package com.cloudera.cmf.service;

import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.config.BooleanParamSpec;
import com.cloudera.cmf.service.config.ParamParseException;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.config.StringParamSpec;
import com.cloudera.cmf.service.hbase.HbaseServiceHandler;
import com.cloudera.cmf.service.hdfs.DfsConnector;
import com.cloudera.cmf.service.mapreduce.MapReduceServiceHandler;
import com.cloudera.cmf.service.yarn.YarnServiceHandler;
import com.cloudera.cmf.version.Release;
import com.cloudera.enterprise.MessageWithArgs;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:com/cloudera/cmf/service/HadoopSSLValidator.class */
public class HadoopSSLValidator extends AbstractValidator {
    private static final String MESSAGE_KEY_CONFIG_REQUIRED_ERROR = "message.hadoopSSLValidator.configRequiredFailure";
    private static final String MESSAGE_KEY_TRUSTSTORE_CONFIG_MISSING_ERROR = "message.hadoopSSLValidator.truststoreConfigMissingFailure";
    private static final String MESSAGE_KEY_KERBEROS_WARNING = "message.hadoopSSLValidator.kerberosWarning";
    private static final String MESSAGE_KEY_SECURE_WEB_UI_WARNING = "message.hadoopSSLValidator.secureWebUIWarning";
    private BooleanParamSpec secureWebUiParamSpec;

    @VisibleForTesting
    static final List<StringParamSpec> CORE_REQUIRED_SSL_SERVICE_PARAMS = ImmutableList.of(HadoopSSLParams.CORE_SSL_SERVER_KEYSTORE_LOCATION, HadoopSSLParams.CORE_SSL_SERVER_KEYSTORE_PASSWORD, HadoopSSLParams.CORE_SSL_SERVER_KEYSTORE_KEYPASSWORD);

    @VisibleForTesting
    static final List<StringParamSpec> HBASE_REQUIRED_SSL_SERVICE_PARAMS = ImmutableList.of(HadoopSSLParams.HBASE_SSL_SERVER_KEYSTORE_LOCATION, HadoopSSLParams.HBASE_SSL_SERVER_KEYSTORE_PASSWORD, HadoopSSLParams.HBASE_SSL_SERVER_KEYSTORE_KEYPASSWORD);
    private static final Map<String, SSLServiceConfig> SSL_SERVICE_CONFIG_MAP = ImmutableMap.of("HDFS", new SSLServiceConfig(CORE_REQUIRED_SSL_SERVICE_PARAMS), MapReduceServiceHandler.SERVICE_TYPE, new SSLServiceConfig(CORE_REQUIRED_SSL_SERVICE_PARAMS), YarnServiceHandler.SERVICE_TYPE, new SSLServiceConfig(CORE_REQUIRED_SSL_SERVICE_PARAMS), HbaseServiceHandler.SERVICE_TYPE, new SSLServiceConfig(HBASE_REQUIRED_SSL_SERVICE_PARAMS));

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/cloudera/cmf/service/HadoopSSLValidator$SSLServiceConfig.class */
    public static class SSLServiceConfig {
        private final List<StringParamSpec> requiredServiceParams;

        private SSLServiceConfig(List<StringParamSpec> list) {
            this.requiredServiceParams = list;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public List<StringParamSpec> getRequiredServiceParams() {
            return this.requiredServiceParams;
        }
    }

    public HadoopSSLValidator() {
        this(SecurityParams.SECURE_WEB_UI);
    }

    public HadoopSSLValidator(BooleanParamSpec booleanParamSpec) {
        super(true, "hadoop_ssl_validator");
        this.secureWebUiParamSpec = booleanParamSpec;
    }

    @Override // com.cloudera.cmf.service.Validator
    public Collection<Validation> validate(ServiceHandlerRegistry serviceHandlerRegistry, ValidationContext validationContext) {
        DbService service = validationContext.getService();
        SSLServiceConfig sSLServiceConfig = getSSLServiceConfig(service.getServiceType());
        if (sSLServiceConfig == null) {
            return ImmutableList.of();
        }
        Map<String, String> serviceConfigsMap = service.getServiceConfigsMap();
        Release serviceVersion = service.getServiceVersion();
        ArrayList newArrayList = Lists.newArrayList();
        CmfEntityManager currentCmfEntityManager = CmfEntityManager.currentCmfEntityManager();
        ServiceHandler serviceHandler = serviceHandlerRegistry.get(service);
        if (!DependencyUtils.hadoopSSLEnabledForService(service, serviceHandler, serviceHandlerRegistry, currentCmfEntityManager)) {
            return newArrayList;
        }
        if (hasSSLEnabledConfig(serviceHandler, service) && !serviceHandler.requiresCredentials(currentCmfEntityManager, service)) {
            newArrayList.add(Validation.warning(validationContext, makeKerberosWarningMessage()));
        }
        try {
            if (serviceHandler.getConfigSpec().containsParam(this.secureWebUiParamSpec) && !this.secureWebUiParamSpec.extractFromStringMap(serviceConfigsMap, serviceVersion).booleanValue()) {
                newArrayList.add(Validation.warning(validationContext.detail(this.secureWebUiParamSpec, service.getServiceConfig(this.secureWebUiParamSpec.getTemplateName())), makeSecureWebUIWarningMessage()));
            }
            for (StringParamSpec stringParamSpec : sSLServiceConfig.getRequiredServiceParams()) {
                if (!paramIsSet(stringParamSpec, serviceConfigsMap, serviceVersion)) {
                    newArrayList.add(Validation.error(validationContext.detail(stringParamSpec, service.getServiceConfig(stringParamSpec.getTemplateName())), makeConfigRequiredErrorMessage(stringParamSpec)));
                }
            }
            return newArrayList;
        } catch (ParamParseException e) {
            return ImmutableList.of();
        }
    }

    private static SSLServiceConfig getSSLServiceConfig(String str) {
        return SSL_SERVICE_CONFIG_MAP.get(str);
    }

    private boolean hasSSLEnabledConfig(ServiceHandler serviceHandler, DbService dbService) {
        return HbaseServiceHandler.SERVICE_TYPE.equals(serviceHandler.getServiceType()) || serviceHandler.supportsConnectorType(DfsConnector.TYPE, ConnectorContext.of(dbService));
    }

    private boolean paramIsSet(StringParamSpec stringParamSpec, Map<String, String> map, Release release) throws ParamParseException {
        return StringUtils.trimToNull(stringParamSpec.extractFromStringMap(map, release)) != null;
    }

    @VisibleForTesting
    static MessageWithArgs makeConfigRequiredErrorMessage(ParamSpec<?> paramSpec) {
        return MessageWithArgs.of(MESSAGE_KEY_CONFIG_REQUIRED_ERROR, new String[]{paramSpec.getDisplayName()});
    }

    @VisibleForTesting
    static MessageWithArgs makeTruststoreConfigMissingErrorMessage(ParamSpec<?> paramSpec) {
        return MessageWithArgs.of(MESSAGE_KEY_TRUSTSTORE_CONFIG_MISSING_ERROR, new String[]{paramSpec.getDisplayName()});
    }

    @VisibleForTesting
    static MessageWithArgs makeKerberosWarningMessage() {
        return MessageWithArgs.of(MESSAGE_KEY_KERBEROS_WARNING, new String[0]);
    }

    @VisibleForTesting
    static MessageWithArgs makeSecureWebUIWarningMessage() {
        return MessageWithArgs.of(MESSAGE_KEY_SECURE_WEB_UI_WARNING, new String[0]);
    }
}
