package com.cloudera.cmf.security;

import com.cloudera.api.dao.impl.RedirectLinkGenerator;
import com.cloudera.cmf.CommandRunner;
import com.cloudera.cmf.Environment;
import com.cloudera.cmf.ProductState;
import com.cloudera.cmf.command.CmdArgs;
import com.cloudera.cmf.command.CommandHelpers;
import com.cloudera.cmf.command.GlobalCommandHandler;
import com.cloudera.cmf.event.CommandEventCode;
import com.cloudera.cmf.model.DbCommand;
import com.cloudera.cmf.model.DbCredential;
import com.cloudera.cmf.model.DbNull;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.security.components.SecurityUtils;
import com.cloudera.cmf.service.AbstractCommandHandler;
import com.cloudera.cmf.service.CommandException;
import com.cloudera.cmf.service.CommandUtils;
import com.cloudera.cmf.service.ServiceDataProvider;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.server.cmf.OperationsManager;
import com.cloudera.server.web.cmf.AppContext;
import com.cloudera.server.web.common.I18n;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.collect.Maps;
import com.google.common.io.Files;
import com.google.common.util.concurrent.ThreadFactoryBuilder;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.concurrent.Callable;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import org.apache.commons.codec.binary.Base64;
import org.cloudera.log4j.redactor.StringRedactor;

/* loaded from: input_file:com/cloudera/cmf/security/ImportCredentialsCommand.class */
public class ImportCredentialsCommand extends AbstractCommandHandler<DbNull, CmdArgs> implements GlobalCommandHandler<CmdArgs> {
    public static final String COMMAND_NAME = "ImportCredentials";
    static final String MSG_PREFIX = "message.command.importCredentials";
    private static final String KEYGEN_FILE_NAME = "import_credentials.sh";
    private static final String KEYGEN_FILE_NAME_IPA = "import_credentials_ipa.sh";
    private File KEYGEN_FILE;
    final CommandHelpers.AsynchronousCommandResultProcessor<ImportCredentialsResult> RESULT_PROCESSOR;
    private final ConcurrentMap<Long, Future<ImportCredentialsResult>> runningCommands;
    private final ExecutorService execService;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/cloudera/cmf/security/ImportCredentialsCommand$ImportCredentialsResult.class */
    public static class ImportCredentialsResult {
        String username;
        byte[] credentials;
        boolean isAdmin;
        boolean useSimpleAuthWithAD;

        ImportCredentialsResult() {
        }
    }

    public ImportCredentialsCommand(ServiceDataProvider serviceDataProvider) {
        super(serviceDataProvider);
        this.KEYGEN_FILE = null;
        this.RESULT_PROCESSOR = new CommandHelpers.AsynchronousCommandResultProcessor<ImportCredentialsResult>() { // from class: com.cloudera.cmf.security.ImportCredentialsCommand.1
            @Override // com.cloudera.cmf.command.CommandHelpers.AsynchronousCommandResultProcessor
            public void processResult(CmfEntityManager cmfEntityManager, ImportCredentialsResult importCredentialsResult) {
                OperationsManager operationsManager = ImportCredentialsCommand.this.sdp.getOperationsManager();
                if (!importCredentialsResult.isAdmin) {
                    DbCredential findCredentialByPrincipal = cmfEntityManager.findCredentialByPrincipal(importCredentialsResult.username);
                    if (findCredentialByPrincipal == null) {
                        findCredentialByPrincipal = new DbCredential(importCredentialsResult.username, importCredentialsResult.credentials);
                    }
                    cmfEntityManager.persistCredential(findCredentialByPrincipal);
                    return;
                }
                operationsManager.beginConfigWork(cmfEntityManager, "Storing CM Admin Credentials", false);
                operationsManager.setConfig(cmfEntityManager, ScmParams.KDC_ADMIN_USER, importCredentialsResult.username, null, null, null, cmfEntityManager.getScmConfigProvider().getConfigContainer(), null);
                operationsManager.setConfig(cmfEntityManager, ScmParams.KDC_ADMIN_PASSWORD, importCredentialsResult.useSimpleAuthWithAD ? new String(importCredentialsResult.credentials, Charset.forName(RedirectLinkGenerator.ENCODE_SCHEME)) : Base64.encodeBase64String(importCredentialsResult.credentials), null, null, null, cmfEntityManager.getScmConfigProvider().getConfigContainer(), null);
                if (importCredentialsResult.isAdmin) {
                    operationsManager.setConfig(cmfEntityManager, ScmParams.AD_USE_SIMPLE_AUTH, Boolean.valueOf(importCredentialsResult.useSimpleAuthWithAD), null, null, null, cmfEntityManager.getScmConfigProvider().getConfigContainer(), null);
                }
            }
        };
        this.runningCommands = Maps.newConcurrentMap();
        this.execService = createExecService();
    }

    private ExecutorService createExecService() {
        return Executors.newSingleThreadExecutor(new ThreadFactoryBuilder().setNameFormat(getName() + "-%d").setDaemon(true).build());
    }

    @Override // com.cloudera.cmf.command.BasicCommandHandler
    public DbCommand execute(DbNull dbNull, CmdArgs cmdArgs, DbCommand dbCommand) {
        Preconditions.checkArgument(cmdArgs.getArgs().size() == 4);
        DbCommand createCommand = CommandUtils.createCommand(getName());
        CmfEntityManager.currentCmfEntityManager().persistCommand(createCommand);
        createCommand.setParent(dbCommand);
        return createCommand;
    }

    private static SecurityUtils getUtils() {
        return (SecurityUtils) AppContext.getBeanByClass(SecurityUtils.class);
    }

    private StringRedactor getRedactor() {
        try {
            return StringRedactor.createFromJsonString((String) this.sdp.getScmParamTrackerStore().get(ScmParams.DIAG_BUNDLE_REDACTION_POLICY));
        } catch (IOException e) {
            return null;
        }
    }

    @VisibleForTesting
    static String redactOutput(String str, String str2, String str3, StringRedactor stringRedactor) {
        String replace = str.replace(str2, "USERNAME-REDACTED").replace(str3, "PASSWORD-REDACTED");
        if (stringRedactor != null) {
            replace = stringRedactor.redact(replace);
        }
        return replace;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] generateKeytab(String str, String str2, long j, String str3, boolean z) throws IOException, InterruptedException {
        if (Environment.getDevMode()) {
            return "keytab".getBytes();
        }
        File createTempFile = getUtils().createTempFile("cmf", ".keytab");
        try {
            createTempFile.delete();
            ArrayList arrayList = new ArrayList();
            arrayList.add(this.KEYGEN_FILE.getAbsolutePath());
            arrayList.add(createTempFile.getAbsolutePath());
            arrayList.add(str);
            arrayList.add(str2);
            arrayList.add(Long.toString(j));
            HashMap newHashMap = Maps.newHashMap();
            newHashMap.put("ENC_TYPES", ScmParams.KRB_ENC_TYPES.toConfigFileString((List<String>) this.sdp.getScmParamTrackerStore().get(ScmParams.KRB_ENC_TYPES)));
            newHashMap.put(SecurityUtils.KRB5_CONF_ENV, str3);
            if (z && ScmParams.AD_KDC.equals(this.sdp.getScmParamTrackerStore().get(ScmParams.KDC_TYPE))) {
                newHashMap.put("AD_ADMIN", "true");
                newHashMap.put("DOMAIN", this.sdp.getScmParamTrackerStore().get(ScmParams.AD_KDC_DOMAIN));
                String str4 = (String) this.sdp.getScmParamTrackerStore().get(ScmParams.KDC_ACCOUNT_CREATION_HOST_OVERRIDE);
                if (str4 == null) {
                    str4 = (String) this.sdp.getScmParamTrackerStore().get(ScmParams.KDC_HOST);
                }
                newHashMap.put("AD_SERVER", str4);
                newHashMap.put("LDAP_PORT", ScmParams.AD_LDAP_PORT.toConfigFileString(this.sdp.getScmParamTrackerStore().get(ScmParams.AD_LDAP_PORT)));
                newHashMap.put("LDAPS_PORT", ScmParams.AD_LDAPS_PORT.toConfigFileString(this.sdp.getScmParamTrackerStore().get(ScmParams.AD_LDAPS_PORT)));
            }
            if (z && ScmParams.IPA_KDC.equals(this.sdp.getScmParamTrackerStore().get(ScmParams.KDC_TYPE))) {
                newHashMap.put("IPA_ADMIN", SecurityUtils.getIpaAdminuser(this.sdp));
            }
            CommandRunner.CommandResult run = CommandRunner.run(arrayList, (InputStream) null, newHashMap);
            if (run.retcode != 0) {
                throw new IOException(this.KEYGEN_FILE + " failed with exit code " + run.retcode + " and output of <<\n" + redactOutput(run.stderr, str, str2, getRedactor()) + "\n>>");
            }
            if (!createTempFile.canRead()) {
                throw new IOException(String.format("Encountered error with %s: Cannot access generated keytab file %s", this.KEYGEN_FILE, createTempFile.getAbsolutePath()));
            }
            byte[] byteArray = Files.toByteArray(createTempFile);
            createTempFile.delete();
            return byteArray;
        } catch (Throwable th) {
            createTempFile.delete();
            throw th;
        }
    }

    private Callable<ImportCredentialsResult> createCallable(final String str, final String str2, final boolean z, final long j) {
        return new Callable<ImportCredentialsResult>() { // from class: com.cloudera.cmf.security.ImportCredentialsCommand.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public ImportCredentialsResult call() throws Exception {
                return (ImportCredentialsResult) ImportCredentialsCommand.access$400().runWithGenerateKrb5Conf(ImportCredentialsCommand.this.sdp, new SecurityUtils.RunnableWithKrb5Conf<ImportCredentialsResult>() { // from class: com.cloudera.cmf.security.ImportCredentialsCommand.2.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // com.cloudera.cmf.security.components.SecurityUtils.RunnableWithKrb5Conf
                    public ImportCredentialsResult run(String str3) throws Exception {
                        if (!Environment.getDevMode()) {
                            if (ScmParams.IPA_KDC.equals(ImportCredentialsCommand.this.sdp.getScmParamTrackerStore().get(ScmParams.KDC_TYPE))) {
                                ImportCredentialsCommand.this.KEYGEN_FILE = ImportCredentialsCommand.access$400().getScriptFile(ImportCredentialsCommand.KEYGEN_FILE_NAME_IPA);
                            } else {
                                ImportCredentialsCommand.this.KEYGEN_FILE = ImportCredentialsCommand.access$400().getScriptFile(ImportCredentialsCommand.KEYGEN_FILE_NAME);
                            }
                        }
                        ImportCredentialsResult importCredentialsResult = new ImportCredentialsResult();
                        importCredentialsResult.credentials = ImportCredentialsCommand.this.generateKeytab(str, str2, j, str3, z);
                        importCredentialsResult.username = str;
                        importCredentialsResult.isAdmin = z;
                        importCredentialsResult.useSimpleAuthWithAD = str2.equals(new String(importCredentialsResult.credentials, Charset.forName(RedirectLinkGenerator.ENCODE_SCHEME)));
                        if (ScmParams.IPA_KDC.equals(ImportCredentialsCommand.this.sdp.getScmParamTrackerStore().get(ScmParams.KDC_TYPE))) {
                            importCredentialsResult.username = String.format("%s@%s", SecurityUtils.getIpaAdminuser(ImportCredentialsCommand.this.sdp), ImportCredentialsCommand.this.sdp.getScmParamTrackerStore().get(ScmParams.SECURITY_REALM));
                        }
                        return importCredentialsResult;
                    }
                });
            }
        };
    }

    @Override // com.cloudera.cmf.command.CommandHandler
    public void update(CmfEntityManager cmfEntityManager, DbCommand dbCommand) throws CommandException {
        if (!this.runningCommands.containsKey(dbCommand.getId())) {
            List<String> args = CommandUtils.getCmdArguments(dbCommand).getArgs();
            this.runningCommands.put(dbCommand.getId(), this.execService.submit(createCallable(args.get(0), args.get(1), Boolean.parseBoolean(args.get(2)), Long.parseLong(args.get(3)))));
        }
        synchronized (this) {
            CommandHelpers.updateAsynchronousCommand(dbCommand, this.runningCommands, MSG_PREFIX, this.RESULT_PROCESSOR);
        }
    }

    @Override // com.cloudera.cmf.command.CommandHandler
    public void abort(DbCommand dbCommand) throws CommandException {
        synchronized (this) {
            CommandHelpers.abortAsynchronousCommand(dbCommand, this.runningCommands, MSG_PREFIX);
        }
    }

    @Override // com.cloudera.cmf.command.CommandHandler
    public String getName() {
        return COMMAND_NAME;
    }

    @Override // com.cloudera.cmf.command.CommandHandler
    public String getDisplayName() {
        return I18n.t("message.command.importCredentials.name");
    }

    @Override // com.cloudera.cmf.command.CommandHandler
    public String getHelp() {
        return I18n.t("message.command.importCredentials.help");
    }

    @Override // com.cloudera.cmf.service.AbstractCommandHandler, com.cloudera.cmf.command.CommandHandler
    public boolean isInternal() {
        return false;
    }

    @Override // com.cloudera.cmf.service.AbstractCommandHandler, com.cloudera.cmf.command.BasicCommandHandler
    public boolean isAvailable(DbNull dbNull) {
        return CmfEntityManager.currentCmfEntityManager().findCommandsByName(getName()).isEmpty();
    }

    @Override // com.cloudera.cmf.service.AbstractCommandHandler
    public ProductState.Feature getFeature() {
        return ProductState.Feature.KERBEROS;
    }

    @Override // com.cloudera.cmf.command.CommandHandler
    public CommandEventCode getCommandEventCode() {
        return CommandEventCode.EV_IMPORT_ADMIN_CREDENTIALS;
    }

    @Override // com.cloudera.cmf.service.AbstractCommandHandler, com.cloudera.cmf.command.BasicCommandHandler
    public boolean hasSensitiveArgs() {
        return true;
    }

    static /* synthetic */ SecurityUtils access$400() {
        return getUtils();
    }
}
