package com.linkedin.venice.router;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.linkedin.venice.acl.AccessController;
import com.linkedin.venice.acl.AclException;
import com.linkedin.venice.router.api.RouterResourceType;
import com.linkedin.venice.router.api.VenicePathParser;
import com.linkedin.venice.router.api.VenicePathParserHelper;
import com.linkedin.venice.router.stats.AdminOperationsStats;
import com.linkedin.venice.utils.NettyUtils;
import com.linkedin.venice.utils.ObjectMapperFactory;
import com.linkedin.venice.utils.RedundantExceptionFilter;
import com.linkedin.venice.utils.SslUtils;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.SimpleChannelInboundHandler;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpRequest;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.ssl.SslHandler;
import io.netty.util.ReferenceCountUtil;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

@ChannelHandler.Sharable
/* loaded from: input_file:com/linkedin/venice/router/AdminOperationsHandler.class */
public class AdminOperationsHandler extends SimpleChannelInboundHandler<HttpRequest> {
    private static final Logger LOGGER = LogManager.getLogger(AdminOperationsHandler.class);
    private static final byte[] EMPTY_BYTES = new byte[0];
    private static final RedundantExceptionFilter EXCEPTION_FILTER = RedundantExceptionFilter.getRedundantExceptionFilter();
    private static final ObjectMapper OBJECT_MAPPER = ObjectMapperFactory.getInstance();
    public static final String READ_THROTTLING_ENABLED = "readThrottlingEnabled";
    public static final String EARLY_THROTTLE_ENABLED = "earlyThrottleEnabled";
    private final AccessController accessController;
    private final AdminOperationsStats adminOperationsStats;
    private final RouterServer routerServer;
    private final VeniceRouterConfig routerConfig;
    private final ScheduledExecutorService executor;
    private ScheduledFuture routerReadQuotaThrottlingLeaseFuture = null;
    private final boolean initialReadThrottlingEnabled;
    private final boolean initialEarlyThrottleEnabled;

    public AdminOperationsHandler(AccessController accessController, RouterServer routerServer, AdminOperationsStats adminOperationsStats) {
        this.accessController = accessController;
        this.adminOperationsStats = adminOperationsStats;
        this.routerServer = routerServer;
        this.routerConfig = routerServer.getConfig();
        this.initialReadThrottlingEnabled = this.routerConfig.isReadThrottlingEnabled();
        this.initialEarlyThrottleEnabled = this.routerConfig.isEarlyThrottleEnabled();
        if (this.initialReadThrottlingEnabled || this.initialEarlyThrottleEnabled) {
            this.executor = Executors.newSingleThreadScheduledExecutor();
        } else {
            this.executor = null;
        }
    }

    public void channelRead0(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest) throws IOException {
        HttpMethod method = httpRequest.method();
        VenicePathParserHelper parseRequest = VenicePathParserHelper.parseRequest(httpRequest);
        RouterResourceType resourceType = parseRequest.getResourceType();
        String resourceName = parseRequest.getResourceName();
        if (resourceType != RouterResourceType.TYPE_ADMIN) {
            ReferenceCountUtil.retain(httpRequest);
            channelHandlerContext.fireChannelRead(httpRequest);
            return;
        }
        this.adminOperationsStats.recordAdminRequest();
        if (StringUtils.isEmpty(resourceName)) {
            this.adminOperationsStats.recordErrorAdminRequest();
            sendUserErrorResponse("Admin operations must specify a task", channelHandlerContext);
            return;
        }
        if (this.accessController != null) {
            try {
                SslHandler sslHandler = channelHandlerContext.pipeline().get(SslHandler.class);
                if (sslHandler == null) {
                    throw new AclException("Non SSL Admin request received");
                }
                X509Certificate x509Certificate = SslUtils.getX509Certificate(sslHandler.engine().getSession().getPeerCertificates()[0]);
                if (!this.accessController.hasAccessToAdminOperation(x509Certificate, resourceName)) {
                    throw new AclException(this.accessController.getPrincipalId(x509Certificate) + " does not have access to admin operation: " + resourceName);
                }
            } catch (AclException e) {
                LOGGER.warn("Exception occurred! Access rejected: {} requestedMethod: {} uri:{}. ", channelHandlerContext.channel().remoteAddress(), method, httpRequest.uri(), e);
                sendErrorResponse(HttpResponseStatus.FORBIDDEN, "Access Rejected", channelHandlerContext);
                return;
            }
        }
        LOGGER.info("Received admin operation request from {} - method: {} task: {} action: {}", channelHandlerContext.channel().remoteAddress(), method, resourceName, parseRequest.getKey());
        if (HttpMethod.GET.equals(method)) {
            handleGet(parseRequest, channelHandlerContext);
        } else if (HttpMethod.POST.equals(method)) {
            handlePost(parseRequest, channelHandlerContext, parseRequest.extractQueryParameters(httpRequest));
        } else {
            sendUserErrorResponse("Unsupported request method " + method, channelHandlerContext);
        }
    }

    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) {
        this.adminOperationsStats.recordErrorAdminRequest();
        InetSocketAddress inetSocketAddress = (InetSocketAddress) channelHandlerContext.channel().remoteAddress();
        String str = inetSocketAddress.getHostName() + ":" + inetSocketAddress.getPort();
        if (!EXCEPTION_FILTER.isRedundantException(inetSocketAddress.getHostName(), th)) {
            LOGGER.error("Got exception while handling admin operation request from {}, and error: {}", str, th.getMessage());
        }
        NettyUtils.setupResponseAndFlush(HttpResponseStatus.INTERNAL_SERVER_ERROR, EMPTY_BYTES, false, channelHandlerContext);
        channelHandlerContext.close();
    }

    private void handleGet(VenicePathParserHelper venicePathParserHelper, ChannelHandlerContext channelHandlerContext) throws IOException {
        String resourceName = venicePathParserHelper.getResourceName();
        String key = venicePathParserHelper.getKey();
        if (!VenicePathParser.TASK_READ_QUOTA_THROTTLE.equals(resourceName)) {
            sendUnimplementedErrorResponse(resourceName, channelHandlerContext);
        } else if (StringUtils.isEmpty(key)) {
            sendReadQuotaThrottleStatus(channelHandlerContext);
        } else {
            sendUserErrorResponse("GET admin task readQuotaThrottle can not specify an action", channelHandlerContext);
        }
    }

    private void handlePost(VenicePathParserHelper venicePathParserHelper, ChannelHandlerContext channelHandlerContext, Map<String, String> map) throws IOException {
        String resourceName = venicePathParserHelper.getResourceName();
        String key = venicePathParserHelper.getKey();
        if (StringUtils.isEmpty(key)) {
            sendUserErrorResponse("Admin operations must have an action", channelHandlerContext);
            return;
        }
        if (!VenicePathParser.TASK_READ_QUOTA_THROTTLE.equals(resourceName)) {
            sendUnimplementedErrorResponse(resourceName, channelHandlerContext);
            return;
        }
        if (VenicePathParser.ACTION_ENABLE.equals(key)) {
            resetReadQuotaThrottling(map);
            sendReadQuotaThrottleStatus(channelHandlerContext);
        } else if (!VenicePathParser.ACTION_DISABLE.equals(key)) {
            sendUserErrorResponse("Unsupported action " + key + " for task " + resourceName, channelHandlerContext);
        } else {
            disableReadQuotaThrottling();
            sendReadQuotaThrottleStatus(channelHandlerContext);
        }
    }

    private void resetReadQuotaThrottling(Map<String, String> map) {
        String str = map.get("delay_execution");
        if (str == null) {
            resetReadQuotaThrottling();
            return;
        }
        if (this.routerReadQuotaThrottlingLeaseFuture != null && !this.routerReadQuotaThrottlingLeaseFuture.isDone()) {
            LOGGER.info("Cancelling existing read quota timer.");
            this.routerReadQuotaThrottlingLeaseFuture.cancel(true);
        }
        this.routerReadQuotaThrottlingLeaseFuture = this.executor.schedule(this::resetReadQuotaThrottling, Long.parseLong(str), TimeUnit.MILLISECONDS);
    }

    private void resetReadQuotaThrottling() {
        this.routerConfig.setReadThrottlingEnabled(this.initialReadThrottlingEnabled);
        this.routerConfig.setEarlyThrottleEnabled(this.initialEarlyThrottleEnabled);
        this.routerServer.setReadRequestThrottling(this.initialReadThrottlingEnabled);
    }

    private void disableReadQuotaThrottling() {
        if (this.routerReadQuotaThrottlingLeaseFuture != null && !this.routerReadQuotaThrottlingLeaseFuture.isDone()) {
            LOGGER.info("Cancelling existing read quota timer.");
            this.routerReadQuotaThrottlingLeaseFuture.cancel(true);
        }
        this.routerConfig.setReadThrottlingEnabled(false);
        this.routerServer.setReadRequestThrottling(false);
        this.routerConfig.setEarlyThrottleEnabled(false);
        if (this.initialReadThrottlingEnabled || this.initialEarlyThrottleEnabled) {
            this.routerReadQuotaThrottlingLeaseFuture = this.executor.schedule(this::resetReadQuotaThrottling, this.routerConfig.getReadQuotaThrottlingLeaseTimeoutMs(), TimeUnit.MILLISECONDS);
        }
    }

    private void sendReadQuotaThrottleStatus(ChannelHandlerContext channelHandlerContext) throws IOException {
        HashMap hashMap = new HashMap();
        hashMap.put(READ_THROTTLING_ENABLED, String.valueOf(this.routerConfig.isReadThrottlingEnabled()));
        hashMap.put(EARLY_THROTTLE_ENABLED, String.valueOf(this.routerConfig.isEarlyThrottleEnabled()));
        sendSuccessResponse(hashMap, channelHandlerContext);
    }

    private void sendUserErrorResponse(String str, ChannelHandlerContext channelHandlerContext) throws IOException {
        this.adminOperationsStats.recordErrorAdminRequest();
        HttpResponseStatus httpResponseStatus = HttpResponseStatus.BAD_REQUEST;
        sendErrorResponse(httpResponseStatus, ("Error " + httpResponseStatus.code() + ": ") + (str + ". Bad request (not conforming to supported command patterns)!"), channelHandlerContext);
    }

    private void sendSuccessResponse(Map<String, String> map, ChannelHandlerContext channelHandlerContext) throws IOException {
        sendResponse(HttpResponseStatus.OK, map, channelHandlerContext);
    }

    private void sendUnimplementedErrorResponse(String str, ChannelHandlerContext channelHandlerContext) throws IOException {
        this.adminOperationsStats.recordErrorAdminRequest();
        HttpResponseStatus httpResponseStatus = HttpResponseStatus.NOT_IMPLEMENTED;
        sendErrorResponse(httpResponseStatus, ("Error " + httpResponseStatus.code() + ": ") + ("Request " + str + " unimplemented !"), channelHandlerContext);
    }

    private void sendErrorResponse(HttpResponseStatus httpResponseStatus, String str, ChannelHandlerContext channelHandlerContext) throws IOException {
        this.adminOperationsStats.recordErrorAdminRequest();
        HashMap hashMap = new HashMap();
        hashMap.put("error", str);
        sendResponse(httpResponseStatus, hashMap, channelHandlerContext);
    }

    private void sendResponse(HttpResponseStatus httpResponseStatus, Map<String, String> map, ChannelHandlerContext channelHandlerContext) throws JsonProcessingException {
        if (map == null) {
            NettyUtils.setupResponseAndFlush(httpResponseStatus, EMPTY_BYTES, true, channelHandlerContext);
        } else {
            NettyUtils.setupResponseAndFlush(httpResponseStatus, OBJECT_MAPPER.writeValueAsString(map).getBytes(), true, channelHandlerContext);
        }
    }
}
