package com.huawei.ranger.install.policy.refresher;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.config.DefaultClientConfig;
import com.sun.jersey.client.urlconnection.HTTPSProperties;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.List;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.ws.rs.core.Response;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.codehaus.jackson.jaxrs.JacksonJsonProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/ranger/install/policy/refresher/BasePolicyRefesher.class */
public abstract class BasePolicyRefesher {
    private static final String DESPRITION = "Policy for all - path";
    private static final String POLICY_API = "/service/plugins/policies";
    private static final String PARAM_UPDATE_IF_EXISTS = "updateIfExists";
    private static final String PARAM_MERGE_IF_EXISTS = "mergeIfExists";
    private static final String POLICY_SERVICE_NAME_KEY = "serviceName";
    private static final String POLICY_NAME_KEY = "policyName";
    private static final int CLIENT_CONNECT_TIMEOUT = 120000;
    private static final int CLIENT_READ_TIMEOUT = 30000;
    private Client innerClient = null;
    private UserGroupInformation ugi;
    private static final Logger LOG = LoggerFactory.getLogger(BasePolicyRefesher.class);
    private static Gson gsonBuilder = new GsonBuilder().setDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ").create();

    protected abstract List<RangerPolicy.RangerPolicyItem> getPolicyItems(String str);

    protected abstract Map<String, RangerPolicy.RangerPolicyResource> getResources(String str);

    protected abstract List<RangerPolicy.RangerPolicyItem> getDenyPolicyItems();

    protected abstract List<RangerPolicy.RangerPolicyItem> getAllowExceptions();

    protected abstract List<RangerPolicy.RangerPolicyItem> getDenyExceptions();

    protected abstract List<RangerPolicy.RangerDataMaskPolicyItem> getDataMaskPolicyItems();

    protected abstract List<RangerPolicy.RangerRowFilterPolicyItem> getRowFilterPolicyItems();

    protected abstract String getServiceType();

    protected abstract Map<String, Object> getOptions();

    protected abstract String getZoneName();

    protected abstract Boolean isDenyElse();

    public abstract void startRefreshPolicy(String str, String str2, String str3, String str4);

    private RangerPolicy getRangerPolicy(String str, String str2) {
        RangerPolicy rangerPolicy = new RangerPolicy(str, str2, 0, 0, DESPRITION, getResources(str2), getPolicyItems(str2), (String) null, getOptions(), (List) null, (List) null, getZoneName(), (List) null, isDenyElse());
        rangerPolicy.setIsDefaultPolicy(true);
        return rangerPolicy;
    }

    protected ClientResponse createPolicy(String str, String str2, String str3, String str4, String str5) throws IOException, InterruptedException {
        ClientResponse clientResponse;
        RangerPolicy rangerPolicy = getRangerPolicy(str, str2);
        if (this.innerClient == null) {
            LOG.warn("Ranger client is null , create a new client for PolicyRefresher.");
            this.innerClient = getClient();
        }
        if ((str3 == null && str3.isEmpty()) || (str4 == null && str4.isEmpty())) {
            LOG.info("Running on simple mode, start refreshing policy.");
            clientResponse = (ClientResponse) this.innerClient.resource(getCreatePolicyUrl(str5)).queryParam(PARAM_MERGE_IF_EXISTS, "true").queryParam(PARAM_UPDATE_IF_EXISTS, "true").queryParam(POLICY_SERVICE_NAME_KEY, rangerPolicy.getService()).queryParam(POLICY_NAME_KEY, rangerPolicy.getName()).accept(new String[]{"application/json"}).type("application/json").post(ClientResponse.class, gsonBuilder.toJson(rangerPolicy));
        } else {
            LOG.info("Running on security mode, do login first.");
            Configuration configuration = new Configuration();
            configuration.set("hadoop.security.authentication", "Kerberos");
            UserGroupInformation.setConfiguration(configuration);
            if (this.ugi == null) {
                this.ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(str3, str4);
            }
            LOG.info("Login successfully, start refreshing policy.");
            clientResponse = (ClientResponse) this.ugi.doAs(() -> {
                return (ClientResponse) this.innerClient.resource(getCreatePolicyUrl(str5)).queryParam(PARAM_MERGE_IF_EXISTS, "true").queryParam(PARAM_UPDATE_IF_EXISTS, "true").queryParam(POLICY_SERVICE_NAME_KEY, rangerPolicy.getService()).queryParam(POLICY_NAME_KEY, rangerPolicy.getName()).accept(new String[]{"application/json"}).type("application/json").post(ClientResponse.class, gsonBuilder.toJson(rangerPolicy));
            });
        }
        return clientResponse;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void createConnect(BasePolicyRefesher basePolicyRefesher, String str, String str2, String str3, String str4, String str5) {
        if (basePolicyRefesher != null) {
            doConnect(basePolicyRefesher, str, str2, str3, str4, str5);
        }
    }

    protected static void doConnect(BasePolicyRefesher basePolicyRefesher, String str, String str2, String str3, String str4, String str5) {
        try {
            ClientResponse createPolicy = basePolicyRefesher.createPolicy(str, str2, str3, str4, str5);
            if (null == createPolicy) {
                LOG.error("Do policy {} refresh failed, response is null.", str2);
            } else if (createPolicy.getStatus() == Response.Status.OK.getStatusCode()) {
                LOG.info("Do policy {} refresh successfully.", str2);
            } else {
                LOG.error("Do policy {} refresh failed, response status code is : {}", str2, Integer.valueOf(createPolicy.getStatus()));
            }
        } catch (IOException e) {
            LOG.error("Do policy refresh failed, login failed.", e);
        } catch (InterruptedException e2) {
            LOG.error("Do policy refresh failed, login interrupt.", e2);
        }
    }

    private String getCreatePolicyUrl(String str) {
        return str + POLICY_API;
    }

    private Client getClient() {
        DefaultClientConfig defaultClientConfig = new DefaultClientConfig();
        defaultClientConfig.getProperties().put("com.sun.jersey.client.property.followRedirects", true);
        SSLContext sSLContext = getSSLContext();
        defaultClientConfig.getClasses().add(JacksonJsonProvider.class);
        defaultClientConfig.getProperties().put("com.sun.jersey.client.impl.urlconnection.httpsProperties", new HTTPSProperties(new HostnameVerifier() { // from class: com.huawei.ranger.install.policy.refresher.BasePolicyRefesher.1
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        }, sSLContext));
        Client create = Client.create(defaultClientConfig);
        create.setConnectTimeout(Integer.valueOf(CLIENT_CONNECT_TIMEOUT));
        create.setReadTimeout(Integer.valueOf(CLIENT_READ_TIMEOUT));
        return create;
    }

    private SSLContext getSSLContext() {
        SSLContext sSLContext = null;
        try {
            sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, null, SecureRandom.getInstance("SHA1PRNG"));
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            LOG.error("SSL algorithm is not available in the environment: " + e.getMessage(), e);
        }
        return sSLContext;
    }

    public static String getShortName(String str) {
        if (str == null) {
            return null;
        }
        return str.split("[/@]")[0];
    }

    public void setClient(Client client) {
        this.innerClient = client;
    }

    public UserGroupInformation getUgi() {
        return this.ugi;
    }

    public void setUgi(UserGroupInformation userGroupInformation) {
        this.ugi = userGroupInformation;
    }
}
