package org.apache.ambari.server.serveraction.kerberos;

import com.google.common.reflect.TypeToken;
import com.google.common.util.concurrent.ThreadFactoryBuilder;
import com.google.inject.Inject;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutorCompletionService;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.actionmanager.HostRoleStatus;
import org.apache.ambari.server.agent.CommandReport;
import org.apache.ambari.server.agent.ExecutionCommand;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.controller.KerberosHelper;
import org.apache.ambari.server.controller.UpdateConfigurationPolicy;
import org.apache.ambari.server.orm.dao.HostDAO;
import org.apache.ambari.server.orm.entities.HostEntity;
import org.apache.ambari.server.security.credential.PrincipalKeyCredential;
import org.apache.ambari.server.serveraction.AbstractServerAction;
import org.apache.ambari.server.serveraction.kerberos.stageutils.KerberosKeytabController;
import org.apache.ambari.server.serveraction.kerberos.stageutils.ResolvedKerberosKeytab;
import org.apache.ambari.server.serveraction.kerberos.stageutils.ResolvedKerberosPrincipal;
import org.apache.ambari.server.state.Cluster;
import org.apache.ambari.server.state.Clusters;
import org.apache.ambari.server.state.Config;
import org.apache.ambari.server.state.kerberos.KerberosIdentityDescriptor;
import org.apache.ambari.server.utils.StageUtils;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.class */
public abstract class KerberosServerAction extends AbstractServerAction {
    public static final String AUTHENTICATED_USER_NAME = "authenticated_user_name";
    public static final String DATA_DIRECTORY = "data_directory";
    public static final String DEFAULT_REALM = "default_realm";
    public static final String SERVICE_COMPONENT_FILTER = "service_component_filter";
    public static final String HOST_FILTER = "host_filter";
    public static final String IDENTITY_FILTER = "identity_filter";
    public static final String KDC_TYPE = "kdc_type";
    public static final String UPDATE_CONFIGURATION_POLICY = "update_configuration_policy";
    public static final String UPDATE_CONFIGURATION_NOTE = "update_configuration_note";
    public static final String DATA_DIRECTORY_PREFIX = ".ambari_";
    private static final String PRINCIPAL_PASSWORD_MAP = "principal_password_map";
    private static final String PRINCIPAL_KEY_NUMBER_MAP = "principal_key_number_map";
    public static final String KEYTAB_CONTENT_BASE64 = "keytab_content_base64";
    public static final String OPERATION_TYPE = "operation_type";
    public static final String INCLUDE_AMBARI_IDENTITY = "include_ambari_identity";
    public static final String PRECONFIGURE_SERVICES = "preconfigure_services";
    private static final Logger LOG = LoggerFactory.getLogger(KerberosServerAction.class);

    @Inject
    private Clusters clusters = null;

    @Inject
    private KerberosOperationHandlerFactory kerberosOperationHandlerFactory;

    @Inject
    private KerberosHelper kerberosHelper;

    @Inject
    private HostDAO hostDAO;

    @Inject
    private KerberosKeytabController kerberosKeytabController;

    @Inject
    private Configuration configuration;

    /* loaded from: input_file:org/apache/ambari/server/serveraction/kerberos/KerberosServerAction$KerberosCommandParameters.class */
    public static class KerberosCommandParameters {
        private Map<String, String> params;

        public KerberosCommandParameters(ExecutionCommand executionCommand) {
            this.params = executionCommand.getCommandParams();
        }

        public KerberosCommandParameters(AbstractServerAction abstractServerAction) {
            this(abstractServerAction.getExecutionCommand());
        }

        /* JADX WARN: Type inference failed for: r0v4, types: [org.apache.ambari.server.serveraction.kerberos.KerberosServerAction$KerberosCommandParameters$1] */
        public Set<String> getHostFilter() {
            String commandParameterValue = getCommandParameterValue(KerberosServerAction.HOST_FILTER);
            if (commandParameterValue == null) {
                return null;
            }
            return (Set) StageUtils.getGson().fromJson(commandParameterValue, new TypeToken<Set<String>>() { // from class: org.apache.ambari.server.serveraction.kerberos.KerberosServerAction.KerberosCommandParameters.1
            }.getType());
        }

        public boolean hasHostFilters() {
            Set<String> hostFilter = getHostFilter();
            return hostFilter != null && hostFilter.size() > 0;
        }

        /* JADX WARN: Type inference failed for: r0v4, types: [org.apache.ambari.server.serveraction.kerberos.KerberosServerAction$KerberosCommandParameters$2] */
        public Map<String, ? extends Collection<String>> getServiceComponentFilter() {
            String commandParameterValue = getCommandParameterValue(KerberosServerAction.SERVICE_COMPONENT_FILTER);
            if (commandParameterValue == null) {
                return null;
            }
            return (Map) StageUtils.getGson().fromJson(commandParameterValue, new TypeToken<Map<String, ? extends Collection<String>>>() { // from class: org.apache.ambari.server.serveraction.kerberos.KerberosServerAction.KerberosCommandParameters.2
            }.getType());
        }

        /* JADX WARN: Type inference failed for: r0v4, types: [org.apache.ambari.server.serveraction.kerberos.KerberosServerAction$KerberosCommandParameters$3] */
        public Collection<String> getIdentityFilter() {
            String commandParameterValue = getCommandParameterValue(KerberosServerAction.IDENTITY_FILTER);
            if (commandParameterValue == null) {
                return null;
            }
            return (Collection) StageUtils.getGson().fromJson(commandParameterValue, new TypeToken<Collection<String>>() { // from class: org.apache.ambari.server.serveraction.kerberos.KerberosServerAction.KerberosCommandParameters.3
            }.getType());
        }

        public String getCommandParameterValue(String str) {
            Map<String, String> map = this.params;
            if (map == null) {
                return null;
            }
            return map.get(str);
        }
    }

    /* loaded from: input_file:org/apache/ambari/server/serveraction/kerberos/KerberosServerAction$OperationType.class */
    public enum OperationType {
        RECREATE_ALL,
        CREATE_MISSING,
        DEFAULT
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getCommandParameterValue(Map<String, String> map, String str) {
        if (map == null || str == null) {
            return null;
        }
        return map.get(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static UpdateConfigurationPolicy getUpdateConfigurationPolicy(Map<String, String> map) {
        UpdateConfigurationPolicy translate = UpdateConfigurationPolicy.translate(getCommandParameterValue(map, UPDATE_CONFIGURATION_POLICY));
        return translate == null ? UpdateConfigurationPolicy.ALL : translate;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getDefaultRealm(Map<String, String> map) {
        return getCommandParameterValue(map, DEFAULT_REALM);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static KDCType getKDCType(Map<String, String> map) {
        String commandParameterValue = getCommandParameterValue(map, "kdc_type");
        return (commandParameterValue == null || commandParameterValue.isEmpty()) ? KDCType.NONE : KDCType.translate(commandParameterValue);
    }

    protected static String getDataDirectoryPath(Map<String, String> map) {
        return getCommandParameterValue(map, DATA_DIRECTORY);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OperationType getOperationType(Map<String, String> map) {
        String commandParameterValue = getCommandParameterValue(map, OPERATION_TYPE);
        return StringUtils.isEmpty(commandParameterValue) ? OperationType.DEFAULT : OperationType.valueOf(commandParameterValue.toUpperCase());
    }

    protected static void setPrincipalPasswordMap(Map<String, Object> map, Map<String, String> map2) {
        if (map != null) {
            map.put(PRINCIPAL_PASSWORD_MAP, map2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Map<String, String> getPrincipalPasswordMap(Map<String, Object> map) {
        if (map == null) {
            return null;
        }
        return (Map) map.computeIfAbsent(PRINCIPAL_PASSWORD_MAP, str -> {
            return new HashMap();
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Map<String, Integer> getPrincipalKeyNumberMap(Map<String, Object> map) {
        if (map == null) {
            return null;
        }
        return (Map) map.computeIfAbsent(PRINCIPAL_KEY_NUMBER_MAP, str -> {
            return new HashMap();
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getClusterName() throws AmbariException {
        ExecutionCommand executionCommand = getExecutionCommand();
        String clusterName = executionCommand == null ? null : executionCommand.getClusterName();
        if (clusterName == null || clusterName.isEmpty()) {
            throw new AmbariException("Failed to retrieve the cluster name from the execution command");
        }
        return clusterName;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Cluster getCluster() throws AmbariException {
        Cluster cluster = this.clusters.getCluster(getClusterName());
        if (cluster == null) {
            throw new AmbariException(String.format("Failed to retrieve cluster for %s", getClusterName()));
        }
        return cluster;
    }

    protected Clusters getClusters() {
        return this.clusters;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getDataDirectoryPath() {
        return getDataDirectoryPath(getCommandParameters());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PreconfigureServiceType getCommandPreconfigureType() {
        String commandParameterValue = getCommandParameterValue(getCommandParameters(), "preconfigure_services");
        PreconfigureServiceType preconfigureServiceType = null;
        if (!StringUtils.isEmpty(commandParameterValue)) {
            try {
                preconfigureServiceType = PreconfigureServiceType.valueOf(commandParameterValue.toUpperCase());
            } catch (Throwable th) {
                LOG.warn("Invalid preconfigure_services value, assuming DEFAULT: {}", commandParameterValue);
                preconfigureServiceType = PreconfigureServiceType.DEFAULT;
            }
        }
        return preconfigureServiceType;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Finally extract failed */
    public CommandReport processIdentities(Map<String, Object> map) throws AmbariException {
        CommandReport commandReport = null;
        Map<String, String> commandParameters = getCommandParameters();
        this.actionLog.writeStdOut("Processing identities...");
        LOG.info("Processing identities...");
        if (commandParameters != null) {
            PrincipalKeyCredential kDCAdministratorCredentials = this.kerberosHelper.getKDCAdministratorCredentials(getClusterName());
            KDCType kDCType = getKDCType(commandParameters);
            String defaultRealm = getDefaultRealm(commandParameters);
            KerberosOperationHandler kerberosOperationHandler = this.kerberosOperationHandlerFactory.getKerberosOperationHandler(kDCType);
            Map<String, String> configurationProperties = getConfigurationProperties(KerberosHelper.KERBEROS_ENV);
            try {
                kerberosOperationHandler.open(kDCAdministratorCredentials, defaultRealm, configurationProperties);
                try {
                    ExecutionCommand executionCommand = getExecutionCommand();
                    ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(this.configuration.getKerberosServerActionThreadpoolSize(), new ThreadFactoryBuilder().setNameFormat(null != executionCommand ? "process-identity-task-" + executionCommand.getTaskId() + "-thread-%d" : "process-identity-%d").build());
                    ExecutorCompletionService executorCompletionService = new ExecutorCompletionService(newFixedThreadPool);
                    Map<String, Collection<String>> serviceComponentFilter = getServiceComponentFilter();
                    if (serviceComponentFilter != null && pruneServiceFilter()) {
                        this.kerberosKeytabController.adjustServiceComponentFilter(this.clusters.getCluster(getClusterName()), true, serviceComponentFilter);
                    }
                    Collection<KerberosIdentityDescriptor> serviceIdentities = serviceComponentFilter == null ? null : this.kerberosKeytabController.getServiceIdentities(getClusterName(), serviceComponentFilter.keySet());
                    ArrayList arrayList = new ArrayList();
                    Iterator<ResolvedKerberosKeytab> it = this.kerberosKeytabController.getFilteredKeytabs(serviceIdentities, getHostFilter(), getIdentityFilter()).iterator();
                    while (it.hasNext()) {
                        for (ResolvedKerberosPrincipal resolvedKerberosPrincipal : it.next().getPrincipals()) {
                            arrayList.add(executorCompletionService.submit(() -> {
                                try {
                                    return processIdentity(resolvedKerberosPrincipal, kerberosOperationHandler, configurationProperties, isRelevantIdentity(serviceIdentities, resolvedKerberosPrincipal), map);
                                } catch (AmbariException e) {
                                    throw new RuntimeException(e);
                                }
                            }));
                        }
                    }
                    try {
                        LOG.info("Processing {} identities concurrently...", Integer.valueOf(arrayList.size()));
                        for (int i = 0; i < arrayList.size(); i++) {
                            try {
                                commandReport = (CommandReport) executorCompletionService.take().get();
                                if (commandReport != null) {
                                    break;
                                }
                            } catch (Exception e) {
                                LOG.error("Unable to process identities asynchronously", e);
                                CommandReport createCommandReport = createCommandReport(0, HostRoleStatus.FAILED, "{}", this.actionLog.getStdOut(), this.actionLog.getStdErr());
                                arrayList.stream().filter(future -> {
                                    return (future.isCancelled() || future.isDone()) ? false : true;
                                }).forEach(future2 -> {
                                    future2.cancel(true);
                                });
                                newFixedThreadPool.shutdown();
                                try {
                                    kerberosOperationHandler.close();
                                } catch (KerberosOperationException e2) {
                                }
                                return createCommandReport;
                            }
                        }
                        arrayList.stream().filter(future3 -> {
                            return (future3.isCancelled() || future3.isDone()) ? false : true;
                        }).forEach(future22 -> {
                            future22.cancel(true);
                        });
                        newFixedThreadPool.shutdown();
                        try {
                            kerberosOperationHandler.close();
                        } catch (KerberosOperationException e3) {
                        }
                    } catch (Throwable th) {
                        arrayList.stream().filter(future32 -> {
                            return (future32.isCancelled() || future32.isDone()) ? false : true;
                        }).forEach(future222 -> {
                            future222.cancel(true);
                        });
                        newFixedThreadPool.shutdown();
                        throw th;
                    }
                } catch (Throwable th2) {
                    try {
                        kerberosOperationHandler.close();
                    } catch (KerberosOperationException e4) {
                    }
                    throw th2;
                }
            } catch (KerberosOperationException e5) {
                String format = String.format("Failed to process the identities, could not properly open the KDC operation handler: %s", e5.getMessage());
                this.actionLog.writeStdErr(format);
                LOG.error(format);
                throw new AmbariException(format, e5);
            }
        }
        this.actionLog.writeStdOut("Processing identities completed.");
        LOG.info("Processing identities completed.");
        return commandReport == null ? createCommandReport(0, HostRoleStatus.COMPLETED, "{}", this.actionLog.getStdOut(), this.actionLog.getStdErr()) : commandReport;
    }

    protected boolean pruneServiceFilter() {
        return true;
    }

    private boolean isRelevantIdentity(Collection<KerberosIdentityDescriptor> collection, ResolvedKerberosPrincipal resolvedKerberosPrincipal) {
        if (collection == null) {
            return true;
        }
        boolean z = false;
        Iterator<KerberosIdentityDescriptor> it = collection.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            KerberosIdentityDescriptor next = it.next();
            if (resolvedKerberosPrincipal.getPrincipal().equals(next.getPrincipalDescriptor().getName()) && StringUtils.isBlank(next.getReference())) {
                z = true;
                break;
            }
        }
        return z;
    }

    protected abstract CommandReport processIdentity(ResolvedKerberosPrincipal resolvedKerberosPrincipal, KerberosOperationHandler kerberosOperationHandler, Map<String, String> map, boolean z, Map<String, Object> map2) throws AmbariException;

    /* JADX INFO: Access modifiers changed from: protected */
    public void deleteDataDirectory(String str) {
        File file;
        File parentFile;
        if (str != null && str.contains("/.ambari_") && (parentFile = (file = new File(str)).getParentFile()) != null && file.isDirectory() && parentFile.isDirectory() && parentFile.canWrite()) {
            try {
                FileUtils.deleteDirectory(file);
            } catch (IOException e) {
                LOG.warn(String.format("The data directory (%s) was not deleted due to an error condition - {%s}", file.getAbsolutePath(), e.getMessage()), e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Type inference failed for: r0v4, types: [org.apache.ambari.server.serveraction.kerberos.KerberosServerAction$1] */
    public Set<String> getHostFilter() {
        String commandParameterValue = getCommandParameterValue(HOST_FILTER);
        if (commandParameterValue == null) {
            return null;
        }
        return (Set) StageUtils.getGson().fromJson(commandParameterValue, new TypeToken<Set<String>>() { // from class: org.apache.ambari.server.serveraction.kerberos.KerberosServerAction.1
        }.getType());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean hasHostFilters() {
        Set<String> hostFilter = getHostFilter();
        return hostFilter != null && hostFilter.size() > 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Type inference failed for: r0v4, types: [org.apache.ambari.server.serveraction.kerberos.KerberosServerAction$2] */
    public Map<String, Collection<String>> getServiceComponentFilter() {
        String commandParameterValue = getCommandParameterValue(SERVICE_COMPONENT_FILTER);
        if (commandParameterValue == null) {
            return null;
        }
        return (Map) StageUtils.getGson().fromJson(commandParameterValue, new TypeToken<Map<String, ? extends Collection<String>>>() { // from class: org.apache.ambari.server.serveraction.kerberos.KerberosServerAction.2
        }.getType());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Type inference failed for: r0v4, types: [org.apache.ambari.server.serveraction.kerberos.KerberosServerAction$3] */
    public Collection<String> getIdentityFilter() {
        String commandParameterValue = getCommandParameterValue(IDENTITY_FILTER);
        if (commandParameterValue == null) {
            return null;
        }
        return (Collection) StageUtils.getGson().fromJson(commandParameterValue, new TypeToken<Collection<String>>() { // from class: org.apache.ambari.server.serveraction.kerberos.KerberosServerAction.3
        }.getType());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Long ambariServerHostID() {
        HostEntity findByName = this.hostDAO.findByName(StageUtils.getHostName());
        if (findByName == null) {
            return null;
        }
        return findByName.getHostId();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, String> getConfigurationProperties(String str) throws AmbariException {
        if (!StringUtils.isNotEmpty(str)) {
            return null;
        }
        Cluster cluster = getCluster();
        Config desiredConfigByType = cluster == null ? null : cluster.getDesiredConfigByType(str);
        Map<String, String> properties = desiredConfigByType == null ? null : desiredConfigByType.getProperties();
        if (properties == null) {
            Logger logger = LOG;
            Object[] objArr = new Object[3];
            objArr[0] = str;
            objArr[1] = cluster == null ? "null" : "not null";
            objArr[2] = desiredConfigByType == null ? "null" : "not null";
            logger.warn("The '{}' configuration data is not available:\n\tcluster: {}\n\tconfig: {}\n\tproperties: null", objArr);
        }
        return properties;
    }
}
