package com.mapr.admin.controller;

import com.hazelcast.security.permission.ActionConstants;
import com.mapr.admin.Constants;
import com.mapr.admin.lib.MapRCliUtils;
import com.mapr.admin.model.metering.CGClusterInfo;
import com.mapr.admin.security.JwtAuthToken;
import com.mapr.admin.service.AdminService;
import com.mapr.admin.service.AdminServiceConstants;
import com.mapr.admin.service.impl.MapRAdminService;
import com.mapr.admin.util.ControllerUtil;
import com.mapr.admin.util.FileUtil;
import com.mapr.admin.util.Oauth2Util;
import com.mapr.baseutils.sso.roles.SSORoleTranslator;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.SwaggerDefinition;
import io.swagger.annotations.Tag;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.codehaus.stax2.XMLStreamProperties;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.web.client.HttpClientErrorException;

@Api("rest")
@Path("/rest/{command}/{other: .*}")
@SwaggerDefinition(tags = {@Tag(name = "rest", description = "MapR cluster administration API")})
@Produces({"application/json"})
/* loaded from: input_file:com/mapr/admin/controller/RestController.class */
public class RestController extends ResourceController {
    AdminService adminService = new MapRAdminService();
    private static final String IMPERSONATE_AS_MAPR_USER = "X-MAPR-IMPERSONATE_AS_MAPR_USER";
    private static final Logger log = LogManager.getLogger((Class<?>) RestController.class);
    private static final List<String> GET_RESOURCES = Arrays.asList("create", "delete", XMLStreamProperties.XSP_V_XMLID_NONE, "edit", "enable", "move", "purge", ActionConstants.ACTION_REMOVE, "rename", "resolve", "set");
    private static final String[] INSTALLER_PRIMARY_CLUSTER_COMMANDS = {"listdeployments", "clusterremove", "clustercreate", "clusterinfo", "getclusterkey", "clusterstatus", "storageconfig"};
    private static final String[] CLUSTERGROUP_PRIMARY_CLUSTER_COMMANDS = {ActionConstants.ACTION_REMOVE, "addexternal"};
    private static final String[] CLUSTER_PRIMARY_CLUSTER_COMMANDS = {"setssoconf", "resetssoconf"};
    private static final String[] SECURITY_PRIMARY_CLUSTER_COMMANDS = {"policy/create", "policy/modify"};

    @POST
    @Consumes({"application/x-www-form-urlencoded"})
    @ApiOperation("Act upon an entity (node/volume/table/acl/service...)")
    public String executePost(@Context HttpServletRequest httpServletRequest, @Context UriInfo uriInfo, @PathParam("command") String str, @PathParam("other") String str2, MultivaluedMap<String, String> multivaluedMap) {
        HashMap hashMap = new HashMap();
        boolean z = false;
        String str3 = null;
        if (SecurityContextHolder.getContext().getAuthentication() instanceof OAuth2AuthenticationToken) {
            z = true;
            if (httpServletRequest.getSession().getAttribute("atoken") == null) {
                return ControllerUtil.generateJosnErrorResponse(401, Constants.NO_ACCESS_TOKEN_ERROR);
            }
            str3 = httpServletRequest.getSession().getAttribute("atoken").toString();
        } else if (SecurityContextHolder.getContext().getAuthentication() instanceof JwtAuthToken) {
            z = true;
            String header = httpServletRequest.getHeader("Authorization");
            str3 = header.substring(header.indexOf(32) + 1);
        }
        String header2 = httpServletRequest.getHeader("clusterName");
        if (multivaluedMap != null) {
            for (Map.Entry<String, String> entry : multivaluedMap.entrySet()) {
                hashMap.put(entry.getKey(), (String) ((List) entry.getValue()).get(0));
            }
        }
        for (Map.Entry<String, String> entry2 : uriInfo.getQueryParameters().entrySet()) {
            hashMap.put(entry2.getKey(), (String) ((List) entry2.getValue()).get(0));
        }
        validate(str, str2, hashMap);
        if ("cluster".equals(str)) {
            return handleClusterCommand(Boolean.valueOf(z), header2, str3, str, str2, hashMap);
        }
        if (AdminServiceConstants.CLUSTER_GROUP.equals(str)) {
            return handleClusterGroupCommand(Boolean.valueOf(z), header2, str3, str, str2, hashMap);
        }
        if ("installer".equals(str)) {
            return handleInstallerCommand(Boolean.valueOf(z), header2, str3, str, str2, hashMap);
        }
        if ("security".equals(str) && Arrays.asList(str2.split("/")).contains("policy")) {
            return handleSecurityPolicyCommand(Boolean.valueOf(z), header2, str3, str, str2, hashMap);
        }
        if (header2 != null && !this.adminService.isClusterLocal(header2)) {
            return z ? str3 == null ? ControllerUtil.generateJosnErrorResponse(401, Constants.NO_ACCESS_TOKEN_ERROR) : this.adminService.executeMaprCliRemotelyForAllIps(header2, str3, str, str2, hashMap) : ControllerUtil.generateJosnErrorResponse(401, Constants.NON_SSO_ERROR);
        }
        if (!z) {
            try {
                return MapRCliUtils.executeCLI(str, str2, hashMap, getProxyOrLoggedInUser()).toJSONString();
            } catch (Exception e) {
                log.debug("Caught Mapr exception in API server " + e.getMessage());
                return ControllerUtil.generateJosnErrorResponse(500, e.getMessage());
            }
        }
        if (str.equals("acl") && str2.equals("userperms")) {
            List claimAsList = Oauth2Util.getInstance().getJwtValidator().getClaimAsList(str3, "userRoles");
            log.debug("userRoles: {}", claimAsList);
            long clusterCapabilities = SSORoleTranslator.getInstance().getClusterCapabilities(claimAsList);
            log.debug("opmask: {}", Long.valueOf(clusterCapabilities));
            hashMap.put("opmask", Long.toString(clusterCapabilities));
        }
        Enumeration<String> headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            if (headerNames.nextElement().equalsIgnoreCase(IMPERSONATE_AS_MAPR_USER) && ((str.equalsIgnoreCase("config") && str2.equalsIgnoreCase(AdminServiceConstants.SAVE)) || (str.equalsIgnoreCase("cluster") && str2.equalsIgnoreCase(AdminServiceConstants.SET_ACTIVATION_KEY)))) {
                log.debug("execute cli as mapr user");
                return MapRCliUtils.executeCLI(str, str2, hashMap, getProxyOrLoggedInUser()).toJSONString();
            }
        }
        log.debug("begin execute CLI command for sso login; {}", str + " " + str2);
        try {
            return MapRCliUtils.executeCLIForSso(str, str2, hashMap, str3).toJSONString();
        } catch (Exception e2) {
            log.debug("Caught Mapr exception in API server " + e2.getMessage());
            return ControllerUtil.generateJosnErrorResponse(500, e2.getMessage());
        }
    }

    private String handleInstallerCommand(Boolean bool, String str, String str2, String str3, String str4, Map<String, String> map) {
        map.get("apiips");
        String substring = str4.substring(str4.length() - 1).equals("/") ? str4.substring(0, str4.length() - 1) : str4;
        String str5 = str3 + " " + substring;
        if (!bool.booleanValue()) {
            log.debug("begin execute CLI command for non sso login on local cluster {}", str5);
            return MapRCliUtils.executeCLI(str3, substring, map, getProxyOrLoggedInUser()).toJSONString();
        }
        if (Arrays.asList(INSTALLER_PRIMARY_CLUSTER_COMMANDS).contains(substring)) {
            log.debug("Forwarding to primary cluster " + str3 + " " + substring);
            return executeMaprCommandOnPrimary(bool, str, str2, str3, substring, map);
        }
        if (str == null || this.adminService.isClusterLocal(str)) {
            log.debug("begin execute CLI command for sso login {} on local cluster", str5);
            return MapRCliUtils.executeCLIForSso(str3, substring, map, str2).toJSONString();
        }
        log.debug("begin execute CLI command for sso login on remote cluster {}", str5);
        return this.adminService.executeMaprCliRemotelyForAllIps(str, str2, str3, substring, map);
    }

    private String executeMaprCommandOnPrimary(Boolean bool, String str, String str2, String str3, String str4, Map<String, String> map) {
        CGClusterInfo primaryClusterDetails = this.adminService.getPrimaryClusterDetails();
        if (!this.adminService.isClusterLocal(primaryClusterDetails.getClusterName())) {
            log.debug("cluster local is false, execute the command with sso token");
            return this.adminService.executeMaprCliRemotelyForAllIps(primaryClusterDetails.getClusterName(), str2, str3, str4, map);
        }
        if (bool.booleanValue()) {
            log.debug("sso login and is local cluster and execute the command with sso token");
            return MapRCliUtils.executeCLIForSso(str3, str4, map, str2).toJSONString();
        }
        log.debug("non sso login and is local cluster and execute the command without sso token");
        return MapRCliUtils.executeCLI(str3, str4, map, getProxyOrLoggedInUser()).toJSONString();
    }

    private String handleClusterCommand(Boolean bool, String str, String str2, String str3, String str4, Map<String, String> map) {
        String str5 = str3 + " " + str4;
        if (!bool.booleanValue()) {
            log.debug("begin execute CLI command for non sso login on local cluster {}", str5);
            return MapRCliUtils.executeCLI(str3, str4, map, getProxyOrLoggedInUser()).toJSONString();
        }
        if (Arrays.asList(CLUSTER_PRIMARY_CLUSTER_COMMANDS).contains(str4)) {
            log.debug("Forwarding to primary cluster " + str3 + " " + str4);
            return executeMaprCommandOnPrimary(bool, str, str2, str3, str4, map);
        }
        if (str == null || this.adminService.isClusterLocal(str)) {
            log.debug("begin execute CLI command for sso login {} on local cluster", str5);
            return MapRCliUtils.executeCLIForSso(str3, str4, map, str2).toJSONString();
        }
        log.debug("begin execute CLI command for sso login on remote cluster {}", str5);
        return this.adminService.executeMaprCliRemotelyForAllIps(str, str2, str3, str4, map);
    }

    private String handleClusterGroupCommand(Boolean bool, String str, String str2, String str3, String str4, Map<String, String> map) {
        String str5 = map.get("apiips");
        String substring = str4.substring(str4.length() - 1).equals("/") ? str4.substring(0, str4.length() - 1) : str4;
        String str6 = str3 + " " + substring;
        if (!bool.booleanValue()) {
            log.debug("begin execute CLI command for non sso login on local cluster {}", str6);
            try {
                return MapRCliUtils.executeCLI(str3, substring, map, getProxyOrLoggedInUser()).toJSONString();
            } catch (Exception e) {
                log.debug("Caught Mapr exception in API server " + e.getMessage());
                return ControllerUtil.generateJosnErrorResponse(500, e.getMessage());
            }
        }
        if (Arrays.asList(CLUSTERGROUP_PRIMARY_CLUSTER_COMMANDS).contains(substring)) {
            return executeMaprCommandOnPrimary(bool, str, str2, str3, substring, map);
        }
        if (!"setprimary".equals(substring)) {
            if (str == null || this.adminService.isClusterLocal(str)) {
                log.debug("begin execute CLI command for sso login {} on local cluster", str6);
                try {
                    try {
                        return MapRCliUtils.executeCLIForSso(str3, substring, map, str2).toJSONString();
                    } catch (Exception e2) {
                        log.debug("Caught Mapr exception in API server " + e2.getMessage());
                        return ControllerUtil.generateJosnErrorResponse(500, e2.getMessage());
                    }
                } catch (HttpClientErrorException e3) {
                    log.debug("Caught Mapr exception in API server " + e3.getMessage());
                    return ControllerUtil.generateJosnErrorResponse(e3.getStatusCode().value(), e3.getMessage());
                }
            }
            log.debug("begin execute CLI command for sso login on remote cluster {}", str6);
            try {
                return this.adminService.executeMaprCliRemotelyForAllIps(str, str2, str3, substring, map);
            } catch (HttpClientErrorException e4) {
                log.debug("Caught Mapr exception in API server " + e4.getMessage());
                return ControllerUtil.generateJosnErrorResponse(e4.getStatusCode().value(), e4.getMessage());
            } catch (Exception e5) {
                log.debug("Caught Mapr exception in API server " + e5.getMessage());
                return ControllerUtil.generateJosnErrorResponse(500, e5.getMessage());
            }
        }
        log.debug("handle clustergroup setprimary command {}", str6);
        if (this.adminService.isClusterLocal(str)) {
            log.debug("begin execute CLI command for sso login {} on local cluster", str6);
            try {
                try {
                    return MapRCliUtils.executeCLIForSso(str3, substring, map, str2).toJSONString();
                } catch (HttpClientErrorException e6) {
                    log.debug("Caught Mapr exception in API server " + e6.getMessage());
                    return ControllerUtil.generateJosnErrorResponse(e6.getStatusCode().value(), e6.getMessage());
                }
            } catch (Exception e7) {
                log.debug("Caught Mapr exception in API server " + e7.getMessage());
                return ControllerUtil.generateJosnErrorResponse(500, e7.getMessage());
            }
        }
        if (str5 == null) {
            return ControllerUtil.generateJosnErrorResponse(500, "Cluster IP not provided for the fabric to be imported");
        }
        HashMap hashMap = new HashMap();
        CGClusterInfo primaryClusterDetails = this.adminService.getPrimaryClusterDetails();
        hashMap.put("cldbips", primaryClusterDetails.getCldbips());
        hashMap.put("crossclusterticket", primaryClusterDetails.getCrossClusterTicket());
        hashMap.put("clustername", primaryClusterDetails.getClusterName());
        log.debug("begin execute CLI command for sso login on remote cluster {}", str6);
        try {
            return this.adminService.executeMaprCliRemotely(str2, str5, str3, substring, hashMap, str);
        } catch (HttpClientErrorException e8) {
            log.debug("Caught Mapr exception in API server " + e8.getMessage());
            return ControllerUtil.generateJosnErrorResponse(500, "Cannot import fabric, please contact administrator " + e8.getMessage());
        } catch (Exception e9) {
            log.debug("Caught Mapr exception in API server " + e9.getMessage());
            return ControllerUtil.generateJosnErrorResponse(500, e9.getMessage());
        }
    }

    @GET
    @ApiOperation("Query entity details (node/volume/table/acl...)")
    public Response executeGet(@Context UriInfo uriInfo, @Context HttpServletRequest httpServletRequest, @PathParam("command") String str, @PathParam("other") String str2) {
        List asList = Arrays.asList(str2.split("/"));
        HashMap hashMap = new HashMap();
        if (GET_RESOURCES.contains(asList.get(asList.size() - 1))) {
            return Response.status(Response.Status.METHOD_NOT_ALLOWED).build();
        }
        for (Map.Entry<String, String> entry : uriInfo.getQueryParameters().entrySet()) {
            hashMap.put(entry.getKey(), (String) ((List) entry.getValue()).get(0));
        }
        validate(str, str2, hashMap);
        return Response.ok(MapRCliUtils.executeCLI(str, str2, hashMap, getProxyOrLoggedInUser()).toJSONString()).build();
    }

    private void validate(String str, String str2, Map<String, String> map) {
        if (!AdminServiceConstants.VOLUME_CMD.equals(str) || map.get("path") == null) {
            return;
        }
        FileUtil.failIfDirectoryTraversal(map.get("path"));
    }

    private String handleSecurityPolicyCommand(Boolean bool, String str, String str2, String str3, String str4, Map<String, String> map) {
        String substring = str4.endsWith("/") ? str4.substring(0, str4.length() - 1) : str4;
        String str5 = str3 + ' ' + substring;
        if (!bool.booleanValue()) {
            log.debug("begin execute CLI command for non sso login on local cluster {}", str5);
            return MapRCliUtils.executeCLI(str3, substring, map, getProxyOrLoggedInUser()).toJSONString();
        }
        if (Arrays.asList(SECURITY_PRIMARY_CLUSTER_COMMANDS).contains(substring)) {
            log.debug("Forwarding to primary cluster {} {}", str3, substring);
            return executeMaprCommandOnPrimary(true, str, str2, str3, substring, map);
        }
        if (str == null || this.adminService.isClusterLocal(str)) {
            log.debug("begin execute CLI command for sso login {} on local cluster", str5);
            return MapRCliUtils.executeCLIForSso(str3, substring, map, str2).toJSONString();
        }
        log.debug("begin execute CLI command for sso login on remote cluster {}", str5);
        return this.adminService.executeMaprCliRemotelyForAllIps(str, str2, str3, substring, map);
    }
}
