package com.cloudera.server.web.cmf.wizard.service.acls;

import com.cloudera.api.fiql.FIQLParser;
import com.cloudera.cmf.model.DbCluster;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbRoleConfigGroup;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.CommandUtils;
import com.cloudera.cmf.service.DaemonRoleHandler;
import com.cloudera.cmf.service.RoleHandler;
import com.cloudera.cmf.service.ServiceDataProvider;
import com.cloudera.cmf.service.ServiceHandlerRegistry;
import com.cloudera.cmf.service.csd.components.FirstPartyCsdServiceTypes;
import com.cloudera.cmf.service.hbase.HbaseServiceHandler;
import com.cloudera.cmf.service.hdfs.HdfsParams;
import com.cloudera.cmf.service.hive.HiveServiceHandler;
import com.cloudera.cmf.service.hue.HueServiceHandler;
import com.cloudera.cmf.service.oozie.OozieServiceHandler;
import com.cloudera.cmf.service.solr.SolrServiceHandler;
import com.cloudera.cmf.service.yarn.YarnServiceHandler;
import com.cloudera.server.web.cmf.CmfPath;
import com.cloudera.server.web.cmf.wizard.service.ClusterHelper;
import com.cloudera.server.web.cmf.wizard.service.keytrustee.AddKeyTrusteeHelper;
import com.cloudera.server.web.cmf.wizard.service.kms.AddKMSHelper;
import com.cloudera.server.web.common.I18n;
import com.google.common.base.Charsets;
import com.google.common.base.Joiner;
import com.google.common.base.Preconditions;
import com.google.common.base.Throwables;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.io.Resources;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;

/* loaded from: input_file:com/cloudera/server/web/cmf/wizard/service/acls/KmsAclsHelper.class */
public class KmsAclsHelper {
    private final AddKMSHelper KMS_HELPER;
    private static final AddKeyTrusteeHelper KEYTRUSTEE_KMS_HELPER = new AddKeyTrusteeHelper("KEYTRUSTEE", FirstPartyCsdServiceTypes.RoleTypes.KEYTRUSTEE_KMS);
    private static final String I18N_PREFIX = "message.wizard.service.acls.";
    static final String BEGIN_KEYTRUSTEE_TAG = "<!-- BEGIN KEYTRUSTEE ONLY -->";
    static final String END_KEYTRUSTEE_TAG = "<!-- END KEYTRUSTEE ONLY -->";
    private static final String HIVE_KEY_DESC = "\n    Gives the hive user and the hive group access to the key named \"hive-key\".\n    This allows the hive service to read and write files in /user/hive/.\n    Also note that the impala user ought to be a member of the hive group\n    in order to enjoy this same access.\n";
    private static final String HIVE_KEY_READ_DESC = "\n    Required because hive compares key strengths when joining tables.\n";
    private static final String HBASE_KEY_DESC = "\n    Gives the hbase user and hbase group access to the key named \"hbase-key\".\n    This allows the hbase service to read and write files in /hbase.\n";
    private static final String SOLR_KEY_DESC = "\n    Gives the solr user and solr group access to the key named \"solr-key\".\n    This allows the solr service to read and write files in /solr.\n";
    private static final String MAPRED_KEY_DESC = "\n    Gives the mapred user and mapred group access to the key named \"mapred-key\".\n    This allows mapreduce to read and write files in /user/history.\n    This is required by YARN.\n";
    private static final String HUE_KEY_DESC = "\n    Gives the appropriate users and groups access to the key named \"hue-key\".\n    This allows hue and oozie to read and write files in /user/hue.\n    Oozie is required here because it will attempt to access workflows in\n    /user/hue/oozie/workspaces.\n";

    /* loaded from: input_file:com/cloudera/server/web/cmf/wizard/service/acls/KmsAclsHelper$KeyAcls.class */
    private class KeyAcls {
        private Set<String> serviceTypes;
        private String keyName;
        private String acl;
        private String description;

        public KeyAcls(String str, Set<String> set, String str2, String str3) {
            this.description = str;
            this.serviceTypes = set;
            this.keyName = str2;
            this.acl = str3;
        }

        private Set<String> getUsersForService(DbService dbService, ServiceHandlerRegistry serviceHandlerRegistry) {
            HashSet hashSet = new HashSet();
            hashSet.add(serviceHandlerRegistry.get(dbService).getHdfsUser(dbService));
            for (DbRole dbRole : dbService.getRoles()) {
                RoleHandler roleHandler = serviceHandlerRegistry.getRoleHandler(dbRole);
                if (roleHandler instanceof DaemonRoleHandler) {
                    hashSet.add(((DaemonRoleHandler) roleHandler).getHdfsUser(dbRole));
                }
            }
            return hashSet;
        }

        private Set<String> getGroupsForService(DbService dbService, ServiceHandlerRegistry serviceHandlerRegistry, ServiceDataProvider serviceDataProvider) {
            HashSet hashSet = new HashSet();
            Map<String, String> serviceConfigsMap = dbService.getServiceConfigsMap();
            hashSet.add(serviceHandlerRegistry.get(dbService).getProcessGroupFromStringMap(serviceConfigsMap));
            Iterator it = dbService.getRoles().iterator();
            while (it.hasNext()) {
                RoleHandler roleHandler = serviceHandlerRegistry.getRoleHandler((DbRole) it.next());
                if (roleHandler instanceof DaemonRoleHandler) {
                    hashSet.add(((DaemonRoleHandler) roleHandler).getProcessGroupFromStringMap(serviceConfigsMap));
                }
            }
            return hashSet;
        }

        String generateXmlAcl(CmfEntityManager cmfEntityManager, ServiceHandlerRegistry serviceHandlerRegistry, ServiceDataProvider serviceDataProvider, DbCluster dbCluster) {
            HashSet hashSet = new HashSet();
            HashSet hashSet2 = new HashSet();
            Iterator<String> it = this.serviceTypes.iterator();
            while (it.hasNext()) {
                DbService firstServiceInClusterWithType = ClusterHelper.getFirstServiceInClusterWithType(cmfEntityManager, dbCluster, it.next());
                if (firstServiceInClusterWithType != null) {
                    hashSet.addAll(getUsersForService(firstServiceInClusterWithType, serviceHandlerRegistry));
                    hashSet2.addAll(getGroupsForService(firstServiceInClusterWithType, serviceHandlerRegistry, serviceDataProvider));
                }
            }
            if (hashSet.isEmpty()) {
                return CommandUtils.CONFIG_TOP_LEVEL_DIR;
            }
            return "<property>\n  <name>" + ("key.acl." + this.keyName + "." + this.acl) + "</name>\n  <value>" + (Joiner.on(FIQLParser.OR).join(hashSet) + (hashSet2.isEmpty() ? CommandUtils.CONFIG_TOP_LEVEL_DIR : " ") + Joiner.on(FIQLParser.OR).join(hashSet2)) + "</value>\n  <description>" + this.description + "  </description>\n</property>\n\n";
        }
    }

    public KmsAclsHelper(String str, String str2) {
        this.KMS_HELPER = new AddKMSHelper(str, str2);
    }

    public String t(String str, String... strArr) {
        return I18n.t(I18N_PREFIX + str, (Object[]) strArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<String> getTextsInACLStep(DbService dbService) {
        String generateTinyUrlWithMajorMinor = CmfPath.Help.generateTinyUrlWithMajorMinor("cm-kt-acl");
        return ImmutableList.of(t("setupACL.desc", generateTinyUrlWithMajorMinor), t("setupACL.desc1", generateTinyUrlWithMajorMinor), t("setupACL.desc2", new String[0]), t("setupACL.desc3", new String[0]));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<DbRoleConfigGroup> getKMSRoleConfigGroups(DbService dbService) {
        if (this.KMS_HELPER.getServiceType().equals(dbService.getServiceType())) {
            return this.KMS_HELPER.getKMSRoleConfigGroups(dbService);
        }
        if ("KEYTRUSTEE".equals(dbService.getServiceType())) {
            return KEYTRUSTEE_KMS_HELPER.getKMSRoleConfigGroups(dbService);
        }
        return null;
    }

    private String replaceKT(String str, DbService dbService) {
        return dbService.getServiceType().equals(this.KMS_HELPER.getServiceType()) ? Pattern.compile("<!-- BEGIN KEYTRUSTEE ONLY -->.*<!-- END KEYTRUSTEE ONLY -->\n", 32).matcher(str).replaceAll(CommandUtils.CONFIG_TOP_LEVEL_DIR) : str.replaceAll("<!-- BEGIN KEYTRUSTEE ONLY -->\n", CommandUtils.CONFIG_TOP_LEVEL_DIR).replaceAll("<!-- END KEYTRUSTEE ONLY -->\n", CommandUtils.CONFIG_TOP_LEVEL_DIR);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String generateXML(CmfEntityManager cmfEntityManager, DbCluster dbCluster, DbService dbService, String str, String str2, ServiceHandlerRegistry serviceHandlerRegistry, ServiceDataProvider serviceDataProvider) {
        Preconditions.checkNotNull(str);
        Preconditions.checkNotNull(str2);
        Preconditions.checkNotNull(dbService);
        String str3 = CommandUtils.CONFIG_TOP_LEVEL_DIR;
        try {
            str3 = Resources.toString(Resources.getResource(KmsAclsHelper.class, "kms_acls_template.xml"), Charsets.UTF_8);
        } catch (Exception e) {
            Throwables.propagate(e);
        }
        String replace = replaceKT(str3, dbService).replace("{{keyAdminUserAndGroup}}", str + " " + str2);
        DbService firstHdfsServiceInCluster = ClusterHelper.getFirstHdfsServiceInCluster(cmfEntityManager, dbCluster);
        if (firstHdfsServiceInCluster == null) {
            return replace.replace("{{hdfsUserAndGroup}}", "hdfs supergroup");
        }
        try {
            replace = replace.replace("{{hdfsUserAndGroup}}", serviceHandlerRegistry.get(firstHdfsServiceInCluster).getHdfsUser(firstHdfsServiceInCluster) + " " + HdfsParams.HDFS_SUPERUSER_GROUP.extractFromStringMap(firstHdfsServiceInCluster.getServiceConfigsMap(), firstHdfsServiceInCluster.getServiceVersion()));
        } catch (Exception e2) {
            Throwables.propagate(e2);
        }
        ImmutableList of = ImmutableList.of(new KeyAcls(HIVE_KEY_DESC, ImmutableSet.of(HiveServiceHandler.SERVICE_TYPE), "hive-key", "DECRYPT_EEK"), new KeyAcls(HIVE_KEY_READ_DESC, ImmutableSet.of(HiveServiceHandler.SERVICE_TYPE), "hive-key", "READ"), new KeyAcls(HBASE_KEY_DESC, ImmutableSet.of(HbaseServiceHandler.SERVICE_TYPE), "hbase-key", "DECRYPT_EEK"), new KeyAcls(SOLR_KEY_DESC, ImmutableSet.of(SolrServiceHandler.SERVICE_TYPE), "solr-key", "DECRYPT_EEK"), new KeyAcls(MAPRED_KEY_DESC, ImmutableSet.of(YarnServiceHandler.SERVICE_TYPE), "mapred-key", "DECRYPT_EEK"), new KeyAcls(HUE_KEY_DESC, ImmutableSet.of(HueServiceHandler.SERVICE_TYPE, OozieServiceHandler.SERVICE_TYPE), "hue-key", "DECRYPT_EEK"));
        StringBuilder sb = new StringBuilder();
        Iterator it = of.iterator();
        while (it.hasNext()) {
            sb.append(((KeyAcls) it.next()).generateXmlAcl(cmfEntityManager, serviceHandlerRegistry, serviceDataProvider, dbCluster));
        }
        return replace.replace("{{keySpecificAcls}}", sb.toString());
    }
}
