package com.cloudera.cmf.service.scm;

import com.cloudera.cmf.model.DbConfigContainer;
import com.cloudera.cmf.model.Enums;
import com.cloudera.cmf.service.AbstractValidator;
import com.cloudera.cmf.service.ServiceHandlerRegistry;
import com.cloudera.cmf.service.Validation;
import com.cloudera.cmf.service.ValidationContext;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.enterprise.KeystoreUtil;
import com.cloudera.enterprise.MessageWithArgs;
import com.cloudera.server.web.common.I18n;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableList;
import java.io.File;
import java.util.Collection;
import java.util.Collections;
import org.drools.core.util.StringUtils;

/* loaded from: input_file:com/cloudera/cmf/service/scm/SAMLValidator.class */
public class SAMLValidator extends AbstractValidator {

    @VisibleForTesting
    static final String MSG_CHECK = "message.samlValidator.check";

    @VisibleForTesting
    static final String MSG_ERROR = "message.samlValidator.error";

    public SAMLValidator() {
        super(false, "saml_validator");
    }

    @Override // com.cloudera.cmf.service.Validator
    public Collection<Validation> validate(ServiceHandlerRegistry serviceHandlerRegistry, ValidationContext validationContext) {
        Validation error;
        if (validationContext.getLevel() != Enums.ConfigScope.CONFIG_CONTAINER) {
            return ImmutableList.of();
        }
        DbConfigContainer configContainer = validationContext.getConfigContainer();
        if (configContainer.getConfigContainer().getConfigTypeEnum() == Enums.ConfigContainerType.SCM && ((ScmParams.ExternalAuthType) ScmHandler.getScmConfigValue(ScmParams.EXTERNAL_AUTH_TYPE, configContainer)) == ScmParams.ExternalAuthType.SAML) {
            String str = (String) ScmHandler.getScmConfigValue(ScmParams.SAML_METADATA, configContainer);
            try {
                if (StringUtils.isEmpty(str)) {
                    throw new IllegalArgumentException(I18n.t("message.samlValidator.missingMetadataPath"));
                }
                if (!new File(str).canRead()) {
                    throw new IllegalArgumentException(I18n.t("message.samlValidator.missingMetadata", str));
                }
                String string = ((ScmParams.KeyStoreType) ScmHandler.getScmConfigValue(ScmParams.KEYSTORE_TYPE, configContainer)).getString();
                String str2 = (String) ScmHandler.getScmConfigValue(ScmParams.SAML_KEYSTORE, configContainer);
                String str3 = (String) ScmHandler.getScmConfigValue(ScmParams.SAML_KEYSTORE_PASSWORD, configContainer);
                String str4 = (String) ScmHandler.getScmConfigValue(ScmParams.SAML_KEY_ALIAS, configContainer);
                String str5 = (String) ScmHandler.getScmConfigValue(ScmParams.SAML_KEY_PASSWORD, configContainer);
                try {
                    KeystoreUtil.validateKeyStore(str2, str3, str4, str5, string);
                } catch (IllegalArgumentException e) {
                    error = Validation.error(validationContext, MessageWithArgs.of(MSG_ERROR, new String[]{e.getMessage()}));
                }
                if (StringUtils.isEmpty(str5)) {
                    throw new IllegalArgumentException("message.samlValidator.missingKeyPassword");
                }
                error = Validation.check(validationContext, MessageWithArgs.of(MSG_CHECK, new String[0]));
                return Collections.singleton(error);
            } catch (Exception e2) {
                return Collections.singleton(Validation.error(validationContext, MessageWithArgs.of(MSG_ERROR, new String[]{e2.getMessage()})));
            }
        }
        return ImmutableList.of();
    }
}
