package com.cloudera.cmf.service.config;

import com.cloudera.cmf.Constants;
import com.cloudera.cmf.service.SSLParams;
import com.cloudera.cmf.service.config.AbstractAutoTLSConfigEvaluator;
import com.cloudera.cmf.service.scm.ScmParams;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Iterables;
import com.google.common.collect.Sets;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:com/cloudera/cmf/service/config/AutoTLSPathParamSpecEvaluator.class */
public class AutoTLSPathParamSpecEvaluator extends AbstractAutoTLSConfigEvaluator {
    private static final String CM_AUTO_KEYSTORE = "{{CMF_CONF_DIR}}/cm-auto-host_keystore.jks";
    private static final String CM_AUTO_TRUSTSTORE = "{{CMF_CONF_DIR}}/cm-auto-global_truststore.jks";
    private static final String CM_AUTO_CHAIN_PEM = "{{CMF_CONF_DIR}}/cm-auto-host_cert_chain.pem";
    private static final String CM_AUTO_KEY_PEM = "{{CMF_CONF_DIR}}/cm-auto-host_key.pem";
    private static final String CM_AUTO_CACERT_PEM = "{{CMF_CONF_DIR}}/cm-auto-global_cacerts.pem";
    private static final String CM_AUTO_KEY_PW = "{{CMF_CONF_DIR}}/cm-auto-host_key.pw";
    static final Map<ParamSpecLabel, String> TLS_PATH_SUBSTITUTION_MAP = new ImmutableMap.Builder().put(ParamSpecLabel.TLS_KEYSTORE, CM_AUTO_KEYSTORE).put(ParamSpecLabel.TLS_TRUSTSTORE, CM_AUTO_TRUSTSTORE).put(ParamSpecLabel.TLS_CERT, CM_AUTO_CHAIN_PEM).put(ParamSpecLabel.TLS_PKEY, CM_AUTO_KEY_PEM).put(ParamSpecLabel.TLS_CACERTS, CM_AUTO_CACERT_PEM).put(ParamSpecLabel.TLS_PASSPHRASE, CM_AUTO_KEY_PW).build();
    static final Map<ParamSpecLabel, String> TLS_PATH_SUBSTITUTION_MAP_POST_7 = new ImmutableMap.Builder().put(ParamSpecLabel.TLS_KEYSTORE, CM_AUTO_KEYSTORE).put(ParamSpecLabel.TLS_TRUSTSTORE, SSLParams.AUTO_TLS_SHARED_TRUSTSTORE_LOCATION).put(ParamSpecLabel.TLS_CERT, CM_AUTO_CHAIN_PEM).put(ParamSpecLabel.TLS_PKEY, CM_AUTO_KEY_PEM).put(ParamSpecLabel.TLS_CACERTS, CM_AUTO_CACERT_PEM).put(ParamSpecLabel.TLS_PASSPHRASE, CM_AUTO_KEY_PW).build();
    private static final Integer TLS_PATH_KEYSTORE_MODE = 256;
    private static final Integer TLS_PATH_TRUSTSTORE_MODE = 292;
    private static final String CM_AUTO_INTERNAL_CERT = "{{CMF_CONF_DIR}}/cm-auto-in_cluster_ca_cert.pem";
    private static final String CM_AUTO_INTERNAL_TRUSTSTORE = "{{CMF_CONF_DIR}}/cm-auto-in_cluster_truststore.jks";
    public static final Map<String, Integer> TLS_CERT_PERMISSION_MAP = new ImmutableMap.Builder().put(CM_AUTO_CACERT_PEM, TLS_PATH_TRUSTSTORE_MODE).put(CM_AUTO_CHAIN_PEM, TLS_PATH_TRUSTSTORE_MODE).put(CM_AUTO_KEY_PEM, TLS_PATH_KEYSTORE_MODE).put(CM_AUTO_KEY_PW, TLS_PATH_KEYSTORE_MODE).put(CM_AUTO_KEYSTORE, TLS_PATH_KEYSTORE_MODE).put(CM_AUTO_TRUSTSTORE, TLS_PATH_TRUSTSTORE_MODE).put(CM_AUTO_INTERNAL_CERT, TLS_PATH_TRUSTSTORE_MODE).put(CM_AUTO_INTERNAL_TRUSTSTORE, TLS_PATH_TRUSTSTORE_MODE).build();
    private static final AbstractAutoTLSConfigEvaluator.MappingValue mappingValue = new AbstractAutoTLSConfigEvaluator.MappingValue() { // from class: com.cloudera.cmf.service.config.AutoTLSPathParamSpecEvaluator.1
        @Override // com.cloudera.cmf.service.config.AbstractAutoTLSConfigEvaluator.MappingValue
        public String getMappingValue(ParamSpecLabel paramSpecLabel) {
            return AutoTLSPathParamSpecEvaluator.getOverriddenPath(paramSpecLabel);
        }
    };

    public AutoTLSPathParamSpecEvaluator(ParamSpec<String> paramSpec) {
        super(paramSpec);
    }

    public AutoTLSPathParamSpecEvaluator(ParamSpec<String> paramSpec, boolean z) {
        super(paramSpec, z);
    }

    public AutoTLSPathParamSpecEvaluator(ParamSpec<String> paramSpec, String str) {
        super(paramSpec, str);
    }

    static String getOverriddenPath(ParamSpecLabel paramSpecLabel) {
        return TLS_PATH_SUBSTITUTION_MAP.get(paramSpecLabel);
    }

    public static String getOverriddenPath(ParamSpec<String> paramSpec, Map<String, Object> map) {
        return getOverriddenValueHelper(paramSpec, paramSpec.extract(map), ParamSpecLabel.TLS_PATHS, mappingValue);
    }

    public static String getOverriddenPath(ParamSpec<String> paramSpec, String str) {
        return getOverriddenValueHelper(paramSpec, str, ParamSpecLabel.TLS_PATHS, mappingValue);
    }

    @Override // com.cloudera.cmf.service.config.ParamSpecEvaluator, com.cloudera.cmf.service.config.AbstractGenericConfigEvaluator
    public List<EvaluatedConfig> evaluateConfig(ConfigEvaluationContext configEvaluationContext, String str) throws ConfigGenException {
        List<EvaluatedConfig> evaluateConfigHelper = evaluateConfigHelper(configEvaluationContext, str, ParamSpecLabel.TLS_PATHS, mappingValue);
        if (CollectionUtils.isEmpty(evaluateConfigHelper)) {
            return ImmutableList.of();
        }
        ParamSpecLabel paramSpecLabel = (ParamSpecLabel) Sets.intersection(ParamSpecLabel.TLS_PATHS, getParamSpec().getLabels()).stream().findFirst().orElse(null);
        if (paramSpecLabel == null) {
            throw new IllegalStateException("Param spec " + getParamSpec().getDisplayName() + " is labeled TLS_AUTO but is missing a TLS parameter type label.");
        }
        if (configEvaluationContext.getClusterFromScope() == null || Constants.SERVICE_VERSIONS_PRIOR_TO_CDH7_0_0.contains(configEvaluationContext.getClusterFromScope().getCdhVersion()) || paramSpecLabel != ParamSpecLabel.TLS_TRUSTSTORE) {
            return evaluateConfigHelper;
        }
        EvaluatedConfig evaluatedConfig = (EvaluatedConfig) Iterables.getOnlyElement(evaluateConfigHelper);
        return (StringUtils.isEmpty(evaluatedConfig.getValue()) || !((ScmParams.AutoTLSServicesType) configEvaluationContext.getSdp().getScmParamTrackerStore().get(ScmParams.AUTO_TLS_SERVICES)).equals(ScmParams.AutoTLSServicesType.ALL)) ? evaluateConfigHelper : Collections.singletonList(evaluatedConfig.newValue(TLS_PATH_SUBSTITUTION_MAP_POST_7.get(paramSpecLabel)));
    }
}
