package org.apache.nifi.web.api;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.authorization.Authorizer;
import org.apache.nifi.authorization.RequestAction;
import org.apache.nifi.authorization.user.NiFiUserUtils;
import org.apache.nifi.cluster.coordination.ClusterCoordinator;
import org.apache.nifi.remote.HttpRemoteSiteListener;
import org.apache.nifi.remote.PeerDescription;
import org.apache.nifi.remote.PeerDescriptionModifier;
import org.apache.nifi.remote.VersionNegotiator;
import org.apache.nifi.remote.client.http.TransportProtocolVersionNegotiator;
import org.apache.nifi.remote.exception.BadRequestException;
import org.apache.nifi.remote.protocol.SiteToSiteTransportProtocol;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.NiFiServiceFacade;
import org.apache.nifi.web.api.ApplicationResource;
import org.apache.nifi.web.api.dto.ControllerDTO;
import org.apache.nifi.web.api.dto.remote.PeerDTO;
import org.apache.nifi.web.api.entity.ControllerEntity;
import org.apache.nifi.web.api.entity.PeersEntity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;

@Path("/site-to-site")
@Controller
@Tag(name = "SiteToSite")
/* loaded from: input_file:WEB-INF/classes/org/apache/nifi/web/api/SiteToSiteResource.class */
public class SiteToSiteResource extends ApplicationResource {
    private static final Logger logger = LoggerFactory.getLogger(SiteToSiteResource.class);
    private NiFiServiceFacade serviceFacade;
    private ClusterCoordinator clusterCoordinator;
    private Authorizer authorizer;
    private final ApplicationResource.ResponseCreator responseCreator = new ApplicationResource.ResponseCreator();
    private final VersionNegotiator transportProtocolVersionNegotiator = new TransportProtocolVersionNegotiator(new int[]{1});
    private final HttpRemoteSiteListener transactionManager;
    private final PeerDescriptionModifier peerDescriptionModifier;

    public SiteToSiteResource(NiFiProperties niFiProperties) {
        this.transactionManager = HttpRemoteSiteListener.getInstance(niFiProperties);
        this.peerDescriptionModifier = new PeerDescriptionModifier(niFiProperties);
    }

    protected void authorizeSiteToSite() {
        this.serviceFacade.authorizeAccess(authorizableLookup -> {
            authorizableLookup.getSiteToSite().authorize(this.authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
        });
    }

    @Produces({"application/json"})
    @Operation(summary = "Returns the details about this NiFi necessary to communicate via site to site", responses = {@ApiResponse(responseCode = "200", content = {@Content(schema = @Schema(implementation = ControllerEntity.class))}), @ApiResponse(responseCode = "400", description = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(responseCode = "401", description = "Client could not be authenticated."), @ApiResponse(responseCode = "403", description = "Client is not authorized to make this request."), @ApiResponse(responseCode = "409", description = "The request was valid but NiFi was not in the appropriate state to process it.")}, security = {@SecurityRequirement(name = "Read - /site-to-site")})
    @GET
    @Consumes({"*/*"})
    public Response getSiteToSiteDetails(@Context HttpServletRequest httpServletRequest) {
        authorizeSiteToSite();
        ControllerDTO siteToSiteDetails = this.serviceFacade.getSiteToSiteDetails();
        boolean isModificationNeeded = this.peerDescriptionModifier.isModificationNeeded(SiteToSiteTransportProtocol.RAW);
        boolean isModificationNeeded2 = this.peerDescriptionModifier.isModificationNeeded(SiteToSiteTransportProtocol.HTTP);
        if (isModificationNeeded || isModificationNeeded2) {
            PeerDescription sourcePeerDescription = getSourcePeerDescription(httpServletRequest);
            Boolean isSiteToSiteSecure = siteToSiteDetails.isSiteToSiteSecure();
            String siteToSiteHostname = getSiteToSiteHostname(httpServletRequest);
            Map<String, String> httpHeaders = getHttpHeaders(httpServletRequest);
            if (isModificationNeeded) {
                siteToSiteDetails.setRemoteSiteListeningPort(Integer.valueOf(this.peerDescriptionModifier.modify(sourcePeerDescription, new PeerDescription(siteToSiteHostname, siteToSiteDetails.getRemoteSiteListeningPort().intValue(), isSiteToSiteSecure.booleanValue()), SiteToSiteTransportProtocol.RAW, PeerDescriptionModifier.RequestType.SiteToSiteDetail, new HashMap(httpHeaders)).getPort()));
            }
            if (isModificationNeeded2) {
                PeerDescription modify = this.peerDescriptionModifier.modify(sourcePeerDescription, new PeerDescription(siteToSiteHostname, siteToSiteDetails.getRemoteSiteHttpListeningPort().intValue(), isSiteToSiteSecure.booleanValue()), SiteToSiteTransportProtocol.HTTP, PeerDescriptionModifier.RequestType.SiteToSiteDetail, new HashMap(httpHeaders));
                siteToSiteDetails.setRemoteSiteHttpListeningPort(Integer.valueOf(modify.getPort()));
                if (!siteToSiteDetails.isSiteToSiteSecure().booleanValue() && modify.isSecure()) {
                    siteToSiteDetails.setSiteToSiteSecure(true);
                }
            }
        }
        ControllerEntity controllerEntity = new ControllerEntity();
        controllerEntity.setController(siteToSiteDetails);
        if (StringUtils.isEmpty(httpServletRequest.getHeader("x-nifi-site-to-site-protocol-version"))) {
            logger.debug("Converting result to provide backward compatibility...");
            siteToSiteDetails.setRemoteSiteHttpListeningPort((Integer) null);
        }
        return noCache(Response.ok(controllerEntity)).build();
    }

    private PeerDescription getSourcePeerDescription(@Context HttpServletRequest httpServletRequest) {
        return new PeerDescription(httpServletRequest.getRemoteHost(), httpServletRequest.getRemotePort(), httpServletRequest.isSecure());
    }

    private Map<String, String> getHttpHeaders(@Context HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            hashMap.put(str, httpServletRequest.getHeader(str));
        }
        return hashMap;
    }

    @Produces({"application/json", "application/xml"})
    @Operation(summary = "Returns the available Peers and its status of this NiFi", responses = {@ApiResponse(responseCode = "200", content = {@Content(schema = @Schema(implementation = PeersEntity.class))}), @ApiResponse(responseCode = "400", description = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(responseCode = "401", description = "Client could not be authenticated."), @ApiResponse(responseCode = "403", description = "Client is not authorized to make this request."), @ApiResponse(responseCode = "409", description = "The request was valid but NiFi was not in the appropriate state to process it.")}, security = {@SecurityRequirement(name = "Read - /site-to-site")})
    @GET
    @Path("/peers")
    @Consumes({"*/*"})
    public Response getPeers(@Context HttpServletRequest httpServletRequest) {
        authorizeSiteToSite();
        if (!this.properties.isSiteToSiteHttpEnabled().booleanValue()) {
            return this.responseCreator.httpSiteToSiteIsNotEnabledResponse();
        }
        try {
            Integer negotiateTransportProtocolVersion = negotiateTransportProtocolVersion(httpServletRequest, this.transportProtocolVersionNegotiator);
            ArrayList arrayList = new ArrayList();
            PeerDescription sourcePeerDescription = getSourcePeerDescription(httpServletRequest);
            boolean isModificationNeeded = this.peerDescriptionModifier.isModificationNeeded(SiteToSiteTransportProtocol.HTTP);
            Map<String, String> httpHeaders = isModificationNeeded ? getHttpHeaders(httpServletRequest) : null;
            if (this.properties.isNode()) {
                try {
                    this.clusterCoordinator.getClusterWorkload().forEach((nodeIdentifier, nodeWorkload) -> {
                        PeerDescription peerDescription = new PeerDescription(nodeIdentifier.getSiteToSiteAddress() == null ? nodeIdentifier.getApiAddress() : nodeIdentifier.getSiteToSiteAddress(), nodeIdentifier.getSiteToSiteHttpApiPort() == null ? nodeIdentifier.getApiPort() : nodeIdentifier.getSiteToSiteHttpApiPort().intValue(), nodeIdentifier.isSiteToSiteSecure());
                        if (isModificationNeeded) {
                            peerDescription = this.peerDescriptionModifier.modify(sourcePeerDescription, peerDescription, SiteToSiteTransportProtocol.HTTP, PeerDescriptionModifier.RequestType.Peers, new HashMap(httpHeaders));
                        }
                        PeerDTO peerDTO = new PeerDTO();
                        peerDTO.setHostname(peerDescription.getHostname());
                        peerDTO.setPort(peerDescription.getPort());
                        peerDTO.setSecure(peerDescription.isSecure());
                        peerDTO.setFlowFileCount(nodeWorkload.getFlowFileCount());
                        arrayList.add(peerDTO);
                    });
                } catch (IOException e) {
                    throw new RuntimeException("Failed to retrieve cluster workload due to " + String.valueOf(e), e);
                }
            } else {
                PeerDTO peerDTO = new PeerDTO();
                PeerDescription peerDescription = new PeerDescription(getSiteToSiteHostname(httpServletRequest), this.properties.getRemoteInputHttpPort().intValue(), this.properties.isSiteToSiteSecure().booleanValue());
                if (isModificationNeeded) {
                    peerDescription = this.peerDescriptionModifier.modify(sourcePeerDescription, peerDescription, SiteToSiteTransportProtocol.HTTP, PeerDescriptionModifier.RequestType.Peers, new HashMap(httpHeaders));
                }
                peerDTO.setHostname(peerDescription.getHostname());
                peerDTO.setPort(peerDescription.getPort());
                peerDTO.setSecure(peerDescription.isSecure());
                peerDTO.setFlowFileCount(0);
                arrayList.add(peerDTO);
            }
            PeersEntity peersEntity = new PeersEntity();
            peersEntity.setPeers(arrayList);
            return noCache(setCommonHeaders(Response.ok(peersEntity), negotiateTransportProtocolVersion, this.transactionManager)).build();
        } catch (BadRequestException e2) {
            return this.responseCreator.badRequestResponse(e2);
        }
    }

    private String getSiteToSiteHostname(HttpServletRequest httpServletRequest) {
        String localName;
        String remoteInputHost = this.properties.getRemoteInputHost();
        try {
            localName = InetAddress.getLocalHost().getHostName();
        } catch (UnknownHostException e) {
            if (logger.isDebugEnabled()) {
                logger.debug("Failed to get local host name using InetAddress.", e);
            }
            localName = httpServletRequest.getLocalName();
        }
        return StringUtils.isEmpty(remoteInputHost) ? localName : remoteInputHost;
    }

    @Autowired
    public void setServiceFacade(NiFiServiceFacade niFiServiceFacade) {
        this.serviceFacade = niFiServiceFacade;
    }

    @Autowired
    public void setAuthorizer(Authorizer authorizer) {
        this.authorizer = authorizer;
    }

    @Override // org.apache.nifi.web.api.ApplicationResource
    @Autowired(required = false)
    public void setClusterCoordinator(ClusterCoordinator clusterCoordinator) {
        super.setClusterCoordinator(clusterCoordinator);
        this.clusterCoordinator = clusterCoordinator;
    }
}
