package org.apache.atlas.security;

import com.sun.jersey.api.client.config.DefaultClientConfig;
import com.sun.jersey.client.urlconnection.HttpURLConnectionFactory;
import com.sun.jersey.client.urlconnection.URLConnectionClientHandler;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.security.GeneralSecurityException;
import java.security.PrivilegedExceptionAction;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSocketFactory;
import org.apache.atlas.AtlasException;
import org.apache.commons.configuration.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.client.ConnectionConfigurator;
import org.apache.hadoop.security.ssl.SSLFactory;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator;
import org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator;
import org.apache.hadoop.security.token.delegation.web.PseudoDelegationTokenAuthenticator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/atlas/security/SecureClientUtils.class */
public class SecureClientUtils {
    public static final int DEFAULT_SOCKET_TIMEOUT = 60000;
    private static final Logger LOG;
    private static final ConnectionConfigurator DEFAULT_TIMEOUT_CONN_CONFIGURATOR;
    static final /* synthetic */ boolean $assertionsDisabled;

    public static URLConnectionClientHandler getClientConnectionHandler(DefaultClientConfig defaultClientConfig, Configuration configuration, final String str, UserGroupInformation userGroupInformation) {
        UserGroupInformation currentUser;
        defaultClientConfig.getProperties().put("com.sun.jersey.client.property.httpUrlConnectionSetMethodWorkaround", true);
        org.apache.hadoop.conf.Configuration configuration2 = new org.apache.hadoop.conf.Configuration();
        configuration2.addResource(configuration2.get("hadoop.ssl.client.conf", SecurityProperties.SSL_CLIENT_PROPERTIES));
        UserGroupInformation.setConfiguration(configuration2);
        final ConnectionConfigurator newConnConfigurator = newConnConfigurator(configuration2);
        String string = configuration != null ? configuration.getString("atlas.http.authentication.type", "simple") : "simple";
        KerberosDelegationTokenAuthenticator pseudoDelegationTokenAuthenticator = new PseudoDelegationTokenAuthenticator();
        if (!string.equals("simple")) {
            pseudoDelegationTokenAuthenticator = new KerberosDelegationTokenAuthenticator();
        }
        pseudoDelegationTokenAuthenticator.setConnectionConfigurator(newConnConfigurator);
        final DelegationTokenAuthenticator delegationTokenAuthenticator = (DelegationTokenAuthenticator) pseudoDelegationTokenAuthenticator;
        final DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token();
        HttpURLConnectionFactory httpURLConnectionFactory = null;
        if (userGroupInformation != null) {
            currentUser = userGroupInformation;
        } else {
            try {
                currentUser = UserGroupInformation.getCurrentUser();
            } catch (IOException e) {
                LOG.warn("Error obtaining user", e);
            }
        }
        UserGroupInformation userGroupInformation2 = currentUser;
        final UserGroupInformation realUser = userGroupInformation2.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY ? userGroupInformation2.getRealUser() : userGroupInformation2;
        LOG.info("Real User: {}, is from ticket cache? {}", realUser, Boolean.valueOf(UserGroupInformation.isLoginTicketBased()));
        LOG.info("doAsUser: {}", str);
        httpURLConnectionFactory = new HttpURLConnectionFactory() { // from class: org.apache.atlas.security.SecureClientUtils.1
            public HttpURLConnection getHttpURLConnection(final URL url) throws IOException {
                try {
                    return (HttpURLConnection) realUser.doAs(new PrivilegedExceptionAction<HttpURLConnection>() { // from class: org.apache.atlas.security.SecureClientUtils.1.1
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedExceptionAction
                        public HttpURLConnection run() throws Exception {
                            try {
                                return new DelegationTokenAuthenticatedURL(delegationTokenAuthenticator, newConnConfigurator).openConnection(url, token, str);
                            } catch (Exception e2) {
                                throw new IOException(e2);
                            }
                        }
                    });
                } catch (Exception e2) {
                    if (e2 instanceof IOException) {
                        throw ((IOException) e2);
                    }
                    throw new IOException(e2);
                }
            }
        };
        return new URLConnectionClientHandler(httpURLConnectionFactory);
    }

    private static ConnectionConfigurator newConnConfigurator(org.apache.hadoop.conf.Configuration configuration) {
        try {
            return newSslConnConfigurator(DEFAULT_SOCKET_TIMEOUT, configuration);
        } catch (Exception e) {
            LOG.debug("Cannot load customized ssl related configuration. Fallback to system-generic settings.", e);
            return DEFAULT_TIMEOUT_CONN_CONFIGURATOR;
        }
    }

    private static ConnectionConfigurator newSslConnConfigurator(final int i, org.apache.hadoop.conf.Configuration configuration) throws IOException, GeneralSecurityException {
        SSLFactory sSLFactory = new SSLFactory(SSLFactory.Mode.CLIENT, configuration);
        sSLFactory.init();
        final SSLSocketFactory createSSLSocketFactory = sSLFactory.createSSLSocketFactory();
        final HostnameVerifier hostnameVerifier = sSLFactory.getHostnameVerifier();
        return new ConnectionConfigurator() { // from class: org.apache.atlas.security.SecureClientUtils.3
            public HttpURLConnection configure(HttpURLConnection httpURLConnection) throws IOException {
                if (httpURLConnection instanceof HttpsURLConnection) {
                    HttpsURLConnection httpsURLConnection = (HttpsURLConnection) httpURLConnection;
                    httpsURLConnection.setSSLSocketFactory(createSSLSocketFactory);
                    httpsURLConnection.setHostnameVerifier(hostnameVerifier);
                }
                SecureClientUtils.setTimeouts(httpURLConnection, i);
                return httpURLConnection;
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void setTimeouts(URLConnection uRLConnection, int i) {
        uRLConnection.setConnectTimeout(i);
        uRLConnection.setReadTimeout(i);
    }

    private static File getSSLClientFile() throws AtlasException {
        File file;
        String property = System.getProperty("atlas.conf");
        try {
            if (property == null) {
                String str = null;
                URL resource = SecureClientUtils.class.getResource("/");
                if (resource != null) {
                    str = resource.toURI().getPath();
                }
                if (!$assertionsDisabled && str == null) {
                    throw new AssertionError();
                }
                file = new File(str);
            } else {
                file = new File(property);
            }
            LOG.info("ssl-client.xml will be created in {}", file);
            return new File(file, SecurityProperties.SSL_CLIENT_PROPERTIES);
        } catch (Exception e) {
            throw new AtlasException("Failed to find client configuration directory", e);
        }
    }

    public static void persistSSLClientConfiguration(Configuration configuration) throws AtlasException, IOException {
        org.apache.hadoop.conf.Configuration configuration2 = new org.apache.hadoop.conf.Configuration(false);
        File sSLClientFile = getSSLClientFile();
        if (sSLClientFile.exists()) {
            return;
        }
        configuration2.set("ssl.client.truststore.type", "jks");
        configuration2.set("ssl.client.truststore.location", configuration.getString(SecurityProperties.TRUSTSTORE_FILE_KEY));
        if (configuration.getBoolean(SecurityProperties.CLIENT_AUTH_KEY, false)) {
            configuration2.set("ssl.client.keystore.location", configuration.getString(SecurityProperties.KEYSTORE_FILE_KEY));
            configuration2.set("ssl.client.keystore.type", "jks");
        }
        configuration2.set("hadoop.security.credential.provider.path", configuration.getString(SecurityProperties.CERT_STORES_CREDENTIAL_PROVIDER_PATH));
        String string = configuration.getString("hadoop.ssl.hostname.verifier");
        if (string != null) {
            configuration2.set("hadoop.ssl.hostname.verifier", string);
        }
        configuration2.writeXml(new FileWriter(sSLClientFile));
    }

    static {
        $assertionsDisabled = !SecureClientUtils.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger(SecureClientUtils.class);
        DEFAULT_TIMEOUT_CONN_CONFIGURATOR = new ConnectionConfigurator() { // from class: org.apache.atlas.security.SecureClientUtils.2
            public HttpURLConnection configure(HttpURLConnection httpURLConnection) throws IOException {
                SecureClientUtils.setTimeouts(httpURLConnection, SecureClientUtils.DEFAULT_SOCKET_TIMEOUT);
                return httpURLConnection;
            }
        };
    }
}
