package org.apache.hadoop.hive.ql.exec.repl.ranger;

import com.google.common.annotations.VisibleForTesting;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.api.client.config.DefaultClientConfig;
import com.sun.jersey.multipart.FormDataMultiPart;
import com.sun.jersey.multipart.MultiPart;
import com.sun.jersey.multipart.file.StreamDataBodyPart;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.net.URISyntaxException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import jodd.util.MimeTypes;
import org.apache.avro.hadoop.file.SortedKeyValueFile;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.HiveMetaStore;
import org.apache.hadoop.hive.ql.ErrorMsg;
import org.apache.hadoop.hive.ql.exec.Utilities;
import org.apache.hadoop.hive.ql.exec.repl.ranger.RangerPolicy;
import org.apache.hadoop.hive.ql.exec.util.Retryable;
import org.apache.hadoop.hive.ql.parse.SemanticException;
import org.apache.hadoop.hive.ql.parse.repl.dump.io.TableSerializer;
import org.apache.hadoop.hive.serde2.thrift.TReflectionUtils;
import org.apache.http.client.utils.URIBuilder;
import org.eclipse.jetty.util.MultiPartWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hive/ql/exec/repl/ranger/RangerRestClientImpl.class */
public class RangerRestClientImpl implements RangerRestClient {
    private static final Logger LOG = LoggerFactory.getLogger(RangerRestClientImpl.class);
    private static final String RANGER_REST_URL_EXPORTJSONFILE = "service/plugins/policies/exportJson";
    private static final String RANGER_REST_URL_IMPORTJSONFILE = "service/plugins/policies/importPoliciesFromFile";

    @Override // org.apache.hadoop.hive.ql.exec.repl.ranger.RangerRestClient
    public RangerExportPolicyList exportRangerPolicies(String str, String str2, String str3, HiveConf hiveConf) throws SemanticException {
        LOG.info("Ranger endpoint for cluster " + str);
        if (StringUtils.isEmpty(str3)) {
            throw new SemanticException(ErrorMsg.REPL_INVALID_CONFIG_FOR_SERVICE.format("Ranger Service Name cannot be empty", "ranger"));
        }
        try {
            return (RangerExportPolicyList) Retryable.builder().withHiveConf(hiveConf).withRetryOnException(Exception.class).build().executeCallable(() -> {
                return exportRangerPoliciesPlain(str, str3, str2);
            });
        } catch (Exception e) {
            throw new SemanticException(ErrorMsg.REPL_RETRY_EXHAUSTED.format(e.getMessage()), e);
        }
    }

    @VisibleForTesting
    RangerExportPolicyList exportRangerPoliciesPlain(String str, String str2, String str3) throws SemanticException, URISyntaxException {
        String rangerExportUrl = getRangerExportUrl(str, str2, str3);
        LOG.debug("Url to export policies from source Ranger: {}", rangerExportUrl);
        WebResource.Builder rangerResourceBuilder = getRangerResourceBuilder(rangerExportUrl);
        RangerExportPolicyList rangerExportPolicyList = new RangerExportPolicyList();
        ClientResponse clientResponse = (ClientResponse) rangerResourceBuilder.get(ClientResponse.class);
        String str4 = null;
        if (clientResponse != null) {
            if (clientResponse.getStatus() == 200) {
                Gson create = new GsonBuilder().create();
                str4 = (String) clientResponse.getEntity(String.class);
                LOG.debug("Response received for ranger export {} ", str4);
                if (StringUtils.isNotEmpty(str4)) {
                    return (RangerExportPolicyList) create.fromJson(str4, RangerExportPolicyList.class);
                }
            } else {
                if (clientResponse.getStatus() == 204) {
                    LOG.debug("Ranger policy export request returned empty list");
                    return rangerExportPolicyList;
                }
                if (clientResponse.getStatus() == 401) {
                    throw new SemanticException("Authentication Failure while communicating to Ranger admin");
                }
                if (clientResponse.getStatus() == 403) {
                    throw new SemanticException("Authorization Failure while communicating to Ranger admin");
                }
            }
        }
        if (!StringUtils.isEmpty(str4)) {
            return null;
        }
        LOG.debug("Ranger policy export request returned empty list or failed, Please refer Ranger admin logs.");
        return null;
    }

    public String getRangerExportUrl(String str, String str2, String str3) throws URISyntaxException {
        URIBuilder uRIBuilder = new URIBuilder(str);
        uRIBuilder.setPath(RANGER_REST_URL_EXPORTJSONFILE);
        uRIBuilder.addParameter("serviceName", str2);
        uRIBuilder.addParameter("polResource", str3);
        uRIBuilder.addParameter("resource:database", str3);
        uRIBuilder.addParameter("serviceType", "hive");
        uRIBuilder.addParameter("resourceMatchScope", "self_or_ancestor");
        uRIBuilder.addParameter("resourceMatch", "full");
        return uRIBuilder.build().toString();
    }

    @Override // org.apache.hadoop.hive.ql.exec.repl.ranger.RangerRestClient
    public List<RangerPolicy> removeMultiResourcePolicies(List<RangerPolicy> list) {
        Map<String, RangerPolicy.RangerPolicyResource> resources;
        RangerPolicy.RangerPolicyResource rangerPolicyResource;
        ArrayList arrayList = new ArrayList();
        if (CollectionUtils.isNotEmpty(list)) {
            for (RangerPolicy rangerPolicy : list) {
                if (rangerPolicy != null && (resources = rangerPolicy.getResources()) != null && (rangerPolicyResource = resources.get("database")) != null) {
                    List<String> values = rangerPolicyResource.getValues();
                    if (CollectionUtils.isNotEmpty(values) && values.size() == 1) {
                        arrayList.add(rangerPolicy);
                    }
                }
            }
        }
        return arrayList;
    }

    @Override // org.apache.hadoop.hive.ql.exec.repl.ranger.RangerRestClient
    public RangerExportPolicyList importRangerPolicies(RangerExportPolicyList rangerExportPolicyList, String str, String str2, String str3, HiveConf hiveConf) throws Exception {
        String str4 = null;
        String str5 = "hive_servicemap.json";
        String str6 = "hive_replicationPolicies.json";
        if (!rangerExportPolicyList.getPolicies().isEmpty()) {
            str4 = rangerExportPolicyList.getPolicies().get(0).getService();
        }
        if (StringUtils.isEmpty(str4)) {
            str4 = str3;
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (!StringUtils.isEmpty(str4) && !StringUtils.isEmpty(str3)) {
            linkedHashMap.put(str4, str3);
        }
        Gson create = new GsonBuilder().create();
        String json = create.toJson(linkedHashMap);
        String json2 = create.toJson(rangerExportPolicyList);
        String rangerImportUrl = getRangerImportUrl(str2, str);
        LOG.debug("URL to import policies on target Ranger: {}", rangerImportUrl);
        return (RangerExportPolicyList) Retryable.builder().withHiveConf(hiveConf).withRetryOnException(Exception.class).build().executeCallable(() -> {
            return importRangerPoliciesPlain(json2, str6, str5, json, rangerImportUrl, rangerExportPolicyList);
        });
    }

    private RangerExportPolicyList importRangerPoliciesPlain(String str, String str2, String str3, String str4, String str5, RangerExportPolicyList rangerExportPolicyList) throws Exception {
        StreamDataBodyPart streamDataBodyPart = new StreamDataBodyPart(Utilities.HADOOP_LOCAL_FS_SCHEME, new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)), str2);
        StreamDataBodyPart streamDataBodyPart2 = new StreamDataBodyPart("servicesMapJson", new ByteArrayInputStream(str4.getBytes(StandardCharsets.UTF_8)), str3);
        FormDataMultiPart formDataMultiPart = new FormDataMultiPart();
        MultiPart multiPart = null;
        try {
            MultiPart bodyPart = formDataMultiPart.bodyPart(streamDataBodyPart).bodyPart(streamDataBodyPart2);
            ClientResponse clientResponse = (ClientResponse) getRangerResourceBuilder(str5).accept(new String[]{MimeTypes.MIME_APPLICATION_JSON}).type("multipart/form-data").post(ClientResponse.class, bodyPart);
            if (clientResponse != null) {
                if (clientResponse.getStatus() != 204) {
                    if (clientResponse.getStatus() == 401) {
                        throw new Exception("Authentication Failure while communicating to Ranger admin");
                    }
                    throw new Exception("Ranger policy import failed, Please refer target Ranger admin logs.");
                }
                LOG.debug("Ranger policy import finished successfully");
            }
            if (streamDataBodyPart != null) {
                try {
                    streamDataBodyPart.cleanup();
                } catch (IOException e) {
                    LOG.error("Exception occurred while closing resources: {}", e);
                }
            }
            if (streamDataBodyPart2 != null) {
                streamDataBodyPart2.cleanup();
            }
            if (formDataMultiPart != null) {
                formDataMultiPart.close();
            }
            if (bodyPart != null) {
                bodyPart.close();
            }
            return rangerExportPolicyList;
        } catch (Throwable th) {
            if (streamDataBodyPart != null) {
                try {
                    streamDataBodyPart.cleanup();
                } catch (IOException e2) {
                    LOG.error("Exception occurred while closing resources: {}", e2);
                    throw th;
                }
            }
            if (streamDataBodyPart2 != null) {
                streamDataBodyPart2.cleanup();
            }
            if (formDataMultiPart != null) {
                formDataMultiPart.close();
            }
            if (0 != 0) {
                multiPart.close();
            }
            throw th;
        }
    }

    public String getRangerImportUrl(String str, String str2) throws URISyntaxException {
        URIBuilder uRIBuilder = new URIBuilder(str);
        uRIBuilder.setPath(RANGER_REST_URL_IMPORTJSONFILE);
        uRIBuilder.addParameter("updateIfExists", "true");
        uRIBuilder.addParameter("polResource", str2);
        return uRIBuilder.build().toString();
    }

    private synchronized Client getRangerClient() {
        DefaultClientConfig defaultClientConfig = new DefaultClientConfig();
        defaultClientConfig.getClasses().add(MultiPartWriter.class);
        defaultClientConfig.getProperties().put("com.sun.jersey.client.property.followRedirects", true);
        return Client.create(defaultClientConfig);
    }

    @Override // org.apache.hadoop.hive.ql.exec.repl.ranger.RangerRestClient
    public List<RangerPolicy> changeDataSet(List<RangerPolicy> list, String str, String str2) {
        Map<String, RangerPolicy.RangerPolicyResource> resources;
        RangerPolicy.RangerPolicyResource rangerPolicyResource;
        if (str2.equals(str)) {
            return list;
        }
        if (CollectionUtils.isNotEmpty(list)) {
            for (RangerPolicy rangerPolicy : list) {
                if (rangerPolicy != null && (resources = rangerPolicy.getResources()) != null && (rangerPolicyResource = resources.get("database")) != null) {
                    List<String> values = rangerPolicyResource.getValues();
                    if (CollectionUtils.isNotEmpty(values)) {
                        for (int i = 0; i < values.size(); i++) {
                            if (values.get(i).equals(str)) {
                                values.set(i, str2);
                            }
                        }
                    }
                }
            }
        }
        return list;
    }

    private Path writeExportedRangerPoliciesToJsonFile(String str, String str2, Path path, HiveConf hiveConf) throws IOException {
        FileSystem fileSystem;
        Path path2 = null;
        OutputStream outputStream = null;
        OutputStreamWriter outputStreamWriter = null;
        try {
            try {
                if (!StringUtils.isEmpty(str) && (fileSystem = path.getFileSystem(hiveConf)) != null) {
                    if (!fileSystem.exists(path)) {
                        fileSystem.mkdirs(path);
                    }
                    path2 = path.suffix(File.separator + str2);
                    outputStream = fileSystem.create(path2, true);
                    outputStreamWriter = new OutputStreamWriter(outputStream, "UTF-8");
                    outputStreamWriter.write(str);
                }
                if (outputStreamWriter != null) {
                    try {
                        outputStreamWriter.close();
                    } catch (Exception e) {
                        throw new IOException("Unable to close writer/outStream.", e);
                    }
                }
                if (outputStream != null) {
                    outputStream.close();
                }
                return path2;
            } catch (Throwable th) {
                if (outputStreamWriter != null) {
                    try {
                        outputStreamWriter.close();
                    } catch (Exception e2) {
                        throw new IOException("Unable to close writer/outStream.", e2);
                    }
                }
                if (outputStream != null) {
                    outputStream.close();
                }
                throw th;
            }
        } catch (IOException e3) {
            throw new IOException("Failed to write json string to file:" + (path2 != null ? path2.toString() : ""), e3);
        } catch (Exception e4) {
            throw new IOException("Failed to write json string to file:" + (path2 != null ? path2.toString() : ""), e4);
        }
    }

    @Override // org.apache.hadoop.hive.ql.exec.repl.ranger.RangerRestClient
    public Path saveRangerPoliciesToFile(RangerExportPolicyList rangerExportPolicyList, Path path, String str, HiveConf hiveConf) throws SemanticException {
        String json = new GsonBuilder().create().toJson(rangerExportPolicyList);
        try {
            return (Path) Retryable.builder().withHiveConf(hiveConf).withRetryOnException(IOException.class).build().executeCallable(() -> {
                return writeExportedRangerPoliciesToJsonFile(json, str, path, hiveConf);
            });
        } catch (Exception e) {
            throw new SemanticException(ErrorMsg.REPL_RETRY_EXHAUSTED.format(e.getMessage()), e);
        }
    }

    @Override // org.apache.hadoop.hive.ql.exec.repl.ranger.RangerRestClient
    public RangerExportPolicyList readRangerPoliciesFromJsonFile(Path path, HiveConf hiveConf) throws SemanticException {
        RangerExportPolicyList rangerExportPolicyList = null;
        try {
            rangerExportPolicyList = (RangerExportPolicyList) new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create().fromJson(new InputStreamReader((InputStream) path.getFileSystem(hiveConf).open(path), Charset.forName("UTF-8")), RangerExportPolicyList.class);
            return rangerExportPolicyList;
        } catch (FileNotFoundException e) {
            return rangerExportPolicyList;
        } catch (Exception e2) {
            throw new SemanticException("Error reading file :" + path, e2);
        }
    }

    @Override // org.apache.hadoop.hive.ql.exec.repl.ranger.RangerRestClient
    public boolean checkConnection(String str, HiveConf hiveConf) throws SemanticException {
        try {
            return ((Boolean) Retryable.builder().withHiveConf(hiveConf).withRetryOnException(Exception.class).build().executeCallable(() -> {
                return Boolean.valueOf(checkConnectionPlain(str));
            })).booleanValue();
        } catch (Exception e) {
            throw new SemanticException(ErrorMsg.REPL_RETRY_EXHAUSTED.format(e.getMessage()), e);
        }
    }

    @VisibleForTesting
    boolean checkConnectionPlain(String str) {
        return ((ClientResponse) getRangerResourceBuilder(str).get(ClientResponse.class)).getStatus() < 401;
    }

    @Override // org.apache.hadoop.hive.ql.exec.repl.ranger.RangerRestClient
    public List<RangerPolicy> addDenyPolicies(List<RangerPolicy> list, String str, String str2, String str3) throws SemanticException {
        if (StringUtils.isEmpty(str)) {
            throw new SemanticException(ErrorMsg.REPL_INVALID_CONFIG_FOR_SERVICE.format("Ranger Service Name cannot be empty", "ranger"));
        }
        RangerPolicy rangerPolicy = new RangerPolicy();
        rangerPolicy.setService(str);
        rangerPolicy.setName(str2 + "_replication deny policy for " + str3);
        HashMap hashMap = new HashMap();
        RangerPolicy.RangerPolicyResource rangerPolicyResource = new RangerPolicy.RangerPolicyResource();
        ArrayList arrayList = new ArrayList();
        List<RangerPolicy.RangerPolicyItem> denyPolicyItems = rangerPolicy.getDenyPolicyItems();
        RangerPolicy.RangerPolicyItem rangerPolicyItem = new RangerPolicy.RangerPolicyItem();
        ArrayList arrayList2 = new ArrayList();
        List<RangerPolicy.RangerPolicyItem> denyExceptions = rangerPolicy.getDenyExceptions();
        RangerPolicy.RangerPolicyItem rangerPolicyItem2 = new RangerPolicy.RangerPolicyItem();
        ArrayList arrayList3 = new ArrayList();
        arrayList.add(str2);
        rangerPolicyResource.setValues(arrayList);
        RangerPolicy.RangerPolicyResource rangerPolicyResource2 = new RangerPolicy.RangerPolicyResource();
        rangerPolicyResource2.setValues(new ArrayList<String>() { // from class: org.apache.hadoop.hive.ql.exec.repl.ranger.RangerRestClientImpl.1
            {
                add("*");
            }
        });
        RangerPolicy.RangerPolicyResource rangerPolicyResource3 = new RangerPolicy.RangerPolicyResource();
        rangerPolicyResource3.setValues(new ArrayList<String>() { // from class: org.apache.hadoop.hive.ql.exec.repl.ranger.RangerRestClientImpl.2
            {
                add("*");
            }
        });
        hashMap.put("database", rangerPolicyResource);
        hashMap.put(TableSerializer.FIELD_NAME, rangerPolicyResource3);
        hashMap.put("column", rangerPolicyResource2);
        rangerPolicy.setResources(hashMap);
        Iterator it = Arrays.asList("create", "update", "drop", "alter", SortedKeyValueFile.INDEX_FILENAME, "lock", TReflectionUtils.thriftWriterFname, "ReplAdmin").iterator();
        while (it.hasNext()) {
            arrayList2.add(new RangerPolicy.RangerPolicyItemAccess((String) it.next(), true));
        }
        rangerPolicyItem.setAccesses(arrayList2);
        denyPolicyItems.add(rangerPolicyItem);
        ArrayList arrayList4 = new ArrayList();
        arrayList4.add(HiveMetaStore.PUBLIC);
        rangerPolicyItem.setGroups(arrayList4);
        rangerPolicy.setDenyPolicyItems(denyPolicyItems);
        Iterator it2 = Arrays.asList("create", "update", "drop", "alter", SortedKeyValueFile.INDEX_FILENAME, "lock", TReflectionUtils.thriftWriterFname, "ReplAdmin", "select", TReflectionUtils.thriftReaderFname).iterator();
        while (it2.hasNext()) {
            arrayList3.add(new RangerPolicy.RangerPolicyItemAccess((String) it2.next(), true));
        }
        rangerPolicyItem2.setAccesses(arrayList3);
        denyExceptions.add(rangerPolicyItem2);
        ArrayList arrayList5 = new ArrayList();
        arrayList5.add("hive");
        rangerPolicyItem2.setUsers(arrayList5);
        rangerPolicy.setDenyExceptions(denyExceptions);
        list.add(rangerPolicy);
        return list;
    }

    private WebResource.Builder getRangerResourceBuilder(String str) {
        return getRangerClient().resource(str).getRequestBuilder();
    }
}
