package org.apache.ranger.audit.destination;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.Charset;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedExceptionAction;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Optional;
import java.util.Properties;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.KerberosCredentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.client.StandardHttpRequestRetryHandler;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.protocol.HttpContext;
import org.apache.ranger.audit.model.AuditEventBase;
import org.apache.ranger.audit.model.AuthzAuditEvent;
import org.apache.ranger.audit.provider.BaseAuditHandler;
import org.apache.ranger.audit.provider.MiscUtil;
import org.apache.ranger.audit.queue.AuditQueue;
import org.apache.ranger.audit.utils.TokenRetriever;
import org.ietf.jgss.GSSCredential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/audit/destination/HTTPAuditDestination.class */
public class HTTPAuditDestination extends AuditDestination {
    private static final Logger LOG = LoggerFactory.getLogger(HTTPAuditDestination.class);
    public static final String PROP_HTTP_SERVER_URL = "xasecure.audit.destination.http.url";
    public static final String PROP_HTTP_USER_NAME = "xasecure.audit.destination.http.username";
    public static final String PROP_HTTP_USER_PASSWORD = "xasecure.audit.destination.http.password";
    public static final String PROP_HTTP_CLIENT_CONN_TIMEOUT_MS = "xasecure.audit.destination.http.connection.timeout.ms";
    public static final String PROP_HTTP_CLIENT_READ_TIMEOUT_MS = "xasecure.audit.destination.http.read.timeout.ms";
    public static final String PROP_HTTP_MAX_CONNECTION = "xasecure.audit.destination.http.max.connections";
    public static final String PROP_HTTP_MAX_CONNECTION_PER_HOST = "xasecure.audit.destination.http.max.connections.per.host";
    public static final String PROP_HTTP_VALIDATE_INACTIVE_MS = "xasecure.audit.destination.http.validate.inactivity.ms";
    public static final String PROP_HTTP_POOL_RETRY_COUNT = "xasecure.audit.destination.http.pool.retry.count";
    public static final String GSON_DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss.SSSZ";
    public static final String REST_ACCEPTED_MIME_TYPE_JSON = "application/json";
    public static final String REST_CONTENT_TYPE_MIME_TYPE_JSON = "application/json";
    public static final String REST_HEADER_ACCEPT = "Accept";
    public static final String REST_HEADER_CONTENT_TYPE = "Content-type";
    public static final String REST_RELATIVE_PATH_POST = "/api/audit/post";
    public static final String JWT_COOKIE_NAME_DEFAULT = "hadoop-jwt";
    public static final String RANGER_PROP_JWT_TOKEN_RETRIEVER_CLASS = "ranger.audit.auth.jwt.retriever.class";
    public static final String RANGER_PROP_JWT_TOKEN_RETRIEVER_CLASS_DEFAULT = "org.apache.ranger.audit.token.JwTokenRetrieverEnv";
    public static final String RANGER_PROP_JWT_SERVER_COOKIE_NAME = "ranger.audit.auth.jwt.server.cookie.name";
    public static final String RANGER_PROP_JWT_IGNOREIF_OTHER_AUTH_EXISTS = "ranger.audit.auth.jwt.ignoreif.other.auth.exists";
    public static final String RANGER_PROP_JWT_ENABLED = "ranger.audit.auth.jwt.enabled";
    public static final String RANGER_PROP_AUTH_TYPE = "AUTH_TYPE";
    public static final String RANGER_AUTH_TYPE_KERBEROS = "KERBEROS";
    public static final String RANGER_AUTH_TYPE_RAZ_DT = "RAZ-DT";
    public static final String RANGER_PROP_DT_OPERATION_TYPE = "DT_OPERATION_TYPE";
    public static final String RANGER_DT_OPERATION_TYPE_GET = "GETDELEGATIONTOKEN";
    public static final String RANGER_DT_OPERATION_TYPE_RENEW = "RENEWDELEGATIONTOKEN";
    public static final String RANGER_DT_OPERATION_TYPE_CANCEL = "CANCELDELEGATIONTOKEN";
    private static final String PROTOCOL_HTTPS = "https";
    private volatile CloseableHttpClient httpClient = null;
    private volatile Gson gsonBuilder = null;
    private TokenRetriever<String> tokenRetriever = null;
    private String jwtServerCookieName = null;
    private String httpURL = null;
    private boolean ignoreJwtIfAuthExists = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/ranger/audit/destination/HTTPAuditDestination$AuditHTTPRetryHandler.class */
    public class AuditHTTPRetryHandler extends StandardHttpRequestRetryHandler {
        public AuditHTTPRetryHandler(Integer num, boolean z) {
            super(num.intValue(), z);
        }

        public boolean retryRequest(IOException iOException, int i, HttpContext httpContext) {
            if (HTTPAuditDestination.LOG.isDebugEnabled()) {
                HTTPAuditDestination.LOG.debug("==> AuditHTTPRetryHandler.retryRequest" + iOException.getMessage() + "Execution Count = " + i);
            }
            boolean retryRequest = super.retryRequest(iOException, i, httpContext);
            if (HTTPAuditDestination.LOG.isDebugEnabled()) {
                HTTPAuditDestination.LOG.debug("<== AuditHTTPRetryHandler.retryRequest(): ret= " + retryRequest);
            }
            return retryRequest;
        }
    }

    @Override // org.apache.ranger.audit.destination.AuditDestination, org.apache.ranger.audit.provider.BaseAuditHandler, org.apache.ranger.audit.provider.AuditHandler
    public void init(Properties properties, String str) {
        LOG.info("==> HTTPAuditDestination:init()");
        super.init(properties, str);
        this.httpClient = buildHTTPClient();
        this.gsonBuilder = new GsonBuilder().setDateFormat(GSON_DATE_FORMAT).create();
        if (MiscUtil.getBooleanProperty(properties, "ranger.audit.auth.jwt.enabled", true)) {
            this.tokenRetriever = getJwtTokenRetriever(MiscUtil.getStringProperty(properties, "ranger.audit.auth.jwt.retriever.class", "org.apache.ranger.audit.token.JwTokenRetrieverEnv"));
            this.jwtServerCookieName = MiscUtil.getStringProperty(properties, "ranger.audit.auth.jwt.server.cookie.name", "hadoop-jwt");
        } else {
            LOG.warn("HTTPAuditDestination.init(): Skipping JWT fetcher, use property 'ranger.audit.auth.jwt.enabled' to enable.");
        }
        this.ignoreJwtIfAuthExists = MiscUtil.getBooleanProperty(properties, "ranger.audit.auth.jwt.ignoreif.other.auth.exists", this.ignoreJwtIfAuthExists);
        LOG.info("<== HTTPAuditDestination:init()");
    }

    @Override // org.apache.ranger.audit.destination.AuditDestination, org.apache.ranger.audit.provider.AuditHandler
    public void stop() {
        LOG.info("==> HTTPAuditDestination.stop() called..");
        logStatus();
        if (this.httpClient != null) {
            try {
                this.httpClient.close();
            } catch (IOException e) {
                LOG.error("Error while closing httpclient in HTTPAuditDestination!", e);
            } finally {
                this.httpClient = null;
            }
        }
    }

    @Override // org.apache.ranger.audit.provider.AuditHandler
    public boolean log(Collection<AuditEventBase> collection) {
        boolean z = false;
        try {
            logStatusIfRequired();
            addTotalCount(collection.size());
            if (this.httpClient == null) {
                this.httpClient = buildHTTPClient();
                if (this.httpClient == null) {
                    addDeferredCount(collection.size());
                    return false;
                }
            }
            HashMap hashMap = new HashMap();
            UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
            if (LOG.isDebugEnabled()) {
                LOG.debug("UserGroupInformation: " + currentUser);
            }
            Iterator<AuditEventBase> it = collection.iterator();
            while (it.hasNext()) {
                executeAction(getPrivilegedAction(REST_RELATIVE_PATH_POST, hashMap, (AuthzAuditEvent) it.next(), String.class), currentUser);
                z = true;
            }
        } catch (Throwable th) {
            addDeferredCount(collection.size());
            logError("Error sending audit to HTTP Server", th);
        }
        return z;
    }

    @Override // org.apache.ranger.audit.destination.AuditDestination, org.apache.ranger.audit.provider.AuditHandler
    public void flush() {
    }

    public boolean isAsync() {
        return true;
    }

    synchronized CloseableHttpClient buildHTTPClient() {
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager;
        HttpClientBuilder defaultAuthSchemeRegistry = HttpClients.custom().setDefaultAuthSchemeRegistry(RegistryBuilder.create().register("Negotiate", new SPNegoSchemeFactory(true, true)).build());
        String stringProperty = MiscUtil.getStringProperty(this.props, PROP_HTTP_USER_NAME);
        String stringProperty2 = MiscUtil.getStringProperty(this.props, PROP_HTTP_USER_PASSWORD);
        int intProperty = MiscUtil.getIntProperty(this.props, PROP_HTTP_CLIENT_CONN_TIMEOUT_MS, AuditQueue.AUDIT_BATCH_SIZE_DEFAULT);
        int intProperty2 = MiscUtil.getIntProperty(this.props, PROP_HTTP_CLIENT_READ_TIMEOUT_MS, AuditQueue.AUDIT_BATCH_SIZE_DEFAULT);
        int intProperty3 = MiscUtil.getIntProperty(this.props, PROP_HTTP_MAX_CONNECTION, 10);
        int intProperty4 = MiscUtil.getIntProperty(this.props, PROP_HTTP_MAX_CONNECTION_PER_HOST, 10);
        int intProperty5 = MiscUtil.getIntProperty(this.props, PROP_HTTP_VALIDATE_INACTIVE_MS, AuditQueue.AUDIT_BATCH_SIZE_DEFAULT);
        int intProperty6 = MiscUtil.getIntProperty(this.props, PROP_HTTP_POOL_RETRY_COUNT, 5);
        this.httpURL = MiscUtil.getStringProperty(this.props, PROP_HTTP_SERVER_URL);
        if (LOG.isDebugEnabled()) {
            LOG.debug("===>> Building apache HTTP client with configs={}");
        }
        try {
            BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
            if (isKerberosAuthenticated()) {
                basicCredentialsProvider.setCredentials(AuthScope.ANY, new KerberosCredentials((GSSCredential) null));
            } else if (StringUtils.isNotEmpty(stringProperty) && StringUtils.isNotEmpty(stringProperty2)) {
                basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(stringProperty, stringProperty2));
            }
            defaultAuthSchemeRegistry.setDefaultCredentialsProvider(basicCredentialsProvider);
        } catch (Exception e) {
            LOG.error("Exception while adding credentials, skipping setting credentials for client.", e);
        }
        SSLContext sSLContext = getSSLContext(getKeyManagers(), getTrustManagers());
        if (sSLContext != null) {
            SSLContext.setDefault(sSLContext);
        }
        if (this.httpURL != null && this.httpURL.contains("https://")) {
            SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(sSLContext, NoopHostnameVerifier.INSTANCE);
            poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(RegistryBuilder.create().register(PROTOCOL_HTTPS, sSLConnectionSocketFactory).build());
            defaultAuthSchemeRegistry.setSSLSocketFactory(sSLConnectionSocketFactory);
        } else {
            poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager();
        }
        poolingHttpClientConnectionManager.setMaxTotal(intProperty3);
        poolingHttpClientConnectionManager.setDefaultMaxPerRoute(intProperty4);
        poolingHttpClientConnectionManager.setValidateAfterInactivity(intProperty5);
        return defaultAuthSchemeRegistry.setConnectionManager(poolingHttpClientConnectionManager).setRetryHandler(new AuditHTTPRetryHandler(Integer.valueOf(intProperty6), true)).setDefaultRequestConfig(RequestConfig.custom().setCookieSpec("default").setConnectTimeout(intProperty).setSocketTimeout(intProperty2).build()).build();
    }

    private void close(InputStream inputStream, String str) {
        if (inputStream != null) {
            try {
                inputStream.close();
            } catch (IOException e) {
                LOG.error("Error while closing file: [" + str + "]", e);
            }
        }
    }

    private <T> PrivilegedExceptionAction<T> getPrivilegedAction(String str, Map<String, String> map, Object obj, Class<T> cls) {
        return () -> {
            return executeHttpRequestPOST(str, map, obj, cls);
        };
    }

    public <T> T executeHttpRequestPOST(String str, Map<String, String> map, Object obj, Class<T> cls) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==>  HTTPAuditDestination().executeHttpRequestPOST()");
        }
        T t = (T) postAndParse(this.httpURL + str, map, obj, cls);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== HTTPAuditDestination().executeHttpRequestPOST()");
        }
        return t;
    }

    public <T> T postAndParse(String str, Map<String, String> map, Object obj, Class<T> cls) throws Exception {
        HttpPost httpPost = new HttpPost(buildURI(str, map));
        httpPost.setEntity(new StringEntity(this.gsonBuilder.toJson(obj)));
        return (T) executeAndParseResponse(httpPost, cls, map);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private <T extends HttpRequestBase, R> R executeAndParseResponse(T t, Class<R> cls, Map<String, String> map) throws Exception {
        R r = null;
        CloseableHttpClient closeableHttpClient = getCloseableHttpClient();
        if (closeableHttpClient != null) {
            addCommonHeaders(t, map);
            CloseableHttpResponse execute = closeableHttpClient.execute(t);
            Throwable th = null;
            try {
                try {
                    r = parseResponse(execute, cls);
                    if (execute != null) {
                        if (0 != 0) {
                            try {
                                execute.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            execute.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (execute != null) {
                    if (th != null) {
                        try {
                            execute.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        execute.close();
                    }
                }
                throw th3;
            }
        } else {
            LOG.error("Cannot process request as Audit HTTPClient is null...");
        }
        return r;
    }

    private <T extends HttpRequestBase> T addCommonHeaders(T t, Map<String, String> map) {
        t.addHeader(REST_HEADER_ACCEPT, "application/json");
        t.setHeader(REST_HEADER_CONTENT_TYPE, "application/json");
        return (T) handleJwt(t, map);
    }

    private <T extends HttpRequestBase> T handleJwt(T t, Map<String, String> map) {
        if (isDtOperation(map) || (this.ignoreJwtIfAuthExists && otherAuthCredExists(map))) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("HTTPAuditDestination.handleJwt(): Skipping JWT as required condition does not meet.");
                LOG.debug("HTTPAuditDestination.handleJwt(): [isDtOperation(queryParams)=" + isDtOperation(map) + "], [ignoreJwtIfAuthExists=" + this.ignoreJwtIfAuthExists + "], [otherAuthCredExists(queryParams)=" + otherAuthCredExists(map) + "]");
            }
        } else if (this.tokenRetriever != null) {
            Optional<String> retrieve = this.tokenRetriever.retrieve();
            if (retrieve.isPresent()) {
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append(this.jwtServerCookieName);
                stringBuffer.append("=");
                stringBuffer.append(retrieve.get());
                t.setHeader("Cookie", stringBuffer.toString());
            }
        } else if (LOG.isDebugEnabled()) {
            LOG.debug("HTTPAuditDestination.handleJwt(): Since JWTokenRetriver init failed, skipping JWT auth.");
        }
        return t;
    }

    private <R> R parseResponse(HttpResponse httpResponse, Class<R> cls) throws Exception {
        if (httpResponse == null) {
            LOG.error("Received NULL response from server..");
            throw new Exception("Received NULL response from server..");
        }
        int statusCode = httpResponse.getStatusLine().getStatusCode();
        if (statusCode != 200) {
            String str = "Request failed : response= [+" + httpResponse + "], response.status= " + statusCode;
            LOG.error(str);
            throw new Exception(str);
        }
        InputStream content = httpResponse.getEntity().getContent();
        Object iOUtils = cls.equals(String.class) ? IOUtils.toString(content, Charset.defaultCharset()) : this.gsonBuilder.fromJson(new InputStreamReader(content), cls);
        content.close();
        return (R) iOUtils;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private <T> T executeAction(PrivilegedExceptionAction<T> privilegedExceptionAction, UserGroupInformation userGroupInformation) throws Exception {
        return userGroupInformation != null ? userGroupInformation.doAs(privilegedExceptionAction) : privilegedExceptionAction.run();
    }

    private URI buildURI(String str, Map<String, String> map) throws URISyntaxException {
        URIBuilder uRIBuilder = new URIBuilder(str);
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                uRIBuilder.addParameter(entry.getKey(), entry.getValue());
            }
        }
        return uRIBuilder.build();
    }

    boolean isKerberosAuthenticated() throws Exception {
        boolean z;
        try {
            UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
            boolean isSecurityEnabled = UserGroupInformation.isSecurityEnabled();
            boolean hasKerberosCredentials = loginUser.hasKerberosCredentials();
            UserGroupInformation.AuthenticationMethod authenticationMethod = loginUser.getAuthenticationMethod();
            if (isSecurityEnabled && hasKerberosCredentials) {
                if (authenticationMethod.equals(UserGroupInformation.AuthenticationMethod.KERBEROS)) {
                    z = true;
                    return z;
                }
            }
            z = false;
            return z;
        } catch (IOException e) {
            throw new Exception("Failed to get authentication details.", e);
        }
    }

    private CloseableHttpClient getCloseableHttpClient() {
        CloseableHttpClient closeableHttpClient = this.httpClient;
        if (closeableHttpClient == null) {
            synchronized (this) {
                closeableHttpClient = this.httpClient;
                if (closeableHttpClient == null) {
                    CloseableHttpClient buildHTTPClient = buildHTTPClient();
                    closeableHttpClient = buildHTTPClient;
                    this.httpClient = buildHTTPClient;
                }
            }
        }
        return closeableHttpClient;
    }

    private KeyManager[] getKeyManagers() {
        KeyManager[] keyManagerArr = null;
        String stringProperty = MiscUtil.getStringProperty(this.props, "xasecure.policymgr.clientssl.keystore.credential.file");
        String stringProperty2 = MiscUtil.getStringProperty(this.props, "xasecure.policymgr.clientssl.keystore");
        String credentialString = MiscUtil.getCredentialString(stringProperty, "sslKeyStore");
        if (StringUtils.isNotEmpty(stringProperty2) && StringUtils.isNotEmpty(credentialString)) {
            try {
                try {
                    try {
                        try {
                            try {
                                try {
                                    InputStream fileInputStream = getFileInputStream(stringProperty2);
                                    if (fileInputStream != null) {
                                        String stringProperty3 = MiscUtil.getStringProperty(this.props, "xasecure.policymgr.clientssl.keystore.type");
                                        KeyStore keyStore = KeyStore.getInstance(StringUtils.isNotEmpty(stringProperty3) ? stringProperty3 : "jks");
                                        keyStore.load(fileInputStream, credentialString.toCharArray());
                                        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(RANGER_SSL_KEYMANAGER_ALGO_TYPE);
                                        keyManagerFactory.init(keyStore, credentialString.toCharArray());
                                        keyManagerArr = keyManagerFactory.getKeyManagers();
                                    } else {
                                        LOG.error("Unable to obtain keystore from file [" + stringProperty2 + "]");
                                    }
                                    close(fileInputStream, stringProperty2);
                                } catch (IOException e) {
                                    LOG.error("Unable to read the necessary SSL Keystore Files", e);
                                    close(null, stringProperty2);
                                }
                            } catch (FileNotFoundException e2) {
                                LOG.error("Unable to find the necessary SSL Keystore Files", e2);
                                close(null, stringProperty2);
                            }
                        } catch (KeyStoreException e3) {
                            LOG.error("Unable to obtain from KeyStore :" + e3.getMessage(), e3);
                            close(null, stringProperty2);
                        }
                    } catch (CertificateException e4) {
                        LOG.error("Unable to obtain the requested certification ", e4);
                        close(null, stringProperty2);
                    }
                } catch (NoSuchAlgorithmException e5) {
                    LOG.error("SSL algorithm is NOT available in the environment", e5);
                    close(null, stringProperty2);
                } catch (UnrecoverableKeyException e6) {
                    LOG.error("Unable to recover the key from keystore", e6);
                    close(null, stringProperty2);
                }
            } catch (Throwable th) {
                close(null, stringProperty2);
                throw th;
            }
        }
        return keyManagerArr;
    }

    private TrustManager[] getTrustManagers() {
        TrustManager[] trustManagerArr = null;
        String stringProperty = MiscUtil.getStringProperty(this.props, "xasecure.policymgr.clientssl.truststore.credential.file");
        String stringProperty2 = MiscUtil.getStringProperty(this.props, "xasecure.policymgr.clientssl.truststore");
        String credentialString = MiscUtil.getCredentialString(stringProperty, "sslTrustStore");
        if (StringUtils.isNotEmpty(stringProperty2) && StringUtils.isNotEmpty(credentialString)) {
            try {
                try {
                    try {
                        InputStream fileInputStream = getFileInputStream(stringProperty2);
                        if (fileInputStream != null) {
                            String stringProperty3 = MiscUtil.getStringProperty(this.props, "xasecure.policymgr.clientssl.truststore.type");
                            KeyStore keyStore = KeyStore.getInstance(StringUtils.isNotEmpty(stringProperty3) ? stringProperty3 : "jks");
                            keyStore.load(fileInputStream, credentialString.toCharArray());
                            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(RANGER_SSL_TRUSTMANAGER_ALGO_TYPE);
                            trustManagerFactory.init(keyStore);
                            trustManagerArr = trustManagerFactory.getTrustManagers();
                        } else {
                            LOG.error("Unable to obtain truststore from file [" + stringProperty2 + "]");
                        }
                        close(fileInputStream, stringProperty2);
                    } catch (FileNotFoundException e) {
                        LOG.error("Unable to find the necessary SSL TrustStore File:" + stringProperty2, e);
                        close(null, stringProperty2);
                    } catch (IOException e2) {
                        LOG.error("Unable to read the necessary SSL TrustStore Files :" + stringProperty2, e2);
                        close(null, stringProperty2);
                    }
                } catch (KeyStoreException e3) {
                    LOG.error("Unable to obtain from KeyStore", e3);
                    close(null, stringProperty2);
                } catch (NoSuchAlgorithmException e4) {
                    LOG.error("SSL algorithm is NOT available in the environment :" + e4.getMessage(), e4);
                    close(null, stringProperty2);
                } catch (CertificateException e5) {
                    LOG.error("Unable to obtain the requested certification :" + e5.getMessage(), e5);
                    close(null, stringProperty2);
                }
            } catch (Throwable th) {
                close(null, stringProperty2);
                throw th;
            }
        }
        return trustManagerArr;
    }

    private SSLContext getSSLContext(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) {
        SSLContext sSLContext = null;
        try {
            sSLContext = SSLContext.getInstance(BaseAuditHandler.RANGER_SSL_CONTEXT_ALGO_TYPE);
            if (sSLContext != null) {
                sSLContext.init(keyManagerArr, trustManagerArr, new SecureRandom());
            }
        } catch (KeyManagementException e) {
            LOG.error("Unable to initialise the SSLContext", e);
        } catch (NoSuchAlgorithmException e2) {
            LOG.error("SSL algorithm is not available in the environment", e2);
        }
        return sSLContext;
    }

    private InputStream getFileInputStream(String str) throws IOException {
        InputStream inputStream = null;
        if (StringUtils.isNotEmpty(str)) {
            File file = new File(str);
            inputStream = (file == null || !file.exists()) ? ClassLoader.getSystemResourceAsStream(str) : new FileInputStream(file);
        }
        return inputStream;
    }

    private TokenRetriever<String> getJwtTokenRetriever(String str) {
        TokenRetriever<String> tokenRetriever = null;
        try {
            tokenRetriever = (TokenRetriever) Thread.currentThread().getContextClassLoader().loadClass(str.trim()).getConstructor(Configuration.class).newInstance(new Configuration());
        } catch (Exception e) {
            LOG.error("AuditHTTPRetryHandler.getJwtTokenRetriever(): Failed to initialize JWT token retriever.", e);
        }
        return tokenRetriever;
    }

    private boolean otherAuthCredExists(Map<String, String> map) {
        boolean z = false;
        if (map != null && !map.isEmpty() && StringUtils.isNotBlank(map.get("AUTH_TYPE"))) {
            z = true;
        }
        return z;
    }

    private boolean isDtOperation(Map<String, String> map) {
        boolean z = false;
        if (map != null && !map.isEmpty() && StringUtils.isNotBlank(map.get("DT_OPERATION_TYPE"))) {
            z = true;
        }
        return z;
    }
}
