package com.cloudera.cmf.service.auth;

import com.cloudera.cmf.Constants;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.service.CommandUtils;
import com.cloudera.cmf.service.RoleHandler;
import com.cloudera.cmf.service.ServiceDataProvider;
import com.cloudera.cmf.service.auth.AuthServiceHandler;
import com.cloudera.cmf.service.config.AutoTLSPasswordParamSpecEvaluator;
import com.cloudera.cmf.service.config.AutoTLSPathParamSpecEvaluator;
import com.cloudera.cmf.service.config.CombinedEvaluator;
import com.cloudera.cmf.service.config.ConditionalEvaluator;
import com.cloudera.cmf.service.config.ConfigEvaluationPredicate;
import com.cloudera.cmf.service.config.ConfigEvaluator;
import com.cloudera.cmf.service.config.HardcodedConfigEvaluator;
import com.cloudera.cmf.service.config.HttpdConfigSectionEvaluator;
import com.cloudera.cmf.service.config.HttpdLoadBalancerProxyEvaluator;
import com.cloudera.cmf.service.config.HttpdLogLevelConfigEvaluator;
import com.cloudera.cmf.service.config.JdbcUrlEvaluator;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.config.ParamSpecEvaluator;
import com.cloudera.cmf.service.config.ResourceEvaluator;
import com.cloudera.cmf.service.config.TLSCipherConfigEvaluator;
import com.cloudera.cmf.service.config.TLSProtocolConfigEvaluator;
import com.cloudera.cmf.version.Release;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableRangeMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.RangeMap;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/cloudera/cmf/service/auth/AuthConfigFileDefinitions.class */
public class AuthConfigFileDefinitions {
    private static final ConfigEvaluationPredicate IS_HA = new ConfigEvaluationPredicate() { // from class: com.cloudera.cmf.service.auth.AuthConfigFileDefinitions.1
        @Override // com.cloudera.cmf.service.config.ConfigEvaluationPredicate
        public boolean checkCondition(ServiceDataProvider serviceDataProvider, DbService dbService, DbRole dbRole, RoleHandler roleHandler, Map<String, Object> map) {
            return dbService.getRolesWithType(AuthServiceHandler.RoleNames.AUTH_LOAD_BALANCER.name()).size() >= 1;
        }
    };
    public static List<ConfigEvaluator> AUTH_CONFIGS = ImmutableList.of(new ParamSpecEvaluator(AuthParams.AUTHSRV_LOG_THRESHOLD), new ParamSpecEvaluator(AuthParams.AUTHSRV_LOG_DIR), new ParamSpecEvaluator(AuthParams.AUTHSRV_PORT), new ParamSpecEvaluator(AuthParams.DATABASE_TYPE), new JdbcUrlEvaluator((Set<? extends Enum<?>>) null, (RangeMap<Release, String>) ImmutableRangeMap.of(Constants.SERVICE_ALL_VERSIONS_RANGE, "authsrv_database_url"), AuthParams.DATABASE_TYPE, (ParamSpec<String>) null, (ParamSpec<String>) AuthParams.DATABASE_NAME, (ParamSpec<String>) AuthParams.DATABASE_HOST, (ParamSpec<Long>) AuthParams.DATABASE_PORT), new ParamSpecEvaluator(AuthParams.DATABASE_USER), new ParamSpecEvaluator(AuthParams.DATABASE_PASSWORD), new HardcodedConfigEvaluator("authsrv_admin_user", "cmadmin"), new ParamSpecEvaluator(AuthParams.ADMIN_PASSWORD), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.paramEvaluatesToValue(AuthParams.ENABLE_TLS, true)).evaluators(new HardcodedConfigEvaluator("authsrv_tls", "true"), new AutoTLSPathParamSpecEvaluator(AuthParams.JKS_KEYSTORE_PATH), new AutoTLSPasswordParamSpecEvaluator(AuthParams.JKS_KEYSTORE_PASSWORD), new TLSProtocolConfigEvaluator(AuthParams.TLS_PROTOS, TLSProtocolConfigEvaluator.Flavor.JAVA, null), new TLSCipherConfigEvaluator(AuthParams.TLS_CIPHERS, TLSCipherConfigEvaluator.Flavor.JAVA, null)).alternateEvaluators(new HardcodedConfigEvaluator("authsrv_tls", "false")).build(), new AutoTLSPathParamSpecEvaluator(AuthParams.JKS_TRUSTSTORE_PATH), new AutoTLSPasswordParamSpecEvaluator(AuthParams.JKS_TRUSTSTORE_PASSWORD), new ConfigEvaluator[]{ConditionalEvaluator.builder().checkCondition(IS_HA).evaluators(new HardcodedConfigEvaluator("authsrv_ha", "true")).alternateEvaluators(new HardcodedConfigEvaluator("authsrv_ha", "false")).build(), new AuthHAConfigEvaluator(), new AuthSafetyValveConfigEvaluator(AuthParams.AUTHSRV_LOGGING_SAFETY_VALVE), new AuthSafetyValveConfigEvaluator(AuthParams.AUTHSRV_DATABASE_SAFETY_VALVE), new AuthSafetyValveConfigEvaluator(AuthParams.AUTHSRV_HA_SAFETY_VALVE), new AuthSafetyValveConfigEvaluator(AuthParams.AUTHSRV_INTERFACES_SAFETY_VALVE), new AuthSafetyValveConfigEvaluator(AuthParams.AUTHSRV_SOCKET_SAFETY_VALVE)});
    public static final List<ConfigEvaluator> HTTPD_CONF = ImmutableList.of(new ResourceEvaluator("httpd/httpd.conf"), new HardcodedConfigEvaluator(CommandUtils.CONFIG_TOP_LEVEL_DIR, "ProxyPass / balancer://auth/ stickysession=AUTH_SESSION_ID"), new HardcodedConfigEvaluator(CommandUtils.CONFIG_TOP_LEVEL_DIR, "ProxyPassReverse / balancer://auth/"), new HardcodedConfigEvaluator(CommandUtils.CONFIG_TOP_LEVEL_DIR, "ProxyPreserveHost Off"), new HardcodedConfigEvaluator(CommandUtils.CONFIG_TOP_LEVEL_DIR, "ProxyAddHeaders On"), new ParamSpecEvaluator(AuthParams.AUTH_LB_SAFETY_VALVE), new HardcodedConfigEvaluator(CommandUtils.CONFIG_TOP_LEVEL_DIR, "Include {{CLOUDERA_HTTPD_CONF_DIR}}/auth.conf"));
    public static final List<HttpdConfigSectionEvaluator> AUTH_CONF = ImmutableList.of(new HttpdConfigSectionEvaluator(CommandUtils.CONFIG_TOP_LEVEL_DIR, ImmutableList.of(new ParamSpecEvaluator(AuthParams.AUTH_LB_PORT), new HttpdLogLevelConfigEvaluator(AuthParams.AUTH_LB_LOG_THRESHOLD), new HttpdConfigSectionEvaluator("Proxy", "balancer://auth", ImmutableList.of(new HttpdLoadBalancerProxyEvaluator(AuthServiceHandler.RoleNames.AUTHSERVER.name(), AuthParams.ENABLE_TLS, AuthParams.AUTHSRV_PORT))), ConditionalEvaluator.builder().expectedValue(AuthParams.ENABLE_TLS, true).evaluators(new AutoTLSPathParamSpecEvaluator(AuthParams.PEM_CERT), new AutoTLSPathParamSpecEvaluator(AuthParams.PEM_PRIVATE_KEY), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.isNotEmpty(AuthParams.PEM_SSL_PASSPHRASE_DIALOG)).evaluators(new CombinedEvaluator((Set<? extends Enum<?>>) ImmutableSet.of(AuthServiceHandler.RoleNames.AUTH_LOAD_BALANCER), "SSLPassPhraseDialog", "\"|{{AGENT_COMMON_DIR}}/sslpassphrase.sh %s\"", new AutoTLSPathParamSpecEvaluator(AuthParams.PEM_SSL_PASSPHRASE_DIALOG))).build(), new TLSProtocolConfigEvaluator(AuthParams.TLS_PROTOS, TLSProtocolConfigEvaluator.Flavor.HTTPD, "SSLProtocol"), new TLSProtocolConfigEvaluator(AuthParams.TLS_PROTOS, TLSProtocolConfigEvaluator.Flavor.HTTPD, "SSLProxyProtocol"), new TLSCipherConfigEvaluator(AuthParams.TLS_CIPHERS, TLSCipherConfigEvaluator.Flavor.OPENSSL, "SSLCipherSuite"), new HardcodedConfigEvaluator(CommandUtils.CONFIG_TOP_LEVEL_DIR, "SSLEngine on"), new HardcodedConfigEvaluator(CommandUtils.CONFIG_TOP_LEVEL_DIR, "SSLProxyEngine on"), new HardcodedConfigEvaluator(CommandUtils.CONFIG_TOP_LEVEL_DIR, "SSLHonorCipherOrder     on")).build())));
    public static final ResourceEvaluator MIME_TYPES = new ResourceEvaluator("httpd/mime.types");
}
