package org.apache.nifi.controller.state.server;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.util.Properties;
import org.apache.nifi.controller.cluster.ZooKeeperClientConfig;
import org.apache.nifi.util.NiFiProperties;
import org.apache.zookeeper.common.X509Util;
import org.apache.zookeeper.server.DatadirCleanupManager;
import org.apache.zookeeper.server.NettyServerCnxnFactory;
import org.apache.zookeeper.server.ServerCnxnFactory;
import org.apache.zookeeper.server.ServerConfig;
import org.apache.zookeeper.server.ZKDatabase;
import org.apache.zookeeper.server.ZooKeeperServer;
import org.apache.zookeeper.server.ZooKeeperServerMain;
import org.apache.zookeeper.server.persistence.FileTxnSnapLog;
import org.apache.zookeeper.server.quorum.QuorumPeer;
import org.apache.zookeeper.server.quorum.QuorumPeerConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/controller/state/server/ZooKeeperStateServer.class */
public class ZooKeeperStateServer extends ZooKeeperServerMain {
    private static final Logger logger = LoggerFactory.getLogger(ZooKeeperStateServer.class);
    private static final int MIN_PORT = 1024;
    private static final int MAX_PORT = 65535;
    private static final String ZOOKEEPER_SSL_QUORUM = "sslQuorum";
    private static final String ZOOKEEPER_PORT_UNIFICATION = "portUnification";
    private static final String ZOOKEEPER_SERVER_CNXN_FACTORY = "serverCnxnFactory";
    private final QuorumPeerConfig quorumPeerConfig;
    private volatile boolean started = false;
    private ServerCnxnFactory connectionFactory;
    private FileTxnSnapLog transactionLog;
    private ZooKeeperServer embeddedZkServer;
    private QuorumPeer quorumPeer;
    private DatadirCleanupManager datadirCleanupManager;

    private ZooKeeperStateServer(QuorumPeerConfig quorumPeerConfig) {
        this.quorumPeerConfig = quorumPeerConfig;
    }

    final QuorumPeerConfig getQuorumPeerConfig() {
        return this.quorumPeerConfig;
    }

    public synchronized void start() throws IOException {
        if (this.started) {
            return;
        }
        if (this.quorumPeerConfig.getPurgeInterval() > 0) {
            this.datadirCleanupManager = new DatadirCleanupManager(this.quorumPeerConfig.getDataDir(), this.quorumPeerConfig.getDataLogDir(), this.quorumPeerConfig.getSnapRetainCount(), this.quorumPeerConfig.getPurgeInterval());
            this.datadirCleanupManager.start();
        }
        if (this.quorumPeerConfig.isDistributed()) {
            startDistributed();
        } else {
            startStandalone();
        }
        this.started = true;
    }

    private void startStandalone() throws IOException {
        logger.info("Starting Embedded ZooKeeper Server");
        ServerConfig serverConfig = new ServerConfig();
        serverConfig.readFrom(this.quorumPeerConfig);
        for (int i = 0; i < 10; i++) {
            try {
                try {
                    this.transactionLog = new FileTxnSnapLog(serverConfig.getDataLogDir(), serverConfig.getDataDir());
                    break;
                } catch (FileTxnSnapLog.DatadirException e) {
                    try {
                        Thread.sleep(50L);
                    } catch (InterruptedException e2) {
                        Thread.currentThread().interrupt();
                    }
                }
            } catch (IOException e3) {
                throw new IOException("Failed to start embedded ZooKeeper Server", e3);
            } catch (InterruptedException e4) {
                Thread.currentThread().interrupt();
                logger.warn("Embedded ZooKeeper Server interrupted", e4);
                return;
            } catch (Exception e5) {
                throw new RuntimeException("Failed to start embedded ZooKeeper Server", e5);
            }
        }
        this.embeddedZkServer = new ZooKeeperServer();
        this.embeddedZkServer.setTxnLogFactory(this.transactionLog);
        this.embeddedZkServer.setTickTime(serverConfig.getTickTime());
        this.embeddedZkServer.setMinSessionTimeout(serverConfig.getMinSessionTimeout());
        this.embeddedZkServer.setMaxSessionTimeout(serverConfig.getMaxSessionTimeout());
        this.connectionFactory = ServerCnxnFactory.createFactory();
        this.connectionFactory.configure(getAvailableSocketAddress(serverConfig), serverConfig.getMaxClientCnxns(), this.quorumPeerConfig.isSslQuorum());
        this.connectionFactory.startup(this.embeddedZkServer);
    }

    private void startDistributed() throws IOException {
        logger.info("Starting Embedded ZooKeeper Peer");
        try {
            this.transactionLog = new FileTxnSnapLog(this.quorumPeerConfig.getDataLogDir(), this.quorumPeerConfig.getDataDir());
            this.connectionFactory = ServerCnxnFactory.createFactory();
            this.connectionFactory.configure(getAvailableSocketAddress(this.quorumPeerConfig), this.quorumPeerConfig.getMaxClientCnxns(), this.quorumPeerConfig.isSslQuorum());
            this.quorumPeer = new QuorumPeer();
            if (this.quorumPeerConfig.isSslQuorum()) {
                this.quorumPeer.setSecureCnxnFactory(this.connectionFactory);
            } else {
                this.quorumPeer.setCnxnFactory(this.connectionFactory);
            }
            this.quorumPeer.setTxnFactory(new FileTxnSnapLog(this.quorumPeerConfig.getDataLogDir(), this.quorumPeerConfig.getDataDir()));
            this.quorumPeer.setElectionType(this.quorumPeerConfig.getElectionAlg());
            this.quorumPeer.setMyid(this.quorumPeerConfig.getServerId());
            this.quorumPeer.setTickTime(this.quorumPeerConfig.getTickTime());
            this.quorumPeer.setMinSessionTimeout(this.quorumPeerConfig.getMinSessionTimeout());
            this.quorumPeer.setMaxSessionTimeout(this.quorumPeerConfig.getMaxSessionTimeout());
            this.quorumPeer.setInitLimit(this.quorumPeerConfig.getInitLimit());
            this.quorumPeer.setSyncLimit(this.quorumPeerConfig.getSyncLimit());
            this.quorumPeer.setQuorumVerifier(this.quorumPeerConfig.getQuorumVerifier(), false);
            this.quorumPeer.setZKDatabase(new ZKDatabase(this.quorumPeer.getTxnFactory()));
            this.quorumPeer.setLearnerType(this.quorumPeerConfig.getPeerType());
            this.quorumPeer.setSyncEnabled(this.quorumPeerConfig.getSyncEnabled());
            this.quorumPeer.setQuorumListenOnAllIPs(this.quorumPeerConfig.getQuorumListenOnAllIPs().booleanValue());
            this.quorumPeer.setSslQuorum(this.quorumPeerConfig.isSslQuorum());
            this.quorumPeer.start();
        } catch (IOException e) {
            throw new IOException("Failed to start embedded ZooKeeper Peer", e);
        } catch (Exception e2) {
            throw new RuntimeException("Failed to start embedded ZooKeeper Peer", e2);
        }
    }

    public synchronized void shutdown() {
        if (this.started) {
            this.started = false;
            if (this.quorumPeer != null && this.quorumPeer.isRunning()) {
                this.quorumPeer.shutdown();
            }
            if (this.connectionFactory != null) {
                try {
                    this.connectionFactory.shutdown();
                } catch (Exception e) {
                    logger.warn("Failed to shutdown Connection Factory", e);
                }
            }
            if (this.embeddedZkServer != null && this.embeddedZkServer.isRunning()) {
                try {
                    this.embeddedZkServer.shutdown();
                } catch (Exception e2) {
                    logger.warn("Failed to shutdown Embedded Zookeeper", e2);
                }
            }
            if (this.transactionLog != null) {
                try {
                    this.transactionLog.close();
                } catch (IOException e3) {
                    logger.warn("Failed to close Transaction Log", e3);
                }
            }
            if (this.datadirCleanupManager != null) {
                this.datadirCleanupManager.shutdown();
            }
        }
    }

    public static ZooKeeperStateServer create(NiFiProperties niFiProperties) throws IOException, QuorumPeerConfig.ConfigException {
        File embeddedZooKeeperPropertiesFile = niFiProperties.getEmbeddedZooKeeperPropertiesFile();
        if (embeddedZooKeeperPropertiesFile == null) {
            return null;
        }
        if (!embeddedZooKeeperPropertiesFile.exists() || !embeddedZooKeeperPropertiesFile.canRead()) {
            throw new IOException("Cannot create Embedded ZooKeeper Server because the Properties File " + embeddedZooKeeperPropertiesFile.getAbsolutePath() + " referenced in nifi.properties does not exist or cannot be read");
        }
        Properties properties = new Properties();
        FileInputStream fileInputStream = new FileInputStream(embeddedZooKeeperPropertiesFile);
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(fileInputStream);
            try {
                properties.load(bufferedInputStream);
                bufferedInputStream.close();
                fileInputStream.close();
                return new ZooKeeperStateServer(reconcileProperties(niFiProperties, properties));
            } finally {
            }
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static QuorumPeerConfig reconcileProperties(NiFiProperties niFiProperties, Properties properties) throws IOException, QuorumPeerConfig.ConfigException {
        QuorumPeerConfig quorumPeerConfig = new QuorumPeerConfig();
        quorumPeerConfig.parseProperties(properties);
        boolean isNiFiConfigSecureForZooKeeper = isNiFiConfigSecureForZooKeeper(niFiProperties);
        boolean isZooKeeperConfigSecure = isZooKeeperConfigSecure(quorumPeerConfig);
        if (!isZooKeeperConfigSecure && !isNiFiConfigSecureForZooKeeper) {
            logger.debug("{} property is set to false or is not present, and zookeeper.properties file does not contain secureClientPort property, so embedded ZooKeeper will be started without TLS", "nifi.zookeeper.client.secure");
            return quorumPeerConfig;
        }
        if (isZooKeeperConfigSecure && !isNiFiConfigSecureForZooKeeper) {
            throw new QuorumPeerConfig.ConfigException(String.format("ZooKeeper properties file %s was configured to be secure but there was no valid TLS config present in nifi.properties or nifi.zookeeper.client.secure was set to false. Check the administration guide", niFiProperties.getProperty("nifi.state.management.embedded.zookeeper.properties")));
        }
        ensureOnlySecurePortsAreEnabled(quorumPeerConfig, properties);
        setTlsProperties(properties, new ZooKeeperServerX509Util(), niFiProperties);
        setTlsProperties(properties, new ZooKeeperQuorumX509Util(), niFiProperties);
        properties.setProperty("secureClientPort", getSecurePort(quorumPeerConfig));
        properties.setProperty(ZOOKEEPER_SERVER_CNXN_FACTORY, NettyServerCnxnFactory.class.getName());
        properties.setProperty(ZOOKEEPER_SSL_QUORUM, Boolean.TRUE.toString());
        properties.setProperty(ZOOKEEPER_PORT_UNIFICATION, Boolean.FALSE.toString());
        QuorumPeerConfig quorumPeerConfig2 = new QuorumPeerConfig();
        quorumPeerConfig2.parseProperties(properties);
        return quorumPeerConfig2;
    }

    private static boolean isZooKeeperConfigSecure(QuorumPeerConfig quorumPeerConfig) throws QuorumPeerConfig.ConfigException {
        InetSocketAddress secureClientPortAddress = quorumPeerConfig.getSecureClientPortAddress();
        InetSocketAddress clientPortAddress = quorumPeerConfig.getClientPortAddress();
        if (secureClientPortAddress == null && clientPortAddress == null) {
            throw new QuorumPeerConfig.ConfigException("No clientAddress or secureClientAddress is set in zookeeper.properties");
        }
        return secureClientPortAddress != null;
    }

    private static boolean isNiFiConfigSecureForZooKeeper(NiFiProperties niFiProperties) throws QuorumPeerConfig.ConfigException {
        boolean z = niFiProperties.isZooKeeperTlsConfigurationPresent() || niFiProperties.isTlsConfigurationPresent();
        boolean isZooKeeperClientSecure = niFiProperties.isZooKeeperClientSecure();
        if (!isZooKeeperClientSecure || z) {
            return isZooKeeperClientSecure && z;
        }
        throw new QuorumPeerConfig.ConfigException(String.format("%s is true but no TLS configuration is present in nifi.properties", "nifi.zookeeper.client.secure"));
    }

    private static void ensureOnlySecurePortsAreEnabled(QuorumPeerConfig quorumPeerConfig, Properties properties) {
        InetSocketAddress clientPortAddress = quorumPeerConfig.getClientPortAddress();
        InetSocketAddress secureClientPortAddress = quorumPeerConfig.getSecureClientPortAddress();
        if (clientPortAddress == null || secureClientPortAddress == null) {
            return;
        }
        properties.remove("clientPort");
        properties.remove("clientPortAddress");
        logger.warn("Invalid configuration was detected: A secure NiFi with an embedded ZooKeeper was configured for insecure connections. Insecure ports have been removed from embedded ZooKeeper configuration to deactivate insecure connections");
    }

    private static void setTlsProperties(Properties properties, X509Util x509Util, NiFiProperties niFiProperties) {
        properties.setProperty(x509Util.getSslKeystoreLocationProperty(), ZooKeeperClientConfig.getPreferredProperty(niFiProperties, "nifi.zookeeper.security.keystore", "nifi.security.keystore"));
        properties.setProperty(x509Util.getSslKeystorePasswdProperty(), ZooKeeperClientConfig.getPreferredProperty(niFiProperties, "nifi.zookeeper.security.keystorePasswd", "nifi.security.keystorePasswd"));
        properties.setProperty(x509Util.getSslKeystoreTypeProperty(), ZooKeeperClientConfig.getPreferredProperty(niFiProperties, "nifi.zookeeper.security.keystoreType", "nifi.security.keystoreType"));
        properties.setProperty(x509Util.getSslTruststoreLocationProperty(), ZooKeeperClientConfig.getPreferredProperty(niFiProperties, "nifi.zookeeper.security.truststore", "nifi.security.truststore"));
        properties.setProperty(x509Util.getSslTruststorePasswdProperty(), ZooKeeperClientConfig.getPreferredProperty(niFiProperties, "nifi.zookeeper.security.truststorePasswd", "nifi.security.truststorePasswd"));
        properties.setProperty(x509Util.getSslTruststoreTypeProperty(), ZooKeeperClientConfig.getPreferredProperty(niFiProperties, "nifi.zookeeper.security.truststoreType", "nifi.security.truststoreType"));
    }

    private static String getSecurePort(QuorumPeerConfig quorumPeerConfig) throws QuorumPeerConfig.ConfigException {
        InetSocketAddress secureClientPortAddress = quorumPeerConfig.getSecureClientPortAddress();
        if (secureClientPortAddress == null || secureClientPortAddress.getPort() < 1024 || secureClientPortAddress.getPort() > MAX_PORT) {
            throw new QuorumPeerConfig.ConfigException(String.format("NiFi was configured to be secure but secureClientPort could not be retrieved from zookeeper.properties file or it was not in valid port range %d - %d", 1024, Integer.valueOf(MAX_PORT)));
        }
        String valueOf = String.valueOf(secureClientPortAddress.getPort());
        if (logger.isDebugEnabled()) {
            logger.debug("Secure client port retrieved from ZooKeeper configuration: {}", valueOf);
        }
        return valueOf;
    }

    private static InetSocketAddress getAvailableSocketAddress(ServerConfig serverConfig) {
        return serverConfig.getSecureClientPortAddress() != null ? serverConfig.getSecureClientPortAddress() : serverConfig.getClientPortAddress();
    }

    private static InetSocketAddress getAvailableSocketAddress(QuorumPeerConfig quorumPeerConfig) {
        ServerConfig serverConfig = new ServerConfig();
        serverConfig.readFrom(quorumPeerConfig);
        return getAvailableSocketAddress(serverConfig);
    }
}
