package org.apache.solr.servlet;

import com.google.common.annotations.VisibleForTesting;
import io.opentracing.Span;
import io.opentracing.Tracer;
import io.opentracing.tag.Tags;
import io.opentracing.util.GlobalTracer;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.util.List;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Pattern;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.UnavailableException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.client.HttpClient;
import org.apache.solr.api.V2HttpCall;
import org.apache.solr.cloud.api.collections.DistributedCollectionConfigSetCommandRunner;
import org.apache.solr.common.SolrException;
import org.apache.solr.common.util.ExecutorUtil;
import org.apache.solr.common.util.SuppressForbidden;
import org.apache.solr.core.CoreContainer;
import org.apache.solr.core.NodeRoles;
import org.apache.solr.handler.api.V2ApiUtils;
import org.apache.solr.logging.MDCLoggingContext;
import org.apache.solr.logging.MDCSnapshot;
import org.apache.solr.request.SolrRequestInfo;
import org.apache.solr.security.AuditEvent;
import org.apache.solr.security.AuthenticationPlugin;
import org.apache.solr.security.PKIAuthenticationPlugin;
import org.apache.solr.security.PublicKeyHandler;
import org.apache.solr.servlet.CoordinatorHttpSolrCall;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/solr/servlet/SolrDispatchFilter.class */
public class SolrDispatchFilter extends BaseSolrFilter implements PathExcluder {
    private static final Logger log;
    public static final String ATTR_TRACING_SPAN;
    public static final String ATTR_TRACING_TRACER;
    private CoreContainerProvider containerProvider;
    private HttpSolrCallFactory solrCallFactory;
    private List<Pattern> excludePatterns;
    public static final String PROPERTIES_ATTRIBUTE = "solr.properties";
    public static final String SOLRHOME_ATTRIBUTE = "solr.solr.home";
    public static final String SOLR_INSTALL_DIR_ATTRIBUTE = "solr.install.dir";
    public static final String SOLR_DEFAULT_CONFDIR_ATTRIBUTE = "solr.default.confdir";
    public static final String SOLR_LOG_MUTECONSOLE = "solr.log.muteconsole";
    public static final String SOLR_LOG_LEVEL = "solr.log.level";
    static final /* synthetic */ boolean $assertionsDisabled;
    protected final CountDownLatch init = new CountDownLatch(1);
    protected String abortErrorMessage = null;
    public final boolean isV2Enabled = V2ApiUtils.isEnabled();

    /* loaded from: input_file:org/apache/solr/servlet/SolrDispatchFilter$Action.class */
    public enum Action {
        PASSTHROUGH,
        FORWARD,
        RETURN,
        RETRY,
        ADMIN,
        REMOTEQUERY,
        PROCESS,
        ADMIN_OR_REMOTEQUERY
    }

    /* loaded from: input_file:org/apache/solr/servlet/SolrDispatchFilter$HttpSolrCallFactory.class */
    public interface HttpSolrCallFactory {
        default HttpSolrCall createInstance(SolrDispatchFilter solrDispatchFilter, String str, CoreContainer coreContainer, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) {
            return (solrDispatchFilter.isV2Enabled && (str.startsWith("/____v2/") || str.equals("/____v2"))) ? new V2HttpCall(solrDispatchFilter, coreContainer, httpServletRequest, httpServletResponse, z) : new HttpSolrCall(solrDispatchFilter, coreContainer, httpServletRequest, httpServletResponse, z);
        }
    }

    @Override // org.apache.solr.servlet.PathExcluder
    public void setExcludePatterns(List<Pattern> list) {
        this.excludePatterns = list;
    }

    public HttpClient getHttpClient() {
        try {
            return this.containerProvider.getHttpClient();
        } catch (UnavailableException e) {
            throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "Internal Http Client Unavailable, startup may have failed");
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        try {
            try {
                this.containerProvider = CoreContainerProvider.serviceForContext(filterConfig.getServletContext());
                this.solrCallFactory = NodeRoles.MODE_ON.equals(getCores().nodeRoles.getRoleMode(NodeRoles.Role.COORDINATOR)) ? new CoordinatorHttpSolrCall.Factory() : new HttpSolrCallFactory() { // from class: org.apache.solr.servlet.SolrDispatchFilter.1
                };
                if (log.isTraceEnabled()) {
                    log.trace("SolrDispatchFilter.init(): {}", getClass().getClassLoader());
                }
                ServletUtils.configExcludes(this, filterConfig.getInitParameter("excludePatterns"));
                log.trace("SolrDispatchFilter.init() done");
                this.init.countDown();
            } catch (Throwable th) {
                log.error("Could not start Dispatch Filter.", th);
                if (th instanceof Error) {
                    throw ((Error) th);
                }
                log.trace("SolrDispatchFilter.init() done");
                this.init.countDown();
            }
        } catch (Throwable th2) {
            log.trace("SolrDispatchFilter.init() done");
            this.init.countDown();
            throw th2;
        }
    }

    public CoreContainer getCores() throws UnavailableException {
        return this.containerProvider.getCoreContainer();
    }

    public void destroy() {
    }

    @SuppressForbidden(reason = "Set the thread contextClassLoader for all 3rd party dependencies that we cannot control")
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        MDCSnapshot create = MDCSnapshot.create();
        try {
            if (!$assertionsDisabled && null == create) {
                throw new AssertionError();
            }
            MDCLoggingContext.reset();
            MDCLoggingContext.setNode(getCores());
            Thread.currentThread().setContextClassLoader(getCores().getResourceLoader().getClassLoader());
            doFilter(servletRequest, servletResponse, filterChain, false);
            if (create != null) {
                create.close();
            }
        } catch (Throwable th) {
            if (create != null) {
                try {
                    create.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain, boolean z) throws IOException, ServletException {
        if (servletRequest instanceof HttpServletRequest) {
            HttpServletRequest closeShield = ServletUtils.closeShield((HttpServletRequest) servletRequest, z);
            HttpServletResponse closeShield2 = ServletUtils.closeShield((HttpServletResponse) servletResponse, z);
            if (ServletUtils.excludedPath(this.excludePatterns, closeShield, closeShield2, filterChain)) {
                return;
            }
            closeShield.setAttribute(ATTR_TRACING_TRACER, getCores() == null ? GlobalTracer.get() : getCores().getTracer());
            try {
                ServletUtils.rateLimitRequest(this.containerProvider.getRateLimitManager(), closeShield, closeShield2, () -> {
                    try {
                        dispatch(filterChain, closeShield, closeShield2, z);
                    } catch (IOException | ServletException | SolrAuthenticationException e) {
                        throw new ExceptionWhileTracing(e);
                    }
                });
                ServletUtils.consumeInputFully(closeShield, closeShield2);
                SolrRequestInfo.reset();
                SolrRequestParsers.cleanupMultipartFiles(closeShield);
            } catch (Throwable th) {
                ServletUtils.consumeInputFully(closeShield, closeShield2);
                SolrRequestInfo.reset();
                SolrRequestParsers.cleanupMultipartFiles(closeShield);
                throw th;
            }
        }
    }

    private static Span getSpan(HttpServletRequest httpServletRequest) {
        return (Span) httpServletRequest.getAttribute(ATTR_TRACING_SPAN);
    }

    private void dispatch(FilterChain filterChain, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException, ServletException, SolrAuthenticationException {
        AtomicReference<HttpServletRequest> atomicReference = new AtomicReference<>();
        authenticateRequest(httpServletRequest, httpServletResponse, atomicReference);
        if (atomicReference.get() != null) {
            httpServletRequest = atomicReference.get();
        }
        if (getCores().getAuthenticationPlugin() != null) {
            if (log.isDebugEnabled()) {
                log.debug("User principal: {}", httpServletRequest.getUserPrincipal());
            }
            getSpan(httpServletRequest).setTag(Tags.DB_USER, String.valueOf(httpServletRequest.getUserPrincipal() != null ? httpServletRequest.getUserPrincipal().getName() : null));
        }
        HttpSolrCall httpSolrCall = getHttpSolrCall(httpServletRequest, httpServletResponse, z);
        ExecutorUtil.setServerThreadFlag(Boolean.TRUE);
        try {
            switch (httpSolrCall.call()) {
                case PASSTHROUGH:
                    getSpan(httpServletRequest).log("SolrDispatchFilter PASSTHROUGH");
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    break;
                case RETRY:
                    getSpan(httpServletRequest).log("SolrDispatchFilter RETRY");
                    doFilter(httpServletRequest, httpServletResponse, filterChain, true);
                    break;
                case FORWARD:
                    getSpan(httpServletRequest).log("SolrDispatchFilter FORWARD");
                    httpServletRequest.getRequestDispatcher(httpSolrCall.getPath()).forward(httpServletRequest, httpServletResponse);
                    break;
            }
        } finally {
            httpSolrCall.destroy();
            ExecutorUtil.setServerThreadFlag((Boolean) null);
        }
    }

    protected HttpSolrCall getHttpSolrCall(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) {
        try {
            return this.solrCallFactory.createInstance(this, ServletUtils.getPathAfterContext(httpServletRequest), getCores(), httpServletRequest, httpServletResponse, z);
        } catch (UnavailableException e) {
            throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "Core Container Unavailable");
        }
    }

    private void authenticateRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AtomicReference<HttpServletRequest> atomicReference) throws IOException, SolrAuthenticationException {
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        try {
            CoreContainer cores = getCores();
            AuthenticationPlugin authenticationPlugin = cores.getAuthenticationPlugin();
            if (authenticationPlugin == null) {
                if (shouldAudit(AuditEvent.EventType.ANONYMOUS)) {
                    cores.getAuditLoggerPlugin().doAudit(new AuditEvent(AuditEvent.EventType.ANONYMOUS, httpServletRequest));
                    return;
                }
                return;
            }
            String pathAfterContext = ServletUtils.getPathAfterContext(httpServletRequest);
            if (PublicKeyHandler.PATH.equals(pathAfterContext)) {
                log.debug("Pass through PKI authentication endpoint");
                return;
            }
            if ("/solr/".equals(pathAfterContext) || DistributedCollectionConfigSetCommandRunner.ZK_PATH_SEPARATOR.equals(pathAfterContext)) {
                log.debug("Pass through Admin UI entry point");
                return;
            }
            String header = httpServletRequest.getHeader(PKIAuthenticationPlugin.HEADER);
            String header2 = httpServletRequest.getHeader(PKIAuthenticationPlugin.HEADER_V2);
            if ((header != null || header2 != null) && cores.getPkiAuthenticationSecurityBuilder() != null) {
                authenticationPlugin = cores.getPkiAuthenticationSecurityBuilder();
            }
            try {
                if (log.isDebugEnabled()) {
                    log.debug("Request to authenticate: {}, domain: {}, port: {}", new Object[]{httpServletRequest, httpServletRequest.getLocalName(), Integer.valueOf(httpServletRequest.getLocalPort())});
                }
                if (authenticationPlugin.authenticate(httpServletRequest, httpServletResponse, (servletRequest, servletResponse) -> {
                    atomicBoolean.set(true);
                    atomicReference.set((HttpServletRequest) servletRequest);
                }) && atomicBoolean.get()) {
                    if (shouldAudit(AuditEvent.EventType.AUTHENTICATED)) {
                        cores.getAuditLoggerPlugin().doAudit(new AuditEvent(AuditEvent.EventType.AUTHENTICATED, httpServletRequest));
                    }
                } else {
                    httpServletResponse.flushBuffer();
                    if (shouldAudit(AuditEvent.EventType.REJECTED)) {
                        cores.getAuditLoggerPlugin().doAudit(new AuditEvent(AuditEvent.EventType.REJECTED, httpServletRequest));
                    }
                    throw new SolrAuthenticationException();
                }
            } catch (Exception e) {
                log.info("Error authenticating", e);
                throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "Error during request authentication, ", e);
            }
        } catch (UnavailableException e2) {
            throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "Core Container Unavailable");
        }
    }

    private boolean shouldAudit(AuditEvent.EventType eventType) {
        try {
            CoreContainer cores = getCores();
            return cores.getAuditLoggerPlugin() != null && cores.getAuditLoggerPlugin().shouldLog(eventType);
        } catch (UnavailableException e) {
            throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "Core Container Unavailable");
        }
    }

    @VisibleForTesting
    void replaceRateLimitManager(RateLimitManager rateLimitManager) {
        this.containerProvider.setRateLimitManager(rateLimitManager);
    }

    static {
        $assertionsDisabled = !SolrDispatchFilter.class.desiredAssertionStatus();
        log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
        ATTR_TRACING_SPAN = Span.class.getName();
        ATTR_TRACING_TRACER = Tracer.class.getName();
    }
}
