) {
            super(netty4HttpServerTransport, httpHandlingSettings, TLSConfig.noTLS(), (BiPredicate) null, (HttpValidator) null);
        }

        protected void initChannel(Channel channel) throws Exception {
            super.initChannel(channel);
            channel.pipeline().addFirst("ssl_http", new SslHandler(SearchGuardSSLNettyHttpServerTransport.this.sgks.createHTTPSSLEngine()));
        }
    }

    public SearchGuardSSLNettyHttpServerTransport(Settings settings, NetworkService networkService, ThreadPool threadPool, SearchGuardKeyStore searchGuardKeyStore, NamedXContentRegistry namedXContentRegistry, HttpServerTransport.Dispatcher dispatcher, ClusterSettings clusterSettings, SharedGroupFactory sharedGroupFactory, SslExceptionHandler sslExceptionHandler, Tracer tracer, BiConsumer<HttpPreRequest, ThreadContext> biConsumer) {
        super(settings, networkService, threadPool, namedXContentRegistry, dispatcher, clusterSettings, sharedGroupFactory, tracer, TLSConfig.noTLS(), (AcceptChannelHandler.AcceptPredicate) null, (HttpValidator) null);
        this.sgks = searchGuardKeyStore;
        this.errorHandler = sslExceptionHandler;
        this.perRequestThreadContext = biConsumer;
    }

    public void incomingRequest(HttpRequest httpRequest, HttpChannel httpChannel) {
        super.incomingRequest(AttributedHttpRequest.create(httpRequest, ImmutableMap.of("sg_ssl_handler", ((Netty4HttpChannel) httpChannel).getNettyChannel().pipeline().get("ssl_http"))), httpChannel);
    }

    protected void populatePerRequestThreadContext(RestRequest restRequest, ThreadContext threadContext) {
        this.perRequestThreadContext.accept(restRequest.getHttpRequest(), threadContext);
    }

    public ChannelHandler configureServerChannelHandler() {
        return new SSLHttpChannelHandler(this, this.handlingSettings, this.sgks);
    }

    public void onException(HttpChannel httpChannel, Exception exc) {
        Exception exc2 = exc;
        if ((exc instanceof DecoderException) && exc != null) {
            exc2 = exc.getCause();
        }
        this.errorHandler.logError(exc2, true);
        if (logger.isDebugEnabled()) {
            logger.debug("Exception during establishing a SSL connection: " + exc2, exc2);
        }
        super.onException(httpChannel, exc);
    }
}
