package com.cloudera.cmf.service.rangerkms;

import com.cloudera.cmf.command.CmdNoopException;
import com.cloudera.cmf.command.CommandPurpose;
import com.cloudera.cmf.command.SvcCmdArgs;
import com.cloudera.cmf.command.flow.CmdWork;
import com.cloudera.cmf.command.flow.CmdWorkCtx;
import com.cloudera.cmf.command.flow.WorkOutput;
import com.cloudera.cmf.command.flow.work.OneOffRoleProcCmdWork;
import com.cloudera.cmf.event.CommandEventCode;
import com.cloudera.cmf.model.ConfigValueProvider;
import com.cloudera.cmf.model.DbCommand;
import com.cloudera.cmf.model.DbProcess;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbRoleConfigGroup;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.model.RoleState;
import com.cloudera.cmf.service.AbstractDaemonRoleHandler;
import com.cloudera.cmf.service.AbstractServiceCmdWorkCommand;
import com.cloudera.cmf.service.CommandUtils;
import com.cloudera.cmf.service.ServiceDataProvider;
import com.cloudera.cmf.service.ServiceHandler;
import com.cloudera.cmf.service.config.AutoTLSPasswordParamSpecEvaluator;
import com.cloudera.cmf.service.config.ParamParseException;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.config.PasswordParamSpec;
import com.cloudera.cmf.service.config.StringParamSpec;
import com.cloudera.cmf.service.csd.components.FirstPartyCsdServiceTypes;
import com.cloudera.cmf.service.upgrade.KeytrusteeKMSACLHelper;
import com.cloudera.cmf.service.upgrade.UpgradeStateFactory;
import com.cloudera.cmf.service.upgrade.UpgradeStateManager;
import com.cloudera.enterprise.MessageWithArgs;
import com.cloudera.enterprise.config.ZipUtil;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/cmf/service/rangerkms/ImportKeytrusteeKmsAclCommand.class */
public class ImportKeytrusteeKmsAclCommand extends AbstractServiceCmdWorkCommand<SvcCmdArgs> {
    private static final Logger LOG = LoggerFactory.getLogger(ImportKeytrusteeKmsAclCommand.class);
    public static final String COMMAND_NAME = "ImportKeytrusteeKmsAcl";
    public static final String PROCESS_NAME = "import-keytrustee-kms-acl";
    protected static final String MSG_KEY_INFIX = "service.rangerkms.import.keytrustee.kms.acl";
    protected static final String MSG_KEY_PREFIX = "message.command.service.rangerkms.import.keytrustee.kms.acl";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/cloudera/cmf/service/rangerkms/ImportKeytrusteeKmsAclCommand$ImportKeytrusteeKmsAclCmdWork.class */
    public static class ImportKeytrusteeKmsAclCmdWork extends OneOffRoleProcCmdWork {
        protected ImportKeytrusteeKmsAclCmdWork(@JsonProperty("roleId") Long l) {
            super(l);
        }

        @Override // com.cloudera.cmf.command.flow.work.OneOffRoleProcCmdWork
        protected void beforeProcessCreation(CmdWorkCtx cmdWorkCtx, DbProcess dbProcess, DbRole dbRole) {
            ServiceDataProvider serviceDataProvider = cmdWorkCtx.getServiceDataProvider();
            UpgradeStateManager upgradeStateManager = serviceDataProvider.getUpgradeHandlerRegistry().getUpgradeStateManager();
            ImportKeytrusteeKmsAclCommand.LOG.info("Setting Ranger KMS related configuration for ACL import command");
            AbstractDaemonRoleHandler abstractDaemonRoleHandler = (AbstractDaemonRoleHandler) serviceDataProvider.getServiceHandlerRegistry().getRoleHandler(dbRole);
            Map<String, Object> prepareConfiguration = abstractDaemonRoleHandler.prepareConfiguration(dbRole);
            ArrayList newArrayList = Lists.newArrayList();
            newArrayList.add(abstractDaemonRoleHandler.generateConfiguration(dbRole, prepareConfiguration));
            newArrayList.add(ZipUtil.toZip(ImmutableMap.of("kms-acls-keytrustee-exported.xml", KeytrusteeKMSACLHelper.getXMLFromUpgradeState(upgradeStateManager.getSession()))));
            byte[] mergeZipBuffers = ZipUtil.mergeZipBuffers(newArrayList);
            Map<String, String> environment = abstractDaemonRoleHandler.getEnvironment(dbRole, prepareConfiguration);
            ParamSpec param = abstractDaemonRoleHandler.getConfigSpec().getParam(FirstPartyCsdServiceTypes.RoleTypes.RANGER_KMS_SERVER_KTS_SSL_ENABLED);
            PasswordParamSpec passwordParamSpec = (PasswordParamSpec) abstractDaemonRoleHandler.getConfigSpec().getParam(FirstPartyCsdServiceTypes.RoleTypes.RANGER_KMS_SERVER_KTS_TRUSTSTORE_PASSWORD);
            StringParamSpec stringParamSpec = (StringParamSpec) abstractDaemonRoleHandler.getConfigSpec().getParam(FirstPartyCsdServiceTypes.RoleTypes.RANGER_KMS_SERVER_KTS_LOG_DIR);
            DbRoleConfigGroup roleConfigGroup = dbRole.getRoleConfigGroup();
            Boolean bool = false;
            String str = CommandUtils.CONFIG_TOP_LEVEL_DIR;
            String overriddenPassword = AutoTLSPasswordParamSpecEvaluator.getOverriddenPassword(passwordParamSpec, prepareConfiguration);
            try {
                bool = (Boolean) param.extract((ConfigValueProvider) roleConfigGroup);
                str = stringParamSpec.extract((ConfigValueProvider) roleConfigGroup);
            } catch (ParamParseException e) {
                e.printStackTrace();
            }
            environment.put("CM_CSD_SCRIPT", "scripts/control.sh");
            environment.put("CURRENT_HOST", dbRole.getHost().getDisplayName());
            environment.put("SERVICE_USER", abstractDaemonRoleHandler.getProcessUser(prepareConfiguration));
            environment.put("SERVICE_GROUP", abstractDaemonRoleHandler.getProcessGroup(prepareConfiguration));
            environment.put("SERVICE_LOG_DIR", str);
            environment.put("SERVICE_ROLE", "RANGER_KMS_SERVER_KTS");
            environment.put("RANGER_KMS_SERVER_HTTPS_ENABLED", String.valueOf(bool));
            environment.put("RANGER_KMS_SERVER_TRUSTSTORE_PASSWORD", overriddenPassword);
            environment.put("KMS_JAVA_OPTS", "${kms_java_opts}");
            environment.put("KEYTRUSTEE_KEYPROVIDER_HOME", "${hadoop_security_key_provider_dir}");
            environment.put("KEYTRUSTEE_KEYPROVIDER_CONF_DIR", "${keytrustee_security_key_provider_conf_dir}");
            dbProcess.setUser(abstractDaemonRoleHandler.getProcessUser(prepareConfiguration));
            dbProcess.setGroup(abstractDaemonRoleHandler.getProcessGroup(prepareConfiguration));
            dbProcess.setArguments(ImmutableList.of("import-keytrustee-policies"));
            dbProcess.setProgram("csd/csd.sh");
            dbProcess.setConfigurationData(mergeZipBuffers);
            dbProcess.setEnvironment(environment);
            dbProcess.setResources(abstractDaemonRoleHandler.makeResources(dbRole, prepareConfiguration));
        }

        @Override // com.cloudera.cmf.command.flow.work.OneOffRoleProcCmdWork
        protected RoleState getRoleStateAfterProcess(WorkOutput workOutput, CmdWorkCtx cmdWorkCtx) {
            return RoleState.RUNNING;
        }

        @Override // com.cloudera.cmf.command.flow.work.OneOffProcCmdWork
        public String getProcessName() {
            return ImportKeytrusteeKmsAclCommand.PROCESS_NAME;
        }

        @Override // com.cloudera.cmf.command.flow.CmdWork
        public MessageWithArgs getDescription(CmdWorkCtx cmdWorkCtx) {
            return MessageWithArgs.of("message.command.service.rangerkms.import.keytrustee.kms.acl.desc", new String[0]);
        }
    }

    public ImportKeytrusteeKmsAclCommand(ServiceHandler serviceHandler, ServiceDataProvider serviceDataProvider) {
        super(serviceDataProvider);
    }

    @Override // com.cloudera.cmf.command.CmdWorkCommand
    public CmdWork constructWork(DbService dbService, SvcCmdArgs svcCmdArgs) throws CmdNoopException {
        UpgradeStateFactory upgradeStateFactory = this.sdp.getUpgradeHandlerRegistry().getUpgradeStateFactory();
        if (upgradeStateFactory.hasAnyUnfinishedUpgradeSession()) {
            upgradeStateFactory.reopenSession(dbService.getCluster().getId());
        }
        if (!KeytrusteeKMSACLHelper.isAvailableForImport(upgradeStateFactory.getSession())) {
            LOG.info("No data to import was found in the saved upgrade state");
            throw new CmdNoopException(MessageWithArgs.of("message.command.service.rangerkms.import.keytrustee.kms.acl.noop", new String[0]));
        }
        DbRole dbRole = (DbRole) Iterables.getFirst(dbService.getRolesWithType("RANGER_KMS_SERVER_KTS"), (Object) null);
        Preconditions.checkNotNull(dbRole, "No roles found with type %s", "RANGER_KMS_SERVER_KTS");
        return new ImportKeytrusteeKmsAclCmdWork(dbRole.getId());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.cloudera.cmf.command.CmdWorkCommand
    public String getMsgKeyInfix() {
        return MSG_KEY_INFIX;
    }

    @Override // com.cloudera.cmf.command.CommandHandler
    public String getName() {
        return COMMAND_NAME;
    }

    @Override // com.cloudera.cmf.command.CommandHandler
    public CommandEventCode getCommandEventCode() {
        return CommandEventCode.EV_IMPORT_KEYSTRUSTEE_KMS_ACL;
    }

    @Override // com.cloudera.cmf.service.AbstractCommandHandler, com.cloudera.cmf.command.CommandHandler
    public CommandPurpose getPurpose() {
        return CommandPurpose.IMPORT_KEYSTRUSTEE_KMS_ACL;
    }

    @Override // com.cloudera.cmf.command.CmdWorkCommand, com.cloudera.cmf.service.AbstractCommandHandler, com.cloudera.cmf.command.CommandHandler
    public DbCommand prepareForRetry(DbCommand dbCommand, boolean z) {
        return simpleRetry(dbCommand, z);
    }

    @Override // com.cloudera.cmf.service.AbstractCommandHandler, com.cloudera.cmf.command.CommandHandler
    public boolean isInternal() {
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.cloudera.cmf.service.AbstractCommandHandler
    public MessageWithArgs checkAvailabilityImpl(DbService dbService) {
        return null;
    }
}
