package com.cloudera.cmf.service.mgmt;

import com.cloudera.cmf.cdhclient.util.ThrottlingLogger;
import com.cloudera.cmf.externalAccounts.ExternalAccountParams;
import com.cloudera.cmf.model.ConfigValueProvider;
import com.cloudera.cmf.model.DbConfig;
import com.cloudera.cmf.model.DbExternalAccount;
import com.cloudera.cmf.model.Enums;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.AbstractValidator;
import com.cloudera.cmf.service.SecurityParams;
import com.cloudera.cmf.service.ServiceDataProvider;
import com.cloudera.cmf.service.ServiceHandlerRegistry;
import com.cloudera.cmf.service.Validation;
import com.cloudera.cmf.service.ValidationContext;
import com.cloudera.cmf.service.config.ParamParseException;
import com.cloudera.cmf.service.scm.ScmParamTrackerStore;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.enterprise.MessageWithArgs;
import com.google.common.collect.Lists;
import java.io.IOException;
import java.io.StringReader;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Set;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.util.io.pem.PemReader;
import org.joda.time.Duration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/cmf/service/mgmt/TelemetryPublisherConfigValidator.class */
public class TelemetryPublisherConfigValidator extends AbstractValidator {
    private static final Logger LOG = LoggerFactory.getLogger(TelemetryPublisherConfigValidator.class);
    private static final Logger THROTTLED_LOG = new ThrottlingLogger(LOG, Duration.standardMinutes(15));
    static final String ALTUS_MSG_ERROR = "message.altusDataCollectionValidator.error";
    static final String ALTUS_INVALID_PRIVATE_KEY_ERROR = "message.altusPrivateKeyValidator.error";
    static final String MASTER_TELEMETRY_DISABLED = "message.masterTelemetryDisabled.error";
    static final String HDFS_REDACTION_DISABLED = "message.hdfsRedactionDisabled.error";
    static final String TELEMETRY_REDACTION_DISABLED = "message.telemetryRedactionDisabled.error";
    static final String ALTUS_ACCOUNT_DOES_NOT_EXIST = "message.altusExternalAccountValidator.error";
    private ScmParamTrackerStore spts;

    public TelemetryPublisherConfigValidator(ServiceDataProvider serviceDataProvider) {
        super(false, "telemetry_publisher_config_validator");
        this.spts = serviceDataProvider.getScmParamTrackerStore();
    }

    @Override // com.cloudera.cmf.service.Validator
    public Collection<Validation> validate(ServiceHandlerRegistry serviceHandlerRegistry, ValidationContext validationContext) {
        PemReader pemReader;
        PemReader pemReader2;
        String value;
        if (validationContext.getLevel() != Enums.ConfigScope.ROLE) {
            return Collections.emptyList();
        }
        CmfEntityManager currentCmfEntityManager = CmfEntityManager.currentCmfEntityManager();
        Boolean bool = (Boolean) this.spts.get(ScmParams.ENABLE_MASTER_TELEMETRY);
        Boolean bool2 = (Boolean) this.spts.get(ScmParams.ENABLE_SIGMA_TELEMETRY);
        if (!Boolean.TRUE.equals(bool)) {
            return Collections.singleton(Validation.error(validationContext, MessageWithArgs.of(MASTER_TELEMETRY_DISABLED, new String[0])));
        }
        if (Boolean.TRUE.equals(bool2)) {
            String str = (String) this.spts.get(ScmParams.TELEMETRY_ALTUS_ACCOUNT);
            if (str == null) {
                return Collections.singleton(Validation.error(validationContext, MessageWithArgs.of(ALTUS_MSG_ERROR, new String[0])));
            }
            DbExternalAccount findExternalAccountByName = currentCmfEntityManager.findExternalAccountByName(str);
            if (findExternalAccountByName == null) {
                return Collections.singleton(Validation.error(validationContext, MessageWithArgs.of(ALTUS_ACCOUNT_DOES_NOT_EXIST, new String[]{str})));
            }
            DbConfig config = findExternalAccountByName.getConfig(ExternalAccountParams.ALTUS_PRIVATE_KEY.getTemplateName());
            if (config != null && (value = config.getValue()) != null) {
                pemReader = null;
                try {
                    pemReader = new PemReader(new StringReader(value.replaceAll("\\\\n", "\n")));
                    if (pemReader.readPemObject() == null) {
                        Set singleton = Collections.singleton(Validation.error(validationContext, MessageWithArgs.of(ALTUS_INVALID_PRIVATE_KEY_ERROR, new String[]{str})));
                        IOUtils.closeQuietly(pemReader);
                        return singleton;
                    }
                    IOUtils.closeQuietly(pemReader);
                } catch (IOException e) {
                    THROTTLED_LOG.warn(String.format("Failed to read the private key for Altus account '%s'", str), e);
                } finally {
                    IOUtils.closeQuietly(pemReader);
                }
            }
            return Collections.singleton(Validation.error(validationContext, MessageWithArgs.of(ALTUS_INVALID_PRIVATE_KEY_ERROR, new String[]{str})));
        }
        Boolean bool3 = false;
        ArrayList newArrayList = Lists.newArrayList();
        try {
            bool3 = MgmtParams.TELEMETRYPUBLISHER_LOG_QUERY_REDACTION.extract((ConfigValueProvider) validationContext.getRole());
        } catch (ParamParseException e2) {
            THROTTLED_LOG.warn("Failed to get log and query redaction config setting for Telemetry Publisher.", e2);
        }
        for (ConfigValueProvider configValueProvider : currentCmfEntityManager.findServicesByType("HDFS")) {
            try {
                Boolean extract = SecurityParams.REDACTION_POLICY_ENABLED.extract(configValueProvider);
                if (Boolean.TRUE.equals(pemReader) && Boolean.FALSE.equals(extract)) {
                    newArrayList.add(Validation.error(validationContext, MessageWithArgs.of(HDFS_REDACTION_DISABLED, new String[]{configValueProvider.getCluster().getDisplayName()})));
                }
                pemReader2 = Boolean.FALSE;
                if (pemReader2.equals(pemReader2) && Boolean.TRUE.equals(extract)) {
                    newArrayList.add(Validation.error(validationContext, MessageWithArgs.of(TELEMETRY_REDACTION_DISABLED, new String[]{configValueProvider.getCluster().getDisplayName()})));
                }
            } catch (ParamParseException e3) {
                THROTTLED_LOG.warn("Failed to get HDFS redaction setting.", e3);
            }
        }
        return newArrayList;
    }
}
