package com.cloudera.cmf.service.config;

import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.DaemonRoleHandler;
import com.cloudera.cmf.service.DependencyUtils;
import com.cloudera.cmf.service.HadoopSSLParams;
import com.cloudera.cmf.service.RoleHandler;
import com.cloudera.cmf.service.ServiceDataProvider;
import com.cloudera.cmf.service.ServiceHandlerRegistry;
import com.cloudera.cmf.service.config.TLSCipherConfigEvaluator;
import com.cloudera.cmf.service.scm.ScmParams;
import com.google.common.collect.ImmutableList;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:com/cloudera/cmf/service/config/HadoopSSLConfigFileDefinitions.class */
public class HadoopSSLConfigFileDefinitions {
    private static final List<ConfigEvaluator> HBASE_SSL_SERVER = ImmutableList.of(ConditionalEvaluator.builder().checkCondition(hadoopSSLEnabled()).evaluators(ConfigEvaluatorHelpers.makeNameOverrideEvaluator(ScmParams.KEYSTORE_TYPE, HadoopSSLParams.SSL_SERVER_KEYSTORE_TYPE_PROP_NAME), new AutoTLSPathParamSpecEvaluator(HadoopSSLParams.HBASE_SSL_SERVER_KEYSTORE_LOCATION), new AutoTLSPasswordParamSpecEvaluator(HadoopSSLParams.HBASE_SSL_SERVER_KEYSTORE_PASSWORD), new AutoTLSPasswordParamSpecEvaluator(HadoopSSLParams.HBASE_SSL_SERVER_KEYSTORE_KEYPASSWORD), new XMLSafetyValveEvaluator(HadoopSSLParams.HBASE_SSL_SERVER_SAFETY_VALVE)).build());
    private static final List<ConfigEvaluator> MGMT_SSL_CLIENT = ImmutableList.of(ConditionalEvaluator.builder().expectedValue(HadoopSSLParams.MGMT_SSL_CLIENT_TRUSTSTORE_LOCATION, null).alternateEvaluators(ConfigEvaluatorHelpers.makeNameOverrideEvaluator(ScmParams.KEYSTORE_TYPE, HadoopSSLParams.SSL_CLIENT_TRUSTSTORE_TYPE_PROP_NAME), new AutoTLSPathParamSpecEvaluator(HadoopSSLParams.MGMT_SSL_CLIENT_TRUSTSTORE_LOCATION), new AutoTLSPasswordParamSpecEvaluator((ParamSpec<String>) HadoopSSLParams.MGMT_SSL_CLIENT_TRUSTSTORE_PASSWORD, false), new HardcodedConfigEvaluator(HadoopSSLParams.SSL_CLIENT_TRUSTSTORE_RELOAD_INTERVAL_PROP_NAME, "10000"), new XMLSafetyValveEvaluator(HadoopSSLParams.MGMT_SSL_CLIENT_SAFETY_VALVE)).build());
    public static final XMLConfigFileGenerator HDFS_SSL_SERVER_XML = makeCoreSSLServerXML(HadoopSSLParams.HDFS_SSL_SERVER_SAFETY_VALVE);
    public static final XMLConfigFileGenerator HDFS_SSL_CLIENT_XML = makeHdfsSSLClientXML(HadoopSSLParams.SSL_CLIENT_CONF);
    public static final XMLConfigFileGenerator MR1_SSL_SERVER_XML = makeCoreSSLServerXML(HadoopSSLParams.MR1_SSL_SERVER_SAFETY_VALVE);
    public static final XMLConfigFileGenerator MR1_SSL_CLIENT_XML = makeCoreSSLClientXML(HadoopSSLParams.MR1_SSL_CLIENT_SAFETY_VALVE);
    public static final XMLConfigFileGenerator YARN_SSL_SERVER_XML = makeCoreSSLServerXML(HadoopSSLParams.YARN_SSL_SERVER_SAFETY_VALVE);
    public static final XMLConfigFileGenerator YARN_SSL_CLIENT_XML = makeCoreSSLClientXML(HadoopSSLParams.YARN_SSL_CLIENT_SAFETY_VALVE);
    public static final XMLConfigFileGenerator HBASE_SSL_SERVER_XML = new XMLConfigFileGenerator(HBASE_SSL_SERVER, HadoopSSLParams.SSL_SERVER_CONF);
    public static final XMLConfigFileGenerator MGMT_SSL_CLIENT_XML = new XMLConfigFileGenerator(MGMT_SSL_CLIENT, HadoopSSLParams.SSL_CLIENT_CONF);

    public static ConfigEvaluationPredicate hadoopSSLEnabled() {
        return new ConfigEvaluationPredicate() { // from class: com.cloudera.cmf.service.config.HadoopSSLConfigFileDefinitions.1
            @Override // com.cloudera.cmf.service.config.ConfigEvaluationPredicate
            public boolean checkCondition(ServiceDataProvider serviceDataProvider, DbService dbService, DbRole dbRole, RoleHandler roleHandler, Map<String, Object> map) throws ConfigGenException, DaemonRoleHandler.ProcessSupplierException {
                ServiceHandlerRegistry serviceHandlerRegistry = serviceDataProvider.getServiceHandlerRegistry();
                return DependencyUtils.hadoopSSLEnabledForService(dbService, serviceHandlerRegistry.get(dbService), serviceHandlerRegistry, CmfEntityManager.currentCmfEntityManager());
            }
        };
    }

    public static XMLConfigFileGenerator makeHdfsSSLClientXML(String str) {
        return makeSSLClientXML(HadoopSSLParams.HDFS_SSL_CLIENT_TRUSTSTORE_LOCATION, HadoopSSLParams.HDFS_SSL_CLIENT_TRUSTSTORE_PASSWORD, HadoopSSLParams.HDFS_SSL_CLIENT_SAFETY_VALVE, str);
    }

    private static XMLConfigFileGenerator makeCoreSSLClientXML(ParamSpec<String> paramSpec) {
        return makeSSLClientXML(HadoopSSLParams.CORE_SSL_CLIENT_TRUSTSTORE_LOCATION, HadoopSSLParams.CORE_SSL_CLIENT_TRUSTSTORE_PASSWORD, paramSpec, HadoopSSLParams.SSL_CLIENT_CONF);
    }

    private static XMLConfigFileGenerator makeSSLClientXML(PathParamSpec pathParamSpec, PasswordParamSpec passwordParamSpec, ParamSpec<String> paramSpec, String str) {
        return new XMLConfigFileGenerator((List<? extends GenericConfigEvaluator>) ImmutableList.of(ConfigEvaluatorHelpers.makeNameOverrideEvaluator(ScmParams.KEYSTORE_TYPE, HadoopSSLParams.SSL_CLIENT_TRUSTSTORE_TYPE_PROP_NAME), new AutoTLSPathParamSpecEvaluator(pathParamSpec), new AutoTLSPasswordParamSpecEvaluator((ParamSpec<String>) passwordParamSpec, false), new HardcodedConfigEvaluator(HadoopSSLParams.SSL_CLIENT_TRUSTSTORE_RELOAD_INTERVAL_PROP_NAME, "10000"), new XMLSafetyValveEvaluator(paramSpec)), str);
    }

    private static XMLConfigFileGenerator makeCoreSSLServerXML(ParamSpec<String> paramSpec) {
        return new XMLConfigFileGenerator((List<? extends GenericConfigEvaluator>) ImmutableList.of(ConditionalEvaluator.builder().checkCondition(hadoopSSLEnabled()).evaluators(ConfigEvaluatorHelpers.makeNameOverrideEvaluator(ScmParams.KEYSTORE_TYPE, HadoopSSLParams.SSL_SERVER_KEYSTORE_TYPE_PROP_NAME), new AutoTLSPathParamSpecEvaluator(HadoopSSLParams.CORE_SSL_SERVER_KEYSTORE_LOCATION), new AutoTLSPasswordParamSpecEvaluator(HadoopSSLParams.CORE_SSL_SERVER_KEYSTORE_PASSWORD), new AutoTLSPasswordParamSpecEvaluator(HadoopSSLParams.CORE_SSL_SERVER_KEYSTORE_KEYPASSWORD), new TLSCipherConfigEvaluator(HadoopSSLParams.CORE_SSL_SERVER_CIPHERS, TLSCipherConfigEvaluator.Flavor.JAVA_EXCLUDE, null), new XMLSafetyValveEvaluator(paramSpec)).build()), HadoopSSLParams.SSL_SERVER_CONF);
    }
}
