package org.apache.ranger.admin.client;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonDeserializationContext;
import com.google.gson.JsonDeserializer;
import com.google.gson.JsonElement;
import com.google.gson.JsonParseException;
import java.lang.reflect.Type;
import java.security.PrivilegedAction;
import java.util.Date;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.audit.provider.MiscUtil;
import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
import org.apache.ranger.plugin.util.RangerRESTUtils;
import org.apache.ranger.plugin.util.RangerServiceNotFoundException;
import org.apache.ranger.plugin.util.RangerSslHelper;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.plugin.util.ServiceTags;

/* loaded from: input_file:org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.class */
public class RangerAdminJersey2RESTClient implements RangerAdminClient {
    private static final Log LOG = LogFactory.getLog(RangerAdminJersey2RESTClient.class);
    HostnameVerifier _hv;
    int _restClientConnTimeOutMs;
    int _restClientReadTimeOutMs;
    RangerRESTUtils _utils = new RangerRESTUtils();
    boolean _isSSL = false;
    volatile Client _client = null;
    SSLContext _sslContext = null;
    String _baseUrl = null;
    String _sslConfigFileName = null;
    String _serviceName = null;
    String _clusterName = null;
    String _pluginId = null;

    /* loaded from: input_file:org/apache/ranger/admin/client/RangerAdminJersey2RESTClient$GsonUnixDateDeserializer.class */
    public static class GsonUnixDateDeserializer implements JsonDeserializer<Date> {
        /* renamed from: deserialize, reason: merged with bridge method [inline-methods] */
        public Date m1deserialize(JsonElement jsonElement, Type type, JsonDeserializationContext jsonDeserializationContext) throws JsonParseException {
            return new Date(jsonElement.getAsJsonPrimitive().getAsLong());
        }
    }

    public void init(String str, String str2, String str3) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminJersey2RESTClient.init(" + str3 + ")");
        }
        this._serviceName = str;
        this._pluginId = this._utils.getPluginId(str, str2);
        this._baseUrl = this._utils.getPolicyRestUrl(str3);
        this._sslConfigFileName = this._utils.getSsslConfigFileName(str3);
        this._isSSL = this._utils.isSsl(this._baseUrl);
        this._restClientConnTimeOutMs = RangerConfiguration.getInstance().getInt(str3 + ".policy.rest.client.connection.timeoutMs", 120000);
        this._restClientReadTimeOutMs = RangerConfiguration.getInstance().getInt(str3 + ".policy.rest.client.read.timeoutMs", 30000);
        this._clusterName = RangerConfiguration.getInstance().get(str3 + ".ambari.cluster.name", "");
        LOG.info("Init params: " + String.format("Base URL[%s], SSL Congig filename[%s], ServiceName=[%s]", this._baseUrl, this._sslConfigFileName, this._serviceName));
        this._client = getClient();
        this._client.property("jersey.config.client.connectTimeout", Integer.valueOf(this._restClientConnTimeOutMs));
        this._client.property("jersey.config.client.readTimeout", Integer.valueOf(this._restClientReadTimeOutMs));
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminJersey2RESTClient.init(" + str3 + "): " + this._client.toString());
        }
    }

    public ServicePolicies getServicePoliciesIfUpdated(final long j, final long j2) throws Exception {
        final String urlForPolicyUpdate;
        Response response;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminJersey2RESTClient.getServicePoliciesIfUpdated(" + j + ", " + j2 + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        ServicePolicies servicePolicies = null;
        if (uGILoginUser != null && UserGroupInformation.isSecurityEnabled()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Checking Service policy if updated as user : " + uGILoginUser);
            }
            urlForPolicyUpdate = this._utils.getSecureUrlForPolicyUpdate(this._baseUrl, this._serviceName);
            response = (Response) uGILoginUser.doAs(new PrivilegedAction<Response>() { // from class: org.apache.ranger.admin.client.RangerAdminJersey2RESTClient.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Response run() {
                    return RangerAdminJersey2RESTClient.this._client.target(urlForPolicyUpdate).queryParam("lastKnownVersion", new Object[]{Long.toString(j)}).queryParam("lastActivationTime", new Object[]{Long.toString(j2)}).queryParam("pluginId", new Object[]{RangerAdminJersey2RESTClient.this._pluginId}).queryParam("clusterName", new Object[]{RangerAdminJersey2RESTClient.this._clusterName}).request(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get();
                }
            });
        } else {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Checking Service policy if updated with old api call");
            }
            urlForPolicyUpdate = this._utils.getUrlForPolicyUpdate(this._baseUrl, this._serviceName);
            response = this._client.target(urlForPolicyUpdate).queryParam("lastKnownVersion", new Object[]{Long.toString(j)}).queryParam("lastActivationTime", new Object[]{Long.toString(j2)}).queryParam("pluginId", new Object[]{this._pluginId}).queryParam("clusterName", new Object[]{this._clusterName}).request(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get();
        }
        int status = response == null ? -1 : response.getStatus();
        String str = null;
        switch (status) {
            case -1:
                LOG.warn("Unexpected: Null response from policy server while trying to get policies! Returning null!");
                break;
            case 200:
                String str2 = (String) response.readEntity(String.class);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Response from 200 server: " + str2);
                }
                servicePolicies = (ServicePolicies) getGson().fromJson(str2, ServicePolicies.class);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Deserialized response to: " + servicePolicies);
                    break;
                }
                break;
            case 304:
                LOG.debug("Got response: 304. Ok. Returning null");
                break;
            case 404:
                if (response.hasEntity()) {
                    str = (String) response.readEntity(String.class);
                    if (StringUtils.isNotBlank(str)) {
                        RangerServiceNotFoundException.throwExceptionIfServiceNotFound(this._serviceName, str);
                    }
                }
                LOG.warn("Received 404 error code with body:[" + str + "], Ignoring");
                break;
            default:
                LOG.warn(String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", Integer.valueOf(status), (String) response.readEntity(String.class), urlForPolicyUpdate));
                break;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminJersey2RESTClient.getServicePoliciesIfUpdated(" + j + ", " + j2 + "): " + servicePolicies);
        }
        return servicePolicies;
    }

    public void grantAccess(GrantRevokeRequest grantRevokeRequest) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.grantAccess(" + grantRevokeRequest + ")");
        }
        String urlForGrantAccess = this._utils.getUrlForGrantAccess(this._baseUrl, this._serviceName);
        Response response = this._client.target(urlForGrantAccess).queryParam("pluginId", new Object[]{this._pluginId}).request(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get();
        int status = response == null ? -1 : response.getStatus();
        switch (status) {
            case -1:
                LOG.warn("Unexpected: Null response from policy server while granting access! Returning null!");
                throw new Exception("unknown error!");
            case 200:
                LOG.debug("grantAccess() suceeded: HTTP status=" + status);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== RangerAdminRESTClient.grantAccess(" + grantRevokeRequest + ")");
                    return;
                }
                return;
            case 401:
                throw new AccessControlException();
            default:
                LOG.warn(String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", Integer.valueOf(status), (String) response.readEntity(String.class), urlForGrantAccess));
                throw new Exception("HTTP status: " + status);
        }
    }

    public void revokeAccess(GrantRevokeRequest grantRevokeRequest) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.grantAccess(" + grantRevokeRequest + ")");
        }
        String urlForRevokeAccess = this._utils.getUrlForRevokeAccess(this._baseUrl, this._serviceName);
        Response response = this._client.target(urlForRevokeAccess).queryParam("pluginId", new Object[]{this._pluginId}).request(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get();
        int status = response == null ? -1 : response.getStatus();
        switch (status) {
            case -1:
                LOG.warn("Unexpected: Null response from policy server while granting access! Returning null!");
                throw new Exception("unknown error!");
            case 200:
                LOG.debug("grantAccess() suceeded: HTTP status=" + status);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== RangerAdminRESTClient.grantAccess(" + grantRevokeRequest + ")");
                    return;
                }
                return;
            case 401:
                throw new AccessControlException();
            default:
                LOG.warn(String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", Integer.valueOf(status), (String) response.readEntity(String.class), urlForRevokeAccess));
                throw new Exception("HTTP status: " + status);
        }
    }

    public ServiceTags getServiceTagsIfUpdated(final long j, final long j2) throws Exception {
        final String urlForTagUpdate;
        Response response;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminJersey2RESTClient.getServiceTagsIfUpdated(" + j + ", " + j2 + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        ServiceTags serviceTags = null;
        if (uGILoginUser != null && UserGroupInformation.isSecurityEnabled()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Checking Service tags if updated as user : " + uGILoginUser);
            }
            urlForTagUpdate = this._utils.getSecureUrlForTagUpdate(this._baseUrl, this._serviceName);
            response = (Response) uGILoginUser.doAs(new PrivilegedAction<Response>() { // from class: org.apache.ranger.admin.client.RangerAdminJersey2RESTClient.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Response run() {
                    return RangerAdminJersey2RESTClient.this._client.target(urlForTagUpdate).queryParam("lastKnownVersion", new Object[]{Long.toString(j)}).queryParam("lastActivationTime", new Object[]{Long.toString(j2)}).queryParam("pluginId", new Object[]{RangerAdminJersey2RESTClient.this._pluginId}).request(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get();
                }
            });
        } else {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Checking Service tags if updated with old api call");
            }
            urlForTagUpdate = this._utils.getUrlForTagUpdate(this._baseUrl, this._serviceName);
            response = this._client.target(urlForTagUpdate).queryParam("lastKnownVersion", new Object[]{Long.toString(j)}).queryParam("lastActivationTime", new Object[]{Long.toString(j2)}).queryParam("pluginId", new Object[]{this._pluginId}).request(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get();
        }
        int status = response == null ? -1 : response.getStatus();
        String str = null;
        switch (status) {
            case -1:
                LOG.warn("Unexpected: Null response from tag server while trying to get tags! Returning null!");
                break;
            case 200:
                String str2 = (String) response.readEntity(String.class);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Response from 200 server: " + str2);
                }
                serviceTags = (ServiceTags) getGson().fromJson(str2, ServiceTags.class);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Deserialized response to: " + serviceTags);
                    break;
                }
                break;
            case 304:
                LOG.debug("Got response: 304. Ok. Returning null");
                break;
            case 404:
                if (response.hasEntity()) {
                    str = (String) response.readEntity(String.class);
                    if (StringUtils.isNotBlank(str)) {
                        RangerServiceNotFoundException.throwExceptionIfServiceNotFound(this._serviceName, str);
                    }
                }
                LOG.warn("Received 404 error code with body:[" + str + "], Ignoring");
                break;
            default:
                LOG.warn(String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", Integer.valueOf(status), (String) response.readEntity(String.class), urlForTagUpdate));
                break;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminJersey2RESTClient.getServiceTagsIfUpdated(" + j + ", " + j2 + "): " + serviceTags);
        }
        return serviceTags;
    }

    public List<String> getTagTypes(String str) throws Exception {
        throw new Exception("RangerAdminjersey2RESTClient.getTagTypes() -- *** NOT IMPLEMENTED *** ");
    }

    Gson getGson() {
        return new GsonBuilder().setPrettyPrinting().registerTypeAdapter(Date.class, new GsonUnixDateDeserializer()).create();
    }

    Client getClient() {
        Client client = this._client;
        if (client == null) {
            synchronized (this) {
                client = this._client;
                if (client == null) {
                    Client buildClient = buildClient();
                    client = buildClient;
                    this._client = buildClient;
                }
            }
        }
        return client;
    }

    Client buildClient() {
        if (this._isSSL) {
            if (this._sslContext == null) {
                this._sslContext = new RangerSslHelper(this._sslConfigFileName).createContext();
            }
            if (this._hv == null) {
                this._hv = new HostnameVerifier() { // from class: org.apache.ranger.admin.client.RangerAdminJersey2RESTClient.3
                    @Override // javax.net.ssl.HostnameVerifier
                    public boolean verify(String str, SSLSession sSLSession) {
                        return sSLSession.getPeerHost().equals(str);
                    }
                };
            }
            this._client = ClientBuilder.newBuilder().sslContext(this._sslContext).hostnameVerifier(this._hv).build();
        }
        if (this._client == null) {
            this._client = ClientBuilder.newClient();
        }
        return this._client;
    }
}
