package com.cloudera.cmf.service.auth;

import com.cloudera.cmf.model.ConfigValueProvider;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.DaemonRoleHandler;
import com.cloudera.cmf.service.RoleHandler;
import com.cloudera.cmf.service.ServiceDataProvider;
import com.cloudera.cmf.service.auth.AuthServiceHandler;
import com.cloudera.cmf.service.auth.KeycloakClient;
import com.cloudera.cmf.service.config.ConfigEvaluationPredicate;
import com.cloudera.cmf.service.config.ConfigGenException;
import com.cloudera.cmf.service.config.ParagraphParamSpec;
import com.cloudera.cmf.service.config.ParamParseException;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.config.ParamSpecLabel;
import com.cloudera.cmf.service.scm.ScmHandler;
import com.cloudera.cmf.service.scm.ScmParamTrackerStore;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.server.common.Util;
import com.google.common.base.Preconditions;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.json.Json;
import javax.json.JsonObjectBuilder;

/* loaded from: input_file:com/cloudera/cmf/service/auth/AuthServiceUtil.class */
public class AuthServiceUtil {
    static final String CM_ADMIN_ACCOUNT = "cmadmin";
    static final String MASTER_REALM = "master";
    static final String REALM_NAME = "Default";
    static final String MONITORING_USER = "cm-monitor";
    static final String DEV_MASTER_USER = "cloudera";
    static final String DEV_MASTER_PASS = "cloudera";
    static final String DEV_ADMIN_USER = "admin";
    static final String DEV_ADMIN_PASS = "admin";
    public static final String CM_SERVER_CLIENT_NAME = "Cloudera Manager Server";
    public static final String CM_DAEMONS_CLIENT_NAME = "Cloudera Manager Daemons";

    public static boolean useAuthService(ScmParamTrackerStore scmParamTrackerStore) {
        return ScmParams.ExternalAuthType.AUTHSERVICE == ((ScmParams.ExternalAuthType) scmParamTrackerStore.get(ScmParams.EXTERNAL_AUTH_TYPE));
    }

    public static ConfigEvaluationPredicate useAuthService() {
        return new ConfigEvaluationPredicate() { // from class: com.cloudera.cmf.service.auth.AuthServiceUtil.1
            @Override // com.cloudera.cmf.service.config.ConfigEvaluationPredicate
            public boolean checkCondition(ServiceDataProvider serviceDataProvider, DbService dbService, DbRole dbRole, RoleHandler roleHandler, Map<String, Object> map) throws ConfigGenException, DaemonRoleHandler.ProcessSupplierException {
                return AuthServiceUtil.useAuthService(serviceDataProvider.getScmParamTrackerStore());
            }
        };
    }

    public static String getAuthServiceClientJson(ScmParamTrackerStore scmParamTrackerStore, ParamSpec<?> paramSpec, DbService dbService) {
        if (scmParamTrackerStore == null || paramSpec == null || dbService == null || !useAuthService(scmParamTrackerStore)) {
            return null;
        }
        Preconditions.checkState(paramSpec instanceof ParagraphParamSpec);
        Preconditions.checkState(paramSpec.getLabels().contains(ParamSpecLabel.SSO_CONFIG));
        try {
            String extractFromStringMap = ((ParagraphParamSpec) paramSpec).extractFromStringMap(dbService.getServiceConfigsMap(), dbService.getServiceVersion());
            if (extractFromStringMap == null) {
                return null;
            }
            if (extractFromStringMap.isEmpty()) {
                return null;
            }
            return extractFromStringMap;
        } catch (ParamParseException e) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getKeycloakAdapterConfig(String str, String str2, String str3, String str4, String str5) {
        boolean startsWith = str2.startsWith(Util.HTTPS);
        JsonObjectBuilder add = Json.createObjectBuilder().add("realm", REALM_NAME).add("auth-server-url", str2).add("ssl-required", startsWith ? "external" : "none").add("resource", str).add("credentials", Json.createObjectBuilder().add("secret", str3).build()).add("confidential-port", 0);
        if (startsWith && str4 != null && !str4.isEmpty()) {
            Preconditions.checkState((str5 == null || str5.isEmpty()) ? false : true);
            add.add("truststore", str4);
            add.add("truststore-password", str5);
        }
        return add.build().toString();
    }

    private static <T> T getParamValue(ParamSpec<T> paramSpec, ConfigValueProvider configValueProvider) {
        try {
            return paramSpec.extract(configValueProvider);
        } catch (ParamParseException e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeycloakClient getKeycloakClient(CmfEntityManager cmfEntityManager, DbService dbService, boolean z) throws KeycloakClientException {
        KeycloakClient.Builder builder = new KeycloakClient.Builder();
        if (z) {
            builder.setUsername(CM_ADMIN_ACCOUNT);
            builder.setPassword((String) getParamValue(AuthParams.ADMIN_PASSWORD, dbService));
        } else {
            builder.setUsername(MONITORING_USER);
            builder.setPassword((String) getParamValue(AuthParams.MONITOR_USER_PASSWORD, dbService));
        }
        List findRolesByService = cmfEntityManager.findRolesByService(dbService);
        DbRole dbRole = null;
        Iterator it = findRolesByService.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            DbRole dbRole2 = (DbRole) it.next();
            if (dbRole2.getRoleType().equals(AuthServiceHandler.RoleNames.AUTH_LOAD_BALANCER.name())) {
                dbRole = dbRole2;
                break;
            }
        }
        if (dbRole != null) {
            builder.setHostname(dbRole.getHost().getName());
            builder.setPort((Long) getParamValue(AuthParams.AUTH_LB_PORT, dbRole));
        } else {
            DbRole dbRole3 = (DbRole) findRolesByService.get(0);
            Preconditions.checkState(dbRole3.getRoleType().equals(AuthServiceHandler.RoleNames.AUTHSERVER.name()));
            builder.setHostname(dbRole3.getHost().getName());
            builder.setPort((Long) getParamValue(AuthParams.AUTHSRV_PORT, dbRole3));
        }
        boolean booleanValue = ((Boolean) getParamValue(AuthParams.ENABLE_TLS, dbService)).booleanValue();
        builder.setUseHttps(booleanValue);
        if (booleanValue) {
            builder.setTruststore((String) ScmHandler.getScmConfigValue(ScmParams.TRUSTSTORE_PATH, cmfEntityManager.getScmConfigProvider()));
            builder.setTrustpass((String) ScmHandler.getScmConfigValue(ScmParams.TRUSTSTORE_PASSWORD, cmfEntityManager.getScmConfigProvider()));
        }
        return builder.build();
    }
}
