package com.cloudera.server.web.cmf.wizard.security;

import com.cloudera.cmf.cluster.EnableKerberosCmdArgs;
import com.cloudera.cmf.command.BasicCmdArgs;
import com.cloudera.cmf.model.ConfigValueProvider;
import com.cloudera.cmf.model.DbCluster;
import com.cloudera.cmf.model.DbHost;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.security.EnableKerberosCommand;
import com.cloudera.cmf.security.ImportCredentialsCommand;
import com.cloudera.cmf.service.DependencyUtils;
import com.cloudera.cmf.service.SecurityParams;
import com.cloudera.cmf.service.ServiceHandlerRegistry;
import com.cloudera.cmf.service.config.CommonParamSpecs;
import com.cloudera.cmf.service.config.ParamParseException;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.config.PortNumberParamSpec;
import com.cloudera.cmf.service.hdfs.HdfsParams;
import com.cloudera.cmf.service.hdfs.HdfsServiceHandler;
import com.cloudera.cmf.service.scm.ScmParamTrackerStore;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.server.cmf.FeatureManager;
import com.cloudera.server.web.cmf.ClusterInfo;
import com.cloudera.server.web.cmf.CmfPath;
import com.cloudera.server.web.cmf.WebController;
import com.cloudera.server.web.cmf.config.BaseConfigFilterStrategy;
import com.cloudera.server.web.cmf.config.ConfigFilterStrategy;
import com.cloudera.server.web.cmf.config.GenericConfigResponse;
import com.cloudera.server.web.cmf.config.ParamSpecProperty;
import com.cloudera.server.web.cmf.config.components.GenericConfigHelper;
import com.cloudera.server.web.cmf.wizard.service.UIConstants;
import com.cloudera.server.web.common.AjaxRedirect;
import com.cloudera.server.web.common.CurrentUser;
import com.cloudera.server.web.common.I18n;
import com.cloudera.server.web.common.JSPageController;
import com.cloudera.server.web.common.JamonModelAndView;
import com.cloudera.server.web.common.JsonResponse;
import com.cloudera.server.web.common.SimplePage;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;

@RequestMapping({"/*"})
@Controller
/* loaded from: input_file:com/cloudera/server/web/cmf/wizard/security/KerberosWizardController.class */
public class KerberosWizardController extends WebController {

    @Autowired
    private FeatureManager fm;

    @Autowired
    private ScmParamTrackerStore scmParamTrackerStore;
    private static final ConfigFilterStrategy ALL_KERBEROS_CONFIGS = new BaseConfigFilterStrategy() { // from class: com.cloudera.server.web.cmf.wizard.security.KerberosWizardController.1
        @Override // com.cloudera.server.web.cmf.config.BaseConfigFilterStrategy, com.cloudera.server.web.cmf.config.ConfigFilterStrategy
        public boolean filterMatchesProperty(ParamSpecProperty paramSpecProperty) {
            return SecurityParams.KERBEROS_DISPLAY_GROUP.equals(paramSpecProperty.getParamSpec().getDisplayGroupKey());
        }
    };
    private static final ConfigFilterStrategy PRINCIPALS_CONFIGS = new BaseConfigFilterStrategy() { // from class: com.cloudera.server.web.cmf.wizard.security.KerberosWizardController.2
        @Override // com.cloudera.server.web.cmf.config.BaseConfigFilterStrategy, com.cloudera.server.web.cmf.config.ConfigFilterStrategy
        public boolean filterMatchesProperty(ParamSpecProperty paramSpecProperty) {
            return CommonParamSpecs.KERBEROS_PRINC_KEY.equals(paramSpecProperty.getParamSpec().getTemplateName());
        }
    };
    private static final KerberosParamSpecFilter BASIC_WELCOME_PARAM_SPECS_FILTER = new KerberosParamSpecFilter(ImmutableSet.of(ScmParams.KDC_TYPE));
    public static final KerberosParamSpecFilter BASIC_COMMON_PARAM_SPECS_FILTER = new KerberosParamSpecFilter(ImmutableSet.of(ScmParams.KDC_HOST, ScmParams.KDC_ADMIN_HOST, ScmParams.SECURITY_REALM, ScmParams.KRB_ENC_TYPES, ScmParams.KRB_DOMAIN));
    public static final KerberosParamSpecFilter BASIC_AD_PARAM_SPECS_FILTER = new KerberosParamSpecFilter(ImmutableSet.of(ScmParams.AD_ACCOUNT_PREFIX, ScmParams.AD_KDC_DOMAIN, ScmParams.KDC_ACCOUNT_CREATION_HOST_OVERRIDE, ScmParams.AD_SET_ENCRYPTION_TYPES, ScmParams.GEN_KEYTAB_SCRIPT, ScmParams.AD_DELETE_ON_REGENERATE, new ParamSpec[]{ScmParams.AD_PASSWORD_PROPERTIES, ScmParams.AD_ACCOUNT_PROPERTIES}));
    public static final KerberosParamSpecFilter BASIC_MIT_PARAM_SPECS_FILTER = new KerberosParamSpecFilter(ImmutableSet.of(ScmParams.MAX_RENEW_LIFE));
    public static final KerberosParamSpecFilter ADV_COMMON_PARAM_SPECS_FILTER = new KerberosParamSpecFilter(ImmutableSet.of(ScmParams.KRB_MANAGE_KRB5_CONF));
    public static final KerberosParamSpecFilter ADV_PARAM_SPECS_FILTER = new KerberosParamSpecFilter(ImmutableSet.of(ScmParams.KRB_TICKET_LIFETIME, ScmParams.KRB_RENEW_LIFETIME, ScmParams.KRB_DNS_LOOKUP_KDC, ScmParams.KRB_FORWARDABLE, ScmParams.KRB_KDC_TIMEOUT, ScmParams.KRB_LIBDEFAULTS_SAFETY_VALVE, new ParamSpec[]{ScmParams.KRB_REALMS_SAFETY_VALVE, ScmParams.KRB_OTHER_SAFETY_VALVE}));
    private static final String URL_PREFIX = "clusters/{clusterId}/kerberos/";

    @VisibleForTesting
    @Autowired
    GenericConfigHelper genericConfigHelper;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/cloudera/server/web/cmf/wizard/security/KerberosWizardController$KerberosParamSpecFilter.class */
    public static class KerberosParamSpecFilter extends BaseConfigFilterStrategy {
        private Set<ParamSpec<?>> paramSpecsToMatch;

        public Set<ParamSpec<?>> getParamSpecsToMatch() {
            return this.paramSpecsToMatch;
        }

        public KerberosParamSpecFilter(Set<ParamSpec<?>> set) {
            this.paramSpecsToMatch = set;
        }

        @Override // com.cloudera.server.web.cmf.config.BaseConfigFilterStrategy, com.cloudera.server.web.cmf.config.ConfigFilterStrategy
        public boolean filterMatchesProperty(ParamSpecProperty paramSpecProperty) {
            return SecurityParams.KERBEROS_DISPLAY_GROUP.equals(paramSpecProperty.getParamSpec().getDisplayGroupKey()) && this.paramSpecsToMatch.contains(paramSpecProperty.getParamSpec());
        }
    }

    @RequestMapping({"clusters/{clusterId}/kerberos/wizardRedirect"})
    public ModelAndView redirectToWizard(@PathVariable long j) {
        CmfEntityManager createCmfEntityManager = createCmfEntityManager();
        try {
            createCmfEntityManager.beginForRollbackAndReadonly();
            DbCluster validateCluster = validateCluster(createCmfEntityManager, j);
            verifyUserAnyAuth(validateCluster, "ROLE_ADMIN");
            ModelAndView of = JamonModelAndView.of(new AjaxRedirect().makeRenderer(CmfPath.to(CmfPath.Type.PREFIX, validateCluster) + CmfPath.Kerberos.PREFIX + "wizard"));
            createCmfEntityManager.close();
            return of;
        } catch (Throwable th) {
            createCmfEntityManager.close();
            throw th;
        }
    }

    @VisibleForTesting
    List<String> getUppercaseHosts(DbCluster dbCluster) {
        ImmutableList.Builder builder = ImmutableList.builder();
        for (DbHost dbHost : dbCluster.getHosts()) {
            if (hasUppercase(dbHost)) {
                builder.add(dbHost.getName());
            }
        }
        return builder.build();
    }

    private boolean hasUppercase(DbHost dbHost) {
        return !dbHost.getName().equals(dbHost.getName().toLowerCase());
    }

    @RequestMapping(value = {"clusters/{clusterId}/kerberos/wizard"}, method = {RequestMethod.GET})
    public ModelAndView getEnableKerberosWizard(@PathVariable long j, @RequestParam(value = "returnUrl", required = false) String str) {
        CmfEntityManager createCmfEntityManager = createCmfEntityManager();
        try {
            createCmfEntityManager.beginForRollbackAndReadonly();
            DbCluster validateCluster = validateCluster(createCmfEntityManager, j);
            verifyUserAnyAuth(validateCluster, "ROLE_ADMIN");
            if (str == null) {
                str = CmfPath.HOME;
            }
            ServiceHandlerRegistry serviceHandlerRegistry = getServiceHandlerRegistry();
            boolean z = true;
            if (!CurrentUser.hasGlobalAuthority("ROLE_ADMIN")) {
                String str2 = (String) this.scmParamTrackerStore.get(ScmParams.KDC_ADMIN_USER);
                String str3 = (String) this.scmParamTrackerStore.get(ScmParams.KDC_ADMIN_PASSWORD);
                String str4 = (String) this.scmParamTrackerStore.get(ScmParams.KDC_HOST);
                if (str2 == null || str3 == null || str4 == null) {
                    ModelAndView of = JamonModelAndView.of(new SimplePage().makeRenderer(I18n.t("label.alert"), I18n.t("message.serverError.contactAdmin")));
                    createCmfEntityManager.close();
                    return of;
                }
                z = false;
            } else if (hasKerberoizedClusters(createCmfEntityManager, serviceHandlerRegistry)) {
                z = false;
            }
            List findServicesInClusterByType = createCmfEntityManager.findServicesInClusterByType(validateCluster, "HDFS");
            DbService dbService = findServicesInClusterByType.isEmpty() ? null : (DbService) findServicesInClusterByType.get(0);
            boolean isDfsSslEnabled = dbService != null ? DependencyUtils.isDfsSslEnabled(dbService, getServiceHandlerRegistry()) : false;
            ModelAndView renderKerberosWizardPage = renderKerberosWizardPage(validateCluster, z ? getWelcomeConfigs(createCmfEntityManager) : ImmutableList.of(), z ? getBasicConfigs(createCmfEntityManager) : ImmutableList.of(), z ? getAdvConfigs(createCmfEntityManager) : ImmutableList.of(), getUppercaseHosts(validateCluster), z, false, isDfsSslEnabled, getDataNodePortValue(dbService, HdfsParams.DATANODE_TRANSCEIVER_PORT, isDfsSslEnabled, HdfsParams.DEFAULT_DATANODE_TRANCEIVER_PORT), getDataNodePortValue(dbService, HdfsParams.DATANODE_HTTPS_PORT, isDfsSslEnabled, HdfsParams.DEFAULT_DATANODE_WEB_PORT), str, this.fm);
            createCmfEntityManager.close();
            return renderKerberosWizardPage;
        } catch (Throwable th) {
            createCmfEntityManager.close();
            throw th;
        }
    }

    public ModelAndView renderKerberosWizardPage(DbCluster dbCluster, List<GenericConfigResponse> list, List<GenericConfigResponse> list2, List<GenericConfigResponse> list3, List<String> list4, boolean z, boolean z2, boolean z3, long j, long j2, String str, FeatureManager featureManager) {
        ImmutableMap.Builder builder = ImmutableMap.builder();
        boolean booleanValue = ((Boolean) this.scmParamTrackerStore.get(ScmParams.KRB_MANAGE_KRB5_CONF)).booleanValue();
        builder.put("basicMetadata", list);
        builder.put("kdcConfMetadata", list2);
        builder.put(CmfPath.Kerberos.KRB5_CONF_METADATA, list3);
        if (dbCluster != null) {
            builder.put("cluster", new ClusterInfo(dbCluster));
            builder.put("configPortsUrl", CmfPath.Cluster.buildGetUrl(dbCluster, "kerberos/configPorts"));
            builder.put("principalsConfigMetadataJsonUrl", CmfPath.Cluster.buildGetUrl(dbCluster, "kerberos/principalsMetadata"));
        }
        builder.put("configMetadataJsonUrl", "/cmf/kerberos/config/metadata.json");
        builder.put("adminCredentialsUrl", "/cmf/kerberos/adminCredentials");
        builder.put("doGlobalSetup", Boolean.valueOf(z));
        builder.put("doImportOnly", Boolean.valueOf(z2));
        builder.put("badHostNames", list4);
        builder.put("isHDFSUsingSSL", Boolean.valueOf(z3));
        builder.put("defaultDatanodeTranceiverPort", Long.valueOf(j));
        builder.put("defaultDatanodeWebPort", Long.valueOf(j2));
        builder.put("defaultSecurityRealm", ScmParams.DEFAULT_SECURITY_REALM);
        builder.put("manageKrb", Boolean.valueOf(booleanValue));
        builder.put(UIConstants.RETURN_URL, str);
        com.cloudera.server.web.cmf.SimplePage wizardPage = JSPageController.getWizardPage("cloudera/cmf/wizard/security/KerberosWizardPage");
        wizardPage.setParameters(builder.build());
        return JamonModelAndView.of(wizardPage.makeRenderer());
    }

    private boolean hasKerberoizedClusters(CmfEntityManager cmfEntityManager, ServiceHandlerRegistry serviceHandlerRegistry) {
        for (DbCluster dbCluster : cmfEntityManager.findAllClusters()) {
            if (serviceHandlerRegistry.get(dbCluster).requiresCredentials(serviceHandlerRegistry, cmfEntityManager, dbCluster)) {
                return true;
            }
        }
        return false;
    }

    @RequestMapping(value = {"kerberos/wizard"}, method = {RequestMethod.GET})
    public ModelAndView getEnableKerberosWizard(@RequestParam(value = "returnUrl", required = false) String str, @RequestParam(value = "doImportOnly", required = false, defaultValue = "false") boolean z) {
        CmfEntityManager createCmfEntityManager = createCmfEntityManager();
        try {
            createCmfEntityManager.beginForRollbackAndReadonly();
            if (str == null) {
                str = CmfPath.HOME;
            }
            ModelAndView renderKerberosWizardPage = renderKerberosWizardPage(null, getWelcomeConfigs(createCmfEntityManager), getBasicConfigs(createCmfEntityManager), getAdvConfigs(createCmfEntityManager), ImmutableList.of(), true, z, false, 0L, 0L, str, this.fm);
            createCmfEntityManager.close();
            return renderKerberosWizardPage;
        } catch (Throwable th) {
            createCmfEntityManager.close();
            throw th;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private long getDataNodePortValue(DbService dbService, PortNumberParamSpec portNumberParamSpec, boolean z, long j) {
        if (dbService == null) {
            return j;
        }
        long longValue = ((Long) portNumberParamSpec.getDefaultValue(dbService.getServiceVersion())).longValue();
        long j2 = longValue;
        Iterator it = dbService.getRoleConfigGroups(HdfsServiceHandler.RoleNames.DATANODE.name()).iterator();
        while (it.hasNext()) {
            try {
                j2 = ((Long) portNumberParamSpec.extract((ConfigValueProvider) it.next())).longValue();
                break;
            } catch (ParamParseException e) {
            }
        }
        if (isPrivilegedPort(j2)) {
            if (z) {
                Preconditions.checkArgument(!isPrivilegedPort(longValue));
                j2 = longValue;
            }
        } else if (!z) {
            Preconditions.checkArgument(isPrivilegedPort(j));
            j2 = j;
        }
        return j2;
    }

    private static boolean isPrivilegedPort(long j) {
        return j < 1024;
    }

    @RequestMapping(value = {"kerberos/config/metadata.json"}, method = {RequestMethod.GET})
    public void configMetadata(HttpServletResponse httpServletResponse) throws IOException {
        CmfEntityManager createCmfEntityManager = createCmfEntityManager();
        try {
            createCmfEntityManager.beginForRollbackAndReadonly();
            writeJackson2JsonToHttpResponse(filterForKerberosConfigs(createCmfEntityManager, ALL_KERBEROS_CONFIGS), httpServletResponse);
            createCmfEntityManager.close();
        } catch (Throwable th) {
            createCmfEntityManager.close();
            throw th;
        }
    }

    @RequestMapping(value = {"clusters/{clusterId}/kerberos/principalsMetadata"}, method = {RequestMethod.GET})
    public void principalsConfigMetadata(@PathVariable long j, HttpServletResponse httpServletResponse) throws IOException {
        CmfEntityManager createCmfEntityManager = createCmfEntityManager();
        try {
            createCmfEntityManager.beginForRollbackAndReadonly();
            DbCluster validateCluster = validateCluster(createCmfEntityManager, j);
            verifyUserAnyAuth(validateCluster, "ROLE_ADMIN");
            writeJackson2JsonToHttpResponse(this.genericConfigHelper.getConfigForClusterCascaded(createCmfEntityManager, validateCluster, PRINCIPALS_CONFIGS), httpServletResponse);
            createCmfEntityManager.close();
        } catch (Throwable th) {
            createCmfEntityManager.close();
            throw th;
        }
    }

    @VisibleForTesting
    List<GenericConfigResponse> getWelcomeConfigs(CmfEntityManager cmfEntityManager) {
        return ImmutableList.of(filterForKerberosConfigs(cmfEntityManager, BASIC_WELCOME_PARAM_SPECS_FILTER));
    }

    @VisibleForTesting
    List<GenericConfigResponse> getBasicConfigs(CmfEntityManager cmfEntityManager) {
        return ImmutableList.of(filterForKerberosConfigs(cmfEntityManager, BASIC_COMMON_PARAM_SPECS_FILTER), filterForKerberosConfigs(cmfEntityManager, BASIC_AD_PARAM_SPECS_FILTER), filterForKerberosConfigs(cmfEntityManager, BASIC_MIT_PARAM_SPECS_FILTER));
    }

    @VisibleForTesting
    List<GenericConfigResponse> getAdvConfigs(CmfEntityManager cmfEntityManager) {
        return ImmutableList.of(filterForKerberosConfigs(cmfEntityManager, ADV_COMMON_PARAM_SPECS_FILTER), filterForKerberosConfigs(cmfEntityManager, ADV_PARAM_SPECS_FILTER));
    }

    @VisibleForTesting
    List<GenericConfigResponse> getPrincipalConfigs(CmfEntityManager cmfEntityManager) {
        return ImmutableList.of();
    }

    private GenericConfigResponse filterForKerberosConfigs(CmfEntityManager cmfEntityManager, ConfigFilterStrategy configFilterStrategy) {
        GenericConfigResponse.Builder suppressNonParamValidations = GenericConfigResponse.builder().filterStrategy(configFilterStrategy).suppressNonParamValidations();
        this.genericConfigHelper.addConfigForScmSettings(cmfEntityManager, suppressNonParamValidations);
        return suppressNonParamValidations.build();
    }

    @RequestMapping(value = {"kerberos/adminCredentials"}, method = {RequestMethod.POST})
    @ResponseBody
    public JsonResponse<Long> importAdminCredentials(@RequestParam(value = "username", required = true) String str, @RequestParam(value = "password", required = true) String str2) {
        CmfEntityManager createCmfEntityManager = createCmfEntityManager();
        try {
            try {
                createCmfEntityManager.begin();
                long longValue = this.opsManager.executeGlobalCmd(createCmfEntityManager, ImportCredentialsCommand.COMMAND_NAME, BasicCmdArgs.of(str, str2, "true", "1")).getId().longValue();
                createCmfEntityManager.commit();
                JsonResponse<Long> jsonResponse = new JsonResponse<>(Long.valueOf(longValue));
                createCmfEntityManager.close();
                return jsonResponse;
            } catch (RuntimeException e) {
                JsonResponse<Long> jsonResponse2 = new JsonResponse<>(e);
                createCmfEntityManager.close();
                return jsonResponse2;
            }
        } catch (Throwable th) {
            createCmfEntityManager.close();
            throw th;
        }
    }

    @RequestMapping(value = {"clusters/{clusterId}/kerberos/configPorts"}, method = {RequestMethod.POST})
    @ResponseBody
    public JsonResponse<Long> applyConfigSettings(@PathVariable long j, @RequestParam(value = "datanodeTranceiverPort", required = true) long j2, @RequestParam(value = "datanodeWebPort", required = true) long j3, @RequestParam(value = "startClusterAfter", required = false, defaultValue = "true") boolean z) {
        CmfEntityManager createCmfEntityManager = createCmfEntityManager();
        try {
            try {
                createCmfEntityManager.begin();
                DbCluster validateAndHasAuth = validateAndHasAuth(j, createCmfEntityManager, "ROLE_ADMIN");
                EnableKerberosCmdArgs enableKerberosCmdArgs = new EnableKerberosCmdArgs();
                enableKerberosCmdArgs.setDatanodeTranceiverPort(j2);
                enableKerberosCmdArgs.setDatanodeWebPort(j3);
                enableKerberosCmdArgs.setStartClusterAfter(z);
                long longValue = this.opsManager.executeClusterCmd(createCmfEntityManager, validateAndHasAuth, EnableKerberosCommand.COMMAND_NAME, enableKerberosCmdArgs).getId().longValue();
                createCmfEntityManager.commit();
                JsonResponse<Long> jsonResponse = new JsonResponse<>(Long.valueOf(longValue));
                createCmfEntityManager.close();
                return jsonResponse;
            } catch (RuntimeException e) {
                JsonResponse<Long> jsonResponse2 = new JsonResponse<>(e);
                createCmfEntityManager.close();
                return jsonResponse2;
            }
        } catch (Throwable th) {
            createCmfEntityManager.close();
            throw th;
        }
    }
}
