package org.apache.ranger.services.nifi.client;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.api.client.config.DefaultClientConfig;
import com.sun.jersey.client.urlconnection.HTTPSProperties;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.ws.rs.core.Response;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.plugin.client.BaseClient;
import org.apache.ranger.plugin.service.ResourceLookupContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/services/nifi/client/NiFiClient.class */
public class NiFiClient {
    private static final Logger LOG = LoggerFactory.getLogger(NiFiClient.class);
    static final String SUCCESS_MSG = "ConnectionTest Successful";
    static final String FAILURE_MSG = "Unable to retrieve any resources using given parameters. ";
    private final String url;
    private final SSLContext sslContext;
    private final ObjectMapper mapper = new ObjectMapper();
    private final HostnameVerifier hostnameVerifier = new NiFiHostnameVerifier();

    /* loaded from: input_file:org/apache/ranger/services/nifi/client/NiFiClient$NiFiHostnameVerifier.class */
    private static class NiFiHostnameVerifier implements HostnameVerifier {
        private NiFiHostnameVerifier() {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            try {
                for (Certificate certificate : sSLSession.getPeerCertificates()) {
                    if ((certificate instanceof X509Certificate) && getSubjectAlternativeNames((X509Certificate) certificate).contains(str.toLowerCase())) {
                        return true;
                    }
                }
                return false;
            } catch (CertificateParsingException | SSLPeerUnverifiedException e) {
                NiFiClient.LOG.warn("Hostname Verification encountered exception verifying hostname due to: " + e, e);
                return false;
            }
        }

        private List<String> getSubjectAlternativeNames(X509Certificate x509Certificate) throws CertificateParsingException {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                return new ArrayList();
            }
            ArrayList arrayList = new ArrayList();
            for (List<?> list : subjectAlternativeNames) {
                if (list.size() > 1) {
                    Object obj = list.get(1);
                    if (obj instanceof String) {
                        arrayList.add(((String) obj).toLowerCase());
                    }
                }
            }
            return arrayList;
        }
    }

    public NiFiClient(String str, SSLContext sSLContext) {
        this.url = str;
        this.sslContext = sSLContext;
    }

    public HashMap<String, Object> connectionTest() {
        boolean z;
        String str = "";
        HashMap<String, Object> hashMap = new HashMap<>();
        try {
            ClientResponse response = getResponse(getWebResource(), "application/json");
            if (LOG.isDebugEnabled()) {
                LOG.debug("Got response from NiFi with status code " + response.getStatus());
            }
            if (Response.Status.OK.getStatusCode() == response.getStatus()) {
                z = true;
            } else {
                z = false;
                str = "Status Code = " + response.getStatus();
            }
        } catch (Exception e) {
            LOG.error("Connection to NiFi failed due to " + e.getMessage(), e);
            z = false;
            str = e.getMessage();
        }
        if (z) {
            BaseClient.generateResponseDataMap(z, SUCCESS_MSG, SUCCESS_MSG, (Long) null, (String) null, hashMap);
        } else {
            BaseClient.generateResponseDataMap(z, FAILURE_MSG, FAILURE_MSG + str, (Long) null, (String) null, hashMap);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Response Data - " + hashMap);
        }
        return hashMap;
    }

    public List<String> getResources(ResourceLookupContext resourceLookupContext) throws Exception {
        ClientResponse response = getResponse(getWebResource(), "application/json");
        if (Response.Status.OK.getStatusCode() != response.getStatus()) {
            throw new Exception("Unable to retrieve resources from NiFi due to: " + IOUtils.toString(response.getEntityInputStream()));
        }
        JsonNode readTree = this.mapper.readTree(response.getEntityInputStream());
        if (readTree == null) {
            throw new Exception("Unable to retrieve resources from NiFi");
        }
        List<String> findValuesAsText = readTree.findValue("resources").findValuesAsText("identifier");
        String userInput = resourceLookupContext.getUserInput();
        if (StringUtils.isBlank(userInput)) {
            return findValuesAsText;
        }
        ArrayList arrayList = new ArrayList();
        for (String str : findValuesAsText) {
            if (str.contains(userInput)) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    protected WebResource getWebResource() {
        DefaultClientConfig defaultClientConfig = new DefaultClientConfig();
        if (this.sslContext != null) {
            defaultClientConfig.getProperties().put("com.sun.jersey.client.impl.urlconnection.httpsProperties", new HTTPSProperties(this.hostnameVerifier, this.sslContext));
        }
        return Client.create(defaultClientConfig).resource(this.url);
    }

    protected ClientResponse getResponse(WebResource webResource, String str) {
        return (ClientResponse) webResource.accept(new String[]{str}).get(ClientResponse.class);
    }

    public String getUrl() {
        return this.url;
    }

    public SSLContext getSslContext() {
        return this.sslContext;
    }

    public HostnameVerifier getHostnameVerifier() {
        return this.hostnameVerifier;
    }
}
