package org.apache.hadoop.hdfs.qjournal.server;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.HashSet;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.DFSUtil;
import org.apache.hadoop.hdfs.qjournal.client.QuorumJournalManager;
import org.apache.hadoop.hdfs.server.common.JspHelper;
import org.apache.hadoop.hdfs.server.common.StorageInfo;
import org.apache.hadoop.hdfs.server.namenode.FileJournalManager;
import org.apache.hadoop.hdfs.server.namenode.ImageServlet;
import org.apache.hadoop.hdfs.server.namenode.SecondaryNameNode;
import org.apache.hadoop.hdfs.server.namenode.TransferFsImage;
import org.apache.hadoop.hdfs.server.protocol.NamespaceInfo;
import org.apache.hadoop.io.IOUtils;
import org.apache.hadoop.metrics2.sink.ganglia.AbstractGangliaSink;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.ServletUtil;
import org.apache.hadoop.util.StringUtils;
import org.apache.http.HttpStatus;

@InterfaceAudience.Private
/* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.6.0-cdh5.15.0.jar:org/apache/hadoop/hdfs/qjournal/server/GetJournalEditServlet.class */
public class GetJournalEditServlet extends HttpServlet {
    private static final long serialVersionUID = -4635891628211723009L;
    private static final Log LOG = LogFactory.getLog(GetJournalEditServlet.class);
    static final String STORAGEINFO_PARAM = "storageInfo";
    static final String JOURNAL_ID_PARAM = "jid";
    static final String SEGMENT_TXID_PARAM = "segmentTxId";

    protected boolean isValidRequestor(HttpServletRequest httpServletRequest, Configuration configuration) throws IOException {
        String name = httpServletRequest.getUserPrincipal().getName();
        String remoteUser = httpServletRequest.getRemoteUser();
        if (name == null) {
            LOG.warn("Received null remoteUser while authorizing access to GetJournalEditServlet");
            return false;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Validating request made by " + name + " / " + remoteUser + ". This user is: " + UserGroupInformation.getLoginUser());
        }
        HashSet<String> hashSet = new HashSet();
        hashSet.addAll(DFSUtil.getAllNnPrincipals(configuration));
        try {
            hashSet.add(SecurityUtil.getServerPrincipal(configuration.get("dfs.secondary.namenode.kerberos.principal"), SecondaryNameNode.getHttpAddress(configuration).getHostName()));
        } catch (Exception e) {
            LOG.debug("SecondaryNameNode principal could not be added", e);
            LOG.warn(String.format("SecondaryNameNode principal not considered, %s = %s, %s = %s", "dfs.secondary.namenode.kerberos.principal", configuration.get("dfs.secondary.namenode.kerberos.principal"), DFSConfigKeys.DFS_NAMENODE_SECONDARY_HTTP_ADDRESS_KEY, configuration.get(DFSConfigKeys.DFS_NAMENODE_SECONDARY_HTTP_ADDRESS_KEY, DFSConfigKeys.DFS_NAMENODE_SECONDARY_HTTP_ADDRESS_DEFAULT)));
        }
        for (String str : hashSet) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("isValidRequestor is comparing to valid requestor: " + str);
            }
            if (str != null && str.equals(name)) {
                if (!LOG.isDebugEnabled()) {
                    return true;
                }
                LOG.debug("isValidRequestor is allowing: " + name);
                return true;
            }
        }
        if (remoteUser.equals(UserGroupInformation.getLoginUser().getShortUserName())) {
            if (!LOG.isDebugEnabled()) {
                return true;
            }
            LOG.debug("isValidRequestor is allowing other JN principal: " + name);
            return true;
        }
        if (!LOG.isDebugEnabled()) {
            return false;
        }
        LOG.debug("isValidRequestor is rejecting: " + name);
        return false;
    }

    private boolean checkRequestorOrSendError(Configuration configuration, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (!UserGroupInformation.isSecurityEnabled() || isValidRequestor(httpServletRequest, configuration)) {
            return true;
        }
        httpServletResponse.sendError(HttpStatus.SC_FORBIDDEN, "Only Namenode and another JournalNode may access this servlet");
        LOG.warn("Received non-NN/JN request for edits from " + httpServletRequest.getRemoteHost());
        return false;
    }

    private boolean checkStorageInfoOrSendError(JNStorage jNStorage, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        int namespaceID = jNStorage.getNamespaceID();
        String clusterID = jNStorage.getClusterID();
        String escapeHtml = StringEscapeUtils.escapeHtml(httpServletRequest.getParameter(STORAGEINFO_PARAM));
        if (escapeHtml == null) {
            return true;
        }
        int nsIdFromColonSeparatedString = StorageInfo.getNsIdFromColonSeparatedString(escapeHtml);
        String clusterIdFromColonSeparatedString = StorageInfo.getClusterIdFromColonSeparatedString(escapeHtml);
        if (namespaceID == nsIdFromColonSeparatedString && clusterID.equals(clusterIdFromColonSeparatedString)) {
            return true;
        }
        String str = "This node has namespaceId '" + namespaceID + " and clusterId '" + clusterID + "' but the requesting node expected '" + nsIdFromColonSeparatedString + "' and '" + clusterIdFromColonSeparatedString + "'";
        httpServletResponse.sendError(HttpStatus.SC_FORBIDDEN, str);
        LOG.warn("Received an invalid request file transfer request from " + httpServletRequest.getRemoteAddr() + ": " + str);
        return false;
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            try {
                ServletContext servletContext = getServletContext();
                Configuration configuration = (Configuration) getServletContext().getAttribute(JspHelper.CURRENT_CONF);
                String parameter = httpServletRequest.getParameter(JOURNAL_ID_PARAM);
                QuorumJournalManager.checkJournalId(parameter);
                JNStorage storage = JournalNodeHttpServer.getJournalFromContext(servletContext, parameter).getStorage();
                if (checkRequestorOrSendError(configuration, httpServletRequest, httpServletResponse)) {
                    if (!checkStorageInfoOrSendError(storage, httpServletRequest, httpServletResponse)) {
                        IOUtils.closeStream(null);
                        return;
                    }
                    long parseLongParam = ServletUtil.parseLongParam(httpServletRequest, SEGMENT_TXID_PARAM);
                    FileJournalManager journalManager = storage.getJournalManager();
                    synchronized (journalManager) {
                        FileJournalManager.EditLogFile logFile = journalManager.getLogFile(parseLongParam);
                        if (logFile == null) {
                            httpServletResponse.sendError(HttpStatus.SC_NOT_FOUND, "No edit log found starting at txid " + parseLongParam);
                            IOUtils.closeStream(null);
                            return;
                        }
                        File file = logFile.getFile();
                        ImageServlet.setVerificationHeadersForGet(httpServletResponse, file);
                        ImageServlet.setFileNameHeaders(httpServletResponse, file);
                        FileInputStream fileInputStream = new FileInputStream(file);
                        TransferFsImage.copyFileToStream(httpServletResponse.getOutputStream(), file, fileInputStream, ImageServlet.getThrottler(configuration));
                        IOUtils.closeStream(fileInputStream);
                    }
                }
            } catch (Throwable th) {
                String str = "getedit failed. " + StringUtils.stringifyException(th);
                httpServletResponse.sendError(500, str);
                throw new IOException(str);
            }
        } finally {
            IOUtils.closeStream(null);
        }
    }

    public static String buildPath(String str, long j, NamespaceInfo namespaceInfo) {
        StringBuilder sb = new StringBuilder("/getJournal?");
        try {
            sb.append(JOURNAL_ID_PARAM).append(AbstractGangliaSink.EQUAL).append(URLEncoder.encode(str, "UTF-8"));
            sb.append("&segmentTxId").append(AbstractGangliaSink.EQUAL).append(j);
            sb.append("&storageInfo").append(AbstractGangliaSink.EQUAL).append(URLEncoder.encode(namespaceInfo.toColonSeparatedString(), "UTF-8"));
            return sb.toString();
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }
}
