package org.apache.ranger.services.storm.client;

import com.google.gson.GsonBuilder;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter;
import java.io.IOException;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.security.KrbPasswordSaverLoginModule;
import org.apache.hadoop.security.SecureClientLogin;
import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.apache.log4j.Logger;
import org.apache.ranger.plugin.client.BaseClient;
import org.apache.ranger.plugin.client.HadoopException;
import org.apache.ranger.plugin.util.PasswordUtils;
import org.apache.ranger.services.storm.client.json.model.Topology;
import org.apache.ranger.services.storm.client.json.model.TopologyListResponse;

/* loaded from: input_file:org/apache/ranger/services/storm/client/StormClient.class */
public class StormClient {
    private static final Logger LOG = Logger.getLogger(StormClient.class);
    private static final String EXPECTED_MIME_TYPE = "application/json";
    private static final String TOPOLOGY_LIST_API_ENDPOINT = "/api/v1/topology/summary";
    private static final String errMessage = " You can still save the repository and start creating policies, but you would not be able to use autocomplete for resource names. Check ranger_admin.log for more info.";
    String stormUIUrl;
    String userName;
    String password;
    String lookupPrincipal;
    String lookupKeytab;
    String nameRules;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/ranger/services/storm/client/StormClient$MySecureClientLoginConfiguration.class */
    public static class MySecureClientLoginConfiguration extends Configuration {
        private String userName;
        private String password;

        MySecureClientLoginConfiguration(String str, String str2) {
            this.userName = str;
            String str3 = null;
            try {
                try {
                    str3 = PasswordUtils.decryptPassword(str2);
                    if (str3 == null) {
                        str3 = str2;
                    }
                } catch (Exception e) {
                    StormClient.LOG.info("Password decryption failed; trying Storm connection with received password string");
                    str3 = null;
                    if (0 == 0) {
                        str3 = str2;
                    }
                }
                this.password = str3;
            } catch (Throwable th) {
                if (str3 == null) {
                }
                throw th;
            }
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            HashMap hashMap = new HashMap();
            hashMap.put("principal", this.userName);
            hashMap.put("debug", "true");
            hashMap.put("useKeyTab", "false");
            hashMap.put("javax.security.auth.login.name", this.userName);
            hashMap.put("javax.security.auth.login.password", this.password);
            hashMap.put("doNotPrompt", "false");
            hashMap.put("useFirstPass", "true");
            hashMap.put("tryFirstPass", "false");
            hashMap.put("storeKey", "true");
            hashMap.put("refreshKrb5Config", "true");
            try {
                AppConfigurationEntry appConfigurationEntry = new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap);
                AppConfigurationEntry appConfigurationEntry2 = new AppConfigurationEntry(KrbPasswordSaverLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap);
                StormClient.LOG.debug("getAppConfigurationEntry():" + ((String) hashMap.get("principal")));
                return new AppConfigurationEntry[]{appConfigurationEntry2, appConfigurationEntry};
            } catch (IllegalArgumentException e) {
                HadoopException hadoopException = new HadoopException("executeUnderKerberos: Exception while getting Storm TopologyList.", e);
                StormClient.LOG.error("executeUnderKerberos: Exception while getting Storm TopologyList.", e);
                hadoopException.generateResponseDataMap(false, BaseClient.getMessage(e), "executeUnderKerberos: Exception while getting Storm TopologyList." + StormClient.errMessage, (Long) null, (String) null);
                throw hadoopException;
            }
        }
    }

    public StormClient(String str, String str2, String str3, String str4, String str5, String str6) {
        this.stormUIUrl = str;
        this.userName = str2;
        this.password = str3;
        this.lookupPrincipal = str4;
        this.lookupKeytab = str5;
        this.nameRules = str6;
        if (LOG.isDebugEnabled()) {
            LOG.debug("Storm Client is build with url [" + str + "] user: [" + str2 + "], password: []");
        }
    }

    public List<String> getTopologyList(final String str, final List<String> list) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Getting Storm topology list for topologyNameMatching : " + str);
        }
        List<String> list2 = null;
        try {
            list2 = (List) executeUnderKerberos(this.userName, this.password, this.lookupPrincipal, this.lookupKeytab, this.nameRules, new PrivilegedAction<ArrayList<String>>() { // from class: org.apache.ranger.services.storm.client.StormClient.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ArrayList<String> run() {
                    String[] split;
                    if (StormClient.this.stormUIUrl == null || StormClient.this.stormUIUrl.trim().isEmpty() || (split = StormClient.this.stormUIUrl.trim().split("[,;]")) == null || split.length == 0) {
                        return null;
                    }
                    Client create = Client.create();
                    if (StringUtils.isNotBlank(StormClient.this.lookupPrincipal) && StringUtils.isNotBlank(StormClient.this.lookupKeytab)) {
                        create.addFilter(new HTTPBasicAuthFilter(StormClient.this.lookupPrincipal, SecureClientLogin.getKeytabContent(StormClient.this.lookupKeytab)));
                    }
                    ClientResponse clientResponse = null;
                    for (String str2 : split) {
                        if (str2 != null && !str2.trim().isEmpty()) {
                            String str3 = str2.trim() + StormClient.TOPOLOGY_LIST_API_ENDPOINT;
                            try {
                                clientResponse = getTopologyResponse(str3, create);
                                if (clientResponse != null) {
                                    if (clientResponse.getStatus() == 200) {
                                        break;
                                    }
                                    clientResponse.close();
                                }
                            } catch (Throwable th) {
                                StormClient.LOG.error("Exception while getting topology list. URL : " + str3, th);
                            }
                        }
                    }
                    ArrayList<String> arrayList = new ArrayList<>();
                    try {
                        try {
                            if (clientResponse == null) {
                                String str4 = "Unable to get a valid response for expected mime type : [application/json] URL : " + StormClient.this.stormUIUrl + " - got null response.";
                                StormClient.LOG.error(str4);
                                HadoopException hadoopException = new HadoopException(str4);
                                hadoopException.generateResponseDataMap(false, str4, str4 + StormClient.errMessage, (Long) null, (String) null);
                                throw hadoopException;
                            }
                            if (StormClient.LOG.isDebugEnabled()) {
                                StormClient.LOG.debug("getTopologyList():response.getStatus()= " + clientResponse.getStatus());
                            }
                            if (clientResponse.getStatus() == 200) {
                                TopologyListResponse topologyListResponse = (TopologyListResponse) new GsonBuilder().setPrettyPrinting().create().fromJson((String) clientResponse.getEntity(String.class), TopologyListResponse.class);
                                if (topologyListResponse != null && topologyListResponse.getTopologyList() != null) {
                                    for (Topology topology : topologyListResponse.getTopologyList()) {
                                        String name = topology.getName();
                                        if (list == null || !list.contains(name)) {
                                            if (StormClient.LOG.isDebugEnabled()) {
                                                StormClient.LOG.debug("getTopologyList():Found topology " + name);
                                                StormClient.LOG.debug("getTopologyList():topology Name=[" + topology.getName() + "], topologyNameMatching=[" + str + "], existingStormTopologyList=[" + list + "]");
                                            }
                                            if (name != null && (str == null || str.isEmpty() || FilenameUtils.wildcardMatch(topology.getName(), str + "*"))) {
                                                if (StormClient.LOG.isDebugEnabled()) {
                                                    StormClient.LOG.debug("getTopologyList():Adding topology " + name);
                                                }
                                                arrayList.add(name);
                                            }
                                        }
                                    }
                                }
                            }
                            return arrayList;
                        } catch (HadoopException e) {
                            throw e;
                        } catch (Throwable th2) {
                            String str5 = "Exception while getting Storm TopologyList. URL : " + StormClient.this.stormUIUrl;
                            HadoopException hadoopException2 = new HadoopException(str5, th2);
                            StormClient.LOG.error(str5, th2);
                            hadoopException2.generateResponseDataMap(false, BaseClient.getMessage(th2), str5 + StormClient.errMessage, (Long) null, (String) null);
                            throw hadoopException2;
                        }
                    } finally {
                        if (clientResponse != null) {
                            clientResponse.close();
                        }
                        if (create != null) {
                            create.destroy();
                        }
                    }
                }

                private ClientResponse getTopologyResponse(String str2, Client client) {
                    if (StormClient.LOG.isDebugEnabled()) {
                        StormClient.LOG.debug("getTopologyResponse():calling " + str2);
                    }
                    ClientResponse clientResponse = (ClientResponse) client.resource(str2).accept(new String[]{StormClient.EXPECTED_MIME_TYPE}).get(ClientResponse.class);
                    if (clientResponse != null) {
                        if (StormClient.LOG.isDebugEnabled()) {
                            StormClient.LOG.debug("getTopologyResponse():response.getStatus()= " + clientResponse.getStatus());
                        }
                        if (clientResponse.getStatus() != 200) {
                            StormClient.LOG.info("getTopologyResponse():response.getStatus()= " + clientResponse.getStatus() + " for URL " + str2 + ", failed to get topology list");
                            StormClient.LOG.info((String) clientResponse.getEntity(String.class));
                        }
                    }
                    return clientResponse;
                }
            });
        } catch (IOException e) {
            LOG.error("Unable to get Topology list from [" + this.stormUIUrl + "]", e);
        }
        return list2;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static <T> T executeUnderKerberos(String str, String str2, String str3, String str4, String str5, PrivilegedAction<T> privilegedAction) throws IOException {
        Subject subject;
        T t = null;
        Subject subject2 = null;
        LoginContext loginContext = null;
        try {
            try {
                if (StringUtils.isEmpty(str3) || StringUtils.isEmpty(str4)) {
                    subject2 = new Subject();
                    LOG.debug("executeUnderKerberos():user=" + str + ",pass=");
                    LOG.debug("executeUnderKerberos():Creating config..");
                    MySecureClientLoginConfiguration mySecureClientLoginConfiguration = new MySecureClientLoginConfiguration(str, str2);
                    LOG.debug("executeUnderKerberos():Creating Context..");
                    loginContext = new LoginContext("hadoop-keytab-kerberos", subject2, (CallbackHandler) null, mySecureClientLoginConfiguration);
                    LOG.debug("executeUnderKerberos():Logging in..");
                    loginContext.login();
                    LOG.info("Init Login: using username/password");
                    subject = loginContext.getSubject();
                } else {
                    LOG.info("Init Lookup Login: security enabled, using lookupPrincipal/lookupKeytab");
                    if (StringUtils.isEmpty(str5)) {
                        str5 = "DEFAULT";
                    }
                    subject = SecureClientLogin.loginUserFromKeytab(str3, str4, str5);
                }
                if (subject != null) {
                    t = Subject.doAs(subject, privilegedAction);
                }
                if (loginContext != null && subject2 != null) {
                    try {
                        loginContext.logout();
                    } catch (LoginException e) {
                        throw new IOException("logout failure", e);
                    }
                }
                return t;
            } catch (SecurityException e2) {
                HadoopException hadoopException = new HadoopException("executeUnderKerberos: Exception while getting Storm TopologyList.", e2);
                LOG.error("executeUnderKerberos: Exception while getting Storm TopologyList.", e2);
                hadoopException.generateResponseDataMap(false, BaseClient.getMessage(e2), "executeUnderKerberos: Exception while getting Storm TopologyList." + errMessage, (Long) null, (String) null);
                throw hadoopException;
            } catch (LoginException e3) {
                String str6 = "executeUnderKerberos: Login failure using given configuration parameters, username : `" + str + "`.";
                HadoopException hadoopException2 = new HadoopException(str6, e3);
                LOG.error(str6, e3);
                hadoopException2.generateResponseDataMap(false, BaseClient.getMessage(e3), str6 + errMessage, (Long) null, (String) null);
                throw hadoopException2;
            }
        } catch (Throwable th) {
            if (loginContext != null && subject2 != null) {
                try {
                    loginContext.logout();
                } catch (LoginException e4) {
                    throw new IOException("logout failure", e4);
                }
            }
            throw th;
        }
    }

    public static Map<String, Object> connectionTest(String str, Map<String, String> map) {
        boolean z = false;
        HashMap hashMap = new HashMap();
        if (getStormResources(getStormClient(str, map), "", null) != null) {
            z = true;
        }
        if (z) {
            BaseClient.generateResponseDataMap(z, "ConnectionTest Successful", "ConnectionTest Successful", (Long) null, (String) null, hashMap);
        } else {
            BaseClient.generateResponseDataMap(z, "Unable to retrieve any topologies using given parameters.", "Unable to retrieve any topologies using given parameters." + errMessage, (Long) null, (String) null, hashMap);
        }
        return hashMap;
    }

    public static StormClient getStormClient(String str, Map<String, String> map) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Getting StormClient for datasource: " + str);
            LOG.debug("configMap: " + map);
        }
        if (map != null && !map.isEmpty()) {
            return new StormClient(map.get("nimbus.url"), map.get("username"), map.get("password"), map.get("lookupprincipal"), map.get("lookupkeytab"), map.get("namerules"));
        }
        LOG.error("Could not connect as Connection ConfigMap is empty.");
        HadoopException hadoopException = new HadoopException("Could not connect as Connection ConfigMap is empty.");
        hadoopException.generateResponseDataMap(false, "Could not connect as Connection ConfigMap is empty.", "Could not connect as Connection ConfigMap is empty." + errMessage, (Long) null, (String) null);
        throw hadoopException;
    }

    public static List<String> getStormResources(StormClient stormClient, String str, List<String> list) {
        List<String> arrayList = new ArrayList();
        try {
            if (stormClient == null) {
                LOG.error("Unable to get Storm resources: StormClient is null.");
                HadoopException hadoopException = new HadoopException("Unable to get Storm resources: StormClient is null.");
                hadoopException.generateResponseDataMap(false, "Unable to get Storm resources: StormClient is null.", "Unable to get Storm resources: StormClient is null." + errMessage, (Long) null, (String) null);
                throw hadoopException;
            }
            if (str != null) {
                arrayList = stormClient.getTopologyList(str.trim(), list);
                if (arrayList != null) {
                    LOG.debug("Returning list of " + arrayList.size() + " topologies");
                }
            }
            return arrayList;
        } catch (Exception e) {
            LOG.error("getStormResources: Unable to get Storm resources.", e);
            HadoopException hadoopException2 = new HadoopException("getStormResources: Unable to get Storm resources.");
            hadoopException2.generateResponseDataMap(false, BaseClient.getMessage(e), "getStormResources: Unable to get Storm resources." + errMessage, (Long) null, (String) null);
            throw hadoopException2;
        } catch (HadoopException e2) {
            throw e2;
        }
    }
}
