package org.apache.nifi.web.server;

import com.google.common.base.Strings;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.InetAddress;
import java.net.NetworkInterface;
import java.net.SocketException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.text.StringEscapeUtils;
import org.apache.http.conn.util.InetAddressUtils;
import org.apache.nifi.util.NiFiProperties;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.handler.ScopedHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/web/server/HostHeaderHandler.class */
public class HostHeaderHandler extends ScopedHandler {
    private static final Logger logger = LoggerFactory.getLogger(HostHeaderHandler.class);
    private final String serverName;
    private final int serverPort;
    private final List<String> validHosts;

    public HostHeaderHandler(String str) {
        this(str, 0);
    }

    public HostHeaderHandler(String str, int i) {
        this.serverName = (String) Objects.requireNonNull(str);
        this.serverPort = i;
        this.validHosts = generateDefaultHostnames(null);
        this.validHosts.add(str.toLowerCase());
        this.validHosts.add(str.toLowerCase() + ":" + i);
        this.validHosts.add("localhost");
        this.validHosts.add("localhost:" + i);
        this.validHosts.add("");
        try {
            this.validHosts.add(InetAddress.getLocalHost().getHostName().toLowerCase());
            this.validHosts.add(InetAddress.getLocalHost().getHostName().toLowerCase() + ":" + i);
        } catch (Exception e) {
            logger.warn("Failed to determine local hostname.", e);
        }
        logger.info("Created " + toString());
    }

    public HostHeaderHandler(NiFiProperties niFiProperties) {
        this.serverName = (String) Objects.requireNonNull(determineServerHostname(niFiProperties));
        this.serverPort = determineServerPort(niFiProperties);
        List<String> generateDefaultHostnames = generateDefaultHostnames(niFiProperties);
        generateDefaultHostnames.add(this.serverName.toLowerCase());
        generateDefaultHostnames.add(this.serverName.toLowerCase() + ":" + this.serverPort);
        generateDefaultHostnames.addAll(parseCustomHostnames(niFiProperties));
        generateDefaultHostnames.add("");
        this.validHosts = uniqueList(generateDefaultHostnames);
        logger.info("Determined {} valid hostnames and IP addresses for incoming headers: {}", new Object[]{Integer.valueOf(this.validHosts.size()), StringUtils.join(this.validHosts, ", ")});
        logger.debug("Created " + toString());
    }

    List<String> parseCustomHostnames(NiFiProperties niFiProperties) {
        List whitelistedHostsAsList = niFiProperties.getWhitelistedHostsAsList();
        whitelistedHostsAsList.addAll((List) whitelistedHostsAsList.stream().map(str -> {
            return isIPv6Address(str) ? str : StringUtils.substringBeforeLast(str, ":");
        }).collect(Collectors.toList()));
        if (logger.isDebugEnabled()) {
            logger.debug("Parsed {} custom hostnames from nifi.web.proxy.host: {}", new Object[]{Integer.valueOf(whitelistedHostsAsList.size()), StringUtils.join(whitelistedHostsAsList, ", ")});
        }
        return uniqueList(whitelistedHostsAsList);
    }

    private static List<String> uniqueList(List<String> list) {
        return new ArrayList(new LinkedHashSet(list));
    }

    static boolean isIPv6Address(String str) {
        boolean isIPv6Address = InetAddressUtils.isIPv6Address(str);
        String substringAfterLast = StringUtils.substringAfterLast(str, ":");
        boolean isIPv4Address = InetAddressUtils.isIPv4Address(substringAfterLast);
        InetAddressUtils.isIPv4MappedIPv64Address(substringAfterLast);
        boolean z = str.contains("0:0") && !str.contains("::");
        return isIPv6Address || isIPv4Address;
    }

    private int determineServerPort(NiFiProperties niFiProperties) {
        return (niFiProperties.getSslPort() != null ? niFiProperties.getSslPort() : niFiProperties.getPort()).intValue();
    }

    private String determineServerHostname(NiFiProperties niFiProperties) {
        return niFiProperties.getSslPort() != null ? niFiProperties.getProperty("nifi.web.https.host", "localhost") : niFiProperties.getProperty("nifi.web.http.host", "localhost");
    }

    public void doScope(String str, Request request, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        logger.debug("HostHeaderHandler#doScope on " + httpServletRequest.getRequestURI());
        nextScope(str, request, httpServletRequest, httpServletResponse);
    }

    boolean hostHeaderIsValid(String str) {
        return this.validHosts.contains(str.toLowerCase().trim());
    }

    public String toString() {
        return "HostHeaderHandler for " + this.serverName + ":" + this.serverPort;
    }

    public void doHandle(String str, Request request, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        String header = httpServletRequest.getHeader("Host");
        logger.debug("Received request [" + httpServletRequest.getRequestURI() + "] with host header: " + header);
        if (hostHeaderIsValid(header)) {
            return;
        }
        logger.warn("Request host header [" + header + "] different from web hostname [" + this.serverName + "(:" + this.serverPort + ")]. Overriding to [" + this.serverName + ":" + this.serverPort + httpServletRequest.getRequestURI() + "]");
        httpServletResponse.setContentType("text/html; charset=utf-8");
        httpServletResponse.setStatus(200);
        PrintWriter writer = httpServletResponse.getWriter();
        writer.println("<h1>System Error</h1>");
        writer.println("<h2>The request contained an invalid host header [<code>" + StringEscapeUtils.escapeHtml4(header) + "</code>] in the request [<code>" + StringEscapeUtils.escapeHtml4(httpServletRequest.getRequestURI()) + "</code>]. Check for request manipulation or third-party intercept.</h2>");
        writer.println("<h3>Valid host headers are [<code>empty</code>] or: <br/><code>");
        writer.println(printValidHosts());
        writer.println("</code></h3>");
        request.setHandled(true);
    }

    String printValidHosts() {
        StringBuilder sb = new StringBuilder("<ul>");
        for (String str : this.validHosts) {
            if (StringUtils.isNotBlank(str)) {
                sb.append("<li>").append(StringEscapeUtils.escapeHtml4(str)).append("</li>\n");
            }
        }
        return sb.append("</ul>\n").toString();
    }

    public static List<String> generateDefaultHostnames(NiFiProperties niFiProperties) {
        ArrayList arrayList = new ArrayList();
        int i = 0;
        if (niFiProperties == null) {
            logger.warn("NiFiProperties not configured; returning minimal default hostnames");
        } else {
            try {
                i = niFiProperties.getConfiguredHttpOrHttpsPort().intValue();
            } catch (RuntimeException e) {
                logger.warn("Cannot fully generate list of default hostnames because the server port is not configured in nifi.properties. Defaulting to port 0 for host header evaluation");
            }
            try {
                int i2 = i;
                extractIPsFromNetworkInterfaces(niFiProperties).stream().forEach(str -> {
                    arrayList.add(str);
                    arrayList.add(str + ":" + i2);
                });
            } catch (Exception e2) {
                logger.warn("Failed to determine custom network interfaces.", e2);
            }
        }
        arrayList.add("127.0.0.1");
        arrayList.add("127.0.0.1:" + i);
        arrayList.add("localhost");
        arrayList.add("localhost:" + i);
        arrayList.add("[::1]");
        arrayList.add("[::1]:" + i);
        try {
            arrayList.add(InetAddress.getLoopbackAddress().getHostAddress().toLowerCase());
            arrayList.add(InetAddress.getLoopbackAddress().getHostAddress().toLowerCase() + ":" + i);
            arrayList.add(InetAddress.getLocalHost().getHostName().toLowerCase());
            arrayList.add(InetAddress.getLocalHost().getHostName().toLowerCase() + ":" + i);
            arrayList.add(InetAddress.getLocalHost().getHostAddress().toLowerCase());
            arrayList.add(InetAddress.getLocalHost().getHostAddress().toLowerCase() + ":" + i);
        } catch (Exception e3) {
            logger.warn("Failed to determine local hostname.", e3);
        }
        List<String> uniqueList = uniqueList(arrayList);
        if (logger.isDebugEnabled()) {
            logger.debug("Determined {} valid default hostnames and IP addresses for incoming headers: {}", new Object[]{Integer.valueOf(uniqueList.size()), StringUtils.join(uniqueList, ", ")});
        }
        return uniqueList;
    }

    static List<String> extractIPsFromNetworkInterfaces(NiFiProperties niFiProperties) {
        Map httpsNetworkInterfaces = niFiProperties.isHTTPSConfigured() ? niFiProperties.getHttpsNetworkInterfaces() : niFiProperties.getHttpNetworkInterfaces();
        if (isNotDefined(httpsNetworkInterfaces)) {
            return new ArrayList(0);
        }
        ArrayList arrayList = new ArrayList();
        Iterator it = httpsNetworkInterfaces.entrySet().iterator();
        while (it.hasNext()) {
            String str = (String) ((Map.Entry) it.next()).getValue();
            try {
                List list = (List) Collections.list(NetworkInterface.getByName(str).getInetAddresses()).stream().map(inetAddress -> {
                    return inetAddress.getHostAddress().toLowerCase();
                }).collect(Collectors.toList());
                logger.debug("Resolved the following IP addresses for network interface {}: {}", new Object[]{str, StringUtils.join(list, ", ")});
                arrayList.addAll(list);
            } catch (SocketException e) {
                logger.warn("Cannot resolve network interface named " + str);
            }
        }
        return uniqueList(arrayList);
    }

    static boolean isNotDefined(Map<String, String> map) {
        return map == null || map.isEmpty() || ((List) map.values().stream().filter(str -> {
            return !Strings.isNullOrEmpty(str);
        }).collect(Collectors.toList())).isEmpty();
    }
}
