package org.apache.ranger.admin.client;

import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.GenericType;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.ParameterizedType;
import java.lang.reflect.Type;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.NewCookie;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.admin.client.datatype.RESTResponse;
import org.apache.ranger.audit.provider.MiscUtil;
import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.plugin.model.RangerRole;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
import org.apache.ranger.plugin.util.GrantRevokeRoleRequest;
import org.apache.ranger.plugin.util.RangerCommonConstants;
import org.apache.ranger.plugin.util.RangerPluginCapability;
import org.apache.ranger.plugin.util.RangerRESTClient;
import org.apache.ranger.plugin.util.RangerRESTUtils;
import org.apache.ranger.plugin.util.RangerRoles;
import org.apache.ranger.plugin.util.RangerServiceNotFoundException;
import org.apache.ranger.plugin.util.RangerUserStore;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.plugin.util.ServiceTags;
import org.apache.ranger.plugin.util.URLEncoderUtil;

/* loaded from: input_file:org/apache/ranger/admin/client/RangerAdminRESTClient.class */
public class RangerAdminRESTClient extends AbstractRangerAdminClient {
    private static final Log LOG = LogFactory.getLog(RangerAdminRESTClient.class);
    private String serviceName;
    private String serviceNameUrlParam;
    private String pluginId;
    private String clusterName;
    private RangerRESTClient restClient;
    private boolean supportsPolicyDeltas;
    private boolean supportsTagDeltas;
    private boolean isRangerCookieEnabled;
    private String rangerAdminCookieName;
    private RangerRESTUtils restUtils = new RangerRESTUtils();
    private Cookie policyDownloadSessionId = null;
    private boolean isValidPolicyDownloadSessionCookie = false;
    private Cookie tagDownloadSessionId = null;
    private boolean isValidTagDownloadSessionCookie = false;
    private Cookie roleDownloadSessionId = null;
    private boolean isValidRoleDownloadSessionCookie = false;
    private final String pluginCapabilities = Long.toHexString(new RangerPluginCapability().getPluginCapabilities());

    public static <T> GenericType<List<T>> getGenericType(final T t) {
        return new GenericType<List<T>>(new ParameterizedType() { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.1
            @Override // java.lang.reflect.ParameterizedType
            public Type[] getActualTypeArguments() {
                return new Type[]{t.getClass()};
            }

            @Override // java.lang.reflect.ParameterizedType
            public Type getRawType() {
                return List.class;
            }

            @Override // java.lang.reflect.ParameterizedType
            public Type getOwnerType() {
                return List.class;
            }
        }) { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.2
        };
    }

    @Override // org.apache.ranger.admin.client.AbstractRangerAdminClient, org.apache.ranger.admin.client.RangerAdminClient
    public void init(String str, String str2, String str3, Configuration configuration) {
        super.init(str, str2, str3, configuration);
        this.serviceName = str;
        this.pluginId = this.restUtils.getPluginId(str, str2);
        String str4 = configuration.get(str3 + ".policy.rest.url");
        String str5 = configuration.get(str3 + ".policy.rest.ssl.config.file");
        this.clusterName = configuration.get(str3 + ".access.cluster.name", "");
        if (StringUtil.isEmpty(this.clusterName)) {
            this.clusterName = configuration.get(str3 + ".ambari.cluster.name", "");
            if (StringUtil.isEmpty(this.clusterName) && (configuration instanceof RangerPluginConfig)) {
                this.clusterName = ((RangerPluginConfig) configuration).getClusterName();
            }
        }
        int i = configuration.getInt(str3 + ".policy.rest.client.connection.timeoutMs", 120000);
        int i2 = configuration.getInt(str3 + ".policy.rest.client.read.timeoutMs", 30000);
        this.supportsPolicyDeltas = configuration.getBoolean(str3 + ".supports.policy.deltas", false);
        this.supportsTagDeltas = configuration.getBoolean(str3 + ".supports.tag.deltas", false);
        this.isRangerCookieEnabled = configuration.getBoolean(str3 + ".policy.rest.client.cookie.enabled", true);
        this.rangerAdminCookieName = configuration.get(str3 + ".policy.rest.client.session.cookie.name", RangerCommonConstants.DEFAULT_COOKIE_NAME);
        String trim = StringUtil.isEmpty(str4) ? "" : str4.trim();
        if (trim.endsWith("/")) {
            trim = trim.substring(0, trim.length() - 1);
        }
        init(trim, str5, i, i2, configuration);
        try {
            this.serviceNameUrlParam = URLEncoderUtil.encodeURIParam(str);
        } catch (UnsupportedEncodingException e) {
            LOG.warn("Unsupported encoding, serviceName=" + str);
            this.serviceNameUrlParam = str;
        }
    }

    @Override // org.apache.ranger.admin.client.AbstractRangerAdminClient, org.apache.ranger.admin.client.RangerAdminClient
    public ServicePolicies getServicePoliciesIfUpdated(long j, long j2) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.getServicePoliciesIfUpdated(" + j + ", " + j2 + ")");
        }
        ServicePolicies servicePoliciesIfUpdatedWithCookie = (this.isRangerCookieEnabled && this.policyDownloadSessionId != null && this.isValidPolicyDownloadSessionCookie) ? getServicePoliciesIfUpdatedWithCookie(j, j2) : getServicePoliciesIfUpdatedWithCred(j, j2);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.getServicePoliciesIfUpdated(" + j + ", " + j2 + "): " + servicePoliciesIfUpdatedWithCookie);
        }
        return servicePoliciesIfUpdatedWithCookie;
    }

    @Override // org.apache.ranger.admin.client.AbstractRangerAdminClient, org.apache.ranger.admin.client.RangerAdminClient
    public RangerRoles getRolesIfUpdated(long j, long j2) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.getRolesIfUpdated(" + j + ", " + j2 + ")");
        }
        RangerRoles rolesIfUpdatedWithCookie = (this.isRangerCookieEnabled && this.roleDownloadSessionId != null && this.isValidRoleDownloadSessionCookie) ? getRolesIfUpdatedWithCookie(j, j2) : getRolesIfUpdatedWithCred(j, j2);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.getRolesIfUpdated(" + j + ", " + j2 + "): ");
        }
        return rolesIfUpdatedWithCookie;
    }

    @Override // org.apache.ranger.admin.client.AbstractRangerAdminClient, org.apache.ranger.admin.client.RangerAdminClient
    public RangerRole createRole(final RangerRole rangerRole) throws Exception {
        ClientResponse post;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.createRole(" + rangerRole + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        final String str = RangerRESTUtils.REST_URL_SERVICE_CREATE_ROLE;
        final HashMap hashMap = new HashMap();
        hashMap.put("serviceName", this.serviceNameUrlParam);
        if (z) {
            PrivilegedAction<ClientResponse> privilegedAction = new PrivilegedAction<ClientResponse>() { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ClientResponse run() {
                    ClientResponse clientResponse = null;
                    try {
                        clientResponse = RangerAdminRESTClient.this.restClient.post(str, hashMap, rangerRole);
                    } catch (Exception e) {
                        RangerAdminRESTClient.LOG.error("Failed to get response, Error is : " + e.getMessage());
                    }
                    return clientResponse;
                }
            };
            if (LOG.isDebugEnabled()) {
                LOG.debug("create role as user " + uGILoginUser);
            }
            post = (ClientResponse) uGILoginUser.doAs(privilegedAction);
        } else {
            post = this.restClient.post(RangerRESTUtils.REST_URL_SERVICE_CREATE_ROLE, hashMap, rangerRole);
        }
        if (post != null && post.getStatus() != 200) {
            RESTResponse fromClientResponse = RESTResponse.fromClientResponse(post);
            LOG.error("createRole() failed: HTTP status=" + post.getStatus() + ", message=" + fromClientResponse.getMessage() + ", isSecure=" + z + (z ? ", user=" + uGILoginUser : ""));
            if (post.getStatus() == 401) {
                throw new AccessControlException();
            }
            throw new Exception("HTTP " + post.getStatus() + " Error: " + fromClientResponse.getMessage());
        }
        if (post == null) {
            throw new Exception("unknown error during createRole. roleName=" + rangerRole.getName());
        }
        RangerRole rangerRole2 = (RangerRole) post.getEntity(RangerRole.class);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.createRole(" + rangerRole + ")");
        }
        return rangerRole2;
    }

    @Override // org.apache.ranger.admin.client.AbstractRangerAdminClient, org.apache.ranger.admin.client.RangerAdminClient
    public void dropRole(String str, String str2) throws Exception {
        ClientResponse delete;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.dropRole(" + str2 + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        final HashMap hashMap = new HashMap();
        hashMap.put("serviceName", this.serviceNameUrlParam);
        hashMap.put(RangerRESTUtils.REST_PARAM_EXEC_USER, str);
        final String str3 = "/service/public/v2/api/roles/name/" + str2;
        if (z) {
            PrivilegedAction<ClientResponse> privilegedAction = new PrivilegedAction<ClientResponse>() { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ClientResponse run() {
                    ClientResponse clientResponse = null;
                    try {
                        clientResponse = RangerAdminRESTClient.this.restClient.delete(str3, hashMap);
                    } catch (Exception e) {
                        RangerAdminRESTClient.LOG.error("Failed to get response, Error is : " + e.getMessage());
                    }
                    return clientResponse;
                }
            };
            if (LOG.isDebugEnabled()) {
                LOG.debug("drop role as user " + uGILoginUser);
            }
            delete = (ClientResponse) uGILoginUser.doAs(privilegedAction);
        } else {
            delete = this.restClient.delete(str3, hashMap);
        }
        if (delete == null) {
            throw new Exception("unknown error during deleteRole. roleName=" + str2);
        }
        if (delete.getStatus() == 200 || delete.getStatus() == 204) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== RangerAdminRESTClient.deleteRole(" + str2 + ")");
            }
        } else {
            RESTResponse fromClientResponse = RESTResponse.fromClientResponse(delete);
            LOG.error("createRole() failed: HTTP status=" + delete.getStatus() + ", message=" + fromClientResponse.getMessage() + ", isSecure=" + z + (z ? ", user=" + uGILoginUser : ""));
            if (delete.getStatus() != 401) {
                throw new Exception("HTTP " + delete.getStatus() + " Error: " + fromClientResponse.getMessage());
            }
            throw new AccessControlException();
        }
    }

    @Override // org.apache.ranger.admin.client.AbstractRangerAdminClient, org.apache.ranger.admin.client.RangerAdminClient
    public List<String> getUserRoles(String str) throws Exception {
        ClientResponse clientResponse;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.getUserRoles(" + str + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        final String str2 = RangerRESTUtils.REST_URL_SERVICE_GET_USER_ROLES + str;
        if (z) {
            PrivilegedAction<ClientResponse> privilegedAction = new PrivilegedAction<ClientResponse>() { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.5
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ClientResponse run() {
                    ClientResponse clientResponse2 = null;
                    try {
                        clientResponse2 = RangerAdminRESTClient.this.restClient.get(str2, null);
                    } catch (Exception e) {
                        RangerAdminRESTClient.LOG.error("Failed to get response, Error is : " + e.getMessage());
                    }
                    return clientResponse2;
                }
            };
            if (LOG.isDebugEnabled()) {
                LOG.debug("get roles as user " + uGILoginUser);
            }
            clientResponse = (ClientResponse) uGILoginUser.doAs(privilegedAction);
        } else {
            clientResponse = this.restClient.get(str2, null);
        }
        if (clientResponse == null) {
            throw new Exception("unknown error during getUserRoles. execUser=" + str);
        }
        if (clientResponse.getStatus() == 200) {
            List<String> list = (List) clientResponse.getEntity(getGenericType(""));
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== RangerAdminRESTClient.getUserRoles(" + str + ")");
            }
            return list;
        }
        RESTResponse fromClientResponse = RESTResponse.fromClientResponse(clientResponse);
        LOG.error("getUserRoles() failed: HTTP status=" + clientResponse.getStatus() + ", message=" + fromClientResponse.getMessage() + ", isSecure=" + z + (z ? ", user=" + uGILoginUser : ""));
        if (clientResponse.getStatus() == 401) {
            throw new AccessControlException();
        }
        throw new Exception("HTTP " + clientResponse.getStatus() + " Error: " + fromClientResponse.getMessage());
    }

    @Override // org.apache.ranger.admin.client.AbstractRangerAdminClient, org.apache.ranger.admin.client.RangerAdminClient
    public List<String> getAllRoles(String str) throws Exception {
        ClientResponse clientResponse;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.getAllRoles()");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        final String str2 = RangerRESTUtils.REST_URL_SERVICE_GET_ALL_ROLES;
        final HashMap hashMap = new HashMap();
        hashMap.put("serviceName", this.serviceNameUrlParam);
        hashMap.put(RangerRESTUtils.REST_PARAM_EXEC_USER, str);
        if (z) {
            PrivilegedAction<ClientResponse> privilegedAction = new PrivilegedAction<ClientResponse>() { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.6
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ClientResponse run() {
                    ClientResponse clientResponse2 = null;
                    try {
                        clientResponse2 = RangerAdminRESTClient.this.restClient.get(str2, hashMap);
                    } catch (Exception e) {
                        RangerAdminRESTClient.LOG.error("Failed to get response, Error is : " + e.getMessage());
                    }
                    return clientResponse2;
                }
            };
            if (LOG.isDebugEnabled()) {
                LOG.debug("get roles as user " + uGILoginUser);
            }
            clientResponse = (ClientResponse) uGILoginUser.doAs(privilegedAction);
        } else {
            clientResponse = this.restClient.get(RangerRESTUtils.REST_URL_SERVICE_GET_ALL_ROLES, hashMap);
        }
        if (clientResponse == null) {
            throw new Exception("unknown error during getAllRoles.");
        }
        if (clientResponse.getStatus() == 200) {
            List<String> list = (List) clientResponse.getEntity(getGenericType(""));
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== RangerAdminRESTClient.getAllRoles()");
            }
            return list;
        }
        RESTResponse fromClientResponse = RESTResponse.fromClientResponse(clientResponse);
        LOG.error("getAllRoles() failed: HTTP status=" + clientResponse.getStatus() + ", message=" + fromClientResponse.getMessage() + ", isSecure=" + z + (z ? ", user=" + uGILoginUser : ""));
        if (clientResponse.getStatus() == 401) {
            throw new AccessControlException();
        }
        throw new Exception("HTTP " + clientResponse.getStatus() + " Error: " + fromClientResponse.getMessage());
    }

    @Override // org.apache.ranger.admin.client.AbstractRangerAdminClient, org.apache.ranger.admin.client.RangerAdminClient
    public RangerRole getRole(String str, String str2) throws Exception {
        ClientResponse clientResponse;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.getPrincipalsForRole(" + str2 + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        final String str3 = "/service/public/v2/api/roles/name/" + str2;
        final HashMap hashMap = new HashMap();
        hashMap.put("serviceName", this.serviceNameUrlParam);
        hashMap.put(RangerRESTUtils.REST_PARAM_EXEC_USER, str);
        if (z) {
            PrivilegedAction<ClientResponse> privilegedAction = new PrivilegedAction<ClientResponse>() { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.7
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ClientResponse run() {
                    ClientResponse clientResponse2 = null;
                    try {
                        clientResponse2 = RangerAdminRESTClient.this.restClient.get(str3, hashMap);
                    } catch (Exception e) {
                        RangerAdminRESTClient.LOG.error("Failed to get response, Error is : " + e.getMessage());
                    }
                    return clientResponse2;
                }
            };
            if (LOG.isDebugEnabled()) {
                LOG.debug("get role info as user " + uGILoginUser);
            }
            clientResponse = (ClientResponse) uGILoginUser.doAs(privilegedAction);
        } else {
            clientResponse = this.restClient.get(str3, hashMap);
        }
        if (clientResponse == null) {
            throw new Exception("unknown error during getPrincipalsForRole. roleName=" + str2);
        }
        if (clientResponse.getStatus() == 200) {
            RangerRole rangerRole = (RangerRole) clientResponse.getEntity(RangerRole.class);
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== RangerAdminRESTClient.getPrincipalsForRole(" + str2 + ")");
            }
            return rangerRole;
        }
        RESTResponse fromClientResponse = RESTResponse.fromClientResponse(clientResponse);
        LOG.error("getPrincipalsForRole() failed: HTTP status=" + clientResponse.getStatus() + ", message=" + fromClientResponse.getMessage() + ", isSecure=" + z + (z ? ", user=" + uGILoginUser : ""));
        if (clientResponse.getStatus() == 401) {
            throw new AccessControlException();
        }
        throw new Exception("HTTP " + clientResponse.getStatus() + " Error: " + fromClientResponse.getMessage());
    }

    @Override // org.apache.ranger.admin.client.AbstractRangerAdminClient, org.apache.ranger.admin.client.RangerAdminClient
    public void grantRole(final GrantRevokeRoleRequest grantRevokeRoleRequest) throws Exception {
        ClientResponse put;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.grantRole(" + grantRevokeRoleRequest + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        final String str = RangerRESTUtils.REST_URL_SERVICE_GRANT_ROLE + this.serviceNameUrlParam;
        if (z) {
            PrivilegedAction<ClientResponse> privilegedAction = new PrivilegedAction<ClientResponse>() { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.8
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ClientResponse run() {
                    ClientResponse clientResponse = null;
                    try {
                        clientResponse = RangerAdminRESTClient.this.restClient.put(str, (Map<String, String>) null, grantRevokeRoleRequest);
                    } catch (Exception e) {
                        RangerAdminRESTClient.LOG.error("Failed to get response, Error is : " + e.getMessage());
                    }
                    return clientResponse;
                }
            };
            if (LOG.isDebugEnabled()) {
                LOG.debug("grant role as user " + uGILoginUser);
            }
            put = (ClientResponse) uGILoginUser.doAs(privilegedAction);
        } else {
            put = this.restClient.put(str, (Map<String, String>) null, grantRevokeRoleRequest);
        }
        if (put != null && put.getStatus() != 200) {
            RESTResponse fromClientResponse = RESTResponse.fromClientResponse(put);
            LOG.error("grantRole() failed: HTTP status=" + put.getStatus() + ", message=" + fromClientResponse.getMessage() + ", isSecure=" + z + (z ? ", user=" + uGILoginUser : ""));
            if (put.getStatus() != 401) {
                throw new Exception("HTTP " + put.getStatus() + " Error: " + fromClientResponse.getMessage());
            }
            throw new AccessControlException();
        }
        if (put == null) {
            throw new Exception("unknown error during grantRole. serviceName=" + this.serviceName);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.grantRole(" + grantRevokeRoleRequest + ")");
        }
    }

    @Override // org.apache.ranger.admin.client.AbstractRangerAdminClient, org.apache.ranger.admin.client.RangerAdminClient
    public void revokeRole(final GrantRevokeRoleRequest grantRevokeRoleRequest) throws Exception {
        ClientResponse put;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.revokeRole(" + grantRevokeRoleRequest + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        final String str = RangerRESTUtils.REST_URL_SERVICE_REVOKE_ROLE + this.serviceNameUrlParam;
        if (z) {
            PrivilegedAction<ClientResponse> privilegedAction = new PrivilegedAction<ClientResponse>() { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.9
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ClientResponse run() {
                    ClientResponse clientResponse = null;
                    try {
                        clientResponse = RangerAdminRESTClient.this.restClient.put(str, (Map<String, String>) null, grantRevokeRoleRequest);
                    } catch (Exception e) {
                        RangerAdminRESTClient.LOG.error("Failed to get response, Error is : " + e.getMessage());
                    }
                    return clientResponse;
                }
            };
            if (LOG.isDebugEnabled()) {
                LOG.debug("revoke role as user " + uGILoginUser);
            }
            put = (ClientResponse) uGILoginUser.doAs(privilegedAction);
        } else {
            put = this.restClient.put(str, (Map<String, String>) null, grantRevokeRoleRequest);
        }
        if (put != null && put.getStatus() != 200) {
            RESTResponse fromClientResponse = RESTResponse.fromClientResponse(put);
            LOG.error("revokeRole() failed: HTTP status=" + put.getStatus() + ", message=" + fromClientResponse.getMessage() + ", isSecure=" + z + (z ? ", user=" + uGILoginUser : ""));
            if (put.getStatus() != 401) {
                throw new Exception("HTTP " + put.getStatus() + " Error: " + fromClientResponse.getMessage());
            }
            throw new AccessControlException();
        }
        if (put == null) {
            throw new Exception("unknown error during revokeRole. serviceName=" + this.serviceName);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.revokeRole(" + grantRevokeRoleRequest + ")");
        }
    }

    @Override // org.apache.ranger.admin.client.AbstractRangerAdminClient, org.apache.ranger.admin.client.RangerAdminClient
    public void grantAccess(final GrantRevokeRequest grantRevokeRequest) throws Exception {
        ClientResponse post;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.grantAccess(" + grantRevokeRequest + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        final HashMap hashMap = new HashMap();
        hashMap.put(RangerRESTUtils.REST_PARAM_PLUGIN_ID, this.pluginId);
        if (z) {
            PrivilegedAction<ClientResponse> privilegedAction = new PrivilegedAction<ClientResponse>() { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.10
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ClientResponse run() {
                    ClientResponse clientResponse = null;
                    try {
                        clientResponse = RangerAdminRESTClient.this.restClient.post(RangerRESTUtils.REST_URL_SECURE_SERVICE_GRANT_ACCESS + RangerAdminRESTClient.this.serviceNameUrlParam, hashMap, grantRevokeRequest);
                    } catch (Exception e) {
                        RangerAdminRESTClient.LOG.error("Failed to get response, Error is : " + e.getMessage());
                    }
                    return clientResponse;
                }
            };
            if (LOG.isDebugEnabled()) {
                LOG.debug("grantAccess as user " + uGILoginUser);
            }
            post = (ClientResponse) uGILoginUser.doAs(privilegedAction);
        } else {
            post = this.restClient.post(RangerRESTUtils.REST_URL_SERVICE_GRANT_ACCESS + this.serviceNameUrlParam, hashMap, grantRevokeRequest);
        }
        if (post != null && post.getStatus() != 200) {
            RESTResponse fromClientResponse = RESTResponse.fromClientResponse(post);
            LOG.error("grantAccess() failed: HTTP status=" + post.getStatus() + ", message=" + fromClientResponse.getMessage() + ", isSecure=" + z + (z ? ", user=" + uGILoginUser : ""));
            if (post.getStatus() != 401) {
                throw new Exception("HTTP " + post.getStatus() + " Error: " + fromClientResponse.getMessage());
            }
            throw new AccessControlException();
        }
        if (post == null) {
            throw new Exception("unknown error during grantAccess. serviceName=" + this.serviceName);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.grantAccess(" + grantRevokeRequest + ")");
        }
    }

    @Override // org.apache.ranger.admin.client.AbstractRangerAdminClient, org.apache.ranger.admin.client.RangerAdminClient
    public void revokeAccess(final GrantRevokeRequest grantRevokeRequest) throws Exception {
        ClientResponse post;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.revokeAccess(" + grantRevokeRequest + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        final HashMap hashMap = new HashMap();
        hashMap.put(RangerRESTUtils.REST_PARAM_PLUGIN_ID, this.pluginId);
        if (z) {
            PrivilegedAction<ClientResponse> privilegedAction = new PrivilegedAction<ClientResponse>() { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.11
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ClientResponse run() {
                    ClientResponse clientResponse = null;
                    try {
                        clientResponse = RangerAdminRESTClient.this.restClient.post(RangerRESTUtils.REST_URL_SECURE_SERVICE_REVOKE_ACCESS + RangerAdminRESTClient.this.serviceNameUrlParam, hashMap, grantRevokeRequest);
                    } catch (Exception e) {
                        RangerAdminRESTClient.LOG.error("Failed to get response, Error is : " + e.getMessage());
                    }
                    return clientResponse;
                }
            };
            if (LOG.isDebugEnabled()) {
                LOG.debug("revokeAccess as user " + uGILoginUser);
            }
            post = (ClientResponse) uGILoginUser.doAs(privilegedAction);
        } else {
            post = this.restClient.post(RangerRESTUtils.REST_URL_SERVICE_REVOKE_ACCESS + this.serviceNameUrlParam, hashMap, grantRevokeRequest);
        }
        if (post != null && post.getStatus() != 200) {
            RESTResponse fromClientResponse = RESTResponse.fromClientResponse(post);
            LOG.error("revokeAccess() failed: HTTP status=" + post.getStatus() + ", message=" + fromClientResponse.getMessage() + ", isSecure=" + z + (z ? ", user=" + uGILoginUser : ""));
            if (post.getStatus() != 401) {
                throw new Exception("HTTP " + post.getStatus() + " Error: " + fromClientResponse.getMessage());
            }
            throw new AccessControlException();
        }
        if (post == null) {
            throw new Exception("unknown error. revokeAccess(). serviceName=" + this.serviceName);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.revokeAccess(" + grantRevokeRequest + ")");
        }
    }

    private void init(String str, String str2, int i, int i2, Configuration configuration) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.init(" + str + ", " + str2 + ")");
        }
        this.restClient = new RangerRESTClient(str, str2, configuration);
        this.restClient.setRestClientConnTimeOutMs(i);
        this.restClient.setRestClientReadTimeOutMs(i2);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.init(" + str + ", " + str2 + ")");
        }
    }

    @Override // org.apache.ranger.admin.client.AbstractRangerAdminClient, org.apache.ranger.admin.client.RangerAdminClient
    public ServiceTags getServiceTagsIfUpdated(long j, long j2) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.getServiceTagsIfUpdated(" + j + ", " + j2 + "): ");
        }
        ServiceTags serviceTagsIfUpdatedWithCookie = (this.isRangerCookieEnabled && this.tagDownloadSessionId != null && this.isValidTagDownloadSessionCookie) ? getServiceTagsIfUpdatedWithCookie(j, j2) : getServiceTagsIfUpdatedWithCred(j, j2);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.getServiceTagsIfUpdated(" + j + ", " + j2 + "): ");
        }
        return serviceTagsIfUpdatedWithCookie;
    }

    @Override // org.apache.ranger.admin.client.AbstractRangerAdminClient, org.apache.ranger.admin.client.RangerAdminClient
    public List<String> getTagTypes(String str) throws Exception {
        ClientResponse clientResponse;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.getTagTypes(" + str + "): ");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        final HashMap hashMap = new HashMap();
        hashMap.put("serviceName", this.serviceNameUrlParam);
        hashMap.put(RangerRESTUtils.PATTERN_PARAM, str);
        final String str2 = RangerRESTUtils.REST_URL_LOOKUP_TAG_NAMES;
        if (z) {
            PrivilegedAction<ClientResponse> privilegedAction = new PrivilegedAction<ClientResponse>() { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.12
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ClientResponse run() {
                    ClientResponse clientResponse2 = null;
                    try {
                        clientResponse2 = RangerAdminRESTClient.this.restClient.get(str2, hashMap);
                    } catch (Exception e) {
                        RangerAdminRESTClient.LOG.error("Failed to get response, Error is : " + e.getMessage());
                    }
                    return clientResponse2;
                }
            };
            if (LOG.isDebugEnabled()) {
                LOG.debug("getTagTypes as user " + uGILoginUser);
            }
            clientResponse = (ClientResponse) uGILoginUser.doAs(privilegedAction);
        } else {
            clientResponse = this.restClient.get(RangerRESTUtils.REST_URL_LOOKUP_TAG_NAMES, hashMap);
        }
        if (clientResponse == null || clientResponse.getStatus() != 200) {
            RESTResponse fromClientResponse = RESTResponse.fromClientResponse(clientResponse);
            LOG.error("Error getting tags. response=" + fromClientResponse + ", serviceName=" + this.serviceName + ", pattern=" + str);
            throw new Exception(fromClientResponse.getMessage());
        }
        List<String> list = (List) clientResponse.getEntity(getGenericType(""));
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.getTagTypes(" + str + "): " + list);
        }
        return list;
    }

    @Override // org.apache.ranger.admin.client.AbstractRangerAdminClient, org.apache.ranger.admin.client.RangerAdminClient
    public RangerUserStore getUserStoreIfUpdated(long j, long j2) throws Exception {
        ClientResponse clientResponse;
        RangerUserStore rangerUserStore;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.getUserStoreIfUpdated(" + j + ", " + j2 + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        final HashMap hashMap = new HashMap();
        hashMap.put(RangerRESTUtils.REST_PARAM_LAST_KNOWN_USERSTORE_VERSION, Long.toString(j));
        hashMap.put(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(j2));
        hashMap.put(RangerRESTUtils.REST_PARAM_PLUGIN_ID, this.pluginId);
        hashMap.put("clusterName", this.clusterName);
        hashMap.put("pluginCapabilities", this.pluginCapabilities);
        if (z) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Checking UserStore updated as user : " + uGILoginUser);
            }
            clientResponse = (ClientResponse) uGILoginUser.doAs(new PrivilegedAction<ClientResponse>() { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.13
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ClientResponse run() {
                    ClientResponse clientResponse2 = null;
                    try {
                        clientResponse2 = RangerAdminRESTClient.this.restClient.get(RangerRESTUtils.REST_URL_SERVICE_SERCURE_GET_USERSTORE + RangerAdminRESTClient.this.serviceNameUrlParam, hashMap);
                    } catch (Exception e) {
                        RangerAdminRESTClient.LOG.error("Failed to get response, Error is : " + e.getMessage());
                    }
                    return clientResponse2;
                }
            });
        } else {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Checking UserStore updated as user : " + uGILoginUser);
            }
            clientResponse = this.restClient.get(RangerRESTUtils.REST_URL_SERVICE_SERCURE_GET_USERSTORE + this.serviceNameUrlParam, hashMap);
        }
        if (clientResponse == null || clientResponse.getStatus() == 304) {
            if (clientResponse == null) {
                LOG.error("Error getting UserStore; Received NULL response!!. secureMode=" + z + ", user=" + uGILoginUser + ", serviceName=" + this.serviceName);
            } else {
                RESTResponse fromClientResponse = RESTResponse.fromClientResponse(clientResponse);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("No change in UserStore. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + fromClientResponse + ", serviceName=" + this.serviceName + ", lastKnownUserStoreVersion=" + j + ", lastActivationTimeInMillis=" + j2);
                }
            }
            rangerUserStore = null;
        } else if (clientResponse.getStatus() == 200) {
            rangerUserStore = (RangerUserStore) clientResponse.getEntity(RangerUserStore.class);
        } else if (clientResponse.getStatus() == 404) {
            rangerUserStore = null;
            LOG.error("Error getting UserStore; service not found. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + clientResponse.getStatus() + ", serviceName=" + this.serviceName + ", lastKnownUserStoreVersion=" + j + ", lastActivationTimeInMillis=" + j2);
            String str = clientResponse.hasEntity() ? (String) clientResponse.getEntity(String.class) : null;
            RangerServiceNotFoundException.throwExceptionIfServiceNotFound(this.serviceName, str);
            LOG.warn("Received 404 error code with body:[" + str + "], Ignoring");
        } else {
            LOG.warn("Error getting UserStore. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + RESTResponse.fromClientResponse(clientResponse) + ", serviceName=" + this.serviceName);
            rangerUserStore = null;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.getUserStoreIfUpdated(" + j + ", " + j2 + "): ");
        }
        return rangerUserStore;
    }

    private ServicePolicies getServicePoliciesIfUpdatedWithCred(long j, long j2) throws Exception {
        ServicePolicies servicePolicies;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.getServicePoliciesIfUpdatedWithCred(" + j + ", " + j2 + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        ClientResponse rangerAdminPolicyDownloadResponse = getRangerAdminPolicyDownloadResponse(j, j2, uGILoginUser, z);
        if (rangerAdminPolicyDownloadResponse == null || rangerAdminPolicyDownloadResponse.getStatus() == 304 || rangerAdminPolicyDownloadResponse.getStatus() == 204) {
            if (rangerAdminPolicyDownloadResponse == null) {
                this.policyDownloadSessionId = null;
                LOG.error("Error getting policies; Received NULL response!!. secureMode=" + z + ", user=" + uGILoginUser + ", serviceName=" + this.serviceName);
            } else {
                setCookieReceivedFromCredSession(rangerAdminPolicyDownloadResponse);
                RESTResponse fromClientResponse = RESTResponse.fromClientResponse(rangerAdminPolicyDownloadResponse);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("No change in policies. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + fromClientResponse + ", serviceName=" + this.serviceName);
                }
            }
            servicePolicies = null;
        } else if (rangerAdminPolicyDownloadResponse.getStatus() == 200) {
            setCookieReceivedFromCredSession(rangerAdminPolicyDownloadResponse);
            servicePolicies = (ServicePolicies) rangerAdminPolicyDownloadResponse.getEntity(ServicePolicies.class);
        } else if (rangerAdminPolicyDownloadResponse.getStatus() == 404) {
            this.policyDownloadSessionId = null;
            servicePolicies = null;
            LOG.error("Error getting policies; service not found. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + rangerAdminPolicyDownloadResponse.getStatus() + ", serviceName=" + this.serviceName + ", lastKnownVersion=" + j + ", lastActivationTimeInMillis=" + j2);
            String str = rangerAdminPolicyDownloadResponse.hasEntity() ? (String) rangerAdminPolicyDownloadResponse.getEntity(String.class) : null;
            RangerServiceNotFoundException.throwExceptionIfServiceNotFound(this.serviceName, str);
            LOG.warn("Received 404 error code with body:[" + str + "], Ignoring");
        } else {
            this.policyDownloadSessionId = null;
            servicePolicies = null;
            LOG.warn("Error getting policies. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + RESTResponse.fromClientResponse(rangerAdminPolicyDownloadResponse) + ", serviceName=" + this.serviceName);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.getServicePoliciesIfUpdatedWithCred(" + j + ", " + j2 + "): " + servicePolicies);
        }
        return servicePolicies;
    }

    private ServicePolicies getServicePoliciesIfUpdatedWithCookie(long j, long j2) throws Exception {
        ServicePolicies servicePolicies;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.getServicePoliciesIfUpdatedWithCookie(" + j + ", " + j2 + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        ClientResponse rangerAdminPolicyDownloadResponse = getRangerAdminPolicyDownloadResponse(j, j2, uGILoginUser, z);
        if (rangerAdminPolicyDownloadResponse == null || rangerAdminPolicyDownloadResponse.getStatus() == 304 || rangerAdminPolicyDownloadResponse.getStatus() == 204) {
            if (rangerAdminPolicyDownloadResponse == null) {
                this.policyDownloadSessionId = null;
                this.isValidPolicyDownloadSessionCookie = false;
                LOG.error("Error getting policies; Received NULL response!!. secureMode=" + z + ", user=" + uGILoginUser + ", serviceName=" + this.serviceName);
            } else {
                checkAndResetSessionCookie(rangerAdminPolicyDownloadResponse);
                RESTResponse fromClientResponse = RESTResponse.fromClientResponse(rangerAdminPolicyDownloadResponse);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("No change in policies. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + fromClientResponse + ", serviceName=" + this.serviceName);
                }
            }
            servicePolicies = null;
        } else if (rangerAdminPolicyDownloadResponse.getStatus() == 200) {
            checkAndResetSessionCookie(rangerAdminPolicyDownloadResponse);
            servicePolicies = (ServicePolicies) rangerAdminPolicyDownloadResponse.getEntity(ServicePolicies.class);
        } else if (rangerAdminPolicyDownloadResponse.getStatus() == 404) {
            this.policyDownloadSessionId = null;
            this.isValidPolicyDownloadSessionCookie = false;
            servicePolicies = null;
            LOG.error("Error getting policies; service not found. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + rangerAdminPolicyDownloadResponse.getStatus() + ", serviceName=" + this.serviceName + ", lastKnownVersion=" + j + ", lastActivationTimeInMillis=" + j2);
            String str = rangerAdminPolicyDownloadResponse.hasEntity() ? (String) rangerAdminPolicyDownloadResponse.getEntity(String.class) : null;
            RangerServiceNotFoundException.throwExceptionIfServiceNotFound(this.serviceName, str);
            LOG.warn("Received 404 error code with body:[" + str + "], Ignoring");
        } else {
            this.policyDownloadSessionId = null;
            this.isValidPolicyDownloadSessionCookie = false;
            servicePolicies = null;
            LOG.warn("Error getting policies. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + RESTResponse.fromClientResponse(rangerAdminPolicyDownloadResponse) + ", serviceName=" + this.serviceName);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.getServicePoliciesIfUpdatedWithCookie(" + j + ", " + j2 + "): " + servicePolicies);
        }
        return servicePolicies;
    }

    private ClientResponse getRangerAdminPolicyDownloadResponse(long j, long j2, UserGroupInformation userGroupInformation, boolean z) throws Exception {
        ClientResponse clientResponse;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.getRangerAdminPolicyDownloadResponse(" + j + ", " + j2 + ")");
        }
        final HashMap hashMap = new HashMap();
        hashMap.put("lastKnownVersion", Long.toString(j));
        hashMap.put(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(j2));
        hashMap.put(RangerRESTUtils.REST_PARAM_PLUGIN_ID, this.pluginId);
        hashMap.put("clusterName", this.clusterName);
        hashMap.put(RangerRESTUtils.REST_PARAM_SUPPORTS_POLICY_DELTAS, Boolean.toString(this.supportsPolicyDeltas));
        hashMap.put("pluginCapabilities", this.pluginCapabilities);
        if (z) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Checking Service policy if updated as user : " + userGroupInformation);
            }
            clientResponse = (ClientResponse) userGroupInformation.doAs(new PrivilegedAction<ClientResponse>() { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.14
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ClientResponse run() {
                    ClientResponse clientResponse2 = null;
                    try {
                        clientResponse2 = RangerAdminRESTClient.this.restClient.get(RangerRESTUtils.REST_URL_POLICY_GET_FOR_SECURE_SERVICE_IF_UPDATED + RangerAdminRESTClient.this.serviceNameUrlParam, hashMap, RangerAdminRESTClient.this.policyDownloadSessionId);
                    } catch (Exception e) {
                        RangerAdminRESTClient.LOG.error("Failed to get response, Error is : " + e.getMessage());
                    }
                    return clientResponse2;
                }
            });
        } else {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Checking Service policy if updated with old api call");
            }
            clientResponse = this.restClient.get(RangerRESTUtils.REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED + this.serviceNameUrlParam, hashMap, this.policyDownloadSessionId);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.getRangerAdminPolicyDownloadResponse(" + j + ", " + j2 + "): " + clientResponse);
        }
        return clientResponse;
    }

    private void checkAndResetSessionCookie(ClientResponse clientResponse) {
        for (NewCookie newCookie : clientResponse.getCookies()) {
            if (newCookie.getName().equalsIgnoreCase(this.rangerAdminCookieName)) {
                this.policyDownloadSessionId = newCookie;
                this.isValidPolicyDownloadSessionCookie = this.policyDownloadSessionId != null;
                return;
            }
        }
    }

    private void setCookieReceivedFromCredSession(ClientResponse clientResponse) {
        if (this.isRangerCookieEnabled) {
            Cookie cookie = null;
            Iterator it = clientResponse.getCookies().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                NewCookie newCookie = (NewCookie) it.next();
                if (newCookie.getName().equalsIgnoreCase(this.rangerAdminCookieName)) {
                    cookie = newCookie.toCookie();
                    break;
                }
            }
            this.policyDownloadSessionId = cookie;
            this.isValidPolicyDownloadSessionCookie = this.policyDownloadSessionId != null;
        }
    }

    private ServiceTags getServiceTagsIfUpdatedWithCred(long j, long j2) throws Exception {
        ServiceTags serviceTags;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.getServiceTagsIfUpdatedWithCred(" + j + ", " + j2 + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        ClientResponse rangerAdminTagDownloadResponse = getRangerAdminTagDownloadResponse(j, j2, uGILoginUser, z);
        if (rangerAdminTagDownloadResponse == null || rangerAdminTagDownloadResponse.getStatus() == 304) {
            if (rangerAdminTagDownloadResponse == null) {
                this.tagDownloadSessionId = null;
                LOG.error("Error getting tags; Received NULL response!!. secureMode=" + z + ", user=" + uGILoginUser + ", serviceName=" + this.serviceName);
            } else {
                setCookieReceivedFromTagDownloadSession(rangerAdminTagDownloadResponse);
                RESTResponse fromClientResponse = RESTResponse.fromClientResponse(rangerAdminTagDownloadResponse);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("No change in tags. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + fromClientResponse + ", serviceName=" + this.serviceName + ", lastKnownVersion=" + j + ", lastActivationTimeInMillis=" + j2);
                }
            }
            serviceTags = null;
        } else if (rangerAdminTagDownloadResponse.getStatus() == 200) {
            setCookieReceivedFromTagDownloadSession(rangerAdminTagDownloadResponse);
            serviceTags = (ServiceTags) rangerAdminTagDownloadResponse.getEntity(ServiceTags.class);
        } else if (rangerAdminTagDownloadResponse.getStatus() == 404) {
            this.tagDownloadSessionId = null;
            serviceTags = null;
            LOG.error("Error getting tags; service not found. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + rangerAdminTagDownloadResponse.getStatus() + ", serviceName=" + this.serviceName + ", lastKnownVersion=" + j + ", lastActivationTimeInMillis=" + j2);
            String str = rangerAdminTagDownloadResponse.hasEntity() ? (String) rangerAdminTagDownloadResponse.getEntity(String.class) : null;
            RangerServiceNotFoundException.throwExceptionIfServiceNotFound(this.serviceName, str);
            LOG.warn("Received 404 error code with body:[" + str + "], Ignoring");
        } else {
            LOG.warn("Error getting tags. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + RESTResponse.fromClientResponse(rangerAdminTagDownloadResponse) + ", serviceName=" + this.serviceName);
            this.tagDownloadSessionId = null;
            serviceTags = null;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.getServiceTagsIfUpdatedWithCred(" + j + ", " + j2 + "): " + serviceTags);
        }
        return serviceTags;
    }

    private ServiceTags getServiceTagsIfUpdatedWithCookie(long j, long j2) throws Exception {
        ServiceTags serviceTags;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.getServiceTagsIfUpdatedWithCookie(" + j + ", " + j2 + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        ClientResponse rangerAdminTagDownloadResponse = getRangerAdminTagDownloadResponse(j, j2, uGILoginUser, z);
        if (rangerAdminTagDownloadResponse == null || rangerAdminTagDownloadResponse.getStatus() == 304) {
            if (rangerAdminTagDownloadResponse == null) {
                this.tagDownloadSessionId = null;
                this.isValidTagDownloadSessionCookie = false;
                LOG.error("Error getting tags; Received NULL response!!. secureMode=" + z + ", user=" + uGILoginUser + ", serviceName=" + this.serviceName);
            } else {
                checkAndResetTagDownloadSessionCookie(rangerAdminTagDownloadResponse);
                RESTResponse fromClientResponse = RESTResponse.fromClientResponse(rangerAdminTagDownloadResponse);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("No change in tags. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + fromClientResponse + ", serviceName=" + this.serviceName + ", lastKnownVersion=" + j + ", lastActivationTimeInMillis=" + j2);
                }
            }
            serviceTags = null;
        } else if (rangerAdminTagDownloadResponse.getStatus() == 200) {
            checkAndResetTagDownloadSessionCookie(rangerAdminTagDownloadResponse);
            serviceTags = (ServiceTags) rangerAdminTagDownloadResponse.getEntity(ServiceTags.class);
        } else if (rangerAdminTagDownloadResponse.getStatus() == 404) {
            this.tagDownloadSessionId = null;
            this.isValidTagDownloadSessionCookie = false;
            serviceTags = null;
            LOG.error("Error getting tags; service not found. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + rangerAdminTagDownloadResponse.getStatus() + ", serviceName=" + this.serviceName + ", lastKnownVersion=" + j + ", lastActivationTimeInMillis=" + j2);
            String str = rangerAdminTagDownloadResponse.hasEntity() ? (String) rangerAdminTagDownloadResponse.getEntity(String.class) : null;
            RangerServiceNotFoundException.throwExceptionIfServiceNotFound(this.serviceName, str);
            LOG.warn("Received 404 error code with body:[" + str + "], Ignoring");
        } else {
            LOG.warn("Error getting tags. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + RESTResponse.fromClientResponse(rangerAdminTagDownloadResponse) + ", serviceName=" + this.serviceName);
            this.tagDownloadSessionId = null;
            this.isValidTagDownloadSessionCookie = false;
            serviceTags = null;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.getServiceTagsIfUpdatedWithCookie(" + j + ", " + j2 + "): " + serviceTags);
        }
        return serviceTags;
    }

    private ClientResponse getRangerAdminTagDownloadResponse(long j, long j2, UserGroupInformation userGroupInformation, boolean z) throws Exception {
        ClientResponse clientResponse;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.getRangerAdminTagDownloadResponse(" + j + ", " + j2 + ")");
        }
        final HashMap hashMap = new HashMap();
        hashMap.put("lastKnownVersion", Long.toString(j));
        hashMap.put(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(j2));
        hashMap.put(RangerRESTUtils.REST_PARAM_PLUGIN_ID, this.pluginId);
        hashMap.put(RangerRESTUtils.REST_PARAM_SUPPORTS_TAG_DELTAS, Boolean.toString(this.supportsTagDeltas));
        hashMap.put("pluginCapabilities", this.pluginCapabilities);
        if (z) {
            PrivilegedAction<ClientResponse> privilegedAction = new PrivilegedAction<ClientResponse>() { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.15
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ClientResponse run() {
                    ClientResponse clientResponse2 = null;
                    try {
                        clientResponse2 = RangerAdminRESTClient.this.restClient.get(RangerRESTUtils.REST_URL_GET_SECURE_SERVICE_TAGS_IF_UPDATED + RangerAdminRESTClient.this.serviceNameUrlParam, hashMap, RangerAdminRESTClient.this.tagDownloadSessionId);
                    } catch (Exception e) {
                        RangerAdminRESTClient.LOG.error("Failed to get response, Error is : " + e.getMessage());
                    }
                    return clientResponse2;
                }
            };
            if (LOG.isDebugEnabled()) {
                LOG.debug("getServiceTagsIfUpdated as user " + userGroupInformation);
            }
            clientResponse = (ClientResponse) userGroupInformation.doAs(privilegedAction);
        } else {
            clientResponse = this.restClient.get(RangerRESTUtils.REST_URL_GET_SERVICE_TAGS_IF_UPDATED + this.serviceNameUrlParam, hashMap);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.getRangerAdminTagDownloadResponse(" + j + ", " + j2 + "): " + clientResponse);
        }
        return clientResponse;
    }

    private void checkAndResetTagDownloadSessionCookie(ClientResponse clientResponse) {
        for (NewCookie newCookie : clientResponse.getCookies()) {
            if (newCookie.getName().equalsIgnoreCase(this.rangerAdminCookieName)) {
                this.tagDownloadSessionId = newCookie;
                this.isValidTagDownloadSessionCookie = this.tagDownloadSessionId != null;
                return;
            }
        }
    }

    private void setCookieReceivedFromTagDownloadSession(ClientResponse clientResponse) {
        if (this.isRangerCookieEnabled) {
            Cookie cookie = null;
            Iterator it = clientResponse.getCookies().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                NewCookie newCookie = (NewCookie) it.next();
                if (newCookie.getName().equalsIgnoreCase(this.rangerAdminCookieName)) {
                    cookie = newCookie.toCookie();
                    break;
                }
            }
            this.tagDownloadSessionId = cookie;
            this.isValidTagDownloadSessionCookie = this.tagDownloadSessionId != null;
        }
    }

    private RangerRoles getRolesIfUpdatedWithCred(long j, long j2) throws Exception {
        RangerRoles rangerRoles;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.getRolesIfUpdatedWithCred(" + j + ", " + j2 + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        ClientResponse rangerRolesDownloadResponse = getRangerRolesDownloadResponse(j, j2, uGILoginUser, z);
        if (rangerRolesDownloadResponse == null || rangerRolesDownloadResponse.getStatus() == 304 || rangerRolesDownloadResponse.getStatus() == 204) {
            if (rangerRolesDownloadResponse == null) {
                this.roleDownloadSessionId = null;
                LOG.error("Error getting Roles; Received NULL response!!. secureMode=" + z + ", user=" + uGILoginUser + ", serviceName=" + this.serviceName);
            } else {
                setCookieReceivedFromRoleDownloadSession(rangerRolesDownloadResponse);
                RESTResponse fromClientResponse = RESTResponse.fromClientResponse(rangerRolesDownloadResponse);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("No change in Roles. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + fromClientResponse + ", serviceName=" + this.serviceName + ", lastKnownRoleVersion=" + j + ", lastActivationTimeInMillis=" + j2);
                }
            }
            rangerRoles = null;
        } else if (rangerRolesDownloadResponse.getStatus() == 200) {
            setCookieReceivedFromRoleDownloadSession(rangerRolesDownloadResponse);
            rangerRoles = (RangerRoles) rangerRolesDownloadResponse.getEntity(RangerRoles.class);
        } else if (rangerRolesDownloadResponse.getStatus() == 404) {
            this.roleDownloadSessionId = null;
            rangerRoles = null;
            LOG.error("Error getting Roles; service not found. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + rangerRolesDownloadResponse.getStatus() + ", serviceName=" + this.serviceName + ", lastKnownRoleVersion=" + j + ", lastActivationTimeInMillis=" + j2);
            String str = rangerRolesDownloadResponse.hasEntity() ? (String) rangerRolesDownloadResponse.getEntity(String.class) : null;
            RangerServiceNotFoundException.throwExceptionIfServiceNotFound(this.serviceName, str);
            LOG.warn("Received 404 error code with body:[" + str + "], Ignoring");
        } else {
            LOG.warn("Error getting Roles. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + RESTResponse.fromClientResponse(rangerRolesDownloadResponse) + ", serviceName=" + this.serviceName);
            this.roleDownloadSessionId = null;
            rangerRoles = null;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.getRolesIfUpdatedWithCred(" + j + ", " + j2 + "): " + rangerRoles);
        }
        return rangerRoles;
    }

    private RangerRoles getRolesIfUpdatedWithCookie(long j, long j2) throws Exception {
        RangerRoles rangerRoles;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.getRolesIfUpdatedWithCookie(" + j + ", " + j2 + ")");
        }
        UserGroupInformation uGILoginUser = MiscUtil.getUGILoginUser();
        boolean z = uGILoginUser != null && UserGroupInformation.isSecurityEnabled();
        ClientResponse rangerRolesDownloadResponse = getRangerRolesDownloadResponse(j, j2, uGILoginUser, z);
        if (rangerRolesDownloadResponse == null || rangerRolesDownloadResponse.getStatus() == 304 || rangerRolesDownloadResponse.getStatus() == 204) {
            if (rangerRolesDownloadResponse == null) {
                this.roleDownloadSessionId = null;
                this.isValidRoleDownloadSessionCookie = false;
                LOG.error("Error getting Roles; Received NULL response!!. secureMode=" + z + ", user=" + uGILoginUser + ", serviceName=" + this.serviceName);
            } else {
                checkAndResetRoleDownloadSessionCookie(rangerRolesDownloadResponse);
                RESTResponse fromClientResponse = RESTResponse.fromClientResponse(rangerRolesDownloadResponse);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("No change in Roles. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + fromClientResponse + ", serviceName=" + this.serviceName + ", lastKnownRoleVersion=" + j + ", lastActivationTimeInMillis=" + j2);
                }
            }
            rangerRoles = null;
        } else if (rangerRolesDownloadResponse.getStatus() == 200) {
            checkAndResetRoleDownloadSessionCookie(rangerRolesDownloadResponse);
            rangerRoles = (RangerRoles) rangerRolesDownloadResponse.getEntity(RangerRoles.class);
        } else if (rangerRolesDownloadResponse.getStatus() == 404) {
            this.roleDownloadSessionId = null;
            this.isValidRoleDownloadSessionCookie = false;
            rangerRoles = null;
            LOG.error("Error getting Roles; service not found. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + rangerRolesDownloadResponse.getStatus() + ", serviceName=" + this.serviceName + ", lastKnownRoleVersion=" + j + ", lastActivationTimeInMillis=" + j2);
            String str = rangerRolesDownloadResponse.hasEntity() ? (String) rangerRolesDownloadResponse.getEntity(String.class) : null;
            RangerServiceNotFoundException.throwExceptionIfServiceNotFound(this.serviceName, str);
            LOG.warn("Received 404 error code with body:[" + str + "], Ignoring");
        } else {
            LOG.warn("Error getting Roles. secureMode=" + z + ", user=" + uGILoginUser + ", response=" + RESTResponse.fromClientResponse(rangerRolesDownloadResponse) + ", serviceName=" + this.serviceName);
            this.roleDownloadSessionId = null;
            this.isValidRoleDownloadSessionCookie = false;
            rangerRoles = null;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.getRolesIfUpdatedWithCookie(" + j + ", " + j2 + "): " + rangerRoles);
        }
        return rangerRoles;
    }

    private ClientResponse getRangerRolesDownloadResponse(long j, long j2, UserGroupInformation userGroupInformation, boolean z) throws Exception {
        ClientResponse clientResponse;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAdminRESTClient.getRangerRolesDownloadResponse(" + j + ", " + j2 + ")");
        }
        final HashMap hashMap = new HashMap();
        hashMap.put(RangerRESTUtils.REST_PARAM_LAST_KNOWN_ROLE_VERSION, Long.toString(j));
        hashMap.put(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(j2));
        hashMap.put(RangerRESTUtils.REST_PARAM_PLUGIN_ID, this.pluginId);
        hashMap.put("clusterName", this.clusterName);
        hashMap.put("pluginCapabilities", this.pluginCapabilities);
        if (z) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Checking Roles updated as user : " + userGroupInformation);
            }
            clientResponse = (ClientResponse) userGroupInformation.doAs(new PrivilegedAction<ClientResponse>() { // from class: org.apache.ranger.admin.client.RangerAdminRESTClient.16
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ClientResponse run() {
                    ClientResponse clientResponse2 = null;
                    try {
                        clientResponse2 = RangerAdminRESTClient.this.restClient.get(RangerRESTUtils.REST_URL_SERVICE_SERCURE_GET_USER_GROUP_ROLES + RangerAdminRESTClient.this.serviceNameUrlParam, hashMap, RangerAdminRESTClient.this.roleDownloadSessionId);
                    } catch (Exception e) {
                        RangerAdminRESTClient.LOG.error("Failed to get response, Error is : " + e.getMessage());
                    }
                    return clientResponse2;
                }
            });
        } else {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Checking Roles updated as user : " + userGroupInformation);
            }
            clientResponse = this.restClient.get(RangerRESTUtils.REST_URL_SERVICE_GET_USER_GROUP_ROLES + this.serviceNameUrlParam, hashMap);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAdminRESTClient.getRangerRolesDownloadResponse(" + j + ", " + j2 + "): " + clientResponse);
        }
        return clientResponse;
    }

    private void checkAndResetRoleDownloadSessionCookie(ClientResponse clientResponse) {
        for (NewCookie newCookie : clientResponse.getCookies()) {
            if (newCookie.getName().equalsIgnoreCase(this.rangerAdminCookieName)) {
                this.roleDownloadSessionId = newCookie;
                this.isValidRoleDownloadSessionCookie = this.roleDownloadSessionId != null;
                return;
            }
        }
    }

    private void setCookieReceivedFromRoleDownloadSession(ClientResponse clientResponse) {
        if (this.isRangerCookieEnabled) {
            Cookie cookie = null;
            Iterator it = clientResponse.getCookies().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                NewCookie newCookie = (NewCookie) it.next();
                if (newCookie.getName().equalsIgnoreCase(this.rangerAdminCookieName)) {
                    cookie = newCookie.toCookie();
                    break;
                }
            }
            this.roleDownloadSessionId = cookie;
            this.isValidRoleDownloadSessionCookie = this.roleDownloadSessionId != null;
        }
    }
}
