package com.cloudera.cmf.service.config;

import com.cloudera.cmf.Constants;
import com.cloudera.cmf.service.config.KerberosPrincEvaluator;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.cmf.service.zookeeper.ZkServerRoleHandler;
import com.cloudera.cmf.service.zookeeper.ZooKeeperParams;
import com.cloudera.cmf.service.zookeeper.ZooKeeperServiceHandler;
import com.cloudera.cmf.version.Release;
import com.cloudera.server.common.KerberosAuthentication;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.RangeMap;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/cloudera/cmf/service/config/ZookeeperConfigFileDefinitions.class */
public class ZookeeperConfigFileDefinitions {
    private static final String ZK_JAAS_TEMPLATES_COMMON = "  com.sun.security.auth.module.Krb5LoginModule required\n  useKeyTab=true\n  keyTab=\"zookeeper.keytab\"\n  storeKey=true\n  useTicketCache=false\n  principal=\"%s\";\n};";
    public static final String JMX_AUTH_PASSWORD_FILE_NAME = "jmxremote.password";
    public static final String JMX_AUTH_ACCESS_FILE_NAME = "jmxremote.access";
    public static final List<ConfigEvaluator> ZOO_CFG = ImmutableList.of(new ParamSpecEvaluator(ZooKeeperParams.TICK_TIME), new ParamSpecEvaluator(ZooKeeperParams.INIT_LIMIT), new ParamSpecEvaluator(ZooKeeperParams.SYNC_LIMIT), new ParamSpecEvaluator(ZooKeeperParams.ZOOKEEPER_SERVER_4LW_COMMANDS_WHITELIST), new ParamSpecEvaluator(ZooKeeperParams.DATA_DIR), new ParamSpecEvaluator(ZooKeeperParams.DATA_LOG_DIR), new ParamSpecEvaluator(ZooKeeperParams.CLIENT_PORT), new ParamSpecEvaluator(ZooKeeperParams.CLIENT_PORT_ADDRESS), new ParamSpecEvaluator(ZooKeeperParams.MAX_CLIENT_CNXNS), new ParamSpecEvaluator(ZooKeeperParams.MIN_SESSION_TIMEOUT), new ParamSpecEvaluator(ZooKeeperParams.MAX_SESSION_TIMEOUT), new ParamSpecEvaluator(ZooKeeperParams.AUTOPURGE_INTERVAL), new ConfigEvaluator[]{new ParamSpecEvaluator(ZooKeeperParams.AUTOPURGE_SNAP_RETAIN_COUNT), new ParamSpecEvaluator(ZooKeeperParams.ZOOKEEPER_QUORUM_AUTH_ENABLE_SASL), new ParamSpecEvaluator(ZooKeeperParams.ZOOKEEPER_QUORUM_CNX_THREADS), new ParamSpecEvaluator(ZooKeeperParams.ENABLE_ADMIN_SERVER), new ParamSpecEvaluator(ZooKeeperParams.ADMIN_SERVER_PORT), new ZKQuorumPeersEvaluator(), new ParamSpecEvaluator(ZooKeeperParams.ZOOKEEPER_LEADER_SERVES), ConditionalEvaluator.builder().expectedValue(ZooKeeperParams.ZOOKEEPER_ENABLE_SECURITY, true).evaluators(new HardcodedConfigEvaluator("authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider"), new HardcodedConfigEvaluator("kerberos.removeHostFromPrincipal", "true"), new HardcodedConfigEvaluator("kerberos.removeRealmFromPrincipal", "true")).build(), ConditionalEvaluator.builder().expectedValue(ZooKeeperParams.ZOOKEEPER_QUORUM_AUTH_ENABLE_SASL, true).evaluators(new CombinedEvaluator((Set<? extends Enum<?>>) ImmutableSet.of(ZooKeeperServiceHandler.RoleNames.SERVER), "quorum.auth.kerberos.servicePrincipal", "%s/_HOST", new KerberosPrincEvaluator((Set<? extends Enum<?>>) null, ConfigLocator.getConfigLocator(ZooKeeperServiceHandler.SERVICE_TYPE, ZooKeeperServiceHandler.RoleNames.SERVER.name()), (Map<String, String>) ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "unused"), (String) null, (RangeMap<Release, String>) null, KerberosPrincEvaluator.PrincipalFormat.PRIMARY_ONLY)), new HardcodedConfigEvaluator("quorum.auth.learnerRequireSasl", "true"), new HardcodedConfigEvaluator("quorum.auth.serverRequireSasl", "true")).build(), ConditionalEvaluator.builder().expectedValue(ZooKeeperParams.ZOOKEEPER_TLS_ENABLED, true).evaluators(new HardcodedConfigEvaluator("serverCnxnFactory", "org.apache.zookeeper.server.NettyServerCnxnFactory"), new HardcodedConfigEvaluator("sslQuorum", "true"), ConfigEvaluatorHelpers.makeNameOverrideEvaluator(new AutoTLSPathParamSpecEvaluator(ZooKeeperParams.ZOOKEEPER_TLS_KEYSTORE), "ssl.quorum.keyStore.location", (Set<? extends Enum<?>>) null), ConfigEvaluatorHelpers.makeNameOverrideEvaluator(new AutoTLSPasswordParamSpecEvaluator(ZooKeeperParams.ZOOKEEPER_TLS_KEYSTORE_PASSWORD), "ssl.quorum.keyStore.password", (Set<? extends Enum<?>>) null), ConfigEvaluatorHelpers.makeNameOverrideEvaluator(new AutoTLSPathParamSpecEvaluator(ZooKeeperParams.ZOOKEEPER_TLS_TRUSTSTORE), "ssl.quorum.trustStore.location", (Set<? extends Enum<?>>) null), ConfigEvaluatorHelpers.makeNameOverrideEvaluator(new AutoTLSPasswordParamSpecEvaluator(ZooKeeperParams.ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD), "ssl.quorum.trustStore.password", (Set<? extends Enum<?>>) null), ConfigEvaluatorHelpers.makeNameOverrideEvaluator(ZooKeeperParams.SECURE_CLIENT_PORT, "secureClientPort"), ConfigEvaluatorHelpers.makeNameOverrideEvaluator(new AutoTLSPathParamSpecEvaluator(ZooKeeperParams.ZOOKEEPER_TLS_KEYSTORE), "ssl.keyStore.location", (Set<? extends Enum<?>>) null), ConfigEvaluatorHelpers.makeNameOverrideEvaluator(new AutoTLSPasswordParamSpecEvaluator(ZooKeeperParams.ZOOKEEPER_TLS_KEYSTORE_PASSWORD), "ssl.keyStore.password", (Set<? extends Enum<?>>) null), ConfigEvaluatorHelpers.makeNameOverrideEvaluator(new AutoTLSPathParamSpecEvaluator(ZooKeeperParams.ZOOKEEPER_TLS_TRUSTSTORE), "ssl.trustStore.location", (Set<? extends Enum<?>>) null), ConfigEvaluatorHelpers.makeNameOverrideEvaluator(new AutoTLSPasswordParamSpecEvaluator(ZooKeeperParams.ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD), "ssl.trustStore.password", (Set<? extends Enum<?>>) null), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.serviceVersionInRange(ZkServerRoleHandler.KEYSTORE_TYPE_SINCE)).evaluators(ConfigEvaluatorHelpers.makeNameOverrideEvaluator(ScmParams.KEYSTORE_TYPE, "ssl.keyStore.type", ZooKeeperServiceHandler.RoleNames.SERVER), ConfigEvaluatorHelpers.makeNameOverrideEvaluator(ScmParams.KEYSTORE_TYPE, "ssl.trustStore.type", ZooKeeperServiceHandler.RoleNames.SERVER), ConfigEvaluatorHelpers.makeNameOverrideEvaluator(ScmParams.KEYSTORE_TYPE, "ssl.quorum.keyStore.type", ZooKeeperServiceHandler.RoleNames.SERVER), ConfigEvaluatorHelpers.makeNameOverrideEvaluator(ScmParams.KEYSTORE_TYPE, "ssl.quorum.trustStore.type", ZooKeeperServiceHandler.RoleNames.SERVER)).build(), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.serviceVersionInRanges(ImmutableSet.builder().add(Constants.SERVICE_VERSIONS_FROM_CDH7_1_6_TO_CDH7_2_0).add(Constants.SERVICE_VERSIONS_SINCE_CDH7_2_7).build())).evaluators(new HardcodedConfigEvaluator("ssl.clientAuth", "none")).build()).build(), new RawPropertiesEvaluator(ZooKeeperParams.ZOOKEEPER_CONFIG_SAFETY_VALVE)});
    public static final ConfigEvaluator ZOOKEEPER_SERVER_WHITELIST_EVALUATOR = new ParamSpecEvaluator(ZooKeeperParams.ZOOKEEPER_SERVER_LOG_WHITELIST);
    private static final String ZOOKEEPER_ROOT_LOGGER = "zookeeper.root.logger";
    public static final List<ConfigEvaluator> LOG4J_PROPERTIES = ImmutableList.of(Log4JEvaluator.builder().rootLoggerPropertyName(ZOOKEEPER_ROOT_LOGGER).build());
    private static final String ZK_JAAS_TEMPLATES_SERVER = "Server {\n  com.sun.security.auth.module.Krb5LoginModule required\n  useKeyTab=true\n  keyTab=\"zookeeper.keytab\"\n  storeKey=true\n  useTicketCache=false\n  principal=\"%s\";\n};";
    private static final String ZK_JAAS_TEMPLATES_QUORUM_SERVER = "\n QuorumServer {\n  com.sun.security.auth.module.Krb5LoginModule required\n  useKeyTab=true\n  keyTab=\"zookeeper.keytab\"\n  storeKey=true\n  useTicketCache=false\n  principal=\"%s\";\n};";
    private static final String ZK_JAAS_TEMPLATES_QUORUM_LEARNER = "\n QuorumLearner {\n  com.sun.security.auth.module.Krb5LoginModule required\n  useKeyTab=true\n  keyTab=\"zookeeper.keytab\"\n  storeKey=true\n  useTicketCache=false\n  principal=\"%s\";\n};";
    public static final ConfigEvaluator ZK_JAAS_CONF_EVALUATOR = ConditionalEvaluator.builder().expectedValue(ZooKeeperParams.ZOOKEEPER_ENABLE_SECURITY, true).evaluators(new CombinedEvaluator((Set<? extends Enum<?>>) ImmutableSet.of(ZooKeeperServiceHandler.RoleNames.SERVER), "unused", ZK_JAAS_TEMPLATES_SERVER, new KerberosPrincEvaluator(null, ZooKeeperServiceHandler.SERVICE_TYPE, ZooKeeperServiceHandler.RoleNames.SERVER, ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "unused"), null)), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.paramEvaluatesToValue(ZooKeeperParams.ZOOKEEPER_QUORUM_AUTH_ENABLE_SASL, true)).evaluators(new CombinedEvaluator((Set<? extends Enum<?>>) ImmutableSet.of(ZooKeeperServiceHandler.RoleNames.SERVER), "unused", ZK_JAAS_TEMPLATES_QUORUM_SERVER, new KerberosPrincEvaluator(null, ZooKeeperServiceHandler.SERVICE_TYPE, ZooKeeperServiceHandler.RoleNames.SERVER, ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "unused"), null)), new CombinedEvaluator((Set<? extends Enum<?>>) ImmutableSet.of(ZooKeeperServiceHandler.RoleNames.SERVER), "unused", ZK_JAAS_TEMPLATES_QUORUM_LEARNER, new KerberosPrincEvaluator(null, ZooKeeperServiceHandler.SERVICE_TYPE, ZooKeeperServiceHandler.RoleNames.SERVER, ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "unused"), null))).build()).build();
    public static final ConfigEvaluator ZOOKEEPER_SERVER_JMX_USER_PASSWD_EVALUATOR = ConditionalEvaluator.builder().roleTypesToEmitFor(ZooKeeperParams.ENABLE_JMX_AGENT.getRoleTypesToEmitFor()).versionToPropertyName(ZooKeeperParams.ENABLE_JMX_AGENT.getPropertyNameMap()).checkCondition(ConditionalEvaluator.and(ConditionalEvaluator.paramEvaluatesToValue(ZooKeeperParams.ENABLE_JMX_AGENT, true), ConditionalEvaluator.paramEvaluatesToValue(ZooKeeperParams.ENABLE_JMX_AUTHENTICATION, true))).evaluators(new ParamSpecMapEvaluator(ImmutableMap.builder().put(ZooKeeperParams.JMX_PASSWD_FILE_AUTH_READONLY_USER, ZooKeeperParams.JMX_PASSWD_FILE_AUTH_READONLY_USER_PASSWORD).put(ZooKeeperParams.JMX_PASSWD_FILE_AUTH_READWRITE_USER, ZooKeeperParams.JMX_PASSWD_FILE_AUTH_READWRITE_USER_PASSWORD).build())).build();
    public static final ConfigEvaluator ZOOKEEPER_SERVER_JMX_USER_ACCESS_EVALUATOR = ConditionalEvaluator.builder().roleTypesToEmitFor(ZooKeeperParams.ENABLE_JMX_AGENT.getRoleTypesToEmitFor()).versionToPropertyName(ZooKeeperParams.ENABLE_JMX_AGENT.getPropertyNameMap()).checkCondition(ConditionalEvaluator.and(ConditionalEvaluator.paramEvaluatesToValue(ZooKeeperParams.ENABLE_JMX_AGENT, true), ConditionalEvaluator.paramEvaluatesToValue(ZooKeeperParams.ENABLE_JMX_AUTHENTICATION, true))).evaluators(new ParamSpecToStringMapEvaluator(ZooKeeperParams.JMX_PASSWD_FILE_AUTH_READONLY_USER, "readonly"), new ParamSpecToStringMapEvaluator(ZooKeeperParams.JMX_PASSWD_FILE_AUTH_READWRITE_USER, "readwrite")).build();
    public static final ConfigEvaluationPredicate JMX_TLS_ENABLED_PREDICATE = ConditionalEvaluator.and(ConditionalEvaluator.paramEvaluatesToValue(ZooKeeperParams.ENABLE_JMX_AGENT, true), ConditionalEvaluator.paramEvaluatesToValue(ZooKeeperParams.JMX_TLS_ENABLED, true));
    public static final ConfigEvaluator ZOOKEEPER_SERVER_JMX_PROPERTIES_EVALUATOR = ConditionalEvaluator.builder().roleTypesToEmitFor(ZooKeeperParams.ENABLE_JMX_AGENT.getRoleTypesToEmitFor()).versionToPropertyName(ZooKeeperParams.ENABLE_JMX_AGENT.getPropertyNameMap()).checkCondition(JMX_TLS_ENABLED_PREDICATE).evaluators(ConfigEvaluatorHelpers.makeNameOverrideEvaluator(new AutoTLSPathParamSpecEvaluator(ZooKeeperParams.JMX_TLS_KEYSTORE), "javax.net.ssl.keyStore", ZooKeeperParams.JMX_TLS_KEYSTORE.getRoleTypesToEmitFor()), ConfigEvaluatorHelpers.makeNameOverrideEvaluator(new AutoTLSPasswordParamSpecEvaluator(ZooKeeperParams.JMX_TLS_KEYSTORE_PASSWORD), "javax.net.ssl.keyStorePassword", ZooKeeperParams.JMX_TLS_KEYSTORE_PASSWORD.getRoleTypesToEmitFor()), ConfigEvaluatorHelpers.makeNameOverrideEvaluator(new AutoTLSPathParamSpecEvaluator(ZooKeeperParams.JMX_TLS_TRUSTSTORE), "javax.net.ssl.trustStore", ZooKeeperParams.JMX_TLS_TRUSTSTORE.getRoleTypesToEmitFor()), ConfigEvaluatorHelpers.makeNameOverrideEvaluator(new AutoTLSPasswordParamSpecEvaluator(ZooKeeperParams.JMX_TLS_TRUSTSTORE_PASSWORD), "javax.net.ssl.trustStorePassword", ZooKeeperParams.JMX_TLS_TRUSTSTORE_PASSWORD.getRoleTypesToEmitFor())).build();
    public static final ConfigEvaluator ZOOKEEPER_SERVER_SECURITY_CONFIG = ConditionalEvaluator.builder().roleTypesToEmitFor(ZooKeeperParams.ENABLE_JMX_AGENT.getRoleTypesToEmitFor()).versionToPropertyName(ZooKeeperParams.ENABLE_JMX_AGENT.getPropertyNameMap()).checkCondition(JMX_TLS_ENABLED_PREDICATE).evaluators(ConfigEvaluatorHelpers.makeNameOverrideEvaluator(new ParamSpecEvaluator(ScmParams.KEYSTORE_TYPE), "keystore.type", (Set<? extends Enum<?>>) null)).build();
}
