package com.datastax.bdp.fs.rest.client;

import com.datastax.bdp.fs.rest.SslConf;
import com.datastax.bdp.fs.shaded.io.netty.channel.ChannelHandlerContext;
import com.datastax.bdp.fs.shaded.io.netty.handler.codec.http.DefaultFullHttpRequest;
import com.datastax.bdp.fs.shaded.io.netty.handler.codec.http.FullHttpResponse;
import com.datastax.bdp.fs.shaded.io.netty.handler.codec.http.HttpHeaderNames;
import com.datastax.bdp.fs.shaded.io.netty.handler.codec.http.HttpHeaderValues;
import com.datastax.bdp.fs.shaded.io.netty.handler.codec.http.HttpMethod;
import com.datastax.bdp.fs.shaded.io.netty.handler.codec.http.HttpObject;
import com.datastax.bdp.fs.shaded.io.netty.handler.codec.http.HttpObjectAggregator;
import com.datastax.bdp.fs.shaded.io.netty.handler.codec.http.HttpResponse;
import com.datastax.bdp.fs.shaded.io.netty.handler.codec.http.HttpResponseStatus;
import com.datastax.bdp.fs.shaded.io.netty.handler.codec.http.HttpVersion;
import com.datastax.bdp.fs.shaded.io.netty.handler.ssl.SslHandler;
import com.datastax.bdp.fs.shaded.io.netty.handler.ssl.SslHandshakeCompletionEvent;
import com.typesafe.scalalogging.Logger;
import com.typesafe.scalalogging.Logger$;
import com.typesafe.scalalogging.StrictLogging;
import java.util.List;
import javax.net.ssl.SSLEngine;
import org.slf4j.LoggerFactory;
import scala.MatchError;
import scala.Predef$;
import scala.StringContext;
import scala.collection.immutable.Nil$;
import scala.collection.mutable.StringBuilder;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;

/* compiled from: StartTlsClientHandler.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005Eb\u0001B\u0001\u0003\u0001=\u0011Qc\u0015;beR$Fn]\"mS\u0016tG\u000fS1oI2,'O\u0003\u0002\u0004\t\u000511\r\\5f]RT!!\u0002\u0004\u0002\tI,7\u000f\u001e\u0006\u0003\u000f!\t!AZ:\u000b\u0005%Q\u0011a\u00012ea*\u00111\u0002D\u0001\tI\u0006$\u0018m\u001d;bq*\tQ\"A\u0002d_6\u001c\u0001aE\u0002\u0001!y\u0001\"!\u0005\u000f\u000e\u0003IQ!a\u0005\u000b\u0002\t!$H\u000f\u001d\u0006\u0003+Y\tQaY8eK\u000eT!a\u0006\r\u0002\u000f!\fg\u000e\u001a7fe*\u0011\u0011DG\u0001\u0006]\u0016$H/\u001f\u0006\u00027\u0005\u0011\u0011n\\\u0005\u0003;I\u0011A\u0003\u0013;ua>\u0013'.Z2u\u0003\u001e<'/Z4bi>\u0014\bCA\u0010%\u001b\u0005\u0001#BA\u0011#\u00031\u00198-\u00197bY><w-\u001b8h\u0015\t\u0019C\"\u0001\u0005usB,7/\u00194f\u0013\t)\u0003EA\u0007TiJL7\r\u001e'pO\u001eLgn\u001a\u0005\tO\u0001\u0011\t\u0011)A\u0005Q\u000591o\u001d7D_:4\u0007CA\u0015+\u001b\u0005!\u0011BA\u0016\u0005\u0005\u001d\u00196\u000f\\\"p]\u001aDQ!\f\u0001\u0005\u00029\na\u0001P5oSRtDCA\u00182!\t\u0001\u0004!D\u0001\u0003\u0011\u00159C\u00061\u0001)\u0011\u001d\u0019\u0004\u00011A\u0005\nQ\naa]3dkJ,W#A\u001b\u0011\u0005YJT\"A\u001c\u000b\u0003a\nQa]2bY\u0006L!AO\u001c\u0003\u000f\t{w\u000e\\3b]\"9A\b\u0001a\u0001\n\u0013i\u0014AC:fGV\u0014Xm\u0018\u0013fcR\u0011a(\u0011\t\u0003m}J!\u0001Q\u001c\u0003\tUs\u0017\u000e\u001e\u0005\b\u0005n\n\t\u00111\u00016\u0003\rAH%\r\u0005\u0007\t\u0002\u0001\u000b\u0015B\u001b\u0002\u000fM,7-\u001e:fA!\u00121I\u0012\t\u0003m\u001dK!\u0001S\u001c\u0003\u0011Y|G.\u0019;jY\u0016DaA\u0013\u0001\u0005\u0002\u0011!\u0014\u0001C5t'\u0016\u001cWO]3\t\u000f1\u0003!\u0019!C\u0005\u001b\u0006\t\"/Z9vKN$X\r\u001a)s_R|7m\u001c7\u0016\u00039\u0003\"a\u0014+\u000e\u0003AS!!\u0015*\u0002\t1\fgn\u001a\u0006\u0002'\u0006!!.\u0019<b\u0013\t)\u0006K\u0001\u0004TiJLgn\u001a\u0005\u0007/\u0002\u0001\u000b\u0011\u0002(\u0002%I,\u0017/^3ti\u0016$\u0007K]8u_\u000e|G\u000e\t\u0005\u00063\u0002!IAW\u0001\u000fe\u0016\fX/Z:u+B<'/\u00193f)\tq4\fC\u0003]1\u0002\u0007Q,A\u0002dib\u0004\"AX1\u000e\u0003}S!\u0001\u0019\r\u0002\u000f\rD\u0017M\u001c8fY&\u0011!m\u0018\u0002\u0016\u0007\"\fgN\\3m\u0011\u0006tG\r\\3s\u0007>tG/\u001a=u\u0011\u0015!\u0007\u0001\"\u0003f\u0003=)\bo\u001a:bI\u0016\f5mY3qi\u0016$GCA\u001bg\u0011\u001597\r1\u0001i\u0003!\u0011Xm\u001d9p]N,\u0007CA\tj\u0013\tQ'C\u0001\u0007IiR\u0004(+Z:q_:\u001cX\rC\u0003m\u0001\u0011%Q.\u0001\u0007va\u001e\u0014\u0018\rZ3U_Rc7\u000f\u0006\u0002?]\")Al\u001ba\u0001;\")\u0001\u000f\u0001C!c\u0006\u0011Ro]3s\u000bZ,g\u000e\u001e+sS\u001e<WM]3e)\rq$o\u001d\u0005\u00069>\u0004\r!\u0018\u0005\u0006i>\u0004\r!^\u0001\u0004KZ$\bC\u0001\u001cw\u0013\t9xGA\u0002B]fDQ!\u001f\u0001\u0005Bi\fQb\u00195b]:,G.Q2uSZ,GC\u0001 |\u0011\u0015a\u0006\u00101\u0001^\u0011\u0015i\b\u0001\"\u0003\u007f\u00039A\u0017M\u001c3mKJ+7\u000f]8og\u0016$BAP@\u0002\u0002!)A\f a\u0001;\"1q\r a\u0001\u0003\u0007\u00012!EA\u0003\u0013\r\t9A\u0005\u0002\u0011\rVdG\u000e\u0013;uaJ+7\u000f]8og\u0016Dq!a\u0003\u0001\t\u0003\ni!\u0001\u0004eK\u000e|G-\u001a\u000b\b}\u0005=\u0011\u0011CA\u000e\u0011\u0019a\u0016\u0011\u0002a\u0001;\"A\u00111CA\u0005\u0001\u0004\t)\"A\u0002ng\u001e\u00042!EA\f\u0013\r\tIB\u0005\u0002\u000b\u0011R$\bo\u00142kK\u000e$\b\u0002CA\u000f\u0003\u0013\u0001\r!a\b\u0002\u0007=,H\u000f\u0005\u0004\u0002\"\u0005\u001d\u00121F\u0007\u0003\u0003GQ1!!\nS\u0003\u0011)H/\u001b7\n\t\u0005%\u00121\u0005\u0002\u0005\u0019&\u001cH\u000fE\u00027\u0003[I1!a\f8\u0005\u0019\te.\u001f*fM\u0002")
/* loaded from: input_file:com/datastax/bdp/fs/rest/client/StartTlsClientHandler.class */
public class StartTlsClientHandler extends HttpObjectAggregator implements StrictLogging {
    private final SslConf sslConf;
    private volatile boolean secure;
    private final String requestedProtocol;
    private final Logger logger;

    @Override // com.typesafe.scalalogging.StrictLogging
    public Logger logger() {
        return this.logger;
    }

    @Override // com.typesafe.scalalogging.StrictLogging
    public void com$typesafe$scalalogging$StrictLogging$_setter_$logger_$eq(Logger logger) {
        this.logger = logger;
    }

    private boolean secure() {
        return this.secure;
    }

    private void secure_$eq(boolean z) {
        this.secure = z;
    }

    public boolean isSecure() {
        return secure();
    }

    private String requestedProtocol() {
        return this.requestedProtocol;
    }

    private void requestUpgrade(ChannelHandlerContext channelHandlerContext) {
        if (logger().underlying().isDebugEnabled()) {
            logger().underlying().debug(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", " Requesting connection upgrade to ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{channelHandlerContext.channel(), requestedProtocol()})));
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
        }
        DefaultFullHttpRequest defaultFullHttpRequest = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.OPTIONS, "/start_tls");
        defaultFullHttpRequest.headers().set(HttpHeaderNames.CONNECTION, HttpHeaderValues.UPGRADE);
        defaultFullHttpRequest.headers().set(HttpHeaderNames.UPGRADE, requestedProtocol());
        channelHandlerContext.writeAndFlush(defaultFullHttpRequest);
    }

    private boolean upgradeAccepted(HttpResponse httpResponse) {
        HttpResponseStatus status = httpResponse.status();
        HttpResponseStatus httpResponseStatus = HttpResponseStatus.SWITCHING_PROTOCOLS;
        if (status != null ? status.equals(httpResponseStatus) : httpResponseStatus == null) {
            if (httpResponse.headers().contains((CharSequence) HttpHeaderNames.CONNECTION, (CharSequence) HttpHeaderValues.UPGRADE, true) && httpResponse.headers().contains(HttpHeaderNames.UPGRADE)) {
                String trim = httpResponse.headers().get(HttpHeaderNames.UPGRADE).trim();
                if (!trim.startsWith("TLS") || trim.contains(requestedProtocol())) {
                    BoxedUnit boxedUnit = BoxedUnit.UNIT;
                } else {
                    ctx().fireExceptionCaught((Throwable) new StartTlsException(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"The server upgraded to a different TLS version than we requested: ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{trim}))));
                    ctx().close();
                }
                return trim.startsWith(requestedProtocol());
            }
        }
        return false;
    }

    private void upgradeToTls(ChannelHandlerContext channelHandlerContext) {
        if (logger().underlying().isDebugEnabled()) {
            logger().underlying().debug(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", " Upgrading connection to ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{channelHandlerContext.channel(), requestedProtocol()})));
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
        }
        channelHandlerContext.pipeline().addFirst(new SslHandler((SSLEngine) this.sslConf.newClientSslEngine(channelHandlerContext.channel().remoteAddress(), channelHandlerContext.alloc()).getOrElse(new StartTlsClientHandler$$anonfun$1(this)), false));
    }

    @Override // com.datastax.bdp.fs.shaded.io.netty.channel.ChannelInboundHandlerAdapter, com.datastax.bdp.fs.shaded.io.netty.channel.ChannelInboundHandler
    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) {
        BoxedUnit boxedUnit;
        BoxedUnit boxedUnit2;
        boolean z = false;
        SslHandshakeCompletionEvent sslHandshakeCompletionEvent = null;
        if (obj instanceof SslHandshakeCompletionEvent) {
            z = true;
            sslHandshakeCompletionEvent = (SslHandshakeCompletionEvent) obj;
            if (sslHandshakeCompletionEvent.isSuccess()) {
                secure_$eq(true);
                if (logger().underlying().isDebugEnabled()) {
                    logger().underlying().debug(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", " SSL handshake successful"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{channelHandlerContext.channel()})));
                    boxedUnit2 = BoxedUnit.UNIT;
                } else {
                    boxedUnit2 = BoxedUnit.UNIT;
                }
                channelHandlerContext.fireUserEventTriggered(obj);
            }
        }
        if (!z || sslHandshakeCompletionEvent.isSuccess()) {
            BoxedUnit boxedUnit3 = BoxedUnit.UNIT;
        } else if (logger().underlying().isErrorEnabled()) {
            logger().underlying().error(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", " SSL handshake failed: ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{channelHandlerContext.channel(), sslHandshakeCompletionEvent.cause()})));
            boxedUnit = BoxedUnit.UNIT;
        } else {
            boxedUnit = BoxedUnit.UNIT;
        }
        channelHandlerContext.fireUserEventTriggered(obj);
    }

    @Override // com.datastax.bdp.fs.shaded.io.netty.channel.ChannelInboundHandlerAdapter, com.datastax.bdp.fs.shaded.io.netty.channel.ChannelInboundHandler
    public void channelActive(ChannelHandlerContext channelHandlerContext) {
        if (this.sslConf.enabled()) {
            requestUpgrade(channelHandlerContext);
        } else {
            channelHandlerContext.pipeline().remove(this);
            channelHandlerContext.fireChannelActive();
        }
    }

    private void handleResponse(ChannelHandlerContext channelHandlerContext, FullHttpResponse fullHttpResponse) {
        if (upgradeAccepted(fullHttpResponse)) {
            fullHttpResponse.release();
            upgradeToTls(channelHandlerContext);
            return;
        }
        if (!secure() && !this.sslConf.optional()) {
            if (logger().underlying().isErrorEnabled()) {
                logger().underlying().error(new StringBuilder().append((Object) new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", " Server ignored request to upgrade the connection to ", ". "})).s(Predef$.MODULE$.genericWrapArray(new Object[]{channelHandlerContext.channel(), requestedProtocol()}))).append((Object) new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"The connection must be closed, because optional encryption has not been allowed."})).s(Nil$.MODULE$)).toString());
                BoxedUnit boxedUnit = BoxedUnit.UNIT;
            } else {
                BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
            }
            fullHttpResponse.release();
            channelHandlerContext.fireExceptionCaught((Throwable) new StartTlsException(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"StartTLS not supported by server at ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{channelHandlerContext.channel().remoteAddress()}))));
            channelHandlerContext.close();
            return;
        }
        if (secure() || !this.sslConf.optional()) {
            if (logger().underlying().isDebugEnabled()) {
                logger().underlying().debug(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", " Secure connection using ", " established."})).s(Predef$.MODULE$.genericWrapArray(new Object[]{channelHandlerContext.channel(), requestedProtocol()})));
                BoxedUnit boxedUnit3 = BoxedUnit.UNIT;
            } else {
                BoxedUnit boxedUnit4 = BoxedUnit.UNIT;
            }
            fullHttpResponse.release();
            channelHandlerContext.pipeline().remove(this);
            channelHandlerContext.fireChannelActive();
            return;
        }
        if (logger().underlying().isWarnEnabled()) {
            logger().underlying().warn(new StringBuilder().append((Object) new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", " Server ignored request to upgrade the connection to ", ". "})).s(Predef$.MODULE$.genericWrapArray(new Object[]{channelHandlerContext.channel(), requestedProtocol()}))).append((Object) new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"The connection will remain unprotected, because optional encryption has been allowed."})).s(Nil$.MODULE$)).toString());
            BoxedUnit boxedUnit5 = BoxedUnit.UNIT;
        } else {
            BoxedUnit boxedUnit6 = BoxedUnit.UNIT;
        }
        fullHttpResponse.release();
        channelHandlerContext.pipeline().remove(this);
        channelHandlerContext.fireChannelActive();
    }

    public void decode(ChannelHandlerContext channelHandlerContext, HttpObject httpObject, List<Object> list) {
        super.decode(channelHandlerContext, (ChannelHandlerContext) httpObject, list);
        Predef$.MODULE$.m8479assert(list.size() <= 1);
        if (list.isEmpty()) {
            return;
        }
        FullHttpResponse fullHttpResponse = (FullHttpResponse) list.get(0);
        list.clear();
        handleResponse(channelHandlerContext, fullHttpResponse);
    }

    @Override // com.datastax.bdp.fs.shaded.io.netty.handler.codec.MessageAggregator, com.datastax.bdp.fs.shaded.io.netty.handler.codec.MessageToMessageDecoder
    public /* bridge */ /* synthetic */ void decode(ChannelHandlerContext channelHandlerContext, Object obj, List list) {
        decode(channelHandlerContext, (HttpObject) obj, (List<Object>) list);
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public StartTlsClientHandler(SslConf sslConf) {
        super(65536);
        String str;
        this.sslConf = sslConf;
        com$typesafe$scalalogging$StrictLogging$_setter_$logger_$eq(Logger$.MODULE$.apply(LoggerFactory.getLogger(getClass().getName())));
        this.secure = false;
        String protocol = sslConf.protocol();
        if ("TLS".equals(protocol)) {
            str = "TLS/1.2";
        } else if ("TLSv1.0".equals(protocol)) {
            str = "TLS/1.0";
        } else if ("TLSv1.1".equals(protocol)) {
            str = "TLS/1.1";
        } else {
            if (!"TLSv1.2".equals(protocol)) {
                throw new MatchError(protocol);
            }
            str = "TLS/1.2";
        }
        this.requestedProtocol = str;
    }
}
