package com.mapr.login.client;

import com.google.common.collect.Maps;
import com.google.protobuf.InvalidProtocolBufferException;
import com.mapr.baseutils.JVMProperties;
import com.mapr.baseutils.cldbutils.CLDBRpcCommonUtils;
import com.mapr.fs.proto.Security;
import com.mapr.login.MapRLoginException;
import com.mapr.login.common.AuthResponse;
import com.mapr.login.common.AuthSchemes;
import com.mapr.login.common.GenTicketTypeRequest;
import com.mapr.login.common.KerberosAuthRequest;
import com.mapr.login.common.PasswordAuthRequest;
import com.mapr.login.common.RenewRequest;
import com.mapr.security.JNISecurity;
import com.mapr.security.MutableInt;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.xml.bind.DatatypeConverter;
import org.apache.log4j.Logger;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;
import org.json.JSONException;

/* loaded from: input_file:com/mapr/login/client/MapRLoginHttpsClient.class */
public class MapRLoginHttpsClient implements MapRLoginClient {
    public static final String SPNEGO_OID = "1.3.6.1.5.5.2";
    public static final String NT_GSS_KRB5_PRINCIPAL = "1.2.840.113554.1.2.2.1";
    public static final String MAPR_CLIENT_KERBEROS = "MAPR_CLIENT_KERBEROS";
    private static Logger LOG = Logger.getLogger(MapRLoginHttpsClient.class);
    private static boolean kerberosRuntimeAvailable = false;
    private static boolean kerberosCheckDone = false;
    private static final boolean windows = System.getProperty("os.name").startsWith("Windows");
    private Map<String, List<CLDBRpcCommonUtils.IpPort>> clustersMap = CLDBRpcCommonUtils.getInstance().getClusterMap();
    private String currentClusterName = CLDBRpcCommonUtils.getInstance().getCurrentClusterName();
    private boolean checkUGI = true;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/mapr/login/client/MapRLoginHttpsClient$MyVerifier.class */
    public class MyVerifier implements HostnameVerifier {
        MyVerifier() {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            try {
                X509Certificate[] x509CertificateArr = (X509Certificate[]) sSLSession.getPeerCertificates();
                if (MapRLoginHttpsClient.LOG.isDebugEnabled()) {
                    StringBuffer stringBuffer = new StringBuffer();
                    for (int i = 0; i < x509CertificateArr.length; i++) {
                        stringBuffer.append("  Peer cert #" + i + ": " + x509CertificateArr[i].getSubjectX500Principal().getName() + ", signer = " + x509CertificateArr[i].getIssuerX500Principal().getName() + "\n");
                    }
                    MapRLoginHttpsClient.LOG.debug("Certificate chain: " + ((Object) stringBuffer));
                }
                String name = x509CertificateArr[0].getSubjectX500Principal().getName();
                String name2 = x509CertificateArr[0].getIssuerX500Principal().getName();
                if (MapRLoginHttpsClient.LOG.isDebugEnabled()) {
                    MapRLoginHttpsClient.LOG.debug("Java default verification failed for cert with subject " + name + ", custom verifier now checking.");
                }
                if (x509CertificateArr.length == 1 && name2.equals(name)) {
                    MapRLoginHttpsClient.LOG.debug("Accepting self signed certificate automatically.");
                    return true;
                }
                MapRLoginHttpsClient.LOG.warn("Peer certificate has failed verification. SubjectDN is: " + name);
                return false;
            } catch (SSLPeerUnverifiedException e) {
                MapRLoginHttpsClient.LOG.error("Unexpected SSL handshake issue", e);
                return false;
            }
        }
    }

    public void quietAuthenticateIfNeeded() {
        quietAuthenticateIfNeeded(this.currentClusterName);
    }

    public void quietAuthenticateIfNeeded(String str) {
        try {
            authenticateIfNeeded(str);
        } catch (MapRLoginException e) {
            LOG.debug("Exception in authentication suppressed. May cause issues later.");
            LOG.debug(e.getMessage(), e);
        }
    }

    @Override // com.mapr.login.client.MapRLoginClient
    public Security.TicketAndKey authenticateIfNeeded() throws MapRLoginException {
        return authenticateIfNeeded(this.currentClusterName);
    }

    @Override // com.mapr.login.client.MapRLoginClient
    public Security.TicketAndKey authenticateIfNeeded(String str) throws MapRLoginException {
        LOG.debug("Entering authenticate if needed.");
        return authenticateIfNeeded(str, isKerberosAnOption(str));
    }

    private Security.TicketAndKey authenticateIfNeeded(boolean z) throws MapRLoginException {
        return authenticateIfNeeded(this.currentClusterName, z);
    }

    private Security.TicketAndKey authenticateIfNeeded(String str, boolean z) throws MapRLoginException {
        if (!isSecurityEnabled(str)) {
            LOG.debug("security appears to be off");
            return null;
        }
        if (doesSecurityHaveGoodKey(str, false)) {
            LOG.debug("Already have good ticket, done");
            return getTicket(str);
        }
        LOG.debug("Try reloading the ticket file");
        File file = new File(JNISecurity.GetUserTicketAndKeyFileLocation());
        if (file.exists()) {
            int SetTicketAndKeyFile = com.mapr.security.Security.SetTicketAndKeyFile(file.toString());
            if (SetTicketAndKeyFile == 0) {
                if (doesSecurityHaveGoodKey(str, !z)) {
                    return getTicket(str);
                }
            } else if (!z) {
                throw new MapRLoginException("Unable to load ticket file '" + file + "', error = " + SetTicketAndKeyFile);
            }
        } else if (!z) {
            throw new MapRLoginException("Unable to authenticate as ticket is not available");
        }
        LOG.debug("Try kerberos");
        Security.TicketAndKey mapRCredentialsViaKerberos = getMapRCredentialsViaKerberos(str, null);
        com.mapr.security.Security.SetTicketAndKey(Security.ServerKeyType.ServerKey, str, mapRCredentialsViaKerberos);
        return mapRCredentialsViaKerberos;
    }

    @Override // com.mapr.login.client.MapRLoginClient
    public boolean isSecurityEnabled() throws MapRLoginException {
        return isSecurityEnabled(this.currentClusterName);
    }

    @Override // com.mapr.login.client.MapRLoginClient
    public boolean isSecurityEnabled(String str) {
        return JNISecurity.IsSecurityEnabled(str);
    }

    private Security.TicketAndKey getTicket(String str) {
        return com.mapr.security.Security.GetTicketAndKeyForCluster(Security.ServerKeyType.ServerKey, str, new MutableInt());
    }

    private boolean doesSecurityHaveGoodKey(String str, boolean z) throws MapRLoginException {
        MutableInt mutableInt = new MutableInt();
        Security.TicketAndKey GetTicketAndKeyForCluster = com.mapr.security.Security.GetTicketAndKeyForCluster(Security.ServerKeyType.ServerKey, str, mutableInt);
        if (GetTicketAndKeyForCluster != null && mutableInt.GetValue() == 0) {
            if (com.mapr.security.Security.IsTicketAndKeyUsable(GetTicketAndKeyForCluster)) {
                LOG.debug("found existing MapR ticket");
                return true;
            }
            if (z) {
                throw new MapRLoginException("Found ticket for cluster '" + str + "' but it has expired.");
            }
        }
        if (z) {
            throw new MapRLoginException("Failed to find ticket for cluster '" + str + "', error = " + mutableInt);
        }
        return false;
    }

    private synchronized boolean isKerberosAnOption(String str) {
        if (!JNISecurity.IsKerberosEnabled(str)) {
            LOG.debug("Kerberos not configured for this cluster.");
            return false;
        }
        LOG.debug("Kerberos available for this cluster. Determining if kerberos authentication supported in runtime");
        if (!kerberosCheckDone) {
            kerberosCheckDone = true;
            try {
                if (Configuration.getConfiguration().getAppConfigurationEntry(MAPR_CLIENT_KERBEROS) != null) {
                    LOG.debug("Found JAAS configuration MAPR_CLIENT_KERBEROS");
                    new KerberosPrincipal("anything");
                    LOG.debug("Found Kerberos runtime");
                    kerberosRuntimeAvailable = true;
                } else {
                    LOG.debug("No Kerberos JAAS configuration");
                }
            } catch (Exception e) {
                LOG.debug("Failed to detect kerberos runtime. No Kerberos usage." + e.getMessage());
            }
            if (kerberosRuntimeAvailable) {
                LOG.debug("Kerberos is an option");
            } else {
                LOG.debug("Kerberos is not an option");
            }
        }
        return kerberosRuntimeAvailable;
    }

    @Override // com.mapr.login.client.MapRLoginClient
    public Security.TicketAndKey getMapRCredentialsViaPassword(String str, String str2, Long l) throws MapRLoginException {
        return getMapRCredentialsViaPassword(this.currentClusterName, str, str2, l);
    }

    @Override // com.mapr.login.client.MapRLoginClient
    public Security.TicketAndKey getMapRCredentialsViaPassword(String str, String str2, String str3, Long l) throws MapRLoginException {
        return processResponse(str, authenticateWithMapRCluster(str, getPasswordAuthRequestString(str2, str3, l), AuthSchemes.PASSWORD));
    }

    @Override // com.mapr.login.client.MapRLoginClient
    public Security.TicketAndKey getMapRCredentialsViaKerberos(Long l) throws MapRLoginException {
        return getMapRCredentialsViaKerberos(this.currentClusterName, l);
    }

    @Override // com.mapr.login.client.MapRLoginClient
    public void setCheckUGI(boolean z) {
        this.checkUGI = z;
    }

    @Override // com.mapr.login.client.MapRLoginClient
    public Security.TicketAndKey getMapRCredentialsViaKerberos(final String str, final Long l) throws MapRLoginException {
        if (JNISecurity.IsReplayDetectionDisabled(str)) {
            LOG.info("REPLAY DETECTION DISABLED");
        }
        try {
            Subject subject = Subject.getSubject(AccessController.getContext());
            if (subject == null || subject.getPrincipals(KerberosPrincipal.class).isEmpty()) {
                if (LOG.isDebugEnabled()) {
                    if (subject == null) {
                        LOG.debug("No subject found");
                    } else {
                        LOG.debug("Subject found but no Kerberos principal in it");
                    }
                }
                if (this.checkUGI) {
                    LOG.debug("Will attempt to check UGI object for Kerberos creds");
                    try {
                        Class<?> cls = Class.forName("org.apache.hadoop.security.UserGroupInformation");
                        subject = (Subject) cls.getMethod("getSubject", (Class[]) null).invoke(cls.getMethod("getCurrentUser", (Class[]) null).invoke(null, (Object[]) null), (Object[]) null);
                    } catch (ClassNotFoundException e) {
                        LOG.debug("Couldn't find UGI object. Doesn't matter.");
                    }
                } else {
                    LOG.debug("UGI checking disabled.");
                }
                if (subject == null || subject.getPrincipals(KerberosPrincipal.class).isEmpty()) {
                    LOG.debug("No subject with Kerberos found even after (optionally) checking Hadoop UGI object");
                    LoginContext loginContext = new LoginContext(MAPR_CLIENT_KERBEROS);
                    loginContext.login();
                    subject = loginContext.getSubject();
                }
            }
            LOG.debug("Client kerberos identity: " + subject.getPrincipals());
            return processResponse(str, (AuthResponse) Subject.doAs(subject, new PrivilegedExceptionAction<AuthResponse>() { // from class: com.mapr.login.client.MapRLoginHttpsClient.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public AuthResponse run() throws Exception {
                    String cLDBKerberosName = MapRLoginHttpsClient.this.getCLDBKerberosName(str);
                    GSSManager gSSManager = GSSManager.getInstance();
                    MapRLoginHttpsClient.LOG.debug("Attempting to connect to kerberos server that has the identity '" + cLDBKerberosName + "'");
                    GSSContext createContext = gSSManager.createContext(gSSManager.createName(cLDBKerberosName, new Oid(MapRLoginHttpsClient.NT_GSS_KRB5_PRINCIPAL), new Oid(MapRLoginHttpsClient.SPNEGO_OID)), new Oid(MapRLoginHttpsClient.SPNEGO_OID), (GSSCredential) null, 0);
                    if (JNISecurity.IsReplayDetectionDisabled(str)) {
                        if (MapRLoginHttpsClient.LOG.isDebugEnabled()) {
                            MapRLoginHttpsClient.LOG.debug("Replay detection disabled in mapr-clusters.conf");
                        }
                        createContext.requestReplayDet(false);
                    }
                    createContext.requestMutualAuth(true);
                    byte[] bArr = new byte[0];
                    byte[] initSecContext = createContext.initSecContext(bArr, 0, bArr.length);
                    if (initSecContext == null) {
                        MapRLoginHttpsClient.LOG.error("No kerberos identity to use.");
                        throw new MapRLoginException("No kerberos identity.");
                    }
                    AuthResponse authenticateWithMapRCluster = MapRLoginHttpsClient.this.authenticateWithMapRCluster(str, MapRLoginHttpsClient.this.getKerberosAuthRequestString(DatatypeConverter.printBase64Binary(initSecContext), l), AuthSchemes.KERBEROS);
                    if (authenticateWithMapRCluster.getError() != null) {
                        return authenticateWithMapRCluster;
                    }
                    byte[] parseBase64Binary = DatatypeConverter.parseBase64Binary(authenticateWithMapRCluster.getToken());
                    createContext.initSecContext(parseBase64Binary, 0, parseBase64Binary.length);
                    if (!createContext.isEstablished()) {
                        MapRLoginHttpsClient.LOG.error("During kerberos authentication another auth round expected. Unable to complete authentication.");
                        throw new MapRLoginException("Unable to complete Kerberos authentication.");
                    }
                    if (MapRLoginHttpsClient.LOG.isDebugEnabled()) {
                        MapRLoginHttpsClient.LOG.debug("Context Established! Client principal is " + createContext.getSrcName());
                        MapRLoginHttpsClient.LOG.debug("Server principal is " + createContext.getTargName());
                    }
                    return authenticateWithMapRCluster;
                }
            }));
        } catch (Exception e2) {
            e = e2;
            if (e instanceof PrivilegedActionException) {
                e = ((PrivilegedActionException) e).getException();
            }
            String str2 = "Failure during kerberos authentication. " + e.getMessage();
            LOG.debug(str2, e);
            throw new MapRLoginException(str2, e);
        }
    }

    @Override // com.mapr.login.client.MapRLoginClient
    public void logOut() throws MapRLoginException {
        File file = new File(JNISecurity.GetUserTicketAndKeyFileLocation());
        if (!file.exists() || !file.delete()) {
            throw new MapRLoginException("Logout failed. Unable to delete the ticket file: " + file.getAbsolutePath());
        }
        LOG.info("All tickets deleted.");
    }

    @Override // com.mapr.login.client.MapRLoginClient
    public void logOut(String str) throws MapRLoginException {
        String GetUserTicketAndKeyFileLocation = JNISecurity.GetUserTicketAndKeyFileLocation();
        File tempFile = getTempFile(GetUserTicketAndKeyFileLocation + ".tmp");
        try {
            File file = new File(GetUserTicketAndKeyFileLocation);
            Map<String, String> existingCredsFromTicketFile = getExistingCredsFromTicketFile(file);
            if (existingCredsFromTicketFile.containsKey(str)) {
                existingCredsFromTicketFile.remove(str);
                FileOutputStream fileOutputStream = new FileOutputStream(tempFile);
                for (String str2 : existingCredsFromTicketFile.keySet()) {
                    String str3 = existingCredsFromTicketFile.get(str2);
                    fileOutputStream.write(str2.getBytes("UTF-8"));
                    fileOutputStream.write(" ".getBytes("UTF-8"));
                    fileOutputStream.write(str3.getBytes("UTF-8"));
                    fileOutputStream.write("\n".getBytes("UTF-8"));
                }
                fileOutputStream.close();
                renameFile(tempFile, file);
                LOG.info("Deleted the ticket for cluster '" + str + "' from " + GetUserTicketAndKeyFileLocation);
            } else {
                LOG.info("No ticket present for cluster '" + str + "' in " + GetUserTicketAndKeyFileLocation + ". Nothing to delete.");
                tempFile.delete();
            }
        } catch (Exception e) {
            String str4 = "Error writing mapr credentials to file. File path: " + GetUserTicketAndKeyFileLocation;
            LOG.error(str4, e);
            throw new MapRLoginException(str4, e);
        }
    }

    @Override // com.mapr.login.client.MapRLoginClient
    public Security.TicketAndKey renew(Long l) throws MapRLoginException {
        return renew(this.currentClusterName, l);
    }

    @Override // com.mapr.login.client.MapRLoginClient
    public Security.TicketAndKey renew(String str, Long l) throws MapRLoginException {
        MutableInt mutableInt = new MutableInt();
        byte[] ticketBytes = getTicketBytes(str, mutableInt);
        if (mutableInt.GetValue() != 0 || ticketBytes == null || ticketBytes.length == 0) {
            String str2 = "Cannot renew the ticket for cluster '" + str + "'. Error decoding the existing ticket. Error code: " + mutableInt.GetValue();
            LOG.error(str2);
            throw new MapRLoginException(str2);
        }
        try {
            Security.TicketAndKey parseFrom = Security.TicketAndKey.parseFrom(ticketBytes);
            RenewRequest renewRequest = new RenewRequest();
            renewRequest.setTicketAndKeyString(DatatypeConverter.printBase64Binary(parseFrom.toByteArray()));
            renewRequest.setTicketDurInSecs(l);
            return processResponse(str, authenticateWithMapRCluster(str, RenewRequest.toJSON(renewRequest), AuthSchemes.RENEW));
        } catch (JSONException e) {
            String str3 = "Cannot renew the ticket for cluster '" + str + "'. Error in JSON serialization of the TicketAndKey object.";
            LOG.error(str3, e);
            throw new MapRLoginException(str3, e);
        } catch (InvalidProtocolBufferException e2) {
            String str4 = "Cannot renew the ticket for cluster '" + str + "'. Error building the TicketAndKey object.";
            LOG.error(str4, e2);
            throw new MapRLoginException(str4, e2);
        }
    }

    @Override // com.mapr.login.client.MapRLoginClient
    public Security.TicketAndKey generateTicket(GenTicketTypeRequest.TicketType ticketType, String str, String str2, Long l, String str3) throws MapRLoginException {
        return genTicketType(ticketType, str, str2, l, str3);
    }

    private Security.TicketAndKey genTicketType(GenTicketTypeRequest.TicketType ticketType, String str, String str2, Long l, String str3) throws MapRLoginException {
        MutableInt mutableInt = new MutableInt();
        byte[] ticketBytes = getTicketBytes(str2, mutableInt);
        if (mutableInt.GetValue() != 0 || ticketBytes == null || ticketBytes.length == 0) {
            String str4 = "Cannot generate service ticket for cluster '" + str2 + "'. Error decoding the existing ticket. Error code: " + mutableInt.GetValue();
            LOG.error(str4);
            throw new MapRLoginException(str4);
        }
        try {
            Security.TicketAndKey parseFrom = Security.TicketAndKey.parseFrom(ticketBytes);
            GenTicketTypeRequest genTicketTypeRequest = new GenTicketTypeRequest();
            genTicketTypeRequest.setTicketAndKeyString(DatatypeConverter.printBase64Binary(parseFrom.toByteArray()));
            genTicketTypeRequest.setTicketDurInSecs(l);
            genTicketTypeRequest.setTargetUserName(str);
            genTicketTypeRequest.setTicketType(ticketType);
            return processResponse(str2, authenticateWithMapRCluster(str2, GenTicketTypeRequest.toJSON(genTicketTypeRequest), AuthSchemes.GEN_TICKET_TYPE), str3);
        } catch (InvalidProtocolBufferException e) {
            String str5 = "Cannot generate service ticket for cluster '" + str2 + "'. Error building the TicketAndKey object.";
            LOG.error(str5, e);
            throw new MapRLoginException(str5, e);
        } catch (JSONException e2) {
            String str6 = "Cannot generate service ticket for cluster '" + str2 + "'. Error in JSON serialization of the TicketAndKey object.";
            LOG.error(str6, e2);
            throw new MapRLoginException(str6, e2);
        }
    }

    private byte[] getTicketBytes(String str, MutableInt mutableInt) throws MapRLoginException {
        String GetUserTicketAndKeyFileLocation = JNISecurity.GetUserTicketAndKeyFileLocation();
        File file = new File(GetUserTicketAndKeyFileLocation);
        Map<String, String> existingCredsFromTicketFile = getExistingCredsFromTicketFile(file);
        if (!file.exists()) {
            String str2 = "Operation failed. No ticket file at " + GetUserTicketAndKeyFileLocation + ".";
            LOG.error(str2);
            throw new MapRLoginException(str2);
        }
        if (existingCredsFromTicketFile.containsKey(str)) {
            return com.mapr.security.Security.DecodeDataFromKeyFile(existingCredsFromTicketFile.get(str).getBytes(), mutableInt);
        }
        String str3 = "Operation failed. " + GetUserTicketAndKeyFileLocation + " does not have a ticket for this cluster.";
        LOG.error(str3);
        throw new MapRLoginException(str3);
    }

    private Security.TicketAndKey processResponse(String str, AuthResponse authResponse) throws MapRLoginException {
        return processResponse(str, authResponse, JNISecurity.GetUserTicketAndKeyFileLocation());
    }

    private Security.TicketAndKey processResponse(String str, AuthResponse authResponse, String str2) throws MapRLoginException {
        if (authResponse.getStatus() != 0) {
            LOG.error("Error obtaining mapr credentials for cluster : " + str + ". Error message from cldb: " + authResponse.getError());
            throw new MapRLoginException(authResponse.getError());
        }
        if (str2 == null || str2.isEmpty()) {
            str2 = JNISecurity.GetUserTicketAndKeyFileLocation();
        }
        Security.TicketAndKey extractCredentialsFromResponse = extractCredentialsFromResponse(authResponse);
        writeMapRCredentialsToFile(str, extractCredentialsFromResponse, str2);
        return extractCredentialsFromResponse;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AuthResponse authenticateWithMapRCluster(String str, String str2, String str3) throws MapRLoginException {
        if (LOG.isDebugEnabled()) {
            try {
                String str4 = null;
                if (str3.equals(AuthSchemes.PASSWORD)) {
                    str4 = PasswordAuthRequest.fromJSON(str2).toString();
                } else if (str3.equals(AuthSchemes.KERBEROS)) {
                    str4 = KerberosAuthRequest.fromJSON(str2).toString();
                } else if (str3.equals(AuthSchemes.RENEW)) {
                    str4 = RenewRequest.fromJSON(str2).toString();
                } else if (str3.equals(AuthSchemes.GEN_TICKET_TYPE)) {
                    str4 = GenTicketTypeRequest.fromJSON(str2).toString();
                }
                LOG.debug("Attempting authentication with cluster - " + str + ". Request - " + (str4 != null ? str4 : "null") + ", auth scheme: " + str3);
            } catch (JSONException e) {
                LOG.debug(e);
            }
        }
        if (!this.clustersMap.containsKey(str)) {
            String str5 = "Cluster name '" + str + "' is not found in " + CLDBRpcCommonUtils.getInstance().getPathToClustersConfFile();
            LOG.error(str5);
            throw new MapRLoginException(str5);
        }
        StringBuilder sb = new StringBuilder();
        boolean z = true;
        int GetCldbHttpsPort = JNISecurity.GetCldbHttpsPort(this.currentClusterName);
        ArrayList arrayList = new ArrayList(this.clustersMap.get(str));
        Collections.shuffle(arrayList);
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            for (String str6 : ((CLDBRpcCommonUtils.IpPort) it.next()).getOriginalAddr()) {
                if (!z) {
                    sb.append(", ");
                }
                z = false;
                sb.append(str6);
                sb.append(":");
                sb.append(GetCldbHttpsPort);
                HttpURLConnection cLDBConnection = getCLDBConnection(str6, GetCldbHttpsPort, str3);
                if (cLDBConnection != null) {
                    AuthResponse parseAuthResponse = parseAuthResponse(sendRequest(str2, cLDBConnection));
                    cLDBConnection.disconnect();
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Obtained auth response " + parseAuthResponse.toString() + " from cldb @ " + str6 + ":" + GetCldbHttpsPort);
                    }
                    if (parseAuthResponse.getStatus() != 30) {
                        return parseAuthResponse;
                    }
                    LOG.info("Message from cldb " + str6 + ":" + GetCldbHttpsPort + " - '" + parseAuthResponse.getError() + "'. Trying another cldb..");
                } else {
                    LOG.warn("Couldn't connect to cldb " + str6 + ":" + GetCldbHttpsPort + ". Trying another cldb..");
                }
            }
        }
        String str7 = "Unable to connect to any of the cluster's CLDBs. CLDBs tried: " + sb.toString() + ". Please check your cluster configuration.";
        LOG.error(str7);
        throw new MapRLoginException(str7);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getCLDBKerberosName(String str) {
        String GetCldbPrincipal = JNISecurity.GetCldbPrincipal(this.currentClusterName);
        if (GetCldbPrincipal.trim().isEmpty()) {
            GetCldbPrincipal = "mapr/" + str;
        }
        return GetCldbPrincipal;
    }

    private AuthResponse parseAuthResponse(String str) throws MapRLoginException {
        try {
            return AuthResponse.fromJSON(str);
        } catch (JSONException e) {
            LOG.error("JSON parse error while parsing auth response.", e);
            throw new MapRLoginException("JSON parse error while parsing auth response.", e);
        }
    }

    private Security.TicketAndKey extractCredentialsFromResponse(AuthResponse authResponse) throws MapRLoginException {
        try {
            return Security.TicketAndKey.parseFrom(DatatypeConverter.parseBase64Binary(authResponse.getTicketAndKeyString()));
        } catch (InvalidProtocolBufferException e) {
            LOG.error("Error parsing base64 encoded ticket and key string into proto object");
            throw new MapRLoginException("Error parsing base64 encoded ticket and key string into proto object", e);
        }
    }

    private void writeMapRCredentialsToFile(String str, Security.TicketAndKey ticketAndKey, String str2) throws MapRLoginException {
        MutableInt mutableInt = new MutableInt();
        byte[] EncodeDataForWritingToKeyFile = com.mapr.security.Security.EncodeDataForWritingToKeyFile(ticketAndKey.toByteArray(), mutableInt);
        if (EncodeDataForWritingToKeyFile == null) {
            String str3 = "Failed to encode ticket and key. Error: " + mutableInt.GetValue();
            LOG.error(str3);
            throw new MapRLoginException(str3);
        }
        File tempFile = getTempFile(str2 + ".tmp");
        try {
            Map<String, String> newLinkedHashMap = Maps.newLinkedHashMap();
            File file = new File(str2);
            if (file.exists()) {
                newLinkedHashMap = getExistingCredsFromTicketFile(file);
            }
            newLinkedHashMap.put(str, new String(EncodeDataForWritingToKeyFile, "UTF-8"));
            FileOutputStream fileOutputStream = new FileOutputStream(tempFile);
            for (String str4 : newLinkedHashMap.keySet()) {
                String str5 = newLinkedHashMap.get(str4);
                fileOutputStream.write(str4.getBytes("UTF-8"));
                fileOutputStream.write(" ".getBytes("UTF-8"));
                fileOutputStream.write(str5.getBytes("UTF-8"));
                fileOutputStream.write("\n".getBytes("UTF-8"));
            }
            fileOutputStream.close();
            renameFile(tempFile, file);
            if (LOG.isDebugEnabled()) {
                LOG.debug("\n************* \nSaved mapr credentials to file: " + str2 + ". \nUser credentials: \n" + com.mapr.security.Security.UserCredsToString(str, ticketAndKey.getUserCreds()) + "\n************* \n");
            }
            String str6 = "MapR credentials of user '" + ticketAndKey.getUserCreds().getUserName() + "' for cluster '" + str + "' are written to '" + str2 + "'";
            LOG.info(str6);
            if (System.out != null) {
                System.out.println(str6);
            }
        } catch (Exception e) {
            String str7 = "Error writing mapr credentials to file. File path: " + str2;
            LOG.error(str7, e);
            throw new MapRLoginException(str7, e);
        }
    }

    private void renameFile(File file, File file2) throws MapRLoginException {
        if (file.renameTo(file2)) {
            return;
        }
        if (windows) {
            LOG.debug("The rename failed, since I'm on windows, try deleting the target file first.");
            file2.delete();
            if (file.renameTo(file2)) {
                return;
            }
        }
        String str = "Unable to rename " + file.getAbsolutePath() + " to " + file2.getAbsolutePath();
        LOG.error(str);
        throw new MapRLoginException(str);
    }

    private File getTempFile(String str) throws MapRLoginException {
        File file = new File(str);
        int i = 0;
        while (!file.createNewFile()) {
            try {
                LOG.info(str + " already exists. will retry again in 500 ms");
                try {
                    Thread.sleep(500L);
                    i++;
                    if (i >= 10) {
                        LOG.info(str + " is present even after 10 retries. Deleting it.");
                        if (!file.delete()) {
                            String str2 = "Unable to delete the temporary ticket file: " + str;
                            LOG.error(str2);
                            throw new MapRLoginException(str2);
                        }
                    }
                } catch (InterruptedException e) {
                    LOG.error(e);
                    throw new MapRLoginException(e);
                }
            } catch (IOException e2) {
                String str3 = "Unable to create " + str;
                LOG.error(str3, e2);
                throw new MapRLoginException(str3, e2);
            }
        }
        file.setExecutable(false, false);
        file.setWritable(false, false);
        file.setReadable(false, false);
        file.setWritable(true, true);
        file.setReadable(true, true);
        return file;
    }

    private Map<String, String> getExistingCredsFromTicketFile(File file) throws MapRLoginException {
        LinkedHashMap newLinkedHashMap = Maps.newLinkedHashMap();
        if (file.exists()) {
            try {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new FileInputStream(file), "UTF-8"));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    String[] split = readLine.split(" ");
                    newLinkedHashMap.put(split[0], split[1]);
                }
                bufferedReader.close();
            } catch (IOException e) {
                String str = "Error reading from " + file.getAbsolutePath();
                LOG.error(str, e);
                throw new MapRLoginException(str, e);
            }
        }
        return newLinkedHashMap;
    }

    private String getPasswordAuthRequestString(String str, String str2, Long l) throws MapRLoginException {
        PasswordAuthRequest passwordAuthRequest = new PasswordAuthRequest();
        passwordAuthRequest.setUserName(str);
        passwordAuthRequest.setPassWord(str2);
        passwordAuthRequest.setTicketDurInSecs(l);
        try {
            return PasswordAuthRequest.toJSON(passwordAuthRequest);
        } catch (JSONException e) {
            LOG.error("JSON parse error", e);
            throw new MapRLoginException("JSON parse error", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getKerberosAuthRequestString(String str, Long l) throws MapRLoginException {
        KerberosAuthRequest kerberosAuthRequest = new KerberosAuthRequest();
        kerberosAuthRequest.setToken(str);
        kerberosAuthRequest.setTicketDurInSecs(l);
        try {
            return KerberosAuthRequest.toJSON(kerberosAuthRequest);
        } catch (JSONException e) {
            LOG.error("JSON parse error", e);
            throw new MapRLoginException("JSON parse error", e);
        }
    }

    private String sendRequest(String str, HttpURLConnection httpURLConnection) throws MapRLoginException {
        try {
            OutputStream outputStream = httpURLConnection.getOutputStream();
            outputStream.write(str.getBytes());
            outputStream.close();
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
            StringBuilder sb = new StringBuilder();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    bufferedReader.close();
                    return sb.toString();
                }
                sb.append(readLine);
            }
        } catch (IOException e) {
            LOG.error("Error sending request data via http output stream", e);
            throw new MapRLoginException("Error sending request data via http output stream", e);
        }
    }

    private HttpURLConnection getCLDBConnection(String str, int i, String str2) {
        String authURL = getAuthURL(str, i, str2);
        HttpsURLConnection httpsURLConnection = null;
        try {
            httpsURLConnection = (HttpsURLConnection) new URL(authURL).openConnection();
            httpsURLConnection.setHostnameVerifier(new MyVerifier());
            httpsURLConnection.setRequestMethod("POST");
            httpsURLConnection.setDoInput(true);
            httpsURLConnection.setDoOutput(true);
            httpsURLConnection.connect();
            httpsURLConnection.getOutputStream();
            return httpsURLConnection;
        } catch (IOException e) {
            String str3 = "Unable to open connection to cldb at " + authURL;
            if (httpsURLConnection == null || httpsURLConnection.getErrorStream() == null) {
                LOG.warn(str3, e);
                return null;
            }
            try {
                StringBuilder sb = new StringBuilder();
                sb.append(str3);
                sb.append(". Details: ");
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpsURLConnection.getErrorStream()));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        bufferedReader.close();
                        LOG.warn(sb.toString());
                        return null;
                    }
                    sb.append(readLine);
                }
            } catch (IOException e2) {
                LOG.warn(str3, e);
                return null;
            }
        }
    }

    private String getAuthURL(String str, int i, String str2) {
        return "https://" + str + ":" + i + str2;
    }

    static {
        JVMProperties.init();
    }
}
