package org.apache.hadoop.yarn.server.webproxy;

import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.net.InetAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.nio.charset.Charset;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.UriBuilder;
import org.apache.hadoop.io.IOUtils;
import org.apache.hadoop.yarn.api.records.ApplicationId;
import org.apache.hadoop.yarn.api.records.ApplicationReport;
import org.apache.hadoop.yarn.client.cli.ClusterCLI;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.exceptions.ApplicationNotFoundException;
import org.apache.hadoop.yarn.exceptions.YarnException;
import org.apache.hadoop.yarn.server.webproxy.AppReportFetcher;
import org.apache.hadoop.yarn.util.Apps;
import org.apache.hadoop.yarn.util.StringHelper;
import org.apache.hadoop.yarn.util.TrackingUriPlugin;
import org.apache.hadoop.yarn.webapp.MimeType;
import org.apache.hadoop.yarn.webapp.hamlet.Hamlet;
import org.apache.hadoop.yarn.webapp.hamlet.HamletImpl;
import org.apache.hadoop.yarn.webapp.hamlet.HamletSpec;
import org.apache.hadoop.yarn.webapp.util.WebAppUtils;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.impl.client.DefaultHttpClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.class */
public class WebAppProxyServlet extends HttpServlet {
    private static final long serialVersionUID = 1;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) WebAppProxyServlet.class);
    private static final Set<String> passThroughHeaders = new HashSet(Arrays.asList("User-Agent", "Accept", "Accept-Encoding", "Accept-Language", "Accept-Charset"));
    public static final String PROXY_USER_COOKIE_NAME = "proxy-user";
    private transient YarnConfiguration conf = new YarnConfiguration();
    private transient List<TrackingUriPlugin> trackingUriPlugins = this.conf.getInstances(YarnConfiguration.YARN_TRACKING_URL_GENERATOR, TrackingUriPlugin.class);
    private final String rmAppPageUrlBase = StringHelper.pjoin(WebAppUtils.getResolvedRMWebAppURLWithScheme(this.conf), ClusterCLI.CMD, "app");
    private final String ahsAppPageUrlBase = StringHelper.pjoin(WebAppUtils.getHttpSchemePrefix(this.conf) + WebAppUtils.getAHSWebAppURLWithoutScheme(this.conf), "applicationhistory", "apps");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet$Page.class */
    public static class Page extends Hamlet {
        Page(PrintWriter printWriter) {
            super(printWriter, 0, false);
        }

        public Hamlet.HTML<_> html() {
            return new Hamlet.HTML<>("html", null, EnumSet.of(HamletImpl.EOpt.ENDTAG));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet$_.class */
    public static class _ implements HamletSpec._ {
        private _() {
        }
    }

    private static void notFound(HttpServletResponse httpServletResponse, String str) throws IOException {
        ProxyUtils.notFound(httpServletResponse, str);
    }

    private static void warnUserPage(HttpServletResponse httpServletResponse, String str, String str2, ApplicationId applicationId) throws IOException {
        httpServletResponse.addCookie(makeCheckCookie(applicationId, false));
        httpServletResponse.setContentType(MimeType.HTML);
        new Page(httpServletResponse.getWriter()).html().h1("WARNING: The following page may not be safe!").h3()._("click ").a(str, "here")._(" to continue to an Application Master web interface owned by ", str2)._()._();
    }

    private static void proxyLink(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, URI uri, Cookie cookie, String str) throws IOException {
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        defaultHttpClient.getParams().setParameter("http.protocol.cookie-policy", "compatibility").setBooleanParameter("http.protocol.allow-circular-redirects", true);
        InetAddress byName = InetAddress.getByName(str);
        if (LOG.isDebugEnabled()) {
            LOG.debug("local InetAddress for proxy host: {}", byName);
        }
        defaultHttpClient.getParams().setParameter("http.route.local-address", byName);
        HttpGet httpGet = new HttpGet(uri);
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str2 = (String) headerNames.nextElement();
            if (passThroughHeaders.contains(str2)) {
                String header = httpServletRequest.getHeader(str2);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("REQ HEADER: {} : {}", str2, header);
                }
                httpGet.setHeader(str2, header);
            }
        }
        String remoteUser = httpServletRequest.getRemoteUser();
        if (remoteUser != null && !remoteUser.isEmpty()) {
            httpGet.setHeader("Cookie", "proxy-user=" + URLEncoder.encode(remoteUser, "ASCII"));
        }
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        try {
            HttpResponse execute = defaultHttpClient.execute((HttpUriRequest) httpGet);
            httpServletResponse.setStatus(execute.getStatusLine().getStatusCode());
            for (Header header2 : execute.getAllHeaders()) {
                httpServletResponse.setHeader(header2.getName(), header2.getValue());
            }
            if (cookie != null) {
                httpServletResponse.addCookie(cookie);
            }
            InputStream content = execute.getEntity().getContent();
            if (content != null) {
                IOUtils.copyBytes(content, (OutputStream) outputStream, 4096, true);
            }
        } finally {
            httpGet.releaseConnection();
        }
    }

    private static String getCheckCookieName(ApplicationId applicationId) {
        return "checked_" + applicationId;
    }

    private static Cookie makeCheckCookie(ApplicationId applicationId, boolean z) {
        Cookie cookie = new Cookie(getCheckCookieName(applicationId), String.valueOf(z));
        cookie.setPath(ProxyUriUtils.getPath(applicationId));
        cookie.setMaxAge(7200);
        return cookie;
    }

    private boolean isSecurityEnabled() {
        Boolean bool = (Boolean) getServletContext().getAttribute(WebAppProxy.IS_SECURITY_ENABLED_ATTRIBUTE);
        if (bool != null) {
            return bool.booleanValue();
        }
        return false;
    }

    private AppReportFetcher.FetchedAppReport getApplicationReport(ApplicationId applicationId) throws IOException, YarnException {
        return ((AppReportFetcher) getServletContext().getAttribute(WebAppProxy.FETCHER_ATTRIBUTE)).getApplicationReport(applicationId);
    }

    private String getProxyHost() throws IOException {
        return (String) getServletContext().getAttribute(WebAppProxy.PROXY_HOST_ATTRIBUTE);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.servlet.http.HttpServlet
    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        try {
            boolean z = false;
            boolean booleanValue = Boolean.valueOf(httpServletRequest.getParameter(ProxyUriUtils.PROXY_APPROVAL_PARAM)).booleanValue();
            boolean isSecurityEnabled = isSecurityEnabled();
            String remoteUser = httpServletRequest.getRemoteUser();
            String pathInfo = httpServletRequest.getPathInfo();
            String[] split = pathInfo.split("/", 3);
            if (split.length < 2) {
                LOG.warn("{} gave an invalid proxy path {}", remoteUser, pathInfo);
                notFound(httpServletResponse, "Your path appears to be formatted incorrectly.");
                return;
            }
            String str = split[1];
            String str2 = split.length > 2 ? split[2] : "";
            ApplicationId appID = Apps.toAppID(str);
            if (appID == null) {
                LOG.warn("{} attempting to access {} that is invalid", remoteUser, str);
                notFound(httpServletResponse, str + " appears to be formatted incorrectly.");
                return;
            }
            if (isSecurityEnabled) {
                String checkCookieName = getCheckCookieName(appID);
                Cookie[] cookies = httpServletRequest.getCookies();
                if (cookies != null) {
                    int length = cookies.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        Cookie cookie = cookies[i];
                        if (checkCookieName.equals(cookie.getName())) {
                            z = true;
                            booleanValue = booleanValue || Boolean.valueOf(cookie.getValue()).booleanValue();
                        } else {
                            i++;
                        }
                    }
                }
            }
            boolean z2 = isSecurityEnabled && !(z && booleanValue);
            AppReportFetcher.FetchedAppReport fetchedAppReport = null;
            ApplicationReport applicationReport = null;
            try {
                fetchedAppReport = getApplicationReport(appID);
                if (fetchedAppReport != null) {
                    if (fetchedAppReport.getAppReportSource() != AppReportFetcher.AppReportSource.RM && fetchedAppReport.getAppReportSource() != AppReportFetcher.AppReportSource.AHS) {
                        throw new UnsupportedOperationException("Application report not fetched from RM or history server.");
                    }
                    applicationReport = fetchedAppReport.getApplicationReport();
                }
            } catch (ApplicationNotFoundException e) {
                applicationReport = null;
            }
            if (applicationReport == null) {
                LOG.warn("{} attempting to access {} that was not found", remoteUser, appID);
                URI uriFromTrackingPlugins = ProxyUriUtils.getUriFromTrackingPlugins(appID, this.trackingUriPlugins);
                if (uriFromTrackingPlugins != null) {
                    ProxyUtils.sendRedirect(httpServletRequest, httpServletResponse, uriFromTrackingPlugins.toString());
                    return;
                } else {
                    notFound(httpServletResponse, "Application " + str + " could not be found in RM or history server");
                    return;
                }
            }
            String originalTrackingUrl = applicationReport.getOriginalTrackingUrl();
            if (originalTrackingUrl == null || originalTrackingUrl.equals(YarnConfiguration.DEFAULT_APPLICATION_NAME) || originalTrackingUrl.equals("")) {
                if (fetchedAppReport.getAppReportSource() == AppReportFetcher.AppReportSource.RM) {
                    LOG.debug("Original tracking url is '{}'. Redirecting to RM app page", originalTrackingUrl == null ? "NULL" : originalTrackingUrl);
                    ProxyUtils.sendRedirect(httpServletRequest, httpServletResponse, StringHelper.pjoin(this.rmAppPageUrlBase, appID.toString()));
                    return;
                } else {
                    if (fetchedAppReport.getAppReportSource() == AppReportFetcher.AppReportSource.AHS) {
                        LOG.debug("Original tracking url is '{}'. Redirecting to AHS app page", originalTrackingUrl == null ? "NULL" : originalTrackingUrl);
                        ProxyUtils.sendRedirect(httpServletRequest, httpServletResponse, StringHelper.pjoin(this.ahsAppPageUrlBase, appID.toString()));
                        return;
                    }
                    return;
                }
            }
            URI uriFromAMUrl = ProxyUriUtils.getSchemeFromUrl(originalTrackingUrl).isEmpty() ? ProxyUriUtils.getUriFromAMUrl(WebAppUtils.getHttpSchemePrefix(this.conf), originalTrackingUrl) : new URI(originalTrackingUrl);
            String user = applicationReport.getUser();
            if (z2 && !user.equals(remoteUser)) {
                LOG.info("Asking {} if they want to connect to the app master GUI of {} owned by {}", remoteUser, str, user);
                warnUserPage(httpServletResponse, ProxyUriUtils.getPathAndQuery(appID, str2, httpServletRequest.getQueryString(), true), user, appID);
                return;
            }
            List<NameValuePair> parse = URLEncodedUtils.parse(httpServletRequest.getQueryString(), (Charset) null);
            UriBuilder fromUri = UriBuilder.fromUri(uriFromAMUrl);
            for (NameValuePair nameValuePair : parse) {
                fromUri.queryParam(nameValuePair.getName(), nameValuePair.getValue());
            }
            URI build = fromUri.path(str2).build(new Object[0]);
            LOG.info("{} is accessing unchecked {} which is the app master GUI of {} owned by {}", remoteUser, build, str, user);
            switch (applicationReport.getYarnApplicationState()) {
                case KILLED:
                case FINISHED:
                case FAILED:
                    ProxyUtils.sendRedirect(httpServletRequest, httpServletResponse, build.toString());
                    return;
                default:
                    Cookie cookie2 = null;
                    if (z && booleanValue) {
                        cookie2 = makeCheckCookie(appID, true);
                    }
                    proxyLink(httpServletRequest, httpServletResponse, build, cookie2, getProxyHost());
                    return;
            }
        } catch (URISyntaxException | YarnException e2) {
            throw new IOException(e2);
        }
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.conf = new YarnConfiguration();
        this.trackingUriPlugins = this.conf.getInstances(YarnConfiguration.YARN_TRACKING_URL_GENERATOR, TrackingUriPlugin.class);
    }
}
