package com.cloudera.cmf.service.config;

import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.service.RoleHandler;
import com.cloudera.cmf.service.ServiceDataProvider;
import com.cloudera.cmf.service.mgmt.BaseMgmtRoleHandler;
import com.cloudera.enterprise.crypto.EncryptUtil;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:com/cloudera/cmf/service/config/EncryptedMgmtConfigEvaluator.class */
public class EncryptedMgmtConfigEvaluator extends AbstractConfigEvaluator implements ConfigEvaluator {
    AbstractConfigEvaluator configEvaluator;

    public EncryptedMgmtConfigEvaluator(AbstractConfigEvaluator abstractConfigEvaluator) {
        super(null, null);
        Preconditions.checkNotNull(abstractConfigEvaluator);
        this.configEvaluator = abstractConfigEvaluator;
    }

    @Override // com.cloudera.cmf.service.config.AbstractConfigEvaluator
    public List<EvaluatedConfig> evaluateConfig(ServiceDataProvider serviceDataProvider, DbService dbService, DbRole dbRole, RoleHandler roleHandler, Map<String, Object> map, String str) throws ConfigGenException {
        return evaluateConfig(ConfigEvaluationContext.of(serviceDataProvider, dbService, dbRole, roleHandler, map));
    }

    @Override // com.cloudera.cmf.service.config.AbstractConfigEvaluator, com.cloudera.cmf.service.config.GenericConfigEvaluator
    public List<EvaluatedConfig> evaluateConfig(ConfigEvaluationContext configEvaluationContext) throws ConfigGenException {
        Preconditions.checkState(configEvaluationContext.getRh() instanceof BaseMgmtRoleHandler, "The EncryptedMgmtConfigEvaluator can only be use for Mgmt role Handlers");
        BaseMgmtRoleHandler baseMgmtRoleHandler = (BaseMgmtRoleHandler) configEvaluationContext.getRh();
        List<EvaluatedConfig> evaluateConfig = this.configEvaluator.evaluateConfig(configEvaluationContext);
        String jceksPassword = baseMgmtRoleHandler.getJceksPassword(configEvaluationContext.getConfigs());
        if (jceksPassword == null || jceksPassword.isEmpty()) {
            return evaluateConfig;
        }
        ImmutableList.Builder builder = ImmutableList.builder();
        char[] charArray = jceksPassword.toCharArray();
        char[] cArr = null;
        try {
            try {
                for (EvaluatedConfig evaluatedConfig : evaluateConfig) {
                    String value = evaluatedConfig.getValue();
                    if (value == null || value.isEmpty()) {
                        builder.add(evaluatedConfig);
                    } else {
                        String str = configEvaluationContext.getRole().getName() + evaluatedConfig.getName();
                        cArr = value.toCharArray();
                        builder.add(evaluatedConfig.newEncryptedConfig(EncryptUtil.encrypt(charArray, str, cArr)));
                    }
                }
                return builder.build();
            } catch (Exception e) {
                throw new ConfigGenException("Problem encrypting sensitive parameters", e);
            }
        } finally {
            EncryptUtil.cleanse(charArray);
            if (cArr != null) {
                EncryptUtil.cleanse(cArr);
            }
        }
    }
}
