package org.apache.ranger.admin.client;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonDeserializationContext;
import com.google.gson.JsonDeserializer;
import com.google.gson.JsonElement;
import com.google.gson.JsonParseException;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Type;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.PrivilegedAction;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.ws.rs.ProcessingException;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.audit.provider.MiscUtil;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
import org.apache.ranger.plugin.util.RangerPluginCapability;
import org.apache.ranger.plugin.util.RangerRoles;
import org.apache.ranger.plugin.util.RangerServiceNotFoundException;
import org.apache.ranger.plugin.util.RangerSslHelper;
import org.apache.ranger.plugin.util.RangerUserStore;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.plugin.util.ServiceTags;
import org.apache.ranger.plugin.util.URLEncoderUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.class */
public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
    private static final Logger LOG = LoggerFactory.getLogger(RangerAdminJersey2RESTClient.class);
    HostnameVerifier _hv;
    int _restClientConnTimeOutMs;
    int _restClientReadTimeOutMs;
    int _restClientMaxRetryAttempts;
    int _restClientRetryIntervalMs;
    private int lastKnownActiveUrlIndex;
    private List<String> configURLs;
    private boolean isRangerCookieEnabled;
    private String rangerAdminCookieName;
    private static final int MAX_PLUGIN_ID_LEN = 255;
    boolean _isSSL = false;
    volatile Client _client = null;
    SSLContext _sslContext = null;
    String _sslConfigFileName = null;
    String _serviceName = null;
    String _serviceNameUrlParam = null;
    String _clusterName = null;
    boolean _supportsPolicyDeltas = false;
    boolean _supportsTagDeltas = false;
    String _pluginId = null;
    private Cookie policyDownloadSessionId = null;
    private boolean isValidPolicyDownloadSessionCookie = false;
    private Cookie tagDownloadSessionId = null;
    private boolean isValidTagDownloadSessionCookie = false;
    private Cookie roleDownloadSessionId = null;
    private boolean isValidRoleDownloadSessionCookie = false;
    private final String pluginCapabilities = Long.toHexString(new RangerPluginCapability().getPluginCapabilities());

    /* loaded from: input_file:org/apache/ranger/admin/client/RangerAdminJersey2RESTClient$GsonUnixDateDeserializer.class */
    public static class GsonUnixDateDeserializer implements JsonDeserializer<Date> {
        /* renamed from: deserialize, reason: merged with bridge method [inline-methods] */
        public Date m1deserialize(JsonElement jsonElement, Type type, JsonDeserializationContext jsonDeserializationContext) throws JsonParseException {
            return new Date(jsonElement.getAsJsonPrimitive().getAsLong());
        }
    }

    public void init(String str, String str2, String str3, Configuration configuration) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminJersey2RESTClient.init(" + str3 + ")");
        }
        super.init(str, str2, str3, configuration);
        this._serviceName = str;
        this._pluginId = getPluginId(str, str2);
        String str4 = configuration.get(str3 + ".policy.rest.url");
        this._sslConfigFileName = configuration.get(str3 + ".policy.rest.ssl.config.file");
        this._restClientConnTimeOutMs = configuration.getInt(str3 + ".policy.rest.client.connection.timeoutMs", 120000);
        this._restClientReadTimeOutMs = configuration.getInt(str3 + ".policy.rest.client.read.timeoutMs", 30000);
        this._restClientMaxRetryAttempts = configuration.getInt(str3 + ".policy.rest.client.max.retry.attempts", 3);
        this._restClientRetryIntervalMs = configuration.getInt(str3 + ".policy.rest.client.retry.interval.ms", 1000);
        this._clusterName = configuration.get(str3 + ".access.cluster.name", "");
        if (StringUtil.isEmpty(this._clusterName)) {
            this._clusterName = configuration.get(str3 + ".ambari.cluster.name", "");
        }
        this._supportsPolicyDeltas = configuration.getBoolean(str3 + ".supports.policy.deltas", false);
        this._supportsTagDeltas = configuration.getBoolean(str3 + ".supports.tag.deltas", false);
        this.isRangerCookieEnabled = configuration.getBoolean(str3 + ".policy.rest.client.cookie.enabled", true);
        this.rangerAdminCookieName = configuration.get(str3 + ".policy.rest.client.session.cookie.name", "RANGERADMINSESSIONID");
        this.configURLs = StringUtil.getURLs(str4);
        this.lastKnownActiveUrlIndex = new Random().nextInt(this.configURLs.size());
        String str5 = this.configURLs.get(this.lastKnownActiveUrlIndex);
        this._isSSL = isSsl(str5);
        LOG.info("Init params: " + String.format("Base URL[%s], SSL Config filename[%s], ServiceName=[%s], SupportsPolicyDeltas=[%s], ConfigURLs=[%s]", str5, this._sslConfigFileName, this._serviceName, Boolean.valueOf(this._supportsPolicyDeltas), Boolean.valueOf(this._supportsTagDeltas), this.configURLs));
        this._client = getClient();
        this._client.property("jersey.config.client.connectTimeout", Integer.valueOf(this._restClientConnTimeOutMs));
        this._client.property("jersey.config.client.readTimeout", Integer.valueOf(this._restClientReadTimeOutMs));
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminJersey2RESTClient.init(" + str3 + "): " + this._client.toString());
        }
        try {
            this._serviceNameUrlParam = URLEncoderUtil.encodeURIParam(str);
        } catch (UnsupportedEncodingException e) {
            LOG.warn("Unsupported encoding, serviceName=" + str);
            this._serviceNameUrlParam = str;
        }
    }

    public ServicePolicies getServicePoliciesIfUpdated(long j, long j2) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminJersey2RESTClient.getServicePoliciesIfUpdated(" + j + ", " + j2 + ")");
        }
        ServicePolicies servicePoliciesIfUpdatedWithCookie = (this.isRangerCookieEnabled && this.policyDownloadSessionId != null && this.isValidPolicyDownloadSessionCookie) ? getServicePoliciesIfUpdatedWithCookie(j, j2) : getServicePoliciesIfUpdatedWithCred(j, j2);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminJersey2RESTClient.getServicePoliciesIfUpdated(" + j + ", " + j2 + "): " + servicePoliciesIfUpdatedWithCookie);
        }
        return servicePoliciesIfUpdatedWithCookie;
    }

    public RangerRoles getRolesIfUpdated(long j, long j2) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminJersey2RESTClient.getRolesIfUpdated(" + j + ", " + j2 + ")");
        }
        RangerRoles rangerRolesIfUpdatedWithCookie = (this.isRangerCookieEnabled && this.roleDownloadSessionId != null && this.isValidRoleDownloadSessionCookie) ? getRangerRolesIfUpdatedWithCookie(j, j2) : getRangerRolesIfUpdatedWithCred(j, j2);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminJersey2RESTClient.getRolesIfUpdated(" + j + ", " + j2 + "): " + rangerRolesIfUpdatedWithCookie);
        }
        return rangerRolesIfUpdatedWithCookie;
    }

    public void grantAccess(GrantRevokeRequest grantRevokeRequest) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.grantAccess(" + grantRevokeRequest + ")");
        }
        HashMap hashMap = new HashMap();
        hashMap.put("pluginId", this._pluginId);
        String str = "/service/plugins/services/grant/" + this._serviceName;
        Response response = get(hashMap, str);
        int status = response == null ? -1 : response.getStatus();
        switch (status) {
            case -1:
                LOG.warn("Unexpected: Null response from policy server while granting access! Returning null!");
                throw new Exception("unknown error!");
            case 200:
                LOG.debug("grantAccess() suceeded: HTTP status=" + status);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== RangerAdminRESTClient.grantAccess(" + grantRevokeRequest + ")");
                    return;
                }
                return;
            case 401:
                throw new AccessControlException();
            default:
                LOG.warn(String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", Integer.valueOf(status), (String) response.readEntity(String.class), str));
                throw new Exception("HTTP status: " + status);
        }
    }

    public void revokeAccess(GrantRevokeRequest grantRevokeRequest) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.grantAccess(" + grantRevokeRequest + ")");
        }
        HashMap hashMap = new HashMap();
        hashMap.put("pluginId", this._pluginId);
        String str = "/service/plugins/services/revoke/" + this._serviceName;
        Response response = get(hashMap, str);
        int status = response == null ? -1 : response.getStatus();
        switch (status) {
            case -1:
                LOG.warn("Unexpected: Null response from policy server while granting access! Returning null!");
                throw new Exception("unknown error!");
            case 200:
                LOG.debug("grantAccess() suceeded: HTTP status=" + status);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== RangerAdminRESTClient.grantAccess(" + grantRevokeRequest + ")");
                    return;
                }
                return;
            case 401:
                throw new AccessControlException();
            default:
                LOG.warn(String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", Integer.valueOf(status), (String) response.readEntity(String.class), str));
                throw new Exception("HTTP status: " + status);
        }
    }

    public ServiceTags getServiceTagsIfUpdated(long j, long j2) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminJersey2RESTClient.getServiceTagsIfUpdated(" + j + ", " + j2 + ")");
        }
        ServiceTags serviceTagsIfUpdatedWithCookie = (this.isRangerCookieEnabled && this.tagDownloadSessionId != null && this.isValidTagDownloadSessionCookie) ? getServiceTagsIfUpdatedWithCookie(j, j2) : getServiceTagsIfUpdatedWithCred(j, j2);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminJersey2RESTClient.getServiceTagsIfUpdated(" + j + ", " + j2 + "): " + serviceTagsIfUpdatedWithCookie);
        }
        return serviceTagsIfUpdatedWithCookie;
    }

    public List<String> getTagTypes(String str) throws Exception {
        throw new Exception("RangerAdminjersey2RESTClient.getTagTypes() -- *** NOT IMPLEMENTED *** ");
    }

    public RangerUserStore getUserStoreIfUpdated(long j, long j2) throws Exception {
        Response response;
        RangerUserStore rangerUserStore;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminjersey2RESTClient.getUserStoreIfUpdated(lastKnownUserStoreVersion={}, lastActivationTimeInMillis={})", Long.valueOf(j), Long.valueOf(j2));
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        HashMap hashMap = new HashMap();
        hashMap.put("lastKnownUserStoreVersion", Long.toString(j));
        hashMap.put("lastActivationTime", Long.toString(j2));
        hashMap.put("pluginId", this._pluginId);
        hashMap.put("clusterName", this._clusterName);
        hashMap.put("pluginCapabilities", this.pluginCapabilities);
        if (z) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Checking UserStore updated as user: {}", uGILoginUser);
            }
            response = (Response) uGILoginUser.doAs(() -> {
                Response response2 = null;
                try {
                    response2 = get(hashMap, "/service/xusers/secure/download/" + this._serviceNameUrlParam);
                } catch (Exception e) {
                    LOG.error("Failed to get response", e);
                }
                return response2;
            });
        } else {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Checking UserStore updated as user: {}", uGILoginUser);
            }
            response = get(hashMap, "/service/xusers/download/" + this._serviceNameUrlParam);
        }
        if (response == null || response.getStatus() == 304) {
            if (response == null) {
                LOG.error("Error getting UserStore; Received NULL response!!. secureMode={}, user={}, serviceName={}", new Object[]{Boolean.valueOf(z), uGILoginUser, this._serviceName});
            } else {
                String str = response.hasEntity() ? (String) response.readEntity(String.class) : null;
                if (LOG.isDebugEnabled()) {
                    LOG.debug("No change in UserStore. secureMode={}, user={}, response={}, serviceName={}, lastKnownUserStoreVersion={}, lastActivationTimeInMillis={}", new Object[]{Boolean.valueOf(z), uGILoginUser, str, this._serviceName, Long.valueOf(j), Long.valueOf(j2)});
                }
            }
            rangerUserStore = null;
        } else if (response.getStatus() == 200) {
            rangerUserStore = (RangerUserStore) response.readEntity(RangerUserStore.class);
        } else if (response.getStatus() == 404) {
            rangerUserStore = null;
            LOG.error("Error getting UserStore; service not found. secureMode={}, user={}, response={}, serviceName={}, lastKnownUserStoreVersion={}, lastActivationTimeInMillis={}", new Object[]{Boolean.valueOf(z), uGILoginUser, Integer.valueOf(response.getStatus()), this._serviceName, Long.valueOf(j), Long.valueOf(j2)});
            String str2 = response.hasEntity() ? (String) response.readEntity(String.class) : null;
            RangerServiceNotFoundException.throwExceptionIfServiceNotFound(this._serviceName, str2);
            LOG.warn("Received 404 error code with body:[{}], Ignoring", str2);
        } else {
            LOG.warn("Error getting UserStore. secureMode={}, user={}, response={}, serviceName={}, lastKnownUserStoreVersion={}, lastActivationTimeInMillis={}", new Object[]{Boolean.valueOf(z), uGILoginUser, response.hasEntity() ? (String) response.readEntity(String.class) : null, this._serviceName, Long.valueOf(j), Long.valueOf(j2)});
            rangerUserStore = null;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminjersey2RESTClient.getUserStoreIfUpdated(lastKnownUserStoreVersion={}, lastActivationTimeInMillis={}): ret={}", new Object[]{Long.valueOf(j), Long.valueOf(j2), rangerUserStore});
        }
        return rangerUserStore;
    }

    Gson getGson() {
        return new GsonBuilder().setPrettyPrinting().registerTypeAdapter(Date.class, new GsonUnixDateDeserializer()).create();
    }

    Client getClient() {
        Client client = this._client;
        if (client == null) {
            synchronized (this) {
                client = this._client;
                if (client == null) {
                    Client buildClient = buildClient();
                    client = buildClient;
                    this._client = buildClient;
                }
            }
        }
        return client;
    }

    Client buildClient() {
        if (this._isSSL) {
            if (this._sslContext == null) {
                this._sslContext = new RangerSslHelper(this._sslConfigFileName).createContext();
            }
            if (this._hv == null) {
                this._hv = new HostnameVerifier() { // from class: org.apache.ranger.admin.client.RangerAdminJersey2RESTClient.1
                    @Override // javax.net.ssl.HostnameVerifier
                    public boolean verify(String str, SSLSession sSLSession) {
                        return sSLSession.getPeerHost().equals(str);
                    }
                };
            }
            this._client = ClientBuilder.newBuilder().sslContext(this._sslContext).hostnameVerifier(this._hv).build();
        }
        if (this._client == null) {
            this._client = ClientBuilder.newClient();
        }
        return this._client;
    }

    private Response get(Map<String, String> map, String str) {
        Response response = null;
        int i = this.lastKnownActiveUrlIndex;
        int i2 = 0;
        int i3 = 0;
        int i4 = 0;
        while (i4 < this.configURLs.size()) {
            try {
                i2 = (i + i4) % this.configURLs.size();
                response = setQueryParams(this._client.target(this.configURLs.get(i2) + str), map).request(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get();
            } catch (ProcessingException e) {
                if (shouldRetry(this.configURLs.get(i2), i4, i3, e)) {
                    i3++;
                    i4 = -1;
                }
            }
            if (response != null) {
                setLastKnownActiveUrlIndex(i2);
                break;
            }
            continue;
            i4++;
        }
        return response;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Response get(Map<String, String> map, String str, Cookie cookie) {
        Response response = null;
        int i = this.lastKnownActiveUrlIndex;
        int i2 = 0;
        int i3 = 0;
        int i4 = 0;
        while (i4 < this.configURLs.size()) {
            try {
                i2 = (i + i4) % this.configURLs.size();
                response = setQueryParams(this._client.target(this.configURLs.get(i2) + str), map).request(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).cookie(cookie).get();
            } catch (ProcessingException e) {
                if (shouldRetry(this.configURLs.get(i2), i4, i3, e)) {
                    i3++;
                    i4 = -1;
                }
            }
            if (response != null) {
                setLastKnownActiveUrlIndex(i2);
                break;
            }
            continue;
            i4++;
        }
        return response;
    }

    private static WebTarget setQueryParams(WebTarget webTarget, Map<String, String> map) {
        WebTarget webTarget2 = webTarget;
        if (webTarget != null && map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                webTarget2 = webTarget2.queryParam(entry.getKey(), new Object[]{entry.getValue()});
            }
        }
        return webTarget2;
    }

    private void setLastKnownActiveUrlIndex(int i) {
        this.lastKnownActiveUrlIndex = i;
    }

    private boolean isSsl(String str) {
        return !StringUtils.isEmpty(str) && str.toLowerCase().startsWith("https");
    }

    private String getPluginId(String str, String str2) {
        String str3;
        try {
            str3 = InetAddress.getLocalHost().getHostName();
        } catch (UnknownHostException e) {
            LOG.error("ERROR: Unable to find hostname for the agent ", e);
            str3 = "unknownHost";
        }
        String str4 = str3 + "-" + str;
        if (!StringUtils.isEmpty(str2)) {
            str4 = str2 + "@" + str4;
        }
        if (str4.length() > MAX_PLUGIN_ID_LEN) {
            str4 = str4.substring(0, MAX_PLUGIN_ID_LEN);
        }
        return str4;
    }

    private ServicePolicies getServicePoliciesIfUpdatedWithCred(long j, long j2) throws Exception {
        ServicePolicies servicePolicies;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminJersey2RESTClient.getServicePoliciesWithCred(" + j + ", " + j2 + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        Response rangerAdminPolicyDownloadResponse = getRangerAdminPolicyDownloadResponse(j, j2, uGILoginUser, z);
        int status = rangerAdminPolicyDownloadResponse == null ? -1 : rangerAdminPolicyDownloadResponse.getStatus();
        String str = null;
        switch (status) {
            case -1:
                servicePolicies = null;
                this.policyDownloadSessionId = null;
                LOG.warn("Unexpected: Null response from policy server while trying to get policies! Returning null!");
                break;
            case 200:
                String str2 = (String) rangerAdminPolicyDownloadResponse.readEntity(String.class);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Response from 200 server: " + str2);
                }
                servicePolicies = (ServicePolicies) getGson().fromJson(str2, ServicePolicies.class);
                setCookieReceivedFromCredSession(rangerAdminPolicyDownloadResponse);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Deserialized response to: " + servicePolicies);
                    break;
                }
                break;
            case 304:
                servicePolicies = null;
                setCookieReceivedFromCredSession(rangerAdminPolicyDownloadResponse);
                LOG.debug("Got response: 304. Ok. Returning null");
                break;
            case 404:
                servicePolicies = null;
                this.policyDownloadSessionId = null;
                if (rangerAdminPolicyDownloadResponse.hasEntity()) {
                    str = (String) rangerAdminPolicyDownloadResponse.readEntity(String.class);
                    if (StringUtils.isNotBlank(str)) {
                        RangerServiceNotFoundException.throwExceptionIfServiceNotFound(this._serviceName, str);
                    }
                }
                LOG.warn("Received 404 error code with body:[" + str + "], Ignoring");
                break;
            default:
                servicePolicies = null;
                this.policyDownloadSessionId = null;
                LOG.warn(String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", Integer.valueOf(status), (String) rangerAdminPolicyDownloadResponse.readEntity(String.class), getRelativeURL(z)));
                break;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminJersey2RESTClient.getServicePoliciesWithCred(" + j + ", " + j2 + "): " + servicePolicies);
        }
        return servicePolicies;
    }

    private ServicePolicies getServicePoliciesIfUpdatedWithCookie(long j, long j2) throws Exception {
        ServicePolicies servicePolicies;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminJersey2RESTClient.getServicePoliciesWithCookie(" + j + ", " + j2 + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        Response rangerAdminPolicyDownloadResponse = getRangerAdminPolicyDownloadResponse(j, j2, uGILoginUser, z);
        int status = rangerAdminPolicyDownloadResponse == null ? -1 : rangerAdminPolicyDownloadResponse.getStatus();
        String str = null;
        switch (status) {
            case -1:
                servicePolicies = null;
                this.policyDownloadSessionId = null;
                this.isValidPolicyDownloadSessionCookie = false;
                LOG.warn("Unexpected: Null response from policy server while trying to get policies! Returning null!");
                break;
            case 200:
                String str2 = (String) rangerAdminPolicyDownloadResponse.readEntity(String.class);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Response from 200 server: " + str2);
                }
                servicePolicies = (ServicePolicies) getGson().fromJson(str2, ServicePolicies.class);
                checkAndResetSessionCookie(rangerAdminPolicyDownloadResponse);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Deserialized response to: " + servicePolicies);
                    break;
                }
                break;
            case 304:
                servicePolicies = null;
                checkAndResetSessionCookie(rangerAdminPolicyDownloadResponse);
                LOG.debug("Got response: 304. Ok. Returning null");
                break;
            case 404:
                servicePolicies = null;
                this.policyDownloadSessionId = null;
                this.isValidPolicyDownloadSessionCookie = false;
                if (rangerAdminPolicyDownloadResponse.hasEntity()) {
                    str = (String) rangerAdminPolicyDownloadResponse.readEntity(String.class);
                    if (StringUtils.isNotBlank(str)) {
                        RangerServiceNotFoundException.throwExceptionIfServiceNotFound(this._serviceName, str);
                    }
                }
                LOG.warn("Received 404 error code with body:[" + str + "], Ignoring");
                break;
            default:
                servicePolicies = null;
                this.policyDownloadSessionId = null;
                this.isValidPolicyDownloadSessionCookie = false;
                LOG.warn(String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", Integer.valueOf(status), (String) rangerAdminPolicyDownloadResponse.readEntity(String.class), getRelativeURL(z)));
                break;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminJersey2RESTClient.getServicePoliciesWithCookie(" + j + ", " + j2 + "): " + servicePolicies);
        }
        return servicePolicies;
    }

    private Response getRangerAdminPolicyDownloadResponse(long j, long j2, UserGroupInformation userGroupInformation, boolean z) throws Exception {
        Response response;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminJersey2RESTClient.getRangerAdminPolicyDownloadResponse(" + j + ", " + j2 + ")");
        }
        final HashMap hashMap = new HashMap();
        hashMap.put("lastKnownVersion", Long.toString(j));
        hashMap.put("lastActivationTime", Long.toString(j2));
        hashMap.put("pluginId", this._pluginId);
        hashMap.put("clusterName", this._clusterName);
        hashMap.put("supportsPolicyDeltas", Boolean.toString(this._supportsPolicyDeltas));
        hashMap.put("pluginCapabilities", this.pluginCapabilities);
        final String relativeURL = getRelativeURL(z);
        if (z) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Checking Service policy if updated as user : " + userGroupInformation);
            }
            response = (Response) userGroupInformation.doAs(new PrivilegedAction<Response>() { // from class: org.apache.ranger.admin.client.RangerAdminJersey2RESTClient.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Response run() {
                    return RangerAdminJersey2RESTClient.this.get(hashMap, relativeURL, RangerAdminJersey2RESTClient.this.policyDownloadSessionId);
                }
            });
        } else {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Checking Service policy if updated with old api call");
            }
            response = get(hashMap, relativeURL, this.policyDownloadSessionId);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminJersey2RESTClient.getRangerAdminPolicyDownloadResponse(" + j + ", " + j2 + "): " + response);
        }
        return response;
    }

    private String getRelativeURL(boolean z) {
        return z ? "/service/plugins/secure/policies/download/" + this._serviceName : "/service/plugins/policies/download/" + this._serviceName;
    }

    private void checkAndResetSessionCookie(Response response) {
        Map cookies = response.getCookies();
        for (String str : cookies.keySet()) {
            if (str.equalsIgnoreCase(this.rangerAdminCookieName)) {
                this.policyDownloadSessionId = (Cookie) cookies.get(str);
                this.isValidPolicyDownloadSessionCookie = this.policyDownloadSessionId != null;
                return;
            }
        }
    }

    private void setCookieReceivedFromCredSession(Response response) {
        if (this.isRangerCookieEnabled) {
            Cookie cookie = null;
            Map cookies = response.getCookies();
            Iterator it = cookies.keySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String str = (String) it.next();
                if (str.equalsIgnoreCase(this.rangerAdminCookieName)) {
                    cookie = (Cookie) cookies.get(str);
                    break;
                }
            }
            this.policyDownloadSessionId = cookie;
            this.isValidPolicyDownloadSessionCookie = this.policyDownloadSessionId != null;
        }
    }

    private ServiceTags getServiceTagsIfUpdatedWithCred(long j, long j2) throws Exception {
        ServiceTags serviceTags;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminJersey2RESTClient.getServiceTagsIfUpdatedWithCred(" + j + ", " + j2 + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        Response tagsDownloadResponse = getTagsDownloadResponse(j, j2, uGILoginUser, z);
        int status = tagsDownloadResponse == null ? -1 : tagsDownloadResponse.getStatus();
        String str = null;
        switch (status) {
            case -1:
                serviceTags = null;
                this.tagDownloadSessionId = null;
                LOG.warn("Unexpected: Null response from tag server while trying to get tags! Returning null!");
                break;
            case 200:
                String str2 = (String) tagsDownloadResponse.readEntity(String.class);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Response from 200 server: " + str2);
                }
                serviceTags = (ServiceTags) getGson().fromJson(str2, ServiceTags.class);
                setCookieReceivedFromTagDownloadSession(tagsDownloadResponse);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Deserialized response to: " + serviceTags);
                    break;
                }
                break;
            case 304:
                serviceTags = null;
                setCookieReceivedFromTagDownloadSession(tagsDownloadResponse);
                LOG.debug("Got response: 304. Ok. Returning null");
                break;
            case 404:
                serviceTags = null;
                this.tagDownloadSessionId = null;
                if (tagsDownloadResponse.hasEntity()) {
                    str = (String) tagsDownloadResponse.readEntity(String.class);
                    if (StringUtils.isNotBlank(str)) {
                        RangerServiceNotFoundException.throwExceptionIfServiceNotFound(this._serviceName, str);
                    }
                }
                LOG.warn("Received 404 error code with body:[" + str + "], Ignoring");
                break;
            default:
                serviceTags = null;
                this.tagDownloadSessionId = null;
                LOG.warn(String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", Integer.valueOf(status), (String) tagsDownloadResponse.readEntity(String.class), getRelativeURLForTagDownload(z)));
                break;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminJersey2RESTClient.getServiceTagsIfUpdatedWithCred(" + j + ", " + j2 + "): " + serviceTags);
        }
        return serviceTags;
    }

    private ServiceTags getServiceTagsIfUpdatedWithCookie(long j, long j2) throws Exception {
        ServiceTags serviceTags;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminJersey2RESTClient.getServiceTagsIfUpdatedWithCookie(" + j + ", " + j2 + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        Response tagsDownloadResponse = getTagsDownloadResponse(j, j2, uGILoginUser, uGILoginUser != null && UserGroupInformation.isSecurityEnabled());
        int status = tagsDownloadResponse == null ? -1 : tagsDownloadResponse.getStatus();
        String str = null;
        switch (status) {
            case -1:
                serviceTags = null;
                this.tagDownloadSessionId = null;
                this.isValidTagDownloadSessionCookie = false;
                LOG.warn("Unexpected: Null response from tag server while trying to get tags! Returning null!");
                break;
            case 200:
                String str2 = (String) tagsDownloadResponse.readEntity(String.class);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Response from 200 server: " + str2);
                }
                serviceTags = (ServiceTags) getGson().fromJson(str2, ServiceTags.class);
                checkAndResetTagDownloadSessionCookie(tagsDownloadResponse);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Deserialized response to: " + serviceTags);
                    break;
                }
                break;
            case 304:
                serviceTags = null;
                checkAndResetTagDownloadSessionCookie(tagsDownloadResponse);
                LOG.debug("Got response: 304. Ok. Returning null");
                break;
            case 404:
                serviceTags = null;
                this.tagDownloadSessionId = null;
                this.isValidTagDownloadSessionCookie = false;
                if (tagsDownloadResponse.hasEntity()) {
                    str = (String) tagsDownloadResponse.readEntity(String.class);
                    if (StringUtils.isNotBlank(str)) {
                        RangerServiceNotFoundException.throwExceptionIfServiceNotFound(this._serviceName, str);
                    }
                }
                LOG.warn("Received 404 error code with body:[" + str + "], Ignoring");
                break;
            default:
                serviceTags = null;
                this.tagDownloadSessionId = null;
                this.isValidTagDownloadSessionCookie = false;
                LOG.warn(String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", Integer.valueOf(status), (String) tagsDownloadResponse.readEntity(String.class), null));
                break;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminJersey2RESTClient.getServiceTagsIfUpdatedWithCookie(" + j + ", " + j2 + "): " + serviceTags);
        }
        return serviceTags;
    }

    private Response getTagsDownloadResponse(long j, long j2, UserGroupInformation userGroupInformation, boolean z) throws Exception {
        Response response;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminJersey2RESTClient.getTagsDownloadResponse(" + j + ", " + j2 + ")");
        }
        final HashMap hashMap = new HashMap();
        hashMap.put("lastKnownVersion", Long.toString(j));
        hashMap.put("lastActivationTime", Long.toString(j2));
        hashMap.put("pluginId", this._pluginId);
        hashMap.put("supportsTagDeltas", Boolean.toString(this._supportsTagDeltas));
        hashMap.put("pluginCapabilities", this.pluginCapabilities);
        final String relativeURLForTagDownload = getRelativeURLForTagDownload(z);
        if (z) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Checking Service tags if updated as user : " + userGroupInformation);
            }
            response = (Response) userGroupInformation.doAs(new PrivilegedAction<Response>() { // from class: org.apache.ranger.admin.client.RangerAdminJersey2RESTClient.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Response run() {
                    return RangerAdminJersey2RESTClient.this.get(hashMap, relativeURLForTagDownload, RangerAdminJersey2RESTClient.this.tagDownloadSessionId);
                }
            });
        } else {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Checking Service tags if updated with old api call");
            }
            response = get(hashMap, relativeURLForTagDownload, this.tagDownloadSessionId);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminJersey2RESTClient.getTagsDownloadResponse(" + j + ", " + j2 + "): " + response);
        }
        return response;
    }

    private String getRelativeURLForTagDownload(boolean z) {
        return z ? "/service/tags/secure/download/" + this._serviceName : "/service/tags/download/" + this._serviceName;
    }

    private void checkAndResetTagDownloadSessionCookie(Response response) {
        Map cookies = response.getCookies();
        for (String str : cookies.keySet()) {
            if (str.equalsIgnoreCase(this.rangerAdminCookieName)) {
                this.tagDownloadSessionId = (Cookie) cookies.get(str);
                this.isValidTagDownloadSessionCookie = this.tagDownloadSessionId != null;
                return;
            }
        }
    }

    private void setCookieReceivedFromTagDownloadSession(Response response) {
        if (this.isRangerCookieEnabled) {
            Cookie cookie = null;
            Map cookies = response.getCookies();
            for (String str : cookies.keySet()) {
                if (str.equalsIgnoreCase(this.rangerAdminCookieName)) {
                    cookie = (Cookie) cookies.get(str);
                }
            }
            this.tagDownloadSessionId = cookie;
            this.isValidTagDownloadSessionCookie = this.tagDownloadSessionId != null;
        }
    }

    private RangerRoles getRangerRolesIfUpdatedWithCred(long j, long j2) throws Exception {
        RangerRoles rangerRoles;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminJersey2RESTClient.getRangerRolesIfUpdatedWithCred(" + j + ", " + j2 + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        Response roleDownloadResponse = getRoleDownloadResponse(j, j2, uGILoginUser, z);
        int status = roleDownloadResponse == null ? -1 : roleDownloadResponse.getStatus();
        String str = null;
        switch (status) {
            case -1:
                rangerRoles = null;
                this.roleDownloadSessionId = null;
                LOG.warn("Unexpected: Null response from policy server while trying to get policies! Returning null!");
                break;
            case 200:
                String str2 = (String) roleDownloadResponse.readEntity(String.class);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Response from 200 server: " + str2);
                }
                rangerRoles = (RangerRoles) getGson().fromJson(str2, RangerRoles.class);
                setCookieReceivedFromRoleDownloadSession(roleDownloadResponse);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Deserialized response to: " + rangerRoles);
                    break;
                }
                break;
            case 304:
                rangerRoles = null;
                setCookieReceivedFromRoleDownloadSession(roleDownloadResponse);
                LOG.debug("Got response: 304. Ok. Returning null");
                break;
            case 404:
                rangerRoles = null;
                this.roleDownloadSessionId = null;
                if (roleDownloadResponse.hasEntity()) {
                    str = (String) roleDownloadResponse.readEntity(String.class);
                    if (StringUtils.isNotBlank(str)) {
                        RangerServiceNotFoundException.throwExceptionIfServiceNotFound(this._serviceName, str);
                    }
                }
                LOG.warn("Received 404 error code with body:[" + str + "], Ignoring");
                break;
            default:
                rangerRoles = null;
                this.roleDownloadSessionId = null;
                LOG.warn(String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", Integer.valueOf(status), (String) roleDownloadResponse.readEntity(String.class), getRelativeURLForRoleDownload(z)));
                break;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminJersey2RESTClient.getRangerRolesIfUpdatedWithCred(" + j + ", " + j2 + "): " + rangerRoles);
        }
        return rangerRoles;
    }

    private RangerRoles getRangerRolesIfUpdatedWithCookie(long j, long j2) throws Exception {
        RangerRoles rangerRoles;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminJersey2RESTClient.getRangerRolesIfUpdatedWithCookie(" + j + ", " + j2 + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        Response roleDownloadResponse = getRoleDownloadResponse(j, j2, uGILoginUser, z);
        int status = roleDownloadResponse == null ? -1 : roleDownloadResponse.getStatus();
        String str = null;
        switch (status) {
            case -1:
                rangerRoles = null;
                this.roleDownloadSessionId = null;
                this.isValidRoleDownloadSessionCookie = false;
                LOG.warn("Unexpected: Null response from policy server while trying to get policies! Returning null!");
                break;
            case 200:
                String str2 = (String) roleDownloadResponse.readEntity(String.class);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Response from 200 server: " + str2);
                }
                rangerRoles = (RangerRoles) getGson().fromJson(str2, RangerRoles.class);
                checkAndResetRoleDownloadSessionCookie(roleDownloadResponse);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Deserialized response to: " + rangerRoles);
                    break;
                }
                break;
            case 304:
                rangerRoles = null;
                checkAndResetRoleDownloadSessionCookie(roleDownloadResponse);
                LOG.debug("Got response: 304. Ok. Returning null");
                break;
            case 404:
                rangerRoles = null;
                this.roleDownloadSessionId = null;
                this.isValidRoleDownloadSessionCookie = false;
                if (roleDownloadResponse.hasEntity()) {
                    str = (String) roleDownloadResponse.readEntity(String.class);
                    if (StringUtils.isNotBlank(str)) {
                        RangerServiceNotFoundException.throwExceptionIfServiceNotFound(this._serviceName, str);
                    }
                }
                LOG.warn("Received 404 error code with body:[" + str + "], Ignoring");
                break;
            default:
                rangerRoles = null;
                this.roleDownloadSessionId = null;
                this.isValidRoleDownloadSessionCookie = false;
                LOG.warn(String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", Integer.valueOf(status), (String) roleDownloadResponse.readEntity(String.class), getRelativeURLForRoleDownload(z)));
                break;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminJersey2RESTClient.getRangerRolesIfUpdatedWithCookie(" + j + ", " + j2 + "): " + rangerRoles);
        }
        return rangerRoles;
    }

    private Response getRoleDownloadResponse(long j, long j2, UserGroupInformation userGroupInformation, boolean z) throws Exception {
        Response response;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminJersey2RESTClient.getRoleDownloadResponse(" + j + ", " + j2 + ")");
        }
        final HashMap hashMap = new HashMap();
        hashMap.put("lastKnownRoleVersion", Long.toString(j));
        hashMap.put("lastActivationTime", Long.toString(j2));
        hashMap.put("pluginId", this._pluginId);
        hashMap.put("clusterName", this._clusterName);
        final String relativeURLForRoleDownload = getRelativeURLForRoleDownload(z);
        if (z) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Checking Roles if updated as user : " + userGroupInformation);
            }
            response = (Response) userGroupInformation.doAs(new PrivilegedAction<Response>() { // from class: org.apache.ranger.admin.client.RangerAdminJersey2RESTClient.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Response run() {
                    return RangerAdminJersey2RESTClient.this.get(hashMap, relativeURLForRoleDownload, RangerAdminJersey2RESTClient.this.roleDownloadSessionId);
                }
            });
        } else {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Checking Roles if updated with old api call");
            }
            response = get(hashMap, relativeURLForRoleDownload, this.roleDownloadSessionId);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminJersey2RESTClient.getRoleDownloadResponse(" + j + ", " + j2 + "): " + response);
        }
        return response;
    }

    private String getRelativeURLForRoleDownload(boolean z) {
        return z ? "/service/roles/secure/download/" + this._serviceName : "/service/roles/download/" + this._serviceName;
    }

    private void checkAndResetRoleDownloadSessionCookie(Response response) {
        Map cookies = response.getCookies();
        for (String str : cookies.keySet()) {
            if (str.equalsIgnoreCase(this.rangerAdminCookieName)) {
                this.roleDownloadSessionId = (Cookie) cookies.get(str);
                this.isValidRoleDownloadSessionCookie = this.roleDownloadSessionId != null;
                return;
            }
        }
    }

    private void setCookieReceivedFromRoleDownloadSession(Response response) {
        if (this.isRangerCookieEnabled) {
            Cookie cookie = null;
            Map cookies = response.getCookies();
            Iterator it = cookies.keySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String str = (String) it.next();
                if (str.equalsIgnoreCase(this.rangerAdminCookieName)) {
                    cookie = (Cookie) cookies.get(str);
                    break;
                }
            }
            this.roleDownloadSessionId = cookie;
            this.isValidRoleDownloadSessionCookie = this.roleDownloadSessionId != null;
        }
    }

    protected boolean shouldRetry(String str, int i, int i2, ProcessingException processingException) {
        LOG.warn("Failed to communicate with Ranger Admin. URL: " + str + ". Error: " + processingException.getMessage());
        boolean z = i == this.configURLs.size() - 1;
        boolean z2 = z && i2 < this._restClientMaxRetryAttempts;
        if (z2) {
            LOG.warn("Waiting for " + this._restClientRetryIntervalMs + "ms before retry attempt #" + (i2 + 1));
            try {
                Thread.sleep(this._restClientRetryIntervalMs);
            } catch (InterruptedException e) {
                LOG.error("Failed while waiting to retry", e);
            }
        } else if (z) {
            LOG.error("Failed to communicate with all Ranger Admin's URL's : [ " + this.configURLs + " ]");
            throw new ProcessingException("Failed to communicate with all Ranger Admin's URL : [ " + this.configURLs + " ]", processingException);
        }
        return z2;
    }
}
