package org.apache.hadoop.hdds.server.http;

import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.URI;
import java.util.Map;
import javax.servlet.http.HttpServlet;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdds.HddsUtils;
import org.apache.hadoop.hdds.conf.ConfigurationSource;
import org.apache.hadoop.hdds.conf.HddsConfServlet;
import org.apache.hadoop.hdds.conf.HddsPrometheusConfig;
import org.apache.hadoop.hdds.conf.MutableConfigurationSource;
import org.apache.hadoop.hdds.server.ServerUtils;
import org.apache.hadoop.hdds.server.http.HttpConfig;
import org.apache.hadoop.hdds.server.http.HttpServer2;
import org.apache.hadoop.hdds.utils.LegacyHadoopConfigurationSource;
import org.apache.hadoop.metrics2.lib.DefaultMetricsSystem;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.ozone.OzoneSecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AccessControlList;
import org.eclipse.jetty.webapp.WebAppContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hdds/server/http/BaseHttpServer.class */
public abstract class BaseHttpServer {
    private static final Logger LOG = LoggerFactory.getLogger(BaseHttpServer.class);
    static final String PROMETHEUS_SINK = "PROMETHEUS_SINK";
    private static final String JETTY_BASETMPDIR = "org.eclipse.jetty.webapp.basetempdir";
    public static final String SERVER_DIR = "/webserver";
    private HttpServer2 httpServer;
    private final MutableConfigurationSource conf;
    private InetSocketAddress httpAddress;
    private InetSocketAddress httpsAddress;
    private HttpConfig.Policy policy;
    private String name;
    private PrometheusMetricsSink prometheusMetricsSink;
    private boolean prometheusSupport;
    private boolean profilerSupport;

    public BaseHttpServer(MutableConfigurationSource mutableConfigurationSource, String str) throws IOException {
        this.name = str;
        this.conf = mutableConfigurationSource;
        this.policy = HttpConfig.getHttpPolicy(mutableConfigurationSource);
        if (isEnabled()) {
            this.httpAddress = getHttpBindAddress();
            this.httpsAddress = getHttpsBindAddress();
            mutableConfigurationSource.set("hadoop.prometheus.endpoint.enabled", "false");
            HttpServer2.Builder newHttpServer2BuilderForOzone = newHttpServer2BuilderForOzone(mutableConfigurationSource, this.httpAddress, this.httpsAddress, str);
            LOG.info("Hadoop Security Enabled: {} Ozone Security Enabled: {} Ozone HTTP Security Enabled: {} ", new Object[]{Boolean.valueOf(UserGroupInformation.isSecurityEnabled()), Boolean.valueOf(mutableConfigurationSource.getBoolean("ozone.security.enabled", false)), Boolean.valueOf(mutableConfigurationSource.getBoolean("ozone.security.http.kerberos.enabled", false))});
            if (isSecurityEnabled()) {
                String str2 = mutableConfigurationSource.get(getHttpAuthType(), "simple");
                LOG.info("HttpAuthType: {} = {}", getHttpAuthType(), str2);
                newHttpServer2BuilderForOzone.authFilterConfigurationPrefix(getHttpAuthConfigPrefix());
                if (str2.equals("kerberos")) {
                    newHttpServer2BuilderForOzone.setSecurityEnabled(true);
                    newHttpServer2BuilderForOzone.setUsernameConfKey(getSpnegoPrincipal());
                    newHttpServer2BuilderForOzone.setKeytabConfKey(getKeytabFile());
                }
            }
            newHttpServer2BuilderForOzone.configureXFrame(mutableConfigurationSource.getBoolean("dfs.xframe.enabled", true)).setXFrameOption(mutableConfigurationSource.getTrimmed("dfs.xframe.value", "SAMEORIGIN"));
            this.httpServer = newHttpServer2BuilderForOzone.build();
            this.httpServer.addServlet("conf", "/conf", HddsConfServlet.class);
            this.httpServer.addServlet("logstream", "/logstream", LogStreamServlet.class);
            this.prometheusSupport = mutableConfigurationSource.getBoolean("hdds.prometheus.endpoint.enabled", true);
            this.profilerSupport = mutableConfigurationSource.getBoolean("hdds.profiler.endpoint.enabled", false);
            if (this.prometheusSupport) {
                this.prometheusMetricsSink = new PrometheusMetricsSink(str);
                this.httpServer.getWebAppContext().getServletContext().setAttribute(PROMETHEUS_SINK, this.prometheusMetricsSink);
                String prometheusEndpointToken = ((HddsPrometheusConfig) mutableConfigurationSource.getObject(HddsPrometheusConfig.class)).getPrometheusEndpointToken();
                if (StringUtils.isNotEmpty(prometheusEndpointToken)) {
                    this.httpServer.getWebAppContext().getServletContext().setAttribute(PrometheusServlet.SECURITY_TOKEN, prometheusEndpointToken);
                    this.httpServer.addInternalServlet("prometheus", "/prom", PrometheusServlet.class);
                } else {
                    this.httpServer.addServlet("prometheus", "/prom", PrometheusServlet.class);
                }
            }
            if (this.profilerSupport) {
                LOG.warn("/prof java profiling servlet is activated. Not safe for production!");
                this.httpServer.addServlet("profile", "/prof", ProfileServlet.class);
            }
            String str3 = mutableConfigurationSource.get("ozone.http.basedir");
            str3 = StringUtils.isEmpty(str3) ? ServerUtils.getOzoneMetaDirPath(mutableConfigurationSource) + SERVER_DIR : str3;
            HddsUtils.createDir(str3);
            this.httpServer.getWebAppContext().setAttribute(JETTY_BASETMPDIR, str3);
            LOG.info("HTTP server of {} uses base directory {}", str, str3);
        }
    }

    @VisibleForTesting
    public String getJettyBaseTmpDir() {
        return this.httpServer.getWebAppContext().getAttribute(JETTY_BASETMPDIR).toString();
    }

    public static HttpServer2.Builder newHttpServer2BuilderForOzone(MutableConfigurationSource mutableConfigurationSource, InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2, String str) throws IOException {
        HttpConfig.Policy httpPolicy = HttpConfig.getHttpPolicy(mutableConfigurationSource);
        HttpServer2.Builder acl = new HttpServer2.Builder().setName(str).setConf(mutableConfigurationSource).setACL(new AccessControlList(mutableConfigurationSource.get("ozone.administrators", ""), mutableConfigurationSource.get("ozone.administrators.groups", "")));
        if (httpPolicy.isHttpEnabled()) {
            if (inetSocketAddress.getPort() == 0) {
                acl.setFindPort(true);
            }
            URI create = URI.create("http://" + NetUtils.getHostPortString(inetSocketAddress));
            acl.addEndpoint(create);
            LOG.info("Starting Web-server for {} at: {}", str, create);
        }
        if (httpPolicy.isHttpsEnabled() && inetSocketAddress2 != null) {
            loadSslConfToHttpServerBuilder(acl, loadSslConfiguration(mutableConfigurationSource));
            if (inetSocketAddress2.getPort() == 0) {
                acl.setFindPort(true);
            }
            URI create2 = URI.create("https://" + NetUtils.getHostPortString(inetSocketAddress2));
            acl.addEndpoint(create2);
            LOG.info("Starting Web-server for {} at: {}", str, create2);
        }
        return acl;
    }

    protected void addServlet(String str, String str2, Class<? extends HttpServlet> cls) {
        this.httpServer.addServlet(str, str2, cls);
    }

    protected void addInternalServlet(String str, String str2, Class<? extends HttpServlet> cls) {
        this.httpServer.addInternalServlet(str, str2, cls);
    }

    protected void addFilter(String str, String str2, Map<String, String> map) {
        this.httpServer.addFilter(str, str2, map);
    }

    protected WebAppContext getWebAppContext() {
        return this.httpServer.getWebAppContext();
    }

    protected InetSocketAddress getBindAddress(String str, String str2, String str3, int i) {
        return NetUtils.createSocketAddr(((String) HddsUtils.getHostNameFromConfigKeys(this.conf, new String[]{str}).orElse(HddsUtils.getHostNameFromConfigKeys(this.conf, new String[]{str2}).orElse(str3))) + ":" + HddsUtils.getPortNumberFromConfigKeys(this.conf, new String[]{str2}).orElse(i));
    }

    public InetSocketAddress getHttpsBindAddress() {
        return getBindAddress(getHttpsBindHostKey(), getHttpsAddressKey(), getBindHostDefault(), getHttpsBindPortDefault());
    }

    public InetSocketAddress getHttpBindAddress() {
        return getBindAddress(getHttpBindHostKey(), getHttpAddressKey(), getBindHostDefault(), getHttpBindPortDefault());
    }

    public void start() throws IOException {
        if (this.httpServer == null || !isEnabled()) {
            return;
        }
        this.httpServer.start();
        if (this.prometheusSupport) {
            DefaultMetricsSystem.instance().register("prometheus", "Hadoop metrics prometheus exporter", this.prometheusMetricsSink);
        }
        updateConnectorAddress();
    }

    private boolean isEnabled() {
        return this.conf.getBoolean(getEnabledKey(), true);
    }

    public void stop() throws Exception {
        if (this.httpServer != null) {
            this.httpServer.stop();
        }
    }

    public void updateConnectorAddress() {
        int i = 0;
        if (this.policy.isHttpEnabled()) {
            i = 0 + 1;
            this.httpAddress = this.httpServer.getConnectorAddress(0);
            String hostPortString = NetUtils.getHostPortString(this.httpAddress);
            this.conf.set(getHttpAddressKey(), hostPortString);
            LOG.info("HTTP server of {} listening at http://{}", this.name, hostPortString);
        }
        if (this.policy.isHttpsEnabled()) {
            this.httpsAddress = this.httpServer.getConnectorAddress(i);
            String hostPortString2 = NetUtils.getHostPortString(this.httpsAddress);
            this.conf.set(getHttpsAddressKey(), hostPortString2);
            LOG.info("HTTPS server of {} listening at https://{}", this.name, hostPortString2);
        }
    }

    public static HttpServer2.Builder loadSslConfToHttpServerBuilder(HttpServer2.Builder builder, ConfigurationSource configurationSource) {
        return builder.needsClientAuth(configurationSource.getBoolean("ozone.https.client.need-auth", false)).keyPassword(getPassword(configurationSource, "ssl.server.keystore.keypassword")).keyStore(configurationSource.get("ssl.server.keystore.location"), getPassword(configurationSource, "ssl.server.keystore.password"), configurationSource.get("ssl.server.keystore.type", "jks")).trustStore(configurationSource.get("ssl.server.truststore.location"), getPassword(configurationSource, "ssl.server.truststore.password"), configurationSource.get("ssl.server.truststore.type", "jks")).excludeCiphers(configurationSource.get("ssl.server.exclude.cipher.list"));
    }

    static String getPassword(ConfigurationSource configurationSource, String str) {
        String str2 = null;
        try {
            char[] password = configurationSource.getPassword(str);
            if (password != null) {
                str2 = new String(password);
            }
        } catch (IOException e) {
            LOG.warn("Setting password to null since IOException is caught when getting password", e);
            str2 = null;
        }
        return str2;
    }

    public static ConfigurationSource loadSslConfiguration(ConfigurationSource configurationSource) {
        Configuration configuration = new Configuration(false);
        configuration.addResource(configurationSource.get("ozone.https.server.keystore.resource", "ssl-server.xml"));
        for (String str : new String[]{"ssl.server.truststore.location", "ssl.server.keystore.location", "ssl.server.keystore.password", "ssl.server.keystore.keypassword"}) {
            if (configuration.get(str) == null) {
                LOG.warn("SSL config {} is missing. If {} is specified, make sure it is a relative path", str, "ozone.https.server.keystore.resource");
            }
        }
        configuration.setBoolean("ozone.https.client.need-auth", configurationSource.getBoolean("ozone.https.client.need-auth", false));
        return new LegacyHadoopConfigurationSource(configuration);
    }

    public InetSocketAddress getHttpAddress() {
        return this.httpAddress;
    }

    public InetSocketAddress getHttpsAddress() {
        return this.httpsAddress;
    }

    public boolean isSecurityEnabled() {
        return UserGroupInformation.isSecurityEnabled() && OzoneSecurityUtil.isHttpSecurityEnabled(this.conf);
    }

    protected abstract String getHttpAddressKey();

    protected abstract String getHttpsAddressKey();

    protected abstract String getHttpBindHostKey();

    protected abstract String getHttpsBindHostKey();

    protected abstract String getBindHostDefault();

    protected abstract int getHttpBindPortDefault();

    protected abstract int getHttpsBindPortDefault();

    protected abstract String getKeytabFile();

    protected abstract String getSpnegoPrincipal();

    protected abstract String getEnabledKey();

    protected abstract String getHttpAuthType();

    protected abstract String getHttpAuthConfigPrefix();
}
