package org.apache.hadoop.hbase.http;

import java.io.IOException;
import java.net.URI;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseConfiguration;
import org.apache.hadoop.hbase.http.HttpServer;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.security.authorize.AccessControlList;
import org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory;
import org.apache.hadoop.security.ssl.SSLFactory;
import org.apache.hbase.thirdparty.com.google.common.net.HostAndPort;
import org.apache.hbase.thirdparty.org.eclipse.jetty.servlet.ServletHolder;
import org.apache.yetus.audience.InterfaceAudience;

@InterfaceAudience.Private
/* loaded from: input_file:org/apache/hadoop/hbase/http/InfoServer.class */
public class InfoServer {
    private static final String HBASE_APP_DIR = "hbase-webapps";
    private final HttpServer httpServer;

    public InfoServer(String str, String str2, int i, boolean z, Configuration configuration) throws IOException {
        HttpConfig httpConfig = new HttpConfig(configuration);
        HttpServer.Builder builder = new HttpServer.Builder();
        builder.setName(str).addEndpoint(URI.create(httpConfig.getSchemePrefix() + HostAndPort.fromParts(str2, i).toString())).setAppDir(HBASE_APP_DIR).setFindPort(z).setConf(configuration);
        String property = System.getProperty("hbase.log.dir");
        if (property != null) {
            builder.setLogDir(property);
        }
        if (httpConfig.isSecure()) {
            builder.keyPassword(HBaseConfiguration.getPassword(configuration, "ssl.server.keystore.keypassword", null)).keyStore(configuration.get(DFSConfigKeys.DFS_SERVER_HTTPS_KEYSTORE_LOCATION_KEY), HBaseConfiguration.getPassword(configuration, "ssl.server.keystore.password", null), configuration.get("ssl.server.keystore.type", FileBasedKeyStoresFactory.DEFAULT_KEYSTORE_TYPE)).trustStore(configuration.get(DFSConfigKeys.DFS_SERVER_HTTPS_TRUSTSTORE_LOCATION_KEY), HBaseConfiguration.getPassword(configuration, "ssl.server.truststore.password", null), configuration.get("ssl.server.truststore.type", FileBasedKeyStoresFactory.DEFAULT_KEYSTORE_TYPE));
            builder.excludeCiphers(configuration.get(SSLFactory.SSL_SERVER_EXCLUDE_CIPHER_LIST));
        }
        if ("kerberos".equalsIgnoreCase(configuration.get(HttpServer.HTTP_UI_AUTHENTICATION, null))) {
            builder.setUsernameConfKey(HttpServer.HTTP_SPNEGO_AUTHENTICATION_PRINCIPAL_KEY).setKeytabConfKey(HttpServer.HTTP_SPNEGO_AUTHENTICATION_KEYTAB_KEY).setKerberosNameRulesKey(HttpServer.HTTP_SPNEGO_AUTHENTICATION_KRB_NAME_KEY).setSignatureSecretFileKey(HttpServer.HTTP_AUTHENTICATION_SIGNATURE_SECRET_FILE_KEY).setSecurityEnabled(true);
            builder.setACL(buildAdminAcl(configuration));
        }
        this.httpServer = builder.build();
    }

    AccessControlList buildAdminAcl(Configuration configuration) {
        String str = configuration.get(HttpServer.HTTP_SPNEGO_AUTHENTICATION_ADMIN_USERS_KEY, null);
        String str2 = configuration.get(HttpServer.HTTP_SPNEGO_AUTHENTICATION_ADMIN_GROUPS_KEY, null);
        return (str == null && str2 == null) ? new AccessControlList("*", null) : new AccessControlList(str, str2);
    }

    @Deprecated
    public void addServlet(String str, String str2, Class<? extends HttpServlet> cls) {
        addUnprivilegedServlet(str, str2, cls);
    }

    public void addUnprivilegedServlet(String str, String str2, Class<? extends HttpServlet> cls) {
        this.httpServer.addUnprivilegedServlet(str, str2, cls);
    }

    public void addUnprivilegedServlet(String str, String str2, ServletHolder servletHolder) {
        if (str != null) {
            servletHolder.setName(str);
        }
        this.httpServer.addUnprivilegedServlet(str2, servletHolder);
    }

    public void addPrivilegedServlet(String str, String str2, Class<? extends HttpServlet> cls) {
        this.httpServer.addPrivilegedServlet(str, str2, cls);
    }

    public void setAttribute(String str, Object obj) {
        this.httpServer.setAttribute(str, obj);
    }

    public void start() throws IOException {
        this.httpServer.start();
    }

    @Deprecated
    public int getPort() {
        return this.httpServer.getPort();
    }

    public void stop() throws Exception {
        this.httpServer.stop();
    }

    public static boolean canUserModifyUI(HttpServletRequest httpServletRequest, ServletContext servletContext, Configuration configuration) {
        if (configuration.getBoolean("hbase.master.ui.readonly", false)) {
            return false;
        }
        String remoteUser = httpServletRequest.getRemoteUser();
        if ("kerberos".equalsIgnoreCase(configuration.get(HttpServer.HTTP_UI_AUTHENTICATION)) && configuration.getBoolean("hadoop.security.authorization", false) && remoteUser != null) {
            return HttpServer.userHasAdministratorAccess(servletContext, remoteUser);
        }
        return false;
    }
}
