package org.apache.knox.gateway.topology.discovery.cm;

import com.cloudera.api.swagger.client.ApiClient;
import com.cloudera.api.swagger.client.Pair;
import com.cloudera.api.swagger.client.auth.HttpBasicAuth;
import com.squareup.okhttp.ConnectionSpec;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.security.auth.Subject;
import org.apache.knox.gateway.config.ConfigurationException;
import org.apache.knox.gateway.i18n.messages.MessagesFactory;
import org.apache.knox.gateway.services.security.AliasService;
import org.apache.knox.gateway.services.security.AliasServiceException;
import org.apache.knox.gateway.topology.discovery.ServiceDiscoveryConfig;
import org.apache.knox.gateway.topology.discovery.cm.auth.AuthUtils;
import org.apache.knox.gateway.topology.discovery.cm.auth.SpnegoAuthInterceptor;
import org.apache.knox.gateway.util.TruststoreSSLContextUtils;

/* loaded from: input_file:org/apache/knox/gateway/topology/discovery/cm/DiscoveryApiClient.class */
public class DiscoveryApiClient extends ApiClient {
    private ClouderaManagerServiceDiscoveryMessages log = (ClouderaManagerServiceDiscoveryMessages) MessagesFactory.get(ClouderaManagerServiceDiscoveryMessages.class);
    private boolean isKerberos;
    private ServiceDiscoveryConfig config;

    public DiscoveryApiClient(ServiceDiscoveryConfig serviceDiscoveryConfig, AliasService aliasService, KeyStore keyStore) {
        this.config = serviceDiscoveryConfig;
        configure(aliasService, keyStore);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServiceDiscoveryConfig getConfig() {
        return this.config;
    }

    boolean isKerberos() {
        return this.isKerberos;
    }

    private void configure(AliasService aliasService, KeyStore keyStore) {
        Subject kerberosSubject;
        String address = this.config.getAddress();
        setBasePath(address + (address.endsWith("/") ? "api/v32" : "/api/v32"));
        String user = this.config.getUser();
        String passwordAlias = this.config.getPasswordAlias();
        String str = null;
        if (user == null) {
            if (aliasService != null) {
                try {
                    char[] passwordFromAliasForGateway = aliasService.getPasswordFromAliasForGateway("cm.discovery.user");
                    if (passwordFromAliasForGateway != null) {
                        user = new String(passwordFromAliasForGateway);
                    }
                } catch (AliasServiceException e) {
                    this.log.aliasServiceUserError("cm.discovery.user", e.getLocalizedMessage());
                }
            }
            if (user == null) {
                this.log.aliasServiceUserNotFound();
                throw new ConfigurationException("No username is configured for Cloudera Manager service discovery.");
            }
        }
        if (aliasService != null) {
            if (passwordAlias == null) {
                passwordAlias = "cm.discovery.password";
            }
            try {
                char[] passwordFromAliasForGateway2 = aliasService.getPasswordFromAliasForGateway(passwordAlias);
                if (passwordFromAliasForGateway2 != null) {
                    str = new String(passwordFromAliasForGateway2);
                }
            } catch (AliasServiceException e2) {
                this.log.aliasServicePasswordError(passwordAlias, e2.getLocalizedMessage());
            }
        }
        if (str == null) {
            this.log.aliasServicePasswordNotFound();
            this.isKerberos = Boolean.getBoolean("gateway.hadoop.kerberos.secured");
        }
        setUsername(user);
        setPassword(str);
        if (this.isKerberos && (kerberosSubject = AuthUtils.getKerberosSubject()) != null) {
            getHttpClient().interceptors().add(new SpnegoAuthInterceptor(kerberosSubject));
        }
        configureSsl(keyStore);
    }

    public String buildUrl(String str, List<Pair> list) {
        String username;
        if (isKerberos() && (username = getUsername()) != null) {
            list.add(new Pair("doAs", username));
        }
        return super.buildUrl(str, list);
    }

    private String getUsername() {
        String str = null;
        HttpBasicAuth authentication = getAuthentication("basic");
        if (authentication != null && (authentication instanceof HttpBasicAuth)) {
            str = authentication.getUsername();
        }
        return str;
    }

    private void configureSsl(KeyStore keyStore) {
        SSLContext truststoreSSLContext = TruststoreSSLContextUtils.getTruststoreSSLContext(keyStore);
        if (truststoreSSLContext == null) {
            this.log.failedToConfigureTruststore();
            return;
        }
        ConnectionSpec.Builder builder = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS);
        builder.cipherSuites(truststoreSSLContext.getSupportedSSLParameters().getCipherSuites());
        builder.tlsVersions(truststoreSSLContext.getSupportedSSLParameters().getProtocols());
        getHttpClient().setConnectionSpecs(Arrays.asList(builder.build()));
        getHttpClient().setSslSocketFactory(truststoreSSLContext.getSocketFactory());
    }
}
