package org.apache.ranger.rest;

import com.sun.jersey.api.client.UniformInterfaceException;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import org.apache.log4j.Logger;
import org.apache.ranger.biz.KmsKeyMgr;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.SearchUtil;
import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName;
import org.apache.ranger.view.VXKmsKey;
import org.apache.ranger.view.VXKmsKeyList;
import org.codehaus.jettison.json.JSONException;
import org.codehaus.jettison.json.JSONObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;

@Path("keys")
@Scope("request")
@Transactional(propagation = Propagation.REQUIRES_NEW)
@Component
@RangerAnnotationJSMgrName("KeyMgr")
/* loaded from: input_file:org/apache/ranger/rest/XKeyREST.class */
public class XKeyREST {
    private static final Logger logger = Logger.getLogger(XKeyREST.class);
    private static String UNAUTHENTICATED_MSG = "Unauthenticated : Please check the permission in the policy for the user";

    @Autowired
    KmsKeyMgr keyMgr;

    @Autowired
    SearchUtil searchUtil;

    @Autowired
    RESTErrorUtil restErrorUtil;

    @GET
    @Path("/keys")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"XKeyREST.searchKeys\")")
    @Produces({"application/xml", "application/json"})
    public VXKmsKeyList searchKeys(@Context HttpServletRequest httpServletRequest, @QueryParam("provider") String str) {
        VXKmsKeyList vXKmsKeyList = new VXKmsKeyList();
        try {
            vXKmsKeyList = this.keyMgr.searchKeys(httpServletRequest, str);
        } catch (Exception e) {
            handleError(e);
        }
        return vXKmsKeyList;
    }

    @Path("/key")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"XKeyREST.rolloverKey\")")
    @Produces({"application/xml", "application/json"})
    @PUT
    public VXKmsKey rolloverKey(@QueryParam("provider") String str, VXKmsKey vXKmsKey) {
        String name;
        VXKmsKey vXKmsKey2 = new VXKmsKey();
        try {
            name = vXKmsKey.getName();
        } catch (Exception e) {
            handleError(e);
        }
        if (name == null || name.isEmpty()) {
            throw this.restErrorUtil.createRESTException("Please provide a valid alias.", MessageEnums.INVALID_INPUT_DATA);
        }
        if (vXKmsKey.getCipher() == null || vXKmsKey.getCipher().trim().isEmpty()) {
            vXKmsKey.setCipher(null);
        }
        vXKmsKey2 = this.keyMgr.rolloverKey(str, vXKmsKey);
        return vXKmsKey2;
    }

    @Path("/key/{alias}")
    @DELETE
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"XKeyREST.deleteKey\")")
    @Produces({"application/xml", "application/json"})
    public void deleteKey(@PathParam("alias") String str, @QueryParam("provider") String str2, @Context HttpServletRequest httpServletRequest) {
        if (str != null) {
            try {
                if (!str.isEmpty()) {
                    this.keyMgr.deleteKey(str2, str);
                    return;
                }
            } catch (Exception e) {
                handleError(e);
                return;
            }
        }
        throw this.restErrorUtil.createRESTException("Please provide a valid alias.", MessageEnums.INVALID_INPUT_DATA);
    }

    @Path("/key")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"XKeyREST.createKey\")")
    @POST
    @Produces({"application/xml", "application/json"})
    public VXKmsKey createKey(@QueryParam("provider") String str, VXKmsKey vXKmsKey) {
        String name;
        VXKmsKey vXKmsKey2 = new VXKmsKey();
        try {
            name = vXKmsKey.getName();
        } catch (Exception e) {
            handleError(e);
        }
        if (name == null || name.isEmpty()) {
            throw this.restErrorUtil.createRESTException("Please provide a valid alias.", MessageEnums.INVALID_INPUT_DATA);
        }
        if (vXKmsKey.getCipher() == null || vXKmsKey.getCipher().trim().isEmpty()) {
            vXKmsKey.setCipher(null);
        }
        vXKmsKey2 = this.keyMgr.createKey(str, vXKmsKey);
        return vXKmsKey2;
    }

    @GET
    @Path("/key/{alias}")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"XKeyREST.getKey\")")
    @Produces({"application/xml", "application/json"})
    public VXKmsKey getKey(@PathParam("alias") String str, @QueryParam("provider") String str2) {
        VXKmsKey vXKmsKey = new VXKmsKey();
        if (str != null) {
            try {
            } catch (Exception e) {
                handleError(e);
            }
            if (!str.isEmpty()) {
                vXKmsKey = this.keyMgr.getKey(str2, str);
                return vXKmsKey;
            }
        }
        throw this.restErrorUtil.createRESTException("Please provide a valid alias.", MessageEnums.INVALID_INPUT_DATA);
    }

    private void handleError(Exception exc) {
        String message = exc.getMessage();
        if (exc instanceof UniformInterfaceException) {
            String str = (String) ((UniformInterfaceException) exc).getResponse().getEntity(String.class);
            logger.error(str);
            try {
                message = new JSONObject(new JSONObject(str).getString("RemoteException")).getString("message");
            } catch (JSONException e) {
                message = e.getMessage();
            }
        }
        if (message != null && !message.isEmpty() && message.contains("Connection refused")) {
            message = "Connection refused : Please check the KMS provider URL and whether the Ranger KMS is running";
        } else if (message != null && !message.isEmpty() && (message.contains("response status of 403") || message.contains("HTTP Status 403"))) {
            message = UNAUTHENTICATED_MSG;
        } else if (message != null && !message.isEmpty() && (message.contains("response status of 401") || message.contains("HTTP Status 401 - Authentication required"))) {
            message = UNAUTHENTICATED_MSG;
        } else if (message == null) {
            message = UNAUTHENTICATED_MSG;
        }
        throw this.restErrorUtil.createRESTException(message, MessageEnums.ERROR_SYSTEM);
    }
}
