package org.apache.ranger.raz.intg.client;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.net.URI;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.raz.intg.RangerRazErrorCode;
import org.apache.ranger.raz.intg.RangerRazException;
import org.apache.ranger.raz.intg.client.RangerRESTClient;
import org.apache.ranger.raz.intg.client.executor.RestClientExecutor;
import org.apache.ranger.raz.model.RangerRazIdentityMappings;
import org.apache.ranger.raz.model.RangerRazIdentityMappingsUtil;
import org.apache.ranger.raz.model.RangerRazMultiOperationRequest;
import org.apache.ranger.raz.model.RangerRazMultiOperationResult;
import org.apache.ranger.raz.model.RangerRazRequest;
import org.apache.ranger.raz.model.RangerRazResult;
import org.apache.ranger.raz.model.RangerRazResultBase;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/raz/intg/client/RangerRazClient.class */
public class RangerRazClient {
    public static final String HTTP_URL_SEPARATOR = "/";
    public static final String RAZ_CLIENT_PREFIX_KEY = "ranger.raz.client.prefix";
    public static final String RAZ_CLIENT_PREFIX_DEFAULT = "ranger.raz.client.";
    public static final String RAZ_SSL_FILE_LOC = "rest.ssl.config.file";
    public static final String RAZ_CLIENT_CONN_TIMEOUT_MS = "rest.client.connection.timeoutMs";
    public static final String RAZ_CLIENT_READ_TIMEOUT_MS = "rest.client.read.timeoutMs";
    public static final String RAZ_REST_HOST_URL = "rest.host.url";
    public static final String RAZ_CLIENT_LOG_QUIET_MODE = "log.quiet.mode";
    public static final String MASKED_TOKEN_STR = "********";
    public static final String RAZ_REST_OID_API = "rest.oid.map.url";
    public static final String RAZ_CLIENT_SKIP_MASK_FOR_FIRST_KEY = "client.skip.mask.for.first";
    public static final String RAZ_CLIENT_KEYS_TO_REDACT_PROP = "keys.to.redact";
    private static final String PARAM_OP = "op";
    private static final String PARAM_RENEWER = "renewer";
    private static final String PARAM_TOKEN = "token";
    private static final String PARAM_DELEGATION = "delegation";
    private static final String PARAM_DOAS = "doAs";
    private static final String PARAM_DT_SERVICENAME = "service";
    private static final String OP_GETDELEGATIONTOKEN = "GETDELEGATIONTOKEN";
    private static final String OP_RENEWDELEGATIONTOKEN = "RENEWDELEGATIONTOKEN";
    private static final String OP_CANCELDELEGATIONTOKEN = "CANCELDELEGATIONTOKEN";
    private static final String RAZ_API_SINGLE_RESOURCE = "/api/authz/%s/access";
    private static final String RAZ_API_MULTI_RESOURCE = "/api/authz/%s/accesses";
    private static final String RAZ_API_DOWNLOAD_OID_MAP = "/api/authz/identity-mappings";
    private static final String DEFAULT_DT_SERVICE_NAME = "RANGER_RAZ";
    private static final int DEFAULT_RAZ_SERVER_PORT = 6181;
    private final RangerRESTClient restClient;
    private final UserGroupInformation ugi;
    private final String dtServiceName;
    private static final Logger LOG = LoggerFactory.getLogger(RangerRazClient.class);
    public static Set<String> RAZ_CLIENT_KEYS_TO_REDACT = new HashSet(Arrays.asList("ADLS_DSAS", "S3_SIGN_REQUEST", "S3_SIGN_RESPONSE"));
    private static final Object DUMMY_POST_PARAM = new Object();
    private static Long latestRazIdMappingVersion = -1L;
    private static int RAZ_CLIENT_SKIP_MASK_FOR_FIRST_DEFAULT = 5;
    private static final RangerRazException MISSING_KERBEROS_GET_DT = new RangerRazException(RangerRazErrorCode.RAZ_CLIENT_UNAUTHORIZED_ACCESS, "Kerberos Authentication is Required, to get RAZ delegation token");
    private static final RangerRazException MISSING_KERBEROS_RENEW_DT = new RangerRazException(RangerRazErrorCode.RAZ_CLIENT_UNAUTHORIZED_ACCESS, "Kerberos Authentication is Required, to renew RAZ delegaton token");
    private static final RangerRazException MISSING_KERBEROS_CANCEL_DT = new RangerRazException(RangerRazErrorCode.RAZ_CLIENT_UNAUTHORIZED_ACCESS, "Kerberos Authentication is Required, to cancel RAZ delegation token");
    private final ObjectMapper mapper = new ObjectMapper();
    private RangerRazIdentityMappingsUtil razIdMappUtil = null;

    private RangerRazClient(Configuration configuration, UserGroupInformation userGroupInformation) throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerRazClient()");
        }
        String str = configuration.get(RAZ_CLIENT_PREFIX_KEY, RAZ_CLIENT_PREFIX_DEFAULT);
        String str2 = configuration.get(str + RAZ_SSL_FILE_LOC);
        int i = configuration.getInt(str + RAZ_CLIENT_CONN_TIMEOUT_MS, 120000);
        int i2 = configuration.getInt(str + RAZ_CLIENT_READ_TIMEOUT_MS, 30000);
        int i3 = configuration.getInt(str + "rest.client.connection.pool.max", 10);
        int i4 = configuration.getInt(str + "rest.client.connection.pool.max-per-host", 10);
        int i5 = configuration.getInt(str + "rest.client.connection.pool.validate-after-inactivity", 2000);
        int i6 = configuration.getInt(str + "rest.client.connection.pool.retry-count", 3);
        String str3 = configuration.get(str + RAZ_REST_HOST_URL);
        String str4 = null;
        RangerRazClientLogger.setIsQuietMode(configuration.getBoolean(str + RAZ_CLIENT_LOG_QUIET_MODE, true));
        this.ugi = userGroupInformation;
        if (userGroupInformation == null) {
            RangerRazClientLogger.error(LOG, "RangerRazClient(): {}", "no user is logged in");
            str4 = 0 == 0 ? "no user is logged in" : ((String) null) + ", no user is logged in";
        }
        if (StringUtils.isBlank(str3)) {
            String str5 = "configuration '" + str + RAZ_REST_HOST_URL + "' is not set";
            RangerRazClientLogger.error(LOG, "RangerRazClient(): {}", str5);
            str4 = str4 == null ? str5 : str4 + ", " + str5;
        }
        if (str4 != null) {
            throw new IOException("RangerRazClient initialization failed: " + str4);
        }
        boolean z = configuration.getBoolean(str + "client.use.local.raz", false);
        RAZ_CLIENT_SKIP_MASK_FOR_FIRST_DEFAULT = configuration.getInt(str + RAZ_CLIENT_SKIP_MASK_FOR_FIRST_KEY, RAZ_CLIENT_SKIP_MASK_FOR_FIRST_DEFAULT);
        String str6 = configuration.get(str + RAZ_CLIENT_KEYS_TO_REDACT_PROP);
        if (StringUtils.isNotEmpty(str6)) {
            String[] split = str6.split(",");
            if (ArrayUtils.isNotEmpty(split)) {
                RAZ_CLIENT_KEYS_TO_REDACT = new HashSet(Arrays.asList(split));
            }
        }
        this.restClient = new RangerRESTClient(str3, str2, configuration, z);
        this.restClient.setRestClientConnTimeOutMs(i);
        this.restClient.setRestClientReadTimeOutMs(i2);
        this.restClient.setmMaxConnections(i3);
        this.restClient.setMaxConnectionsPerHost(i4);
        this.restClient.setValidateAfterInactivityMs(i5);
        this.restClient.setPoolRetryCount(i6);
        this.dtServiceName = getDTServiceName(this.restClient.getConfiguredURLs());
        if (LOG.isDebugEnabled()) {
            for (Map.Entry entry : configuration.getPropsWithPrefix(configuration.get(RAZ_CLIENT_PREFIX_KEY, RAZ_CLIENT_PREFIX_DEFAULT)).entrySet()) {
                LOG.debug("RangerRazClient.init(): config: {}={}", entry.getKey(), entry.getValue());
            }
            UserGroupInformation.logAllUserInfo(LOG, userGroupInformation);
            LOG.debug("RangerRazClient(): dtServiceName={}", this.dtServiceName);
            LOG.debug("<== RangerRazClient()");
        }
    }

    public static RangerRazClient getInstance(Configuration configuration, UserGroupInformation userGroupInformation) throws IOException {
        return new RangerRazClient(configuration, userGroupInformation);
    }

    public String getDelegationTokenServiceName() {
        return this.dtServiceName;
    }

    public String getDelegationToken(String str) throws RangerRazException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerRazClient.getDelegationToken(renewer={})", str);
        }
        Object obj = null;
        if (!isKerberosAuthenticated()) {
            LOG.error("Kerberos Authentication is Required, to get RAZ delegation token.");
            throw MISSING_KERBEROS_GET_DT;
        }
        Map<String, String> constructMap = constructMap(PARAM_OP, "GETDELEGATIONTOKEN", PARAM_RENEWER, str, PARAM_DT_SERVICENAME, this.dtServiceName, RestClientExecutor.RANGER_PROP_AUTH_TYPE, RestClientExecutor.RANGER_AUTH_TYPE_KERBEROS, RestClientExecutor.RANGER_PROP_DT_OPERATION_TYPE, "GETDELEGATIONTOKEN");
        String asText = getJsonNode((String) executeAction(getPrivilegedAction(RangerRESTClient.HTTP_METHOD.GET, "", constructMap, DUMMY_POST_PARAM, String.class), getUgi(constructMap)), "urlString").asText();
        if (StringUtils.isNotBlank(asText)) {
            obj = MASKED_TOKEN_STR;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerRazClient.getDelegationToken(renewer={}): delegationToken=[{}]", str, obj);
        }
        return asText;
    }

    public Long renewDelegationToken(String str) throws RangerRazException {
        Object obj = null;
        if (StringUtils.isNotBlank(str)) {
            obj = MASKED_TOKEN_STR;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerRazClient.renewDelegationToken({})", obj);
        }
        if (!isKerberosAuthenticated()) {
            LOG.error("Kerberos Authentication is Required, to renew RAZ delegaton token.");
            throw MISSING_KERBEROS_RENEW_DT;
        }
        Map<String, String> constructMap = constructMap(PARAM_OP, "RENEWDELEGATIONTOKEN", PARAM_TOKEN, str, RestClientExecutor.RANGER_PROP_AUTH_TYPE, RestClientExecutor.RANGER_AUTH_TYPE_KERBEROS, RestClientExecutor.RANGER_PROP_DT_OPERATION_TYPE, "RENEWDELEGATIONTOKEN");
        Long valueOf = Long.valueOf(getJsonNode((String) executeAction(getPrivilegedAction(RangerRESTClient.HTTP_METHOD.PUT, "", constructMap, DUMMY_POST_PARAM, String.class), getUgi(constructMap)), "long").asLong());
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerRazClient.renewDelegationToken({}): DT nextExpiry={}", obj, valueOf);
        }
        return valueOf;
    }

    public Boolean cancelDelegationToken(String str) throws RangerRazException {
        Object obj = null;
        if (StringUtils.isNotBlank(str)) {
            obj = MASKED_TOKEN_STR;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerRazClient.cancelDelegationToken({})", obj);
        }
        if (!isKerberosAuthenticated()) {
            LOG.error("Kerberos Authentication is Required, to cancel RAZ delegation token.");
            throw MISSING_KERBEROS_CANCEL_DT;
        }
        Map<String, String> constructMap = constructMap(PARAM_OP, "CANCELDELEGATIONTOKEN", PARAM_TOKEN, str, RestClientExecutor.RANGER_PROP_AUTH_TYPE, RestClientExecutor.RANGER_AUTH_TYPE_KERBEROS, RestClientExecutor.RANGER_PROP_DT_OPERATION_TYPE, "CANCELDELEGATIONTOKEN");
        executeAction(getPrivilegedAction(RangerRESTClient.HTTP_METHOD.PUT, "", constructMap, DUMMY_POST_PARAM, String.class), getUgi(constructMap));
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerRazClient.cancelDelegationToken(): ret={}", true);
        }
        return true;
    }

    public RangerRazMultiOperationResult checkPrivileges(RangerRazMultiOperationRequest rangerRazMultiOperationRequest, String str) throws RangerRazException {
        Object obj = null;
        if (StringUtils.isNotBlank(str)) {
            obj = MASKED_TOKEN_STR;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerRazClient.checkPrivileges({}, {})", rangerRazMultiOperationRequest, obj);
        }
        String format = String.format(RAZ_API_MULTI_RESOURCE, rangerRazMultiOperationRequest.getServiceType());
        HashMap hashMap = new HashMap();
        UserGroupInformation userGroupInformation = null;
        if (!StringUtils.isEmpty(str)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("==> RangerRazClient.checkPrivileges(): RAZ Delegation token will be used to authenticate.");
            }
            hashMap.put(PARAM_DELEGATION, str);
            hashMap.put(RestClientExecutor.RANGER_PROP_AUTH_TYPE, RestClientExecutor.RANGER_AUTH_TYPE_RAZ_DT);
        } else if (isKerberosAuthenticated()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("==> RangerRazClient.checkPrivileges(): Since RAZ Delegation token is missing, Kerberos Authentication will be used to authenticate.");
            }
            userGroupInformation = getUgi(hashMap);
            hashMap.put(RestClientExecutor.RANGER_PROP_AUTH_TYPE, RestClientExecutor.RANGER_AUTH_TYPE_KERBEROS);
        }
        try {
            RangerRazMultiOperationResult rangerRazMultiOperationResult = (RangerRazMultiOperationResult) executeAction(getPrivilegedAction(RangerRESTClient.HTTP_METHOD.POST, format, hashMap, rangerRazMultiOperationRequest, RangerRazMultiOperationResult.class), userGroupInformation);
            if (rangerRazMultiOperationResult != null && rangerRazMultiOperationResult.getOperResults() != null && rangerRazMultiOperationResult.getOperResults().size() > 0) {
                updateLatestRazIdMappingsVersion(rangerRazMultiOperationResult.getOperResults().get(0));
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== RangerRazClient.checkPrivileges(): ret={}", rangerRazMultiOperationResult);
            }
            return rangerRazMultiOperationResult;
        } catch (RangerRazException e) {
            if (e.getErrorCode() == RangerRazErrorCode.RAZ_CLIENT_UNAUTHORIZED_ACCESS) {
                printAvailableAuthDetails(str, hashMap);
            }
            throw e;
        }
    }

    public RangerRazResult checkPrivilege(RangerRazRequest rangerRazRequest, String str) throws RangerRazException {
        Object obj = null;
        if (StringUtils.isNotBlank(str)) {
            obj = MASKED_TOKEN_STR;
        }
        if (LOG.isTraceEnabled()) {
            LOG.trace("==> RangerRazClient.checkPrivilege({}, {})", rangerRazRequest, obj);
        }
        String format = String.format(RAZ_API_SINGLE_RESOURCE, rangerRazRequest.getServiceType());
        HashMap hashMap = new HashMap();
        UserGroupInformation userGroupInformation = null;
        if (!StringUtils.isEmpty(str)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("==> RangerRazClient.checkPrivilege(): RAZ Delegation token will be used to authenticate.");
            }
            hashMap.put(PARAM_DELEGATION, str);
            hashMap.put(RestClientExecutor.RANGER_PROP_AUTH_TYPE, RestClientExecutor.RANGER_AUTH_TYPE_RAZ_DT);
        } else if (isKerberosAuthenticated()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("==> RangerRazClient.checkPrivilege(): Since RAZ Delegation token is missing Kerberos TGT will be used to authenticate.");
            }
            userGroupInformation = getUgi(hashMap);
            hashMap.put(RestClientExecutor.RANGER_PROP_AUTH_TYPE, RestClientExecutor.RANGER_AUTH_TYPE_KERBEROS);
        }
        try {
            RangerRazResult rangerRazResult = (RangerRazResult) executeAction(getPrivilegedAction(RangerRESTClient.HTTP_METHOD.POST, format, hashMap, rangerRazRequest, RangerRazResult.class), userGroupInformation);
            if (rangerRazResult != null && rangerRazResult.getOperResult() != null) {
                updateLatestRazIdMappingsVersion(rangerRazResult.getOperResult());
            }
            if (LOG.isTraceEnabled()) {
                LOG.trace("<== RangerRazClient.checkPrivilege(): ret={}", rangerRazResult);
            }
            return rangerRazResult;
        } catch (RangerRazException e) {
            if (e.getErrorCode() == RangerRazErrorCode.RAZ_CLIENT_UNAUTHORIZED_ACCESS) {
                printAvailableAuthDetails(str, hashMap);
            }
            throw e;
        }
    }

    private static String getDTServiceName(List<String> list) {
        String str = null;
        if (list != null && list.size() > 0) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                try {
                    str = SecurityUtil.buildDTServiceName(URI.create(it.next()), DEFAULT_RAZ_SERVER_PORT);
                    break;
                } catch (Exception e) {
                }
            }
        }
        if (StringUtils.isEmpty(str)) {
            str = DEFAULT_DT_SERVICE_NAME;
        }
        return str;
    }

    private <T> PrivilegedExceptionAction<T> getPrivilegedAction(RangerRESTClient.HTTP_METHOD http_method, String str, Map<String, String> map, Object obj, Class<T> cls) {
        return () -> {
            return this.restClient.executeHttpRequest(http_method, str, map, obj, cls);
        };
    }

    /* JADX WARN: Multi-variable type inference failed */
    private <T> T executeAction(PrivilegedExceptionAction<T> privilegedExceptionAction, UserGroupInformation userGroupInformation) throws RangerRazException {
        try {
            T doAs = userGroupInformation != null ? userGroupInformation.doAs(privilegedExceptionAction) : privilegedExceptionAction.run();
            if (doAs == null) {
                throw new RangerRazException(RangerRazErrorCode.RAZ_CLIENT_NULL_RESPONSE, new Object[0]);
            }
            return doAs;
        } catch (Exception e) {
            if (e.getCause() instanceof RangerRazException) {
                throw ((RangerRazException) e.getCause());
            }
            if (e instanceof RangerRazException) {
                throw ((RangerRazException) e);
            }
            throw new RangerRazException(e);
        }
    }

    private JsonNode getJsonNode(String str, String str2) throws RangerRazException {
        JsonNode jsonNode = null;
        if (str != null) {
            try {
                JsonNode readTree = this.mapper.readTree(str);
                if (readTree != null) {
                    jsonNode = readTree.findValue(str2);
                }
            } catch (IOException e) {
                RangerRazClientLogger.error(LOG, "RangerRazClient.getJsonNode({}): failed to parse the response", str, e);
                throw new RangerRazException(RangerRazErrorCode.RAZ_CLIENT_INVALID_RESPONSE, str);
            }
        }
        if (jsonNode != null) {
            return jsonNode;
        }
        RangerRazClientLogger.error(LOG, "RangerRazClient.getJsonNode({}): {} not found", str, str2);
        throw new RangerRazException(RangerRazErrorCode.RAZ_CLIENT_INVALID_RESPONSE, str2 + " not found");
    }

    private UserGroupInformation getUgi(Map<String, String> map) throws RangerRazException {
        UserGroupInformation userGroupInformation = this.ugi;
        UserGroupInformation realUser = userGroupInformation.getRealUser();
        if (realUser != null) {
            if (map != null && !StringUtils.equals(realUser.getShortUserName(), userGroupInformation.getShortUserName())) {
                String shortUserName = userGroupInformation.getShortUserName();
                map.put(PARAM_DOAS, shortUserName);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("RangerRazClient.getUgi(): owner = {} and proxy user = {}", realUser.getShortUserName(), shortUserName);
                }
            }
            userGroupInformation = realUser;
        }
        return userGroupInformation;
    }

    private boolean isKerberosAuthenticated() {
        boolean z = false;
        try {
            UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
            z = UserGroupInformation.isSecurityEnabled() && loginUser.hasKerberosCredentials() && loginUser.getAuthenticationMethod().equals(UserGroupInformation.AuthenticationMethod.KERBEROS);
            if (z) {
                loginUser.checkTGTAndReloginFromKeytab();
            }
        } catch (IOException e) {
            LOG.error("Failed to get authentication details. Exception : {}", e);
        }
        return z;
    }

    private Map<String, String> constructMap(String... strArr) {
        HashMap hashMap = new HashMap();
        int length = strArr.length;
        if (length % 2 != 0) {
            length--;
            LOG.warn("===>> RangerRazClient.constructMap(): skipping last argument [{}]", strArr[length]);
        }
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= length) {
                return hashMap;
            }
            hashMap.put(strArr[i2], strArr[i2 + 1]);
            i = i2 + 2;
        }
    }

    public RangerRazIdentityMappings getRangerRazIdentityMappings(String str) throws RangerRazException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerRazClient.getRangerRazIdentityMappings()");
        }
        HashMap hashMap = new HashMap();
        UserGroupInformation userGroupInformation = null;
        if (!StringUtils.isEmpty(str)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("==> RangerRazClient.getRangerRazIdentityMappings(): RAZ Delegation token will be used to authenticate.");
            }
            hashMap.put(PARAM_DELEGATION, str);
        } else if (isKerberosAuthenticated()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("==> RangerRazClient.getRangerRazIdentityMappings(): Since RAZ Delegation token is missing Kerberos TGT will be used to authenticate.");
            }
            userGroupInformation = getUgi(hashMap);
        }
        RangerRazIdentityMappings rangerRazIdentityMappings = (RangerRazIdentityMappings) executeAction(getPrivilegedAction(RangerRESTClient.HTTP_METHOD.GET, RAZ_API_DOWNLOAD_OID_MAP, hashMap, null, RangerRazIdentityMappings.class), userGroupInformation);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerRazClient.getRangerRazIdentityMappings(): ret={}", rangerRazIdentityMappings);
        }
        return rangerRazIdentityMappings;
    }

    public RangerRazIdentityMappingsUtil getIdentityMappingUtil(String str) throws RangerRazException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerRazClient.getIdentityMappingUtil()");
        }
        RangerRazIdentityMappingsUtil rangerRazIdentityMappingsUtil = this.razIdMappUtil;
        if (rangerRazIdentityMappingsUtil == null || !latestRazIdMappingVersion.equals(rangerRazIdentityMappingsUtil.getVersion())) {
            synchronized (DUMMY_POST_PARAM) {
                rangerRazIdentityMappingsUtil = this.razIdMappUtil;
                if (rangerRazIdentityMappingsUtil == null || !latestRazIdMappingVersion.equals(rangerRazIdentityMappingsUtil.getVersion())) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("==> RangerRazClient.getIdentityMappingUtil(): updating cached razIdMappUtil");
                    }
                    RangerRazIdentityMappings rangerRazIdentityMappings = getRangerRazIdentityMappings(str);
                    latestRazIdMappingVersion = rangerRazIdentityMappings.getVersion();
                    this.razIdMappUtil = new RangerRazIdentityMappingsUtil(rangerRazIdentityMappings);
                    rangerRazIdentityMappingsUtil = this.razIdMappUtil;
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerRazClient.getIdentityMappingUtil(): ret={}", rangerRazIdentityMappingsUtil);
        }
        return rangerRazIdentityMappingsUtil;
    }

    private void updateLatestRazIdMappingsVersion(RangerRazResultBase.ResourceAccessResult resourceAccessResult) {
        if (resourceAccessResult != null) {
            Map<String, String> additionalInfo = resourceAccessResult.getAdditionalInfo();
            if (MapUtils.isNotEmpty(additionalInfo)) {
                String str = additionalInfo.get("RAZ_ID_MAP_VERSION");
                if (StringUtils.isNotBlank(str)) {
                    Long valueOf = Long.valueOf(str);
                    if (valueOf.equals(latestRazIdMappingVersion)) {
                        return;
                    }
                    synchronized (DUMMY_POST_PARAM) {
                        if (!valueOf.equals(latestRazIdMappingVersion)) {
                            latestRazIdMappingVersion = Long.valueOf(str);
                        }
                    }
                }
            }
        }
    }

    private void printAvailableAuthDetails(String str, Map<String, String> map) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("RAZ Delegation Token: IsAuthInfoPresent ? {}", Boolean.valueOf(StringUtils.isNotBlank(str)));
            LOG.debug("Kerberos TGT        : IsAuthInfoPresent ? {}", Boolean.valueOf(isKerberosAuthenticated()));
            LOG.debug("Auth Cred used by client: {}", map.get(RestClientExecutor.RANGER_PROP_AUTH_TYPE));
        }
    }

    public static String maskParam(String str) {
        String str2 = null;
        if (StringUtils.isNotBlank(str)) {
            StringBuffer stringBuffer = new StringBuffer();
            if (str.length() > RAZ_CLIENT_SKIP_MASK_FOR_FIRST_DEFAULT) {
                stringBuffer.append(str.substring(0, RAZ_CLIENT_SKIP_MASK_FOR_FIRST_DEFAULT));
            }
            stringBuffer.append(MASKED_TOKEN_STR);
            str2 = stringBuffer.toString();
        }
        return str2;
    }
}
