package org.apache.hadoop.yarn.server.webproxy.amfilter;

import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.UnknownHostException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.VisibleForTesting;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.shaded.javax.servlet.Filter;
import org.apache.hadoop.shaded.javax.servlet.FilterChain;
import org.apache.hadoop.shaded.javax.servlet.FilterConfig;
import org.apache.hadoop.shaded.javax.servlet.ServletException;
import org.apache.hadoop.shaded.javax.servlet.ServletRequest;
import org.apache.hadoop.shaded.javax.servlet.ServletResponse;
import org.apache.hadoop.shaded.javax.servlet.http.Cookie;
import org.apache.hadoop.shaded.javax.servlet.http.HttpServletRequest;
import org.apache.hadoop.shaded.javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.shaded.net.bytebuddy.description.type.TypeDescription;
import org.apache.hadoop.util.Time;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.capacity.placement.converter.LegacyMappingRuleToJson;
import org.apache.hadoop.yarn.server.webproxy.ProxyUtils;
import org.apache.hadoop.yarn.server.webproxy.WebAppProxyServlet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Public
/* loaded from: input_file:org/apache/hadoop/yarn/server/webproxy/amfilter/AmIpFilter.class */
public class AmIpFilter implements Filter {

    @Deprecated
    public static final String PROXY_HOST = "PROXY_HOST";

    @Deprecated
    public static final String PROXY_URI_BASE = "PROXY_URI_BASE";
    public static final String PROXY_HOSTS = "PROXY_HOSTS";
    public static final String PROXY_HOSTS_DELIMITER = ",";
    public static final String PROXY_URI_BASES = "PROXY_URI_BASES";
    public static final String PROXY_URI_BASES_DELIMITER = ",";
    private static final String PROXY_PATH = "/proxy";
    private String[] proxyHosts;
    private long lastUpdate;

    @VisibleForTesting
    Map<String, String> proxyUriBases;
    private static final Logger LOG = LoggerFactory.getLogger(AmIpFilter.class);
    private static long updateInterval = TimeUnit.MINUTES.toMillis(5);
    private Set<String> proxyAddresses = null;
    String[] rmUrls = null;

    public void init(FilterConfig filterConfig) throws ServletException {
        if (filterConfig.getInitParameter(PROXY_HOST) == null || filterConfig.getInitParameter(PROXY_URI_BASE) == null) {
            this.proxyHosts = filterConfig.getInitParameter(PROXY_HOSTS).split(",");
            String[] split = filterConfig.getInitParameter(PROXY_URI_BASES).split(",");
            this.proxyUriBases = new HashMap(split.length);
            for (String str : split) {
                try {
                    URL url = new URL(str);
                    this.proxyUriBases.put(url.getHost() + LegacyMappingRuleToJson.RULE_PART_DELIMITER + url.getPort(), str);
                } catch (MalformedURLException e) {
                    LOG.warn("{} does not appear to be a valid URL", str, e);
                }
            }
        } else {
            this.proxyHosts = new String[]{filterConfig.getInitParameter(PROXY_HOST)};
            this.proxyUriBases = new HashMap(1);
            this.proxyUriBases.put("dummy", filterConfig.getInitParameter(PROXY_URI_BASE));
        }
        if (filterConfig.getInitParameter(AmFilterInitializer.RM_HA_URLS) != null) {
            this.rmUrls = filterConfig.getInitParameter(AmFilterInitializer.RM_HA_URLS).split(",");
        }
    }

    protected Set<String> getProxyAddresses() throws ServletException {
        Set<String> set;
        long monotonicNow = Time.monotonicNow();
        synchronized (this) {
            if (this.proxyAddresses == null || this.lastUpdate + updateInterval <= monotonicNow) {
                this.proxyAddresses = new HashSet();
                for (String str : this.proxyHosts) {
                    try {
                        for (InetAddress inetAddress : InetAddress.getAllByName(str)) {
                            LOG.debug("proxy address is: {}", inetAddress.getHostAddress());
                            this.proxyAddresses.add(inetAddress.getHostAddress());
                        }
                        this.lastUpdate = monotonicNow;
                    } catch (UnknownHostException e) {
                        LOG.warn("Could not locate {} - skipping", str, e);
                    }
                }
                if (this.proxyAddresses.isEmpty()) {
                    throw new ServletException("Could not locate any of the proxy hosts");
                }
            }
            set = this.proxyAddresses;
        }
        return set;
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        ProxyUtils.rejectNonHttpRequests(servletRequest);
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        LOG.debug("Remote address for request is: {}", httpServletRequest.getRemoteAddr());
        if (!getProxyAddresses().contains(httpServletRequest.getRemoteAddr())) {
            StringBuilder sb = new StringBuilder(findRedirectUrl());
            sb.append(httpServletRequest.getRequestURI());
            int indexOf = sb.indexOf(PROXY_PATH);
            if (indexOf >= 0) {
                sb.insert(indexOf + PROXY_PATH.length(), "/redirect");
            }
            String queryString = httpServletRequest.getQueryString();
            if (queryString != null && !queryString.isEmpty()) {
                sb.append(TypeDescription.Generic.OfWildcardType.SYMBOL);
                sb.append(queryString);
            }
            ProxyUtils.sendRedirect(httpServletRequest, httpServletResponse, sb.toString());
            return;
        }
        String str = null;
        if (httpServletRequest.getCookies() != null) {
            Cookie[] cookies = httpServletRequest.getCookies();
            int length = cookies.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Cookie cookie = cookies[i];
                if (WebAppProxyServlet.PROXY_USER_COOKIE_NAME.equals(cookie.getName())) {
                    str = cookie.getValue();
                    break;
                }
                i++;
            }
        }
        if (str != null) {
            filterChain.doFilter(new AmIpServletRequestWrapper(httpServletRequest, new AmIpPrincipal(str)), servletResponse);
        } else {
            LOG.debug("Could not find {} cookie, so user will not be set", WebAppProxyServlet.PROXY_USER_COOKIE_NAME);
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    @VisibleForTesting
    public String findRedirectUrl() throws ServletException {
        String str = null;
        if (this.proxyUriBases.size() == 1) {
            str = this.proxyUriBases.values().iterator().next();
        } else if (this.rmUrls != null) {
            String[] strArr = this.rmUrls;
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                String str2 = this.proxyUriBases.get(strArr[i]);
                if (isValidUrl(str2)) {
                    str = str2;
                    break;
                }
                i++;
            }
        }
        if (str == null) {
            throw new ServletException("Could not determine the proxy server for redirection");
        }
        return str;
    }

    @VisibleForTesting
    public boolean isValidUrl(String str) {
        boolean z;
        boolean z2 = false;
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
            httpURLConnection.connect();
            z2 = httpURLConnection.getResponseCode() == 200;
            if (!z2 && UserGroupInformation.isSecurityEnabled()) {
                if (httpURLConnection.getResponseCode() != 401) {
                    if (httpURLConnection.getResponseCode() != 403) {
                        z = false;
                        return z;
                    }
                }
                z = true;
                return z;
            }
        } catch (Exception e) {
            LOG.warn("Failed to connect to " + str + ": " + e.toString());
        }
        return z2;
    }

    @VisibleForTesting
    protected static void setUpdateInterval(long j) {
        updateInterval = j;
    }
}
