package com.cloudera.cmf.service.hbase;

import com.cloudera.cmf.model.ConfigValueProvider;
import com.cloudera.cmf.model.Enums;
import com.cloudera.cmf.service.AbstractValidator;
import com.cloudera.cmf.service.ServiceHandlerRegistry;
import com.cloudera.cmf.service.Validation;
import com.cloudera.cmf.service.ValidationContext;
import com.cloudera.cmf.service.config.ParamParseException;
import com.cloudera.cmf.service.hbase.HbaseServiceHandler;
import com.cloudera.cmf.version.Release;
import com.cloudera.enterprise.I18nKey;
import com.cloudera.enterprise.MessageWithArgs;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;

/* loaded from: input_file:com/cloudera/cmf/service/hbase/HBaseThriftAuthenticationValidator.class */
public class HBaseThriftAuthenticationValidator extends AbstractValidator {
    public static final String NOTIFICATION_PRODUCER_ID = "hbase_kerberos_secure_thrift_validator";

    @VisibleForTesting
    /* loaded from: input_file:com/cloudera/cmf/service/hbase/HBaseThriftAuthenticationValidator$I18nKeys.class */
    enum I18nKeys implements I18nKey {
        REQUIRE_SECURE_THRIFT_AUTH_SSL("message.requireHbaseSecureThriftAuthorizationSSL", 3),
        SECURE_THRIFT_AUTH_MUST_SET_QOP("message.requireHbaseSecureThriftAuthorizationMustSetQop", 3),
        HTTP_SERVER_REQUIRED("message.HBaseThrift.HTTPServer.required", 2);

        private final String key;
        private final int argc;

        I18nKeys(String str, int i) {
            this.key = str;
            this.argc = i;
        }

        public String getKey() {
            return this.key;
        }

        public int getNumArgs() {
            return this.argc;
        }
    }

    public HBaseThriftAuthenticationValidator() {
        super(true, NOTIFICATION_PRODUCER_ID);
    }

    @Override // com.cloudera.cmf.service.Validator
    public Collection<Validation> validate(ServiceHandlerRegistry serviceHandlerRegistry, ValidationContext validationContext) {
        if (validationContext.getLevel() != Enums.ConfigScope.ROLE && validationContext.getLevel() != Enums.ConfigScope.ROLE_CONFIG_GROUP) {
            return Collections.emptyList();
        }
        ArrayList newArrayList = Lists.newArrayList();
        ConfigValueProvider service = validationContext.getService();
        boolean z = false;
        Release serviceVersion = service.getServiceVersion();
        Boolean bool = null;
        Boolean bool2 = null;
        String str = null;
        Boolean bool3 = null;
        if (service.getRolesWithType(HbaseServiceHandler.RoleNames.HBASETHRIFTSERVER.name()).isEmpty()) {
            return newArrayList;
        }
        try {
            if (HbaseParams.HBASE_SECURE_AUTHORIZATION.supportsVersion(serviceVersion)) {
                Boolean extract = HbaseParams.HBASE_SECURE_AUTHORIZATION.extract(service);
                z = extract != null && extract.booleanValue();
            }
            if (HbaseParams.HBASE_THRIFTSERVER_HTTP.supportsVersion(serviceVersion)) {
                bool2 = HbaseParams.HBASE_THRIFTSERVER_HTTP.extract(service);
            }
            if (HbaseParams.HBASE_THRIFTSERVER_SECURE_AUTHENTICATION.supportsVersion(serviceVersion)) {
                str = HbaseParams.HBASE_THRIFTSERVER_SECURE_AUTHENTICATION.extract(service);
            }
            if (HbaseParams.HBASE_THRIFTSERVER_SUPPORT_PROXYUSER.supportsVersion(serviceVersion)) {
                bool = HbaseParams.HBASE_THRIFTSERVER_SUPPORT_PROXYUSER.extract(service);
            }
            if (HbaseParams.HBASE_THRIFTSERVER_HTTP_SSL_ENABLE.supportsVersion(serviceVersion)) {
                bool3 = HbaseParams.HBASE_THRIFTSERVER_HTTP_SSL_ENABLE.extract((ConfigValueProvider) (validationContext.getLevel() == Enums.ConfigScope.ROLE_CONFIG_GROUP ? validationContext.getRoleConfigGroup() : validationContext.getRole()));
            }
            if (z) {
                if (bool != null && bool.booleanValue() && bool2 != null && !bool2.booleanValue()) {
                    newArrayList.add(Validation.warning(validationContext, MessageWithArgs.of(I18nKeys.HTTP_SERVER_REQUIRED.getKey(), new String[]{HbaseParams.HBASE_THRIFTSERVER_HTTP.getDisplayName(), HbaseParams.HBASE_THRIFTSERVER_SUPPORT_PROXYUSER.getDisplayName()})));
                }
                if (bool2 != null && str != null && !bool2.booleanValue() && str.equals("none")) {
                    newArrayList.add(Validation.warning(validationContext, MessageWithArgs.of(I18nKeys.SECURE_THRIFT_AUTH_MUST_SET_QOP.getKey(), new String[]{HbaseParams.HBASE_THRIFTSERVER_SECURE_AUTHENTICATION.getDisplayName(), HbaseParams.HBASE_QOP_AUTH_CONF, HbaseParams.HBASE_QOP_AUTH_INT})));
                }
                if (bool2 != null && bool != null && bool3 != null && bool2.booleanValue() && bool.booleanValue() && !bool3.booleanValue()) {
                    newArrayList.add(Validation.warning(validationContext, MessageWithArgs.of(I18nKeys.REQUIRE_SECURE_THRIFT_AUTH_SSL.getKey(), new String[]{HbaseParams.HBASE_THRIFTSERVER_HTTP_SSL_ENABLE.getDisplayName(), HbaseParams.HBASE_THRIFTSERVER_HTTP.getDisplayName(), HbaseParams.HBASE_THRIFTSERVER_SUPPORT_PROXYUSER.getDisplayName()})));
                }
            }
            return newArrayList;
        } catch (ParamParseException e) {
            return newArrayList;
        }
    }
}
