package org.jgroups.protocols.kubernetes;

import infinispan.com.mchange.v2.c3p0.cfg.C3P0Config;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.logging.log4j.core.net.TcpSocketManager;
import org.jgroups.Address;
import org.jgroups.Event;
import org.jgroups.Message;
import org.jgroups.PhysicalAddress;
import org.jgroups.annotations.MBean;
import org.jgroups.annotations.ManagedOperation;
import org.jgroups.annotations.Property;
import org.jgroups.conf.ClassConfigurator;
import org.jgroups.protocols.Discovery;
import org.jgroups.protocols.PingData;
import org.jgroups.protocols.PingHeader;
import org.jgroups.protocols.TP;
import org.jgroups.protocols.kubernetes.stream.BaseStreamProvider;
import org.jgroups.protocols.kubernetes.stream.CertificateStreamProvider;
import org.jgroups.protocols.kubernetes.stream.InsecureStreamProvider;
import org.jgroups.stack.IpAddress;
import org.jgroups.util.NameCache;
import org.jgroups.util.Responses;

@MBean(description = "Kubernetes based discovery protocol")
/* loaded from: input_file:WEB-INF/lib/infinispan-embedded-9.1.6.Final.jar:org/jgroups/protocols/kubernetes/KUBE_PING.class */
public class KUBE_PING extends Discovery {
    protected static final short KUBERNETES_PING_ID = 2017;

    @Property(description = "The URL of the Kubernetes server", systemProperty = {"KUBERNETES_SERVICE_HOST"})
    protected String masterHost;

    @Property(description = "The port on which the Kubernetes server is listening", systemProperty = {"KUBERNETES_SERVICE_PORT"})
    protected int masterPort;

    @Property(description = "The labels to use in the discovery request to the Kubernetes server", systemProperty = {"KUBERNETES_LABELS"})
    protected String labels;

    @Property(description = "Certificate to access the Kubernetes server", systemProperty = {"KUBERNETES_CLIENT_CERTIFICATE_FILE"})
    protected String clientCertFile;

    @Property(description = "Client key file (store)", systemProperty = {"KUBERNETES_CLIENT_KEY_FILE"})
    protected String clientKeyFile;

    @Property(description = "The password to access the client key store", systemProperty = {"KUBERNETES_CLIENT_KEY_PASSWORD"})
    protected String clientKeyPassword;

    @Property(description = "Client CA certificate", systemProperty = {"KUBERNETES_CA_CERTIFICATE_FILE"})
    protected String caCertFile;

    @Property(description = "Dumps all discovery requests and responses to the Kubernetes server to stdout when true")
    protected boolean dump_requests;

    @Property(description = "The standard behavior during Rolling Update is to put all Pods in the same cluster. In cases (application level incompatibility) this causes problems. One might decide to split clusters to 'old' and 'new' during that process")
    protected boolean split_clusters_during_rolling_update;
    protected Client client;
    protected int tp_bind_port;

    @Property(description = "Number of additional ports to be probed for membership. A port_range of 0 does not probe additional ports. Example: initial_hosts=A[7800] port_range=0 probes A:7800, port_range=1 probes A:7800 and A:7801")
    protected int port_range = 1;

    @Property(description = "Max time (in millis) to wait for a connection to the Kubernetes server. If exceeded, an exception will be thrown", systemProperty = {"KUBERNETES_CONNECT_TIMEOUT"})
    protected int connectTimeout = 5000;

    @Property(description = "Max time (in millis) to wait for a response from the Kubernetes server", systemProperty = {"KUBERNETES_READ_TIMEOUT"})
    protected int readTimeout = TcpSocketManager.DEFAULT_RECONNECTION_DELAY_MILLIS;

    @Property(description = "Max number of attempts to send discovery requests", systemProperty = {"KUBERNETES_OPERATION_ATTEMPTS"})
    protected int operationAttempts = 3;

    @Property(description = "Time (in millis) between operation attempts", systemProperty = {"KUBERNETES_OPERATION_SLEEP"})
    protected long operationSleep = 1000;

    @Property(description = "https (default) or http. Used to send the initial discovery request to the Kubernetes server", systemProperty = {"KUBERNETES_MASTER_PROTOCOL"})
    protected String masterProtocol = "https";

    @Property(description = "The version of the protocol to the Kubernetes server", systemProperty = {"KUBERNETES_API_VERSION"})
    protected String apiVersion = "v1";

    @Property(description = "namespace", systemProperty = {"KUBERNETES_NAMESPACE"})
    protected String namespace = C3P0Config.DEFAULT_CONFIG_NAME;

    @Property(description = "The algorithm used by the client", systemProperty = {"KUBERNETES_CLIENT_KEY_ALGO"})
    protected String clientKeyAlgo = "RSA";

    @Property(description = "Token file", systemProperty = {"SA_TOKEN_FILE"})
    protected String saTokenFile = "/var/run/secrets/kubernetes.io/serviceaccount/token";

    @Override // org.jgroups.protocols.Discovery
    public boolean isDynamic() {
        return false;
    }

    public void setMasterHost(String str) {
        this.masterHost = str;
    }

    public void setMasterPort(int i) {
        this.masterPort = i;
    }

    public void setNamespace(String str) {
        this.namespace = str;
    }

    protected boolean isClusteringEnabled() {
        return this.namespace != null;
    }

    @Override // org.jgroups.protocols.Discovery, org.jgroups.stack.Protocol
    public void init() throws Exception {
        BaseStreamProvider insecureStreamProvider;
        super.init();
        TP transport = getTransport();
        this.tp_bind_port = transport.getBindPort();
        if (this.tp_bind_port <= 0) {
            throw new IllegalArgumentException(String.format("%s only works with  %s.bind_port > 0", KUBE_PING.class.getSimpleName(), transport.getClass().getSimpleName()));
        }
        if (this.namespace == null) {
            this.log.warn("namespace not set; clustering disabled");
            return;
        }
        this.log.info("namespace %s set; clustering enabled", this.namespace);
        HashMap hashMap = new HashMap();
        if (this.clientCertFile != null) {
            if (this.masterProtocol == null) {
                this.masterProtocol = "http";
            }
            insecureStreamProvider = new CertificateStreamProvider(this.clientCertFile, this.clientKeyFile, this.clientKeyPassword, this.clientKeyAlgo, this.caCertFile);
        } else {
            String readFileToString = Utils.readFileToString(this.saTokenFile);
            if (readFileToString != null) {
                hashMap.put("Authorization", "Bearer " + readFileToString);
            }
            insecureStreamProvider = new InsecureStreamProvider();
        }
        this.client = new Client(String.format("%s://%s:%s/api/%s", this.masterProtocol, this.masterHost, Integer.valueOf(this.masterPort), this.apiVersion), hashMap, this.connectTimeout, this.readTimeout, this.operationAttempts, this.operationSleep, insecureStreamProvider, this.log);
        this.log.debug("KubePING configuration: " + toString());
    }

    @Override // org.jgroups.stack.Protocol
    public void destroy() {
        this.client = null;
        super.destroy();
    }

    @Override // org.jgroups.protocols.Discovery
    public void findMembers(List<Address> list, boolean z, Responses responses) {
        Collection collection;
        List<Pod> readAll = readAll();
        ArrayList<PhysicalAddress> arrayList = new ArrayList(readAll != null ? readAll.size() : 16);
        PhysicalAddress physicalAddress = null;
        PingData pingData = null;
        if (!this.use_ip_addrs || !z) {
            physicalAddress = (PhysicalAddress) down(new Event(87, this.local_addr));
            pingData = new PingData(this.local_addr, false, NameCache.get(this.local_addr), physicalAddress);
            if (list != null && list.size() <= this.max_members_in_discovery_request) {
                pingData.mbrs(list);
            }
        }
        if (readAll != null) {
            if (this.log.isTraceEnabled()) {
                this.log.trace("%s: hosts fetched from Kubernetes: %s", this.local_addr, readAll);
            }
            for (Pod pod : readAll) {
                for (int i = 0; i <= this.port_range; i++) {
                    try {
                        IpAddress ipAddress = new IpAddress(pod.getIp(), this.tp_bind_port + i);
                        if (!arrayList.contains(ipAddress)) {
                            arrayList.add(ipAddress);
                        }
                    } catch (Exception e) {
                        this.log.warn("failed translating host %s into InetAddress: %s", pod, e);
                    }
                }
            }
        }
        if (this.use_disk_cache && (collection = (Collection) this.down_prot.down(new Event(102))) != null) {
            Stream filter = collection.stream().filter(physicalAddress2 -> {
                return !arrayList.contains(physicalAddress2);
            });
            arrayList.getClass();
            filter.forEach((v1) -> {
                r1.add(v1);
            });
        }
        if (this.split_clusters_during_rolling_update) {
            if (physicalAddress != null) {
                String hostAddress = ((IpAddress) physicalAddress).getIpAddress().getHostAddress();
                String str = (String) readAll.stream().filter(pod2 -> {
                    return hostAddress.contains(pod2.getIp());
                }).map((v0) -> {
                    return v0.getParentDeployment();
                }).findFirst().orElse(null);
                if (str != null) {
                    Set set = (Set) readAll.stream().filter(pod3 -> {
                        return str.equals(pod3.getParentDeployment());
                    }).map((v0) -> {
                        return v0.getIp();
                    }).collect(Collectors.toSet());
                    Iterator it = arrayList.iterator();
                    while (it.hasNext()) {
                        IpAddress ipAddress2 = (IpAddress) it.next();
                        if (!set.contains(ipAddress2.getIpAddress().getHostAddress())) {
                            this.log.trace("removing pod %s from cluster members list since its parent domain is different than senders (%s). Allowed hosts: %s", ipAddress2, str, set);
                            it.remove();
                        }
                    }
                } else {
                    this.log.warn("split_clusters_during_rolling_update is set to 'true' but can't obtain local node parent deployment. All nodes will be placed in the same cluster.");
                }
            } else {
                this.log.warn("split_clusters_during_rolling_update is set to 'true' but can't obtain local node IP address. All nodes will be placed in the same cluster.");
            }
        }
        if (this.log.isTraceEnabled()) {
            this.log.trace("%s: sending discovery requests to %s", this.local_addr, arrayList);
        }
        PingHeader initialDiscovery = new PingHeader((byte) 1).clusterName(this.cluster_name).initialDiscovery(z);
        for (PhysicalAddress physicalAddress3 : arrayList) {
            if (physicalAddress == null || !physicalAddress3.equals(physicalAddress)) {
                Message putHeader = new Message(physicalAddress3).setFlag(Message.Flag.INTERNAL, Message.Flag.DONT_BUNDLE, Message.Flag.OOB).putHeader(this.id, initialDiscovery);
                if (pingData != null) {
                    putHeader.setBuffer(marshal(pingData));
                }
                if (this.async_discovery_use_separate_thread_per_request) {
                    this.timer.execute(() -> {
                        sendDiscoveryRequest(putHeader);
                    }, this.sends_can_block);
                } else {
                    sendDiscoveryRequest(putHeader);
                }
            }
        }
    }

    @ManagedOperation(description = "Asks Kubernetes for the IP addresses of all pods")
    public String fetchFromKube() {
        return readAll().toString();
    }

    protected List<Pod> readAll() {
        if (isClusteringEnabled() && this.client != null) {
            try {
                return this.client.getPods(this.namespace, this.labels, this.dump_requests);
            } catch (Exception e) {
                this.log.warn("failed getting JSON response from Kubernetes %s for cluster [%s], namespace [%s], labels [%s]; encountered [%s: %s]", this.client.info(), this.cluster_name, this.namespace, this.labels, e.getClass().getName(), e.getMessage());
            }
        }
        return Collections.emptyList();
    }

    protected void sendDiscoveryRequest(Message message) {
        try {
            this.down_prot.down(message);
        } catch (Throwable th) {
            this.log.trace("sending discovery request to %s failed: %s", message.dest(), th);
        }
    }

    public String toString() {
        return String.format("KubePing{namespace='%s', labels='%s'}", this.namespace, this.labels);
    }

    static {
        ClassConfigurator.addProtocol((short) 2017, KUBE_PING.class);
    }
}
