package com.cloudera.cmf.service.config;

import com.cloudera.cmf.model.DbConfig;
import com.cloudera.cmf.model.DbConfigContainer;
import com.cloudera.cmf.service.SecurityParams;
import com.cloudera.cmf.service.ServiceHandlerRegistry;
import com.cloudera.cmf.service.Validation;
import com.cloudera.cmf.service.ValidationContext;
import com.cloudera.cmf.service.config.StringListParamSpec;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.enterprise.MessageWithArgs;
import com.cloudera.parcel.ParcelIdentity;
import com.google.common.base.Joiner;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: input_file:com/cloudera/cmf/service/config/KerberosEncTypesParamSpec.class */
public class KerberosEncTypesParamSpec extends StringListParamSpec {
    public static final Set<String> KERBEROS_ENCRYPTION_TYPES = ImmutableSet.of("des-cbc-crc", "des-cbc-md4", "des-cbc-md5", "des-cbc-raw", "des3-cbc-raw", "des3-cbc-sha1", new String[]{"des3-hmac-sha1", "des3-cbc-sha1-kd", "des-hmac-sha1", "aes256-cts-hmac-sha1-96", "aes256-cts", "AES-256", "aes128-cts-hmac-sha1-96", "aes128-cts", "AES-128", "arcfour-hmac", "rc4-hmac", "arcfour-hmac-md5", "arcfour-hmac-exp", "rc4-hmac-exp", "arcfour-hmac-md5-exp", "camellia256-cts-cmac", "camellia256-cts", "camellia128-cts-cmac", "camellia128-cts", "des", "des3", "aes", SecurityParams.DFS_ENCRYPT_RC4, "camellia", "DEFAULT"});
    public static final Set<String> KERBEROS_KEYSALT_TYPES = ImmutableSet.of("normal", "v4", "norealm", "onlyrealm", "afs3", "special", new String[0]);
    public static final Set<String> AD_KERBEROS_ENCRYPTION_TYPES = ImmutableSet.of("rc4-hmac", "aes128-cts", "aes256-cts", "des-cbc-crc", "des-cbc-md5");

    /* loaded from: input_file:com/cloudera/cmf/service/config/KerberosEncTypesParamSpec$Builder.class */
    public static class Builder<S extends Builder<S>> extends StringListParamSpec.Builder<S> {
        @Override // com.cloudera.cmf.service.config.StringListParamSpec.Builder
        public KerberosEncTypesParamSpec build() {
            return new KerberosEncTypesParamSpec(this);
        }
    }

    private static Validation validateKerberosEncType(ValidationContext validationContext, String str, boolean z) {
        if (z) {
            return validateADKerberosEncType(validationContext, str);
        }
        String[] split = str.split(":");
        if (split.length == 0 || split.length > 2) {
            return Validation.warning(validationContext, MessageWithArgs.of("error.adKerberos.encryptionTypesInvalid", new String[0]));
        }
        String str2 = split[0];
        if (str2.startsWith("+") || str2.startsWith(ParcelIdentity.SEP)) {
            str2 = str2.substring(1);
        }
        if (!KERBEROS_ENCRYPTION_TYPES.contains(str2)) {
            return Validation.warning(validationContext, MessageWithArgs.of("error.kerberos.encryptionTypeInvalid", new String[]{Joiner.on(", ").join(KERBEROS_ENCRYPTION_TYPES)}));
        }
        if (split.length != 2 || KERBEROS_KEYSALT_TYPES.contains(split[1])) {
            return null;
        }
        return Validation.warning(validationContext, MessageWithArgs.of("error.kerberos.keysaltTypeInvalid", new String[]{Joiner.on(", ").join(KERBEROS_KEYSALT_TYPES)}));
    }

    private static Validation validateADKerberosEncType(ValidationContext validationContext, String str) {
        if (AD_KERBEROS_ENCRYPTION_TYPES.contains(str)) {
            return null;
        }
        return Validation.warning(validationContext, MessageWithArgs.of("error.kerberos.encryptionTypeInvalid", new String[]{Joiner.on(", ").join(AD_KERBEROS_ENCRYPTION_TYPES)}));
    }

    protected KerberosEncTypesParamSpec(Builder<?> builder) {
        super(builder);
    }

    @Override // com.cloudera.cmf.service.config.StringListParamSpec, com.cloudera.cmf.service.config.ParamSpecImpl
    public Collection<Validation> validate(ServiceHandlerRegistry serviceHandlerRegistry, ValidationContext validationContext, Object obj) {
        if (obj == null) {
            return super.validate(serviceHandlerRegistry, validationContext, null);
        }
        boolean z = false;
        DbConfigContainer configContainer = validationContext.getConfigContainer();
        if (configContainer != null) {
            DbConfig configContainerConfig = configContainer.getConfigContainerConfig(ScmParams.KDC_TYPE.templateName);
            z = configContainerConfig != null && configContainerConfig.getValue().equals(ScmParams.AD_KDC);
        }
        ArrayList newArrayList = Lists.newArrayList();
        Iterator it = ((List) obj).iterator();
        while (it.hasNext()) {
            Validation validateKerberosEncType = validateKerberosEncType(validationContext, (String) it.next(), z);
            if (validateKerberosEncType != null) {
                newArrayList.add(validateKerberosEncType);
            }
        }
        return newArrayList.size() > 0 ? newArrayList : Collections.singleton(Validation.check(validationContext));
    }

    public static Builder<?> builder() {
        return new Builder<>();
    }
}
