package org.apache.ranger.raz.processor.abfsutil;

import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientHandlerException;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.api.client.config.DefaultClientConfig;
import com.sun.jersey.client.urlconnection.HTTPSProperties;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Random;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManagerFactory;
import javax.ws.rs.core.Cookie;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.plugin.token.TokenRetriever;
import org.codehaus.jackson.jaxrs.JacksonJsonProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/raz/processor/abfsutil/RESTClient.class */
public class RESTClient {
    public static final String RANGER_RAZ_TRUSTSTORE_FILE_CREDENTIAL = "xasecure.policymgr.clientssl.truststore";
    public static final String RANGER_RAZ_SSL_CONTEXT_ALGO_TYPE = "TLS";
    public static final String RANGER_PROP_JWT_TOKEN_RETRIEVER_CLASS = "ranger.auth.jwt.retriever.class";
    public static final String RANGER_PROP_JWT_TOKEN_RETRIEVER_CLASS_DEFAULT = "org.apache.ranger.plugin.token.JwTokenRetrieverEnv";
    public static final String AUTHORIZATION_HEADER = "Authorization";
    public static final String JWT_COOKIE_NAME_DEFAULT = "hadoop-jwt";
    public static final String RANGER_PROP_JWT_SERVER_COOKIE_NAME = "ranger.auth.jwt.server.cookie.name";
    private String mUrl;
    private String mSslConfigFileName;
    private boolean mIsSSL;
    private String mKeyStoreFile;
    private int mRestClientConnTimeOutMs;
    private int mRestClientReadTimeOutMs;
    private int lastKnownActiveUrlIndex;
    private final List<String> configuredURLs;
    private volatile Client client;
    private TokenRetriever<String> tokenRetriever = null;
    private String jwtServerCookieName;
    private static final Logger LOG = LoggerFactory.getLogger(RESTClient.class);
    public static final String RANGER_RAZ_SSL_TRUSTMANAGER_ALGO_TYPE = TrustManagerFactory.getDefaultAlgorithm();

    public RESTClient(String str, String str2, Configuration configuration) {
        this.mUrl = str;
        this.mSslConfigFileName = str2;
        this.configuredURLs = StringUtil.getURLs(this.mUrl);
        setLastKnownActiveUrlIndex(new Random().nextInt(getConfiguredURLs().size()));
        init(configuration);
    }

    public void setRestClientConnTimeOutMs(int i) {
        this.mRestClientConnTimeOutMs = i;
    }

    public void setRestClientReadTimeOutMs(int i) {
        this.mRestClientReadTimeOutMs = i;
    }

    public Client getClient() {
        Client client = this.client;
        if (client == null) {
            synchronized (this) {
                client = this.client;
                if (client == null) {
                    Client buildClient = buildClient();
                    client = buildClient;
                    this.client = buildClient;
                }
            }
        }
        return client;
    }

    private Client buildClient() {
        Client client = null;
        if (this.mIsSSL) {
            SSLContext sSLContextFromKeyStoreFile = getSSLContextFromKeyStoreFile(this.mKeyStoreFile);
            DefaultClientConfig defaultClientConfig = new DefaultClientConfig();
            defaultClientConfig.getClasses().add(JacksonJsonProvider.class);
            defaultClientConfig.getProperties().put("com.sun.jersey.client.impl.urlconnection.httpsProperties", new HTTPSProperties(new HostnameVerifier() { // from class: org.apache.ranger.raz.processor.abfsutil.RESTClient.1
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    return sSLSession.getPeerHost().equals(str);
                }
            }, sSLContextFromKeyStoreFile));
            client = Client.create(defaultClientConfig);
        }
        if (client == null) {
            DefaultClientConfig defaultClientConfig2 = new DefaultClientConfig();
            defaultClientConfig2.getClasses().add(JacksonJsonProvider.class);
            client = Client.create(defaultClientConfig2);
        }
        client.setConnectTimeout(Integer.valueOf(this.mRestClientConnTimeOutMs));
        client.setReadTimeout(Integer.valueOf(this.mRestClientReadTimeOutMs));
        return client;
    }

    private void init(Configuration configuration) {
        this.mIsSSL = isSsl(this.mUrl);
        if (this.mIsSSL) {
            InputStream inputStream = null;
            try {
                try {
                    inputStream = getFileInputStream(this.mSslConfigFileName);
                    if (LOG.isDebugEnabled()) {
                        LOG.info("==> RESTClient.init() mSslConfigFileName" + this.mSslConfigFileName);
                    }
                    if (inputStream != null) {
                        configuration.addResource(inputStream);
                    }
                    this.mKeyStoreFile = configuration.get(RANGER_RAZ_TRUSTSTORE_FILE_CREDENTIAL);
                    close(inputStream, this.mSslConfigFileName);
                } catch (IOException e) {
                    LOG.error("Unable to load SSL Config FileName: [" + this.mSslConfigFileName + "]", e);
                    close(inputStream, this.mSslConfigFileName);
                }
            } catch (Throwable th) {
                close(inputStream, this.mSslConfigFileName);
                throw th;
            }
        }
        this.tokenRetriever = getJwtTokenRetriever(configuration);
        this.jwtServerCookieName = configuration.get(RANGER_PROP_JWT_SERVER_COOKIE_NAME, JWT_COOKIE_NAME_DEFAULT);
    }

    private TokenRetriever<String> getJwtTokenRetriever(Configuration configuration) {
        TokenRetriever<String> tokenRetriever = null;
        try {
            tokenRetriever = (TokenRetriever) Thread.currentThread().getContextClassLoader().loadClass(configuration.get(RANGER_PROP_JWT_TOKEN_RETRIEVER_CLASS, RANGER_PROP_JWT_TOKEN_RETRIEVER_CLASS_DEFAULT).trim()).getConstructor(Configuration.class).newInstance(configuration);
        } catch (Exception e) {
            LOG.error("RangerRESTClient.getJwtTokenRetriever(): Failed to initialize JWT token retriever.", e);
        }
        return tokenRetriever;
    }

    private boolean isSsl(String str) {
        return !StringUtils.isEmpty(str) && str.toLowerCase().startsWith("https");
    }

    private InputStream getFileInputStream(String str) throws IOException {
        InputStream inputStream = null;
        if (StringUtils.isNotEmpty(str)) {
            File file = new File(str);
            inputStream = file.exists() ? new FileInputStream(file) : ClassLoader.getSystemResourceAsStream(str);
        }
        return inputStream;
    }

    private void close(InputStream inputStream, String str) {
        if (inputStream != null) {
            try {
                inputStream.close();
            } catch (IOException e) {
                LOG.error("Error while closing file: [" + str + "]", e);
            }
        }
    }

    public ClientResponse get(String str, Map<String, String> map, Map<String, String> map2) throws Exception {
        ClientResponse clientResponse = null;
        int i = this.lastKnownActiveUrlIndex;
        int i2 = 0;
        for (int i3 = 0; i3 < this.configuredURLs.size(); i3++) {
            try {
                i2 = (i + i3) % this.configuredURLs.size();
                clientResponse = createWebResourceForGET(str, map, map2, i3);
            } catch (ClientHandlerException e) {
                LOG.warn("Failed to communicate with Service with URL : " + this.configuredURLs.get(i2));
                processException(i3, e);
            }
            if (!shouldTryNextUrl(clientResponse, i2)) {
                break;
            }
        }
        return clientResponse;
    }

    public ClientResponse post(String str, Map<String, String> map, Map<String, String> map2, Object obj) throws Exception {
        ClientResponse clientResponse = null;
        int i = this.lastKnownActiveUrlIndex;
        int i2 = 0;
        for (int i3 = 0; i3 < this.configuredURLs.size(); i3++) {
            try {
                i2 = (i + i3) % this.configuredURLs.size();
                clientResponse = createWebResourceForPOST(str, map, map2, obj, i3);
            } catch (ClientHandlerException e) {
                LOG.warn("Failed to communicate with Service with URL : " + this.configuredURLs.get(i2));
                processException(i3, e);
            }
            if (!shouldTryNextUrl(clientResponse, i3)) {
                break;
            }
        }
        return clientResponse;
    }

    ClientResponse createWebResourceForGET(String str, Map<String, String> map, Map<String, String> map2, int i) {
        ClientResponse clientResponse;
        WebResource resource = getClient().resource(this.configuredURLs.get(i) + str);
        if (resource != null && map2 != null) {
            resource = setQueryParams(resource, map2);
        }
        if (map != null) {
            WebResource.Builder header = handleJwt(resource.getRequestBuilder()).accept(new String[]{"*/*"}).header("Authorization", map.get("Authorization"));
            if (LOG.isDebugEnabled()) {
                LOG.info("==> RESTClient.createWebResourceForGET() URL: " + this.mSslConfigFileName);
            }
            clientResponse = (ClientResponse) header.get(ClientResponse.class);
        } else {
            resource.accept(new String[]{"*/*"}).type("*/*");
            clientResponse = (ClientResponse) resource.get(ClientResponse.class);
        }
        return clientResponse;
    }

    ClientResponse createWebResourceForPOST(String str, Map<String, String> map, Map<String, String> map2, Object obj, int i) {
        ClientResponse clientResponse = null;
        WebResource resource = getClient().resource(this.configuredURLs.get(i) + str);
        if (resource != null && map2 != null) {
            resource = setQueryParams(resource, map2);
        }
        if (map != null) {
            String str2 = map.get("Authorization");
            String str3 = map.get(AbfsUtilConstants.HEADER_XML_VERSION);
            WebResource.Builder header = handleJwt(resource.getRequestBuilder()).accept(new String[]{"*/*"}).type("*/*").header("Authorization", str2);
            header.header(AbfsUtilConstants.HEADER_XML_VERSION, str3);
            if (LOG.isDebugEnabled()) {
                LOG.info("==> RESTClient.createWebResourceForPOST() URL: " + resource.getURI());
            }
            clientResponse = (ClientResponse) header.post(ClientResponse.class, obj);
        }
        return clientResponse;
    }

    protected static WebResource setQueryParams(WebResource webResource, Map<String, String> map) {
        WebResource webResource2 = webResource;
        if (webResource2 != null && map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                webResource2 = webResource2.queryParam(entry.getKey(), entry.getValue());
            }
        }
        return webResource2;
    }

    private WebResource.Builder handleJwt(WebResource.Builder builder) {
        if (this.tokenRetriever != null) {
            Optional retrieve = this.tokenRetriever.retrieve();
            if (retrieve.isPresent()) {
                builder.cookie(new Cookie(this.jwtServerCookieName, (String) retrieve.get()));
                builder.header("Authorization", retrieve.get());
            }
        } else {
            LOG.warn("Since JWTokenRetriver init failed, skipping JWT auth.");
        }
        return builder;
    }

    protected void processException(int i, ClientHandlerException clientHandlerException) throws Exception {
        if (i == this.configuredURLs.size() - 1) {
            LOG.error("Failed to communicate with all URL's : [ " + this.configuredURLs + " ]", clientHandlerException);
            throw clientHandlerException;
        }
    }

    protected void setLastKnownActiveUrlIndex(int i) {
        this.lastKnownActiveUrlIndex = i;
    }

    public List<String> getConfiguredURLs() {
        return this.configuredURLs;
    }

    public static SSLContext getSSLContextFromKeyStoreFile(String str) {
        SSLContext sSLContext = null;
        try {
            KeyStore keyStore = getKeyStore(str);
            sSLContext = SSLContext.getInstance(RANGER_RAZ_SSL_CONTEXT_ALGO_TYPE);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(RANGER_RAZ_SSL_TRUSTMANAGER_ALGO_TYPE);
            trustManagerFactory.init(keyStore);
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
        } catch (Exception e) {
            LOG.error("Error Creating SSLContext:", e);
        }
        return sSLContext;
    }

    private static KeyStore getKeyStore(String str) {
        KeyStore keyStore = null;
        try {
            keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            FileInputStream fileInputStream = new FileInputStream(str);
            keyStore.load(fileInputStream, null);
            fileInputStream.close();
        } catch (Exception e) {
            LOG.error("Error during getting keystore", e);
        }
        return keyStore;
    }

    private boolean shouldTryNextUrl(ClientResponse clientResponse, int i) {
        boolean z = clientResponse == null || clientResponse.getStatus() == 404;
        if (!z && clientResponse.getStatus() == 200) {
            setLastKnownActiveUrlIndex(i);
        }
        return z;
    }
}
