package org.apache.nifi.processors.standard.servlets;

import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicLong;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Pattern;
import java.util.zip.GZIPInputStream;
import javax.servlet.AsyncContext;
import javax.servlet.MultipartConfigElement;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.Part;
import javax.ws.rs.Path;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.flowfile.attributes.CoreAttributes;
import org.apache.nifi.flowfile.attributes.StandardFlowFileMediaType;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.ProcessSessionFactory;
import org.apache.nifi.processors.standard.ListenHTTP;
import org.apache.nifi.processors.standard.PostHTTP;
import org.apache.nifi.processors.standard.exception.ListenHttpException;
import org.apache.nifi.processors.standard.relp.response.RELPResponse;
import org.apache.nifi.processors.standard.util.PGPUtil;
import org.apache.nifi.schema.access.SchemaNotFoundException;
import org.apache.nifi.serialization.MalformedRecordException;
import org.apache.nifi.serialization.RecordReader;
import org.apache.nifi.serialization.RecordReaderFactory;
import org.apache.nifi.serialization.RecordSetWriter;
import org.apache.nifi.serialization.RecordSetWriterFactory;
import org.apache.nifi.serialization.record.RecordSet;
import org.apache.nifi.stream.io.StreamThrottler;
import org.apache.nifi.stream.io.StreamUtils;
import org.apache.nifi.util.FlowFileUnpackager;
import org.apache.nifi.util.FlowFileUnpackagerV1;
import org.apache.nifi.util.FlowFileUnpackagerV2;
import org.apache.nifi.util.FlowFileUnpackagerV3;

@Path("")
/* loaded from: input_file:org/apache/nifi/processors/standard/servlets/ListenHTTPServlet.class */
public class ListenHTTPServlet extends HttpServlet {
    private static final long serialVersionUID = 5329940480987723163L;
    public static final String FLOWFILE_CONFIRMATION_HEADER = "x-prefer-acknowledge-uri";
    public static final String LOCATION_HEADER_NAME = "Location";
    public static final String DEFAULT_FOUND_SUBJECT = "none";
    public static final String DEFAULT_FOUND_ISSUER = "none";
    public static final String LOCATION_URI_INTENT_NAME = "x-location-uri-intent";
    public static final String LOCATION_URI_INTENT_VALUE = "flowfile-hold";
    public static final int FILES_BEFORE_CHECKING_DESTINATION_SPACE = 5;
    public static final String ACCEPT_HEADER_NAME = "Accept";
    public static final String ACCEPT_HEADER_VALUE = String.format("%s,%s,%s,%s,*/*;q=0.8", StandardFlowFileMediaType.VERSION_3.getMediaType(), StandardFlowFileMediaType.VERSION_2.getMediaType(), StandardFlowFileMediaType.VERSION_1.getMediaType(), StandardFlowFileMediaType.VERSION_UNSPECIFIED.getMediaType());
    public static final String ACCEPT_ENCODING_NAME = "Accept-Encoding";
    public static final String ACCEPT_ENCODING_VALUE = "gzip";
    public static final String GZIPPED_HEADER = "flowfile-gzipped";
    public static final String PROTOCOL_VERSION_HEADER = "x-nifi-transfer-protocol-version";
    public static final String PROTOCOL_VERSION = "3";
    private final AtomicLong filesReceived = new AtomicLong(0);
    private final AtomicBoolean spaceAvailable = new AtomicBoolean(true);
    private ComponentLog logger;
    private AtomicReference<ProcessSessionFactory> sessionFactoryHolder;
    private volatile ProcessContext processContext;
    private Pattern authorizedPattern;
    private Pattern authorizedIssuerPattern;
    private Pattern headerPattern;
    private ConcurrentMap<String, ListenHTTP.FlowFileEntryTimeWrapper> flowFileMap;
    private StreamThrottler streamThrottler;
    private String basePath;
    private int returnCode;
    private long multipartRequestMaxSize;
    private int multipartReadBufferSize;
    private int port;
    private RecordReaderFactory readerFactory;
    private RecordSetWriterFactory writerFactory;

    public void init(ServletConfig servletConfig) throws ServletException {
        ServletContext servletContext = servletConfig.getServletContext();
        this.logger = (ComponentLog) servletContext.getAttribute(ListenHTTP.CONTEXT_ATTRIBUTE_LOGGER);
        this.sessionFactoryHolder = (AtomicReference) servletContext.getAttribute(ListenHTTP.CONTEXT_ATTRIBUTE_SESSION_FACTORY_HOLDER);
        this.processContext = (ProcessContext) servletContext.getAttribute(ListenHTTP.CONTEXT_ATTRIBUTE_PROCESS_CONTEXT_HOLDER);
        this.authorizedPattern = (Pattern) servletContext.getAttribute(ListenHTTP.CONTEXT_ATTRIBUTE_AUTHORITY_PATTERN);
        this.authorizedIssuerPattern = (Pattern) servletContext.getAttribute(ListenHTTP.CONTEXT_ATTRIBUTE_AUTHORITY_ISSUER_PATTERN);
        this.headerPattern = (Pattern) servletContext.getAttribute(ListenHTTP.CONTEXT_ATTRIBUTE_HEADER_PATTERN);
        this.flowFileMap = (ConcurrentMap) servletContext.getAttribute(ListenHTTP.CONTEXT_ATTRIBUTE_FLOWFILE_MAP);
        this.streamThrottler = (StreamThrottler) servletContext.getAttribute(ListenHTTP.CONTEXT_ATTRIBUTE_STREAM_THROTTLER);
        this.basePath = (String) servletContext.getAttribute(ListenHTTP.CONTEXT_ATTRIBUTE_BASE_PATH);
        this.returnCode = ((Integer) servletContext.getAttribute(ListenHTTP.CONTEXT_ATTRIBUTE_RETURN_CODE)).intValue();
        this.multipartRequestMaxSize = ((Long) servletContext.getAttribute(ListenHTTP.CONTEXT_ATTRIBUTE_MULTIPART_REQUEST_MAX_SIZE)).longValue();
        this.multipartReadBufferSize = ((Integer) servletContext.getAttribute(ListenHTTP.CONTEXT_ATTRIBUTE_MULTIPART_READ_BUFFER_SIZE)).intValue();
        this.port = ((Integer) servletContext.getAttribute(ListenHTTP.CONTEXT_ATTRIBUTE_PORT)).intValue();
        this.readerFactory = this.processContext.getProperty(ListenHTTP.RECORD_READER).asControllerService(RecordReaderFactory.class);
        this.writerFactory = this.processContext.getProperty(ListenHTTP.RECORD_WRITER).asControllerService(RecordSetWriterFactory.class);
    }

    protected void doHead(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (httpServletRequest.getLocalPort() != this.port) {
            super.doHead(httpServletRequest, httpServletResponse);
            return;
        }
        httpServletResponse.addHeader("Accept-Encoding", "gzip");
        httpServletResponse.addHeader("Accept", ACCEPT_HEADER_VALUE);
        httpServletResponse.addHeader("x-nifi-transfer-protocol-version", "3");
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        ProcessSessionFactory processSessionFactory;
        if (httpServletRequest.getLocalPort() != this.port) {
            super.doPost(httpServletRequest, httpServletResponse);
            return;
        }
        ProcessContext processContext = this.processContext;
        do {
            processSessionFactory = this.sessionFactoryHolder.get();
            if (processSessionFactory == null) {
                try {
                    Thread.sleep(10L);
                } catch (InterruptedException e) {
                }
            }
        } while (processSessionFactory == null);
        ProcessSession createSession = processSessionFactory.createSession();
        try {
            if (this.filesReceived.getAndIncrement() % 5 == 0 || !this.spaceAvailable.get()) {
                if (processContext.getAvailableRelationships().isEmpty()) {
                    this.spaceAvailable.set(false);
                    if (this.logger.isDebugEnabled()) {
                        this.logger.debug("Received request from " + httpServletRequest.getRemoteHost() + " but no space available; Indicating Service Unavailable");
                    }
                    httpServletResponse.sendError(503);
                    return;
                }
                this.spaceAvailable.set(true);
            }
            httpServletResponse.setHeader(PostHTTP.CONTENT_TYPE_HEADER, "text/plain");
            boolean parseBoolean = Boolean.parseBoolean(httpServletRequest.getHeader("flowfile-gzipped"));
            X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
            String str = "none";
            String str2 = "none";
            if (x509CertificateArr != null && x509CertificateArr.length > 0 && 0 < x509CertificateArr.length) {
                X509Certificate x509Certificate = x509CertificateArr[0];
                str = x509Certificate.getSubjectDN().getName();
                str2 = x509Certificate.getIssuerDN().getName();
                if (!this.authorizedPattern.matcher(str).matches()) {
                    this.logger.warn("Access Forbidden [Subject not authorized] Host [{}] Subject [{}] Issuer [{}]", new Object[]{httpServletRequest.getRemoteHost(), str, str2});
                    httpServletResponse.sendError(403, "not allowed based on subject dn");
                    return;
                } else if (!this.authorizedIssuerPattern.matcher(str2).matches()) {
                    this.logger.warn("Access Forbidden [Issuer not authorized] Host [{}] Subject [{}] Issuer [{}]", new Object[]{httpServletRequest.getRemoteHost(), str, str2});
                    httpServletResponse.sendError(403, "not allowed based on issuer dn");
                    return;
                }
            }
            String header = httpServletRequest.getHeader("x-nifi-transfer-protocol-version");
            Integer num = null;
            if (header != null) {
                try {
                    num = Integer.valueOf(header);
                } catch (NumberFormatException e2) {
                }
            }
            boolean z = num == null;
            boolean parseBoolean2 = Boolean.parseBoolean(httpServletRequest.getHeader("x-prefer-acknowledge-uri"));
            String contentType = httpServletRequest.getContentType();
            GZIPInputStream gZIPInputStream = parseBoolean ? new GZIPInputStream(httpServletRequest.getInputStream()) : httpServletRequest.getInputStream();
            InputStream newThrottledInputStream = this.streamThrottler == null ? gZIPInputStream : this.streamThrottler.newThrottledInputStream(gZIPInputStream);
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Received request from " + httpServletRequest.getRemoteHost() + ", createHold=" + parseBoolean2 + ", content-type=" + contentType + ", gzip=" + parseBoolean);
            }
            proceedFlow(httpServletRequest, httpServletResponse, createSession, str, str2, parseBoolean2, (StringUtils.isNotBlank(httpServletRequest.getContentType()) && httpServletRequest.getContentType().contains("multipart/form-data")) ? handleMultipartRequest(httpServletRequest, createSession, str, str2) : handleRequest(httpServletRequest, createSession, str, str2, z, contentType, newThrottledInputStream));
        } catch (Throwable th) {
            handleException(httpServletRequest, httpServletResponse, createSession, null, null, th);
        }
    }

    private void handleException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ProcessSession processSession, String str, String str2, Throwable th) throws IOException {
        processSession.rollback();
        this.logger.error("Unable to receive file from Remote Host: [{}] SubjectDN [{}] IssuerDN [{}] due to {}", new Object[]{httpServletRequest.getRemoteHost(), str, str2, th});
        if (th instanceof ListenHttpException) {
            httpServletResponse.sendError(((ListenHttpException) th).getReturnCode(), th.toString());
        } else {
            httpServletResponse.sendError(RELPResponse.ERROR, th.toString());
        }
    }

    private Set<FlowFile> handleMultipartRequest(HttpServletRequest httpServletRequest, ProcessSession processSession, String str, String str2) throws IOException, IllegalStateException, ServletException {
        if (isRecordProcessing()) {
            this.logger.debug("Record processing will not be utilized while processing multipart request. Request URI: {}", new Object[]{httpServletRequest.getRequestURI()});
        }
        HashSet hashSet = new HashSet();
        httpServletRequest.setAttribute("org.eclipse.jetty.multipartConfig", new MultipartConfigElement(System.getProperty("java.io.tmpdir"), this.multipartRequestMaxSize, this.multipartRequestMaxSize, this.multipartReadBufferSize));
        Collection<Part> unmodifiableCollection = Collections.unmodifiableCollection(httpServletRequest.getParts());
        int i = 0;
        for (Part part : unmodifiableCollection) {
            FlowFile create = processSession.create();
            OutputStream write = processSession.write(create);
            try {
                StreamUtils.copy(part.getInputStream(), write);
                if (write != null) {
                    write.close();
                }
                hashSet.add(savePartDetailsAsAttributes(processSession, part, saveRequestDetailsAsAttributes(httpServletRequest, processSession, str, str2, create), i, unmodifiableCollection.size()));
                i++;
            } catch (Throwable th) {
                if (write != null) {
                    try {
                        write.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        return hashSet;
    }

    private FlowFile savePartDetailsAsAttributes(ProcessSession processSession, Part part, FlowFile flowFile, int i, int i2) {
        HashMap hashMap = new HashMap();
        for (String str : part.getHeaderNames()) {
            putAttribute((Map<String, String>) hashMap, "http.headers.multipart." + str, part.getHeader(str));
        }
        putAttribute(hashMap, "http.multipart.size", Long.valueOf(part.getSize()));
        putAttribute((Map<String, String>) hashMap, "http.multipart.content.type", part.getContentType());
        putAttribute((Map<String, String>) hashMap, "http.multipart.name", part.getName());
        putAttribute((Map<String, String>) hashMap, "http.multipart.filename", part.getSubmittedFileName());
        putAttribute(hashMap, "http.multipart.fragments.sequence.number", Integer.valueOf(i + 1));
        putAttribute(hashMap, "http.multipart.fragments.total.number", Integer.valueOf(i2));
        return processSession.putAllAttributes(flowFile, hashMap);
    }

    private Set<FlowFile> handleRequest(HttpServletRequest httpServletRequest, ProcessSession processSession, String str, String str2, boolean z, String str3, InputStream inputStream) throws IOException {
        String str4 = null;
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        FlowFileUnpackager flowFileUnpackager = getFlowFileUnpackager(str3);
        HashSet hashSet = new HashSet();
        do {
            long nanoTime = System.nanoTime();
            HashMap hashMap = new HashMap();
            FlowFile create = processSession.create();
            OutputStream write = processSession.write(create);
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(write, PGPUtil.BUFFER_SIZE);
            if (flowFileUnpackager == null) {
                try {
                    if (isRecordProcessing()) {
                        processRecord(inputStream, create, write);
                    } else {
                        IOUtils.copy(inputStream, bufferedOutputStream);
                        atomicBoolean.set(false);
                    }
                } catch (Throwable th) {
                    try {
                        bufferedOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } else {
                if (isRecordProcessing()) {
                    this.logger.debug("Record processing will not be utilized while processing with unpackager. Request URI: {}", new Object[]{httpServletRequest.getRequestURI()});
                }
                hashMap.putAll(flowFileUnpackager.unpackageFlowFile(inputStream, bufferedOutputStream));
                if (z) {
                    if (hashMap.containsKey("nf.file.name")) {
                        hashMap.put(CoreAttributes.FILENAME.key(), (String) hashMap.remove("nf.file.name"));
                    }
                    if (hashMap.containsKey("nf.file.path")) {
                        hashMap.put(CoreAttributes.PATH.key(), (String) hashMap.remove("nf.file.path"));
                    }
                }
                atomicBoolean.set(flowFileUnpackager.hasMoreData());
            }
            bufferedOutputStream.close();
            long convert = TimeUnit.MILLISECONDS.convert(System.nanoTime() - nanoTime, TimeUnit.NANOSECONDS);
            String header = httpServletRequest.getHeader(CoreAttributes.FILENAME.key());
            if (StringUtils.isNotBlank(header)) {
                hashMap.put(CoreAttributes.FILENAME.key(), header);
            }
            String str5 = (String) hashMap.get(CoreAttributes.UUID.key());
            if (str5 != null) {
                str5 = "urn:nifi:" + str5;
                hashMap.put(CoreAttributes.UUID.key(), UUID.randomUUID().toString());
            }
            FlowFile saveRequestDetailsAsAttributes = saveRequestDetailsAsAttributes(httpServletRequest, processSession, str, str2, processSession.putAllAttributes(create, hashMap));
            processSession.getProvenanceReporter().receive(saveRequestDetailsAsAttributes, httpServletRequest.getRequestURL().toString(), str5, String.format("Remote DN=%s, Issuer DN=%s", str, str2), convert);
            hashSet.add(saveRequestDetailsAsAttributes);
            if (str4 == null) {
                str4 = saveRequestDetailsAsAttributes.getAttribute(CoreAttributes.UUID.key());
            }
        } while (atomicBoolean.get());
        return hashSet;
    }

    protected void proceedFlow(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ProcessSession processSession, String str, String str2, boolean z, Set<FlowFile> set) throws IOException {
        ListenHTTP.FlowFileEntryTimeWrapper putIfAbsent;
        if (!z) {
            this.logger.info("Received from Remote Host: [{}] Port [{}] SubjectDN [{}] IssuerDN [{}]; transferring to 'success'", new Object[]{httpServletRequest.getRemoteHost(), Integer.valueOf(httpServletRequest.getRemotePort()), str, str2});
            processSession.transfer(set, ListenHTTP.RELATIONSHIP_SUCCESS);
            AsyncContext startAsync = httpServletRequest.startAsync();
            processSession.commitAsync(() -> {
                httpServletResponse.setStatus(this.returnCode);
                startAsync.complete();
            }, th -> {
                this.logger.error("Failed to commit session. Returning error response to Remote Host: [{}] Port [{}] SubjectDN [{}] IssuerDN [{}]", new Object[]{httpServletRequest.getRemoteHost(), Integer.valueOf(httpServletRequest.getRemotePort()), str, str2, th});
                httpServletResponse.setStatus(RELPResponse.ERROR);
                startAsync.complete();
            });
            return;
        }
        String uuid = UUID.randomUUID().toString();
        if (this.flowFileMap.containsKey(uuid)) {
            uuid = UUID.randomUUID().toString();
        }
        ListenHTTP.FlowFileEntryTimeWrapper flowFileEntryTimeWrapper = new ListenHTTP.FlowFileEntryTimeWrapper(processSession, set, System.currentTimeMillis(), httpServletRequest.getRemoteHost());
        do {
            putIfAbsent = this.flowFileMap.putIfAbsent(uuid, flowFileEntryTimeWrapper);
            if (putIfAbsent != null) {
                uuid = UUID.randomUUID().toString();
            }
        } while (putIfAbsent != null);
        httpServletResponse.setStatus(303);
        String str3 = "/" + this.basePath + "/holds/" + uuid;
        httpServletResponse.addHeader("Location", str3);
        httpServletResponse.addHeader("x-location-uri-intent", "flowfile-hold");
        httpServletResponse.getOutputStream().write(str3.getBytes(StandardCharsets.UTF_8));
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Ingested {} from Remote Host: [{}] Port [{}] SubjectDN [{}] IssuerDN [{}]; placed hold on these {} files with ID {}", new Object[]{set, httpServletRequest.getRemoteHost(), Integer.valueOf(httpServletRequest.getRemotePort()), str, str2, Integer.valueOf(set.size()), uuid});
        }
    }

    protected FlowFile saveRequestDetailsAsAttributes(HttpServletRequest httpServletRequest, ProcessSession processSession, String str, String str2, FlowFile flowFile) {
        HashMap hashMap = new HashMap();
        addMatchingRequestHeaders(httpServletRequest, hashMap);
        return processSession.putAttribute(processSession.putAttribute(processSession.putAttribute(processSession.putAttribute(processSession.putAllAttributes(flowFile, hashMap), "restlistener.remote.source.host", httpServletRequest.getRemoteHost()), "restlistener.request.uri", httpServletRequest.getRequestURI()), "restlistener.remote.user.dn", str), "restlistener.remote.issuer.dn", str2);
    }

    private void processRecord(InputStream inputStream, FlowFile flowFile, OutputStream outputStream) {
        try {
            RecordReader createRecordReader = this.readerFactory.createRecordReader(flowFile, new BufferedInputStream(inputStream), this.logger);
            try {
                RecordSet createRecordSet = createRecordReader.createRecordSet();
                RecordSetWriter createWriter = this.writerFactory.createWriter(this.logger, createRecordReader.getSchema(), outputStream, flowFile);
                try {
                    createWriter.write(createRecordSet);
                    if (createWriter != null) {
                        createWriter.close();
                    }
                    if (createRecordReader != null) {
                        createRecordReader.close();
                    }
                } catch (Throwable th) {
                    if (createWriter != null) {
                        try {
                            createWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException | MalformedRecordException e) {
            throw new ListenHttpException("Could not process record.", e, 400);
        } catch (SchemaNotFoundException e2) {
            throw new ListenHttpException("Could not find schema.", e2, RELPResponse.ERROR);
        }
    }

    private FlowFileUnpackager getFlowFileUnpackager(String str) {
        return StandardFlowFileMediaType.VERSION_3.getMediaType().equals(str) ? new FlowFileUnpackagerV3() : StandardFlowFileMediaType.VERSION_2.getMediaType().equals(str) ? new FlowFileUnpackagerV2() : StringUtils.startsWith(str, StandardFlowFileMediaType.VERSION_UNSPECIFIED.getMediaType()) ? new FlowFileUnpackagerV1() : null;
    }

    private void addMatchingRequestHeaders(HttpServletRequest httpServletRequest, Map<String, String> map) {
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            if (this.headerPattern != null && this.headerPattern.matcher(str).matches()) {
                map.put(str, httpServletRequest.getHeader(str));
            }
        }
    }

    private void putAttribute(Map<String, String> map, String str, Object obj) {
        if (obj == null) {
            return;
        }
        putAttribute(map, str, obj.toString());
    }

    private void putAttribute(Map<String, String> map, String str, String str2) {
        if (str2 == null) {
            return;
        }
        map.put(str, str2);
    }

    private boolean isRecordProcessing() {
        return (this.readerFactory == null || this.writerFactory == null) ? false : true;
    }
}
