package ch.usp.core.waap.spec.v1.render.route;

import ch.usp.core.waap.spec.EnvoyPrototypes;
import ch.usp.core.waap.spec.v1.render.WaapToEnvoyContext;
import ch.usp.core.waap.spec.v1.render.auth.WaapToEnvoyAuth;
import ch.usp.core.waap.spec.v1.render.crs.WaapToCoraza;
import ch.usp.core.waap.spec.v1.render.origin.WaapToEnvoyOriginBlocking;
import ch.usp.core.waap.spec.v1.render.protocol.WaapToEnvoyProtocol;
import ch.usp.core.waap.spec.v1.render.traffic.WaapToEnvoyTrafficProcessing;
import ch.usp.core.waap.spec.v1.spec.WaapSpec;
import ch.usp.core.waap.spec.v1.spec.route.WaapRoute;
import ch.usp.core.waap.spec.v1.spec.route.WaapRouteBackend;
import ch.usp.core.waap.spec.v1.spec.route.WaapRouteBackendProtocol;
import ch.usp.core.waap.spec.v1.spec.route.WaapRouteMatch;
import ch.usp.core.waap.spec.v1.spec.route.WaapRouteMatchHeader;
import com.google.protobuf.BoolValue;
import io.envoyproxy.envoy.config.cluster.v3.Cluster;
import io.envoyproxy.envoy.config.endpoint.v3.ClusterLoadAssignment;
import io.envoyproxy.envoy.config.endpoint.v3.Endpoint;
import io.envoyproxy.envoy.config.endpoint.v3.LbEndpoint;
import io.envoyproxy.envoy.config.endpoint.v3.LocalityLbEndpoints;
import io.envoyproxy.envoy.config.route.v3.DirectResponseAction;
import io.envoyproxy.envoy.config.route.v3.HeaderMatcher;
import io.envoyproxy.envoy.config.route.v3.Route;
import io.envoyproxy.envoy.config.route.v3.RouteAction;
import io.envoyproxy.envoy.config.route.v3.RouteMatch;
import io.envoyproxy.envoy.type.matcher.v3.RegexMatchAndSubstitute;
import io.envoyproxy.envoy.type.matcher.v3.RegexMatcher;
import io.envoyproxy.envoy.type.matcher.v3.StringMatcher;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:ch/usp/core/waap/spec/v1/render/route/WaapToEnvoyRoute.class */
public final class WaapToEnvoyRoute {
    private WaapToEnvoyRoute() {
    }

    public static List<Cluster> getClustersForRoutes(WaapToEnvoyContext waapToEnvoyContext) {
        WaapSpec waapSpec = waapToEnvoyContext.getWaapSpec();
        LinkedList linkedList = new LinkedList();
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (WaapRoute waapRoute : waapSpec.getRoutes()) {
            String clusterName = getClusterName(waapRoute);
            if (!linkedHashSet.contains(clusterName)) {
                WaapRouteBackend backend = waapRoute.getBackend();
                linkedHashSet.add(clusterName);
                Cluster.Builder loadAssignment = Cluster.newBuilder(EnvoyPrototypes.CLUSTER_PROTOTYPE).setName(clusterName).setLoadAssignment(ClusterLoadAssignment.newBuilder().setClusterName(clusterName).addEndpoints(LocalityLbEndpoints.newBuilder().addLbEndpoints(LbEndpoint.newBuilder().setEndpoint(Endpoint.newBuilder().setAddress(EnvoyPrototypes.newAddressFromSocketAddressAndPort(backend.getAddress(), backend.getPort())).build()).build())).build());
                WaapRouteBackendProtocol.Selection selection = backend.getProtocol() != null ? backend.getProtocol().getSelection() : WaapRouteBackendProtocol.DEFAULT_SELECTION;
                if (backend.getTls() != null && backend.getTls().isEnabled()) {
                    WaapToEnvoyProtocol.addClusterTlsSettings(loadAssignment, clusterName, backend.getAddress(), backend.getTls().isCheckCertificates(), selection);
                }
                WaapToEnvoyProtocol.addClusterProtocolSettings(loadAssignment, selection);
                linkedList.add(loadAssignment.build());
            }
        }
        return linkedList;
    }

    public static List<Route> getRoutes(WaapSpec waapSpec, WaapRoute waapRoute) {
        LinkedList linkedList = new LinkedList();
        if (waapRoute == null) {
            return linkedList;
        }
        if (!getWaapRouteFiltersAllowedMethodsOrEmpty(waapRoute.getMatch()).isEmpty()) {
            linkedList.add(getInvertedHeaderMatchRoute(waapSpec, waapRoute));
        }
        linkedList.add(getRegularRoute(waapSpec, waapRoute));
        return linkedList;
    }

    private static Route getInvertedHeaderMatchRoute(WaapSpec waapSpec, WaapRoute waapRoute) {
        Route.Builder directResponse = Route.newBuilder().setMatch(getRouteMatch(waapRoute.getMatch(), true)).setDirectResponse(DirectResponseAction.newBuilder().setStatus(405).build());
        addRouteFilters(waapSpec, waapRoute, directResponse);
        return directResponse.build();
    }

    private static Route getRegularRoute(WaapSpec waapSpec, WaapRoute waapRoute) {
        Route.Builder route = Route.newBuilder().setMatch(getRouteMatch(waapRoute.getMatch(), false)).setRoute(getRouteAction(waapRoute, getClusterName(waapRoute)));
        addRouteFilters(waapSpec, waapRoute, route);
        return route.build();
    }

    private static void addRouteFilters(WaapSpec waapSpec, WaapRoute waapRoute, Route.Builder builder) {
        WaapToEnvoyOriginBlocking.addRouteFilterIfConfigured(waapRoute, builder);
        WaapToEnvoyAuth.disableAuthFiltersIfNotConfigured(waapSpec, waapRoute.getWaapAuthNameOrNull(waapSpec.getAuthentications()), builder);
        WaapToEnvoyTrafficProcessing.disableTrafficProcessingFiltersIfNotConfigured(waapSpec, waapRoute.getTrafficProcessingRefs(), builder);
        if (waapRoute.getCrs() == null || !waapRoute.getCrs().isDisabled()) {
            return;
        }
        WaapToCoraza.disableCorazaFilterInRoute(builder);
    }

    private static RouteMatch getRouteMatch(WaapRouteMatch waapRouteMatch, boolean z) {
        RouteMatch.Builder safeRegex;
        switch (waapRouteMatch.getPathType()) {
            case PREFIX:
                safeRegex = RouteMatch.newBuilder().setPrefix(waapRouteMatch.getPath());
                break;
            case REGEX:
                safeRegex = RouteMatch.newBuilder().setSafeRegex(RegexMatcher.newBuilder().setRegex(waapRouteMatch.getPath()).build());
                break;
            default:
                throw new IncompatibleClassChangeError();
        }
        RouteMatch.Builder builder = safeRegex;
        addRouteMatchHeaderMatchers(builder, waapRouteMatch.getHeaders());
        if (z) {
            addInvertedMethodsHeaderMatcher(builder, waapRouteMatch);
        }
        return builder.build();
    }

    private static void addRouteMatchHeaderMatchers(RouteMatch.Builder builder, Set<WaapRouteMatchHeader> set) {
        Stream<R> map = set.stream().map(WaapToEnvoyRoute::toEnvoyExactHeaderMatcher);
        Objects.requireNonNull(builder);
        map.forEach(builder::addHeaders);
    }

    private static HeaderMatcher toEnvoyExactHeaderMatcher(WaapRouteMatchHeader waapRouteMatchHeader) {
        return HeaderMatcher.newBuilder().setName(waapRouteMatchHeader.getName()).setStringMatch(StringMatcher.newBuilder().setExact(waapRouteMatchHeader.getValue()).build()).build();
    }

    private static void addInvertedMethodsHeaderMatcher(RouteMatch.Builder builder, WaapRouteMatch waapRouteMatch) {
        List<String> waapRouteFiltersAllowedMethodsOrEmpty = getWaapRouteFiltersAllowedMethodsOrEmpty(waapRouteMatch);
        if (waapRouteFiltersAllowedMethodsOrEmpty.isEmpty()) {
            return;
        }
        builder.addHeaders(toEnvoyInvertedMethodsRegexHeaderMatcher(StringUtils.join(waapRouteFiltersAllowedMethodsOrEmpty, "|")));
    }

    private static HeaderMatcher toEnvoyInvertedMethodsRegexHeaderMatcher(String str) {
        return HeaderMatcher.newBuilder().setName(":method").setStringMatch(StringMatcher.newBuilder().setSafeRegex(RegexMatcher.newBuilder().setRegex(str)).build()).setInvertMatch(true).build();
    }

    private static List<String> getWaapRouteFiltersAllowedMethodsOrEmpty(WaapRouteMatch waapRouteMatch) {
        return ((Set) Optional.ofNullable(waapRouteMatch.getFilters()).map((v0) -> {
            return v0.getAllowedMethods();
        }).orElseGet(Collections::emptySet)).stream().map((v0) -> {
            return v0.name();
        }).toList();
    }

    private static RouteAction getRouteAction(WaapRoute waapRoute, String str) {
        WaapRouteMatch match = waapRoute.getMatch();
        RouteAction.Builder cluster = RouteAction.newBuilder().setCluster(str);
        getOptionalWaapRouteFiltersRewriteUrlPath(match).ifPresent(str2 -> {
            switch (match.getPathType()) {
                case PREFIX:
                    cluster.setPrefixRewrite(str2);
                    return;
                case REGEX:
                    cluster.setRegexRewrite(RegexMatchAndSubstitute.newBuilder().setPattern(RegexMatcher.newBuilder().setRegex(match.getPath()).build()).setSubstitution(str2).build());
                    return;
                default:
                    return;
            }
        });
        if (waapRoute.isAutoHostRewrite()) {
            cluster.setAutoHostRewrite(BoolValue.of(true));
            cluster.setAppendXForwardedHost(true);
        }
        return cluster.build();
    }

    private static Optional<String> getOptionalWaapRouteFiltersRewriteUrlPath(WaapRouteMatch waapRouteMatch) {
        return Optional.ofNullable(waapRouteMatch.getFilters()).map((v0) -> {
            return v0.getRewrite();
        }).map((v0) -> {
            return v0.getUrl();
        }).map((v0) -> {
            return v0.getPath();
        });
    }

    private static String getClusterName(WaapRoute waapRoute) {
        return "core.waap.cluster." + waapRoute.getBackend().getName();
    }
}
