package ch.usp.core.waap.spec.v1.render;

import ch.usp.core.waap.spec.EnvoyPrototypes;
import ch.usp.core.waap.spec.WaapMapper;
import ch.usp.core.waap.spec.v1.render.auth.WaapToEnvoyAuth;
import ch.usp.core.waap.spec.v1.render.crs.WaapToCoraza;
import ch.usp.core.waap.spec.v1.render.csrf.WaapToEnvoyCsrf;
import ch.usp.core.waap.spec.v1.render.headers.WaapToEnvoyHeaders;
import ch.usp.core.waap.spec.v1.render.log.WaapToEnvoyLog;
import ch.usp.core.waap.spec.v1.render.origin.WaapToEnvoyOriginBlocking;
import ch.usp.core.waap.spec.v1.render.resources.WaapToEnvoyResources;
import ch.usp.core.waap.spec.v1.render.route.WaapToEnvoyRoute;
import ch.usp.core.waap.spec.v1.render.traffic.WaapToEnvoyTrafficProcessing;
import ch.usp.core.waap.spec.v1.spec.WaapSpec;
import ch.usp.core.waap.spec.v1.spec.WaapSpecValidationException;
import com.google.protobuf.Any;
import com.google.protobuf.BoolValue;
import com.google.protobuf.Message;
import com.google.protobuf.Struct;
import com.google.protobuf.Value;
import io.envoyproxy.envoy.config.bootstrap.v3.Admin;
import io.envoyproxy.envoy.config.bootstrap.v3.Bootstrap;
import io.envoyproxy.envoy.config.bootstrap.v3.LayeredRuntime;
import io.envoyproxy.envoy.config.bootstrap.v3.RuntimeLayer;
import io.envoyproxy.envoy.config.cluster.v3.Cluster;
import io.envoyproxy.envoy.config.core.v3.Address;
import io.envoyproxy.envoy.config.core.v3.ConfigSource;
import io.envoyproxy.envoy.config.core.v3.DataSource;
import io.envoyproxy.envoy.config.core.v3.Http2ProtocolOptions;
import io.envoyproxy.envoy.config.core.v3.PathConfigSource;
import io.envoyproxy.envoy.config.core.v3.SocketAddress;
import io.envoyproxy.envoy.config.core.v3.WatchedDirectory;
import io.envoyproxy.envoy.config.listener.v3.Filter;
import io.envoyproxy.envoy.config.listener.v3.FilterChain;
import io.envoyproxy.envoy.config.listener.v3.Listener;
import io.envoyproxy.envoy.config.route.v3.RouteConfiguration;
import io.envoyproxy.envoy.config.route.v3.VirtualHost;
import io.envoyproxy.envoy.extensions.filters.http.router.v3.Router;
import io.envoyproxy.envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager;
import io.envoyproxy.envoy.extensions.filters.network.http_connection_manager.v3.HttpFilter;
import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.GenericSecret;
import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.Secret;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Stream;

/* loaded from: input_file:ch/usp/core/waap/spec/v1/render/WaapToEnvoy.class */
public final class WaapToEnvoy {
    public static final String CONFIG_FILES_PATH = "/etc/envoy";
    public static final String ENVOY_CONFIG_FILE = "envoy.yaml";
    public static final String LISTENER_CONFIG_FILE = "lds.yaml";
    public static final String CLUSTER_CONFIG_FILE = "cds.yaml";
    public static final String CORE_WAAP_PREFIX = "core.waap.";
    public static final String CORE_WAAP_CLUSTER_PREFIX = "core.waap.cluster.";
    public static final String CORE_WAAP_LISTENER_NAME = "core.waap.listener";
    public static final int DEFAULT_TIMEOUT_SECS = 5;

    private WaapToEnvoy() {
    }

    public static EnvoyConfigData toEnvoyConfig(WaapSpec waapSpec) {
        if (waapSpec == null) {
            throw new WaapSpecValidationException("Spec must not be null.");
        }
        waapSpec.validate();
        WaapToEnvoyContext build = WaapToEnvoyContext.builder().waapSpec(waapSpec).build();
        List<Cluster> clusters = getClusters(build);
        List<Listener> listeners = getListeners(build);
        String envoyYaml = getEnvoyYaml(build);
        String envoyMessageListToYaml = WaapMapper.envoyMessageListToYaml(clusters);
        String crsInListenersYamlIfEnabled = WaapToCoraza.setCrsInListenersYamlIfEnabled(waapSpec, WaapMapper.envoyMessageListToYaml(listeners));
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(ENVOY_CONFIG_FILE, envoyYaml);
        linkedHashMap.put(CLUSTER_CONFIG_FILE, envoyMessageListToYaml);
        linkedHashMap.put(LISTENER_CONFIG_FILE, crsInListenersYamlIfEnabled);
        WaapToEnvoyHeaders.appendConfigs(waapSpec, linkedHashMap);
        NativeConfigPostProcessing.postProcessNativeConfig(linkedHashMap, waapSpec.getNativeConfigPostProcessing());
        return EnvoyConfigData.builder().configFiles(linkedHashMap).secretFileMounts(build.getSecretFileMounts()).build();
    }

    private static String getEnvoyYaml(WaapToEnvoyContext waapToEnvoyContext) {
        Bootstrap.Builder bootstrapDynamic = getBootstrapDynamic(waapToEnvoyContext);
        addLayeredRuntime(bootstrapDynamic);
        addStaticResources(waapToEnvoyContext, bootstrapDynamic);
        return WaapMapper.envoyToYaml(bootstrapDynamic.build());
    }

    private static Bootstrap.Builder getBootstrapDynamic(WaapToEnvoyContext waapToEnvoyContext) {
        return Bootstrap.newBuilder().setAdmin(Admin.newBuilder().setAddress(Address.newBuilder().setSocketAddress(SocketAddress.newBuilder().setAddress("0.0.0.0").setPortValue(waapToEnvoyContext.getWaapSpec().getOperation().getEffectiveAdminInterfaceService().getEffectivePort()).build()).build()).build()).setNode(EnvoyPrototypes.NODE_PROTOTYPE).setDynamicResources(Bootstrap.DynamicResources.newBuilder().setLdsConfig(ConfigSource.newBuilder().setPathConfigSource(PathConfigSource.newBuilder().setPath("/etc/envoy/lds.yaml").setWatchedDirectory(WatchedDirectory.newBuilder().setPath(CONFIG_FILES_PATH).build()).build()).build()).setCdsConfig(ConfigSource.newBuilder().setPathConfigSource(PathConfigSource.newBuilder().setPath("/etc/envoy/cds.yaml").setWatchedDirectory(WatchedDirectory.newBuilder().setPath(CONFIG_FILES_PATH).build()).build()).build()).build());
    }

    private static void addLayeredRuntime(Bootstrap.Builder builder) {
        builder.setLayeredRuntime(LayeredRuntime.newBuilder().addLayers(RuntimeLayer.newBuilder().setName("core.waap.staticLayer.uhv").setStaticLayer(Struct.newBuilder().putFields("envoy.reloadable_features.enable_universal_header_validator", Value.newBuilder().setBoolValue(true).build()).build()).build()).build());
    }

    private static void addStaticResources(WaapToEnvoyContext waapToEnvoyContext, Bootstrap.Builder builder) {
        if (waapToEnvoyContext.getStaticSecrets().isEmpty()) {
            return;
        }
        Bootstrap.StaticResources.Builder newBuilder = Bootstrap.StaticResources.newBuilder();
        for (Map.Entry<String, String> entry : waapToEnvoyContext.getStaticSecrets().entrySet()) {
            newBuilder.addSecrets(Secret.newBuilder().setName(entry.getKey()).setGenericSecret(GenericSecret.newBuilder().setSecret(DataSource.newBuilder().setInlineString(entry.getValue()).build()).build()).build());
        }
        builder.setStaticResources(newBuilder.build());
    }

    private static List<Cluster> getClusters(WaapToEnvoyContext waapToEnvoyContext) {
        LinkedList linkedList = new LinkedList();
        linkedList.addAll(WaapToEnvoyRoute.getClustersForRoutes(waapToEnvoyContext));
        linkedList.addAll(WaapToEnvoyTrafficProcessing.getClustersForTrafficProcessing(waapToEnvoyContext));
        linkedList.addAll(WaapToEnvoyAuth.getClustersForAuthentication(waapToEnvoyContext));
        return linkedList;
    }

    private static List<Listener> getListeners(WaapToEnvoyContext waapToEnvoyContext) {
        return List.of(Listener.newBuilder().setName(CORE_WAAP_LISTENER_NAME).setAddress(EnvoyPrototypes.newAddressFromSocketAddressAndPort("0.0.0.0", waapToEnvoyContext.getWaapSpec().getOperation().getEffectivePort())).addFilterChains(FilterChain.newBuilder().addFilters(toNamedFilter("http", getHttpConnectionManager(waapToEnvoyContext))).build()).build());
    }

    private static <T extends Message> Filter toNamedFilter(String str, T t) {
        return Filter.newBuilder().setName("core.waap.listener.filters." + str).setTypedConfig(Any.pack(t)).build();
    }

    private static HttpConnectionManager getHttpConnectionManager(WaapToEnvoyContext waapToEnvoyContext) {
        WaapSpec waapSpec = waapToEnvoyContext.getWaapSpec();
        HttpConnectionManager.Builder addAccessLog = HttpConnectionManager.newBuilder().setStatPrefix("core-waap").setCodecType(HttpConnectionManager.CodecType.AUTO).setHttp2ProtocolOptions(Http2ProtocolOptions.newBuilder().build()).setGenerateRequestId(BoolValue.of(true)).addAccessLog(WaapToEnvoyLog.getAccessLog());
        if (waapSpec.isWebsocket()) {
            addAccessLog.addUpgradeConfigs(HttpConnectionManager.UpgradeConfig.newBuilder().setUpgradeType("websocket").build());
        }
        VirtualHost.Builder name = VirtualHost.newBuilder().setName("core.waap.listener.filters.http.routeConfig.virtualHosts");
        List<String> hostnames = waapSpec.getHostnames();
        Objects.requireNonNull(name);
        hostnames.forEach(name::addDomains);
        WaapToEnvoyHeaders.addHeadersScriptDefinition(waapSpec, name);
        WaapToEnvoyResources.addStaticFileResourcesRoutes(waapSpec, name);
        WaapToEnvoyAuth.addTechnicalLocationsRoutes(waapSpec, name);
        Stream filter = waapSpec.getRoutes().stream().map(waapRoute -> {
            return WaapToEnvoyRoute.getRoutes(waapSpec, waapRoute);
        }).flatMap((v0) -> {
            return v0.stream();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        });
        Objects.requireNonNull(name);
        filter.forEach(name::addRoutes);
        addAccessLog.setRouteConfig(RouteConfiguration.newBuilder().addVirtualHosts(name.build()).build());
        LinkedList linkedList = new LinkedList();
        WaapToEnvoyCsrf.addCsrfFilter(waapToEnvoyContext, linkedList);
        WaapToCoraza.addCrsFilterIfEnabled(waapSpec, linkedList);
        WaapToEnvoyResources.addCustomResponseFilterForErrorPagesIfConfigured(waapSpec, linkedList);
        WaapToEnvoyOriginBlocking.addListenerFilterIfConfigured(waapSpec, linkedList);
        WaapToEnvoyHeaders.addHeadersRelatedFilters(waapSpec, linkedList);
        WaapToEnvoyAuth.addAuthRelatedFilters(waapToEnvoyContext, linkedList);
        WaapToEnvoyTrafficProcessing.addTrafficProcessingRelatedFilters(waapToEnvoyContext, linkedList);
        linkedList.add(HttpFilter.newBuilder().setName("core.waap.listener.filters.http.httpFilter.router").setTypedConfig(Any.pack(Router.newBuilder().build())).build());
        Objects.requireNonNull(addAccessLog);
        linkedList.forEach(addAccessLog::addHttpFilters);
        return addAccessLog.build();
    }
}
