package org.apache.sling.discovery.impl.topology.connector;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Dictionary;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.zip.GZIPOutputStream;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Deactivate;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.discovery.ClusterView;
import org.apache.sling.discovery.impl.Config;
import org.apache.sling.discovery.impl.cluster.ClusterViewService;
import org.apache.sling.discovery.impl.topology.announcement.Announcement;
import org.apache.sling.discovery.impl.topology.announcement.AnnouncementFilter;
import org.apache.sling.discovery.impl.topology.announcement.AnnouncementRegistry;
import org.apache.sling.discovery.impl.topology.connector.wl.SubnetWhitelistEntry;
import org.apache.sling.discovery.impl.topology.connector.wl.WhitelistEntry;
import org.apache.sling.discovery.impl.topology.connector.wl.WildcardWhitelistEntry;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.http.HttpContext;
import org.osgi.service.http.HttpService;
import org.osgi.service.http.NamespaceException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service({TopologyConnectorServlet.class})
@Component(immediate = true)
/* loaded from: input_file:org/apache/sling/discovery/impl/topology/connector/TopologyConnectorServlet.class */
public class TopologyConnectorServlet extends HttpServlet {
    private static final String TOPOLOGY_CONNECTOR_PREFIX = "/libs/sling/topology";

    @Reference
    private AnnouncementRegistry announcementRegistry;

    @Reference
    private ClusterViewService clusterViewService;

    @Reference
    private HttpService httpService;

    @Reference
    private Config config;
    private TopologyRequestValidator requestValidator;
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private final List<WhitelistEntry> whitelist = new ArrayList();
    private final Set<String> plaintextWhitelist = new HashSet();

    @Activate
    protected void activate(ComponentContext componentContext) {
        this.whitelist.clear();
        if (!this.config.isHmacEnabled()) {
            initWhitelist(this.config.getTopologyConnectorWhitelist());
        }
        this.requestValidator = new TopologyRequestValidator(this.config);
        try {
            this.httpService.registerServlet(TOPOLOGY_CONNECTOR_PREFIX, this, (Dictionary) null, (HttpContext) null);
            this.logger.info("activate: connector servlet registered at /libs/sling/topology");
        } catch (NamespaceException e) {
            this.logger.error("activate: NamespaceException while registering topology connector servlet: " + e, e);
        } catch (ServletException e2) {
            this.logger.error("activate: ServletException while registering topology connector servlet: " + e2, e2);
        }
    }

    @Deactivate
    protected void deactivate() {
        this.httpService.unregister(TOPOLOGY_CONNECTOR_PREFIX);
    }

    void initWhitelist(String[] strArr) {
        StringTokenizer stringTokenizer;
        String nextToken;
        if (strArr == null) {
            return;
        }
        for (String str : strArr) {
            WhitelistEntry whitelistEntry = null;
            if (str.contains(".") && str.contains("/")) {
                try {
                    whitelistEntry = new SubnetWhitelistEntry(str);
                } catch (Exception e) {
                    this.logger.error("activate: wrongly formatted CIDR subnet definition. Expected eg '1.2.3.4/24'. ignoring: " + str);
                }
            } else if (str.contains(".") && str.contains(" ")) {
                try {
                    stringTokenizer = new StringTokenizer(str, " ");
                    nextToken = stringTokenizer.nextToken();
                } catch (Exception e2) {
                    this.logger.error("activate: wrongly formatted ip subnet definition. Expected '10.1.2.3 255.0.0.0'. Ignoring: " + str);
                }
                if (stringTokenizer.hasMoreTokens()) {
                    String nextToken2 = stringTokenizer.nextToken();
                    if (stringTokenizer.hasMoreTokens()) {
                        this.logger.error("activate: wrongly formatted ip subnet definition. Expected '10.1.2.3 255.0.0.0'. Ignoring: " + str);
                    } else {
                        whitelistEntry = new SubnetWhitelistEntry(nextToken, nextToken2);
                    }
                }
            }
            if (whitelistEntry == null) {
                if (str.contains("*") || str.contains("?")) {
                    whitelistEntry = new WildcardWhitelistEntry(str);
                } else {
                    this.plaintextWhitelist.add(str);
                }
            }
            this.logger.info("activate: adding whitelist entry: " + str);
            if (whitelistEntry != null) {
                this.whitelist.add(whitelistEntry);
            }
        }
    }

    protected void doDelete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (!isWhitelisted(httpServletRequest)) {
            httpServletResponse.sendError(404);
            return;
        }
        String[] split = httpServletRequest.getPathInfo().split("\\.");
        if ("json".equals(split.length == 3 ? split[2] : "")) {
            this.announcementRegistry.unregisterAnnouncement(split.length == 3 ? split[1] : "");
        } else {
            httpServletResponse.sendError(404);
        }
    }

    protected void doPut(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        long registerAnnouncement;
        if (!isWhitelisted(httpServletRequest)) {
            httpServletResponse.sendError(404);
            return;
        }
        String[] split = httpServletRequest.getPathInfo().split("\\.");
        if (!"json".equals(split.length == 3 ? split[2] : "")) {
            httpServletResponse.sendError(404);
            return;
        }
        String str = split.length == 3 ? split[1] : "";
        String decodeMessage = this.requestValidator.decodeMessage(httpServletRequest);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("doPost: incoming topology announcement is: " + decodeMessage);
        }
        try {
            final Announcement fromJSON = Announcement.fromJSON(decodeMessage);
            if (!fromJSON.getOwnerId().equals(str)) {
                httpServletResponse.sendError(400);
                return;
            }
            String slingId = this.clusterViewService.getSlingId();
            if (slingId == null) {
                httpServletResponse.sendError(500);
                this.logger.info("doPut: no slingId available. Service not ready as expected at the moment.");
                return;
            }
            fromJSON.removeInherited(slingId);
            Announcement announcement = new Announcement(slingId);
            if (!fromJSON.isCorrectVersion()) {
                this.logger.warn("doPost: rejecting an announcement from an incompatible connector protocol version: " + fromJSON);
                httpServletResponse.sendError(400);
                return;
            }
            if (this.clusterViewService.contains(fromJSON.getOwnerId())) {
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("doPost: rejecting an announcement from an instance that is part of my cluster: " + fromJSON);
                }
                announcement.setLoop(true);
                registerAnnouncement = this.config.getBackoffStandbyInterval();
            } else if (this.clusterViewService.containsAny(fromJSON.listInstances())) {
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("doPost: rejecting an announcement as it contains instance(s) that is/are part of my cluster: " + fromJSON);
                }
                announcement.setLoop(true);
                registerAnnouncement = this.config.getBackoffStandbyInterval();
            } else {
                registerAnnouncement = this.announcementRegistry.registerAnnouncement(fromJSON);
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("doPost: backoffInterval after registration: " + registerAnnouncement);
                }
                if (registerAnnouncement == -1) {
                    if (this.logger.isDebugEnabled()) {
                        this.logger.debug("doPost: rejecting an announcement from an instance that I already see in my topology: " + fromJSON);
                    }
                    announcement.setLoop(true);
                    registerAnnouncement = this.config.getBackoffStandbyInterval();
                } else {
                    ClusterView clusterView = this.clusterViewService.getClusterView();
                    announcement.setLocalCluster(clusterView);
                    this.announcementRegistry.addAllExcept(announcement, clusterView, new AnnouncementFilter() { // from class: org.apache.sling.discovery.impl.topology.connector.TopologyConnectorServlet.1
                        @Override // org.apache.sling.discovery.impl.topology.announcement.AnnouncementFilter
                        public boolean accept(String str2, Announcement announcement2) {
                            return !announcement2.getPrimaryKey().equals(fromJSON.getPrimaryKey());
                        }
                    });
                }
            }
            if (registerAnnouncement > 0) {
                announcement.setBackoffInterval(registerAnnouncement);
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("doPost: backoffInterval for client set to " + announcement.getBackoffInterval());
                }
            }
            String encodeMessage = this.requestValidator.encodeMessage(announcement.asJSON());
            this.requestValidator.trustMessage(httpServletResponse, httpServletRequest, encodeMessage);
            String header = httpServletRequest.getHeader("Accept-Encoding");
            if (header == null || !header.contains("gzip")) {
                PrintWriter writer = httpServletResponse.getWriter();
                writer.print(encodeMessage);
                writer.flush();
            } else {
                httpServletResponse.setHeader("Content-Encoding", "gzip");
                GZIPOutputStream gZIPOutputStream = new GZIPOutputStream(httpServletResponse.getOutputStream());
                gZIPOutputStream.write(encodeMessage.getBytes("UTF-8"));
                gZIPOutputStream.close();
            }
        } catch (JSONException e) {
            this.logger.error("doPost: Got a JSONException: " + e, e);
            httpServletResponse.sendError(500);
        }
    }

    boolean isWhitelisted(HttpServletRequest httpServletRequest) {
        if (this.config.isHmacEnabled()) {
            boolean isTrusted = this.requestValidator.isTrusted(httpServletRequest);
            if (!isTrusted) {
                this.logger.info("isWhitelisted: rejecting distrusted " + httpServletRequest.getRemoteAddr() + ", " + httpServletRequest.getRemoteHost());
            }
            return isTrusted;
        }
        if (this.plaintextWhitelist.contains(httpServletRequest.getRemoteHost()) || this.plaintextWhitelist.contains(httpServletRequest.getRemoteAddr())) {
            return true;
        }
        Iterator<WhitelistEntry> it = this.whitelist.iterator();
        while (it.hasNext()) {
            if (it.next().accepts(httpServletRequest)) {
                return true;
            }
        }
        this.logger.info("isWhitelisted: rejecting " + httpServletRequest.getRemoteAddr() + ", " + httpServletRequest.getRemoteHost());
        return false;
    }

    protected void bindAnnouncementRegistry(AnnouncementRegistry announcementRegistry) {
        this.announcementRegistry = announcementRegistry;
    }

    protected void unbindAnnouncementRegistry(AnnouncementRegistry announcementRegistry) {
        if (this.announcementRegistry == announcementRegistry) {
            this.announcementRegistry = null;
        }
    }

    protected void bindClusterViewService(ClusterViewService clusterViewService) {
        this.clusterViewService = clusterViewService;
    }

    protected void unbindClusterViewService(ClusterViewService clusterViewService) {
        if (this.clusterViewService == clusterViewService) {
            this.clusterViewService = null;
        }
    }

    protected void bindHttpService(HttpService httpService) {
        this.httpService = httpService;
    }

    protected void unbindHttpService(HttpService httpService) {
        if (this.httpService == httpService) {
            this.httpService = null;
        }
    }

    protected void bindConfig(Config config) {
        this.config = config;
    }

    protected void unbindConfig(Config config) {
        if (this.config == config) {
            this.config = null;
        }
    }
}
