package org.apache.dubbo.remoting.api;

import io.netty.bootstrap.ServerBootstrap;
import io.netty.buffer.PooledByteBufAllocator;
import io.netty.channel.Channel;
import io.netty.channel.ChannelFuture;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelOption;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.EventLoopGroup;
import io.netty.channel.group.DefaultChannelGroup;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.timeout.IdleStateHandler;
import java.net.InetSocketAddress;
import java.security.Provider;
import java.security.Security;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLException;
import org.apache.dubbo.common.URL;
import org.apache.dubbo.common.extension.ExtensionLoader;
import org.apache.dubbo.common.logger.Logger;
import org.apache.dubbo.common.logger.LoggerFactory;
import org.apache.dubbo.common.utils.ExecutorUtil;
import org.apache.dubbo.common.utils.NetUtils;
import org.apache.dubbo.config.SslConfig;
import org.apache.dubbo.remoting.Constants;
import org.apache.dubbo.remoting.utils.UrlUtils;
import org.apache.dubbo.rpc.model.ApplicationModel;

/* loaded from: input_file:org/apache/dubbo/remoting/api/PortUnificationServer.class */
public class PortUnificationServer {
    private static final Logger logger = LoggerFactory.getLogger(PortUnificationServer.class);
    private final List<WireProtocol> protocols;
    private final URL url;
    private ServerBootstrap bootstrap;
    private Channel channel;
    private DefaultChannelGroup channelGroup;
    private EventLoopGroup bossGroup;
    private EventLoopGroup workerGroup;

    public PortUnificationServer(URL url) {
        this.url = ExecutorUtil.setThreadName(url, "DubboPUServerHandler");
        this.protocols = ExtensionLoader.getExtensionLoader(WireProtocol.class).getActivateExtension(url, new String[0]);
    }

    private static boolean checkJdkProvider() {
        Provider[] providers = Security.getProviders("SSLContext.TLS");
        return providers != null && providers.length > 0;
    }

    private static SslProvider findSslProvider() {
        if (OpenSsl.isAvailable()) {
            logger.info("Using OPENSSL provider.");
            return SslProvider.OPENSSL;
        }
        if (!checkJdkProvider()) {
            throw new IllegalStateException("Could not find any valid TLS provider, please check your dependency or deployment environment, usually netty-tcnative, Conscrypt, or Jetty NPN/ALPN is needed.");
        }
        logger.info("Using JDK provider.");
        return SslProvider.JDK;
    }

    public static SslContext buildServerSslContext(URL url) {
        SslConfig sslConfig = (SslConfig) ApplicationModel.getConfigManager().getSsl().orElseThrow(() -> {
            return new IllegalStateException("Ssl enabled, but no ssl cert information provided!");
        });
        try {
            String serverKeyPassword = sslConfig.getServerKeyPassword();
            SslContextBuilder forServer = serverKeyPassword != null ? SslContextBuilder.forServer(sslConfig.getServerKeyCertChainPathStream(), sslConfig.getServerPrivateKeyPathStream(), serverKeyPassword) : SslContextBuilder.forServer(sslConfig.getServerKeyCertChainPathStream(), sslConfig.getServerPrivateKeyPathStream());
            if (sslConfig.getServerTrustCertCollectionPathStream() != null) {
                forServer.trustManager(sslConfig.getServerTrustCertCollectionPathStream());
                forServer.clientAuth(ClientAuth.REQUIRE);
            }
            try {
                return forServer.sslProvider(findSslProvider()).build();
            } catch (SSLException e) {
                throw new IllegalStateException("Build SslSession failed.", e);
            }
        } catch (Exception e2) {
            throw new IllegalArgumentException("Could not find certificate file or the certificate is invalid.", e2);
        }
    }

    public URL getUrl() {
        return this.url;
    }

    public void bind() {
        if (this.channel == null) {
            doOpen();
        }
    }

    public void close() throws Throwable {
        if (this.channel != null) {
            doClose();
        }
    }

    protected void doOpen() {
        this.bootstrap = new ServerBootstrap();
        this.bossGroup = NettyEventLoopFactory.eventLoopGroup(1, "NettyServerBoss");
        this.workerGroup = NettyEventLoopFactory.eventLoopGroup(getUrl().getPositiveParameter("iothreads", Constants.DEFAULT_IO_THREADS), "NettyServerWorker");
        this.bootstrap.group(this.bossGroup, this.workerGroup).channel(NettyEventLoopFactory.serverSocketChannelClass()).option(ChannelOption.SO_REUSEADDR, Boolean.TRUE).childOption(ChannelOption.TCP_NODELAY, Boolean.TRUE).childOption(ChannelOption.ALLOCATOR, PooledByteBufAllocator.DEFAULT).childHandler(new ChannelInitializer<SocketChannel>() { // from class: org.apache.dubbo.remoting.api.PortUnificationServer.1
            /* JADX INFO: Access modifiers changed from: protected */
            public void initChannel(SocketChannel socketChannel) throws Exception {
                int idleTimeout = UrlUtils.getIdleTimeout(PortUnificationServer.this.getUrl());
                ChannelPipeline pipeline = socketChannel.pipeline();
                PortUnificationServerHandler portUnificationServerHandler = PortUnificationServer.this.getUrl().getParameter("ssl-enabled", false) ? new PortUnificationServerHandler(PortUnificationServer.buildServerSslContext(PortUnificationServer.this.getUrl()), PortUnificationServer.this.protocols) : new PortUnificationServerHandler(PortUnificationServer.this.protocols);
                pipeline.addLast("server-idle-handler", new IdleStateHandler(0L, 0L, idleTimeout, TimeUnit.MILLISECONDS));
                pipeline.addLast("negotiation", portUnificationServerHandler);
                PortUnificationServer.this.channelGroup = portUnificationServerHandler.getChannels();
            }
        });
        String parameter = getUrl().getParameter(Constants.BIND_IP_KEY, getUrl().getHost());
        int parameter2 = getUrl().getParameter(Constants.BIND_PORT_KEY, getUrl().getPort());
        if (this.url.getParameter("anyhost", false) || NetUtils.isInvalidLocalHost(parameter)) {
            parameter = "0.0.0.0";
        }
        ChannelFuture bind = this.bootstrap.bind(new InetSocketAddress(parameter, parameter2));
        bind.syncUninterruptibly();
        this.channel = bind.channel();
    }

    protected void doClose() throws Throwable {
        long currentTimeMillis = System.currentTimeMillis();
        try {
            if (this.channel != null) {
                this.channel.close();
                this.channel = null;
            }
            if (this.channelGroup != null) {
                this.channelGroup.close().await(15000L);
            }
            logger.info("Port unification server closed. cost:" + (System.currentTimeMillis() - currentTimeMillis));
        } catch (InterruptedException e) {
            logger.warn("Interrupted while shutting down", e);
        }
        Iterator<WireProtocol> it = this.protocols.iterator();
        while (it.hasNext()) {
            it.next().close();
        }
        try {
            if (this.bootstrap != null) {
                this.bossGroup.shutdownGracefully().syncUninterruptibly();
                this.workerGroup.shutdownGracefully().syncUninterruptibly();
            }
        } catch (Throwable th) {
            logger.warn(th.getMessage(), th);
        }
    }

    public boolean isBound() {
        return this.channel.isActive();
    }

    public InetSocketAddress getLocalAddress() {
        return (InetSocketAddress) this.channel.localAddress();
    }
}
