package com.cloudera.cmf.security;

import com.cloudera.cmf.ProductState;
import com.cloudera.cmf.cluster.AbstractClusterCmdWorkCommand;
import com.cloudera.cmf.cluster.ConfigureForKerberosCmdArgs;
import com.cloudera.cmf.command.CmdNoopException;
import com.cloudera.cmf.command.flow.CmdStep;
import com.cloudera.cmf.command.flow.CmdWork;
import com.cloudera.cmf.command.flow.SeqCmdWork;
import com.cloudera.cmf.command.flow.work.CreateRoleCmdWork;
import com.cloudera.cmf.command.flow.work.ScatterCmdWork;
import com.cloudera.cmf.command.flow.work.SetConfigCmdWork;
import com.cloudera.cmf.event.CommandEventCode;
import com.cloudera.cmf.model.DbCluster;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.DependencyUtils;
import com.cloudera.cmf.service.SecurityParams;
import com.cloudera.cmf.service.ServiceDataProvider;
import com.cloudera.cmf.service.ServiceHandlerRegistry;
import com.cloudera.cmf.service.config.ParamParseException;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.hdfs.HdfsParams;
import com.cloudera.cmf.service.hdfs.HdfsServiceHandler;
import com.cloudera.cmf.service.hue.HueServiceHandler;
import com.cloudera.cmf.service.impala.ImpalaServiceHandler;
import com.cloudera.cmf.service.mapreduce.MapReduceServiceHandler;
import com.cloudera.cmf.service.yarn.YarnServiceHandler;
import com.cloudera.enterprise.I18nKey;
import com.cloudera.enterprise.MessageWithArgs;
import com.cloudera.server.common.Util;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:com/cloudera/cmf/security/ConfigureForKerberosCommand.class */
public class ConfigureForKerberosCommand extends AbstractClusterCmdWorkCommand<ConfigureForKerberosCmdArgs> {
    public static final String COMMAND_NAME = "ConfigureForKerberos";
    static final String MSG_INFIX = "cluster.configureForKerberos";
    private static final MessageWithArgs REV_MSG = MessageWithArgs.of(I18nKeys.REVISION_MESSAGE, new String[0]);

    /* loaded from: input_file:com/cloudera/cmf/security/ConfigureForKerberosCommand$I18nKeys.class */
    public enum I18nKeys implements I18nKey {
        CONFIGURE_SERVICES("message.command.cluster.configureForKerberos.name", 0),
        REVISION_MESSAGE("message.configureForKerberos.warning", 0);

        private final String key;
        private final int argc;

        I18nKeys(String str, int i) {
            this.key = str;
            this.argc = i;
        }

        public String getKey() {
            return this.key;
        }

        public int getNumArgs() {
            return this.argc;
        }
    }

    public ConfigureForKerberosCommand(ServiceDataProvider serviceDataProvider) {
        super(serviceDataProvider);
    }

    @Override // com.cloudera.cmf.command.CmdWorkCommand
    public CmdWork constructWork(DbCluster dbCluster, ConfigureForKerberosCmdArgs configureForKerberosCmdArgs) throws CmdNoopException {
        CmfEntityManager currentCmfEntityManager = CmfEntityManager.currentCmfEntityManager();
        ServiceHandlerRegistry serviceHandlerRegistry = this.sdp.getServiceHandlerRegistry();
        ArrayList newArrayList = Lists.newArrayList();
        for (DbService dbService : currentCmfEntityManager.findServicesInCluster(dbCluster)) {
            for (Map.Entry<ParamSpec, String> entry : serviceHandlerRegistry.get(dbService).getConfigChangesForKerberos(dbService).entrySet()) {
                ParamSpec key = entry.getKey();
                try {
                    newArrayList.add(SetConfigCmdWork.forService(dbService, key, key.parse(entry.getValue()), REV_MSG));
                } catch (ParamParseException e) {
                    throw new RuntimeException(e);
                }
            }
        }
        configurePortsAndSasl(dbCluster, this.sdp, newArrayList, configureForKerberosCmdArgs.getDatanodeTransceiverPort(), configureForKerberosCmdArgs.getDatanodeWebPort(), null);
        for (DbService dbService2 : currentCmfEntityManager.findServicesInClusterByType(dbCluster, HueServiceHandler.SERVICE_TYPE)) {
            for (DbRole dbRole : dbService2.getRolesWithType(HueServiceHandler.RoleNames.HUE_SERVER.name())) {
                if (dbRole.getHost().getRolesOfType(HueServiceHandler.SERVICE_TYPE, HueServiceHandler.RoleNames.KT_RENEWER.name()).isEmpty()) {
                    newArrayList.add(CreateRoleCmdWork.of(dbService2, dbRole.getHost(), HueServiceHandler.RoleNames.KT_RENEWER.name(), null));
                }
            }
        }
        return SeqCmdWork.of(CmdStep.of(ScatterCmdWork.of(newArrayList), MessageWithArgs.of(I18nKeys.CONFIGURE_SERVICES, new String[0])));
    }

    public static void configurePortsAndSasl(DbCluster dbCluster, ServiceDataProvider serviceDataProvider, List<CmdWork> list, long j, long j2, Boolean bool) {
        CmfEntityManager currentCmfEntityManager = CmfEntityManager.currentCmfEntityManager();
        ServiceHandlerRegistry serviceHandlerRegistry = serviceDataProvider.getServiceHandlerRegistry();
        for (DbService dbService : currentCmfEntityManager.findServicesInClusterByType(dbCluster, "HDFS")) {
            addBlanketSetDnConfigWork(list, dbService, HdfsParams.DATANODE_TRANSCEIVER_PORT, Long.valueOf(j));
            if (j2 >= 1024) {
                addBlanketSetDnConfigWork(list, dbService, HdfsParams.DATANODE_HTTPS_PORT, Long.valueOf(j2));
            } else {
                addBlanketSetDnConfigWork(list, dbService, HdfsParams.DATANODE_WEB_PORT, Long.valueOf(j2));
            }
            addBlanketSetDnConfigWork(list, dbService, HdfsParams.DFS_DATANODE_DATA_DIR_PERM, "700");
            boolean booleanValue = bool != null ? bool.booleanValue() : DependencyUtils.isDfsSslEnabled(dbService, serviceHandlerRegistry);
            boolean isPrivilegedPort = isPrivilegedPort(j);
            boolean isPrivilegedPort2 = isPrivilegedPort(j2);
            if (booleanValue && !isPrivilegedPort && !isPrivilegedPort2) {
                list.add(SetConfigCmdWork.forService(dbService, HdfsParams.DFS_DATA_TRANSFER_PROTECTION, HdfsParams.DfsDataTransferProtection.PRIVACY, REV_MSG));
                list.add(SetConfigCmdWork.forService(dbService, SecurityParams.DFS_ENCRYPT_DATA_TRANSFER_ENABLE, Boolean.TRUE, REV_MSG));
                list.add(SetConfigCmdWork.forService(dbService, SecurityParams.RPC_PROTECTION, SecurityParams.PRIVACY_RPC_PROTECTION, REV_MSG));
            } else if (bool != null && !bool.booleanValue() && isPrivilegedPort && isPrivilegedPort2) {
                list.add(SetConfigCmdWork.forService(dbService, HdfsParams.DFS_DATA_TRANSFER_PROTECTION, null, REV_MSG));
                list.add(SetConfigCmdWork.forService(dbService, SecurityParams.DFS_ENCRYPT_DATA_TRANSFER_ENABLE, null, REV_MSG));
                list.add(SetConfigCmdWork.forService(dbService, SecurityParams.RPC_PROTECTION, null, REV_MSG));
            }
            setSecureWebUI(list, dbService);
        }
        Iterator it = currentCmfEntityManager.findServicesInClusterByType(dbCluster, YarnServiceHandler.SERVICE_TYPE).iterator();
        while (it.hasNext()) {
            setSecureWebUI(list, (DbService) it.next());
        }
        Iterator it2 = currentCmfEntityManager.findServicesInClusterByType(dbCluster, MapReduceServiceHandler.SERVICE_TYPE).iterator();
        while (it2.hasNext()) {
            setSecureWebUI(list, (DbService) it2.next());
        }
        Iterator it3 = currentCmfEntityManager.findServicesInClusterByType(dbCluster, ImpalaServiceHandler.SERVICE_TYPE).iterator();
        while (it3.hasNext()) {
            setSecureWebUI(list, (DbService) it3.next());
        }
    }

    private static void setSecureWebUI(List<CmdWork> list, DbService dbService) {
        list.add(SetConfigCmdWork.forService(dbService, SecurityParams.SECURE_WEB_UI, Boolean.TRUE, REV_MSG));
    }

    private static <T> void addBlanketSetDnConfigWork(List<CmdWork> list, DbService dbService, ParamSpec<T> paramSpec, T t) {
        list.addAll(Util.createBlanketSetConfigCmdWork(dbService, HdfsServiceHandler.RoleNames.DATANODE.name(), paramSpec, t, REV_MSG));
    }

    private static boolean isPrivilegedPort(long j) {
        return j < 1024;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.cloudera.cmf.command.CmdWorkCommand
    public String getMsgKeyInfix() {
        return MSG_INFIX;
    }

    @Override // com.cloudera.cmf.command.CommandHandler
    public String getName() {
        return COMMAND_NAME;
    }

    @Override // com.cloudera.cmf.command.CommandHandler
    public CommandEventCode getCommandEventCode() {
        return CommandEventCode.EV_CLUSTER_CONFIGURE_FOR_KERBEROS;
    }

    @Override // com.cloudera.cmf.service.AbstractCommandHandler, com.cloudera.cmf.command.CommandHandler
    public boolean isInternal() {
        return true;
    }

    @Override // com.cloudera.cmf.service.AbstractCommandHandler
    public MessageWithArgs checkAvailabilityImpl(DbCluster dbCluster) {
        return null;
    }

    @Override // com.cloudera.cmf.service.AbstractCommandHandler
    public ProductState.Feature getFeature() {
        return ProductState.Feature.KERBEROS;
    }
}
