package org.apache.ranger.unixusersync.process;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.api.client.config.DefaultClientConfig;
import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter;
import com.sun.jersey.client.urlconnection.HTTPSProperties;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.PrivilegedAction;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.Subject;
import javax.ws.rs.core.MediaType;
import org.apache.hadoop.security.SecureClientLogin;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.apache.ranger.unixusersync.model.GetXGroupListResponse;
import org.apache.ranger.unixusersync.model.GetXUserGroupListResponse;
import org.apache.ranger.unixusersync.model.GetXUserListResponse;
import org.apache.ranger.unixusersync.model.MUserInfo;
import org.apache.ranger.unixusersync.model.UserGroupInfo;
import org.apache.ranger.unixusersync.model.XGroupInfo;
import org.apache.ranger.unixusersync.model.XUserGroupInfo;
import org.apache.ranger.unixusersync.model.XUserInfo;
import org.apache.ranger.usergroupsync.UserGroupSink;
import org.apache.ranger.usersync.util.UserSyncUtil;

/* loaded from: input_file:org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.class */
public class PolicyMgrUserGroupBuilder implements UserGroupSink {
    private static final Logger LOG = Logger.getLogger(PolicyMgrUserGroupBuilder.class);
    private static final String AUTHENTICATION_TYPE = "hadoop.security.authentication";
    private static final String PRINCIPAL = "ranger.usersync.kerberos.principal";
    private static final String KEYTAB = "ranger.usersync.kerberos.keytab";
    private static final String NAME_RULE = "hadoop.security.auth_to_local";
    public static final String PM_USER_LIST_URI = "/service/xusers/users/";
    private static final String PM_ADD_USER_URI = "/service/xusers/users/";
    private static final String PM_ADD_USER_GROUP_INFO_URI = "/service/xusers/users/userinfo";
    public static final String PM_GROUP_LIST_URI = "/service/xusers/groups/";
    private static final String PM_ADD_GROUP_URI = "/service/xusers/groups/";
    public static final String PM_USER_GROUP_MAP_LIST_URI = "/service/xusers/groupusers/";
    private static final String PM_ADD_USER_GROUP_LINK_URI = "/service/xusers/groupusers/";
    private static final String PM_DEL_USER_GROUP_LINK_URI = "/service/xusers/group/${groupName}/user/${userName}";
    private static final String PM_ADD_LOGIN_USER_URI = "/service/users/default";
    private static final String GROUP_SOURCE_EXTERNAL = "1";
    private static String LOCAL_HOSTNAME;
    private String policyMgrBaseUrl;
    String principal;
    String keytab;
    String nameRules;
    private String AUTH_KERBEROS = "kerberos";
    private String recordsToPullPerCall = "1000";
    private boolean isMockRun = false;
    private UserGroupSyncConfig config = UserGroupSyncConfig.getInstance();
    private UserGroupInfo usergroupInfo = new UserGroupInfo();
    private List<XGroupInfo> xgroupList = new ArrayList();
    private List<XUserInfo> xuserList = new ArrayList();
    private List<XUserGroupInfo> xusergroupList = new ArrayList();
    private HashMap<String, XUserInfo> userId2XUserInfoMap = new HashMap<>();
    private HashMap<String, XUserInfo> userName2XUserInfoMap = new HashMap<>();
    private HashMap<String, XGroupInfo> groupName2XGroupInfoMap = new HashMap<>();
    private String keyStoreFile = null;
    private String keyStoreFilepwd = null;
    private String trustStoreFile = null;
    private String trustStoreFilepwd = null;
    private String keyStoreType = null;
    private String trustStoreType = null;
    private HostnameVerifier hv = null;
    private SSLContext sslContext = null;
    private String authenticationType = null;

    public static void main(String[] strArr) throws Throwable {
        new PolicyMgrUserGroupBuilder().init();
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSink
    public synchronized void init() throws Throwable {
        this.recordsToPullPerCall = this.config.getMaxRecordsPerAPICall();
        this.policyMgrBaseUrl = this.config.getPolicyManagerBaseURL();
        this.isMockRun = this.config.isMockRunEnabled();
        if (this.isMockRun) {
            LOG.setLevel(Level.DEBUG);
        }
        this.keyStoreFile = this.config.getSSLKeyStorePath();
        this.keyStoreFilepwd = this.config.getSSLKeyStorePathPassword();
        this.trustStoreFile = this.config.getSSLTrustStorePath();
        this.trustStoreFilepwd = this.config.getSSLTrustStorePathPassword();
        this.keyStoreType = KeyStore.getDefaultType();
        this.trustStoreType = KeyStore.getDefaultType();
        this.authenticationType = this.config.getProperty(AUTHENTICATION_TYPE, "simple");
        try {
            this.principal = SecureClientLogin.getPrincipal(this.config.getProperty(PRINCIPAL, ""), LOCAL_HOSTNAME);
        } catch (IOException e) {
        }
        this.keytab = this.config.getProperty(KEYTAB, "");
        this.nameRules = this.config.getProperty(NAME_RULE, "DEFAULT");
        buildUserGroupInfo();
    }

    private void buildUserGroupInfo() throws Throwable {
        if (this.authenticationType != null && this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) && SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab) && LOG.isDebugEnabled()) {
            LOG.debug("==> Kerberos Environment : Principal is " + this.principal + " and Keytab is " + this.keytab);
        }
        if (this.authenticationType != null && this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) && SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            try {
                LOG.info("Using principal = " + this.principal + " and keytab = " + this.keytab);
                Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<Void>() { // from class: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public Void run() {
                        try {
                            PolicyMgrUserGroupBuilder.this.buildGroupList();
                            PolicyMgrUserGroupBuilder.this.buildUserList();
                            PolicyMgrUserGroupBuilder.this.buildUserGroupLinkList();
                            PolicyMgrUserGroupBuilder.this.rebuildUserGroupMap();
                            if (PolicyMgrUserGroupBuilder.LOG.isDebugEnabled()) {
                            }
                            return null;
                        } catch (Exception e) {
                            PolicyMgrUserGroupBuilder.LOG.error("Failed to build Group List : ", e);
                            return null;
                        }
                    }
                });
                return;
            } catch (Exception e) {
                LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
                return;
            }
        }
        buildGroupList();
        buildUserList();
        buildUserGroupLinkList();
        rebuildUserGroupMap();
        if (LOG.isDebugEnabled()) {
            print();
        }
    }

    private String getURL(String str) {
        return this.policyMgrBaseUrl + (str.startsWith("/") ? str : "/" + str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void rebuildUserGroupMap() {
        Iterator<XUserInfo> it = this.xuserList.iterator();
        while (it.hasNext()) {
            addUserToList(it.next());
        }
        Iterator<XGroupInfo> it2 = this.xgroupList.iterator();
        while (it2.hasNext()) {
            addGroupToList(it2.next());
        }
        Iterator<XUserGroupInfo> it3 = this.xusergroupList.iterator();
        while (it3.hasNext()) {
            addUserGroupToList(it3.next());
        }
    }

    private void addUserToList(XUserInfo xUserInfo) {
        if (!this.xuserList.contains(xUserInfo)) {
            this.xuserList.add(xUserInfo);
        }
        String id = xUserInfo.getId();
        if (id != null) {
            this.userId2XUserInfoMap.put(id, xUserInfo);
        }
        String name = xUserInfo.getName();
        if (name != null) {
            this.userName2XUserInfoMap.put(name, xUserInfo);
        }
    }

    private void addGroupToList(XGroupInfo xGroupInfo) {
        if (!this.xgroupList.contains(xGroupInfo)) {
            this.xgroupList.add(xGroupInfo);
        }
        if (xGroupInfo.getName() != null) {
            this.groupName2XGroupInfoMap.put(xGroupInfo.getName(), xGroupInfo);
        }
    }

    private void addUserGroupToList(XUserGroupInfo xUserGroupInfo) {
        XUserInfo xUserInfo;
        String userId = xUserGroupInfo.getUserId();
        if (userId == null || (xUserInfo = this.userId2XUserInfoMap.get(userId)) == null) {
            return;
        }
        List<String> groups = xUserInfo.getGroups();
        if (groups.contains(xUserGroupInfo.getGroupName())) {
            return;
        }
        groups.add(xUserGroupInfo.getGroupName());
    }

    private void addUserGroupInfoToList(XUserInfo xUserInfo, XGroupInfo xGroupInfo) {
        XUserInfo xUserInfo2;
        String id = xUserInfo.getId();
        if (id == null || (xUserInfo2 = this.userId2XUserInfoMap.get(id)) == null) {
            return;
        }
        List<String> groups = xUserInfo2.getGroups();
        if (groups.contains(xGroupInfo.getName())) {
            return;
        }
        groups.add(xGroupInfo.getName());
    }

    private void delUserGroupFromList(XUserInfo xUserInfo, XGroupInfo xGroupInfo) {
        List<String> groups = xUserInfo.getGroups();
        if (groups.contains(xGroupInfo.getName())) {
            groups.remove(xGroupInfo.getName());
        }
    }

    private void print() {
        LOG.debug("Number of users read [" + this.xuserList.size() + "]");
        for (XUserInfo xUserInfo : this.xuserList) {
            LOG.debug("USER: " + xUserInfo.getName());
            Iterator<String> it = xUserInfo.getGroups().iterator();
            while (it.hasNext()) {
                LOG.debug("\tGROUP: " + it.next());
            }
        }
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSink
    public void addOrUpdateUser(String str, List<String> list) {
        UserGroupInfo userGroupInfo = new UserGroupInfo();
        XUserInfo xUserInfo = this.userName2XUserInfoMap.get(str);
        if (list == null) {
            list = new ArrayList();
        }
        if (xUserInfo == null) {
            LOG.debug("INFO: addPMAccount(" + str + ")");
            if (!this.isMockRun) {
                addMUser(str);
            }
            if (this.isMockRun) {
                return;
            }
            addUserGroupInfo(str, list);
            return;
        }
        List<String> groups = xUserInfo.getGroups();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        for (String str2 : list) {
            if (groups.contains(str2)) {
                XGroupInfo xGroupInfo = this.groupName2XGroupInfoMap.get(str2);
                if (xGroupInfo != null && !GROUP_SOURCE_EXTERNAL.equals(xGroupInfo.getGroupSource())) {
                    arrayList3.add(str2);
                }
            } else {
                arrayList.add(str2);
            }
        }
        for (String str3 : groups) {
            if (!list.contains(str3)) {
                arrayList2.add(str3);
            }
        }
        Iterator<String> it = arrayList.iterator();
        while (it.hasNext()) {
            LOG.debug("INFO: addPMXAGroupToUser(" + str + "," + it.next() + ")");
        }
        if (!this.isMockRun) {
            if (!arrayList.isEmpty()) {
                userGroupInfo.setXuserInfo(addXUserInfo(str));
                userGroupInfo.setXgroupInfo(getXGroupInfoList(arrayList));
                try {
                    addUserGroupInfo(userGroupInfo);
                } catch (Throwable th) {
                    LOG.error("PolicyMgrUserGroupBuilder.addUserGroupInfo failed with exception: " + th.getMessage() + ", for user-group entry: " + userGroupInfo);
                }
            }
            addXUserGroupInfo(xUserInfo, arrayList);
        }
        Iterator<String> it2 = arrayList2.iterator();
        while (it2.hasNext()) {
            LOG.debug("INFO: delPMXAGroupFromUser(" + str + "," + it2.next() + ")");
        }
        if (!this.isMockRun) {
            delXUserGroupInfo(xUserInfo, arrayList2);
        }
        if (this.isMockRun || arrayList3.isEmpty()) {
            return;
        }
        userGroupInfo.setXuserInfo(addXUserInfo(str));
        userGroupInfo.setXgroupInfo(getXGroupInfoList(arrayList3));
        try {
            addUserGroupInfo(userGroupInfo);
        } catch (Throwable th2) {
            LOG.error("PolicyMgrUserGroupBuilder.addUserGroupInfo failed with exception: " + th2.getMessage() + ", for user-group entry: " + userGroupInfo);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void buildGroupList() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.buildGroupList");
        }
        Client client = getClient();
        int i = 100;
        int i2 = 0;
        while (i2 < i) {
            String str = (String) client.resource(getURL("/service/xusers/groups/")).queryParam("pageSize", this.recordsToPullPerCall).queryParam("startIndex", String.valueOf(i2)).accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get(String.class);
            LOG.debug("RESPONSE: [" + str + "]");
            GetXGroupListResponse getXGroupListResponse = (GetXGroupListResponse) new GsonBuilder().create().fromJson(str, GetXGroupListResponse.class);
            i = getXGroupListResponse.getTotalCount();
            if (getXGroupListResponse.getXgroupInfoList() != null) {
                this.xgroupList.addAll(getXGroupListResponse.getXgroupInfoList());
                i2 = this.xgroupList.size();
                for (XGroupInfo xGroupInfo : getXGroupListResponse.getXgroupInfoList()) {
                    LOG.debug("GROUP:  Id:" + xGroupInfo.getId() + ", Name: " + xGroupInfo.getName() + ", Description: " + xGroupInfo.getDescription());
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void buildUserList() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.buildUserList");
        }
        Client client = getClient();
        int i = 100;
        int i2 = 0;
        while (i2 < i) {
            String str = (String) client.resource(getURL("/service/xusers/users/")).queryParam("pageSize", this.recordsToPullPerCall).queryParam("startIndex", String.valueOf(i2)).accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get(String.class);
            Gson create = new GsonBuilder().create();
            LOG.debug("RESPONSE: [" + str + "]");
            GetXUserListResponse getXUserListResponse = (GetXUserListResponse) create.fromJson(str, GetXUserListResponse.class);
            i = getXUserListResponse.getTotalCount();
            if (getXUserListResponse.getXuserInfoList() != null) {
                this.xuserList.addAll(getXUserListResponse.getXuserInfoList());
                i2 = this.xuserList.size();
                for (XUserInfo xUserInfo : getXUserListResponse.getXuserInfoList()) {
                    LOG.debug("USER: Id:" + xUserInfo.getId() + ", Name: " + xUserInfo.getName() + ", Description: " + xUserInfo.getDescription());
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void buildUserGroupLinkList() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.buildUserGroupLinkList");
        }
        Client client = getClient();
        int i = 100;
        int i2 = 0;
        while (i2 < i) {
            String str = (String) client.resource(getURL("/service/xusers/groupusers/")).queryParam("pageSize", this.recordsToPullPerCall).queryParam("startIndex", String.valueOf(i2)).accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get(String.class);
            LOG.debug("RESPONSE: [" + str + "]");
            GetXUserGroupListResponse getXUserGroupListResponse = (GetXUserGroupListResponse) new GsonBuilder().create().fromJson(str, GetXUserGroupListResponse.class);
            i = getXUserGroupListResponse.getTotalCount();
            if (getXUserGroupListResponse.getXusergroupInfoList() != null) {
                this.xusergroupList.addAll(getXUserGroupListResponse.getXusergroupInfoList());
                i2 = this.xusergroupList.size();
                for (XUserGroupInfo xUserGroupInfo : getXUserGroupListResponse.getXusergroupInfoList()) {
                    LOG.debug("USER_GROUP: UserId:" + xUserGroupInfo.getUserId() + ", Name: " + xUserGroupInfo.getGroupName());
                }
            }
        }
    }

    private UserGroupInfo addUserGroupInfo(String str, List<String> list) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.addUserGroupInfo " + str + " and groups");
        }
        final UserGroupInfo userGroupInfo = null;
        XUserInfo xUserInfo = null;
        LOG.debug("INFO: addPMXAUser(" + str + ")");
        if (!this.isMockRun) {
            xUserInfo = addXUserInfo(str);
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            LOG.debug("INFO: addPMXAGroupToUser(" + str + "," + it.next() + ")");
        }
        if (!this.isMockRun) {
            addXUserGroupInfo(xUserInfo, list);
        }
        if (this.authenticationType == null || !this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) || !SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            return getUsergroupInfo(null);
        }
        try {
            return (UserGroupInfo) Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<UserGroupInfo>() { // from class: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public UserGroupInfo run() {
                    try {
                        return PolicyMgrUserGroupBuilder.this.getUsergroupInfo(userGroupInfo);
                    } catch (Exception e) {
                        PolicyMgrUserGroupBuilder.LOG.error("Failed to add User Group Info : ", e);
                        return null;
                    }
                }
            });
        } catch (Exception e) {
            LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public UserGroupInfo getUsergroupInfo(UserGroupInfo userGroupInfo) {
        WebResource resource = getClient().resource(getURL(PM_ADD_USER_GROUP_INFO_URI));
        Gson create = new GsonBuilder().create();
        String json = create.toJson(this.usergroupInfo);
        LOG.debug("USER GROUP MAPPING" + json);
        String str = (String) resource.accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, json);
        LOG.debug("RESPONSE: [" + str + "]");
        UserGroupInfo userGroupInfo2 = (UserGroupInfo) create.fromJson(str, UserGroupInfo.class);
        if (userGroupInfo2 != null) {
            XUserInfo xuserInfo = userGroupInfo2.getXuserInfo();
            addUserToList(xuserInfo);
            for (XGroupInfo xGroupInfo : userGroupInfo2.getXgroupInfo()) {
                addGroupToList(xGroupInfo);
                addUserGroupInfoToList(xuserInfo, xGroupInfo);
            }
        }
        return userGroupInfo2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void getUserGroupInfo(UserGroupInfo userGroupInfo, UserGroupInfo userGroupInfo2) {
        WebResource resource = getClient().resource(getURL(PM_ADD_USER_GROUP_INFO_URI));
        Gson create = new GsonBuilder().create();
        String json = create.toJson(userGroupInfo2);
        if (LOG.isDebugEnabled()) {
            LOG.debug("USER GROUP MAPPING" + json);
        }
        String str = null;
        try {
            str = (String) resource.accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, json);
        } catch (Throwable th) {
            LOG.error("Failed to communicate Ranger Admin : ", th);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("RESPONSE: [" + str + "]");
        }
        UserGroupInfo userGroupInfo3 = (UserGroupInfo) create.fromJson(str, UserGroupInfo.class);
        if (userGroupInfo3 != null) {
            XUserInfo xuserInfo = userGroupInfo3.getXuserInfo();
            addUserToList(xuserInfo);
            for (XGroupInfo xGroupInfo : userGroupInfo3.getXgroupInfo()) {
                addGroupToList(xGroupInfo);
                addUserGroupInfoToList(xuserInfo, xGroupInfo);
            }
        }
    }

    private void addUserGroupInfo(final UserGroupInfo userGroupInfo) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.addUserGroupInfo");
        }
        final UserGroupInfo userGroupInfo2 = null;
        if (this.authenticationType != null && this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) && SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            try {
                Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<Void>() { // from class: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.3
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public Void run() {
                        try {
                            PolicyMgrUserGroupBuilder.this.getUserGroupInfo(userGroupInfo2, userGroupInfo);
                            return null;
                        } catch (Exception e) {
                            PolicyMgrUserGroupBuilder.LOG.error("Failed to add User Group Info : ", e);
                            return null;
                        }
                    }
                });
                return;
            } catch (Exception e) {
                LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
                return;
            }
        }
        try {
            getUserGroupInfo(null, userGroupInfo);
        } catch (Throwable th) {
            LOG.error("Failed to add User Group Info : ", th);
        }
    }

    private XUserInfo addXUserInfo(String str) {
        XUserInfo xUserInfo = new XUserInfo();
        xUserInfo.setName(str);
        xUserInfo.setDescription(str + " - add from Unix box");
        this.usergroupInfo.setXuserInfo(xUserInfo);
        return xUserInfo;
    }

    private XGroupInfo addXGroupInfo(String str) {
        XGroupInfo xGroupInfo = new XGroupInfo();
        xGroupInfo.setName(str);
        xGroupInfo.setDescription(str + " - add from Unix box");
        xGroupInfo.setGroupType(GROUP_SOURCE_EXTERNAL);
        xGroupInfo.setGroupSource(GROUP_SOURCE_EXTERNAL);
        return xGroupInfo;
    }

    private void addXUserGroupInfo(XUserInfo xUserInfo, List<String> list) {
        ArrayList arrayList = new ArrayList();
        for (String str : list) {
            XGroupInfo xGroupInfo = this.groupName2XGroupInfoMap.get(str);
            if (xGroupInfo == null) {
                xGroupInfo = addXGroupInfo(str);
            }
            arrayList.add(xGroupInfo);
            addXUserGroupInfo(xUserInfo, xGroupInfo);
        }
        this.usergroupInfo.setXgroupInfo(arrayList);
    }

    private List<XGroupInfo> getXGroupInfoList(List<String> list) {
        ArrayList arrayList = new ArrayList();
        for (String str : list) {
            XGroupInfo xGroupInfo = this.groupName2XGroupInfoMap.get(str);
            if (xGroupInfo == null) {
                xGroupInfo = addXGroupInfo(str);
            } else if (!GROUP_SOURCE_EXTERNAL.equals(xGroupInfo.getGroupSource())) {
                xGroupInfo.setGroupSource(GROUP_SOURCE_EXTERNAL);
            }
            arrayList.add(xGroupInfo);
        }
        return arrayList;
    }

    private XUserGroupInfo addXUserGroupInfo(XUserInfo xUserInfo, XGroupInfo xGroupInfo) {
        XUserGroupInfo xUserGroupInfo = new XUserGroupInfo();
        xUserGroupInfo.setUserId(xUserInfo.getId());
        xUserGroupInfo.setGroupName(xGroupInfo.getName());
        return xUserGroupInfo;
    }

    private void delXUserGroupInfo(final XUserInfo xUserInfo, List<String> list) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            final XGroupInfo xGroupInfo = this.groupName2XGroupInfoMap.get(it.next());
            if (xGroupInfo != null) {
                if (this.authenticationType != null && this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) && SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
                    try {
                        LOG.info("Using principal = " + this.principal + " and keytab = " + this.keytab);
                        Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<Void>() { // from class: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.4
                            /* JADX WARN: Can't rename method to resolve collision */
                            @Override // java.security.PrivilegedAction
                            public Void run() {
                                try {
                                    PolicyMgrUserGroupBuilder.this.delXUserGroupInfo(xUserInfo, xGroupInfo);
                                    return null;
                                } catch (Exception e) {
                                    PolicyMgrUserGroupBuilder.LOG.error("Failed to build Group List : ", e);
                                    return null;
                                }
                            }
                        });
                    } catch (Exception e) {
                        LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
                    }
                } else {
                    delXUserGroupInfo(xUserInfo, xGroupInfo);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void delXUserGroupInfo(XUserInfo xUserInfo, XGroupInfo xGroupInfo) {
        String name = xGroupInfo.getName();
        String name2 = xUserInfo.getName();
        try {
            ClientResponse clientResponse = (ClientResponse) getClient().resource(getURL(PM_DEL_USER_GROUP_LINK_URI.replaceAll(Pattern.quote("${groupName}"), UserSyncUtil.encodeURIParam(name)).replaceAll(Pattern.quote("${userName}"), UserSyncUtil.encodeURIParam(name2)))).delete(ClientResponse.class);
            if (LOG.isDebugEnabled()) {
                LOG.debug("RESPONSE: [" + clientResponse.toString() + "]");
            }
            if (clientResponse.getStatus() == 200) {
                delUserGroupFromList(xUserInfo, xGroupInfo);
            }
        } catch (Exception e) {
            LOG.warn("ERROR: Unable to delete GROUP: " + name + " from USER:" + name2, e);
        }
    }

    private MUserInfo addMUser(String str) {
        final MUserInfo mUserInfo = null;
        final MUserInfo mUserInfo2 = new MUserInfo();
        mUserInfo2.setLoginId(str);
        mUserInfo2.setFirstName(str);
        mUserInfo2.setLastName(str);
        if (this.authenticationType == null || !this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) || !SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            return getMUser(mUserInfo2, null);
        }
        try {
            return (MUserInfo) Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<MUserInfo>() { // from class: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.5
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public MUserInfo run() {
                    try {
                        return PolicyMgrUserGroupBuilder.this.getMUser(mUserInfo2, mUserInfo);
                    } catch (Exception e) {
                        PolicyMgrUserGroupBuilder.LOG.error("Failed to add User : ", e);
                        return null;
                    }
                }
            });
        } catch (Exception e) {
            LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public MUserInfo getMUser(MUserInfo mUserInfo, MUserInfo mUserInfo2) {
        WebResource resource = getClient().resource(getURL(PM_ADD_LOGIN_USER_URI));
        Gson create = new GsonBuilder().create();
        String str = (String) resource.accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, create.toJson(mUserInfo));
        LOG.debug("RESPONSE[" + str + "]");
        MUserInfo mUserInfo3 = (MUserInfo) create.fromJson(str, MUserInfo.class);
        LOG.debug("MUser Creation successful " + mUserInfo3);
        return mUserInfo3;
    }

    private synchronized Client getClient() {
        Client create;
        if (this.policyMgrBaseUrl.startsWith("https://")) {
            DefaultClientConfig defaultClientConfig = new DefaultClientConfig();
            if (this.sslContext == null) {
                try {
                    KeyManager[] keyManagerArr = null;
                    TrustManager[] trustManagerArr = null;
                    if (this.keyStoreFile != null && this.keyStoreFilepwd != null) {
                        KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
                        InputStream inputStream = null;
                        try {
                            InputStream fileInputStream = getFileInputStream(this.keyStoreFile);
                            if (fileInputStream == null) {
                                LOG.error("Unable to obtain keystore from file [" + this.keyStoreFile + "]");
                                if (fileInputStream != null) {
                                    fileInputStream.close();
                                }
                                return null;
                            }
                            keyStore.load(fileInputStream, this.keyStoreFilepwd.toCharArray());
                            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                            keyManagerFactory.init(keyStore, this.keyStoreFilepwd.toCharArray());
                            keyManagerArr = keyManagerFactory.getKeyManagers();
                            if (fileInputStream != null) {
                                fileInputStream.close();
                            }
                        } catch (Throwable th) {
                            if (0 != 0) {
                                inputStream.close();
                            }
                            throw th;
                        }
                    }
                    if (this.trustStoreFile != null && this.trustStoreFilepwd != null) {
                        KeyStore keyStore2 = KeyStore.getInstance(this.trustStoreType);
                        InputStream inputStream2 = null;
                        try {
                            InputStream fileInputStream2 = getFileInputStream(this.trustStoreFile);
                            if (fileInputStream2 == null) {
                                LOG.error("Unable to obtain keystore from file [" + this.trustStoreFile + "]");
                                if (fileInputStream2 != null) {
                                    fileInputStream2.close();
                                }
                                return null;
                            }
                            keyStore2.load(fileInputStream2, this.trustStoreFilepwd.toCharArray());
                            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                            trustManagerFactory.init(keyStore2);
                            trustManagerArr = trustManagerFactory.getTrustManagers();
                            if (fileInputStream2 != null) {
                                fileInputStream2.close();
                            }
                        } catch (Throwable th2) {
                            if (0 != 0) {
                                inputStream2.close();
                            }
                            throw th2;
                        }
                    }
                    this.sslContext = SSLContext.getInstance("SSL");
                    this.sslContext.init(keyManagerArr, trustManagerArr, new SecureRandom());
                    this.hv = new HostnameVerifier() { // from class: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.6
                        @Override // javax.net.ssl.HostnameVerifier
                        public boolean verify(String str, SSLSession sSLSession) {
                            return sSLSession.getPeerHost().equals(str);
                        }
                    };
                } catch (Throwable th3) {
                    throw new RuntimeException("Unable to create SSLConext for communication to policy manager", th3);
                }
            }
            defaultClientConfig.getProperties().put("com.sun.jersey.client.impl.urlconnection.httpsProperties", new HTTPSProperties(this.hv, this.sslContext));
            create = Client.create(defaultClientConfig);
        } else {
            DefaultClientConfig defaultClientConfig2 = new DefaultClientConfig();
            defaultClientConfig2.getProperties().put("com.sun.jersey.client.property.followRedirects", true);
            create = Client.create(defaultClientConfig2);
        }
        if ((this.authenticationType == null || !this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) || !SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) && create != null) {
            String policyMgrUserName = this.config.getPolicyMgrUserName();
            String policyMgrPassword = this.config.getPolicyMgrPassword();
            if (policyMgrUserName == null || policyMgrPassword == null || policyMgrUserName.trim().isEmpty() || policyMgrPassword.trim().isEmpty()) {
                policyMgrUserName = this.config.getDefaultPolicyMgrUserName();
                policyMgrPassword = this.config.getDefaultPolicyMgrPassword();
            }
            if (policyMgrUserName != null && policyMgrPassword != null) {
                create.addFilter(new HTTPBasicAuthFilter(policyMgrUserName, policyMgrPassword));
            }
        }
        return create;
    }

    private InputStream getFileInputStream(String str) throws FileNotFoundException {
        InputStream resourceAsStream;
        File file = new File(str);
        if (file.exists()) {
            resourceAsStream = new FileInputStream(file);
        } else {
            resourceAsStream = PolicyMgrUserGroupBuilder.class.getResourceAsStream(str);
            if (resourceAsStream == null && !str.startsWith("/")) {
                resourceAsStream = getClass().getResourceAsStream("/" + str);
            }
            if (resourceAsStream == null) {
                resourceAsStream = ClassLoader.getSystemClassLoader().getResourceAsStream(str);
                if (resourceAsStream == null && !str.startsWith("/")) {
                    resourceAsStream = ClassLoader.getSystemResourceAsStream("/" + str);
                }
            }
        }
        return resourceAsStream;
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSink
    public void addOrUpdateGroup(String str) {
        XGroupInfo addGroupInfo;
        if (this.groupName2XGroupInfoMap.get(str) != null || this.isMockRun || (addGroupInfo = addGroupInfo(str)) == null) {
            return;
        }
        addGroupToList(addGroupInfo);
    }

    private XGroupInfo addGroupInfo(String str) {
        XGroupInfo xGroupInfo = null;
        LOG.debug("INFO: addPMXAGroup(" + str + ")");
        if (!this.isMockRun) {
            xGroupInfo = addXGroupInfo(str);
        }
        if (this.authenticationType == null || !this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) || !SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            return getAddedGroupInfo(xGroupInfo);
        }
        try {
            LOG.info("Using principal = " + this.principal + " and keytab = " + this.keytab);
            final XGroupInfo xGroupInfo2 = xGroupInfo;
            return (XGroupInfo) Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<XGroupInfo>() { // from class: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.7
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public XGroupInfo run() {
                    try {
                        return PolicyMgrUserGroupBuilder.this.getAddedGroupInfo(xGroupInfo2);
                    } catch (Exception e) {
                        PolicyMgrUserGroupBuilder.LOG.error("Failed to build Group List : ", e);
                        return null;
                    }
                }
            });
        } catch (Exception e) {
            LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public XGroupInfo getAddedGroupInfo(XGroupInfo xGroupInfo) {
        WebResource resource = getClient().resource(getURL("/service/xusers/groups/"));
        Gson create = new GsonBuilder().create();
        String json = create.toJson(xGroupInfo);
        LOG.debug("Group" + json);
        String str = (String) resource.accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, json);
        LOG.debug("RESPONSE: [" + str + "]");
        return (XGroupInfo) create.fromJson(str, XGroupInfo.class);
    }

    static {
        LOCAL_HOSTNAME = "unknown";
        try {
            LOCAL_HOSTNAME = InetAddress.getLocalHost().getCanonicalHostName();
        } catch (UnknownHostException e) {
            LOCAL_HOSTNAME = "unknown";
        }
    }
}
