package com.cloudera.cmf.service;

import com.cloudera.cmf.CdhVersionUtils;
import com.cloudera.cmf.Environment;
import com.cloudera.cmf.cdhclient.CdhExecutor;
import com.cloudera.cmf.cdhclient.CdhVersion;
import com.cloudera.cmf.cdhclient.HadoopConfiguration;
import com.cloudera.cmf.cdhclient.util.ImpersonatingTaskWrapper;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.security.components.SecurityUtils;
import com.cloudera.cmf.service.config.CommonParamSpecs;
import com.cloudera.cmf.service.config.ConfigChange;
import com.cloudera.cmf.service.config.ConfigUpdateListener;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.config.StringParamSpec;
import com.cloudera.cmf.service.sentry.SentryParams;
import com.cloudera.cmf.version.CdhReleases;
import com.cloudera.cmf.version.Release;
import com.cloudera.server.web.cmf.AppContext;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Objects;
import com.google.common.base.Preconditions;
import com.google.common.base.Throwables;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.RemovalListener;
import com.google.common.cache.RemovalNotification;
import com.google.common.collect.Multimap;
import com.google.common.collect.Sets;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/cmf/service/GenericServiceCdhClient.class */
public class GenericServiceCdhClient {
    private static final String DISABLE_HDFS_CACHE = "fs.hdfs.impl.disable.cache";
    private static final String DISABLE_VIEWFS_CACHE = "fs.viewfs.impl.disable.cache";
    private static final int MAX_CLIENTS = 10;
    private static final int TTL_MINUTES = 10;
    private static final boolean CREATE_REMOTE_USER = false;

    @VisibleForTesting
    final ClientState clientState;
    private final Release serviceVersion;
    private final String serviceType;
    private static final Logger LOG = LoggerFactory.getLogger(GenericServiceCdhClient.class);
    private static final Cache<ClientCacheKey, ClientState> CLIENT_CACHE = CacheBuilder.newBuilder().maximumSize(10).expireAfterAccess(10, TimeUnit.MINUTES).removalListener(new RemovalListener<ClientCacheKey, ClientState>() { // from class: com.cloudera.cmf.service.GenericServiceCdhClient.1
        public void onRemoval(RemovalNotification<ClientCacheKey, ClientState> removalNotification) {
            if (removalNotification == null || removalNotification.getKey() == null || removalNotification.getValue() == null) {
                GenericServiceCdhClient.LOG.warn("Notification: '{}' invalid", new Object[]{removalNotification});
            } else {
                GenericServiceCdhClient.LOG.info("Invalidating client with key '{}' ", new Object[]{removalNotification.getKey()});
                ((ClientState) removalNotification.getValue()).cleanup();
            }
        }
    }).build();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/cloudera/cmf/service/GenericServiceCdhClient$ClientCacheKey.class */
    public static class ClientCacheKey {
        private String service;
        private String roleTypeForCredentials;
        private String principalName;
        private byte[] keytab;

        public ClientCacheKey(DbService dbService, String str, String str2, byte[] bArr) {
            this.service = dbService.getName();
            this.roleTypeForCredentials = str;
            this.principalName = str2;
            this.keytab = bArr != null ? Arrays.copyOf(bArr, Math.min(bArr.length, 32)) : null;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            ClientCacheKey clientCacheKey = (ClientCacheKey) obj;
            return Objects.equal(this.service, clientCacheKey.service) && Objects.equal(this.roleTypeForCredentials, clientCacheKey.roleTypeForCredentials) && Objects.equal(this.principalName, clientCacheKey.principalName) && Arrays.equals(this.keytab, clientCacheKey.keytab);
        }

        public int hashCode() {
            return Objects.hashCode(new Object[]{this.service, this.roleTypeForCredentials, this.principalName}) + (this.keytab != null ? Arrays.hashCode(this.keytab) : 0);
        }

        public String toString() {
            return String.format("service='%s', roleTypeForCredentials='%s', principalName='%s'", this.service, this.roleTypeForCredentials, this.principalName);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/cloudera/cmf/service/GenericServiceCdhClient$ClientState.class */
    public static class ClientState {
        final CdhExecutor executor;
        final String superuser;
        final HadoopConfiguration conf;
        final KerberosCredentials krbCredentials;

        ClientState(CdhExecutor cdhExecutor, String str, HadoopConfiguration hadoopConfiguration, KerberosCredentials kerberosCredentials) {
            this.executor = cdhExecutor;
            this.superuser = str;
            this.conf = hadoopConfiguration;
            this.krbCredentials = kerberosCredentials;
        }

        void cleanup() {
            this.executor.dispose();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/cloudera/cmf/service/GenericServiceCdhClient$KerberosCredentials.class */
    public static class KerberosCredentials {
        public final String principal;
        public final byte[] keytab;

        public KerberosCredentials(String str, byte[] bArr) {
            Preconditions.checkArgument(str != null, "Principal missing");
            Preconditions.checkArgument(bArr != null, "Keytab missing");
            this.principal = str;
            this.keytab = bArr;
        }
    }

    /* loaded from: input_file:com/cloudera/cmf/service/GenericServiceCdhClient$ServiceConfigListener.class */
    public static class ServiceConfigListener implements ConfigUpdateListener {
        @Override // com.cloudera.cmf.service.config.ConfigUpdateListener
        public void onConfigUpdate(CmfEntityManager cmfEntityManager, Multimap<ParamSpec<?>, ConfigChange> multimap) {
            HashSet<DbService> newHashSet = Sets.newHashSet();
            for (ConfigChange configChange : multimap.values()) {
                if (configChange.getService() != null) {
                    newHashSet.add(configChange.getService());
                }
            }
            for (DbService dbService : newHashSet) {
                invalidate(dbService);
                Iterator<DbService> it = DependencyUtils.getDependentServices(cmfEntityManager, (ServiceHandlerRegistry) AppContext.getBeanByClass(ServiceHandlerRegistry.class), dbService, false, false).iterator();
                while (it.hasNext()) {
                    invalidate(it.next());
                }
            }
        }

        private void invalidate(DbService dbService) {
            GenericServiceCdhClient.LOG.debug("Invalidating cached client state for service {}", new Object[]{dbService});
            for (ClientCacheKey clientCacheKey : GenericServiceCdhClient.CLIENT_CACHE.asMap().keySet()) {
                if (clientCacheKey.service.equals(dbService.getName())) {
                    GenericServiceCdhClient.CLIENT_CACHE.invalidate(clientCacheKey);
                }
            }
            GenericServiceCdhClient.CLIENT_CACHE.cleanUp();
        }
    }

    public GenericServiceCdhClient(ServiceDataProvider serviceDataProvider, DbService dbService, String str) {
        this(serviceDataProvider, dbService, str, null, null);
    }

    public GenericServiceCdhClient(ServiceDataProvider serviceDataProvider, DbService dbService, String str, byte[] bArr) {
        this(serviceDataProvider, dbService, null, str, bArr);
    }

    private GenericServiceCdhClient(final ServiceDataProvider serviceDataProvider, final DbService dbService, final String str, final String str2, final byte[] bArr) {
        Preconditions.checkArgument(dbService != null, "service cannot be null");
        Preconditions.checkArgument(dbService.getServiceVersion().atLeast(CdhReleases.CDH4_0_0), "Supports CDH 4 or higher version services only.");
        this.serviceVersion = dbService.getServiceVersion();
        this.serviceType = dbService.getServiceType();
        try {
            this.clientState = (ClientState) CLIENT_CACHE.get(new ClientCacheKey(dbService, str, str2, bArr), new Callable<ClientState>() { // from class: com.cloudera.cmf.service.GenericServiceCdhClient.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public ClientState call() {
                    KerberosCredentials kerberosCredentials = null;
                    if (str2 != null && bArr != null) {
                        kerberosCredentials = new KerberosCredentials(str2, bArr);
                    }
                    GenericServiceCdhClient.LOG.info("New client: service='{}', roleTypeForCredentials='{}', principalName='{}'", new Object[]{dbService.getName(), str, str2});
                    return GenericServiceCdhClient.this.newClient(serviceDataProvider, dbService, str, kerberosCredentials);
                }
            });
            CLIENT_CACHE.cleanUp();
        } catch (ExecutionException e) {
            throw Throwables.propagate(e.getCause() != null ? e.getCause() : e);
        }
    }

    public Future<?> runTask(Runnable runnable) throws IOException {
        return this.clientState.superuser != null ? this.clientState.executor.runTask(new ImpersonatingTaskWrapper(runnable, this.clientState.superuser, false)) : this.clientState.executor.runTask(runnable);
    }

    public <T> Future<T> runTask(Callable<T> callable) throws IOException {
        return this.clientState.superuser != null ? this.clientState.executor.runTask(new ImpersonatingTaskWrapper(callable, this.clientState.superuser, false)) : this.clientState.executor.runTask(callable);
    }

    public HadoopConfiguration getConfig() {
        return this.clientState.conf;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ClientState newClient(ServiceDataProvider serviceDataProvider, DbService dbService, String str, KerberosCredentials kerberosCredentials) {
        HadoopConfiguration hadoopConfiguration;
        CmfEntityManager currentCmfEntityManager = CmfEntityManager.currentCmfEntityManager();
        Preconditions.checkState(currentCmfEntityManager != null, "No open transaction.");
        try {
            ServiceHandler serviceHandler = serviceDataProvider.getServiceHandlerRegistry().get(dbService);
            byte[] bArr = null;
            if (serviceHandler.getClientConfigHandler() != null) {
                bArr = CommandUtils.buildClientConfigBytes(serviceDataProvider, currentCmfEntityManager, dbService);
            }
            if (bArr != null) {
                hadoopConfiguration = new HadoopConfiguration(bArr);
            } else {
                hadoopConfiguration = new HadoopConfiguration();
                if (serviceHandler.requiresCredentials(currentCmfEntityManager, dbService)) {
                    hadoopConfiguration.setProperty("hadoop.security.authentication", SentryParams.SECURITY_MODE_KERBEROS);
                }
            }
            String str2 = null;
            String str3 = null;
            byte[] bArr2 = null;
            KerberosCredentials kerberosCredentials2 = null;
            if (hadoopConfiguration.isSecure()) {
                kerberosCredentials2 = kerberosCredentials == null ? getKerberosCredentials(serviceDataProvider, currentCmfEntityManager, dbService, str) : kerberosCredentials;
                str3 = kerberosCredentials2.principal;
                bArr2 = kerberosCredentials2.keytab;
            } else {
                StringParamSpec stringParamSpec = (StringParamSpec) serviceHandler.getConfigSpec().getParam(CommonParamSpecs.DEFAULT_PROCESS_USER_TEMPLATE_NAME);
                Preconditions.checkState(stringParamSpec != null, "Could not find user param spec for service " + dbService.getName());
                str2 = stringParamSpec.extractFromStringMap(dbService.getServiceConfigsMap(), dbService.getServiceVersion());
                hadoopConfiguration.addProperty(DISABLE_HDFS_CACHE, "true");
                hadoopConfiguration.addProperty(DISABLE_VIEWFS_CACHE, "true");
            }
            CdhVersion cdhClientVersionForService = CdhVersionUtils.getCdhClientVersionForService(this.serviceType, this.serviceVersion);
            hadoopConfiguration.addProperty("cloudera.cdhclient.keytab.dir.location", Environment.getRunKeytabDir());
            return new ClientState(serviceDataProvider.getCdhExecutorFactory().createExecutor(cdhClientVersionForService, hadoopConfiguration, str3, bArr2, 1), str2, hadoopConfiguration, kerberosCredentials2);
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }

    @VisibleForTesting
    static KerberosCredentials getKerberosCredentials(ServiceDataProvider serviceDataProvider, CmfEntityManager cmfEntityManager, DbService dbService, String str) {
        Preconditions.checkArgument(str != null, "Role type for kerberos credentials not provided.");
        Set rolesWithType = dbService.getRolesWithType(str);
        Preconditions.checkState(rolesWithType.size() > 0, "No roles found for specified role type " + str);
        String str2 = null;
        byte[] bArr = null;
        Iterator it = rolesWithType.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            DbRole dbRole = (DbRole) it.next();
            bArr = dbRole.getMergedKeytab();
            if (bArr != null) {
                str2 = ((SecurityUtils) AppContext.getBeanByClass(SecurityUtils.class)).getRolePrincipal(serviceDataProvider, cmfEntityManager, dbRole);
                Preconditions.checkNotNull(str2, "Cannot find principal for role '%s'.", dbRole.getName());
                break;
            }
        }
        Preconditions.checkState(bArr != null, "Cannot find keytab for secure service in roles of type '%s'.", str);
        return new KerberosCredentials(str2, bArr);
    }

    @VisibleForTesting
    public static void clearCache() {
        CLIENT_CACHE.invalidateAll();
    }

    @VisibleForTesting
    static Cache<ClientCacheKey, ClientState> getClientCache() {
        return CLIENT_CACHE;
    }

    @VisibleForTesting
    static int getMaxClients() {
        return 10;
    }
}
