package com.huawei.ranger.install;

import com.huawei.ranger.install.policy.refresher.BasePolicyRefesher;
import com.huawei.ranger.install.policy.refresher.ElasticsearchPolicyRefresher;
import com.huawei.ranger.install.policy.refresher.HBasePolicyRefresher;
import com.huawei.ranger.install.policy.refresher.HDFSPolicyRefresher;
import com.huawei.ranger.install.policy.refresher.HivePolicyRefresher;
import com.huawei.ranger.install.policy.refresher.KafkaPolicyRefresher;
import com.huawei.ranger.install.policy.refresher.StormPolicyRefresher;
import com.huawei.ranger.install.policy.refresher.YarnPolicyRefresher;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientHandlerException;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter;
import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import java.util.Iterator;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.SecureClientLogin;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.utils.install.XmlConfigChanger;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/ranger/install/ServiceCreater.class */
public class ServiceCreater {
    private static final int RESPONSE_OK = 200;
    private static final String PRINCIPAL_ALIAS = "ranger.login.principal";
    private static final String KEYTAB_ALIAS = "ranger.login.keytab";
    private static final String POLICY_MGR_URL_ALIAS = "ranger.policy.manager.url";
    private static final String CONF_PATH_ALIAS = "ranger.component.conf.path";
    private static final String AUTHENTICATION_TYPE = "ranger.authentication.type";
    private static final String AUTH_KERBEROS = "kerberos";
    private static final int CLIENT_CONNECT_TIMEOUT = 120000;
    private static final int CLIENT_READ_TIMEOUT = 30000;
    private static final Logger LOG = LoggerFactory.getLogger(ServiceCreater.class);
    private static boolean isConnectionRefused = false;
    private static String authenticationType = null;
    private static String confPath = null;
    private static String username = null;
    private static String keytab = null;

    public static void main(String[] strArr) {
        try {
            confPath = System.getProperty(CONF_PATH_ALIAS, "");
            username = System.getProperty(PRINCIPAL_ALIAS, "");
            keytab = System.getProperty(KEYTAB_ALIAS, "");
            authenticationType = System.getProperty(AUTHENTICATION_TYPE, "simple");
            if (StringUtil.isEmpty(username) || StringUtil.isEmpty(keytab) || StringUtil.isEmpty(confPath)) {
                LOG.error("Credential info(user or keytab or krb5.conf) is empty, exit....");
                return;
            }
            String property = System.getProperty(POLICY_MGR_URL_ALIAS, "");
            if (StringUtil.isEmpty(property)) {
                LOG.error("POLICY_MGR_URL is empty, exit....");
                return;
            }
            Iterator it = StringUtil.getURLs(property).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String str = (String) it.next();
                LOG.info("Start initialize Ranger service and policy.");
                insertRangerService(str);
                if (!isConnectionRefused) {
                    LOG.info("Initialize Ranger service and policy finished.");
                    break;
                }
                LOG.warn("Connection refused for {}, try another node again..", str);
            }
        } catch (Exception e) {
            LOG.error("Error happened:" + e.getMessage(), e);
        }
    }

    private static void insertRangerService(final String str) throws IOException, InterruptedException {
        final JSONObject servicePostJson = ServiceRestUtil.getServicePostJson(confPath);
        if (LOG.isInfoEnabled()) {
            LOG.info("The postjson=" + servicePostJson);
        }
        final Client buildClient = buildClient(str);
        if (!AUTH_KERBEROS.equalsIgnoreCase(authenticationType)) {
            LOG.info("Running on simple mode.");
            if (isExistService(servicePostJson, str, buildClient)) {
                return;
            }
            LOG.info("Start create service with {}", str);
            postService(servicePostJson, str, buildClient);
            return;
        }
        LOG.info("Running on security mode with user {}", username);
        Configuration configuration = new Configuration();
        configuration.set("hadoop.security.authentication", "Kerberos");
        UserGroupInformation.setConfiguration(configuration);
        final UserGroupInformation loginUserFromKeytabAndReturnUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(username, keytab);
        loginUserFromKeytabAndReturnUGI.doAs(new PrivilegedExceptionAction<Object>() { // from class: com.huawei.ranger.install.ServiceCreater.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                if (ServiceCreater.isExistService(servicePostJson, str, buildClient)) {
                    return null;
                }
                ServiceCreater.LOG.info("Start create service with {}", str);
                ServiceCreater.postService(servicePostJson, str, buildClient);
                ServiceCreater.LOG.info("Start refresh policy with {}", str);
                ServiceCreater.refreshPolicy(servicePostJson, str, buildClient, ServiceCreater.username, ServiceCreater.keytab, loginUserFromKeytabAndReturnUGI);
                return null;
            }
        });
    }

    private static Client buildClient(String str) {
        Client create;
        if (StringUtil.containsIgnoreCase(str, "https")) {
            LOG.info("Start build client with SSL.");
            create = Client.create(ServiceRestUtil.getClientConfig(ServiceRestUtil.getSslContext()));
        } else {
            LOG.info("Start build client without SSL.");
            create = Client.create(ServiceRestUtil.getClientConfig(null));
        }
        create.setConnectTimeout(Integer.valueOf(CLIENT_CONNECT_TIMEOUT));
        create.setReadTimeout(Integer.valueOf(CLIENT_READ_TIMEOUT));
        if (!AUTH_KERBEROS.equalsIgnoreCase(authenticationType)) {
            create.addFilter(new HTTPBasicAuthFilter(username, SecureClientLogin.getKeytabContent(keytab)));
        }
        return create;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isExistService(JSONObject jSONObject, String str, Client client) {
        ClientResponse clientResponse = null;
        boolean z = true;
        try {
            clientResponse = (ClientResponse) client.resource(str + "/service/public/v2/api/service/name/" + jSONObject.getString(XmlConfigChanger.NAME_NODE_NAME)).accept(new String[]{"application/json"}).get(ClientResponse.class);
            z = clientResponse.getStatus() == RESPONSE_OK;
            isConnectionRefused = false;
        } catch (Exception e) {
            logResponse(clientResponse, e);
            isConnectionRefused = false;
            z = false;
        } catch (ClientHandlerException e2) {
            logResponse(clientResponse, e2);
            isConnectionRefused = true;
        }
        return z;
    }

    private static void post(String str, JSONObject jSONObject, Client client) {
        ClientResponse clientResponse = null;
        try {
            clientResponse = (ClientResponse) client.resource(str).accept(new String[]{"application/json"}).type("application/json").post(ClientResponse.class, jSONObject.toString());
        } catch (Exception e) {
            if (clientResponse != null) {
                LOG.error((String) clientResponse.getEntity(String.class));
            }
            logResponse(clientResponse, e);
        }
    }

    private static void logResponse(ClientResponse clientResponse, Exception exc) {
        LOG.error("Post error:" + exc.getMessage(), exc);
        if (clientResponse != null) {
            LOG.error(clientResponse.getStatus() + " " + clientResponse.getStatusInfo().getReasonPhrase());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void postService(JSONObject jSONObject, String str, Client client) {
        post(str + "/service/public/v2/api/service", jSONObject, client);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void refreshPolicy(JSONObject jSONObject, String str, Client client, String str2, String str3, UserGroupInformation userGroupInformation) {
        String string = jSONObject.getString("type");
        String string2 = jSONObject.getString(XmlConfigChanger.NAME_NODE_NAME);
        BasePolicyRefesher basePolicyRefesher = null;
        boolean z = -1;
        switch (string.hashCode()) {
            case -1985354563:
                if (string.equals("elasticsearch")) {
                    z = 7;
                    break;
                }
                break;
            case -980097877:
                if (string.equals("presto")) {
                    z = 9;
                    break;
                }
                break;
            case 3197641:
                if (string.equals("hdfs")) {
                    z = false;
                    break;
                }
                break;
            case 3202928:
                if (string.equals("hive")) {
                    z = 3;
                    break;
                }
                break;
            case 3536098:
                if (string.equals("solr")) {
                    z = 8;
                    break;
                }
                break;
            case 3701572:
                if (string.equals("yarn")) {
                    z = true;
                    break;
                }
                break;
            case 99062585:
                if (string.equals("hbase")) {
                    z = 2;
                    break;
                }
                break;
            case 101807910:
                if (string.equals("kafka")) {
                    z = 5;
                    break;
                }
                break;
            case 109638365:
                if (string.equals("spark")) {
                    z = 6;
                    break;
                }
                break;
            case 109770985:
                if (string.equals("storm")) {
                    z = 4;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                basePolicyRefesher = new HDFSPolicyRefresher();
                break;
            case true:
                basePolicyRefesher = new YarnPolicyRefresher();
                break;
            case true:
                basePolicyRefesher = new HBasePolicyRefresher();
                break;
            case true:
                basePolicyRefesher = new HivePolicyRefresher();
                break;
            case true:
                basePolicyRefesher = new StormPolicyRefresher();
                break;
            case true:
                basePolicyRefesher = new KafkaPolicyRefresher();
                break;
            case true:
            case true:
            case true:
                break;
            case true:
                basePolicyRefesher = new ElasticsearchPolicyRefresher();
                break;
            default:
                LOG.error("Unsupported Service, skipping refresh policy.");
                break;
        }
        if (basePolicyRefesher != null) {
            basePolicyRefesher.setUgi(userGroupInformation);
            basePolicyRefesher.setClient(client);
            basePolicyRefesher.startRefreshPolicy(string2, str2, str3, str);
        }
    }
}
