package org.apache.pulsar.proxy.server;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.nio.ByteBuffer;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.Executor;
import javax.net.ssl.SSLContext;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.pulsar.broker.web.AuthenticationFilter;
import org.apache.pulsar.client.api.Authentication;
import org.apache.pulsar.client.api.AuthenticationDataProvider;
import org.apache.pulsar.client.api.AuthenticationFactory;
import org.apache.pulsar.client.api.PulsarClientException;
import org.apache.pulsar.common.util.SecurityUtility;
import org.apache.pulsar.policies.data.loadbalancer.LoadManagerReport;
import org.eclipse.jetty.client.HttpClient;
import org.eclipse.jetty.client.HttpRequest;
import org.eclipse.jetty.client.ProtocolHandlers;
import org.eclipse.jetty.client.RedirectProtocolHandler;
import org.eclipse.jetty.client.api.ContentProvider;
import org.eclipse.jetty.client.api.Request;
import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.proxy.ProxyServlet;
import org.eclipse.jetty.util.HttpCookieStore;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/pulsar/proxy/server/AdminProxyHandler.class */
class AdminProxyHandler extends ProxyServlet {
    private static final String ORIGINAL_PRINCIPAL_HEADER = "X-Original-Principal";
    private final ProxyConfiguration config;
    private final BrokerDiscoveryProvider discoveryProvider;
    private final String brokerWebServiceUrl;
    private final String functionWorkerWebServiceUrl;
    private static final Logger LOG = LoggerFactory.getLogger(AdminProxyHandler.class);
    private static final Set<String> functionRoutes = new HashSet(Arrays.asList("/admin/v3/function", "/admin/v2/function", "/admin/function", "/admin/v3/source", "/admin/v2/source", "/admin/source", "/admin/v3/sink", "/admin/v2/sink", "/admin/sink", "/admin/v2/worker", "/admin/v2/worker-stats", "/admin/worker", "/admin/worker-stats"));

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/pulsar/proxy/server/AdminProxyHandler$JettyHttpClient.class */
    public static class JettyHttpClient extends HttpClient {
        public JettyHttpClient() {
        }

        public JettyHttpClient(SslContextFactory sslContextFactory) {
            super(sslContextFactory);
        }

        protected Request copyRequest(HttpRequest httpRequest, URI uri) {
            String str = httpRequest.getHeaders().get(HttpHeader.AUTHORIZATION);
            Request copyRequest = super.copyRequest(httpRequest, uri);
            if (str != null) {
                copyRequest.header(HttpHeader.AUTHORIZATION, str);
            }
            return copyRequest;
        }
    }

    /* loaded from: input_file:org/apache/pulsar/proxy/server/AdminProxyHandler$ReplayableProxyContentProvider.class */
    protected class ReplayableProxyContentProvider extends ProxyServlet.ProxyInputStreamContentProvider {
        private Boolean firstIteratorCalled;
        private final ByteArrayOutputStream bodyBuffer;

        protected ReplayableProxyContentProvider(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Request request, InputStream inputStream) {
            super(AdminProxyHandler.this, httpServletRequest, httpServletResponse, request, inputStream);
            this.firstIteratorCalled = false;
            this.bodyBuffer = new ByteArrayOutputStream(Math.max(httpServletRequest.getContentLength(), 0));
        }

        public Iterator<ByteBuffer> iterator() {
            if (this.firstIteratorCalled.booleanValue()) {
                return Collections.singleton(ByteBuffer.wrap(this.bodyBuffer.toByteArray())).iterator();
            }
            this.firstIteratorCalled = true;
            return super.iterator();
        }

        protected ByteBuffer onRead(byte[] bArr, int i, int i2) {
            this.bodyBuffer.write(bArr, i, i2);
            return super.onRead(bArr, i, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AdminProxyHandler(ProxyConfiguration proxyConfiguration, BrokerDiscoveryProvider brokerDiscoveryProvider) {
        this.config = proxyConfiguration;
        this.discoveryProvider = brokerDiscoveryProvider;
        this.brokerWebServiceUrl = proxyConfiguration.isTlsEnabledWithBroker() ? proxyConfiguration.getBrokerWebServiceURLTLS() : proxyConfiguration.getBrokerWebServiceURL();
        this.functionWorkerWebServiceUrl = proxyConfiguration.isTlsEnabledWithBroker() ? proxyConfiguration.getFunctionWorkerWebServiceURLTLS() : proxyConfiguration.getFunctionWorkerWebServiceURL();
    }

    protected HttpClient createHttpClient() throws ServletException {
        QueuedThreadPool queuedThreadPool;
        ServletConfig servletConfig = getServletConfig();
        HttpClient newHttpClient = newHttpClient();
        newHttpClient.setFollowRedirects(true);
        newHttpClient.setCookieStore(new HttpCookieStore.Empty());
        String initParameter = servletConfig.getInitParameter("maxThreads");
        if (initParameter == null || "-".equals(initParameter)) {
            queuedThreadPool = (Executor) getServletContext().getAttribute("org.eclipse.jetty.server.Executor");
            if (queuedThreadPool == null) {
                throw new IllegalStateException("No server executor for proxy");
            }
        } else {
            QueuedThreadPool queuedThreadPool2 = new QueuedThreadPool(Integer.parseInt(initParameter));
            String servletName = servletConfig.getServletName();
            int lastIndexOf = servletName.lastIndexOf(46);
            if (lastIndexOf >= 0) {
                servletName = servletName.substring(lastIndexOf + 1);
            }
            queuedThreadPool2.setName(servletName);
            queuedThreadPool = queuedThreadPool2;
        }
        newHttpClient.setExecutor(queuedThreadPool);
        String initParameter2 = servletConfig.getInitParameter("maxConnections");
        if (initParameter2 == null) {
            initParameter2 = "256";
        }
        newHttpClient.setMaxConnectionsPerDestination(Integer.parseInt(initParameter2));
        String initParameter3 = servletConfig.getInitParameter("idleTimeout");
        if (initParameter3 == null) {
            initParameter3 = "30000";
        }
        newHttpClient.setIdleTimeout(Long.parseLong(initParameter3));
        String initParameter4 = servletConfig.getInitParameter("requestBufferSize");
        if (initParameter4 != null) {
            newHttpClient.setRequestBufferSize(Integer.parseInt(initParameter4));
        }
        String initParameter5 = servletConfig.getInitParameter("responseBufferSize");
        if (initParameter5 != null) {
            newHttpClient.setResponseBufferSize(Integer.parseInt(initParameter5));
        }
        try {
            newHttpClient.start();
            newHttpClient.getContentDecoderFactories().clear();
            ProtocolHandlers protocolHandlers = newHttpClient.getProtocolHandlers();
            protocolHandlers.clear();
            protocolHandlers.put(new RedirectProtocolHandler(newHttpClient));
            return newHttpClient;
        } catch (Exception e) {
            throw new ServletException(e);
        }
    }

    protected ContentProvider proxyRequestContent(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Request request) throws IOException {
        return new ReplayableProxyContentProvider(httpServletRequest, httpServletResponse, request, httpServletRequest.getInputStream());
    }

    protected HttpClient newHttpClient() {
        try {
            Authentication create = AuthenticationFactory.create(this.config.getBrokerClientAuthenticationPlugin(), this.config.getBrokerClientAuthenticationParameters());
            Objects.requireNonNull(create, "No supported auth found for proxy");
            create.start();
            if (!this.config.isTlsEnabledWithBroker()) {
                return new JettyHttpClient();
            }
            try {
                X509Certificate[] loadCertificatesFromPemFile = SecurityUtility.loadCertificatesFromPemFile(this.config.getBrokerClientTrustCertsFilePath());
                AuthenticationDataProvider authData = create.getAuthData();
                SSLContext createSslContext = authData.hasDataForTls() ? SecurityUtility.createSslContext(this.config.isTlsAllowInsecureConnection(), loadCertificatesFromPemFile, authData.getTlsCertificates(), authData.getTlsPrivateKey()) : SecurityUtility.createSslContext(this.config.isTlsAllowInsecureConnection(), loadCertificatesFromPemFile);
                SslContextFactory.Client client = new SslContextFactory.Client(true);
                client.setSslContext(createSslContext);
                return new JettyHttpClient(client);
            } catch (Exception e) {
                try {
                    create.close();
                } catch (IOException e2) {
                    LOG.error("Failed to close the authentication service", e2);
                }
                throw new PulsarClientException.InvalidConfigurationException(e.getMessage());
            }
        } catch (PulsarClientException e3) {
            throw new RuntimeException((Throwable) e3);
        }
    }

    protected String rewriteTarget(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder();
        boolean z = false;
        String requestURI = httpServletRequest.getRequestURI();
        Iterator<String> it = functionRoutes.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (requestURI.startsWith(it.next())) {
                z = true;
                break;
            }
        }
        if (z && !StringUtils.isBlank(this.functionWorkerWebServiceUrl)) {
            sb.append(this.functionWorkerWebServiceUrl);
        } else if (StringUtils.isBlank(this.brokerWebServiceUrl)) {
            try {
                LoadManagerReport nextBroker = this.discoveryProvider.nextBroker();
                if (this.config.isTlsEnabledWithBroker()) {
                    sb.append(nextBroker.getWebServiceUrlTls());
                } else {
                    sb.append(nextBroker.getWebServiceUrl());
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("[{}:{}] Selected active broker is {}", new Object[]{httpServletRequest.getRemoteAddr(), Integer.valueOf(httpServletRequest.getRemotePort()), sb.toString()});
                }
            } catch (Exception e) {
                LOG.warn("[{}:{}] Failed to get next active broker {}", new Object[]{httpServletRequest.getRemoteAddr(), Integer.valueOf(httpServletRequest.getRemotePort()), e.getMessage(), e});
                return null;
            }
        } else {
            sb.append(this.brokerWebServiceUrl);
        }
        if (sb.lastIndexOf("/") == sb.length() - 1) {
            sb.deleteCharAt(sb.lastIndexOf("/"));
        }
        sb.append(requestURI);
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null) {
            sb.append("?").append(queryString);
        }
        URI normalize = URI.create(sb.toString()).normalize();
        if (validateDestination(normalize.getHost(), normalize.getPort())) {
            return normalize.toString();
        }
        return null;
    }

    protected void addProxyHeaders(HttpServletRequest httpServletRequest, Request request) {
        super.addProxyHeaders(httpServletRequest, request);
        String str = (String) httpServletRequest.getAttribute(AuthenticationFilter.AuthenticatedRoleAttributeName);
        if (str != null) {
            request.header(ORIGINAL_PRINCIPAL_HEADER, str);
        }
    }
}
