package org.apache.hadoop.hbase.ipc;

import java.io.IOException;
import java.io.InterruptedIOException;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.CellScanner;
import org.apache.hadoop.hbase.HBaseInterfaceAudience;
import org.apache.hadoop.hbase.Server;
import org.apache.hadoop.hbase.exceptions.X509Exception;
import org.apache.hadoop.hbase.io.FileChangeWatcher;
import org.apache.hadoop.hbase.io.crypto.tls.X509Util;
import org.apache.hadoop.hbase.ipc.RpcServer;
import org.apache.hadoop.hbase.monitoring.MonitoredRPCHandler;
import org.apache.hadoop.hbase.regionserver.HRegionServer;
import org.apache.hadoop.hbase.security.HBasePolicyProvider;
import org.apache.hadoop.hbase.util.EnvironmentEdgeManager;
import org.apache.hadoop.hbase.util.NettyEventLoopGroupConfig;
import org.apache.hadoop.hbase.util.NettyUnsafeUtils;
import org.apache.hadoop.hbase.util.Pair;
import org.apache.hadoop.hbase.util.ReflectionUtils;
import org.apache.hadoop.mapreduce.MRJobConfig;
import org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
import org.apache.hbase.thirdparty.com.google.protobuf.BlockingService;
import org.apache.hbase.thirdparty.com.google.protobuf.Descriptors;
import org.apache.hbase.thirdparty.com.google.protobuf.Message;
import org.apache.hbase.thirdparty.io.netty.bootstrap.ServerBootstrap;
import org.apache.hbase.thirdparty.io.netty.buffer.ByteBufAllocator;
import org.apache.hbase.thirdparty.io.netty.buffer.PooledByteBufAllocator;
import org.apache.hbase.thirdparty.io.netty.buffer.UnpooledByteBufAllocator;
import org.apache.hbase.thirdparty.io.netty.channel.Channel;
import org.apache.hbase.thirdparty.io.netty.channel.ChannelInitializer;
import org.apache.hbase.thirdparty.io.netty.channel.ChannelOption;
import org.apache.hbase.thirdparty.io.netty.channel.ChannelPipeline;
import org.apache.hbase.thirdparty.io.netty.channel.WriteBufferWaterMark;
import org.apache.hbase.thirdparty.io.netty.channel.group.ChannelGroup;
import org.apache.hbase.thirdparty.io.netty.channel.group.DefaultChannelGroup;
import org.apache.hbase.thirdparty.io.netty.handler.ssl.OptionalSslHandler;
import org.apache.hbase.thirdparty.io.netty.handler.ssl.SslContext;
import org.apache.hbase.thirdparty.io.netty.handler.ssl.SslHandler;
import org.apache.hbase.thirdparty.io.netty.util.concurrent.EventExecutor;
import org.apache.hbase.thirdparty.io.netty.util.concurrent.GlobalEventExecutor;
import org.apache.yetus.audience.InterfaceAudience;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.LimitedPrivate({HBaseInterfaceAudience.CONFIG})
/* loaded from: input_file:org/apache/hadoop/hbase/ipc/NettyRpcServer.class */
public class NettyRpcServer extends RpcServer {
    public static final Logger LOG = LoggerFactory.getLogger(NettyRpcServer.class);
    public static final String HBASE_NETTY_ALLOCATOR_KEY = "hbase.netty.rpcserver.allocator";
    static final String POOLED_ALLOCATOR_TYPE = "pooled";
    static final String UNPOOLED_ALLOCATOR_TYPE = "unpooled";
    static final String HEAP_ALLOCATOR_TYPE = "heap";
    public static final String CHANNEL_WRITABLE_LOW_WATERMARK_KEY = "hbase.server.netty.writable.watermark.low";
    private static final int CHANNEL_WRITABLE_LOW_WATERMARK_DEFAULT = 0;
    public static final String CHANNEL_WRITABLE_HIGH_WATERMARK_KEY = "hbase.server.netty.writable.watermark.high";
    private static final int CHANNEL_WRITABLE_HIGH_WATERMARK_DEFAULT = 0;
    public static final String CHANNEL_WRITABLE_FATAL_WATERMARK_KEY = "hbase.server.netty.writable.watermark.fatal";
    private static final int CHANNEL_WRITABLE_FATAL_WATERMARK_DEFAULT = 0;
    private final InetSocketAddress bindAddress;
    private final CountDownLatch closed;
    private final Channel serverChannel;
    final ChannelGroup allChannels;
    private final ByteBufAllocator channelAllocator;
    private final AtomicReference<SslContext> sslContextForServer;
    private final AtomicReference<FileChangeWatcher> keyStoreWatcher;
    private final AtomicReference<FileChangeWatcher> trustStoreWatcher;
    private volatile int writeBufferFatalThreshold;
    private volatile WriteBufferWaterMark writeBufferWaterMark;

    /* JADX WARN: Type inference failed for: r1v20, types: [org.apache.hbase.thirdparty.io.netty.channel.ChannelFuture] */
    public NettyRpcServer(Server server, String str, List<RpcServer.BlockingServiceAndInterface> list, InetSocketAddress inetSocketAddress, final Configuration configuration, RpcScheduler rpcScheduler, boolean z) throws IOException {
        super(server, str, list, inetSocketAddress, configuration, rpcScheduler, z);
        this.closed = new CountDownLatch(1);
        this.allChannels = new DefaultChannelGroup((EventExecutor) GlobalEventExecutor.INSTANCE, true);
        this.sslContextForServer = new AtomicReference<>();
        this.keyStoreWatcher = new AtomicReference<>();
        this.trustStoreWatcher = new AtomicReference<>();
        this.bindAddress = inetSocketAddress;
        this.channelAllocator = getChannelAllocator(configuration);
        NettyEventLoopGroupConfig eventLoopGroupConfig = server instanceof HRegionServer ? ((HRegionServer) server).getEventLoopGroupConfig() : null;
        eventLoopGroupConfig = eventLoopGroupConfig == null ? new NettyEventLoopGroupConfig(configuration, "NettyRpcServer") : eventLoopGroupConfig;
        configureNettyWatermarks(configuration);
        try {
            this.serverChannel = new ServerBootstrap().group(eventLoopGroupConfig.group()).channel(eventLoopGroupConfig.serverChannelClass()).childOption(ChannelOption.TCP_NODELAY, Boolean.valueOf(this.tcpNoDelay)).childOption(ChannelOption.SO_KEEPALIVE, Boolean.valueOf(this.tcpKeepAlive)).childOption(ChannelOption.SO_REUSEADDR, true).childHandler(new ChannelInitializer<Channel>() { // from class: org.apache.hadoop.hbase.ipc.NettyRpcServer.1
                @Override // org.apache.hbase.thirdparty.io.netty.channel.ChannelInitializer
                protected void initChannel(Channel channel) throws Exception {
                    channel.config().setWriteBufferWaterMark(NettyRpcServer.this.writeBufferWaterMark);
                    channel.config().setAllocator(NettyRpcServer.this.channelAllocator);
                    ChannelPipeline pipeline = channel.pipeline();
                    NettyServerRpcConnection createNettyServerRpcConnection = NettyRpcServer.this.createNettyServerRpcConnection(channel);
                    if (configuration.getBoolean(X509Util.HBASE_SERVER_NETTY_TLS_ENABLED, false)) {
                        NettyRpcServer.this.initSSL(pipeline, createNettyServerRpcConnection, configuration.getBoolean(X509Util.HBASE_SERVER_NETTY_TLS_SUPPORTPLAINTEXT, true));
                    }
                    pipeline.addLast("preambleDecoder", NettyRpcServerPreambleHandler.createDecoder()).addLast(new NettyRpcServerPreambleHandler(NettyRpcServer.this, createNettyServerRpcConnection)).addLast("NettyRpcServerResponseEncoder", new NettyRpcServerResponseEncoder(NettyRpcServer.this.metrics)).addLast("NettyRpcServerChannelWritabilityHandler", new NettyRpcServerChannelWritabilityHandler(NettyRpcServer.this.metrics, () -> {
                        return NettyRpcServer.this.writeBufferFatalThreshold;
                    }, () -> {
                        return NettyRpcServer.this.isWritabilityBackpressureEnabled();
                    }));
                }
            }).bind(this.bindAddress).sync2().channel();
            LOG.info("Bind to {}", this.serverChannel.localAddress());
            initReconfigurable(configuration);
            this.scheduler.init(new RpcSchedulerContext(this));
        } catch (InterruptedException e) {
            throw new InterruptedIOException(e.getMessage());
        }
    }

    @Override // org.apache.hadoop.hbase.ipc.RpcServer, org.apache.hadoop.hbase.conf.ConfigurationObserver
    public void onConfigurationChange(Configuration configuration) {
        super.onConfigurationChange(configuration);
        configureNettyWatermarks(configuration);
    }

    private void configureNettyWatermarks(Configuration configuration) {
        int i = configuration.getInt(CHANNEL_WRITABLE_LOW_WATERMARK_KEY, 0);
        int i2 = configuration.getInt(CHANNEL_WRITABLE_HIGH_WATERMARK_KEY, 0);
        int i3 = configuration.getInt(CHANNEL_WRITABLE_FATAL_WATERMARK_KEY, 0);
        WriteBufferWaterMark writeBufferWaterMark = this.writeBufferWaterMark;
        int i4 = this.writeBufferFatalThreshold;
        boolean z = false;
        if (i2 == 0 && i == 0) {
            this.writeBufferWaterMark = WriteBufferWaterMark.DEFAULT;
            z = true;
        } else {
            if (i == 0) {
                LOG.warn("Detected a {} value of 0, which is impossible to achieve due to how netty evaluates these thresholds, setting to 1", CHANNEL_WRITABLE_LOW_WATERMARK_KEY);
                i = 1;
            }
            if (i2 <= i) {
                LOG.warn("Detected {} value {}, lower than {} value {}. This will fail netty validation, so disabling", new Object[]{CHANNEL_WRITABLE_HIGH_WATERMARK_KEY, Integer.valueOf(i2), CHANNEL_WRITABLE_LOW_WATERMARK_KEY, Integer.valueOf(i)});
                this.writeBufferWaterMark = WriteBufferWaterMark.DEFAULT;
            } else {
                this.writeBufferWaterMark = new WriteBufferWaterMark(i, i2);
            }
            if (i3 > 0 && i3 <= i2) {
                LOG.warn("Detected a {} value of {}, which is lower than the {} value of {}, ignoring.", new Object[]{CHANNEL_WRITABLE_FATAL_WATERMARK_KEY, Integer.valueOf(i3), CHANNEL_WRITABLE_HIGH_WATERMARK_KEY, Integer.valueOf(i2)});
                i3 = 0;
            }
        }
        this.writeBufferFatalThreshold = i3;
        if (writeBufferWaterMark != null && (writeBufferWaterMark.low() != this.writeBufferWaterMark.low() || writeBufferWaterMark.high() != this.writeBufferWaterMark.high() || i4 != this.writeBufferFatalThreshold)) {
            Logger logger = LOG;
            Object[] objArr = new Object[3];
            objArr[0] = z ? MRJobConfig.SHARED_CACHE_MODE_DEFAULT : Integer.valueOf(this.writeBufferWaterMark.low());
            objArr[1] = z ? MRJobConfig.SHARED_CACHE_MODE_DEFAULT : Integer.valueOf(this.writeBufferWaterMark.high());
            objArr[2] = this.writeBufferFatalThreshold <= 0 ? MRJobConfig.SHARED_CACHE_MODE_DEFAULT : Integer.valueOf(this.writeBufferFatalThreshold);
            logger.info("Updated netty outbound write buffer watermarks: low={}, high={}, fatal={}", objArr);
        }
        for (Channel channel : this.allChannels) {
            channel.config().setWriteBufferWaterMark(this.writeBufferWaterMark);
            if (z) {
                channel.config().setAutoRead(true);
            }
        }
    }

    public boolean isWritabilityBackpressureEnabled() {
        return this.writeBufferWaterMark != WriteBufferWaterMark.DEFAULT;
    }

    private ByteBufAllocator getChannelAllocator(Configuration configuration) throws IOException {
        String str = configuration.get(HBASE_NETTY_ALLOCATOR_KEY);
        if (str == null) {
            LOG.info("Using {} for buffer allocation", PooledByteBufAllocator.class.getName());
            return PooledByteBufAllocator.DEFAULT;
        }
        if (POOLED_ALLOCATOR_TYPE.equalsIgnoreCase(str)) {
            LOG.info("Using {} for buffer allocation", PooledByteBufAllocator.class.getName());
            return PooledByteBufAllocator.DEFAULT;
        }
        if (UNPOOLED_ALLOCATOR_TYPE.equalsIgnoreCase(str)) {
            LOG.info("Using {} for buffer allocation", UnpooledByteBufAllocator.class.getName());
            return UnpooledByteBufAllocator.DEFAULT;
        }
        if (HEAP_ALLOCATOR_TYPE.equalsIgnoreCase(str)) {
            LOG.info("Using {} for buffer allocation", HeapByteBufAllocator.class.getName());
            return HeapByteBufAllocator.DEFAULT;
        }
        try {
            ByteBufAllocator byteBufAllocator = (ByteBufAllocator) ReflectionUtils.newInstance(str, new Object[0]);
            LOG.info("Using {} for buffer allocation", str);
            return byteBufAllocator;
        } catch (ClassCastException | UnsupportedOperationException e) {
            throw new IOException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @InterfaceAudience.Private
    public NettyServerRpcConnection createNettyServerRpcConnection(Channel channel) {
        return new NettyServerRpcConnection(this, channel);
    }

    @Override // org.apache.hadoop.hbase.ipc.RpcServerInterface
    public synchronized void start() {
        if (this.started) {
            return;
        }
        this.authTokenSecretMgr = createSecretManager();
        if (this.authTokenSecretMgr != null) {
            synchronized (this.authTokenSecretMgr) {
                setSecretManager(this.authTokenSecretMgr);
                this.authTokenSecretMgr.start();
            }
        }
        this.authManager = new ServiceAuthorizationManager();
        HBasePolicyProvider.init(this.conf, this.authManager);
        this.scheduler.start();
        this.started = true;
    }

    @Override // org.apache.hadoop.hbase.ipc.RpcServerInterface
    public synchronized void stop() {
        if (this.running) {
            LOG.info("Stopping server on " + this.serverChannel.localAddress());
            FileChangeWatcher andSet = this.keyStoreWatcher.getAndSet(null);
            if (andSet != null) {
                andSet.stop();
            }
            FileChangeWatcher andSet2 = this.trustStoreWatcher.getAndSet(null);
            if (andSet2 != null) {
                andSet2.stop();
            }
            if (this.authTokenSecretMgr != null) {
                this.authTokenSecretMgr.stop();
                this.authTokenSecretMgr = null;
            }
            this.allChannels.close().awaitUninterruptibly2();
            this.serverChannel.close();
            this.scheduler.stop();
            this.closed.countDown();
            this.running = false;
        }
    }

    @Override // org.apache.hadoop.hbase.ipc.RpcServerInterface
    public synchronized void join() throws InterruptedException {
        this.closed.await();
    }

    @Override // org.apache.hadoop.hbase.ipc.RpcServerInterface
    public synchronized InetSocketAddress getListenerAddress() {
        return (InetSocketAddress) this.serverChannel.localAddress();
    }

    @Override // org.apache.hadoop.hbase.ipc.RpcServerInterface
    public void setSocketSendBufSize(int i) {
    }

    @Override // org.apache.hadoop.hbase.ipc.RpcServer
    public int getNumOpenConnections() {
        return this.allChannels.size();
    }

    @Override // org.apache.hadoop.hbase.ipc.RpcServerInterface
    public Pair<Message, CellScanner> call(BlockingService blockingService, Descriptors.MethodDescriptor methodDescriptor, Message message, CellScanner cellScanner, long j, MonitoredRPCHandler monitoredRPCHandler) throws IOException {
        return call(blockingService, methodDescriptor, message, cellScanner, j, monitoredRPCHandler, EnvironmentEdgeManager.currentTime(), 0);
    }

    @Override // org.apache.hadoop.hbase.ipc.RpcServerInterface
    public Pair<Message, CellScanner> call(BlockingService blockingService, Descriptors.MethodDescriptor methodDescriptor, Message message, CellScanner cellScanner, long j, MonitoredRPCHandler monitoredRPCHandler, long j2, int i) throws IOException {
        return call(new NettyServerCall(-1, blockingService, methodDescriptor, null, message, cellScanner, null, -1L, null, j, i, this.bbAllocator, this.cellBlockBuilder, null), monitoredRPCHandler);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void initSSL(ChannelPipeline channelPipeline, NettyServerRpcConnection nettyServerRpcConnection, boolean z) throws X509Exception, IOException {
        SslHandler newHandler;
        SslContext sslContext = getSslContext();
        if (z) {
            channelPipeline.addLast("ssl", new OptionalSslHandler(sslContext));
            LOG.debug("Dual mode SSL handler added for channel: {}", channelPipeline.channel());
            return;
        }
        SocketAddress remoteAddress = channelPipeline.channel().remoteAddress();
        if (remoteAddress instanceof InetSocketAddress) {
            InetSocketAddress inetSocketAddress = (InetSocketAddress) remoteAddress;
            newHandler = sslContext.newHandler(channelPipeline.channel().alloc(), this.conf.getBoolean(X509Util.TLS_CONFIG_REVERSE_DNS_LOOKUP_ENABLED, true) ? inetSocketAddress.getHostName() : inetSocketAddress.getHostString(), inetSocketAddress.getPort());
        } else {
            newHandler = sslContext.newHandler(channelPipeline.channel().alloc());
        }
        newHandler.setWrapDataSize(this.conf.getInt(X509Util.HBASE_SERVER_NETTY_TLS_WRAP_SIZE, 1048576));
        SslHandler sslHandler = newHandler;
        newHandler.handshakeFuture().addListener2(future -> {
            sslHandshakeCompleteHandler(nettyServerRpcConnection, sslHandler, remoteAddress);
        });
        channelPipeline.addLast("ssl", newHandler);
        LOG.debug("SSL handler added for channel: {}", channelPipeline.channel());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void sslHandshakeCompleteHandler(NettyServerRpcConnection nettyServerRpcConnection, SslHandler sslHandler, SocketAddress socketAddress) {
        try {
            Certificate[] peerCertificates = sslHandler.engine().getSession().getPeerCertificates();
            if (peerCertificates != null && peerCertificates.length > 0) {
                X509Certificate[] x509CertificateArr = new X509Certificate[peerCertificates.length];
                for (int i = 0; i < x509CertificateArr.length; i++) {
                    x509CertificateArr[i] = (X509Certificate) peerCertificates[i];
                }
                nettyServerRpcConnection.clientCertificateChain = x509CertificateArr;
            } else if (sslHandler.engine().getNeedClientAuth()) {
                LOG.debug("Could not get peer certificate on TLS connection from {}, although one is required", socketAddress);
            }
        } catch (SSLPeerUnverifiedException e) {
            if (sslHandler.engine().getNeedClientAuth()) {
                LOG.debug("Could not get peer certificate on TLS connection from {}, although one is required", socketAddress, e);
            }
        } catch (Exception e2) {
            LOG.debug("Unexpected error getting peer certificate for TLS connection from {}", socketAddress, e2);
        }
    }

    SslContext getSslContext() throws X509Exception, IOException {
        SslContext sslContext = this.sslContextForServer.get();
        if (sslContext == null) {
            sslContext = X509Util.createSslContextForServer(this.conf);
            if (!this.sslContextForServer.compareAndSet(null, sslContext)) {
                sslContext = this.sslContextForServer.get();
            } else if (this.keyStoreWatcher.get() == null && this.trustStoreWatcher.get() == null && this.conf.getBoolean(X509Util.TLS_CERT_RELOAD, false)) {
                X509Util.enableCertFileReloading(this.conf, this.keyStoreWatcher, this.trustStoreWatcher, () -> {
                    this.sslContextForServer.set(null);
                });
            }
        }
        return sslContext;
    }

    public int getWriteBufferFatalThreshold() {
        return this.writeBufferFatalThreshold;
    }

    public Pair<Long, Long> getTotalAndMaxNettyOutboundBytes() {
        long j = 0;
        long j2 = 0;
        Iterator<Channel> it = this.allChannels.iterator();
        while (it.hasNext()) {
            long totalPendingOutboundBytes = NettyUnsafeUtils.getTotalPendingOutboundBytes(it.next());
            j += totalPendingOutboundBytes;
            j2 = Math.max(j2, totalPendingOutboundBytes);
        }
        return Pair.newPair(Long.valueOf(j), Long.valueOf(j2));
    }
}
