package com.atlassian.pipelines.runner.core.configuration.spring;

import brave.Tracing;
import brave.okhttp3.TracingInterceptor;
import ch.qos.logback.core.pattern.color.ANSIConstants;
import com.atlassian.bitbucketci.client.reactive.ImmutableSpringWebServiceClientConfiguration;
import com.atlassian.bitbucketci.client.reactive.SpringWebServiceClientFactory;
import com.atlassian.bitbucketci.client.reactive.retries.RetryStrategies;
import com.atlassian.bitbucketci.client.reactive.retries.RetryStrategy;
import com.atlassian.bitbucketci.common.credential.BitbucketCIJwtConstants;
import com.atlassian.pipelines.dropwizard.hystrix.HystrixConfigurator;
import com.atlassian.pipelines.kubernetes.client.api.Kubernetes;
import com.atlassian.pipelines.kubernetes.client.api.KubernetesObservableOperations;
import com.atlassian.pipelines.kubernetes.client.util.interceptor.AuthorizationHeaderInterceptor;
import com.atlassian.pipelines.kubernetes.client.util.interceptor.LoggingInterceptor;
import com.atlassian.pipelines.kubernetes.core.websocket.OkHttpWebsocketKubernetesObserver;
import com.atlassian.pipelines.media.client.api.MediaServiceClient;
import com.atlassian.pipelines.rest.client.api.RestServiceClient;
import com.atlassian.pipelines.retrofit.adapter.common.api.ExponentialBackoffRetryCallHandler;
import com.atlassian.pipelines.retrofit.adapter.common.api.RetryCallHandler;
import com.atlassian.pipelines.runner.api.RunnerState;
import com.atlassian.pipelines.runner.api.client.SecretProviderClient;
import com.atlassian.pipelines.runner.api.configuration.RunnerConfiguration;
import com.atlassian.pipelines.runner.api.configuration.http.HttpClientConfiguration;
import com.atlassian.pipelines.runner.api.model.kubernetes.ImmutablePodId;
import com.atlassian.pipelines.runner.api.model.kubernetes.PodId;
import com.atlassian.pipelines.runner.api.model.runtime.ImmutableShutdownTimeoutContext;
import com.atlassian.pipelines.runner.api.model.runtime.ShutdownTimeoutContext;
import com.atlassian.pipelines.runner.api.model.runtime.StepRuntimes;
import com.atlassian.pipelines.runner.api.runtime.StepRuntime;
import com.atlassian.pipelines.runner.api.service.RunnerService;
import com.atlassian.pipelines.runner.api.service.StepService;
import com.atlassian.pipelines.runner.core.ApplicationImpl;
import com.atlassian.pipelines.runner.core.client.SecretProviderClientImpl;
import com.atlassian.pipelines.runner.core.configuration.ProxyConfigurer;
import com.atlassian.pipelines.runner.core.configuration.Runtime;
import com.atlassian.pipelines.runner.core.configuration.SystemProperty;
import com.atlassian.pipelines.runner.core.configuration.condition.IsSecretProviderCondition;
import com.atlassian.pipelines.runner.core.configuration.hystrix.RunnerHystrixConfiguration;
import com.atlassian.pipelines.runner.core.configuration.spring.tracing.TracingConfiguration;
import com.atlassian.pipelines.runner.core.runtime.StepRuntimeImpl;
import com.atlassian.pipelines.runner.core.service.OkHttpClientManager;
import com.atlassian.pipelines.stargate.client.api.StargateClient;
import com.atlassian.pipelines.stargate.client.api.auth.oauth.OAuthHeaderInterceptor;
import com.atlassian.pipelines.stargate.client.core.auth.oauth.OAuthHeaderInterceptorImpl;
import com.atlassian.pipelines.websocket.client.api.WebsocketServiceClient;
import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.github.dockerjava.api.DockerClient;
import com.github.dockerjava.core.DefaultDockerClientConfig;
import com.github.dockerjava.core.DockerClientBuilder;
import com.github.dockerjava.netty.NettyDockerCmdExecFactory;
import com.github.mustachejava.DefaultMustacheFactory;
import com.github.mustachejava.MustacheFactory;
import io.netty.channel.ChannelOption;
import io.netty.handler.timeout.WriteTimeoutHandler;
import io.netty.resolver.DefaultAddressResolverGroup;
import java.time.Clock;
import java.time.Duration;
import java.util.concurrent.TimeUnit;
import java.util.function.Consumer;
import okhttp3.Dispatcher;
import okhttp3.OkHttpClient;
import org.springframework.cloud.sleuth.instrument.web.client.TraceExchangeFilterFunction;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.Profile;
import org.springframework.core.env.Environment;
import org.springframework.http.client.reactive.ReactorClientHttpConnector;
import org.springframework.http.codec.json.Jackson2JsonEncoder;
import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
import org.springframework.util.MimeType;
import org.springframework.web.reactive.function.client.ClientRequest;
import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
import org.springframework.web.reactive.function.client.WebClient;
import org.springframework.web.util.DefaultUriBuilderFactory;
import reactor.core.publisher.Mono;
import reactor.netty.http.client.HttpClient;
import reactor.netty.resources.ConnectionProvider;

@Configuration
@ComponentScan(basePackageClasses = {ApplicationImpl.class})
@Import({SpringStorageProviderConfig.class, SpringGcpStorageProviderConfig.class, SpringS3StorageProviderConfig.class, TracingConfiguration.class})
/* loaded from: input_file:com/atlassian/pipelines/runner/core/configuration/spring/SpringConfigurationImpl.class */
public class SpringConfigurationImpl {
    private static final int MEDIA_CLIENT_CACHE = 100;
    private static final String HTTP_USER_AGENT = "pipelines-runner";
    private static final String KUBERNETES_CLIENT_USER_AGENT = "pipelines-kubernetes-agent";
    private static final Duration CONNECTION_MAX_IDLE_TIME = Duration.ofMinutes(2);
    private static final Duration CONNECTION_EVICTION_INTERVAL = Duration.ofMinutes(5);

    @Bean
    public Clock clock() {
        return Clock.systemDefaultZone();
    }

    @Bean
    public HystrixConfigurator hystrixConfigurator() {
        return new HystrixConfigurator(new RunnerHystrixConfiguration());
    }

    @Bean
    public RetryCallHandler retryCallHandler(RunnerConfiguration runnerConfiguration) {
        return ExponentialBackoffRetryCallHandler.newBuilder().setNumberOfTimesToRetry(runnerConfiguration.getHttpRetryConfiguration().getNumberOfTimesToRetry()).setDelayInMilliseconds((int) runnerConfiguration.getHttpRetryConfiguration().getBackoffDelay().toMillis()).build();
    }

    @Bean
    public RetryStrategy retryStrategy(RunnerConfiguration runnerConfiguration) {
        return RetryStrategies.exponentialBackoff(runnerConfiguration.getHttpRetryConfiguration().getNumberOfTimesToRetry(), runnerConfiguration.getHttpRetryConfiguration().getBackoffDelay());
    }

    @DependsOn({ProxyConfigurer.COMPONENT_NAME})
    @Profile({Runtime.Strings.LINUX_SHELL, Runtime.Strings.LINUX_DOCKER, Runtime.Strings.MACOS_BASH, Runtime.Strings.MACOS_TART, Runtime.Strings.WINDOWS_POWERSHELL, Runtime.Strings.ALWAYS_FAIL})
    @Bean
    public WebsocketServiceClient websocketServiceClient(RunnerConfiguration runnerConfiguration, RetryCallHandler retryCallHandler, OkHttpClientManager okHttpClientManager) {
        return WebsocketServiceClient.create(runnerConfiguration.getWebsocketServiceUri(), okHttpClientManager.getClient(), retryCallHandler, true);
    }

    @DependsOn({ProxyConfigurer.COMPONENT_NAME})
    @Profile({Runtime.Strings.LINUX_SHELL, Runtime.Strings.LINUX_DOCKER, Runtime.Strings.MACOS_BASH, Runtime.Strings.MACOS_TART, Runtime.Strings.WINDOWS_POWERSHELL, Runtime.Strings.ALWAYS_FAIL})
    @Bean
    public OAuthHeaderInterceptor oAuthHeaderInterceptor(RunnerConfiguration runnerConfiguration, RetryStrategy retryStrategy) {
        return new OAuthHeaderInterceptorImpl(runnerConfiguration.getOauthClient(), ImmutableSpringWebServiceClientConfiguration.builder().withTimeoutsEnabled(false).withRetryStrategy(retryStrategy).withProxyingEnabled(true).build());
    }

    @DependsOn({ProxyConfigurer.COMPONENT_NAME})
    @Profile({Runtime.Strings.LINUX_SHELL, Runtime.Strings.LINUX_DOCKER, Runtime.Strings.MACOS_BASH, Runtime.Strings.MACOS_TART, Runtime.Strings.WINDOWS_POWERSHELL, Runtime.Strings.ALWAYS_FAIL})
    @Bean
    public StargateClient stargateClient(RunnerConfiguration runnerConfiguration, OAuthHeaderInterceptor oAuthHeaderInterceptor, RetryStrategy retryStrategy, TraceExchangeFilterFunction traceExchangeFilterFunction) {
        return StargateClient.create(SpringWebServiceClientFactory.create(runnerConfiguration.getStargateUri(), (Consumer<WebClient.Builder>) builder -> {
            builder.filter(oAuthHeaderInterceptor.exchangeFilter()).filter(traceExchangeFilterFunction);
        }, ImmutableSpringWebServiceClientConfiguration.builder().withProxyingEnabled(true).withTimeoutsEnabled(true).withRetryStrategy(retryStrategy).build()));
    }

    @Profile({Runtime.Strings.LINUX_KUBERNETES})
    @Bean
    public RestServiceClient restServiceClient(RunnerConfiguration runnerConfiguration, RetryStrategy retryStrategy, TraceExchangeFilterFunction traceExchangeFilterFunction) {
        return RestServiceClient.create(SpringWebServiceClientFactory.create(runnerConfiguration.getRestServiceUri(), configureRestServiceClient(runnerConfiguration, traceExchangeFilterFunction), retryStrategy));
    }

    private Consumer<WebClient.Builder> configureRestServiceClient(RunnerConfiguration runnerConfiguration, TraceExchangeFilterFunction traceExchangeFilterFunction) {
        Consumer consumer = builder -> {
            builder.defaultHeader("User-Agent", HTTP_USER_AGENT).filter(restServiceAuthorizationFilter(runnerConfiguration)).filter(traceExchangeFilterFunction);
        };
        return consumer.andThen(configureWebClientTimeouts(runnerConfiguration.getWebClientConfiguration()));
    }

    private ExchangeFilterFunction restServiceAuthorizationFilter(RunnerConfiguration runnerConfiguration) {
        return ExchangeFilterFunction.ofRequestProcessor(clientRequest -> {
            return Mono.just(withRestServiceAuthorisation(runnerConfiguration, clientRequest));
        });
    }

    private ClientRequest withRestServiceAuthorisation(RunnerConfiguration runnerConfiguration, ClientRequest clientRequest) {
        return ClientRequest.from(clientRequest).headers(httpHeaders -> {
            httpHeaders.add("AuthorizationProvider", BitbucketCIJwtConstants.ISSUER);
            httpHeaders.add("Authorization", "JWT " + runnerConfiguration.getRestServiceClientJwtToken());
        }).build();
    }

    @Bean
    public StepRuntime stepRuntime(StepService stepService, StepRuntimes stepRuntimes, RunnerState runnerState, RunnerService runnerService, RunnerConfiguration runnerConfiguration) {
        return new StepRuntimeImpl(stepService, stepRuntimes, runnerState, runnerService, runnerConfiguration);
    }

    @Bean
    public MustacheFactory mustacheFactory() {
        return new DefaultMustacheFactory();
    }

    @Profile({Runtime.Strings.LINUX_DOCKER})
    @Bean
    public DockerClient dockerClient(RunnerConfiguration runnerConfiguration) {
        return DockerClientBuilder.getInstance(dockerConfig(runnerConfiguration)).withDockerCmdExecFactory(new NettyDockerCmdExecFactory()).build();
    }

    @Profile({Runtime.Strings.LINUX_DOCKER})
    @Bean
    public DefaultDockerClientConfig dockerConfig(RunnerConfiguration runnerConfiguration) {
        return DefaultDockerClientConfig.createDefaultConfigBuilder().withDockerHost(runnerConfiguration.getDockerUri().toString()).build();
    }

    @DependsOn({ProxyConfigurer.COMPONENT_NAME})
    @Bean
    public WebClient webClient(RunnerConfiguration runnerConfiguration, TraceExchangeFilterFunction traceExchangeFilterFunction) {
        WebClient.Builder filter = WebClient.builder().defaultHeader("User-Agent", "Bitbucket Pipelines Agent (Reactor-Netty)").filter(traceExchangeFilterFunction);
        configureWebClientTimeouts(runnerConfiguration.getWebClientConfiguration()).accept(filter);
        return filter.build();
    }

    @Bean
    public WebClient s3WebClient(RunnerConfiguration runnerConfiguration, TraceExchangeFilterFunction traceExchangeFilterFunction) {
        Jackson2JsonEncoder jackson2JsonEncoder = new Jackson2JsonEncoder(Jackson2ObjectMapperBuilder.xml().build(), new MimeType[0]);
        WebClient.Builder filter = WebClient.builder().defaultHeader("User-Agent", HTTP_USER_AGENT).codecs(clientCodecConfigurer -> {
            clientCodecConfigurer.defaultCodecs().jackson2JsonEncoder(jackson2JsonEncoder);
        }).filter(traceExchangeFilterFunction);
        configureWebClientTimeouts(runnerConfiguration.getS3UploadClientConfiguration()).accept(filter);
        return filter.build();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Consumer<WebClient.Builder> configureWebClientTimeouts(HttpClientConfiguration httpClientConfiguration) {
        HttpClient doOnConnected = ((HttpClient) HttpClient.create(ConnectionProvider.builder("runner").maxIdleTime(CONNECTION_MAX_IDLE_TIME).evictInBackground(CONNECTION_EVICTION_INTERVAL).build()).resolver(DefaultAddressResolverGroup.INSTANCE).proxyWithSystemProperties().responseTimeout(httpClientConfiguration.getReadTimeout()).option(ChannelOption.CONNECT_TIMEOUT_MILLIS, Integer.valueOf((int) httpClientConfiguration.getConnectionTimeout().toMillis()))).doOnConnected(connection -> {
            connection.addHandlerLast(new WriteTimeoutHandler((int) httpClientConfiguration.getWriteTimeout().getSeconds()));
        });
        return builder -> {
            builder.clientConnector(new ReactorClientHttpConnector(doOnConnected));
        };
    }

    @Bean
    public ShutdownTimeoutContext shutdownTimeoutContext(Environment environment) {
        Duration ofSeconds = Duration.ofSeconds(Long.parseLong(environment.getProperty(SystemProperty.SHUTDOWN_TIMEOUT_IN_SECONDS.getKey(), ANSIConstants.BLACK_FG)));
        return ImmutableShutdownTimeoutContext.builder().withTimeout(ofSeconds).withTeardownWaitRetryDelay(Duration.ofSeconds(Long.parseLong(environment.getProperty(SystemProperty.SHUTDOWN_TEARDOWN_WAIT_RETRY_IN_SECONDS.getKey(), "1")))).build();
    }

    @Bean(name = {"mediaServiceClientCache"})
    public Cache<String, MediaServiceClient> mediaClientCache() {
        return Caffeine.newBuilder().maximumSize(100L).build();
    }

    @Conditional({IsSecretProviderCondition.class})
    @Bean
    public SecretProviderClient secretProviderClient(RunnerConfiguration runnerConfiguration, WebClient webClient) {
        return (SecretProviderClient) runnerConfiguration.getSecretProviderUri().map(uri -> {
            return new SecretProviderClientImpl(webClient, uri);
        }).orElseThrow(() -> {
            return new IllegalStateException("Secret Provider URI is not defined");
        });
    }

    @Profile({Runtime.Strings.LINUX_KUBERNETES})
    @Bean
    public Kubernetes kubernetes(RunnerConfiguration runnerConfiguration, RetryStrategy retryStrategy, TraceExchangeFilterFunction traceExchangeFilterFunction) {
        return Kubernetes.create(SpringWebServiceClientFactory.create(runnerConfiguration.getKubernetesUri(), (Consumer<WebClient.Builder>) builder -> {
            builder.defaultHeader("User-Agent", KUBERNETES_CLIENT_USER_AGENT).defaultHeader("authorization", "Bearer " + runnerConfiguration.getKubernetesToken()).filter(traceExchangeFilterFunction);
        }, retryStrategy, (Boolean) true));
    }

    @Profile({Runtime.Strings.LINUX_KUBERNETES})
    @Bean
    public KubernetesObservableOperations kubernetesObservableOperations(RunnerConfiguration runnerConfiguration, RetryCallHandler retryCallHandler, Tracing tracing) {
        return new OkHttpWebsocketKubernetesObserver(new OkHttpClient.Builder().addInterceptor(AuthorizationHeaderInterceptor.newInstance(runnerConfiguration.getKubernetesToken())).addInterceptor(LoggingInterceptor.newInstance()).connectTimeout(runnerConfiguration.getHttpClientConfiguration().getConnectionTimeout().toMillis(), TimeUnit.MILLISECONDS).addNetworkInterceptor(TracingInterceptor.create(tracing)).dispatcher(new Dispatcher(tracing.currentTraceContext().executorService(new Dispatcher().executorService()))).build(), retryCallHandler, new DefaultUriBuilderFactory(runnerConfiguration.getKubernetesUri().toString()), true);
    }

    @Profile({Runtime.Strings.LINUX_KUBERNETES})
    @Bean
    public PodId podId(Environment environment) {
        return ImmutablePodId.builder().withNamespace(environment.getProperty(SystemProperty.KUBERNETES_POD_NAMESPACE.getKey())).withName(environment.getProperty(SystemProperty.KUBERNETES_POD_NAME.getKey())).withId(environment.getProperty(SystemProperty.KUBERNETES_POD_ID.getKey())).build();
    }
}
