package com.facebook.presto.proxy;

import com.facebook.airlift.concurrent.Threads;
import com.facebook.airlift.http.client.HttpClient;
import com.facebook.airlift.http.client.HttpUriBuilder;
import com.facebook.airlift.http.client.Request;
import com.facebook.airlift.http.client.StaticBodyGenerator;
import com.facebook.airlift.http.server.AsyncResponseHandler;
import com.facebook.airlift.log.Logger;
import com.facebook.presto.proxy.ProxyResponseHandler;
import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonToken;
import com.google.common.hash.HashCode;
import com.google.common.hash.HashFunction;
import com.google.common.hash.Hashing;
import com.google.common.util.concurrent.FluentFuture;
import com.google.common.util.concurrent.ListenableFuture;
import com.google.common.util.concurrent.MoreExecutors;
import io.airlift.units.Duration;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.Collections;
import java.util.Iterator;
import java.util.Locale;
import java.util.Objects;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import javax.annotation.PreDestroy;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.AsyncResponse;
import javax.ws.rs.container.Suspended;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;

@Path("/")
/* loaded from: input_file:com/facebook/presto/proxy/ProxyResource.class */
public class ProxyResource {
    private static final String X509_ATTRIBUTE = "javax.servlet.request.X509Certificate";
    private final ExecutorService executor = Executors.newCachedThreadPool(Threads.daemonThreadsNamed("proxy-%s"));
    private final HttpClient httpClient;
    private final JsonWebTokenHandler jwtHandler;
    private final URI remoteUri;
    private final HashFunction hmac;
    private static final Logger log = Logger.get(ProxyResource.class);
    private static final Duration ASYNC_TIMEOUT = new Duration(2.0d, TimeUnit.MINUTES);
    private static final JsonFactory JSON_FACTORY = new JsonFactory().disable(JsonFactory.Feature.CANONICALIZE_FIELD_NAMES);

    @Inject
    public ProxyResource(@ForProxy HttpClient httpClient, JsonWebTokenHandler jsonWebTokenHandler, ProxyConfig proxyConfig) {
        this.httpClient = (HttpClient) Objects.requireNonNull(httpClient, "httpClient is null");
        this.jwtHandler = (JsonWebTokenHandler) Objects.requireNonNull(jsonWebTokenHandler, "jwtHandler is null");
        this.remoteUri = (URI) Objects.requireNonNull(proxyConfig.getUri(), "uri is null");
        this.hmac = Hashing.hmacSha256(loadSharedSecret(proxyConfig.getSharedSecretFile()));
    }

    @PreDestroy
    public void shutdown() {
        this.executor.shutdownNow();
    }

    @GET
    @Produces({"application/json"})
    @Path("/v1/info")
    public void getInfo(@Context HttpServletRequest httpServletRequest, @Suspended AsyncResponse asyncResponse) {
        performRequest(httpServletRequest, asyncResponse, Request.Builder.prepareGet().setUri(HttpUriBuilder.uriBuilderFrom(this.remoteUri).replacePath("/v1/info").build()), proxyResponse -> {
            return responseWithHeaders(Response.ok(proxyResponse.getBody()), proxyResponse);
        });
    }

    @POST
    @Produces({"application/json"})
    @Path("/v1/statement")
    public void postStatement(String str, @Context HttpServletRequest httpServletRequest, @Context UriInfo uriInfo, @Suspended AsyncResponse asyncResponse) {
        performRequest(httpServletRequest, asyncResponse, Request.Builder.preparePost().setUri(HttpUriBuilder.uriBuilderFrom(this.remoteUri).replacePath("/v1/statement").build()).setBodyGenerator(StaticBodyGenerator.createStaticBodyGenerator(str, StandardCharsets.UTF_8)), proxyResponse -> {
            return buildResponse(uriInfo, proxyResponse);
        });
    }

    @GET
    @Produces({"application/json"})
    @Path("/v1/proxy")
    public void getNext(@QueryParam("uri") String str, @QueryParam("hmac") String str2, @Context HttpServletRequest httpServletRequest, @Context UriInfo uriInfo, @Suspended AsyncResponse asyncResponse) {
        if (!this.hmac.hashString(str, StandardCharsets.UTF_8).equals(HashCode.fromString(str2))) {
            throw badRequest(Response.Status.FORBIDDEN, "Failed to validate HMAC of URI");
        }
        performRequest(httpServletRequest, asyncResponse, Request.Builder.prepareGet().setUri(URI.create(str)), proxyResponse -> {
            return buildResponse(uriInfo, proxyResponse);
        });
    }

    @Produces({"application/json"})
    @Path("/v1/proxy")
    @DELETE
    public void cancelQuery(@QueryParam("uri") String str, @QueryParam("hmac") String str2, @Context HttpServletRequest httpServletRequest, @Suspended AsyncResponse asyncResponse) {
        if (!this.hmac.hashString(str, StandardCharsets.UTF_8).equals(HashCode.fromString(str2))) {
            throw badRequest(Response.Status.FORBIDDEN, "Failed to validate HMAC of URI");
        }
        performRequest(httpServletRequest, asyncResponse, Request.Builder.prepareDelete().setUri(URI.create(str)), proxyResponse -> {
            return responseWithHeaders(Response.noContent(), proxyResponse);
        });
    }

    private void performRequest(HttpServletRequest httpServletRequest, AsyncResponse asyncResponse, Request.Builder builder, Function<ProxyResponseHandler.ProxyResponse, Response> function) {
        setupXForwardedFor(httpServletRequest, builder);
        setupBearerToken(httpServletRequest, builder);
        Iterator it = Collections.list(httpServletRequest.getHeaderNames()).iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (isPrestoHeader(str) || str.equalsIgnoreCase("Cookie")) {
                Iterator it2 = Collections.list(httpServletRequest.getHeaders(str)).iterator();
                while (it2.hasNext()) {
                    builder.addHeader(str, (String) it2.next());
                }
            } else if (str.equalsIgnoreCase("User-Agent")) {
                Iterator it3 = Collections.list(httpServletRequest.getHeaders(str)).iterator();
                while (it3.hasNext()) {
                    builder.addHeader(str, "[Presto Proxy] " + ((String) it3.next()));
                }
            }
        }
        Request build = builder.setPreserveAuthorizationOnRedirect(true).build();
        FluentFuture<ProxyResponseHandler.ProxyResponse> executeHttp = executeHttp(build);
        function.getClass();
        setupAsyncResponse(asyncResponse, executeHttp.transform((v1) -> {
            return r1.apply(v1);
        }, this.executor).catching(ProxyException.class, proxyException -> {
            return (Response) handleProxyException(build, proxyException);
        }, MoreExecutors.directExecutor()));
    }

    private Response buildResponse(UriInfo uriInfo, ProxyResponseHandler.ProxyResponse proxyResponse) {
        return responseWithHeaders(Response.ok(rewriteResponse(proxyResponse.getBody(), str -> {
            return rewriteUri(uriInfo, str);
        })), proxyResponse);
    }

    private String rewriteUri(UriInfo uriInfo, String str) {
        return uriInfo.getAbsolutePathBuilder().replacePath("/v1/proxy").queryParam("uri", new Object[]{str}).queryParam("hmac", new Object[]{this.hmac.hashString(str, StandardCharsets.UTF_8)}).build(new Object[0]).toString();
    }

    private void setupAsyncResponse(AsyncResponse asyncResponse, ListenableFuture<Response> listenableFuture) {
        AsyncResponseHandler.bindAsyncResponse(asyncResponse, listenableFuture, this.executor).withTimeout(ASYNC_TIMEOUT, () -> {
            return Response.status(Response.Status.BAD_GATEWAY).type(MediaType.TEXT_PLAIN_TYPE).entity("Request to remote Presto server timed out after" + ASYNC_TIMEOUT).build();
        });
    }

    private FluentFuture<ProxyResponseHandler.ProxyResponse> executeHttp(Request request) {
        return FluentFuture.from(this.httpClient.executeAsync(request, new ProxyResponseHandler()));
    }

    private void setupBearerToken(HttpServletRequest httpServletRequest, Request.Builder builder) {
        if (this.jwtHandler.isConfigured()) {
            X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute(X509_ATTRIBUTE);
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                throw badRequest(Response.Status.FORBIDDEN, "No TLS certificate present for request");
            }
            builder.addHeader("Authorization", "Bearer " + this.jwtHandler.getBearerToken(x509CertificateArr[0].getSubjectX500Principal().getName()));
        }
    }

    private void setupXForwardedFor(HttpServletRequest httpServletRequest, Request.Builder builder) {
        StringBuilder sb = new StringBuilder();
        if (httpServletRequest.getHeader("X-Forwarded-For") != null) {
            sb.append(httpServletRequest.getHeader("X-Forwarded-For") + ",");
        }
        sb.append(httpServletRequest.getRemoteAddr());
        builder.addHeader("X-Forwarded-For", sb.toString());
    }

    private static <T> T handleProxyException(Request request, ProxyException proxyException) {
        log.warn(proxyException, "Proxy request failed: %s %s", new Object[]{request.getMethod(), request.getUri()});
        throw badRequest(Response.Status.BAD_GATEWAY, proxyException.getMessage());
    }

    private static WebApplicationException badRequest(Response.Status status, String str) {
        throw new WebApplicationException(Response.status(status).type(MediaType.TEXT_PLAIN_TYPE).entity(str).build());
    }

    private static boolean isPrestoHeader(String str) {
        return str.toLowerCase(Locale.ENGLISH).startsWith("x-presto-");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Response responseWithHeaders(Response.ResponseBuilder responseBuilder, ProxyResponseHandler.ProxyResponse proxyResponse) {
        proxyResponse.getHeaders().asMap().forEach((headerName, collection) -> {
            String headerName = headerName.toString();
            if (isPrestoHeader(headerName) || headerName.equalsIgnoreCase("Set-Cookie")) {
                responseBuilder.header(headerName, collection);
            }
        });
        return responseBuilder.build();
    }

    private static byte[] rewriteResponse(byte[] bArr, Function<String, String> function) {
        try {
            JsonParser createParser = JSON_FACTORY.createParser(bArr);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(bArr.length * 2);
            JsonGenerator createGenerator = JSON_FACTORY.createGenerator(byteArrayOutputStream);
            JsonToken nextToken = createParser.nextToken();
            if (nextToken != JsonToken.START_OBJECT) {
                throw invalidJson("bad start token: " + nextToken);
            }
            createGenerator.copyCurrentEvent(createParser);
            while (true) {
                JsonToken nextToken2 = createParser.nextToken();
                if (nextToken2 == null) {
                    throw invalidJson("unexpected end of stream");
                }
                if (nextToken2 == JsonToken.END_OBJECT) {
                    createGenerator.copyCurrentEvent(createParser);
                    JsonToken nextToken3 = createParser.nextToken();
                    if (nextToken3 != null) {
                        throw invalidJson("unexpected token after object close: " + nextToken3);
                    }
                    createGenerator.close();
                    return byteArrayOutputStream.toByteArray();
                }
                if (nextToken2 != JsonToken.FIELD_NAME) {
                    throw invalidJson("unexpected token: " + nextToken2);
                }
                String valueAsString = createParser.getValueAsString();
                if ("nextUri".equals(valueAsString) || "partialCancelUri".equals(valueAsString)) {
                    JsonToken nextToken4 = createParser.nextToken();
                    if (nextToken4 != JsonToken.VALUE_STRING) {
                        throw invalidJson(String.format("bad %s token: %s", valueAsString, nextToken4));
                    }
                    createGenerator.writeStringField(valueAsString, function.apply(createParser.getValueAsString()));
                } else {
                    createGenerator.copyCurrentStructure(createParser);
                }
            }
        } catch (IOException e) {
            throw new ProxyException(e);
        }
    }

    private static IOException invalidJson(String str) {
        return new IOException("Invalid JSON response from remote Presto server: " + str);
    }

    private static byte[] loadSharedSecret(File file) {
        try {
            return Base64.getMimeDecoder().decode(Files.readAllBytes(file.toPath()));
        } catch (IOException | IllegalArgumentException e) {
            throw new RuntimeException("Failed to load shared secret file: " + file, e);
        }
    }
}
