package org.apache.ranger.services.nifi.client;

import java.io.FileInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.plugin.client.BaseClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/services/nifi/client/NiFiConnectionMgr.class */
public class NiFiConnectionMgr {
    private static final Logger LOG = LoggerFactory.getLogger(NiFiConnectionMgr.class);
    static final String INVALID_URL_MSG = "NiFi URL must be a valid URL of the form http(s)://<hostname>(:<port>)/nifi-api/resources";

    public static NiFiClient getNiFiClient(String str, Map<String, String> map) throws Exception {
        String str2 = map.get(NiFiConfigs.NIFI_URL);
        validateNotBlank(str2, "NiFi URL is required for " + str);
        validateUrl(str2);
        String str3 = map.get(NiFiConfigs.NIFI_AUTHENTICATION_TYPE);
        validateNotBlank(str3, "Authentication Type is required for " + str);
        NiFiAuthType valueOf = NiFiAuthType.valueOf(str3);
        LOG.debug("NiFiAuthType is " + valueOf.name());
        SSLContext sSLContext = null;
        if (valueOf == NiFiAuthType.SSL) {
            if (!str2.startsWith("https")) {
                throw new IllegalArgumentException("Authentication Type of SSL requires an https URL");
            }
            String str4 = map.get(NiFiConfigs.NIFI_SSL_KEYSTORE);
            String str5 = map.get(NiFiConfigs.NIFI_SSL_KEYSTORE_TYPE);
            String str6 = map.get(NiFiConfigs.NIFI_SSL_KEYSTORE_PASSWORD);
            String str7 = map.get(NiFiConfigs.NIFI_SSL_TRUSTSTORE);
            String str8 = map.get(NiFiConfigs.NIFI_SSL_TRUSTSTORE_TYPE);
            String str9 = map.get(NiFiConfigs.NIFI_SSL_TRUSTSTORE_PASSWORD);
            String str10 = map.get(NiFiConfigs.NIFI_SSL_USER_DEFAULT_CONTEXT);
            if (StringUtils.isBlank(str10) || !"true".equalsIgnoreCase(str10)) {
                validateNotBlank(str4, "Keystore is required for " + str + " with Authentication Type of SSL");
                validateNotBlank(str5, "Keystore Type is required for " + str + " with Authentication Type of SSL");
                validateNotBlank(str6, "Keystore Password is required for " + str + " with Authentication Type of SSL");
                validateNotBlank(str7, "Truststore is required for " + str + " with Authentication Type of SSL");
                validateNotBlank(str8, "Truststore Type is required for " + str + " with Authentication Type of SSL");
                validateNotBlank(str9, "Truststore Password is required for " + str + " with Authentication Type of SSL");
                LOG.debug("Creating SSLContext for NiFi connection");
                sSLContext = createSslContext(str4.trim(), str6.trim().toCharArray(), str5.trim(), str7.trim(), str9.trim().toCharArray(), str8.trim(), "TLS");
            } else {
                if (!StringUtils.isBlank(str4) || !StringUtils.isBlank(str5) || !StringUtils.isBlank(str6) || !StringUtils.isBlank(str7) || !StringUtils.isBlank(str8) || !StringUtils.isBlank(str9)) {
                    throw new IllegalArgumentException("Keystore and Truststore configuration cannot be provided when using default SSL context");
                }
                sSLContext = SSLContext.getDefault();
            }
        }
        return new NiFiClient(str2.trim(), sSLContext);
    }

    public static HashMap<String, Object> connectionTest(String str, Map<String, String> map) throws Exception {
        try {
            return getNiFiClient(str, map).connectionTest();
        } catch (Exception e) {
            HashMap<String, Object> hashMap = new HashMap<>();
            BaseClient.generateResponseDataMap(false, "Error creating NiFi client", e.getMessage(), (Long) null, (String) null, hashMap);
            return hashMap;
        }
    }

    private static void validateNotBlank(String str, String str2) {
        if (str == null || str.trim().isEmpty()) {
            throw new IllegalArgumentException(str2);
        }
    }

    private static void validateUrl(String str) {
        try {
            if (new URI(str).getPath().endsWith("nifi-api/resources")) {
            } else {
                throw new IllegalArgumentException(INVALID_URL_MSG);
            }
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException(INVALID_URL_MSG);
        }
    }

    private static SSLContext createSslContext(String str, char[] cArr, String str2, String str3, char[] cArr2, String str4, String str5) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException {
        KeyManagerFactory keyManagerFactory;
        KeyStore keyStore;
        Throwable th;
        KeyStore keyStore2 = KeyStore.getInstance(str2);
        FileInputStream fileInputStream = new FileInputStream(str);
        Throwable th2 = null;
        try {
            try {
                keyStore2.load(fileInputStream, cArr);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore2, cArr);
                keyStore = KeyStore.getInstance(str4);
                fileInputStream = new FileInputStream(str3);
                th = null;
            } finally {
            }
            try {
                try {
                    keyStore.load(fileInputStream, cArr2);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(keyStore);
                    SSLContext sSLContext = SSLContext.getInstance(str5);
                    sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
                    return sSLContext;
                } finally {
                }
            } finally {
            }
        } finally {
        }
    }
}
