package org.apache.ranger.raz.intg.client.executor;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.api.client.config.DefaultClientConfig;
import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter;
import com.sun.jersey.client.urlconnection.HTTPSProperties;
import java.util.Map;
import java.util.Optional;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import javax.ws.rs.core.Cookie;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.raz.intg.RangerRazErrorCode;
import org.apache.ranger.raz.intg.RangerRazException;
import org.apache.ranger.raz.intg.client.RangerRazClientLogger;
import org.apache.ranger.raz.intg.token.TokenRetriever;
import org.codehaus.jackson.jaxrs.JacksonJsonProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/raz/intg/client/executor/RestClientExecutorJersey.class */
public class RestClientExecutorJersey implements RestClientExecutor<Client>, HttpClientExecutor {
    private static final Logger LOG = LoggerFactory.getLogger(RestClientExecutorJersey.class);
    private volatile Client client;
    private final RestClientExecutorConfig clientConfig;
    private TokenRetriever<String> tokenRetriever = null;
    private String jwtServerCookieName = null;
    private final Gson gsonBuilder = new GsonBuilder().setDateFormat(RestClientExecutor.GSON_DATE_FORMAT).create();

    public RestClientExecutorJersey(RestClientExecutorConfig restClientExecutorConfig) {
        this.clientConfig = restClientExecutorConfig;
    }

    public Client getClient() {
        Client client = this.client;
        if (client == null) {
            synchronized (this) {
                client = this.client;
                if (client == null) {
                    Client build = build();
                    client = build;
                    this.client = build;
                }
            }
        }
        return client;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.apache.ranger.raz.intg.client.executor.RestClientExecutor
    public Client build() {
        Client client = null;
        if (this.clientConfig.isSsl()) {
            DefaultClientConfig defaultClientConfig = new DefaultClientConfig();
            defaultClientConfig.getClasses().add(JacksonJsonProvider.class);
            defaultClientConfig.getProperties().put("com.sun.jersey.client.impl.urlconnection.httpsProperties", new HTTPSProperties(new HostnameVerifier() { // from class: org.apache.ranger.raz.intg.client.executor.RestClientExecutorJersey.1
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    return sSLSession.getPeerHost().equals(str);
                }
            }, this.clientConfig.getSslContext()));
            client = Client.create(defaultClientConfig);
        }
        if (client == null) {
            DefaultClientConfig defaultClientConfig2 = new DefaultClientConfig();
            defaultClientConfig2.getClasses().add(JacksonJsonProvider.class);
            client = Client.create(defaultClientConfig2);
        }
        if (StringUtils.isNotEmpty(this.clientConfig.getUsername()) && StringUtils.isNotEmpty(this.clientConfig.getPassword())) {
            client.addFilter(new HTTPBasicAuthFilter(this.clientConfig.getUsername(), this.clientConfig.getPassword()));
        }
        client.setConnectTimeout(this.clientConfig.getRestClientConnTimeOutMs());
        client.setReadTimeout(this.clientConfig.getRestClientReadTimeOutMs());
        this.jwtServerCookieName = this.clientConfig.getJwtServerCookieName();
        if (StringUtils.isBlank(this.jwtServerCookieName)) {
            this.jwtServerCookieName = RestClientExecutor.JWT_COOKIE_NAME_DEFAULT;
        }
        try {
            this.tokenRetriever = getJwtTokenRetriever(this.clientConfig);
        } catch (Exception e) {
            LOG.error("RestClientExecutorJersey.build(): Failed to initialize JWT token retriever.", e);
        }
        return client;
    }

    @Override // org.apache.ranger.raz.intg.client.executor.HttpClientExecutor
    public <T> T getAndParse(String str, Map<String, String> map, Class<T> cls) throws Exception {
        return (T) parseResponse((ClientResponse) getWebResourceBuilder(str, map).get(ClientResponse.class), cls);
    }

    @Override // org.apache.ranger.raz.intg.client.executor.HttpClientExecutor
    public <T> T postAndParse(String str, Map<String, String> map, Object obj, Class<T> cls) throws Exception {
        return (T) parseResponse((ClientResponse) getWebResourceBuilder(str, map).post(ClientResponse.class, this.gsonBuilder.toJson(obj)), cls);
    }

    @Override // org.apache.ranger.raz.intg.client.executor.HttpClientExecutor
    public <T> T putAndParse(String str, Map<String, String> map, Object obj, Class<T> cls) throws Exception {
        return (T) parseResponse((ClientResponse) getWebResourceBuilder(str, map).put(ClientResponse.class, this.gsonBuilder.toJson(obj)), cls);
    }

    @Override // org.apache.ranger.raz.intg.client.executor.HttpClientExecutor
    public <T> T deleteAndParse(String str, Map<String, String> map, Class<T> cls) throws Exception {
        return (T) parseResponse((ClientResponse) getWebResourceBuilder(str, map).delete(ClientResponse.class), cls);
    }

    private WebResource.Builder getWebResourceBuilder(String str, Map<String, String> map) {
        return setQueryParams(getClient().resource(str), map).accept(new String[]{"application/json"}).type("application/json");
    }

    private WebResource setQueryParams(WebResource webResource, Map<String, String> map) {
        WebResource webResource2 = webResource;
        handleJwt(webResource2.getRequestBuilder());
        if (webResource != null && map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                webResource2 = webResource2.queryParam(entry.getKey(), entry.getValue());
            }
        }
        return webResource2;
    }

    private WebResource.Builder handleJwt(WebResource.Builder builder) {
        if (this.tokenRetriever != null) {
            Optional<String> retrieve = this.tokenRetriever.retrieve();
            if (retrieve.isPresent()) {
                builder.cookie(new Cookie(this.jwtServerCookieName, retrieve.get()));
                builder.header(RestClientExecutor.AUTHORIZATION_HEADER, retrieve.get());
            }
        } else {
            LOG.warn("Since JWTokenRetriver init failed, skipping JWT auth.");
        }
        return builder;
    }

    private <R> R parseResponse(ClientResponse clientResponse, Class<R> cls) throws RangerRazException {
        if (clientResponse == null) {
            RangerRazClientLogger.error(LOG, "Received NULL response from server.");
            throw new RangerRazException(RangerRazErrorCode.RAZ_CLIENT_REQUEST_FAILED, new Object[0]);
        }
        try {
            if (clientResponse.getStatus() == 200) {
                return (R) clientResponse.getEntity(cls);
            }
            int status = clientResponse.getStatus();
            RangerRazClientLogger.error(LOG, "Request failed : response=[{}], response.status={}", clientResponse, Integer.valueOf(status));
            if (status == 403 || status == 401) {
                throw new RangerRazException(RangerRazErrorCode.RAZ_CLIENT_ACCESS_DENIED, new Object[0]);
            }
            if (status != 401) {
                throw new RangerRazException(RangerRazErrorCode.RAZ_CLIENT_REQUEST_FAILED, Integer.valueOf(status));
            }
            LOG.warn("Server did not process this request due to in-sufficient auth details.");
            throw new RangerRazException(RangerRazErrorCode.RAZ_CLIENT_UNAUTHORIZED_ACCESS, new Object[0]);
        } finally {
            try {
                clientResponse.close();
            } catch (Exception e) {
            }
        }
    }
}
