package org.apache.hadoop.hbase.rest;

import com.fasterxml.jackson.jaxrs.json.JacksonJaxbJsonProvider;
import edu.umd.cs.findbugs.annotations.SuppressWarnings;
import java.lang.management.ManagementFactory;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ArrayBlockingQueue;
import javax.servlet.DispatcherType;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseConfiguration;
import org.apache.hadoop.hbase.http.ClickjackingPreventionFilter;
import org.apache.hadoop.hbase.http.HttpServerUtil;
import org.apache.hadoop.hbase.http.InfoServer;
import org.apache.hadoop.hbase.http.SecurityHeadersFilter;
import org.apache.hadoop.hbase.log.HBaseMarkers;
import org.apache.hadoop.hbase.rest.filter.AuthFilter;
import org.apache.hadoop.hbase.rest.filter.GzipFilter;
import org.apache.hadoop.hbase.rest.filter.RestCsrfPreventionFilter;
import org.apache.hadoop.hbase.security.UserProvider;
import org.apache.hadoop.hbase.util.DNS;
import org.apache.hadoop.hbase.util.Pair;
import org.apache.hadoop.hbase.util.ReflectionUtils;
import org.apache.hadoop.hbase.util.Strings;
import org.apache.hadoop.hbase.util.VersionInfo;
import org.apache.hbase.thirdparty.com.google.common.base.Preconditions;
import org.apache.hbase.thirdparty.org.apache.commons.cli.CommandLine;
import org.apache.hbase.thirdparty.org.apache.commons.cli.HelpFormatter;
import org.apache.hbase.thirdparty.org.apache.commons.cli.Options;
import org.apache.hbase.thirdparty.org.apache.commons.cli.ParseException;
import org.apache.hbase.thirdparty.org.apache.commons.cli.PosixParser;
import org.apache.yetus.audience.InterfaceAudience;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.jmx.MBeanContainer;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.servlet.ServletContainer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.LimitedPrivate({"Tools"})
/* loaded from: input_file:org/apache/hadoop/hbase/rest/RESTServer.class */
public class RESTServer implements Constants {
    static final String REST_CSRF_ENABLED_KEY = "hbase.rest.csrf.enabled";
    static final boolean REST_CSRF_ENABLED_DEFAULT = false;
    boolean restCSRFEnabled = false;
    static final String REST_CSRF_CUSTOM_HEADER_KEY = "hbase.rest.csrf.custom.header";
    static final String REST_CSRF_CUSTOM_HEADER_DEFAULT = "X-XSRF-HEADER";
    static final String REST_CSRF_METHODS_TO_IGNORE_KEY = "hbase.rest.csrf.methods.to.ignore";
    static final String REST_CSRF_METHODS_TO_IGNORE_DEFAULT = "GET,OPTIONS,HEAD,TRACE";
    public static final String SKIP_LOGIN_KEY = "hbase.rest.skip.login";
    static final int DEFAULT_HTTP_MAX_HEADER_SIZE = 65536;
    private static final String PATH_SPEC_ANY = "/*";
    static final String REST_HTTP_ALLOW_OPTIONS_METHOD = "hbase.rest.http.allow.options.method";
    static final String REST_CSRF_BROWSER_USERAGENTS_REGEX_KEY = "hbase.rest-csrf.browser-useragents-regex";
    private final UserProvider userProvider;
    private Server server;
    private InfoServer infoServer;
    static Logger LOG = LoggerFactory.getLogger("RESTServer");
    private static boolean REST_HTTP_ALLOW_OPTIONS_METHOD_DEFAULT = true;

    @SuppressWarnings(value = {"ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD", "MS_CANNOT_BE_FINAL"}, justification = "For testing")
    public static Configuration conf = null;

    public RESTServer(Configuration configuration) {
        conf = configuration;
        this.userProvider = UserProvider.instantiate(configuration);
    }

    private static void printUsageAndExit(Options options, int i) {
        new HelpFormatter().printHelp("hbase rest start", "", options, "\nTo run the REST server as a daemon, execute hbase-daemon.sh start|stop rest [--infoport <port>] [-p <port>] [-ro]\n", true);
        System.exit(i);
    }

    void addCSRFFilter(ServletContextHandler servletContextHandler, Configuration configuration) {
        this.restCSRFEnabled = configuration.getBoolean(REST_CSRF_ENABLED_KEY, false);
        if (this.restCSRFEnabled) {
            Map<String, String> filterParams = RestCsrfPreventionFilter.getFilterParams(configuration, "hbase.rest-csrf.");
            FilterHolder filterHolder = new FilterHolder();
            filterHolder.setName("csrf");
            filterHolder.setClassName(RestCsrfPreventionFilter.class.getName());
            filterHolder.setInitParameters(filterParams);
            servletContextHandler.addFilter(filterHolder, PATH_SPEC_ANY, EnumSet.allOf(DispatcherType.class));
        }
    }

    private void addClickjackingPreventionFilter(ServletContextHandler servletContextHandler, Configuration configuration) {
        FilterHolder filterHolder = new FilterHolder();
        filterHolder.setName("clickjackingprevention");
        filterHolder.setClassName(ClickjackingPreventionFilter.class.getName());
        filterHolder.setInitParameters(ClickjackingPreventionFilter.getDefaultParameters(configuration));
        servletContextHandler.addFilter(filterHolder, PATH_SPEC_ANY, EnumSet.allOf(DispatcherType.class));
    }

    private void addSecurityHeadersFilter(ServletContextHandler servletContextHandler, Configuration configuration) {
        FilterHolder filterHolder = new FilterHolder();
        filterHolder.setName("securityheaders");
        filterHolder.setClassName(SecurityHeadersFilter.class.getName());
        filterHolder.setInitParameters(SecurityHeadersFilter.getDefaultParameters(configuration));
        servletContextHandler.addFilter(filterHolder, PATH_SPEC_ANY, EnumSet.allOf(DispatcherType.class));
    }

    private static Pair<FilterHolder, Class<? extends ServletContainer>> loginServerPrincipal(UserProvider userProvider, Configuration configuration) throws Exception {
        if (userProvider.isHadoopSecurityEnabled() && userProvider.isHBaseSecurityEnabled()) {
            String domainNamePointerToHostName = Strings.domainNamePointerToHostName(DNS.getDefaultHost(configuration.get(Constants.REST_DNS_INTERFACE, "default"), configuration.get(Constants.REST_DNS_NAMESERVER, "default")));
            String str = configuration.get(Constants.REST_KEYTAB_FILE);
            Preconditions.checkArgument((str == null || str.isEmpty()) ? false : true, "hbase.rest.keytab.file should be set if security is enabled");
            String str2 = configuration.get(Constants.REST_KERBEROS_PRINCIPAL);
            Preconditions.checkArgument((str2 == null || str2.isEmpty()) ? false : true, "hbase.rest.kerberos.principal should be set if security is enabled");
            if (!configuration.getBoolean(SKIP_LOGIN_KEY, false)) {
                userProvider.login(Constants.REST_KEYTAB_FILE, Constants.REST_KERBEROS_PRINCIPAL, domainNamePointerToHostName);
            }
            if (configuration.get(Constants.REST_AUTHENTICATION_TYPE) != null) {
                FilterHolder filterHolder = new FilterHolder();
                filterHolder.setClassName(AuthFilter.class.getName());
                filterHolder.setName("AuthenticationFilter");
                return new Pair<>(filterHolder, RESTServletContainer.class);
            }
        }
        return new Pair<>((Object) null, ServletContainer.class);
    }

    private static void parseCommandLine(String[] strArr, Configuration configuration) {
        Options options = new Options();
        options.addOption("p", "port", true, "Port to bind to [default: 8080]");
        options.addOption("ro", "readonly", false, "Respond only to GET HTTP method requests [default: false]");
        options.addOption((String) null, "infoport", true, "Port for web UI");
        CommandLine commandLine = REST_CSRF_ENABLED_DEFAULT;
        try {
            commandLine = new PosixParser().parse(options, strArr);
        } catch (ParseException e) {
            LOG.error("Could not parse: ", e);
            printUsageAndExit(options, -1);
        }
        if (commandLine != null && commandLine.hasOption("port")) {
            String optionValue = commandLine.getOptionValue("port");
            configuration.setInt("hbase.rest.port", Integer.parseInt(optionValue));
            if (LOG.isDebugEnabled()) {
                LOG.debug("port set to " + optionValue);
            }
        }
        if (commandLine != null && commandLine.hasOption("readonly")) {
            configuration.setBoolean("hbase.rest.readonly", true);
            if (LOG.isDebugEnabled()) {
                LOG.debug("readonly set to true");
            }
        }
        if (commandLine != null && commandLine.hasOption("infoport")) {
            String optionValue2 = commandLine.getOptionValue("infoport");
            configuration.setInt("hbase.rest.info.port", Integer.parseInt(optionValue2));
            if (LOG.isDebugEnabled()) {
                LOG.debug("Web UI port set to " + optionValue2);
            }
        }
        if (commandLine != null && commandLine.hasOption("skipLogin")) {
            configuration.setBoolean(SKIP_LOGIN_KEY, true);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Skipping Kerberos login for REST server");
            }
        }
        List argList = commandLine != null ? commandLine.getArgList() : new ArrayList();
        if (argList.size() != 1) {
            printUsageAndExit(options, 1);
        }
        String str = (String) argList.get(REST_CSRF_ENABLED_DEFAULT);
        if ("start".equals(str)) {
            return;
        }
        if ("stop".equals(str)) {
            System.exit(1);
        } else {
            printUsageAndExit(options, 1);
        }
    }

    public synchronized void run() throws Exception {
        ServerConnector serverConnector;
        Pair<FilterHolder, Class<? extends ServletContainer>> loginServerPrincipal = loginServerPrincipal(this.userProvider, conf);
        FilterHolder filterHolder = (FilterHolder) loginServerPrincipal.getFirst();
        Class cls = (Class) loginServerPrincipal.getSecond();
        RESTServlet rESTServlet = RESTServlet.getInstance(conf, this.userProvider);
        ServletHolder servletHolder = new ServletHolder((ServletContainer) ReflectionUtils.newInstance(cls, new Object[]{new ResourceConfig().packages(new String[]{"org.apache.hadoop.hbase.rest"}).register(JacksonJaxbJsonProvider.class)}));
        int i = rESTServlet.getConfiguration().getInt(Constants.REST_THREAD_POOL_THREADS_MAX, 100);
        int i2 = rESTServlet.getConfiguration().getInt(Constants.REST_THREAD_POOL_THREADS_MIN, 2);
        int i3 = rESTServlet.getConfiguration().getInt(Constants.REST_THREAD_POOL_TASK_QUEUE_SIZE, -1);
        int i4 = rESTServlet.getConfiguration().getInt(Constants.REST_THREAD_POOL_THREAD_IDLE_TIMEOUT, 60000);
        this.server = new Server(i3 > 0 ? new QueuedThreadPool(i, i2, i4, new ArrayBlockingQueue(i3)) : new QueuedThreadPool(i, i2, i4));
        MBeanContainer mBeanContainer = new MBeanContainer(ManagementFactory.getPlatformMBeanServer());
        this.server.addEventListener(mBeanContainer);
        this.server.addBean(mBeanContainer);
        String str = rESTServlet.getConfiguration().get("hbase.rest.host", "0.0.0.0");
        int i5 = rESTServlet.getConfiguration().getInt("hbase.rest.port", Constants.DEFAULT_LISTEN_PORT);
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setSecureScheme("https");
        httpConfiguration.setSecurePort(i5);
        httpConfiguration.setHeaderCacheSize(DEFAULT_HTTP_MAX_HEADER_SIZE);
        httpConfiguration.setRequestHeaderSize(DEFAULT_HTTP_MAX_HEADER_SIZE);
        httpConfiguration.setResponseHeaderSize(DEFAULT_HTTP_MAX_HEADER_SIZE);
        httpConfiguration.setSendServerVersion(false);
        httpConfiguration.setSendDateHeader(false);
        if (conf.getBoolean(Constants.REST_SSL_ENABLED, false)) {
            HttpConfiguration httpConfiguration2 = new HttpConfiguration(httpConfiguration);
            httpConfiguration2.addCustomizer(new SecureRequestCustomizer());
            SslContextFactory sslContextFactory = new SslContextFactory();
            String str2 = conf.get(Constants.REST_SSL_KEYSTORE_STORE);
            String str3 = conf.get(Constants.REST_SSL_KEYSTORE_TYPE);
            String password = HBaseConfiguration.getPassword(conf, Constants.REST_SSL_KEYSTORE_PASSWORD, (String) null);
            String password2 = HBaseConfiguration.getPassword(conf, Constants.REST_SSL_KEYSTORE_KEYPASSWORD, password);
            sslContextFactory.setKeyStorePath(str2);
            if (StringUtils.isNotBlank(str3)) {
                sslContextFactory.setKeyStoreType(str3);
            }
            sslContextFactory.setKeyStorePassword(password);
            sslContextFactory.setKeyManagerPassword(password2);
            String str4 = conf.get(Constants.REST_SSL_TRUSTSTORE_STORE);
            if (StringUtils.isNotBlank(str4)) {
                sslContextFactory.setTrustStorePath(str4);
            }
            String password3 = HBaseConfiguration.getPassword(conf, Constants.REST_SSL_TRUSTSTORE_PASSWORD, (String) null);
            if (StringUtils.isNotBlank(password3)) {
                sslContextFactory.setTrustStorePassword(password3);
            }
            String str5 = conf.get(Constants.REST_SSL_TRUSTSTORE_TYPE);
            if (StringUtils.isNotBlank(str5)) {
                sslContextFactory.setTrustStoreType(str5);
            }
            String[] strings = rESTServlet.getConfiguration().getStrings(Constants.REST_SSL_EXCLUDE_CIPHER_SUITES, ArrayUtils.EMPTY_STRING_ARRAY);
            if (strings.length != 0) {
                sslContextFactory.setExcludeCipherSuites(strings);
            }
            String[] strings2 = rESTServlet.getConfiguration().getStrings(Constants.REST_SSL_INCLUDE_CIPHER_SUITES, ArrayUtils.EMPTY_STRING_ARRAY);
            if (strings2.length != 0) {
                sslContextFactory.setIncludeCipherSuites(strings2);
            }
            String[] strings3 = rESTServlet.getConfiguration().getStrings(Constants.REST_SSL_EXCLUDE_PROTOCOLS, ArrayUtils.EMPTY_STRING_ARRAY);
            if (strings3.length != 0) {
                sslContextFactory.setExcludeProtocols(strings3);
            }
            String[] strings4 = rESTServlet.getConfiguration().getStrings(Constants.REST_SSL_INCLUDE_PROTOCOLS, ArrayUtils.EMPTY_STRING_ARRAY);
            if (strings4.length != 0) {
                sslContextFactory.setIncludeProtocols(strings4);
            }
            serverConnector = new ServerConnector(this.server, new ConnectionFactory[]{new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.toString()), new HttpConnectionFactory(httpConfiguration2)});
        } else {
            serverConnector = new ServerConnector(this.server, new ConnectionFactory[]{new HttpConnectionFactory(httpConfiguration)});
        }
        int i6 = rESTServlet.getConfiguration().getInt(Constants.REST_CONNECTOR_ACCEPT_QUEUE_SIZE, -1);
        if (i6 >= 0) {
            serverConnector.setAcceptQueueSize(i6);
        }
        serverConnector.setPort(i5);
        serverConnector.setHost(str);
        this.server.addConnector(serverConnector);
        this.server.setStopAtShutdown(true);
        ServletContextHandler servletContextHandler = new ServletContextHandler(this.server, "/", 1);
        servletContextHandler.addServlet(servletHolder, PATH_SPEC_ANY);
        if (filterHolder != null) {
            servletContextHandler.addFilter(filterHolder, PATH_SPEC_ANY, EnumSet.of(DispatcherType.REQUEST));
        }
        String[] strings5 = rESTServlet.getConfiguration().getStrings(Constants.FILTER_CLASSES, new String[]{GzipFilter.class.getName()});
        int length = strings5.length;
        for (int i7 = REST_CSRF_ENABLED_DEFAULT; i7 < length; i7++) {
            servletContextHandler.addFilter(strings5[i7].trim(), PATH_SPEC_ANY, EnumSet.of(DispatcherType.REQUEST));
        }
        addCSRFFilter(servletContextHandler, conf);
        addClickjackingPreventionFilter(servletContextHandler, conf);
        addSecurityHeadersFilter(servletContextHandler, conf);
        HttpServerUtil.constrainHttpMethods(servletContextHandler, rESTServlet.getConfiguration().getBoolean(REST_HTTP_ALLOW_OPTIONS_METHOD, REST_HTTP_ALLOW_OPTIONS_METHOD_DEFAULT));
        int i8 = conf.getInt("hbase.rest.info.port", 8085);
        if (i8 >= 0) {
            conf.setLong("startcode", System.currentTimeMillis());
            this.infoServer = new InfoServer("rest", conf.get("hbase.rest.info.bindAddress", "0.0.0.0"), i8, false, conf);
            this.infoServer.setAttribute("hbase.conf", conf);
            this.infoServer.start();
        }
        this.server.start();
    }

    public synchronized void join() throws Exception {
        if (this.server == null) {
            throw new IllegalStateException("Server is not running");
        }
        this.server.join();
    }

    public synchronized void stop() throws Exception {
        if (this.server == null) {
            throw new IllegalStateException("Server is not running");
        }
        this.server.stop();
        this.server = null;
        RESTServlet.stop();
    }

    public synchronized int getPort() {
        if (this.server == null) {
            throw new IllegalStateException("Server is not running");
        }
        return this.server.getConnectors()[REST_CSRF_ENABLED_DEFAULT].getLocalPort();
    }

    public synchronized int getInfoPort() {
        if (this.infoServer == null) {
            throw new IllegalStateException("InfoServer is not running");
        }
        return this.infoServer.getPort();
    }

    public Configuration getConf() {
        return conf;
    }

    public static void main(String[] strArr) throws Exception {
        LOG.info("***** STARTING service '" + RESTServer.class.getSimpleName() + "' *****");
        VersionInfo.logVersion();
        Configuration create = HBaseConfiguration.create();
        parseCommandLine(strArr, create);
        RESTServer rESTServer = new RESTServer(create);
        try {
            rESTServer.run();
            rESTServer.join();
        } catch (Exception e) {
            LOG.error(HBaseMarkers.FATAL, "Failed to start server", e);
            System.exit(1);
        }
        LOG.info("***** STOPPING service '" + RESTServer.class.getSimpleName() + "' *****");
    }
}
