package org.apache.pulsar.proxy.server;

import java.io.IOException;
import java.net.URI;
import java.security.cert.X509Certificate;
import java.util.Objects;
import javax.net.ssl.SSLContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apache.pulsar.client.api.Authentication;
import org.apache.pulsar.client.api.AuthenticationDataProvider;
import org.apache.pulsar.client.api.AuthenticationFactory;
import org.apache.pulsar.client.api.PulsarClientException;
import org.apache.pulsar.common.util.SecurityUtility;
import org.apache.pulsar.policies.data.loadbalancer.LoadManagerReport;
import org.eclipse.jetty.client.HttpClient;
import org.eclipse.jetty.proxy.AsyncProxyServlet;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/pulsar/proxy/server/AdminProxyHandler.class */
class AdminProxyHandler extends AsyncProxyServlet {
    private static final Logger LOG = LoggerFactory.getLogger(AdminProxyHandler.class);
    private final ProxyConfiguration config;
    private final BrokerDiscoveryProvider discoveryProvider;
    private final String brokerWebServiceUrl;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AdminProxyHandler(ProxyConfiguration proxyConfiguration, BrokerDiscoveryProvider brokerDiscoveryProvider) {
        this.config = proxyConfiguration;
        this.discoveryProvider = brokerDiscoveryProvider;
        this.brokerWebServiceUrl = proxyConfiguration.isTlsEnabledWithBroker() ? proxyConfiguration.getBrokerWebServiceURLTLS() : proxyConfiguration.getBrokerWebServiceURL();
    }

    protected HttpClient createHttpClient() throws ServletException {
        HttpClient createHttpClient = super.createHttpClient();
        createHttpClient.setFollowRedirects(true);
        return createHttpClient;
    }

    protected HttpClient newHttpClient() {
        try {
            Authentication create = AuthenticationFactory.create(this.config.getBrokerClientAuthenticationPlugin(), this.config.getBrokerClientAuthenticationParameters());
            Objects.requireNonNull(create, "No supported auth found for proxy");
            create.start();
            if (!this.config.isTlsEnabledWithBroker()) {
                return new HttpClient();
            }
            try {
                X509Certificate[] loadCertificatesFromPemFile = SecurityUtility.loadCertificatesFromPemFile(this.config.getTlsTrustCertsFilePath());
                AuthenticationDataProvider authData = create.getAuthData();
                SSLContext createSslContext = authData.hasDataForTls() ? SecurityUtility.createSslContext(this.config.isTlsAllowInsecureConnection(), loadCertificatesFromPemFile, authData.getTlsCertificates(), authData.getTlsPrivateKey()) : SecurityUtility.createSslContext(this.config.isTlsAllowInsecureConnection(), loadCertificatesFromPemFile);
                SslContextFactory sslContextFactory = new SslContextFactory();
                sslContextFactory.setSslContext(createSslContext);
                return new HttpClient(sslContextFactory);
            } catch (Exception e) {
                try {
                    create.close();
                } catch (IOException e2) {
                    LOG.error("Failed to close the authentication service", e2);
                }
                throw new PulsarClientException.InvalidConfigurationException(e.getMessage());
            }
        } catch (PulsarClientException e3) {
            throw new RuntimeException((Throwable) e3);
        }
    }

    protected String rewriteTarget(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder();
        if (StringUtils.isBlank(this.brokerWebServiceUrl)) {
            try {
                LoadManagerReport nextBroker = this.discoveryProvider.nextBroker();
                if (this.config.isTlsEnabledWithBroker()) {
                    sb.append(nextBroker.getWebServiceUrlTls());
                } else {
                    sb.append(nextBroker.getWebServiceUrl());
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("[{}:{}] Selected active broker is {}", new Object[]{httpServletRequest.getRemoteAddr(), Integer.valueOf(httpServletRequest.getRemotePort()), sb.toString()});
                }
            } catch (Exception e) {
                LOG.warn("[{}:{}] Failed to get next active broker {}", new Object[]{httpServletRequest.getRemoteAddr(), Integer.valueOf(httpServletRequest.getRemotePort()), e.getMessage(), e});
                return null;
            }
        } else {
            sb.append(this.brokerWebServiceUrl);
        }
        if (sb.lastIndexOf("/") == sb.length() - 1) {
            sb.deleteCharAt(sb.lastIndexOf("/"));
        }
        sb.append(httpServletRequest.getRequestURI());
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null) {
            sb.append("?").append(queryString);
        }
        URI normalize = URI.create(sb.toString()).normalize();
        if (validateDestination(normalize.getHost(), normalize.getPort())) {
            return normalize.toString();
        }
        return null;
    }
}
