package com.rplees.iproxy.local.handler;

import com.rplees.iproxy.crt.CertPool;
import com.rplees.iproxy.intercept.func.auth.AuthContext;
import com.rplees.iproxy.intercept.func.auth.AuthProvider;
import com.rplees.iproxy.local.RuntimeOption;
import com.rplees.iproxy.proto.Proto;
import com.rplees.iproxy.proto.ProtoUtil;
import com.rplees.iproxy.utils.ChannelUtils;
import io.netty.buffer.ByteBuf;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.channel.embedded.EmbeddedChannel;
import io.netty.handler.codec.http.DefaultFullHttpResponse;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpObjectAggregator;
import io.netty.handler.codec.http.HttpRequest;
import io.netty.handler.codec.http.HttpRequestEncoder;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpVersion;
import io.netty.handler.codec.http.websocketx.WebSocketServerProtocolHandler;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.util.ReferenceCountUtil;
import java.net.InetSocketAddress;
import java.security.cert.X509Certificate;
import java.util.concurrent.atomic.LongAdder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/rplees/iproxy/local/handler/GuessIfHandler.class */
public class GuessIfHandler extends ChannelInboundHandlerAdapter {
    static final int SSL_CONTENT_TYPE_HANDSHAKE = 22;
    RuntimeOption option;
    Proto proto;
    static final /* synthetic */ boolean $assertionsDisabled;
    private final Logger log = LoggerFactory.getLogger(getClass());
    LongAdder adder = new LongAdder();
    boolean ssl = false;
    boolean decrypted = false;
    boolean interested = false;
    boolean prepareHandshake = false;

    public GuessIfHandler(RuntimeOption runtimeOption) {
        this.option = runtimeOption;
    }

    /* JADX WARN: Type inference failed for: r0v118, types: [com.rplees.iproxy.intercept.func.auth.AuthToken] */
    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
        this.adder.increment();
        this.log.debug("第[{}]步, 消息类型: {}, CHANNEL: {}", new Object[]{Long.valueOf(this.adder.longValue()), obj.getClass(), channelHandlerContext.channel()});
        if (!(obj instanceof FullHttpRequest)) {
            if (!(obj instanceof ByteBuf)) {
                throw new RuntimeException("未知消息信息:" + obj);
            }
            ByteBuf byteBuf = (ByteBuf) obj;
            if (ProtoUtil.isHttp(byteBuf)) {
                this.log.debug("发现HTTP协议");
                channelHandlerContext.channel().pipeline().addFirst(RuntimeOption.HTTP_CODEC, this.option.httpServerCodec());
                channelHandlerContext.channel().pipeline().addAfter(RuntimeOption.HTTP_CODEC, RuntimeOption.AGGREGATOR_INTERNAL, new HttpObjectAggregator(this.option.getMaxContentLength()));
                channelHandlerContext.pipeline().fireChannelRead(obj);
                return;
            }
            if (!this.prepareHandshake || byteBuf.getByte(0) != SSL_CONTENT_TYPE_HANDSHAKE) {
                throw new RuntimeException("识别失败~~~");
            }
            this.ssl = true;
            this.log.debug("SSL握手阶段");
            if (!this.interested) {
                this.log.debug("标记本次不感兴趣~~~");
                completeAndGoOn(channelHandlerContext, obj);
                return;
            }
            if (!this.option.isSsl()) {
                this.log.debug("SSL没开启");
                completeAndGoOn(channelHandlerContext, obj);
                return;
            }
            this.decrypted = true;
            this.log.debug("设置SSL-decrypted已解码");
            channelHandlerContext.pipeline().addFirst(RuntimeOption.SSL_HANDLER, SslContextBuilder.forServer(this.option.getSslOption().getDynamicKeyPair().getPrivate(), new X509Certificate[]{CertPool.getCert(Integer.valueOf(((InetSocketAddress) channelHandlerContext.channel().localAddress()).getPort()), this.proto.host(), this.option.getSslOption())}).build().newHandler(channelHandlerContext.alloc()));
            channelHandlerContext.channel().pipeline().addAfter(RuntimeOption.SSL_HANDLER, RuntimeOption.HTTP_CODEC, this.option.httpServerCodec());
            channelHandlerContext.channel().pipeline().addAfter(RuntimeOption.HTTP_CODEC, RuntimeOption.AGGREGATOR_INTERNAL, new HttpObjectAggregator(this.option.getMaxContentLength()));
            channelHandlerContext.pipeline().fireChannelRead(obj);
            return;
        }
        HttpRequest httpRequest = (HttpRequest) obj;
        if (this.decrypted) {
            ProtoUtil.fill(httpRequest, (Proto.HttpProto) this.proto);
            completeAndGoOn(channelHandlerContext, obj);
            this.log.debug("握手后进一步确认: {}", this.proto);
            return;
        }
        this.proto = ProtoUtil.base(httpRequest);
        this.log.debug("协议Base Proto: {}", this.proto);
        if (!this.option.getGlobalEventHandler().accept(channelHandlerContext.channel(), this.proto)) {
            this.log.debug("Not Acceptable");
            channelHandlerContext.channel().writeAndFlush(new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, HttpResponseStatus.NOT_ACCEPTABLE));
            ChannelUtils.channelClose(channelHandlerContext.channel());
            ReferenceCountUtil.release(obj);
            return;
        }
        if (this.option.getAuthProvider() != null) {
            AuthProvider<?> authProvider = this.option.getAuthProvider();
            if (authProvider.matches(httpRequest)) {
                ?? authenticate = authProvider.authenticate(httpRequest);
                if (authenticate == 0) {
                    this.log.debug("Unauthorized");
                    DefaultFullHttpResponse defaultFullHttpResponse = new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, RuntimeOption.UNAUTHORIZED);
                    defaultFullHttpResponse.headers().set(HttpHeaderNames.PROXY_AUTHENTICATE, authProvider.authType() + " realm=\"" + authProvider.authRealm() + "\"");
                    channelHandlerContext.writeAndFlush(defaultFullHttpResponse);
                    ChannelUtils.channelClose(channelHandlerContext.channel());
                    ReferenceCountUtil.release(obj);
                    return;
                }
                AuthContext.setToken(channelHandlerContext.channel(), authenticate);
            }
        }
        this.interested = this.option.getGlobalEventHandler().interested(channelHandlerContext.channel(), this.proto);
        if (!HttpMethod.CONNECT.name().equalsIgnoreCase(httpRequest.method().name())) {
            ProtoUtil.fill(httpRequest, (Proto.HttpProto) this.proto);
            completeAndGoOn(channelHandlerContext, obj);
            this.log.debug("发现HTTP协议:{}", this.proto);
        } else {
            this.log.debug("SSL CONNECT代理应答成功 ");
            channelHandlerContext.writeAndFlush(new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, RuntimeOption.CONNECTION_ESTABLISHED));
            ReferenceCountUtil.release(obj);
            channelHandlerContext.pipeline().remove(RuntimeOption.HTTP_CODEC);
            channelHandlerContext.pipeline().remove(RuntimeOption.AGGREGATOR_INTERNAL);
            this.prepareHandshake = true;
        }
    }

    protected void completeAndGoOn(ChannelHandlerContext channelHandlerContext, Object obj) {
        if (!$assertionsDisabled && this.proto == null) {
            throw new AssertionError();
        }
        this.proto.complete(this.ssl, this.decrypted, this.interested);
        channelHandlerContext.channel().attr(RuntimeOption.PROTO_ATTR_KEY).set(this.proto);
        channelHandlerContext.pipeline().remove(this);
        if (channelHandlerContext.pipeline().get(RuntimeOption.HTTP_CODEC) != null) {
            channelHandlerContext.pipeline().remove(RuntimeOption.HTTP_CODEC);
        }
        if (channelHandlerContext.pipeline().get(RuntimeOption.AGGREGATOR_INTERNAL) != null) {
            channelHandlerContext.pipeline().remove(RuntimeOption.AGGREGATOR_INTERNAL);
        }
        Proto.ProtoType guessProtoType = this.proto.guessProtoType();
        if (guessProtoType == Proto.ProtoType.HTTP) {
            channelHandlerContext.pipeline().addLast(RuntimeOption.HTTP_CODEC, this.option.httpServerCodec());
            channelHandlerContext.pipeline().addAfter(RuntimeOption.HTTP_CODEC, RuntimeOption.HTTP_HANDLER, new HttpHandler(this.option));
        } else if (guessProtoType == Proto.ProtoType.WEBSORKET) {
            channelHandlerContext.pipeline().addLast(RuntimeOption.HTTP_CODEC, this.option.httpServerCodec());
            channelHandlerContext.pipeline().addAfter(RuntimeOption.HTTP_CODEC, RuntimeOption.AGGREGATOR_INTERNAL, new HttpObjectAggregator(this.option.getMaxContentLength()));
            channelHandlerContext.pipeline().addAfter(RuntimeOption.AGGREGATOR_INTERNAL, RuntimeOption.WEBSOCKET_PROTOCOL_HANDLER, new WebSocketServerProtocolHandler(((Proto.HttpProto) this.proto).uri()));
            channelHandlerContext.pipeline().addAfter(RuntimeOption.WEBSOCKET_PROTOCOL_HANDLER, RuntimeOption.WEBSOCKET_HANDLER, new WebSocketHandler(this.option));
        } else {
            channelHandlerContext.pipeline().addLast(RuntimeOption.TUNNEL_HANDLER, new TunnelHandler(this.option));
        }
        this.ssl = false;
        this.decrypted = false;
        this.interested = false;
        this.log.info("SSLGuessHandler Completed, Bye Bye, Guessed pipline's: {}", channelHandlerContext.pipeline());
        Object obj2 = obj;
        if (guessProtoType == Proto.ProtoType.TUNNEL && !(obj instanceof ByteBuf)) {
            EmbeddedChannel embeddedChannel = new EmbeddedChannel();
            embeddedChannel.pipeline().addFirst(new ChannelHandler[]{new HttpRequestEncoder()});
            embeddedChannel.writeOutbound(new Object[]{obj});
            obj2 = (ByteBuf) embeddedChannel.readOutbound();
        }
        channelHandlerContext.pipeline().fireChannelRead(obj2);
    }

    static {
        $assertionsDisabled = !GuessIfHandler.class.desiredAssertionStatus();
    }
}
