package org.apache.ambari.server.view;

import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.proxy.ProxyService;
import org.apache.ambari.view.URLConnectionProvider;
import org.apache.ambari.view.URLStreamProvider;
import org.apache.ambari.view.ViewContext;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.http.client.utils.URIBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ambari/server/view/ViewURLStreamProvider.class */
public class ViewURLStreamProvider implements URLStreamProvider, URLConnectionProvider {
    private static final Logger LOG = LoggerFactory.getLogger(ViewContextImpl.class);
    private static final String DO_AS_PARAM = "doAs";
    private final ViewContext viewContext;
    private final org.apache.ambari.server.controller.internal.URLStreamProvider streamProvider;
    private HostPortRestrictionHandler hostPortRestrictionHandler;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/ambari/server/view/ViewURLStreamProvider$HostPortRestrictionHandler.class */
    public class HostPortRestrictionHandler {
        private final String allowedHostPortsValue;
        private Map<String, HashSet<String>> allowedHostPorts = null;
        private Boolean isProxyCallRestricted = Boolean.FALSE;

        public HostPortRestrictionHandler(String str) {
            this.allowedHostPortsValue = str;
            ViewURLStreamProvider.LOG.debug("Proxy restriction will be derived from {}", str);
        }

        public boolean allowProxy(String str, String str2) {
            ViewURLStreamProvider.LOG.debug("Checking host {} port {} against allowed list.", str, str2);
            if (!StringUtils.isNotBlank(str)) {
                return true;
            }
            String lowerCase = str.trim().toLowerCase();
            if (this.allowedHostPorts == null) {
                initializeAllowedHostPorts();
            }
            if (!this.isProxyCallRestricted.booleanValue()) {
                return true;
            }
            if (!this.allowedHostPorts.containsKey(lowerCase)) {
                return false;
            }
            if (this.allowedHostPorts.get(lowerCase).contains("*")) {
                return true;
            }
            String str3 = Configuration.JDBC_IN_MEMORY_PASSWORD;
            if (StringUtils.isNotBlank(str2)) {
                str3 = str2.trim();
            }
            return this.allowedHostPorts.get(lowerCase).contains(str3);
        }

        private void initializeAllowedHostPorts() {
            boolean z = false;
            HashMap hashMap = new HashMap();
            if (StringUtils.isNotBlank(this.allowedHostPortsValue)) {
                String lowerCase = this.allowedHostPortsValue.toLowerCase();
                if (!lowerCase.equals(Configuration.PROXY_ALLOWED_HOST_PORTS.getDefaultValue())) {
                    z = true;
                    for (String str : lowerCase.trim().split(",")) {
                        String[] split = str.trim().split(":");
                        if (split.length == 1) {
                            if (!hashMap.containsKey(split[0])) {
                                hashMap.put(split[0], new HashSet());
                            }
                            ((HashSet) hashMap.get(split[0])).add("*");
                            ViewURLStreamProvider.LOG.debug("Allow proxy to host {} and all ports.", split[0]);
                        } else {
                            if (!hashMap.containsKey(split[0])) {
                                hashMap.put(split[0], new HashSet());
                            }
                            ((HashSet) hashMap.get(split[0])).add(split[1]);
                            ViewURLStreamProvider.LOG.debug("Allow proxy to host {} and port {}", split[0], split[1]);
                        }
                    }
                }
            }
            this.allowedHostPorts = hashMap;
            this.isProxyCallRestricted = Boolean.valueOf(z);
        }

        public Boolean proxyCallRestricted() {
            if (this.allowedHostPorts == null) {
                initializeAllowedHostPorts();
            }
            return this.isProxyCallRestricted;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ViewURLStreamProvider(ViewContext viewContext, org.apache.ambari.server.controller.internal.URLStreamProvider uRLStreamProvider) {
        this.viewContext = viewContext;
        this.streamProvider = uRLStreamProvider;
    }

    private HostPortRestrictionHandler getHostPortRestrictionHandler() {
        if (this.hostPortRestrictionHandler == null) {
            this.hostPortRestrictionHandler = new HostPortRestrictionHandler(this.viewContext.getAmbariProperty(Configuration.PROXY_ALLOWED_HOST_PORTS.getKey()));
        }
        return this.hostPortRestrictionHandler;
    }

    public InputStream readFrom(String str, String str2, String str3, Map<String, String> map) throws IOException {
        return getInputStream(str, str2, map, str3 == null ? null : str3.getBytes());
    }

    public InputStream readFrom(String str, String str2, InputStream inputStream, Map<String, String> map) throws IOException {
        return getInputStream(str, str2, map, inputStream == null ? null : IOUtils.toByteArray(inputStream));
    }

    public InputStream readAs(String str, String str2, String str3, Map<String, String> map, String str4) throws IOException {
        return readFrom(addDoAs(str, str4), str2, str3, map);
    }

    public InputStream readAs(String str, String str2, InputStream inputStream, Map<String, String> map, String str3) throws IOException {
        return readFrom(addDoAs(str, str3), str2, inputStream, map);
    }

    public InputStream readAsCurrent(String str, String str2, String str3, Map<String, String> map) throws IOException {
        return readAs(str, str2, str3, map, this.viewContext.getUsername());
    }

    public InputStream readAsCurrent(String str, String str2, InputStream inputStream, Map<String, String> map) throws IOException {
        return readAs(str, str2, inputStream, map, this.viewContext.getUsername());
    }

    public HttpURLConnection getConnection(String str, String str2, String str3, Map<String, String> map) throws IOException {
        return getHttpURLConnection(str, str2, map, str3 == null ? null : str3.getBytes());
    }

    public HttpURLConnection getConnection(String str, String str2, InputStream inputStream, Map<String, String> map) throws IOException {
        return getHttpURLConnection(str, str2, map, inputStream == null ? null : IOUtils.toByteArray(inputStream));
    }

    public HttpURLConnection getConnectionAs(String str, String str2, String str3, Map<String, String> map, String str4) throws IOException {
        return getConnection(addDoAs(str, str4), str2, str3, map);
    }

    public HttpURLConnection getConnectionAs(String str, String str2, InputStream inputStream, Map<String, String> map, String str3) throws IOException {
        return getConnection(addDoAs(str, str3), str2, inputStream, map);
    }

    public HttpURLConnection getConnectionAsCurrent(String str, String str2, String str3, Map<String, String> map) throws IOException {
        return getConnectionAs(str, str2, str3, map, this.viewContext.getUsername());
    }

    public HttpURLConnection getConnectionAsCurrent(String str, String str2, InputStream inputStream, Map<String, String> map) throws IOException {
        return getConnectionAs(str, str2, inputStream, map, this.viewContext.getUsername());
    }

    private String addDoAs(String str, String str2) throws IOException {
        if (str.toLowerCase().contains("doAs")) {
            throw new IllegalArgumentException("URL cannot contain \"doAs\" parameter.");
        }
        try {
            URIBuilder uRIBuilder = new URIBuilder(str);
            uRIBuilder.addParameter("doAs", str2);
            return uRIBuilder.build().toString();
        } catch (URISyntaxException e) {
            throw new IOException(e);
        }
    }

    private InputStream getInputStream(String str, String str2, Map<String, String> map, byte[] bArr) throws IOException {
        if (isProxyCallAllowed(str)) {
            HttpURLConnection httpURLConnection = getHttpURLConnection(str, str2, map, bArr);
            return httpURLConnection.getResponseCode() >= ProxyService.HTTP_ERROR_RANGE_START ? httpURLConnection.getErrorStream() : httpURLConnection.getInputStream();
        }
        LOG.warn("Call to " + str + " is not allowed. See ambari.properties proxy.allowed.hostports.");
        throw new IOException("Call to " + str + " is not allowed. See ambari.properties proxy.allowed.hostports.");
    }

    private HttpURLConnection getHttpURLConnection(String str, String str2, Map<String, String> map, byte[] bArr) throws IOException {
        if (!isProxyCallAllowed(str)) {
            LOG.warn("Call to " + str + " is not allowed. See ambari.properties proxy.allowed.hostports.");
            throw new IOException("Call to " + str + " is not allowed. See ambari.properties proxy.allowed.hostports.");
        }
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            hashMap.put(entry.getKey(), Collections.singletonList(entry.getValue()));
        }
        return this.streamProvider.processURL(str, str2, bArr, hashMap);
    }

    protected boolean isProxyCallAllowed(String str) {
        if (!StringUtils.isNotBlank(str) || !getHostPortRestrictionHandler().proxyCallRestricted().booleanValue()) {
            return true;
        }
        try {
            URL url = new URL(str);
            return getHostPortRestrictionHandler().allowProxy(url.getHost(), Integer.toString(url.getPort() == -1 ? url.getDefaultPort() : url.getPort()));
        } catch (MalformedURLException e) {
            return true;
        }
    }
}
