package org.apache.atlas.security;

import com.hortonworks.spark.atlas.shade.com.sun.jersey.api.client.config.DefaultClientConfig;
import com.hortonworks.spark.atlas.shade.com.sun.jersey.client.urlconnection.HttpURLConnectionFactory;
import com.hortonworks.spark.atlas.shade.com.sun.jersey.client.urlconnection.URLConnectionClientHandler;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.security.GeneralSecurityException;
import java.security.PrivilegedExceptionAction;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSocketFactory;
import org.apache.atlas.AtlasException;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.client.ConnectionConfigurator;
import org.apache.hadoop.security.ssl.SSLFactory;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator;
import org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/atlas/security/SecureClientUtils.class */
public class SecureClientUtils {
    public static final int DEFAULT_SOCKET_TIMEOUT_IN_MSECS = 60000;
    private static final Logger LOG;
    private SSLFactory factory = null;
    private static final ConnectionConfigurator DEFAULT_TIMEOUT_CONN_CONFIGURATOR;
    static final /* synthetic */ boolean $assertionsDisabled;

    public URLConnectionClientHandler getClientConnectionHandler(DefaultClientConfig defaultClientConfig, Configuration configuration, String str, UserGroupInformation userGroupInformation) {
        UserGroupInformation currentUser;
        defaultClientConfig.getProperties().put(URLConnectionClientHandler.PROPERTY_HTTP_URL_CONNECTION_SET_METHOD_WORKAROUND, true);
        org.apache.hadoop.conf.Configuration configuration2 = new org.apache.hadoop.conf.Configuration();
        configuration2.addResource(configuration2.get("hadoop.ssl.client.conf", SecurityProperties.SSL_CLIENT_PROPERTIES));
        UserGroupInformation.setConfiguration(configuration2);
        final ConnectionConfigurator newConnConfigurator = newConnConfigurator(configuration2);
        DelegationTokenAuthenticator kerberosDelegationTokenAuthenticator = new KerberosDelegationTokenAuthenticator();
        kerberosDelegationTokenAuthenticator.setConnectionConfigurator(newConnConfigurator);
        final DelegationTokenAuthenticator delegationTokenAuthenticator = kerberosDelegationTokenAuthenticator;
        final DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token();
        HttpURLConnectionFactory httpURLConnectionFactory = null;
        if (userGroupInformation != null) {
            currentUser = userGroupInformation;
        } else {
            try {
                currentUser = UserGroupInformation.getCurrentUser();
            } catch (IOException e) {
                LOG.warn("Error obtaining user", e);
            }
        }
        UserGroupInformation userGroupInformation2 = currentUser;
        final UserGroupInformation realUser = userGroupInformation2.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY ? userGroupInformation2.getRealUser() : userGroupInformation2;
        LOG.info("Real User: {}, is from ticket cache? {}", realUser, Boolean.valueOf(UserGroupInformation.isLoginTicketBased()));
        if (StringUtils.isEmpty(str) || StringUtils.equals(str, realUser.getShortUserName())) {
            str = null;
        }
        LOG.info("doAsUser: {}", str);
        final String str2 = str;
        httpURLConnectionFactory = new HttpURLConnectionFactory() { // from class: org.apache.atlas.security.SecureClientUtils.1
            @Override // com.hortonworks.spark.atlas.shade.com.sun.jersey.client.urlconnection.HttpURLConnectionFactory
            public HttpURLConnection getHttpURLConnection(final URL url) throws IOException {
                try {
                    return (HttpURLConnection) realUser.doAs(new PrivilegedExceptionAction<HttpURLConnection>() { // from class: org.apache.atlas.security.SecureClientUtils.1.1
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedExceptionAction
                        public HttpURLConnection run() throws Exception {
                            try {
                                return new DelegationTokenAuthenticatedURL(delegationTokenAuthenticator, newConnConfigurator).openConnection(url, token, str2);
                            } catch (Exception e2) {
                                throw new IOException(e2);
                            }
                        }
                    });
                } catch (Exception e2) {
                    if (e2 instanceof IOException) {
                        throw ((IOException) e2);
                    }
                    throw new IOException(e2);
                }
            }
        };
        return new URLConnectionClientHandler(httpURLConnectionFactory);
    }

    private ConnectionConfigurator newConnConfigurator(org.apache.hadoop.conf.Configuration configuration) {
        try {
            return newSslConnConfigurator(DEFAULT_SOCKET_TIMEOUT_IN_MSECS, configuration);
        } catch (Exception e) {
            LOG.debug("Cannot load customized ssl related configuration. Fallback to system-generic settings.", e);
            return DEFAULT_TIMEOUT_CONN_CONFIGURATOR;
        }
    }

    private ConnectionConfigurator newSslConnConfigurator(final int i, org.apache.hadoop.conf.Configuration configuration) throws IOException, GeneralSecurityException {
        this.factory = getSSLFactory(configuration);
        final SSLSocketFactory createSSLSocketFactory = this.factory.createSSLSocketFactory();
        final HostnameVerifier hostnameVerifier = this.factory.getHostnameVerifier();
        return new ConnectionConfigurator() { // from class: org.apache.atlas.security.SecureClientUtils.3
            public HttpURLConnection configure(HttpURLConnection httpURLConnection) throws IOException {
                if (httpURLConnection instanceof HttpsURLConnection) {
                    HttpsURLConnection httpsURLConnection = (HttpsURLConnection) httpURLConnection;
                    httpsURLConnection.setSSLSocketFactory(createSSLSocketFactory);
                    httpsURLConnection.setHostnameVerifier(hostnameVerifier);
                }
                SecureClientUtils.setTimeouts(httpURLConnection, i);
                return httpURLConnection;
            }
        };
    }

    public SSLFactory getSSLFactory(org.apache.hadoop.conf.Configuration configuration) throws IOException, GeneralSecurityException {
        if (this.factory == null) {
            this.factory = new SSLFactory(SSLFactory.Mode.CLIENT, configuration);
            this.factory.init();
        }
        return this.factory;
    }

    public void destroyFactory() {
        if (this.factory != null) {
            this.factory.destroy();
            this.factory = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void setTimeouts(URLConnection uRLConnection, int i) {
        uRLConnection.setConnectTimeout(i);
        uRLConnection.setReadTimeout(i);
    }

    private static File getSSLClientFile(String str) throws AtlasException {
        File file;
        try {
            if (str == null) {
                String str2 = null;
                URL resource = SecureClientUtils.class.getResource("/");
                if (resource != null) {
                    str2 = resource.toURI().getPath();
                }
                if (!$assertionsDisabled && str2 == null) {
                    throw new AssertionError();
                }
                file = new File(str2);
            } else {
                file = new File(str);
            }
            LOG.info("ssl-client.xml will be created in {}", file);
            return new File(file, SecurityProperties.SSL_CLIENT_PROPERTIES);
        } catch (Exception e) {
            throw new AtlasException("Failed to find client configuration directory", e);
        }
    }

    public static void persistSSLClientConfiguration(Configuration configuration, String str) throws AtlasException, IOException {
        org.apache.hadoop.conf.Configuration configuration2 = new org.apache.hadoop.conf.Configuration(false);
        File sSLClientFile = getSSLClientFile(str);
        if (sSLClientFile.exists()) {
            return;
        }
        configuration2.set("ssl.client.truststore.type", "jks");
        configuration2.set("ssl.client.truststore.location", configuration.getString(SecurityProperties.TRUSTSTORE_FILE_KEY));
        if (configuration.getBoolean(SecurityProperties.CLIENT_AUTH_KEY, false)) {
            configuration2.set("ssl.client.keystore.location", configuration.getString(SecurityProperties.KEYSTORE_FILE_KEY));
            configuration2.set("ssl.client.keystore.type", "jks");
        }
        configuration2.set(SecurityProperties.HADOOP_SECURITY_CREDENTIAL_PROVIDER_PATH, configuration.getString(SecurityProperties.CERT_STORES_CREDENTIAL_PROVIDER_PATH));
        String string = configuration.getString("hadoop.ssl.hostname.verifier");
        if (string != null) {
            configuration2.set("hadoop.ssl.hostname.verifier", string);
        }
        configuration2.writeXml(new FileWriter(sSLClientFile));
    }

    public URLConnectionClientHandler getUrlConnectionClientHandler() {
        return new URLConnectionClientHandler(new HttpURLConnectionFactory() { // from class: org.apache.atlas.security.SecureClientUtils.4
            @Override // com.hortonworks.spark.atlas.shade.com.sun.jersey.client.urlconnection.HttpURLConnectionFactory
            public HttpURLConnection getHttpURLConnection(URL url) throws IOException {
                HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
                if (httpURLConnection instanceof HttpsURLConnection) {
                    SecureClientUtils.LOG.debug("Attempting to configure HTTPS connection using client configuration");
                    try {
                        org.apache.hadoop.conf.Configuration configuration = new org.apache.hadoop.conf.Configuration();
                        configuration.addResource(configuration.get("hadoop.ssl.client.conf", SecurityProperties.SSL_CLIENT_PROPERTIES));
                        UserGroupInformation.setConfiguration(configuration);
                        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) httpURLConnection;
                        SSLFactory sSLFactory = SecureClientUtils.this.getSSLFactory(configuration);
                        SSLSocketFactory createSSLSocketFactory = sSLFactory.createSSLSocketFactory();
                        HostnameVerifier hostnameVerifier = sSLFactory.getHostnameVerifier();
                        httpsURLConnection.setSSLSocketFactory(createSSLSocketFactory);
                        httpsURLConnection.setHostnameVerifier(hostnameVerifier);
                    } catch (Exception e) {
                        SecureClientUtils.LOG.info("Unable to configure HTTPS connection from configuration.  Leveraging JDK properties.");
                    }
                }
                return httpURLConnection;
            }
        });
    }

    static {
        $assertionsDisabled = !SecureClientUtils.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger(SecureClientUtils.class);
        DEFAULT_TIMEOUT_CONN_CONFIGURATOR = new ConnectionConfigurator() { // from class: org.apache.atlas.security.SecureClientUtils.2
            public HttpURLConnection configure(HttpURLConnection httpURLConnection) throws IOException {
                SecureClientUtils.setTimeouts(httpURLConnection, SecureClientUtils.DEFAULT_SOCKET_TIMEOUT_IN_MSECS);
                return httpURLConnection;
            }
        };
    }
}
