package org.hyperledger.besu.ethereum.api.jsonrpc.websocket;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Splitter;
import com.google.common.collect.Iterables;
import com.google.common.collect.Streams;
import io.vertx.core.AsyncResult;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.core.http.HttpServer;
import io.vertx.core.http.HttpServerOptions;
import io.vertx.core.http.HttpServerRequest;
import io.vertx.core.http.ServerWebSocket;
import io.vertx.core.net.SocketAddress;
import io.vertx.ext.web.Route;
import io.vertx.ext.web.Router;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.handler.BodyHandler;
import java.net.InetSocketAddress;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.hyperledger.besu.ethereum.api.jsonrpc.authentication.AuthenticationService;
import org.hyperledger.besu.ethereum.api.jsonrpc.authentication.AuthenticationUtils;
import org.hyperledger.besu.ethereum.api.jsonrpc.websocket.subscription.SubscriptionManager;
import org.hyperledger.besu.util.NetworkUtility;

/* loaded from: input_file:org/hyperledger/besu/ethereum/api/jsonrpc/websocket/WebSocketService.class */
public class WebSocketService {
    private static final Logger LOG = LogManager.getLogger();
    private static final InetSocketAddress EMPTY_SOCKET_ADDRESS = new InetSocketAddress(NetworkUtility.INADDR_ANY, 0);
    private static final String APPLICATION_JSON = "application/json";
    private final Vertx vertx;
    private final WebSocketConfiguration configuration;
    private final WebSocketRequestHandler websocketRequestHandler;
    private HttpServer httpServer;

    @VisibleForTesting
    public final Optional<AuthenticationService> authenticationService;

    public WebSocketService(Vertx vertx, WebSocketConfiguration webSocketConfiguration, WebSocketRequestHandler webSocketRequestHandler) {
        this(vertx, webSocketConfiguration, webSocketRequestHandler, AuthenticationService.create(vertx, webSocketConfiguration));
    }

    private WebSocketService(Vertx vertx, WebSocketConfiguration webSocketConfiguration, WebSocketRequestHandler webSocketRequestHandler, Optional<AuthenticationService> optional) {
        this.vertx = vertx;
        this.configuration = webSocketConfiguration;
        this.websocketRequestHandler = webSocketRequestHandler;
        this.authenticationService = optional;
    }

    public CompletableFuture<?> start() {
        LOG.info("Starting Websocket service on {}:{}", this.configuration.getHost(), Integer.valueOf(this.configuration.getPort()));
        CompletableFuture<?> completableFuture = new CompletableFuture<>();
        this.httpServer = this.vertx.createHttpServer(new HttpServerOptions().setHost(this.configuration.getHost()).setPort(this.configuration.getPort()).setWebsocketSubProtocols("undefined")).websocketHandler(websocketHandler()).requestHandler(httpHandler()).listen(startHandler(completableFuture));
        return completableFuture;
    }

    private Handler<ServerWebSocket> websocketHandler() {
        return serverWebSocket -> {
            SocketAddress remoteAddress = serverWebSocket.remoteAddress();
            String textHandlerID = serverWebSocket.textHandlerID();
            String authToken = getAuthToken(serverWebSocket);
            if (authToken != null) {
                LOG.trace("Websocket authentication token {}", authToken);
            }
            if (!hasWhitelistedHostnameHeader(Optional.ofNullable(serverWebSocket.headers().get("Host")))) {
                serverWebSocket.reject(403);
            }
            LOG.debug("Websocket Connected ({})", socketAddressAsString(remoteAddress));
            serverWebSocket.textMessageHandler(str -> {
                LOG.debug("Received Websocket request {} ({})", str, socketAddressAsString(remoteAddress));
                AuthenticationUtils.getUser(this.authenticationService, authToken, optional -> {
                    this.websocketRequestHandler.handle(this.authenticationService, textHandlerID, str, optional);
                });
            });
            serverWebSocket.closeHandler(r8 -> {
                LOG.debug("Websocket Disconnected ({})", socketAddressAsString(remoteAddress));
                this.vertx.eventBus().publish(SubscriptionManager.EVENTBUS_REMOVE_SUBSCRIPTIONS_ADDRESS, textHandlerID);
            });
            serverWebSocket.exceptionHandler(th -> {
                LOG.debug("Unrecoverable error on Websocket: {} ({})", th.getMessage(), socketAddressAsString(remoteAddress));
                serverWebSocket.close();
            });
        };
    }

    private Handler<HttpServerRequest> httpHandler() {
        Router router = Router.router(this.vertx);
        router.route().handler(checkWhitelistHostHeader());
        if (this.authenticationService.isPresent()) {
            router.route("/login").handler(BodyHandler.create());
            Route produces = router.post("/login").produces(APPLICATION_JSON);
            AuthenticationService authenticationService = this.authenticationService.get();
            Objects.requireNonNull(authenticationService);
            produces.handler(authenticationService::handleLogin);
        } else {
            router.post("/login").produces(APPLICATION_JSON).handler(AuthenticationService::handleDisabledLogin);
        }
        router.route().handler(routingContext -> {
            routingContext.response().setStatusCode(400).end("Websocket endpoint can't handle HTTP requests");
        });
        return router;
    }

    private Handler<AsyncResult<HttpServer>> startHandler(CompletableFuture<?> completableFuture) {
        return asyncResult -> {
            if (!asyncResult.succeeded()) {
                completableFuture.completeExceptionally(asyncResult.cause());
                return;
            }
            int actualPort = ((HttpServer) asyncResult.result()).actualPort();
            LOG.info("Websocket service started and listening on {}:{}", this.configuration.getHost(), Integer.valueOf(actualPort));
            this.configuration.setPort(actualPort);
            completableFuture.complete(null);
        };
    }

    public CompletableFuture<?> stop() {
        if (this.httpServer == null) {
            return CompletableFuture.completedFuture(null);
        }
        CompletableFuture<?> completableFuture = new CompletableFuture<>();
        this.httpServer.close(asyncResult -> {
            if (!asyncResult.succeeded()) {
                completableFuture.completeExceptionally(asyncResult.cause());
            } else {
                this.httpServer = null;
                completableFuture.complete(null);
            }
        });
        return completableFuture;
    }

    public InetSocketAddress socketAddress() {
        return this.httpServer == null ? EMPTY_SOCKET_ADDRESS : new InetSocketAddress(this.configuration.getHost(), this.httpServer.actualPort());
    }

    private String socketAddressAsString(SocketAddress socketAddress) {
        return String.format("host=%s, port=%d", socketAddress.host(), Integer.valueOf(socketAddress.port()));
    }

    private String getAuthToken(ServerWebSocket serverWebSocket) {
        return AuthenticationUtils.getJwtTokenFromAuthorizationHeaderValue(serverWebSocket.headers().get("Authorization"));
    }

    private Handler<RoutingContext> checkWhitelistHostHeader() {
        return routingContext -> {
            if (hasWhitelistedHostnameHeader(Optional.ofNullable(routingContext.request().host()))) {
                routingContext.next();
            } else {
                routingContext.response().setStatusCode(403).putHeader("Content-Type", "application/json; charset=utf-8").end("{\"message\":\"Host not authorized.\"}");
            }
        };
    }

    @VisibleForTesting
    public boolean hasWhitelistedHostnameHeader(Optional<String> optional) {
        return this.configuration.getHostsWhitelist().contains("*") || ((Boolean) optional.map(str -> {
            return Boolean.valueOf(checkHostInWhitelist(validateHostHeader(str)));
        }).orElse(false)).booleanValue();
    }

    private Optional<String> validateHostHeader(String str) {
        Iterable split = Splitter.on(':').split(str);
        long count = Streams.stream(split).count();
        return (count <= 1 || (count <= 2 && ((String) Iterables.get(split, 1)).matches("\\d{1,5}+"))) ? Optional.ofNullable((String) Iterables.get(split, 0)) : Optional.empty();
    }

    private boolean checkHostInWhitelist(Optional<String> optional) {
        return ((Boolean) optional.map(str -> {
            return Boolean.valueOf(this.configuration.getHostsWhitelist().stream().anyMatch(str -> {
                return str.toLowerCase().equals(str.toLowerCase());
            }));
        }).orElse(false)).booleanValue();
    }
}
