package com.cloudera.cmf.service.config;

import com.cloudera.cmf.Constants;
import com.cloudera.cmf.model.ConfigValueProvider;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.DependencyUtils;
import com.cloudera.cmf.service.RoleHandler;
import com.cloudera.cmf.service.ServiceDataProvider;
import com.cloudera.cmf.service.csd.components.FirstPartyCsdServiceTypes;
import com.cloudera.cmf.service.hadoopcommon.HadoopCommonHelpers;
import com.cloudera.cmf.service.hdfs.DfsConnector;
import com.cloudera.cmf.service.hdfs.HdfsParams;
import com.cloudera.cmf.service.scm.ScmHandler;
import com.cloudera.cmf.service.scm.ScmParams;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableRangeMap;
import com.google.common.collect.Iterables;
import com.google.common.collect.Maps;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.collections.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/cmf/service/config/AuthToLocalEvaluator.class */
public class AuthToLocalEvaluator extends AbstractGenericConfigEvaluator {
    private static final String RANGER_ADMIN_USER_NAME = "ranger";
    private static final String RANGER_USERSYNC_USER_NAME = "rangerusersync";
    private static final String RANGER_TAGSYNC_USER_NAME = "rangertagsync";
    private static final String RANGER_KMS_USER_NAME = "keyadmin";
    private static final String RANGER_ADMIN_PRINCIPAL = "rangeradmin";
    private static final String RANGER_USERSYNC_PRINCIPAL = "rangerusersync";
    private static final String RANGER_TAGSYNC_PRINCIPAL = "rangertagsync";
    private static final ParagraphParamSpec rulesPS = HdfsParams.EXTRA_AUTH_TO_LOCAL_RULES;
    private static final StringListParamSpec realmsPS = HdfsParams.TRUSTED_REALMS;
    private static Logger LOG = LoggerFactory.getLogger(AuthToLocalEvaluator.class);

    public AuthToLocalEvaluator(String str) {
        super(null, ImmutableRangeMap.of(Constants.SERVICE_ALL_VERSIONS_RANGE, str));
    }

    public static String getAuthToLocalRules(ServiceDataProvider serviceDataProvider, DbService dbService, String str) {
        String makeAuthToLocalRules;
        if (isRangerEnabled(dbService, serviceDataProvider) && isKerberosEnabled(dbService, serviceDataProvider)) {
            DbService rangerService = getRangerService(dbService, serviceDataProvider);
            String str2 = (String) ScmHandler.getScmConfigValue(ScmParams.SECURITY_REALM, CmfEntityManager.currentCmfEntityManager().getScmConfigProvider());
            LinkedHashMap newLinkedHashMap = Maps.newLinkedHashMap();
            addRangerPrincipals(newLinkedHashMap, rangerService, serviceDataProvider);
            addKmsPrincipal(newLinkedHashMap, dbService, serviceDataProvider);
            makeAuthToLocalRules = HadoopCommonHelpers.makeAuthToLocalRulesRanger(dbService, rulesPS, realmsPS, str2, HdfsParams.AUTO_SET_STRING, str, newLinkedHashMap);
        } else {
            makeAuthToLocalRules = HadoopCommonHelpers.makeAuthToLocalRules(dbService, rulesPS, realmsPS, HdfsParams.AUTO_SET_STRING, str);
        }
        return makeAuthToLocalRules;
    }

    @Override // com.cloudera.cmf.service.config.AbstractGenericConfigEvaluator
    protected List<EvaluatedConfig> evaluateConfig(ConfigEvaluationContext configEvaluationContext, String str) throws ConfigGenException {
        ServiceDataProvider sdp = configEvaluationContext.getSdp();
        DbService service = configEvaluationContext.getService();
        DfsConnector dfsConnector = (DfsConnector) ConfigEvaluatorHelpers.getCurrentOrDependencyConnector(sdp.getServiceHandlerRegistry(), service, DfsConnector.TYPE);
        if (dfsConnector == null) {
            List allCurrentOrDependentConnectors = ConfigEvaluatorHelpers.getAllCurrentOrDependentConnectors(sdp.getServiceHandlerRegistry(), sdp.getConfigHelper(), service, DfsConnector.TYPE);
            if (allCurrentOrDependentConnectors.isEmpty()) {
                return ImmutableList.of();
            }
            if (allCurrentOrDependentConnectors.size() > 1) {
                LOG.warn("Found more than one DFS service in dependents. Will choose one arbitrarily.");
            }
            dfsConnector = (DfsConnector) Iterables.getFirst(allCurrentOrDependentConnectors, (Object) null);
        }
        return ImmutableList.of(new EvaluatedConfig(str, getAuthToLocalRules(sdp, dfsConnector.getService(), "\n")));
    }

    private static DbService getRangerService(DbService dbService, ServiceDataProvider serviceDataProvider) {
        if (HdfsParams.RANGER_AUTHORIZATION_ENABLE.supportsVersion(dbService.getServiceVersion())) {
            return getOnlyDependent(dbService, FirstPartyCsdServiceTypes.RANGER, serviceDataProvider);
        }
        return null;
    }

    private static boolean isRangerEnabled(DbService dbService, ServiceDataProvider serviceDataProvider) {
        return getRangerService(dbService, serviceDataProvider) != null;
    }

    private static void addRangerPrincipals(Map<String, String> map, DbService dbService, ServiceDataProvider serviceDataProvider) {
        addRangerRolePrincipal(map, RANGER_ADMIN_USER_NAME, RANGER_ADMIN_PRINCIPAL, FirstPartyCsdServiceTypes.RoleTypes.RANGER_ADMIN, dbService, serviceDataProvider);
        addRangerRolePrincipal(map, "rangertagsync", "rangertagsync", FirstPartyCsdServiceTypes.RoleTypes.RANGER_TAGSYNC, dbService, serviceDataProvider);
        addRangerRolePrincipal(map, "rangerusersync", "rangerusersync", FirstPartyCsdServiceTypes.RoleTypes.RANGER_USERSYNC, dbService, serviceDataProvider);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static void addRangerRolePrincipal(Map<String, String> map, String str, String str2, String str3, DbService dbService, ServiceDataProvider serviceDataProvider) {
        RoleHandler roleHandler = serviceDataProvider.getServiceHandlerRegistry().get(dbService).getRoleHandler(str3);
        Set rolesWithType = dbService.getRolesWithType(str3);
        if (CollectionUtils.isEmpty(rolesWithType)) {
            return;
        }
        ConfigValueProvider configValueProvider = (DbRole) rolesWithType.iterator().next();
        ParamSpec param = roleHandler.getConfigSpec().getParam(FirstPartyCsdServiceTypes.KERBEROS_ROLE_PRINC_NAME);
        if (param == null) {
            map.put(str, str2);
            return;
        }
        try {
            map.put(str, param.extract(configValueProvider));
        } catch (ParamParseException e) {
            LOG.error(String.format("Error parsing the Kerberos Principal for role type %s", str3));
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static void addKmsPrincipal(Map<String, String> map, DbService dbService, ServiceDataProvider serviceDataProvider) {
        List list = (List) serviceDataProvider.getServiceHandlerRegistry().get(dbService).getDependencies(CmfEntityManager.currentCmfEntityManager(), dbService, true).getSatisfied().stream().filter(dbService2 -> {
            return dbService2.getServiceType().equals(FirstPartyCsdServiceTypes.RANGER_KMS) || dbService2.getServiceType().equals(FirstPartyCsdServiceTypes.RANGER_KMS_KTS);
        }).collect(Collectors.toList());
        if (CollectionUtils.isEmpty(list)) {
            return;
        }
        ConfigValueProvider configValueProvider = (DbService) Iterables.getOnlyElement(list);
        try {
            map.put(RANGER_KMS_USER_NAME, serviceDataProvider.getServiceHandlerRegistry().get((DbService) configValueProvider).getConfigSpec().getParam(FirstPartyCsdServiceTypes.KERBEROS_PRINC_NAME).extract(configValueProvider));
        } catch (ParamParseException e) {
            LOG.error(String.format("Error parsing the Kerberos Principal for service %s", configValueProvider.getName()));
        }
    }

    private static DbService getOnlyDependent(DbService dbService, String str, ServiceDataProvider serviceDataProvider) {
        return (DbService) Iterables.getOnlyElement(DependencyUtils.getDependentServicesOfType(CmfEntityManager.currentCmfEntityManager(), serviceDataProvider.getServiceHandlerRegistry(), dbService, str), (Object) null);
    }

    private static boolean isKerberosEnabled(DbService dbService, ServiceDataProvider serviceDataProvider) {
        return serviceDataProvider.getServiceHandlerRegistry().get(dbService).requiresCredentials(CmfEntityManager.currentCmfEntityManager(), dbService);
    }
}
