package com.cloudera.cmf.service.auth;

import com.cloudera.cmf.ProductState;
import com.cloudera.cmf.command.flow.CmdStep;
import com.cloudera.cmf.model.DbRevision;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.AbstractBringUpBringDownCommands;
import com.cloudera.cmf.service.AbstractRestartCommands;
import com.cloudera.cmf.service.AbstractServiceHandler;
import com.cloudera.cmf.service.ConditionallyRequiredConfigsValidator;
import com.cloudera.cmf.service.HandlerUtil;
import com.cloudera.cmf.service.RoleHandler;
import com.cloudera.cmf.service.SSLParams;
import com.cloudera.cmf.service.ServiceDataProvider;
import com.cloudera.cmf.service.Validator;
import com.cloudera.cmf.service.config.ConfigLocator;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.hdfs.HdfsParams;
import com.cloudera.cmf.version.CmReleases;
import com.cloudera.enterprise.crypto.RandomUtils;
import com.cloudera.server.cmf.OperationsManager;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Range;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/cmf/service/auth/AuthServiceHandler.class */
public class AuthServiceHandler extends AbstractServiceHandler {
    static final Logger LOG = LoggerFactory.getLogger(AuthServiceHandler.class);
    public static final String SERVICE_TYPE = "AUTH";
    public static final String SERVICE_DESCRIPTION_RESOURCE_ID = "message.auth.desc";
    public static final String LONG_NAME = "Authentication Service";
    private final ImmutableMap<String, RoleHandler> roleHandlers;

    /* loaded from: input_file:com/cloudera/cmf/service/auth/AuthServiceHandler$RoleNames.class */
    public enum RoleNames implements ConfigLocator.HasConfigLocator {
        AUTHSERVER,
        AUTH_LOAD_BALANCER;

        @Override // com.cloudera.cmf.service.config.ConfigLocator.HasConfigLocator
        public ConfigLocator getConfigLocator() {
            return ConfigLocator.getConfigLocator(AuthServiceHandler.SERVICE_TYPE, name());
        }
    }

    public AuthServiceHandler(ServiceDataProvider serviceDataProvider) {
        super(serviceDataProvider, Range.closedOpen(CmReleases.MGMT, CmReleases.MGMT.nextMajorRelease()), SERVICE_TYPE, SERVICE_DESCRIPTION_RESOURCE_ID, "ROLE_ADMIN");
        AuthRoleHandler authRoleHandler = new AuthRoleHandler(this, serviceDataProvider);
        AuthLoadBalancerRoleHandler authLoadBalancerRoleHandler = new AuthLoadBalancerRoleHandler(this, serviceDataProvider);
        ArrayList arrayList = new ArrayList();
        arrayList.add(authRoleHandler);
        arrayList.add(authLoadBalancerRoleHandler);
        this.roleHandlers = HandlerUtil.makeRoleHandlerMap(arrayList);
        addServiceCommands(new AbstractBringUpBringDownCommands.GenericBringUpServiceCommand(this, serviceDataProvider), new AbstractBringUpBringDownCommands.GenericBringUpServiceOnDecommissionedHostCommand(this, serviceDataProvider), new AbstractBringUpBringDownCommands.GenericBringDownServiceCommand(this, serviceDataProvider), new AbstractRestartCommands.GenericRestartServiceCommand(this, serviceDataProvider));
        initialize();
    }

    @Override // com.cloudera.cmf.service.AbstractServiceHandler
    public ProductState.Feature getFeature() {
        return ProductState.Feature.SINGLE_SIGN_ON;
    }

    @Override // com.cloudera.cmf.service.AbstractServiceHandler
    protected Set<ParamSpec<?>> getParamSpecs(ImmutableSet<ParamSpec<?>> immutableSet) {
        ImmutableSet.Builder builder = new ImmutableSet.Builder();
        builder.addAll(immutableSet);
        builder.addAll(AuthParams.SERVICE_PARAMS);
        return builder.build();
    }

    @Override // com.cloudera.cmf.service.AbstractServiceHandler
    public String getDefaultAuthorityForParamSpecs() {
        return "ROLE_ADMIN";
    }

    @Override // com.cloudera.cmf.service.AbstractServiceHandler
    protected ImmutableMap<String, RoleHandler> getRoleHandlerMap() {
        return this.roleHandlers;
    }

    @Override // com.cloudera.cmf.service.AbstractServiceHandler, com.cloudera.cmf.service.ServiceHandler
    public int getMaxInstanceCount() {
        return 1;
    }

    @Override // com.cloudera.cmf.service.AbstractServiceHandler, com.cloudera.cmf.service.ServiceHandler
    public boolean isClusterMember() {
        return false;
    }

    private void generateKeycloakPasswords(CmfEntityManager cmfEntityManager, DbService dbService) {
        OperationsManager operationsManager = getServiceDataProvider().getOperationsManager();
        String randomPassword = RandomUtils.getRandomPassword(HdfsParams.MAX_DATA_DIRS);
        String randomPassword2 = RandomUtils.getRandomPassword(HdfsParams.MAX_DATA_DIRS);
        operationsManager.beginConfigWork(cmfEntityManager, DbRevision.InternalRevisions._INTERNAL_KEYCLOAK_ADMIN_PASSWORD_REVISION_.createRevisionMessage(dbService.getDisplayName()), false);
        operationsManager.setConfig(cmfEntityManager, AuthParams.ADMIN_PASSWORD, randomPassword, dbService, null, null, null, null);
        operationsManager.setConfig(cmfEntityManager, AuthParams.MONITOR_USER_PASSWORD, randomPassword2, dbService, null, null, null, null);
    }

    @Override // com.cloudera.cmf.service.AbstractServiceHandler, com.cloudera.cmf.service.ServiceHandler
    public void onCreate(CmfEntityManager cmfEntityManager, DbService dbService) {
        generateKeycloakPasswords(cmfEntityManager, dbService);
        AuthServiceLoginMonitor.getSingleton(getServiceDataProvider().getEntityManagerFactory()).start();
    }

    @Override // com.cloudera.cmf.service.AbstractServiceHandler, com.cloudera.cmf.service.ServiceHandler
    public void onUninstall(CmfEntityManager cmfEntityManager) {
        super.onUninstall(cmfEntityManager);
        AuthServiceLoginMonitor.getSingleton(getServiceDataProvider().getEntityManagerFactory()).stop();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.cloudera.cmf.service.AbstractServiceHandler
    protected List<Validator> getAdditionalValidators() {
        ServiceDataProvider serviceDataProvider = getServiceDataProvider();
        List<Validator> additionalValidators = super.getAdditionalValidators();
        additionalValidators.add(((ConditionallyRequiredConfigsValidator.Builder) ConditionallyRequiredConfigsValidator.builder(serviceDataProvider, (ParamSpec) AuthParams.JKS_KEYSTORE_PATH, "keystore_file_required_for_ssl_validator", SSLParams.I18nKeys.KEYSTORE_FILE_REQUIRED.getKey()).ifOtherParamEquals(AuthParams.ENABLE_TLS, true)).build());
        additionalValidators.add(((ConditionallyRequiredConfigsValidator.Builder) ConditionallyRequiredConfigsValidator.builder(serviceDataProvider, (ParamSpec) AuthParams.JKS_KEYSTORE_PASSWORD, "keystore_password_required_for_ssl_validator", SSLParams.I18nKeys.KEYSTORE_PASS_REQUIRED.getKey()).ifOtherParamEquals(AuthParams.ENABLE_TLS, true)).build());
        additionalValidators.add(((ConditionallyRequiredConfigsValidator.Builder) ConditionallyRequiredConfigsValidator.builder(serviceDataProvider, (ParamSpec) AuthParams.PEM_CERT, "pem_certificate_required_for_ssl", SSLParams.I18nKeys.PEM_CERTIFICATE_REQUIRED.getKey()).ifOtherParamEquals(AuthParams.ENABLE_TLS, true)).build());
        additionalValidators.add(((ConditionallyRequiredConfigsValidator.Builder) ConditionallyRequiredConfigsValidator.builder(serviceDataProvider, (ParamSpec) AuthParams.PEM_PRIVATE_KEY, "pem_private_key_required_for_ssl", SSLParams.I18nKeys.PEM_PRIVATE_KEY_REQUIRED.getKey()).ifOtherParamEquals(AuthParams.ENABLE_TLS, true)).build());
        return additionalValidators;
    }

    @Override // com.cloudera.cmf.service.AbstractServiceHandler
    protected List<CmdStep> getSimpleStepsAfterStart(DbService dbService) {
        return ImmutableList.of(CmdStep.of(new CreateInitialKeycloakRealmCmdWork(dbService.getId())), CmdStep.of(new CreateKeycloakClientsCmdWork(dbService.getId())));
    }

    @Override // com.cloudera.cmf.service.AbstractServiceHandler
    protected Set<DbRole> getRolesWithPrimaryStatusLinks(DbService dbService) {
        ImmutableSet.Builder builder = ImmutableSet.builder();
        builder.addAll(dbService.getRolesWithType(RoleNames.AUTH_LOAD_BALANCER.name()));
        return builder.build();
    }
}
