package org.apache.ranger.raz.intg.client.executor;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.Charset;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.KerberosCredentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.client.StandardHttpRequestRetryHandler;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.protocol.HttpContext;
import org.apache.ranger.raz.intg.RangerRazErrorCode;
import org.apache.ranger.raz.intg.RangerRazException;
import org.apache.ranger.raz.intg.client.RangerRazClientLogger;
import org.apache.ranger.raz.intg.token.TokenRetriever;
import org.ietf.jgss.GSSCredential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/raz/intg/client/executor/RestClientExecutorApacheHttp.class */
public class RestClientExecutorApacheHttp implements RestClientExecutor<CloseableHttpClient>, HttpClientExecutor {
    private static final Logger LOG = LoggerFactory.getLogger(RestClientExecutorApacheHttp.class);
    private static final String PROTOCOL_HTTPS = "https";
    private static final String RESPONSE_ETAG = "ETag";
    private volatile CloseableHttpClient httpClient;
    private final RestClientExecutorConfig clientConfig;
    private final Configuration configuration;
    private TokenRetriever<String> tokenRetriever = null;
    private String jwtServerCookieName = null;
    private boolean ignoreJwtIfAuthExists = false;
    private final Gson gsonBuilder = new GsonBuilder().setDateFormat(RestClientExecutor.GSON_DATE_FORMAT).create();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/ranger/raz/intg/client/executor/RestClientExecutorApacheHttp$RazRetryHandlerApacheHttp.class */
    public class RazRetryHandlerApacheHttp extends StandardHttpRequestRetryHandler {
        public RazRetryHandlerApacheHttp(Integer num, boolean z) {
            super(num.intValue(), z);
        }

        public boolean retryRequest(IOException iOException, int i, HttpContext httpContext) {
            if (RestClientExecutorApacheHttp.LOG.isDebugEnabled()) {
                RestClientExecutorApacheHttp.LOG.debug("===>> RazRetryHandlerApacheHttp.retryRequest({},{})", iOException.getMessage(), Integer.valueOf(i));
            }
            boolean retryRequest = super.retryRequest(iOException, i, httpContext);
            if (RestClientExecutorApacheHttp.LOG.isDebugEnabled()) {
                RestClientExecutorApacheHttp.LOG.debug("<<=== RazRetryHandlerApacheHttp.retryRequest(): ret={}", Boolean.valueOf(retryRequest));
            }
            return retryRequest;
        }
    }

    public RestClientExecutorApacheHttp(RestClientExecutorConfig restClientExecutorConfig, Configuration configuration) {
        this.clientConfig = restClientExecutorConfig;
        this.configuration = configuration;
    }

    public void resetClient() {
        this.httpClient = null;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.apache.ranger.raz.intg.client.executor.RestClientExecutor
    public CloseableHttpClient build() {
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager;
        HttpClientBuilder defaultAuthSchemeRegistry = HttpClients.custom().setDefaultAuthSchemeRegistry(RegistryBuilder.create().register("Negotiate", new SPNegoSchemeFactory(true, true)).build());
        if (LOG.isDebugEnabled()) {
            LOG.debug("===>> Building apache HTTP client with configs={}", this.clientConfig);
        }
        try {
            BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
            if (isKerberosAuthenticated()) {
                basicCredentialsProvider.setCredentials(AuthScope.ANY, new KerberosCredentials((GSSCredential) null));
            } else if (StringUtils.isNotEmpty(this.clientConfig.getUsername()) && StringUtils.isNotEmpty(this.clientConfig.getPassword())) {
                basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(this.clientConfig.getUsername(), this.clientConfig.getPassword()));
            }
            defaultAuthSchemeRegistry.setDefaultCredentialsProvider(basicCredentialsProvider);
        } catch (Exception e) {
            LOG.error("Exception while adding credentials, skipping setting credentials for client.", e);
        }
        if (this.clientConfig.isSsl()) {
            SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(this.clientConfig.getSslContext(), NoopHostnameVerifier.INSTANCE);
            poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(RegistryBuilder.create().register(PROTOCOL_HTTPS, sSLConnectionSocketFactory).build());
            defaultAuthSchemeRegistry.setSSLSocketFactory(sSLConnectionSocketFactory);
        } else {
            poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager();
        }
        poolingHttpClientConnectionManager.setMaxTotal(this.clientConfig.getMaxConnections().intValue());
        poolingHttpClientConnectionManager.setDefaultMaxPerRoute(this.clientConfig.getMaxConnectionsPerHost().intValue());
        poolingHttpClientConnectionManager.setValidateAfterInactivity(this.clientConfig.getValidateAfterInactivityMs().intValue());
        CloseableHttpClient build = defaultAuthSchemeRegistry.setConnectionManager(poolingHttpClientConnectionManager).setRetryHandler(new RazRetryHandlerApacheHttp(this.clientConfig.getPoolRetryCount(), true)).setDefaultRequestConfig(RequestConfig.custom().setCookieSpec("default").setConnectTimeout(this.clientConfig.getRestClientConnTimeOutMs().intValue()).setSocketTimeout(this.clientConfig.getRestClientReadTimeOutMs().intValue()).build()).build();
        if (this.configuration.getBoolean(RestClientExecutor.RANGER_PROP_JWT_ENABLED, Boolean.parseBoolean(RestClientExecutor.RANGER_PROP_JWT_ENABLED_DEFAULT))) {
            this.jwtServerCookieName = this.clientConfig.getJwtServerCookieName();
            if (StringUtils.isBlank(this.jwtServerCookieName)) {
                this.jwtServerCookieName = RestClientExecutor.JWT_COOKIE_NAME_DEFAULT;
            }
            try {
                this.tokenRetriever = getJwtTokenRetriever(this.configuration);
            } catch (Exception e2) {
                LOG.error("RestClientExecutorApacheHttp.build(): Failed to initialize JWT token retriever.", e2);
            }
        } else {
            LOG.warn("RestClientExecutorApacheHttp.build(): Skipping JWT fetcher, use property 'ranger.raz.client.auth.jwt.enabled' to enable.");
        }
        this.ignoreJwtIfAuthExists = this.configuration.getBoolean(RestClientExecutor.RANGER_PROP_JWT_IGNOREIF_OTHER_AUTH_EXISTS, this.ignoreJwtIfAuthExists);
        return build;
    }

    @Override // org.apache.ranger.raz.intg.client.executor.HttpClientExecutor
    public <T> T getAndParse(String str, Map<String, String> map, Class<T> cls) throws Exception {
        return (T) executeAndParseResponse(new HttpGet(buildURI(str, map)), cls, map);
    }

    @Override // org.apache.ranger.raz.intg.client.executor.HttpClientExecutor
    public <T> T postAndParse(String str, Map<String, String> map, Object obj, Class<T> cls) throws Exception {
        HttpPost httpPost = new HttpPost(buildURI(str, map));
        httpPost.setEntity(new StringEntity(this.gsonBuilder.toJson(obj)));
        return (T) executeAndParseResponse(httpPost, cls, map);
    }

    @Override // org.apache.ranger.raz.intg.client.executor.HttpClientExecutor
    public <T> T putAndParse(String str, Map<String, String> map, Object obj, Class<T> cls) throws Exception {
        HttpPut httpPut = new HttpPut(buildURI(str, map));
        httpPut.setEntity(new StringEntity(this.gsonBuilder.toJson(obj)));
        return (T) executeAndParseResponse(httpPut, cls, map);
    }

    @Override // org.apache.ranger.raz.intg.client.executor.HttpClientExecutor
    public <T> T deleteAndParse(String str, Map<String, String> map, Class<T> cls) throws Exception {
        return (T) executeAndParseResponse(new HttpDelete(buildURI(str, map)), cls, map);
    }

    private <R> R parseResponse(HttpResponse httpResponse, Class<R> cls) throws RangerRazException, UnsupportedOperationException, IOException {
        if (httpResponse == null) {
            RangerRazClientLogger.error(LOG, "Received NULL response from server.");
            throw new RangerRazException(RangerRazErrorCode.RAZ_CLIENT_REQUEST_FAILED, new Object[0]);
        }
        int statusCode = httpResponse.getStatusLine().getStatusCode();
        String value = httpResponse.getEntity().getContentType() != null ? httpResponse.getEntity().getContentType().getValue() : "";
        if (statusCode == 200) {
            InputStream content = httpResponse.getEntity().getContent();
            Object iOUtils = cls.equals(String.class) ? IOUtils.toString(content, Charset.defaultCharset()) : this.gsonBuilder.fromJson(new InputStreamReader(content), cls);
            content.close();
            return (R) iOUtils;
        }
        RangerRazClientLogger.error(LOG, "Request failed : response=[{}], response.status={}", httpResponse, Integer.valueOf(statusCode));
        HashMap hashMap = new HashMap();
        InputStream content2 = httpResponse.getEntity().getContent();
        Throwable th = null;
        try {
            try {
                String iOUtils2 = IOUtils.toString(content2, Charset.defaultCharset());
                if (content2 != null) {
                    if (0 != 0) {
                        try {
                            content2.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        content2.close();
                    }
                }
                if (value.equals("application/json")) {
                    String value2 = httpResponse.containsHeader(RESPONSE_ETAG) ? httpResponse.getFirstHeader(RESPONSE_ETAG).getValue() : null;
                    String replace = value2 != null ? value2.replace("\"", "") : null;
                    if (replace != null && replace.equals(RangerRazException.WEBAPPLICATIONEXCP_WITH_HEADERS_TAG)) {
                        for (Header header : httpResponse.getAllHeaders()) {
                            hashMap.put(header.getName(), header.getValue());
                        }
                    }
                }
                RangerRazException rangerRazException = new RangerRazException(iOUtils2 + "; HttpStatus: " + statusCode);
                if (statusCode == 403) {
                    rangerRazException.setErrorCode(RangerRazErrorCode.RAZ_CLIENT_ACCESS_DENIED);
                } else if (statusCode == 401) {
                    LOG.warn("Server did not process this request due to in-sufficient auth details.");
                    rangerRazException.setErrorCode(RangerRazErrorCode.RAZ_CLIENT_UNAUTHORIZED_ACCESS);
                } else {
                    rangerRazException.setErrorCode(RangerRazErrorCode.RAZ_CLIENT_REQUEST_FAILED);
                }
                rangerRazException.setRangerRazExceptionHeadersMap(hashMap);
                throw rangerRazException;
            } finally {
            }
        } catch (Throwable th3) {
            if (content2 != null) {
                if (th != null) {
                    try {
                        content2.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    content2.close();
                }
            }
            throw th3;
        }
    }

    private URI buildURI(String str, Map<String, String> map) throws URISyntaxException {
        URIBuilder uRIBuilder = new URIBuilder(str);
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                uRIBuilder.addParameter(entry.getKey(), entry.getValue());
            }
        }
        return uRIBuilder.build();
    }

    private CloseableHttpClient getCloseableHttpClient() {
        CloseableHttpClient closeableHttpClient = this.httpClient;
        if (closeableHttpClient == null) {
            synchronized (this) {
                closeableHttpClient = this.httpClient;
                if (closeableHttpClient == null) {
                    CloseableHttpClient build = build();
                    closeableHttpClient = build;
                    this.httpClient = build;
                }
            }
        }
        return closeableHttpClient;
    }

    private <T extends HttpRequestBase> T addCommonHeaders(T t, Map<String, String> map) {
        t.addHeader(RestClientExecutor.REST_HEADER_ACCEPT, "application/json");
        t.setHeader(RestClientExecutor.REST_HEADER_CONTENT_TYPE, "application/json");
        return (T) handleJwt(t, map);
    }

    private <T extends HttpRequestBase> T handleJwt(T t, Map<String, String> map) {
        if (isDtOperation(map) || (this.ignoreJwtIfAuthExists && otherAuthCredExists(map))) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("RestClientExecutorApacheHttp.handleJwt(): Skipping JWT as required condition does not meet.");
                LOG.debug("RestClientExecutorApacheHttp.handleJwt(): [isDtOperation(queryParams)={}], [ignoreJwtIfAuthExists={}], [otherAuthCredExists(queryParams)={}]", new Object[]{Boolean.valueOf(isDtOperation(map)), Boolean.valueOf(this.ignoreJwtIfAuthExists), Boolean.valueOf(otherAuthCredExists(map))});
            }
        } else if (this.tokenRetriever != null) {
            Optional<String> retrieve = this.tokenRetriever.retrieve();
            if (retrieve.isPresent()) {
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append(this.jwtServerCookieName);
                stringBuffer.append("=");
                stringBuffer.append(retrieve.get());
                t.setHeader("Cookie", stringBuffer.toString());
            }
        } else {
            LOG.warn("RestClientExecutorApacheHttp.handleJwt(): Since JWTokenRetriver init failed, skipping JWT auth.");
        }
        return t;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private <T extends HttpRequestBase, R> R executeAndParseResponse(T t, Class<R> cls, Map<String, String> map) throws Exception {
        R r = null;
        CloseableHttpClient closeableHttpClient = getCloseableHttpClient();
        if (closeableHttpClient != null) {
            addCommonHeaders(t, map);
            CloseableHttpResponse execute = closeableHttpClient.execute(t);
            Throwable th = null;
            try {
                try {
                    r = parseResponse(execute, cls);
                    if (execute != null) {
                        if (0 != 0) {
                            try {
                                execute.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            execute.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (execute != null) {
                    if (th != null) {
                        try {
                            execute.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        execute.close();
                    }
                }
                throw th3;
            }
        } else {
            RangerRazClientLogger.error(LOG, "Can not procees request as client is null.");
        }
        return r;
    }
}
