package org.apache.ranger.admin.client;

import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.GenericType;
import com.sun.jersey.api.client.WebResource;
import java.lang.reflect.ParameterizedType;
import java.lang.reflect.Type;
import java.security.PrivilegedAction;
import java.util.List;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.admin.client.datatype.RESTResponse;
import org.apache.ranger.audit.provider.MiscUtil;
import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
import org.apache.ranger.plugin.util.RangerRESTClient;
import org.apache.ranger.plugin.util.RangerRESTUtils;
import org.apache.ranger.plugin.util.RangerServiceNotFoundException;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.plugin.util.ServiceTags;

/* loaded from: input_file:WEB-INF/lib/ranger-plugins-common-1.2.1-SNAPSHOT.jar:org/apache/ranger/admin/client/RangerAdminRESTClient.class */
public class RangerAdminRESTClient implements RangerAdminClient {
    private static final Log LOG = LogFactory.getLog(RangerAdminRESTClient.class);
    private String serviceName;
    private String pluginId;
    private String clusterName;
    private RangerRESTClient restClient;
    private RangerRESTUtils restUtils = new RangerRESTUtils();

    public static <T> GenericType<List<T>> getGenericType(final T t) {
        return new GenericType<List<T>>(new ParameterizedType() { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.1
            @Override // java.lang.reflect.ParameterizedType
            public Type[] getActualTypeArguments() {
                return new Type[]{t.getClass()};
            }

            @Override // java.lang.reflect.ParameterizedType
            public Type getRawType() {
                return List.class;
            }

            @Override // java.lang.reflect.ParameterizedType
            public Type getOwnerType() {
                return List.class;
            }
        }) { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.2
        };
    }

    @Override // org.apache.ranger.admin.client.RangerAdminClient
    public void init(String str, String str2, String str3) {
        this.serviceName = str;
        this.pluginId = this.restUtils.getPluginId(str, str2);
        String str4 = RangerConfiguration.getInstance().get(str3 + ".policy.rest.url");
        String str5 = RangerConfiguration.getInstance().get(str3 + ".policy.rest.ssl.config.file");
        this.clusterName = RangerConfiguration.getInstance().get(str3 + ".ambari.cluster.name", "");
        int i = RangerConfiguration.getInstance().getInt(str3 + ".policy.rest.client.connection.timeoutMs", 120000);
        int i2 = RangerConfiguration.getInstance().getInt(str3 + ".policy.rest.client.read.timeoutMs", 30000);
        String trim = StringUtil.isEmpty(str4) ? "" : str4.trim();
        if (trim.endsWith("/")) {
            trim = trim.substring(0, trim.length() - 1);
        }
        init(trim, str5, i, i2);
    }

    @Override // org.apache.ranger.admin.client.RangerAdminClient
    public ServicePolicies getServicePoliciesIfUpdated(final long j, final long j2) throws Exception {
        ClientResponse clientResponse;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.getServicePoliciesIfUpdated(" + j + ", " + j2 + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        ServicePolicies servicePolicies = null;
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        if (z) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Checking Service policy if updated as user : " + uGILoginUser);
            }
            clientResponse = (ClientResponse) uGILoginUser.doAs(new PrivilegedAction<ClientResponse>() { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ClientResponse run() {
                    return (ClientResponse) RangerAdminRESTClient.this.createWebResource(RangerRESTUtils.REST_URL_POLICY_GET_FOR_SECURE_SERVICE_IF_UPDATED + RangerAdminRESTClient.this.serviceName).queryParam("lastKnownVersion", Long.toString(j)).queryParam("lastActivationTime", Long.toString(j2)).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, RangerAdminRESTClient.this.pluginId).queryParam(RangerRESTUtils.REST_PARAM_CLUSTER_NAME, RangerAdminRESTClient.this.clusterName).accept("application/json").get(ClientResponse.class);
                }
            });
        } else {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Checking Service policy if updated with old api call");
            }
            clientResponse = (ClientResponse) createWebResource(RangerRESTUtils.REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED + this.serviceName).queryParam("lastKnownVersion", Long.toString(j)).queryParam("lastActivationTime", Long.toString(j2)).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, this.pluginId).queryParam(RangerRESTUtils.REST_PARAM_CLUSTER_NAME, this.clusterName).accept("application/json").get(ClientResponse.class);
        }
        if (clientResponse == null || clientResponse.getStatus() == 304) {
            if (clientResponse == null) {
                LOG.error("Error getting policies; Received NULL response!!. secureMode=" + z + ", user=" + uGILoginUser + ", serviceName=" + this.serviceName);
            } else {
                RESTResponse fromClientResponse = RESTResponse.fromClientResponse(clientResponse);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("No change in policies. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + fromClientResponse + ", serviceName=" + this.serviceName);
                }
            }
            servicePolicies = null;
        } else if (clientResponse.getStatus() == 200) {
            servicePolicies = (ServicePolicies) clientResponse.getEntity(ServicePolicies.class);
        } else if (clientResponse.getStatus() == 404) {
            LOG.error("Error getting policies; service not found. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + clientResponse.getStatus() + ", serviceName=" + this.serviceName + ", lastKnownVersion=" + j + ", lastActivationTimeInMillis=" + j2);
            String str = clientResponse.hasEntity() ? (String) clientResponse.getEntity(String.class) : null;
            RangerServiceNotFoundException.throwExceptionIfServiceNotFound(this.serviceName, str);
            LOG.warn("Received 404 error code with body:[" + str + "], Ignoring");
        } else {
            LOG.warn("Error getting policies. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + RESTResponse.fromClientResponse(clientResponse) + ", serviceName=" + this.serviceName);
            servicePolicies = null;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.getServicePoliciesIfUpdated(" + j + ", " + j2 + "): " + servicePolicies);
        }
        return servicePolicies;
    }

    @Override // org.apache.ranger.admin.client.RangerAdminClient
    public void grantAccess(final GrantRevokeRequest grantRevokeRequest) throws Exception {
        ClientResponse clientResponse;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.grantAccess(" + grantRevokeRequest + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        if (z) {
            PrivilegedAction<ClientResponse> privilegedAction = new PrivilegedAction<ClientResponse>() { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ClientResponse run() {
                    return (ClientResponse) RangerAdminRESTClient.this.createWebResource(RangerRESTUtils.REST_URL_SECURE_SERVICE_GRANT_ACCESS + RangerAdminRESTClient.this.serviceName).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, RangerAdminRESTClient.this.pluginId).accept("application/json").type("application/json").post(ClientResponse.class, RangerAdminRESTClient.this.restClient.toJson(grantRevokeRequest));
                }
            };
            if (LOG.isDebugEnabled()) {
                LOG.debug("grantAccess as user " + uGILoginUser);
            }
            clientResponse = (ClientResponse) uGILoginUser.doAs(privilegedAction);
        } else {
            clientResponse = (ClientResponse) createWebResource(RangerRESTUtils.REST_URL_SERVICE_GRANT_ACCESS + this.serviceName).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, this.pluginId).accept("application/json").type("application/json").post(ClientResponse.class, this.restClient.toJson(grantRevokeRequest));
        }
        if (clientResponse != null && clientResponse.getStatus() != 200) {
            RESTResponse fromClientResponse = RESTResponse.fromClientResponse(clientResponse);
            LOG.error("grantAccess() failed: HTTP status=" + clientResponse.getStatus() + ", message=" + fromClientResponse.getMessage() + ", isSecure=" + z + (z ? ", user=" + uGILoginUser : ""));
            if (clientResponse.getStatus() != 401) {
                throw new Exception("HTTP " + clientResponse.getStatus() + " Error: " + fromClientResponse.getMessage());
            }
            throw new AccessControlException();
        }
        if (clientResponse == null) {
            throw new Exception("unknown error during grantAccess. serviceName=" + this.serviceName);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.grantAccess(" + grantRevokeRequest + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
    }

    @Override // org.apache.ranger.admin.client.RangerAdminClient
    public void revokeAccess(final GrantRevokeRequest grantRevokeRequest) throws Exception {
        ClientResponse clientResponse;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.revokeAccess(" + grantRevokeRequest + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        if (z) {
            PrivilegedAction<ClientResponse> privilegedAction = new PrivilegedAction<ClientResponse>() { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.5
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ClientResponse run() {
                    return (ClientResponse) RangerAdminRESTClient.this.createWebResource(RangerRESTUtils.REST_URL_SECURE_SERVICE_REVOKE_ACCESS + RangerAdminRESTClient.this.serviceName).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, RangerAdminRESTClient.this.pluginId).accept("application/json").type("application/json").post(ClientResponse.class, RangerAdminRESTClient.this.restClient.toJson(grantRevokeRequest));
                }
            };
            if (LOG.isDebugEnabled()) {
                LOG.debug("revokeAccess as user " + uGILoginUser);
            }
            clientResponse = (ClientResponse) uGILoginUser.doAs(privilegedAction);
        } else {
            clientResponse = (ClientResponse) createWebResource(RangerRESTUtils.REST_URL_SERVICE_REVOKE_ACCESS + this.serviceName).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, this.pluginId).accept("application/json").type("application/json").post(ClientResponse.class, this.restClient.toJson(grantRevokeRequest));
        }
        if (clientResponse != null && clientResponse.getStatus() != 200) {
            RESTResponse fromClientResponse = RESTResponse.fromClientResponse(clientResponse);
            LOG.error("revokeAccess() failed: HTTP status=" + clientResponse.getStatus() + ", message=" + fromClientResponse.getMessage() + ", isSecure=" + z + (z ? ", user=" + uGILoginUser : ""));
            if (clientResponse.getStatus() != 401) {
                throw new Exception("HTTP " + clientResponse.getStatus() + " Error: " + fromClientResponse.getMessage());
            }
            throw new AccessControlException();
        }
        if (clientResponse == null) {
            throw new Exception("unknown error. revokeAccess(). serviceName=" + this.serviceName);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.revokeAccess(" + grantRevokeRequest + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
    }

    private void init(String str, String str2, int i, int i2) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.init(" + str + ", " + str2 + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        this.restClient = new RangerRESTClient(str, str2);
        this.restClient.setRestClientConnTimeOutMs(i);
        this.restClient.setRestClientReadTimeOutMs(i2);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.init(" + str + ", " + str2 + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public WebResource createWebResource(String str) {
        return this.restClient.getResource(str);
    }

    @Override // org.apache.ranger.admin.client.RangerAdminClient
    public ServiceTags getServiceTagsIfUpdated(final long j, final long j2) throws Exception {
        ClientResponse clientResponse;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.getServiceTagsIfUpdated(" + j + ", " + j2 + "): ");
        }
        ServiceTags serviceTags = null;
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        if (z) {
            PrivilegedAction<ClientResponse> privilegedAction = new PrivilegedAction<ClientResponse>() { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.6
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ClientResponse run() {
                    return (ClientResponse) RangerAdminRESTClient.this.createWebResource(RangerRESTUtils.REST_URL_GET_SECURE_SERVICE_TAGS_IF_UPDATED + RangerAdminRESTClient.this.serviceName).queryParam("lastKnownVersion", Long.toString(j)).queryParam("lastActivationTime", Long.toString(j2)).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, RangerAdminRESTClient.this.pluginId).accept("application/json").get(ClientResponse.class);
                }
            };
            if (LOG.isDebugEnabled()) {
                LOG.debug("getServiceTagsIfUpdated as user " + uGILoginUser);
            }
            clientResponse = (ClientResponse) uGILoginUser.doAs(privilegedAction);
        } else {
            clientResponse = (ClientResponse) createWebResource(RangerRESTUtils.REST_URL_GET_SERVICE_TAGS_IF_UPDATED + this.serviceName).queryParam("lastKnownVersion", Long.toString(j)).queryParam("lastActivationTime", Long.toString(j2)).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, this.pluginId).accept("application/json").get(ClientResponse.class);
        }
        if (clientResponse == null || clientResponse.getStatus() == 304) {
            if (clientResponse == null) {
                LOG.error("Error getting tags; Received NULL response!!. secureMode=" + z + ", user=" + uGILoginUser + ", serviceName=" + this.serviceName);
            } else {
                RESTResponse fromClientResponse = RESTResponse.fromClientResponse(clientResponse);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("No change in tags. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + fromClientResponse + ", serviceName=" + this.serviceName + ", lastKnownVersion=" + j + ", lastActivationTimeInMillis=" + j2);
                }
            }
            serviceTags = null;
        } else if (clientResponse.getStatus() == 200) {
            serviceTags = (ServiceTags) clientResponse.getEntity(ServiceTags.class);
        } else if (clientResponse.getStatus() == 404) {
            LOG.error("Error getting tags; service not found. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + clientResponse.getStatus() + ", serviceName=" + this.serviceName + ", lastKnownVersion=" + j + ", lastActivationTimeInMillis=" + j2);
            String str = clientResponse.hasEntity() ? (String) clientResponse.getEntity(String.class) : null;
            RangerServiceNotFoundException.throwExceptionIfServiceNotFound(this.serviceName, str);
            LOG.warn("Received 404 error code with body:[" + str + "], Ignoring");
        } else {
            LOG.warn("Error getting tags. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + RESTResponse.fromClientResponse(clientResponse) + ", serviceName=" + this.serviceName);
            serviceTags = null;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.getServiceTagsIfUpdated(" + j + ", " + j2 + "): ");
        }
        return serviceTags;
    }

    @Override // org.apache.ranger.admin.client.RangerAdminClient
    public List<String> getTagTypes(String str) throws Exception {
        ClientResponse clientResponse;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.getTagTypes(" + str + "): ");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        final WebResource queryParam = createWebResource(RangerRESTUtils.REST_URL_LOOKUP_TAG_NAMES).queryParam("serviceName", this.serviceName).queryParam("pattern", str);
        if (z) {
            PrivilegedAction<ClientResponse> privilegedAction = new PrivilegedAction<ClientResponse>() { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.7
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ClientResponse run() {
                    return (ClientResponse) queryParam.accept("application/json").get(ClientResponse.class);
                }
            };
            if (LOG.isDebugEnabled()) {
                LOG.debug("getTagTypes as user " + uGILoginUser);
            }
            clientResponse = (ClientResponse) uGILoginUser.doAs(privilegedAction);
        } else {
            clientResponse = (ClientResponse) queryParam.accept("application/json").get(ClientResponse.class);
        }
        if (clientResponse == null || clientResponse.getStatus() != 200) {
            RESTResponse fromClientResponse = RESTResponse.fromClientResponse(clientResponse);
            LOG.error("Error getting tags. request=" + queryParam + ", response=" + fromClientResponse + ", serviceName=" + this.serviceName + ", pattern=" + str);
            throw new Exception(fromClientResponse.getMessage());
        }
        List<String> list = (List) clientResponse.getEntity(getGenericType(""));
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.getTagTypes(" + str + "): " + list);
        }
        return list;
    }
}
