package org.apache.ranger.services.kms.client;

import com.google.common.base.Strings;
import com.google.gson.GsonBuilder;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.api.client.config.DefaultClientConfig;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.security.HadoopKerberosName;
import org.apache.hadoop.security.ProviderUtils;
import org.apache.hadoop.security.SecureClientLogin;
import org.apache.ranger.plugin.client.BaseClient;
import org.apache.ranger.plugin.client.HadoopException;
import org.apache.ranger.plugin.util.PasswordUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/services/kms/client/KMSClient.class */
public class KMSClient {
    private static final Logger LOG = LoggerFactory.getLogger(KMSClient.class);
    private static final String EXPECTED_MIME_TYPE = "application/json";
    private static final String KMS_LIST_API_ENDPOINT = "v1/keys/names";
    private static final String errMessage = " You can still save the repository and start creating policies, but you would not be able to use autocomplete for resource names. Check ranger_admin.log for more info.";
    private static final String AUTH_TYPE_KERBEROS = "kerberos";
    String provider;
    String username;
    String password;
    String rangerPrincipal;
    String rangerKeytab;
    String nameRules;
    String authType;

    public KMSClient(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        this.provider = str;
        this.username = str2;
        this.password = str3;
        this.rangerPrincipal = str4;
        this.rangerKeytab = str5;
        this.nameRules = str6;
        this.authType = str7;
        if (LOG.isDebugEnabled()) {
            LOG.debug("Kms Client is build with url [" + str + "] user: [" + str2 + "]");
        }
    }

    private String[] createProvider(String str) throws IOException, URISyntaxException {
        URL url = new URL(extractKMSPath(new URI(str)).toString());
        String authority = url.getAuthority();
        if (Strings.isNullOrEmpty(authority)) {
            throw new IOException("No valid authority in kms uri [" + url + "]");
        }
        int i = -1;
        String str2 = authority;
        if (authority.contains(":")) {
            String[] split = authority.split(":");
            try {
                i = Integer.parseInt(split[1]);
                str2 = split[0];
            } catch (Exception e) {
                throw new IOException("Could not parse port in kms uri [" + url + "]");
            }
        }
        return createProvider(url, i, str2);
    }

    private static Path extractKMSPath(URI uri) throws MalformedURLException, IOException {
        return ProviderUtils.unnestUri(uri);
    }

    private String[] createProvider(URL url, int i, String str) throws IOException {
        String[] split = str.split(";");
        String[] strArr = new String[split.length];
        if (split.length == 1) {
            strArr[0] = url.toString();
        } else {
            for (int i2 = 0; i2 < split.length; i2++) {
                try {
                    strArr[i2] = new URI(url.getProtocol() + "://" + split[i2] + ":" + i + url.getPath()).toString();
                } catch (URISyntaxException e) {
                    throw new IOException("Could not Prase KMS URL..", e);
                }
            }
        }
        return strArr;
    }

    public List<String> getKeyList(String str, List<String> list) {
        int i;
        int i2;
        Client create;
        String concat;
        Subject loginUserWithPassword;
        ClientResponse clientResponse;
        try {
            String[] createProvider = createProvider(this.provider);
            ArrayList arrayList = null;
            int i3 = 0;
            while (i3 < createProvider.length) {
                arrayList = new ArrayList();
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Getting Kms Key list for keyNameMatching : " + str);
                }
                String str2 = createProvider[i3] + (createProvider[i3].endsWith("/") ? KMS_LIST_API_ENDPOINT : "/v1/keys/names");
                boolean z = false;
                try {
                    try {
                        DefaultClientConfig defaultClientConfig = new DefaultClientConfig();
                        defaultClientConfig.getProperties().put("com.sun.jersey.client.property.followRedirects", true);
                        create = Client.create(defaultClientConfig);
                        if (this.authType != null && this.authType.equalsIgnoreCase("kerberos")) {
                            z = true;
                        }
                        new Subject();
                        if (!z) {
                            concat = str2.concat("?user.name=" + this.username);
                            LOG.info("Init Login: security not enabled, using username");
                            loginUserWithPassword = SecureClientLogin.login(this.username);
                        } else if (StringUtils.isEmpty(this.rangerPrincipal) || StringUtils.isEmpty(this.rangerKeytab)) {
                            LOG.info("Init Login: using username/password");
                            concat = str2.concat("?doAs=" + new HadoopKerberosName(this.username).getShortName());
                            loginUserWithPassword = SecureClientLogin.loginUserWithPassword(this.username, PasswordUtils.decryptPassword(this.password));
                        } else {
                            LOG.info("Init Lookup Login: security enabled, using rangerPrincipal/rangerKeytab");
                            if (StringUtils.isEmpty(this.nameRules)) {
                                this.nameRules = "DEFAULT";
                            }
                            concat = str2.concat("?doAs=" + new HadoopKerberosName(this.rangerPrincipal).getShortName());
                            loginUserWithPassword = SecureClientLogin.loginUserFromKeytab(this.rangerPrincipal, this.rangerKeytab, this.nameRules);
                        }
                        final WebResource resource = create.resource(concat);
                        clientResponse = (ClientResponse) Subject.doAs(loginUserWithPassword, new PrivilegedAction<ClientResponse>() { // from class: org.apache.ranger.services.kms.client.KMSClient.1
                            /* JADX WARN: Can't rename method to resolve collision */
                            @Override // java.security.PrivilegedAction
                            public ClientResponse run() {
                                return (ClientResponse) resource.accept(new String[]{KMSClient.EXPECTED_MIME_TYPE}).get(ClientResponse.class);
                            }
                        });
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("getKeyList():calling " + concat);
                        }
                    } finally {
                        if (arrayList == null) {
                            if (i != i2) {
                                i3++;
                            }
                        }
                    }
                    if (clientResponse == null) {
                        String str3 = "Unable to get a valid response for expected mime type : [application/json] URL : " + concat + " - got null response.";
                        LOG.error(str3);
                        HadoopException hadoopException = new HadoopException(str3);
                        hadoopException.generateResponseDataMap(false, str3, str3 + errMessage, (Long) null, (String) null);
                        throw hadoopException;
                    }
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("getKeyList():response.getStatus()= " + clientResponse.getStatus());
                    }
                    if (clientResponse.getStatus() == 200) {
                        List<String> list2 = (List) new GsonBuilder().setPrettyPrinting().create().fromJson((String) clientResponse.getEntity(String.class), List.class);
                        if (list2 != null) {
                            for (String str4 : list2) {
                                if (list == null || !list.contains(str4)) {
                                    if (str == null || str.isEmpty() || str4.startsWith(str)) {
                                        if (LOG.isDebugEnabled()) {
                                            LOG.debug("getKeyList():Adding kmsKey " + str4);
                                        }
                                        arrayList.add(str4);
                                    }
                                }
                            }
                            if (clientResponse != null) {
                                clientResponse.close();
                            }
                            if (create != null) {
                                create.destroy();
                            }
                            if (arrayList != null || i3 == createProvider.length - 1) {
                                return arrayList;
                            }
                            i3++;
                        }
                    } else {
                        if (clientResponse.getStatus() == 401) {
                            LOG.info("getKeyList():response.getStatus()= " + clientResponse.getStatus() + " for URL " + concat + ", so returning null list");
                            String str5 = (String) clientResponse.getEntity(String.class);
                            HadoopException hadoopException2 = new HadoopException(str5);
                            hadoopException2.generateResponseDataMap(false, str5, str5 + errMessage, (Long) null, (String) null);
                            throw hadoopException2;
                        }
                        if (clientResponse.getStatus() == 403) {
                            LOG.info("getKeyList():response.getStatus()= " + clientResponse.getStatus() + " for URL " + concat + ", so returning null list");
                            String str6 = (String) clientResponse.getEntity(String.class);
                            HadoopException hadoopException3 = new HadoopException(str6);
                            hadoopException3.generateResponseDataMap(false, str6, str6 + errMessage, (Long) null, (String) null);
                            throw hadoopException3;
                        }
                        LOG.info("getKeyList():response.getStatus()= " + clientResponse.getStatus() + " for URL " + concat + ", so returning null list");
                        LOG.info((String) clientResponse.getEntity(String.class));
                        arrayList = null;
                    }
                    if (clientResponse != null) {
                        clientResponse.close();
                    }
                    if (create != null) {
                        create.destroy();
                    }
                    if (arrayList == null && i3 == createProvider.length - 1) {
                    }
                    i3++;
                } catch (HadoopException e) {
                    throw e;
                } catch (Throwable th) {
                    String str7 = "Exception while getting Kms Key List. URL : " + str2;
                    HadoopException hadoopException4 = new HadoopException(str7, th);
                    LOG.error(str7, th);
                    hadoopException4.generateResponseDataMap(false, BaseClient.getMessage(th), str7 + errMessage, (Long) null, (String) null);
                    throw hadoopException4;
                }
            }
            return arrayList;
        } catch (IOException | URISyntaxException e2) {
            return null;
        }
    }

    public static Map<String, Object> testConnection(String str, Map<String, String> map) {
        new ArrayList();
        boolean z = false;
        HashMap hashMap = new HashMap();
        if (getKmsKey(getKmsClient(str, map), "", null) != null) {
            z = true;
        }
        if (z) {
            BaseClient.generateResponseDataMap(z, "TestConnection Successful", "TestConnection Successful", (Long) null, (String) null, hashMap);
        } else {
            BaseClient.generateResponseDataMap(z, "Unable to retrieve any Kms Key using given URL.", "Unable to retrieve any Kms Key using given URL." + errMessage, (Long) null, (String) null, hashMap);
        }
        return hashMap;
    }

    public static KMSClient getKmsClient(String str, Map<String, String> map) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Getting KmsClient for datasource: " + str);
            LOG.debug("configMap: " + map);
        }
        if (map != null && !map.isEmpty()) {
            return new KMSClient(map.get("provider"), map.get("username"), map.get("password"), map.get("rangerprincipal"), map.get("rangerkeytab"), map.get("namerules"), map.get("authtype"));
        }
        LOG.error("Could not connect as Connection ConfigMap is empty.");
        HadoopException hadoopException = new HadoopException("Could not connect as Connection ConfigMap is empty.");
        hadoopException.generateResponseDataMap(false, "Could not connect as Connection ConfigMap is empty.", "Could not connect as Connection ConfigMap is empty." + errMessage, (Long) null, (String) null);
        throw hadoopException;
    }

    public static List<String> getKmsKey(KMSClient kMSClient, String str, List<String> list) {
        List<String> arrayList = new ArrayList();
        try {
            if (kMSClient == null) {
                LOG.error("Unable to get Kms Key : KmsClient is null.");
                HadoopException hadoopException = new HadoopException("Unable to get Kms Key : KmsClient is null.");
                hadoopException.generateResponseDataMap(false, "Unable to get Kms Key : KmsClient is null.", "Unable to get Kms Key : KmsClient is null." + errMessage, (Long) null, (String) null);
                throw hadoopException;
            }
            if (str != null) {
                arrayList = kMSClient.getKeyList(str.trim(), list);
                if (arrayList != null && LOG.isDebugEnabled()) {
                    LOG.debug("Returning list of " + arrayList.size() + " Kms Keys");
                }
            }
            return arrayList;
        } catch (Exception e) {
            String str2 = "Unable to get a valid response from the provider : " + e.getMessage();
            LOG.error(str2, e);
            HadoopException hadoopException2 = new HadoopException(str2);
            hadoopException2.generateResponseDataMap(false, str2, str2 + errMessage, (Long) null, (String) null);
            throw hadoopException2;
        } catch (HadoopException e2) {
            throw e2;
        }
    }
}
