package org.apache.hadoop.yarn.server.resourcemanager.webapp;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.binary.Base64;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.http.HttpServer2;
import org.apache.hadoop.http.lib.StaticUserWebFilter;
import org.apache.hadoop.io.DataOutputBuffer;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.AuthenticationFilterInitializer;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.server.ProxyUserAuthenticationFilterInitializer;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.util.StringUtils;
import org.apache.hadoop.yarn.api.records.ApplicationId;
import org.apache.hadoop.yarn.api.records.ApplicationSubmissionContext;
import org.apache.hadoop.yarn.api.records.ContainerLaunchContext;
import org.apache.hadoop.yarn.api.records.LocalResource;
import org.apache.hadoop.yarn.api.records.LogAggregationContext;
import org.apache.hadoop.yarn.api.records.Priority;
import org.apache.hadoop.yarn.api.records.ReservationId;
import org.apache.hadoop.yarn.api.records.Resource;
import org.apache.hadoop.yarn.api.records.URL;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.server.resourcemanager.security.RMDelegationTokenSecretManager;
import org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.ApplicationSubmissionContextInfo;
import org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.CredentialsInfo;
import org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.LocalResourceInfo;
import org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.LogAggregationContextInfo;
import org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter;
import org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilterInitializer;
import org.apache.hadoop.yarn.webapp.BadRequestException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/webapp/RMWebAppUtil.class */
public final class RMWebAppUtil {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) RMWebAppUtil.class);

    private RMWebAppUtil() {
    }

    public static void setupSecurityAndFilters(Configuration configuration, RMDelegationTokenSecretManager rMDelegationTokenSecretManager) {
        boolean z = configuration.getBoolean(YarnConfiguration.RM_WEBAPP_ENABLE_CORS_FILTER, false);
        boolean z2 = configuration.getBoolean(YarnConfiguration.RM_WEBAPP_DELEGATION_TOKEN_AUTH_FILTER, true);
        String str = "hadoop.http.authentication.type";
        Class<?>[] classes = configuration.getClasses(HttpServer2.FILTER_INITIALIZER_PROPERTY, new Class[0]);
        if (z) {
            configuration.setBoolean("hadoop.http.cross-origin.enabled", true);
        }
        boolean z3 = false;
        boolean z4 = false;
        if (classes != null) {
            for (Class<?> cls : classes) {
                if (cls.getName().equals(AuthenticationFilterInitializer.class.getName())) {
                    z3 = true;
                }
                if (cls.getName().equals(RMAuthenticationFilterInitializer.class.getName())) {
                    z4 = true;
                }
            }
            if (UserGroupInformation.isSecurityEnabled() && z2 && z3 && configuration.get(str, "").equals("kerberos")) {
                ArrayList arrayList = new ArrayList();
                for (Class<?> cls2 : classes) {
                    if (!cls2.getName().equals(AuthenticationFilterInitializer.class.getName())) {
                        arrayList.add(cls2.getName());
                    } else if (!z4) {
                        arrayList.add(RMAuthenticationFilterInitializer.class.getName());
                    }
                }
                arrayList.remove(ProxyUserAuthenticationFilterInitializer.class.getName());
                String join = StringUtils.join(",", arrayList);
                LOG.info("Using RM authentication filter(kerberos/delegation-token) for RM webapp authentication");
                RMAuthenticationFilter.setDelegationTokenSecretManager(rMDelegationTokenSecretManager);
                configuration.set(HttpServer2.FILTER_INITIALIZER_PROPERTY, join);
            }
        }
        String str2 = configuration.get(HttpServer2.FILTER_INITIALIZER_PROPERTY);
        if (UserGroupInformation.isSecurityEnabled()) {
            return;
        }
        if (classes == null || classes.length == 0) {
            configuration.set(HttpServer2.FILTER_INITIALIZER_PROPERTY, RMAuthenticationFilterInitializer.class.getName());
            configuration.set(str, "simple");
        } else if (str2.equals(StaticUserWebFilter.class.getName())) {
            configuration.set(HttpServer2.FILTER_INITIALIZER_PROPERTY, RMAuthenticationFilterInitializer.class.getName() + "," + str2);
            configuration.set(str, "simple");
        }
    }

    public static ApplicationSubmissionContext createAppSubmissionContext(ApplicationSubmissionContextInfo applicationSubmissionContextInfo, Configuration configuration) throws IOException {
        try {
            ApplicationSubmissionContext newInstance = ApplicationSubmissionContext.newInstance(ApplicationId.fromString(applicationSubmissionContextInfo.getApplicationId()), applicationSubmissionContextInfo.getApplicationName(), applicationSubmissionContextInfo.getQueue(), Priority.newInstance(applicationSubmissionContextInfo.getPriority()), createContainerLaunchContext(applicationSubmissionContextInfo), applicationSubmissionContextInfo.getUnmanagedAM(), applicationSubmissionContextInfo.getCancelTokensWhenComplete(), applicationSubmissionContextInfo.getMaxAppAttempts(), createAppSubmissionContextResource(applicationSubmissionContextInfo, configuration), applicationSubmissionContextInfo.getApplicationType(), applicationSubmissionContextInfo.getKeepContainersAcrossApplicationAttempts(), applicationSubmissionContextInfo.getAppNodeLabelExpression(), applicationSubmissionContextInfo.getAMContainerNodeLabelExpression());
            newInstance.setApplicationTags(applicationSubmissionContextInfo.getApplicationTags());
            newInstance.setAttemptFailuresValidityInterval(applicationSubmissionContextInfo.getAttemptFailuresValidityInterval());
            if (applicationSubmissionContextInfo.getLogAggregationContextInfo() != null) {
                newInstance.setLogAggregationContext(createLogAggregationContext(applicationSubmissionContextInfo.getLogAggregationContextInfo()));
            }
            String reservationId = applicationSubmissionContextInfo.getReservationId();
            if (reservationId != null && !reservationId.isEmpty()) {
                newInstance.setReservationID(ReservationId.parseReservationId(reservationId));
            }
            return newInstance;
        } catch (Exception e) {
            throw new BadRequestException("Could not parse application id " + applicationSubmissionContextInfo.getApplicationId());
        }
    }

    private static Resource createAppSubmissionContextResource(ApplicationSubmissionContextInfo applicationSubmissionContextInfo, Configuration configuration) throws BadRequestException {
        if (applicationSubmissionContextInfo.getResource().getvCores() > configuration.getInt(YarnConfiguration.RM_SCHEDULER_MAXIMUM_ALLOCATION_VCORES, 4)) {
            throw new BadRequestException("Requested more cores than configured max");
        }
        if (applicationSubmissionContextInfo.getResource().getMemorySize() > configuration.getInt(YarnConfiguration.RM_SCHEDULER_MAXIMUM_ALLOCATION_MB, 8192)) {
            throw new BadRequestException("Requested more memory than configured max");
        }
        return Resource.newInstance(applicationSubmissionContextInfo.getResource().getMemorySize(), applicationSubmissionContextInfo.getResource().getvCores());
    }

    private static ContainerLaunchContext createContainerLaunchContext(ApplicationSubmissionContextInfo applicationSubmissionContextInfo) throws BadRequestException, IOException {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String> entry : applicationSubmissionContextInfo.getContainerLaunchContextInfo().getAuxillaryServiceData().entrySet()) {
            if (!entry.getValue().isEmpty()) {
                hashMap.put(entry.getKey(), ByteBuffer.wrap(new Base64(0, null, true).decode(entry.getValue())));
            }
        }
        HashMap hashMap2 = new HashMap();
        for (Map.Entry<String, LocalResourceInfo> entry2 : applicationSubmissionContextInfo.getContainerLaunchContextInfo().getResources().entrySet()) {
            LocalResourceInfo value = entry2.getValue();
            hashMap2.put(entry2.getKey(), LocalResource.newInstance(URL.fromURI(value.getUrl()), value.getType(), value.getVisibility(), value.getSize(), value.getTimestamp()));
        }
        DataOutputBuffer dataOutputBuffer = new DataOutputBuffer();
        createCredentials(applicationSubmissionContextInfo.getContainerLaunchContextInfo().getCredentials()).writeTokenStorageToStream(dataOutputBuffer);
        return ContainerLaunchContext.newInstance(hashMap2, applicationSubmissionContextInfo.getContainerLaunchContextInfo().getEnvironment(), applicationSubmissionContextInfo.getContainerLaunchContextInfo().getCommands(), hashMap, ByteBuffer.wrap(dataOutputBuffer.getData()), applicationSubmissionContextInfo.getContainerLaunchContextInfo().getAcls());
    }

    private static Credentials createCredentials(CredentialsInfo credentialsInfo) {
        Credentials credentials = new Credentials();
        try {
            for (Map.Entry<String, String> entry : credentialsInfo.getTokens().entrySet()) {
                Text text = new Text(entry.getKey());
                Token<? extends TokenIdentifier> token = new Token<>();
                token.decodeFromUrlString(entry.getValue());
                credentials.addToken(text, token);
            }
            for (Map.Entry<String, String> entry2 : credentialsInfo.getSecrets().entrySet()) {
                credentials.addSecretKey(new Text(entry2.getKey()), new Base64(0, null, true).decode(entry2.getValue()));
            }
            return credentials;
        } catch (IOException e) {
            throw new BadRequestException("Could not parse credentials data; exception message = " + e.getMessage());
        }
    }

    private static LogAggregationContext createLogAggregationContext(LogAggregationContextInfo logAggregationContextInfo) {
        return LogAggregationContext.newInstance(logAggregationContextInfo.getIncludePattern(), logAggregationContextInfo.getExcludePattern(), logAggregationContextInfo.getRolledLogsIncludePattern(), logAggregationContextInfo.getRolledLogsExcludePattern(), logAggregationContextInfo.getLogAggregationPolicyClassName(), logAggregationContextInfo.getLogAggregationPolicyParameters());
    }

    public static UserGroupInformation getCallerUserGroupInformation(HttpServletRequest httpServletRequest, boolean z) {
        String remoteUser = httpServletRequest.getRemoteUser();
        if (z) {
            Principal userPrincipal = httpServletRequest.getUserPrincipal();
            remoteUser = userPrincipal == null ? null : userPrincipal.getName();
        }
        UserGroupInformation userGroupInformation = null;
        if (remoteUser != null) {
            userGroupInformation = UserGroupInformation.createRemoteUser(remoteUser);
        }
        return userGroupInformation;
    }
}
