package org.apache.nifi.web.api;

import com.wordnik.swagger.annotations.Api;
import com.wordnik.swagger.annotations.ApiOperation;
import com.wordnik.swagger.annotations.ApiResponse;
import com.wordnik.swagger.annotations.ApiResponses;
import com.wordnik.swagger.annotations.Authorization;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.authorization.AccessDeniedException;
import org.apache.nifi.authorization.AuthorizationRequest;
import org.apache.nifi.authorization.AuthorizationResult;
import org.apache.nifi.authorization.Authorizer;
import org.apache.nifi.authorization.RequestAction;
import org.apache.nifi.authorization.resource.ResourceFactory;
import org.apache.nifi.authorization.user.NiFiUser;
import org.apache.nifi.authorization.user.NiFiUserUtils;
import org.apache.nifi.cluster.coordination.ClusterCoordinator;
import org.apache.nifi.cluster.coordination.node.NodeConnectionState;
import org.apache.nifi.cluster.protocol.NodeIdentifier;
import org.apache.nifi.remote.HttpRemoteSiteListener;
import org.apache.nifi.remote.VersionNegotiator;
import org.apache.nifi.remote.client.http.TransportProtocolVersionNegotiator;
import org.apache.nifi.remote.exception.BadRequestException;
import org.apache.nifi.web.NiFiServiceFacade;
import org.apache.nifi.web.api.ApplicationResource;
import org.apache.nifi.web.api.dto.ControllerDTO;
import org.apache.nifi.web.api.dto.remote.PeerDTO;
import org.apache.nifi.web.api.entity.ControllerEntity;
import org.apache.nifi.web.api.entity.PeersEntity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("/site-to-site")
@Api(value = "/site-to-site", description = "Provide access to site to site with this NiFi")
/* loaded from: input_file:WEB-INF/classes/org/apache/nifi/web/api/SiteToSiteResource.class */
public class SiteToSiteResource extends ApplicationResource {
    private static final Logger logger = LoggerFactory.getLogger(SiteToSiteResource.class);
    private NiFiServiceFacade serviceFacade;
    private ClusterCoordinator clusterCoordinator;
    private Authorizer authorizer;
    private final ApplicationResource.ResponseCreator responseCreator = new ApplicationResource.ResponseCreator();
    private final VersionNegotiator transportProtocolVersionNegotiator = new TransportProtocolVersionNegotiator(new int[]{1});
    private final HttpRemoteSiteListener transactionManager = HttpRemoteSiteListener.getInstance();

    protected void authorizeSiteToSite() {
        NiFiUser niFiUser = NiFiUserUtils.getNiFiUser();
        AuthorizationResult authorize = this.authorizer.authorize(new AuthorizationRequest.Builder().resource(ResourceFactory.getSiteToSiteResource()).identity(niFiUser.getIdentity()).anonymous(Boolean.valueOf(niFiUser.isAnonymous())).accessAttempt(true).action(RequestAction.READ).build());
        if (AuthorizationResult.Result.Approved.equals(authorize.getResult())) {
        } else {
            throw new AccessDeniedException(StringUtils.isNotBlank(authorize.getExplanation()) ? authorize.getExplanation() : "Access is denied");
        }
    }

    @GET
    @Consumes({"*/*"})
    @ApiOperation(value = "Returns the details about this NiFi necessary to communicate via site to site", response = ControllerEntity.class, authorizations = {@Authorization(value = "Read - /site-to-site", type = "")})
    @ApiResponses({@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")})
    @Produces({"application/json"})
    public Response getSiteToSiteDetails(@Context HttpServletRequest httpServletRequest) {
        authorizeSiteToSite();
        if (isReplicateRequest()) {
            return replicate("GET");
        }
        ControllerDTO siteToSiteDetails = this.serviceFacade.getSiteToSiteDetails();
        ControllerEntity controllerEntity = new ControllerEntity();
        controllerEntity.setController(siteToSiteDetails);
        if (StringUtils.isEmpty(httpServletRequest.getHeader("x-nifi-site-to-site-protocol-version"))) {
            logger.debug("Converting result to provide backward compatibility...");
            siteToSiteDetails.setRemoteSiteHttpListeningPort((Integer) null);
        }
        return clusterContext(noCache(Response.ok(controllerEntity))).build();
    }

    @GET
    @Path("/peers")
    @Consumes({"*/*"})
    @ApiOperation(value = "Returns the available Peers and its status of this NiFi", response = PeersEntity.class, authorizations = {@Authorization(value = "Read - /site-to-site", type = "")})
    @ApiResponses({@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")})
    @Produces({"application/json", "application/xml"})
    public Response getPeers(@Context HttpServletRequest httpServletRequest) {
        String localName;
        authorizeSiteToSite();
        if (!this.properties.isSiteToSiteHttpEnabled().booleanValue()) {
            return this.responseCreator.httpSiteToSiteIsNotEnabledResponse();
        }
        try {
            Integer negotiateTransportProtocolVersion = negotiateTransportProtocolVersion(httpServletRequest, this.transportProtocolVersionNegotiator);
            ArrayList arrayList = new ArrayList();
            if (this.properties.isNode()) {
                for (NodeIdentifier nodeIdentifier : this.clusterCoordinator.getNodeIdentifiers(new NodeConnectionState[]{NodeConnectionState.CONNECTED})) {
                    PeerDTO peerDTO = new PeerDTO();
                    String siteToSiteAddress = nodeIdentifier.getSiteToSiteAddress();
                    peerDTO.setHostname(siteToSiteAddress == null ? nodeIdentifier.getApiAddress() : siteToSiteAddress);
                    peerDTO.setPort(nodeIdentifier.getSiteToSiteHttpApiPort() == null ? nodeIdentifier.getApiPort() : nodeIdentifier.getSiteToSiteHttpApiPort().intValue());
                    peerDTO.setSecure(nodeIdentifier.isSiteToSiteSecure());
                    peerDTO.setFlowFileCount(0);
                    arrayList.add(peerDTO);
                }
            } else {
                PeerDTO peerDTO2 = new PeerDTO();
                String remoteInputHost = this.properties.getRemoteInputHost();
                try {
                    localName = InetAddress.getLocalHost().getHostName();
                } catch (UnknownHostException e) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Failed to get local host name using InetAddress.", e);
                    }
                    localName = httpServletRequest.getLocalName();
                }
                peerDTO2.setHostname(StringUtils.isEmpty(remoteInputHost) ? localName : remoteInputHost);
                peerDTO2.setPort(this.properties.getRemoteInputHttpPort().intValue());
                peerDTO2.setSecure(this.properties.isSiteToSiteSecure().booleanValue());
                peerDTO2.setFlowFileCount(0);
                arrayList.add(peerDTO2);
            }
            PeersEntity peersEntity = new PeersEntity();
            peersEntity.setPeers(arrayList);
            return clusterContext(noCache(setCommonHeaders(Response.ok(peersEntity), negotiateTransportProtocolVersion, this.transactionManager))).build();
        } catch (BadRequestException e2) {
            return this.responseCreator.badRequestResponse(e2);
        }
    }

    public void setServiceFacade(NiFiServiceFacade niFiServiceFacade) {
        this.serviceFacade = niFiServiceFacade;
    }

    public void setAuthorizer(Authorizer authorizer) {
        this.authorizer = authorizer;
    }

    @Override // org.apache.nifi.web.api.ApplicationResource
    public void setClusterCoordinator(ClusterCoordinator clusterCoordinator) {
        super.setClusterCoordinator(clusterCoordinator);
        this.clusterCoordinator = clusterCoordinator;
    }
}
