package com.cloudera.cmf.security;

import com.cloudera.cmf.CommandRunner;
import com.cloudera.cmf.Environment;
import com.cloudera.cmf.command.CmdArgs;
import com.cloudera.cmf.command.CommandHelpers;
import com.cloudera.cmf.event.CommandEventCode;
import com.cloudera.cmf.model.DbCommand;
import com.cloudera.cmf.model.DbCredential;
import com.cloudera.cmf.model.DbNull;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.model.Enums;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.security.components.SecurityUtils;
import com.cloudera.cmf.service.AbstractGatewayRoleHandler;
import com.cloudera.cmf.service.CommandException;
import com.cloudera.cmf.service.CommandUtils;
import com.cloudera.cmf.service.RoleHandler;
import com.cloudera.cmf.service.ServiceDataProvider;
import com.cloudera.cmf.service.ServiceHandler;
import com.cloudera.cmf.service.ServiceHandlerRegistry;
import com.cloudera.cmf.service.config.ADAccountPropertiesParamSpec;
import com.cloudera.cmf.service.config.ParamSpecUtils;
import com.cloudera.cmf.service.config.PasswordPropertiesParamSpec;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.server.web.common.I18n;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.HashMultimap;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Multimap;
import com.google.common.collect.Sets;
import com.google.common.io.Files;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.io.Writer;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.Future;
import java.util.stream.Collectors;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.cxf.common.util.StringUtils;
import org.apache.kerby.kerberos.kerb.keytab.Keytab;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/cmf/security/GenerateCredentialsCommand.class */
public class GenerateCredentialsCommand extends AbstractCredentialsCommand<CmdArgs> {
    public static final String COMMAND_NAME = "GenerateCredentials";
    static final String MSG_PREFIX = "message.command.generateCredentials";
    static final String KDC_TYPE = "KDC_TYPE";
    private static final String KEYGEN_FILE_NAME = "gen_credentials.sh";
    private static final String KEYGEN_AD_FILE_NAME = "gen_credentials_ad.sh";
    private static final String KEYGEN_IPA_FILE_NAME = "gen_credentials_ipa.sh";
    private static final String KEYMERGE_FILE_NAME = "merge_credentials.sh";
    private static final String USING_CUSTOM_SCRIPT_KEY = "USING_CUSTOM_SCRIPT";
    private static final String SIMPLE_AUTH_PASSWORD_KEY = "SIMPLE_AUTH_PASSWORD_KEY";
    private static final String AD_SET_ENCTYPES = "AD_SET_ENCRYPTION_TYPES";
    private static final String AD_DELETE_ON_REGENERATE = "AD_DELETE_ON_REGENERATE";
    private static final int AD_KDC_ENCTYPES_MASK_AES128 = 8;
    private static final int AD_KDC_ENCTYPES_MASK_AES256 = 16;
    private static final int AD_KDC_ENCTYPES_MASK_RC4_HMAC = 4;
    private static final int AD_KDC_ENCTYPES_MASK_DES_CRC = 1;
    private static final int AD_KDC_ENCTYPES_MASK_DES_MD5 = 2;
    private static final int AD_KDC_UAC_DEFAULT = 66048;
    private static final int AD_KDC_UAC_DES = 2163200;
    private static final String AD_KDC_ENCTYPES_RC4_HMAC = "rc4-hmac";
    private static final String AD_KDC_ENCTYPES_AES128 = "aes128-cts";
    private static final String AD_KDC_ENCTYPES_AES256 = "aes256-cts";
    private static final String AD_KDC_ENCTYPES_DES_CRC = "des-cbc-crc";
    private static final String AD_KDC_ENCTYPES_DES_MD5 = "des-cbc-md5";
    private static final long SCM_ROLE = -1;
    private static final long ADHOC_ROLE = -2;
    private File KEYGEN_FILE;
    private final ConcurrentMap<Long, Future<GenerateCredentialsResult>> runningCommands;

    @VisibleForTesting
    public PasswordProperties passwordProperties;

    @VisibleForTesting
    public ADAccountProperties adAccountProperties;

    @VisibleForTesting
    static final CommandHelpers.AsynchronousCommandResultProcessor<GenerateCredentialsResult> RESULT_PROCESSOR = new CommandHelpers.AsynchronousCommandResultProcessor<GenerateCredentialsResult>() { // from class: com.cloudera.cmf.security.GenerateCredentialsCommand.1
        @Override // com.cloudera.cmf.command.CommandHelpers.AsynchronousCommandResultProcessor
        public void processResult(CmfEntityManager cmfEntityManager, GenerateCredentialsResult generateCredentialsResult) {
            cmfEntityManager.flush();
            for (Map.Entry<String, byte[]> entry : generateCredentialsResult.credentials.entrySet()) {
                if (entry.getValue() == null || entry.getValue().length == 0) {
                    throw new NullPointerException(String.format("Keytab for '%s' is null or empty", entry.getKey()));
                }
                cmfEntityManager.persistCredential(new DbCredential(entry.getKey(), entry.getValue()));
            }
            for (DbRole dbRole : cmfEntityManager.findRoles(Lists.newArrayList(generateCredentialsResult.mergedKeytabs.keySet()))) {
                dbRole.setMergedKeytab(generateCredentialsResult.mergedKeytabs.get(dbRole.getId()));
            }
        }
    };
    private static Logger LOG = LoggerFactory.getLogger(GenerateCredentialsCommand.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/cloudera/cmf/security/GenerateCredentialsCommand$CredentialsToGenerate.class */
    public static class CredentialsToGenerate {
        public Map<String, byte[]> existingPrincipals = Maps.newHashMap();
        public Multimap<Long, String> role2Princ = HashMultimap.create();

        CredentialsToGenerate() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/cloudera/cmf/security/GenerateCredentialsCommand$GenerateCredentialsResult.class */
    public static class GenerateCredentialsResult {
        public Map<String, byte[]> credentials = Maps.newHashMap();
        public Map<Long, byte[]> mergedKeytabs = Maps.newHashMap();

        GenerateCredentialsResult() {
        }
    }

    @VisibleForTesting
    protected Map<String, String> setupGenCredEnv() throws IOException {
        Map newHashMap = Maps.newHashMap();
        String str = (String) this.sdp.getScmParamTrackerStore().get(ScmParams.GEN_KEYTAB_SCRIPT);
        if (StringUtils.isEmpty(str)) {
            newHashMap = setupEnv();
            if (ScmParams.AD_KDC.equals(newHashMap.get("KDC_TYPE"))) {
                String str2 = (String) this.sdp.getScmParamTrackerStore().get(ScmParams.KDC_ACCOUNT_CREATION_HOST_OVERRIDE);
                if (str2 == null || StringUtils.isEmpty(str2)) {
                    str2 = (String) this.sdp.getScmParamTrackerStore().get(ScmParams.KDC_HOST);
                }
                newHashMap.put("AD_SERVER", str2);
                newHashMap.put("LDAP_PORT", ScmParams.AD_LDAP_PORT.toConfigFileString(this.sdp.getScmParamTrackerStore().get(ScmParams.AD_LDAP_PORT)));
                newHashMap.put("LDAPS_PORT", ScmParams.AD_LDAPS_PORT.toConfigFileString(this.sdp.getScmParamTrackerStore().get(ScmParams.AD_LDAPS_PORT)));
                newHashMap.put("ENC_TYPES", ScmParams.KRB_ENC_TYPES.toConfigFileString((List<String>) this.sdp.getScmParamTrackerStore().get(ScmParams.KRB_ENC_TYPES)));
                newHashMap.put("ACC_PREFIX", this.sdp.getScmParamTrackerStore().get(ScmParams.AD_ACCOUNT_PREFIX));
                newHashMap.put(AD_DELETE_ON_REGENERATE, ScmParams.AD_DELETE_ON_REGENERATE.toConfigFileString((Boolean) this.sdp.getScmParamTrackerStore().get(ScmParams.AD_DELETE_ON_REGENERATE)));
                newHashMap.put(AD_SET_ENCTYPES, ScmParams.AD_SET_ENCRYPTION_TYPES.toConfigFileString((Boolean) this.sdp.getScmParamTrackerStore().get(ScmParams.AD_SET_ENCRYPTION_TYPES)));
                this.passwordProperties = (PasswordProperties) this.sdp.getScmParamTrackerStore().get(ScmParams.AD_PASSWORD_PROPERTIES);
                this.adAccountProperties = (ADAccountProperties) this.sdp.getScmParamTrackerStore().get(ScmParams.AD_ACCOUNT_PROPERTIES);
            }
        } else {
            LOG.info("Generating kerberos credentials using custom script " + str);
            File file = new File(str);
            if (!file.isFile() || !file.canExecute()) {
                throw new IOException(String.format("Custom keytab retrieval script '%s' is not an executable file.", str));
            }
            this.KEYGEN_FILE = file;
            newHashMap.put(USING_CUSTOM_SCRIPT_KEY, "true");
        }
        return newHashMap;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setupScripts(Map<String, String> map) throws IOException {
        if (ScmParams.AD_KDC.equals(map.get("KDC_TYPE"))) {
            this.KEYGEN_FILE = getUtils().getScriptFile(KEYGEN_AD_FILE_NAME);
        } else if (ScmParams.MIT_KDC.equals(map.get("KDC_TYPE"))) {
            this.KEYGEN_FILE = getUtils().getScriptFile(KEYGEN_FILE_NAME);
        } else if (ScmParams.IPA_KDC.equals(map.get("KDC_TYPE"))) {
            this.KEYGEN_FILE = getUtils().getScriptFile(KEYGEN_IPA_FILE_NAME);
        }
    }

    @VisibleForTesting
    CredentialsToGenerate findMissingCredentials(CmfEntityManager cmfEntityManager, List<String> list) {
        ServiceHandlerRegistry serviceHandlerRegistry = this.sdp.getServiceHandlerRegistry();
        CredentialsToGenerate credentialsToGenerate = new CredentialsToGenerate();
        if (list != null) {
            for (String str : list) {
                if (cmfEntityManager.findCredentialByPrincipal(str) == null) {
                    LOG.info("Command needs missing principal: " + str);
                    credentialsToGenerate.role2Princ.put(Long.valueOf(ADHOC_ROLE), str);
                } else {
                    LOG.info("Command will reuse existing principal: " + str);
                }
            }
            return credentialsToGenerate;
        }
        for (DbService dbService : cmfEntityManager.findAllServices()) {
            ServiceHandler serviceHandler = serviceHandlerRegistry.get(dbService);
            if (serviceHandler.requiresCredentials(cmfEntityManager, dbService) && (dbService.getCluster() == null || !dbService.getCluster().isProxy())) {
                for (RoleHandler roleHandler : serviceHandler.getRoleHandlers()) {
                    for (DbRole dbRole : dbService.getRolesWithType(roleHandler.getRoleName())) {
                        if (requiresKeytab(cmfEntityManager, roleHandler, dbRole)) {
                            Collection<String> values = roleHandler.getRequiredPrincipals(dbRole, null).values();
                            if (values.isEmpty()) {
                                LOG.warn("Tried to create keytab for role " + dbRole.getName() + " even though it doesn't require any principals");
                            } else if (dbRole.getMergedKeytab() == null || arePrincipalsMissingInMergedKeytab(dbRole.getMergedKeytab(), values)) {
                                for (String str2 : values) {
                                    credentialsToGenerate.role2Princ.put(dbRole.getId(), str2);
                                    DbCredential findCredentialByPrincipal = cmfEntityManager.findCredentialByPrincipal(str2);
                                    if (findCredentialByPrincipal != null) {
                                        credentialsToGenerate.existingPrincipals.put(findCredentialByPrincipal.getPrincipal(), findCredentialByPrincipal.getKeytab());
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
        for (String str3 : SecurityUtils.getScmPrincipals(this.sdp)) {
            if (cmfEntityManager.findCredentialByPrincipal(str3) == null) {
                LOG.info("CM needs missing principal: " + str3);
                credentialsToGenerate.role2Princ.put(-1L, str3);
            } else {
                LOG.info("CM will reuse existing principal: " + str3);
            }
        }
        return credentialsToGenerate;
    }

    @VisibleForTesting
    public static boolean arePrincipalsMissingInMergedKeytab(byte[] bArr, Collection<String> collection) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            try {
                Keytab keytab = new Keytab();
                keytab.load(byteArrayInputStream);
                Set set = (Set) keytab.getPrincipals().stream().map(principalName -> {
                    return principalName.getName();
                }).collect(Collectors.toSet());
                boolean z = collection.stream().filter(str -> {
                    return !set.contains(str);
                }).count() > 0;
                try {
                    byteArrayInputStream.close();
                } catch (IOException e) {
                }
                return z;
            } catch (IOException e2) {
                LOG.error("Error retrieving principals from keytab data:" + e2);
                try {
                    byteArrayInputStream.close();
                } catch (IOException e3) {
                }
                return true;
            }
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (IOException e4) {
            }
            throw th;
        }
    }

    public static boolean requiresKeytab(CmfEntityManager cmfEntityManager, RoleHandler roleHandler, DbRole dbRole) {
        return !(roleHandler instanceof AbstractGatewayRoleHandler) && roleHandler.requiresCredentials(cmfEntityManager, dbRole);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public GenerateCredentialsResult generateMissingKeytabs(ServiceHandlerRegistry serviceHandlerRegistry, Map<String, String> map, CredentialsToGenerate credentialsToGenerate) throws Exception {
        GenerateCredentialsResult generateCredentialsResult = new GenerateCredentialsResult();
        LOG.debug("Generating credentials");
        long longValue = ((Long) this.sdp.getScmParamTrackerStore().get(ScmParams.MAX_RENEW_LIFE)).longValue();
        Iterator it = credentialsToGenerate.role2Princ.keySet().iterator();
        while (it.hasNext()) {
            createKeytab((Long) it.next(), credentialsToGenerate, map, longValue, generateCredentialsResult);
        }
        LOG.info(String.format("Generate Credentials finished for %d roles", Integer.valueOf(credentialsToGenerate.role2Princ.keySet().size())));
        return generateCredentialsResult;
    }

    @VisibleForTesting
    public String generateRandomPassword() {
        int i = this.passwordProperties.length;
        StringBuilder sb = new StringBuilder(i);
        sb.append(RandomStringUtils.randomAlphabetic(this.passwordProperties.minUpperCaseLetters).toUpperCase()).append(RandomStringUtils.randomNumeric(this.passwordProperties.minDigits)).append(RandomStringUtils.randomAlphabetic(this.passwordProperties.minLowerCaseLetters).toLowerCase());
        for (int i2 = 0; i2 < this.passwordProperties.minSpecialChars; i2++) {
            sb.append(this.passwordProperties.specialChars[new Random().nextInt(this.passwordProperties.specialChars.length)]);
        }
        for (int i3 = 0; i3 < this.passwordProperties.minSpaces; i3++) {
            sb.append(" ");
        }
        if (sb.length() < i) {
            sb.append(RandomStringUtils.randomAlphanumeric(i - sb.length()));
        }
        return sb.toString();
    }

    int generateEncTypes(String str) {
        int i = 0;
        for (String str2 : str.split(" ")) {
            if (str2.contains(AD_KDC_ENCTYPES_RC4_HMAC)) {
                i |= AD_KDC_ENCTYPES_MASK_RC4_HMAC;
            } else if (str2.contains(AD_KDC_ENCTYPES_AES128)) {
                i |= AD_KDC_ENCTYPES_MASK_AES128;
            } else if (str2.contains(AD_KDC_ENCTYPES_AES256)) {
                i |= AD_KDC_ENCTYPES_MASK_AES256;
            } else if (str2.contains(AD_KDC_ENCTYPES_DES_CRC)) {
                i |= 1;
            } else if (str2.contains(AD_KDC_ENCTYPES_DES_MD5)) {
                i |= 2;
            }
        }
        return i;
    }

    @VisibleForTesting
    int generateUac(int i) {
        int i2 = AD_KDC_UAC_DEFAULT;
        if ((i & 1) != 0 || (i & 2) != 0) {
            i2 = AD_KDC_UAC_DES;
        }
        return i2;
    }

    String generateObjectClasses(List<String> list) {
        StringWriter stringWriter = new StringWriter();
        PrintWriter printWriter = new PrintWriter((Writer) stringWriter, true);
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            printWriter.println("objectClass: " + it.next());
        }
        return stringWriter.toString();
    }

    @VisibleForTesting
    List<String> generateScriptArgs(String str, Map<String, String> map, long j, File file, File file2) {
        ArrayList arrayList = new ArrayList();
        String str2 = (String) this.sdp.getScmParamTrackerStore().get(ScmParams.GEN_KEYTAB_SCRIPT);
        arrayList.add(file2.getAbsolutePath());
        arrayList.add(file.getAbsolutePath());
        arrayList.add(str);
        if (StringUtils.isEmpty(str2)) {
            if (ScmParams.AD_KDC.equals(map.get("KDC_TYPE"))) {
                arrayList.add(map.get("ACC_PREFIX") + RandomStringUtils.randomAlphabetic(10));
                arrayList.add(generateRandomPassword());
                arrayList.add(map.get(AD_DELETE_ON_REGENERATE));
                arrayList.add(map.get(AD_SET_ENCTYPES));
                int generateEncTypes = generateEncTypes(map.get("ENC_TYPES"));
                arrayList.add(Integer.toString(generateEncTypes));
                arrayList.add(Integer.toString(generateUac(generateEncTypes)));
                arrayList.add(Long.toString(this.adAccountProperties.accountExpires));
                arrayList.add(generateObjectClasses(this.adAccountProperties.objectClasses));
            } else {
                arrayList.add(Long.toString(j));
            }
        }
        return arrayList;
    }

    @VisibleForTesting
    byte[] generateKeytab(String str, Map<String, String> map, long j) throws IOException, InterruptedException {
        if (Environment.getDevMode()) {
            return "keytab".getBytes();
        }
        File createTempFile = getUtils().createTempFile("cmf", ".keytab");
        try {
            createTempFile.delete();
            List<String> generateScriptArgs = generateScriptArgs(str, map, j, createTempFile, this.KEYGEN_FILE);
            String str2 = null;
            if (StringUtils.isEmpty((String) this.sdp.getScmParamTrackerStore().get(ScmParams.GEN_KEYTAB_SCRIPT)) && ScmParams.AD_KDC.equals(map.get("KDC_TYPE"))) {
                str2 = generateScriptArgs.get(AD_KDC_ENCTYPES_MASK_RC4_HMAC);
            }
            CommandRunner.CommandResult run = CommandRunner.run(generateScriptArgs, (InputStream) null, map);
            int i = run.retcode;
            if (i == 0) {
                if (!createTempFile.canRead()) {
                    throw new IOException(String.format("Encountered error with %s: Cannot access generated keytab file %s", this.KEYGEN_FILE, createTempFile.getAbsolutePath()));
                }
                byte[] byteArray = Files.toByteArray(createTempFile);
                createTempFile.delete();
                return byteArray;
            }
            String str3 = run.stderr;
            if (str2 != null) {
                str3 = str3.replace(str2, ParamSpecUtils.REDACTED);
            }
            if (map.containsKey("SIMPLE_AUTH_PASSWORD_KEY")) {
                str3 = str3.replace(map.get("SIMPLE_AUTH_PASSWORD_KEY"), ParamSpecUtils.REDACTED);
            }
            throw new IOException(this.KEYGEN_FILE + " failed with exit code " + i + " and output of <<\n" + str3 + "\n>>");
        } catch (Throwable th) {
            createTempFile.delete();
            throw th;
        }
    }

    @VisibleForTesting
    byte[] mergeKeytabsInternal(LinkedHashSet<byte[]> linkedHashSet) throws IOException, InterruptedException {
        return mergeKeytabs(linkedHashSet);
    }

    public static byte[] mergeKeytabs(Collection<byte[]> collection) throws IOException, InterruptedException {
        if (Environment.getDevMode()) {
            return "keytab".getBytes();
        }
        File scriptFile = getUtils().getScriptFile(KEYMERGE_FILE_NAME);
        File createTempFile = getUtils().createTempFile("cmf-merged-out", ".keytab");
        LinkedHashSet newLinkedHashSet = Sets.newLinkedHashSet();
        try {
            try {
                createTempFile.delete();
                ArrayList arrayList = new ArrayList();
                arrayList.add(scriptFile.getAbsolutePath());
                arrayList.add(createTempFile.getAbsolutePath());
                for (byte[] bArr : collection) {
                    File createTempFile2 = getUtils().createTempFile("cmf-merged-in", ".keytab");
                    getUtils().setOwnerOnlyReadWrite(createTempFile2);
                    FileOutputStream fileOutputStream = new FileOutputStream(createTempFile2.getAbsolutePath());
                    fileOutputStream.write(bArr);
                    fileOutputStream.flush();
                    fileOutputStream.close();
                    newLinkedHashSet.add(createTempFile2.getAbsolutePath());
                }
                arrayList.addAll(newLinkedHashSet);
                CommandRunner.CommandResult run = CommandRunner.run(arrayList);
                int i = run.retcode;
                if (i != 0) {
                    throw new IOException(scriptFile + " failed with exit code " + i + " and output of <<\n" + run.stderr + "\n>>");
                }
                byte[] byteArray = Files.toByteArray(createTempFile);
                createTempFile.delete();
                Iterator it = newLinkedHashSet.iterator();
                while (it.hasNext()) {
                    new File((String) it.next()).delete();
                }
                return byteArray;
            } catch (IOException e) {
                throw new IOException("failed script:" + scriptFile.getAbsolutePath() + " due to:" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            createTempFile.delete();
            Iterator it2 = newLinkedHashSet.iterator();
            while (it2.hasNext()) {
                new File((String) it2.next()).delete();
            }
            throw th;
        }
    }

    @VisibleForTesting
    void createKeytab(Long l, CredentialsToGenerate credentialsToGenerate, Map<String, String> map, long j, GenerateCredentialsResult generateCredentialsResult) throws IOException, InterruptedException {
        LOG.info("Creating credentials for roleId " + l);
        LinkedList newLinkedList = Lists.newLinkedList();
        try {
            for (String str : credentialsToGenerate.role2Princ.get(l)) {
                byte[] bArr = credentialsToGenerate.existingPrincipals.get(str);
                if (bArr != null) {
                    LOG.info("Using existing keytab for " + str);
                } else if (generateCredentialsResult.credentials.containsKey(str)) {
                    LOG.info("Using keytab generated this run for " + str);
                    bArr = generateCredentialsResult.credentials.get(str);
                } else {
                    LOG.info("Generating new keytab for " + str);
                    bArr = generateKeytab(str, map, j);
                    generateCredentialsResult.credentials.put(str, bArr);
                }
                if (str.startsWith("HTTP/")) {
                    newLinkedList.addFirst(bArr);
                } else {
                    newLinkedList.addLast(bArr);
                }
            }
            generateCredentialsResult.mergedKeytabs.put(l, mergeKeytabsInternal(Sets.newLinkedHashSet(newLinkedList)));
        } catch (IOException e) {
            LOG.error("unable to create credential for role " + l + " due to:" + e.getMessage());
            throw e;
        }
    }

    public GenerateCredentialsCommand(ServiceDataProvider serviceDataProvider) {
        super(serviceDataProvider);
        this.KEYGEN_FILE = null;
        this.runningCommands = Maps.newConcurrentMap();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public GenerateCredentialsCommand(ServiceDataProvider serviceDataProvider, KerberosCredentialsReader kerberosCredentialsReader) {
        super(serviceDataProvider, kerberosCredentialsReader);
        this.KEYGEN_FILE = null;
        this.runningCommands = Maps.newConcurrentMap();
    }

    @Override // com.cloudera.cmf.command.BasicCommandHandler
    public DbCommand execute(DbNull dbNull, CmdArgs cmdArgs, DbCommand dbCommand) {
        DbCommand createCommand = CommandUtils.createCommand(getName());
        CmfEntityManager.currentCmfEntityManager().persistCommand(createCommand);
        createCommand.setParent(dbCommand);
        if (ScmParams.AD_KDC.equals(this.sdp.getScmParamTrackerStore().get(ScmParams.KDC_TYPE))) {
            this.passwordProperties = (PasswordProperties) this.sdp.getScmParamTrackerStore().get(ScmParams.AD_PASSWORD_PROPERTIES);
            try {
                PasswordPropertiesParamSpec.validateProperties(this.passwordProperties);
            } catch (IllegalArgumentException e) {
                createCommand.setSuccess(false);
                CommandHelpers.failCmd(createCommand, I18n.t("error.passwordProperties.config.badValue"));
            }
            this.adAccountProperties = (ADAccountProperties) this.sdp.getScmParamTrackerStore().get(ScmParams.AD_ACCOUNT_PROPERTIES);
            try {
                ADAccountPropertiesParamSpec.validateProperties(this.adAccountProperties);
            } catch (IllegalArgumentException e2) {
                createCommand.setSuccess(false);
                CommandHelpers.failCmd(createCommand, I18n.t("error.adAccountProperties.config.badValue"));
            }
            if (((Boolean) this.sdp.getScmParamTrackerStore().get(ScmParams.AD_SET_ENCRYPTION_TYPES)).booleanValue() && generateEncTypes(ScmParams.KRB_ENC_TYPES.toConfigFileString((List<String>) this.sdp.getScmParamTrackerStore().get(ScmParams.KRB_ENC_TYPES))) == 0) {
                createCommand.setSuccess(false);
                CommandHelpers.failCmd(createCommand, I18n.t("error.adKerberos.encryptionTypesInvalid"));
            }
        }
        return createCommand;
    }

    @VisibleForTesting
    protected Callable<GenerateCredentialsResult> createCallable(final CredentialsToGenerate credentialsToGenerate) {
        return new Callable<GenerateCredentialsResult>() { // from class: com.cloudera.cmf.security.GenerateCredentialsCommand.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public GenerateCredentialsResult call() throws Exception {
                return (GenerateCredentialsResult) AbstractCredentialsCommand.getUtils().runWithGenerateKrb5Conf(GenerateCredentialsCommand.this.sdp, new SecurityUtils.RunnableWithKrb5Conf<GenerateCredentialsResult>() { // from class: com.cloudera.cmf.security.GenerateCredentialsCommand.2.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // com.cloudera.cmf.security.components.SecurityUtils.RunnableWithKrb5Conf
                    public GenerateCredentialsResult run(String str) throws Exception {
                        Map<String, String> map = null;
                        try {
                            map = GenerateCredentialsCommand.this.setupGenCredEnv();
                            GenerateCredentialsCommand.this.setupScripts(map);
                            if (map.get(GenerateCredentialsCommand.USING_CUSTOM_SCRIPT_KEY) == null) {
                                map.put(SecurityUtils.KRB5_CONF_ENV, str);
                            }
                            GenerateCredentialsResult generateMissingKeytabs = GenerateCredentialsCommand.this.generateMissingKeytabs(GenerateCredentialsCommand.this.sdp.getServiceHandlerRegistry(), map, credentialsToGenerate);
                            if (map != null && Boolean.TRUE.toString().equals(map.get(KerberosCredentialsReader.DELETE_ADMIN_KEYTAB_AT_END))) {
                                FileUtils.deleteQuietly(new File(map.get(KerberosCredentialsReader.CMF_KEYTAB_FILE_KEY)));
                            }
                            return generateMissingKeytabs;
                        } catch (Throwable th) {
                            if (map != null && Boolean.TRUE.toString().equals(map.get(KerberosCredentialsReader.DELETE_ADMIN_KEYTAB_AT_END))) {
                                FileUtils.deleteQuietly(new File(map.get(KerberosCredentialsReader.CMF_KEYTAB_FILE_KEY)));
                            }
                            throw th;
                        }
                    }
                });
            }
        };
    }

    @Override // com.cloudera.cmf.command.CommandHandler
    public synchronized void update(CmfEntityManager cmfEntityManager, DbCommand dbCommand) throws CommandException {
        CredentialsToGenerate findMissingCredentials = findMissingCredentials(cmfEntityManager, getExtraPrincipals(dbCommand));
        if (this.runningCommands.isEmpty() || this.runningCommands.containsKey(dbCommand.getId())) {
            if (!this.runningCommands.containsKey(dbCommand.getId())) {
                if (findMissingCredentials.role2Princ.isEmpty()) {
                    dbCommand.finish(Enums.CommandState.FINISHED, true, I18n.t("message.command.generateCredentials.noop"));
                    return;
                } else {
                    this.runningCommands.put(dbCommand.getId(), this.execService.submit(createCallable(findMissingCredentials)));
                }
            }
            CommandHelpers.updateAsynchronousCommand(dbCommand, this.runningCommands, MSG_PREFIX, RESULT_PROCESSOR);
            return;
        }
        LOG.info("Another Generate Credentials command is running, so exiting command id: " + dbCommand.getId());
        Iterator<Long> it = this.runningCommands.keySet().iterator();
        while (it.hasNext()) {
            LOG.info("Other running command id: " + it.next());
        }
        Iterator it2 = findMissingCredentials.role2Princ.keySet().iterator();
        while (it2.hasNext()) {
            LOG.info("Did not generate credentials for roleId: " + ((Long) it2.next()));
        }
    }

    protected List<String> getExtraPrincipals(DbCommand dbCommand) {
        return null;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.cloudera.cmf.service.AbstractCommandHandler, com.cloudera.cmf.command.BasicCommandHandler
    public synchronized boolean isAvailable(DbNull dbNull) {
        for (DbCommand dbCommand : CmfEntityManager.currentCmfEntityManager().findCommandsByName(getName())) {
            if (!this.runningCommands.containsKey(dbCommand.getId())) {
                LOG.info("GenerateCredentials is not available because there is already a running command and a queued one.");
                LOG.info("Queued command id: " + dbCommand.getId());
                Iterator<Long> it = this.runningCommands.keySet().iterator();
                while (it.hasNext()) {
                    LOG.info("Running command id: " + it.next());
                }
                return false;
            }
        }
        return true;
    }

    @Override // com.cloudera.cmf.command.CommandHandler
    public synchronized void abort(DbCommand dbCommand) throws CommandException {
        CommandHelpers.abortAsynchronousCommand(dbCommand, this.runningCommands, MSG_PREFIX);
    }

    @VisibleForTesting
    ConcurrentMap<Long, Future<GenerateCredentialsResult>> getRunningCommands() {
        return this.runningCommands;
    }

    public String getName() {
        return COMMAND_NAME;
    }

    @Override // com.cloudera.cmf.command.CommandHandler
    public CommandEventCode getCommandEventCode() {
        return CommandEventCode.EV_GENERATE_CREDENTIALS;
    }

    @Override // com.cloudera.cmf.command.CommandHandler
    public String getDisplayName() {
        return I18n.t("message.command.generateCredentials.name");
    }

    @Override // com.cloudera.cmf.command.CommandHandler
    public String getHelp() {
        return I18n.t("message.command.generateCredentials.help");
    }

    @Override // com.cloudera.cmf.service.AbstractCommandHandler, com.cloudera.cmf.command.CommandHandler
    public DbCommand prepareForRetry(DbCommand dbCommand, boolean z) {
        return simpleRetry(dbCommand, z);
    }
}
