package org.apache.hadoop.hbase.http;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InterruptedIOException;
import java.io.OutputStream;
import java.io.PrintStream;
import java.net.BindException;
import java.net.InetSocketAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.HadoopIllegalArgumentException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.http.ProfileServlet;
import org.apache.hadoop.hbase.http.conf.ConfServlet;
import org.apache.hadoop.hbase.http.jmx.JMXJsonServlet;
import org.apache.hadoop.hbase.http.log.LogLevel;
import org.apache.hadoop.hbase.util.JSONMetricUtil;
import org.apache.hadoop.hbase.util.ReflectionUtils;
import org.apache.hadoop.hbase.util.Threads;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
import org.apache.hadoop.security.authorize.AccessControlList;
import org.apache.hadoop.util.Shell;
import org.apache.hbase.thirdparty.com.google.common.annotations.VisibleForTesting;
import org.apache.hbase.thirdparty.com.google.common.base.Preconditions;
import org.apache.hbase.thirdparty.com.google.common.collect.Lists;
import org.apache.yetus.audience.InterfaceAudience;
import org.apache.yetus.audience.InterfaceStability;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.RequestLog;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.ContextHandlerCollection;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.server.handler.RequestLogHandler;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.FilterMapping;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.MultiException;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.eclipse.jetty.webapp.WebAppContext;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.servlet.ServletContainer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
@InterfaceStability.Evolving
/* loaded from: input_file:org/apache/hadoop/hbase/http/HttpServer.class */
public class HttpServer implements FilterContainer {
    private static final Logger LOG = LoggerFactory.getLogger(HttpServer.class);
    private static final String EMPTY_STRING = "";
    private static final int DEFAULT_MAX_HEADER_SIZE = 65536;
    static final String FILTER_INITIALIZERS_PROPERTY = "hbase.http.filter.initializers";
    static final String HTTP_MAX_THREADS = "hbase.http.max.threads";
    public static final String HTTP_UI_AUTHENTICATION = "hbase.security.authentication.ui";
    static final String HTTP_AUTHENTICATION_PREFIX = "hbase.security.authentication.";
    static final String HTTP_SPNEGO_AUTHENTICATION_PREFIX = "hbase.security.authentication.spnego.";
    static final String HTTP_SPNEGO_AUTHENTICATION_PRINCIPAL_SUFFIX = "kerberos.principal";
    public static final String HTTP_SPNEGO_AUTHENTICATION_PRINCIPAL_KEY = "hbase.security.authentication.spnego.kerberos.principal";
    static final String HTTP_SPNEGO_AUTHENTICATION_KEYTAB_SUFFIX = "kerberos.keytab";
    public static final String HTTP_SPNEGO_AUTHENTICATION_KEYTAB_KEY = "hbase.security.authentication.spnego.kerberos.keytab";
    static final String HTTP_SPNEGO_AUTHENTICATION_KRB_NAME_SUFFIX = "kerberos.name.rules";
    public static final String HTTP_SPNEGO_AUTHENTICATION_KRB_NAME_KEY = "hbase.security.authentication.spnego.kerberos.name.rules";
    static final String HTTP_SPNEGO_AUTHENTICATION_PROXYUSER_ENABLE_SUFFIX = "kerberos.proxyuser.enable";
    public static final String HTTP_SPNEGO_AUTHENTICATION_PROXYUSER_ENABLE_KEY = "hbase.security.authentication.spnego.kerberos.proxyuser.enable";
    public static final boolean HTTP_SPNEGO_AUTHENTICATION_PROXYUSER_ENABLE_DEFAULT = false;
    static final String HTTP_AUTHENTICATION_SIGNATURE_SECRET_FILE_SUFFIX = "signature.secret.file";
    public static final String HTTP_AUTHENTICATION_SIGNATURE_SECRET_FILE_KEY = "hbase.security.authentication.signature.secret.file";
    public static final String HTTP_SPNEGO_AUTHENTICATION_ADMIN_USERS_KEY = "hbase.security.authentication.spnego.admin.users";
    public static final String HTTP_SPNEGO_AUTHENTICATION_ADMIN_GROUPS_KEY = "hbase.security.authentication.spnego.admin.groups";
    public static final String HTTP_PRIVILEGED_CONF_KEY = "hbase.security.authentication.ui.config.protected";
    public static final boolean HTTP_PRIVILEGED_CONF_DEFAULT = false;
    public static final String CONF_CONTEXT_ATTRIBUTE = "hbase.conf";
    public static final String ADMINS_ACL = "admins.acl";
    public static final String BIND_ADDRESS = "bind.address";
    public static final String SPNEGO_FILTER = "SpnegoFilter";
    public static final String SPNEGO_PROXYUSER_FILTER = "SpnegoProxyUserFilter";
    public static final String NO_CACHE_FILTER = "NoCacheFilter";
    public static final String APP_DIR = "webapps";
    private final AccessControlList adminsAcl;
    protected final Server webServer;
    protected String appDir;
    protected String logDir;
    private final List<ListenerInfo> listeners;
    protected final WebAppContext webAppContext;
    protected final boolean findPort;
    protected final Map<ServletContextHandler, Boolean> defaultContexts;
    protected final List<String> filterNames;
    protected final boolean authenticationEnabled;
    static final String STATE_DESCRIPTION_ALIVE = " - alive";
    static final String STATE_DESCRIPTION_NOT_LIVE = " - not live";

    /* loaded from: input_file:org/apache/hadoop/hbase/http/HttpServer$Builder.class */
    public static class Builder {
        private Configuration conf;
        private String[] pathSpecs;
        private AccessControlList adminsAcl;
        private String usernameConfKey;
        private String keytabConfKey;
        private boolean needsClientAuth;
        private String hostName;
        private String logDir;
        private boolean findPort;
        private String trustStore;
        private String trustStorePassword;
        private String trustStoreType;
        private String keyStore;
        private String keyStorePassword;
        private String keyStoreType;
        private String keyPassword;
        private String kerberosNameRulesKey;
        private String signatureSecretFileKey;

        @Deprecated
        private String name;

        @Deprecated
        private String bindAddress;
        private ArrayList<URI> endpoints = Lists.newArrayList();
        private boolean securityEnabled = false;
        private String appDir = HttpServer.APP_DIR;

        @Deprecated
        private int port = -1;

        public Builder addEndpoint(URI uri) {
            this.endpoints.add(uri);
            return this;
        }

        public Builder hostName(String str) {
            this.hostName = str;
            return this;
        }

        public Builder trustStore(String str, String str2, String str3) {
            this.trustStore = str;
            this.trustStorePassword = str2;
            this.trustStoreType = str3;
            return this;
        }

        public Builder keyStore(String str, String str2, String str3) {
            this.keyStore = str;
            this.keyStorePassword = str2;
            this.keyStoreType = str3;
            return this;
        }

        public Builder keyPassword(String str) {
            this.keyPassword = str;
            return this;
        }

        public Builder needsClientAuth(boolean z) {
            this.needsClientAuth = z;
            return this;
        }

        @Deprecated
        public Builder setName(String str) {
            this.name = str;
            return this;
        }

        @Deprecated
        public Builder setBindAddress(String str) {
            this.bindAddress = str;
            return this;
        }

        @Deprecated
        public Builder setPort(int i) {
            this.port = i;
            return this;
        }

        public Builder setFindPort(boolean z) {
            this.findPort = z;
            return this;
        }

        public Builder setConf(Configuration configuration) {
            this.conf = configuration;
            return this;
        }

        public Builder setPathSpec(String[] strArr) {
            this.pathSpecs = strArr;
            return this;
        }

        public Builder setACL(AccessControlList accessControlList) {
            this.adminsAcl = accessControlList;
            return this;
        }

        public Builder setSecurityEnabled(boolean z) {
            this.securityEnabled = z;
            return this;
        }

        public Builder setUsernameConfKey(String str) {
            this.usernameConfKey = str;
            return this;
        }

        public Builder setKeytabConfKey(String str) {
            this.keytabConfKey = str;
            return this;
        }

        public Builder setKerberosNameRulesKey(String str) {
            this.kerberosNameRulesKey = str;
            return this;
        }

        public Builder setSignatureSecretFileKey(String str) {
            this.signatureSecretFileKey = str;
            return this;
        }

        public Builder setAppDir(String str) {
            this.appDir = str;
            return this;
        }

        public Builder setLogDir(String str) {
            this.logDir = str;
            return this;
        }

        public HttpServer build() throws IOException {
            ServerConnector serverConnector;
            if (this.name == null) {
                throw new HadoopIllegalArgumentException("name is not set");
            }
            if (this.bindAddress != null && this.port != -1) {
                try {
                    this.endpoints.add(0, new URI("http", HttpServer.EMPTY_STRING, this.bindAddress, this.port, HttpServer.EMPTY_STRING, HttpServer.EMPTY_STRING, HttpServer.EMPTY_STRING));
                } catch (URISyntaxException e) {
                    throw new HadoopIllegalArgumentException("Invalid endpoint: " + e);
                }
            }
            if (this.endpoints.isEmpty()) {
                throw new HadoopIllegalArgumentException("No endpoints specified");
            }
            if (this.hostName == null) {
                this.hostName = this.endpoints.get(0).getHost();
            }
            if (this.conf == null) {
                this.conf = new Configuration();
            }
            HttpServer httpServer = new HttpServer(this);
            Iterator<URI> it = this.endpoints.iterator();
            while (it.hasNext()) {
                URI next = it.next();
                String scheme = next.getScheme();
                HttpConfiguration httpConfiguration = new HttpConfiguration();
                httpConfiguration.setSecureScheme("https");
                httpConfiguration.setHeaderCacheSize(HttpServer.DEFAULT_MAX_HEADER_SIZE);
                httpConfiguration.setResponseHeaderSize(HttpServer.DEFAULT_MAX_HEADER_SIZE);
                httpConfiguration.setRequestHeaderSize(HttpServer.DEFAULT_MAX_HEADER_SIZE);
                if ("http".equals(scheme)) {
                    serverConnector = new ServerConnector(httpServer.webServer, new ConnectionFactory[]{new HttpConnectionFactory(httpConfiguration)});
                } else {
                    if (!"https".equals(scheme)) {
                        throw new HadoopIllegalArgumentException("unknown scheme for endpoint:" + next);
                    }
                    HttpConfiguration httpConfiguration2 = new HttpConfiguration(httpConfiguration);
                    httpConfiguration2.addCustomizer(new SecureRequestCustomizer());
                    SslContextFactory.Server server = new SslContextFactory.Server();
                    server.setNeedClientAuth(this.needsClientAuth);
                    server.setKeyManagerPassword(this.keyPassword);
                    if (this.keyStore != null) {
                        server.setKeyStorePath(this.keyStore);
                        server.setKeyStoreType(this.keyStoreType);
                        server.setKeyStorePassword(this.keyStorePassword);
                    }
                    if (this.trustStore != null) {
                        server.setTrustStorePath(this.trustStore);
                        server.setTrustStoreType(this.trustStoreType);
                        server.setTrustStorePassword(this.trustStorePassword);
                    }
                    serverConnector = new ServerConnector(httpServer.webServer, new ConnectionFactory[]{new SslConnectionFactory(server, HttpVersion.HTTP_1_1.toString()), new HttpConnectionFactory(httpConfiguration2)});
                }
                serverConnector.setAcceptQueueSize(128);
                if (Shell.WINDOWS) {
                    serverConnector.setReuseAddress(false);
                }
                serverConnector.setHost(next.getHost());
                serverConnector.setPort(next.getPort() == -1 ? 0 : next.getPort());
                httpServer.addManagedListener(serverConnector);
            }
            httpServer.loadListeners();
            return httpServer;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hadoop/hbase/http/HttpServer$ListenerInfo.class */
    public static class ListenerInfo {
        private final boolean isManaged;
        private final ServerConnector listener;

        private ListenerInfo(boolean z, ServerConnector serverConnector) {
            this.isManaged = z;
            this.listener = serverConnector;
        }
    }

    @InterfaceAudience.LimitedPrivate({"Configuration"})
    /* loaded from: input_file:org/apache/hadoop/hbase/http/HttpServer$QuotingInputFilter.class */
    public static class QuotingInputFilter implements Filter {
        private FilterConfig config;

        /* loaded from: input_file:org/apache/hadoop/hbase/http/HttpServer$QuotingInputFilter$RequestQuoter.class */
        public static class RequestQuoter extends HttpServletRequestWrapper {
            private final HttpServletRequest rawRequest;

            public RequestQuoter(HttpServletRequest httpServletRequest) {
                super(httpServletRequest);
                this.rawRequest = httpServletRequest;
            }

            public Enumeration<String> getParameterNames() {
                return new Enumeration<String>() { // from class: org.apache.hadoop.hbase.http.HttpServer.QuotingInputFilter.RequestQuoter.1
                    private Enumeration<String> rawIterator;

                    {
                        this.rawIterator = RequestQuoter.this.rawRequest.getParameterNames();
                    }

                    @Override // java.util.Enumeration
                    public boolean hasMoreElements() {
                        return this.rawIterator.hasMoreElements();
                    }

                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.Enumeration
                    public String nextElement() {
                        return HtmlQuoting.quoteHtmlChars(this.rawIterator.nextElement());
                    }
                };
            }

            public String getParameter(String str) {
                return HtmlQuoting.quoteHtmlChars(this.rawRequest.getParameter(HtmlQuoting.unquoteHtmlChars(str)));
            }

            public String[] getParameterValues(String str) {
                String[] parameterValues = this.rawRequest.getParameterValues(HtmlQuoting.unquoteHtmlChars(str));
                if (parameterValues == null) {
                    return null;
                }
                String[] strArr = new String[parameterValues.length];
                for (int i = 0; i < strArr.length; i++) {
                    strArr[i] = HtmlQuoting.quoteHtmlChars(parameterValues[i]);
                }
                return strArr;
            }

            public Map<String, String[]> getParameterMap() {
                HashMap hashMap = new HashMap();
                for (Map.Entry entry : this.rawRequest.getParameterMap().entrySet()) {
                    String[] strArr = (String[]) entry.getValue();
                    String[] strArr2 = new String[strArr.length];
                    for (int i = 0; i < strArr.length; i++) {
                        strArr2[i] = HtmlQuoting.quoteHtmlChars(strArr[i]);
                    }
                    hashMap.put(HtmlQuoting.quoteHtmlChars((String) entry.getKey()), strArr2);
                }
                return hashMap;
            }

            public StringBuffer getRequestURL() {
                return new StringBuffer(HtmlQuoting.quoteHtmlChars(this.rawRequest.getRequestURL().toString()));
            }

            public String getServerName() {
                return HtmlQuoting.quoteHtmlChars(this.rawRequest.getServerName());
            }
        }

        public void init(FilterConfig filterConfig) throws ServletException {
            this.config = filterConfig;
        }

        public void destroy() {
        }

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
            RequestQuoter requestQuoter = new RequestQuoter((HttpServletRequest) servletRequest);
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            String inferMimeType = inferMimeType(servletRequest);
            if (inferMimeType == null) {
                httpServletResponse.setContentType("text/plain; charset=utf-8");
            } else if (inferMimeType.startsWith("text/html")) {
                httpServletResponse.setContentType("text/html; charset=utf-8");
            } else if (inferMimeType.startsWith("application/xml")) {
                httpServletResponse.setContentType("text/xml; charset=utf-8");
            }
            filterChain.doFilter(requestQuoter, httpServletResponse);
        }

        private String inferMimeType(ServletRequest servletRequest) {
            return this.config.getServletContext().getMimeType(((HttpServletRequest) servletRequest).getRequestURI());
        }
    }

    /* loaded from: input_file:org/apache/hadoop/hbase/http/HttpServer$StackServlet.class */
    public static class StackServlet extends HttpServlet {
        private static final long serialVersionUID = -6284183679759467039L;

        public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
            if (HttpServer.isInstrumentationAccessAllowed(getServletContext(), httpServletRequest, httpServletResponse)) {
                httpServletResponse.setContentType("text/plain; charset=UTF-8");
                PrintStream printStream = new PrintStream((OutputStream) httpServletResponse.getOutputStream(), false, "UTF-8");
                Throwable th = null;
                try {
                    try {
                        Threads.printThreadInfo(printStream, HttpServer.EMPTY_STRING);
                        printStream.flush();
                        if (printStream != null) {
                            if (0 != 0) {
                                try {
                                    printStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                printStream.close();
                            }
                        }
                        ReflectionUtils.logThreadInfo(HttpServer.LOG, "jsp requested", 1L);
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (printStream != null) {
                        if (th != null) {
                            try {
                                printStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            printStream.close();
                        }
                    }
                    throw th3;
                }
            }
        }
    }

    @VisibleForTesting
    public List<ServerConnector> getServerConnectors() {
        return (List) this.listeners.stream().map(listenerInfo -> {
            return listenerInfo.listener;
        }).collect(Collectors.toList());
    }

    @Deprecated
    public HttpServer(String str, String str2, int i, boolean z) throws IOException {
        this(str, str2, i, z, new Configuration());
    }

    @Deprecated
    public HttpServer(String str, String str2, int i, boolean z, Configuration configuration, String[] strArr) throws IOException {
        this(str, str2, i, z, configuration, null, strArr);
    }

    @Deprecated
    public HttpServer(String str, String str2, int i, boolean z, Configuration configuration) throws IOException {
        this(str, str2, i, z, configuration, null, null);
    }

    @Deprecated
    public HttpServer(String str, String str2, int i, boolean z, Configuration configuration, AccessControlList accessControlList) throws IOException {
        this(str, str2, i, z, configuration, accessControlList, null);
    }

    @Deprecated
    public HttpServer(String str, String str2, int i, boolean z, Configuration configuration, AccessControlList accessControlList, String[] strArr) throws IOException {
        this(new Builder().setName(str).addEndpoint(URI.create("http://" + str2 + ":" + i)).setFindPort(z).setConf(configuration).setACL(accessControlList).setPathSpec(strArr));
    }

    private HttpServer(Builder builder) throws IOException {
        this.listeners = Lists.newArrayList();
        this.defaultContexts = new HashMap();
        this.filterNames = new ArrayList();
        this.appDir = builder.appDir;
        this.logDir = builder.logDir;
        String webAppsPath = getWebAppsPath(builder.name);
        int i = builder.conf.getInt(HTTP_MAX_THREADS, 16);
        QueuedThreadPool queuedThreadPool = i <= 0 ? new QueuedThreadPool() : new QueuedThreadPool(i);
        queuedThreadPool.setDaemon(true);
        this.webServer = new Server(queuedThreadPool);
        this.adminsAcl = builder.adminsAcl;
        this.webAppContext = createWebAppContext(builder.name, builder.conf, this.adminsAcl, webAppsPath);
        this.findPort = builder.findPort;
        this.authenticationEnabled = builder.securityEnabled;
        initializeWebServer(builder.name, builder.hostName, builder.conf, builder.pathSpecs, builder);
    }

    private void initializeWebServer(String str, String str2, Configuration configuration, String[] strArr, Builder builder) throws FileNotFoundException, IOException {
        Preconditions.checkNotNull(this.webAppContext);
        HandlerCollection handlerCollection = new HandlerCollection();
        ContextHandlerCollection contextHandlerCollection = new ContextHandlerCollection();
        RequestLog requestLog = HttpRequestLog.getRequestLog(str);
        if (requestLog != null) {
            RequestLogHandler requestLogHandler = new RequestLogHandler();
            requestLogHandler.setRequestLog(requestLog);
            handlerCollection.addHandler(requestLogHandler);
        }
        String webAppsPath = getWebAppsPath(str);
        handlerCollection.addHandler(contextHandlerCollection);
        handlerCollection.addHandler(this.webAppContext);
        this.webServer.setHandler(handlerCollection);
        this.webAppContext.setAttribute(ADMINS_ACL, this.adminsAcl);
        addDefaultApps(contextHandlerCollection, webAppsPath, configuration);
        addGlobalFilter("safety", QuotingInputFilter.class.getName(), null);
        addGlobalFilter("clickjackingprevention", ClickjackingPreventionFilter.class.getName(), ClickjackingPreventionFilter.getDefaultParameters(configuration));
        addGlobalFilter("securityheaders", SecurityHeadersFilter.class.getName(), SecurityHeadersFilter.getDefaultParameters(configuration));
        if (this.authenticationEnabled) {
            initSpnego(configuration, str2, builder.usernameConfKey, builder.keytabConfKey, builder.kerberosNameRulesKey, builder.signatureSecretFileKey);
        }
        FilterInitializer[] filterInitializers = getFilterInitializers(configuration);
        if (filterInitializers != null) {
            configuration = new Configuration(configuration);
            configuration.set(BIND_ADDRESS, str2);
            for (FilterInitializer filterInitializer : filterInitializers) {
                filterInitializer.initFilter(this, configuration);
            }
        }
        addDefaultServlets(contextHandlerCollection, configuration);
        if (strArr != null) {
            for (String str3 : strArr) {
                LOG.info("adding path spec: " + str3);
                addFilterPathMapping(str3, this.webAppContext);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void addManagedListener(ServerConnector serverConnector) {
        this.listeners.add(new ListenerInfo(true, serverConnector));
    }

    private static WebAppContext createWebAppContext(String str, Configuration configuration, AccessControlList accessControlList, String str2) {
        WebAppContext webAppContext = new WebAppContext();
        webAppContext.setDisplayName(str);
        webAppContext.setContextPath("/");
        webAppContext.setWar(str2 + "/" + str);
        webAppContext.getServletContext().setAttribute(CONF_CONTEXT_ATTRIBUTE, configuration);
        webAppContext.getServletContext().setAttribute("hadoop.conf", configuration);
        webAppContext.getServletContext().setAttribute(ADMINS_ACL, accessControlList);
        addNoCacheFilter(webAppContext);
        return webAppContext;
    }

    private static void addNoCacheFilter(WebAppContext webAppContext) {
        defineFilter(webAppContext, NO_CACHE_FILTER, NoCacheFilter.class.getName(), Collections.emptyMap(), new String[]{"/*"});
    }

    private static FilterInitializer[] getFilterInitializers(Configuration configuration) {
        Class[] classes;
        if (configuration == null || (classes = configuration.getClasses(FILTER_INITIALIZERS_PROPERTY, new Class[0])) == null) {
            return null;
        }
        FilterInitializer[] filterInitializerArr = new FilterInitializer[classes.length];
        for (int i = 0; i < classes.length; i++) {
            filterInitializerArr[i] = (FilterInitializer) ReflectionUtils.newInstance(classes[i], new Object[0]);
        }
        return filterInitializerArr;
    }

    protected void addDefaultApps(ContextHandlerCollection contextHandlerCollection, String str, Configuration configuration) throws IOException {
        String str2 = this.logDir;
        if (str2 == null) {
            str2 = System.getProperty("hadoop.log.dir");
        }
        if (str2 != null) {
            ServletContextHandler servletContextHandler = new ServletContextHandler(contextHandlerCollection, "/logs");
            servletContextHandler.addServlet(AdminAuthorizedServlet.class, "/*");
            servletContextHandler.setResourceBase(str2);
            if (configuration.getBoolean(ServerConfigurationKeys.HBASE_JETTY_LOGS_SERVE_ALIASES, true)) {
                servletContextHandler.getInitParams().put("org.mortbay.jetty.servlet.Default.aliases", "true");
            }
            servletContextHandler.setDisplayName("logs");
            setContextAttributes(servletContextHandler, configuration);
            this.defaultContexts.put(servletContextHandler, true);
        }
        ServletContextHandler servletContextHandler2 = new ServletContextHandler(contextHandlerCollection, "/static");
        servletContextHandler2.setResourceBase(str + "/static");
        servletContextHandler2.addServlet(DefaultServlet.class, "/*");
        servletContextHandler2.setDisplayName("static");
        setContextAttributes(servletContextHandler2, configuration);
        this.defaultContexts.put(servletContextHandler2, true);
    }

    private void setContextAttributes(ServletContextHandler servletContextHandler, Configuration configuration) {
        servletContextHandler.getServletContext().setAttribute(CONF_CONTEXT_ATTRIBUTE, configuration);
        servletContextHandler.getServletContext().setAttribute(ADMINS_ACL, this.adminsAcl);
    }

    protected void addDefaultServlets(ContextHandlerCollection contextHandlerCollection, Configuration configuration) throws IOException {
        addPrivilegedServlet("stacks", "/stacks", StackServlet.class);
        addPrivilegedServlet("logLevel", "/logLevel", LogLevel.Servlet.class);
        try {
            addPrivilegedServlet("metrics", "/metrics", Class.forName("org.apache.hadoop.metrics.MetricsServlet").asSubclass(HttpServlet.class));
        } catch (Exception e) {
        }
        addPrivilegedServlet("jmx", "/jmx", JMXJsonServlet.class);
        if (configuration.getBoolean(HTTP_PRIVILEGED_CONF_KEY, false)) {
            addPrivilegedServlet("conf", "/conf", ConfServlet.class);
        } else {
            addUnprivilegedServlet("conf", "/conf", ConfServlet.class);
        }
        String asyncProfilerHome = ProfileServlet.getAsyncProfilerHome();
        if (asyncProfilerHome == null || asyncProfilerHome.trim().isEmpty()) {
            addUnprivilegedServlet("prof", "/prof", ProfileServlet.DisabledServlet.class);
            LOG.info("ASYNC_PROFILER_HOME environment variable and async.profiler.home system property not specified. Disabling /prof endpoint.");
            return;
        }
        addPrivilegedServlet("prof", "/prof", ProfileServlet.class);
        Path path = Paths.get(ProfileServlet.OUTPUT_DIR, new String[0]);
        if (Files.notExists(path, new LinkOption[0])) {
            Files.createDirectories(path, new FileAttribute[0]);
        }
        ServletContextHandler servletContextHandler = new ServletContextHandler(contextHandlerCollection, "/prof-output");
        servletContextHandler.addServlet(ProfileOutputServlet.class, "/*");
        servletContextHandler.setResourceBase(path.toAbsolutePath().toString());
        servletContextHandler.setDisplayName("prof-output");
    }

    public void setAttribute(String str, Object obj) {
        this.webAppContext.setAttribute(str, obj);
    }

    public void addJerseyResourcePackage(String str, String str2) {
        LOG.info("addJerseyResourcePackage: packageName=" + str + ", pathSpec=" + str2);
        this.webAppContext.addServlet(new ServletHolder(new ServletContainer(new ResourceConfig().packages(new String[]{str}))), str2);
    }

    public void addUnprivilegedServlet(String str, String str2, Class<? extends HttpServlet> cls) {
        addServletWithAuth(str, str2, cls, false);
    }

    public void addPrivilegedServlet(String str, String str2, Class<? extends HttpServlet> cls) {
        addServletWithAuth(str, str2, cls, true);
    }

    void addServletWithAuth(String str, String str2, Class<? extends HttpServlet> cls, boolean z) {
        addInternalServlet(str, str2, cls, z);
        addFilterPathMapping(str2, this.webAppContext);
    }

    void addInternalServlet(String str, String str2, Class<? extends HttpServlet> cls, boolean z) {
        ServletHolder servletHolder = new ServletHolder(cls);
        if (str != null) {
            servletHolder.setName(str);
        }
        if (this.authenticationEnabled && z) {
            FilterHolder filterHolder = new FilterHolder(AdminAuthorizedFilter.class);
            filterHolder.setName(AdminAuthorizedFilter.class.getSimpleName());
            FilterMapping filterMapping = new FilterMapping();
            filterMapping.setPathSpec(str2);
            filterMapping.setDispatches(31);
            filterMapping.setFilterName(AdminAuthorizedFilter.class.getSimpleName());
            this.webAppContext.getServletHandler().addFilter(filterHolder, filterMapping);
        }
        this.webAppContext.addServlet(servletHolder, str2);
    }

    @Override // org.apache.hadoop.hbase.http.FilterContainer
    public void addFilter(String str, String str2, Map<String, String> map) {
        defineFilter(this.webAppContext, str, str2, map, new String[]{"*.html", "*.jsp"});
        LOG.info("Added filter " + str + " (class=" + str2 + ") to context " + this.webAppContext.getDisplayName());
        String[] strArr = {"/*"};
        for (Map.Entry<ServletContextHandler, Boolean> entry : this.defaultContexts.entrySet()) {
            if (entry.getValue().booleanValue()) {
                ServletContextHandler key = entry.getKey();
                defineFilter(key, str, str2, map, strArr);
                LOG.info("Added filter " + str + " (class=" + str2 + ") to context " + key.getDisplayName());
            }
        }
        this.filterNames.add(str);
    }

    @Override // org.apache.hadoop.hbase.http.FilterContainer
    public void addGlobalFilter(String str, String str2, Map<String, String> map) {
        String[] strArr = {"/*"};
        defineFilter(this.webAppContext, str, str2, map, strArr);
        Iterator<ServletContextHandler> it = this.defaultContexts.keySet().iterator();
        while (it.hasNext()) {
            defineFilter(it.next(), str, str2, map, strArr);
        }
        LOG.info("Added global filter '" + str + "' (class=" + str2 + ")");
    }

    public static void defineFilter(ServletContextHandler servletContextHandler, String str, String str2, Map<String, String> map, String[] strArr) {
        FilterHolder filterHolder = new FilterHolder();
        filterHolder.setName(str);
        filterHolder.setClassName(str2);
        if (map != null) {
            filterHolder.setInitParameters(map);
        }
        FilterMapping filterMapping = new FilterMapping();
        filterMapping.setPathSpecs(strArr);
        filterMapping.setDispatches(31);
        filterMapping.setFilterName(str);
        servletContextHandler.getServletHandler().addFilter(filterHolder, filterMapping);
    }

    protected void addFilterPathMapping(String str, WebAppContext webAppContext) {
        for (String str2 : this.filterNames) {
            FilterMapping filterMapping = new FilterMapping();
            filterMapping.setPathSpec(str);
            filterMapping.setFilterName(str2);
            filterMapping.setDispatches(31);
            webAppContext.getServletHandler().addFilterMapping(filterMapping);
        }
    }

    public Object getAttribute(String str) {
        return this.webAppContext.getAttribute(str);
    }

    public WebAppContext getWebAppContext() {
        return this.webAppContext;
    }

    public String getWebAppsPath(String str) throws FileNotFoundException {
        return getWebAppsPath(this.appDir, str);
    }

    protected String getWebAppsPath(String str, String str2) throws FileNotFoundException {
        URL resource = getClass().getClassLoader().getResource(str + "/" + str2);
        if (resource == null) {
            throw new FileNotFoundException(str + "/" + str2 + " not found in CLASSPATH");
        }
        String url = resource.toString();
        return url.substring(0, url.lastIndexOf(47));
    }

    @Deprecated
    public int getPort() {
        return this.webServer.getConnectors()[0].getLocalPort();
    }

    public InetSocketAddress getConnectorAddress(int i) {
        Preconditions.checkArgument(i >= 0);
        if (i > this.webServer.getConnectors().length) {
            return null;
        }
        ServerConnector serverConnector = this.webServer.getConnectors()[i];
        if (serverConnector.getLocalPort() == -1 || serverConnector.getLocalPort() == -2) {
            return null;
        }
        return new InetSocketAddress(serverConnector.getHost(), serverConnector.getLocalPort());
    }

    public void setThreads(int i, int i2) {
        QueuedThreadPool threadPool = this.webServer.getThreadPool();
        threadPool.setMinThreads(i);
        threadPool.setMaxThreads(i2);
    }

    private void initSpnego(Configuration configuration, String str, String str2, String str3, String str4, String str5) throws IOException {
        HashMap hashMap = new HashMap();
        String orEmptyString = getOrEmptyString(configuration, str2);
        if (!orEmptyString.isEmpty()) {
            hashMap.put(HTTP_SPNEGO_AUTHENTICATION_PRINCIPAL_SUFFIX, SecurityUtil.getServerPrincipal(orEmptyString, str));
        }
        String orEmptyString2 = getOrEmptyString(configuration, str3);
        if (!orEmptyString2.isEmpty()) {
            hashMap.put(HTTP_SPNEGO_AUTHENTICATION_KEYTAB_SUFFIX, orEmptyString2);
        }
        String orEmptyString3 = getOrEmptyString(configuration, str4);
        if (!orEmptyString3.isEmpty()) {
            hashMap.put(HTTP_SPNEGO_AUTHENTICATION_KRB_NAME_SUFFIX, orEmptyString3);
        }
        String orEmptyString4 = getOrEmptyString(configuration, str5);
        if (!orEmptyString4.isEmpty()) {
            hashMap.put(HTTP_AUTHENTICATION_SIGNATURE_SECRET_FILE_SUFFIX, orEmptyString4);
        }
        hashMap.put(JSONMetricUtil.TYPE_KEY, "kerberos");
        if (isMissing((String) hashMap.get(HTTP_SPNEGO_AUTHENTICATION_PRINCIPAL_SUFFIX)) || isMissing((String) hashMap.get(HTTP_SPNEGO_AUTHENTICATION_KEYTAB_SUFFIX))) {
            throw new IllegalArgumentException(str2 + " and " + str3 + " are both required in the configuration to enable SPNEGO/Kerberos authentication for the Web UI");
        }
        if (!configuration.getBoolean(HTTP_SPNEGO_AUTHENTICATION_PROXYUSER_ENABLE_KEY, false)) {
            addGlobalFilter(SPNEGO_FILTER, AuthenticationFilter.class.getName(), hashMap);
            return;
        }
        for (Map.Entry entry : configuration.getPropsWithPrefix("hadoop.proxyuser").entrySet()) {
            hashMap.put(ProxyUserAuthenticationFilter.PROXYUSER_PREFIX + ((String) entry.getKey()), entry.getValue());
        }
        addGlobalFilter(SPNEGO_PROXYUSER_FILTER, ProxyUserAuthenticationFilter.class.getName(), hashMap);
    }

    private boolean isMissing(String str) {
        if (null == str) {
            return true;
        }
        return str.trim().isEmpty();
    }

    private String getOrEmptyString(Configuration configuration, String str) {
        String str2;
        return (null == str || null == (str2 = configuration.get(str.trim()))) ? EMPTY_STRING : str2;
    }

    public void start() throws IOException {
        try {
            try {
                openListeners();
                this.webServer.start();
                for (Handler handler : this.webServer.getHandlers()) {
                    if (handler.isFailed()) {
                        throw new IOException("Problem in starting http server. Server handlers failed");
                    }
                }
                Throwable unavailableException = this.webAppContext.getUnavailableException();
                if (unavailableException != null) {
                    this.webServer.stop();
                    throw new IOException("Unable to initialize WebAppContext", unavailableException);
                }
            } catch (MultiException e) {
                LOG.info("HttpServer.start() threw a MultiException", e);
                throw e;
            } catch (IOException e2) {
                LOG.info("HttpServer.start() threw a non Bind IOException", e2);
                throw e2;
            }
        } catch (IOException e3) {
            throw e3;
        } catch (InterruptedException e4) {
            throw ((IOException) new InterruptedIOException("Interrupted while starting HTTP server").initCause(e4));
        } catch (Exception e5) {
            throw new IOException("Problem starting http server", e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void loadListeners() {
        Iterator<ListenerInfo> it = this.listeners.iterator();
        while (it.hasNext()) {
            this.webServer.addConnector(it.next().listener);
        }
    }

    @VisibleForTesting
    void openListeners() throws Exception {
        loop0: for (ListenerInfo listenerInfo : this.listeners) {
            ServerConnector serverConnector = listenerInfo.listener;
            if (listenerInfo.isManaged && (listenerInfo.listener.getLocalPort() == -1 || listenerInfo.listener.getLocalPort() == -2)) {
                int port = serverConnector.getPort();
                while (true) {
                    try {
                        serverConnector.close();
                        serverConnector.open();
                        LOG.info("Jetty bound to port " + serverConnector.getLocalPort());
                        break;
                    } catch (IOException e) {
                        if (!(e instanceof BindException) && !(e.getCause() instanceof BindException)) {
                            throw e;
                        }
                        if (port == 0 || !this.findPort) {
                            BindException bindException = new BindException("Port in use: " + serverConnector.getHost() + ":" + serverConnector.getPort());
                            bindException.initCause(e);
                            throw bindException;
                        }
                        port++;
                        serverConnector.setPort(port);
                        Thread.sleep(100L);
                    }
                }
                BindException bindException2 = new BindException("Port in use: " + serverConnector.getHost() + ":" + serverConnector.getPort());
                bindException2.initCause(e);
                throw bindException2;
            }
        }
    }

    public void stop() throws Exception {
        MultiException multiException = null;
        for (ListenerInfo listenerInfo : this.listeners) {
            if (listenerInfo.isManaged) {
                try {
                    listenerInfo.listener.close();
                } catch (Exception e) {
                    LOG.error("Error while stopping listener for webapp" + this.webAppContext.getDisplayName(), e);
                    multiException = addMultiException(multiException, e);
                }
            }
        }
        try {
            this.webAppContext.clearAttributes();
            this.webAppContext.stop();
        } catch (Exception e2) {
            LOG.error("Error while stopping web app context for webapp " + this.webAppContext.getDisplayName(), e2);
            multiException = addMultiException(multiException, e2);
        }
        try {
            this.webServer.stop();
        } catch (Exception e3) {
            LOG.error("Error while stopping web server for webapp " + this.webAppContext.getDisplayName(), e3);
            multiException = addMultiException(multiException, e3);
        }
        if (multiException != null) {
            multiException.ifExceptionThrow();
        }
    }

    private MultiException addMultiException(MultiException multiException, Exception exc) {
        if (multiException == null) {
            multiException = new MultiException();
        }
        multiException.add(exc);
        return multiException;
    }

    public void join() throws InterruptedException {
        this.webServer.join();
    }

    public boolean isAlive() {
        return this.webServer != null && this.webServer.isStarted();
    }

    public String toString() {
        if (this.listeners.isEmpty()) {
            return "Inactive HttpServer";
        }
        StringBuilder append = new StringBuilder("HttpServer (").append(isAlive() ? STATE_DESCRIPTION_ALIVE : STATE_DESCRIPTION_NOT_LIVE).append("), listening at:");
        Iterator<ListenerInfo> it = this.listeners.iterator();
        while (it.hasNext()) {
            ServerConnector serverConnector = it.next().listener;
            append.append(serverConnector.getHost()).append(":").append(serverConnector.getPort()).append("/,");
        }
        return append.toString();
    }

    public static boolean isInstrumentationAccessAllowed(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        boolean z = true;
        if (((Configuration) servletContext.getAttribute(CONF_CONTEXT_ATTRIBUTE)).getBoolean("hadoop.security.instrumentation.requires.admin", false)) {
            z = hasAdministratorAccess(servletContext, httpServletRequest, httpServletResponse);
        }
        return z;
    }

    public static boolean hasAdministratorAccess(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        return hasAdministratorAccess((Configuration) servletContext.getAttribute(CONF_CONTEXT_ATTRIBUTE), (AccessControlList) servletContext.getAttribute(ADMINS_ACL), httpServletRequest, httpServletResponse);
    }

    public static boolean hasAdministratorAccess(Configuration configuration, AccessControlList accessControlList, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (!configuration.getBoolean("hadoop.security.authorization", false)) {
            return true;
        }
        String remoteUser = httpServletRequest.getRemoteUser();
        if (remoteUser == null) {
            httpServletResponse.sendError(401, "Unauthenticated users are not authorized to access this page.");
            return false;
        }
        if (accessControlList == null || userHasAdministratorAccess(accessControlList, remoteUser)) {
            return true;
        }
        httpServletResponse.sendError(403, "User " + remoteUser + " is unauthorized to access this page.");
        return false;
    }

    public static boolean userHasAdministratorAccess(ServletContext servletContext, String str) {
        return userHasAdministratorAccess((AccessControlList) servletContext.getAttribute(ADMINS_ACL), str);
    }

    public static boolean userHasAdministratorAccess(AccessControlList accessControlList, String str) {
        return accessControlList != null && accessControlList.isUserAllowed(UserGroupInformation.createRemoteUser(str));
    }
}
