package org.apache.cassandra.net;

import com.google.common.annotations.VisibleForTesting;
import io.netty.bootstrap.ServerBootstrap;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufAllocator;
import io.netty.channel.Channel;
import io.netty.channel.ChannelFuture;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelOption;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.group.ChannelGroup;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.codec.ByteToMessageDecoder;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslHandler;
import io.netty.util.concurrent.GenericFutureListener;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.util.List;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.function.Consumer;
import org.apache.cassandra.config.EncryptionOptions;
import org.apache.cassandra.exceptions.ConfigurationException;
import org.apache.cassandra.locator.InetAddressAndPort;
import org.apache.cassandra.net.HandshakeProtocol;
import org.apache.cassandra.net.OutboundConnectionSettings;
import org.apache.cassandra.security.SSLFactory;
import org.apache.cassandra.streaming.async.StreamingInboundHandler;
import org.apache.cassandra.transport.ConnectedClient;
import org.apache.cassandra.utils.memory.BufferPools;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/cassandra/net/InboundConnectionInitiator.class */
public class InboundConnectionInitiator {
    private static final Logger logger = LoggerFactory.getLogger(InboundConnectionInitiator.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/cassandra/net/InboundConnectionInitiator$Handler.class */
    public static class Handler extends ByteToMessageDecoder {
        private final InboundConnectionSettings settings;
        private HandshakeProtocol.Initiate initiate;
        private HandshakeProtocol.ConfirmOutboundPre40 confirmOutboundPre40;
        private Future<?> handshakeTimeout;
        static final /* synthetic */ boolean $assertionsDisabled;

        Handler(InboundConnectionSettings inboundConnectionSettings) {
            this.settings = inboundConnectionSettings;
        }

        public void handlerAdded(ChannelHandlerContext channelHandlerContext) throws Exception {
            this.handshakeTimeout = channelHandlerContext.executor().schedule(() -> {
                InboundConnectionInitiator.logger.error("Timeout handshaking with {} (on {})", SocketFactory.addressId(this.initiate.from, (InetSocketAddress) channelHandlerContext.channel().remoteAddress()), this.settings.bindAddress);
                failHandshake(channelHandlerContext);
            }, HandshakeProtocol.TIMEOUT_MILLIS, TimeUnit.MILLISECONDS);
            authenticate(channelHandlerContext.channel().remoteAddress());
        }

        private void authenticate(SocketAddress socketAddress) throws IOException {
            if (socketAddress.getClass().getSimpleName().equals("EmbeddedSocketAddress")) {
                return;
            }
            if (!(socketAddress instanceof InetSocketAddress)) {
                throw new IOException(String.format("Unexpected SocketAddress type: %s, %s", socketAddress.getClass(), socketAddress));
            }
            InetSocketAddress inetSocketAddress = (InetSocketAddress) socketAddress;
            if (!this.settings.authenticate(inetSocketAddress.getAddress(), inetSocketAddress.getPort())) {
                throw new IOException("Authentication failure for inbound connection from peer " + inetSocketAddress);
            }
        }

        protected void decode(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, List<Object> list) throws Exception {
            if (this.initiate == null) {
                initiate(channelHandlerContext, byteBuf);
            } else {
                if (this.initiate.acceptVersions != null || this.confirmOutboundPre40 != null) {
                    throw new IllegalStateException("Should no longer be on pipeline");
                }
                confirmPre40(channelHandlerContext, byteBuf);
            }
        }

        void initiate(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) throws IOException {
            this.initiate = HandshakeProtocol.Initiate.maybeDecode(byteBuf);
            if (this.initiate == null) {
                return;
            }
            InboundConnectionInitiator.logger.trace("Received handshake initiation message from peer {}, message = {}", channelHandlerContext.channel().remoteAddress(), this.initiate);
            if (isEncryptionRequired(this.initiate.from) && !isChannelEncrypted(channelHandlerContext)) {
                InboundConnectionInitiator.logger.warn("peer {} attempted to establish an unencrypted connection (broadcast address {})", channelHandlerContext.channel().remoteAddress(), this.initiate.from);
                failHandshake(channelHandlerContext);
            }
            if (this.initiate.acceptVersions == null) {
                int i = this.initiate.requestMessagingVersion;
                if (!$assertionsDisabled && (i >= 12 || i < this.settings.acceptMessaging.min)) {
                    throw new AssertionError();
                }
                InboundConnectionInitiator.logger.trace("Connection version {} from {}", Integer.valueOf(i), channelHandlerContext.channel().remoteAddress());
                if (!this.initiate.type.isStreaming()) {
                    AsyncChannelPromise.writeAndFlush(channelHandlerContext, HandshakeProtocol.Accept.respondPre40(this.settings.acceptMessaging.max, channelHandlerContext.alloc()), (GenericFutureListener<? extends io.netty.util.concurrent.Future<? super Void>>) channelFuture -> {
                        if (channelFuture.isSuccess()) {
                            return;
                        }
                        exceptionCaught(channelFuture.channel(), channelFuture.cause());
                    });
                    if (i < 10) {
                        throw new IOException(String.format("Unable to read obsolete message version %s from %s; The earliest version supported is 3.0.0", Integer.valueOf(i), channelHandlerContext.channel().remoteAddress()));
                    }
                    return;
                } else {
                    if (i != this.settings.acceptStreaming.max) {
                        InboundConnectionInitiator.logger.warn("Received stream using protocol version {} (my version {}). Terminating connection", Integer.valueOf(i), Integer.valueOf(this.settings.acceptStreaming.max));
                        failHandshake(channelHandlerContext);
                    }
                    setupStreamingPipeline(this.initiate.from, channelHandlerContext);
                    return;
                }
            }
            InboundConnectionInitiator.logger.trace("Connection version {} (min {}) from {}", new Object[]{Integer.valueOf(this.initiate.acceptVersions.max), Integer.valueOf(this.initiate.acceptVersions.min), this.initiate.from});
            AcceptVersions acceptVersions = this.initiate.type.isStreaming() ? this.settings.acceptStreaming : this.settings.acceptMessaging;
            int max = Math.max(acceptVersions.min, Math.min(acceptVersions.max, this.initiate.acceptVersions.max));
            AsyncChannelPromise.writeAndFlush(channelHandlerContext, new HandshakeProtocol.Accept(max, acceptVersions.max).encode(channelHandlerContext.alloc()), (GenericFutureListener<? extends io.netty.util.concurrent.Future<? super Void>>) channelFuture2 -> {
                if (channelFuture2.isSuccess()) {
                    return;
                }
                exceptionCaught(channelFuture2.channel(), channelFuture2.cause());
            });
            if (this.initiate.acceptVersions.min > acceptVersions.max) {
                InboundConnectionInitiator.logger.info("peer {} only supports messaging versions higher ({}) than this node supports ({})", new Object[]{channelHandlerContext.channel().remoteAddress(), Integer.valueOf(this.initiate.acceptVersions.min), 12});
                failHandshake(channelHandlerContext);
            } else if (this.initiate.acceptVersions.max < acceptVersions.min) {
                InboundConnectionInitiator.logger.info("peer {} only supports messaging versions lower ({}) than this node supports ({})", new Object[]{channelHandlerContext.channel().remoteAddress(), Integer.valueOf(this.initiate.acceptVersions.max), 10});
                failHandshake(channelHandlerContext);
            } else if (this.initiate.type.isStreaming()) {
                setupStreamingPipeline(this.initiate.from, channelHandlerContext);
            } else {
                setupMessagingPipeline(this.initiate.from, max, this.initiate.acceptVersions.max, channelHandlerContext.pipeline());
            }
        }

        private boolean isEncryptionRequired(InetAddressAndPort inetAddressAndPort) {
            return !this.settings.encryption.isExplicitlyOptional() && this.settings.encryption.shouldEncrypt(inetAddressAndPort);
        }

        private boolean isChannelEncrypted(ChannelHandlerContext channelHandlerContext) {
            return channelHandlerContext.pipeline().get(SslHandler.class) != null;
        }

        @VisibleForTesting
        void confirmPre40(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) {
            this.confirmOutboundPre40 = HandshakeProtocol.ConfirmOutboundPre40.maybeDecode(byteBuf);
            if (this.confirmOutboundPre40 == null) {
                return;
            }
            InboundConnectionInitiator.logger.trace("Received third handshake message from peer {}, message = {}", channelHandlerContext.channel().remoteAddress(), this.confirmOutboundPre40);
            setupMessagingPipeline(this.confirmOutboundPre40.from, this.initiate.requestMessagingVersion, this.confirmOutboundPre40.maxMessagingVersion, channelHandlerContext.pipeline());
        }

        public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) {
            exceptionCaught(channelHandlerContext.channel(), th);
        }

        private void exceptionCaught(Channel channel, Throwable th) {
            InboundConnectionInitiator.logger.error("Failed to properly handshake with peer {}. Closing the channel.", channel.remoteAddress(), th);
            try {
                failHandshake(channel);
            } catch (Throwable th2) {
                InboundConnectionInitiator.logger.error("Unexpected exception in {}.exceptionCaught", getClass().getSimpleName(), th2);
            }
        }

        private void failHandshake(ChannelHandlerContext channelHandlerContext) {
            failHandshake(channelHandlerContext.channel());
        }

        private void failHandshake(Channel channel) {
            channel.close();
            if (this.handshakeTimeout != null) {
                this.handshakeTimeout.cancel(true);
            }
        }

        private void setupStreamingPipeline(InetAddressAndPort inetAddressAndPort, ChannelHandlerContext channelHandlerContext) {
            this.handshakeTimeout.cancel(true);
            if (!$assertionsDisabled && this.initiate.framing != OutboundConnectionSettings.Framing.UNPROTECTED) {
                throw new AssertionError();
            }
            ChannelPipeline pipeline = channelHandlerContext.pipeline();
            Channel channel = channelHandlerContext.channel();
            if (inetAddressAndPort == null) {
                InetSocketAddress inetSocketAddress = (InetSocketAddress) channel.remoteAddress();
                inetAddressAndPort = InetAddressAndPort.getByAddressOverrideDefaults(inetSocketAddress.getAddress(), Integer.valueOf(inetSocketAddress.getPort()));
            }
            BufferPools.forNetworking().setRecycleWhenFreeForCurrentThread(false);
            pipeline.replace(this, "streamInbound", new StreamingInboundHandler(inetAddressAndPort, 12, null));
            InboundConnectionInitiator.logger.info("{} streaming connection established, version = {}, framing = {}, encryption = {}", new Object[]{SocketFactory.channelId(inetAddressAndPort, (InetSocketAddress) channel.remoteAddress(), this.settings.bindAddress, (InetSocketAddress) channel.localAddress(), ConnectionType.STREAMING, channel.id().asShortText()), 12, this.initiate.framing, SocketFactory.encryptionConnectionSummary(pipeline.channel())});
        }

        /* JADX WARN: Failed to find 'out' block for switch in B:5:0x0067. Please report as an issue. */
        @VisibleForTesting
        void setupMessagingPipeline(InetAddressAndPort inetAddressAndPort, int i, int i2, ChannelPipeline channelPipeline) {
            FrameDecoder frameDecoderUnprotected;
            this.handshakeTimeout.cancel(true);
            MessagingService.instance().versions.set(inetAddressAndPort, i2);
            BufferPools.forNetworking().setRecycleWhenFreeForCurrentThread(false);
            ByteBufAllocator byteBufAllocator = GlobalBufferPoolAllocator.instance;
            if (this.initiate.type == ConnectionType.LARGE_MESSAGES) {
                byteBufAllocator = new LocalBufferPoolAllocator(channelPipeline.channel().eventLoop());
                channelPipeline.channel().config().setAllocator(byteBufAllocator);
            }
            switch (this.initiate.framing) {
                case LZ4:
                    frameDecoderUnprotected = i >= 12 ? FrameDecoderLZ4.fast(byteBufAllocator) : new FrameDecoderLegacyLZ4(byteBufAllocator, i);
                    frameDecoderUnprotected.addLastTo(channelPipeline);
                    InboundMessageHandler createHandler = this.settings.handlers.apply(inetAddressAndPort).createHandler(frameDecoderUnprotected, this.initiate.type, channelPipeline.channel(), i);
                    InboundConnectionInitiator.logger.info("{} messaging connection established, version = {}, framing = {}, encryption = {}", new Object[]{createHandler.id(true), Integer.valueOf(i), this.initiate.framing, SocketFactory.encryptionConnectionSummary(channelPipeline.channel())});
                    channelPipeline.addLast("deserialize", createHandler);
                    channelPipeline.remove(this);
                    return;
                case CRC:
                    if (i >= 12) {
                        frameDecoderUnprotected = FrameDecoderCrc.create(byteBufAllocator);
                        frameDecoderUnprotected.addLastTo(channelPipeline);
                        InboundMessageHandler createHandler2 = this.settings.handlers.apply(inetAddressAndPort).createHandler(frameDecoderUnprotected, this.initiate.type, channelPipeline.channel(), i);
                        InboundConnectionInitiator.logger.info("{} messaging connection established, version = {}, framing = {}, encryption = {}", new Object[]{createHandler2.id(true), Integer.valueOf(i), this.initiate.framing, SocketFactory.encryptionConnectionSummary(channelPipeline.channel())});
                        channelPipeline.addLast("deserialize", createHandler2);
                        channelPipeline.remove(this);
                        return;
                    }
                case UNPROTECTED:
                    frameDecoderUnprotected = i >= 12 ? new FrameDecoderUnprotected(byteBufAllocator) : new FrameDecoderLegacy(byteBufAllocator, i);
                    frameDecoderUnprotected.addLastTo(channelPipeline);
                    InboundMessageHandler createHandler22 = this.settings.handlers.apply(inetAddressAndPort).createHandler(frameDecoderUnprotected, this.initiate.type, channelPipeline.channel(), i);
                    InboundConnectionInitiator.logger.info("{} messaging connection established, version = {}, framing = {}, encryption = {}", new Object[]{createHandler22.id(true), Integer.valueOf(i), this.initiate.framing, SocketFactory.encryptionConnectionSummary(channelPipeline.channel())});
                    channelPipeline.addLast("deserialize", createHandler22);
                    channelPipeline.remove(this);
                    return;
                default:
                    throw new AssertionError();
            }
        }

        static {
            $assertionsDisabled = !InboundConnectionInitiator.class.desiredAssertionStatus();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/cassandra/net/InboundConnectionInitiator$Initializer.class */
    public static class Initializer extends ChannelInitializer<SocketChannel> {
        private final InboundConnectionSettings settings;
        private final ChannelGroup channelGroup;
        private final Consumer<ChannelPipeline> pipelineInjector;

        Initializer(InboundConnectionSettings inboundConnectionSettings, ChannelGroup channelGroup, Consumer<ChannelPipeline> consumer) {
            this.settings = inboundConnectionSettings;
            this.channelGroup = channelGroup;
            this.pipelineInjector = consumer;
        }

        public void initChannel(SocketChannel socketChannel) throws Exception {
            this.channelGroup.add(socketChannel);
            socketChannel.config().setOption(ChannelOption.ALLOCATOR, GlobalBufferPoolAllocator.instance);
            socketChannel.config().setOption(ChannelOption.SO_KEEPALIVE, true);
            socketChannel.config().setOption(ChannelOption.SO_REUSEADDR, true);
            socketChannel.config().setOption(ChannelOption.TCP_NODELAY, true);
            ChannelPipeline pipeline = socketChannel.pipeline();
            this.pipelineInjector.accept(pipeline);
            switch (this.settings.encryption.tlsEncryptionPolicy()) {
                case UNENCRYPTED:
                    pipeline.addFirst("rejectssl", new RejectSslHandler());
                    break;
                case OPTIONAL:
                    pipeline.addFirst(ConnectedClient.SSL, new OptionalSslHandler(this.settings.encryption));
                    break;
                case ENCRYPTED:
                    pipeline.addFirst(ConnectedClient.SSL, InboundConnectionInitiator.getSslHandler("creating", socketChannel, this.settings.encryption));
                    break;
            }
            socketChannel.pipeline().addLast("handshake", new Handler(this.settings));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/cassandra/net/InboundConnectionInitiator$OptionalSslHandler.class */
    public static class OptionalSslHandler extends ByteToMessageDecoder {
        private final EncryptionOptions.ServerEncryptionOptions encryptionOptions;

        OptionalSslHandler(EncryptionOptions.ServerEncryptionOptions serverEncryptionOptions) {
            this.encryptionOptions = serverEncryptionOptions;
        }

        protected void decode(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, List<Object> list) throws Exception {
            if (byteBuf.readableBytes() < 5) {
                return;
            }
            if (!SslHandler.isEncrypted(byteBuf)) {
                channelHandlerContext.pipeline().remove(this);
            } else {
                channelHandlerContext.pipeline().replace(this, ConnectedClient.SSL, InboundConnectionInitiator.getSslHandler("replacing optional", channelHandlerContext.channel(), this.encryptionOptions));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/cassandra/net/InboundConnectionInitiator$RejectSslHandler.class */
    public static class RejectSslHandler extends ByteToMessageDecoder {
        private RejectSslHandler() {
        }

        protected void decode(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, List<Object> list) {
            if (byteBuf.readableBytes() < 5) {
                return;
            }
            if (!SslHandler.isEncrypted(byteBuf)) {
                channelHandlerContext.pipeline().remove(this);
                return;
            }
            InboundConnectionInitiator.logger.info("Rejected incoming TLS connection before negotiating from {} to {}. TLS is explicitly disabled by configuration.", channelHandlerContext.channel().remoteAddress(), channelHandlerContext.channel().localAddress());
            byteBuf.readBytes(byteBuf.readableBytes());
            channelHandlerContext.close();
        }
    }

    private static ChannelFuture bind(Initializer initializer) throws ConfigurationException {
        logger.info("Listening on {}", initializer.settings);
        ServerBootstrap childHandler = initializer.settings.socketFactory.newServerBootstrap().option(ChannelOption.SO_BACKLOG, 512).option(ChannelOption.ALLOCATOR, GlobalBufferPoolAllocator.instance).option(ChannelOption.SO_REUSEADDR, true).childHandler(initializer);
        int intValue = initializer.settings.socketReceiveBufferSizeInBytes.intValue();
        if (intValue > 0) {
            childHandler.childOption(ChannelOption.SO_RCVBUF, Integer.valueOf(intValue));
        }
        InetAddressAndPort inetAddressAndPort = initializer.settings.bindAddress;
        ChannelFuture bind = childHandler.bind(new InetSocketAddress(inetAddressAndPort.address, inetAddressAndPort.port));
        if (bind.awaitUninterruptibly().isSuccess()) {
            return bind;
        }
        if (bind.channel().isOpen()) {
            bind.channel().close();
        }
        Throwable cause = bind.cause();
        String str = "";
        if (cause != null && cause.getMessage() != null) {
            str = cause.getMessage();
        }
        if (str.contains("in use")) {
            throw new ConfigurationException(inetAddressAndPort + " is in use by another process.  Change listen_address:storage_port in cassandra.yaml to values that do not conflict with other services");
        }
        if (str.contains("annot assign requested address")) {
            throw new ConfigurationException("Unable to bind to address " + inetAddressAndPort + ". Set listen_address in cassandra.yaml to an interface you can bind to, e.g., your private IP address on EC2");
        }
        throw new ConfigurationException("failed to bind to: " + inetAddressAndPort, cause);
    }

    public static ChannelFuture bind(InboundConnectionSettings inboundConnectionSettings, ChannelGroup channelGroup, Consumer<ChannelPipeline> consumer) {
        return bind(new Initializer(inboundConnectionSettings, channelGroup, consumer));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SslHandler getSslHandler(String str, Channel channel, EncryptionOptions.ServerEncryptionOptions serverEncryptionOptions) throws IOException {
        SslContext orCreateSslContext = SSLFactory.getOrCreateSslContext(serverEncryptionOptions, true, SSLFactory.SocketType.SERVER);
        SslHandler newSslHandler = SocketFactory.newSslHandler(channel, orCreateSslContext, serverEncryptionOptions.require_endpoint_verification ? (InetSocketAddress) channel.remoteAddress() : null);
        logger.trace("{} inbound netty SslContext: context={}, engine={}", new Object[]{str, orCreateSslContext.getClass().getName(), newSslHandler.engine().getClass().getName()});
        return newSslHandler;
    }
}
