package com.cloudera.cmf.service.config;

import com.cloudera.cmf.Constants;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.service.CommandUtils;
import com.cloudera.cmf.service.ReplicationUtils;
import com.cloudera.cmf.service.RoleHandler;
import com.cloudera.cmf.service.ServiceDataProvider;
import com.cloudera.cmf.service.config.AtlasHookParams;
import com.cloudera.cmf.service.config.UrlListEvaluator;
import com.cloudera.cmf.service.config.transform.CredentialProviderConfigTransform;
import com.cloudera.cmf.service.csd.components.FirstPartyCsdServiceTypes;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.server.common.KerberosAuthentication;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableRangeMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;

/* loaded from: input_file:com/cloudera/cmf/service/config/AtlasHookConfigGenerators.class */
public class AtlasHookConfigGenerators {
    static final String APPLICATION_PROPERTIES_NAME = "atlas-application.properties";
    static final ConfigLocator ATLAS_SERVER_LOCATOR = ConfigLocator.getConfigLocator(FirstPartyCsdServiceTypes.ATLAS, FirstPartyCsdServiceTypes.RoleTypes.ATLAS_SERVER);
    static final ConfigEvaluationPredicate ATLAS_SSL_ENABLED = ConditionalEvaluator.paramEvaluatesToValue(ATLAS_SERVER_LOCATOR, FirstPartyCsdServiceTypes.RoleTypes.ATLAS_SERVER_SSL_ENABLED, true);
    static final ConfigEvaluationPredicate ATLAS_SSL_ENABLED_INVERTED = ConditionalEvaluator.invertedContext(FirstPartyCsdServiceTypes.ATLAS, FirstPartyCsdServiceTypes.RoleTypes.ATLAS_SERVER, false, ATLAS_SSL_ENABLED);
    static final ConfigEvaluationPredicate ATLAS_KERBEROS_ENABLED = ConditionalEvaluator.paramEvaluatesToValue(ConfigLocator.getConfigLocator(FirstPartyCsdServiceTypes.ATLAS), FirstPartyCsdServiceTypes.RoleTypes.ATLAS_SERVER_KERBEROS_ENABLED, true);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/cloudera/cmf/service/config/AtlasHookConfigGenerators$AliasedPasswordEvaluator.class */
    public static class AliasedPasswordEvaluator extends AbstractConfigEvaluator {
        private final ConfigEvaluator evaluator;

        public AliasedPasswordEvaluator(String str, ConfigEvaluator configEvaluator) {
            super(null, ImmutableRangeMap.of(Constants.SERVICE_ALL_VERSIONS_RANGE, str));
            this.evaluator = configEvaluator;
        }

        @Override // com.cloudera.cmf.service.config.AbstractConfigEvaluator
        protected List<EvaluatedConfig> evaluateConfig(ServiceDataProvider serviceDataProvider, DbService dbService, DbRole dbRole, RoleHandler roleHandler, Map<String, Object> map, String str) throws ConfigGenException {
            return (List) this.evaluator.evaluateConfig(serviceDataProvider, dbService, dbRole, roleHandler, map).stream().map(evaluatedConfig -> {
                return evaluatedConfig.withCredentialProvider().rename(str);
            }).collect(Collectors.toList());
        }
    }

    /* loaded from: input_file:com/cloudera/cmf/service/config/AtlasHookConfigGenerators$BuildInfo.class */
    public static class BuildInfo {
        private AtlasHookParams.HookType hookType;
        private String keytabFile;
        private String serviceType;
        private Enum roleType;
        private PathParamSpec psTrustStoreFile;
        private PasswordParamSpec psTrustStorePassword;
        private ParamSpec<String> psApplicationPropertiesSafetyValve;
        private ConfigEvaluationPredicate enabledAtlasPredicate = null;
        private ConfigEvaluationPredicate invertedDependencyPredicate = null;
        private boolean isGeneratingForGatewayRole = false;

        public BuildInfo hookType(AtlasHookParams.HookType hookType) {
            this.hookType = hookType;
            return this;
        }

        public BuildInfo enabledInverseIfBoolean(BooleanParamSpec booleanParamSpec, boolean z) {
            this.invertedDependencyPredicate = ConditionalEvaluator.paramEvaluatesToValue(booleanParamSpec, Boolean.valueOf(z));
            return this;
        }

        public BuildInfo enabledIfDependency(ServiceParamSpec serviceParamSpec) {
            this.enabledAtlasPredicate = ConditionalEvaluator.serviceHasDependency(serviceParamSpec);
            return this;
        }

        public BuildInfo keytabFile(String str) {
            this.keytabFile = str;
            return this;
        }

        public BuildInfo serviceType(String str) {
            this.serviceType = str;
            return this;
        }

        public BuildInfo roleType(Enum r4) {
            this.roleType = r4;
            return this;
        }

        public BuildInfo trustStoreFile(PathParamSpec pathParamSpec) {
            this.psTrustStoreFile = pathParamSpec;
            return this;
        }

        public BuildInfo trustStorePassword(PasswordParamSpec passwordParamSpec) {
            this.psTrustStorePassword = passwordParamSpec;
            return this;
        }

        public BuildInfo psApplicationPropertiesSafetyValve(ParamSpec<String> paramSpec) {
            this.psApplicationPropertiesSafetyValve = paramSpec;
            return this;
        }

        public BuildInfo generatingForGatewayRole(boolean z) {
            this.isGeneratingForGatewayRole = z;
            return this;
        }
    }

    private static String getConfPath(String str, String str2) {
        return (str.isEmpty() ? CommandUtils.CONFIG_TOP_LEVEL_DIR : str + ReplicationUtils.PATH_SEPARATOR) + str2;
    }

    public static void addAll(BuildInfo buildInfo, String str, Set<ConfigFileGenerator> set) {
        Preconditions.checkArgument((buildInfo.enabledAtlasPredicate == null && buildInfo.invertedDependencyPredicate == null) ? false : true);
        ConfigEvaluationPredicate configEvaluationPredicate = null;
        List<GenericConfigEvaluator> list = null;
        if (buildInfo.enabledAtlasPredicate != null) {
            configEvaluationPredicate = buildInfo.enabledAtlasPredicate;
            list = makeApplicationPropertiesEvals(buildInfo, false);
        }
        if (buildInfo.invertedDependencyPredicate != null) {
            if (configEvaluationPredicate == null) {
                configEvaluationPredicate = buildInfo.invertedDependencyPredicate;
                list = makeApplicationPropertiesEvals(buildInfo, true);
            } else {
                list = ImmutableList.of(ConditionalEvaluator.builder().checkCondition(configEvaluationPredicate).evaluators(list).build(), ConditionalEvaluator.builder().checkCondition(buildInfo.invertedDependencyPredicate).evaluators(makeApplicationPropertiesEvals(buildInfo, true)).build());
                configEvaluationPredicate = ConditionalEvaluator.or(configEvaluationPredicate, buildInfo.invertedDependencyPredicate);
            }
        }
        set.add(new PropertiesConfigFileGenerator(list, getConfPath(str, APPLICATION_PROPERTIES_NAME), configEvaluationPredicate));
    }

    static List<GenericConfigEvaluator> makeApplicationPropertiesEvals(BuildInfo buildInfo, boolean z) {
        ImmutableList.Builder builder = ImmutableList.builder();
        if (!buildInfo.isGeneratingForGatewayRole) {
            ConfigEvaluationPredicate configEvaluationPredicate = z ? ATLAS_SSL_ENABLED_INVERTED : ATLAS_SSL_ENABLED;
            builder.add(ConditionalEvaluator.builder().checkCondition(configEvaluationPredicate).evaluators(new HardcodedConfigEvaluator("atlas.enableTLS", "true"), new AutoTLSPathParamSpecEvaluator(buildInfo.psTrustStoreFile, "truststore.file"), new AliasedPasswordEvaluator("truststore.password", new AutoTLSPasswordParamSpecEvaluator(buildInfo.psTrustStorePassword)), new AutoTLSPathParamSpecEvaluator(buildInfo.psTrustStoreFile, "atlas.kafka.ssl.truststore.location"), new AliasedPasswordEvaluator("atlas.kafka.ssl.truststore.password", new AutoTLSPasswordParamSpecEvaluator(buildInfo.psTrustStorePassword)), new HardcodedConfigEvaluator("cert.stores.credential.provider.path", new CredentialProviderConfigTransform("password").keyStoreURI)).build());
            builder.add(ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.and(configEvaluationPredicate, ConditionalEvaluator.serviceVersionInRange(Constants.SERVICE_VERSIONS_SINCE_CDH7_1_5))).evaluators(ConfigEvaluatorHelpers.makeNameOverrideEvaluator(ScmParams.KEYSTORE_TYPE, "keystore.type"), ConfigEvaluatorHelpers.makeNameOverrideEvaluator(ScmParams.KEYSTORE_TYPE, "truststore.type"), ConfigEvaluatorHelpers.makeNameOverrideEvaluator(ScmParams.KEYSTORE_TYPE, "atlas.kafka.ssl.keystore.type"), ConfigEvaluatorHelpers.makeNameOverrideEvaluator(ScmParams.KEYSTORE_TYPE, "atlas.kafka.ssl.truststore.type")).build());
        }
        ImmutableList of = ImmutableList.of(getAtlasRestAddressEvaluator(), new HardcodedConfigEvaluator("atlas.metadata.namespace", "cm"), new HardcodedConfigEvaluator(buildInfo.hookType.interpolate("atlas.hook.${hookType}.keepAliveTime"), "10"), new HardcodedConfigEvaluator(buildInfo.hookType.interpolate("atlas.hook.${hookType}.maxThreads"), "5"), new HardcodedConfigEvaluator(buildInfo.hookType.interpolate("atlas.hook.${hookType}.minThreads"), "5"), new HardcodedConfigEvaluator(buildInfo.hookType.interpolate("atlas.hook.${hookType}.numRetries"), "3"), new HardcodedConfigEvaluator(buildInfo.hookType.interpolate("atlas.hook.${hookType}.queueSize"), "1000"), new HardcodedConfigEvaluator(buildInfo.hookType.interpolate("atlas.hook.${hookType}.synchronous"), "false"), new HardcodedConfigEvaluator("atlas.notification.create.topics", "True"), new HardcodedConfigEvaluator("atlas.notification.replicas", "1"), new HardcodedConfigEvaluator("atlas.notification.topics", "ATLAS_HOOK,ATLAS_ENTITIES"), new HardcodedConfigEvaluator("atlas.kafka.hook.group.id", "atlas"), new GenericConfigEvaluator[]{new HardcodedConfigEvaluator("atlas.kafka.zookeeper.connection.timeout.ms", "30000"), new HardcodedConfigEvaluator("atlas.kafka.zookeeper.session.timeout.ms", "60000"), new HardcodedConfigEvaluator("atlas.kafka.zookeeper.sync.time.ms", "20"), new KafkaBrokerListParamSpecEvaluator("atlas.kafka.bootstrap.servers", (ParamSpecId<ServiceParamSpec>) ParamSpecId.of("kafka_service")), new KafkaBrokerSecurityProtocolEvaluator("atlas.kafka.security.protocol"), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.not(ConditionalEvaluator.serviceVersionInRange(Constants.SERVICE_VERSIONS_SINCE_CDH7_1_0))).evaluators(KafkaEvaluators.getKafkaZkQuorumEval("atlas.kafka.zookeeper.connect")).build(), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.kerberos()).evaluators(new HardcodedConfigEvaluator("atlas.authentication.method.kerberos", "True"), new HardcodedConfigEvaluator("atlas.jaas.KafkaClient.loginModuleControlFlag", "required"), new HardcodedConfigEvaluator("atlas.jaas.KafkaClient.option.storeKey", "true"), new HardcodedConfigEvaluator("atlas.jaas.KafkaClient.loginModuleName", "com.sun.security.auth.module.Krb5LoginModule"), new HardcodedConfigEvaluator("atlas.jaas.KafkaClient.option.serviceName", FirstPartyCsdServiceTypes.COMPONENT_KAFKA), new HardcodedConfigEvaluator("atlas.jaas.KafkaClient.option.useKeyTab", "True"), new HardcodedConfigEvaluator("atlas.kafka.sasl.kerberos.service.name", FirstPartyCsdServiceTypes.COMPONENT_KAFKA), new HardcodedConfigEvaluator("atlas.jaas.ticketBased-KafkaClient.loginModuleControlFlag", "required"), new HardcodedConfigEvaluator("atlas.jaas.ticketBased-KafkaClient.loginModuleName", "com.sun.security.auth.module.Krb5LoginModule"), new HardcodedConfigEvaluator("atlas.jaas.ticketBased-KafkaClient.option.useTicketCache", "true"), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.not(ConditionalEvaluator.isGateway())).evaluators(new KerberosPrincEvaluator(null, buildInfo.serviceType, buildInfo.roleType, ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "atlas.jaas.KafkaClient.option.principal"), null), new HardcodedConfigEvaluator("atlas.jaas.KafkaClient.option.keyTab", "{{CMF_CONF_DIR}}/" + buildInfo.keytabFile)).build()).build()});
        if (z) {
            builder.add(new DependencyInvertedContextEvaluator(FirstPartyCsdServiceTypes.ATLAS, FirstPartyCsdServiceTypes.RoleTypes.ATLAS_SERVER, (GenericConfigEvaluator[]) of.toArray(new GenericConfigEvaluator[0])));
        } else {
            builder.addAll(of);
        }
        builder.add(new RawPropertiesEvaluator(buildInfo.psApplicationPropertiesSafetyValve));
        return builder.build();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v2, types: [com.cloudera.cmf.service.config.UrlListEvaluator$Builder] */
    public static ConfigEvaluator getAtlasRestAddressEvaluator() {
        return ((UrlListEvaluator.Builder) ((UrlListEvaluator.Builder) ((UrlListEvaluator.Builder) UrlListEvaluator.builder("atlas.rest.address").multiHostnameEvaluator(new CsdHostNameEvaluator(FirstPartyCsdServiceTypes.ATLAS, FirstPartyCsdServiceTypes.RoleTypes.ATLAS_SERVER, true)).portPsId(ATLAS_SERVER_LOCATOR, FirstPartyCsdServiceTypes.RoleTypes.ATLAS_SERVER_HTTP_PORT)).sslPortPsId(ATLAS_SERVER_LOCATOR, FirstPartyCsdServiceTypes.RoleTypes.ATLAS_SERVER_HTTPS_PORT)).useSslPsId(ATLAS_SERVER_LOCATOR, FirstPartyCsdServiceTypes.RoleTypes.ATLAS_SERVER_SSL_ENABLED)).build();
    }
}
