package com.newrelic.agent.security.intcodeagent.websocket;

import com.newrelic.agent.security.AgentConfig;
import com.newrelic.agent.security.AgentInfo;
import com.newrelic.agent.security.deps.org.apache.commons.lang3.StringUtils;
import com.newrelic.agent.security.deps.org.java_websocket.WebSocket;
import com.newrelic.agent.security.deps.org.java_websocket.WebSocketImpl;
import com.newrelic.agent.security.deps.org.java_websocket.client.WebSocketClient;
import com.newrelic.agent.security.deps.org.java_websocket.drafts.Draft_6455;
import com.newrelic.agent.security.deps.org.java_websocket.framing.Framedata;
import com.newrelic.agent.security.deps.org.java_websocket.handshake.ServerHandshake;
import com.newrelic.agent.security.instrumentator.utils.INRSettingsKey;
import com.newrelic.agent.security.intcodeagent.controlcommand.ControlCommandProcessor;
import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool;
import com.newrelic.agent.security.intcodeagent.filelogging.LogLevel;
import com.newrelic.agent.security.intcodeagent.logging.IAgentConstants;
import com.newrelic.agent.security.intcodeagent.utils.CommonUtils;
import com.newrelic.agent.security.util.IUtilConstants;
import com.newrelic.api.agent.NewRelic;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.time.ZoneId;
import java.util.LinkedList;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:newrelic-security-agent.jar:com/newrelic/agent/security/intcodeagent/websocket/WSClient.class */
public class WSClient extends WebSocketClient {
    private static final FileLoggerThreadPool logger = FileLoggerThreadPool.getInstance();
    public static final String SENDING_EVENT = "sending event: ";
    public static final String UNABLE_TO_SEND_EVENT = "Unable to send event : ";
    public static final String ERROR_IN_WSOCK_CONNECTION = "Error in WSock connection : ";
    public static final String CONNECTION_CLOSED_BY = "Connection closed by ";
    public static final String REMOTE_PEER = "remote peer.";
    public static final String LOCAL = "local.";
    public static final String CODE = " Code: ";
    public static final String REASON = " Reason: ";
    public static final String UNABLE_TO_PROCESS_INCOMING_MESSAGE = "Unable to process incoming message : ";
    public static final String DUE_TO_ERROR = " : due to error : ";
    public static final String RECONNECTING_TO_IC = "Reconnecting to validator";
    public static final String COLON_STRING = " : ";
    public static final String RECEIVED_PING_AT_S_SENDING_PONG = "received ping  at %s sending pong";
    public static final String INCOMING_CONTROL_COMMAND_S = "Incoming control command : %s";
    private static WSClient instance;
    private WebSocketImpl connection;

    private SSLContext createSSLContext() throws Exception {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        LinkedList<X509Certificate> linkedList = new LinkedList();
        Set<X509Certificate> trustedCerts = CustomTrustStoreManagerUtils.getTrustedCerts();
        if (trustedCerts != null) {
            linkedList.addAll(trustedCerts);
        }
        BufferedInputStream bufferedInputStream = new BufferedInputStream(getCaBundleStream());
        Throwable th = null;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (bufferedInputStream.available() > 0) {
                try {
                    linkedList.add((X509Certificate) certificateFactory.generateCertificate(bufferedInputStream));
                } catch (Exception e) {
                    logger.log(LogLevel.SEVERE, "Unable to generate ca certificate. Verify the certificate format. Will not process further certs.", e, WSClient.class.getName());
                }
            }
            logger.log(linkedList.size() > 0 ? LogLevel.INFO : LogLevel.SEVERE, String.format("Found %s certificates.", Integer.valueOf(linkedList.size())), WSClient.class.getName());
            keyStore.load(null, null);
            int i = 1;
            for (X509Certificate x509Certificate : linkedList) {
                if (x509Certificate != null) {
                    String str = "nr_csec_ca_bundle_" + i;
                    keyStore.setCertificateEntry(str, x509Certificate);
                    logger.log(LogLevel.FINER, String.format("Installed CA certificate %s(serial %s) for subjects : %s - %s", str, x509Certificate.getSerialNumber(), x509Certificate.getSubjectDN().getName(), x509Certificate.getSubjectAlternativeNames()), WSClient.class.getName());
                }
                i++;
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
            return sSLContext;
        } finally {
            if (bufferedInputStream != null) {
                if (0 != 0) {
                    try {
                        bufferedInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    bufferedInputStream.close();
                }
            }
        }
    }

    private InputStream getCaBundleStream() throws IOException {
        String str = (String) NewRelic.getAgent().getConfig().getValue(IUtilConstants.NR_SECURITY_CA_BUNDLE_PATH);
        return StringUtils.isNotBlank(str) ? Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0]) : CommonUtils.getResourceStreamFromAgentJar("nr-custom-ca.pem");
    }

    private WSClient() throws URISyntaxException {
        super(new URI(AgentConfig.getInstance().getConfig().getK2ServiceInfo().getValidatorServiceEndpointURL()), new Draft_6455(), null, (int) TimeUnit.SECONDS.toMillis(15L));
        this.connection = null;
        setTcpNoDelay(true);
        setConnectionLostTimeout(30);
        addHeader("NR-CSEC-CONNECTION-TYPE", "LANGUAGE_COLLECTOR");
        addHeader("NR-AGENT-RUN-TOKEN", AgentInfo.getInstance().getLinkingMetadata().getOrDefault(INRSettingsKey.AGENT_RUN_ID_LINKING_METADATA, ""));
        addHeader("NR-LICENSE-KEY", AgentConfig.getInstance().getConfig().getCustomerInfo().getApiAccessorToken());
        addHeader("NR-CSEC-VERSION", AgentInfo.getInstance().getBuildInfo().getCollectorVersion());
        addHeader("NR-CSEC-COLLECTOR-TYPE", "JAVA");
        addHeader("NR-CSEC-BUILD-NUMBER", AgentInfo.getInstance().getBuildInfo().getBuildNumber());
        addHeader("NR-CSEC-MODE", AgentConfig.getInstance().getGroupName());
        addHeader("NR-CSEC-APP-UUID", AgentInfo.getInstance().getApplicationUUID());
        addHeader("NR-CSEC-JSON-VERSION", AgentInfo.getInstance().getBuildInfo().getJsonVersion());
        addHeader("NR-ACCOUNT-ID", AgentConfig.getInstance().getConfig().getCustomerInfo().getAccountId());
        addHeader("NR-CSEC-IAST-DATA-TRANSFER-MODE", "PULL");
        if (StringUtils.startsWithIgnoreCase(AgentConfig.getInstance().getConfig().getK2ServiceInfo().getValidatorServiceEndpointURL(), "wss:")) {
            try {
                setSocketFactory(createSSLContext().getSocketFactory());
            } catch (Exception e) {
                logger.log(LogLevel.SEVERE, String.format("Error creating socket factory message : %s , cause : %s", e.getMessage(), e.getCause()), WSClient.class.getName());
                logger.log(LogLevel.FINER, "Error creating socket factory", e, WSClient.class.getName());
            }
        }
    }

    @Override // com.newrelic.agent.security.deps.org.java_websocket.client.WebSocketClient
    public void addHeader(String str, String str2) {
        String str3 = str2;
        if (StringUtils.equals(str, "NR-LICENSE-KEY")) {
            str3 = StringUtils.substring(str2, 0, 4) + "-******-" + StringUtils.substring(str2, str2.length() - 7);
        }
        logger.log(LogLevel.INFO, String.format("Adding WS connection header: %s -> %s", str, str3), WSClient.class.getName());
        super.addHeader(str, str2);
    }

    public void openConnection() throws InterruptedException {
        connectBlocking(30L, TimeUnit.SECONDS);
        WebSocket connection = getConnection();
        if (connection instanceof WebSocketImpl) {
            this.connection = (WebSocketImpl) connection;
        }
    }

    @Override // com.newrelic.agent.security.deps.org.java_websocket.client.WebSocketClient
    public void onOpen(ServerHandshake serverHandshake) {
        logger.logInit(LogLevel.INFO, String.format(IAgentConstants.INIT_WS_CONNECTION, AgentConfig.getInstance().getConfig().getK2ServiceInfo().getValidatorServiceEndpointURL()), WSClient.class.getName());
        logger.logInit(LogLevel.INFO, String.format(IAgentConstants.SENDING_APPLICATION_INFO_ON_WS_CONNECT, AgentInfo.getInstance().getApplicationInfo()), WSClient.class.getName());
        super.send(JsonConverter.toJSON(AgentInfo.getInstance().getApplicationInfo()));
        WSUtils.getInstance().setReconnecting(false);
        synchronized (WSUtils.getInstance()) {
            WSUtils.getInstance().notifyAll();
        }
        WSUtils.getInstance().setConnected(true);
        logger.logInit(LogLevel.INFO, String.format(IAgentConstants.APPLICATION_INFO_SENT_ON_WS_CONNECT, AgentInfo.getInstance().getApplicationInfo()), WSClient.class.getName());
    }

    @Override // com.newrelic.agent.security.deps.org.java_websocket.client.WebSocketClient
    public void onMessage(String str) {
        try {
            if (logger.isLogLevelEnabled(LogLevel.FINEST)) {
                logger.log(LogLevel.FINEST, String.format(INCOMING_CONTROL_COMMAND_S, str), getClass().getName());
            }
            ControlCommandProcessor.processControlCommand(str, System.currentTimeMillis());
        } catch (Throwable th) {
            logger.log(LogLevel.SEVERE, UNABLE_TO_PROCESS_INCOMING_MESSAGE + str + DUE_TO_ERROR, th, WSClient.class.getName());
        }
    }

    @Override // com.newrelic.agent.security.deps.org.java_websocket.client.WebSocketClient
    public void onClose(int i, String str, boolean z) {
        WSUtils.getInstance().setConnected(false);
        logger.log(LogLevel.WARNING, CONNECTION_CLOSED_BY + (z ? REMOTE_PEER : LOCAL) + CODE + i + REASON + str, WSClient.class.getName());
        if (i == -1 || i == 1008 || i == 1000 || i == 1002) {
            return;
        }
        WSReconnectionST.getInstance().submitNewTaskSchedule(15);
    }

    @Override // com.newrelic.agent.security.deps.org.java_websocket.client.WebSocketClient
    public void onError(Exception exc) {
        logger.logInit(LogLevel.SEVERE, String.format(IAgentConstants.WS_CONNECTION_UNSUCCESSFUL_INFO, AgentConfig.getInstance().getConfig().getK2ServiceInfo().getValidatorServiceEndpointURL(), exc.toString(), exc.getCause()), WSClient.class.getName());
        logger.log(LogLevel.FINER, String.format(IAgentConstants.WS_CONNECTION_UNSUCCESSFUL, AgentConfig.getInstance().getConfig().getK2ServiceInfo().getValidatorServiceEndpointURL()), exc, WSClient.class.getName());
    }

    @Override // com.newrelic.agent.security.deps.org.java_websocket.client.WebSocketClient, com.newrelic.agent.security.deps.org.java_websocket.WebSocket
    public void send(String str) {
        if (StringUtils.isBlank(str)) {
            return;
        }
        if (!isOpen()) {
            logger.log(LogLevel.FINER, UNABLE_TO_SEND_EVENT + str, WSClient.class.getName());
        } else {
            logger.log(LogLevel.FINER, SENDING_EVENT + str, WSClient.class.getName());
            super.send(str);
        }
    }

    @Override // com.newrelic.agent.security.deps.org.java_websocket.WebSocketAdapter, com.newrelic.agent.security.deps.org.java_websocket.WebSocketListener
    public void onWebsocketPing(WebSocket webSocket, Framedata framedata) {
        logger.log(LogLevel.FINER, String.format(RECEIVED_PING_AT_S_SENDING_PONG, Instant.now().atZone(ZoneId.of("UTC")).toLocalTime()), WSClient.class.getName());
        if (this.connection != null) {
            this.connection.updateLastPong();
        }
        super.onWebsocketPing(webSocket, framedata);
    }

    public static WSClient getInstance() throws URISyntaxException, InterruptedException {
        if (instance == null) {
            instance = new WSClient();
        }
        return instance;
    }

    public static WSClient reconnectWSClient() throws URISyntaxException, InterruptedException {
        logger.log(LogLevel.WARNING, RECONNECTING_TO_IC, WSClient.class.getName());
        if (instance != null && instance.isOpen()) {
            instance.closeBlocking();
        }
        instance = new WSClient();
        instance.openConnection();
        return instance;
    }

    public static void shutDownWSClient() {
        logger.log(LogLevel.WARNING, "Disconnecting WS client", WSClient.class.getName());
        if (instance != null) {
            instance.close();
        }
        instance = null;
    }

    public static void tryWebsocketConnection(int i) {
        try {
            int i2 = i;
            reconnectWSClient();
            while (true) {
                if (i >= 0 && i2 <= 0) {
                    break;
                }
                try {
                } catch (Throwable th) {
                    logger.log(LogLevel.SEVERE, IAgentConstants.ERROR_OCCURED_WHILE_TRYING_TO_CONNECT_TO_WSOCKET, th, WSClient.class.getName());
                    logger.postLogMessageIfNecessary(LogLevel.SEVERE, IAgentConstants.ERROR_OCCURED_WHILE_TRYING_TO_CONNECT_TO_WSOCKET, th, WSClient.class.getName());
                }
                if (WSUtils.isConnected()) {
                    break;
                }
                i2--;
                logger.logInit(LogLevel.INFO, String.format("WS client connection failed will retry after %s second(s)", 15), WSClient.class.getName());
                TimeUnit.SECONDS.sleep(15);
                reconnectWSClient();
            }
            if (WSUtils.isConnected()) {
            } else {
                throw new RuntimeException("Websocket not connected!!!");
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
