package com.huawei.fusionstage.middleware.dtm.rpc;

import com.huawei.fusionstage.middleware.dtm.common.configuration.PropertiesUtils;
import com.huawei.fusionstage.middleware.dtm.common.exception.ShouldNeverHappenException;
import com.huawei.fusionstage.middleware.dtm.common.logger.DTMLoggerFactory;
import com.huawei.fusionstage.middleware.dtm.common.module.DynamicModuleLoaderUtil;
import com.huawei.fusionstage.middleware.dtm.common.module.security.ISecurity;
import com.huawei.fusionstage.middleware.dtm.common.proxy.IServerProxy;
import com.huawei.fusionstage.middleware.dtm.common.util.NetAddressUtils;
import com.huawei.fusionstage.middleware.dtm.common.util.StringUtils;
import com.huawei.fusionstage.middleware.dtm.rpc.api.IHeartBeatChecker;
import com.huawei.fusionstage.middleware.dtm.rpc.api.IRpcServer;
import com.huawei.fusionstage.middleware.dtm.rpc.handler.MessageDecoderHandler;
import com.huawei.fusionstage.middleware.dtm.rpc.handler.MessageEncoderHandler;
import com.huawei.fusionstage.middleware.dtm.rpc.handler.NettyServerProxyActionHandler;
import io.netty.bootstrap.ServerBootstrap;
import io.netty.buffer.PooledByteBufAllocator;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelOption;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.EventLoopGroup;
import io.netty.channel.nio.NioEventLoopGroup;
import io.netty.channel.socket.nio.NioServerSocketChannel;
import io.netty.channel.socket.nio.NioSocketChannel;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import io.netty.handler.timeout.IdleStateHandler;
import io.netty.util.concurrent.DefaultThreadFactory;
import java.io.File;
import java.io.FileInputStream;
import java.lang.invoke.MethodHandles;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import org.slf4j.Logger;

/* loaded from: input_file:com/huawei/fusionstage/middleware/dtm/rpc/NettyServer.class */
public class NettyServer implements IRpcServer {
    private static final Logger LOGGER = DTMLoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private ServerBootstrap bootstrap;
    private EventLoopGroup bossGroup;
    private EventLoopGroup workerGroup;
    private IServerProxy<Channel> serverProxy;
    private SslContext sslCtx = null;
    private volatile boolean isActive = false;

    public NettyServer(IServerProxy<Channel> iServerProxy) {
        this.serverProxy = iServerProxy;
    }

    private void processSsl() throws Exception {
        SslContextBuilder forServer;
        if (PropertiesUtils.getStringProperty("rpc-ssl-switch", "off").equalsIgnoreCase("on")) {
            List asList = Arrays.asList(PropertiesUtils.getStringProperty("rpc-cipher-suite", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256").split(","));
            String assertHasStringProperty = PropertiesUtils.assertHasStringProperty("rpc-server-cert-file");
            String assertHasStringProperty2 = PropertiesUtils.assertHasStringProperty("rpc-server-ca-cert-file");
            String decrypt = ((ISecurity) DynamicModuleLoaderUtil.getDynamicModuleSingleton(ISecurity.class)).decrypt(PropertiesUtils.assertHasStringProperty("rpc-server-encrypted-password"));
            if (assertHasStringProperty.endsWith(".p12")) {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                FileInputStream fileInputStream = new FileInputStream(assertHasStringProperty);
                Throwable th = null;
                try {
                    try {
                        keyStore.load(fileInputStream, decrypt.toCharArray());
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                        keyManagerFactory.init(keyStore, decrypt.toCharArray());
                        forServer = SslContextBuilder.forServer(keyManagerFactory);
                    } catch (Throwable th3) {
                        th = th3;
                        throw th3;
                    }
                } catch (Throwable th4) {
                    if (fileInputStream != null) {
                        if (th != null) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th5) {
                                th.addSuppressed(th5);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    throw th4;
                }
            } else {
                forServer = SslContextBuilder.forServer(new File(assertHasStringProperty), new File(PropertiesUtils.assertHasStringProperty("rpc-server-key-file")), decrypt);
            }
            this.sslCtx = forServer.trustManager(new File(assertHasStringProperty2)).ciphers(asList, SupportedCipherSuiteFilter.INSTANCE).protocols(new String[]{"TLSv1.2"}).clientAuth(ClientAuth.NONE).build();
        }
    }

    @Override // com.huawei.fusionstage.middleware.dtm.rpc.api.IRpcServer
    public void startServer(String str, String str2, final IHeartBeatChecker iHeartBeatChecker) throws Exception {
        if (StringUtils.isBlank(str2)) {
            throw new ShouldNeverHappenException("Server Address can not be null.");
        }
        processSsl();
        try {
            this.bootstrap = new ServerBootstrap();
            this.bossGroup = new NioEventLoopGroup(1, new DefaultThreadFactory("NettyServerBoss", true));
            this.workerGroup = new NioEventLoopGroup(Runtime.getRuntime().availableProcessors() + 1, new DefaultThreadFactory("dtm-Server-Workers-Pool", true));
            this.bootstrap.group(this.bossGroup, this.workerGroup).channel(NioServerSocketChannel.class).childOption(ChannelOption.TCP_NODELAY, Boolean.TRUE).childOption(ChannelOption.SO_REUSEADDR, Boolean.TRUE).childOption(ChannelOption.ALLOCATOR, PooledByteBufAllocator.DEFAULT).childOption(ChannelOption.SO_KEEPALIVE, Boolean.TRUE).childHandler(new ChannelInitializer<NioSocketChannel>() { // from class: com.huawei.fusionstage.middleware.dtm.rpc.NettyServer.1
                /* JADX INFO: Access modifiers changed from: protected */
                public void initChannel(NioSocketChannel nioSocketChannel) throws Exception {
                    ChannelPipeline pipeline = nioSocketChannel.pipeline();
                    if (NettyServer.this.sslCtx != null) {
                        SSLEngine newEngine = NettyServer.this.sslCtx.newEngine(nioSocketChannel.alloc());
                        newEngine.setUseClientMode(false);
                        newEngine.setNeedClientAuth(false);
                        pipeline.addFirst("SSL", new SslHandler(newEngine));
                    }
                    pipeline.addLast(new ChannelHandler[]{new IdleStateHandler(10L, 0L, 0L, TimeUnit.SECONDS)}).addLast(new ChannelHandler[]{new MessageDecoderHandler(iHeartBeatChecker)}).addLast(new ChannelHandler[]{new MessageEncoderHandler()}).addLast(new ChannelHandler[]{new NettyServerProxyActionHandler(NettyServer.this.serverProxy)});
                }
            });
            this.bootstrap.bind(NetAddressUtils.toInetSocketAddress(str2)).sync().channel();
            LOGGER.info("{} server started on address {} success.", str, str2);
            this.isActive = true;
        } catch (Throwable th) {
            stopServer();
            throw th;
        }
    }

    @Override // com.huawei.fusionstage.middleware.dtm.rpc.api.IRpcServer
    public void startServer(String str, String str2) throws Exception {
        startServer(str, str2, null);
    }

    @Override // com.huawei.fusionstage.middleware.dtm.rpc.api.IRpcServer
    public void stopServer() {
        this.isActive = false;
        try {
            if (this.bootstrap != null) {
                this.bossGroup.shutdownGracefully();
            }
            if (this.workerGroup != null) {
                this.workerGroup.shutdownGracefully();
            }
        } catch (Throwable th) {
            LOGGER.warn("stop server failed,error message:{}", th.getMessage());
        }
    }

    @Override // com.huawei.fusionstage.middleware.dtm.rpc.api.IRpcServer
    public boolean isActive() {
        return this.isActive;
    }
}
