package org.apache.hadoop.http;

import com.sun.jersey.api.core.PackagesResourceConfig;
import com.sun.jersey.spi.container.servlet.ServletContainer;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InterruptedIOException;
import java.io.OutputStream;
import java.io.PrintStream;
import java.net.BindException;
import java.net.InetSocketAddress;
import java.net.URI;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.HadoopIllegalArgumentException;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.ConfServlet;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.jmx.JMXJsonServlet;
import org.apache.hadoop.log.LogLevel;
import org.apache.hadoop.metrics.MetricsServlet;
import org.apache.hadoop.security.AuthenticationFilterInitializer;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
import org.apache.hadoop.security.authentication.util.SignerSecretProvider;
import org.apache.hadoop.security.authorize.AccessControlList;
import org.apache.hadoop.security.ssl.SslSelectChannelConnectorSecure;
import org.apache.hadoop.util.ReflectionUtils;
import org.apache.hadoop.util.Shell;
import org.apache.hadoop.util.StringUtils;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.webapp.MimeType;
import org.mortbay.io.Buffer;
import org.mortbay.jetty.Connector;
import org.mortbay.jetty.Handler;
import org.mortbay.jetty.MimeTypes;
import org.mortbay.jetty.RequestLog;
import org.mortbay.jetty.Server;
import org.mortbay.jetty.SessionManager;
import org.mortbay.jetty.handler.ContextHandler;
import org.mortbay.jetty.handler.ContextHandlerCollection;
import org.mortbay.jetty.handler.HandlerCollection;
import org.mortbay.jetty.handler.RequestLogHandler;
import org.mortbay.jetty.nio.SelectChannelConnector;
import org.mortbay.jetty.servlet.AbstractSessionManager;
import org.mortbay.jetty.servlet.Context;
import org.mortbay.jetty.servlet.DefaultServlet;
import org.mortbay.jetty.servlet.FilterHolder;
import org.mortbay.jetty.servlet.FilterMapping;
import org.mortbay.jetty.servlet.ServletHandler;
import org.mortbay.jetty.servlet.ServletHolder;
import org.mortbay.jetty.servlet.SessionHandler;
import org.mortbay.jetty.webapp.WebAppContext;
import org.mortbay.thread.QueuedThreadPool;
import org.mortbay.util.MultiException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import shaded.com.google.common.base.Preconditions;
import shaded.com.google.common.collect.ImmutableMap;
import shaded.com.google.common.collect.Lists;
import shaded.org.apache.commons.configuration.tree.DefaultExpressionEngine;

@InterfaceAudience.Private
@InterfaceStability.Evolving
/* loaded from: input_file:org/apache/hadoop/http/HttpServer2.class */
public final class HttpServer2 implements FilterContainer {
    public static final Logger LOG = LoggerFactory.getLogger(HttpServer2.class);
    static final String FILTER_INITIALIZER_PROPERTY = "hadoop.http.filter.initializers";
    public static final String HTTP_MAX_THREADS = "hadoop.http.max.threads";
    public static final String CONF_CONTEXT_ATTRIBUTE = "hadoop.conf";
    public static final String ADMINS_ACL = "admins.acl";
    public static final String SPNEGO_FILTER = "SpnegoFilter";
    public static final String NO_CACHE_FILTER = "NoCacheFilter";
    public static final String BIND_ADDRESS = "bind.address";
    private final AccessControlList adminsAcl;
    protected final Server webServer;
    private final List<Connector> listeners;
    protected final WebAppContext webAppContext;
    protected final boolean findPort;
    protected final Configuration.IntegerRanges portRanges;
    protected final Map<Context, Boolean> defaultContexts;
    protected final List<String> filterNames;
    static final String STATE_DESCRIPTION_ALIVE = " - alive";
    static final String STATE_DESCRIPTION_NOT_LIVE = " - not live";
    private final SignerSecretProvider secretProvider;
    private XFrameOption xFrameOption;
    private boolean xFrameOptionIsEnabled;
    private static final String X_FRAME_VALUE = "xFrameOption";
    private static final String X_FRAME_ENABLED = "X_FRAME_ENABLED";

    /* loaded from: input_file:org/apache/hadoop/http/HttpServer2$Builder.class */
    public static class Builder {
        private String name;
        private Configuration conf;
        private String[] pathSpecs;
        private AccessControlList adminsAcl;
        private String usernameConfKey;
        private String keytabConfKey;
        private boolean needsClientAuth;
        private String trustStore;
        private String trustStorePassword;
        private String trustStoreType;
        private String keyStore;
        private String keyStorePassword;
        private String keyStoreType;
        private String keyPassword;
        private boolean findPort;
        private String hostName;
        private boolean disallowFallbackToRandomSignerSecretProvider;
        private String excludeCiphers;
        private boolean xFrameEnabled;
        private ArrayList<URI> endpoints = Lists.newArrayList();
        private boolean securityEnabled = false;
        private Configuration.IntegerRanges portRanges = null;
        private String authFilterConfigurationPrefix = "hadoop.http.authentication.";
        private XFrameOption xFrameOption = XFrameOption.SAMEORIGIN;

        public Builder setName(String str) {
            this.name = str;
            return this;
        }

        public Builder addEndpoint(URI uri) {
            this.endpoints.add(uri);
            return this;
        }

        public Builder hostName(String str) {
            this.hostName = str;
            return this;
        }

        public Builder trustStore(String str, String str2, String str3) {
            this.trustStore = str;
            this.trustStorePassword = str2;
            this.trustStoreType = str3;
            return this;
        }

        public Builder keyStore(String str, String str2, String str3) {
            this.keyStore = str;
            this.keyStorePassword = str2;
            this.keyStoreType = str3;
            return this;
        }

        public Builder keyPassword(String str) {
            this.keyPassword = str;
            return this;
        }

        public Builder needsClientAuth(boolean z) {
            this.needsClientAuth = z;
            return this;
        }

        public Builder setFindPort(boolean z) {
            this.findPort = z;
            return this;
        }

        public Builder setPortRanges(Configuration.IntegerRanges integerRanges) {
            this.portRanges = integerRanges;
            return this;
        }

        public Builder setConf(Configuration configuration) {
            this.conf = configuration;
            return this;
        }

        public Builder setPathSpec(String[] strArr) {
            this.pathSpecs = strArr;
            return this;
        }

        public Builder setACL(AccessControlList accessControlList) {
            this.adminsAcl = accessControlList;
            return this;
        }

        public Builder setSecurityEnabled(boolean z) {
            this.securityEnabled = z;
            return this;
        }

        public Builder setUsernameConfKey(String str) {
            this.usernameConfKey = str;
            return this;
        }

        public Builder setKeytabConfKey(String str) {
            this.keytabConfKey = str;
            return this;
        }

        public Builder disallowFallbackToRandomSingerSecretProvider(boolean z) {
            this.disallowFallbackToRandomSignerSecretProvider = z;
            return this;
        }

        public Builder authFilterConfigurationPrefix(String str) {
            this.authFilterConfigurationPrefix = str;
            return this;
        }

        public Builder excludeCiphers(String str) {
            this.excludeCiphers = str;
            return this;
        }

        public Builder configureXFrame(boolean z) {
            this.xFrameEnabled = z;
            return this;
        }

        public Builder setXFrameOption(String str) {
            this.xFrameOption = XFrameOption.getEnum(str);
            return this;
        }

        public HttpServer2 build() throws IOException {
            Connector createHttpsChannelConnector;
            Preconditions.checkNotNull(this.name, "name is not set");
            Preconditions.checkState(!this.endpoints.isEmpty(), "No endpoints specified");
            if (this.hostName == null) {
                this.hostName = this.endpoints.get(0).getHost();
            }
            if (this.conf == null) {
                this.conf = new Configuration();
            }
            HttpServer2 httpServer2 = new HttpServer2(this);
            if (this.securityEnabled) {
                httpServer2.initSpnego(this.conf, this.hostName, this.usernameConfKey, this.keytabConfKey);
            }
            Iterator<URI> it = this.endpoints.iterator();
            while (it.hasNext()) {
                URI next = it.next();
                String scheme = next.getScheme();
                if ("http".equals(scheme)) {
                    createHttpsChannelConnector = HttpServer2.createDefaultChannelConnector();
                } else {
                    if (!"https".equals(scheme)) {
                        throw new HadoopIllegalArgumentException("unknown scheme for endpoint:" + next);
                    }
                    createHttpsChannelConnector = createHttpsChannelConnector();
                }
                createHttpsChannelConnector.setHost(next.getHost());
                createHttpsChannelConnector.setPort(next.getPort() == -1 ? 0 : next.getPort());
                httpServer2.addListener(createHttpsChannelConnector);
            }
            httpServer2.loadListeners();
            return httpServer2;
        }

        private Connector createHttpsChannelConnector() {
            SslSelectChannelConnectorSecure sslSelectChannelConnectorSecure = new SslSelectChannelConnectorSecure();
            HttpServer2.configureChannelConnector(sslSelectChannelConnectorSecure);
            sslSelectChannelConnectorSecure.setNeedClientAuth(this.needsClientAuth);
            sslSelectChannelConnectorSecure.setKeyPassword(this.keyPassword);
            if (this.keyStore != null) {
                sslSelectChannelConnectorSecure.setKeystore(this.keyStore);
                sslSelectChannelConnectorSecure.setKeystoreType(this.keyStoreType);
                sslSelectChannelConnectorSecure.setPassword(this.keyStorePassword);
            }
            if (this.trustStore != null) {
                sslSelectChannelConnectorSecure.setTruststore(this.trustStore);
                sslSelectChannelConnectorSecure.setTruststoreType(this.trustStoreType);
                sslSelectChannelConnectorSecure.setTrustPassword(this.trustStorePassword);
            }
            if (null != this.excludeCiphers && !this.excludeCiphers.isEmpty()) {
                sslSelectChannelConnectorSecure.setExcludeCipherSuites(StringUtils.getTrimmedStrings(this.excludeCiphers));
                HttpServer2.LOG.info("Excluded Cipher List:" + this.excludeCiphers);
            }
            return sslSelectChannelConnectorSecure;
        }
    }

    /* loaded from: input_file:org/apache/hadoop/http/HttpServer2$QuotingInputFilter.class */
    public static class QuotingInputFilter implements Filter {
        private FilterConfig config;

        /* loaded from: input_file:org/apache/hadoop/http/HttpServer2$QuotingInputFilter$RequestQuoter.class */
        public static class RequestQuoter extends HttpServletRequestWrapper {
            private final HttpServletRequest rawRequest;

            public RequestQuoter(HttpServletRequest httpServletRequest) {
                super(httpServletRequest);
                this.rawRequest = httpServletRequest;
            }

            @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
            public Enumeration<String> getParameterNames() {
                return new Enumeration<String>() { // from class: org.apache.hadoop.http.HttpServer2.QuotingInputFilter.RequestQuoter.1
                    private Enumeration<String> rawIterator;

                    {
                        this.rawIterator = RequestQuoter.this.rawRequest.getParameterNames();
                    }

                    @Override // java.util.Enumeration
                    public boolean hasMoreElements() {
                        return this.rawIterator.hasMoreElements();
                    }

                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.Enumeration
                    public String nextElement() {
                        return HtmlQuoting.quoteHtmlChars(this.rawIterator.nextElement());
                    }
                };
            }

            @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
            public String getParameter(String str) {
                return HtmlQuoting.quoteHtmlChars(this.rawRequest.getParameter(HtmlQuoting.unquoteHtmlChars(str)));
            }

            @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
            public String[] getParameterValues(String str) {
                String[] parameterValues = this.rawRequest.getParameterValues(HtmlQuoting.unquoteHtmlChars(str));
                if (parameterValues == null) {
                    return null;
                }
                String[] strArr = new String[parameterValues.length];
                for (int i = 0; i < strArr.length; i++) {
                    strArr[i] = HtmlQuoting.quoteHtmlChars(parameterValues[i]);
                }
                return strArr;
            }

            @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
            public Map<String, String[]> getParameterMap() {
                HashMap hashMap = new HashMap();
                for (Map.Entry entry : this.rawRequest.getParameterMap().entrySet()) {
                    String[] strArr = (String[]) entry.getValue();
                    String[] strArr2 = new String[strArr.length];
                    for (int i = 0; i < strArr.length; i++) {
                        strArr2[i] = HtmlQuoting.quoteHtmlChars(strArr[i]);
                    }
                    hashMap.put(HtmlQuoting.quoteHtmlChars((String) entry.getKey()), strArr2);
                }
                return hashMap;
            }

            @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
            public StringBuffer getRequestURL() {
                return new StringBuffer(HtmlQuoting.quoteHtmlChars(this.rawRequest.getRequestURL().toString()));
            }

            @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
            public String getServerName() {
                return HtmlQuoting.quoteHtmlChars(this.rawRequest.getServerName());
            }
        }

        @Override // javax.servlet.Filter
        public void init(FilterConfig filterConfig) throws ServletException {
            this.config = filterConfig;
        }

        @Override // javax.servlet.Filter
        public void destroy() {
        }

        @Override // javax.servlet.Filter
        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
            ServletRequest requestQuoter = new RequestQuoter((HttpServletRequest) servletRequest);
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            String inferMimeType = inferMimeType(servletRequest);
            if (inferMimeType == null) {
                httpServletResponse.setContentType(MimeTypes.TEXT_PLAIN_UTF_8);
            } else if (inferMimeType.startsWith("text/html")) {
                httpServletResponse.setContentType(MimeTypes.TEXT_HTML_UTF_8);
            } else if (inferMimeType.startsWith("application/xml")) {
                httpServletResponse.setContentType(MimeTypes.TEXT_XML_UTF_8);
            }
            if (Boolean.valueOf(this.config.getInitParameter(HttpServer2.X_FRAME_ENABLED)).booleanValue()) {
                httpServletResponse.addHeader("X-FRAME-OPTIONS", this.config.getInitParameter(HttpServer2.X_FRAME_VALUE));
            }
            filterChain.doFilter(requestQuoter, httpServletResponse);
        }

        private String inferMimeType(ServletRequest servletRequest) {
            Buffer mimeByExtension = ((ContextHandler.SContext) this.config.getServletContext()).getContextHandler().getMimeTypes().getMimeByExtension(((HttpServletRequest) servletRequest).getRequestURI());
            if (mimeByExtension == null) {
                return null;
            }
            return mimeByExtension.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hadoop/http/HttpServer2$SelectChannelConnectorWithSafeStartup.class */
    public static class SelectChannelConnectorWithSafeStartup extends SelectChannelConnector {
        @Override // org.mortbay.component.AbstractLifeCycle, org.mortbay.component.LifeCycle
        public boolean isRunning() {
            if (super.isRunning()) {
                return true;
            }
            HttpServer2.LOG.warn("HttpServer Acceptor: isRunning is false. Rechecking.");
            try {
                Thread.sleep(10L);
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
            }
            boolean isRunning = super.isRunning();
            HttpServer2.LOG.warn("HttpServer Acceptor: isRunning is " + isRunning);
            return isRunning;
        }
    }

    /* loaded from: input_file:org/apache/hadoop/http/HttpServer2$StackServlet.class */
    public static class StackServlet extends HttpServlet {
        private static final long serialVersionUID = -6284183679759467039L;

        @Override // javax.servlet.http.HttpServlet
        public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
            ServletContext servletContext = getServletContext();
            if (HttpServer2.isStaticUserAndNoneAuthType(servletContext, httpServletRequest) || HttpServer2.isInstrumentationAccessAllowed(servletContext, httpServletRequest, httpServletResponse)) {
                httpServletResponse.setContentType(MimeType.TEXT);
                PrintStream printStream = new PrintStream((OutputStream) httpServletResponse.getOutputStream(), false, "UTF-8");
                Throwable th = null;
                try {
                    try {
                        ReflectionUtils.printThreadInfo(printStream, "");
                        if (printStream != null) {
                            if (0 != 0) {
                                try {
                                    printStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                printStream.close();
                            }
                        }
                        ReflectionUtils.logThreadInfo(HttpServer2.LOG, "jsp requested", 1L);
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (printStream != null) {
                        if (th != null) {
                            try {
                                printStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            printStream.close();
                        }
                    }
                    throw th3;
                }
            }
        }
    }

    /* loaded from: input_file:org/apache/hadoop/http/HttpServer2$XFrameOption.class */
    public enum XFrameOption {
        DENY("DENY"),
        SAMEORIGIN("SAMEORIGIN"),
        ALLOWFROM("ALLOW-FROM");

        private final String name;

        XFrameOption(String str) {
            this.name = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.name;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static XFrameOption getEnum(String str) {
            Preconditions.checkState((str == null || str.isEmpty()) ? false : true);
            for (XFrameOption xFrameOption : values()) {
                if (str.equals(xFrameOption.toString())) {
                    return xFrameOption;
                }
            }
            throw new IllegalArgumentException("Unexpected value in xFrameOption.");
        }
    }

    private HttpServer2(Builder builder) throws IOException {
        this.listeners = Lists.newArrayList();
        this.defaultContexts = new HashMap();
        this.filterNames = new ArrayList();
        String webAppsPath = getWebAppsPath(builder.name);
        this.webServer = new Server();
        this.adminsAcl = builder.adminsAcl;
        this.webAppContext = createWebAppContext(builder.name, builder.conf, this.adminsAcl, webAppsPath);
        this.xFrameOptionIsEnabled = builder.xFrameEnabled;
        this.xFrameOption = builder.xFrameOption;
        try {
            this.secretProvider = constructSecretProvider(builder, this.webAppContext.getServletContext());
            this.webAppContext.getServletContext().setAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE, this.secretProvider);
            this.findPort = builder.findPort;
            this.portRanges = builder.portRanges;
            initializeWebServer(builder.name, builder.hostName, builder.conf, builder.pathSpecs);
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            throw new IOException(e2);
        }
    }

    private void initializeWebServer(String str, String str2, Configuration configuration, String[] strArr) throws IOException {
        Preconditions.checkNotNull(this.webAppContext);
        int i = configuration.getInt(HTTP_MAX_THREADS, -1);
        QueuedThreadPool queuedThreadPool = i == -1 ? new QueuedThreadPool() : new QueuedThreadPool(i);
        queuedThreadPool.setDaemon(true);
        this.webServer.setThreadPool(queuedThreadPool);
        this.webServer.setSendServerVersion(false);
        SessionManager sessionManager = this.webAppContext.getSessionHandler().getSessionManager();
        if (sessionManager instanceof AbstractSessionManager) {
            AbstractSessionManager abstractSessionManager = (AbstractSessionManager) sessionManager;
            abstractSessionManager.setHttpOnly(true);
            abstractSessionManager.setSecureCookies(true);
        }
        ContextHandlerCollection contextHandlerCollection = new ContextHandlerCollection();
        RequestLog requestLog = HttpRequestLog.getRequestLog(str);
        if (requestLog != null) {
            RequestLogHandler requestLogHandler = new RequestLogHandler();
            requestLogHandler.setRequestLog(requestLog);
            HandlerCollection handlerCollection = new HandlerCollection();
            handlerCollection.setHandlers(new Handler[]{contextHandlerCollection, requestLogHandler});
            this.webServer.setHandler(handlerCollection);
        } else {
            this.webServer.setHandler(contextHandlerCollection);
        }
        String webAppsPath = getWebAppsPath(str);
        this.webServer.addHandler(this.webAppContext);
        addDefaultApps(contextHandlerCollection, webAppsPath, configuration);
        HashMap hashMap = new HashMap();
        hashMap.put(X_FRAME_ENABLED, String.valueOf(this.xFrameOptionIsEnabled));
        hashMap.put(X_FRAME_VALUE, this.xFrameOption.toString());
        addGlobalFilter("safety", QuotingInputFilter.class.getName(), hashMap);
        FilterInitializer[] filterInitializers = getFilterInitializers(configuration);
        if (filterInitializers != null) {
            Configuration configuration2 = new Configuration(configuration);
            configuration2.set("bind.address", str2);
            for (FilterInitializer filterInitializer : filterInitializers) {
                filterInitializer.initFilter(this, configuration2);
            }
        }
        addDefaultServlets();
        if (strArr != null) {
            for (String str3 : strArr) {
                LOG.info("adding path spec: " + str3);
                addFilterPathMapping(str3, this.webAppContext);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void addListener(Connector connector) {
        this.listeners.add(connector);
    }

    private static WebAppContext createWebAppContext(String str, Configuration configuration, AccessControlList accessControlList, String str2) {
        WebAppContext webAppContext = new WebAppContext();
        webAppContext.setDefaultsDescriptor(null);
        ServletHolder servletHolder = new ServletHolder(new DefaultServlet());
        servletHolder.setInitParameters(ImmutableMap.builder().put("acceptRanges", "true").put("dirAllowed", "false").put("gzip", "true").put("useFileMappedBuffer", "true").build());
        webAppContext.setWelcomeFiles(new String[]{"index.html"});
        webAppContext.addServlet(servletHolder, "/");
        webAppContext.setDisplayName(str);
        webAppContext.setContextPath("/");
        webAppContext.setWar(str2 + "/" + str);
        webAppContext.getServletContext().setAttribute("hadoop.conf", configuration);
        webAppContext.getServletContext().setAttribute("admins.acl", accessControlList);
        addNoCacheFilter(webAppContext);
        return webAppContext;
    }

    private static SignerSecretProvider constructSecretProvider(Builder builder, ServletContext servletContext) throws Exception {
        return AuthenticationFilter.constructSecretProvider(servletContext, getFilterProperties(builder.conf, builder.authFilterConfigurationPrefix), builder.disallowFallbackToRandomSignerSecretProvider);
    }

    private static Properties getFilterProperties(Configuration configuration, String str) {
        Properties properties = new Properties();
        properties.putAll(AuthenticationFilterInitializer.getFilterConfigMap(configuration, str));
        return properties;
    }

    private static void addNoCacheFilter(WebAppContext webAppContext) {
        defineFilter(webAppContext, "NoCacheFilter", NoCacheFilter.class.getName(), Collections.emptyMap(), new String[]{"/*"});
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void configureChannelConnector(SelectChannelConnector selectChannelConnector) {
        selectChannelConnector.setLowResourceMaxIdleTime(10000);
        selectChannelConnector.setAcceptQueueSize(128);
        selectChannelConnector.setResolveNames(false);
        selectChannelConnector.setUseDirectBuffers(false);
        if (Shell.WINDOWS) {
            selectChannelConnector.setReuseAddress(false);
        }
        selectChannelConnector.setHeaderBufferSize(65536);
    }

    @InterfaceAudience.Private
    public static Connector createDefaultChannelConnector() {
        SelectChannelConnectorWithSafeStartup selectChannelConnectorWithSafeStartup = new SelectChannelConnectorWithSafeStartup();
        configureChannelConnector(selectChannelConnectorWithSafeStartup);
        return selectChannelConnectorWithSafeStartup;
    }

    private static FilterInitializer[] getFilterInitializers(Configuration configuration) {
        Class<?>[] classes;
        if (configuration == null || (classes = configuration.getClasses(FILTER_INITIALIZER_PROPERTY, new Class[0])) == null) {
            return null;
        }
        FilterInitializer[] filterInitializerArr = new FilterInitializer[classes.length];
        for (int i = 0; i < classes.length; i++) {
            filterInitializerArr[i] = (FilterInitializer) ReflectionUtils.newInstance(classes[i], configuration);
        }
        return filterInitializerArr;
    }

    protected void addDefaultApps(ContextHandlerCollection contextHandlerCollection, String str, Configuration configuration) throws IOException {
        String property = System.getProperty("hadoop.log.dir");
        boolean z = configuration.getBoolean(CommonConfigurationKeysPublic.HADOOP_HTTP_LOGS_ENABLED, true);
        if (property != null && z) {
            Context context = new Context(contextHandlerCollection, "/logs");
            context.setResourceBase(property);
            context.addServlet(AdminAuthorizedServlet.class, "/*");
            if (configuration.getBoolean(CommonConfigurationKeys.HADOOP_JETTY_LOGS_SERVE_ALIASES, true)) {
                context.getInitParams().put("org.mortbay.jetty.servlet.Default.aliases", "true");
            }
            context.setDisplayName(YarnConfiguration.DEFAULT_NM_REMOTE_APP_LOG_DIR_SUFFIX);
            SessionHandler sessionHandler = new SessionHandler();
            SessionManager sessionManager = sessionHandler.getSessionManager();
            if (sessionManager instanceof AbstractSessionManager) {
                AbstractSessionManager abstractSessionManager = (AbstractSessionManager) sessionManager;
                abstractSessionManager.setHttpOnly(true);
                abstractSessionManager.setSecureCookies(true);
            }
            context.setSessionHandler(sessionHandler);
            setContextAttributes(context, configuration);
            addNoCacheFilter(this.webAppContext);
            this.defaultContexts.put(context, true);
        }
        Context context2 = new Context(contextHandlerCollection, "/static");
        context2.setResourceBase(str + "/static");
        context2.addServlet(DefaultServlet.class, "/*");
        context2.setDisplayName("static");
        context2.getInitParams().put("org.mortbay.jetty.servlet.Default.dirAllowed", "false");
        SessionHandler sessionHandler2 = new SessionHandler();
        SessionManager sessionManager2 = sessionHandler2.getSessionManager();
        if (sessionManager2 instanceof AbstractSessionManager) {
            AbstractSessionManager abstractSessionManager2 = (AbstractSessionManager) sessionManager2;
            abstractSessionManager2.setHttpOnly(true);
            abstractSessionManager2.setSecureCookies(true);
        }
        context2.setSessionHandler(sessionHandler2);
        setContextAttributes(context2, configuration);
        this.defaultContexts.put(context2, true);
    }

    private void setContextAttributes(Context context, Configuration configuration) {
        context.getServletContext().setAttribute("hadoop.conf", configuration);
        context.getServletContext().setAttribute("admins.acl", this.adminsAcl);
    }

    protected void addDefaultServlets() {
        addServlet("stacks", "/stacks", StackServlet.class);
        addServlet("logLevel", "/logLevel", LogLevel.Servlet.class);
        addServlet("metrics", "/metrics", MetricsServlet.class);
        addServlet("jmx", "/jmx", JMXJsonServlet.class);
        addServlet("conf", "/conf", ConfServlet.class);
    }

    public void addContext(Context context, boolean z) {
        this.webServer.addHandler(context);
        addNoCacheFilter(this.webAppContext);
        this.defaultContexts.put(context, Boolean.valueOf(z));
    }

    public void setAttribute(String str, Object obj) {
        this.webAppContext.setAttribute(str, obj);
    }

    public void addJerseyResourcePackage(String str, String str2) {
        LOG.info("addJerseyResourcePackage: packageName=" + str + ", pathSpec=" + str2);
        ServletHolder servletHolder = new ServletHolder(ServletContainer.class);
        servletHolder.setInitParameter("com.sun.jersey.config.property.resourceConfigClass", "com.sun.jersey.api.core.PackagesResourceConfig");
        servletHolder.setInitParameter(PackagesResourceConfig.PROPERTY_PACKAGES, str);
        this.webAppContext.addServlet(servletHolder, str2);
    }

    public void addServlet(String str, String str2, Class<? extends HttpServlet> cls) {
        addInternalServlet(str, str2, cls, false);
        addFilterPathMapping(str2, this.webAppContext);
    }

    public void addInternalServlet(String str, String str2, Class<? extends HttpServlet> cls) {
        addInternalServlet(str, str2, cls, false);
    }

    public void addInternalServlet(String str, String str2, Class<? extends HttpServlet> cls, boolean z) {
        ServletHolder servletHolder = new ServletHolder(cls);
        if (str != null) {
            servletHolder.setName(str);
        }
        this.webAppContext.addServlet(servletHolder, str2);
        if (z && UserGroupInformation.isSecurityEnabled()) {
            LOG.info("Adding Kerberos (SPNEGO) filter to " + str);
            ServletHandler servletHandler = this.webAppContext.getServletHandler();
            FilterMapping filterMapping = new FilterMapping();
            filterMapping.setPathSpec(str2);
            filterMapping.setFilterName("SpnegoFilter");
            filterMapping.setDispatches(15);
            servletHandler.addFilterMapping(filterMapping);
        }
    }

    @Override // org.apache.hadoop.http.FilterContainer
    public void addFilter(String str, String str2, Map<String, String> map) {
        FilterHolder filterHolder = getFilterHolder(str, str2, map);
        defineFilter(this.webAppContext, filterHolder, getFilterMapping(str, new String[]{"*.html", "*.jsp"}));
        LOG.info("Added filter " + str + " (class=" + str2 + ") to context " + this.webAppContext.getDisplayName());
        FilterMapping filterMapping = getFilterMapping(str, new String[]{"/*"});
        for (Map.Entry<Context, Boolean> entry : this.defaultContexts.entrySet()) {
            if (entry.getValue().booleanValue()) {
                Context key = entry.getKey();
                defineFilter(key, filterHolder, filterMapping);
                LOG.info("Added filter " + str + " (class=" + str2 + ") to context " + key.getDisplayName());
            }
        }
        this.filterNames.add(str);
    }

    @Override // org.apache.hadoop.http.FilterContainer
    public void addGlobalFilter(String str, String str2, Map<String, String> map) {
        FilterHolder filterHolder = getFilterHolder(str, str2, map);
        FilterMapping filterMapping = getFilterMapping(str, new String[]{"/*"});
        defineFilter(this.webAppContext, filterHolder, filterMapping);
        Iterator<Context> it = this.defaultContexts.keySet().iterator();
        while (it.hasNext()) {
            defineFilter(it.next(), filterHolder, filterMapping);
        }
        LOG.info("Added global filter '" + str + "' (class=" + str2 + DefaultExpressionEngine.DEFAULT_INDEX_END);
    }

    public static void defineFilter(Context context, String str, String str2, Map<String, String> map, String[] strArr) {
        defineFilter(context, getFilterHolder(str, str2, map), getFilterMapping(str, strArr));
    }

    private static void defineFilter(Context context, FilterHolder filterHolder, FilterMapping filterMapping) {
        context.getServletHandler().addFilter(filterHolder, filterMapping);
    }

    private static FilterMapping getFilterMapping(String str, String[] strArr) {
        FilterMapping filterMapping = new FilterMapping();
        filterMapping.setPathSpecs(strArr);
        filterMapping.setDispatches(15);
        filterMapping.setFilterName(str);
        return filterMapping;
    }

    private static FilterHolder getFilterHolder(String str, String str2, Map<String, String> map) {
        FilterHolder filterHolder = new FilterHolder();
        filterHolder.setName(str);
        filterHolder.setClassName(str2);
        filterHolder.setInitParameters(map);
        return filterHolder;
    }

    protected void addFilterPathMapping(String str, Context context) {
        ServletHandler servletHandler = context.getServletHandler();
        for (String str2 : this.filterNames) {
            FilterMapping filterMapping = new FilterMapping();
            filterMapping.setPathSpec(str);
            filterMapping.setFilterName(str2);
            filterMapping.setDispatches(15);
            servletHandler.addFilterMapping(filterMapping);
        }
    }

    public Object getAttribute(String str) {
        return this.webAppContext.getAttribute(str);
    }

    public WebAppContext getWebAppContext() {
        return this.webAppContext;
    }

    protected String getWebAppsPath(String str) throws FileNotFoundException {
        URL resource = getClass().getClassLoader().getResource("webapps/" + str);
        if (resource == null) {
            throw new FileNotFoundException("webapps/" + str + " not found in CLASSPATH");
        }
        String url = resource.toString();
        return url.substring(0, url.lastIndexOf(47));
    }

    @Deprecated
    public int getPort() {
        return this.webServer.getConnectors()[0].getLocalPort();
    }

    public InetSocketAddress getConnectorAddress(int i) {
        Preconditions.checkArgument(i >= 0);
        if (i > this.webServer.getConnectors().length) {
            return null;
        }
        Connector connector = this.webServer.getConnectors()[i];
        if (connector.getLocalPort() == -1) {
            return null;
        }
        return new InetSocketAddress(connector.getHost(), connector.getLocalPort());
    }

    public void setThreads(int i, int i2) {
        QueuedThreadPool queuedThreadPool = (QueuedThreadPool) this.webServer.getThreadPool();
        queuedThreadPool.setMinThreads(i);
        queuedThreadPool.setMaxThreads(i2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void initSpnego(Configuration configuration, String str, String str2, String str3) throws IOException {
        HashMap hashMap = new HashMap();
        String str4 = configuration.get(str2);
        if (str4 != null && !str4.isEmpty()) {
            hashMap.put(KerberosAuthenticationHandler.PRINCIPAL, SecurityUtil.getServerPrincipal(str4, str));
        }
        String str5 = configuration.get(str3);
        if (str5 != null && !str5.isEmpty()) {
            hashMap.put(KerberosAuthenticationHandler.KEYTAB, str5);
        }
        hashMap.put("type", "kerberos");
        defineFilter(this.webAppContext, "SpnegoFilter", AuthenticationFilter.class.getName(), hashMap, null);
    }

    public void start() throws IOException {
        try {
            try {
                openListeners();
                this.webServer.start();
                for (Handler handler : this.webServer.getHandlers()) {
                    if (handler.isFailed()) {
                        throw new IOException("Problem in starting http server. Server handlers failed");
                    }
                }
                Throwable unavailableException = this.webAppContext.getUnavailableException();
                if (unavailableException != null) {
                    this.webServer.stop();
                    throw new IOException("Unable to initialize WebAppContext", unavailableException);
                }
            } catch (IOException e) {
                LOG.info("HttpServer.start() threw a non Bind IOException", e);
                throw e;
            } catch (MultiException e2) {
                LOG.info("HttpServer.start() threw a MultiException", e2);
                throw e2;
            }
        } catch (IOException e3) {
            throw e3;
        } catch (InterruptedException e4) {
            throw ((IOException) new InterruptedIOException("Interrupted while starting HTTP server").initCause(e4));
        } catch (Exception e5) {
            throw new IOException("Problem starting http server", e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void loadListeners() {
        Iterator<Connector> it = this.listeners.iterator();
        while (it.hasNext()) {
            this.webServer.addConnector(it.next());
        }
    }

    private static void bindListener(Connector connector) throws Exception {
        connector.close();
        connector.open();
        LOG.info("Jetty bound to port " + connector.getLocalPort());
    }

    private static BindException constructBindException(Connector connector, BindException bindException) {
        BindException bindException2 = new BindException("Port in use: " + connector.getHost() + ":" + connector.getPort());
        if (bindException != null) {
            bindException2.initCause(bindException);
        }
        return bindException2;
    }

    private void bindForSinglePort(Connector connector, int i) throws Exception {
        while (true) {
            try {
                bindListener(connector);
                return;
            } catch (BindException e) {
                if (i == 0 || !this.findPort) {
                    throw constructBindException(connector, e);
                }
                i++;
                connector.setPort(i);
                Thread.sleep(100L);
            }
        }
        throw constructBindException(connector, e);
    }

    private void bindForPortRange(Connector connector, int i) throws Exception {
        try {
            bindListener(connector);
        } catch (BindException e) {
            BindException bindException = e;
            Iterator<Integer> it = this.portRanges.iterator();
            while (it.hasNext()) {
                Integer next = it.next();
                if (next.intValue() != i) {
                    Thread.sleep(100L);
                    connector.setPort(next.intValue());
                    try {
                        bindListener(connector);
                        return;
                    } catch (BindException e2) {
                        bindException = e2;
                    }
                }
            }
            throw constructBindException(connector, bindException);
        }
    }

    void openListeners() throws Exception {
        for (Connector connector : this.listeners) {
            if (connector.getLocalPort() == -1) {
                int port = connector.getPort();
                if (this.portRanges == null || port == 0) {
                    bindForSinglePort(connector, port);
                } else {
                    bindForPortRange(connector, port);
                }
            }
        }
    }

    public void stop() throws Exception {
        MultiException multiException = null;
        Iterator<Connector> it = this.listeners.iterator();
        while (it.hasNext()) {
            try {
                it.next().close();
            } catch (Exception e) {
                LOG.error("Error while stopping listener for webapp" + this.webAppContext.getDisplayName(), e);
                multiException = addMultiException(multiException, e);
            }
        }
        try {
            this.secretProvider.destroy();
            this.webAppContext.clearAttributes();
            this.webAppContext.stop();
        } catch (Exception e2) {
            LOG.error("Error while stopping web app context for webapp " + this.webAppContext.getDisplayName(), e2);
            multiException = addMultiException(multiException, e2);
        }
        try {
            this.webServer.stop();
        } catch (Exception e3) {
            LOG.error("Error while stopping web server for webapp " + this.webAppContext.getDisplayName(), e3);
            multiException = addMultiException(multiException, e3);
        }
        if (multiException != null) {
            multiException.ifExceptionThrow();
        }
    }

    private MultiException addMultiException(MultiException multiException, Exception exc) {
        if (multiException == null) {
            multiException = new MultiException();
        }
        multiException.add(exc);
        return multiException;
    }

    public void join() throws InterruptedException {
        this.webServer.join();
    }

    public boolean isAlive() {
        return this.webServer != null && this.webServer.isStarted();
    }

    public String toString() {
        Preconditions.checkState(!this.listeners.isEmpty());
        StringBuilder append = new StringBuilder("HttpServer (").append(isAlive() ? STATE_DESCRIPTION_ALIVE : STATE_DESCRIPTION_NOT_LIVE).append("), listening at:");
        for (Connector connector : this.listeners) {
            append.append(connector.getHost()).append(":").append(connector.getPort()).append("/,");
        }
        return append.toString();
    }

    public static boolean isStaticUserAndNoneAuthType(ServletContext servletContext, HttpServletRequest httpServletRequest) {
        return httpServletRequest.getAuthType() == null && ((Configuration) servletContext.getAttribute("hadoop.conf")).get(CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER, CommonConfigurationKeys.DEFAULT_HADOOP_HTTP_STATIC_USER).equals(httpServletRequest.getRemoteUser());
    }

    public static boolean isInstrumentationAccessAllowed(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        boolean z = true;
        if (((Configuration) servletContext.getAttribute("hadoop.conf")).getBoolean(CommonConfigurationKeysPublic.HADOOP_SECURITY_INSTRUMENTATION_REQUIRES_ADMIN, false)) {
            z = hasAdministratorAccess(servletContext, httpServletRequest, httpServletResponse);
        }
        return z;
    }

    public static boolean hasAdministratorAccess(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (!((Configuration) servletContext.getAttribute("hadoop.conf")).getBoolean("hadoop.security.authorization", false)) {
            return true;
        }
        String remoteUser = httpServletRequest.getRemoteUser();
        if (remoteUser == null) {
            httpServletResponse.sendError(403, "Unauthenticated users are not authorized to access this page.");
            return false;
        }
        if (servletContext.getAttribute("admins.acl") == null || userHasAdministratorAccess(servletContext, remoteUser)) {
            return true;
        }
        httpServletResponse.sendError(403, "User " + remoteUser + " is unauthorized to access this page.");
        return false;
    }

    public static boolean userHasAdministratorAccess(ServletContext servletContext, String str) {
        AccessControlList accessControlList = (AccessControlList) servletContext.getAttribute("admins.acl");
        return accessControlList != null && accessControlList.isUserAllowed(UserGroupInformation.createRemoteUser(str));
    }
}
