package com.cloudera.cmf.service.mgmt;

import com.cloudera.cmf.ProductState;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.AbstractServiceHandler;
import com.cloudera.cmf.service.ConditionallyRequiredConfigsValidator;
import com.cloudera.cmf.service.SSLParams;
import com.cloudera.cmf.service.ServiceDataProvider;
import com.cloudera.cmf.service.Validator;
import com.cloudera.cmf.service.config.ConfigEvaluationContext;
import com.cloudera.cmf.service.config.ConfigEvaluatorHelpers;
import com.cloudera.cmf.service.config.ConfigFileGenerator;
import com.cloudera.cmf.service.config.ConfigGenException;
import com.cloudera.cmf.service.config.ConfigLocator;
import com.cloudera.cmf.service.config.ConfigUpdateListener;
import com.cloudera.cmf.service.config.KerberosKeytabGenerator;
import com.cloudera.cmf.service.config.MgmtConfigFileDefinitions;
import com.cloudera.cmf.service.config.NumericParamSpec;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.config.PortNumberParamSpec;
import com.cloudera.cmf.service.config.PropertiesConfigFileGenerator;
import com.cloudera.cmf.service.config.RefreshConfigListener;
import com.cloudera.cmf.service.config.SecurityNavKafkaUpdateListener;
import com.cloudera.cmf.service.config.TextConfigFileGenerator;
import com.cloudera.cmf.service.csd.components.FirstPartyCsdServiceTypes;
import com.cloudera.cmf.service.hadoopcommon.HadoopCommonHelpers;
import com.cloudera.cmf.service.mgmt.MgmtServiceHandler;
import com.cloudera.server.common.KerberosAuthentication;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/cloudera/cmf/service/mgmt/NavigatorRoleHandler.class */
public class NavigatorRoleHandler extends BaseMgmtRoleHandler {
    private static final String CM_AUTH_FILE_NAME = "cloudera-navigator-cm-auth.properties";

    public NavigatorRoleHandler(AbstractServiceHandler abstractServiceHandler, ServiceDataProvider serviceDataProvider) {
        super(abstractServiceHandler, serviceDataProvider);
        this.minInstanceCount = 0;
        serviceDataProvider.getOperationsManager().addRoleUpdateListener(new NavigatorPropagateUpdateListener(serviceDataProvider));
        serviceDataProvider.getOperationsManager().addConfigUpdateListener(new NavigatorPropagateUpdateListener(serviceDataProvider));
    }

    @Override // com.cloudera.cmf.service.RoleHandler
    public Enum<?> getRoleTypeEnum() {
        return MgmtServiceHandler.RoleNames.NAVIGATOR;
    }

    @Override // com.cloudera.cmf.service.mgmt.BaseMgmtRoleHandler
    protected List<String> getArguments() {
        return ImmutableList.of("navigator");
    }

    @Override // com.cloudera.cmf.service.mgmt.BaseMgmtRoleHandler
    protected PortNumberParamSpec getDebugPortParamSpec() {
        return MgmtParams.NAVIGATOR_DEBUG_PORT;
    }

    @Override // com.cloudera.cmf.service.mgmt.BaseMgmtRoleHandler
    protected Map<String, String> getEnvironmentForConcreteRole(DbRole dbRole, Map<String, Object> map) {
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put("NAVIGATOR_JAVA_OPTS", HadoopCommonHelpers.makeJavaOpts(MgmtParams.NAVIGATOR_HEAPSIZE, MgmtParams.NAVIGATOR_JAVA_OPTS, getHeapDumpFile(dbRole), map, this, dbRole, dbRole.getService(), this.serviceProvider));
        return newHashMap;
    }

    @Override // com.cloudera.cmf.service.mgmt.BaseMgmtRoleHandler
    public NumericParamSpec getHeapSize() {
        return MgmtParams.NAVIGATOR_HEAPSIZE;
    }

    @Override // com.cloudera.cmf.service.AbstractRoleHandler
    public ProductState.Feature getFeature() {
        return ProductState.Feature.NAVIGATOR;
    }

    @Override // com.cloudera.cmf.service.mgmt.BaseMgmtRoleHandler
    protected Set<ParamSpec<?>> getDaemonParamSpecsForMgmtRole(ImmutableSet<ParamSpec<?>> immutableSet) {
        return Sets.union(MgmtParams.NAVIGATOR_PARAMS, immutableSet);
    }

    @Override // com.cloudera.cmf.service.AbstractRoleHandler
    protected Set<ConfigFileGenerator> getConfigFileGenerators(ImmutableSet<ConfigFileGenerator> immutableSet) {
        HashSet newHashSet = Sets.newHashSet();
        newHashSet.add(new PropertiesConfigFileGenerator(MgmtConfigFileDefinitions.NAVIGATOR, MgmtConfigFileDefinitions.NAVIGATOR_SERVER_CONFIG_FILE));
        newHashSet.add(new PropertiesConfigFileGenerator(MgmtConfigFileDefinitions.NAVIGATOR_CM_AUTH, CM_AUTH_FILE_NAME));
        newHashSet.add(new PropertiesConfigFileGenerator(MgmtConfigFileDefinitions.NAVIGATOR_DB, "db.navigator.properties"));
        newHashSet.add(new PropertiesConfigFileGenerator(MgmtConfigFileDefinitions.LOG4J_NAVIGATOR_AUDIT_SERVER, "log4j.properties"));
        newHashSet.add(new KerberosKeytabGenerator("navigator.keytab"));
        newHashSet.add(new TextConfigFileGenerator(MgmtConfigFileDefinitions.NAVIGATOR_JAAS_CONF_EVALUATOR, "navigator.jaas.conf"));
        newHashSet.add(new TextConfigFileGenerator(MgmtConfigFileDefinitions.NAVIGATOR_LOG_WHITELIST_EVALUATOR, "event-filter-rules.json"));
        return Sets.union(newHashSet, immutableSet);
    }

    @Override // com.cloudera.cmf.service.AbstractDaemonRoleHandler, com.cloudera.cmf.service.DaemonRoleHandler
    public boolean requiresInternalUser(DbRole dbRole) {
        return true;
    }

    @Override // com.cloudera.cmf.service.AbstractDaemonRoleHandler
    public Set<String> getNonIdempotentConfigFilesForRole(Set<String> set, DbRole dbRole) {
        return new ImmutableSet.Builder().addAll(set).add(CM_AUTH_FILE_NAME).build();
    }

    @Override // com.cloudera.cmf.service.AbstractRoleHandler, com.cloudera.cmf.service.RoleHandler
    public String getAuthorityForPowerState() {
        return "AUTH_NAVIGATOR";
    }

    @Override // com.cloudera.cmf.service.AbstractRoleHandler, com.cloudera.cmf.service.RoleHandler
    public String getAuthorityForAddRemove() {
        return "AUTH_NAVIGATOR";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.cloudera.cmf.service.AbstractRoleHandler
    public String getDefaultAuthorityForParamSpecs() {
        return "AUTH_NAVIGATOR";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.cloudera.cmf.service.AbstractDaemonRoleHandler, com.cloudera.cmf.service.AbstractRoleHandler
    public Set<ConfigUpdateListener> getConfigUpdateListeners() {
        HashSet newHashSet = Sets.newHashSet(super.getConfigUpdateListeners());
        newHashSet.add(new SecurityNavKafkaUpdateListener(this.serviceProvider, FirstPartyCsdServiceTypes.KAFKA, "true"));
        newHashSet.add(new RefreshConfigListener(this.serviceProvider.getServiceHandlerRegistry(), this.serviceProvider.getHeartbeatRequester(), this, RefreshConfigListener.Refreshable.CONFIGS, MgmtParams.NAVIGATOR_PII_MASKING_REGEX));
        return newHashSet;
    }

    @Override // com.cloudera.cmf.service.AbstractRoleHandler
    public Map<String, String> getPrincipalPrefixes(long j, DbRole dbRole) {
        return getKafkaKerbEnabledPS(ConfigEvaluationContext.of(this.serviceProvider, dbRole.getService(), dbRole, this, null)) ? ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, getKerberosPrincipalName(dbRole)) : ImmutableMap.of();
    }

    @Override // com.cloudera.cmf.service.mgmt.BaseMgmtRoleHandler, com.cloudera.cmf.service.AbstractRoleHandler, com.cloudera.cmf.service.RoleHandler
    public boolean requiresCredentials(CmfEntityManager cmfEntityManager, DbRole dbRole) {
        return getKafkaKerbEnabledPS(ConfigEvaluationContext.of(this.serviceProvider, dbRole.getService(), dbRole, this, null));
    }

    private boolean getKafkaKerbEnabledPS(ConfigEvaluationContext configEvaluationContext) {
        ParamSpec findParamSpec = ConfigEvaluatorHelpers.findParamSpec(configEvaluationContext, ConfigLocator.getConfigLocator(FirstPartyCsdServiceTypes.KAFKA), FirstPartyCsdServiceTypes.RoleTypes.KAFKA_BROKER_KERB_ENABLED);
        boolean z = false;
        if (null != findParamSpec) {
            try {
                z = ((Boolean) ConfigEvaluatorHelpers.getParamSpecValue(configEvaluationContext, findParamSpec)).booleanValue();
            } catch (ConfigGenException e) {
            }
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.cloudera.cmf.service.AbstractRoleHandler
    public List<Validator> getAdditionalValidators() {
        List<Validator> additionalValidators = super.getAdditionalValidators();
        additionalValidators.add(((ConditionallyRequiredConfigsValidator.Builder) ConditionallyRequiredConfigsValidator.builder(this.serviceProvider, (ParamSpec) MgmtParams.NAVIGATOR_KEYSTORE_PATH, "keystore_file_required_for_ssl_validator", SSLParams.I18nKeys.KEYSTORE_FILE_REQUIRED.getKey()).ifOtherParamEquals(MgmtParams.NAVIGATOR_SSL_ENABLED, true)).build());
        additionalValidators.add(((ConditionallyRequiredConfigsValidator.Builder) ConditionallyRequiredConfigsValidator.builder(this.serviceProvider, (ParamSpec) MgmtParams.NAVIGATOR_KEYSTORE_PASSWORD, "keystore_password_required_for_ssl_validator", SSLParams.I18nKeys.KEYSTORE_PASS_REQUIRED.getKey()).ifOtherParamEquals(MgmtParams.NAVIGATOR_SSL_ENABLED, true)).build());
        return additionalValidators;
    }
}
