package com.cloudera.cmf.service.config;

import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.Enums;
import com.cloudera.cmf.service.csd.components.DependencyExtensionHelper;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.UnmodifiableIterator;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.apache.kerby.kerberos.kerb.keytab.Keytab;
import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;

/* loaded from: input_file:com/cloudera/cmf/service/config/KerberosKeytabGenerator.class */
public class KerberosKeytabGenerator extends AbstractConfigFileGenerator {
    private final ImmutableList<? extends GenericConfigEvaluator> evaluators;

    public KerberosKeytabGenerator(String str) {
        this(str, null);
    }

    public KerberosKeytabGenerator(String str, ImmutableList<? extends GenericConfigEvaluator> immutableList) {
        super(str);
        this.evaluators = immutableList;
    }

    public ImmutableSet<String> getAllowedPrincipals(ConfigEvaluationContext configEvaluationContext) {
        if (this.evaluators == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        UnmodifiableIterator it = this.evaluators.iterator();
        while (it.hasNext()) {
            String evaluateInline = DependencyExtensionHelper.evaluateInline((GenericConfigEvaluator) it.next(), configEvaluationContext);
            if (!StringUtils.isEmpty(evaluateInline)) {
                hashSet.add(evaluateInline);
            }
        }
        return ImmutableSet.copyOf(hashSet);
    }

    @Override // com.cloudera.cmf.service.config.ConfigFileGenerator
    public void generate(ConfigFile configFile, OutputStream outputStream, boolean z) throws ConfigGenException {
        Preconditions.checkState(configFile.getConfigs().size() <= 1);
        UnmodifiableIterator it = configFile.getConfigs().iterator();
        while (it.hasNext()) {
            EvaluatedConfig evaluatedConfig = (EvaluatedConfig) it.next();
            if (!evaluatedConfig.isConcealed()) {
                Preconditions.checkState(evaluatedConfig.isBinary());
                try {
                    outputStream.write(evaluatedConfig.getBytes());
                } catch (IOException e) {
                    throw new ConfigGenException(String.format("Unable to generate config file %s.", getOutputFileName()), e);
                }
            }
        }
    }

    @Override // com.cloudera.cmf.service.config.AbstractConfigFileGenerator
    protected ConfigFile generateConfigFileImpl(ConfigEvaluationContext configEvaluationContext) throws ConfigGenException, SkippedConfigGenerationException {
        Preconditions.checkArgument(Enums.ConfigScope.ROLE.equals(configEvaluationContext.getScope()) || Enums.ConfigScope.ROLE_CONFIG_GROUP.equals(configEvaluationContext.getScope()));
        DbRole role = configEvaluationContext.getRole();
        SimpleConfigFile simpleConfigFile = new SimpleConfigFile(getOutputFileName());
        byte[] mergedKeytab = role.getMergedKeytab();
        if (role == null || mergedKeytab == null) {
            return simpleConfigFile;
        }
        byte[] filterPrincipals = filterPrincipals(mergedKeytab, getAllowedPrincipals(configEvaluationContext));
        if (filterPrincipals == null) {
            throw new SkippedConfigGenerationException("Keytab file without any keytab entries.");
        }
        simpleConfigFile.addConfig(new EvaluatedConfig(filterPrincipals));
        return simpleConfigFile;
    }

    private byte[] filterPrincipals(byte[] bArr, ImmutableSet<String> immutableSet) throws ConfigGenException {
        Preconditions.checkNotNull(bArr);
        if (immutableSet == null) {
            return bArr;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            try {
                Keytab keytab = new Keytab();
                keytab.load(byteArrayInputStream);
                Keytab keytab2 = new Keytab();
                ArrayList arrayList = new ArrayList();
                for (PrincipalName principalName : keytab.getPrincipals()) {
                    if (immutableSet.contains(principalName.getNameStrings().get(0))) {
                        for (KeytabEntry keytabEntry : keytab.getKeytabEntries(principalName)) {
                            if (keytabEntry.getKey() != null) {
                                arrayList.add(keytabEntry);
                            }
                        }
                    }
                }
                if (arrayList.isEmpty()) {
                    return null;
                }
                keytab2.addKeytabEntries(arrayList);
                keytab2.store(byteArrayOutputStream);
                byteArrayOutputStream.flush();
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                try {
                    byteArrayInputStream.close();
                    byteArrayOutputStream.close();
                } catch (IOException e) {
                }
                return byteArray;
            } finally {
                try {
                    byteArrayInputStream.close();
                    byteArrayOutputStream.close();
                } catch (IOException e2) {
                }
            }
        } catch (Exception e3) {
            throw new ConfigGenException(String.format("Failed to filter principals from keytab file. Unable to generate config file %s.", getOutputFileName()), e3);
        }
    }

    public static boolean isKeytabEmpty(byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            Keytab keytab = new Keytab();
            keytab.load(byteArrayInputStream);
            boolean z = keytab.getPrincipals().size() == 0;
            try {
                byteArrayInputStream.close();
            } catch (IOException e) {
            }
            return z;
        } catch (Exception e2) {
            try {
                byteArrayInputStream.close();
            } catch (IOException e3) {
            }
            return false;
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (IOException e4) {
            }
            throw th;
        }
    }

    public static boolean isKeytabContentEqual(byte[] bArr, byte[] bArr2) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(bArr2);
        try {
            Keytab keytab = new Keytab();
            keytab.load(byteArrayInputStream);
            Keytab keytab2 = new Keytab();
            keytab2.load(byteArrayInputStream2);
            List<PrincipalName> principals = keytab.getPrincipals();
            List principals2 = keytab2.getPrincipals();
            if (principals.size() != principals2.size()) {
                try {
                    byteArrayInputStream.close();
                    byteArrayInputStream2.close();
                } catch (IOException e) {
                }
                return false;
            }
            if (!principals.containsAll(principals2)) {
                try {
                    byteArrayInputStream.close();
                    byteArrayInputStream2.close();
                } catch (IOException e2) {
                }
                return false;
            }
            for (PrincipalName principalName : principals) {
                List keytabEntries = keytab.getKeytabEntries(principalName);
                List keytabEntries2 = keytab2.getKeytabEntries(principalName);
                if (keytabEntries.size() != keytabEntries2.size()) {
                    try {
                        byteArrayInputStream.close();
                        byteArrayInputStream2.close();
                    } catch (IOException e3) {
                    }
                    return false;
                }
                if (!keytabEntries.containsAll(keytabEntries2)) {
                    try {
                        byteArrayInputStream.close();
                        byteArrayInputStream2.close();
                    } catch (IOException e4) {
                    }
                    return false;
                }
            }
            try {
                byteArrayInputStream.close();
                byteArrayInputStream2.close();
            } catch (IOException e5) {
            }
            return true;
        } catch (Exception e6) {
            try {
                byteArrayInputStream.close();
                byteArrayInputStream2.close();
            } catch (IOException e7) {
            }
            return false;
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
                byteArrayInputStream2.close();
            } catch (IOException e8) {
            }
            throw th;
        }
    }
}
