package org.zowe.apiml.cloudgatewayservice.config;

import com.netflix.appinfo.ApplicationInfoManager;
import com.netflix.appinfo.EurekaInstanceConfig;
import com.netflix.appinfo.HealthCheckHandler;
import com.netflix.discovery.EurekaClient;
import com.netflix.discovery.EurekaClientConfig;
import com.netflix.discovery.shared.transport.jersey.EurekaJerseyClient;
import io.github.resilience4j.circuitbreaker.CircuitBreakerConfig;
import io.github.resilience4j.timelimiter.TimeLimiterConfig;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import java.security.KeyStore;
import java.time.Duration;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import javax.annotation.PostConstruct;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.aop.support.AopUtils;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.cloud.circuitbreaker.resilience4j.ReactiveResilience4JCircuitBreakerFactory;
import org.springframework.cloud.circuitbreaker.resilience4j.Resilience4JConfigBuilder;
import org.springframework.cloud.client.circuitbreaker.Customizer;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.cloud.gateway.config.GlobalCorsProperties;
import org.springframework.cloud.gateway.config.HttpClientProperties;
import org.springframework.cloud.gateway.filter.headers.HttpHeadersFilter;
import org.springframework.cloud.gateway.handler.RoutePredicateHandlerMapping;
import org.springframework.cloud.netflix.eureka.CloudEurekaClient;
import org.springframework.cloud.netflix.eureka.EurekaClientConfigBean;
import org.springframework.cloud.netflix.eureka.MutableDiscoveryClientOptionalArgs;
import org.springframework.cloud.util.ProxyUtils;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.http.client.reactive.ReactorClientHttpConnector;
import org.springframework.web.cors.reactive.CorsConfigurationSource;
import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
import org.springframework.web.reactive.function.client.WebClient;
import org.springframework.web.util.pattern.PathPatternParser;
import org.zowe.apiml.config.AdditionalRegistration;
import org.zowe.apiml.config.AdditionalRegistrationCondition;
import org.zowe.apiml.config.AdditionalRegistrationParser;
import org.zowe.apiml.message.core.MessageService;
import org.zowe.apiml.message.log.ApimlLogger;
import org.zowe.apiml.message.yaml.YamlMessageService;
import org.zowe.apiml.message.yaml.YamlMessageServiceInstance;
import org.zowe.apiml.security.HttpsConfig;
import org.zowe.apiml.security.HttpsConfigError;
import org.zowe.apiml.security.HttpsFactory;
import org.zowe.apiml.security.SecurityUtils;
import org.zowe.apiml.util.CorsUtils;
import reactor.netty.http.client.HttpClient;

@Configuration
/* loaded from: input_file:org/zowe/apiml/cloudgatewayservice/config/ConnectionsConfig.class */
public class ConnectionsConfig {

    @Value("${server.ssl.protocol:TLSv1.2}")
    private String protocol;

    @Value("${server.ssl.trustStore:#{null}}")
    private String trustStorePath;

    @Value("${server.ssl.trustStorePassword:#{null}}")
    private char[] trustStorePassword;

    @Value("${server.ssl.trustStoreType:PKCS12}")
    private String trustStoreType;

    @Value("${server.ssl.keyAlias:#{null}}")
    private String keyAlias;

    @Value("${server.ssl.keyStore:#{null}}")
    private String keyStorePath;

    @Value("${server.ssl.keyStorePassword:#{null}}")
    private char[] keyStorePassword;

    @Value("${server.ssl.keyPassword:#{null}}")
    private char[] keyPassword;

    @Value("${server.ssl.keyStoreType:PKCS12}")
    private String keyStoreType;

    @Value("${apiml.security.ssl.verifySslCertificatesOfServices:true}")
    private boolean verifySslCertificatesOfServices;

    @Value("${apiml.security.ssl.nonStrictVerifySslCertificatesOfServices:false}")
    private boolean nonStrictVerifySslCertificatesOfServices;

    @Value("${spring.application.name}")
    private String serviceId;

    @Value("${server.ssl.trustStoreRequired:false}")
    private boolean trustStoreRequired;

    @Value("${eureka.client.serviceUrl.defaultZone}")
    private String eurekaServerUrl;

    @Value("${apiml.gateway.timeout:60}")
    private int requestTimeout;

    @Value("${apiml.service.corsEnabled:false}")
    private boolean corsEnabled;
    private final ApplicationContext context;

    @Generated
    private static final Logger log = LoggerFactory.getLogger(ConnectionsConfig.class);
    private static final char[] KEYRING_PASSWORD = "password".toCharArray();
    private static final ApimlLogger apimlLog = ApimlLogger.of(ConnectionsConfig.class, YamlMessageServiceInstance.getInstance());

    public ConnectionsConfig(ApplicationContext applicationContext) {
        this.context = applicationContext;
    }

    @PostConstruct
    public void updateConfigParameters() {
        ServerProperties serverProperties = (ServerProperties) this.context.getBean(ServerProperties.class);
        if (SecurityUtils.isKeyring(this.keyStorePath)) {
            this.keyStorePath = SecurityUtils.formatKeyringUrl(this.keyStorePath);
            serverProperties.getSsl().setKeyStore(this.keyStorePath);
            if (this.keyStorePassword == null) {
                this.keyStorePassword = KEYRING_PASSWORD;
            }
        }
        if (SecurityUtils.isKeyring(this.trustStorePath)) {
            this.trustStorePath = SecurityUtils.formatKeyringUrl(this.trustStorePath);
            serverProperties.getSsl().setTrustStore(this.trustStorePath);
            if (this.trustStorePassword == null) {
                this.trustStorePassword = KEYRING_PASSWORD;
            }
        }
        factory().setSystemSslProperties();
    }

    public HttpsFactory factory() {
        HttpsConfig build = HttpsConfig.builder().protocol(this.protocol).verifySslCertificatesOfServices(this.verifySslCertificatesOfServices).nonStrictVerifySslCertificatesOfServices(this.nonStrictVerifySslCertificatesOfServices).trustStorePassword(this.trustStorePassword).trustStoreRequired(this.trustStoreRequired).trustStore(this.trustStorePath).trustStoreType(this.trustStoreType).keyAlias(this.keyAlias).keyStore(this.keyStorePath).keyPassword(this.keyPassword).keyStorePassword(this.keyStorePassword).keyStoreType(this.keyStoreType).build();
        log.info("Using HTTPS configuration: {}", build.toString());
        return new HttpsFactory(build);
    }

    @Bean
    public BeanPostProcessor routingFilterHandler(final HttpClient httpClient, final ObjectProvider<List<HttpHeadersFilter>> objectProvider, final HttpClientProperties httpClientProperties) {
        final SslContext sslContext = sslContext(false);
        final SslContext sslContext2 = sslContext(true);
        return new BeanPostProcessor() { // from class: org.zowe.apiml.cloudgatewayservice.config.ConnectionsConfig.1
            public Object postProcessBeforeInitialization(Object obj, String str) throws BeansException {
                if (!"routingFilter".equals(str)) {
                    return obj;
                }
                ConnectionsConfig.log.debug("Updating routing bean {}", NettyRoutingFilterApiml.class);
                return new NettyRoutingFilterApiml(httpClient, objectProvider, httpClientProperties, sslContext, sslContext2);
            }
        };
    }

    SslContext sslContext(boolean z) {
        try {
            SslContextBuilder forClient = SslContextBuilder.forClient();
            KeyStore loadKeyStore = SecurityUtils.loadKeyStore(this.trustStoreType, this.trustStorePath, this.trustStorePassword);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(loadKeyStore);
            forClient.trustManager(trustManagerFactory);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            if (z) {
                keyManagerFactory.init(SecurityUtils.loadKeyStore(this.keyStoreType, this.keyStorePath, this.keyStorePassword), this.keyStorePassword);
                forClient.keyManager(keyManagerFactory);
            } else {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                keyManagerFactory.init(keyStore, null);
                forClient.keyManager(keyManagerFactory);
            }
            return forClient.build();
        } catch (Exception e) {
            apimlLog.log("org.zowe.apiml.common.sslContextInitializationError", new Object[]{e.getMessage()});
            throw new HttpsConfigError("Error initializing SSL Context: " + e.getMessage(), e, HttpsConfigError.ErrorCode.HTTP_CLIENT_INITIALIZATION_FAILED, factory().getConfig());
        }
    }

    @Bean
    @Qualifier("primaryApimlEurekaJerseyClient")
    EurekaJerseyClient getEurekaJerseyClient() {
        return factory().createEurekaJerseyClientBuilder(this.eurekaServerUrl, this.serviceId).build();
    }

    @ConditionalOnMissingBean({EurekaClient.class})
    @RefreshScope
    @Bean(destroyMethod = "shutdown")
    public CloudEurekaClient primaryEurekaClient(ApplicationInfoManager applicationInfoManager, EurekaClientConfig eurekaClientConfig, @Qualifier("primaryApimlEurekaJerseyClient") EurekaJerseyClient eurekaJerseyClient, @Autowired(required = false) HealthCheckHandler healthCheckHandler) {
        ApplicationInfoManager applicationInfoManager2 = AopUtils.isAopProxy(applicationInfoManager) ? (ApplicationInfoManager) ProxyUtils.getTargetObject(applicationInfoManager) : applicationInfoManager;
        MutableDiscoveryClientOptionalArgs mutableDiscoveryClientOptionalArgs = new MutableDiscoveryClientOptionalArgs();
        mutableDiscoveryClientOptionalArgs.setEurekaJerseyClient(eurekaJerseyClient);
        CloudEurekaClient cloudEurekaClient = new CloudEurekaClient(applicationInfoManager2, eurekaClientConfig, mutableDiscoveryClientOptionalArgs, this.context);
        cloudEurekaClient.registerHealthCheck(healthCheckHandler);
        return cloudEurekaClient;
    }

    @Bean
    public List<AdditionalRegistration> additionalRegistration() {
        List<AdditionalRegistration> extractAdditionalRegistrations = new AdditionalRegistrationParser().extractAdditionalRegistrations(System.getenv());
        log.debug("Parsed {} additional registration: {}", Integer.valueOf(extractAdditionalRegistrations.size()), extractAdditionalRegistrations);
        return extractAdditionalRegistrations;
    }

    @RefreshScope
    @Conditional({AdditionalRegistrationCondition.class})
    @Bean(destroyMethod = "shutdown")
    public AdditionalEurekaClientsHolder additionalEurekaClientsHolder(ApplicationInfoManager applicationInfoManager, EurekaClientConfig eurekaClientConfig, List<AdditionalRegistration> list, EurekaFactory eurekaFactory, @Autowired(required = false) HealthCheckHandler healthCheckHandler) {
        ArrayList arrayList = new ArrayList(list.size());
        Iterator<AdditionalRegistration> it = list.iterator();
        while (it.hasNext()) {
            CloudEurekaClient registerInTheApimlInstance = registerInTheApimlInstance(eurekaClientConfig, it.next(), applicationInfoManager, eurekaFactory);
            arrayList.add(registerInTheApimlInstance);
            registerInTheApimlInstance.registerHealthCheck(healthCheckHandler);
        }
        return new AdditionalEurekaClientsHolder(arrayList);
    }

    private CloudEurekaClient registerInTheApimlInstance(EurekaClientConfig eurekaClientConfig, AdditionalRegistration additionalRegistration, ApplicationInfoManager applicationInfoManager, EurekaFactory eurekaFactory) {
        log.debug("additional registration: {}", additionalRegistration.getDiscoveryServiceUrls());
        HashMap hashMap = new HashMap();
        hashMap.put("defaultZone", additionalRegistration.getDiscoveryServiceUrls());
        EurekaClientConfigBean eurekaClientConfigBean = new EurekaClientConfigBean();
        BeanUtils.copyProperties(eurekaClientConfig, eurekaClientConfigBean);
        eurekaClientConfigBean.setServiceUrl(hashMap);
        EurekaJerseyClient build = factory().createEurekaJerseyClientBuilder(this.eurekaServerUrl, this.serviceId).build();
        MutableDiscoveryClientOptionalArgs mutableDiscoveryClientOptionalArgs = new MutableDiscoveryClientOptionalArgs();
        mutableDiscoveryClientOptionalArgs.setEurekaJerseyClient(build);
        EurekaInstanceConfig eurekaInstanceConfig = applicationInfoManager.getEurekaInstanceConfig();
        return eurekaFactory.createCloudEurekaClient(eurekaInstanceConfig, eurekaFactory.createInstanceInfo(eurekaInstanceConfig), eurekaClientConfigBean, mutableDiscoveryClientOptionalArgs, this.context);
    }

    @Bean
    public Customizer<ReactiveResilience4JCircuitBreakerFactory> defaultCustomizer() {
        return reactiveResilience4JCircuitBreakerFactory -> {
            reactiveResilience4JCircuitBreakerFactory.configureDefault(str -> {
                return new Resilience4JConfigBuilder(str).circuitBreakerConfig(CircuitBreakerConfig.ofDefaults()).timeLimiterConfig(TimeLimiterConfig.custom().timeoutDuration(Duration.ofSeconds(this.requestTimeout)).build()).build();
            });
        };
    }

    @Bean
    @Primary
    public WebClient webClient(HttpClient httpClient) {
        return WebClient.builder().clientConnector(new ReactorClientHttpConnector(httpClient)).build();
    }

    @Bean
    public WebClient webClientClientCert(HttpClient httpClient) {
        return webClient(httpClient.secure(sslContextSpec -> {
            sslContextSpec.sslContext(sslContext(true));
        }));
    }

    @Bean
    public CorsConfigurationSource corsConfigurationSource(RoutePredicateHandlerMapping routePredicateHandlerMapping, GlobalCorsProperties globalCorsProperties, CorsUtils corsUtils) {
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource(new PathPatternParser());
        urlBasedCorsConfigurationSource.setCorsConfigurations(globalCorsProperties.getCorsConfigurations());
        Objects.requireNonNull(urlBasedCorsConfigurationSource);
        corsUtils.registerDefaultCorsConfiguration(urlBasedCorsConfigurationSource::registerCorsConfiguration);
        routePredicateHandlerMapping.setCorsConfigurationSource(urlBasedCorsConfigurationSource);
        return urlBasedCorsConfigurationSource;
    }

    @Bean
    public CorsUtils corsUtils() {
        return new CorsUtils(this.corsEnabled, (List) null);
    }

    @Bean
    public MessageService messageService() {
        YamlMessageService yamlMessageServiceInstance = YamlMessageServiceInstance.getInstance();
        yamlMessageServiceInstance.loadMessages("/cloud-gateway-log-messages.yml");
        return yamlMessageServiceInstance;
    }
}
