package org.apache.ranger.ldapusersync.process;

import com.google.common.collect.Table;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.api.client.config.DefaultClientConfig;
import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter;
import com.sun.jersey.client.urlconnection.HTTPSProperties;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.PrivilegedAction;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.Subject;
import javax.ws.rs.core.MediaType;
import org.apache.hadoop.security.SecureClientLogin;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.apache.ranger.unixusersync.model.GroupUserInfo;
import org.apache.ranger.unixusersync.model.MUserInfo;
import org.apache.ranger.unixusersync.model.UgsyncAuditInfo;
import org.apache.ranger.unixusersync.model.UserGroupInfo;
import org.apache.ranger.unixusersync.model.XGroupInfo;
import org.apache.ranger.unixusersync.model.XUserGroupInfo;
import org.apache.ranger.unixusersync.model.XUserInfo;
import org.apache.ranger.usergroupsync.UserGroupSink;
import org.apache.ranger.usersync.util.UserSyncUtil;

/* loaded from: input_file:org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.class */
public class LdapPolicyMgrUserGroupBuilder implements UserGroupSink {
    private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder.class);
    private static final String AUTHENTICATION_TYPE = "hadoop.security.authentication";
    private static final String PRINCIPAL = "ranger.usersync.kerberos.principal";
    private static final String KEYTAB = "ranger.usersync.kerberos.keytab";
    private static final String NAME_RULE = "hadoop.security.auth_to_local";
    public static final String PM_USER_LIST_URI = "/service/xusers/users/";
    private static final String PM_ADD_USER_GROUP_INFO_URI = "/service/xusers/users/userinfo";
    private static final String PM_ADD_GROUP_USER_INFO_URI = "/service/xusers/groups/groupinfo";
    public static final String PM_GROUP_LIST_URI = "/service/xusers/groups/";
    private static final String PM_ADD_GROUP_URI = "/service/xusers/groups/";
    private static final String PM_DEL_USER_GROUP_LINK_URI = "/service/xusers/group/${groupName}/user/${userName}";
    public static final String PM_USER_GROUP_MAP_LIST_URI = "/service/xusers/groupusers/";
    public static final String PM_GET_GROUP_USER_MAP_LIST_URI = "/service/xusers/groupusers/groupName/${groupName}";
    private static final String PM_ADD_LOGIN_USER_URI = "/service/users/default";
    private static final String PM_AUDIT_INFO_URI = "/service/xusers/ugsync/auditinfo/";
    private static final String GROUP_SOURCE_EXTERNAL = "1";
    private static String LOCAL_HOSTNAME;
    private String policyMgrBaseUrl;
    Table<String, String, String> groupsUsersTable;
    String principal;
    String keytab;
    String nameRules;
    private String AUTH_KERBEROS = "kerberos";
    private boolean isMockRun = false;
    private UserGroupSyncConfig config = UserGroupSyncConfig.getInstance();
    private UserGroupInfo usergroupInfo = new UserGroupInfo();
    private GroupUserInfo groupuserInfo = new GroupUserInfo();
    private String keyStoreFile = null;
    private String keyStoreFilepwd = null;
    private String trustStoreFile = null;
    private String trustStoreFilepwd = null;
    private String keyStoreType = null;
    private String trustStoreType = null;
    private HostnameVerifier hv = null;
    private SSLContext sslContext = null;
    private String authenticationType = null;
    Map<String, String> userMap = new LinkedHashMap();
    Map<String, String> groupMap = new LinkedHashMap();

    @Override // org.apache.ranger.usergroupsync.UserGroupSink
    public synchronized void init() throws Throwable {
        this.policyMgrBaseUrl = this.config.getPolicyManagerBaseURL();
        this.isMockRun = this.config.isMockRunEnabled();
        if (this.isMockRun) {
            LOG.setLevel(Level.DEBUG);
        }
        this.keyStoreFile = this.config.getSSLKeyStorePath();
        this.keyStoreFilepwd = this.config.getSSLKeyStorePathPassword();
        this.trustStoreFile = this.config.getSSLTrustStorePath();
        this.trustStoreFilepwd = this.config.getSSLTrustStorePathPassword();
        this.keyStoreType = KeyStore.getDefaultType();
        this.trustStoreType = KeyStore.getDefaultType();
        this.authenticationType = this.config.getProperty(AUTHENTICATION_TYPE, "simple");
        try {
            this.principal = SecureClientLogin.getPrincipal(this.config.getProperty(PRINCIPAL, ""), LOCAL_HOSTNAME);
        } catch (IOException e) {
        }
        this.keytab = this.config.getProperty(KEYTAB, "");
        this.nameRules = this.config.getProperty(NAME_RULE, "DEFAULT");
        String groupRoleRules = this.config.getGroupRoleRules();
        if (groupRoleRules == null || groupRoleRules.isEmpty()) {
            return;
        }
        getRoleForUserGroups(groupRoleRules);
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSink
    public void addOrUpdateUser(String str, List<String> list) throws Throwable {
        if (this.isMockRun || addUserGroupInfo(str, list) != null) {
            return;
        }
        LOG.error("Failed to add addorUpdate user group info");
        throw new Exception("Failed to add addorUpdate user group info");
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSink
    public void addOrUpdateGroup(String str) throws Throwable {
        if (this.isMockRun || addGroupInfo(str) != null) {
            return;
        }
        LOG.error("Failed to add addorUpdate group info");
        throw new Exception("Failed to add addorUpdate group info");
    }

    private XGroupInfo addGroupInfo(String str) {
        XGroupInfo xGroupInfo = null;
        LOG.debug("INFO: addPMXAGroup(" + str + ")");
        if (!this.isMockRun) {
            xGroupInfo = addXGroupInfo(str);
        }
        if (this.authenticationType == null || !this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) || !SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            return getAddedGroupInfo(xGroupInfo);
        }
        try {
            LOG.info("Using principal = " + this.principal + " and keytab = " + this.keytab);
            final XGroupInfo xGroupInfo2 = xGroupInfo;
            return (XGroupInfo) Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<XGroupInfo>() { // from class: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public XGroupInfo run() {
                    try {
                        return LdapPolicyMgrUserGroupBuilder.this.getAddedGroupInfo(xGroupInfo2);
                    } catch (Exception e) {
                        LdapPolicyMgrUserGroupBuilder.LOG.error("Failed to build Group List : ", e);
                        return null;
                    }
                }
            });
        } catch (Exception e) {
            LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
            return null;
        }
    }

    private XGroupInfo addXGroupInfo(String str) {
        XGroupInfo xGroupInfo = new XGroupInfo();
        xGroupInfo.setName(str);
        xGroupInfo.setDescription(str + " - add from Unix box");
        xGroupInfo.setGroupType(GROUP_SOURCE_EXTERNAL);
        xGroupInfo.setGroupSource(GROUP_SOURCE_EXTERNAL);
        this.groupuserInfo.setXgroupInfo(xGroupInfo);
        return xGroupInfo;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public XGroupInfo getAddedGroupInfo(XGroupInfo xGroupInfo) {
        WebResource resource = getClient().resource(getURL("/service/xusers/groups/"));
        Gson create = new GsonBuilder().create();
        String json = create.toJson(xGroupInfo);
        LOG.debug("Group" + json);
        String str = (String) resource.accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, json);
        LOG.debug("RESPONSE: [" + str + "]");
        return (XGroupInfo) create.fromJson(str, XGroupInfo.class);
    }

    public static void main(String[] strArr) throws Throwable {
        new LdapPolicyMgrUserGroupBuilder().init();
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSink
    public void addOrUpdateUser(String str) throws Throwable {
        LOG.debug("INFO: addPMAccount(" + str + ")");
        if (!this.isMockRun && addMUser(str) == null) {
            LOG.error("Failed to add portal user");
            throw new Exception("Failed to add portal user");
        }
        ArrayList arrayList = new ArrayList();
        if (this.isMockRun || addUserGroupInfo(str, arrayList) != null) {
            return;
        }
        LOG.error("Failed to add addorUpdate user group info");
        throw new Exception("Failed to add addorUpdate user group info");
    }

    private UserGroupInfo addUserGroupInfo(String str, List<String> list) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> LdapPolicyMgrUserGroupBuilder.addUserGroupInfo " + str + " and groups");
        }
        final UserGroupInfo userGroupInfo = null;
        XUserInfo xUserInfo = null;
        LOG.debug("INFO: addPMXAUser(" + str + ")");
        if (!this.isMockRun) {
            xUserInfo = addXUserInfo(str);
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            LOG.debug("INFO: addPMXAGroupToUser(" + str + "," + it.next() + ")");
        }
        if (!this.isMockRun) {
            addXUserGroupInfo(xUserInfo, list);
        }
        if (this.authenticationType == null || !this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) || !SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            return getUsergroupInfo(null);
        }
        try {
            return (UserGroupInfo) Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<UserGroupInfo>() { // from class: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public UserGroupInfo run() {
                    try {
                        return LdapPolicyMgrUserGroupBuilder.this.getUsergroupInfo(userGroupInfo);
                    } catch (Exception e) {
                        LdapPolicyMgrUserGroupBuilder.LOG.error("Failed to add User Group Info : ", e);
                        return null;
                    }
                }
            });
        } catch (Exception e) {
            LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
            return null;
        }
    }

    private XUserInfo addXUserInfo(String str) {
        XUserInfo xUserInfo = new XUserInfo();
        xUserInfo.setName(str);
        xUserInfo.setDescription(str + " - add from Unix box");
        if (this.userMap.containsKey(str)) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(this.userMap.get(str));
            xUserInfo.setUserRoleList(arrayList);
        }
        this.usergroupInfo.setXuserInfo(xUserInfo);
        return xUserInfo;
    }

    private void addXUserGroupInfo(XUserInfo xUserInfo, List<String> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            XGroupInfo addXGroupInfo = addXGroupInfo(it.next());
            arrayList.add(addXGroupInfo);
            addXUserGroupInfo(xUserInfo, addXGroupInfo);
        }
        this.usergroupInfo.setXgroupInfo(arrayList);
    }

    private XUserGroupInfo addXUserGroupInfo(XUserInfo xUserInfo, XGroupInfo xGroupInfo) {
        XUserGroupInfo xUserGroupInfo = new XUserGroupInfo();
        xUserGroupInfo.setUserId(xUserInfo.getId());
        xUserGroupInfo.setGroupName(xGroupInfo.getName());
        return xUserGroupInfo;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public UserGroupInfo getUsergroupInfo(UserGroupInfo userGroupInfo) {
        WebResource resource = getClient().resource(getURL(PM_ADD_USER_GROUP_INFO_URI));
        Gson create = new GsonBuilder().create();
        String json = create.toJson(this.usergroupInfo);
        LOG.debug("USER GROUP MAPPING" + json);
        String str = (String) resource.accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, json);
        LOG.debug("RESPONSE: [" + str + "]");
        return (UserGroupInfo) create.fromJson(str, UserGroupInfo.class);
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSink
    public void addOrUpdateGroup(final String str, List<String> list) throws Throwable {
        LOG.debug("addOrUpdateGroup for " + str + " with users: " + list);
        GroupUserInfo groupUserInfo = null;
        if (this.authenticationType != null && this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) && SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            try {
                LOG.info("Using principal = " + this.principal + " and keytab = " + this.keytab);
                groupUserInfo = (GroupUserInfo) Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<GroupUserInfo>() { // from class: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.3
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public GroupUserInfo run() {
                        try {
                            return LdapPolicyMgrUserGroupBuilder.this.getGroupUserInfo(str);
                        } catch (Exception e) {
                            LdapPolicyMgrUserGroupBuilder.LOG.error("Failed to build Group List : ", e);
                            return null;
                        }
                    }
                });
            } catch (Exception e) {
                LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
            }
        } else {
            groupUserInfo = getGroupUserInfo(str);
        }
        ArrayList<String> arrayList = new ArrayList();
        HashMap hashMap = new HashMap();
        if (groupUserInfo != null && groupUserInfo.getXuserInfo() != null) {
            for (XUserInfo xUserInfo : groupUserInfo.getXuserInfo()) {
                arrayList.add(xUserInfo.getName());
                hashMap.put(xUserInfo.getName(), xUserInfo.getUserRoleList());
            }
            LOG.debug("Returned users for group " + groupUserInfo.getXgroupInfo().getName() + " are: " + arrayList);
        }
        List<String> arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        for (String str2 : arrayList) {
            if (!list.contains(str2)) {
                arrayList3.add(str2);
            }
        }
        if (arrayList.isEmpty()) {
            arrayList2 = list;
        } else {
            for (String str3 : list) {
                if (!arrayList.contains(str3) || !((List) hashMap.get(str3)).contains(this.groupMap.get(str))) {
                    arrayList2.add(str3);
                }
            }
        }
        LOG.debug("addUsers = " + arrayList2);
        delXGroupUserInfo(str, arrayList3);
        if (this.isMockRun || addGroupUserInfo(str, arrayList2) != null) {
            return;
        }
        LOG.error("Failed to add addorUpdate group user info");
        throw new Exception("Failed to add addorUpdate group user info");
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSink
    public void postUserGroupAuditInfo(UgsyncAuditInfo ugsyncAuditInfo) throws Throwable {
        if (this.isMockRun) {
            return;
        }
        addUserGroupAuditInfo(ugsyncAuditInfo);
    }

    private void addUserGroupAuditInfo(final UgsyncAuditInfo ugsyncAuditInfo) {
        LOG.debug("INFO: addAuditInfo(" + ugsyncAuditInfo.getNoOfNewUsers() + ", " + ugsyncAuditInfo.getNoOfNewGroups() + ", " + ugsyncAuditInfo.getNoOfModifiedUsers() + ", " + ugsyncAuditInfo.getNoOfModifiedGroups() + ", " + ugsyncAuditInfo.getSyncSource() + ")");
        if (this.authenticationType == null || !this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) || !SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            getUserGroupAuditInfo(ugsyncAuditInfo);
            return;
        }
        try {
            Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<Void>() { // from class: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Void run() {
                    try {
                        LdapPolicyMgrUserGroupBuilder.this.getUserGroupAuditInfo(ugsyncAuditInfo);
                        return null;
                    } catch (Exception e) {
                        LdapPolicyMgrUserGroupBuilder.LOG.error("Failed to add User : ", e);
                        return null;
                    }
                }
            });
        } catch (Exception e) {
            LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void getUserGroupAuditInfo(UgsyncAuditInfo ugsyncAuditInfo) {
        WebResource resource = getClient().resource(getURL(PM_AUDIT_INFO_URI));
        Gson create = new GsonBuilder().create();
        String str = (String) resource.accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, create.toJson(ugsyncAuditInfo));
        LOG.debug("RESPONSE[" + str + "]");
        create.fromJson(str, UgsyncAuditInfo.class);
        LOG.debug("AuditInfo Creation successful ");
    }

    private void delXGroupUserInfo(final String str, List<String> list) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> LdapPolicyMgrUserGroupBuilder.delXGroupUserInfo " + str + " and " + list);
        }
        for (final String str2 : list) {
            if (this.authenticationType != null && this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) && SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
                try {
                    LOG.info("Using principal = " + this.principal + " and keytab = " + this.keytab);
                    Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<Void>() { // from class: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.5
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedAction
                        public Void run() {
                            try {
                                LdapPolicyMgrUserGroupBuilder.this.delXGroupUserInfo(str, str2);
                                return null;
                            } catch (Exception e) {
                                LdapPolicyMgrUserGroupBuilder.LOG.error("Failed to build Group List : ", e);
                                return null;
                            }
                        }
                    });
                } catch (Exception e) {
                    LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
                }
            } else {
                delXGroupUserInfo(str, str2);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void delXGroupUserInfo(String str, String str2) {
        try {
            ClientResponse clientResponse = (ClientResponse) getClient().resource(getURL(PM_DEL_USER_GROUP_LINK_URI.replaceAll(Pattern.quote("${groupName}"), UserSyncUtil.encodeURIParam(str)).replaceAll(Pattern.quote("${userName}"), UserSyncUtil.encodeURIParam(str2)))).delete(ClientResponse.class);
            if (LOG.isDebugEnabled()) {
                LOG.debug("RESPONSE: [" + clientResponse.toString() + "]");
            }
        } catch (Exception e) {
            LOG.warn("ERROR: Unable to delete GROUP: " + str + " from USER:" + str2, e);
        }
    }

    private GroupUserInfo addGroupUserInfo(String str, List<String> list) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> LdapPolicyMgrUserGroupBuilder.addGroupUserInfo " + str + " and " + list);
        }
        final GroupUserInfo groupUserInfo = null;
        XGroupInfo xGroupInfo = null;
        LOG.debug("INFO: addPMXAGroup(" + str + ")");
        if (!this.isMockRun) {
            xGroupInfo = addXGroupInfo(str);
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            LOG.debug("INFO: addPMXAGroupToUser(" + str + "," + it.next() + ")");
        }
        if (!this.isMockRun) {
            addXGroupUserInfo(xGroupInfo, list);
        }
        if (this.authenticationType == null || !this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) || !SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            return getGroupUserInfo((GroupUserInfo) null);
        }
        try {
            return (GroupUserInfo) Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<GroupUserInfo>() { // from class: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.6
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public GroupUserInfo run() {
                    try {
                        return LdapPolicyMgrUserGroupBuilder.this.getGroupUserInfo(groupUserInfo);
                    } catch (Exception e) {
                        LdapPolicyMgrUserGroupBuilder.LOG.error("Failed to add User Group Info : ", e);
                        return null;
                    }
                }
            });
        } catch (Exception e) {
            LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
            return null;
        }
    }

    private void addXGroupUserInfo(XGroupInfo xGroupInfo, List<String> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            XUserInfo addXUserInfo = addXUserInfo(it.next());
            arrayList.add(addXUserInfo);
            addXUserGroupInfo(addXUserInfo, xGroupInfo);
        }
        this.groupuserInfo.setXuserInfo(arrayList);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public GroupUserInfo getGroupUserInfo(GroupUserInfo groupUserInfo) {
        WebResource resource = getClient().resource(getURL(PM_ADD_GROUP_USER_INFO_URI));
        Gson create = new GsonBuilder().create();
        if (this.groupuserInfo != null && this.groupuserInfo.getXgroupInfo() != null && this.groupuserInfo.getXuserInfo() != null && this.groupMap.containsKey(this.groupuserInfo.getXgroupInfo().getName()) && this.groupuserInfo.getXuserInfo().size() > 0) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(this.groupMap.get(this.groupuserInfo.getXgroupInfo().getName()));
            int size = this.groupuserInfo.getXuserInfo().size();
            for (int i = 0; i < size; i++) {
                if (this.userMap.containsKey(this.groupuserInfo.getXuserInfo().get(i).getName())) {
                    ArrayList arrayList2 = new ArrayList();
                    arrayList2.add(this.userMap.get(this.groupuserInfo.getXuserInfo().get(i).getName()));
                    this.groupuserInfo.getXuserInfo().get(i).setUserRoleList(arrayList2);
                } else {
                    this.groupuserInfo.getXuserInfo().get(i).setUserRoleList(arrayList);
                }
            }
        }
        String json = create.toJson(this.groupuserInfo);
        LOG.debug("GROUP USER MAPPING" + json);
        String str = (String) resource.accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, json);
        LOG.debug("RESPONSE: [" + str + "]");
        return (GroupUserInfo) create.fromJson(str, GroupUserInfo.class);
    }

    private MUserInfo addMUser(String str) {
        final MUserInfo mUserInfo = null;
        final MUserInfo mUserInfo2 = new MUserInfo();
        mUserInfo2.setLoginId(str);
        mUserInfo2.setFirstName(str);
        mUserInfo2.setLastName(str);
        String[] strArr = new String[1];
        if (this.userMap.containsKey(str)) {
            strArr[0] = this.userMap.get(str);
        }
        mUserInfo2.setUserRoleList(strArr);
        if (this.authenticationType == null || !this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) || !SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            return getMUser(mUserInfo2, null);
        }
        try {
            return (MUserInfo) Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<MUserInfo>() { // from class: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.7
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public MUserInfo run() {
                    try {
                        return LdapPolicyMgrUserGroupBuilder.this.getMUser(mUserInfo2, mUserInfo);
                    } catch (Exception e) {
                        LdapPolicyMgrUserGroupBuilder.LOG.error("Failed to add User : ", e);
                        return null;
                    }
                }
            });
        } catch (Exception e) {
            LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public MUserInfo getMUser(MUserInfo mUserInfo, MUserInfo mUserInfo2) {
        WebResource resource = getClient().resource(getURL(PM_ADD_LOGIN_USER_URI));
        Gson create = new GsonBuilder().create();
        String str = (String) resource.accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, create.toJson(mUserInfo));
        LOG.debug("RESPONSE[" + str + "]");
        MUserInfo mUserInfo3 = (MUserInfo) create.fromJson(str, MUserInfo.class);
        LOG.debug("MUser Creation successful " + mUserInfo3);
        return mUserInfo3;
    }

    public GroupUserInfo getGroupUserInfo(String str) {
        GroupUserInfo groupUserInfo = null;
        try {
            Client client = getClient();
            String replaceAll = PM_GET_GROUP_USER_MAP_LIST_URI.replaceAll(Pattern.quote("${groupName}"), UserSyncUtil.encodeURIParam(str));
            String str2 = (String) client.resource(getURL(replaceAll)).accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get(String.class);
            Gson create = new GsonBuilder().create();
            LOG.debug("RESPONSE for " + replaceAll + ": [" + str2 + "]");
            groupUserInfo = (GroupUserInfo) create.fromJson(str2, GroupUserInfo.class);
        } catch (Exception e) {
            LOG.warn("ERROR: Unable to get group user mappings for: " + str, e);
        }
        return groupUserInfo;
    }

    private String getURL(String str) {
        return this.policyMgrBaseUrl + (str.startsWith("/") ? str : "/" + str);
    }

    private synchronized Client getClient() {
        Client create;
        if (this.policyMgrBaseUrl.startsWith("https://")) {
            DefaultClientConfig defaultClientConfig = new DefaultClientConfig();
            if (this.sslContext == null) {
                try {
                    KeyManager[] keyManagerArr = null;
                    TrustManager[] trustManagerArr = null;
                    if (this.keyStoreFile != null && this.keyStoreFilepwd != null) {
                        KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
                        InputStream inputStream = null;
                        try {
                            InputStream fileInputStream = getFileInputStream(this.keyStoreFile);
                            if (fileInputStream == null) {
                                LOG.error("Unable to obtain keystore from file [" + this.keyStoreFile + "]");
                                if (fileInputStream != null) {
                                    fileInputStream.close();
                                }
                                return null;
                            }
                            keyStore.load(fileInputStream, this.keyStoreFilepwd.toCharArray());
                            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                            keyManagerFactory.init(keyStore, this.keyStoreFilepwd.toCharArray());
                            keyManagerArr = keyManagerFactory.getKeyManagers();
                            if (fileInputStream != null) {
                                fileInputStream.close();
                            }
                        } catch (Throwable th) {
                            if (0 != 0) {
                                inputStream.close();
                            }
                            throw th;
                        }
                    }
                    if (this.trustStoreFile != null && this.trustStoreFilepwd != null) {
                        KeyStore keyStore2 = KeyStore.getInstance(this.trustStoreType);
                        InputStream inputStream2 = null;
                        try {
                            InputStream fileInputStream2 = getFileInputStream(this.trustStoreFile);
                            if (fileInputStream2 == null) {
                                LOG.error("Unable to obtain keystore from file [" + this.trustStoreFile + "]");
                                if (fileInputStream2 != null) {
                                    fileInputStream2.close();
                                }
                                return null;
                            }
                            keyStore2.load(fileInputStream2, this.trustStoreFilepwd.toCharArray());
                            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                            trustManagerFactory.init(keyStore2);
                            trustManagerArr = trustManagerFactory.getTrustManagers();
                            if (fileInputStream2 != null) {
                                fileInputStream2.close();
                            }
                        } catch (Throwable th2) {
                            if (0 != 0) {
                                inputStream2.close();
                            }
                            throw th2;
                        }
                    }
                    this.sslContext = SSLContext.getInstance("SSL");
                    this.sslContext.init(keyManagerArr, trustManagerArr, new SecureRandom());
                    this.hv = new HostnameVerifier() { // from class: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.8
                        @Override // javax.net.ssl.HostnameVerifier
                        public boolean verify(String str, SSLSession sSLSession) {
                            return sSLSession.getPeerHost().equals(str);
                        }
                    };
                } catch (Throwable th3) {
                    throw new RuntimeException("Unable to create SSLConext for communication to policy manager", th3);
                }
            }
            defaultClientConfig.getProperties().put("com.sun.jersey.client.impl.urlconnection.httpsProperties", new HTTPSProperties(this.hv, this.sslContext));
            create = Client.create(defaultClientConfig);
        } else {
            DefaultClientConfig defaultClientConfig2 = new DefaultClientConfig();
            defaultClientConfig2.getProperties().put("com.sun.jersey.client.property.followRedirects", true);
            create = Client.create(defaultClientConfig2);
        }
        if ((this.authenticationType == null || !this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) || !SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) && create != null) {
            String policyMgrUserName = this.config.getPolicyMgrUserName();
            String policyMgrPassword = this.config.getPolicyMgrPassword();
            if (policyMgrUserName != null && !policyMgrUserName.trim().isEmpty() && policyMgrPassword != null && !policyMgrPassword.trim().isEmpty()) {
                create.addFilter(new HTTPBasicAuthFilter(policyMgrUserName, policyMgrPassword));
            }
        }
        return create;
    }

    private InputStream getFileInputStream(String str) throws FileNotFoundException {
        InputStream resourceAsStream;
        File file = new File(str);
        if (file.exists()) {
            resourceAsStream = new FileInputStream(file);
        } else {
            resourceAsStream = LdapPolicyMgrUserGroupBuilder.class.getResourceAsStream(str);
            if (resourceAsStream == null && !str.startsWith("/")) {
                resourceAsStream = getClass().getResourceAsStream("/" + str);
            }
            if (resourceAsStream == null) {
                resourceAsStream = ClassLoader.getSystemClassLoader().getResourceAsStream(str);
                if (resourceAsStream == null && !str.startsWith("/")) {
                    resourceAsStream = ClassLoader.getSystemResourceAsStream("/" + str);
                }
            }
        }
        return resourceAsStream;
    }

    private void getRoleForUserGroups(String str) {
        StringTokenizer stringTokenizer;
        String roleDelimiter = this.config.getRoleDelimiter();
        String userGroupDelimiter = this.config.getUserGroupDelimiter();
        String userGroupNameDelimiter = this.config.getUserGroupNameDelimiter();
        if (roleDelimiter == null || roleDelimiter.isEmpty()) {
            roleDelimiter = "&";
        }
        if (userGroupDelimiter == null || userGroupDelimiter.isEmpty()) {
            userGroupDelimiter = ":";
        }
        if (userGroupNameDelimiter == null || userGroupNameDelimiter.isEmpty()) {
            userGroupNameDelimiter = ",";
        }
        StringTokenizer stringTokenizer2 = new StringTokenizer(str, roleDelimiter);
        String str2 = null;
        String str3 = null;
        while (stringTokenizer2.hasMoreTokens()) {
            int i = 0;
            String nextToken = stringTokenizer2.nextToken();
            if (nextToken != null && !nextToken.isEmpty() && (stringTokenizer = new StringTokenizer(nextToken, userGroupDelimiter)) != null) {
                while (stringTokenizer.hasMoreElements()) {
                    String nextToken2 = stringTokenizer.nextToken();
                    if (nextToken2 != null && !nextToken2.isEmpty()) {
                        i++;
                        switch (i) {
                            case 1:
                                str3 = nextToken2;
                                break;
                            case 2:
                                str2 = nextToken2;
                                break;
                            case 3:
                                StringTokenizer stringTokenizer3 = new StringTokenizer(nextToken2, userGroupNameDelimiter);
                                if (stringTokenizer3 == null) {
                                    break;
                                } else {
                                    while (stringTokenizer3.hasMoreElements()) {
                                        String nextToken3 = stringTokenizer3.nextToken();
                                        if (nextToken3 != null && !nextToken3.isEmpty()) {
                                            if (str2.trim().equalsIgnoreCase("u")) {
                                                this.userMap.put(nextToken3.trim(), str3.trim());
                                            } else if (str2.trim().equalsIgnoreCase("g")) {
                                                this.groupMap.put(nextToken3.trim(), str3.trim());
                                            }
                                        }
                                    }
                                    break;
                                }
                            default:
                                this.userMap.clear();
                                this.groupMap.clear();
                                break;
                        }
                    }
                }
            }
        }
    }

    static {
        LOCAL_HOSTNAME = "unknown";
        try {
            LOCAL_HOSTNAME = InetAddress.getLocalHost().getCanonicalHostName();
        } catch (UnknownHostException e) {
            LOCAL_HOSTNAME = "unknown";
        }
    }
}
