package com.cloudera.cmf.service;

import com.cloudera.api.ApiClient;
import com.cloudera.api.model.ApiKerberosInfo;
import com.cloudera.cmf.command.flow.AbstractCmdWork;
import com.cloudera.cmf.command.flow.BasicCmdAction;
import com.cloudera.cmf.command.flow.CmdResultWithActions;
import com.cloudera.cmf.command.flow.CmdWorkCtx;
import com.cloudera.cmf.command.flow.WorkOutput;
import com.cloudera.cmf.command.flow.WorkOutputType;
import com.cloudera.cmf.command.flow.WorkOutputs;
import com.cloudera.cmf.command.inspector.HostInspectorCmdArgs;
import com.cloudera.cmf.command.inspector.InspectorCommand;
import com.cloudera.cmf.inspector.Inspection;
import com.cloudera.cmf.inspector.InspectorOutput;
import com.cloudera.cmf.inspector.InspectorSerialization;
import com.cloudera.cmf.model.DbCluster;
import com.cloudera.cmf.model.DbCmPeer;
import com.cloudera.cmf.model.DbCommand;
import com.cloudera.cmf.model.DbConfigContainerConfigProvider;
import com.cloudera.cmf.model.Enums;
import com.cloudera.cmf.security.components.SslHelper;
import com.cloudera.cmf.service.CmPeerKerberosHelper;
import com.cloudera.cmf.service.scm.ScmHandler;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.enterprise.I18nKey;
import com.cloudera.enterprise.MessageWithArgs;
import com.cloudera.server.web.cmf.AppContext;
import com.cloudera.server.web.common.ExceptionUtil;
import com.cloudera.server.web.common.I18n;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/cmf/service/CmPeerKerberosCheckCmdWork.class */
public class CmPeerKerberosCheckCmdWork extends AbstractCmdWork {
    private static final Logger LOG = LoggerFactory.getLogger(CmPeerKerberosCheckCmdWork.class);
    public static final String CMD_RESULT_KEY = "kerberosCheckResult";

    @VisibleForTesting
    static final String TRUSTED_REALM_MESSAGE_KEY = "message.inspector.etcKrbConf.trustedRealmNotFound";

    @VisibleForTesting
    static final String TRUSTED_DOMAIN_MAPPING_NOT_FOUND_KEY = "message.inspector.etcKrbConf.trustedDomainMappingNotFound";

    @VisibleForTesting
    static final String TRUSTED_DOMAIN_REALM_NOT_FOUND_KEY = "message.inspector.etcKrbConf.trustedDomainRealmNotFound";
    private DbCmPeer peer;
    private WorkOutputType result;

    @VisibleForTesting
    MessageWithArgs resultMessage;
    private Long childCmdId;

    @VisibleForTesting
    ApiKerberosInfo sourceKerberosInfo;

    @VisibleForTesting
    String targetRealm;

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/cloudera/cmf/service/CmPeerKerberosCheckCmdWork$I18nKeys.class */
    public enum I18nKeys implements I18nKey {
        NOT_KERBERIZED_LOCAL("notKerberizedLocal", 0),
        KERBEROS_REALM_EMPTY("kerberosRealmEmpty", 1),
        ENSURE_UNIFIED_KDC("ensureUnifiedKdc", 0),
        CHECK_SUCCESS("checkSuccess", 0),
        INVALID_URL("invalidPeer", 1);

        private static final String TEST_RESULT_MESSAGE_PREFIX = "message.command.cmPeerTest.result.";
        private final String key;
        private final int argc;

        I18nKeys(String str, int i) {
            this.key = TEST_RESULT_MESSAGE_PREFIX + str;
            this.argc = i;
        }

        public String getKey() {
            return this.key;
        }

        public int getNumArgs() {
            return this.argc;
        }
    }

    public CmPeerKerberosCheckCmdWork() {
    }

    public CmPeerKerberosCheckCmdWork(DbCmPeer dbCmPeer) {
        this.peer = dbCmPeer;
    }

    @Override // com.cloudera.cmf.command.flow.CmdWork
    public WorkOutput doWork(CmdWorkCtx cmdWorkCtx) {
        ApiClient apiClient = null;
        try {
            try {
                apiClient = ApiClient.forBdr(this.peer.getUrl(), this.peer.getUsername(), this.peer.getPassword(), (SslHelper) AppContext.getBeanByClass(SslHelper.class));
                WorkOutput doKerberosCheck = doKerberosCheck(apiClient, cmdWorkCtx);
                if (apiClient != null) {
                    apiClient.close();
                }
                return doKerberosCheck;
            } catch (IllegalArgumentException e) {
                WorkOutput of = WorkOutputs.of(WorkOutputType.FAILURE, MessageWithArgs.of(I18nKeys.INVALID_URL, new String[]{this.peer.getName()}));
                if (apiClient != null) {
                    apiClient.close();
                }
                return of;
            }
        } catch (Throwable th) {
            if (apiClient != null) {
                apiClient.close();
            }
            throw th;
        }
    }

    private WorkOutput doKerberosCheck(ApiClient apiClient, CmdWorkCtx cmdWorkCtx) {
        try {
            ApiKerberosInfo kerberosInfo = apiClient.m13getRootV17().mo139getClouderaManagerResource().getKerberosInfo();
            if (checkBothCMKerberized(kerberosInfo, cmdWorkCtx)) {
                this.targetRealm = (String) ScmHandler.getScmConfigValue(ScmParams.SECURITY_REALM, cmdWorkCtx.getCmfEM().getScmConfigProvider());
                this.sourceKerberosInfo = kerberosInfo;
                if (checkDifferentRealmOrKdc(kerberosInfo, cmdWorkCtx)) {
                    return execKerberosInspectionCommand(kerberosInfo, cmdWorkCtx);
                }
            }
            return this.result == null ? WorkOutputs.success(I18nKeys.CHECK_SUCCESS.getKey(), new String[0]) : WorkOutputs.of(this.result, this.resultMessage);
        } catch (RuntimeException e) {
            LOG.error(e.getMessage(), e);
            this.resultMessage = ExceptionUtil.handleClientConnectionException(e, this.peer.getUrl());
            return WorkOutputs.of(WorkOutputType.FAILURE, this.resultMessage);
        }
    }

    @VisibleForTesting
    boolean checkBothCMKerberized(ApiKerberosInfo apiKerberosInfo, CmdWorkCtx cmdWorkCtx) {
        ServiceHandlerRegistry serviceHandlerRegistry = cmdWorkCtx.getServiceDataProvider().getServiceHandlerRegistry();
        boolean z = false;
        Iterator it = cmdWorkCtx.getCmfEM().findAllClusters().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            DbCluster dbCluster = (DbCluster) it.next();
            if (serviceHandlerRegistry.get(dbCluster).requiresCredentials(serviceHandlerRegistry, cmdWorkCtx.getCmfEM(), dbCluster)) {
                z = true;
                break;
            }
        }
        if (z && apiKerberosInfo.isKerberized().booleanValue()) {
            return true;
        }
        if (!apiKerberosInfo.isKerberized().booleanValue()) {
            return false;
        }
        success(I18nKeys.NOT_KERBERIZED_LOCAL, new String[0]);
        return false;
    }

    @VisibleForTesting
    boolean checkTargetCMKerberized(ApiKerberosInfo apiKerberosInfo, CmdWorkCtx cmdWorkCtx) {
        ServiceHandlerRegistry serviceHandlerRegistry = cmdWorkCtx.getServiceDataProvider().getServiceHandlerRegistry();
        boolean z = false;
        Iterator it = cmdWorkCtx.getCmfEM().findAllClusters().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            DbCluster dbCluster = (DbCluster) it.next();
            if (serviceHandlerRegistry.get(dbCluster).requiresCredentials(serviceHandlerRegistry, cmdWorkCtx.getCmfEM(), dbCluster)) {
                z = true;
                break;
            }
        }
        if (z && !apiKerberosInfo.isKerberized().booleanValue()) {
            return true;
        }
        if (!apiKerberosInfo.isKerberized().booleanValue()) {
            return false;
        }
        success(I18nKeys.NOT_KERBERIZED_LOCAL, new String[0]);
        return false;
    }

    @VisibleForTesting
    boolean checkDifferentRealmOrKdc(ApiKerberosInfo apiKerberosInfo, CmdWorkCtx cmdWorkCtx) {
        DbConfigContainerConfigProvider scmConfigProvider = cmdWorkCtx.getCmfEM().getScmConfigProvider();
        String kerberosRealm = apiKerberosInfo.getKerberosRealm();
        if (!StringUtils.isEmpty(kerberosRealm) && !StringUtils.isEmpty(this.targetRealm)) {
            if (!StringUtils.equals(kerberosRealm, this.targetRealm)) {
                return true;
            }
            if (StringUtils.equals((String) ScmHandler.getScmConfigValue(ScmParams.KDC_HOST, scmConfigProvider), apiKerberosInfo.getKdcHost())) {
                return false;
            }
            this.resultMessage = MessageWithArgs.of(I18nKeys.ENSURE_UNIFIED_KDC, new String[0]);
            return true;
        }
        if (StringUtils.isEmpty(kerberosRealm) && StringUtils.isEmpty(this.targetRealm)) {
            success(I18nKeys.KERBEROS_REALM_EMPTY, "Both");
            return false;
        }
        if (StringUtils.isEmpty(this.targetRealm)) {
            success(I18nKeys.KERBEROS_REALM_EMPTY, "Target");
            return false;
        }
        success(I18nKeys.KERBEROS_REALM_EMPTY, "Source");
        return false;
    }

    private WorkOutput execKerberosInspectionCommand(ApiKerberosInfo apiKerberosInfo, CmdWorkCtx cmdWorkCtx) {
        HostInspectorCmdArgs of = HostInspectorCmdArgs.of(null, null, Inspection.Inspections.KERBEROS.name());
        if (!StringUtils.equals(this.targetRealm, apiKerberosInfo.getKerberosRealm())) {
            of.getInspectorInput().trustedRealm = apiKerberosInfo.getKerberosRealm();
            if (apiKerberosInfo.getDomain() != null) {
                of.getInspectorInput().trustedDomains = new HashSet(apiKerberosInfo.getDomain());
            }
        }
        of.getInspectorInput().trustedKdcHost = apiKerberosInfo.getKdcHost();
        DbCommand execGlobalCmd = cmdWorkCtx.execGlobalCmd(InspectorCommand.COMMAND_NAME, of);
        this.childCmdId = execGlobalCmd.getId();
        return WorkOutputs.waitFor(cmdWorkCtx, execGlobalCmd);
    }

    private void success(I18nKey i18nKey, String... strArr) {
        this.resultMessage = MessageWithArgs.of(i18nKey, strArr);
        this.result = WorkOutputType.SUCCESS;
    }

    @Override // com.cloudera.cmf.command.flow.CmdWork
    public MessageWithArgs getDescription(CmdWorkCtx cmdWorkCtx) {
        return MessageWithArgs.of("message.command.cmPeerTest.checkKerberos.name", new String[0]);
    }

    @Override // com.cloudera.cmf.command.flow.CmdWork
    public void onFinish(WorkOutput workOutput, CmdWorkCtx cmdWorkCtx) {
        ArrayList arrayList = new ArrayList();
        List<InspectorOutput> resultData = getResultData(cmdWorkCtx);
        boolean z = false;
        boolean z2 = false;
        if (resultData != null) {
            try {
                for (InspectorOutput inspectorOutput : resultData) {
                    if (CollectionUtils.isNotEmpty(inspectorOutput.etcKrbConfMessages)) {
                        for (MessageWithArgs messageWithArgs : inspectorOutput.etcKrbConfMessages) {
                            if (StringUtils.equals(messageWithArgs.messageId, TRUSTED_REALM_MESSAGE_KEY)) {
                                z = true;
                            } else if (StringUtils.equals(messageWithArgs.messageId, TRUSTED_DOMAIN_MAPPING_NOT_FOUND_KEY)) {
                                z2 = true;
                            } else if (StringUtils.equals(messageWithArgs.messageId, TRUSTED_DOMAIN_REALM_NOT_FOUND_KEY)) {
                                BasicCmdAction basicCmdAction = new BasicCmdAction(I18n.t(messageWithArgs), Enums.MessageType.WARNING);
                                if (!arrayList.contains(basicCmdAction)) {
                                    arrayList.add(basicCmdAction);
                                    if (CollectionUtils.isEmpty(this.sourceKerberosInfo.getDomain())) {
                                        arrayList.add(new BasicCmdAction(I18n.t(CmPeerKerberosHelper.I18nKeys.PEER_DOMAIN_REALM_SAFETY_VALVE, ScmParams.KRB_DOMAIN.getDisplayName(), ScmParams.KRB_OTHER_SAFETY_VALVE.getDisplayName()), Enums.MessageType.WARNING));
                                    }
                                }
                            } else {
                                BasicCmdAction basicCmdAction2 = new BasicCmdAction(I18n.t(messageWithArgs), Enums.MessageType.WARNING);
                                if (!arrayList.contains(basicCmdAction2)) {
                                    arrayList.add(basicCmdAction2);
                                }
                            }
                        }
                    }
                    if (CollectionUtils.isNotEmpty(inspectorOutput.kdcConnectionMessages)) {
                        Iterator it = inspectorOutput.kdcConnectionMessages.iterator();
                        while (it.hasNext()) {
                            BasicCmdAction basicCmdAction3 = new BasicCmdAction(I18n.t((MessageWithArgs) it.next()), Enums.MessageType.ERROR);
                            if (!arrayList.contains(basicCmdAction3)) {
                                arrayList.add(basicCmdAction3);
                            }
                        }
                    }
                }
                if (z || z2) {
                    arrayList.addAll(CmPeerKerberosHelper.generateKerberosCheckResult(this.sourceKerberosInfo, cmdWorkCtx, !z && z2));
                }
            } catch (Exception e) {
                LOG.error(e.getMessage(), e);
            }
        }
        if (this.sourceKerberosInfo != null && this.sourceKerberosInfo.isKerberized().booleanValue() && !z && !z2 && !StringUtils.equals(this.targetRealm, this.sourceKerberosInfo.getKerberosRealm())) {
            arrayList.addAll(CmPeerKerberosHelper.getDfsConfigAction(this.sourceKerberosInfo, cmdWorkCtx, z || z2));
        }
        if (this.resultMessage != null) {
            if (WorkOutputType.FAILURE.equals(this.result)) {
                arrayList.add(new BasicCmdAction(I18n.t(this.resultMessage), Enums.MessageType.ERROR));
            } else {
                arrayList.add(new BasicCmdAction(I18n.t(this.resultMessage), Enums.MessageType.WARNING));
            }
        }
        if (arrayList.isEmpty()) {
            return;
        }
        cmdWorkCtx.setResult(CMD_RESULT_KEY, CmdResultWithActions.toJson(new CmdResultWithActions(arrayList)));
    }

    @VisibleForTesting
    List<InspectorOutput> getResultData(CmdWorkCtx cmdWorkCtx) {
        DbCommand findCommand;
        if (this.childCmdId == null || (findCommand = cmdWorkCtx.getCmfEM().findCommand(this.childCmdId)) == null || !CollectionUtils.isNotEmpty(findCommand.getChildren())) {
            return null;
        }
        ArrayList newArrayList = Lists.newArrayList();
        for (DbCommand dbCommand : findCommand.getChildren()) {
            if (dbCommand.isSuccess()) {
                try {
                    newArrayList.add(InspectorSerialization.INSTANCE.toInspectorOutput(dbCommand.getResultData()));
                } catch (Exception e) {
                    LOG.error("Unexpected error deserializing child output: {}", e.getMessage(), e);
                }
            }
        }
        return newArrayList;
    }
}
