package org.apache.ranger.plugin.util;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.huawei.us.common.random.UsSecureRandom;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientHandlerException;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.api.client.config.DefaultClientConfig;
import com.sun.jersey.api.client.filter.ClientFilter;
import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter;
import com.sun.jersey.client.urlconnection.HTTPSProperties;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.List;
import java.util.Map;
import java.util.Random;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.ws.rs.core.Cookie;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider;
import org.apache.ranger.authorization.utils.StringUtil;
import org.codehaus.jackson.jaxrs.JacksonJsonProvider;

/* loaded from: input_file:org/apache/ranger/plugin/util/RangerRESTClient.class */
public class RangerRESTClient {
    public static final String RANGER_PROP_POLICYMGR_URL = "ranger.service.store.rest.url";
    public static final String RANGER_PROP_POLICYMGR_SSLCONFIG_FILENAME = "ranger.service.store.rest.ssl.config.file";
    public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE = "xasecure.policymgr.clientssl.keystore";
    public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE = "xasecure.policymgr.clientssl.keystore.type";
    public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL = "xasecure.policymgr.clientssl.keystore.credential.file";
    public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS = "sslKeyStore";
    public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT = "jks";
    public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE = "xasecure.policymgr.clientssl.truststore";
    public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE = "xasecure.policymgr.clientssl.truststore.type";
    public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL = "xasecure.policymgr.clientssl.truststore.credential.file";
    public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS = "sslTrustStore";
    public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT = "jks";
    public static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "TLS";
    private String mUrl;
    private String mSslConfigFileName;
    private String mUsername;
    private String mPassword;
    private boolean mIsSSL;
    private String mKeyStoreURL;
    private String mKeyStoreAlias;
    private String mKeyStoreFile;
    private String mKeyStoreType;
    private String mTrustStoreURL;
    private String mTrustStoreAlias;
    private String mTrustStoreFile;
    private String mTrustStoreType;
    private Gson gsonBuilder;
    private int mRestClientConnTimeOutMs;
    private int mRestClientReadTimeOutMs;
    private int lastKnownActiveUrlIndex;
    private final List<String> configuredURLs;
    private volatile Client client;
    private ClientFilter basicAuthFilter;
    private static final Log LOG = LogFactory.getLog(RangerRESTClient.class);
    public static final String RANGER_SSL_KEYMANAGER_ALGO_TYPE = KeyManagerFactory.getDefaultAlgorithm();
    public static final String RANGER_SSL_TRUSTMANAGER_ALGO_TYPE = TrustManagerFactory.getDefaultAlgorithm();

    public RangerRESTClient(String str, String str2, Configuration configuration) {
        this.mUrl = str;
        this.mSslConfigFileName = str2;
        this.configuredURLs = StringUtil.getURLs(this.mUrl);
        setLastKnownActiveUrlIndex(new Random().nextInt(getConfiguredURLs().size()));
        init(configuration);
    }

    public String getUrl() {
        return this.mUrl;
    }

    public void setUrl(String str) {
        this.mUrl = str;
    }

    public String getUsername() {
        return this.mUsername;
    }

    public String getPassword() {
        return this.mPassword;
    }

    public int getRestClientConnTimeOutMs() {
        return this.mRestClientConnTimeOutMs;
    }

    public void setRestClientConnTimeOutMs(int i) {
        this.mRestClientConnTimeOutMs = i;
    }

    public int getRestClientReadTimeOutMs() {
        return this.mRestClientReadTimeOutMs;
    }

    public void setRestClientReadTimeOutMs(int i) {
        this.mRestClientReadTimeOutMs = i;
    }

    public void setBasicAuthInfo(String str, String str2) {
        this.mUsername = str;
        this.mPassword = str2;
    }

    public WebResource getResource(String str) {
        return getClient().resource(getUrl() + str);
    }

    public String toJson(Object obj) {
        return this.gsonBuilder.toJson(obj);
    }

    public <T> T fromJson(String str, Class<T> cls) {
        return (T) this.gsonBuilder.fromJson(str, cls);
    }

    public Client getClient() {
        Client client = this.client;
        if (client == null) {
            synchronized (this) {
                client = this.client;
                if (client == null) {
                    Client buildClient = buildClient();
                    client = buildClient;
                    this.client = buildClient;
                }
            }
        }
        return client;
    }

    private Client buildClient() {
        Client client = null;
        if (this.mIsSSL) {
            SSLContext sSLContext = getSSLContext(getKeyManagers(), getTrustManagers());
            DefaultClientConfig defaultClientConfig = new DefaultClientConfig();
            defaultClientConfig.getClasses().add(JacksonJsonProvider.class);
            defaultClientConfig.getProperties().put("com.sun.jersey.client.impl.urlconnection.httpsProperties", new HTTPSProperties(new HostnameVerifier() { // from class: org.apache.ranger.plugin.util.RangerRESTClient.1
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    return sSLSession.getPeerHost().equals(str);
                }
            }, sSLContext));
            client = Client.create(defaultClientConfig);
        }
        if (client == null) {
            DefaultClientConfig defaultClientConfig2 = new DefaultClientConfig();
            defaultClientConfig2.getClasses().add(JacksonJsonProvider.class);
            client = Client.create(defaultClientConfig2);
        }
        if (StringUtils.isNotEmpty(this.mUsername) && StringUtils.isNotEmpty(this.mPassword)) {
            this.basicAuthFilter = new HTTPBasicAuthFilter(this.mUsername, this.mPassword);
            client.addFilter(this.basicAuthFilter);
        }
        client.setConnectTimeout(Integer.valueOf(this.mRestClientConnTimeOutMs));
        client.setReadTimeout(Integer.valueOf(this.mRestClientReadTimeOutMs));
        return client;
    }

    public void resetClient() {
        this.client = null;
    }

    private void init(Configuration configuration) {
        try {
            this.gsonBuilder = new GsonBuilder().setDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ").create();
        } catch (Throwable th) {
            LOG.fatal("RangerRESTClient.init(): failed to create GsonBuilder object", th);
        }
        this.mIsSSL = StringUtils.containsIgnoreCase(this.mUrl, "https");
        if (this.mIsSSL) {
            InputStream inputStream = null;
            try {
                try {
                    inputStream = getFileInputStream(this.mSslConfigFileName);
                    if (inputStream != null) {
                        configuration.addResource(inputStream);
                    }
                    this.mKeyStoreURL = configuration.get(RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL);
                    this.mKeyStoreAlias = RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS;
                    this.mKeyStoreType = configuration.get(RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE, "jks");
                    this.mKeyStoreFile = configuration.get(RANGER_POLICYMGR_CLIENT_KEY_FILE);
                    this.mTrustStoreURL = configuration.get(RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL);
                    this.mTrustStoreAlias = RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS;
                    this.mTrustStoreType = configuration.get(RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE, "jks");
                    this.mTrustStoreFile = configuration.get(RANGER_POLICYMGR_TRUSTSTORE_FILE);
                    close(inputStream, this.mSslConfigFileName);
                } catch (IOException e) {
                    LOG.error("Unable to load SSL Config FileName: [" + this.mSslConfigFileName + "]", e);
                    close(inputStream, this.mSslConfigFileName);
                }
            } catch (Throwable th2) {
                close(inputStream, this.mSslConfigFileName);
                throw th2;
            }
        }
    }

    private KeyManager[] getKeyManagers() {
        return getKeyManagers(this.mKeyStoreFile, getCredential(this.mKeyStoreURL, this.mKeyStoreAlias));
    }

    public KeyManager[] getKeyManagers(String str, String str2) {
        KeyManager[] keyManagerArr = null;
        if (StringUtils.isNotEmpty(str) && StringUtils.isNotEmpty(str2)) {
            try {
                try {
                    try {
                        try {
                            InputStream fileInputStream = getFileInputStream(str);
                            if (fileInputStream != null) {
                                KeyStore keyStore = KeyStore.getInstance(this.mKeyStoreType);
                                keyStore.load(fileInputStream, str2.toCharArray());
                                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(RANGER_SSL_KEYMANAGER_ALGO_TYPE);
                                keyManagerFactory.init(keyStore, str2.toCharArray());
                                keyManagerArr = keyManagerFactory.getKeyManagers();
                            } else {
                                LOG.warn("Unable to obtain keystore from file [" + str + "]");
                            }
                            close(fileInputStream, str);
                        } catch (FileNotFoundException e) {
                            LOG.warn("Unable to find the necessary SSL Keystore Files");
                            throw new IllegalStateException("Unable to find keystore file.");
                        } catch (UnrecoverableKeyException e2) {
                            LOG.warn("Unable to recover the key from keystore");
                            throw new IllegalStateException("Unable to recover the key from keystore :" + str + ", error :" + e2.getMessage());
                        }
                    } catch (IOException e3) {
                        LOG.warn("Unable to read the necessary SSL Keystore Files");
                        throw new IllegalStateException("Unable to read keystore file :" + str + ", error :" + e3.getMessage());
                    } catch (NoSuchAlgorithmException e4) {
                        LOG.warn("SSL algorithm is NOT available in the environment");
                        throw new IllegalStateException("SSL algorithm is NOT available in the environment :" + e4.getMessage());
                    }
                } catch (KeyStoreException e5) {
                    LOG.warn("Unable to obtain from KeyStore :" + e5.getMessage());
                    throw new IllegalStateException("Unable to init keystore:" + e5.getMessage());
                } catch (CertificateException e6) {
                    LOG.warn("Unable to obtain the requested certification ");
                    throw new IllegalStateException("Unable to obtain the requested certification :" + e6.getMessage());
                }
            } catch (Throwable th) {
                close(null, str);
                throw th;
            }
        }
        return keyManagerArr;
    }

    private TrustManager[] getTrustManagers() {
        TrustManager[] trustManagerArr = null;
        if (StringUtils.isNotEmpty(this.mTrustStoreURL) && StringUtils.isNotEmpty(this.mTrustStoreAlias)) {
            String credential = getCredential(this.mTrustStoreURL, this.mTrustStoreAlias);
            if (StringUtils.isNotEmpty(credential)) {
                trustManagerArr = getTrustManagers(this.mTrustStoreFile, credential);
            }
        }
        return trustManagerArr;
    }

    public TrustManager[] getTrustManagers(String str, String str2) {
        TrustManager[] trustManagerArr = null;
        if (StringUtils.isNotEmpty(str) && StringUtils.isNotEmpty(str2)) {
            try {
                try {
                    try {
                        try {
                            try {
                                try {
                                    InputStream fileInputStream = getFileInputStream(str);
                                    if (fileInputStream != null) {
                                        KeyStore keyStore = KeyStore.getInstance(this.mTrustStoreType);
                                        keyStore.load(fileInputStream, str2.toCharArray());
                                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(RANGER_SSL_TRUSTMANAGER_ALGO_TYPE);
                                        trustManagerFactory.init(keyStore);
                                        trustManagerArr = trustManagerFactory.getTrustManagers();
                                    } else {
                                        LOG.warn("Unable to obtain truststore from file [" + str + "]");
                                    }
                                    close(fileInputStream, str);
                                } catch (IOException e) {
                                    LOG.warn("Unable to read the necessary SSL TrustStore Files :" + str);
                                    close(null, str);
                                }
                            } catch (CertificateException e2) {
                                LOG.warn("Unable to obtain the requested certification :" + e2.getMessage());
                                close(null, str);
                            }
                        } catch (KeyStoreException e3) {
                            LOG.warn("Unable to obtain from KeyStore", e3);
                            close(null, str);
                        }
                    } catch (FileNotFoundException e4) {
                        LOG.warn("Unable to find the necessary SSL TrustStore File.");
                        close(null, str);
                    }
                } catch (NoSuchAlgorithmException e5) {
                    LOG.warn("SSL algorithm is NOT available in the environment :" + e5.getMessage());
                    close(null, str);
                }
            } catch (Throwable th) {
                close(null, str);
                throw th;
            }
        }
        return trustManagerArr;
    }

    protected SSLContext getSSLContext(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) {
        if (trustManagerArr == null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } catch (IllegalStateException | KeyStoreException | NoSuchAlgorithmException e) {
                LOG.error("Unable to get the default SSL TrustStore for the JVM", e);
                trustManagerArr = null;
            }
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance(RANGER_SSL_CONTEXT_ALGO_TYPE);
            sSLContext.init(keyManagerArr, trustManagerArr, UsSecureRandom.getInstance());
            return sSLContext;
        } catch (KeyManagementException e2) {
            LOG.warn("Unable to initials the SSLContext", e2);
            throw new IllegalStateException("Unable to initials the SSLContex: " + e2.getMessage(), e2);
        } catch (NoSuchAlgorithmException e3) {
            LOG.warn("SSL algorithm is not available in the environment", e3);
            throw new IllegalStateException("SSL algorithm is not available in the environment: " + e3.getMessage(), e3);
        }
    }

    private String getCredential(String str, String str2) {
        return RangerCredentialProvider.getInstance().getCredentialString(str, str2);
    }

    private InputStream getFileInputStream(String str) throws IOException {
        InputStream inputStream = null;
        if (StringUtils.isNotEmpty(str)) {
            File file = new File(str);
            inputStream = file.exists() ? new FileInputStream(file) : ClassLoader.getSystemResourceAsStream(str);
        }
        return inputStream;
    }

    private void close(InputStream inputStream, String str) {
        if (inputStream != null) {
            try {
                inputStream.close();
            } catch (IOException e) {
                LOG.error("Error while closing file: [" + str + "]", e);
            }
        }
    }

    public ClientResponse get(String str, Map<String, String> map) throws Exception {
        ClientResponse clientResponse = null;
        int i = this.lastKnownActiveUrlIndex;
        int i2 = 0;
        for (int i3 = 0; i3 < this.configuredURLs.size(); i3++) {
            try {
                i2 = (i + i3) % this.configuredURLs.size();
                addBasicAuthFilterForHttpClient();
                clientResponse = (ClientResponse) setQueryParams(getClient().resource(this.configuredURLs.get(i2) + str), map).accept(new String[]{"application/json"}).type("application/json").get(ClientResponse.class);
            } catch (ClientHandlerException e) {
                LOG.warn("Failed to communicate with Ranger Admin, URL : " + this.configuredURLs.get(i2));
                processException(i3, e);
            }
            if (clientResponse != null) {
                setLastKnownActiveUrlIndex(i2);
                break;
            }
            continue;
        }
        return clientResponse;
    }

    public ClientResponse post(String str, Map<String, String> map, Object obj) throws Exception {
        ClientResponse clientResponse = null;
        int i = this.lastKnownActiveUrlIndex;
        int i2 = 0;
        for (int i3 = 0; i3 < this.configuredURLs.size(); i3++) {
            try {
                i2 = (i + i3) % this.configuredURLs.size();
                addBasicAuthFilterForHttpClient();
                clientResponse = (ClientResponse) setQueryParams(getClient().resource(this.configuredURLs.get(i2) + str), map).accept(new String[]{"application/json"}).type("application/json").post(ClientResponse.class, toJson(obj));
            } catch (ClientHandlerException e) {
                LOG.warn("Failed to communicate with Ranger Admin, URL : " + this.configuredURLs.get(i2));
                processException(i3, e);
            }
            if (clientResponse != null) {
                setLastKnownActiveUrlIndex(i2);
                break;
            }
            continue;
        }
        return clientResponse;
    }

    public ClientResponse delete(String str, Map<String, String> map) throws Exception {
        ClientResponse clientResponse = null;
        int i = this.lastKnownActiveUrlIndex;
        int i2 = 0;
        for (int i3 = 0; i3 < this.configuredURLs.size(); i3++) {
            try {
                i2 = (i + i3) % this.configuredURLs.size();
                addBasicAuthFilterForHttpClient();
                clientResponse = (ClientResponse) setQueryParams(getClient().resource(this.configuredURLs.get(i2) + str), map).accept(new String[]{"application/json"}).type("application/json").delete(ClientResponse.class);
            } catch (ClientHandlerException e) {
                LOG.warn("Failed to communicate with Ranger Admin, URL : " + this.configuredURLs.get(i2));
                processException(i3, e);
            }
            if (clientResponse != null) {
                setLastKnownActiveUrlIndex(i2);
                break;
            }
            continue;
        }
        return clientResponse;
    }

    public ClientResponse put(String str, Map<String, String> map, Object obj) throws Exception {
        ClientResponse clientResponse = null;
        int i = this.lastKnownActiveUrlIndex;
        int i2 = 0;
        for (int i3 = 0; i3 < this.configuredURLs.size(); i3++) {
            try {
                i2 = (i + i3) % this.configuredURLs.size();
                addBasicAuthFilterForHttpClient();
                clientResponse = (ClientResponse) setQueryParams(getClient().resource(this.configuredURLs.get(i2) + str), map).accept(new String[]{"application/json"}).type("application/json").put(ClientResponse.class, toJson(obj));
            } catch (ClientHandlerException e) {
                LOG.warn("Failed to communicate with Ranger Admin, URL : " + this.configuredURLs.get(i2));
                processException(i3, e);
            }
            if (clientResponse != null) {
                setLastKnownActiveUrlIndex(i2);
                break;
            }
            continue;
        }
        return clientResponse;
    }

    public ClientResponse put(String str, Object obj, Cookie cookie) throws Exception {
        ClientResponse clientResponse = null;
        int i = this.lastKnownActiveUrlIndex;
        int i2 = 0;
        for (int i3 = 0; i3 < this.configuredURLs.size(); i3++) {
            try {
                i2 = (i + i3) % this.configuredURLs.size();
                clientResponse = (ClientResponse) createWebResourceForCookieAuth(i2, str).getRequestBuilder().cookie(cookie).accept(new String[]{"application/json"}).type("application/json").put(ClientResponse.class, toJson(obj));
            } catch (ClientHandlerException e) {
                LOG.warn("Failed to communicate with Ranger Admin, URL : " + this.configuredURLs.get(i2));
                processException(i3, e);
            }
            if (clientResponse != null) {
                setLastKnownActiveUrlIndex(i2);
                break;
            }
            continue;
        }
        return clientResponse;
    }

    protected static WebResource setQueryParams(WebResource webResource, Map<String, String> map) {
        WebResource webResource2 = webResource;
        if (webResource != null && map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                webResource2 = webResource2.queryParam(entry.getKey(), entry.getValue());
            }
        }
        return webResource2;
    }

    protected void setLastKnownActiveUrlIndex(int i) {
        this.lastKnownActiveUrlIndex = i;
    }

    protected WebResource createWebResourceForCookieAuth(int i, String str) {
        Client client = getClient();
        client.removeAllFilters();
        return client.resource(this.configuredURLs.get(i) + str);
    }

    protected void processException(int i, ClientHandlerException clientHandlerException) throws Exception {
        if (i == this.configuredURLs.size() - 1) {
            LOG.error("Failed to communicate with all Ranger Admin's URL's : [ " + this.configuredURLs + " ]");
            throw clientHandlerException;
        }
    }

    public int getLastKnownActiveUrlIndex() {
        return this.lastKnownActiveUrlIndex;
    }

    public List<String> getConfiguredURLs() {
        return this.configuredURLs;
    }

    public boolean isSSL() {
        return this.mIsSSL;
    }

    public void setSSL(boolean z) {
        this.mIsSSL = z;
    }

    protected void setClient(Client client) {
        this.client = client;
    }

    protected void setKeyStoreType(String str) {
        this.mKeyStoreType = str;
    }

    protected void setTrustStoreType(String str) {
        this.mTrustStoreType = str;
    }

    private void addBasicAuthFilterForHttpClient() {
        Client client = getClient();
        if (this.basicAuthFilter == null || client.isFilterPresent(this.basicAuthFilter)) {
            return;
        }
        LOG.info("Add Basic auth filter for http client.");
        client.addFilter(this.basicAuthFilter);
    }
}
