package org.apache.hadoop.hdfs.server.namenode;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletContext;
import org.apache.commons.logging.Log;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.shell.Display;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.protocol.HdfsConstants;
import org.apache.hadoop.hdfs.server.common.JspHelper;
import org.apache.hadoop.hdfs.server.namenode.FileChecksumServlets;
import org.apache.hadoop.hdfs.server.namenode.web.resources.NamenodeWebHdfsMethods;
import org.apache.hadoop.hdfs.web.AuthFilter;
import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
import org.apache.hadoop.hdfs.web.resources.Param;
import org.apache.hadoop.http.HttpServer;
import org.apache.hadoop.io.MapFile;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AccessControlList;

@InterfaceAudience.Private
/* loaded from: input_file:lib/hadoop-hdfs-0.23.9.jar:org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.class */
public class NameNodeHttpServer {
    private HttpServer httpServer;
    private final Configuration conf;
    private final NameNode nn;
    private final Log LOG = NameNode.LOG;
    private InetSocketAddress httpAddress;
    private InetSocketAddress bindAddress;
    public static final String NAMENODE_ADDRESS_ATTRIBUTE_KEY = "name.node.address";
    public static final String FSIMAGE_ATTRIBUTE_KEY = "name.system.image";
    protected static final String NAMENODE_ATTRIBUTE_KEY = "name.node";

    public NameNodeHttpServer(Configuration configuration, NameNode nameNode, InetSocketAddress inetSocketAddress) {
        this.conf = configuration;
        this.nn = nameNode;
        this.bindAddress = inetSocketAddress;
    }

    private String getDefaultServerPrincipal() throws IOException {
        return SecurityUtil.getServerPrincipal(this.conf.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY), this.nn.getNameNodeAddress().getHostName());
    }

    public void start() throws IOException {
        final String hostName = this.bindAddress.getHostName();
        if (UserGroupInformation.isSecurityEnabled()) {
            String serverPrincipal = SecurityUtil.getServerPrincipal(this.conf.get(DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY), hostName);
            if (serverPrincipal == null) {
                this.LOG.warn("dfs.namenode.kerberos.https.principal not defined in config. Starting http server as " + getDefaultServerPrincipal() + ": Kerberized SSL may be not function correctly.");
            } else {
                this.LOG.info("Logging in as " + serverPrincipal + " to start http server.");
                SecurityUtil.login(this.conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY, DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY, hostName);
            }
        }
        try {
            try {
                this.httpServer = (HttpServer) UserGroupInformation.getLoginUser().doAs(new PrivilegedExceptionAction<HttpServer>() { // from class: org.apache.hadoop.hdfs.server.namenode.NameNodeHttpServer.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public HttpServer run() throws IOException, InterruptedException {
                        int port = NameNodeHttpServer.this.bindAddress.getPort();
                        NameNodeHttpServer.this.httpServer = new HttpServer(HdfsConstants.HDFS_URI_SCHEME, hostName, port, port == 0, NameNodeHttpServer.this.conf, new AccessControlList(NameNodeHttpServer.this.conf.get(DFSConfigKeys.DFS_ADMIN, " "))) { // from class: org.apache.hadoop.hdfs.server.namenode.NameNodeHttpServer.1.1
                            {
                                if (WebHdfsFileSystem.isEnabled(NameNodeHttpServer.this.conf, LOG)) {
                                    String name = AuthFilter.class.getName();
                                    defineFilter(this.webAppContext, "SPNEGO", name, getAuthFilterParams(NameNodeHttpServer.this.conf), new String[]{"/webhdfs/v1/*"});
                                    LOG.info("Added filter 'SPNEGO' (class=" + name + ")");
                                    addJerseyResourcePackage(NamenodeWebHdfsMethods.class.getPackage().getName() + ";" + Param.class.getPackage().getName(), "/webhdfs/v1/*");
                                }
                            }

                            private Map<String, String> getAuthFilterParams(Configuration configuration) throws IOException {
                                HashMap hashMap = new HashMap();
                                String str = configuration.get(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY);
                                if (str != null && !str.isEmpty()) {
                                    hashMap.put(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY, SecurityUtil.getServerPrincipal(str, hostName));
                                }
                                String str2 = configuration.get(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY);
                                if (str2 != null && !str2.isEmpty()) {
                                    hashMap.put(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY, str2);
                                }
                                return hashMap;
                            }
                        };
                        boolean z = NameNodeHttpServer.this.conf.getBoolean(DFSConfigKeys.DFS_HTTPS_ENABLE_KEY, false);
                        boolean isSecurityEnabled = UserGroupInformation.isSecurityEnabled();
                        if (z || isSecurityEnabled) {
                            boolean z2 = NameNodeHttpServer.this.conf.getBoolean(DFSConfigKeys.DFS_CLIENT_HTTPS_NEED_AUTH_KEY, false);
                            InetSocketAddress createSocketAddr = NetUtils.createSocketAddr(NameNodeHttpServer.this.conf.get(DFSConfigKeys.DFS_NAMENODE_HTTPS_ADDRESS_KEY, DFSConfigKeys.DFS_NAMENODE_HTTPS_ADDRESS_DEFAULT));
                            HdfsConfiguration hdfsConfiguration = new HdfsConfiguration(false);
                            if (z) {
                                hdfsConfiguration.addResource(NameNodeHttpServer.this.conf.get(DFSConfigKeys.DFS_SERVER_HTTPS_KEYSTORE_RESOURCE_KEY, DFSConfigKeys.DFS_SERVER_HTTPS_KEYSTORE_RESOURCE_DEFAULT));
                            }
                            NameNodeHttpServer.this.httpServer.addSslListener(createSocketAddr, hdfsConfiguration, z2, isSecurityEnabled);
                            NameNodeHttpServer.this.httpServer.setAttribute("datanode.https.port", Integer.valueOf(NetUtils.createSocketAddr(NameNodeHttpServer.this.conf.get(DFSConfigKeys.DFS_DATANODE_HTTPS_ADDRESS_KEY, hostName + ":50475")).getPort()));
                        }
                        NameNodeHttpServer.this.httpServer.setAttribute(NameNodeHttpServer.NAMENODE_ATTRIBUTE_KEY, NameNodeHttpServer.this.nn);
                        NameNodeHttpServer.this.httpServer.setAttribute(NameNodeHttpServer.NAMENODE_ADDRESS_ATTRIBUTE_KEY, NameNodeHttpServer.this.nn.getNameNodeAddress());
                        NameNodeHttpServer.this.httpServer.setAttribute(NameNodeHttpServer.FSIMAGE_ATTRIBUTE_KEY, NameNodeHttpServer.this.nn.getFSImage());
                        NameNodeHttpServer.this.httpServer.setAttribute(JspHelper.CURRENT_CONF, NameNodeHttpServer.this.conf);
                        NameNodeHttpServer.setupServlets(NameNodeHttpServer.this.httpServer, NameNodeHttpServer.this.conf);
                        NameNodeHttpServer.this.httpServer.start();
                        NameNodeHttpServer.this.httpAddress = new InetSocketAddress(hostName, NameNodeHttpServer.this.httpServer.getPort());
                        NameNodeHttpServer.this.LOG.info(NameNodeHttpServer.this.nn.getRole() + " Web-server up at: " + NameNodeHttpServer.this.httpAddress);
                        return NameNodeHttpServer.this.httpServer;
                    }
                });
                if (!UserGroupInformation.isSecurityEnabled() || this.conf.get(DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY) == null) {
                    return;
                }
                this.LOG.info("Logging back in as NameNode user following http server start");
                this.nn.loginAsNameNodeUser(this.conf);
            } catch (InterruptedException e) {
                throw new IOException(e);
            }
        } catch (Throwable th) {
            if (UserGroupInformation.isSecurityEnabled() && this.conf.get(DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY) != null) {
                this.LOG.info("Logging back in as NameNode user following http server start");
                this.nn.loginAsNameNodeUser(this.conf);
            }
            throw th;
        }
    }

    public void stop() throws Exception {
        this.httpServer.stop();
    }

    public InetSocketAddress getHttpAddress() {
        return this.httpAddress;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void setupServlets(HttpServer httpServer, Configuration configuration) {
        httpServer.addInternalServlet("getDelegationToken", GetDelegationTokenServlet.PATH_SPEC, GetDelegationTokenServlet.class, true);
        httpServer.addInternalServlet("renewDelegationToken", RenewDelegationTokenServlet.PATH_SPEC, RenewDelegationTokenServlet.class, true);
        httpServer.addInternalServlet("cancelDelegationToken", CancelDelegationTokenServlet.PATH_SPEC, CancelDelegationTokenServlet.class, true);
        httpServer.addInternalServlet("fsck", "/fsck", FsckServlet.class, true);
        httpServer.addInternalServlet("getimage", "/getimage", GetImageServlet.class, true);
        httpServer.addInternalServlet("listPaths", "/listPaths/*", ListPathsServlet.class, false);
        httpServer.addInternalServlet(MapFile.DATA_FILE_NAME, "/data/*", FileDataServlet.class, false);
        httpServer.addInternalServlet(Display.Checksum.NAME, "/fileChecksum/*", FileChecksumServlets.RedirectServlet.class, false);
        httpServer.addInternalServlet("contentSummary", "/contentSummary/*", ContentSummaryServlet.class, false);
    }

    public static FSImage getFsImageFromContext(ServletContext servletContext) {
        return (FSImage) servletContext.getAttribute(FSIMAGE_ATTRIBUTE_KEY);
    }

    public static NameNode getNameNodeFromContext(ServletContext servletContext) {
        return (NameNode) servletContext.getAttribute(NAMENODE_ATTRIBUTE_KEY);
    }

    public static Configuration getConfFromContext(ServletContext servletContext) {
        return (Configuration) servletContext.getAttribute(JspHelper.CURRENT_CONF);
    }

    public static InetSocketAddress getNameNodeAddressFromContext(ServletContext servletContext) {
        return (InetSocketAddress) servletContext.getAttribute(NAMENODE_ADDRESS_ATTRIBUTE_KEY);
    }
}
