package com.cloudera.cmf.service;

import com.cloudera.cmf.Constants;
import com.cloudera.cmf.ProductState;
import com.cloudera.cmf.service.config.BooleanParamSpec;
import com.cloudera.cmf.service.config.ParagraphParamSpec;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.config.ParamSpecLabel;
import com.cloudera.cmf.service.config.PasswordParamSpec;
import com.cloudera.cmf.service.config.StringEnumParamSpec;
import com.cloudera.cmf.service.config.StringListParamSpec;
import com.cloudera.cmf.service.config.StringParamSpec;
import com.cloudera.cmf.service.hdfs.HdfsParams;
import com.cloudera.cmf.service.hdfs.HdfsServiceHandler;
import com.cloudera.cmf.service.impala.ImpalaServiceHandler;
import com.cloudera.cmf.service.mapreduce.MapReduceServiceHandler;
import com.cloudera.cmf.service.yarn.YarnServiceHandler;
import com.cloudera.cmf.version.CdhReleases;
import com.cloudera.cmf.version.Release;
import com.cloudera.server.cmf.Authentication;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableRangeMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Range;
import com.google.common.collect.RangeMap;
import java.util.Collections;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/cloudera/cmf/service/SecurityParams.class */
public class SecurityParams {
    public static final String SECURITY_DISPLAY_GROUP = "config.common.security.display_group";
    public static final String KERBEROS_DISPLAY_GROUP = "config.common.kerberos.display_group";
    public static final String SECURE_WEB_UI_NOT_ENABLED = "message.security.secure_web_ui_disabled_warning";
    public static final String HOSTNAME_REGEX = "^(([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])$";
    public static final String DOMAIN_REGEX = "^(([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-\\_]*[A-Za-z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-\\_]*[A-Za-z0-9])$";
    public static final String POSIX_GROUP_NAMES_REGEX = "^(([\\-\\_\\.A-Za-z0-9]+(,[\\-\\_\\.A-Za-z0-9]*)*)|\\*)$";
    public static final String DFS_ENCRYPT_CIPHER = "dfs.encrypt.data.transfer.cipher.suites";
    public static final String ROLE_JCEKS_PASSWORD_TEMPLATE_NAME = "role_jceks_password";
    public static final String DIAGNOSTIC_BUNDLE_REDACTION_DEFAULTS = "{\n  \"version\": 1,\n  \"rules\": [\n    {\n      \"description\": \"Redact passwords from json files\",\n      \"caseSensitive\": false,\n      \"trigger\": \"password\",\n      \"search\": \"\\\"password\\\"[ ]*:[ ]*\\\"[^\\\"]+\\\"\",\n      \"replace\": \"\\\"password\\\": \\\"BUNDLE-REDACTED\\\"\"\n    },\n    {\n      \"description\": \"Redact password= and password:\",\n      \"caseSensitive\": false,\n      \"trigger\": \"password\",\n      \"search\": \"password[:=][^ \\\"\\\\\\\\]+\",\n      \"replace\": \"password=BUNDLE-REDACTED\"\n    },\n    {\n      \"description\": \"Redact passwd= and passwd:\",\n      \"caseSensitive\": false,\n      \"trigger\": \"passwd\",\n      \"search\": \"passwd[:=][^ \\\"\\\\\\\\]+\",\n      \"replace\": \"passwd=BUNDLE-REDACTED\"\n    },\n    {\n      \"description\": \"Redact pass= and pass:\",\n      \"caseSensitive\": false,\n      \"trigger\": \"pass\",\n      \"search\": \"pass[:=][^ \\\"\\\\\\\\]+\",\n      \"replace\": \"pass=BUNDLE-REDACTED\"\n    },\n    {\n      \"description\": \"Redact PASSWORD,\",\n      \"caseSensitive\": false,\n      \"trigger\": \"PASSWORD,\",\n      \"search\": \"PASSWORD,[^\\\"\\\\\\\\]+\",\n      \"replace\": \"PASSWORD, BUNDLE-REDACTED\"\n    },\n    {\n      \"description\": \"Redact key= and key:\",\n      \"caseSensitive\": false,\n      \"trigger\": \"key\",\n      \"search\": \"key[:=][^ \\\"\\\\\\\\]+\",\n      \"replace\": \"key=BUNDLE-REDACTED\"\n    },\n    {\n      \"description\": \"Redact secret= and secret:\",\n      \"caseSensitive\": false,\n      \"trigger\": \"secret\",\n      \"search\": \"secret[:=][^ \\\"\\\\\\\\]+\",\n      \"replace\": \"secret=BUNDLE-REDACTED\"\n    },\n    {\n      \"description\": \"Redact credential= and credential:\",\n      \"caseSensitive\": false,\n      \"trigger\": \"credential\",\n      \"search\": \"credential[:=][^ \\\"\\\\\\\\]+\",\n      \"replace\": \"credential=BUNDLE-REDACTED\"\n    },\n    {\n      \"description\": \"Redact token= and token:\",\n      \"caseSensitive\": false,\n      \"trigger\": \"token\",\n      \"search\": \"token[:=][^ \\\"\\\\\\\\]+\",\n      \"replace\": \"token=BUNDLE-REDACTED\"\n    },\n    {\n      \"description\": \"Redact keyid= and keyid:\",\n      \"caseSensitive\": false,\n      \"trigger\": \"keyid\",\n      \"search\": \"keyid[:=][^ \\\"\\\\\\\\]+\",\n      \"replace\": \"keyid=BUNDLE-REDACTED\"\n    }\n  ]\n}\n";
    private static final String KERBEROS_CC_VAR = "KRB5CCNAME";
    private static final String KERBEROS_CC_PATH = "krb5cc_cldr";
    public static final ImmutableSet<String> AUTHENTICATION_TYPE_SET = ImmutableSet.of(Authentication.AUTHENTICATION_TYPES.simple.name(), Authentication.AUTHENTICATION_TYPES.kerberos.name());
    public static final StringEnumParamSpec SECURE_AUTHENTICATION = ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) StringEnumParamSpec.builder().i18nKeyPrefix("config.hdfs.service.hadoop_security_authentication")).displayGroupKey("config.common.security.display_group")).templateName("hadoop_security_authentication")).supportedVersions("hadoop.security.authentication")).defaultValue((StringEnumParamSpec.Builder) "simple")).feature(ProductState.Feature.KERBEROS)).validValues((Set) AUTHENTICATION_TYPE_SET)).clientConfig(true)).build2();
    public static final String AUTHENTICATION_RPC_PROTECTION = "authentication";
    public static final String INTEGRITY_RPC_PROTECTION = "integrity";
    public static final String PRIVACY_RPC_PROTECTION = "privacy";
    public static final ImmutableSet<String> RPC_PROTECTION_TYPE_SET = ImmutableSet.of(AUTHENTICATION_RPC_PROTECTION, INTEGRITY_RPC_PROTECTION, PRIVACY_RPC_PROTECTION);
    public static final StringEnumParamSpec RPC_PROTECTION = ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) StringEnumParamSpec.builder().i18nKeyPrefix("config.hdfs.service.hadoop_rpc_protection")).displayGroupKey("config.common.security.display_group")).templateName("hadoop_rpc_protection")).supportedVersions("hadoop.rpc.protection")).defaultValue((StringEnumParamSpec.Builder) AUTHENTICATION_RPC_PROTECTION)).feature(ProductState.Feature.KERBEROS)).validValues((Set) RPC_PROTECTION_TYPE_SET)).clientConfig(true)).label(ParamSpecLabel.VPC_DEFAULT_BASE)).build2();
    public static final BooleanParamSpec DFS_NAMENODE_ACLS_ENABLE = ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) BooleanParamSpec.builder().i18nKeyPrefix("config.hdfs.service.dfs_namenode_acls_enabled")).displayGroupKey("config.common.security.display_group")).templateName("dfs_namenode_acls_enabled")).roleTypesToEmitFor((Set<? extends Enum<?>>) ImmutableSet.of(HdfsServiceHandler.RoleNames.NAMENODE, HdfsServiceHandler.RoleNames.GATEWAY))).clientConfig(true)).supportedVersions("dfs.namenode.acls.enabled")).defaultValue((RangeMap) ImmutableRangeMap.builder().put(Constants.SERVICE_VERSIONS_PRIOR_TO_CDH7_0_0, false).put(Constants.SERVICE_VERSIONS_SINCE_CDH7, true).build())).build();
    public static final BooleanParamSpec DFS_ENCRYPT_DATA_TRANSFER_ENABLE = ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) BooleanParamSpec.builder().i18nKeyPrefix("config.hdfs.service.dfs_encrypt_data_transfer")).displayGroupKey("config.common.security.display_group")).templateName("dfs_encrypt_data_transfer")).roleTypesToEmitFor((Set<? extends Enum<?>>) ImmutableSet.of(HdfsServiceHandler.RoleNames.NAMENODE, HdfsServiceHandler.RoleNames.DATANODE, HdfsServiceHandler.RoleNames.BALANCER))).supportedVersions("dfs.encrypt.data.transfer")).feature(ProductState.Feature.KERBEROS)).defaultValue((BooleanParamSpec.Builder) false)).descriptionArguments(PRIVACY_RPC_PROTECTION)).label(ParamSpecLabel.VPC_DEFAULT_BASE)).build();
    public static final Set<HdfsServiceHandler.RoleNames> DFS_ENCRYPT_ROLES = ImmutableSet.of(HdfsServiceHandler.RoleNames.NAMENODE, HdfsServiceHandler.RoleNames.DATANODE, HdfsServiceHandler.RoleNames.BALANCER);
    public static final Set<HdfsServiceHandler.RoleNames> DFS_ENCRYPT_GATEWAY_ROLES = ImmutableSet.builder().addAll(DFS_ENCRYPT_ROLES).add(HdfsServiceHandler.RoleNames.GATEWAY).add(HdfsServiceHandler.RoleNames.HTTPFS).build();
    public static final String DFS_ENCRYPT_3DES = "3des";
    public static final String DFS_ENCRYPT_RC4 = "rc4";
    public static final String DFS_ENCRYPT_AES_CTR = "AES/CTR/NoPadding";
    public static final String DFS_ENCRYPT_ALGO = "dfs.encrypt.data.transfer.algorithm";
    public static final StringEnumParamSpec DFS_ENCRYPT_DATA_TRANSFER_ALGORITHM = ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) StringEnumParamSpec.builder().i18nKeyPrefix("config.hdfs.service.dfs_encrypt_data_transfer_algorithm")).descriptionArguments(DFS_ENCRYPT_3DES, DFS_ENCRYPT_RC4, DFS_ENCRYPT_AES_CTR)).displayGroupKey("config.common.security.display_group")).templateName("dfs_encrypt_data_transfer_algorithm")).roleTypesToEmitFor(DFS_ENCRYPT_ROLES)).supportedVersions(DFS_ENCRYPT_ALGO)).defaultValue((StringEnumParamSpec.Builder) DFS_ENCRYPT_RC4)).feature(ProductState.Feature.KERBEROS)).validValues((RangeMap) ImmutableRangeMap.builder().put(Range.lessThan(CdhReleases.CDH5_4_0), ImmutableSet.of(DFS_ENCRYPT_3DES, DFS_ENCRYPT_RC4)).put(Range.atLeast(CdhReleases.CDH5_4_0), ImmutableSet.of(DFS_ENCRYPT_3DES, DFS_ENCRYPT_RC4, DFS_ENCRYPT_AES_CTR)).build())).build2();
    public static final StringEnumParamSpec DFS_ENCRYPT_DATA_TRANSFER_CIPHER_KEYBITS = ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) ((StringEnumParamSpec.Builder) StringEnumParamSpec.builder().i18nKeyPrefix("config.hdfs.service.dfs_encrypt_data_transfer_cipher_keybits")).displayGroupKey("config.common.security.display_group")).templateName("dfs_encrypt_data_transfer_cipher_keybits")).roleTypesToEmitFor(DFS_ENCRYPT_GATEWAY_ROLES)).supportedVersions("dfs.encrypt.data.transfer.cipher.key.bitlength", Constants.SERVICE_VERSIONS_SINCE_CDH5_4_0)).defaultValue((StringEnumParamSpec.Builder) "256")).feature(ProductState.Feature.KERBEROS)).validValues((Set) ImmutableSet.of("128", "192", "256"))).build2();
    public static final BooleanParamSpec SECURE_AUTHORIZATION = ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) BooleanParamSpec.builder().i18nKeyPrefix("config.hdfs.service.hadoop_security_authorization")).displayGroupKey("config.common.security.display_group")).templateName("hadoop_security_authorization")).roleTypesToEmitFor((Set<? extends Enum<?>>) ImmutableSet.of(HdfsServiceHandler.RoleNames.NAMENODE, HdfsServiceHandler.RoleNames.SECONDARYNAMENODE, HdfsServiceHandler.RoleNames.DATANODE, HdfsServiceHandler.RoleNames.JOURNALNODE, HdfsServiceHandler.RoleNames.GATEWAY))).supportedVersions("hadoop.security.authorization")).defaultValue((BooleanParamSpec.Builder) false)).feature(ProductState.Feature.KERBEROS)).clientConfig(true)).build();
    public static final BooleanParamSpec SECURE_WEB_UI = ((BooleanParamSpec.Builder) secureWebUiParamBuilder().roleTypesToEmitFor((Set<? extends Enum<?>>) ImmutableSet.of(HdfsServiceHandler.RoleNames.NAMENODE, HdfsServiceHandler.RoleNames.SECONDARYNAMENODE, HdfsServiceHandler.RoleNames.DATANODE, HdfsServiceHandler.RoleNames.JOURNALNODE, HdfsServiceHandler.RoleNames.FAILOVERCONTROLLER, MapReduceServiceHandler.RoleNames.JOBTRACKER, new Enum[]{MapReduceServiceHandler.RoleNames.TASKTRACKER, YarnServiceHandler.RoleNames.RESOURCEMANAGER, YarnServiceHandler.RoleNames.JOBHISTORY, YarnServiceHandler.RoleNames.NODEMANAGER, ImpalaServiceHandler.RoleNames.IMPALAD, ImpalaServiceHandler.RoleNames.STATESTORE, ImpalaServiceHandler.RoleNames.CATALOGSERVER}))).build();
    public static final StringParamSpec HADOOP_HTTP_AUTH_COOKIE_DOMAIN = ((StringParamSpec.Builder) ((StringParamSpec.Builder) ((StringParamSpec.Builder) ((StringParamSpec.Builder) ((StringParamSpec.Builder) StringParamSpec.builder().i18nKeyPrefix("config.hdfs.service.hadoop_http_auth_cookie_domain")).displayGroupKey("config.common.security.display_group")).templateName("hadoop_http_auth_cookie_domain")).defaultValue((StringParamSpec.Builder) CommandUtils.CONFIG_TOP_LEVEL_DIR)).feature(ProductState.Feature.KERBEROS)).build();
    public static final PasswordParamSpec HTTP_AUTH_SIGNATURE_SECRET = ((PasswordParamSpec.Builder) ((PasswordParamSpec.Builder) ((PasswordParamSpec.Builder) ((PasswordParamSpec.Builder) PasswordParamSpec.builder().i18nKeyPrefix("config.hdfs.service.http_auth_signature_secret")).templateName("http_auth_signature_secret")).displayGroupKey("config.common.security.display_group")).hidden(true)).build();
    public static final String HADOOP_USER_TO_GROUP_MAPPING_CLASS = "org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider";
    public static final String LOCAL_USER_TO_GROUP_MAPPING_CLASS = "org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider";
    public static final Set<String> SENTRY_PROVIDER_VALID_VALUES = ImmutableSet.of(HADOOP_USER_TO_GROUP_MAPPING_CLASS, LOCAL_USER_TO_GROUP_MAPPING_CLASS);
    public static final StringListParamSpec HADOOP_AUTHORIZED_USERS = ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) StringListParamSpec.builder().i18nKeyPrefix("config.hdfs.service.hadoop_authorized_users")).displayGroupKey("config.common.security.display_group")).templateName("hadoop_authorized_users")).defaultValue((StringListParamSpec.Builder) ImmutableList.of("*"))).maxLen(Integer.MAX_VALUE).clientConfig(true)).build();
    public static final StringListParamSpec HADOOP_AUTHORIZED_GROUPS = ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) StringListParamSpec.builder().i18nKeyPrefix("config.hdfs.service.hadoop_authorized_groups")).displayGroupKey("config.common.security.display_group")).defaultValue((StringListParamSpec.Builder) ImmutableList.of())).templateName("hadoop_authorized_groups")).maxLen(Integer.MAX_VALUE).clientConfig(true)).build();
    public static final StringListParamSpec HADOOP_AUTHORIZED_ADMIN_USERS = ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) StringListParamSpec.builder().i18nKeyPrefix("config.hdfs.service.hadoop_authorized_admin_users")).displayGroupKey("config.common.security.display_group")).templateName("hadoop_authorized_admin_users")).defaultValue((StringListParamSpec.Builder) ImmutableList.of("*"))).maxLen(Integer.MAX_VALUE).clientConfig(true)).build();
    public static final StringListParamSpec HADOOP_AUTHORIZED_ADMIN_GROUPS = ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) StringListParamSpec.builder().i18nKeyPrefix("config.hdfs.service.hadoop_authorized_admin_groups")).displayGroupKey("config.common.security.display_group")).defaultValue((StringListParamSpec.Builder) ImmutableList.of())).templateName("hadoop_authorized_admin_groups")).maxLen(Integer.MAX_VALUE).clientConfig(true)).build();
    public static final BooleanParamSpec REDACTION_POLICY_ENABLED = ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) BooleanParamSpec.builder().i18nKeyPrefix("config.common.redaction_policy_enabled")).displayGroupKey("config.common.security.display_group")).templateName("redaction_policy_enabled")).supportedVersions("redaction_policy_enabled", Constants.SERVICE_VERSIONS_SINCE_CDH5_4_0)).defaultValue((RangeMap) ImmutableRangeMap.builder().put(Constants.SERVICE_VERSIONS_PRIOR_TO_CDH6_0_0, false).put(Constants.SERVICE_VERSIONS_SINCE_CDH6_0_0, true).build())).authority("AUTH_REDACTION")).build();
    public static final String HDFS_REDACTION_DEFAULTS = "{\n  \"version\": 1,\n  \"rules\": [\n    {\n      \"description\": \"Redact passwords from json files\",\n      \"trigger\": \"password\",\n      \"search\": \"\\\"password\\\"[ ]*:[ ]*\\\"[^\\\"]+\\\"\",\n      \"caseSensitive\": false,\n      \"replace\": \"\\\"password\\\": \\\"LOG-REDACTED\\\"\"\n    },\n    {\n      \"description\": \"Redact password= and password:\",\n      \"trigger\": \"password\",\n      \"search\": \"password[:=][^ \\\"\\\\\\\\]+\",\n      \"caseSensitive\": false,\n      \"replace\": \"password=LOG-REDACTED\"\n    },\n    {\n      \"description\": \"Redact passwd= and passwd:\",\n      \"trigger\": \"passwd\",\n      \"search\": \"passwd[:=][^ \\\"\\\\\\\\]+\",\n      \"caseSensitive\": false,\n      \"replace\": \"passwd=LOG-REDACTED\"\n    },\n    {\n      \"description\": \"Redact pass= and pass:\",\n      \"trigger\": \"pass\",\n      \"search\": \"pass[:=][^ \\\"\\\\\\\\]+\",\n      \"caseSensitive\": false,\n      \"replace\": \"pass=LOG-REDACTED\"\n    },\n    {\n      \"description\": \"Redact PASSWORD,\",\n      \"trigger\": \"PASSWORD,\",\n      \"search\": \"PASSWORD,[^\\\"\\\\\\\\]+\",\n      \"caseSensitive\": false,\n      \"replace\": \"PASSWORD, LOG-REDACTED\"\n    },\n    {\n      \"description\": \"Redact secret= and secret:\",\n      \"trigger\": \"secret\",\n      \"search\": \"secret[:=][^ \\\"\\\\\\\\]+\",\n      \"caseSensitive\": false,\n      \"replace\": \"secret=LOG-REDACTED\"\n    },\n    {\n      \"description\": \"Credit Card numbers (with separator)\",\n      \"search\": \"\\\\d{4}[^\\\\w:]\\\\d{4}[^\\\\w:]\\\\d{4}[^\\\\w:]\\\\d{4}\",\n      \"caseSensitive\": true,\n      \"replace\": \"XXXX-XXXX-XXXX-XXXX\"\n    },\n    {\n      \"description\": \"Social Security numbers (with separator)\",\n      \"search\": \"\\\\d{3}[^\\\\w:]\\\\d{2}[^\\\\w:]\\\\d{4}\",\n      \"caseSensitive\": true,\n      \"replace\": \"XXX-XX-XXXX\"\n    }\n  ]\n}";
    public static final ParagraphParamSpec REDACTION_POLICY = ((ParagraphParamSpec.Builder) ((ParagraphParamSpec.Builder) ((ParagraphParamSpec.Builder) ((ParagraphParamSpec.Builder) ((ParagraphParamSpec.Builder) ((ParagraphParamSpec.Builder) ((ParagraphParamSpec.Builder) ((ParagraphParamSpec.Builder) ParagraphParamSpec.builder().i18nKeyPrefix("config.common.redaction_policy")).displayGroupKey("config.common.security.display_group")).templateName("redaction_policy")).supportedVersions("redaction_policy", Constants.SERVICE_VERSIONS_SINCE_CDH5_4_0)).required(false)).valueFormat(ParamSpec.ValueFormat.JSON)).defaultValue(HDFS_REDACTION_DEFAULTS, Constants.SERVICE_VERSIONS_SINCE_CDH6_0_0)).authority("AUTH_REDACTION")).build();
    public static final BooleanParamSpec SECURITY_LOGGER_ENABLED = ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) BooleanParamSpec.builder().i18nKeyPrefix("config.common.security_logger_enabled")).displayGroupKey("config.common.security.display_group")).templateName("security_logger_enabled")).supportedVersions("security_logger_enabled", Constants.SERVICE_VERSIONS_SINCE_CDH5_4_0)).required(false)).defaultValue((RangeMap) ImmutableRangeMap.builder().put(Constants.SERVICE_VERSIONS_PRIOR_TO_CDH6_0_0, false).put(Constants.SERVICE_VERSIONS_SINCE_CDH6_0_0, true).build())).authority("AUTH_REDACTION")).build();
    public static final BooleanParamSpec GENERATE_JCEKS_PASSWORD = ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) BooleanParamSpec.builder().i18nKeyPrefix("config.common.generate_jceks_password")).templateName("generate_jceks_password")).supportedVersions("generate_jceks_password")).defaultValue((BooleanParamSpec.Builder) true)).build();

    /* JADX WARN: Multi-variable type inference failed */
    public static BooleanParamSpec.Builder<?> secureWebUiParamBuilder() {
        return (BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) ((BooleanParamSpec.Builder) BooleanParamSpec.builder().i18nKeyPrefix("config.hdfs.service.hadoop_secure_web_ui")).displayGroupKey("config.common.security.display_group")).templateName("hadoop_secure_web_ui")).defaultValue((BooleanParamSpec.Builder) false)).feature(ProductState.Feature.KERBEROS);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static StringListParamSpec trustedRealmsParamSpec(String str, Range<Release> range, boolean z) {
        return ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) ((StringListParamSpec.Builder) StringListParamSpec.builder().i18nKeyPrefix(String.format("config.%s.service.trusted_realms", str.toLowerCase()))).displayGroupKey("config.common.security.display_group")).templateName("trusted_realms")).supportedVersions(range)).defaultValue((StringListParamSpec.Builder) Collections.emptyList())).maxLen(100).feature(ProductState.Feature.KERBEROS)).clientConfig(z)).build();
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static ParagraphParamSpec extraAuthToLocalRulesParamSpec(String str, Range<Release> range, boolean z) {
        return ((ParagraphParamSpec.Builder) ((ParagraphParamSpec.Builder) ((ParagraphParamSpec.Builder) ((ParagraphParamSpec.Builder) ((ParagraphParamSpec.Builder) ((ParagraphParamSpec.Builder) ((ParagraphParamSpec.Builder) ParagraphParamSpec.builder().i18nKeyPrefix(String.format("config.%s.service.extra_auth_to_local_rules", str.toLowerCase()))).displayGroupKey("config.common.security.display_group")).templateName("extra_auth_to_local_rules")).supportedVersions(range)).feature(ProductState.Feature.KERBEROS)).clientConfig(true)).defaultValue((ParagraphParamSpec.Builder) HdfsParams.AUTO_SET_STRING)).build();
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static PasswordParamSpec jceksPasswordParamSpec(String str) {
        return ((PasswordParamSpec.Builder) ((PasswordParamSpec.Builder) ((PasswordParamSpec.Builder) ((PasswordParamSpec.Builder) ((PasswordParamSpec.Builder) PasswordParamSpec.builder().templateName(ROLE_JCEKS_PASSWORD_TEMPLATE_NAME)).i18nKeyPrefix("unused")).hidden(true)).required(true)).authority(str)).build();
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static ParagraphParamSpec.Builder<?> keycloakAdapterConfigBuilder() {
        return (ParagraphParamSpec.Builder) ((ParagraphParamSpec.Builder) ((ParagraphParamSpec.Builder) ((ParagraphParamSpec.Builder) ((ParagraphParamSpec.Builder) ((ParagraphParamSpec.Builder) ((ParagraphParamSpec.Builder) ((ParagraphParamSpec.Builder) ((ParagraphParamSpec.Builder) ParagraphParamSpec.builder().i18nKeyPrefix("unused")).hidden(true)).sensitive(true)).required(false)).valueFormat(ParamSpec.ValueFormat.JSON)).defaultValue((ParagraphParamSpec.Builder) CommandUtils.CONFIG_TOP_LEVEL_DIR)).label(ParamSpecLabel.SSO_CONFIG)).feature(ProductState.Feature.SINGLE_SIGN_ON)).authority("ROLE_ADMIN");
    }

    public static Map<String, String> getSecurityEnvVars() {
        ImmutableMap.Builder builder = ImmutableMap.builder();
        builder.put(KERBEROS_CC_VAR, KERBEROS_CC_PATH);
        return builder.build();
    }

    public static void addGenericJavaOpts(StringBuilder sb) {
        sb.append(" -Dsun.security.krb5.disableReferrals=true");
    }
}
