package com.cloudera.cmf.service.config;

import com.cloudera.cmf.model.ConfigStalenessStatus;
import com.cloudera.cmf.model.DbClientConfig;
import com.cloudera.cmf.model.DbProcess;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.security.CmfKeyStore;
import com.cloudera.cmf.service.DaemonRoleHandler;
import com.cloudera.cmf.service.config.transform.CredentialProviderConfigTransform;
import com.cloudera.enterprise.config.ZipUtil;
import com.cloudera.server.web.common.I18n;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Charsets;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import com.google.common.collect.MapDifference;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import com.google.common.io.Files;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/cmf/service/config/ConfigFilesDiffer.class */
public class ConfigFilesDiffer implements ProcessDiffer, ClientConfigDiffer {
    private static final Logger LOG = LoggerFactory.getLogger(ConfigFilesDiffer.class);
    private static final byte[] EMPTY_BYTE_ARRAY = new byte[0];
    private static final DiffHelper DIFF_HELPER = new DiffHelper();
    private static final Set<String> BINARY_EXTENSIONS = ImmutableSet.of("keytab", "jceks", "localjceks", "bcfks", "localbcfks");
    private static final Set<String> BINARY_FILENAMES = ImmutableSet.of(CoreConfigFileDefinitions.HTTP_AUTH_SIGNATURE_SECRET_FILENAME);

    @VisibleForTesting
    static final String KRB5_CONF_FULL_PATH = "krb-conf/krb5.conf";

    @Override // com.cloudera.cmf.service.config.ProcessDiffer
    public ConfigStalenessStatus isStale(DaemonRoleHandler daemonRoleHandler, DbRole dbRole, DbProcess dbProcess, DbProcess dbProcess2) {
        return isStale(daemonRoleHandler, dbRole, dbProcess.getConfigurationData(), dbProcess2.getConfigurationData());
    }

    @Override // com.cloudera.cmf.service.config.ProcessDiffer
    public List<ConfigDiff> diff(DaemonRoleHandler daemonRoleHandler, DbRole dbRole, DbProcess dbProcess, DbProcess dbProcess2) {
        return diff(daemonRoleHandler, dbRole, dbProcess.getConfigurationData(), dbProcess2.getConfigurationData(), daemonRoleHandler.getNonIdempotentConfigFiles(dbRole), null);
    }

    @Override // com.cloudera.cmf.service.config.ClientConfigDiffer
    public ConfigStalenessStatus isStale(DbClientConfig dbClientConfig, DbClientConfig dbClientConfig2) {
        return isStale((DaemonRoleHandler) null, (DbRole) null, dbClientConfig.getConfigArchive(), dbClientConfig2.getConfigArchive());
    }

    @Override // com.cloudera.cmf.service.config.ClientConfigDiffer
    public List<ConfigDiff> diff(DbClientConfig dbClientConfig, DbClientConfig dbClientConfig2) {
        return diff(null, null, dbClientConfig.getConfigArchive(), dbClientConfig2.getConfigArchive(), ImmutableSet.of(), null);
    }

    public ConfigStalenessStatus isStale(DaemonRoleHandler daemonRoleHandler, DbRole dbRole, byte[] bArr, byte[] bArr2) {
        ImmutableSet nonIdempotentConfigFiles;
        ImmutableSet newHashSet;
        MapDifference difference = Maps.difference(ZipUtil.getZipCRCs(bArr), ZipUtil.getZipCRCs(bArr2));
        if ((!difference.entriesOnlyOnLeft().isEmpty() || !difference.entriesOnlyOnRight().isEmpty()) && !isOnlyEmptyKeytabDifference(difference, bArr, bArr2)) {
            return ConfigStalenessStatus.STALE;
        }
        if (daemonRoleHandler == null) {
            nonIdempotentConfigFiles = ImmutableSet.of();
            newHashSet = ImmutableSet.of();
        } else {
            nonIdempotentConfigFiles = daemonRoleHandler.getNonIdempotentConfigFiles(dbRole);
            newHashSet = Sets.newHashSet(daemonRoleHandler.getRefreshableConfigFiles());
        }
        ConfigStalenessStatus configStalenessStatus = ConfigStalenessStatus.FRESH;
        for (String str : difference.entriesDiffering().keySet()) {
            if (!nonIdempotentConfigFiles.contains(str)) {
                CredentialProviderConfigTransform credentialProviderConfigTransform = new CredentialProviderConfigTransform("password");
                if (str.equals(credentialProviderConfigTransform.keyStoreFileName)) {
                    if (!equalCredProvContent(daemonRoleHandler, dbRole, bArr, bArr2, str, credentialProviderConfigTransform.keyStoreType)) {
                        return ConfigStalenessStatus.STALE;
                    }
                } else if (isKerberosKeytabFile(str)) {
                    if (!equalKeytabContent(daemonRoleHandler, dbRole, bArr, bArr2, str)) {
                        return ConfigStalenessStatus.STALE;
                    }
                } else if (str.equals(KRB5_CONF_FULL_PATH)) {
                    if (!equalConfFileContent(bArr, bArr2, str)) {
                        return ConfigStalenessStatus.STALE;
                    }
                    LOG.info("Detected non-substantial difference in krb5.conf. Not triggering staleness.");
                } else {
                    if (!newHashSet.contains(str)) {
                        return ConfigStalenessStatus.STALE;
                    }
                    configStalenessStatus = ConfigStalenessStatus.STALE_REFRESHABLE;
                }
            }
        }
        return configStalenessStatus;
    }

    @VisibleForTesting
    static boolean equalConfFileContent(byte[] bArr, byte[] bArr2, String str) {
        try {
            byte[] unzipFileByName = ZipUtil.unzipFileByName(bArr, str);
            byte[] unzipFileByName2 = ZipUtil.unzipFileByName(bArr2, str);
            if (unzipFileByName == null) {
                throw new IOException("Entry missing from oldFiles: " + str);
            }
            if (unzipFileByName2 == null) {
                throw new IOException("Entry missing from newFiles: " + str);
            }
            return removeEmptyConfSections(new String(unzipFileByName)).equals(removeEmptyConfSections(new String(unzipFileByName2)));
        } catch (IOException e) {
            LOG.warn("error in equalConfFileContent", e);
            return false;
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    @VisibleForTesting
    static String removeEmptyConfSections(String str) {
        StringBuilder sb = new StringBuilder();
        StringBuilder sb2 = new StringBuilder();
        int i = 0;
        for (String str2 : str.split("\n")) {
            if (!StringUtils.isEmpty(str2)) {
                if (str2.startsWith("[") && str2.endsWith("]")) {
                    if (i > 0) {
                        sb.append((CharSequence) sb2);
                    }
                    sb2.setLength(0);
                    sb2.append(str2).append("\n");
                    i = 0;
                } else {
                    sb2.append(str2).append("\n");
                    i++;
                }
            }
        }
        if (i > 0) {
            sb.append((CharSequence) sb2);
        }
        return sb.toString();
    }

    private boolean equalCredProvContent(DaemonRoleHandler daemonRoleHandler, DbRole dbRole, byte[] bArr, byte[] bArr2, String str, String str2) {
        Preconditions.checkNotNull(daemonRoleHandler, "null role handler (are you checking for keystore file in client configs?)");
        Preconditions.checkNotNull(dbRole, "null role (are you checking for keystore file in client configs?)");
        try {
            return equalKeystore(ZipUtil.unzipFileByName(bArr, str), ZipUtil.unzipFileByName(bArr2, str), daemonRoleHandler.getJceksPassword(dbRole), str2);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private static boolean isKerberosKeytabFile(String str) {
        return str.endsWith(".keytab");
    }

    private static boolean isOnlyEmptyKeytabDifference(MapDifference<String, Long> mapDifference, byte[] bArr, byte[] bArr2) {
        try {
            for (String str : mapDifference.entriesOnlyOnLeft().keySet()) {
                if (!isKerberosKeytabFile(str) || !KerberosKeytabGenerator.isKeytabEmpty(ZipUtil.unzipFileByName(bArr, str))) {
                    return false;
                }
            }
            for (String str2 : mapDifference.entriesOnlyOnRight().keySet()) {
                if (!isKerberosKeytabFile(str2) || !KerberosKeytabGenerator.isKeytabEmpty(ZipUtil.unzipFileByName(bArr2, str2))) {
                    return false;
                }
            }
            return true;
        } catch (IOException e) {
            return false;
        }
    }

    private boolean equalKeytabContent(DaemonRoleHandler daemonRoleHandler, DbRole dbRole, byte[] bArr, byte[] bArr2, String str) {
        Preconditions.checkNotNull(daemonRoleHandler, "null role handler (are you checking for keystore file in client configs?)");
        Preconditions.checkNotNull(dbRole, "null role (are you checking for keystore file in client configs?)");
        try {
            return KerberosKeytabGenerator.isKeytabContentEqual(ZipUtil.unzipFileByName(bArr, str), ZipUtil.unzipFileByName(bArr2, str));
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    @VisibleForTesting
    boolean equalKeystore(byte[] bArr, byte[] bArr2, String str, String str2) {
        if (bArr == null || bArr2 == null) {
            return false;
        }
        try {
            if (bArr.length == 0 && bArr2.length == 0) {
                return true;
            }
            if (bArr.length == 0 || bArr2.length == 0) {
                return false;
            }
            return new CmfKeyStore(str, str2, bArr).equalsDecrypted(new CmfKeyStore(str, str2, bArr2));
        } catch (IOException e) {
            return false;
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    public List<ConfigDiff> diff(DaemonRoleHandler daemonRoleHandler, DbRole dbRole, byte[] bArr, byte[] bArr2, Set<String> set, String str) {
        try {
            Map<String, byte[]> unzipToBytes = ZipUtil.unzipToBytes(bArr);
            Map<String, byte[]> unzipToBytes2 = ZipUtil.unzipToBytes(bArr2);
            ArrayList newArrayList = Lists.newArrayList();
            for (String str2 : str == null ? Sets.difference(Sets.union(unzipToBytes.keySet(), unzipToBytes2.keySet()), set) : Sets.newHashSet(new String[]{str})) {
                byte[] fileCoercingNull = getFileCoercingNull(unzipToBytes, str2);
                byte[] fileCoercingNull2 = getFileCoercingNull(unzipToBytes2, str2);
                CredentialProviderConfigTransform credentialProviderConfigTransform = new CredentialProviderConfigTransform("password");
                if (str2.equals(credentialProviderConfigTransform.keyStoreFileName)) {
                    Preconditions.checkNotNull(daemonRoleHandler, "checking for keystore file in client configs");
                    Preconditions.checkNotNull(dbRole, "checking for keystore file in client configs");
                    if (!equalKeystore(fileCoercingNull, fileCoercingNull2, daemonRoleHandler.getJceksPassword(dbRole), credentialProviderConfigTransform.keyStoreType)) {
                        newArrayList.add(ConfigDiff.of(I18n.t("label.staleness.file", str2), (!BINARY_FILENAMES.contains(str2) || BINARY_EXTENSIONS.contains(Files.getFileExtension(str2))) ? I18n.t("message.config.diff.binaryChange") : DIFF_HELPER.generateDiff(str2, new String(fileCoercingNull, Charsets.UTF_8), new String(fileCoercingNull2, Charsets.UTF_8))));
                    }
                } else if (!Arrays.equals(fileCoercingNull, fileCoercingNull2)) {
                    newArrayList.add(ConfigDiff.of(I18n.t("label.staleness.file", str2), (!BINARY_FILENAMES.contains(str2) || BINARY_EXTENSIONS.contains(Files.getFileExtension(str2))) ? I18n.t("message.config.diff.binaryChange") : DIFF_HELPER.generateDiff(str2, new String(fileCoercingNull, Charsets.UTF_8), new String(fileCoercingNull2, Charsets.UTF_8))));
                }
            }
            return newArrayList;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private byte[] getFileCoercingNull(Map<String, byte[]> map, String str) {
        byte[] bArr = map.get(str);
        return bArr == null ? EMPTY_BYTE_ARRAY : bArr;
    }
}
