package org.apache.ranger.tagsync.sink.tagadmin;

import com.sun.jersey.api.client.ClientResponse;
import java.io.IOException;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ArrayBlockingQueue;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.NewCookie;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.admin.client.datatype.RESTResponse;
import org.apache.ranger.plugin.util.RangerRESTClient;
import org.apache.ranger.plugin.util.ServiceTags;
import org.apache.ranger.tagsync.model.TagSink;
import org.apache.ranger.tagsync.process.TagSyncConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.class */
public class TagAdminRESTSink implements TagSink, Runnable {
    private static final Logger LOG = LoggerFactory.getLogger(TagAdminRESTSink.class);
    private static final String REST_PREFIX = "/service";
    private static final String MODULE_PREFIX = "/tags";
    private static final String REST_URL_IMPORT_SERVICETAGS_RESOURCE = "/service/tags/importservicetags/";
    private long rangerAdminConnectionCheckInterval;
    private boolean isRangerCookieEnabled;
    private String rangerAdminCookieName;
    private boolean isKerberized;
    private BlockingQueue<UploadWorkItem> uploadWorkItems;
    private Cookie sessionId = null;
    private boolean isValidRangerCookie = false;
    List<NewCookie> cookieList = new ArrayList();
    private RangerRESTClient tagRESTClient = null;
    private Thread myThread = null;

    /* loaded from: input_file:org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink$UploadWorkItem.class */
    static class UploadWorkItem {
        private ServiceTags serviceTags;
        private BlockingQueue<ServiceTags> uploadedServiceTags;

        ServiceTags getServiceTags() {
            return this.serviceTags;
        }

        ServiceTags waitForUpload() throws InterruptedException {
            return this.uploadedServiceTags.take();
        }

        void uploadCompleted(ServiceTags serviceTags) throws InterruptedException {
            this.uploadedServiceTags.put(serviceTags);
        }

        UploadWorkItem(ServiceTags serviceTags) {
            setServiceTags(serviceTags);
            this.uploadedServiceTags = new ArrayBlockingQueue(1);
        }

        void setServiceTags(ServiceTags serviceTags) {
            this.serviceTags = serviceTags;
        }
    }

    @Override // org.apache.ranger.tagsync.model.TagSink
    public boolean initialize(Properties properties) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> TagAdminRESTSink.initialize()");
        }
        boolean z = false;
        String tagAdminRESTUrl = TagSyncConfig.getTagAdminRESTUrl(properties);
        String tagAdminRESTSslConfigFile = TagSyncConfig.getTagAdminRESTSslConfigFile(properties);
        String tagAdminUserName = TagSyncConfig.getTagAdminUserName(properties);
        String tagAdminPassword = TagSyncConfig.getTagAdminPassword(properties);
        this.rangerAdminConnectionCheckInterval = TagSyncConfig.getTagAdminConnectionCheckInterval(properties);
        this.isKerberized = TagSyncConfig.getTagsyncKerberosIdentity(properties) != null;
        this.isRangerCookieEnabled = TagSyncConfig.isTagSyncRangerCookieEnabled(properties);
        this.rangerAdminCookieName = TagSyncConfig.getRangerAdminCookieName(properties);
        this.sessionId = null;
        if (LOG.isDebugEnabled()) {
            LOG.debug("restUrl=" + tagAdminRESTUrl);
            LOG.debug("sslConfigFile=" + tagAdminRESTSslConfigFile);
            LOG.debug("userName=" + tagAdminUserName);
            LOG.debug("rangerAdminConnectionCheckInterval=" + this.rangerAdminConnectionCheckInterval);
            LOG.debug("isKerberized=" + this.isKerberized);
        }
        if (StringUtils.isNotBlank(tagAdminRESTUrl)) {
            this.tagRESTClient = new RangerRESTClient(tagAdminRESTUrl, tagAdminRESTSslConfigFile, TagSyncConfig.getInstance());
            if (!this.isKerberized) {
                this.tagRESTClient.setBasicAuthInfo(tagAdminUserName, tagAdminPassword);
            }
            this.tagRESTClient.getClient();
            this.uploadWorkItems = new LinkedBlockingQueue();
            z = true;
        } else {
            LOG.error("No value specified for property 'ranger.tagsync.tagadmin.rest.url'!");
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== TagAdminRESTSink.initialize(), result=" + z);
        }
        return z;
    }

    @Override // org.apache.ranger.tagsync.model.TagSink
    public ServiceTags upload(ServiceTags serviceTags) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> upload() ");
        }
        UploadWorkItem uploadWorkItem = new UploadWorkItem(serviceTags);
        this.uploadWorkItems.put(uploadWorkItem);
        ServiceTags waitForUpload = uploadWorkItem.waitForUpload();
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== upload()");
        }
        return waitForUpload;
    }

    private ServiceTags doUpload(final ServiceTags serviceTags) throws Exception {
        if (!this.isKerberized) {
            return uploadServiceTags(serviceTags);
        }
        try {
            UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
            if (loginUser != null) {
                try {
                    loginUser.checkTGTAndReloginFromKeytab();
                } catch (IOException e) {
                    LOG.error("Error renewing TGT and relogin", e);
                    loginUser = null;
                }
            }
            if (loginUser == null) {
                LOG.error("Failed to get UserGroupInformation.getLoginUser()");
                return null;
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Using Principal = " + loginUser.getUserName());
            }
            return (ServiceTags) loginUser.doAs(new PrivilegedAction<ServiceTags>() { // from class: org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ServiceTags run() {
                    try {
                        return TagAdminRESTSink.this.uploadServiceTags(serviceTags);
                    } catch (Exception e2) {
                        TagAdminRESTSink.LOG.error("Upload of service-tags failed with message ", e2);
                        return null;
                    }
                }
            });
        } catch (Exception e2) {
            LOG.error("Upload of service-tags failed with message ", e2);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ServiceTags uploadServiceTags(ServiceTags serviceTags) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> doUpload()");
        }
        ClientResponse uploadServiceTagsUsingCookie = this.isRangerCookieEnabled ? uploadServiceTagsUsingCookie(serviceTags) : this.tagRESTClient.put(REST_URL_IMPORT_SERVICETAGS_RESOURCE, (Map) null, serviceTags);
        if (uploadServiceTagsUsingCookie == null || uploadServiceTagsUsingCookie.getStatus() != 204) {
            RESTResponse fromClientResponse = RESTResponse.fromClientResponse(uploadServiceTagsUsingCookie);
            LOG.error("Upload of service-tags failed with message " + fromClientResponse.getMessage());
            if (uploadServiceTagsUsingCookie == null || fromClientResponse.getHttpStatusCode() != 400) {
                throw new Exception("Upload of service-tags failed with response: " + uploadServiceTagsUsingCookie);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== doUpload()");
        }
        return serviceTags;
    }

    private ClientResponse uploadServiceTagsUsingCookie(ServiceTags serviceTags) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> uploadServiceTagCache()");
        }
        ClientResponse tryWithCred = (this.sessionId == null || !this.isValidRangerCookie) ? tryWithCred(serviceTags) : tryWithCookie(serviceTags);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== uploadServiceTagCache()");
        }
        return tryWithCred;
    }

    private ClientResponse tryWithCred(ServiceTags serviceTags) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> tryWithCred");
        }
        ClientResponse uploadTagsWithCred = uploadTagsWithCred(serviceTags);
        if (uploadTagsWithCred != null && uploadTagsWithCred.getStatus() != 204 && uploadTagsWithCred.getStatus() != 400 && uploadTagsWithCred.getStatus() != 200) {
            this.sessionId = null;
            uploadTagsWithCred = null;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== tryWithCred");
        }
        return uploadTagsWithCred;
    }

    private ClientResponse tryWithCookie(ServiceTags serviceTags) {
        ClientResponse uploadTagsWithCookie = uploadTagsWithCookie(serviceTags);
        if (uploadTagsWithCookie != null && uploadTagsWithCookie.getStatus() != 204 && uploadTagsWithCookie.getStatus() != 400 && uploadTagsWithCookie.getStatus() != 200) {
            this.sessionId = null;
            this.isValidRangerCookie = false;
            uploadTagsWithCookie = null;
        }
        return uploadTagsWithCookie;
    }

    private synchronized ClientResponse uploadTagsWithCred(ServiceTags serviceTags) {
        if (this.sessionId != null) {
            ClientResponse uploadTagsWithCookie = uploadTagsWithCookie(serviceTags);
            if (!uploadTagsWithCookie.toString().contains(REST_URL_IMPORT_SERVICETAGS_RESOURCE)) {
                uploadTagsWithCookie.setStatus(404);
            }
            return uploadTagsWithCookie;
        }
        this.tagRESTClient.resetClient();
        ClientResponse clientResponse = null;
        try {
            clientResponse = this.tagRESTClient.put(REST_URL_IMPORT_SERVICETAGS_RESOURCE, (Map) null, serviceTags);
        } catch (Exception e) {
            LOG.error("Failed to get response, Error is : " + e.getMessage());
        }
        if (clientResponse != null) {
            if (!clientResponse.toString().contains(REST_URL_IMPORT_SERVICETAGS_RESOURCE)) {
                clientResponse.setStatus(404);
            } else if (clientResponse.getStatus() == 401) {
                LOG.warn("Credentials response from ranger is 401.");
            } else if (clientResponse.getStatus() == 200 || clientResponse.getStatus() == 204) {
                this.cookieList = clientResponse.getCookies();
                Iterator<NewCookie> it = this.cookieList.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    NewCookie next = it.next();
                    if (next.getName().equalsIgnoreCase(this.rangerAdminCookieName)) {
                        this.sessionId = next.toCookie();
                        this.isValidRangerCookie = true;
                        break;
                    }
                    this.isValidRangerCookie = false;
                }
            }
        }
        return clientResponse;
    }

    private ClientResponse uploadTagsWithCookie(ServiceTags serviceTags) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> uploadTagsWithCookie");
        }
        ClientResponse clientResponse = null;
        try {
            clientResponse = this.tagRESTClient.put(REST_URL_IMPORT_SERVICETAGS_RESOURCE, serviceTags, this.sessionId);
        } catch (Exception e) {
            LOG.error("Failed to get response, Error is : " + e.getMessage());
        }
        if (clientResponse != null) {
            if (!clientResponse.toString().contains(REST_URL_IMPORT_SERVICETAGS_RESOURCE)) {
                clientResponse.setStatus(404);
                this.sessionId = null;
                this.isValidRangerCookie = false;
            } else if (clientResponse.getStatus() == 401) {
                this.sessionId = null;
                this.isValidRangerCookie = false;
            } else if (clientResponse.getStatus() == 204 || clientResponse.getStatus() == 200) {
                Iterator it = clientResponse.getCookies().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    NewCookie newCookie = (NewCookie) it.next();
                    if (newCookie.getName().equalsIgnoreCase(this.rangerAdminCookieName)) {
                        if (!this.sessionId.getValue().equalsIgnoreCase(newCookie.toCookie().getValue())) {
                            this.sessionId = newCookie.toCookie();
                        }
                        this.isValidRangerCookie = true;
                    }
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== uploadTagsWithCookie");
        }
        return clientResponse;
    }

    @Override // org.apache.ranger.tagsync.model.TagSink
    public boolean start() {
        this.myThread = new Thread(this);
        this.myThread.setDaemon(true);
        this.myThread.start();
        return true;
    }

    @Override // org.apache.ranger.tagsync.model.TagSink
    public void stop() {
        if (this.myThread == null || !this.myThread.isAlive()) {
            return;
        }
        this.myThread.interrupt();
    }

    @Override // java.lang.Runnable
    public void run() {
        boolean z;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> TagAdminRESTSink.run()");
        }
        while (true) {
            try {
                UploadWorkItem take = this.uploadWorkItems.take();
                ServiceTags serviceTags = take.getServiceTags();
                do {
                    z = false;
                    try {
                        ServiceTags doUpload = doUpload(serviceTags);
                        if (doUpload == null) {
                            z = true;
                            Thread.sleep(this.rangerAdminConnectionCheckInterval);
                        } else {
                            take.uploadCompleted(doUpload);
                        }
                    } catch (InterruptedException e) {
                        LOG.error("Caught exception..: ", e);
                        return;
                    } catch (Exception e2) {
                        z = true;
                        Thread.sleep(this.rangerAdminConnectionCheckInterval);
                    }
                } while (z);
            } catch (InterruptedException e3) {
                LOG.error("Interrupted..: ", e3);
                return;
            }
        }
    }
}
