package org.apache.knox.gateway.service.config.remote.zk;

import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.curator.framework.CuratorFramework;
import org.apache.curator.framework.CuratorFrameworkFactory;
import org.apache.curator.framework.api.ACLProvider;
import org.apache.curator.framework.api.BackgroundPathable;
import org.apache.curator.framework.imps.DefaultACLProvider;
import org.apache.curator.framework.recipes.cache.ChildData;
import org.apache.curator.framework.recipes.cache.NodeCache;
import org.apache.curator.framework.recipes.cache.NodeCacheListener;
import org.apache.curator.framework.recipes.cache.PathChildrenCache;
import org.apache.curator.framework.recipes.cache.PathChildrenCacheEvent;
import org.apache.curator.framework.recipes.cache.PathChildrenCacheListener;
import org.apache.curator.retry.ExponentialBackoffRetry;
import org.apache.knox.gateway.config.ConfigurationException;
import org.apache.knox.gateway.config.GatewayConfig;
import org.apache.knox.gateway.i18n.messages.MessagesFactory;
import org.apache.knox.gateway.service.config.remote.RemoteConfigurationMessages;
import org.apache.knox.gateway.service.config.remote.RemoteConfigurationRegistryConfig;
import org.apache.knox.gateway.service.config.remote.config.RemoteConfigurationRegistriesAccessor;
import org.apache.knox.gateway.services.ServiceLifecycleException;
import org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClient;
import org.apache.knox.gateway.services.security.AliasService;
import org.apache.zookeeper.ZooDefs;
import org.apache.zookeeper.data.ACL;
import org.apache.zookeeper.data.Id;
import org.apache.zookeeper.data.Stat;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/apache/knox/gateway/service/config/remote/zk/CuratorClientService.class */
public class CuratorClientService implements ZooKeeperClientService {
    private static final String LOGIN_CONTEXT_NAME_PROPERTY = "zookeeper.sasl.clientconfig";
    private static final String DEFAULT_LOGIN_CONTEXT_NAME = "Client";
    private static final RemoteConfigurationMessages log = (RemoteConfigurationMessages) MessagesFactory.get(RemoteConfigurationMessages.class);
    private Map<String, RemoteConfigurationRegistryClient> clients = new HashMap();
    private AliasService aliasService;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.knox.gateway.service.config.remote.zk.CuratorClientService$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/knox/gateway/service/config/remote/zk/CuratorClientService$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$curator$framework$recipes$cache$PathChildrenCacheEvent$Type = new int[PathChildrenCacheEvent.Type.values().length];

        static {
            try {
                $SwitchMap$org$apache$curator$framework$recipes$cache$PathChildrenCacheEvent$Type[PathChildrenCacheEvent.Type.CHILD_ADDED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$curator$framework$recipes$cache$PathChildrenCacheEvent$Type[PathChildrenCacheEvent.Type.CHILD_REMOVED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$curator$framework$recipes$cache$PathChildrenCacheEvent$Type[PathChildrenCacheEvent.Type.CHILD_UPDATED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* loaded from: input_file:org/apache/knox/gateway/service/config/remote/zk/CuratorClientService$ChildEntryListenerAdapter.class */
    private static final class ChildEntryListenerAdapter implements PathChildrenCacheListener {
        private RemoteConfigurationRegistryClient client;
        private RemoteConfigurationRegistryClient.ChildEntryListener delegate;

        ChildEntryListenerAdapter(RemoteConfigurationRegistryClient remoteConfigurationRegistryClient, RemoteConfigurationRegistryClient.ChildEntryListener childEntryListener) {
            this.client = remoteConfigurationRegistryClient;
            this.delegate = childEntryListener;
        }

        public void childEvent(CuratorFramework curatorFramework, PathChildrenCacheEvent pathChildrenCacheEvent) throws Exception {
            RemoteConfigurationRegistryClient.ChildEntryListener.Type adaptType;
            ChildData data = pathChildrenCacheEvent.getData();
            if (data == null || (adaptType = adaptType(pathChildrenCacheEvent.getType())) == null) {
                return;
            }
            this.delegate.childEvent(this.client, adaptType, data.getPath());
        }

        private RemoteConfigurationRegistryClient.ChildEntryListener.Type adaptType(PathChildrenCacheEvent.Type type) {
            RemoteConfigurationRegistryClient.ChildEntryListener.Type type2 = null;
            switch (AnonymousClass1.$SwitchMap$org$apache$curator$framework$recipes$cache$PathChildrenCacheEvent$Type[type.ordinal()]) {
                case 1:
                    type2 = RemoteConfigurationRegistryClient.ChildEntryListener.Type.ADDED;
                    break;
                case 2:
                    type2 = RemoteConfigurationRegistryClient.ChildEntryListener.Type.REMOVED;
                    break;
                case 3:
                    type2 = RemoteConfigurationRegistryClient.ChildEntryListener.Type.UPDATED;
                    break;
            }
            return type2;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/knox/gateway/service/config/remote/zk/CuratorClientService$ClientAdapter.class */
    public static final class ClientAdapter implements RemoteConfigurationRegistryClient {
        private CuratorFramework delegate;
        private RemoteConfigurationRegistryConfig config;
        private Map<String, NodeCache> entryNodeCaches = new HashMap();

        ClientAdapter(CuratorFramework curatorFramework, RemoteConfigurationRegistryConfig remoteConfigurationRegistryConfig) {
            this.delegate = curatorFramework;
            this.config = remoteConfigurationRegistryConfig;
        }

        public String getAddress() {
            return this.config.getConnectionString();
        }

        public boolean isAuthenticationConfigured() {
            return this.config.isSecureRegistry();
        }

        public boolean entryExists(String str) {
            Stat stat = null;
            try {
                stat = (Stat) this.delegate.checkExists().forPath(str);
            } catch (Exception e) {
            }
            return stat != null;
        }

        public List<RemoteConfigurationRegistryClient.EntryACL> getACL(String str) {
            ArrayList arrayList = new ArrayList();
            try {
                List list = (List) this.delegate.getACL().forPath(str);
                if (list != null) {
                    Iterator it = list.iterator();
                    while (it.hasNext()) {
                        arrayList.add(new ZooKeeperACLAdapter((ACL) it.next()));
                    }
                }
            } catch (Exception e) {
                CuratorClientService.log.errorHandlingRemoteConfigACL(str, e);
            }
            return arrayList;
        }

        public void setACL(String str, List<RemoteConfigurationRegistryClient.EntryACL> list) {
            ArrayList arrayList = new ArrayList();
            for (RemoteConfigurationRegistryClient.EntryACL entryACL : list) {
                String type = entryACL.getType();
                String id = entryACL.getId();
                int i = 0;
                if (entryACL.canWrite()) {
                    i = 31;
                } else if (entryACL.canRead()) {
                    i = 1;
                }
                arrayList.add(new ACL(i, new Id(type, id)));
            }
            try {
                ((BackgroundPathable) this.delegate.setACL().withACL(arrayList)).forPath(str);
            } catch (Exception e) {
                CuratorClientService.log.errorSettingEntryACL(str, e);
            }
        }

        public List<String> listChildEntries(String str) {
            List<String> list = null;
            try {
                list = (List) this.delegate.getChildren().forPath(str);
            } catch (Exception e) {
                CuratorClientService.log.errorInteractingWithRemoteConfigRegistry(e);
            }
            return list;
        }

        public void addChildEntryListener(String str, RemoteConfigurationRegistryClient.ChildEntryListener childEntryListener) throws Exception {
            PathChildrenCache pathChildrenCache = new PathChildrenCache(this.delegate, str, false);
            pathChildrenCache.getListenable().addListener(new ChildEntryListenerAdapter(this, childEntryListener));
            pathChildrenCache.start();
        }

        public void addEntryListener(String str, RemoteConfigurationRegistryClient.EntryListener entryListener) throws Exception {
            NodeCache nodeCache = new NodeCache(this.delegate, str);
            nodeCache.getListenable().addListener(new EntryListenerAdapter(this, nodeCache, entryListener));
            nodeCache.start();
            this.entryNodeCaches.put(str, nodeCache);
        }

        public void removeEntryListener(String str) throws Exception {
            NodeCache remove = this.entryNodeCaches.remove(str);
            if (remove != null) {
                remove.close();
            }
        }

        public String authenticationType() {
            return this.config.getAuthType();
        }

        public boolean isBackwardsCompatible() {
            return this.config.isBackwardsCompatible();
        }

        public String getEntryData(String str) {
            return getEntryData(str, StandardCharsets.UTF_8.name());
        }

        public String getEntryData(String str, String str2) {
            String str3 = null;
            try {
                byte[] bArr = (byte[]) this.delegate.getData().forPath(str);
                if (bArr != null) {
                    str3 = new String(bArr, Charset.forName(str2));
                }
            } catch (Exception e) {
                CuratorClientService.log.errorInteractingWithRemoteConfigRegistry(e);
            }
            return str3;
        }

        public void createEntry(String str) {
            createEntry(str, null);
        }

        public void createEntry(String str, String str2) {
            createEntry(str, str2, StandardCharsets.UTF_8.name());
        }

        public void createEntry(String str, String str2, String str3) {
            try {
                byte[] bytes = str2 == null ? new byte[0] : str2.getBytes(str3);
                if (this.delegate.checkExists().forPath(str) == null) {
                    this.delegate.create().forPath(str, bytes);
                }
            } catch (Exception e) {
                CuratorClientService.log.errorInteractingWithRemoteConfigRegistry(e);
            }
        }

        public int setEntryData(String str, String str2) {
            return setEntryData(str, str2, StandardCharsets.UTF_8.name());
        }

        public int setEntryData(String str, String str2, String str3) {
            int i = 0;
            try {
                Stat stat = (Stat) this.delegate.setData().forPath(str, str2.getBytes(Charset.forName(str3)));
                if (stat != null) {
                    i = stat.getVersion();
                }
            } catch (Exception e) {
                CuratorClientService.log.errorInteractingWithRemoteConfigRegistry(e);
            }
            return i;
        }

        public void deleteEntry(String str) {
            try {
                this.delegate.delete().forPath(str);
            } catch (Exception e) {
                CuratorClientService.log.errorInteractingWithRemoteConfigRegistry(e);
            }
        }

        public void close() throws Exception {
            this.delegate.close();
        }
    }

    /* loaded from: input_file:org/apache/knox/gateway/service/config/remote/zk/CuratorClientService$EntryListenerAdapter.class */
    private static final class EntryListenerAdapter implements NodeCacheListener {
        private RemoteConfigurationRegistryClient client;
        private RemoteConfigurationRegistryClient.EntryListener delegate;
        private NodeCache nodeCache;

        EntryListenerAdapter(RemoteConfigurationRegistryClient remoteConfigurationRegistryClient, NodeCache nodeCache, RemoteConfigurationRegistryClient.EntryListener entryListener) {
            this.client = remoteConfigurationRegistryClient;
            this.nodeCache = nodeCache;
            this.delegate = entryListener;
        }

        public void nodeChanged() throws Exception {
            String str = null;
            byte[] bArr = null;
            ChildData currentData = this.nodeCache.getCurrentData();
            if (currentData != null) {
                str = currentData.getPath();
                bArr = currentData.getData();
            }
            if (str != null) {
                this.delegate.entryChanged(this.client, str, bArr);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/knox/gateway/service/config/remote/zk/CuratorClientService$SASLOwnerACLProvider.class */
    public static class SASLOwnerACLProvider implements ACLProvider {
        private final List<ACL> saslACL = new ArrayList();

        SASLOwnerACLProvider(boolean z) {
            if (z) {
                this.saslACL.add(new ACL(31, new Id("sasl", "knox")));
            } else {
                this.saslACL.addAll(ZooDefs.Ids.CREATOR_ALL_ACL);
            }
        }

        public List<ACL> getDefaultAcl() {
            return this.saslACL;
        }

        public List<ACL> getAclForPath(String str) {
            return getDefaultAcl();
        }
    }

    /* loaded from: input_file:org/apache/knox/gateway/service/config/remote/zk/CuratorClientService$ZooKeeperACLAdapter.class */
    private static final class ZooKeeperACLAdapter implements RemoteConfigurationRegistryClient.EntryACL {
        private String type;
        private String id;
        private int permissions;

        ZooKeeperACLAdapter(ACL acl) {
            this.permissions = acl.getPerms();
            this.type = acl.getId().getScheme();
            this.id = acl.getId().getId();
        }

        public String getId() {
            return this.id;
        }

        public String getType() {
            return this.type;
        }

        public Object getPermissions() {
            return Integer.valueOf(this.permissions);
        }

        public boolean canRead() {
            return this.permissions >= 1;
        }

        public boolean canWrite() {
            return this.permissions >= 2;
        }
    }

    public void init(GatewayConfig gatewayConfig, Map<String, String> map) throws ServiceLifecycleException {
        ArrayList<RemoteConfigurationRegistryConfig> arrayList = new ArrayList(RemoteConfigurationRegistriesAccessor.getRemoteRegistryConfigurations(gatewayConfig));
        try {
            RemoteConfigurationRegistryJAASConfig.configure(arrayList, this.aliasService);
            if (arrayList.size() > 1) {
                log.multipleRemoteRegistryConfigurations();
            }
            for (RemoteConfigurationRegistryConfig remoteConfigurationRegistryConfig : arrayList) {
                if (ZooKeeperClientService.TYPE.equalsIgnoreCase(remoteConfigurationRegistryConfig.getRegistryType())) {
                    this.clients.put(remoteConfigurationRegistryConfig.getName(), createClient(remoteConfigurationRegistryConfig));
                }
            }
        } catch (ConfigurationException e) {
            throw new ServiceLifecycleException("Error while configuring registry authentication", e);
        }
    }

    public void setAliasService(AliasService aliasService) {
        this.aliasService = aliasService;
    }

    public void start() throws ServiceLifecycleException {
    }

    public void stop() throws ServiceLifecycleException {
        Iterator<RemoteConfigurationRegistryClient> it = this.clients.values().iterator();
        while (it.hasNext()) {
            try {
                it.next().close();
            } catch (Exception e) {
                throw new ServiceLifecycleException("failed to close client", e);
            }
        }
    }

    public RemoteConfigurationRegistryClient get(String str) {
        return this.clients.get(str);
    }

    private RemoteConfigurationRegistryClient createClient(RemoteConfigurationRegistryConfig remoteConfigurationRegistryConfig) {
        SASLOwnerACLProvider defaultACLProvider;
        if (remoteConfigurationRegistryConfig.isSecureRegistry()) {
            configureSasl(remoteConfigurationRegistryConfig);
            defaultACLProvider = (!ZooKeeperClientService.AUTH_TYPE_KERBEROS.equalsIgnoreCase(remoteConfigurationRegistryConfig.getAuthType()) || remoteConfigurationRegistryConfig.isBackwardsCompatible()) ? new SASLOwnerACLProvider(false) : new SASLOwnerACLProvider(true);
        } else {
            System.clearProperty(LOGIN_CONTEXT_NAME_PROPERTY);
            defaultACLProvider = new DefaultACLProvider();
        }
        CuratorFramework build = CuratorFrameworkFactory.builder().connectString(remoteConfigurationRegistryConfig.getConnectionString()).retryPolicy(new ExponentialBackoffRetry(1000, 3)).aclProvider(defaultACLProvider).build();
        build.start();
        return new ClientAdapter(build, remoteConfigurationRegistryConfig);
    }

    private void configureSasl(RemoteConfigurationRegistryConfig remoteConfigurationRegistryConfig) {
        String name = remoteConfigurationRegistryConfig.getName();
        if (name == null) {
            name = DEFAULT_LOGIN_CONTEXT_NAME;
        }
        System.setProperty(LOGIN_CONTEXT_NAME_PROPERTY, name);
    }
}
