package org.apache.ambari.server.checks;

import com.google.common.collect.Sets;
import com.google.gson.Gson;
import com.google.inject.Singleton;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.api.services.parsers.RequestBodyParser;
import org.apache.ambari.server.configuration.ComponentSSLConfiguration;
import org.apache.ambari.server.controller.PrereqCheckRequest;
import org.apache.ambari.server.controller.internal.URLStreamProvider;
import org.apache.ambari.server.state.stack.PrereqCheckStatus;
import org.apache.ambari.server.state.stack.PrerequisiteCheck;
import org.apache.ambari.server.state.stack.upgrade.UpgradeType;
import org.apache.ambari.server.view.ViewDirectoryWatcher;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
@UpgradeCheck(group = UpgradeCheckGroup.CONFIGURATION_WARNING, order = 23.0f, required = {UpgradeType.ROLLING, UpgradeType.NON_ROLLING, UpgradeType.HOST_ORDERED})
/* loaded from: input_file:org/apache/ambari/server/checks/RangerPasswordCheck.class */
public class RangerPasswordCheck extends AbstractCheckDescriptor {
    private static final Logger LOG = LoggerFactory.getLogger(RangerPasswordCheck.class);
    static final String KEY_RANGER_PASSWORD_MISMATCH = "could_not_verify_password";
    static final String KEY_RANGER_COULD_NOT_ACCESS = "could_not_access";
    static final String KEY_RANGER_UNKNOWN_RESPONSE = "unknown_response";
    static final String KEY_RANGER_USERS_ELEMENT_MISSING = "missing_vxusers";
    static final String KEY_RANGER_OTHER_ISSUE = "invalid_response";
    static final String KEY_RANGER_CONFIG_MISSING = "missing_config";

    public RangerPasswordCheck() {
        super(CheckDescription.SERVICES_RANGER_PASSWORD_VERIFY);
    }

    @Override // org.apache.ambari.server.checks.AbstractCheckDescriptor
    public Set<String> getApplicableServices() {
        return Sets.newHashSet(new String[]{"RANGER"});
    }

    @Override // org.apache.ambari.server.checks.AbstractCheckDescriptor
    public void perform(PrerequisiteCheck prerequisiteCheck, PrereqCheckRequest prereqCheckRequest) throws AmbariException {
        String checkEmpty;
        String checkEmpty2;
        String checkEmpty3;
        String checkEmpty4;
        URLStreamProvider uRLStreamProvider = new URLStreamProvider(2000, 2000, ComponentSSLConfiguration.instance());
        String checkEmpty5 = checkEmpty("admin-properties", "policymgr_external_url", prerequisiteCheck, prereqCheckRequest);
        if (null == checkEmpty5 || null == (checkEmpty = checkEmpty("ranger-env", "admin_username", prerequisiteCheck, prereqCheckRequest)) || null == (checkEmpty2 = checkEmpty("ranger-env", "admin_password", prerequisiteCheck, prereqCheckRequest)) || null == (checkEmpty3 = checkEmpty("ranger-env", "ranger_admin_username", prerequisiteCheck, prereqCheckRequest)) || null == (checkEmpty4 = checkEmpty("ranger-env", "ranger_admin_password", prerequisiteCheck, prereqCheckRequest))) {
            return;
        }
        if (checkEmpty5.endsWith(RequestBodyParser.SLASH)) {
            checkEmpty5 = checkEmpty5.substring(0, checkEmpty5.length() - 1);
        }
        String format = String.format("%s/%s", checkEmpty5, "service/public/api/repository/count");
        String format2 = String.format("%s/%s", checkEmpty5, "service/xusers/users");
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        try {
            int checkLogin = checkLogin(uRLStreamProvider, format, checkEmpty, checkEmpty2);
            switch (checkLogin) {
                case ViewDirectoryWatcher.FILE_CHECK_INTERVAL_MILLIS /* 200 */:
                    break;
                case 401:
                    arrayList.add(String.format(getFailReason(KEY_RANGER_PASSWORD_MISMATCH, prerequisiteCheck, prereqCheckRequest), checkEmpty));
                    break;
                default:
                    arrayList2.add(String.format(getFailReason(KEY_RANGER_UNKNOWN_RESPONSE, prerequisiteCheck, prereqCheckRequest), checkEmpty, Integer.valueOf(checkLogin), format));
                    break;
            }
        } catch (IOException e) {
            LOG.warn("Could not access the url {}.  Message: {}", new Object[]{format, e.getMessage(), e});
            LOG.debug("Could not access the url {}.  Message: {}", format, e.getMessage());
            arrayList2.add(String.format(getFailReason(KEY_RANGER_COULD_NOT_ACCESS, prerequisiteCheck, prereqCheckRequest), checkEmpty, format, e.getMessage()));
        }
        if (!arrayList.isEmpty()) {
            prerequisiteCheck.setFailReason(StringUtils.join(arrayList, '\n'));
            prerequisiteCheck.getFailedOn().add("RANGER");
            prerequisiteCheck.setStatus(PrereqCheckStatus.FAIL);
            return;
        }
        if (!arrayList2.isEmpty()) {
            prerequisiteCheck.setFailReason(StringUtils.join(arrayList2, '\n'));
            prerequisiteCheck.getFailedOn().add("RANGER");
            prerequisiteCheck.setStatus(PrereqCheckStatus.WARNING);
            return;
        }
        if (checkRangerUser(uRLStreamProvider, format2, checkEmpty, checkEmpty2, checkEmpty3, prerequisiteCheck, prereqCheckRequest, arrayList2)) {
            try {
                int checkLogin2 = checkLogin(uRLStreamProvider, format, checkEmpty3, checkEmpty4);
                switch (checkLogin2) {
                    case ViewDirectoryWatcher.FILE_CHECK_INTERVAL_MILLIS /* 200 */:
                        break;
                    case 401:
                        arrayList.add(String.format(getFailReason(KEY_RANGER_PASSWORD_MISMATCH, prerequisiteCheck, prereqCheckRequest), checkEmpty3));
                        break;
                    default:
                        arrayList2.add(String.format(getFailReason(KEY_RANGER_UNKNOWN_RESPONSE, prerequisiteCheck, prereqCheckRequest), checkEmpty3, Integer.valueOf(checkLogin2), format));
                        break;
                }
            } catch (IOException e2) {
                LOG.warn("Could not access the url {}.  Message: {}", format, e2.getMessage());
                LOG.debug("Could not access the url {}.  Message: {}", new Object[]{format, e2.getMessage(), e2});
                arrayList2.add(String.format(getFailReason(KEY_RANGER_COULD_NOT_ACCESS, prerequisiteCheck, prereqCheckRequest), checkEmpty3, format, e2.getMessage()));
            }
        }
        if (!arrayList.isEmpty()) {
            prerequisiteCheck.setFailReason(StringUtils.join(arrayList, '\n'));
            prerequisiteCheck.getFailedOn().add("RANGER");
            prerequisiteCheck.setStatus(PrereqCheckStatus.FAIL);
        } else {
            if (arrayList2.isEmpty()) {
                prerequisiteCheck.setStatus(PrereqCheckStatus.PASS);
                return;
            }
            prerequisiteCheck.setFailReason(StringUtils.join(arrayList2, '\n'));
            prerequisiteCheck.getFailedOn().add("RANGER");
            prerequisiteCheck.setStatus(PrereqCheckStatus.WARNING);
        }
    }

    private int checkLogin(URLStreamProvider uRLStreamProvider, String str, String str2, String str3) throws IOException {
        HttpURLConnection processURL = uRLStreamProvider.processURL(str, "GET", (InputStream) null, getHeaders(str2, str3));
        int responseCode = processURL.getResponseCode();
        if (responseCode == 200) {
            try {
                new Gson().fromJson(new InputStreamReader(processURL.getInputStream()), Object.class);
            } catch (Exception e) {
                responseCode = 401;
            }
        }
        return responseCode;
    }

    private boolean checkRangerUser(URLStreamProvider uRLStreamProvider, String str, String str2, String str3, String str4, PrerequisiteCheck prerequisiteCheck, PrereqCheckRequest prereqCheckRequest, List<String> list) throws AmbariException {
        String format = String.format("%s?name=%s", str, str4);
        try {
            HttpURLConnection processURL = uRLStreamProvider.processURL(format, "GET", (InputStream) null, getHeaders(str2, str3));
            if (processURL.getResponseCode() == 200) {
                Map map = (Map) new Gson().fromJson(new InputStreamReader(processURL.getInputStream()), Object.class);
                if (!map.containsKey("vXUsers")) {
                    list.add(String.format(getFailReason(KEY_RANGER_USERS_ELEMENT_MISSING, prerequisiteCheck, prereqCheckRequest), format));
                    return false;
                }
                for (Map map2 : (List) map.get("vXUsers")) {
                    if (map2.containsKey("name") && map2.get("name").equals(str4)) {
                        return true;
                    }
                }
            }
            return false;
        } catch (IOException e) {
            LOG.warn("Could not determine user {}.  Error is {}", str4, e.getMessage());
            LOG.debug("Could not determine user {}.  Error is {}", new Object[]{str4, e.getMessage(), e});
            list.add(String.format(getFailReason(KEY_RANGER_COULD_NOT_ACCESS, prerequisiteCheck, prereqCheckRequest), str2, format, e.getMessage()));
            return false;
        } catch (Exception e2) {
            LOG.warn("Could not determine user {}.  Error is {}", str4, e2.getMessage());
            LOG.debug("Could not determine user {}.  Error is {}", new Object[]{str4, e2.getMessage(), e2});
            list.add(String.format(getFailReason(KEY_RANGER_OTHER_ISSUE, prerequisiteCheck, prereqCheckRequest), e2.getMessage(), format));
            return false;
        }
    }

    private Map<String, List<String>> getHeaders(String str, String str2) {
        HashMap hashMap = new HashMap();
        String encodeBase64String = Base64.encodeBase64String(String.format("%s:%s", str, str2).getBytes(Charset.forName("UTF8")));
        hashMap.put("Content-Type", Arrays.asList("application/json"));
        hashMap.put("Accept", Arrays.asList("application/json"));
        hashMap.put("Authorization", Arrays.asList(String.format("Basic %s", encodeBase64String)));
        return hashMap;
    }

    private String checkEmpty(String str, String str2, PrerequisiteCheck prerequisiteCheck, PrereqCheckRequest prereqCheckRequest) throws AmbariException {
        String property = getProperty(prereqCheckRequest, str, str2);
        if (null == property) {
            prerequisiteCheck.setFailReason(String.format(getFailReason(KEY_RANGER_CONFIG_MISSING, prerequisiteCheck, prereqCheckRequest), str, str2));
            prerequisiteCheck.getFailedOn().add("RANGER");
            prerequisiteCheck.setStatus(PrereqCheckStatus.WARNING);
        }
        return property;
    }
}
