package org.voltdb;

import com.google_voltpatches.common.base.Supplier;
import com.google_voltpatches.common.base.Suppliers;
import com.google_voltpatches.common.base.Throwables;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons_voltpatches.cli.HelpFormatter;
import org.eclipse.jetty.continuation.Continuation;
import org.eclipse.jetty.continuation.ContinuationListener;
import org.eclipse.jetty.continuation.ContinuationSupport;
import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.util.B64Code;
import org.hsqldb_voltpatches.Tokens;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;
import org.voltcore.logging.Level;
import org.voltcore.logging.VoltLogger;
import org.voltcore.utils.EstTime;
import org.voltcore.utils.RateLimitedLogger;
import org.voltdb.AuthSystem;
import org.voltdb.VoltDB;
import org.voltdb.client.ClientAuthScheme;
import org.voltdb.client.ClientResponse;
import org.voltdb.client.ProcedureCallback;
import org.voltdb.iv2.DeterminismHash;
import org.voltdb.management.ProcedureStatistics;
import org.voltdb.utils.Base64;
import org.voltdb.utils.Encoder;

/* loaded from: input_file:org/voltdb/HTTPClientInterface.class */
public class HTTPClientInterface {
    public static final String QUERY_TIMEOUT_PARAM = "Querytimeout";
    public static final String JSONP = "jsonp";
    public static final Pattern JSONP_PATTERN;
    private static final VoltLogger m_log;
    private static final RateLimitedLogger m_rate_limited_log;
    static final int CACHE_TARGET_SIZE = 10;
    public static final String PARAM_USERNAME = "User";
    public static final String PARAM_PASSWORD = "Password";
    public static final String PARAM_HASHEDPASSWORD = "Hashedpassword";
    public static final String PARAM_ADMIN = "admin";
    public static final String AUTH_USER_SESSION_KEY = "authuser";
    public static final int MAX_SESSION_INACTIVITY_SECONDS;
    public static final boolean HTTP_DONT_USE_SESSION;
    final boolean m_spnegoEnabled;
    public static final int MAX_QUERY_PARAM_SIZE = 2097152;
    public static final int MAX_FORM_KEYS = 512;
    static final /* synthetic */ boolean $assertionsDisabled;
    int m_timeout = 0;
    private volatile boolean m_dontUseSession = false;
    private final Supplier<InternalConnectionHandler> m_invocationHandler = Suppliers.memoize(new Supplier<InternalConnectionHandler>() { // from class: org.voltdb.HTTPClientInterface.1
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.google_voltpatches.common.base.Supplier
        public InternalConnectionHandler get() {
            ClientInterface clientInterface = VoltDB.instance().getClientInterface();
            if (clientInterface == null || !clientInterface.isAcceptingConnections()) {
                throw new IllegalStateException("Client interface is not ready to be used or has been closed.");
            }
            return clientInterface.getInternalConnectionHandler();
        }
    });
    final String m_timeoutResponse = new ClientResponseImpl((byte) -6, new VoltTable[0], "Request Timeout").toJSONString();
    final String m_servicePrincipal = getAuthSystem().getServicePrincipal();

    /* loaded from: input_file:org/voltdb/HTTPClientInterface$JSONProcCallback.class */
    class JSONProcCallback implements ProcedureCallback, ContinuationListener {
        final AtomicBoolean m_complete = new AtomicBoolean(false);
        final Continuation m_continuation;
        final String m_jsonp;
        static final /* synthetic */ boolean $assertionsDisabled;

        public JSONProcCallback(Continuation continuation, String str) {
            if (!$assertionsDisabled && continuation == null) {
                throw new AssertionError("given continuation is null");
            }
            this.m_continuation = continuation;
            this.m_continuation.addContinuationListener(this);
            this.m_jsonp = str;
        }

        @Override // org.voltdb.client.ProcedureCallback
        public void clientCallback(ClientResponse clientResponse) throws Exception {
            if (!this.m_complete.compareAndSet(false, true)) {
                if (clientResponse.getStatus() != -7) {
                    HTTPClientInterface.m_rate_limited_log.log(EstTime.currentTimeMillis(), Level.WARN, null, "Procedure response arrived for a request that was timed out by jetty", new Object[0]);
                    return;
                }
                return;
            }
            this.m_continuation.setAttribute("result", HTTPClientInterface.asJsonp(this.m_jsonp, ((ClientResponseImpl) clientResponse).toJSONString()));
            try {
                this.m_continuation.resume();
            } catch (IllegalStateException e) {
                HTTPClientInterface.m_log.warn("JSON request cannot be completed. The server is shutting down. " + e.getMessage());
            }
        }

        public void onComplete(Continuation continuation) {
            if (this.m_complete.get()) {
                return;
            }
            this.m_complete.compareAndSet(false, true);
        }

        public void onTimeout(Continuation continuation) {
            if (this.m_complete.compareAndSet(false, true)) {
                this.m_continuation.setAttribute("result", HTTPClientInterface.this.m_timeoutResponse);
                this.m_continuation.resume();
            }
        }

        static {
            $assertionsDisabled = !HTTPClientInterface.class.desiredAssertionStatus();
        }
    }

    public void setTimeout(int i) {
        this.m_timeout = i * 1000;
    }

    public HTTPClientInterface() {
        this.m_spnegoEnabled = (this.m_servicePrincipal == null || this.m_servicePrincipal.isEmpty()) ? false : true;
    }

    public void stop() {
    }

    public static final String asJsonp(String str, String str2) {
        return str == null ? str2 : new StringBuilder(str.length() + str2.length() + 8).append(str).append("( ").append(str2).append(" )").toString();
    }

    private static final void simpleJsonResponse(String str, String str2, HttpServletResponse httpServletResponse, int i) {
        String asJsonp = asJsonp(str, new ClientResponseImpl((byte) -3, new VoltTable[0], str2).toJSONString());
        httpServletResponse.setStatus(i);
        try {
            httpServletResponse.getWriter().print(asJsonp);
            httpServletResponse.getWriter().flush();
        } catch (IOException e) {
        }
    }

    private static final void badRequest(String str, String str2, HttpServletResponse httpServletResponse) {
        simpleJsonResponse(str, str2, httpServletResponse, Tokens.FINAL);
    }

    private static final void unauthorized(String str, String str2, HttpServletResponse httpServletResponse) {
        simpleJsonResponse(str, str2, httpServletResponse, 401);
    }

    private static final void ok(String str, String str2, HttpServletResponse httpServletResponse) {
        simpleJsonResponse(str, str2, httpServletResponse, 200);
    }

    public static boolean validateJSONP(String str, Request request, HttpServletResponse httpServletResponse) {
        if (str == null || JSONP_PATTERN.matcher(str).matches()) {
            return true;
        }
        badRequest(null, "Invalid jsonp callback function name", httpServletResponse);
        request.setHandled(true);
        return false;
    }

    public void process(Request request, HttpServletResponse httpServletResponse) {
        boolean callProcedure;
        boolean z = false;
        String header = request.getHeader(JSONP);
        if (validateJSONP(header, request, httpServletResponse)) {
            String header2 = request.getHeader(HttpHeader.AUTHORIZATION.asString());
            if (this.m_spnegoEnabled && (header2 == null || !header2.startsWith(HttpHeader.NEGOTIATE.asString()))) {
                m_log.debug("SpengoAuthenticator: sending challenge");
                httpServletResponse.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), HttpHeader.NEGOTIATE.asString());
                unauthorized(header, "must initiate SPNEGO negotiation", httpServletResponse);
                request.setHandled(true);
                return;
            }
            Continuation continuation = ContinuationSupport.getContinuation(request);
            String str = (String) continuation.getAttribute("result");
            if (str != null) {
                try {
                    httpServletResponse.setStatus(200);
                    httpServletResponse.getWriter().print(str);
                    request.setHandled(true);
                    return;
                } catch (IOException | IllegalStateException e) {
                    m_log.warn("JSON failed to send response: ", e);
                    return;
                }
            }
            if (Boolean.TRUE.equals(continuation.getAttribute("SQLSUBMITTED"))) {
                try {
                    continuation.suspend(httpServletResponse);
                    return;
                } catch (IllegalStateException e2) {
                    m_log.warn("JSON request completion exception in process: ", e2);
                    return;
                }
            }
            if (this.m_timeout > 0 && continuation.isInitial()) {
                continuation.setTimeout(this.m_timeout);
            }
            try {
                if (request.getMethod().equalsIgnoreCase("POST")) {
                    int contentLength = request.getContentLength();
                    if (contentLength > 2097152) {
                        ok(header, "Query string too large: " + String.valueOf(request.getContentLength()), httpServletResponse);
                        request.setHandled(true);
                        return;
                    } else if (contentLength == 0) {
                        ok(header, "Received POST with no parameters in the body.", httpServletResponse);
                        request.setHandled(true);
                        return;
                    }
                }
                if (header == null) {
                    header = request.getParameter(JSONP);
                    if (!validateJSONP(header, request, httpServletResponse)) {
                        return;
                    }
                }
                String parameter = request.getParameter(ProcedureStatistics.TYPE);
                String parameter2 = request.getParameter("Parameters");
                String parameter3 = request.getParameter(QUERY_TIMEOUT_PARAM);
                if (parameter == null) {
                    badRequest(header, "Procedure parameter is missing", httpServletResponse);
                    request.setHandled(true);
                    return;
                }
                int i = -1;
                if (parameter3 != null) {
                    try {
                        i = Integer.parseInt(parameter3);
                        if (i <= 0) {
                            throw new NumberFormatException("negative query timeout");
                        }
                    } catch (NumberFormatException e3) {
                        badRequest(header, "invalid query timeout: " + parameter3, httpServletResponse);
                        request.setHandled(true);
                        return;
                    }
                }
                AuthenticationResult authenticate = authenticate(request);
                if (!authenticate.isAuthenticated()) {
                    unauthorized(header, authenticate.m_message, httpServletResponse);
                    request.setHandled(true);
                    return;
                }
                continuation.suspend(httpServletResponse);
                z = true;
                JSONProcCallback jSONProcCallback = new JSONProcCallback(continuation, header);
                String remoteHost = request.getRemoteHost();
                if (parameter2 != null) {
                    try {
                        ParameterSet fromJSONString = ParameterSet.fromJSONString(parameter2);
                        if (fromJSONString == null) {
                            badRequest(header, "failed to decode invocation parameters", httpServletResponse);
                            request.setHandled(true);
                            continuation.complete();
                            return;
                        }
                        callProcedure = callProcedure(remoteHost, authenticate, i, jSONProcCallback, parameter, fromJSONString.toArray());
                    } catch (Exception e4) {
                        badRequest(header, "failed to parse invocation parameters", httpServletResponse);
                        request.setHandled(true);
                        continuation.complete();
                        return;
                    }
                } else {
                    callProcedure = callProcedure(remoteHost, authenticate, i, jSONProcCallback, parameter, new Object[0]);
                }
                if (callProcedure) {
                    if (header != null) {
                        request.setAttribute(JSONP, header);
                    }
                    continuation.setAttribute("SQLSUBMITTED", Boolean.TRUE);
                } else {
                    ok(header, "Server is not accepting work at this time.", httpServletResponse);
                    request.setHandled(true);
                    continuation.complete();
                }
            } catch (Exception e5) {
                String stackTraceAsString = Throwables.getStackTraceAsString(e5);
                m_rate_limited_log.log(EstTime.currentTimeMillis(), Level.WARN, e5, "JSON interface exception", new Object[0]);
                ok(header, stackTraceAsString, httpServletResponse);
                if (z) {
                    continuation.complete();
                }
                request.setHandled(true);
            }
        }
    }

    public boolean callProcedure(String str, AuthenticationResult authenticationResult, int i, ProcedureCallback procedureCallback, String str2, Object... objArr) {
        return this.m_invocationHandler.get().callProcedure(str, authenticationResult.m_authUser, authenticationResult.m_adminMode, i, procedureCallback, false, null, str2, objArr);
    }

    public boolean callProcedure(String str, AuthSystem.AuthUser authUser, boolean z, int i, ProcedureCallback procedureCallback, String str2, Object... objArr) {
        return this.m_invocationHandler.get().callProcedure(str, authUser, z, i, procedureCallback, false, null, str2, objArr);
    }

    VoltDB.Configuration getVoltDBConfig() {
        return VoltDB.instance().getConfig();
    }

    private AuthenticationResult getAuthenticationResult(HttpServletRequest httpServletRequest) {
        String str = null;
        String str2 = null;
        String str3 = null;
        String str4 = null;
        String header = httpServletRequest.getHeader(HttpHeader.AUTHORIZATION.asString());
        boolean z = false;
        if (header != null) {
            String[] split = header.split(HelpFormatter.DEFAULT_LONG_OPT_SEPARATOR);
            if (header.startsWith(HttpHeader.NEGOTIATE.asString())) {
                str4 = header.length() >= 10 ? header.substring(10) : "";
                z = true;
            } else if (split.length == 2) {
                if (split[0].equalsIgnoreCase("hashed")) {
                    String[] split2 = split[1].split(":");
                    if (split2.length == 2) {
                        str = split2[0];
                        str2 = split2[1];
                        z = true;
                    }
                } else if (split[0].equalsIgnoreCase("basic")) {
                    String[] split3 = new String(Base64.decode(split[1])).split(":");
                    if (split3.length == 2) {
                        str = split3[0];
                        str3 = split3[1];
                        z = true;
                    }
                }
            }
        }
        if (!z) {
            str = httpServletRequest.getParameter(PARAM_USERNAME);
            str2 = httpServletRequest.getParameter(PARAM_HASHEDPASSWORD);
            str3 = httpServletRequest.getParameter(PARAM_PASSWORD);
        }
        boolean equalsIgnoreCase = "true".equalsIgnoreCase(httpServletRequest.getParameter(PARAM_ADMIN));
        byte[] bArr = null;
        if (str3 != null) {
            try {
                bArr = MessageDigest.getInstance(ClientAuthScheme.getDigestScheme(ClientAuthScheme.HASH_SHA256)).digest(str3.getBytes(StandardCharsets.UTF_8));
            } catch (Exception e) {
                return new AuthenticationResult(false, null, equalsIgnoreCase, str, "JVM doesn't support SHA-256 hashing. Please use a supported JVM" + e);
            }
        }
        if (str2 != null) {
            if (str2.length() != 40 && str2.length() != 64) {
                return new AuthenticationResult(false, null, equalsIgnoreCase, str, "Hashedpassword must be a 40-byte hex-encoded SHA-1 hash (20 bytes unencoded). or 64-byte hex-encoded SHA-256 hash (32 bytes unencoded)");
            }
            try {
                bArr = Encoder.hexDecode(str2);
            } catch (Exception e2) {
                return new AuthenticationResult(false, null, equalsIgnoreCase, str, "Hashedpassword must be a 40-byte hex-encoded SHA-1 hash (20 bytes unencoded). or 64-byte hex-encoded SHA-256 hash (32 bytes unencoded)");
            }
        }
        if (!$assertionsDisabled && bArr != null && bArr.length != 20 && bArr.length != 32) {
            throw new AssertionError();
        }
        String remoteAddr = httpServletRequest.getRemoteAddr();
        if (remoteAddr == null) {
            remoteAddr = Tokens.T_NULL;
        }
        if (this.m_spnegoEnabled) {
            String spnegoLogin = spnegoLogin(str4);
            AuthSystem authSystem = getAuthSystem();
            authSystem.getClass();
            return !new AuthSystem.SpnegoPassthroughRequest(spnegoLogin).authenticate(ClientAuthScheme.SPNEGO, remoteAddr) ? new AuthenticationResult(false, null, equalsIgnoreCase, spnegoLogin, "User " + spnegoLogin + " from " + remoteAddr + " failed to authenticate") : new AuthenticationResult(true, ClientAuthScheme.SPNEGO, equalsIgnoreCase, spnegoLogin, "");
        }
        AuthSystem authSystem2 = getAuthSystem();
        authSystem2.getClass();
        AuthSystem.HashAuthenticationRequest hashAuthenticationRequest = new AuthSystem.HashAuthenticationRequest(str, bArr);
        ClientAuthScheme byUnencodedLength = bArr != null ? ClientAuthScheme.getByUnencodedLength(bArr.length) : ClientAuthScheme.HASH_SHA256;
        return !hashAuthenticationRequest.authenticate(byUnencodedLength, remoteAddr) ? new AuthenticationResult(false, null, equalsIgnoreCase, str, "User " + str + " from " + remoteAddr + " failed to authenticate") : new AuthenticationResult(true, byUnencodedLength, equalsIgnoreCase, str, "");
    }

    private String spnegoLogin(String str) {
        byte[] decode = B64Code.decode(str);
        if (str == null) {
            return null;
        }
        try {
            if (str.isEmpty()) {
                return null;
            }
            Oid oid = new Oid("1.3.6.1.5.5.2");
            GSSManager gSSManager = GSSManager.getInstance();
            GSSContext createContext = gSSManager.createContext(gSSManager.createName(this.m_servicePrincipal, (Oid) null).canonicalize(oid), oid, (GSSCredential) null, DeterminismHash.HASH_NOT_INCLUDE);
            if (createContext == null) {
                m_rate_limited_log.log(EstTime.currentTimeMillis(), Level.ERROR, null, "Failed to establish security context for SPNEGO authentication", new Object[0]);
                return null;
            }
            while (!createContext.isEstablished()) {
                decode = createContext.acceptSecContext(decode, 0, decode.length);
            }
            if (!createContext.isEstablished()) {
                return null;
            }
            if (createContext.getSrcName() == null) {
                m_rate_limited_log.log(EstTime.currentTimeMillis(), Level.ERROR, null, "Failed to read source name from established SPNEGO security context", new Object[0]);
                return null;
            }
            String gSSName = createContext.getSrcName().toString();
            if (m_log.isDebugEnabled()) {
                m_log.debug("established SPNEGO security context for " + gSSName);
            }
            return gSSName;
        } catch (GSSException e) {
            m_rate_limited_log.log(EstTime.currentTimeMillis(), Level.ERROR, e, "failed SPNEGO authentication", new Object[0]);
            return null;
        }
    }

    AuthSystem getAuthSystem() {
        return VoltDB.instance().getCatalogContext().authSystem;
    }

    public void unauthenticate(HttpServletRequest httpServletRequest) {
        HttpSession session;
        if (HTTP_DONT_USE_SESSION || (session = httpServletRequest.getSession(false)) == null) {
            return;
        }
        session.removeAttribute(AUTH_USER_SESSION_KEY);
        session.invalidate();
    }

    public AuthenticationResult authenticate(HttpServletRequest httpServletRequest) {
        HttpSession httpSession = null;
        AuthenticationResult authenticationResult = null;
        if (!HTTP_DONT_USE_SESSION && !this.m_dontUseSession) {
            try {
                httpSession = httpServletRequest.getSession();
                if (httpSession != null) {
                    if (httpSession.isNew()) {
                        httpSession.setMaxInactiveInterval(MAX_SESSION_INACTIVITY_SECONDS);
                    }
                    authenticationResult = (AuthenticationResult) httpSession.getAttribute(AUTH_USER_SESSION_KEY);
                }
            } catch (Exception e) {
                httpSession = null;
                m_rate_limited_log.log(EstTime.currentTimeMillis(), Level.ERROR, e, "Failed to get or create HTTP Session. authenticating user explicitely.", new Object[0]);
            }
        }
        if (authenticationResult == null) {
            authenticationResult = getAuthenticationResult(httpServletRequest);
            if (!authenticationResult.isAuthenticated()) {
                if (httpSession != null) {
                    httpSession.removeAttribute(AUTH_USER_SESSION_KEY);
                }
                m_rate_limited_log.log("JSON interface exception: " + authenticationResult.m_message, EstTime.currentTimeMillis());
            } else if (httpSession != null) {
                httpSession.setAttribute(AUTH_USER_SESSION_KEY, authenticationResult);
            }
        }
        return authenticationResult;
    }

    public void dontStoreAuthenticationResultInHttpSession() {
        this.m_dontUseSession = true;
        final Timer timer = new Timer();
        timer.schedule(new TimerTask() { // from class: org.voltdb.HTTPClientInterface.2
            @Override // java.util.TimerTask, java.lang.Runnable
            public void run() {
                HTTPClientInterface.this.m_dontUseSession = false;
                timer.cancel();
            }
        }, TimeUnit.SECONDS.toMillis(MAX_SESSION_INACTIVITY_SECONDS));
    }

    static {
        $assertionsDisabled = !HTTPClientInterface.class.desiredAssertionStatus();
        JSONP_PATTERN = Pattern.compile("^[a-zA-Z0-9_$]*$");
        m_log = new VoltLogger("HOST");
        m_rate_limited_log = new RateLimitedLogger(10000L, m_log, Level.WARN);
        MAX_SESSION_INACTIVITY_SECONDS = Integer.getInteger("HTTP_SESSION_TIMEOUT_SECONDS", 30).intValue();
        HTTP_DONT_USE_SESSION = Boolean.getBoolean("HTTP_DONT_USE_SESSION");
    }
}
