package brooklyn.entity.proxy.nginx;

import brooklyn.entity.proxy.ProxySslConfig;
import brooklyn.util.text.Strings;
import com.google.common.collect.LinkedHashMultimap;
import java.util.Collection;
import java.util.Iterator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:brooklyn/entity/proxy/nginx/NginxDefaultConfigGenerator.class */
public class NginxDefaultConfigGenerator implements NginxConfigFileGenerator {
    private static final Logger LOG = LoggerFactory.getLogger(NginxDefaultConfigGenerator.class);

    @Override // brooklyn.entity.proxy.nginx.NginxConfigFileGenerator
    public String generateConfigFile(NginxDriver nginxDriver, NginxController nginxController) {
        StringBuilder sb = new StringBuilder();
        sb.append("\n");
        sb.append(String.format("pid %s;\n", nginxDriver.getPidFile()));
        sb.append("events {\n");
        sb.append("  worker_connections 8196;\n");
        sb.append("}\n");
        sb.append("http {\n");
        ProxySslConfig sslConfig = nginxController.getSslConfig();
        if (nginxController.isSsl()) {
            verifyConfig(sslConfig);
            appendSslConfig("global", sb, "    ", sslConfig, true, true);
        }
        if (nginxController.getDomain() != null || nginxController.getServerPoolAddresses() == null || nginxController.getServerPoolAddresses().isEmpty()) {
            sb.append("  server {\n");
            sb.append(getCodeForServerConfig());
            sb.append("    listen " + nginxController.getPort() + ";\n");
            sb.append(getCodeFor404());
            sb.append("  }\n");
        }
        if (nginxController.getServerPoolAddresses() != null && nginxController.getServerPoolAddresses().size() > 0) {
            sb.append(String.format("  upstream " + nginxController.getId() + " {\n", new Object[0]));
            if (nginxController.isSticky()) {
                sb.append("    sticky;\n");
            }
            Iterator<String> it = nginxController.getServerPoolAddresses().iterator();
            while (it.hasNext()) {
                sb.append("    server " + it.next() + ";\n");
            }
            sb.append("  }\n");
            sb.append("  server {\n");
            sb.append(getCodeForServerConfig());
            sb.append("    listen " + nginxController.getPort() + ";\n");
            if (nginxController.getDomain() != null) {
                sb.append("    server_name " + nginxController.getDomain() + ";\n");
            }
            sb.append("    location / {\n");
            sb.append("      proxy_pass " + ((sslConfig == null || !sslConfig.getTargetIsSsl()) ? "http" : "https") + "://" + nginxController.getId() + ";\n");
            sb.append("    }\n");
            sb.append("  }\n");
        }
        Iterable<UrlMapping> urlMappings = nginxController.getUrlMappings();
        LinkedHashMultimap create = LinkedHashMultimap.create();
        for (UrlMapping urlMapping : urlMappings) {
            Collection collection = (Collection) urlMapping.getAttribute(UrlMapping.TARGET_ADDRESSES);
            if (collection != null && collection.size() > 0) {
                create.put(urlMapping.getDomain(), urlMapping);
            }
        }
        for (UrlMapping urlMapping2 : urlMappings) {
            Collection collection2 = (Collection) urlMapping2.getAttribute(UrlMapping.TARGET_ADDRESSES);
            if (collection2 != null && collection2.size() > 0) {
                sb.append(String.format("  upstream " + urlMapping2.getUniqueLabel() + " {\n", new Object[0]));
                if (nginxController.isSticky()) {
                    sb.append("    sticky;\n");
                }
                Iterator it2 = collection2.iterator();
                while (it2.hasNext()) {
                    sb.append("    server " + ((String) it2.next()) + ";\n");
                }
                sb.append("  }\n");
            }
        }
        for (String str : create.keySet()) {
            sb.append("  server {\n");
            sb.append(getCodeForServerConfig());
            sb.append("    listen " + nginxController.getPort() + ";\n");
            sb.append("    server_name " + str + ";\n");
            boolean z = false;
            ProxySslConfig proxySslConfig = null;
            for (UrlMapping urlMapping3 : create.get(str)) {
                ProxySslConfig proxySslConfig2 = (ProxySslConfig) urlMapping3.getConfig(UrlMapping.SSL_CONFIG);
                if (proxySslConfig2 != null) {
                    verifyConfig(proxySslConfig2);
                    if (proxySslConfig != null) {
                        if (!proxySslConfig.equals(proxySslConfig2)) {
                            LOG.warn("{} mapping {} provides SSL config for {} when a different config had already been provided by another mapping, ignoring this one", new Object[]{this, urlMapping3, str});
                        }
                    } else if (sslConfig == null) {
                        proxySslConfig = proxySslConfig2;
                    } else if (!sslConfig.equals(proxySslConfig2)) {
                        LOG.warn("{} mapping {} provides SSL config for {} when a different config had been provided at root nginx scope, ignoring this one", new Object[]{this, urlMapping3, str});
                    }
                }
            }
            if (proxySslConfig != null) {
                appendSslConfig(str, sb, "    ", proxySslConfig, true, true);
            }
            for (UrlMapping urlMapping4 : create.get(str)) {
                boolean z2 = urlMapping4.getPath() == null || urlMapping4.getPath().length() == 0 || urlMapping4.getPath().equals("/");
                if (z2 && z) {
                    LOG.warn("" + this + " mapping " + urlMapping4 + " provides a duplicate / proxy, ignoring");
                } else {
                    z |= z2;
                    sb.append("    location " + (z2 ? "/" : "~ " + urlMapping4.getPath()) + " {\n");
                    Collection<UrlRewriteRule> collection3 = (Collection) urlMapping4.getConfig(UrlMapping.REWRITES);
                    if (collection3 != null && collection3.size() > 0) {
                        for (UrlRewriteRule urlRewriteRule : collection3) {
                            sb.append("      rewrite \"^" + urlRewriteRule.getFrom() + "$\" \"" + urlRewriteRule.getTo() + "\"");
                            if (urlRewriteRule.isBreak()) {
                                sb.append(" break");
                            }
                            sb.append(" ;\n");
                        }
                    }
                    sb.append("      proxy_pass " + ((proxySslConfig == null || !proxySslConfig.getTargetIsSsl()) ? (proxySslConfig == null && sslConfig != null && sslConfig.getTargetIsSsl()) ? "https" : "http" : "https") + "://" + urlMapping4.getUniqueLabel() + " ;\n");
                    sb.append("    }\n");
                }
            }
            if (!z) {
                sb.append("    location / { \n" + getCodeFor404() + "    }\n");
            }
            sb.append("  }\n");
        }
        sb.append("}\n");
        return sb.toString();
    }

    protected String getCodeForServerConfig() {
        return "    server_tokens off;\n    proxy_set_header Host $http_host;\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n    proxy_set_header X-Real-IP $remote_addr;\n";
    }

    protected String getCodeFor404() {
        return "    return 404;\n";
    }

    protected void verifyConfig(ProxySslConfig proxySslConfig) {
        if (Strings.isEmpty(proxySslConfig.getCertificateDestination()) && Strings.isEmpty(proxySslConfig.getCertificateSourceUrl())) {
            throw new IllegalStateException("ProxySslConfig can't have a null certificateDestination and null certificateSourceUrl. One or both need to be set");
        }
    }

    protected boolean appendSslConfig(String str, StringBuilder sb, String str2, ProxySslConfig proxySslConfig, boolean z, boolean z2) {
        if (proxySslConfig == null) {
            return false;
        }
        if (z) {
            sb.append(str2);
            sb.append("ssl on;\n");
        }
        if (proxySslConfig.getReuseSessions()) {
            sb.append(str2);
            sb.append("");
        }
        if (!z2) {
            return true;
        }
        String certificateDestination = Strings.isEmpty(proxySslConfig.getCertificateDestination()) ? "" + str + ".crt" : proxySslConfig.getCertificateDestination();
        sb.append(str2);
        sb.append("ssl_certificate " + certificateDestination + ";\n");
        String keyDestination = !Strings.isEmpty(proxySslConfig.getKeyDestination()) ? proxySslConfig.getKeyDestination() : !Strings.isEmpty(proxySslConfig.getKeySourceUrl()) ? "" + str + ".key" : null;
        if (keyDestination != null) {
            sb.append(str2);
            sb.append("ssl_certificate_key " + keyDestination + ";\n");
        }
        sb.append("ssl_protocols TLSv1 TLSv1.1 TLSv1.2;\n");
        return true;
    }
}
