package com.cloudera.cmf.service;

import com.cloudera.api.model.ApiKerberosInfo;
import com.cloudera.cmf.command.flow.BasicCmdAction;
import com.cloudera.cmf.command.flow.CmdAction;
import com.cloudera.cmf.command.flow.CmdWorkCtx;
import com.cloudera.cmf.command.flow.ConfigCmdAction;
import com.cloudera.cmf.model.ConfigValueProvider;
import com.cloudera.cmf.model.DbCluster;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.model.Enums;
import com.cloudera.cmf.service.ClusterConfigFileDefinitions;
import com.cloudera.cmf.service.config.ConfigEvaluationContext;
import com.cloudera.cmf.service.config.KerberosDomainRealmEvaluationPredicate;
import com.cloudera.cmf.service.config.KerberosDomainRealmEvaluator;
import com.cloudera.cmf.service.config.KerberosRealmsEvaluator;
import com.cloudera.cmf.service.config.KerberosTrustedRealms;
import com.cloudera.cmf.service.config.KrbConfigFileGenerator;
import com.cloudera.cmf.service.config.ParamParseException;
import com.cloudera.cmf.service.hdfs.HdfsParams;
import com.cloudera.cmf.service.scm.ScmHandler;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.enterprise.I18nKey;
import com.cloudera.server.cmf.cluster.ClusterUtils;
import com.cloudera.server.web.common.I18n;
import com.google.common.annotations.VisibleForTesting;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.python.google.common.collect.Lists;
import org.python.google.common.collect.Maps;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/cmf/service/CmPeerKerberosHelper.class */
public class CmPeerKerberosHelper {
    private static final Logger LOG = LoggerFactory.getLogger(CmPeerKerberosHelper.class);
    private static final String NEW_LINE_SEP = "\n";

    @VisibleForTesting
    /* loaded from: input_file:com/cloudera/cmf/service/CmPeerKerberosHelper$I18nKeys.class */
    public enum I18nKeys implements I18nKey {
        STOP_MESSAGE("stopMessage", 0),
        DEPLOY_KRB_MESSAGE("deployKrbMessage", 0),
        DEPLOY_MESSAGE("deployMessage", 0),
        RE_DEPLOY_MESSAGE("redeployMessage", 0),
        START_MESSAGE("startMessage", 0),
        KRB_CONF("krbConf", 2),
        KRB_CONF_DOMAIN_REALM("krbConfDomainRealm", 1),
        DOMAIN_REALM_SAFETY_VALVE("domainRealmSafetyValve", 2),
        PEER_DOMAIN_REALM_SAFETY_VALVE("peerDomainRealmSafetyValve", 2);

        private final String suffix;
        private final int argc;

        I18nKeys(String str, int i) {
            this.suffix = str;
            this.argc = i;
        }

        public String getKey() {
            return "message.command.cmPeerTest.label." + this.suffix;
        }

        public int getNumArgs() {
            return this.argc;
        }
    }

    public static List<CmdAction> generateKerberosCheckResult(ApiKerberosInfo apiKerberosInfo, CmdWorkCtx cmdWorkCtx, boolean z) {
        ArrayList newArrayList = Lists.newArrayList();
        List<CmdAction> dfsConfigAction = getDfsConfigAction(apiKerberosInfo, cmdWorkCtx, true);
        boolean z2 = false;
        if (dfsConfigAction != null && dfsConfigAction.size() > 0) {
            z2 = true;
            newArrayList.addAll(dfsConfigAction);
        }
        List<CmdAction> cMConfigAction = getCMConfigAction(apiKerberosInfo, cmdWorkCtx);
        if (cMConfigAction != null) {
            newArrayList.addAll(cMConfigAction);
        }
        newArrayList.add(new BasicCmdAction(I18n.t(I18nKeys.STOP_MESSAGE), Enums.MessageType.ACTION));
        newArrayList.add(getKrbConfAction(apiKerberosInfo, cmdWorkCtx, z));
        if (z2) {
            newArrayList.add(new BasicCmdAction(I18n.t(I18nKeys.DEPLOY_MESSAGE), Enums.MessageType.ACTION));
        }
        newArrayList.add(new BasicCmdAction(I18n.t(I18nKeys.START_MESSAGE), Enums.MessageType.ACTION));
        return newArrayList;
    }

    @VisibleForTesting
    static CmdAction getKrbConfAction(ApiKerberosInfo apiKerberosInfo, CmdWorkCtx cmdWorkCtx, boolean z) {
        Boolean bool = (Boolean) ScmHandler.getScmConfigValue(ScmParams.KRB_MANAGE_KRB5_CONF, cmdWorkCtx.getCmfEM().getScmConfigProvider());
        return (bool == null || !bool.booleanValue()) ? z ? new BasicCmdAction(I18n.t(I18nKeys.KRB_CONF_DOMAIN_REALM, generateKrbDomainMessage(apiKerberosInfo)), Enums.MessageType.ACTION) : new BasicCmdAction(I18n.t(I18nKeys.KRB_CONF, generateKrbRealmMessage(apiKerberosInfo), generateKrbDomainMessage(apiKerberosInfo)), Enums.MessageType.ACTION) : new BasicCmdAction(I18n.t(I18nKeys.DEPLOY_KRB_MESSAGE), Enums.MessageType.ACTION);
    }

    private static String generateKrbRealmMessage(ApiKerberosInfo apiKerberosInfo) {
        StringBuilder sb = new StringBuilder();
        sb.append(NEW_LINE_SEP);
        ArrayList newArrayList = Lists.newArrayList();
        KerberosRealmsEvaluator.addRealm(apiKerberosInfo.getKerberosRealm(), apiKerberosInfo.getKdcHost(), apiKerberosInfo.getAdminHost(), apiKerberosInfo.getDomain(), newArrayList, null);
        KrbConfigFileGenerator.extractConfig(ClusterConfigFileDefinitions.Sections.REALMS.getSectionName(), newArrayList, false, sb);
        return sb.toString();
    }

    private static String generateKrbDomainMessage(ApiKerberosInfo apiKerberosInfo) {
        StringBuilder sb = new StringBuilder();
        sb.append(NEW_LINE_SEP);
        ArrayList newArrayList = Lists.newArrayList();
        KerberosDomainRealmEvaluator.addRealm(apiKerberosInfo.getDomain(), apiKerberosInfo.getKerberosRealm(), newArrayList);
        KrbConfigFileGenerator.extractConfig(ClusterConfigFileDefinitions.Sections.DOMAIN_REALM.getSectionName(), newArrayList, false, sb);
        return sb.toString();
    }

    public static List<CmdAction> getDfsConfigAction(ApiKerberosInfo apiKerberosInfo, CmdWorkCtx cmdWorkCtx, boolean z) {
        ArrayList newArrayList = Lists.newArrayList();
        if (apiKerberosInfo == null || !apiKerberosInfo.isKerberized().booleanValue()) {
            return newArrayList;
        }
        List findAllClusters = cmdWorkCtx.getCmfEM().findAllClusters();
        if (findAllClusters != null) {
            Iterator it = findAllClusters.iterator();
            while (it.hasNext()) {
                List<DbService> listDfsServices = ClusterUtils.listDfsServices(cmdWorkCtx.getCmfEM(), ((DbCluster) it.next()).getName(), cmdWorkCtx.getServiceDataProvider().getServiceHandlerRegistry());
                if (listDfsServices != null) {
                    Iterator<DbService> it2 = listDfsServices.iterator();
                    while (it2.hasNext()) {
                        ConfigValueProvider configValueProvider = (DbService) it2.next();
                        try {
                            List<String> extract = HdfsParams.TRUSTED_REALMS.extract(configValueProvider);
                            if (extract == null || !extract.contains(apiKerberosInfo.getKerberosRealm())) {
                                ArrayList newArrayList2 = Lists.newArrayList();
                                if (extract != null) {
                                    newArrayList2.addAll(extract);
                                }
                                newArrayList2.add(apiKerberosInfo.getKerberosRealm());
                                newArrayList.add(new ConfigCmdAction(Enums.ConfigScope.SERVICE, configValueProvider.getId() + CommandUtils.CONFIG_TOP_LEVEL_DIR, HdfsParams.TRUSTED_REALMS.getTemplateName(), HdfsParams.TRUSTED_REALMS.toConfigFileString((List<String>) newArrayList2), null));
                            } else {
                                LOG.info("Dfs {} already contains source realm {}", configValueProvider.getName(), apiKerberosInfo.getKerberosRealm());
                            }
                        } catch (ParamParseException e) {
                            LOG.error(e.getMessage(), e);
                        }
                    }
                }
            }
        }
        if (!newArrayList.isEmpty() && !z) {
            newArrayList.add(new BasicCmdAction(I18n.t(I18nKeys.RE_DEPLOY_MESSAGE), Enums.MessageType.ACTION));
        }
        return newArrayList;
    }

    @VisibleForTesting
    static List<CmdAction> getCMConfigAction(ApiKerberosInfo apiKerberosInfo, CmdWorkCtx cmdWorkCtx) {
        ArrayList newArrayList = Lists.newArrayList();
        Boolean bool = (Boolean) ScmHandler.getScmConfigValue(ScmParams.KRB_MANAGE_KRB5_CONF, cmdWorkCtx.getCmfEM().getScmConfigProvider());
        if (bool == null || !bool.booleanValue()) {
            return newArrayList;
        }
        List<KerberosTrustedRealms> fromJson = KerberosTrustedRealms.fromJson((String) ScmHandler.getScmConfigValue(ScmParams.KERBEROS_TRUSTED_REALMS, cmdWorkCtx.getCmfEM().getScmConfigProvider()));
        KerberosTrustedRealms kerberosTrustedRealms = new KerberosTrustedRealms(apiKerberosInfo.getKerberosRealm(), apiKerberosInfo.getKdcHost(), apiKerberosInfo.getAdminHost(), KerberosTrustedRealms.toCommaDelimited(apiKerberosInfo.getDomain()));
        HashMap newHashMap = Maps.newHashMap();
        if (fromJson != null) {
            for (KerberosTrustedRealms kerberosTrustedRealms2 : fromJson) {
                newHashMap.put(kerberosTrustedRealms2.getRealm(), kerberosTrustedRealms2);
            }
        }
        if (fromJson == null || !newHashMap.containsKey(kerberosTrustedRealms.getRealm())) {
            ArrayList newArrayList2 = Lists.newArrayList();
            if (fromJson != null) {
                newArrayList2.addAll(fromJson);
            }
            newArrayList2.add(kerberosTrustedRealms);
            newArrayList.add(new ConfigCmdAction(Enums.ConfigScope.CLUSTER, null, ScmParams.KERBEROS_TRUSTED_REALMS.getTemplateName(), KerberosTrustedRealms.toJson(newArrayList2), null));
        } else if (newHashMap.containsKey(kerberosTrustedRealms.getRealm())) {
            KerberosTrustedRealms kerberosTrustedRealms3 = (KerberosTrustedRealms) newHashMap.get(kerberosTrustedRealms.getRealm());
            if (StringUtils.isEmpty(kerberosTrustedRealms3.getDomain()) && !StringUtils.isEmpty(kerberosTrustedRealms.getDomain())) {
                ArrayList newArrayList3 = Lists.newArrayList();
                newArrayList3.addAll(fromJson);
                newArrayList3.remove(kerberosTrustedRealms3);
                newArrayList3.add(kerberosTrustedRealms);
                newArrayList.add(new ConfigCmdAction(Enums.ConfigScope.CLUSTER, null, ScmParams.KERBEROS_TRUSTED_REALMS.getTemplateName(), KerberosTrustedRealms.toJson(newArrayList3), null));
            }
        }
        try {
            if (!new KerberosDomainRealmEvaluationPredicate(ScmParams.KRB_OTHER_SAFETY_VALVE, ClusterConfigFileDefinitions.Sections.DOMAIN_REALM.getSectionName()).checkCondition(ConfigEvaluationContext.of(cmdWorkCtx.getServiceDataProvider()))) {
                newArrayList.add(new BasicCmdAction(I18n.t(I18nKeys.DOMAIN_REALM_SAFETY_VALVE, ScmParams.KRB_DOMAIN.getDisplayName(), ScmParams.KRB_OTHER_SAFETY_VALVE.getDisplayName()), Enums.MessageType.WARNING));
            }
        } catch (Exception e) {
            LOG.error("Unable to evaluate whether domain_realm section should be generated", e);
        }
        return newArrayList;
    }
}
