package com.huawei.es.security.auth.server;

import com.huawei.es.security.auth.bean.KerberosHttpServerTransportBean;
import com.huawei.es.security.auth.signer.Signer;
import com.huawei.es.security.author.handler.BulkSizeChecker;
import com.huawei.es.security.author.tool.AuthorityConstants;
import com.huawei.es.security.cluster.ClusterStateManager;
import com.huawei.es.security.index.SecurityIndexManager;
import com.huawei.es.security.ratelimiter.RateLimiterHandler;
import com.huawei.es.security.ssl.HwSecurityConstants;
import com.huawei.es.security.ssl.HwSslKeyStore;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.handler.ssl.SslHandler;
import org.apache.logging.log4j.Logger;
import org.apache.solr.common.cloud.SolrZkClient;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.http.HttpHandlingSettings;
import org.elasticsearch.http.netty4.Netty4HttpServerTransport;
import org.elasticsearch.transport.SharedGroupFactory;

/* loaded from: input_file:com/huawei/es/security/auth/server/KerberosHttpServerTransport.class */
public class KerberosHttpServerTransport extends Netty4HttpServerTransport {
    private static final Logger LOG = Loggers.getLogger(KerberosHttpServerTransport.class, new String[]{"KerberosHttpServerTransport"});
    private HwSslKeyStore hwSslKeyStore;
    private SolrZkClient solrZkClient;
    private Settings settings;
    private ClusterStateManager clusterStateManager;
    private final HttpHandlingSettings handlingSettings;
    private RateLimiterHandler rateLimiterHandler;
    private BulkSizeChecker bulkSizeChecker;
    private Signer signer;
    private SecurityIndexManager securityIndexManager;

    /* loaded from: input_file:com/huawei/es/security/auth/server/KerberosHttpServerTransport$KerberosHttpChannelHandler.class */
    protected class KerberosHttpChannelHandler extends Netty4HttpServerTransport.HttpChannelHandler {
        private static final String KERBEROS_HANDLER_NAME = "kerberos_handler";
        private static final String SERVER_REALM_HANDLER_NAME = "get_serverrealm_handler";
        private final KerberosHttpServerTransport transport;
        private KerberosHandler krbHandler;
        private ServerRealmHandler serverRealmHandler;

        private KerberosHttpChannelHandler(KerberosHttpServerTransport kerberosHttpServerTransport, SolrZkClient solrZkClient) {
            super(KerberosHttpServerTransport.this, KerberosHttpServerTransport.this.handlingSettings);
            this.transport = kerberosHttpServerTransport;
            try {
                this.krbHandler = new KerberosHandler(this.transport, solrZkClient, KerberosHttpServerTransport.this.clusterStateManager, KerberosHttpServerTransport.this.bulkSizeChecker, KerberosHttpServerTransport.this.signer, KerberosHttpServerTransport.this.securityIndexManager, KerberosHttpServerTransport.this.settings);
            } catch (Exception e) {
                KerberosHttpServerTransport.LOG.error("failed to init KerberosHandler because : " + e.getMessage());
            }
            this.serverRealmHandler = new ServerRealmHandler();
        }

        protected void initChannel(Channel channel) throws Exception {
            if (null == channel) {
                throw new IllegalArgumentException("the input parameter ch is null.");
            }
            super.initChannel(channel);
            channel.pipeline().addBefore("handler", KERBEROS_HANDLER_NAME, this.krbHandler);
            channel.pipeline().addBefore(KERBEROS_HANDLER_NAME, "rate-limiter", KerberosHttpServerTransport.this.rateLimiterHandler);
            channel.pipeline().addBefore(KERBEROS_HANDLER_NAME, SERVER_REALM_HANDLER_NAME, this.serverRealmHandler);
            if (KerberosHttpServerTransport.this.getSettings().getAsBoolean(HwSecurityConstants.SECURITY_SSL_HTTP_ENABLED, false).booleanValue()) {
                channel.pipeline().addFirst("ssl_handler", new SslHandler(this.transport.getHwSslKeyStore().createHttpSslEngine()));
            }
        }
    }

    public void setSettings(Settings settings) {
        this.settings = settings;
    }

    public Settings getSettings() {
        return this.settings;
    }

    public KerberosHttpServerTransport(HwSslKeyStore hwSslKeyStore, SolrZkClient solrZkClient, ClusterStateManager clusterStateManager, KerberosHttpServerTransportBean kerberosHttpServerTransportBean, Signer signer, SecurityIndexManager securityIndexManager) {
        super(kerberosHttpServerTransportBean.getSettings(), kerberosHttpServerTransportBean.getNetworkService(), kerberosHttpServerTransportBean.getBigArrays(), kerberosHttpServerTransportBean.getThreadPool(), kerberosHttpServerTransportBean.getNamedXContentRegistry(), kerberosHttpServerTransportBean.getDispatcher(), kerberosHttpServerTransportBean.getClusterSettings(), new SharedGroupFactory(Settings.EMPTY));
        this.hwSslKeyStore = hwSslKeyStore;
        this.solrZkClient = solrZkClient;
        this.signer = signer;
        this.clusterStateManager = clusterStateManager;
        setSettings(kerberosHttpServerTransportBean.getSettings());
        this.rateLimiterHandler = new RateLimiterHandler(clusterStateManager, kerberosHttpServerTransportBean.getSettings(), kerberosHttpServerTransportBean.getClusterSettings());
        this.bulkSizeChecker = new BulkSizeChecker(kerberosHttpServerTransportBean.getSettings(), kerberosHttpServerTransportBean.getClusterSettings());
        AuthorityConstants.setSettings(kerberosHttpServerTransportBean.getSettings());
        this.handlingSettings = HttpHandlingSettings.fromSettings(kerberosHttpServerTransportBean.getSettings());
        this.securityIndexManager = securityIndexManager;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public HwSslKeyStore getHwSslKeyStore() {
        return this.hwSslKeyStore;
    }

    public ChannelHandler configureServerChannelHandler() {
        return new KerberosHttpChannelHandler(this, this.solrZkClient);
    }
}
