package com.cloudera.cmf.service.solr;

import com.cloudera.cmf.Constants;
import com.cloudera.cmf.ProductState;
import com.cloudera.cmf.model.ConfigValueProvider;
import com.cloudera.cmf.model.DbProcess;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.protocol.ResourceUnion;
import com.cloudera.cmf.protocol.ResourcesUtil;
import com.cloudera.cmf.service.AbstractDaemonRoleHandler;
import com.cloudera.cmf.service.BasicResourceManagementHandler;
import com.cloudera.cmf.service.BasicRoleRefreshCommand;
import com.cloudera.cmf.service.CommandUtils;
import com.cloudera.cmf.service.ConfigFilesTransform;
import com.cloudera.cmf.service.DaemonRoleHandler;
import com.cloudera.cmf.service.GenericBringDownRoleCommand;
import com.cloudera.cmf.service.NavigatorClientParams;
import com.cloudera.cmf.service.ResourceManagementHandler;
import com.cloudera.cmf.service.ServiceDataProvider;
import com.cloudera.cmf.service.UniqueConfigValidator;
import com.cloudera.cmf.service.Validator;
import com.cloudera.cmf.service.config.AuthToLocalEvaluator;
import com.cloudera.cmf.service.config.AutoTLSPasswordParamSpecEvaluator;
import com.cloudera.cmf.service.config.AutoTLSPathParamSpecEvaluator;
import com.cloudera.cmf.service.config.ConfigEvaluationContext;
import com.cloudera.cmf.service.config.ConfigEvaluator;
import com.cloudera.cmf.service.config.ConfigEvaluatorHelpers;
import com.cloudera.cmf.service.config.ConfigFileGenerator;
import com.cloudera.cmf.service.config.ConfigGenException;
import com.cloudera.cmf.service.config.ConfigUpdateListener;
import com.cloudera.cmf.service.config.CoreConfigFileDefinitions;
import com.cloudera.cmf.service.config.EmptyConfigFileGenerator;
import com.cloudera.cmf.service.config.KerberosKeytabGenerator;
import com.cloudera.cmf.service.config.MgmtConfigFileDefinitions;
import com.cloudera.cmf.service.config.ParamParseException;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.config.ParamSpecEvaluator;
import com.cloudera.cmf.service.config.PathParamSpec;
import com.cloudera.cmf.service.config.PortNumberParamSpec;
import com.cloudera.cmf.service.config.PropertiesConfigFileGenerator;
import com.cloudera.cmf.service.config.ProxyUserParamSpecs;
import com.cloudera.cmf.service.config.RangerPluginConfigGenerators;
import com.cloudera.cmf.service.config.RangerPluginParams;
import com.cloudera.cmf.service.config.RefreshConfigListener;
import com.cloudera.cmf.service.config.ServiceParamSpec;
import com.cloudera.cmf.service.config.SolrConfigFileDefintions;
import com.cloudera.cmf.service.config.SolrLog4J2Evaluator;
import com.cloudera.cmf.service.config.TextConfigFileGenerator;
import com.cloudera.cmf.service.config.XMLConfigFileGenerator;
import com.cloudera.cmf.service.config.transform.ConfigFilesTransformBuilder;
import com.cloudera.cmf.service.config.transform.CredentialProviderConfigTransform;
import com.cloudera.cmf.service.core.CoreSettingsParams;
import com.cloudera.cmf.service.csd.components.FirstPartyCsdServiceTypes;
import com.cloudera.cmf.service.hadoopcommon.HadoopCommonHelpers;
import com.cloudera.cmf.service.hdfs.DfsConnector;
import com.cloudera.cmf.service.hdfs.HdfsParams;
import com.cloudera.cmf.service.hue.HueServiceHandler;
import com.cloudera.cmf.service.mgmt.MgmtServiceHandler;
import com.cloudera.cmf.service.scm.ScmHandler;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.cmf.service.sentry.SentryParams;
import com.cloudera.cmf.service.solr.SolrServiceHandler;
import com.cloudera.cmf.version.CdhReleases;
import com.cloudera.cmf.version.Release;
import com.cloudera.server.cmf.Authentication;
import com.cloudera.server.common.KerberosAuthentication;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Joiner;
import com.google.common.base.Objects;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Maps;
import com.google.common.collect.Range;
import com.google.common.collect.Sets;
import com.google.common.collect.UnmodifiableIterator;
import com.google.common.net.HostAndPort;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/cmf/service/solr/SolrServerRoleHandler.class */
public class SolrServerRoleHandler extends AbstractDaemonRoleHandler {
    private static final Logger LOG = LoggerFactory.getLogger(SolrServerRoleHandler.class);
    public static final String SOLR_USER = "solr";
    public static final String SOLR_GROUP = "solr";
    private static final String LOG_FILE_FORMAT = "solr-cmf-%s-%s-%s.log.out";
    private final SolrServiceHandler sh;
    public static final String SOLR_MULTI_AUTH_HANDLER_TYPE = "org.apache.solr.servlet.authentication.DelegationTokenMultiSchemeAuthHandler";
    public static final String SOLR_MULTI_AUTH_HANDLER_HTTP_SCHEMES = "Basic,Negotiate";
    public static final String SOLR_MULTI_AUTH_HANDLER_DELEGATION_MGMT_HTTP_SCHEMES = "Negotiate";
    public static final String SOLR_FORCE_SHUTDOWN_CMD_NAME = "SolrServerForcedShutDown";

    public SolrServerRoleHandler(SolrServiceHandler solrServiceHandler, ServiceDataProvider serviceDataProvider) {
        super(solrServiceHandler, serviceDataProvider);
        this.minInstanceCount = 1;
        this.sh = solrServiceHandler;
        addEnvRedactionRegex("SOLR_KEYSTORE_PASSWORD", "******");
        addEnvRedactionRegex("SOLR_TRUSTSTORE_PASSWORD", "******");
        if (solrServiceHandler.getVersion().atLeast(CdhReleases.CDH5_7_0)) {
            addRoleCommand(new GenericBringDownRoleCommand(this, serviceDataProvider, SOLR_FORCE_SHUTDOWN_CMD_NAME, null, true, true, "message.command.role.solr.solrForcedShutdown.name"));
            addRoleCommand(new SolrServerGracefulShutDownCommand(this, serviceDataProvider));
        }
        addRoleCommand(new BasicRoleRefreshCommand(serviceDataProvider, this));
    }

    @Override // com.cloudera.cmf.service.RoleHandler
    public Enum<?> getRoleTypeEnum() {
        return SolrServiceHandler.RoleNames.SOLR_SERVER;
    }

    @Override // com.cloudera.cmf.service.DaemonRoleHandler
    public DbProcess makeProcess(DbRole dbRole, List<String> list) throws DaemonRoleHandler.ProcessSupplierException {
        Preconditions.checkArgument(list.isEmpty());
        Map<String, Object> prepareConfiguration = prepareConfiguration(dbRole);
        DbProcess dbProcess = new DbProcess(makeProcessName(dbRole));
        dbProcess.setUser(getProcessUser(prepareConfiguration));
        dbProcess.setGroup(getProcessGroup(prepareConfiguration));
        dbProcess.setProgram("solr/solr.sh");
        dbProcess.setArguments(Collections.emptyList());
        dbProcess.setStatusLinks(getStatusLinks(dbRole));
        dbProcess.setEnvironment(getEnvironment(dbRole, prepareConfiguration));
        dbProcess.setConfigurationData(generateConfiguration(dbRole, prepareConfiguration));
        dbProcess.initWithRole(dbRole);
        dbProcess.setResources(makeResources(dbRole, prepareConfiguration));
        dbProcess.setRefreshFiles(getRefreshableConfigFiles());
        return dbProcess;
    }

    @Override // com.cloudera.cmf.service.AbstractDaemonRoleHandler
    public PortNumberParamSpec getWebUIHttpPortParam() {
        return SolrParams.SOLR_HTTP_PORT;
    }

    @Override // com.cloudera.cmf.service.AbstractDaemonRoleHandler
    public PortNumberParamSpec getWebUIHttpsPortParam() {
        return SolrParams.SOLR_HTTPS_PORT;
    }

    @Override // com.cloudera.cmf.service.AbstractDaemonRoleHandler, com.cloudera.cmf.service.DaemonRoleHandler
    public boolean isWebUISSLEnabled(DbRole dbRole) {
        if (!SolrParams.SOLR_USE_SSL.supportsVersion(dbRole.getConfigRelease())) {
            return false;
        }
        try {
            Boolean extract = SolrParams.SOLR_USE_SSL.extract((ConfigValueProvider) dbRole);
            if (extract == null) {
                return false;
            }
            return extract.booleanValue();
        } catch (ParamParseException e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.cloudera.cmf.service.AbstractDaemonRoleHandler
    public Map<String, String> getEnvironmentForRole(DbRole dbRole, Map<String, Object> map) {
        String extract;
        String zkKerberosPrincipal;
        HashMap newHashMap = Maps.newHashMap();
        Release version = getServiceHandler().getVersion();
        boolean atLeast = version.atLeast(CdhReleases.CDH6_0_0);
        Boolean valueOf = Boolean.valueOf(Boolean.TRUE.equals(SolrParams.SOLR_USE_SSL.extract(map)));
        String str = "-Djava.net.preferIPv4Stack=true ";
        UnmodifiableIterator it = ImmutableList.of(SolrParams.SOLR_HDFS_BLOCKCACHE_ENABLE, SolrParams.SOLR_HDFS_BLOCKCACHE_DIRECT_MEMORY_ALLOCATION, SolrParams.SOLR_HDFS_BLOCKCACHE_BLOCKSPERBANK, SolrParams.SOLR_HDFS_BLOCKCACHE_SLAB_COUNT, SolrParams.SOLR_ZK_CLIENT_TIMEOUT).iterator();
        while (it.hasNext()) {
            ParamSpec paramSpec = (ParamSpec) it.next();
            if (paramSpec.supportsVersion(dbRole.getConfigRelease())) {
                str = str + String.format("-D%s=%s ", paramSpec.getPropertyName(this.serviceHandler.getVersion()), paramSpec.extractToConfigFileString(map));
            }
        }
        String str2 = str + HadoopCommonHelpers.makeJavaOpts(SolrParams.SOLR_JAVA_HEAPSIZE, SolrParams.SOLR_JAVA_DIRECT_MEMORY_SIZE, SolrParams.SOLR_JAVA_OPTS, null, false, getHeapDumpFile(dbRole), map, this, dbRole, dbRole.getService(), this.serviceProvider, !version.atLeast(CdhReleases.CDH5_5_0));
        CmfEntityManager currentCmfEntityManager = CmfEntityManager.currentCmfEntityManager();
        boolean requiresCredentials = requiresCredentials(currentCmfEntityManager, dbRole);
        if (version.atLeast(CdhReleases.CDH7_1_5) && !requiresCredentials) {
            str2 = str2 + " -Dsolr.disableConfigSetsCreateAuthChecks=true";
        }
        if (atLeast) {
            if (valueOf.booleanValue()) {
                str2 = str2 + " -Dsolr.ssl.credential.provider.chain=hadoop";
            }
            newHashMap.put("JAVA_OPTS", str2);
        } else {
            newHashMap.put("CATALINA_OPTS", str2);
        }
        newHashMap.put("SOLR_ZK_ENSEMBLE", this.sh.getSolrServiceZnode(dbRole.getService()));
        newHashMap.put("SOLR_LOG", SolrParams.SOLR_LOG_DIR.extract(map).toString());
        if (SolrParams.SOLR_ADMIN_PORT.supportsVersion(version)) {
            newHashMap.put("SOLR_ADMIN_PORT", ((Long) SolrParams.SOLR_ADMIN_PORT.extract(map)).toString());
        }
        if (SolrParams.SOLR_MAX_CONNECTOR_THREAD.supportsVersion(this.serviceHandler.getVersion())) {
            newHashMap.put("SOLR_MAX_CONNECTOR_THREAD", ((Long) SolrParams.SOLR_MAX_CONNECTOR_THREAD.extract(map)).toString());
        }
        newHashMap.put("SOLR_HOME", SolrParams.SOLR_DATA_DIR.extract(map).toString());
        newHashMap.put("SOLR_HDFS_HOME", getSolrHdfsHome(dbRole));
        if (SolrParams.SOLRD_ENABLE_WATCHDOG.extract(map).booleanValue()) {
            newHashMap.put("SOLRD_WATCHDOG_TIMEOUT", ((Long) SolrParams.SOLRD_WATCHDOG_TIMEOUT.extract(map)).toString());
        }
        newHashMap.put("SERVER_NAME", "solr");
        if (version.atLeast(SolrLog4J2Evaluator.FIRST_CDH_VERSION_TO_USE_LOG4J2_FOR_SOLR)) {
            newHashMap.put("SOLR_LOG4J_CONFIG", "{{CMF_CONF_DIR}}/log4j2.properties");
        }
        if (valueOf.booleanValue()) {
            newHashMap.put("SOLR_SSL_ENABLED", "true");
            if (version.lessThan(CdhReleases.CDH6_0_0)) {
                newHashMap.put("SOLR_SERVER_DIR", "tomcat-conf.https");
            }
            newHashMap.put("SOLR_PORT", ((Long) SolrParams.SOLR_HTTPS_PORT.extract(map)).toString());
            newHashMap.put("SOLR_KEYSTORE_PATH", AutoTLSPathParamSpecEvaluator.getOverriddenPath(SolrParams.SOLR_HTTPS_KEYSTORE_FILE, map));
            if (version.atLeast(CdhReleases.CDH7_1_5)) {
                String string = ((ScmParams.KeyStoreType) ScmHandler.getScmConfigValue(ScmParams.KEYSTORE_TYPE, currentCmfEntityManager.getScmConfigProvider())).getString();
                newHashMap.put("SOLR_SSL_KEY_STORE_TYPE", string);
                newHashMap.put("SOLR_SSL_TRUST_STORE_TYPE", string);
            }
            if (!atLeast) {
                newHashMap.put("SOLR_KEYSTORE_PASSWORD", AutoTLSPasswordParamSpecEvaluator.getOverriddenPassword(SolrParams.SOLR_HTTPS_KEYSTORE_PASSWORD, map));
            }
        } else {
            if (version.lessThan(CdhReleases.CDH6_0_0)) {
                newHashMap.put("SOLR_SERVER_DIR", "tomcat-conf.dist");
            }
            newHashMap.put("SOLR_PORT", ((Long) SolrParams.SOLR_HTTP_PORT.extract(map)).toString());
        }
        String overriddenPath = AutoTLSPathParamSpecEvaluator.getOverriddenPath(SolrParams.SOLR_HTTPS_TRUSTSTORE_FILE, map);
        if (overriddenPath != null && !overriddenPath.isEmpty()) {
            newHashMap.put("SOLR_TRUSTSTORE_PATH", overriddenPath);
            String overriddenPassword = AutoTLSPasswordParamSpecEvaluator.getOverriddenPassword(SolrParams.SOLR_HTTPS_TRUSTSTORE_PASSWORD, map);
            if (!atLeast && overriddenPassword != null && !overriddenPassword.isEmpty()) {
                newHashMap.put("SOLR_TRUSTSTORE_PASSWORD", overriddenPassword);
            }
        }
        if (atLeast) {
            String jceksPassword = getJceksPassword(map);
            if (jceksPassword != null) {
                newHashMap.put(getJceksPasswordEnvVar(), jceksPassword);
            }
            newHashMap.put("SOLR_HADOOP_CREDENTIAL_PROVIDER_PATH", new CredentialProviderConfigTransform(jceksPassword).keyStoreURI);
        }
        DbService service = dbRole.getService();
        TreeSet newTreeSet = Sets.newTreeSet();
        String str3 = null;
        String str4 = null;
        try {
            String hadoopUser = ConfigEvaluatorHelpers.getHadoopUser(service, currentCmfEntityManager, this.serviceProvider, HueServiceHandler.SERVICE_TYPE, null);
            newTreeSet.add(hadoopUser);
            if (Constants.SERVICE_VERSIONS_SINCE_CDH7_0_0.contains(this.serviceHandler.getVersion())) {
                str3 = ConfigEvaluatorHelpers.getHadoopUser(service, currentCmfEntityManager, this.serviceProvider, FirstPartyCsdServiceTypes.KNOX, null, ProxyUserParamSpecs.ProxyUserType.KNOX.getProxyUser());
                newTreeSet.add(str3);
            }
            if (requiresCredentials) {
                str4 = ConfigEvaluatorHelpers.getHadoopUser(service, currentCmfEntityManager, this.serviceProvider, MgmtServiceHandler.SERVICE_TYPE, MgmtServiceHandler.RoleNames.SERVICEMONITOR.name());
                newTreeSet.add(str4);
            }
            newHashMap.put("SOLR_SECURITY_ALLOWED_PROXYUSERS", Joiner.on(',').join(newTreeSet));
            DbService extract2 = SolrParams.DFS_CONNECTOR.extract(map);
            if (extract2 != null) {
                Map<String, String> serviceConfigsMap = extract2.getServiceConfigsMap();
                Release serviceVersion = extract2.getServiceVersion();
                try {
                    newHashMap.put(String.format("SOLR_SECURITY_PROXYUSER_%s_GROUPS", hadoopUser), CoreSettingsParams.HUE_PROXY_GROUPS.toConfigFileString(CoreSettingsParams.HUE_PROXY_GROUPS.extractFromStringMap(serviceConfigsMap, serviceVersion)));
                    newHashMap.put(String.format("SOLR_SECURITY_PROXYUSER_%s_HOSTS", hadoopUser), CoreSettingsParams.HUE_PROXY_HOSTS.toConfigFileString(CoreSettingsParams.HUE_PROXY_HOSTS.extractFromStringMap(serviceConfigsMap, serviceVersion)));
                    if (Constants.SERVICE_VERSIONS_SINCE_CDH7_0_0.contains(this.serviceHandler.getVersion())) {
                        newHashMap.put(String.format("SOLR_SECURITY_PROXYUSER_%s_GROUPS", str3), CoreSettingsParams.KNOX_PROXY_GROUPS.toConfigFileString(CoreSettingsParams.KNOX_PROXY_GROUPS.extractFromStringMap(serviceConfigsMap, serviceVersion)));
                        newHashMap.put(String.format("SOLR_SECURITY_PROXYUSER_%s_HOSTS", str3), CoreSettingsParams.KNOX_PROXY_HOSTS.toConfigFileString(CoreSettingsParams.KNOX_PROXY_HOSTS.extractFromStringMap(serviceConfigsMap, serviceVersion)));
                    }
                    if (requiresCredentials && !Objects.equal(hadoopUser, str4)) {
                        newHashMap.put(String.format("SOLR_SECURITY_PROXYUSER_%s_GROUPS", str4), CoreSettingsParams.SMON_PROXY_GROUPS.toConfigFileString(CoreSettingsParams.SMON_PROXY_GROUPS.extractFromStringMap(serviceConfigsMap, serviceVersion)));
                        newHashMap.put(String.format("SOLR_SECURITY_PROXYUSER_%s_HOSTS", str4), CoreSettingsParams.SMON_PROXY_HOSTS.toConfigFileString(CoreSettingsParams.SMON_PROXY_HOSTS.extractFromStringMap(serviceConfigsMap, serviceVersion)));
                    }
                } catch (ParamParseException e) {
                    throw new RuntimeException(e);
                }
            }
            if (requiresCredentials) {
                newHashMap.put("SOLR_KERBEROS_ENABLED", "true");
                newHashMap.put("SOLR_KERBEROS_PRINCIPAL", getRequiredPrincipals(dbRole, null).get(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL));
                if (atLeast) {
                    newHashMap.put("SOLR_KERBEROS_KEYTAB", "{{CMF_CONF_DIR}}/solr.keytab");
                } else {
                    newHashMap.put("SOLR_KERBEROS_KEYTAB", SolrParams.SOLR_KEYTAB_FILE_NAME);
                }
            }
            if (this.sh.requiresAuthentication(dbRole.getService())) {
                if (version.lessThan(CdhReleases.CDH6_0_0)) {
                    newHashMap.putAll(securityConfigsForSolr4(dbRole, map));
                } else {
                    newHashMap.putAll(securityConfigsForCdh6(dbRole, map));
                }
                String kerberosPrincipalName = getKerberosPrincipalName(dbRole);
                if (!SolrParams.SOLR_KERBEROS_PRINC.getDefaultValue(version).equals(kerberosPrincipalName)) {
                    newHashMap.put("SOLR_AUTHORIZATION_SUPERUSER", kerberosPrincipalName);
                }
                if (version.atLeast(CdhReleases.CDH5_5_0) && (zkKerberosPrincipal = HadoopCommonHelpers.getZkKerberosPrincipal(map, this, dbRole, dbRole.getService(), this.serviceProvider)) != null) {
                    newHashMap.put("ZK_SASL_CLIENT_USERNAME", zkKerberosPrincipal);
                }
                newHashMap.putAll(sentryConfigs(dbRole, map));
            }
            if (version.lessThan(CdhReleases.CDH6_0_0) && !this.sh.requiresAuthentication(dbRole.getService())) {
                newHashMap.put("SOLR_AUTHENTICATION_SIMPLE_ALLOW_ANON", "true");
            }
            if (dbRole.getService().getServiceVersion().atLeast(CdhReleases.CDH5_4_1)) {
                if (this.sh.requiresAuthentication(dbRole.getService())) {
                    newHashMap.put("SECURE_ZNODE", "true");
                }
                newHashMap.put("SYNC_CONFIG_TO_ZK", "true");
            }
            if (version.atLeast(CdhReleases.CDH6_0_0) && (extract = SolrParams.SOLR_PLUGINS_DIR.extract(map)) != null) {
                newHashMap.put("SOLR_PLUGINS_DIR", extract);
            }
            try {
                if (isRangerEnabled(dbRole)) {
                    newHashMap.put("SOLR_RANGER_ENABLED", "true");
                }
                return newHashMap;
            } catch (ParamParseException e2) {
                throw new RuntimeException(e2);
            }
        } catch (ConfigGenException e3) {
            throw new RuntimeException(e3);
        }
    }

    @Override // com.cloudera.cmf.service.AbstractDaemonRoleHandler, com.cloudera.cmf.service.AbstractRoleHandler, com.cloudera.cmf.service.RoleHandler
    public List<ResourceUnion> makeResources(DbRole dbRole, Map<String, Object> map) {
        List<ResourceUnion> makeResources = super.makeResources(dbRole, map);
        if (!Objects.equal(SolrParams.SOLR_DATA_DIR.extract(map), "/var/lib/solr")) {
            makeResources.add(ResourcesUtil.newDirectoryResource("/var/lib/solr", getProcessUser(map), getProcessGroup(map), PathParamSpec.DEFAULT_DIR_MODE));
        }
        if (NavigatorClientParams.NAVIGATOR_SUPPORT_CDH_RELEASE_RANGE.contains(this.serviceHandler.getVersion()) && this.serviceProvider.getFeatureManager().hasFeature(ProductState.Feature.NAVIGATOR)) {
            addResourcesForPathParamSpec(makeResources, dbRole, map, SolrParams.SOLR_AUDIT_LOG_DIR).setDynamic(true);
        }
        try {
            if (isRangerEnabled(dbRole)) {
                addResourcesForPathParamSpec(makeResources, dbRole, map, SolrParams.RANGER_POLICY_CACHE_DIR);
                addResourcesForPathParamSpec(makeResources, dbRole, map, SolrParams.RANGER_AUDIT_HDFS_SPOOL);
                addResourcesForPathParamSpec(makeResources, dbRole, map, SolrParams.RANGER_AUDIT_SOLR_SPOOL);
            }
        } catch (ParamParseException e) {
        }
        return makeResources;
    }

    private boolean isRangerEnabled(DbRole dbRole) throws ParamParseException {
        LOG.debug("isRangerEnabled invoked for role " + dbRole.getName() + ", display name: " + dbRole.getDisplayName());
        boolean booleanValue = (SolrParams.RANGER.extract((ConfigValueProvider) dbRole.getService()) != null ? Boolean.TRUE : Boolean.valueOf(Boolean.TRUE.equals(SolrParams.RANGER_AUTHORIZATION_ENABLE.extract((ConfigValueProvider) dbRole.getService())))).booleanValue();
        LOG.debug("isRangerEnabled returning " + booleanValue);
        return booleanValue;
    }

    @VisibleForTesting
    String getSolrHdfsHome(DbRole dbRole) throws DaemonRoleHandler.ProcessSupplierException {
        DbService service = dbRole.getService();
        try {
            try {
                return ((DfsConnector) this.serviceProvider.getServiceHandlerRegistry().createServiceConnector(DfsConnector.TYPE, SolrParams.DFS_CONNECTOR.extractFromStringMap(service.getServiceConfigsMap(), service.getServiceVersion()))).getDefaultFS() + SolrParams.HDFS_DATA_DIR.extractFromStringMap(service.getServiceConfigsMap(), service.getServiceVersion());
            } catch (ParamParseException e) {
                throw new RuntimeException(e);
            }
        } catch (ParamParseException e2) {
            throw new RuntimeException(e2);
        }
    }

    @Override // com.cloudera.cmf.service.AbstractRoleHandler, com.cloudera.cmf.service.RoleHandler
    public String getLogFileName(DbRole dbRole) {
        return formatLogName(LOG_FILE_FORMAT, dbRole);
    }

    @Override // com.cloudera.cmf.service.AbstractDaemonRoleHandler
    protected Set<ParamSpec<?>> getDaemonParamSpecs(ImmutableSet<ParamSpec<?>> immutableSet) {
        return Sets.union(SolrParams.SOLR_SERVER_PARAMS, immutableSet);
    }

    @Override // com.cloudera.cmf.service.AbstractRoleHandler
    protected Set<ConfigFileGenerator> getConfigFileGenerators(ImmutableSet<ConfigFileGenerator> immutableSet) {
        HashSet newHashSet = Sets.newHashSet();
        if (getServiceHandler().getVersion().lessThan(SolrLog4J2Evaluator.FIRST_CDH_VERSION_TO_USE_LOG4J2_FOR_SOLR)) {
            newHashSet.add(new PropertiesConfigFileGenerator(SolrConfigFileDefintions.LOG4J_PROPERTIES, "log4j.properties"));
        } else {
            newHashSet.add(new PropertiesConfigFileGenerator(SolrConfigFileDefintions.LOG4J2_PROPERTIES, "log4j2.properties"));
        }
        newHashSet.add(new KerberosKeytabGenerator(SolrParams.SOLR_KEYTAB_FILE_NAME));
        newHashSet.add(new TextConfigFileGenerator(SolrConfigFileDefintions.SOLR_JAAS_CONF_EVALUATOR, "jaas.conf"));
        if (getServiceHandler().getVersion().lessThan(CdhReleases.CDH7_0_0)) {
            newHashSet.add(new XMLConfigFileGenerator(SolrConfigFileDefintions.SENTRY_SITE_POLICY_FILE, "sentry-site.xml"));
            if (Constants.SERVICE_VERSIONS_SINCE_CDH5_4_0.contains(this.serviceHandler.getVersion())) {
                newHashSet.add(MgmtConfigFileDefinitions.navigatorClientConfigGenerator(SolrParams.NAVIGATOR_COLLECTION_ENABLED, SolrParams.NAVIGATOR_EVENT_FILTER, SolrParams.NAVIGATOR_EVENT_TRACKER, SolrParams.NAVIGATOR_QUEUE_POLICY, SolrParams.NAVIGATOR_CLIENT_CONFIG_SAFETY_VALVE, false, new ParamSpecEvaluator(SolrParams.SOLR_AUDIT_LOG_DIR), new ParamSpecEvaluator(SolrParams.SOLR_MAX_AUDIT_LOG_SIZE)));
            }
        }
        if (this.serviceHandler.getVersion().sameMinor(CdhReleases.CDH6_0_0)) {
            newHashSet.add(EmptyConfigFileGenerator.builder().filename(new CredentialProviderConfigTransform("password").keyStoreFileName).build());
        }
        RangerPluginConfigGenerators.addAll(new RangerPluginConfigGenerators.BuildInfo().pluginType(RangerPluginParams.PluginType.SOLR).serviceType(SolrServiceHandler.SERVICE_TYPE).roleType(SolrServiceHandler.RoleNames.SOLR_SERVER).enabledInverseIfBoolean(SolrParams.RANGER_AUTHORIZATION_ENABLE, true).enabledIfDependency(SolrParams.RANGER).keytabFile(SolrParams.SOLR_KEYTAB_FILE_NAME).cacheDir(SolrParams.RANGER_POLICY_CACHE_DIR).auditHdfsPath(SolrParams.RANGER_AUDIT_HDFS_PATH).auditHdfsSpool(SolrParams.RANGER_AUDIT_HDFS_SPOOL).auditSolrSpool(SolrParams.RANGER_AUDIT_SOLR_SPOOL).trustStoreFile(SolrParams.SOLR_HTTPS_TRUSTSTORE_FILE).trustStorePassword(SolrParams.SOLR_HTTPS_TRUSTSTORE_PASSWORD).useXForwardedIpaddress(SolrParams.RANGER_PLUGIN_USE_X_FORWARDED_IPADDRESS).useTrustedPoxyIpaddress(SolrParams.RANGER_PLUGIN_TRUSTED_PROXY_IPADDRESS).auditSafetyValve(SolrParams.RANGER_AUDIT_SAFETY_VALVE).securitySafetyValve(SolrParams.RANGER_SECURITY_SAFETY_VALVE).policymgrSSLSafetyValve(SolrParams.RANGER_POLICY_MGR_SSL_SAFETY_VALVE), CommandUtils.CONFIG_TOP_LEVEL_DIR, newHashSet);
        return Sets.union(newHashSet, immutableSet);
    }

    @Override // com.cloudera.cmf.service.AbstractRoleHandler, com.cloudera.cmf.service.RoleHandler
    public List<ConfigEvaluator> getExplicitCredProvEvaluators(ConfigEvaluationContext configEvaluationContext) {
        return Constants.SERVICE_VERSIONS_SINCE_CDH6.contains(configEvaluationContext.getRelease()) ? ImmutableList.of(new AutoTLSPasswordParamSpecEvaluator(SolrParams.SOLR_HTTPS_KEYSTORE_PASSWORD), new AutoTLSPasswordParamSpecEvaluator(SolrParams.SOLR_HTTPS_TRUSTSTORE_PASSWORD)) : Collections.EMPTY_LIST;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.cloudera.cmf.service.AbstractDaemonRoleHandler, com.cloudera.cmf.service.AbstractRoleHandler
    public Set<ConfigUpdateListener> getConfigUpdateListeners() {
        HashSet newHashSet = Sets.newHashSet(super.getConfigUpdateListeners());
        if (NavigatorClientParams.NAVIGATOR_SUPPORT_CDH_RELEASE_RANGE.contains(this.serviceHandler.getVersion())) {
            newHashSet.add(new RefreshConfigListener(this.serviceProvider.getServiceHandlerRegistry(), this.serviceProvider.getHeartbeatRequester(), this, RefreshConfigListener.Refreshable.CONFIGS, SolrParams.NAVIGATOR_COLLECTION_ENABLED, SolrParams.NAVIGATOR_EVENT_FILTER, SolrParams.NAVIGATOR_EVENT_TRACKER, SolrParams.NAVIGATOR_QUEUE_POLICY, SolrParams.NAVIGATOR_CLIENT_CONFIG_SAFETY_VALVE, SolrParams.SOLR_AUDIT_LOG_DIR, SolrParams.SOLR_MAX_AUDIT_LOG_SIZE));
            newHashSet.add(new RefreshConfigListener(this.serviceProvider.getServiceHandlerRegistry(), this.serviceProvider.getHeartbeatRequester(), this, RefreshConfigListener.Refreshable.RESOURCES, SolrParams.SOLR_AUDIT_LOG_DIR));
        }
        return newHashSet;
    }

    @Override // com.cloudera.cmf.service.AbstractDaemonRoleHandler, com.cloudera.cmf.service.DaemonRoleHandler
    public List<String> getRefreshableConfigFiles() {
        ImmutableList.Builder builder = ImmutableList.builder();
        builder.addAll(super.getRefreshableConfigFiles());
        builder.add(CoreConfigFileDefinitions.TOPOLOGY_MAP_CFG.getOutputFileName());
        if (NavigatorClientParams.NAVIGATOR_SUPPORT_CDH_RELEASE_RANGE.contains(this.serviceHandler.getVersion())) {
            builder.add(MgmtConfigFileDefinitions.NAVIGATOR_CLIENT_CONFIG_FILE);
        }
        return builder.build();
    }

    static ConfigFilesTransformBuilder getDfsCcTransform() {
        return ConfigFilesTransformBuilder.builder().overlayConfigFile(HdfsParams.HDFS_SITE_XML, SolrConfigFileDefintions.HDFS_SITE_XML).overlayConfigFile(CoreSettingsParams.CORE_SITE_XML, SolrConfigFileDefintions.CORE_SITE_XML);
    }

    @Override // com.cloudera.cmf.service.AbstractRoleHandler
    public Map<? extends ServiceParamSpec, ConfigFilesTransform> getTypesForDependencyClientConfigs(DbService dbService, DbRole dbRole) {
        return ImmutableMap.builder().putAll(super.getTypesForDependencyClientConfigs(dbService, dbRole)).put(SolrParams.SENTRY_SERVICE, getSentryServiceCcTransform()).put(SolrParams.DFS_CONNECTOR, getDfsCcTransform()).build();
    }

    private static ConfigFilesTransformBuilder getSentryServiceCcTransform() {
        return ConfigFilesTransformBuilder.builder().overlayConfigFile("sentry-site.xml", SolrConfigFileDefintions.SENTRY_SITE_SERVICE_XML);
    }

    @Override // com.cloudera.cmf.service.AbstractRoleHandler
    public Map<String, String> getPrincipalPrefixes(long j, DbRole dbRole) {
        ImmutableMap.Builder builder = new ImmutableMap.Builder();
        builder.put(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, this.serviceHandler.getKerberosPrincipalName(dbRole.getService()));
        if (this.sh.requiresAuthentication(dbRole.getService())) {
            builder.put(KerberosAuthentication.KERBEROS_HTTP_PRINCIPAL, "HTTP");
            if (getLoadBalancerConfig(dbRole) != null) {
                builder.put("SOLR_HTTP_PRINCIPAL", "HTTP");
            }
        }
        return builder.build();
    }

    @Override // com.cloudera.cmf.service.AbstractRoleHandler
    protected Map<String, String> getPrincipalHostOverrides(DbRole dbRole) {
        HostAndPort loadBalancerConfig = getLoadBalancerConfig(dbRole);
        return loadBalancerConfig != null ? ImmutableMap.of(KerberosAuthentication.KERBEROS_HTTP_PRINCIPAL, loadBalancerConfig.getHost()) : Collections.emptyMap();
    }

    private HostAndPort getLoadBalancerConfig(DbRole dbRole) {
        try {
            String extractFromStringMap = SolrParams.SOLR_LOAD_BALANCER.extractFromStringMap(dbRole.getConfigsMap(), dbRole.getService().getServiceVersion());
            if (extractFromStringMap == null || extractFromStringMap.isEmpty()) {
                return null;
            }
            return HostAndPort.fromString(extractFromStringMap);
        } catch (ParamParseException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.cloudera.cmf.service.AbstractRoleHandler
    protected ResourceManagementHandler constructResourceManagementHandler() {
        return new BasicResourceManagementHandler(getMemoryLimitParams(getConfigSpec().getParams()));
    }

    private Map<String, String> securityConfigsForSolr4(DbRole dbRole, Map<String, Object> map) {
        HashMap newHashMap = Maps.newHashMap();
        Release version = getServiceHandler().getVersion();
        newHashMap.put("SOLR_AUTHENTICATION_TYPE", Authentication.AUTHENTICATION_TYPES.kerberos.name());
        newHashMap.putAll(getKerberosConfigs(dbRole, map));
        if (Boolean.TRUE.equals(SolrParams.SOLR_ENABLE_LDAP_AUTH.extract(map))) {
            newHashMap.putAll(getMultiAuthHandlerConfigs(dbRole, map));
            newHashMap.putAll(getLdapConfigs(dbRole, map));
        }
        if (Range.closedOpen(CdhReleases.CDH5_4_1, CdhReleases.CDH5_5_0).contains(version)) {
            StringBuilder sb = new StringBuilder();
            String kerberosPrincipalName = getKerberosPrincipalName(dbRole);
            if (!SolrParams.SOLR_KERBEROS_PRINC.getDefaultValue(version).equals(kerberosPrincipalName)) {
                sb.append(String.format("-Dsolr.authorization.superuser=%s", kerberosPrincipalName));
            }
            String makeZkKerberosPrincipalOpt = HadoopCommonHelpers.makeZkKerberosPrincipalOpt(map, this, dbRole, dbRole.getService(), this.serviceProvider);
            if (!makeZkKerberosPrincipalOpt.isEmpty()) {
                sb.append(" ");
                sb.append(makeZkKerberosPrincipalOpt);
            }
            if (sb.length() > 0) {
                newHashMap.put("ZKCLI_JVM_FLAGS", sb.toString());
            }
        }
        if (version.atLeast(CdhReleases.CDH5_5_0)) {
            newHashMap.put("SOLR_ZKACL_PROVIDER", "org.apache.solr.common.cloud.ConfigAwareSaslZkACLProvider");
        }
        return newHashMap;
    }

    private Map<String, String> securityConfigsForCdh6(DbRole dbRole, Map<String, Object> map) {
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.putAll(getMultiAuthHandlerConfigs(dbRole, map));
        newHashMap.putAll(getKerberosConfigs(dbRole, map));
        newHashMap.putAll(getLdapConfigs(dbRole, map));
        newHashMap.put("SOLR_ZKACL_PROVIDER", "org.apache.solr.common.cloud.SaslZkACLProvider");
        return newHashMap;
    }

    private Map<String, String> sentryConfigs(DbRole dbRole, Map<String, Object> map) {
        HashMap newHashMap = Maps.newHashMap();
        if (SolrParams.SENTRY_ENABLED.supportsVersion(dbRole.getConfigRelease()) && SolrParams.SENTRY_ENABLED.extract(map).booleanValue()) {
            newHashMap.put("SOLR_SENTRY_ENABLED", "true");
        }
        if (SolrParams.SENTRY_SERVICE.extract(map) != null) {
            newHashMap.put("SOLR_SENTRY_SERVICE_ENABLED", "true");
        }
        return newHashMap;
    }

    private Map<String, String> getMultiAuthHandlerConfigs(DbRole dbRole, Map<String, Object> map) {
        HashMap newHashMap = Maps.newHashMap();
        if (getServiceHandler().getVersion().atLeast(CdhReleases.CDH6_0_0)) {
            newHashMap.put("SOLR_AUTHENTICATION_TYPE", "multi-scheme");
        } else {
            newHashMap.put("SOLR_AUTHENTICATION_TYPE", SOLR_MULTI_AUTH_HANDLER_TYPE);
        }
        newHashMap.put("SOLR_AUTHENTICATION_HTTP_SCHEMES", SOLR_MULTI_AUTH_HANDLER_DELEGATION_MGMT_HTTP_SCHEMES);
        newHashMap.put("SOLR_AUTHENTICATION_HTTP_NEGOTIATE_HANDLER", SentryParams.SECURITY_MODE_KERBEROS);
        newHashMap.put("SOLR_AUTHENTICATION_HTTP_DELEGATION_MGMT_SCHEMES", SOLR_MULTI_AUTH_HANDLER_DELEGATION_MGMT_HTTP_SCHEMES);
        if (SolrParams.SOLR_ENABLE_LDAP_AUTH.extract(map).booleanValue()) {
            newHashMap.put("SOLR_AUTHENTICATION_HTTP_SCHEMES", SOLR_MULTI_AUTH_HANDLER_HTTP_SCHEMES);
            newHashMap.put("SOLR_AUTHENTICATION_HTTP_BASIC_HANDLER", "ldap");
        }
        return newHashMap;
    }

    private Map<String, String> getKerberosConfigs(DbRole dbRole, Map<String, Object> map) {
        HashMap newHashMap = Maps.newHashMap();
        Release version = getServiceHandler().getVersion();
        if (getLoadBalancerConfig(dbRole) != null) {
            newHashMap.put("SOLR_AUTHENTICATION_KERBEROS_PRINCIPAL", "*");
        } else {
            newHashMap.put("SOLR_AUTHENTICATION_KERBEROS_PRINCIPAL", getRequiredPrincipals(dbRole, null).get(KerberosAuthentication.KERBEROS_HTTP_PRINCIPAL));
        }
        if (version.atLeast(CdhReleases.CDH6_0_0)) {
            newHashMap.put("SOLR_AUTHENTICATION_KERBEROS_KEYTAB", "{{CMF_CONF_DIR}}/solr.keytab");
            newHashMap.put("SOLR_AUTHENTICATION_JAAS_CONF", "{{CMF_CONF_DIR}}/jaas.conf");
        } else {
            newHashMap.put("SOLR_AUTHENTICATION_KERBEROS_KEYTAB", SolrParams.SOLR_KEYTAB_FILE_NAME);
            newHashMap.put("SOLR_AUTHENTICATION_JAAS_CONF", "jaas.conf");
        }
        DbService extract = SolrParams.DFS_CONNECTOR.extract(map);
        if (extract != null) {
            newHashMap.put("SOLR_AUTHENTICATION_KERBEROS_NAME_RULES", AuthToLocalEvaluator.getAuthToLocalRules(this.serviceProvider, extract, CommandUtils.CONFIG_TOP_LEVEL_DIR));
        }
        return newHashMap;
    }

    private Map<String, String> getLdapConfigs(DbRole dbRole, Map<String, Object> map) {
        HashMap newHashMap = Maps.newHashMap();
        if (SolrParams.SOLR_ENABLE_LDAP_AUTH.extract(map).booleanValue()) {
            newHashMap.put("SOLR_AUTHENTICATION_LDAP_PROVIDER_URL", SolrParams.SOLR_LDAP_URI.extract(map));
            if (!Strings.isNullOrEmpty(SolrParams.SOLR_LDAP_BASEDN.extract(map))) {
                newHashMap.put("SOLR_AUTHENTICATION_LDAP_BASE_DN", SolrParams.SOLR_LDAP_BASEDN.extract(map));
            }
            if (!Strings.isNullOrEmpty(SolrParams.SOLR_LDAP_BIND_DOMAIN.extract(map))) {
                newHashMap.put("SOLR_AUTHENTICATION_LDAP_BIND_DOMAIN", SolrParams.SOLR_LDAP_BIND_DOMAIN.extract(map));
            }
            newHashMap.put("SOLR_AUTHENTICATION_LDAP_ENABLE_STARTTLS", SolrParams.SOLR_LDAP_ENABLE_STARTTLS.extract(map).toString());
        }
        return newHashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.cloudera.cmf.service.AbstractRoleHandler
    public List<Validator> getAdditionalValidators() {
        List<Validator> additionalValidators = super.getAdditionalValidators();
        String serviceType = this.serviceHandler.getServiceType();
        if (this.sh.getVersion().atLeast(CdhReleases.CDH5_4_0)) {
            additionalValidators.add(new UniqueConfigValidator(SolrParams.SOLR_HTTPS_PORT, serviceType, SolrServiceHandler.RoleNames.SOLR_SERVER.toString()));
        }
        additionalValidators.add(new UniqueConfigValidator(SolrParams.SOLR_DATA_DIR, serviceType, SolrServiceHandler.RoleNames.SOLR_SERVER.toString()));
        additionalValidators.add(new UniqueConfigValidator(SolrParams.SOLR_LOG_DIR, serviceType, SolrServiceHandler.RoleNames.SOLR_SERVER.toString()));
        additionalValidators.add(new UniqueConfigValidator(SolrParams.SOLR_HTTP_PORT, serviceType, SolrServiceHandler.RoleNames.SOLR_SERVER.toString()));
        return additionalValidators;
    }
}
